@sip-protocol/sdk 0.2.9 → 0.2.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/dist/browser.d.mts +100 -2
- package/dist/browser.d.ts +100 -2
- package/dist/browser.js +774 -114
- package/dist/browser.mjs +498 -16
- package/dist/{chunk-KXN6IWL5.mjs → chunk-AV37IZST.mjs} +284 -0
- package/dist/{chunk-VITVG25F.mjs → chunk-XLEPIR2P.mjs} +2 -100
- package/dist/index-BFOKTz2z.d.ts +6062 -0
- package/dist/index-CAhjA4kh.d.mts +6062 -0
- package/dist/index.d.mts +2 -5897
- package/dist/index.d.ts +2 -5897
- package/dist/index.mjs +1 -1
- package/dist/{noir-BHQtFvRk.d.mts → noir-BTyLXLlZ.d.mts} +1 -1
- package/dist/{noir-BHQtFvRk.d.ts → noir-BTyLXLlZ.d.ts} +1 -1
- package/dist/proofs/noir.d.mts +1 -1
- package/dist/proofs/noir.d.ts +1 -1
- package/dist/proofs/noir.js +11 -112
- package/dist/proofs/noir.mjs +10 -13
- package/package.json +16 -16
- package/src/browser.ts +23 -0
- package/src/proofs/browser-utils.ts +389 -0
- package/src/proofs/browser.ts +246 -19
- package/src/proofs/circuits/funding_proof.json +1 -1
- package/src/proofs/noir.ts +14 -14
- package/src/proofs/worker.ts +426 -0
- package/dist/chunk-4VJHI66K.mjs +0 -12120
- package/dist/chunk-5BAS4D44.mjs +0 -10283
- package/dist/chunk-6WOV2YNG.mjs +0 -10179
- package/dist/chunk-DU7LQDD2.mjs +0 -10148
- package/dist/chunk-MR7HRCRS.mjs +0 -10165
- package/dist/chunk-NDGUWOOZ.mjs +0 -10157
- package/dist/chunk-O4Y2ZUDL.mjs +0 -12721
- package/dist/chunk-UPTISVCY.mjs +0 -10304
- package/dist/chunk-VXSHK7US.mjs +0 -10158
package/dist/browser.js
CHANGED
|
@@ -71,6 +71,7 @@ __export(browser_exports, {
|
|
|
71
71
|
ProofError: () => ProofError,
|
|
72
72
|
ProofGenerationError: () => ProofGenerationError,
|
|
73
73
|
ProofNotImplementedError: () => ProofNotImplementedError,
|
|
74
|
+
ProofWorker: () => ProofWorker,
|
|
74
75
|
ProposalStatus: () => import_types36.ProposalStatus,
|
|
75
76
|
ReportStatus: () => import_types37.ReportStatus,
|
|
76
77
|
SIP: () => SIP,
|
|
@@ -98,6 +99,7 @@ __export(browser_exports, {
|
|
|
98
99
|
browserBytesToHex: () => bytesToHex7,
|
|
99
100
|
browserHexToBytes: () => hexToBytes5,
|
|
100
101
|
checkEd25519StealthAddress: () => checkEd25519StealthAddress,
|
|
102
|
+
checkMobileWASMCompatibility: () => checkMobileWASMCompatibility,
|
|
101
103
|
checkStealthAddress: () => checkStealthAddress,
|
|
102
104
|
commit: () => commit,
|
|
103
105
|
commitZero: () => commitZero,
|
|
@@ -122,6 +124,7 @@ __export(browser_exports, {
|
|
|
122
124
|
createSolanaAdapter: () => createSolanaAdapter,
|
|
123
125
|
createTrezorAdapter: () => createTrezorAdapter,
|
|
124
126
|
createWalletFactory: () => createWalletFactory,
|
|
127
|
+
createWorkerBlobURL: () => createWorkerBlobURL,
|
|
125
128
|
createZcashClient: () => createZcashClient,
|
|
126
129
|
createZcashShieldedService: () => createZcashShieldedService,
|
|
127
130
|
createZcashSwapService: () => createZcashSwapService,
|
|
@@ -136,6 +139,8 @@ __export(browser_exports, {
|
|
|
136
139
|
deserializeIntent: () => deserializeIntent,
|
|
137
140
|
deserializePayment: () => deserializePayment,
|
|
138
141
|
detectEthereumWallets: () => detectEthereumWallets,
|
|
142
|
+
detectMobileBrowser: () => detectMobileBrowser,
|
|
143
|
+
detectMobilePlatform: () => detectMobilePlatform,
|
|
139
144
|
detectSolanaWallets: () => detectSolanaWallets,
|
|
140
145
|
ed25519PublicKeyToNearAddress: () => ed25519PublicKeyToNearAddress,
|
|
141
146
|
ed25519PublicKeyToSolanaAddress: () => ed25519PublicKeyToSolanaAddress,
|
|
@@ -156,6 +161,7 @@ __export(browser_exports, {
|
|
|
156
161
|
