Merge pull request #591 from Zokrates/remove-inference
Require variables to be defined
This commit is contained in:
JacobEberhardt
GitHub
commit
e2599ee2ae
58 changed files with 380 additions and 397 deletions
|
|
@ -4,6 +4,6 @@ def foo(field[3] a) -> (field):
|
||||||
|
|
||||||
def main() -> (field, field):
|
def main() -> (field, field):
|
||||||
field[3] a = [0, 0, 0]
|
field[3] a = [0, 0, 0]
|
||||||
res = foo(a)
|
field res = foo(a)
|
||||||
a[1] == 0
|
a[1] == 0
|
||||||
return res, a[1]
|
return res, a[1]
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
import "hashes/sha256/512bitPacked" as sha256packed
|
import "hashes/sha256/512bitPacked" as sha256packed
|
||||||
|
|
||||||
def main(private field a, private field b, private field c, private field d) -> (field[2]):
|
def main(private field a, private field b, private field c, private field d) -> (field[2]):
|
||||||
h = sha256packed([a, b, c, d])
|
field[2] h = sha256packed([a, b, c, d])
|
||||||
return h
|
return h
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
import "hashes/sha256/512bitPacked" as sha256packed
|
import "hashes/sha256/512bitPacked" as sha256packed
|
||||||
|
|
||||||
def main(private field a, private field b, private field c, private field d) -> (field):
|
def main(private field a, private field b, private field c, private field d) -> (field):
|
||||||
h = sha256packed([a, b, c, d])
|
field[2] h = sha256packed([a, b, c, d])
|
||||||
h[0] == 263561599766550617289250058199814760685
|
h[0] == 263561599766550617289250058199814760685
|
||||||
h[1] == 65303172752238645975888084098459749904
|
h[1] == 65303172752238645975888084098459749904
|
||||||
return 1
|
return 1
|
||||||
|
|
@ -2,5 +2,5 @@ def foo() -> (field, field):
|
||||||
return 21, 42
|
return 21, 42
|
||||||
|
|
||||||
def main() -> (field):
|
def main() -> (field):
|
||||||
a, b = foo()
|
field a, field b = foo()
|
||||||
return 1
|
return 1
|
||||||
|
|
@ -5,5 +5,5 @@ def foo() -> (field, field):
|
||||||
return 1, 2
|
return 1, 2
|
||||||
|
|
||||||
def main() -> (field):
|
def main() -> (field):
|
||||||
a, field[3] b = foo()
|
field a, field[3] b = foo()
|
||||||
return 1
|
return 1
|
||||||
|
|
@ -9,6 +9,7 @@ def main(field order) -> (field, field, field, field):
|
||||||
// LSB
|
// LSB
|
||||||
field amount = 0
|
field amount = 0
|
||||||
field exponent = 1
|
field exponent = 1
|
||||||
|
field bit = 0
|
||||||
for field i in 0..120 do
|
for field i in 0..120 do
|
||||||
bit, order = popLeastSignificantBit(order)
|
bit, order = popLeastSignificantBit(order)
|
||||||
amount = amount + (bit * exponent)
|
amount = amount + (bit * exponent)
|
||||||
|
|
|
||||||
|
|
@ -55,8 +55,8 @@ def checkConstraints(field[3] amount, field[3] sourceToken, field[3] targetToken
|
||||||
endfor
|
endfor
|
||||||
|
|
||||||
// the amount of sell volume for a token equals its buy volume:
|
// the amount of sell volume for a token equals its buy volume:
|
||||||
buyVolumeToken = tupleForTokensWithValue(0)
|
field[3] buyVolumeToken = tupleForTokensWithValue(0)
|
||||||
sellVolumeToken = tupleForTokensWithValue(0)
|
field[3] sellVolumeToken = tupleForTokensWithValue(0)
|
||||||
|
|
||||||
for field i in 0..3 do
|
for field i in 0..3 do
|
||||||
buyVolumeToken = addVolumesForOrder(buyVolumeToken, targetToken[i], volume[i] * sourceTokenPriceOrder[i])
|
buyVolumeToken = addVolumesForOrder(buyVolumeToken, targetToken[i], volume[i] * sourceTokenPriceOrder[i])
|
||||||
|
|
@ -66,7 +66,7 @@ def checkConstraints(field[3] amount, field[3] sourceToken, field[3] targetToken
|
||||||
buyVolumeToken == sellVolumeToken
|
buyVolumeToken == sellVolumeToken
|
||||||
|
|
||||||
// If an order σ ∈ Oi→j with a limit price p has a positive trading volume, then every order in Oi→j with a lower limit price should be completely fulfilled.
|
// If an order σ ∈ Oi→j with a limit price p has a positive trading volume, then every order in Oi→j with a lower limit price should be completely fulfilled.
|
||||||
highestTouchedOrder = tupleForTokenPairsWithValue(0)
|
field[9] highestTouchedOrder = tupleForTokenPairsWithValue(0)
|
||||||
|
|
||||||
for field i in 0..3 do
|
for field i in 0..3 do
|
||||||
highestTouchedOrder = updateHighestTouchedOrder(highestTouchedOrder, sourceToken[i], targetToken[i], limit[i], volume[i])
|
highestTouchedOrder = updateHighestTouchedOrder(highestTouchedOrder, sourceToken[i], targetToken[i], limit[i], volume[i])
|
||||||
|
|
@ -89,7 +89,7 @@ def main(private field[3] encodedOrder, private field[3] bitmapOrder, private fi
|
||||||
|
|
||||||
// Decode orders
|
// Decode orders
|
||||||
for field i in 0..3 do
|
for field i in 0..3 do
|
||||||
a, s, t, l = decodeOrder(encodedOrder[i])
|
field a, field s, field t, field l = decodeOrder(encodedOrder[i])
|
||||||
amount[i] = a
|
amount[i] = a
|
||||||
sourceToken[i] = s
|
sourceToken[i] = s
|
||||||
targetToken[i] = t
|
targetToken[i] = t
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@ def add(field a,field b) -> (field):
|
||||||
|
|
||||||
// Expected for inputs 1,1: c=4, d=7, e=10
|
// Expected for inputs 1,1: c=4, d=7, e=10
|
||||||
def main(field a,field b) -> (field):
|
def main(field a,field b) -> (field):
|
||||||
c = add(a*2+3*b-a,b-1)
|
field c = add(a*2+3*b-a,b-1)
|
||||||
d = add(a*b+2, a*b*c)
|
field d = add(a*b+2, a*b*c)
|
||||||
e = add(add(a,d),add(a,b))
|
field e = add(add(a,d),add(a,b))
|
||||||
return e
|
return e
|
||||||
|
|
|
||||||
|
|
@ -2,5 +2,5 @@ def add(field f,field g) -> (field):
|
||||||
return f+g
|
return f+g
|
||||||
|
|
||||||
def main(field a, field b) -> (field):
|
def main(field a, field b) -> (field):
|
||||||
c = add(a,b)
|
field c = add(a,b)
|
||||||
return c
|
return c
|
||||||
|
|
|
||||||
|
|
@ -4,8 +4,8 @@ def add(field a, field b) -> (field):
|
||||||
|
|
||||||
def main(field a, field b,field c, field d) -> (field):
|
def main(field a, field b,field c, field d) -> (field):
|
||||||
field g = a + b
|
field g = a + b
|
||||||
x = add(a,b)
|
field x = add(a,b)
|
||||||
y = add(c,d)
|
field y = add(c,d)
|
||||||
g = add(x, g)
|
g = add(x, g)
|
||||||
g = add(x, g)
|
g = add(x, g)
|
||||||
field f = c + d + a
|
field f = c + d + a
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,6 @@ def sub(field a, field b) -> (field):
|
||||||
return a-b
|
return a-b
|
||||||
|
|
||||||
def main(field a, field b) -> (field):
|
def main(field a, field b) -> (field):
|
||||||
c = add(a,b)
|
field c = add(a,b)
|
||||||
d = sub(a,b)
|
field d = sub(a,b)
|
||||||
return 0
|
return 0
|
||||||
|
|
|
||||||
|
|
@ -1,18 +1,19 @@
|
||||||
import "hashes/pedersen/512bit" as hash
|
import "hashes/pedersen/512bit" as hash
|
||||||
import "ecc/edwardsCompress" as edwardsCompress
|
import "ecc/edwardsCompress" as edwardsCompress
|
||||||
import "ecc/babyjubjubParams" as context
|
import "ecc/babyjubjubParams" as context
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
import "hashes/utils/256bitsDirectionHelper" as multiplex
|
import "hashes/utils/256bitsDirectionHelper" as multiplex
|
||||||
import "utils/binary/not" as NOT
|
import "utils/binary/not" as NOT
|
||||||
// Merke-Tree inclusion proof for tree depth 3 using SNARK efficient pedersen hashes
|
// Merke-Tree inclusion proof for tree depth 3 using SNARK efficient pedersen hashes
|
||||||
// directionSelector=> 1/true if current digest is on the rhs of the hash
|
// directionSelector=> 1/true if current digest is on the rhs of the hash
|
||||||
def main(field[256] rootDigest, private field[256] leafDigest, private field[3] directionSelector, field[256] PathDigest0, private field[256] PathDigest1, private field[256] PathDigest2) -> (field):
|
def main(field[256] rootDigest, private field[256] leafDigest, private field[3] directionSelector, field[256] PathDigest0, private field[256] PathDigest1, private field[256] PathDigest2) -> (field):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
|
|
||||||
//Setup
|
//Setup
|
||||||
field[256] currentDigest = leafDigest
