longfellow 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CODE_OF_CONDUCT.md +10 -0
- data/LICENSE.txt +21 -0
- data/README.md +152 -0
- data/ext/longfellow/CMakeLists.txt +76 -0
- data/ext/longfellow/extconf.rb +77 -0
- data/lib/longfellow/attribute.rb +65 -0
- data/lib/longfellow/c.rb +105 -0
- data/lib/longfellow/errors.rb +78 -0
- data/lib/longfellow/version.rb +5 -0
- data/lib/longfellow/zk_spec.rb +40 -0
- data/lib/longfellow.rb +162 -0
- data/sig/longfellow.rbs +74 -0
- data/vendor/longfellow-zk/LICENSE +203 -0
- data/vendor/longfellow-zk/lib/algebra/blas.h +121 -0
- data/vendor/longfellow-zk/lib/algebra/bogorng.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/compare.h +40 -0
- data/vendor/longfellow-zk/lib/algebra/convolution.h +219 -0
- data/vendor/longfellow-zk/lib/algebra/crt.cc +42 -0
- data/vendor/longfellow-zk/lib/algebra/crt.h +299 -0
- data/vendor/longfellow-zk/lib/algebra/crt_convolution.h +114 -0
- data/vendor/longfellow-zk/lib/algebra/crt_test.cc +371 -0
- data/vendor/longfellow-zk/lib/algebra/fft.h +104 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation.h +304 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation_test.cc +168 -0
- data/vendor/longfellow-zk/lib/algebra/fft_test.cc +257 -0
- data/vendor/longfellow-zk/lib/algebra/fp.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/fp2.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/fp24.h +342 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6.h +305 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6_test.cc +197 -0
- data/vendor/longfellow-zk/lib/algebra/fp2_test.cc +280 -0
- data/vendor/longfellow-zk/lib/algebra/fp_generic.h +533 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p128.h +91 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256k1.h +123 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p384.h +65 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p521.h +62 -0
- data/vendor/longfellow-zk/lib/algebra/fp_test.cc +522 -0
- data/vendor/longfellow-zk/lib/algebra/hash.h +39 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation.h +117 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation_test.cc +74 -0
- data/vendor/longfellow-zk/lib/algebra/limb.h +153 -0
- data/vendor/longfellow-zk/lib/algebra/limb_test.cc +75 -0
- data/vendor/longfellow-zk/lib/algebra/nat.cc +32 -0
- data/vendor/longfellow-zk/lib/algebra/nat.h +212 -0
- data/vendor/longfellow-zk/lib/algebra/nat_test.cc +183 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer_test.cc +138 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumerfp2_test.cc +139 -0
- data/vendor/longfellow-zk/lib/algebra/permutations.h +79 -0
- data/vendor/longfellow-zk/lib/algebra/poly.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/poly_test.cc +123 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon.h +150 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension.h +108 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension_test.cc +76 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_test.cc +473 -0
- data/vendor/longfellow-zk/lib/algebra/rfft.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/rfft_test.cc +102 -0
- data/vendor/longfellow-zk/lib/algebra/static_string.h +29 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep.h +495 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep_test.cc +41 -0
- data/vendor/longfellow-zk/lib/algebra/twiddle.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/utility.h +86 -0
- data/vendor/longfellow-zk/lib/algebra/utility_test.cc +86 -0
- data/vendor/longfellow-zk/lib/arrays/affine.h +56 -0
- data/vendor/longfellow-zk/lib/arrays/affine_test.cc +220 -0
- data/vendor/longfellow-zk/lib/arrays/dense.h +210 -0
- data/vendor/longfellow-zk/lib/arrays/eq.h +75 -0
- data/vendor/longfellow-zk/lib/arrays/eqs.h +137 -0
- data/vendor/longfellow-zk/lib/arrays/eqs_test.cc +151 -0
- data/vendor/longfellow-zk/lib/arrays/sparse.h +192 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder.h +323 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder_test.cc +541 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor.h +594 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck.h +110 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck_test.cc +55 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_test.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_testing.h +98 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_witness.h +312 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso2_test.cc +662 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso_test.cc +485 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan.h +104 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan_test.cc +137 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor.h +640 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_testing.h +99 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_witness.h +319 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/lexer_test.cc +120 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/mdoc_examples_test.cc +89 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_circuit_test.cc +506 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_size_test.cc +79 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_test.cc +473 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/canonicalization_test.cc +185 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/circuit_dump.h +65 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler.h +471 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler_test.cc +110 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/node.h +176 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/pdqhash.h +127 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/schedule.h +435 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_circuit.h +371 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_external_test.cc +246 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_test.cc +587 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_witness.h +201 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker.h +247 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_constants.h +35 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_encoder.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_test.cc +183 -0
