longfellow 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CODE_OF_CONDUCT.md +10 -0
- data/LICENSE.txt +21 -0
- data/README.md +152 -0
- data/ext/longfellow/CMakeLists.txt +76 -0
- data/ext/longfellow/extconf.rb +77 -0
- data/lib/longfellow/attribute.rb +65 -0
- data/lib/longfellow/c.rb +105 -0
- data/lib/longfellow/errors.rb +78 -0
- data/lib/longfellow/version.rb +5 -0
- data/lib/longfellow/zk_spec.rb +40 -0
- data/lib/longfellow.rb +162 -0
- data/sig/longfellow.rbs +74 -0
- data/vendor/longfellow-zk/LICENSE +203 -0
- data/vendor/longfellow-zk/lib/algebra/blas.h +121 -0
- data/vendor/longfellow-zk/lib/algebra/bogorng.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/compare.h +40 -0
- data/vendor/longfellow-zk/lib/algebra/convolution.h +219 -0
- data/vendor/longfellow-zk/lib/algebra/crt.cc +42 -0
- data/vendor/longfellow-zk/lib/algebra/crt.h +299 -0
- data/vendor/longfellow-zk/lib/algebra/crt_convolution.h +114 -0
- data/vendor/longfellow-zk/lib/algebra/crt_test.cc +371 -0
- data/vendor/longfellow-zk/lib/algebra/fft.h +104 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation.h +304 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation_test.cc +168 -0
- data/vendor/longfellow-zk/lib/algebra/fft_test.cc +257 -0
- data/vendor/longfellow-zk/lib/algebra/fp.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/fp2.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/fp24.h +342 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6.h +305 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6_test.cc +197 -0
- data/vendor/longfellow-zk/lib/algebra/fp2_test.cc +280 -0
- data/vendor/longfellow-zk/lib/algebra/fp_generic.h +533 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p128.h +91 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256k1.h +123 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p384.h +65 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p521.h +62 -0
- data/vendor/longfellow-zk/lib/algebra/fp_test.cc +522 -0
- data/vendor/longfellow-zk/lib/algebra/hash.h +39 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation.h +117 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation_test.cc +74 -0
- data/vendor/longfellow-zk/lib/algebra/limb.h +153 -0
- data/vendor/longfellow-zk/lib/algebra/limb_test.cc +75 -0
- data/vendor/longfellow-zk/lib/algebra/nat.cc +32 -0
- data/vendor/longfellow-zk/lib/algebra/nat.h +212 -0
- data/vendor/longfellow-zk/lib/algebra/nat_test.cc +183 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer_test.cc +138 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumerfp2_test.cc +139 -0
- data/vendor/longfellow-zk/lib/algebra/permutations.h +79 -0
- data/vendor/longfellow-zk/lib/algebra/poly.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/poly_test.cc +123 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon.h +150 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension.h +108 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension_test.cc +76 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_test.cc +473 -0
- data/vendor/longfellow-zk/lib/algebra/rfft.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/rfft_test.cc +102 -0
- data/vendor/longfellow-zk/lib/algebra/static_string.h +29 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep.h +495 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep_test.cc +41 -0
- data/vendor/longfellow-zk/lib/algebra/twiddle.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/utility.h +86 -0
- data/vendor/longfellow-zk/lib/algebra/utility_test.cc +86 -0
- data/vendor/longfellow-zk/lib/arrays/affine.h +56 -0
- data/vendor/longfellow-zk/lib/arrays/affine_test.cc +220 -0
- data/vendor/longfellow-zk/lib/arrays/dense.h +210 -0
- data/vendor/longfellow-zk/lib/arrays/eq.h +75 -0
- data/vendor/longfellow-zk/lib/arrays/eqs.h +137 -0
- data/vendor/longfellow-zk/lib/arrays/eqs_test.cc +151 -0
- data/vendor/longfellow-zk/lib/arrays/sparse.h +192 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder.h +323 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder_test.cc +541 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor.h +594 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck.h +110 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck_test.cc +55 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_test.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_testing.h +98 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_witness.h +312 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso2_test.cc +662 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso_test.cc +485 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan.h +104 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan_test.cc +137 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor.h +640 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_testing.h +99 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_witness.h +319 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/lexer_test.cc +120 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/mdoc_examples_test.cc +89 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_circuit_test.cc +506 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_size_test.cc +79 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_test.cc +473 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/canonicalization_test.cc +185 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/circuit_dump.h +65 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler.h +471 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler_test.cc +110 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/node.h +176 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/pdqhash.h +127 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/schedule.h +435 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_circuit.h +371 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_external_test.cc +246 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_test.cc +587 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_witness.h +201 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker.h +247 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_constants.h +35 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_encoder.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_test.cc +183 -0