|
field[256] currentDigest = leafDigest
|
||||||
|
|
||||||
//Loop up the tree
|
//Loop up the tree
|
||||||
preimage = multiplex(directionSelector[0], currentDigest, PathDigest0)
|
field[512] preimage = multiplex(directionSelector[0], currentDigest, PathDigest0)
|
||||||
currentDigest = hash(preimage)
|
currentDigest = hash(preimage)
|
||||||
|
|
||||||
preimage = multiplex(directionSelector[1], currentDigest, PathDigest1)
|
preimage = multiplex(directionSelector[1], currentDigest, PathDigest1)
|
||||||
|
|
|
||||||
|
|
@ -13,8 +13,8 @@ def main(field treeDepth, field[256] rootDigest, private field[256] leafDigest,
|
||||||
|
|
||||||
//Loop up the tree
|
//Loop up the tree
|
||||||
currentDirection = directionSelector[0]
|
currentDirection = directionSelector[0]
|
||||||
lhs = multiplex(currentDirection, currentDigest, PathDigest0)
|
field[256] lhs = multiplex(currentDirection, currentDigest, PathDigest0)
|
||||||
rhs = multiplex(NOT(currentDirection), currentDigest, PathDigest0)
|
field[256] rhs = multiplex(NOT(currentDirection), currentDigest, PathDigest0)
|
||||||
currentDigest = sha256(lhs, rhs)
|
currentDigest = sha256(lhs, rhs)
|
||||||
counter = counter + 1
|
counter = counter + 1
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3,5 +3,5 @@ def foo(field a, field b) -> (field, field):
|
||||||
return a, b
|
return a, b
|
||||||
|
|
||||||
def main() -> (field):
|
def main() -> (field):
|
||||||
a, b = foo(1, 1)
|
field a, field b = foo(1, 1)
|
||||||
return a + b
|
return a + b
|
||||||
|
|
@ -1,7 +0,0 @@
|
||||||
// ANDXORANDXORAND
|
|
||||||
|
|
||||||
import "utils/binary/xor" as XOR
|
|
||||||
import "utils/binary/and" as AND
|
|
||||||
|
|
||||||
def main(field a, field b, field c) -> (field):
|
|
||||||
return XOR(XOR(AND(a, b), AND(a, c)), AND(b, c))
|
|
||||||
|
|
@ -1,8 +0,0 @@
|
||||||
// ANDXORNOTAND
|
|
||||||
|
|
||||||
import "utils/binary/and" as AND
|
|
||||||
import "utils/binary/xor" as XOR
|
|
||||||
import "utils/binary/not" as NOT
|
|
||||||
|
|
||||||
def main(field a, field b, field c) -> (field):
|
|
||||||
return XOR(AND(a, b), AND(NOT(a), c))
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
||||||
// FULLADD
|
|
||||||
|
|
||||||
import "./halfadd" as HALFADD
|
|
||||||
import "utils/binary/or" as OR
|
|
||||||
|
|
||||||
def main(field a, field b, field car) -> (field, field):
|
|
||||||
out1, car1 = HALFADD(a, b)
|
|
||||||
out2, car2 = HALFADD(out1, car)
|
|
||||||
car3 = OR(car1, car2)
|
|
||||||
return out2, car3
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
||||||
// HALFADD
|
|
||||||
|
|
||||||
import "utils/binary/xor" as XOR
|
|
||||||
import "utils/binary/and" as AND
|
|
||||||
|
|
||||||
def main(field a, field b) -> (field, field):
|
|
||||||
return XOR(a, b), AND(a, b)
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
||||||
// AND
|
|
||||||
|
|
||||||
import "utils/binary/and" as AND
|
|
||||||
|
|
||||||
def main(field[32] b, field[32] c) -> (field[32]):
|
|
||||||
field[32] result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
|
|
||||||
for field i in 0..32 do
|
|
||||||
r = AND(b[i], c[i])
|
|
||||||
result[i] = r
|
|
||||||
endfor
|
|
||||||
return result
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
||||||
// ANDXORANDXORAND
|
|
||||||
|
|
||||||
import "./../../binary/andxorandxorand" as ANDXORANDXORAND
|
|
||||||
|
|
||||||
def main(field[32] b, field[32] c, field[32] d) -> (field[32]):
|
|
||||||
field[32] result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
|
|
||||||
for field i in 0..32 do
|
|
||||||
r = ANDXORANDXORAND(b[i], c[i], d[i])
|
|
||||||
result[i] = r
|
|
||||||
endfor
|
|
||||||
return result
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
||||||
// ANDXORNOTAND
|
|
||||||
|
|
||||||
import "./../../binary/andxornotand" as ANDXORNOTAND
|
|
||||||
|
|
||||||
def main(field[32] b, field[32] c, field[32] d) -> (field[32]):
|
|
||||||
field[32] result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
|
|
||||||
for field i in 0..32 do
|
|
||||||
r = ANDXORNOTAND(b[i], c[i], d[i])
|
|
||||||
result[i] = r
|
|
||||||
endfor
|
|
||||||
return result
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
||||||
// NOT
|
|
||||||
|
|
||||||
import "utils/binary/not" as NOT
|
|
||||||
|
|
||||||
def main(field[32] b) -> (field[32]):
|
|
||||||
field[32] result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
|
|
||||||
for field i in 0..32 do
|
|
||||||
r = NOT(b[i])
|
|
||||||
result[i] = r
|
|
||||||
endfor
|
|
||||||
return result
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
||||||
// XOR
|
|
||||||
|
|
||||||
import "utils/binary/xor" as XOR
|
|
||||||
|
|
||||||
def main(field[32] b, field[32] c) -> (field[32]):
|
|
||||||
field[32] result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
|
|
||||||
for field i in 0..32 do
|
|
||||||
r = XOR(b[i], c[i])
|
|
||||||
result[i] = r
|
|
||||||
endfor
|
|
||||||
return result
|
|
||||||
|
|
@ -1,13 +0,0 @@
|
||||||
// ADD
|
|
||||||
|
|
||||||
import "../../binary/fulladd" as FULLADD
|
|
||||||
|
|
||||||
def main(field[32] b, field[32] c) -> (field[32]):
|
|
||||||
field[33] car = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
|
|
||||||
field[32] d = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
|
|
||||||
for field i in 0..32 do
|
|
||||||
d0, car0 = FULLADD(b[i], c[i], car[i])
|
|
||||||
d[i] = d0
|
|
||||||
car[i + 1] = car0
|
|
||||||
endfor
|
|
||||||
return d
|
|
||||||
|
|
@ -1,21 +0,0 @@
|
||||||
// AR17XAR19XAR10
|
|
||||||
|
|
||||||
import "../../bitwise/32/xor" as XOR
|
|
||||||
|
|
||||||
def RR17(field[32] b) -> (field[32]):
|
|
||||||
return [b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14]]
|
|
||||||
|
|
||||||
def RR19(field[32] b) -> (field[32]):
|
|
||||||
return [b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12]]
|
|
||||||
|
|
||||||
def RS10(field[32] b) -> (field[32]):
|
|
||||||
return [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21]]
|
|
||||||
|
|
||||||
def main(field[32] a) -> (field[32]):
|
|
||||||
u = RR17(a)
|
|
||||||
v = RR19(a)
|
|
||||||
w = RS10(a)
|
|
||||||
x = XOR(u, v)
|
|
||||||
z = XOR(w, x)
|
|
||||||
return z
|
|
||||||
|
|
||||||
|
|
@ -1,21 +0,0 @@
|
||||||
// AR2XAR13XAR22
|
|
||||||
|
|
||||||
import "../../bitwise/32/xor" as XOR
|
|
||||||
|
|
||||||
def RR2(field[32] b) -> (field[32]):
|
|
||||||
return [b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29]]
|
|
||||||
|
|
||||||
def RR13(field[32] b) -> (field[32]):
|
|
||||||
return [b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18]]
|
|
||||||
|
|
||||||
def RR22(field[32] b) -> (field[32]):
|
|
||||||
return [b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9]]
|
|
||||||
|
|
||||||
def main(field[32] a) -> (field[32]):
|
|
||||||
u = RR2(a)
|
|
||||||
v = RR13(a)
|
|
||||||
w = RR22(a)
|
|
||||||
x = XOR(u, v)
|
|
||||||
z = XOR(w, x)
|
|
||||||
return z
|
|
||||||
|
|
||||||
|
|
@ -1,20 +0,0 @@
|
||||||
// AR6XAR11XAR25
|
|
||||||
|
|
||||||
import "../../bitwise/32/xor" as XOR
|
|
||||||
|
|
||||||
def RR6(field[32] b) -> (field[32]):
|
|
||||||
return [b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25]]
|
|
||||||
|
|
||||||
def RR11(field[32] b) -> (field[32]):
|
|
||||||
return [b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20]]
|
|
||||||
|
|
||||||
def RR25(field[32] b) -> (field[32]):
|
|
||||||
return [b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6]]
|
|
||||||
|
|
||||||
def main(field[32] a) -> (field[32]):
|
|
||||||
u = RR6(a)
|
|
||||||
v = RR11(a)
|
|
||||||
w = RR25(a)
|
|
||||||
x = XOR(u, v)
|
|
||||||
z = XOR(w, x)
|
|
||||||
return z
|
|
||||||
|
|
@ -1,20 +0,0 @@
|
||||||
// AR7XAR18XAR3
|
|
||||||
|
|
||||||
import "../../bitwise/32/xor" as XOR
|
|
||||||
|
|
||||||
def RR7(field[32] b) -> (field[32]):
|
|
||||||
return [b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24]]
|
|
||||||
|
|
||||||
