longfellow 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CODE_OF_CONDUCT.md +10 -0
- data/LICENSE.txt +21 -0
- data/README.md +152 -0
- data/ext/longfellow/CMakeLists.txt +76 -0
- data/ext/longfellow/extconf.rb +77 -0
- data/lib/longfellow/attribute.rb +65 -0
- data/lib/longfellow/c.rb +105 -0
- data/lib/longfellow/errors.rb +78 -0
- data/lib/longfellow/version.rb +5 -0
- data/lib/longfellow/zk_spec.rb +40 -0
- data/lib/longfellow.rb +162 -0
- data/sig/longfellow.rbs +74 -0
- data/vendor/longfellow-zk/LICENSE +203 -0
- data/vendor/longfellow-zk/lib/algebra/blas.h +121 -0
- data/vendor/longfellow-zk/lib/algebra/bogorng.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/compare.h +40 -0
- data/vendor/longfellow-zk/lib/algebra/convolution.h +219 -0
- data/vendor/longfellow-zk/lib/algebra/crt.cc +42 -0
- data/vendor/longfellow-zk/lib/algebra/crt.h +299 -0
- data/vendor/longfellow-zk/lib/algebra/crt_convolution.h +114 -0
- data/vendor/longfellow-zk/lib/algebra/crt_test.cc +371 -0
- data/vendor/longfellow-zk/lib/algebra/fft.h +104 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation.h +304 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation_test.cc +168 -0
- data/vendor/longfellow-zk/lib/algebra/fft_test.cc +257 -0
- data/vendor/longfellow-zk/lib/algebra/fp.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/fp2.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/fp24.h +342 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6.h +305 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6_test.cc +197 -0
- data/vendor/longfellow-zk/lib/algebra/fp2_test.cc +280 -0
- data/vendor/longfellow-zk/lib/algebra/fp_generic.h +533 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p128.h +91 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256k1.h +123 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p384.h +65 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p521.h +62 -0
- data/vendor/longfellow-zk/lib/algebra/fp_test.cc +522 -0
- data/vendor/longfellow-zk/lib/algebra/hash.h +39 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation.h +117 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation_test.cc +74 -0
- data/vendor/longfellow-zk/lib/algebra/limb.h +153 -0
- data/vendor/longfellow-zk/lib/algebra/limb_test.cc +75 -0
- data/vendor/longfellow-zk/lib/algebra/nat.cc +32 -0
- data/vendor/longfellow-zk/lib/algebra/nat.h +212 -0
- data/vendor/longfellow-zk/lib/algebra/nat_test.cc +183 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer_test.cc +138 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumerfp2_test.cc +139 -0
- data/vendor/longfellow-zk/lib/algebra/permutations.h +79 -0
- data/vendor/longfellow-zk/lib/algebra/poly.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/poly_test.cc +123 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon.h +150 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension.h +108 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension_test.cc +76 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_test.cc +473 -0
- data/vendor/longfellow-zk/lib/algebra/rfft.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/rfft_test.cc +102 -0
- data/vendor/longfellow-zk/lib/algebra/static_string.h +29 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep.h +495 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep_test.cc +41 -0
- data/vendor/longfellow-zk/lib/algebra/twiddle.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/utility.h +86 -0
- data/vendor/longfellow-zk/lib/algebra/utility_test.cc +86 -0
- data/vendor/longfellow-zk/lib/arrays/affine.h +56 -0
- data/vendor/longfellow-zk/lib/arrays/affine_test.cc +220 -0
- data/vendor/longfellow-zk/lib/arrays/dense.h +210 -0
- data/vendor/longfellow-zk/lib/arrays/eq.h +75 -0
- data/vendor/longfellow-zk/lib/arrays/eqs.h +137 -0
- data/vendor/longfellow-zk/lib/arrays/eqs_test.cc +151 -0
- data/vendor/longfellow-zk/lib/arrays/sparse.h +192 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder.h +323 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder_test.cc +541 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor.h +594 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck.h +110 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck_test.cc +55 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_test.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_testing.h +98 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_witness.h +312 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso2_test.cc +662 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso_test.cc +485 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan.h +104 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan_test.cc +137 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor.h +640 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_testing.h +99 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_witness.h +319 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/lexer_test.cc +120 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/mdoc_examples_test.cc +89 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_circuit_test.cc +506 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_size_test.cc +79 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_test.cc +473 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/canonicalization_test.cc +185 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/circuit_dump.h +65 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler.h +471 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler_test.cc +110 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/node.h +176 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/pdqhash.h +127 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/schedule.h +435 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_circuit.h +371 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_external_test.cc +246 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_test.cc +587 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_witness.h +201 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker.h +247 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_constants.h +35 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_encoder.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_test.cc +183 -0