- data/vendor/longfellow-zk/lib/circuits/logic/compiler_backend.h +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter_test.cc +102 -0
- data/vendor/longfellow-zk/lib/circuits/logic/evaluation_backend.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic.h +1232 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_circuit_test.cc +310 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_test.cc +521 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp.h +68 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp_test.cc +148 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing.h +445 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing_test.cc +241 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary.h +55 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker.h +77 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_constants.h +37 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_test.cc +53 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_size_test.cc +69 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit.h +193 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit_test.cc +223 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_reference.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_witness.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/circuit_maker.cc +242 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_ids.h +311 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_circuit_id.cc +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_constants.h +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.cc +41 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_examples.h +5232 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_generate_circuit.cc +199 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_hash.h +554 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature.h +143 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature_test.cc +444 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_test_attributes.h +157 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_witness.h +863 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.cc +693 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.h +216 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk_test.cc +724 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec.cc +100 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec_test.cc +155 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit.h +330 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit_test.cc +607 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_io.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.cc +163 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.h +47 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.cc +34 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_test_values.h +389 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/ptrcred.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small.h +218 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_examples.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_io.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_test.cc +208 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_witness.h +130 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode.h +508 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_circuit_test.cc +95 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_test.cc +119 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.cc +47 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit.h +231 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit_test.cc +428 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_witness.h +102 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt.h +190 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_constants.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_test.cc +559 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_witness.h +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f.h +411 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_io.h +32 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_test.cc +364 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_witness.h +278 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation.h +146 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_constants.