def RR18(field[32] b) -> (field[32]):
|
|
||||||
return [b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28], b[29], b[30], b[31], b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13]]
|
|
||||||
|
|
||||||
def RS3(field[32] b) -> (field[32]):
|
|
||||||
return [0, 0, 0, b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19], b[20], b[21], b[22], b[23], b[24], b[25], b[26], b[27], b[28]]
|
|
||||||
|
|
||||||
def main(field[32] a) -> (field[32]):
|
|
||||||
u = RR7(a)
|
|
||||||
v = RR18(a)
|
|
||||||
w = RS3(a)
|
|
||||||
x = XOR(u, v)
|
|
||||||
z = XOR(w, x)
|
|
||||||
return z
|
|
||||||
|
|
@ -1,42 +0,0 @@
|
||||||
// COMPRESSION ROUND
|
|
||||||
|
|
||||||
import "./ar6xar11xar25" as AR6XAR11XAR25
|
|
||||||
import "./ar2xar13xar22" as AR2XAR13XAR22
|
|
||||||
import "../../bitwise/32/andxornotand" as ANDXORNOTAND
|
|
||||||
import "../../bitwise/32/andxorandxorand" as ANDXORANDXORAND
|
|
||||||
import "./add" as ADD2
|
|
||||||
|
|
||||||
def ADD5(field[32] a, field[32] b, field[32] c, field[32] d, field[32] e) -> (field[32]):
|
|
||||||
ab = ADD2(a, b)
|
|
||||||
cd = ADD2(c, d)
|
|
||||||
abcd = ADD2(ab, cd)
|
|
||||||
abcde = ADD2(abcd, e)
|
|
||||||
return abcde
|
|
||||||
|
|
||||||
def main(field[32] k, field[32] w, field[32] a, field[32] b, field[32] c, field[32] d, field[32] e, field[32] f, field[32] g, field[32] h) -> (field[32], field[32], field[32], field[32], field[32], field[32], field[32], field[32]):
|
|
||||||
|
|
||||||
// S1 := (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25)
|
|
||||||
SOne = AR6XAR11XAR25(e)
|
|
||||||
|
|
||||||
// ch := (e and f) xor ((not e) and g)
|
|
||||||
ch = ANDXORNOTAND(e, f, g)
|
|
||||||
|
|
||||||
// temp1 := h + S1 + ch + k[i] + w[i]
|
|
||||||
tempOne = ADD5(h, SOne, ch, k, w)
|
|
||||||
|
|
||||||
// S0 := (a rightrotate 2) xor (a rightrotate 13) xor (a rightrotate 22)
|
|
||||||
SZero = AR2XAR13XAR22(a)
|
|
||||||
|
|
||||||
// maj := (a and b) xor (a and c) xor (b and c)
|
|
||||||
maj = ANDXORANDXORAND(a, b, c)
|
|
||||||
|
|
||||||
// temp2 := S0 + maj
|
|
||||||
tempTwo = ADD2(SZero, maj)
|
|
||||||
|
|
||||||
// en := d + temp1
|
|
||||||
en = ADD2(d, tempOne)
|
|
||||||
|
|
||||||
// an := temp1 + temp2
|
|
||||||
an = ADD2(tempOne, tempTwo)
|
|
||||||
|
|
||||||
return an, a, b, c, en, e, f, g
|
|
||||||
|
|
@ -1,20 +0,0 @@
|
||||||
// EXTEND
|
|
||||||
|
|
||||||
import "./ar7xar18xars3" as AR7XAR18XAR3
|
|
||||||
import "./ar17xar19xars10" as AR17XAR19XAR10
|
|
||||||
import "./add" as ADD
|
|
||||||
|
|
||||||
def ADD(field[32] a, field[32] b, field[32] c, field[32] d) -> (field[32]):
|
|
||||||
ab = ADD(a, b)
|
|
||||||
cd = ADD(c, d)
|
|
||||||
abcd = ADD(ab, cd)
|
|
||||||
return abcd
|
|
||||||
|
|
||||||
def main(field[32] wm15, field[32] wm2, field[32] wm16, field[32] wm7) -> (field[32]):
|
|
||||||
// s0 := (w[i-15] rightrotate 7) xor (w[i-15] rightrotate 18) xor (w[i-15] rightshift 3)
|
|
||||||
szero = AR7XAR18XAR3(wm15)
|
|
||||||
// s1 := (w[i-2] rightrotate 17) xor (w[i-2] rightrotate 19) xor (w[i-2] rightshift 10)
|
|
||||||
sone = AR17XAR19XAR10(wm2)
|
|
||||||
// w[i] := w[i-16] + s0 + w[i-7] + s1
|
|
||||||
wfb = ADD(wm16, szero, wm7, sone)
|
|
||||||
return wfb
|
|
||||||
|
|
@ -179,12 +179,8 @@ impl<'ast> FunctionQuery<'ast> {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
fn match_funcs(&self, funcs: &HashSet<FunctionKey<'ast>>) -> Vec<FunctionKey<'ast>> {
|
fn match_funcs(&self, funcs: &HashSet<FunctionKey<'ast>>) -> Option<FunctionKey<'ast>> {
|
||||||
funcs
|
funcs.iter().find(|func| self.match_func(func)).cloned()
|
||||||
.iter()
|
|
||||||
.filter(|func| self.match_func(func))
|
|
||||||
.cloned()
|
|
||||||
.collect()
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -799,6 +795,7 @@ impl<'ast> Checker<'ast> {
|
||||||
module_id: &ModuleId,
|
module_id: &ModuleId,
|
||||||
types: &TypeMap,
|
types: &TypeMap,
|
||||||
) -> Result<TypedStatement<'ast, T>, Vec<ErrorInner>> {
|
) -> Result<TypedStatement<'ast, T>, Vec<ErrorInner>> {
|
||||||
|
|
||||||
let pos = stat.pos();
|
let pos = stat.pos();
|
||||||
|
|
||||||
match stat.value {
|
match stat.value {
|
||||||
|
|
@ -936,24 +933,31 @@ impl<'ast> Checker<'ast> {
|
||||||
match rhs.value {
|
match rhs.value {
|
||||||
// Right side has to be a function call
|
// Right side has to be a function call
|
||||||
Expression::FunctionCall(fun_id, arguments) => {
|
Expression::FunctionCall(fun_id, arguments) => {
|
||||||
// find lhs types
|
|
||||||
let mut vars_types: Vec<Option<Type>> = vec![];
|
// check lhs assignees are defined
|
||||||
let mut var_names = vec![];
|
let (assignees, errors): (Vec<_>, Vec<_>) = assignees.into_iter().map(|a| self.check_assignee(a, module_id, types)).partition(|r| r.is_ok());
|
||||||
for assignee in assignees {
|
|
||||||
let (name, t) = match assignee.value {
|
if errors.len() > 0 {
|
||||||
Assignee::Identifier(name) => {
|
return Err(errors.into_iter().map(|e| e.unwrap_err()).collect());
|
||||||
Ok((name, match self.get_scope(&name) {
|
|
||||||
None => None,
|
|
||||||
Some(sv) => Some(sv.id.get_type())
|
|
||||||
}))
|
|
||||||
}
|
|
||||||
ref a => Err(ErrorInner {
|
|
||||||
pos: Some(pos),
|
|
||||||
message: format!("Left hand side of function return assignment must be a list of identifiers, found {}", a)})
|
|
||||||
}.map_err(|e| vec![e])?;
|
|
||||||
vars_types.push(t);
|
|
||||||
var_names.push(name);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// constrain assignees to being identifiers
|
||||||
|
let (variables, errors): (Vec<_>, Vec<_>) = assignees.into_iter().map(|a| match a.unwrap() {
|
||||||
|
TypedAssignee::Identifier(v) => Ok(v),
|
||||||
|
a => Err(ErrorInner {
|
||||||
|
pos: Some(pos),
|
||||||
|
message: format!("Only assignment to identifiers is supported, found {}", a)
|
||||||
|
})
|
||||||
|
}).partition(|r| r.is_ok());
|
||||||
|
|
||||||
|
if errors.len() > 0 {
|
||||||
|
return Err(errors.into_iter().map(|e| e.unwrap_err()).collect());
|
||||||
|
}
|
||||||
|
|
||||||
|
let variables: Vec<_> = variables.into_iter().map(|v| v.unwrap()).collect();
|
||||||
|
|
||||||
|
let vars_types = variables.iter().map(|a| Some(a.get_type().clone())).collect();
|
||||||
|
|
||||||
// find argument types
|
// find argument types
|
||||||
let mut arguments_checked = vec![];
|
let mut arguments_checked = vec![];
|
||||||
for arg in arguments {
|
for arg in arguments {
|
||||||
|
|
@ -965,32 +969,18 @@ impl<'ast> Checker<'ast> {
|
||||||
arguments_checked.iter().map(|a| a.get_type()).collect();
|
arguments_checked.iter().map(|a| a.get_type()).collect();
|
||||||
|
|
||||||
let query = FunctionQuery::new(&fun_id, &arguments_types, &vars_types);
|
let query = FunctionQuery::new(&fun_id, &arguments_types, &vars_types);
|
||||||
let candidates = self.find_candidates(&query);
|
let f = self.find_function(&query);
|
||||||
|
|
||||||
match candidates.len() {
|
match f {
|
||||||
// the function has to be defined
|
// the function has to be defined
|
||||||
1 => {
|
Some(f) => {
|
||||||
let f = &candidates[0];
|
|
||||||
|
|
||||||
// we can infer the left hand side to be typed as the return values
|
|
||||||
let lhs: Vec<Variable> = var_names.iter().zip(f.signature.outputs.iter()).map(|(name, ty)|
|
|
||||||
Variable::with_id_and_type(crate::typed_absy::Identifier::from(*name), ty.clone())
|
|
||||||
).collect();
|
|
||||||
|
|
||||||
let assignees: Vec<_> = lhs.iter().map(|v| v.clone().into()).collect();
|
|
||||||
|
|
||||||
let call = TypedExpressionList::FunctionCall(f.clone(), arguments_checked, f.signature.outputs.clone());
|
let call = TypedExpressionList::FunctionCall(f.clone(), arguments_checked, f.signature.outputs.clone());
|
||||||
|
|
||||||
for var in lhs {
|
Ok(TypedStatement::MultipleDefinition(variables, call))
|
||||||
self.insert_into_scope(var);
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(TypedStatement::MultipleDefinition(assignees, call))
|
|
||||||
},
|
},
|
||||||