- data/vendor/longfellow-zk/lib/circuits/logic/compiler_backend.h +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter_test.cc +102 -0
- data/vendor/longfellow-zk/lib/circuits/logic/evaluation_backend.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic.h +1232 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_circuit_test.cc +310 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_test.cc +521 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp.h +68 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp_test.cc +148 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing.h +445 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing_test.cc +241 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary.h +55 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker.h +77 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_constants.h +37 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_test.cc +53 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_size_test.cc +69 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit.h +193 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit_test.cc +223 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_reference.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_witness.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/circuit_maker.cc +242 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_ids.h +311 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_circuit_id.cc +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_constants.h +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.cc +41 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_examples.h +5232 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_generate_circuit.cc +199 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_hash.h +554 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature.h +143 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature_test.cc +444 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_test_attributes.h +157 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_witness.h +863 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.cc +693 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.h +216 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk_test.cc +724 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec.cc +100 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec_test.cc +155 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit.h +330 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit_test.cc +607 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_io.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.cc +163 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.h +47 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.cc +34 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_test_values.h +389 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/ptrcred.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small.h +218 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_examples.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_io.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_test.cc +208 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_witness.h +130 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode.h +508 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_circuit_test.cc +95 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_test.cc +119 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.cc +47 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit.h +231 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit_test.cc +428 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_witness.h +102 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt.h +190 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_constants.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_test.cc +559 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_witness.h +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f.h +411 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_io.h +32 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_test.cc +364 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_witness.h +278 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation.h +146 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_constants.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_test.cc +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_witness.h +136 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr.h +250 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_test.cc +333 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_witness.h +152 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44.h +903 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_circuit_test.cc +274 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_eval_test.cc +440 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.cc +8851 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.h +93 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.cc +24 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness.h +453 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness_test.cc +49 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.cc +458 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test.cc +398 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors.inc +3618 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_pkdecode.inc +689 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_sigdecode.inc +1501 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/sigdecode_test_vectors.inc +540 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit.h +394 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit_test.cc +577 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_constants.h +90 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit.h +351 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit_test.cc +466 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.cc +207 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.h +59 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference_test.cc +153 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.cc +39 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_slicing.h +31 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.cc +83 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/shake_test_vectors.h +477 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve.h +596 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve_test.cc +548 -0