getActiveOracles: () => getActiveOracles,
|
|
157
162
|
getAvailableTransports: () => getAvailableTransports,
|
|
158
163
|
getBrowserInfo: () => getBrowserInfo,
|
|
164
|
+
getBrowserVersion: () => getBrowserVersion,
|
|
159
165
|
getChainNumericId: () => getChainNumericId,
|
|
160
166
|
getChainsForStablecoin: () => getChainsForStablecoin,
|
|
161
167
|
getCurveForChain: () => getCurveForChain,
|
|
@@ -165,6 +171,8 @@ __export(browser_exports, {
|
|
|
165
171
|
getEthereumProvider: () => getEthereumProvider,
|
|
166
172
|
getGenerators: () => getGenerators,
|
|
167
173
|
getIntentSummary: () => getIntentSummary,
|
|
174
|
+
getMobileDeviceInfo: () => getMobileDeviceInfo,
|
|
175
|
+
getOSVersion: () => getOSVersion,
|
|
168
176
|
getPaymentSummary: () => getPaymentSummary,
|
|
169
177
|
getPaymentTimeRemaining: () => getPaymentTimeRemaining,
|
|
170
178
|
getPrivacyConfig: () => getPrivacyConfig,
|
|
@@ -190,6 +198,7 @@ __export(browser_exports, {
|
|
|
190
198
|
isSIPError: () => isSIPError,
|
|
191
199
|
isStablecoin: () => isStablecoin,
|
|
192
200
|
isStablecoinOnChain: () => isStablecoinOnChain,
|
|
201
|
+
isTablet: () => isTablet,
|
|
193
202
|
isValidAmount: () => isValidAmount,
|
|
194
203
|
isValidChainId: () => isValidChainId,
|
|
195
204
|
isValidCompressedPublicKey: () => isValidCompressedPublicKey,
|
|
@@ -221,7 +230,10 @@ __export(browser_exports, {
|
|
|
221
230
|
subtractBlindings: () => subtractBlindings,
|
|
222
231
|
subtractCommitments: () => subtractCommitments,
|
|
223
232
|
supportsSharedArrayBuffer: () => supportsSharedArrayBuffer,
|
|
233
|
+
supportsTouch: () => supportsTouch,
|
|
224
234
|
supportsViewingKey: () => import_types34.supportsViewingKey,
|
|
235
|
+
supportsWASMBulkMemory: () => supportsWASMBulkMemory,
|
|
236
|
+
supportsWASMSimd: () => supportsWASMSimd,
|
|
225
237
|
supportsWebBluetooth: () => supportsWebBluetooth,
|
|
226
238
|
supportsWebHID: () => supportsWebHID,
|
|
227
239
|
supportsWebUSB: () => supportsWebUSB,
|
|
@@ -3460,6 +3472,280 @@ var MockProofProvider = class {
|
|
|
3460
3472
|
};
|
|
3461
3473
|
|
|
3462
3474
|
// src/proofs/browser-utils.ts
|
|
3475
|
+
function detectMobilePlatform() {
|
|
3476
|
+
if (typeof navigator === "undefined") return "desktop";
|
|
3477
|
+
const ua = navigator.userAgent.toLowerCase();
|
|
3478
|
+
if (/iphone|ipad|ipod/.test(ua) || navigator.platform === "MacIntel" && navigator.maxTouchPoints > 1) {
|
|
3479
|
+
return "ios";
|
|
3480
|
+
}
|
|
3481
|
+
if (/android/.test(ua)) {
|
|
3482
|
+
return "android";
|
|
3483
|
+
}
|
|
3484
|
+
if (/mobile|webos|blackberry|opera mini|opera mobi|iemobile|wpdesktop/.test(ua)) {
|
|
3485
|
+
return "other";
|
|
3486
|
+
}
|
|
3487
|
+
return "desktop";
|
|
3488
|
+
}
|
|
3489
|
+
function detectMobileBrowser() {
|
|
3490
|
+
if (typeof navigator === "undefined") return "other";
|
|
3491
|
+
const ua = navigator.userAgent.toLowerCase();
|
|
3492
|
+
if (/safari/.test(ua) && /iphone|ipad|ipod/.test(ua) && !/crios|fxios/.test(ua)) {
|
|
3493
|
+
return "safari";
|
|
3494
|
+
}
|
|
3495
|
+
if (/chrome|crios/.test(ua) && !/edg|opr|samsung/.test(ua)) {
|
|
3496
|
+
return "chrome";
|
|
3497
|
+
}
|
|
3498
|
+
if (/firefox|fxios/.test(ua)) {
|
|
3499
|
+
return "firefox";
|
|
3500
|
+
}
|
|
3501
|
+
if (/samsung/.test(ua)) {
|
|
3502
|
+
return "samsung";
|
|
3503
|
+
}
|
|
3504
|
+
if (/opr|opera/.test(ua)) {
|
|
3505
|
+
return "opera";
|
|
3506
|
+
}
|
|
3507
|
+
if (/edg/.test(ua)) {
|
|
3508
|
+
return "edge";
|
|
3509
|
+
}
|
|
3510
|
+
return "other";
|
|
3511
|
+
}
|
|
3512
|
+