0 => Err(ErrorInner { pos: Some(pos),
|
None => Err(ErrorInner { pos: Some(pos),
|
||||||
message: format!("Function definition for function {} with signature {} not found.", fun_id, query) }),
|
message: format!("Function definition for function {} with signature {} not found.", fun_id, query) }),
|
||||||
_ => Err(ErrorInner { pos: Some(pos),
|
|
||||||
message: format!("Function call for function {} with arguments {:?} is ambiguous.", fun_id, arguments_types) }),
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
_ => Err(ErrorInner {
|
_ => Err(ErrorInner {
|
||||||
|
|
@ -1018,7 +1008,7 @@ impl<'ast> Checker<'ast> {
|
||||||
))),
|
))),
|
||||||
None => Err(ErrorInner {
|
None => Err(ErrorInner {
|
||||||
pos: Some(assignee.pos()),
|
pos: Some(assignee.pos()),
|
||||||
message: format!("Undeclared variable: {:?}", variable_name),
|
message: format!("Variable `{}` is undeclared", variable_name),
|
||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
Assignee::Select(box assignee, box index) => {
|
Assignee::Select(box assignee, box index) => {
|
||||||
|
|
@ -1350,12 +1340,11 @@ impl<'ast> Checker<'ast> {
|
||||||
// we use type inference to determine the type of the return, so we don't specify it
|
// we use type inference to determine the type of the return, so we don't specify it
|
||||||
let query = FunctionQuery::new(&fun_id, &arguments_types, &vec![None]);
|
let query = FunctionQuery::new(&fun_id, &arguments_types, &vec![None]);
|
||||||
|
|
||||||
let candidates = self.find_candidates(&query);
|
let f = self.find_function(&query);
|
||||||
|
|
||||||
match candidates.len() {
|
match f {
|
||||||
// the function has to be defined
|
// the function has to be defined
|
||||||
1 => {
|
Some(f) => {
|
||||||
let f = &candidates[0];
|
|
||||||
// the return count has to be 1
|
// the return count has to be 1
|
||||||
match f.signature.outputs.len() {
|
match f.signature.outputs.len() {
|
||||||
1 => match &f.signature.outputs[0] {
|
1 => match &f.signature.outputs[0] {
|
||||||
|
|
@ -1404,7 +1393,7 @@ impl<'ast> Checker<'ast> {
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
0 => Err(ErrorInner {
|
None => Err(ErrorInner {
|
||||||
pos: Some(pos),
|
pos: Some(pos),
|
||||||
|
|
||||||
message: format!(
|
message: format!(
|
||||||
|
|
@ -1412,9 +1401,6 @@ impl<'ast> Checker<'ast> {
|
||||||
fun_id, query
|
fun_id, query
|
||||||
),
|
),
|
||||||
}),
|
}),
|
||||||
_ => {
|
|
||||||
unreachable!("duplicate definition should have been caught before the call")
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Expression::Lt(box e1, box e2) => {
|
Expression::Lt(box e1, box e2) => {
|
||||||
|
|
@ -1972,7 +1958,7 @@ impl<'ast> Checker<'ast> {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
fn find_candidates(&self, query: &FunctionQuery<'ast>) -> Vec<FunctionKey<'ast>> {
|
fn find_function(&self, query: &FunctionQuery<'ast>) -> Option<FunctionKey<'ast>> {
|
||||||
query.match_funcs(&self.functions)
|
query.match_funcs(&self.functions)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -3085,6 +3071,201 @@ mod tests {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn undeclared_variables() {
|
||||||
|
// def foo() -> (field, field):
|
||||||
|
// return 1, 2
|
||||||
|
// def main():
|
||||||
|
// a, b = foo()
|
||||||
|
// return 1
|
||||||
|
// should fail
|
||||||
|
|
||||||
|
let foo_statements: Vec<StatementNode<FieldPrime>> = vec![Statement::Return(
|
||||||
|
ExpressionList {
|
||||||
|
expressions: vec![
|
||||||
|
Expression::FieldConstant(FieldPrime::from(1)).mock(),
|
||||||
|
Expression::FieldConstant(FieldPrime::from(2)).mock(),
|
||||||
|
],
|
||||||
|
}
|
||||||
|
.mock(),
|
||||||
|
)
|
||||||
|
.mock()];
|
||||||
|
|
||||||
|
let foo = Function {
|
||||||
|
arguments: vec![],
|
||||||
|
statements: foo_statements,
|
||||||
|
signature: UnresolvedSignature {
|
||||||
|
inputs: vec![],
|
||||||
|
outputs: vec![
|
||||||
|
UnresolvedType::FieldElement.mock(),
|
||||||
|
UnresolvedType::FieldElement.mock(),
|
||||||
|
],
|
||||||
|
},
|
||||||
|
}
|
||||||
|
.mock();
|
||||||
|
|
||||||
|
let main_statements: Vec<StatementNode<FieldPrime>> = vec![
|
||||||
|
Statement::MultipleDefinition(
|
||||||
|
vec![
|
||||||
|
Assignee::Identifier("a").mock(),
|
||||||
|
Assignee::Identifier("b").mock(),
|
||||||
|
],
|
||||||
|
Expression::FunctionCall("foo", vec![]).mock(),
|
||||||
|
)
|
||||||
|
.mock(),
|
||||||
|
Statement::Return(
|
||||||
|
ExpressionList {
|
||||||
|
expressions: vec![],
|
||||||
|
}
|
||||||
|
.mock(),
|
||||||
|
)
|
||||||
|
.mock(),
|
||||||
|
];
|
||||||
|
|
||||||
|
let main = Function {
|
||||||
|
arguments: vec![],
|
||||||
|
statements: main_statements,
|
||||||
|
signature: UnresolvedSignature {
|
||||||
|
inputs: vec![],
|
||||||
|
outputs: vec![],
|
||||||
|
},
|
||||||
|
}
|
||||||
|
.mock();
|
||||||
|
|
||||||
|
let module = Module {
|
||||||
|
symbols: vec![
|
||||||
|
SymbolDeclaration {
|
||||||
|
id: "foo",
|
||||||
|
symbol: Symbol::HereFunction(foo),
|
||||||
|
}
|
||||||
|
.mock(),
|
||||||
|
SymbolDeclaration {
|
||||||
|
id: "main",
|
||||||
|
symbol: Symbol::HereFunction(main),
|
||||||
|
}
|
||||||
|
.mock(),
|
||||||
|
],
|
||||||
|
imports: vec![],
|
||||||
|
};
|
||||||
|
|
||||||
|
let mut state = State::new(vec![("main".into(), module)].into_iter().collect());
|
||||||
|
|
||||||
|
let mut checker = new_with_args(HashSet::new(), 0, HashSet::new());
|
||||||
|
assert_eq!(
|
||||||
|
checker.check_module(&"main".into(), &mut state),
|
||||||
|
Err(vec![
|
||||||
|
Error {
|
||||||
|
inner: ErrorInner {
|
||||||
|
pos: Some((Position::mock(), Position::mock())),
|
||||||
|
message: "Variable `a` is undeclared".into()
|
||||||
|
},
|
||||||
|
module_id: "main".into()
|
||||||
|
},
|
||||||
|
Error {
|
||||||
|
inner: ErrorInner {
|
||||||
|
pos: Some((Position::mock(), Position::mock())),
|
||||||
|
message: "Variable `b` is undeclared".into()
|
||||||
|
},
|
||||||
|
module_id: "main".into()
|
||||||
|
}
|
||||||
|
])
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn assign_to_non_variable() {
|
||||||
|
// def foo() -> (field):
|
||||||
|
// return 1
|
||||||
|
// def main():
|
||||||
|
// field[1] a = [0]
|
||||||
|
// a[0] = foo()
|
||||||
|
// return
|
||||||
|
// should fail
|
||||||
|
|
||||||
|
let foo_statements: Vec<StatementNode<FieldPrime>> = vec![Statement::Return(
|
||||||
|
ExpressionList {
|
||||||
|
expressions: vec![
|
||||||
|
Expression::FieldConstant(FieldPrime::from(1)).mock(),
|
||||||
|
],
|
||||||
|
}
|
||||||
|
.mock(),
|
||||||
|
)
|
||||||
|
.mock()];
|
||||||
|
|
||||||
|
let foo = Function {
|
||||||
|
arguments: vec![],
|
||||||
|
statements: foo_statements,
|
||||||
|
signature: UnresolvedSignature {
|
||||||
|
inputs: vec![],
|
||||||
|
outputs: vec![
|
||||||
|
UnresolvedType::FieldElement.mock(),
|
||||||
|
],
|
||||||
|
},
|
||||||
|
}
|
||||||
|
.mock();
|
||||||
|
|
||||||
|
let main_statements: Vec<StatementNode<FieldPrime>> = vec![
|
||||||
|
Statement::Declaration(absy::Variable::new("a", UnresolvedType::array(UnresolvedType::FieldElement.mock(), 1).mock()).mock()).mock(),
|
||||||
|
Statement::Definition(Assignee::Identifier("a".into()).mock(), Expression::InlineArray(vec![absy::SpreadOrExpression::Expression(Expression::FieldConstant(FieldPrime::from(0)).mock())]).mock()).mock(),
|
||||||
|
Statement::MultipleDefinition(
|
||||||
|
vec![
|
||||||
|
Assignee::Select(box Assignee::Identifier("a").mock(), box RangeOrExpression::Expression(absy::Expression::FieldConstant(FieldPrime::from(0)).mock())).mock(),
|
||||||
|
],
|
||||||
|
Expression::FunctionCall("foo", vec![]).mock(),
|
||||||
|
)
|
||||||
|
.mock(),
|
||||||
|
Statement::Return(
|
||||||
|
ExpressionList {
|
||||||
|
expressions: vec![],
|
||||||
|
}
|
||||||
|
.mock(),
|
||||||
|
)
|
||||||
|
.mock(),
|
||||||
|
];
|
||||||
|
|
||||||
|
let main = Function {
|
||||||
|
arguments: vec![],
|
||||||
|
statements: main_statements,
|