- data/vendor/longfellow-zk/lib/ec/p256.cc +36 -0
- data/vendor/longfellow-zk/lib/ec/p256.h +60 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.cc +34 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.h +60 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128.h +503 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_bench.cc +48 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_test.cc +416 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2poly.h +74 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14.h +242 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_bench.cc +75 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon.h +127 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon_test.cc +110 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_test.cc +246 -0
- data/vendor/longfellow-zk/lib/gf2k/sysdep.h +329 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_param.h +449 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_prover.h +354 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_test.cc +136 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_transcript.h +67 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_verifier.h +272 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_commitment.h +104 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree.h +216 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree_test.cc +240 -0
- data/vendor/longfellow-zk/lib/proto/circuit.h +354 -0
- data/vendor/longfellow-zk/lib/proto/circuit_test.cc +202 -0
- data/vendor/longfellow-zk/lib/random/random.h +119 -0
- data/vendor/longfellow-zk/lib/random/random_test.cc +189 -0
- data/vendor/longfellow-zk/lib/random/secure_random_engine.h +37 -0
- data/vendor/longfellow-zk/lib/random/transcript.h +193 -0
- data/vendor/longfellow-zk/lib/random/transcript_test.cc +344 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit.h +148 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit_id.h +71 -0
- data/vendor/longfellow-zk/lib/sumcheck/equad.h +126 -0
- data/vendor/longfellow-zk/lib/sumcheck/hquad.h +115 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover.h +59 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover_layers.h +362 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad.h +227 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_builder.h +211 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_test.cc +169 -0
- data/vendor/longfellow-zk/lib/sumcheck/sumcheck_test.cc +324 -0
- data/vendor/longfellow-zk/lib/sumcheck/testing.h +69 -0
- data/vendor/longfellow-zk/lib/sumcheck/transcript_sumcheck.h +85 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier.h +84 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier_layers.h +221 -0
- data/vendor/longfellow-zk/lib/testing/test_main.cc +50 -0
- data/vendor/longfellow-zk/lib/util/ceildiv.h +164 -0
- data/vendor/longfellow-zk/lib/util/ceildiv_test.cc +152 -0
- data/vendor/longfellow-zk/lib/util/crc64.h +45 -0
- data/vendor/longfellow-zk/lib/util/crypto.cc +39 -0
- data/vendor/longfellow-zk/lib/util/crypto.h +108 -0
- data/vendor/longfellow-zk/lib/util/log.cc +110 -0
- data/vendor/longfellow-zk/lib/util/log.h +33 -0
- data/vendor/longfellow-zk/lib/util/panic.h +40 -0
- data/vendor/longfellow-zk/lib/util/readbuffer.h +67 -0
- data/vendor/longfellow-zk/lib/util/serialization.h +54 -0
- data/vendor/longfellow-zk/lib/zk/zk_common.h +455 -0
- data/vendor/longfellow-zk/lib/zk/zk_proof.h +378 -0
- data/vendor/longfellow-zk/lib/zk/zk_prover.h +202 -0
- data/vendor/longfellow-zk/lib/zk/zk_test.cc +340 -0
- data/vendor/longfellow-zk/lib/zk/zk_testing.h +154 -0
- data/vendor/longfellow-zk/lib/zk/zk_verifier.h +109 -0
- metadata +347 -0
|
@@ -0,0 +1,662 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#include <stddef.h>
|
|
16
|
+
|
|
17
|
+
#include <cstdint>
|
|
18
|
+
#include <memory>
|
|
19
|
+
#include <vector>
|
|
20
|
+
|
|
21
|
+
#include "arrays/dense.h"
|
|
22
|
+
#include "cbor/host_decoder.h"
|
|
23
|
+
#include "circuits/cbor_parser/cbor.h"
|
|
24
|
+
#include "circuits/cbor_parser/cbor_constants.h"
|
|
25
|
+
#include "circuits/cbor_parser/cbor_testing.h"
|
|
26
|
+
#include "circuits/cbor_parser/cbor_witness.h"
|
|
27
|
+
#include "circuits/compiler/circuit_dump.h"
|
|
28
|
+
#include "circuits/compiler/compiler.h"
|
|
29
|
+
#include "circuits/logic/compiler_backend.h"
|
|
30
|
+
#include "circuits/logic/counter.h"
|
|
31
|
+
#include "circuits/logic/evaluation_backend.h"
|
|
32
|
+
#include "circuits/logic/logic.h"
|
|
33
|
+
#include "gf2k/gf2_128.h"
|
|
34
|
+
#include "sumcheck/circuit.h"
|
|
35
|
+
#include "sumcheck/testing.h"
|
|
36
|
+
#include "util/log.h"
|
|
37
|
+
#include "gtest/gtest.h"
|
|
38
|
+
|
|
39
|
+
namespace proofs {
|
|
40
|
+
namespace {
|
|
41
|
+
using Field = GF2_128<>;
|
|
42
|
+
const Field F;
|
|
43
|
+
|
|
44
|
+
using CborWitness = CborWitness<Field>;
|
|
45
|
+
using CborTesting = CborTesting<Field>;
|
|
46
|
+
|
|
47
|
+
using CompilerBackend = CompilerBackend<Field>;
|
|
48
|
+
using LogicCircuit = Logic<Field, CompilerBackend>;
|
|
49
|
+
|
|
50
|
+
using EvalBackend = EvaluationBackend<Field>;
|
|
51
|
+
using Logic = Logic<Field, EvalBackend>;
|
|
52
|
+
|
|
53
|
+
/*
|
|
54
|
+
Decoding of the example:
|
|
55
|
+
|
|
56
|
+
A6 # map(6)
|
|
57
|
+
67 # text(7)
|
|
58
|
+
76657273696F6E # "version"
|
|
59
|
+
63 # text(3)
|
|
60
|
+
312E30 # "1.0"
|
|
61
|
+
6F # text(15)
|
|
62
|
+
646967657374416C676F726974686D # "digestAlgorithm"
|
|
63
|
+
67 # text(7)
|
|
64
|
+
5348412D323536 # "SHA-256"
|
|
65
|
+
67 # text(7)
|
|
66
|
+
646F6354797065 # "docType"
|
|
67
|
+
75 # text(21)
|
|
68
|
+
6F72672E69736F2E31383031332E352E312E6D444C # "org.iso.18013.5.1.mDL"
|
|
69
|
+
6C # text(12)
|
|
70
|
+
76616C756544696765737473 # "valueDigests"
|
|
71
|
+