- data/vendor/longfellow-zk/lib/circuits/logic/compiler_backend.h +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter_test.cc +102 -0
- data/vendor/longfellow-zk/lib/circuits/logic/evaluation_backend.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic.h +1232 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_circuit_test.cc +310 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_test.cc +521 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp.h +68 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp_test.cc +148 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing.h +445 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing_test.cc +241 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary.h +55 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker.h +77 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_constants.h +37 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_test.cc +53 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_size_test.cc +69 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit.h +193 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit_test.cc +223 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_reference.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_witness.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/circuit_maker.cc +242 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_ids.h +311 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_circuit_id.cc +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_constants.h +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.cc +41 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_examples.h +5232 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_generate_circuit.cc +199 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_hash.h +554 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature.h +143 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature_test.cc +444 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_test_attributes.h +157 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_witness.h +863 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.cc +693 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.h +216 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk_test.cc +724 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec.cc +100 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec_test.cc +155 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit.h +330 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit_test.cc +607 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_io.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.cc +163 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.h +47 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.cc +34 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_test_values.h +389 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/ptrcred.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small.h +218 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_examples.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_io.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_test.cc +208 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_witness.h +130 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode.h +508 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_circuit_test.cc +95 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_test.cc +119 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.cc +47 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit.h +231 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit_test.cc +428 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_witness.h +102 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt.h +190 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_constants.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_test.cc +559 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_witness.h +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f.h +411 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_io.h +32 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_test.cc +364 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_witness.h +278 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation.h +146 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_constants.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_test.cc +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_witness.h +136 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr.h +250 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_test.cc +333 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_witness.h +152 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44.h +903 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_circuit_test.cc +274 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_eval_test.cc +440 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.cc +8851 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.h +93 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.cc +24 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness.h +453 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness_test.cc +49 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.cc +458 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test.cc +398 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors.inc +3618 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_pkdecode.inc +689 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_sigdecode.inc +1501 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/sigdecode_test_vectors.inc +540 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit.h +394 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit_test.cc +577 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_constants.h +90 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit.h +351 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit_test.cc +466 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.cc +207 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.h +59 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference_test.cc +153 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.cc +39 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_slicing.h +31 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.cc +83 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/shake_test_vectors.h +477 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve.h +596 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve_test.cc +548 -0