||||||
|
signature: UnresolvedSignature {
|
||||||
|
inputs: vec![],
|
||||||
|
outputs: vec![],
|
||||||
|
},
|
||||||
|
}
|
||||||
|
.mock();
|
||||||
|
|
||||||
|
let module = Module {
|
||||||
|
symbols: vec![
|
||||||
|
SymbolDeclaration {
|
||||||
|
id: "foo",
|
||||||
|
symbol: Symbol::HereFunction(foo),
|
||||||
|
}
|
||||||
|
.mock(),
|
||||||
|
SymbolDeclaration {
|
||||||
|
id: "main",
|
||||||
|
symbol: Symbol::HereFunction(main),
|
||||||
|
}
|
||||||
|
.mock(),
|
||||||
|
],
|
||||||
|
imports: vec![],
|
||||||
|
};
|
||||||
|
|
||||||
|
let mut state = State::new(vec![("main".into(), module)].into_iter().collect());
|
||||||
|
|
||||||
|
let mut checker = new_with_args(HashSet::new(), 0, HashSet::new());
|
||||||
|
assert_eq!(
|
||||||
|
checker.check_module(&"main".into(), &mut state),
|
||||||
|
Err(vec![
|
||||||
|
Error {
|
||||||
|
inner: ErrorInner {
|
||||||
|
pos: Some((Position::mock(), Position::mock())),
|
||||||
|
message: "Only assignment to identifiers is supported, found a[0]".into()
|
||||||
|
},
|
||||||
|
module_id: "main".into()
|
||||||
|
}
|
||||||
|
])
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn function_undefined() {
|
fn function_undefined() {
|
||||||
// def bar():
|
// def bar():
|
||||||
|
|
|
||||||
|
|
@ -7,5 +7,5 @@ def f(bool a, field b, Foo c, field[2] d) -> (Foo, field):
|
||||||
return Foo { a: [a, a], b: d[0] }, if c.a[0] then b + c.b else d[1] fi
|
return Foo { a: [a, a], b: d[0] }, if c.a[0] then b + c.b else d[1] fi
|
||||||
|
|
||||||
def main(bool a, field b, Foo c, field[2] d) -> (Foo, field):
|
def main(bool a, field b, Foo c, field[2] d) -> (Foo, field):
|
||||||
e, f = f(a, b, c, d)
|
Foo e, field f = f(a, b, c, d)
|
||||||
return e, f
|
return e, f
|
||||||
|
|
@ -1,6 +1,19 @@
|
||||||
// Parameters are based on: https://github.com/HarryR/ethsnarks/tree/9cdf0117c2e42c691e75b98979cb29b099eca998/src/jubjub
|
// Parameters are based on: https://github.com/HarryR/ethsnarks/tree/9cdf0117c2e42c691e75b98979cb29b099eca998/src/jubjub
|
||||||
// Note: parameters will be updated soon to be more compatible with zCash's implementation
|
// Note: parameters will be updated soon to be more compatible with zCash's implementation
|
||||||
def main() -> (field[10]):
|
|
||||||
|
struct BabyJubJubParams {
|
||||||
|
field JUBJUBE
|
||||||
|
field JUBJUBC
|
||||||
|
field JUBJUBA
|
||||||
|
field JUBJUBD
|
||||||
|
field MONTA
|
||||||
|
field MONTB
|
||||||
|
field[2] INFINITY
|
||||||
|
field Gu
|
||||||
|
field Gv
|
||||||
|
}
|
||||||
|
|
||||||
|
def main() -> (BabyJubJubParams):
|
||||||
|
|
||||||
// Order of the curve E
|
// Order of the curve E
|
||||||
field JUBJUBE = 21888242871839275222246405745257275088614511777268538073601725287587578984328
|
field JUBJUBE = 21888242871839275222246405745257275088614511777268538073601725287587578984328
|
||||||
|
|
@ -11,7 +24,7 @@ def main() -> (field[10]):
|
||||||
field MONTB = 1 // int(4/(JUBJUB_A-JUBJUB_D))
|
field MONTB = 1 // int(4/(JUBJUB_A-JUBJUB_D))
|
||||||
|
|
||||||
// Point at infinity
|
// Point at infinity
|
||||||
field[2] infinity = [0, 1]
|
field[2] INFINITY = [0, 1]
|
||||||
|
|
||||||
// Generator
|
// Generator
|
||||||
field Gu = 16540640123574156134436876038791482806971768689494387082833631921987005038935
|
field Gu = 16540640123574156134436876038791482806971768689494387082833631921987005038935
|
||||||
|
|
@ -19,4 +32,14 @@ def main() -> (field[10]):
|
||||||
|
|
||||||
// Index
|
// Index
|
||||||
// 0 1 2 3 4 5 6 7 8 10
|
// 0 1 2 3 4 5 6 7 8 10
|
||||||
return [JUBJUBA, JUBJUBD, infinity[0], infinity[1], Gu, Gv, JUBJUBE, JUBJUBC, MONTA, MONTB]
|
return BabyJubJubParams {
|
||||||
|
JUBJUBA: JUBJUBA,
|
||||||
|
JUBJUBD: JUBJUBD,
|
||||||
|
INFINITY: INFINITY,
|
||||||
|
Gu: Gu,
|
||||||
|
Gv: Gv,
|
||||||
|
JUBJUBE: JUBJUBE,
|
||||||
|
JUBJUBC: JUBJUBC,
|
||||||
|
MONTA: MONTA,
|
||||||
|
MONTB: MONTB
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,13 @@
|
||||||
import "ecc/babyjubjubParams" as context
|
from "ecc/babyjubjubParams" import main as context
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
|
|
||||||
// Add two points on a twisted Edwards curve
|
// Add two points on a twisted Edwards curve
|
||||||
// Curve parameters are defined with the last argument
|
// Curve parameters are defined with the last argument
|
||||||
// https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Addition_on_twisted_Edwards_curves
|
// https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Addition_on_twisted_Edwards_curves
|
||||||
def main(field[2] pt1, field[2] pt2, field[10] context) -> (field[2]):
|
def main(field[2] pt1, field[2] pt2, BabyJubJubParams context) -> (field[2]):
|
||||||
|
|
||||||
field a = context[0]
|
field a = context.JUBJUBA
|
||||||
field d = context[1]
|
field d = context.JUBJUBD
|
||||||
|
|
||||||
field u1 = pt1[0]
|
field u1 = pt1[0]
|
||||||
field v1 = pt1[1]
|
field v1 = pt1[1]
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
import "utils/pack/nonStrictUnpack256" as unpack256
|
import "utils/pack/nonStrictUnpack256" as unpack256
|
||||||
|
|
||||||
// Compress JubJub Curve Point to 256bit array using big endianness bit order
|
// Compress JubJub Curve Point to 256bit array using big endianness bit order
|
||||||
// Python reference code from pycrypto:
|
// Python reference code from pycrypto:
|
||||||
// def compress(self):
|
// def compress(self):
|
||||||
|
|
@ -6,7 +7,7 @@ import "utils/pack/nonStrictUnpack256" as unpack256
|
||||||
// y = self.y.n
|
// y = self.y.n
|
||||||
// return int.to_bytes(y | ((x & 1) << 255), 32, "big")
|
// return int.to_bytes(y | ((x & 1) << 255), 32, "big")
|
||||||
|
|
||||||
def main(field[2] pt, field[10] context) -> (field[256]):
|
def main(field[2] pt) -> (field[256]):
|
||||||
field x = pt[0]
|
field x = pt[0]
|
||||||
field y = pt[1]
|
field y = pt[1]
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,7 @@
|
||||||
import "ecc/babyjubjubParams" as context
|
|
||||||
// Negate a point on an Edwards curve
|
// Negate a point on an Edwards curve
|
||||||
// Curve parameters are defined with the last argument
|
// Curve parameters are defined with the last argument
|
||||||
// Twisted Edwards Curves, BBJLP-2008, section 2 pg 2
|
// Twisted Edwards Curves, BBJLP-2008, section 2 pg 2
|
||||||
def main(field[2] pt, field[10] context) -> (field[2]):
|
def main(field[2] pt) -> (field[2]):
|
||||||
|
|
||||||
field u = pt[0]
|
field u = pt[0]
|
||||||
field v = pt[1]
|
field v = pt[1]
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,13 @@
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
|
|
||||||
// Check if a point is on a twisted Edwards curve
|
// Check if a point is on a twisted Edwards curve
|
||||||
// Curve parameters are defined with the last argument
|
// Curve parameters are defined with the last argument
|
||||||
// See appendix 3.3.1 of Zcash protocol specification:
|
// See appendix 3.3.1 of Zcash protocol specification:
|
||||||
// https://github.com/zcash/zips/blob/master/protocol/protocol.pdf
|
// https://github.com/zcash/zips/blob/master/protocol/protocol.pdf
|
||||||
def main(field[2] pt, field[10] context) -> (field):
|
def main(field[2] pt, BabyJubJubParams context) -> (field):
|
||||||
|
|
||||||
field a = context[0]
|
field a = context.JUBJUBA
|
||||||
field d = context[1]
|
field d = context.JUBJUBD
|
||||||
|
|
||||||
field uu = pt[0] * pt[0]
|
field uu = pt[0] * pt[0]
|
||||||
field vv = pt[1] * pt[1]
|
field vv = pt[1] * pt[1]
|
||||||
|
|
|
||||||
|
|
@ -1,15 +1,19 @@
|
||||||
import "ecc/edwardsAdd" as add
|
import "ecc/edwardsAdd" as add
|
||||||
import "ecc/edwardsScalarMult" as multiply
|
import "ecc/edwardsScalarMult" as multiply
|
||||||
import "utils/pack/nonStrictUnpack256" as unpack256
|
import "utils/pack/nonStrictUnpack256" as unpack256
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
|
|
||||||
// Verifies that the point is not one of the low-order points.