A2 # map(2)
|
|
72
|
+
71 # text(17)
|
|
73
|
+
6F72672E69736F2E31383031332E352E31 # "org.iso.18013.5.1"
|
|
74
|
+
AF # map(15)
|
|
75
|
+
0D # unsigned(13)
|
|
76
|
+
58 20 # bytes(32)
|
|
77
|
+
B62897FBDA2139614087A73D0CE63A16A0BE43225AC05F6BE3DD777FF5D569D2
|
|
78
|
+
0B # unsigned(11)
|
|
79
|
+
58 20 # bytes(32)
|
|
80
|
+
6F9484C89B938644A48E14A5791F1C2A3B83BA52BFB6CA0D9A3A8FD844F35BD4
|
|
81
|
+
04 # unsigned(4)
|
|
82
|
+
58 20 # bytes(32)
|
|
83
|
+
43CD174E9885F2F1F32DF4742F4F662EB18A9DCB82624B3165512E1EA241E1AC
|
|
84
|
+
07 # unsigned(7)
|
|
85
|
+
58 20 # bytes(32)
|
|
86
|
+
7EA194A8B5C9CA0BEC5C2E979D9D8EFA2FE7C4CFA88713ED50F967912724CB57
|
|
87
|
+
11 # unsigned(17)
|
|
88
|
+
58 20 # bytes(32)
|
|
89
|
+
BBCE5F310089FEADB8B7A2C239BC3E6FA97ED101C8287FF48A4BDFF6CA37BED2
|
|
90
|
+
10 # unsigned(16)
|
|
91
|
+
58 20 # bytes(32)
|
|
92
|
+
D2BDE38E57AAB48F343CF5DE25540D9E2324368C1D135A68FD0C0F7843CCB5DD
|
|
93
|
+
01 # unsigned(1)
|
|
94
|
+
58 20 # bytes(32)
|
|
95
|
+
732CAA70D74933D90832C1679D006C4807486276AC9C86B9C183257C7F1B23C5
|
|
96
|
+
12 # unsigned(18)
|
|
97
|
+
58 20 # bytes(32)
|
|
98
|
+
593EBAA6A07F2770B2D603910F3677FF7B0AE9B6BE4A9DD860644977D726EDA8
|
|
99
|
+
06 # unsigned(6)
|
|
100
|
+
58 20 # bytes(32)
|
|
101
|
+
21DC5AD5BA5B1A34C338EC87FDA6910B59D45276906C804DB13953AF0C75E5D1
|
|
102
|
+
02 # unsigned(2)
|
|
103
|
+
58 20 # bytes(32)
|
|
104
|
+
2F445344E4865E847B39FC15B285A5EB40CC38B99D6CD4B4613EC6A3E9336148
|
|
105
|
+
00 # unsigned(0)
|
|
106
|
+
58 20 # bytes(32)
|
|
107
|
+
347BCC0AB488F37F020F660DAC4471233A9445AAD908BE3ADAC4E98538A63031
|
|
108
|
+
0E # unsigned(14)
|
|
109
|
+
58 20 # bytes(32)
|
|
110
|
+
8CFE63E5E0BE75130C43039CF771200DB31D717F57834B59836F30B9F717604C
|
|
111
|
+
13 # unsigned(19)
|
|
112
|
+
58 20 # bytes(32)
|
|
113
|
+
01318991E8782E32B513AADEB821ABF04F86D78F92C7EE1F3B8B74AF2F618008
|
|
114
|
+
0A # unsigned(10)
|
|
115
|
+
58 20 # bytes(32)
|
|
116
|
+
0EB07E37E35671D939EEC01583E7CADCA07E9F104B56F3FCEF71113EDCF29F02
|
|
117
|
+
05 # unsigned(5)
|
|
118
|
+
58 20 # bytes(32)
|
|
119
|
+
9275CFF0E0C7895BCEA8F4D564A809ECB8F2172ACBDFD70618D2AAF3D7804925
|
|
120
|
+
77 # text(23)
|
|
121
|
+
6F72672E69736F2E31383031332E352E312E61616D7661
|
|
122
|
+
A6 # map(6)
|
|
123
|
+
0F # unsigned(15)
|
|
124
|
+
58 20 # bytes(32)
|
|
125
|
+
1034DB3251BFE61F83D63A2AE173A49D90C18590A11C00F30D20B0172BB8402A
|
|
126
|
+
09 # unsigned(9)
|
|
127
|
+
58 20 # bytes(32)
|
|
128
|
+
B803A515122AE93704A8DBF5925DEAF647922049D0B61309CD1E0542A4E45FBC
|
|
129
|
+
14 # unsigned(20)
|
|
130
|
+
58 20 # bytes(32)
|
|
131
|
+
9F478AD625BE1D21E2D3765098DA13AB3DF82AA0B5B815D85A255418A6CF5EA2
|
|
132
|
+
0C # unsigned(12)
|
|
133
|
+
58 20 # bytes(32)
|
|
134
|
+
5D94ABC356D3EE59BB4C361D0299454B3143CC0D566C0D9CE39EEB74A3BF8BF9
|
|
135
|
+
03 # unsigned(3)
|
|
136
|
+
58 20 # bytes(32)
|
|
137
|
+
14AEBF6225497589B495DB94EF25C1A439427F1E7000E622E2D8E31C25B7859F
|
|
138
|
+
08 # unsigned(8)
|
|
139
|
+
58 20 # bytes(32)
|
|
140
|
+
7AC6CDCA8493DEE6A91AE97594B01A0670EE3F50AA16EEA6FB0EA04D9E8F8485
|
|
141
|
+
6D # text(13)
|
|
142
|
+
6465766963654B6579496E666F # "deviceKeyInfo"
|
|
143
|
+
A1 # map(1)
|
|
144
|
+
69 # text(9)
|
|
145
|
+
6465766963654B6579 # "deviceKey"
|
|
146
|
+
A4 # map(4)
|
|
147
|
+
01 # unsigned(1)
|
|
148
|
+
02 # unsigned(2)
|
|
149
|
+
20 # negative(0)
|
|
150
|
+
01 # unsigned(1)
|
|
151
|
+
21 # negative(1)
|
|
152
|
+
58 20 # bytes(32)
|
|
153
|
+
7B8FB8726BEFFC40E76F00DCAFF8F479F0EBA054AF95A7CD3049C145FC66F321
|
|
154
|
+
22 # negative(2)
|
|
155
|
+
58 20 # bytes(32)
|
|
156
|
+
859EEAE702FEB42E9403846788A0054259933B7BCCC9E7825831910B95A2772C
|
|
157
|
+
6C # text(12)
|
|
158
|
+
76616C6964697479496E666F # "validityInfo"
|
|
159
|
+
A3 # map(3)
|
|
160
|
+
66 # text(6)
|
|
161
|
+
7369676E6564 # "signed"
|
|
162
|
+
C0 # tag(0)
|
|
163
|
+
74 # text(20)
|
|
164
|
+
323032332D31302D31315431333A31383A31355A # "2023-10-11T13:18:15Z"
|
|
165
|
+
69 # text(9)
|
|
166
|
+
76616C696446726F6D # "validFrom"
|
|
167
|
+
C0 # tag(0)
|
|
168
|
+
74 # text(20)
|
|
169
|
+
323032332D31302D31315431333A31383A31355A # "2023-10-11T13:18:15Z"
|
|
170
|
+
6A # text(10)
|
|
171
|
+
76616C6964556E74696C # "validUntil"
|
|
172
|
+
C0 # tag(0)
|
|
173
|
+
74 # text(20)
|
|
174
|
+
323032332D31312D31305431333A31383A31355A # "2023-11-10T13:18:15Z"
|
|
175
|
+
|
|
176
|
+
*/
|
|
177
|
+
static constexpr size_t mso_nbytes = 1068;
|
|
178
|
+
static const uint8_t mso_example[mso_nbytes] = {
|
|
179
|
+
0xA6, 0x67, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6F, 0x6E, 0x63, 0x31, 0x2E,
|
|
180
|
+
0x30, 0x6F, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x41, 0x6C, 0x67, 0x6F,
|
|
181
|
+
0x72, 0x69, 0x74, 0x68, 0x6D, 0x67, 0x53, 0x48, 0x41, 0x2D, 0x32, 0x35,
|
|
182
|
+
0x36, 0x67, 0x64, 0x6F, 0x63, 0x54, 0x79, 0x70, 0x65, 0x75, 0x6F, 0x72,
|
|
183
|
+
0x67, 0x2E, 0x69, 0x73, 0x6F, 0x2E, 0x31, 0x38, 0x30, 0x31, 0x33, 0x2E,
|
|
184
|
+
0x35, 0x2E, 0x31, 0x2E, 0x6D, 0x44, 0x4C, 0x6C, 0x76, 0x61, 0x6C, 0x75,
|
|
185
|
+
0x65, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x73, 0xA2, 0x71, 0x6F, 0x72,
|
|
186
|
+
0x67, 0x2E, 0x69, 0x73, 0x6F, 0x2E, 0x31, 0x38, 0x30, 0x31, 0x33, 0x2E,
|
|
187
|
+
0x35, 0x2E, 0x31, 0xAF, 0x0D, 0x58, 0x20, 0xB6, 0x28, 0x97, 0xFB, 0xDA,
|
|
188
|
+
0x21, 0x39, 0x61, 0x40, 0x87, 0xA7, 0x3D, 0x0C, 0xE6, 0x3A, 0x16, 0xA0,
|
|
189
|
+
0xBE, 0x43, 0x22, 0x5A, 0xC0, 0x5F, 0x6B, 0xE3, 0xDD, 0x77, 0x7F, 0xF5,
|
|
190
|
+
0xD5, 0x69, 0xD2, 0x0B, 0x58, 0x20, 0x6F, 0x94, 0x84, 0xC8, 0x9B, 0x93,
|
|
191
|
+
0x86, 0x44, 0xA4, 0x8E, 0x14, 0xA5, 0x79, 0x1F, 0x1C, 0x2A, 0x3B, 0x83,
|
|
192
|
+
0xBA, 0x52, 0xBF, 0xB6, 0xCA, 0x0D, 0x9A, 0x3A, 0x8F, 0xD8, 0x44, 0xF3,
|
|
193
|
+
0x5B, 0xD4, 0x04, 0x58, 0x20, 0x43, 0xCD, 0x17, 0x4E, 0x98, 0x85, 0xF2,
|
|
194
|
+
0xF1, 0xF3, 0x2D, 0xF4, 0x74, 0x2F, 0x4F, 0x66, 0x2E, 0xB1, 0x8A, 0x9D,
|
|
195
|
+
0xCB, 0x82, 0x62, 0x4B, 0x31, 0x65, 0x51, 0x2E, 0x1E, 0xA2, 0x41, 0xE1,
|
|
196
|
+
0xAC, 0x07, 0x58, 0x20, 0x7E, 0xA1, 0x94, 0xA8, 0xB5, 0xC9, 0xCA, 0x0B,
|
|
197
|
+
0xEC, 0x5C, 0x2E, 0x97, 0x9D, 0x9D, 0x8E, 0xFA, 0x2F, 0xE7, 0xC4, 0xCF,
|
|
198
|
+
0xA8, 0x87, 0x13, 0xED, 0x50, 0xF9, 0x67, 0x91, 0x27, 0x24, 0xCB, 0x57,
|
|
199
|
+