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_test.cc +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_witness.h +136 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr.h +250 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_test.cc +333 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_witness.h +152 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44.h +903 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_circuit_test.cc +274 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_eval_test.cc +440 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.cc +8851 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.h +93 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.cc +24 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness.h +453 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness_test.cc +49 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.cc +458 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test.cc +398 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors.inc +3618 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_pkdecode.inc +689 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_sigdecode.inc +1501 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/sigdecode_test_vectors.inc +540 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit.h +394 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit_test.cc +577 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_constants.h +90 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit.h +351 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit_test.cc +466 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.cc +207 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.h +59 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference_test.cc +153 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.cc +39 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_slicing.h +31 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.cc +83 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/shake_test_vectors.h +477 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve.h +596 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve_test.cc +548 -0
- data/vendor/longfellow-zk/lib/ec/p256.cc +36 -0
- data/vendor/longfellow-zk/lib/ec/p256.h +60 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.cc +34 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.h +60 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128.h +503 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_bench.cc +48 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_test.cc +416 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2poly.h +74 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14.h +242 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_bench.cc +75 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon.h +127 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon_test.cc +110 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_test.cc +246 -0
- data/vendor/longfellow-zk/lib/gf2k/sysdep.h +329 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_param.h +449 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_prover.h +354 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_test.cc +136 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_transcript.h +67 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_verifier.h +272 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_commitment.h +104 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree.h +216 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree_test.cc +240 -0
- data/vendor/longfellow-zk/lib/proto/circuit.h +354 -0
- data/vendor/longfellow-zk/lib/proto/circuit_test.cc +202 -0
- data/vendor/longfellow-zk/lib/random/random.h +119 -0
- data/vendor/longfellow-zk/lib/random/random_test.cc +189 -0
- data/vendor/longfellow-zk/lib/random/secure_random_engine.h +37 -0
- data/vendor/longfellow-zk/lib/random/transcript.h +193 -0
- data/vendor/longfellow-zk/lib/random/transcript_test.cc +344 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit.h +148 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit_id.h +71 -0
- data/vendor/longfellow-zk/lib/sumcheck/equad.h +126 -0
- data/vendor/longfellow-zk/lib/sumcheck/hquad.h +115 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover.h +59 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover_layers.h +362 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad.h +227 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_builder.h +211 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_test.cc +169 -0
- data/vendor/longfellow-zk/lib/sumcheck/sumcheck_test.cc +324 -0
- data/vendor/longfellow-zk/lib/sumcheck/testing.h +69 -0
- data/vendor/longfellow-zk/lib/sumcheck/transcript_sumcheck.h +85 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier.h +84 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier_layers.h +221 -0
- data/vendor/longfellow-zk/lib/testing/test_main.cc +50 -0
- data/vendor/longfellow-zk/lib/util/ceildiv.h +164 -0
- data/vendor/longfellow-zk/lib/util/ceildiv_test.cc +152 -0
- data/vendor/longfellow-zk/lib/util/crc64.h +45 -0
- data/vendor/longfellow-zk/lib/util/crypto.cc +39 -0
- data/vendor/longfellow-zk/lib/util/crypto.h +108 -0
- data/vendor/longfellow-zk/lib/util/log.cc +110 -0
- data/vendor/longfellow-zk/lib/util/log.h +33 -0
- data/vendor/longfellow-zk/lib/util/panic.h +40 -0
- data/vendor/longfellow-zk/lib/util/readbuffer.h +67 -0
- data/vendor/longfellow-zk/lib/util/serialization.h +54 -0
- data/vendor/longfellow-zk/lib/zk/zk_common.h +455 -0
- data/vendor/longfellow-zk/lib/zk/zk_proof.h +378 -0
- data/vendor/longfellow-zk/lib/zk/zk_prover.h +202 -0
- data/vendor/longfellow-zk/lib/zk/zk_test.cc +340 -0
- data/vendor/longfellow-zk/lib/zk/zk_testing.h +154 -0
- data/vendor/longfellow-zk/lib/zk/zk_verifier.h +109 -0
- metadata +347 -0
|
@@ -0,0 +1,394 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#ifndef PRIVACY_PROOFS_ZK_LIB_CIRCUITS_TESTS_RIPEMD_RIPEMD_CIRCUIT_H_
|
|
16
|
+
#define PRIVACY_PROOFS_ZK_LIB_CIRCUITS_TESTS_RIPEMD_RIPEMD_CIRCUIT_H_
|
|
17
|
+
|
|
18
|
+
#include <stddef.h>
|
|
19
|
+
|
|
20
|
+
#include <cstdint>
|
|
21
|
+
#include <vector>
|
|
22
|
+
|
|
23
|
+
#include "circuits/logic/bit_adder.h"
|
|
24
|
+
#include "circuits/tests/ripemd/ripemd_constants.h"
|
|
25
|
+
#include "util/panic.h"
|
|
26
|
+
|
|
27
|
+
namespace proofs {
|
|
28
|
+
|
|
29
|
+
// Ripemd160Circuit
|
|
30
|
+
//
|
|
31
|
+
// Implements RIPEMD-160 hash function as an arithmetic circuit.