function getBrowserVersion() {
|
|
3513
|
+
if (typeof navigator === "undefined") return null;
|
|
3514
|
+
const ua = navigator.userAgent;
|
|
3515
|
+
const browser = detectMobileBrowser();
|
|
3516
|
+
const patterns = {
|
|
3517
|
+
safari: /version\/(\d+(\.\d+)*)/i,
|
|
3518
|
+
chrome: /chrome\/(\d+(\.\d+)*)|crios\/(\d+(\.\d+)*)/i,
|
|
3519
|
+
firefox: /firefox\/(\d+(\.\d+)*)|fxios\/(\d+(\.\d+)*)/i,
|
|
3520
|
+
samsung: /samsungbrowser\/(\d+(\.\d+)*)/i,
|
|
3521
|
+
opera: /opr\/(\d+(\.\d+)*)/i,
|
|
3522
|
+
edge: /edg\/(\d+(\.\d+)*)/i,
|
|
3523
|
+
other: /version\/(\d+(\.\d+)*)/i
|
|
3524
|
+
};
|
|
3525
|
+
const pattern = patterns[browser] || patterns.other;
|
|
3526
|
+
const match = ua.match(pattern);
|
|
3527
|
+
if (match) {
|
|
3528
|
+
for (let i = 1; i < match.length; i++) {
|
|
3529
|
+
if (match[i]) return match[i];
|
|
3530
|
+
}
|
|
3531
|
+
}
|
|
3532
|
+
return null;
|
|
3533
|
+
}
|
|
3534
|
+
function getOSVersion() {
|
|
3535
|
+
if (typeof navigator === "undefined") return null;
|
|
3536
|
+
const ua = navigator.userAgent;
|
|
3537
|
+
const platform = detectMobilePlatform();
|
|
3538
|
+
if (platform === "ios") {
|
|
3539
|
+
const match = ua.match(/os (\d+[_\d]*)/i);
|
|
3540
|
+
return match ? match[1].replace(/_/g, ".") : null;
|
|
3541
|
+
}
|
|
3542
|
+
if (platform === "android") {
|
|
3543
|
+
const match = ua.match(/android (\d+(\.\d+)*)/i);
|
|
3544
|
+
return match ? match[1] : null;
|
|
3545
|
+
}
|
|
3546
|
+
return null;
|
|
3547
|
+
}
|
|
3548
|
+
function isTablet() {
|
|
3549
|
+
if (typeof navigator === "undefined") return false;
|
|
3550
|
+
const ua = navigator.userAgent.toLowerCase();
|
|
3551
|
+
if (/ipad/.test(ua) || navigator.platform === "MacIntel" && navigator.maxTouchPoints > 1) {
|
|
3552
|
+
return true;
|
|
3553
|
+
}
|
|
3554
|
+
if (/android/.test(ua) && !/mobile/.test(ua)) {
|
|
3555
|
+
return true;
|
|
3556
|
+
}
|
|
3557
|
+
return false;
|
|
3558
|
+
}
|
|
3559
|
+
function supportsTouch() {
|
|
3560
|
+
if (typeof window === "undefined") return false;
|
|
3561
|
+
return "ontouchstart" in window || navigator.maxTouchPoints > 0;
|
|
3562
|
+
}
|
|
3563
|
+
function getMobileDeviceInfo() {
|
|
3564
|
+
const platform = detectMobilePlatform();
|
|
3565
|
+
return {
|
|
3566
|
+
isMobile: platform !== "desktop",
|
|
3567
|
+
platform,
|
|
3568
|
+
browser: detectMobileBrowser(),
|
|
3569
|
+
browserVersion: getBrowserVersion(),
|
|
3570
|
+
osVersion: getOSVersion(),
|
|
3571
|
+
isTablet: isTablet(),
|
|
3572
|
+
supportsTouch: supportsTouch(),
|
|
3573
|
+
deviceMemoryGB: (
|
|
3574
|
+
// @ts-expect-error - deviceMemory is non-standard
|
|
3575
|
+
typeof navigator !== "undefined" && navigator.deviceMemory ? (
|
|
3576
|
+
// @ts-expect-error - deviceMemory is non-standard
|
|
3577
|
+
navigator.deviceMemory
|
|
3578
|
+
) : null
|
|
3579
|
+
),
|
|
3580
|
+
hardwareConcurrency: typeof navigator !== "undefined" && navigator.hardwareConcurrency ? navigator.hardwareConcurrency : null
|
|
3581
|
+
};
|
|
3582
|
+
}
|
|
3583
|
+
function supportsWASMSimd() {
|
|
3584
|
+
try {
|
|
3585
|
+
return WebAssembly.validate(
|
|
3586
|
+
new Uint8Array([
|
|
3587
|
+
0,
|
|
3588
|
+
97,
|
|
3589
|
+
115,
|
|
3590
|
+
109,
|
|
3591
|
+
1,
|
|
3592
|
+
0,
|
|
3593
|
+
0,
|
|
3594
|
+
0,
|
|
3595
|
+
1,
|
|
3596
|
+
5,
|
|
3597
|
+
1,
|
|
3598
|
+
96,
|
|
3599
|
+
0,
|
|
3600
|
+
1,
|
|
3601
|
+
123,
|
|
3602
|
+
3,
|
|
3603
|
+
2,
|
|
3604
|
+
1,
|
|
3605
|
+
0,
|
|
3606
|
+
10,
|
|
3607
|
+
10,
|
|
3608
|
+
1,
|
|
3609
|
+
8,
|
|
3610
|
+
0,
|
|
3611
|
+
65,
|
|
3612