0x11, 0x58, 0x20, 0xBB, 0xCE, 0x5F, 0x31, 0x00, 0x89, 0xFE, 0xAD, 0xB8,
|
|
200
|
+
0xB7, 0xA2, 0xC2, 0x39, 0xBC, 0x3E, 0x6F, 0xA9, 0x7E, 0xD1, 0x01, 0xC8,
|
|
201
|
+
0x28, 0x7F, 0xF4, 0x8A, 0x4B, 0xDF, 0xF6, 0xCA, 0x37, 0xBE, 0xD2, 0x10,
|
|
202
|
+
0x58, 0x20, 0xD2, 0xBD, 0xE3, 0x8E, 0x57, 0xAA, 0xB4, 0x8F, 0x34, 0x3C,
|
|
203
|
+
0xF5, 0xDE, 0x25, 0x54, 0x0D, 0x9E, 0x23, 0x24, 0x36, 0x8C, 0x1D, 0x13,
|
|
204
|
+
0x5A, 0x68, 0xFD, 0x0C, 0x0F, 0x78, 0x43, 0xCC, 0xB5, 0xDD, 0x01, 0x58,
|
|
205
|
+
0x20, 0x73, 0x2C, 0xAA, 0x70, 0xD7, 0x49, 0x33, 0xD9, 0x08, 0x32, 0xC1,
|
|
206
|
+
0x67, 0x9D, 0x00, 0x6C, 0x48, 0x07, 0x48, 0x62, 0x76, 0xAC, 0x9C, 0x86,
|
|
207
|
+
0xB9, 0xC1, 0x83, 0x25, 0x7C, 0x7F, 0x1B, 0x23, 0xC5, 0x12, 0x58, 0x20,
|
|
208
|
+
0x59, 0x3E, 0xBA, 0xA6, 0xA0, 0x7F, 0x27, 0x70, 0xB2, 0xD6, 0x03, 0x91,
|
|
209
|
+
0x0F, 0x36, 0x77, 0xFF, 0x7B, 0x0A, 0xE9, 0xB6, 0xBE, 0x4A, 0x9D, 0xD8,
|
|
210
|
+
0x60, 0x64, 0x49, 0x77, 0xD7, 0x26, 0xED, 0xA8, 0x06, 0x58, 0x20, 0x21,
|
|
211
|
+
0xDC, 0x5A, 0xD5, 0xBA, 0x5B, 0x1A, 0x34, 0xC3, 0x38, 0xEC, 0x87, 0xFD,
|
|
212
|
+
0xA6, 0x91, 0x0B, 0x59, 0xD4, 0x52, 0x76, 0x90, 0x6C, 0x80, 0x4D, 0xB1,
|
|
213
|
+
0x39, 0x53, 0xAF, 0x0C, 0x75, 0xE5, 0xD1, 0x02, 0x58, 0x20, 0x2F, 0x44,
|
|
214
|
+
0x53, 0x44, 0xE4, 0x86, 0x5E, 0x84, 0x7B, 0x39, 0xFC, 0x15, 0xB2, 0x85,
|
|
215
|
+
0xA5, 0xEB, 0x40, 0xCC, 0x38, 0xB9, 0x9D, 0x6C, 0xD4, 0xB4, 0x61, 0x3E,
|
|
216
|
+
0xC6, 0xA3, 0xE9, 0x33, 0x61, 0x48, 0x00, 0x58, 0x20, 0x34, 0x7B, 0xCC,
|
|
217
|
+
0x0A, 0xB4, 0x88, 0xF3, 0x7F, 0x02, 0x0F, 0x66, 0x0D, 0xAC, 0x44, 0x71,
|
|
218
|
+
0x23, 0x3A, 0x94, 0x45, 0xAA, 0xD9, 0x08, 0xBE, 0x3A, 0xDA, 0xC4, 0xE9,
|
|
219
|
+
0x85, 0x38, 0xA6, 0x30, 0x31, 0x0E, 0x58, 0x20, 0x8C, 0xFE, 0x63, 0xE5,
|
|
220
|
+
0xE0, 0xBE, 0x75, 0x13, 0x0C, 0x43, 0x03, 0x9C, 0xF7, 0x71, 0x20, 0x0D,
|
|
221
|
+
0xB3, 0x1D, 0x71, 0x7F, 0x57, 0x83, 0x4B, 0x59, 0x83, 0x6F, 0x30, 0xB9,
|
|
222
|
+
0xF7, 0x17, 0x60, 0x4C, 0x13, 0x58, 0x20, 0x01, 0x31, 0x89, 0x91, 0xE8,
|
|
223
|
+
0x78, 0x2E, 0x32, 0xB5, 0x13, 0xAA, 0xDE, 0xB8, 0x21, 0xAB, 0xF0, 0x4F,
|
|
224
|
+
0x86, 0xD7, 0x8F, 0x92, 0xC7, 0xEE, 0x1F, 0x3B, 0x8B, 0x74, 0xAF, 0x2F,
|
|
225
|
+
0x61, 0x80, 0x08, 0x0A, 0x58, 0x20, 0x0E, 0xB0, 0x7E, 0x37, 0xE3, 0x56,
|
|
226
|
+
0x71, 0xD9, 0x39, 0xEE, 0xC0, 0x15, 0x83, 0xE7, 0xCA, 0xDC, 0xA0, 0x7E,
|
|
227
|
+
0x9F, 0x10, 0x4B, 0x56, 0xF3, 0xFC, 0xEF, 0x71, 0x11, 0x3E, 0xDC, 0xF2,
|
|
228
|
+
0x9F, 0x02, 0x05, 0x58, 0x20, 0x92, 0x75, 0xCF, 0xF0, 0xE0, 0xC7, 0x89,
|
|
229
|
+
0x5B, 0xCE, 0xA8, 0xF4, 0xD5, 0x64, 0xA8, 0x09, 0xEC, 0xB8, 0xF2, 0x17,
|
|
230
|
+
0x2A, 0xCB, 0xDF, 0xD7, 0x06, 0x18, 0xD2, 0xAA, 0xF3, 0xD7, 0x80, 0x49,
|
|
231
|
+
0x25, 0x77, 0x6F, 0x72, 0x67, 0x2E, 0x69, 0x73, 0x6F, 0x2E, 0x31, 0x38,
|
|
232
|
+
0x30, 0x31, 0x33, 0x2E, 0x35, 0x2E, 0x31, 0x2E, 0x61, 0x61, 0x6D, 0x76,
|
|
233
|
+
0x61, 0xA6, 0x0F, 0x58, 0x20, 0x10, 0x34, 0xDB, 0x32, 0x51, 0xBF, 0xE6,
|
|
234
|
+
0x1F, 0x83, 0xD6, 0x3A, 0x2A, 0xE1, 0x73, 0xA4, 0x9D, 0x90, 0xC1, 0x85,
|
|
235
|
+
0x90, 0xA1, 0x1C, 0x00, 0xF3, 0x0D, 0x20, 0xB0, 0x17, 0x2B, 0xB8, 0x40,
|
|
236
|
+
0x2A, 0x09, 0x58, 0x20, 0xB8, 0x03, 0xA5, 0x15, 0x12, 0x2A, 0xE9, 0x37,
|
|
237
|
+
0x04, 0xA8, 0xDB, 0xF5, 0x92, 0x5D, 0xEA, 0xF6, 0x47, 0x92, 0x20, 0x49,
|
|
238
|
+
0xD0, 0xB6, 0x13, 0x09, 0xCD, 0x1E, 0x05, 0x42, 0xA4, 0xE4, 0x5F, 0xBC,
|
|
239
|
+
0x14, 0x58, 0x20, 0x9F, 0x47, 0x8A, 0xD6, 0x25, 0xBE, 0x1D, 0x21, 0xE2,
|
|
240
|
+
0xD3, 0x76, 0x50, 0x98, 0xDA, 0x13, 0xAB, 0x3D, 0xF8, 0x2A, 0xA0, 0xB5,
|
|
241
|
+
0xB8, 0x15, 0xD8, 0x5A, 0x25, 0x54, 0x18, 0xA6, 0xCF, 0x5E, 0xA2, 0x0C,
|
|
242
|
+
0x58, 0x20, 0x5D, 0x94, 0xAB, 0xC3, 0x56, 0xD3, 0xEE, 0x59, 0xBB, 0x4C,
|
|
243
|
+
0x36, 0x1D, 0x02, 0x99, 0x45, 0x4B, 0x31, 0x43, 0xCC, 0x0D, 0x56, 0x6C,
|
|
244
|
+
0x0D, 0x9C, 0xE3, 0x9E, 0xEB, 0x74, 0xA3, 0xBF, 0x8B, 0xF9, 0x03, 0x58,
|
|
245
|
+
0x20, 0x14, 0xAE, 0xBF, 0x62, 0x25, 0x49, 0x75, 0x89, 0xB4, 0x95, 0xDB,
|
|
246
|
+
0x94, 0xEF, 0x25, 0xC1, 0xA4, 0x39, 0x42, 0x7F, 0x1E, 0x70, 0x00, 0xE6,
|
|
247
|
+
0x22, 0xE2, 0xD8, 0xE3, 0x1C, 0x25, 0xB7, 0x85, 0x9F, 0x08, 0x58, 0x20,
|
|
248
|
+
0x7A, 0xC6, 0xCD, 0xCA, 0x84, 0x93, 0xDE, 0xE6, 0xA9, 0x1A, 0xE9, 0x75,
|
|
249
|
+
0x94, 0xB0, 0x1A, 0x06, 0x70, 0xEE, 0x3F, 0x50, 0xAA, 0x16, 0xEE, 0xA6,
|
|
250
|
+
0xFB, 0x0E, 0xA0, 0x4D, 0x9E, 0x8F, 0x84, 0x85, 0x6D, 0x64, 0x65, 0x76,
|
|
251
|
+
0x69, 0x63, 0x65, 0x4B, 0x65, 0x79, 0x49, 0x6E, 0x66, 0x6F, 0xA1, 0x69,
|
|
252
|
+
0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x4B, 0x65, 0x79, 0xA4, 0x01, 0x02,
|
|
253
|
+
0x20, 0x01, 0x21, 0x58, 0x20, 0x7B, 0x8F, 0xB8, 0x72, 0x6B, 0xEF, 0xFC,
|
|
254
|
+
0x40, 0xE7, 0x6F, 0x00, 0xDC, 0xAF, 0xF8, 0xF4, 0x79, 0xF0, 0xEB, 0xA0,
|
|
255
|
+
0x54, 0xAF, 0x95, 0xA7, 0xCD, 0x30, 0x49, 0xC1, 0x45, 0xFC, 0x66, 0xF3,
|
|
256
|
+
0x21, 0x22, 0x58, 0x20, 0x85, 0x9E, 0xEA, 0xE7, 0x02, 0xFE, 0xB4, 0x2E,
|
|
257
|
+
0x94, 0x03, 0x84, 0x67, 0x88, 0xA0, 0x05, 0x42, 0x59, 0x93, 0x3B, 0x7B,
|
|
258
|
+
0xCC, 0xC9, 0xE7, 0x82, 0x58, 0x31, 0x91, 0x0B, 0x95, 0xA2, 0x77, 0x2C,
|
|
259
|
+
0x6C, 0x76, 0x61, 0x6C, 0x69, 0x64, 0x69, 0x74, 0x79, 0x49, 0x6E, 0x66,
|
|
260
|
+
0x6F, 0xA3, 0x66, 0x73, 0x69, 0x67, 0x6E, 0x65, 0x64, 0xC0, 0x74, 0x32,
|
|
261
|
+
0x30, 0x32, 0x33, 0x2D, 0x31, 0x30, 0x2D, 0x31, 0x31, 0x54, 0x31, 0x33,
|
|
262
|
+
0x3A, 0x31, 0x38, 0x3A, 0x31, 0x35, 0x5A, 0x69, 0x76, 0x61, 0x6C, 0x69,
|
|
263
|
+
0x64, 0x46, 0x72, 0x6F, 0x6D, 0xC0, 0x74, 0x32, 0x30, 0x32, 0x33, 0x2D,
|
|
264
|
+
0x31, 0x30, 0x2D, 0x31, 0x31, 0x54, 0x31, 0x33, 0x3A, 0x31, 0x38, 0x3A,
|
|
265
|
+
0x31, 0x35, 0x5A, 0x6A, 0x76, 0x61, 0x6C, 0x69, 0x64, 0x55, 0x6E, 0x74,
|
|
266
|
+
0x69, 0x6C, 0xC0, 0x74, 0x32, 0x30, 0x32, 0x33, 0x2D, 0x31, 0x31, 0x2D,
|
|
267
|
+
0x31, 0x30, 0x54, 0x31, 0x33, 0x3A, 0x31, 0x38, 0x3A, 0x31, 0x35, 0x5A,
|
|
268
|
+
};
|
|
269
|
+
|
|
270
|
+
TEST(MSO, Example2) {
|
|
271
|
+
const EvalBackend ebk(F);
|
|
272
|
+
const Logic L(&ebk, F);
|
|
273
|
+
using Cbor = Cbor<Logic>;
|
|
274
|
+
const Cbor CBOR(L);
|
|
275
|
+
const CborTesting CT(F);
|
|
276
|
+
const CborWitness CW(F);
|
|
277
|
+
|
|
278
|
+
constexpr size_t n = 2000;
|
|
279
|
+
size_t input_len = mso_nbytes;
|
|
280
|
+
EXPECT_LE(input_len, n);
|
|
281
|
+
|
|
282
|
+
std::vector<uint8_t> bytes(n);
