tornado-packages/circomlib
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First Version SMT

Browse Source
This commit is contained in:
Jordi Baylina 2018-12-11 17:25:21 +01:00
parent 2d43178c8d
commit 38fc4b7396
No known key found for this signature in database
GPG Key ID: 7480C80C1BE43112
15 changed files with 495 additions and 122321 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122243
circuit.json
View File

File diff suppressed because one or more lines are too long

29
circuits/bitify.circom
View File

@ -18,6 +18,7 @@
*/
include "comparators.circom";
include "aliascheck.circom";
template Num2Bits(n) {
@ -32,7 +33,20 @@ template Num2Bits(n) {
}
lc1 === in;
}
template Num2Bits_strict() {
signal input in;
signal output out[254];
component aliasCheck = AliasCheck();
component n2b = Num2Bits(254);
in ==> n2b.in;
for (var i=0; i<254; i++) {
n2b.out[i] ==> out[i];
n2b.out[i] ==> aliasCheck.in[i];
}
}
template Bits2Num(n) {
@ -47,6 +61,21 @@ template Bits2Num(n) {
lc1 ==> out;
}
template Bits2Num_strict() {
signal input in[n];
signal output out;
component aliasCheck = AliasCheck();
component b2n = Bits2Num(254);
for (var i=0; i<254; i++) {
in[i] ==> b2n.in[i];
in[i] ==> aliasCheck.in[i];
}
b2n.out ==> out;
}
template Num2BitsNeg(n) {
signal input in;
signal output out[n];

48
circuits/smt/smthash.circom Normal file
View File

@ -0,0 +1,48 @@
include "../mimc.circom";
/*
Hash1 = H(1 | key | value)
*/
template SMTHash1() {
signal input key;
signal input value;
signal output out;
component h1 = MiMC7(91); // Constant
h1.x_in <== 0;
h1.k <== 1;
component h2 = MiMC7(91);
h2.x_in <== h1.out;
h2.k <== key;
component h3 = MiMC7(91);
h3.x_in <== h2.out;
h3.k <== value;
out <== h3.out;
}
/*
This component is used to create the 2 nodes.
Hash2 = H(Hl | Hr)
*/
template SMTHash2() {
signal input L;
signal input R;
signal output out;
component h1 = MiMC7(91);
h1.x_in <== 0;
h1.k <== L;
component h2 = MiMC7(91);
h2.x_in <== h1.out;
h2.k <== R;
out <== h2.out;
}