|
|
32
|
+
template <class Logic, class BitPlucker>
|
|
33
|
+
class Ripemd160Circuit {
|
|
34
|
+
public:
|
|
35
|
+
using v32 = typename Logic::v32;
|
|
36
|
+
using Field = typename Logic::Field;
|
|
37
|
+
using packed_v32 = typename BitPlucker::packed_v32;
|
|
38
|
+
using v8 = typename Logic::v8;
|
|
39
|
+
using v64 = typename Logic::v64;
|
|
40
|
+
using v160 = typename Logic::template bitvec<160>;
|
|
41
|
+
|
|
42
|
+
const Logic& l_;
|
|
43
|
+
BitPlucker bp_;
|
|
44
|
+
|
|
45
|
+
static packed_v32 packed_input(const Logic& lc) {
|
|
46
|
+
return BitPlucker::template packed_input<packed_v32>(lc);
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
struct BlockWitness {
|
|
50
|
+
// For each of the 80 steps, maintain two witnesses for left/right:
|
|
51
|
+
// L_temp[i] = a + f(...) + X[r] + K
|
|
52
|
+
// L_calc[i] = rol(L_temp[i], s) + e
|
|
53
|
+
packed_v32 left_temp[80];
|
|
54
|
+
packed_v32 left_calc[80];
|
|
55
|
+
|
|
56
|
+
// Same for right path
|
|
57
|
+
packed_v32 right_temp[80];
|
|
58
|
+
packed_v32 right_calc[80];
|
|
59
|
+
|
|
60
|
+
packed_v32 h_out[5];
|
|
61
|
+
|
|
62
|
+
void input(const Logic& lc) {
|
|
63
|
+
for (size_t k = 0; k < 80; ++k) {
|
|
64
|
+
left_temp[k] = packed_input(lc);
|
|
65
|
+
left_calc[k] = packed_input(lc);
|
|
66
|
+
right_temp[k] = packed_input(lc);
|
|
67
|
+
right_calc[k] = packed_input(lc);
|
|
68
|
+
}
|
|
69
|
+
for (size_t k = 0; k < 5; ++k) {
|
|
70
|
+
h_out[k] = packed_input(lc);
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
};
|
|
74
|
+
|
|
75
|
+
explicit Ripemd160Circuit(const Logic& l) : l_(l), bp_(l_) {}
|
|
76
|
+
|
|
77
|
+
// Verifies the compression function for one block.
|
|
78
|
+
// H1 is the state resulting from applying in[16] to state H0.
|
|
79
|
+
// The helper arrays (left_temp, left_calc, etc) are witnesses that allow
|
|
80
|
+
// us to verify the 80 steps of the compression function with low-degree
|
|
81
|
+
// constraints.
|
|
82
|
+
// We check that:
|
|
83
|
+
// left_temp[i] == a + f(b, c, d) + x + k
|
|
84
|
+
// left_calc[i] == rol(left_temp[i], s) + e
|
|
85
|
+
// and similarly for the right path.
|
|
86
|
+
void assert_transform_block(const v32 in[16], const v32 H0[5],
|
|
87
|
+
const v32 left_temp[80], const v32 left_calc[80],
|
|
88
|
+
const v32 right_temp[80],
|
|
89
|
+
const v32 right_calc[80], const v32 H1[5]) const {
|
|
90
|
+
const Logic& L = l_;
|
|
91
|
+
BitAdder<Logic, 32> BA(L);
|
|
92
|
+
|
|
93
|
+
// Initialize state
|
|
94
|
+
v32 a(H0[0]);
|
|
95
|
+
v32 b(H0[1]);
|
|
96
|
+
v32 c(H0[2]);
|
|
97
|
+
v32 d(H0[3]);
|
|
98
|
+
v32 e(H0[4]);
|
|
99
|
+
v32 aa(H0[0]);
|
|
100
|
+
v32 bb(H0[1]);
|
|
101
|
+
v32 cc(H0[2]);
|
|
102
|
+
v32 dd(H0[3]);
|
|
103
|
+
v32 ee(H0[4]);