|
|
283
|
+
// pad with zeroes
|
|
284
|
+
for (size_t i = 0; i + input_len < n; ++i) {
|
|
285
|
+
bytes[i] = 0;
|
|
286
|
+
}
|
|
287
|
+
for (size_t i = 0; i < input_len; ++i) {
|
|
288
|
+
bytes[i + n - input_len] = mso_example[i];
|
|
289
|
+
}
|
|
290
|
+
|
|
291
|
+
std::vector<CborWitness::v8> inS(n);
|
|
292
|
+
std::vector<CborWitness::position_witness> pwS(n);
|
|
293
|
+
CborWitness::global_witness gwS;
|
|
294
|
+
CW.fill_witnesses(n, input_len, bytes.data(), inS.data(), pwS.data(), gwS);
|
|
295
|
+
|
|
296
|
+
std::vector<Cbor::v8> in(n);
|
|
297
|
+
std::vector<Cbor::position_witness> pw(n);
|
|
298
|
+
Cbor::global_witness gw;
|
|
299
|
+
CT.convert_witnesses(n, in.data(), pw.data(), gw, inS.data(), pwS.data(),
|
|
300
|
+
gwS);
|
|
301
|
+
|
|
302
|
+
std::vector<Cbor::decode> ds(n);
|
|
303
|
+
std::vector<Cbor::parse_output> ps(n);
|
|
304
|
+
CBOR.decode_and_assert_decode_and_parse(n, ds.data(), ps.data(), in.data(),
|
|
305
|
+
pw.data(), gw);
|
|
306
|
+
}
|
|
307
|
+
|
|
308
|
+
TEST(MSO, Various) {
|
|
309
|
+
const EvalBackend ebk(F);
|
|
310
|
+
const Logic L(&ebk, F);
|
|
311
|
+
using Cbor = Cbor<Logic>;
|
|
312
|
+
const Cbor CBOR(L);
|
|
313
|
+
const CborTesting CT(F);
|
|
314
|
+
const CborWitness CW(F);
|
|
315
|
+
|
|
316
|
+
constexpr size_t n = mso_nbytes;
|
|
317
|
+
|
|
318
|
+
// compile-time
|
|
319
|
+
size_t input_len = n;
|
|
320
|
+
std::vector<CborWitness::v8> inS(n);
|
|
321
|
+
std::vector<CborWitness::position_witness> pwS(n);
|
|
322
|
+
CborWitness::global_witness gwS;
|
|
323
|
+
CW.fill_witnesses(n, input_len, mso_example, inS.data(), pwS.data(), gwS);
|
|
324
|
+
|
|
325
|
+
std::vector<Cbor::v8> in(n);
|
|
326
|
+
std::vector<Cbor::position_witness> pw(n);
|
|
327
|
+
Cbor::global_witness gw;
|
|
328
|
+
CT.convert_witnesses(n, in.data(), pw.data(), gw, inS.data(), pwS.data(),
|
|
329
|
+
gwS);
|
|
330
|
+
|
|
331
|
+
// circuit-time
|
|
332
|
+
std::vector<Cbor::decode> ds(n);
|
|
333
|
+
std::vector<Cbor::parse_output> ps(n);
|
|
334
|
+
CBOR.decode_and_assert_decode_and_parse(n, ds.data(), ps.data(), in.data(),
|
|
335
|
+
pw.data(), gw);
|
|
336
|
+
|
|
337
|
+
// sanity check on the output
|
|
338
|
+
for (size_t i = 0; i < n; ++i) {
|
|
339
|
+
for (size_t l = 0; l < CborConstants::kNCounters; ++l) {
|
|
340
|
+
EXPECT_EQ(F.as_counter(pwS[i].cc_debug[l]).e, ps[i].c[l].e.elt());
|
|
341
|
+
}
|
|
342
|
+
}
|
|
343
|
+
|
|
344
|
+
static const uint8_t bytes[15] = {
|
|
345
|
+
'd', 'i', 'g', 'e', 's', 't', 'A', 'l', 'g', 'o', 'r', 'i', 't', 'h', 'm',
|
|
346
|
+
};
|
|
347
|
+
|
|
348
|
+
CBOR.assert_header(n, CT.index(13), ds.data());
|
|
349
|
+
CBOR.assert_text_at(n, CT.index(13), 15, bytes, ds.data());
|
|
350
|
+
CBOR.assert_map_header(n, CT.index(80), ds.data());
|
|
351
|
+
}
|
|
352
|
+
|
|
353
|
+
static const uint8_t svalueDigests[12] = {
|
|
354
|
+
'v', 'a', 'l', 'u', 'e', 'D', 'i', 'g', 'e', 's', 't', 's',
|
|
355
|
+
};
|
|
356
|
+
|
|
357
|
+
static const uint8_t sorgBlahBlahBlah[17] = {
|
|
358
|
+
'o', 'r', 'g', '.', 'i', 's', 'o', '.', '1',
|
|
359
|
+
'8', '0', '1', '3', '.', '5', '.', '1',
|
|
360
|
+
};
|
|
361
|
+
|
|
362
|
+
TEST(MSO, MapLookup) {
|
|
363
|
+
const EvalBackend ebk(F);
|
|
364
|
+
const Logic L(&ebk, F);
|
|
365
|
+
using Cbor = Cbor<Logic>;
|
|
366
|
+
const Cbor CBOR(L);
|
|
367
|
+
const CborTesting CT(F);
|
|
368
|
+
const CborWitness CW(F);
|
|
369
|
+
|
|
370
|
+
constexpr size_t n = 2000;
|
|
371
|
+
constexpr size_t input_len = mso_nbytes;
|
|
372
|
+
EXPECT_LE(input_len, n);
|
|
373
|
+
|
|
374
|
+
std::vector<uint8_t> bytes(n);
|
|
375
|
+
// pad with zeroes
|
|
376
|
+
for (size_t i = 0; i < n - input_len; ++i) {
|
|
377
|
+
bytes[i] = 0;
|
|
378
|
+
}
|
|
379
|
+
for (size_t i = 0; i < input_len; ++i) {
|
|
380
|
+
bytes[i + n - input_len] = mso_example[i];
|
|
381
|
+
}
|
|
382
|
+
|
|
383
|
+
// compile-time
|
|
384
|
+
std::vector<CborWitness::v8> inS(n);
|
|
385
|
+
std::vector<CborWitness::position_witness> pwS(n);
|
|
386
|
+
CborWitness::global_witness gwS;
|
|
387
|
+
CW.fill_witnesses(n, input_len, bytes.data(), inS.data(), pwS.data(), gwS);
|
|
388
|
+
|
|
389
|
+
std::vector<Cbor::v8> in(n);
|
|
390
|
+
std::vector<Cbor::position_witness> pw(n);
|
|
391
|
+
Cbor::global_witness gw;
|
|
392
|
+
CT.convert_witnesses(n, in.data(), pw.data(), gw, inS.data(), pwS.data(),
|
|
393
|
+
gwS);
|
|
394
|
+
|
|
395
|
+
size_t pos = 0;
|
|
396
|
+
size_t offset = n - input_len;
|
|
397
|
+
CborDoc croot;
|
|
398
|
+
bool ret = croot.decode(mso_example, mso_nbytes, pos, offset);
|
|
399
|
+
EXPECT_TRUE(ret);
|
|
400
|
+
EXPECT_EQ(pos, mso_nbytes);
|
|
401
|
+
EXPECT_EQ(croot.header_pos_, offset);
|
|
402
|
+
|
|
403
|
+
size_t vdndx;
|
|
404
|
+
const CborDoc* vd =
|
|
405
|
+
croot.lookup(mso_example, sizeof(svalueDigests), svalueDigests, vdndx);
|
|
406
|
+
EXPECT_NE(vd, nullptr);
|
|
407
|
+
size_t orgndx;
|
|
408
|
+
const CborDoc* org = vd[1].lookup(mso_example, sizeof(sorgBlahBlahBlah),
|
|
409
|
+
sorgBlahBlahBlah, orgndx);
|
|
410
|
+
EXPECT_NE(org, nullptr);
|
|
411
|
+
|
|
412
|
+
size_t org_lookup_tag = 4;
|
|
413
|
+
size_t hashndx;
|
|
414
|
+
const CborDoc* hash = org[1].lookup_unsigned(org_lookup_tag, hashndx);
|
|
415
|
+
EXPECT_NE(hash, nullptr);
|
|
416
|
+
|
|
417
|
+
// circuit-time
|
|
418
|
+
std::vector<Cbor::decode> ds(n);
|
|
419
|
+
std::vector<Cbor::parse_output> ps(n);
|
|
420
|
+
auto input_lenW = CT.index(input_len);
|
|
421
|
+
CBOR.decode_and_assert_decode_and_parse(n, ds.data(), ps.data(), in.data(),
|
|
422
|
+
pw.data(), gw);
|
|
423
|
+
|
|
424
|
+
// sanity check on the output
|
|
425
|
+
for (size_t i = 0; i < n; ++i) {
|
|
426
|
+
for (size_t l = 0; l < CborConstants::kNCounters; ++l) {
|
|
427
|
+
EXPECT_EQ(F.as_counter(pwS[i].cc_debug[l]).e, ps[i].c[l].e.elt());
|
|
428
|
+
}
|
|
429
|
+
}
|
|
430
|
+
|
|
431
|
+
// the top-level map axiomatically starts at position OFFSET
|
|
432
|
+
auto jroot = CT.index(offset);
|
|
433
|
+
CBOR.assert_input_starts_at(n, jroot, input_lenW, ds.data());
|
|
434
|
+
|
|
435
|
+
// "Position JROOT starts a map of level 0. (JVDK, JVDV) are headers
|
|
436
|
+
// representing the VDNDX-th pair in that map. The key at JVDK is
|
|
437
|
+
// correct."