77
circuits/smt/smtinsert.circom
View File

@ -96,65 +96,72 @@ Insert to a used leaf.
***************************************************************************************************/
include "../node_modules/circom/circuits/gates.circom";
include "../node_modules/circom/circuits/bitify.circom";
include "../gates.circom";
include "../bitify.circom";
include "../comparators.circom";
include "../switcher.circom";
include "smtlevins.circom";
include "smtinsertlevel.circom";
include "smtinsertsm.circom";
include "smthash.circom";
template SMTInsert(nLevels) {
signal input oldRoot;
signal input newRoot;
signal input siblings[nLevels];
signal input oldHKey;
signal input oldHValue;
signal input newHKey;
signal input newHValue;
signal input oldKey;
signal input oldValue;
signal input isOld0;
signal input newKey;
signal input newValue;
component hash1Old = SMTHash1();
hash1Old.l <== oldHKey;
hash1Old.r <== oldHValue;
hash1Old.key <== oldKey;
hash1Old.value <== oldValue;
component hash1New = SMTHash1();
hash1New.l <== newHKey;
hash1New.r <== newHValue;
hash1New.key <== newKey;
hash1New.value <== newValue;
component n2bOld = Num2BinStrinct();
component n2bNew = Num2BinStrinct();
component n2bOld = Num2Bits_strict();
component n2bNew = Num2Bits_strict();
component dmtLevIns = SMTLevIns(nLevels);
for (var i=0; i<nLevels; i++) dmtLevIns.siblings[i] <== siblings[i];
n2bOld.in <== oldKey;
n2bNew.in <== newKey;
component smtLevIns = SMTLevIns(nLevels);
for (var i=0; i<nLevels; i++) smtLevIns.siblings[i] <== siblings[i];
component xors[nLevels];
for (var i=0; i<nLevels; i++) {
xors[i] = XOR();
xors[i].a <== n2bOld.out[i];
xors[i].a <== n2bNew.out[i];
xors[i].b <== n2bNew.out[i];
}
component isOld0 = IsZero();
isOld0.in <== oldHValue;
component sm[nLevels];
for (var i=0; i<sm; i++) {
for (var i=0; i<nLevels; i++) {
sm[i] = SMTInsertSM();
if (i==0) {
sm[i].prevst_top <== 1;
sm[i].prevst_old1 <== 0;
sm[i].prevst_old0 <== 0;
sm[i].prevst_bot <== 0;
sm[i].prevst_new1 <== 0;
sm[i].prevst_na <== 0;
sm[i].prev_top <== 1;
sm[i].prev_old1 <== 0;
sm[i].prev_old0 <== 0;
sm[i].prev_bot <== 0;
sm[i].prev_new1 <== 0;
sm[i].prev_na <== 0;
} else {
sm[i].prevst_top <== sm[i-1].st_top;
sm[i].prevst_old1 <== sm[i-1].st_old1;
sm[i].prevst_old0 <== sm[i-1].st_old0;
sm[i].prevst_bot <== sm[i-1].st_bot;
sm[i].prevst_new1 <== sm[i-1].st_new1;
sm[i].prevst_na <== sm[i-1].st_na;
sm[i].prev_top <== sm[i-1].st_top;
sm[i].prev_old1 <== sm[i-1].st_old1;
sm[i].prev_old0 <== sm[i-1].st_old0;
sm[i].prev_bot <== sm[i-1].st_bot;
sm[i].prev_new1 <== sm[i-1].st_new1;
sm[i].prev_na <== sm[i-1].st_na;
}
sm[i].is0 <== isOld0.out;
sm[i].is0 <== isOld0;
sm[i].xor <== xors[i].out;
sm[i].levIns <== dmtLevIns.out[i];
sm[i].levIns <== smtLevIns.levIns[i];
}
sm[nLevels-1].prevst_na === 1;
sm[nLevels-1].st_na === 1;
component levels[nLevels];
for (var i=nLevels-1; i != -1; i--) {
@ -171,7 +178,7 @@ template SMTInsert(nLevels) {
levels[i].old1leaf <== hash1Old.out;
levels[i].new1leaf <== hash1New.out;
levels[i].new1lrbit <== n2bNew.out[i];
levels[i].newlrbit <== n2bNew.out[i];
if (i==nLevels-1) {
levels[i].oldChild <== 0;
levels[i].newChild <== 0;

18
circuits/smt/smtinsertlevel.circom
View File

@ -49,27 +49,27 @@ template SMTInsertLevel() {
// Old side
oldSwitcher.inL <== oldChild;
oldSwitcher.inR <== sibling;
oldSwitcher.L <== oldChild;
oldSwitcher.R <== sibling;
oldSwitcher.sel <== newlrbit;
oldProofHash.L <== oldSwitcher.outL;
oldProofHash.R <== oldSwitcher.outR;
aux[0] <== old1 * st_old1;
aux[0] <== old1leaf * st_old1;
oldRoot <== aux[0] + oldProofHash.out * st_top;
// New side
aux[1] <== newChild * ( st_top + st_old1 + st_but);
oldSwitcher.inL <== aux[1] + new1leaf*st_new1;
aux[1] <== newChild * ( st_top + st_old1 + st_bot);
newSwitcher.L <== aux[1] + new1leaf*st_new1;
aux[2] <== sibling*st_top;
oldSwitcher.inR <== aux[2] + old1leaf*st_new1;
newSwitcher.R <== aux[2] + old1leaf*st_new1;
newProofHash.sel <== newlrbit;
newProofHash.L <== newProofHash.outL;
newProofHash.R <== newProofHash.outR;
newSwitcher.sel <== newlrbit;
newProofHash.L <== newSwitcher.outL;
newProofHash.R <== newSwitcher.outR;
aux[3] <== newProofHash.out * (st_top + st_old1 + st_bot + st_new1);
newRoot <== aux[3] + new1leaf * st_old0;