|
+
0,
|
|
3613
|
+
253,
|
|
3614
|
+
15,
|
|
3615
|
+
253,
|
|
3616
|
+
98,
|
|
3617
|
+
11
|
|
3618
|
+
])
|
|
3619
|
+
);
|
|
3620
|
+
} catch {
|
|
3621
|
+
return false;
|
|
3622
|
+
}
|
|
3623
|
+
}
|
|
3624
|
+
function supportsWASMBulkMemory() {
|
|
3625
|
+
try {
|
|
3626
|
+
return WebAssembly.validate(
|
|
3627
|
+
new Uint8Array([
|
|
3628
|
+
0,
|
|
3629
|
+
97,
|
|
3630
|
+
115,
|
|
3631
|
+
109,
|
|
3632
|
+
1,
|
|
3633
|
+
0,
|
|
3634
|
+
0,
|
|
3635
|
+
0,
|
|
3636
|
+
1,
|
|
3637
|
+
4,
|
|
3638
|
+
1,
|
|
3639
|
+
96,
|
|
3640
|
+
0,
|
|
3641
|
+
0,
|
|
3642
|
+
3,
|
|
3643
|
+
2,
|
|
3644
|
+
1,
|
|
3645
|
+
0,
|
|
3646
|
+
5,
|
|
3647
|
+
3,
|
|
3648
|
+
1,
|
|
3649
|
+
0,
|
|
3650
|
+
1,
|
|
3651
|
+
10,
|
|
3652
|
+
13,
|
|
3653
|
+
1,
|
|
3654
|
+
11,
|
|
3655
|
+
0,
|
|
3656
|
+
65,
|
|
3657
|
+
0,
|
|
3658
|
+
65,
|
|
3659
|
+
0,
|
|
3660
|
+
65,
|
|
3661
|
+
0,
|
|
3662
|
+
252,
|
|
3663
|
+
11,
|
|
3664
|
+
0,
|
|
3665
|
+
11
|
|
3666
|
+
])
|
|
3667
|
+
);
|
|
3668
|
+
} catch {
|
|
3669
|
+
return false;
|
|
3670
|
+
}
|
|
3671
|
+
}
|
|
3672
|
+
function checkMobileWASMCompatibility() {
|
|
3673
|
+
const issues = [];
|
|
3674
|
+
const recommendations = [];
|
|
3675
|
+
let score = 100;
|
|
3676
|
+
const webAssembly = typeof WebAssembly !== "undefined";
|
|
3677
|
+
if (!webAssembly) {
|
|
3678
|
+
issues.push("WebAssembly not supported");
|
|
3679
|
+
score -= 50;
|
|
3680
|
+
}
|
|
3681
|
+
const sharedArrayBuffer = supportsSharedArrayBuffer();
|
|
3682
|
+
if (!sharedArrayBuffer) {
|
|
3683
|
+
issues.push("SharedArrayBuffer not available (requires COOP/COEP headers)");
|
|
3684
|
+
recommendations.push("Server must send Cross-Origin-Opener-Policy: same-origin");
|
|
3685
|
+
recommendations.push("Server must send Cross-Origin-Embedder-Policy: require-corp");
|
|
3686
|
+
score -= 20;
|
|
3687
|
+
}
|
|
3688
|
+
const webWorkers = supportsWebWorkers();
|
|
3689
|
+
if (!webWorkers) {
|
|
3690
|
+
issues.push("Web Workers not supported");
|
|
3691
|
+
recommendations.push("Consider using a polyfill or fallback to main-thread execution");
|
|
3692
|
+
score -= 15;
|
|
3693
|
+
}
|
|
3694
|
+
const simd = supportsWASMSimd();
|
|
3695
|
+
if (!simd) {
|
|
3696
|
+
recommendations.push("WASM SIMD not supported - proofs will be slower");
|
|
3697
|
+
score -= 5;
|
|
3698
|
+
}
|
|
3699
|
+
const bulkMemory = supportsWASMBulkMemory();
|
|
3700
|
+
if (!bulkMemory) {
|
|
3701
|
+
recommendations.push("WASM bulk memory not supported - may affect performance");
|
|
3702
|
+
score -= 5;
|
|
3703
|
+
}
|
|
3704
|
+
const bigInt = typeof BigInt !== "undefined";
|
|
3705
|
+
if (!bigInt) {
|
|
3706
|
+
issues.push("BigInt not supported (required for 64-bit operations)");
|
|
3707
|
+
score -= 10;
|
|
3708
|
+
}
|
|
3709
|
+
const deviceInfo = getMobileDeviceInfo();
|
|
3710
|
+
if (deviceInfo.isMobile) {
|
|
3711
|
+
if (deviceInfo.deviceMemoryGB !== null && deviceInfo.deviceMemoryGB < 2) {
|
|
3712
|
+
recommendations.push(`Low device memory (${deviceInfo.deviceMemoryGB}GB) - may experience issues with large proofs`);
|
|
3713
|
+
score -= 5;
|
|
3714
|
+
}
|
|
3715
|
+
if (deviceInfo.platform === "ios" && deviceInfo.browser === "safari") {
|
|
3716
|
+
if (!sharedArrayBuffer) {
|
|
3717
|
+
recommendations.push("iOS Safari requires iOS 15.2+ for SharedArrayBuffer support");
|
|
3718
|
+
}
|
|
3719
|
+
}
|
|
3720
|
+
if (deviceInfo.platform === "android" && deviceInfo.browser === "chrome") {
|
|
3721
|
+
if (!sharedArrayBuffer) {
|
|
3722
|
+