|
|
104
|
+
|
|
105
|
+
// Main loop: 5 rounds of 16 steps
|
|
106
|
+
for (int round = 0; round < 5; ++round) {
|
|
107
|
+
for (int step = 0; step < 16; ++step) {
|
|
108
|
+
int idx = round * 16 + step;
|
|
109
|
+
|
|
110
|
+
// Left path
|
|
111
|
+
// t = rol(a + f(b, c, d) + X[r] + K, s) + e
|
|
112
|
+
// Decomposed:
|
|
113
|
+
// temp = a + f(b, c, d) + X[r] + K
|
|
114
|
+
// calc = rol(temp, s) + e
|
|
115
|
+
// b_new = calc
|
|
116
|
+
{
|
|
117
|
+
auto f_val = f_round_left(round, b, c, d);
|
|
118
|
+
const v32& x_val = in[ripemd::RL[round][step]];
|
|
119
|
+
auto k_val = L.vbit32(ripemd::KL[round]);
|
|
120
|
+
|
|
121
|
+
// Verify left_temp[idx] == a + f_val + x_val + k_val
|
|
122
|
+
BA.assert_eqmod(left_temp[idx], BA.add({a, f_val, x_val, k_val}), 4);
|
|
123
|
+
|
|
124
|
+
auto rot_val = rol(left_temp[idx], ripemd::SL[round][step]);
|
|
125
|
+
|
|
126
|
+
// Verify left_calc[idx] == rot_val + e
|
|
127
|
+
BA.assert_eqmod(left_calc[idx], BA.add({rot_val, e}), 2);
|
|
128
|
+
|
|
129
|
+
// Update left state
|
|
130
|
+
a = e;
|
|
131
|
+
e = d;
|
|
132
|
+
d = rol(c, 10);
|
|
133
|
+
c = b;
|
|
134
|
+
b = left_calc[idx];
|
|
135
|
+
}
|
|
136
|
+
|
|
137
|
+
// Right path
|
|
138
|
+
{
|
|
139
|
+
auto f_val = f_round_right(round, bb, cc, dd);
|
|
140
|
+
const v32& x_val = in[ripemd::RR[round][step]];
|
|
141
|
+
auto k_val = L.vbit32(ripemd::KR[round]);
|
|
142
|
+
|
|
143
|
+
// Verify right_temp[idx] == aa + f_val + x_val + k_val
|
|
144
|
+
BA.assert_eqmod(right_temp[idx], BA.add({aa, f_val, x_val, k_val}),
|
|
145
|
+
4);
|
|
146
|
+
|
|
147
|
+
auto rot_val = rol(right_temp[idx], ripemd::SR[round][step]);
|
|
148
|
+
|
|
149
|
+
// Verify right_calc[idx] == rot_val + ee
|
|
150
|
+
BA.assert_eqmod(right_calc[idx], BA.add({rot_val, ee}), 2);
|
|
151
|
+
|
|
152
|
+
// Update right state
|
|
153
|
+
aa = ee;
|
|
154
|
+
ee = dd;
|
|
155
|
+
dd = rol(cc, 10);
|
|
156
|
+
cc = bb;
|
|
157
|
+
bb = right_calc[idx];
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
// Combine results
|
|
163
|
+
// H1[0] = H0[1] + c + dd
|
|
164
|
+
// H1[1] = H0[2] + d + ee
|
|
165
|
+
// H1[2] = H0[3] + e + aa
|
|
166
|
+
// H1[3] = H0[4] + a + bb
|
|
167
|
+
// H1[4] = H0[0] + b + cc
|
|
168
|
+
|
|
169
|
+
BA.assert_eqmod(H1[0], BA.add({H0[1], c, dd}), 3);
|
|
170
|
+
BA.assert_eqmod(H1[1], BA.add({H0[2], d, ee}), 3);
|
|
171
|
+
BA.assert_eqmod(H1[2], BA.add({H0[3], e, aa}), 3);
|
|
172
|
+
BA.assert_eqmod(H1[3], BA.add({H0[4], a, bb}), 3);
|
|
173
|
+
BA.assert_eqmod(H1[4], BA.add({H0[0], b, cc}), 3);
|
|
174
|
+
}
|
|
175
|
+
|
|
176
|
+
// Packed API
|
|
177
|
+
// Asserts that state H1 results from applying in[] to H0.
|
|
178
|
+
// bw is the witness for the compression function.