- data/vendor/longfellow-zk/lib/ec/p256.cc +36 -0
- data/vendor/longfellow-zk/lib/ec/p256.h +60 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.cc +34 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.h +60 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128.h +503 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_bench.cc +48 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_test.cc +416 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2poly.h +74 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14.h +242 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_bench.cc +75 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon.h +127 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon_test.cc +110 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_test.cc +246 -0
- data/vendor/longfellow-zk/lib/gf2k/sysdep.h +329 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_param.h +449 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_prover.h +354 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_test.cc +136 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_transcript.h +67 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_verifier.h +272 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_commitment.h +104 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree.h +216 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree_test.cc +240 -0
- data/vendor/longfellow-zk/lib/proto/circuit.h +354 -0
- data/vendor/longfellow-zk/lib/proto/circuit_test.cc +202 -0
- data/vendor/longfellow-zk/lib/random/random.h +119 -0
- data/vendor/longfellow-zk/lib/random/random_test.cc +189 -0
- data/vendor/longfellow-zk/lib/random/secure_random_engine.h +37 -0
- data/vendor/longfellow-zk/lib/random/transcript.h +193 -0
- data/vendor/longfellow-zk/lib/random/transcript_test.cc +344 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit.h +148 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit_id.h +71 -0
- data/vendor/longfellow-zk/lib/sumcheck/equad.h +126 -0
- data/vendor/longfellow-zk/lib/sumcheck/hquad.h +115 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover.h +59 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover_layers.h +362 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad.h +227 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_builder.h +211 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_test.cc +169 -0
- data/vendor/longfellow-zk/lib/sumcheck/sumcheck_test.cc +324 -0
- data/vendor/longfellow-zk/lib/sumcheck/testing.h +69 -0
- data/vendor/longfellow-zk/lib/sumcheck/transcript_sumcheck.h +85 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier.h +84 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier_layers.h +221 -0
- data/vendor/longfellow-zk/lib/testing/test_main.cc +50 -0
- data/vendor/longfellow-zk/lib/util/ceildiv.h +164 -0
- data/vendor/longfellow-zk/lib/util/ceildiv_test.cc +152 -0
- data/vendor/longfellow-zk/lib/util/crc64.h +45 -0
- data/vendor/longfellow-zk/lib/util/crypto.cc +39 -0
- data/vendor/longfellow-zk/lib/util/crypto.h +108 -0
- data/vendor/longfellow-zk/lib/util/log.cc +110 -0
- data/vendor/longfellow-zk/lib/util/log.h +33 -0
- data/vendor/longfellow-zk/lib/util/panic.h +40 -0
- data/vendor/longfellow-zk/lib/util/readbuffer.h +67 -0
- data/vendor/longfellow-zk/lib/util/serialization.h +54 -0
- data/vendor/longfellow-zk/lib/zk/zk_common.h +455 -0
- data/vendor/longfellow-zk/lib/zk/zk_proof.h +378 -0
- data/vendor/longfellow-zk/lib/zk/zk_prover.h +202 -0
- data/vendor/longfellow-zk/lib/zk/zk_test.cc +340 -0
- data/vendor/longfellow-zk/lib/zk/zk_testing.h +154 -0
- data/vendor/longfellow-zk/lib/zk/zk_verifier.h +109 -0
- metadata +347 -0
|
@@ -0,0 +1,208 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#include "circuits/tests/anoncred/small.h"
|
|
16
|
+
|
|
17
|
+
#include <stdint.h>
|
|
18
|
+
|
|
19
|
+
#include <cstddef>
|
|
20
|
+
#include <memory>
|
|
21
|
+
#include <vector>
|
|
22
|
+
|
|
23
|
+
#include "algebra/convolution.h"
|
|
24
|
+
#include "algebra/fp2.h"
|
|
25
|
+
#include "algebra/reed_solomon.h"
|
|
26
|
+
#include "arrays/dense.h"
|
|
27
|
+
#include "circuits/compiler/circuit_dump.h"
|
|
28
|
+
#include "circuits/compiler/compiler.h"
|
|
29
|
+
#include "circuits/logic/compiler_backend.h"
|
|
30
|
+
#include "circuits/logic/logic.h"
|
|
31
|
+
#include "circuits/tests/anoncred/small_examples.h"
|
|
32
|
+
#include "circuits/tests/anoncred/small_io.h"
|
|
33
|
+
#include "circuits/tests/anoncred/small_witness.h"
|
|
34
|
+
#include "ec/p256.h"
|
|
35
|
+
#include "random/secure_random_engine.h"
|
|
36
|
+
#include "random/transcript.h"
|
|
37
|
+
#include "sumcheck/circuit.h"
|
|
38
|
+
#include "util/log.h"
|
|
39
|
+
#include "util/panic.h"
|
|
40
|
+
#include "zk/zk_proof.h"
|
|
41
|
+
#include "zk/zk_prover.h"
|
|
42
|
+
#include "zk/zk_testing.h"
|
|
43
|
+
#include "benchmark/benchmark.h"
|
|
44
|
+
#include "gtest/gtest.h"
|
|
45
|
+
|
|
46
|
+
namespace proofs {
|
|
47
|
+
namespace {
|
|
48
|
+
using Sw = SmallWitness<P256, Fp256Base, Fp256Scalar>;
|
|
49
|
+
static constexpr size_t kNumAttr = 1;
|
|
50
|
+
|
|
51
|
+
// Helper functions to create circuit and fill the witness.