|
// Verifies that the point is not one of the low-order points.
|
||||||
// If any of the points is multiplied by the cofactor, the resulting point
|
// If any of the points is multiplied by the cofactor, the resulting point
|
||||||
// will be infinity.
|
// will be infinity.
|
||||||
// Returns 1 if the point is not one of the low-order points, 0 otherwise.
|
// Returns 1 if the point is not one of the low-order points, 0 otherwise.
|
||||||
// Curve parameters are defined with the last argument
|
// Curve parameters are defined with the last argument
|
||||||
// https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/edwards.rs#L166
|
// https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/edwards.rs#L166
|
||||||
def main(field[2] pt, field[10] context) -> (field):
|
def main(field[2] pt, BabyJubJubParams context) -> (field):
|
||||||
|
|
||||||
field cofactor = context[7]
|
field cofactor = context.JUBJUBC
|
||||||
|
|
||||||
|
cofactor == 8
|
||||||
|
|
||||||
// Co-factor currently hard-coded to 8 for efficiency reasons
|
// Co-factor currently hard-coded to 8 for efficiency reasons
|
||||||
// See discussion here: https://github.com/Zokrates/ZoKrates/pull/301#discussion_r267203391
|
// See discussion here: https://github.com/Zokrates/ZoKrates/pull/301#discussion_r267203391
|
||||||
|
|
|
||||||
|
|
@ -1,21 +1,23 @@
|
||||||
import "ecc/edwardsAdd" as add
|
import "ecc/edwardsAdd" as add
|
||||||
import "ecc/edwardsOnCurve" as assertOnCurve
|
import "ecc/edwardsOnCurve" as assertOnCurve
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
|
|
||||||
// Function that implements scalar multiplication for a fixed base point
|
// Function that implements scalar multiplication for a fixed base point
|
||||||
// Curve parameters are defined with the last argument
|
// Curve parameters are defined with the last argument
|
||||||
// The exponent is hard-coded to a 256bit scalar, hence we allow wrapping around the group for certain
|
// The exponent is hard-coded to a 256bit scalar, hence we allow wrapping around the group for certain
|
||||||
// curve parameters.
|
// curve parameters.
|
||||||
// Note that the exponent array is not check to be boolean in this gadget
|
// Note that the exponent array is not check to be boolean in this gadget
|
||||||
// Reference: https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/fs.rs#L555
|
// Reference: https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/fs.rs#L555
|
||||||
def main(field[256] exponent, field[2] pt, field[10] context) -> (field[2]):
|
def main(field[256] exponent, field[2] pt, BabyJubJubParams context) -> (field[2]):
|
||||||
|
|
||||||
field[2] infinity = [context[2], context[3]]
|
field[2] infinity = context.INFINITY
|
||||||
|
|
||||||
field[2] doubledP = pt
|
field[2] doubledP = pt
|
||||||
field[2] accumulatedP = infinity
|
field[2] accumulatedP = infinity
|
||||||
|
|
||||||
for field i in 0..256 do
|
for field i in 0..256 do
|
||||||
field j = 255 - i
|
field j = 255 - i
|
||||||
candidateP = add(accumulatedP, doubledP, context)
|
field[2] candidateP = add(accumulatedP, doubledP, context)
|
||||||
accumulatedP = if exponent[j] == 1 then candidateP else accumulatedP fi
|
accumulatedP = if exponent[j] == 1 then candidateP else accumulatedP fi
|
||||||
doubledP = add(doubledP, doubledP, context)
|
doubledP = add(doubledP, doubledP, context)
|
||||||
endfor
|
endfor
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
import "ecc/edwardsAdd" as add
|
import "ecc/edwardsAdd" as add
|
||||||
import "ecc/edwardsScalarMult" as multiply
|
import "ecc/edwardsScalarMult" as multiply
|
||||||
import "utils/pack/nonStrictUnpack256" as unpack256
|
import "utils/pack/nonStrictUnpack256" as unpack256
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
|
|
||||||
/// Verifies match of a given public/private keypair.
|
/// Verifies match of a given public/private keypair.
|
||||||
///
|
///
|
||||||
|
|
@ -16,9 +17,9 @@ import "utils/pack/nonStrictUnpack256" as unpack256
|
||||||
///
|
///
|
||||||
/// Returns:
|
/// Returns:
|
||||||
/// Return 1 for pk/sk being a valid keypair, 0 otherwise.
|
/// Return 1 for pk/sk being a valid keypair, 0 otherwise.
|
||||||
def main(field[2] pk, field sk, field[10] context) -> (field):
|
def main(field[2] pk, field sk, BabyJubJubParams context) -> (field):
|
||||||
|
|
||||||
field[2] G = [context[4], context[5]]
|
field[2] G = [context.Gu, context.Gv]
|
||||||
|
|
||||||
field[256] skBits = unpack256(sk)
|
field[256] skBits = unpack256(sk)
|
||||||
field[2] ptExp = multiply(skBits, G, context)
|
field[2] ptExp = multiply(skBits, G, context)
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@ import "utils/multiplexer/lookup2bit" as sel2
|
||||||
import "ecc/babyjubjubParams" as context
|
import "ecc/babyjubjubParams" as context
|
||||||
import "ecc/edwardsAdd" as add
|
import "ecc/edwardsAdd" as add
|
||||||
import "ecc/edwardsCompress" as edwardsCompress
|
import "ecc/edwardsCompress" as edwardsCompress
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
|
|
||||||
// Code to export generators used in this example:
|
// Code to export generators used in this example:
|
||||||
// import bitstring
|
// import bitstring
|
||||||
|
|
@ -16,11 +17,11 @@ import "ecc/edwardsCompress" as edwardsCompress
|
||||||
|
|
||||||
// 512bit to 256bit Pedersen hash using compression of the field elements
|
// 512bit to 256bit Pedersen hash using compression of the field elements
|
||||||
def main(field[512] e) -> (field[256]):
|
def main(field[512] e) -> (field[256]):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
field[2] a = [context[2], context[3]] //Infinity
|
field[2] a = context.INFINITY //Infinity
|
||||||
//Round 0
|
//Round 0
|
||||||
cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236])
|
field cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236])
|
||||||
cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845])
|
field cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845])
|
||||||
a = add(a, [cx, cy], context)
|
a = add(a, [cx, cy], context)
|
||||||
//Round 1
|
//Round 1
|
||||||
cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905])
|
cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905])
|
||||||
|
|
@ -703,5 +704,5 @@ def main(field[512] e) -> (field[256]):
|
||||||
cy = sel2([e[510], e[511]], [2329094643034533408459502544740928833981119919633412709248656884170940780093 , 3216329736050668550647765981020076413548845117352735257893224753954595290363, 18710403072495673647060422294369054840513840567808020912157404388689648711093, 9785201456176703812798077455183487364035650707229293534561747881523562553649])
|
cy = sel2([e[510], e[511]], [2329094643034533408459502544740928833981119919633412709248656884170940780093 , 3216329736050668550647765981020076413548845117352735257893224753954595290363, 18710403072495673647060422294369054840513840567808020912157404388689648711093, 9785201456176703812798077455183487364035650707229293534561747881523562553649])
|
||||||
a = add(a, [cx, cy], context)
|
a = add(a, [cx, cy], context)
|
||||||
|
|
||||||
field[256] aC = edwardsCompress(a, context)
|
field[256] aC = edwardsCompress(a)
|
||||||
return aC
|
return aC
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,17 @@
|
||||||
import "utils/multiplexer/lookup3bitSigned" as sel3s
|
import "utils/multiplexer/lookup3bitSigned" as sel3s
|
||||||
import "utils/multiplexer/lookup2bit" as sel2
|
import "utils/multiplexer/lookup2bit" as sel2
|
||||||
import "ecc/babyjubjubParams" as context
|
import "ecc/babyjubjubParams" as context
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
import "ecc/edwardsAdd" as add
|
import "ecc/edwardsAdd" as add
|
||||||
|
|
||||||
def main(field[6] e) -> (field[2]):
|
def main(field[6] e) -> (field[2]):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
|
|
||||||
field[2] a = [context[2], context[3]] //Infinity
|
field[2] a = context.INFINITY //Infinity
|
||||||
|
|
||||||
//Round 0
|
//Round 0
|
||||||
cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236])
|
field cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236])
|
||||||
cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845])
|
field cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845])
|
||||||
a = add(a, [cx, cy], context)
|
a = add(a, [cx, cy], context)
|
||||||
//Round 1
|
//Round 1
|
||||||
cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905])
|
cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905])
|
||||||
|
|
|
||||||
|
|
@ -6,8 +6,8 @@ import "./shaRoundNoBoolCheck" as sha256
|
||||||
// It returns an array of 256 field elements.