|
|
179
|
+
void assert_transform_block(const v32 in[16], const v32 H0[5],
|
|
180
|
+
const BlockWitness& bw, const v32 H1[5]) const {
|
|
181
|
+
std::vector<v32> left_temp(80), left_calc(80);
|
|
182
|
+
std::vector<v32> right_temp(80), right_calc(80);
|
|
183
|
+
|
|
184
|
+
for (int i = 0; i < 80; ++i) {
|
|
185
|
+
left_temp[i] = bp_.unpack_v32(bw.left_temp[i]);
|
|
186
|
+
left_calc[i] = bp_.unpack_v32(bw.left_calc[i]);
|
|
187
|
+
right_temp[i] = bp_.unpack_v32(bw.right_temp[i]);
|
|
188
|
+
right_calc[i] = bp_.unpack_v32(bw.right_calc[i]);
|
|
189
|
+
}
|
|
190
|
+
|
|
191
|
+
assert_transform_block(in, H0, left_temp.data(), left_calc.data(),
|
|
192
|
+
right_temp.data(), right_calc.data(), H1);
|
|
193
|
+
}
|
|
194
|
+
|
|
195
|
+
// Packed API
|
|
196
|
+
// Asserts that state H1 results from applying in[] to H0.
|
|
197
|
+
// bw is the witness for the compression function.
|
|
198
|
+
// In this version, the pH1 array is bit-packed for efficiency.
|
|
199
|
+
void assert_transform_block_packed(const v32 in[16], const v32 H0[5],
|
|
200
|
+
const BlockWitness& bw,
|
|
201
|
+
const packed_v32 pH1[5]) const {
|
|
202
|
+
std::vector<v32> H1(5);
|
|
203
|
+
for (int i = 0; i < 5; ++i) H1[i] = bp_.unpack_v32(pH1[i]);
|
|
204
|
+
|
|
205
|
+
assert_transform_block(in, H0, bw, H1.data());
|
|
206
|
+
}
|
|
207
|
+
|
|
208
|
+
// Asserts that target is the result of hashing the message of length at most
|
|
209
|
+
// 64*max bytes in the in[] array. nb is the number of blocks in the message.
|
|
210
|
+
// The in[] array must be zero-padded for the non-used blocks.
|
|
211
|
+
void assert_message_hash(size_t max, const v8& nb, const v8 in[/* 64*max */],
|
|
212
|
+
const v160& target,
|
|
213
|
+
const BlockWitness bw[/*max*/]) const {
|
|
214
|
+
assert_message(max, nb, in, bw);
|
|
215
|
+
assert_hash(max, target, nb, bw);
|
|
216
|
+
}
|
|
217
|
+
|
|
218
|
+
// Returns the length of the message in bits.
|
|
219
|
+
v64 find_len(size_t max, const v8 in[/*64*max*/], const v8& nb) const {
|
|
220
|
+
const Logic& L = l_;
|
|
221
|
+
v64 len = L.template vbit<64>(0);
|
|
222
|
+
for (size_t i = 0; i < max; ++i) {
|
|
223
|
+
auto isblk = L.veq(nb, i + 1); // If nb == i, i is zero-indexed.
|
|
224
|
+
size_t ind = i * 64 + 63;
|
|
225
|
+
for (size_t j = 0; j < 64; ++j) { /* this loop is over bits */
|
|
226
|
+
len[j] =
|
|
227
|
+
L.lor_exclusive(len[j], L.land(isblk, in[ind - 7 + j / 8][j % 8]));
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
L.vassert_is_bit(len);
|
|
231
|
+
return len;
|
|
232
|
+
}
|
|
233
|
+
|
|
234
|
+
// This method asserts that the BlockWitnesses are correct for the given
|
|
235
|
+
// message.
|
|
236
|
+
void assert_message(size_t max, const v8& nb, const v8 in[/* 64*max */],
|
|
237
|
+
const BlockWitness bw[/*max*/]) const {
|
|
238
|
+
const Logic& L = l_;
|
|
239
|
+
const packed_v32* H = nullptr;
|
|
240
|
+
std::vector<v32> tmp(16);
|
|
241
|
+
|
|
242
|
+
for (size_t b = 0; b < max; ++b) {
|
|
243
|
+
const v8* inb = &in[64 * b];
|
|
244
|
+
for (size_t i = 0; i < 16; ++i) {
|
|
245
|
+
// Little-endian mapping of v8[4] into v32.
|
|
246
|
+
// inb[4*i + 0] is LSB.