recommendations.push("Ensure COOP/COEP headers are set - Chrome Android requires them");
|
|
3723
|
+
}
|
|
3724
|
+
}
|
|
3725
|
+
}
|
|
3726
|
+
let summary;
|
|
3727
|
+
if (score >= 90) {
|
|
3728
|
+
summary = "Excellent - Full WASM proof support";
|
|
3729
|
+
} else if (score >= 70) {
|
|
3730
|
+
summary = "Good - WASM proofs supported with minor limitations";
|
|
3731
|
+
} else if (score >= 50) {
|
|
3732
|
+
summary = "Limited - WASM proofs may work with reduced performance";
|
|
3733
|
+
} else {
|
|
3734
|
+
summary = "Poor - WASM proofs not recommended on this device";
|
|
3735
|
+
}
|
|
3736
|
+
return {
|
|
3737
|
+
webAssembly,
|
|
3738
|
+
sharedArrayBuffer,
|
|
3739
|
+
webWorkers,
|
|
3740
|
+
simd,
|
|
3741
|
+
bulkMemory,
|
|
3742
|
+
bigInt,
|
|
3743
|
+
score: Math.max(0, score),
|
|
3744
|
+
summary,
|
|
3745
|
+
issues,
|
|
3746
|
+
recommendations
|
|
3747
|
+
};
|
|
3748
|
+
}
|
|
3463
3749
|
function hexToBytes5(hex) {
|
|
3464
3750
|
const h = hex.startsWith("0x") ? hex.slice(2) : hex;
|
|
3465
3751
|
if (h.length === 0) return new Uint8Array(0);
|
|
@@ -10940,7 +11226,7 @@ var import_bb = require("@aztec/bb.js");
|
|
|
10940
11226
|
var import_secp256k14 = require("@noble/curves/secp256k1");
|
|
10941
11227
|
|
|
10942
11228
|
// src/proofs/circuits/funding_proof.json
|
|
10943
|
-
var funding_proof_default = { noir_version: "1.0.0-beta.15+83245db91dcf63420ef4bcbbd85b98f397fee663", hash: "13977419962319221401", abi: { parameters: [{ name: "commitment_hash", type: { kind: "field" }, visibility: "public" }, { name: "minimum_required", type: { kind: "integer", sign: "unsigned", width: 64 }, visibility: "public" }, { name: "asset_id", type: { kind: "field" }, visibility: "public" }, { name: "balance", type: { kind: "integer", sign: "unsigned", width: 64 }, visibility: "private" }, { name: "blinding", type: { kind: "field" }, visibility: "private" }], return_type: null, error_types: { "2900908756532713827": { error_kind: "string", string: "Insufficient balance" }, "15764276373176857197": { error_kind: "string", string: "Stack too deep" }, "17719928407928969950": { error_kind: "string", string: "Commitment hash mismatch" } } }, bytecode: "H4sIAAAAAAAA/+VYbUhTURg+d7vTTdfmnJlK1g360LJolUEUJaUZ/qgooS9Taq5aoCudlhHV6LuglPplBH0gLUuiCCv6osA+LImItCQ0wUyRTJSJWkG7ds58PV53PzT60Qt3z+65z/ue533u8exeGfQnWIxZm+zZ4V4043PGe6gx8kcCNabGYyw+V6HBQcY4jDMzl+c0WC7E3l2ZVO5yrd0YM7t5WcG9HUVLGjxn2nEdDkkKRi3OZfxd5JC0XNiXBmMAYRAz+IEEqgJLTfS3mh+ibiGuy2hkaAhAykxlZPYKNYn1yvqZmJ5XrJaEReMLeOMDMWppknoYAsRMChyam0ZxGa10DWgkDWWRMkN1GINoklxDoQAxQ3VIuqFB0jX0mcbfgAAwxmHULiwwfYjX5ce2B+RZfo6u/FXgPtf2al7hIvuaOKsjZT3kRu1P7y3bb0mbdDWiU/+iZvai19f21Lw0htW5HlTE9JzZCLlSgnA1Ke7tua9OzFmVvuFRdeP8i5Gnjhgz5q2cfHpnfVLRw0YV5HLn3zyO+7Gmp4t1JNZEPevtzkm98TxhL9u6OWrz0conkyFXLOBCC0T9PvGowxhEaRUJJtj7ofceo9DILuRgpGwhGzAaaZLchQwFiC1kA5K+kI1I2Q0bJBDJ60ePlBkagtFEk+QaCgWIGRqCpBtqQv/GUBVSZmgoRjNNkmsoFCBmaCiSbqhZugbfFqIHYxzG/3mrhdyxiR0l3F7X0xMHJ5S40ppvWkIm3v9mjoi8X+u5VOZOXga56tK2uU2Lp0YzRdapz9YVt7SWXI8b437JlS64cfJ4RbcbcuVomN59L+HLccNy867Pq3N7m4qj81bY45uuHCjfctZp6aiqgtwZVcfertv6YPXdw0UzRoUf2ZR6vbz06bvu9CmV+77felJ4EHLFgjyg8evEgNGIMQSjCWMoRjOlXSTUMrhy6jJh3o/R3iOcuiD3LQpypcwpkevTwRvAov79o68QGrjpCL01WT92dk2MXBwDa5LNqa7Ycwe9b/HQ+eTnNdNmdWTtcOTaMrbZs53j8KiWYpNXMg5JCgauFvn5B5Lp1wGZ8yeTh6Hh6Cc5CvJ9D6yJIJ/Wwoce9f8fAFE5/IOdAXw3ghw+kkA9hrq2VGDeYfaURPJZZfmqUDR4flKLf1jle4zA52oBLlxLGsAR8hUJjDECdWhv4H3gMJotqGZ8fXzBtPC5jhX5h+pTy/aFXY79aoxoy1uQ3/PJQfei8qNd70eDXqAf6A/5m1Dm/+5kMifRpUGD/YL1WYofjVEH5oc6OeQ/ais81bdTZmWZqHw+SM98n1H4e6Y9x2Z12vNtGd6NybbVlpOxM8/htNuyncQJLcgiFeWsSJIfrCx/wGsporTAur4JMbICecwQ5yoK/XHpcTimF7hGapLfCqiX9PEbVAIFlc4UAAA=", debug_symbols: "pZbNbsMgDMffhXMO2HwE8irTVKUtmyJFaZUlk6aq7z6TQpYcYBW9QN3k/4sx2PjGzu44fx664ePyxZq3GzuOXd93n4f+cmqn7jLQvzfG/QCaNVgxqB+TYY2gybJGVgzpDXm/VyzKDtPonFdtOES/tqMbJtYMc99X7Lvt5+Wlr2s7LPPUjvSUV8wNZ5oJ+NH1zv+6V39qnpYajkFsUK9yqHd6SOu1lEGvlSjRG4h6Y4r0cfE1T34/t36I/hsJq149HT/gwgYAcKWKCGBWgq5ThDpD0BCDCHrjA9gdwWQI1kYfkGOSYNMECaACQYIyJQQUdSRgrcoI8CoBxROEbCSNjnthbQkBuYpHEgEhRfDhTiGEkjEQQnNe4gRgvTqhRdKJzKmUysZ1SC03tUUXImwKkUsukLG+AdhkemIGgWjW3BDbGrkPBWaKFBpct9So5JYivpxfWcRzCfYPAl5GPJVi2XBaHmsuWrAlCAE83hsCQJQh/pIMbP0qAtN5mjvfyNfLAyXfne93stpTN+5bE6SHFRPLKJdRLaP210/FqFkB2h/zsOzDAupW/CUF4HOAZoIglTkQwZbBVsHWwfatjw29jz/23+3YtcfeeU+8r/Nwio6ROf1c45PYVV3Hy8md59H5RWxaKxrfKKfQvt/9Qn8B", file_map: { "16": { source: "use crate::cmp::Eq;\nuse crate::hash::Hash;\nuse crate::ops::arith::{Add, Neg, Sub};\n\n/// A point on the embedded elliptic curve\n/// By definition, the base field of the embedded curve is the scalar field of the proof system curve, i.e the Noir Field.\n/// x and y denotes the Weierstrass coordinates of the point, if is_infinite is false.\npub struct EmbeddedCurvePoint {\n pub x: Field,\n pub y: Field,\n pub is_infinite: bool,\n}\n\nimpl EmbeddedCurvePoint {\n /// Elliptic curve point doubling operation\n /// returns the doubled point of a point P, i.e P+P\n pub fn double(self) -> EmbeddedCurvePoint {\n embedded_curve_add(self, self)\n }\n\n /// Returns the null element of the curve; 'the point at infinity'\n pub fn point_at_infinity() -> EmbeddedCurvePoint {\n EmbeddedCurvePoint { x: 0, y: 0, is_infinite: true }\n }\n\n /// Returns the curve's generator point.\n pub fn generator() -> EmbeddedCurvePoint {\n // Generator point for the grumpkin curve (y^2 = x^3 - 17)\n EmbeddedCurvePoint {\n x: 1,\n y: 17631683881184975370165255887551781615748388533673675138860, // sqrt(-16)\n is_infinite: false,\n }\n }\n}\n\nimpl Add for EmbeddedCurvePoint {\n /// Adds two points P+Q, using the curve addition formula, and also handles point at infinity\n fn add(self, other: EmbeddedCurvePoint) -> EmbeddedCurvePoint {\n embedded_curve_add(self, other)\n }\n}\n\nimpl Sub for EmbeddedCurvePoint {\n /// Points subtraction operation, using addition and negation\n fn sub(self, other: EmbeddedCurvePoint) -> EmbeddedCurvePoint {\n self + other.neg()\n }\n}\n\nimpl Neg for EmbeddedCurvePoint {\n /// Negates a point P, i.e returns -P, by negating the y coordinate.\n /// If the point is at infinity, then the result is also at infinity.\n fn neg(self) -> EmbeddedCurvePoint {\n EmbeddedCurvePoint { x: self.x, y: -self.y, is_infinite: self.is_infinite }\n }\n}\n\nimpl Eq for EmbeddedCurvePoint {\n /// Checks whether two points are equal\n fn eq(self: Self, b: EmbeddedCurvePoint) -> bool {\n (self.is_infinite & b.is_infinite)\n | ((self.is_infinite == b.is_infinite) & (self.x == b.x) & (self.y == b.y))\n }\n}\n\nimpl Hash for EmbeddedCurvePoint {\n fn hash<H>(self, state: &mut H)\n where\n H: crate::hash::Hasher,\n {\n if self.is_infinite {\n self.is_infinite.hash(state);\n } else {\n self.x.hash(state);\n self.y.hash(state);\n }\n }\n}\n\n/// Scalar for the embedded curve represented as low and high limbs\n/// By definition, the scalar field of the embedded curve is base field of the proving system curve.\n/// It may not fit into a Field element, so it is represented with two Field elements; its low and high limbs.