77
circuits/smt/smtinsertsm.circom
View File

@ -23,29 +23,37 @@ old and the new trees with just one element.
na: Not appliable. After inserting it, we go to the na level.
Fnction
fnc[0] fnc[1]
0 0 NOP
0 1 UPDATE
1 0 INSERT
1 1 DELETE
###########
levIns==curLevel # #
xor=0 is0=1 ┌────────────▶# old0 #────────┐
┌─────┐ │ ## ## │
│ │ │ ######### │ any
│ ▼ │ │
│ ########### │ │ ###########
│ # # ────────────┘ └────────▶# #
levIns=1 # #
levIns=0 is0=1 ┌────────────▶# old0 #────────┐ any
┌─────┐ │ ## ## │ ┌──────┐
│ │ │ ######### │ any │ │
│ ▼ │ │ ▼ │
│ ########### │ │ ###########
│ # # ────────────┘ └────────▶# #
└──# top # # na #
## ## ────┐ ┌──▶## ##
######### │ │ #########
│ │
│ ########### ########### │ any
levIns==curLevel │ # # xor=1 # # │
levIns=1 │ # # xor=1 # # │
is0=0 └───▶# old1 #─────────────▶# new1 #──┘
## ## ## ##
#########──┐ #########
######### #########
│ ▲
┌─────┘
any ###########│ xor=1
└───┐ ┌─────┘
xor=0 │ ###########│ xor=1
│ # #
└─▶# btn #
# btn #
## ##
#########◀───────┐
│ │
@ -55,4 +63,47 @@ na: Not appliable. After inserting it, we go to the na level.
***************************************************************************************************/
state
template SMTInsertSM() {
signal input xor;
signal input is0;
signal input levIns;
signal input fnc[0];
signal input fnc[1];
signal input prev_top;
signal input prev_old0;
signal input prev_old1;
signal input prev_bot;
signal input prev_new1;
signal input prev_na;
signal input prev_upd;
signal output st_top;
signal output st_old0;
signal output st_old1;
signal output st_bot;
signal output st_new1;
signal output st_na;
signal output st_upd;
signal aux1;
signal aux2;
aux1 <== prev_top * levIns;
aux2 <== aux1*is0;
st_top <== prev_top - aux1 // prev_top * (1-levIns) =
// = prev_top - aux1;
st_old0 <== aux2 * fnc[0]; // (prev_top * levIns * is0)*fnc[0] = aux2
st_old1 <== (aux1 - aux2)*fnc[0]; // (prev_top * levIns * (1-is0))*fnc[0] =
// = (aux1 * (1-is0))*fnc[0] =
// = (aux1 - aux2) * fnc[0]
st_new1 <== (prev_old1 + prev_bot)*xor // prev_old1*xor + prev_bot*xor =
// = (prev_old1 + prev_bot)*xor;
st_bot <== -st_new1 + prev_old1 + prev_bot // prev_old1*(1-xor) + prev_bot*(1-xor) =
// = - prev_old1*xor -prev_bot*xor + prev_old1 + prev_bot =
// = -st_new1 + prev_old1 + prev_bot
st_na <== prev_new1 + prev_old0 + prev_na + st_upd;
st_upd <== aux1*(1-fnc[0]); // prev_top*levIns*(1-fnc[0]) =
// = aux1 * (1-fnc[0])
}

2
circuits/smt/smtlevins.circom
View File

@ -55,7 +55,7 @@ a parent with a sibling != 0.
*/
template SMTLevIns(nLevels) {
signal input siblins[nLevels];
signal input siblings[nLevels];
signal output levIns[nLevels];
signal done[nLevels-1]; // Indicates if the insLevel has aready been detecetd.