|
|
247
|
+
tmp[i] = L.vappend(L.vappend(inb[4 * i + 0], inb[4 * i + 1]),
|
|
248
|
+
L.vappend(inb[4 * i + 2], inb[4 * i + 3]));
|
|
249
|
+
}
|
|
250
|
+
if (b == 0) {
|
|
251
|
+
v32 H0[5];
|
|
252
|
+
initial_context(H0);
|
|
253
|
+
v32 H1[5];
|
|
254
|
+
for (int k = 0; k < 5; ++k) H1[k] = bp_.unpack_v32(bw[b].h_out[k]);
|
|
255
|
+
assert_transform_block(tmp.data(), H0, bw[b], H1);
|
|
256
|
+
} else {
|
|
257
|
+
assert_transform_block_packed_H0(tmp.data(), H, bw[b], bw[b].h_out);
|
|
258
|
+
}
|
|
259
|
+
H = bw[b].h_out;
|
|
260
|
+
}
|
|
261
|
+
assert_zero_padding(max, nb, in);
|
|
262
|
+
}
|
|
263
|
+
|
|
264
|
+
private:
|
|
265
|
+
// Overload for packed H0
|
|
266
|
+
void assert_transform_block_packed_H0(const v32 in[16],
|
|
267
|
+
const packed_v32 pH0[5],
|
|
268
|
+
const BlockWitness& bw,
|
|
269
|
+
const packed_v32 pH1[5]) const {
|
|
270
|
+
std::vector<v32> H0(5);
|
|
271
|
+
for (int i = 0; i < 5; ++i) H0[i] = bp_.unpack_v32(pH0[i]);
|
|
272
|
+
|
|
273
|
+
assert_transform_block_packed(in, H0.data(), bw, pH1);
|
|
274
|
+
}
|
|
275
|
+
|
|
276
|
+
void assert_hash(size_t max, const v160& e, const v8& nb,
|
|
277
|
+
const BlockWitness bw[/*max*/]) const {
|
|
278
|
+
const Logic& L = l_;
|
|
279
|
+
packed_v32 x[5];
|
|
280
|
+
for (size_t b = 0; b < max; ++b) {
|
|
281
|
+
auto bt = L.veq(nb, b + 1); /* b is zero-indexed */
|
|
282
|
+
auto ebt = L.eval(bt);
|
|
283
|
+
for (size_t i = 0; i < 5; ++i) {
|
|
284
|
+
for (size_t k = 0; k < bp_.kNv32Elts; ++k) {
|
|
285
|
+
if (b == 0) {
|
|
286
|
+
x[i][k] = L.mul(ebt, bw[b].h_out[i][k]);
|
|
287
|
+
} else {
|
|
288
|
+
auto maybe_h = L.mul(ebt, bw[b].h_out[i][k]);
|
|
289
|
+
x[i][k] = L.add(x[i][k], maybe_h);
|
|
290
|
+
}
|
|
291
|
+
}
|
|
292
|
+
}
|
|
293
|
+
}
|
|
294
|
+
|
|
295
|
+
// Unpack H0..H4 into v160.
|
|
296
|
+
// RIPEMD-160 is little-endian.
|
|
297
|
+
v160 mm;
|
|
298
|
+
for (size_t j = 0; j < 5; ++j) {
|
|
299
|
+
auto hj = bp_.unpack_v32(x[j]);
|
|
300
|
+
for (size_t k = 0; k < 32; ++k) {
|
|
301
|
+
mm[j * 32 + k] = hj[k];
|
|
302
|
+
}
|
|
303
|
+
}
|
|
304
|
+
L.vassert_eq(mm, e);
|
|
305
|
+
}
|
|
306
|
+
|
|
307
|
+
void assert_zero_padding(size_t max, const v8& nb,
|
|
308
|
+
const v8 in[/*64 * max*/]) const {
|
|
309
|
+
const Logic& L = l_;
|
|
310
|
+
for (size_t i = 0; i < max; ++i) {
|
|
311
|
+
auto wantzero = L.vleq(nb, i); // If nb <= i, block should be 0.