|
// It returns an array of 256 field elements.
|
||||||
def main(field[256] a, field[256] b, field[256] c, field[256] d) -> (field[256]):
|
def main(field[256] a, field[256] b, field[256] c, field[256] d) -> (field[256]):
|
||||||
|
|
||||||
IV = IVconstants()
|
field[256] IV = IVconstants()
|
||||||
digest1 = sha256(a, b, IV)
|
field[256] digest1 = sha256(a, b, IV)
|
||||||
digest2 = sha256(c, d, digest1)
|
field[256] digest2 = sha256(c, d, digest1)
|
||||||
|
|
||||||
return digest2
|
return digest2
|
||||||
|
|
@ -10,6 +10,6 @@ def main(field[256] a, field[256] b, field[256] c, field[256] d) -> (field[256])
|
||||||
// total length of message is 1024 bits: 0b10000000000
|
// total length of message is 1024 bits: 0b10000000000
|
||||||
field[256] dummyblock2 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
|
field[256] dummyblock2 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
|
||||||
|
|
||||||
digest = sha256(a, b, c, d, dummyblock1, dummyblock2)
|
field[256] digest = sha256(a, b, c, d, dummyblock1, dummyblock2)
|
||||||
|
|
||||||
return digest
|
return digest
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,9 @@ import "./shaRoundNoBoolCheck" as sha256
|
||||||
// It returns an array of 256 field elements.
|
// It returns an array of 256 field elements.
|
||||||
def main(field[256] a, field[256] b, field[256] c, field[256] d, field[256] e, field[256] f) -> (field[256]):
|
def main(field[256] a, field[256] b, field[256] c, field[256] d, field[256] e, field[256] f) -> (field[256]):
|
||||||
|
|
||||||
IV = IVconstants()
|
field[256] IV = IVconstants()
|
||||||
digest1 = sha256(a, b, IV)
|
field[256] digest1 = sha256(a, b, IV)
|
||||||
digest2 = sha256(c, d, digest1)
|
field[256] digest2 = sha256(c, d, digest1)
|
||||||
digest3 = sha256(e, f, digest2)
|
field[256] digest3 = sha256(e, f, digest2)
|
||||||
|
|
||||||
return digest3
|
return digest3
|
||||||
|
|
@ -8,8 +8,8 @@ def main(field[256] a, field[256] b) -> (field[256]):
|
||||||
|
|
||||||
// a and b is NOT checked to be of type bool
|
// a and b is NOT checked to be of type bool
|
||||||
|
|
||||||
IV = IVconstants()
|
field[256] IV = IVconstants()
|
||||||
digest = sha256(a, b, IV)
|
field[256] digest = sha256(a, b, IV)
|
||||||
//digest is constraint to be of type bool
|
//digest is constraint to be of type bool
|
||||||
|
|
||||||
return digest
|
return digest
|
||||||
|
|
|
||||||
|
|
@ -6,17 +6,17 @@ import "./512bitPadded" as sha256
|
||||||
// It then returns an array of two field elements, each representing 128 bits of the result.
|
// It then returns an array of two field elements, each representing 128 bits of the result.
|
||||||
def main(field[4] preimage) -> (field[2]):
|
def main(field[4] preimage) -> (field[2]):
|
||||||
|
|
||||||
a = unpack128(preimage[0])
|
field[128] a = unpack128(preimage[0])
|
||||||
b = unpack128(preimage[1])
|
field[128] b = unpack128(preimage[1])
|
||||||
c = unpack128(preimage[2])
|
field[128] c = unpack128(preimage[2])
|
||||||
d = unpack128(preimage[3])
|
field[128] d = unpack128(preimage[3])
|
||||||
|
|
||||||
field[256] lhs = [...a, ...b]
|
field[256] lhs = [...a, ...b]
|
||||||
field[256] rhs = [...c, ...d]
|
field[256] rhs = [...c, ...d]
|
||||||
|
|
||||||
field[256] r = sha256(lhs, rhs)
|
field[256] r = sha256(lhs, rhs)
|
||||||
|
|
||||||
res0 = pack128(r[..128])
|
field res0 = pack128(r[..128])
|
||||||
res1 = pack128(r[128..])
|
field res1 = pack128(r[128..])
|
||||||
|
|
||||||
return [res0, res1]
|
return [res0, res1]
|
||||||
|
|
@ -11,6 +11,6 @@ def main(field[256] a, field[256] b) -> (field[256]):
|
||||||
// total length of message is 512 bits: 0b1000000000
|
// total length of message is 512 bits: 0b1000000000
|
||||||
field[256] dummyblock2 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0]
|
field[256] dummyblock2 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0]
|
||||||
|
|
||||||
digest = sha256(a, b, dummyblock1, dummyblock2)
|
field[256] digest = sha256(a, b, dummyblock1, dummyblock2)
|
||||||
|
|
||||||
return digest
|
return digest
|
||||||
|
|
@ -4,6 +4,7 @@ import "ecc/edwardsAdd" as add
|
||||||
import "utils/pack/nonStrictUnpack256" as unpack256
|
import "utils/pack/nonStrictUnpack256" as unpack256
|
||||||
import "ecc/edwardsOnCurve" as onCurve
|
import "ecc/edwardsOnCurve" as onCurve
|
||||||
import "ecc/edwardsOrderCheck" as orderCheck
|
import "ecc/edwardsOrderCheck" as orderCheck
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
|
|
||||||
/// Verifies an EdDSA Signature.
|
/// Verifies an EdDSA Signature.
|
||||||
///
|
///
|
||||||
|
|
@ -26,9 +27,9 @@ import "ecc/edwardsOrderCheck" as orderCheck
|
||||||
///
|
///
|
||||||
/// Returns:
|
/// Returns:
|
||||||
/// Return 1 for S being a valid EdDSA Signature, 0 otherwise.
|
/// Return 1 for S being a valid EdDSA Signature, 0 otherwise.
|
||||||
def main(private field[2] R, private field S, field[2] A, field[256] M0, field[256] M1, field[10] context) -> (field):
|
def main(private field[2] R, private field S, field[2] A, field[256] M0, field[256] M1, BabyJubJubParams context) -> (field):
|
||||||
|
|
||||||
field[2] G = [context[4], context[5]]
|
field[2] G = [context.Gu, context.Gv]
|
||||||
|
|
||||||
// Check if R is on curve and if it is not in a small subgroup. A is public input and can be checked offline
|
// Check if R is on curve and if it is not in a small subgroup. A is public input and can be checked offline
|
||||||
field isOnCurve = onCurve(R, context) // throws if R is not on curve
|
field isOnCurve = onCurve(R, context) // throws if R is not on curve
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,14 @@
|
||||||
import "ecc/edwardsAdd" as add
|
import "ecc/edwardsAdd" as add
|
||||||
import "ecc/edwardsNegate" as neg
|
import "ecc/edwardsNegate" as neg
|
||||||
import "ecc/babyjubjubParams" as context
|
import "ecc/babyjubjubParams" as context
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
|
|
||||||
// Code to create test cases:
|
// Code to create test cases:
|
||||||
// https://github.com/Zokrates/pycrypto
|
// https://github.com/Zokrates/pycrypto
|
||||||
def testDoubleViaAdd() -> (field):
|
def testDoubleViaAdd() -> (field):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
field[2] G = [context[4], context[5]]
|
field[2] G = [context.Gu, context.Gv]
|
||||||
|
|
||||||
field[2] out = add(G, G, context)
|
field[2] out = add(G, G, context)
|
||||||
|
|
||||||
out[0] == 17324563846726889236817837922625232543153115346355010501047597319863650987830
|
out[0] == 17324563846726889236817837922625232543153115346355010501047597319863650987830
|
||||||
|
|
@ -16,13 +17,13 @@ def testDoubleViaAdd() -> (field):
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
def testIdentities() -> (field):
|
def testIdentities() -> (field):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
field[2] G = [context[4], context[5]]
|
field[2] G = [context.Gu, context.Gv]
|
||||||
field[2] inf = [context[2], context[3]]
|
field[2] inf = context.INFINITY
|
||||||
|
|
||||||
G == add(G, inf, context)
|
G == add(G, inf, context)
|
||||||
|
|
||||||
field[2] nG = neg(G, context)
|
field[2] nG = neg(G)
|
||||||
field[2] nGaddG = add(G, nG, context)
|
field[2] nGaddG = add(G, nG, context)
|
||||||
|
|
||||||
inf == nGaddG
|
inf == nGaddG
|
||||||
|
|
|
||||||
|
|
@ -1,17 +1,18 @@
|
||||||
import "ecc/edwardsCompress" as edwardsCompress
|
import "ecc/edwardsCompress" as edwardsCompress
|
||||||
import "ecc/babyjubjubParams" as context
|
import "ecc/babyjubjubParams" as context
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
|
|
||||||
// Code to create test cases:
|
// Code to create test cases:
|
||||||
// https://github.com/Zokrates/pycrypto
|
// https://github.com/Zokrates/pycrypto
|
||||||
def testCompress() -> (field):
|
def testCompress() -> (field):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
|
|
||||||
field Gu = context[4]
|
field Gu = context.Gu
|
||||||
field Gv = context[5]
|
field Gv = context.Gv
|
||||||
|
|
||||||
Gcompressed = edwardsCompress([Gu, Gv], context)
|
field[256] Gcompressed = edwardsCompress([Gu, Gv])
|
||||||
|
|
||||||
Gcompressed = [1,0,1,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,1,0,1,0,0,1,0,1,1,1,1,1,1,1,1,0,0,0,1,1,0,1,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,1,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1,1,0,1,0,0,1,0,0,1,0,0,1,1,0,0,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0,1,1,0,1,0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,1,1,0,1,0,0,0,1,0,0,1,1,0,1,0,0,1,0,0,0,1,1,0,1,1,1,0,1,1,0,0,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,1,0,0,0,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1,1,1]
|
Gcompressed == [1,0,1,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,1,0,1,0,0,1,0,1,1,1,1,1,1,1,1,0,0,0,1,1,0,1,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,1,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1,1,0,1,0,0,1,0,0,1,0,0,1,1,0,0,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0,1,1,0,1,0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,1,1,0,1,0,0,0,1,0,0,1,1,0,1,0,0,1,0,0,0,1,1,0,1,1,1,0,1,1,0,0,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,1,0,0,0,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1,1,1]
|
||||||
|
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,11 @@
|
||||||
import "ecc/babyjubjubParams" as context
|
import "ecc/babyjubjubParams" as context
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