|
|
438
|
+
auto jvdk = CT.index(vd[0].header_pos_);
|
|
439
|
+
auto jvdv = CT.index(vd[1].header_pos_);
|
|
440
|
+
CBOR.assert_map_entry(n, jroot, 0, jvdk, jvdv, CT.index(vdndx), ds.data(),
|
|
441
|
+
ps.data());
|
|
442
|
+
CBOR.assert_text_at(n, jvdk, sizeof(svalueDigests), svalueDigests, ds.data());
|
|
443
|
+
|
|
444
|
+
// "Position JVDV starts a map of level 1.
|
|
445
|
+
// (JORGK, JORGV) are headers representing the ORGNDX-th pair in
|
|
446
|
+
// that map. The key at JORGK is correct."
|
|
447
|
+
auto jorgk = CT.index(org[0].header_pos_);
|
|
448
|
+
auto jorgv = CT.index(org[1].header_pos_);
|
|
449
|
+
CBOR.assert_map_entry(n, jvdv, 1, jorgk, jorgv, CT.index(orgndx), ds.data(),
|
|
450
|
+
ps.data());
|
|
451
|
+
CBOR.assert_text_at(n, jorgk, sizeof(sorgBlahBlahBlah), sorgBlahBlahBlah,
|
|
452
|
+
ds.data());
|
|
453
|
+
|
|
454
|
+
// Position JORGV starts a map of level 2.
|
|
455
|
+
// (JHASHK, JHASHV) are headers representing the HASHNDX-th pair in
|
|
456
|
+
// that map. The key at JHASHK is correct."
|
|
457
|
+
auto jhashk = CT.index(hash[0].header_pos_);
|
|
458
|
+
auto jhashv = CT.index(hash[1].header_pos_);
|
|
459
|
+
CBOR.assert_map_entry(n, jorgv, 2, jhashk, jhashv, CT.index(hashndx),
|
|
460
|
+
ds.data(), ps.data());
|
|
461
|
+
CBOR.assert_unsigned_at(n, jhashk, org_lookup_tag, ds.data());
|
|
462
|
+
|
|
463
|
+
// Old assertion that does not work in binary fields.
|
|
464
|
+
// The old assert_elt_as_be_bytes_at() has been removed
|
|
465
|
+
// and there is no point in replacing it with some other
|
|
466
|
+
// code that is not used except in tests.
|
|
467
|
+
//
|
|
468
|
+
// However, we leave this comment around because anybody
|
|
469
|
+
// who wants to use this test as a starting point will
|
|
470
|
+
// need to remember to compare the actual contents at jhashv
|
|
471
|
+
// against something.
|
|
472
|
+
|
|
473
|
+
// JHASHV is a 32-byte string
|
|
474
|
+
//
|
|
475
|
+
// auto a4 = L.konst(L.elt(
|
|
476
|
+
// "0x43CD174E9885F2F1F32DF4742F4F662EB18A9DCB82624B3165512E1EA241E1AC"));
|
|
477
|
+
// CBOR.assert_elt_as_be_bytes_at(n, jhashv, 32, a4, ds.data());
|
|
478
|
+
}
|
|
479
|
+
|
|
480
|
+
// test for real, prover and verifier
|
|
481
|
+
TEST(MSO, Example2Real) {
|
|
482
|
+
set_log_level(INFO);
|
|
483
|
+
|
|
484
|
+
constexpr size_t nc = 1;
|
|
485
|
+
constexpr size_t n = 2000;
|
|
486
|
+
constexpr size_t input_len = mso_nbytes;
|
|
487
|
+
EXPECT_LE(input_len, n);
|
|
488
|
+
|
|
489
|
+
size_t org_lookup_tag = 4;
|
|
490
|
+
|
|
491
|
+
// COMPILE TIME.
|
|
492
|
+
size_t ninput;
|
|
493
|
+
std::unique_ptr<Circuit<Field>> CIRCUIT;
|
|
494
|
+
size_t offset = n - input_len;
|
|
495
|
+
|
|
496
|
+
log(INFO, "MSO End to End Start");
|
|
497
|
+
|
|
498
|
+
/*scope to delimit compile-time*/ {
|
|
499
|
+
QuadCircuit<Field> Q(F);
|
|
500
|
+
const CompilerBackend cbk(&Q);
|
|
501
|
+
const LogicCircuit LC(&cbk, F);
|
|
502
|
+
const Counter<LogicCircuit> CTRC(LC);
|
|
503
|
+
using CborC = Cbor<LogicCircuit>;
|
|
504
|
+
const CborC CBORC(LC);
|
|
505
|
+
std::vector<CborC::v8> inC(n);
|
|
506
|
+
std::vector<CborC::position_witness> pwC(n);
|
|
507
|
+
CborC::global_witness gwC;
|
|
508
|
+
|
|
509
|
+
auto input_lenC = LC.vinput<CborC::kIndexBits>();
|
|
510
|
+
for (size_t i = 0; i < n; ++i) {
|
|
511
|
+
inC[i] = LC.vinput<8>();
|
|
512
|
+
pwC[i].encoded_sel_header = LC.eltw_input();
|
|
513
|
+
}
|
|
514
|
+
gwC.invprod_decode = LC.eltw_input();
|
|
515
|
+
gwC.cc0_counter = CTRC.input();
|
|
516
|
+
gwC.invprod_parse = LC.eltw_input();
|
|
517
|
+
|
|
518
|
+
std::vector<CborC::decode> dsC(n);
|
|
519
|
+
std::vector<CborC::parse_output> psC(n);
|
|
520
|
+
CBORC.decode_and_assert_decode_and_parse(n, dsC.data(), psC.data(),
|
|
521
|
+
inC.data(), pwC.data(), gwC);
|
|
522
|
+
|
|
523
|
+
// the top-level map axiomatically starts at position jroot
|
|
524
|
+
// such that jroot + input_len == n
|
|
525
|
+
auto jrootC = LC.vinput<CborC::kIndexBits>();
|
|
526
|
+
CBORC.assert_input_starts_at(n, jrootC, input_lenC, dsC.data());
|
|
527
|
+
|
|
528
|
+
// "Position JROOT starts a map of level 0. (JVDK, JVDV) are headers
|
|
529
|
+
// representing the VDNDX-th pair in that map. The key at JVDK is
|
|
530
|
+
// correct."
|
|
531
|
+
auto jvdkC = LC.vinput<CborC::kIndexBits>();
|
|
532
|
+
auto jvdvC = LC.vinput<CborC::kIndexBits>();
|
|
533
|
+
auto vdndxC = LC.vinput<CborC::kIndexBits>();
|
|
534
|
+
|
|
535
|
+
CBORC.assert_map_entry(n, jrootC, 0, jvdkC, jvdvC, vdndxC, dsC.data(),
|
|
536
|
+
psC.data());
|
|
537
|
+
|
|
538
|
+
CBORC.assert_text_at(n, jvdkC, sizeof(svalueDigests), svalueDigests,
|
|
539
|
+
dsC.data());
|
|
540
|
+
|
|
541
|
+
// "Position JVDV starts a map of level 1.
|
|
542
|
+
// (JORGK, JORGV) are headers representing the ORGNDX-th pair in
|
|
543
|
+
// that map. The key at JORGK is correct."
|
|
544
|
+
auto jorgkC = LC.vinput<CborC::kIndexBits>();
|
|
545
|
+
auto jorgvC = LC.vinput<CborC::kIndexBits>();
|
|
546
|
+
auto orgndxC = LC.vinput<CborC::kIndexBits>();
|
|
547
|
+
|
|
548
|
+
CBORC.assert_map_entry(n, jvdvC, 1, jorgkC, jorgvC, orgndxC, dsC.data(),
|
|
549
|
+
psC.data());
|
|
550
|
+
|
|
551
|
+
CBORC.assert_text_at(n, jorgkC, sizeof(sorgBlahBlahBlah), sorgBlahBlahBlah,
|
|
552
|
+
dsC.data());
|
|
553
|
+
|
|
554
|
+
// Position JORGV starts a map of level 2.
|
|
555
|
+
// (JHASHK, JHASHV) are headers representing the HASHNDX-th pair in
|
|
556
|
+
// that map. The key at JHASHK is correct."
|
|
557
|
+
auto jhashkC = LC.vinput<CborC::kIndexBits>();
|
|
558
|
+
auto jhashvC = LC.vinput<CborC::kIndexBits>();
|
|
559
|
+
auto hashndxC = LC.vinput<CborC::kIndexBits>();
|
|
560
|
+
|
|
561
|
+
CBORC.assert_map_entry(n, jorgvC, 2, jhashkC, jhashvC, hashndxC, dsC.data(),
|
|
562
|
+
psC.data());
|
|
563
|
+
CBORC.assert_unsigned_at(n, jhashkC, org_lookup_tag, dsC.data());
|
|
564
|
+
|
|
565
|
+
CIRCUIT = Q.mkcircuit(/*nc=*/1);
|
|
566
|
+
dump_info<Field>("mso2 decode_and_assert_decode_and_parse", Q);
|
|
567
|
+
ninput = Q.ninput();
|
|
568
|
+
}
|
|
569
|
+
log(INFO, "Compile done");
|
|
570
|
+
|
|
571
|
+
/*------------------------------------------------------------*/
|
|
572
|
+
// Witness-creation time
|
|
573
|
+
|
|
574
|
+
// copy the real input into BYTES
|
|
575
|
+
std::vector<uint8_t> bytes(n);
|
|
576
|
+
// pad with zeroes
|
|
577
|
+
for (size_t i = 0; i + input_len < n; ++i) {
|
|
578
|
+
bytes[i] = 0;
|
|
579
|
+
}
|
|
580
|
+
for (size_t i = 0; i < input_len; ++i) {
|
|
581
|
+
bytes[i + n - input_len] = mso_example[i];
|
|
582
|
+
}
|
|
583
|
+
|
|
584
|
+
// parsing witnesses
|
|
585
|
+
std::vector<CborWitness::v8> inS(n);
|
|
586
|
+
std::vector<CborWitness::position_witness> pwS(n);
|
|
587
|
+
CborWitness::global_witness gwS;
|
|
588
|
+
const CborWitness CW(F);
|
|
589
|
+
CW.fill_witnesses(n, input_len, bytes.data(), inS.data(), pwS.data(), gwS);
|
|
590
|
+
|
|
591
|
+
// path witnesses
|
|
592
|
+
size_t pos = 0;
|
|
593
|
+
CborDoc croot;
|
|
594
|
+
bool ret = croot.decode(mso_example, mso_nbytes, pos, offset);
|
|
595
|
+
EXPECT_TRUE(ret);
|
|
596
|
+
EXPECT_EQ(pos, mso_nbytes);
|
|
597
|
+
EXPECT_EQ(croot.header_pos_, offset);
|
|
598
|
+
|
|
599
|
+
size_t vdndx;
|
|
600
|
+
const CborDoc* vd =
|
|
601
|
+
croot.lookup(mso_example, sizeof(svalueDigests), svalueDigests, vdndx);
|
|
602
|
+
EXPECT_NE(vd, nullptr);
|
|
603
|
+
|
|
604
|
+
size_t orgndx;
|
|
605
|
+
const CborDoc* org = vd[1].lookup(mso_example, sizeof(sorgBlahBlahBlah),
|
|
606
|
+
sorgBlahBlahBlah, orgndx);
|
|
607
|
+
EXPECT_NE(org, nullptr);
|
|
608
|
+
|
|
609
|
+
size_t hashndx;
|
|
610
|
+
const CborDoc* hash = org[1].lookup_unsigned(org_lookup_tag, hashndx);
|
|
611
|
+
EXPECT_NE(hash, nullptr);
|
|
612
|
+
|
|
613
|
+
/*------------------------------------------------------------*/
|
|
614
|
+
// Fill inputs
|
|
615
|
+
auto W = std::make_unique<Dense<Field>>(nc, ninput);
|
|
616
|
+
DenseFiller<Field> filler(*W);
|
|
617
|
+
|
|
618
|
+
filler.push_back(F.one());
|
|
619
|
+
filler.push_back(CW.index(input_len));
|
|
620
|
+
|
|
621
|
+
for (size_t i = 0; i < n; ++i) {
|
|
622
|
+
filler.push_back(inS[i]);
|
|
623
|
+
filler.push_back(pwS[i].encoded_sel_header);
|
|
624
|
+
}
|
|
625
|
+
filler.push_back(gwS.invprod_decode);
|
|
626
|
+
filler.push_back(gwS.cc0_counter.e);
|
|
627
|
+
filler.push_back(gwS.invprod_parse);
|
|
628
|
+
|
|
629
|
+
// jroot
|
|
630
|
+
filler.push_back(CW.index(offset));
|
|
631
|
+
|
|
632
|
+
// jvdk, jvdv, vdndx
|
|
633
|
+
filler.push_back(CW.index(vd[0].header_pos_));
|
|
634
|
+
filler.push_back(CW.index(vd[1].header_pos_));
|
|
635
|
+
filler.push_back(CW.index(vdndx));
|
|
636
|
+
|
|
637
|
+
// jorgk, jorgv, orgndx
|
|
638
|
+
filler.push_back(CW.index(org[0].header_pos_));
|
|
639
|
+
filler.push_back(CW.index(org[1].header_pos_));
|
|
640
|
+
filler.push_back(CW.index(orgndx));
|
|
641
|
+
|
|
642
|
+
// jhashk, jhashv, hashndx
|
|
643
|
+
filler.push_back(CW.index(hash[0].header_pos_));
|
|
644
|
+
filler.push_back(CW.index(hash[1].header_pos_));
|
|
645
|
+
filler.push_back(CW.index(hashndx));
|
|
646
|
+
|
|
647
|
+
log(INFO, "Witness filled");
|
|
648
|
+
|
|
649
|
+
/*------------------------------------------------------------*/
|
|
650
|
+
// Prove
|
|
651
|
+
Proof<Field> proof(CIRCUIT->nl);
|
|
652
|
+
run_prover<Field>(CIRCUIT.get(), W->clone(), &proof, F);
|
|
653
|
+
log(INFO, "Prove done");
|
|
654
|
+
|
|
655
|
+
/*------------------------------------------------------------*/
|
|
656
|
+
// Verify
|
|
657
|
+
run_verifier<Field>(CIRCUIT.get(), W->clone(), proof, F);
|
|
658
|
+
log(INFO, "Verifier done");
|
|
659
|
+
}
|
|
660
|
+
|
|
661
|
+
} // namespace
|
|
662
|
+
} // namespace proofs
|