|
|
312
|
+
for (size_t j = 0; j < 64; ++j) {
|
|
313
|
+
size_t ind = i * 64 + j;
|
|
314
|
+
auto zero = L.veq(in[ind], 0);
|
|
315
|
+
L.assert_implies(wantzero, zero);
|
|
316
|
+
}
|
|
317
|
+
}
|
|
318
|
+
}
|
|
319
|
+
|
|
320
|
+
v32 rol(const v32& x, int n) const { return l_.vrotl(x, n); }
|
|
321
|
+
|
|
322
|
+
v32 f1(const v32& x, const v32& y, const v32& z) const {
|
|
323
|
+
return l_.vxor3(x, y, z);
|
|
324
|
+
}
|
|
325
|
+
|
|
326
|
+
v32 f2(const v32& x, const v32& y, const v32& z) const {
|
|
327
|
+
// (x & y) | (~x & z)
|
|
328
|
+
return l_.vCh(x, y, z);
|
|
329
|
+
}
|
|
330
|
+
|
|
331
|
+
v32 f3(const v32& x, const v32& y, const v32& z) const {
|
|
332
|
+
// (x | ~y) ^ z
|
|
333
|
+
auto noty = l_.vnot(y);
|
|
334
|
+
auto xsuby = l_.vor(x, noty);
|
|
335
|
+
return l_.vxor(xsuby, z);
|
|
336
|
+
}
|
|
337
|
+
|
|
338
|
+
v32 f4(const v32& x, const v32& y, const v32& z) const {
|
|
339
|
+
// (x & z) | (y & ~z)
|
|
340
|
+
return l_.vCh(z, x, y);
|
|
341
|
+
}
|
|
342
|
+
|
|
343
|
+
v32 f5(const v32& x, const v32& y, const v32& z) const {
|
|
344
|
+
// x ^ (y | ~z)
|
|
345
|
+
return f3(y, z, x);
|
|
346
|
+
}
|
|
347
|
+
|
|
348
|
+
// Helper to select function based on round
|
|
349
|
+
v32 f_round_left(int round, const v32& x, const v32& y, const v32& z) const {
|
|
350
|
+
switch (round) {
|
|
351
|
+
case 0:
|
|
352
|
+
return f1(x, y, z);
|
|
353
|
+
case 1:
|
|
354
|
+
return f2(x, y, z);
|
|
355
|
+
case 2:
|
|
356
|
+
return f3(x, y, z);
|
|
357
|
+
case 3:
|
|
358
|
+
return f4(x, y, z);
|
|
359
|
+
case 4:
|
|
360
|
+
return f5(x, y, z);
|
|
361
|
+
}
|
|
362
|
+
check(false, "Invalid round");
|
|
363
|
+
return v32(x);
|
|
364
|
+
}
|
|
365
|
+
|
|
366
|
+
v32 f_round_right(int round, const v32& x, const v32& y, const v32& z) const {
|
|
367
|
+
switch (round) {
|
|
368
|
+
case 0:
|
|
369
|
+
return f5(x, y, z);
|
|
370
|
+
case 1:
|
|
371
|
+
return f4(x, y, z);
|
|
372
|
+
case 2:
|
|
373
|
+
return f3(x, y, z);
|
|
374
|
+
case 3:
|
|
375
|
+
return f2(x, y, z);
|
|
376
|
+
case 4:
|
|
377
|
+
return f1(x, y, z);
|
|
378
|
+
}
|
|
379
|
+
check(false, "Invalid round");
|
|
380
|
+
return v32(x);
|
|
381
|
+
}
|
|
382
|
+
|
|
383
|
+
void initial_context(v32 H[5]) const {
|
|
384
|
+
static const uint32_t initial[5] = {0x67452301, 0xEFCDAB89, 0x98BADCFE,
|
|
385
|
+
0x10325476, 0xC3D2E1F0};
|
|
386
|
+
for (size_t i = 0; i < 5; i++) {
|
|
387
|
+
H[i] = l_.template vbit<32>(initial[i]);
|
|
388
|
+
}
|
|
389
|
+
}
|
|
390
|
+
};
|
|
391
|
+
|
|
392
|
+
} // namespace proofs
|
|
393
|
+
|
|
394
|
+
#endif // PRIVACY_PROOFS_ZK_LIB_CIRCUITS_TESTS_RIPEMD_RIPEMD_CIRCUIT_H_
|