|
|
52
|
+
std::unique_ptr<Circuit<Fp256Base>> make_circuit() {
|
|
53
|
+
using CompilerBackend = CompilerBackend<Fp256Base>;
|
|
54
|
+
using LogicCircuit = Logic<Fp256Base, CompilerBackend>;
|
|
55
|
+
using v8 = typename LogicCircuit::v8;
|
|
56
|
+
using EltW = LogicCircuit::EltW;
|
|
57
|
+
using Small = Small<LogicCircuit, Fp256Base, P256, kNumAttr>;
|
|
58
|
+
QuadCircuit<Fp256Base> Q(p256_base);
|
|
59
|
+
const CompilerBackend cbk(&Q);
|
|
60
|
+
const LogicCircuit LC(&cbk, p256_base);
|
|
61
|
+
Small small(LC, p256, n256_order);
|
|
62
|
+
|
|
63
|
+
EltW pkX = LC.eltw_input(), pkY = LC.eltw_input(), htr = LC.eltw_input();
|
|
64
|
+
typename Small::OpenedAttribute oa[kNumAttr];
|
|
65
|
+
for (size_t ai = 0; ai < kNumAttr; ++ai) {
|
|
66
|
+
oa[ai].input(LC);
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
v8 now[kDateLen];
|
|
70
|
+
for (size_t i = 0; i < kDateLen; ++i) {
|
|
71
|
+
now[i] = LC.template vinput<8>();
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
Q.private_input();
|
|
75
|
+
|
|
76
|
+
Small::Witness vwc;
|
|
77
|
+
vwc.input(LC);
|
|
78
|
+
|
|
79
|
+
small.assert_credential(pkX, pkY, htr, oa, now, vwc);
|
|
80
|
+
|
|
81
|
+
auto CIRCUIT = Q.mkcircuit(/*nc=*/1);
|
|
82
|
+
dump_info("mdocsmall", Q);
|
|
83
|
+
return CIRCUIT;
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
void fill_witness(Dense<Fp256Base> &W, Dense<Fp256Base> &pub) {
|
|
87
|
+
using Elt = Fp256Base::Elt;
|
|
88
|
+
Elt pkX, pkY;
|
|
89
|
+
|
|
90
|
+
// Generate a witness from the mdoc data structure to remain close
|
|
91
|
+
// to the application use case.
|
|
92
|
+
Sw sw(p256, p256_scalar);
|
|
93
|
+
SmallOpenedAttribute age = {74, 1, (uint8_t *)"\xf5", 1};
|
|
94
|
+
std::vector<SmallOpenedAttribute> show(kNumAttr, age);
|
|
95
|
+
|
|
96
|
+
{
|
|
97
|
+
constexpr size_t t_ind = 0;
|
|
98
|
+
const SmallTest &test = mdoc_small_tests[t_ind];
|
|
99
|
+
pkX = p256_base.of_string(test.pkx);
|
|
100
|
+
pkY = p256_base.of_string(test.pky);
|
|
101
|
+
bool ok =
|
|
102
|
+
sw.compute_witness(pkX, pkY, test.mdoc, test.mdoc_size, test.transcript,
|
|
103
|
+
test.transcript_size, test.now, test.sigr, test.sigs,
|
|
104
|
+
test.sigtr, test.sigts);
|
|
105
|
+
|
|
106
|
+
check(ok, "Could not compute signature witness");
|
|
107
|
+
log(INFO, "Witness done");
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
{
|
|
111
|
+
DenseFiller<Fp256Base> filler(W);
|
|
112
|
+
DenseFiller<Fp256Base> pub_filler(pub);
|
|
113
|
+
filler.push_back(p256_base.one());
|
|
114
|
+
pub_filler.push_back(p256_base.one());
|
|
115
|
+
filler.push_back(pkX);
|
|
116
|
+
pub_filler.push_back(pkX);
|
|
117
|
+
filler.push_back(pkY);
|
|
118
|
+
pub_filler.push_back(pkY);