import "ecc/edwardsOnCurve" as onCurve
|
import "ecc/edwardsOnCurve" as onCurve
|
||||||
|
|
||||||
// Code to create test cases:
|
// Code to create test cases:
|
||||||
// https://github.com/Zokrates/pycrypto
|
// https://github.com/Zokrates/pycrypto
|
||||||
def testOnCurveTrue() -> (field):
|
def testOnCurveTrue() -> (field):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
|
|
||||||
field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830
|
field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830
|
||||||
field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831
|
field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,11 @@
|
||||||
import "ecc/edwardsOrderCheck" as orderCheck
|
import "ecc/edwardsOrderCheck" as orderCheck
|
||||||
import "ecc/babyjubjubParams" as context
|
import "ecc/babyjubjubParams" as context
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
|
|
||||||
// Code to create test cases:
|
// Code to create test cases:
|
||||||
// https://github.com/Zokrates/pycrypto
|
// https://github.com/Zokrates/pycrypto
|
||||||
def testOrderCheckTrue() -> (field):
|
def testOrderCheckTrue() -> (field):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
|
|
||||||
field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830
|
field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830
|
||||||
field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831
|
field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831
|
||||||
|
|
@ -15,7 +16,7 @@ def testOrderCheckTrue() -> (field):
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
def testOrderCheckFalse() -> (field):
|
def testOrderCheckFalse() -> (field):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
|
|
||||||
field testU = 4342719913949491028786768530115087822524712248835451589697801404893164183326
|
field testU = 4342719913949491028786768530115087822524712248835451589697801404893164183326
|
||||||
field testV = 4826523245007015323400664741523384119579596407052839571721035538011798951543
|
field testV = 4826523245007015323400664741523384119579596407052839571721035538011798951543
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,12 @@
|
||||||
import "ecc/babyjubjubParams" as context
|
import "ecc/babyjubjubParams" as context
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
import "ecc/edwardsScalarMult" as mul
|
import "ecc/edwardsScalarMult" as mul
|
||||||
|
|
||||||
// Code to create test cases:
|
// Code to create test cases:
|
||||||
// https://github.com/Zokrates/pycrypto
|
// https://github.com/Zokrates/pycrypto
|
||||||
def testCyclic() -> (field):
|
def testCyclic() -> (field):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
field[2] G = [context[4], context[5]]
|
field[2] G = [context.Gu, context.Gv]
|
||||||
|
|
||||||
// exp = JUBJUB_E + 1
|
// exp = JUBJUB_E + 1
|
||||||
field[256] exp = [0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1]
|
field[256] exp = [0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1]
|
||||||
|
|
@ -16,8 +17,8 @@ def testCyclic() -> (field):
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
def testMul2() -> (field):
|
def testMul2() -> (field):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
field[2] G = [context[4], context[5]]
|
field[2] G = [context.Gu, context.Gv]
|
||||||
|
|
||||||
// exp == 2
|
// exp == 2
|
||||||
field[256] exp = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0]
|
field[256] exp = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0]
|
||||||
|
|
@ -29,8 +30,8 @@ def testMul2() -> (field):
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
def testAssociativity() -> (field):
|
def testAssociativity() -> (field):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
field[2] G = [context[4], context[5]]
|
field[2] G = [context.Gu, context.Gv]
|
||||||
|
|
||||||
// a = 1234
|
// a = 1234
|
||||||
field[256] a = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0]
|
field[256] a = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0]
|
||||||
|
|
@ -58,8 +59,8 @@ def testAssociativity() -> (field):
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
def testMultiplicative() -> (field):
|
def testMultiplicative() -> (field):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
field[2] G = [context[4], context[5]]
|
field[2] G = [context.Gu, context.Gv]
|
||||||
|
|
||||||
// a = 1234
|
// a = 1234
|
||||||
field[256] a = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0]
|
field[256] a = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0]
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
import "ecc/babyjubjubParams" as context
|
import "ecc/babyjubjubParams" as context
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
import "ecc/proofOfOwnership" as proofOfOwnership
|
import "ecc/proofOfOwnership" as proofOfOwnership
|
||||||
import "ecc/edwardsScalarMult" as multiply
|
import "ecc/edwardsScalarMult" as multiply
|
||||||
import "utils/pack/nonStrictUnpack256" as unpack256
|
import "utils/pack/nonStrictUnpack256" as unpack256
|
||||||
|
|
@ -6,8 +7,8 @@ import "utils/pack/nonStrictUnpack256" as unpack256
|
||||||
// Code to create test cases:
|
// Code to create test cases:
|
||||||
// https://github.com/Zokrates/pycrypto
|
// https://github.com/Zokrates/pycrypto
|
||||||
def testOwnershipTrue() -> (field):
|
def testOwnershipTrue() -> (field):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
field[2] G = [context[4], context[5]]
|
field[2] G = [context.Gu, context.Gv]
|
||||||
|
|
||||||
field[2] Pk = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174]
|
field[2] Pk = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174]
|
||||||
field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025
|
field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025
|
||||||
|
|
@ -18,7 +19,7 @@ def testOwnershipTrue() -> (field):
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
def testtOwnershipFalse() -> (field):
|
def testtOwnershipFalse() -> (field):
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
|
|
||||||
field[2] Pk = [16328093915569409528980874702678312730273137210288183490878184636452430630129, 9377227749598842756429258362864743065769435972445705966557343775367597326529]
|
field[2] Pk = [16328093915569409528980874702678312730273137210288183490878184636452430630129, 9377227749598842756429258362864743065769435972445705966557343775367597326529]
|
||||||
field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025
|
field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@ def main() -> (field):
|
||||||
field c = 0
|
field c = 0
|
||||||
field d = 5
|
field d = 5
|
||||||
|
|
||||||
h = sha256packed([a, b, c, d])
|
field[2] h = sha256packed([a, b, c, d])
|
||||||
|
|
||||||
h[0] == 263561599766550617289250058199814760685
|
h[0] == 263561599766550617289250058199814760685
|
||||||
h[1] == 65303172752238645975888084098459749904
|
h[1] == 65303172752238645975888084098459749904
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ def left() -> (field):
|
||||||
|
|
||||||
field[256] a = [0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0]
|
field[256] a = [0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0]
|
||||||
field[256] b = [0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1]
|
field[256] b = [0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1]
|
||||||
out = direction(0, a, b)
|
field[512] out = direction(0, a, b)
|
||||||
out == [0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1]
|
out == [0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1]
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
|
|
@ -26,7 +26,7 @@ def right() -> (field):
|
||||||
|
|
||||||
field[256] a = [0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0]
|
field[256] a = [0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0]
|
||||||
field[256] b = [0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1]
|
field[256] b = [0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1]
|
||||||
out = direction(1, a, b)
|
field[512] out = direction(1, a, b)
|
||||||
out == [0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0]
|
out == [0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0]
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,12 @@
|
||||||
import "signatures/verifyEddsa" as verifyEddsa
|
import "signatures/verifyEddsa" as verifyEddsa
|
||||||
import "ecc/babyjubjubParams" as context
|
import "ecc/babyjubjubParams" as context
|
||||||
|
from "ecc/babyjubjubParams" import BabyJubJubParams
|
||||||
|
|
||||||
// Code to create test case:
|
// Code to create test case:
|
||||||
// https://github.com/Zokrates/pycrypto
|
// https://github.com/Zokrates/pycrypto
|
||||||
def main() -> (field):
|
def main() -> (field):
|
||||||
|
|
||||||
context = context()
|
BabyJubJubParams context = context()
|
||||||
|
|
||||||
field[2] R = [20197911405516193152560090893341588680064377398162745404177962124159545390767, 9171190326927340493105240100684097896571028312802691203521747450053192554927]
|
field[2] R = [20197911405516193152560090893341588680064377398162745404177962124159545390767, 9171190326927340493105240100684097896571028312802691203521747450053192554927]
|
||||||
field S = 6050429445242986634735172402304257690628456074852538287769363221635064371045
|
field S = 6050429445242986634735172402304257690628456074852538287769363221635064371045
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue