tornado-packages/circomlib
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pedersen Hash done with tests

Browse Source
This commit is contained in:
Jordi Baylina 2018-11-13 10:57:54 +01:00
parent 9513ee2ff2
commit 4b147eca7f
No known key found for this signature in database
GPG Key ID: 7480C80C1BE43112
9 changed files with 244497 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
calcpedersenbases/calcpedersenbases.js
View File

@ -2,32 +2,7 @@ const bn128 = require("snarkjs").bn128;
const bigInt = require("snarkjs").bigInt;
const createBlakeHash = require("blake-hash");
const assert = require("assert");
function addPoint(a,b, q) {
const cta = bigInt("168700");
const d = bigInt("168696");
const res = [];
res[0] = bigInt((a[0]*b[1] + b[0]*a[1]) * bigInt(bigInt("1") + d*a[0]*b[0]*a[1]*b[1]).inverse(q)).affine(q);
res[1] = bigInt((a[1]*b[1] - cta*a[0]*b[0]) * bigInt(bigInt("1") - d*a[0]*b[0]*a[1]*b[1]).inverse(q)).affine(q);
return res;
}
function mulPointEscalar(base, e, q) {
let res = [bigInt("0"),bigInt("1")];
let rem = bigInt(e);
let exp = base;
while (! rem.isZero()) {
if (rem.isOdd()) {
res = addPoint(res, exp, q);
}
exp = addPoint(exp, exp, q);
rem = rem.shr(1);
}
return res;
}
const babyJub = require("../src/babyjub");
function getPoint(S) {
const F = bn128.Fr;
@ -62,7 +37,7 @@ function getPoint(S) {
const p = [bn128.Fr.affine(x), bn128.Fr.affine(y)];
const p8 =mulPointEscalar(p, 8, bn128.r);
const p8 = babyJub.mulPointEscalar(p, 8);
return p8;
}
@ -77,42 +52,20 @@ function generatePoint(S) {
p = getPoint(S+"_"+sidx);
idx++;
}
assert(inCurve(p), "Point not in curve");
assert(babyJub.inCurve(p), "Point not in curve");
return p;
}
const r = bigInt("21888242871839275222246405745257275088614511777268538073601725287587578984328").shr(3);
function isLowGrade(p) {
const res= mulPointEscalar(p, r, bn128.r);
return (res[0].equals(bigInt(0))) && (res[1].equals(bigInt(1)));
}
function inCurve(p) {
const F = bn128.Fr;
const a = bigInt("168700");
const d = bigInt("168696");
const x2 = F.square(p[0]);
const y2 = F.square(p[1]);
if (!F.equals(
F.add(F.mul(a, x2), y2),
F.add(F.one, F.mul(F.mul(x2, y2), d)))) return false;
if (!isLowGrade(p)) return false;
return true;
}
const g = [
bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")];
if (!inCurve(g)) {
// Sanity check
if (!babyJub.inCurve(g)) {
throw new Error("Generator not In curve -> Some thing goes wrong...");
}

122141
circuit.json
View File

File diff suppressed because one or more lines are too long

29
circuit/pedersen.circom
View File

@ -1,7 +1,7 @@
include "escalarmul.circom";
component Pedersen(n) {
template Pedersen(n) {
signal input in[n];
signal output out[2];
@ -11,23 +11,24 @@ component Pedersen(n) {
component escalarMuls[nexps];
var PBASE = [
[17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475],
[17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475],
[17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475],
[17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475],
[17777552123799933955779906779655732241715742912184938656739573121738514868268,
2626589144620713026669568689430873010625803728049924121243784502389097019475]
[ 6842263847932328569390632736104801120816056295876316310227967232893658007436,
10520112236148895828506510766039255961372323270202387671483666293012156799229],
[ 7512553369533424708326990019377586455744651641787163924108944444109352325495,
242060483180498555826438209654403949979206323274480625257315595534333598496],
[ 480315709862415282411588615813248553518720286084247594626493599605932342246,
15016559215090999873142530067666085992648246670781771102893391410239675444873],
[ 8311398801616893527636419786153024398643144699386228070202625261657263599049,
11125962584728296601438821974884453267303385157860713577195820780853779600315],
[ 1924118814882677827825936037840538695314492559747259292440881566152665343441,
17232376423406964731689089286495480735310130852288107159412732879983310795144]
];
var i;
var j;
var nexpbits;
for (i=0; i<nexps; i++) {
var nexpbits = (i == nexps-1) ? nlastbits : 253;
escalarMuls[i] = EscalarMul(nexpbits, PBASE[i][0], PBAS[i][1]);
nexpbits = (i == nexps-1) ? nlastbits : 253;
escalarMuls[i] = EscalarMul(nexpbits, PBASE[i]);
for (j=0; j<nexpbits; j++) {
escalarMuls[i].in[j] <== in[253*i + j];
@ -35,7 +36,7 @@ component Pedersen(n) {
if (i==0) {
escalarMuls[i].inp[0] <== 0;
escalarMuls[i].inp[1] <== 0;
escalarMuls[i].inp[1] <== 1;
} else {
escalarMuls[i].inp[0] <== escalarMuls[i-1].out[0];
escalarMuls[i].inp[1] <== escalarMuls[i-1].out[1];

57
src/babyjub.js Normal file
View File

@ -0,0 +1,57 @@
const bn128 = require("snarkjs").bn128;
const bigInt = require("snarkjs").bigInt;
exports.addPoint = addPoint;
exports.mulPointEscalar = mulPointEscalar;
exports.inCurve = inCurve;
function addPoint(a,b) {
const q = bn128.r;
const cta = bigInt("168700");
const d = bigInt("168696");
const res = [];
res[0] = bigInt((a[0]*b[1] + b[0]*a[1]) * bigInt(bigInt("1") + d*a[0]*b[0]*a[1]*b[1]).inverse(q)).affine(q);
res[1] = bigInt((a[1]*b[1] - cta*a[0]*b[0]) * bigInt(bigInt("1") - d*a[0]*b[0]*a[1]*b[1]).inverse(q)).affine(q);
return res;
}
function mulPointEscalar(base, e) {
let res = [bigInt("0"),bigInt("1")];
let rem = bigInt(e);
let exp = base;
while (! rem.isZero()) {
if (rem.isOdd()) {
res = addPoint(res, exp);
}
exp = addPoint(exp, exp);
rem = rem.shr(1);
}
return res;
}
function isLowGrade(p) {
const r = bigInt("21888242871839275222246405745257275088614511777268538073601725287587578984328").shr(3);
const res= mulPointEscalar(p, r);
return (res[0].equals(bigInt(0))) && (res[1].equals(bigInt(1)));
}
function inCurve(p) {
const F = bn128.Fr;
const a = bigInt("168700");
const d = bigInt("168696");
const x2 = F.square(p[0]);
const y2 = F.square(p[1]);
if (!F.equals(
F.add(F.mul(a, x2), y2),
F.add(F.one, F.mul(F.mul(x2, y2), d)))) return false;
if (!isLowGrade(p)) return false;
return true;
}

122243
test/circuits/circuit.json Normal file
View File

File diff suppressed because one or more lines are too long

24
test/circuits/exp_test.circom
View File

@ -1,24 +0,0 @@
include "../../circuit/escalarmul.circom";
include "../../node_modules/circom/circuits/sha256/bitify.circom";
template Main() {
signal input in;
signal output out[2];
component n2b = Num2Bits(253);
component escalarMul = EscalarMul(253);
var i;
in ==> n2b.in;
for (i=0; i<253; i++) {
n2b.out[i] ==> escalarMul.in[i];
}
escalarMul.out[0] ==> out[0];
escalarMul.out[1] ==> out[1];
}
component main = Main();

20
test/circuits/exp_test_min.circom
View File

@ -1,20 +0,0 @@
include "../../circuit/escalarmul.circom";
template Main() {
signal input in[256];
signal output out[2];
var i;
component escalarMul = EscalarMul(256);
for (i=0; i<256; i++) {
in[i] ==> escalarMul.in[i];
}
escalarMul.out[0] ==> out[0];
escalarMul.out[1] ==> out[1];
}
component main = Main();

29
test/circuits/pedersen_test.circom Normal file
View File

@ -0,0 +1,29 @@
include "../../circuit/pedersen.circom";
include "../../node_modules/circom/circuits/bitify.circom";
template Main() {
signal input in[2];
signal output out[2];
component pedersen = Pedersen(253*2);
component n2b[2];
n2b[0] = Num2Bits(253);
n2b[1] = Num2Bits(253);
var i;
in[0] ==> n2b[0].in;
in[1] ==> n2b[1].in;
for (i=0; i<253; i++) {
n2b[0].out[i] ==> pedersen.in[i];
n2b[1].out[i] ==> pedersen.in[253+i];
}
pedersen.out[0] ==> out[0];
pedersen.out[1] ==> out[1];
}
component main = Main();

105
test/pedersen.js Normal file
View File

@ -0,0 +1,105 @@
const chai = require("chai");
const path = require("path");
const snarkjs = require("snarkjs");
const compiler = require("circom");
const assert = chai.assert;
const bigInt = snarkjs.bigInt;
const babyJub = require("../src/babyjub.js");
const PBASE =
[
[ bigInt( "6842263847932328569390632736104801120816056295876316310227967232893658007436"),
bigInt("10520112236148895828506510766039255961372323270202387671483666293012156799229")],
[ bigInt( "7512553369533424708326990019377586455744651641787163924108944444109352325495"),
bigInt( "242060483180498555826438209654403949979206323274480625257315595534333598496")],
[ bigInt( "480315709862415282411588615813248553518720286084247594626493599605932342246"),
bigInt("15016559215090999873142530067666085992648246670781771102893391410239675444873")],
[ bigInt( "8311398801616893527636419786153024398643144699386228070202625261657263599049"),
bigInt("11125962584728296601438821974884453267303385157860713577195820780853779600315")],
[ bigInt( "1924118814882677827825936037840538695314492559747259292440881566152665343441"),
bigInt("17232376423406964731689089286495480735310130852288107159412732879983310795144")]
];
describe("Double Pedersen test", function() {
let circuit;
this.timeout(100000);
before( async() => {
const cirDef = await compiler(path.join(__dirname, "circuits", "pedersen_test.circom"));
circuit = new snarkjs.Circuit(cirDef);
console.log("NConstrains: " + circuit.nConstraints);
});
it("Should pedersen at zero", async () => {
let w, xout, yout;
w = circuit.calculateWitness({ in: ["0", "0"]});
xout = w[circuit.getSignalIdx("main.out[0]")];
yout = w[circuit.getSignalIdx("main.out[1]")];
assert(xout.equals("0"));
assert(yout.equals("1"));
});
it("Should pedersen at one first generator", async () => {
let w, xout, yout;
w = circuit.calculateWitness({ in: ["1", "0"]});
xout = bigInt(w[circuit.getSignalIdx("main.out[0]")]);
yout = bigInt(w[circuit.getSignalIdx("main.out[1]")]);
assert(xout.equals(PBASE[0][0]));
assert(yout.equals(PBASE[0][1]));
});
it("Should pedersen at one second generator", async () => {
let w, xout, yout;
w = circuit.calculateWitness({ in: ["0", "1"]});
xout = w[circuit.getSignalIdx("main.out[0]")];
yout = w[circuit.getSignalIdx("main.out[1]")];
assert(xout.equals(PBASE[1][0]));
assert(yout.equals(PBASE[1][1]));
});
it("Should pedersen at mixed generators", async () => {
let w, xout, yout;
w = circuit.calculateWitness({ in: ["3", "7"]});
xout = w[circuit.getSignalIdx("main.out[0]")];
yout = w[circuit.getSignalIdx("main.out[1]")];
const r = babyJub.addPoint(
babyJub.mulPointEscalar(PBASE[0], 3),
babyJub.mulPointEscalar(PBASE[1], 7)
);
assert(xout.equals(r[0]));
assert(yout.equals(r[1]));
});
it("Should pedersen all ones", async () => {
let w, xout, yout;
const allOnes = bigInt("1").shl(253).sub(bigInt("1"));
w = circuit.calculateWitness({ in: [allOnes, allOnes]});
xout = w[circuit.getSignalIdx("main.out[0]")];
yout = w[circuit.getSignalIdx("main.out[1]")];
const r2 = babyJub.addPoint(
babyJub.mulPointEscalar(PBASE[0], allOnes),
babyJub.mulPointEscalar(PBASE[1], allOnes)
);
assert(xout.equals(r2[0]));
assert(yout.equals(r2[1]));
});
});