|
|
119
|
+
filler.push_back(sw.e2_);
|
|
120
|
+
pub_filler.push_back(sw.e2_);
|
|
121
|
+
|
|
122
|
+
for (size_t ai = 0; ai < kNumAttr; ++ai) {
|
|
123
|
+
filler.push_back(show[ai].ind_, 8, p256_base);
|
|
124
|
+
pub_filler.push_back(show[ai].ind_, 8, p256_base);
|
|
125
|
+
|
|
126
|
+
filler.push_back(show[ai].len_, 8, p256_base);
|
|
127
|
+
pub_filler.push_back(show[ai].len_, 8, p256_base);
|
|
128
|
+
|
|
129
|
+
for (size_t i = 0; i < 32; ++i) {
|
|
130
|
+
uint8_t v = show[ai].value_.size() > i ? show[ai].value_[i] : 0;
|
|
131
|
+
filler.push_back(v, 8, p256_base);
|
|
132
|
+
pub_filler.push_back(v, 8, p256_base);
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
for (size_t i = 0; i < kDateLen; ++i) {
|
|
137
|
+
filler.push_back(sw.now_[i], 8, p256_base);
|
|
138
|
+
pub_filler.push_back(sw.now_[i], 8, p256_base);
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
sw.fill_witness(filler, true);
|
|
142
|
+
log(INFO, "Fill done");
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
// ============ Tests ==========================================================
|
|
147
|
+
|
|
148
|
+
TEST(mdoc, mdoc_small_test) {
|
|
149
|
+
set_log_level(INFO);
|
|
150
|
+
|
|
151
|
+
std::unique_ptr<Circuit<Fp256Base>> CIRCUIT = make_circuit();
|
|
152
|
+
|
|
153
|
+
// ========= Fill witness
|
|
154
|
+
auto W = Dense<Fp256Base>(1, CIRCUIT->ninputs);
|
|
155
|
+
auto pub = Dense<Fp256Base>(1, CIRCUIT->npub_in);
|
|
156
|
+
fill_witness(W, pub);
|
|
157
|
+
|
|
158
|
+
// =========== ZK test
|
|
159
|
+
run2_test_zk(
|
|
160
|
+
*CIRCUIT, W, pub, p256_base,
|
|
161
|
+
p256_base.of_string("1126492241464102818735004576096902583730188404304894"
|
|
162
|
+
"08729223714171582664680802"), /* omega_x*/
|
|
163
|
+
p256_base.of_string("8408799435854090769574046142781866056018216899718237"
|
|
164
|
+
"8749313018254450460212908"), /* omega_y */
|
|
165
|
+
1ull << 31);
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
// ============ Benchmarks =====================================================
|
|
169
|
+
void BM_AnonCred(benchmark::State &state) {
|
|
170
|
+
std::unique_ptr<Circuit<Fp256Base>> CIRCUIT = make_circuit();
|
|
171
|
+
|
|
172
|
+
auto W = Dense<Fp256Base>(1, CIRCUIT->ninputs);
|
|
173
|
+
auto pub = Dense<Fp256Base>(1, CIRCUIT->npub_in);
|
|
174
|
+
|
|
175
|
+
fill_witness(W, pub);
|
|
176
|
+
|
|
177
|
+
using f2_p256 = Fp2<Fp256Base>;
|
|
178
|
+
using Elt2 = f2_p256::Elt;
|
|
179
|
+
using FftExtConvolutionFactory = FFTExtConvolutionFactory<Fp256Base, f2_p256>;
|
|
180
|
+
using RSFactory = ReedSolomonFactory<Fp256Base, FftExtConvolutionFactory>;
|
|
181
|
+
|
|
182
|
+
// Root of unity for the f_p256^2 extension field.