21
circuits/switcher.circom Normal file
View File

@ -0,0 +1,21 @@
/*
Assume sel is binary.
If sel == 0 then outL = L and outR=R
If sel == 1 then outL = R and outR=L
*/
template Switcher() {
signal input sel;
signal input L;
signal input R;
signal output outL;
signal output outR;
signal aux;
aux <== (R-L)*sel; // We create aux in order to have only one multiplication
outL <== aux + L;
outR <== -aux + R;
}

0
src/printcontract.js → src/mimc_printconstants.js
View File

0
src/printBases.js → src/pedersen_printbases.js
View File

18
src/printconstants.js
View File

@ -1,18 +0,0 @@
const mimc = require("./mimc7");
const SEED = "iden3_mimc";
let nRounds;
if (typeof process.argv[2] != "undefined") {
nRounds = parseInt(process.argv[2]);
} else {
nRounds = 256;
}
const cts = mimc.getConstants(SEED, nRounds);
for (let i=0; i<nRounds; i++) {
let S = cts[i];
if (i<nRounds-1) S=S+",";
console.log(S);
}

157
src/smt.js Normal file
View File

@ -0,0 +1,157 @@
const bigInt = require("snarkjs").bigInt;
const SMTMemDB = require("./smt_memdb");
const mimc7 = require("./mimc7");
function smtHash(arr) {
let r = bigInt(0);
for (let i=0; i<arr.length; i++) {
r = mimc7.hash(r, bigInt(arr[i]), 91 );
}
return r;
}
class SMT {
constructor(db, root) {
this.db = db;
this.root = root;
}
_splitBits(_key) {
let k = bigInt(_key);
const res = [];
while (!k.isZero()) {
if (k.isOdd()) {
res.push(true);
} else {
res.push(false);
}
k = k.shr(1);
}
while (res.length<256) res.push(false);
return res;
}
async insert(_key, _value) {
const key = bigInt(_key);
const value = bigInt(_value);
let addedOne = false;
const res = {};
res.oldRoot = this.root;
const newKeyBits = this._splitBits(key);
const resFind = await this.find(key);
if (resFind.found) throw new Error("Key already exists");
res.sibblings = resFind.sibblings;
if (!resFind.isOld0) {
const oldKeyits = this._splitBits(resFind.notFoundKey);
for (let i= res.sibblings.length; oldKeyits[i] == newKeyBits[i]; i++) {
res.sibblings.push(bigInt.zero);
}
res.sibblings.push(smtHash([1, resFind.notFoundKey, resFind.notFoundValue]));
addedOne = true;
}
const inserts = [];
let rt = smtHash([1, key, value]);
inserts.push([rt,[1, key, value]] );
for (let i=res.sibblings.length-1; i>=0; i--) {
if (newKeyBits[i]) {
rt = smtHash([res.sibblings[i], rt]);
inserts.push([rt,[res.sibblings[i], rt]] );
} else {
rt = smtHash([rt, res.sibblings[i]]);
inserts.push([rt,[rt, res.sibblings[i]]] );
}
}
if (addedOne) res.sibblings.pop();
while ((res.sibblings.length>0) && (res.sibblings[res.sibblings.length-1].isZero())) {
res.sibblings.pop();
}
res.oldKey = resFind.notFoundKey;
res.oldValue = resFind.notFoundValue;
res.newRoot = rt;
res.isOld0 = resFind.isOld0;
this.root = rt;
await this.db.save(rt, inserts);
return res;
}
async find(key) {
const keyBits = this._splitBits(key);
return await this._find(key, keyBits, this.root, 0);
}
async _find(key, keyBits, root, level) {
if (typeof root === "undefined") root = this.root;
let res;
if (root.isZero()) {
res = {
found: false,
sibblings: [],
notFoundKey: key,
notFoundValue: bigInt.zero,
isOld0: true
};
return res;
}
const record = await this.db.get(root);
if ((record.length==3)&&(record[0].equals(bigInt.one))) {
if (record[1].equals(key)) {
res = {
found: true,
sibblings: [],
foundValue: record[2],
isOld0: false
};
} else {
res = {
found: false,
sibblings: [],
notFoundKey: record[1],
notFoundValue: record[2],
isOld0: false
};
}
} else {
if (keyBits[level] == 0) {
const res = await this.find(key, keyBits, record[1], level+1);
res.sibblings.unshift(record[2]);
} else {
res = await this.find(key, keyBits, record[2], level+1);
res.sibblings.unshift(record[1]);
}
}
return res;
}
}
async function loadFromFile(fileName) {
}
async function newMemEmptyTrie() {
const db = new SMTMemDB();
const rt = await db.getRoot();
const smt = new SMT(db, rt);
return smt;
}
module.exports.loadFromFile = loadFromFile;
module.exports.newMemEmptyTrie = newMemEmptyTrie;