\npub struct EmbeddedCurveScalar {\n pub lo: Field,\n pub hi: Field,\n}\n\nimpl EmbeddedCurveScalar {\n pub fn new(lo: Field, hi: Field) -> Self {\n EmbeddedCurveScalar { lo, hi }\n }\n\n #[field(bn254)]\n pub fn from_field(scalar: Field) -> EmbeddedCurveScalar {\n let (a, b) = crate::field::bn254::decompose(scalar);\n EmbeddedCurveScalar { lo: a, hi: b }\n }\n\n //Bytes to scalar: take the first (after the specified offset) 16 bytes of the input as the lo value, and the next 16 bytes as the hi value\n #[field(bn254)]\n pub(crate) fn from_bytes(bytes: [u8; 64], offset: u32) -> EmbeddedCurveScalar {\n let mut v = 1;\n let mut lo = 0 as Field;\n let mut hi = 0 as Field;\n for i in 0..16 {\n lo = lo + (bytes[offset + 31 - i] as Field) * v;\n hi = hi + (bytes[offset + 15 - i] as Field) * v;\n v = v * 256;\n }\n let sig_s = crate::embedded_curve_ops::EmbeddedCurveScalar { lo, hi };\n sig_s\n }\n}\n\nimpl Eq for EmbeddedCurveScalar {\n fn eq(self, other: Self) -> bool {\n (other.hi == self.hi) & (other.lo == self.lo)\n }\n}\n\nimpl Hash for EmbeddedCurveScalar {\n fn hash<H>(self, state: &mut H)\n where\n H: crate::hash::Hasher,\n {\n self.hi.hash(state);\n self.lo.hash(state);\n }\n}\n\n// Computes a multi scalar multiplication over the embedded curve.\n// For bn254, We have Grumpkin and Baby JubJub.\n// For bls12-381, we have JubJub and Bandersnatch.\n//\n// The embedded curve being used is decided by the\n// underlying proof system.\n// docs:start:multi_scalar_mul\npub fn multi_scalar_mul<let N: u32>(\n points: [EmbeddedCurvePoint; N],\n scalars: [EmbeddedCurveScalar; N],\n) -> EmbeddedCurvePoint\n// docs:end:multi_scalar_mul\n{\n multi_scalar_mul_array_return(points, scalars, true)[0]\n}\n\n#[foreign(multi_scalar_mul)]\npub(crate) fn multi_scalar_mul_array_return<let N: u32>(\n points: [EmbeddedCurvePoint; N],\n scalars: [EmbeddedCurveScalar; N],\n predicate: bool,\n) -> [EmbeddedCurvePoint; 1] {}\n\n// docs:start:fixed_base_scalar_mul\npub fn fixed_base_scalar_mul(scalar: EmbeddedCurveScalar) -> EmbeddedCurvePoint\n// docs:end:fixed_base_scalar_mul\n{\n multi_scalar_mul([EmbeddedCurvePoint::generator()], [scalar])\n}\n\n/// This function only assumes that the points are on the curve\n/// It handles corner cases around the infinity point causing some overhead compared to embedded_curve_add_not_nul and embedded_curve_add_unsafe\n// docs:start:embedded_curve_add\npub fn embedded_curve_add(\n point1: EmbeddedCurvePoint,\n point2: EmbeddedCurvePoint,\n) -> EmbeddedCurvePoint {\n // docs:end:embedded_curve_add\n if crate::runtime::is_unconstrained() {\n // `embedded_curve_add_unsafe` requires the inputs not to be the infinity point, so we check it here.\n // This is because `embedded_curve_add_unsafe` uses the `embedded_curve_add` opcode.\n // For efficiency, the backend does not check the inputs for the infinity point, but it assumes that they are not the infinity point\n // so that it can apply the ec addition formula directly.\n if point1.is_infinite {\n point2\n } else if point2.is_infinite {\n point1\n } else {\n embedded_curve_add_unsafe(point1, point2)\n }\n } else {\n // In a constrained context, we also need to check the inputs are not the infinity point because we also use `embedded_curve_add_unsafe`\n // However we also need to identify the case where the two inputs are the same, because then\n // the addition formula does not work and we need to use the doubling formula instead.\n // In unconstrained context, we can check directly if the input values are the same when solving the opcode, so it is not an issue.