|
|
183
|
+
static constexpr char kRootX[] =
|
|
184
|
+
"112649224146410281873500457609690258373018840430489408729223714171582664"
|
|
185
|
+
"680802";
|
|
186
|
+
static constexpr char kRootY[] =
|
|
187
|
+
"840879943585409076957404614278186605601821689971823787493130182544504602"
|
|
188
|
+
"12908";
|
|
189
|
+
|
|
190
|
+
const f2_p256 p256_2(p256_base);
|
|
191
|
+
const Elt2 omega = p256_2.of_string(kRootX, kRootY);
|
|
192
|
+
const FftExtConvolutionFactory fft_b(p256_base, p256_2, omega, 1ull << 31);
|
|
193
|
+
const RSFactory rsf(fft_b, p256_base);
|
|
194
|
+
|
|
195
|
+
Transcript tp((uint8_t *)"test", 4);
|
|
196
|
+
SecureRandomEngine rng;
|
|
197
|
+
|
|
198
|
+
for (auto s : state) {
|
|
199
|
+
ZkProof<Fp256Base> zkpr(*CIRCUIT, 4, 128);
|
|
200
|
+
ZkProver<Fp256Base, RSFactory> prover(*CIRCUIT, p256_base, rsf);
|
|
201
|
+
prover.commit(zkpr, W, tp, rng);
|
|
202
|
+
prover.prove(zkpr, W, tp);
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
BENCHMARK(BM_AnonCred);
|
|
206
|
+
|
|
207
|
+
} // namespace
|
|
208
|
+
} // namespace proofs
|
|
@@ -0,0 +1,130 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#ifndef PRIVACY_PROOFS_ZK_LIB_CIRCUITS_TESTS_ANONCRED_SMALL_WITNESS_H_
|
|
16
|
+
#define PRIVACY_PROOFS_ZK_LIB_CIRCUITS_TESTS_ANONCRED_SMALL_WITNESS_H_
|
|
17
|
+
|
|
18
|
+
#include <stddef.h>
|
|
19
|
+
#include <string.h>
|
|
20
|
+
|
|
21
|
+
#include <cstdint>
|
|
22
|
+
#include <vector>
|
|
23
|
+
|
|
24
|
+
#include "algebra/static_string.h"
|
|
25
|
+
#include "arrays/dense.h"
|
|
26
|
+
#include "circuits/ecdsa/verify_witness.h"
|
|
27
|
+
#include "circuits/logic/bit_plucker_encoder.h"
|
|
28
|
+
#include "circuits/mdoc/mdoc_witness.h"
|
|
29
|
+
#include "circuits/sha/flatsha256_witness.h"
|
|
30
|
+
#include "circuits/tests/anoncred/small_io.h"
|
|
31
|
+
|
|
32
|
+
namespace proofs {
|
|
33
|
+
|
|
34
|
+
class SmallOpenedAttribute {
|
|
35
|
+
public:
|
|
36
|
+
size_t ind_, len_;
|
|
37
|
+
std::vector<uint8_t> value_;
|
|
38
|
+
SmallOpenedAttribute(size_t ind, size_t len, const uint8_t* val, size_t vlen)
|
|
39
|
+
: ind_(ind), len_(len), value_(val, val + vlen) {}
|
|
40
|
+
};
|
|
41
|
+
|
|
42
|
+
template <typename EC, typename Field, class ScalarField>
|
|
43
|
+
class SmallWitness {
|
|
44
|
+
using ECField = typename EC::Field;
|
|
45
|
+
using ECElt = typename ECField::Elt;
|
|
46
|
+
using ECNat = typename ECField::N;
|
|
47
|
+
using Elt = typename Field::Elt;
|
|
48
|
+
using Nat = typename Field::N;
|
|
49
|
+
using EcdsaWitness = VerifyWitness3<EC, ScalarField>;
|
|
50
|
+
static constexpr size_t kMaxSHABlocks = 7;
|
|
51
|
+
|
|
52
|
+
public:
|
|
53
|
+
const EC ec_;
|
|
54
|
+
Elt e_, e2_; /* Issuer signature values. */
|
|
55
|
+
Elt dpkx_, dpky_; /* device key */
|
|
56
|
+
EcdsaWitness ew_, dkw_;
|
|
57
|
+
uint8_t now_[kDateLen]; /* CBOR-formatted time used for expiry comparison. */
|
|
58
|