31
src/smt_memdb.js Normal file
View File

@ -0,0 +1,31 @@
const bigInt = require("snarkjs").bigInt;
class SMTMemDb {
constructor() {
this.nodes = {};
this.root = bigInt(0);
}
async getRoot() {
return this.root;
}
async get(key) {
const res = [];
const keyS = bigInt(key).leInt2Buff(32).toString("hex");
for (let i=0; i<this.nodes[keyS].length; i++) {
res.push(bigInt(this.nodes[keyS][i]));
}
return res;
}
async save(root, inserts) {
for (let i=0; i<inserts.length; i++) {
const keyS = bigInt(inserts[i][0]).leInt2Buff(32).toString("hex");
this.nodes[keyS] = inserts[i][1];
}
this.root = root;
}
}
module.exports = SMTMemDb;

3
test/circuits/smtinsert10_test.circom Normal file
View File

@ -0,0 +1,3 @@
include "../../circuits/smt/smtinsert.circom";
component main = SMTInsert(10);

88
test/smt.js Normal file
View File

@ -0,0 +1,88 @@
const chai = require("chai");
const path = require("path");
const snarkjs = require("snarkjs");
const compiler = require("circom");
const smt = require("../src/smt.js");
const assert = chai.assert;
const bigInt = snarkjs.bigInt;
function print(circuit, w, s) {
console.log(s + ": " + w[circuit.getSignalIdx(s)]);
}
describe("SMT test", function () {
let circuit;
let tree;
this.timeout(100000);
before( async () => {
const cirDef = await compiler(path.join(__dirname, "circuits", "smtinsert10_test.circom"));
circuit = new snarkjs.Circuit(cirDef);
console.log("NConstrains SMTInsert: " + circuit.nConstraints);
tree = await smt.newMemEmptyTrie();
});
it("Should verify an insert to an empty tree", async () => {
const key = bigInt(111);
const value = bigInt(222);
const res = await tree.insert(key,value);
let siblings = res.sibblings;
while (siblings.length<10) siblings.push(bigInt(0));
const w = circuit.calculateWitness({
oldRoot: res.oldRoot,
newRoot: res.newRoot,
siblings: siblings,
oldKey: res.oldKey,
oldValue: res.oldValue,
isOld0: res.isOld0 ? 1 : 0,
newKey: key,
newValue: value
});
const root1 = w[circuit.getSignalIdx("main.levels[0].newRoot")];
console.log("root1: " + root1.toString());
console.log("root2: " + res.newRoot.toString());
assert(root1.equals(res.newRoot));
assert(circuit.checkWitness(w));
});
it("It should add another element", async () => {
const key = bigInt(333);
const value = bigInt(444);
const res = await tree.insert(key,value);
let siblings = res.sibblings;
while (siblings.length<10) siblings.push(bigInt(0));
const w = circuit.calculateWitness({
oldRoot: res.oldRoot,
newRoot: res.newRoot,
siblings: siblings,
oldKey: res.oldKey,
oldValue: res.oldValue,
isOld0: res.isOld0 ? 1 : 0,
newKey: key,
newValue: value
});
const root1 = w[circuit.getSignalIdx("main.levels[0].newRoot")];
console.log("root1: " + root1.toString());
console.log("root2: " + res.newRoot.toString());
assert(root1.equals(res.newRoot));
assert(circuit.checkWitness(w));
});
});