+
|
|
59
|
+
FlatSHA256Witness::BlockWitness bw_[kMaxSHABlocks];
|
|
60
|
+
uint8_t signed_bytes_[kMaxSHABlocks * 64];
|
|
61
|
+
uint8_t numb_; /* Number of the correct sha block. */
|
|
62
|
+
|
|
63
|
+
explicit SmallWitness(const EC& ec, const ScalarField& Fn)
|
|
64
|
+
: ec_(ec), ew_(Fn, ec), dkw_(Fn, ec) {}
|
|
65
|
+
|
|
66
|
+
void fill_sha(DenseFiller<Field>& filler,
|
|
67
|
+
const FlatSHA256Witness::BlockWitness& bw) const {
|
|
68
|
+
BitPluckerEncoder<Field, 3> BPENC(ec_.f_);
|
|
69
|
+
for (size_t k = 0; k < 48; ++k) {
|
|
70
|
+
filler.push_back(BPENC.mkpacked_v32(bw.outw[k]));
|
|
71
|
+
}
|
|
72
|
+
for (size_t k = 0; k < 64; ++k) {
|
|
73
|
+
filler.push_back(BPENC.mkpacked_v32(bw.oute[k]));
|
|
74
|
+
filler.push_back(BPENC.mkpacked_v32(bw.outa[k]));
|
|
75
|
+
}
|
|
76
|
+
for (size_t k = 0; k < 8; ++k) {
|
|
77
|
+
filler.push_back(BPENC.mkpacked_v32(bw.h1[k]));
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
void fill_witness(DenseFiller<Field>& filler, bool small = false) const {
|
|
82
|
+
filler.push_back(e_);
|
|
83
|
+
filler.push_back(dpkx_);
|
|
84
|
+
filler.push_back(dpky_);
|
|
85
|
+
|
|
86
|
+
ew_.fill_witness(filler);
|
|
87
|
+
dkw_.fill_witness(filler);
|
|
88
|
+
|
|
89
|
+
filler.push_back(numb_, 8, ec_.f_);
|
|
90
|
+
for (size_t i = 0; i < kMaxSHABlocks * 64; ++i) {
|
|
91
|
+
filler.push_back(signed_bytes_[i], 8, ec_.f_);
|
|
92
|
+
}
|
|
93
|
+
for (size_t j = 0; j < kMaxSHABlocks; j++) {
|
|
94
|
+
fill_sha(filler, bw_[j]);
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
|
|
98
|
+
bool compute_witness(Elt pkX, Elt pkY, const uint8_t mdoc[/* len */],
|
|
99
|
+
size_t len, const uint8_t transcript[/* tlen */],
|
|
100
|
+
size_t tlen, const uint8_t tnow[/*kDateLen*/],
|
|
101
|
+
const StaticString& r, const StaticString& s,
|
|
102
|
+
const StaticString& dr, const StaticString& ds) {
|
|
103
|
+
Nat ne = nat_from_hash<Nat>(mdoc, len);
|
|
104
|
+
e_ = ec_.f_.to_montgomery(ne);
|
|
105
|
+
|
|
106
|
+
// Parse (r,s).
|
|
107
|
+
Nat nr = Nat(r);
|
|
108
|
+
Nat ns = Nat(s);
|
|
109
|
+
ew_.compute_witness(pkX, pkY, ne, nr, ns);
|
|
110
|
+
|
|
111
|
+
Nat ne2 = nat_from_hash<Nat>(transcript, tlen);
|
|
112
|
+
Nat nr2 = Nat(dr);
|
|
113
|
+
Nat ns2 = Nat(ds);
|
|
114
|
+
|
|
115
|
+
dpkx_ = ec_.f_.to_montgomery(nat_from_be<Nat>(&mdoc[100]));
|
|
116
|
+
dpky_ = ec_.f_.to_montgomery(nat_from_be<Nat>(&mdoc[132]));
|
|
117
|
+
e2_ = ec_.f_.to_montgomery(ne2);
|
|
118
|
+
dkw_.compute_witness(dpkx_, dpky_, ne2, nr2, ns2);
|
|
119
|
+
|
|
120
|
+
FlatSHA256Witness::transform_and_witness_message(len, mdoc, kMaxSHABlocks,
|
|
121
|
+
numb_, signed_bytes_, bw_);
|
|
122
|
+
|
|
123
|
+
memcpy(now_, tnow, kDateLen);
|
|
124
|
+
return true;
|
|
125
|
+
}
|
|
126
|
+
};
|
|
127
|
+
|
|
128
|
+
} // namespace proofs
|
|
129
|
+
|
|
130
|
+
#endif // PRIVACY_PROOFS_ZK_LIB_CIRCUITS_TESTS_ANONCRED_SMALL_WITNESS_H_
|