\n\n // x_coordinates_match is true if both abscissae are the same\n let x_coordinates_match = point1.x == point2.x;\n // y_coordinates_match is true if both ordinates are the same\n let y_coordinates_match = point1.y == point2.y;\n // double_predicate is true if both abscissae and ordinates are the same\n let double_predicate = (x_coordinates_match & y_coordinates_match);\n // If the abscissae are the same, but not the ordinates, then one point is the opposite of the other\n let infinity_predicate = (x_coordinates_match & !y_coordinates_match);\n\n // `embedded_curve_add_unsafe` would not perform doubling, even if the inputs point1 and point2 are the same, because it cannot know this without adding some logic (and some constraints)\n // However we did this logic when we computed `double_predicate`, so we set the result to 2*point1 if point1 and point2 are the same\n let mut result = if double_predicate {\n // `embedded_curve_add_unsafe` is doing a doubling if the input is the same variable, because in this case it is guaranteed (at 'compile time') that the input is the same.\n embedded_curve_add_unsafe(point1, point1)\n } else {\n let point1_1 = EmbeddedCurvePoint {\n x: point1.x + (x_coordinates_match as Field),\n y: point1.y,\n is_infinite: false,\n };\n let point2_1 = EmbeddedCurvePoint { x: point2.x, y: point2.y, is_infinite: false };\n // point1_1 is guaranteed to have a different abscissa than point2:\n // - if x_coordinates_match is 0, that means point1.x != point2.x, and point1_1.x = point1.x + 0\n // - if x_coordinates_match is 1, that means point1.x = point2.x, but point1_1.x = point1.x + 1 in this case\n // Because the abscissa is different, the addition formula is guaranteed to succeed, so we can safely use `embedded_curve_add_unsafe`\n // Note that this computation may be garbage: if x_coordinates_match is 1, or if one of the input is the point at infinity.\n // therefore we only want to do this if we need the result, otherwise it needs to be eliminated as a dead instruction, lest we want the circuit to fail.\n embedded_curve_add_unsafe(point1_1, point2_1)\n };\n\n // Same logic as above for unconstrained context, we set the proper result when one of the inputs is the infinity point\n if point1.is_infinite {\n result = point2;\n }\n if point2.is_infinite {\n result = point1;\n }\n\n // Finally, we set the is_infinity flag of the result:\n // Opposite points should sum into the infinity point, however, if one of them is point at infinity, their coordinates are not meaningful\n // so we should not use the fact that the inputs are opposite in this case:\n let mut result_is_infinity =\n infinity_predicate & (!point1.is_infinite & !point2.is_infinite);\n // However, if both of them are at infinity, then the result is also at infinity\n result.is_infinite = result_is_infinity | (point1.is_infinite & point2.is_infinite);\n result\n }\n}\n\n#[foreign(embedded_curve_add)]\nfn embedded_curve_add_array_return(\n _point1: EmbeddedCurvePoint,\n _point2: EmbeddedCurvePoint,\n _predicate: bool,\n) -> [EmbeddedCurvePoint; 1] {}\n\n/// This function assumes that:\n/// The points are on the curve, and\n/// The points don't share an x-coordinate, and\n/// Neither point is the infinity point.\n/// If it is used with correct input, the function ensures the correct non-zero result is returned.\n/// Except for points on the curve, the other assumptions are checked by the function. It will cause assertion failure if they are not respected.\npub fn embedded_curve_add_not_nul(\n point1: EmbeddedCurvePoint,\n point2: EmbeddedCurvePoint,\n) -> EmbeddedCurvePoint {\n assert(point1.x != point2.x);\n assert(!point1.is_infinite);\n assert(!point2.is_infinite);\n // Ensure is_infinite is comptime\n let point1_1 = EmbeddedCurvePoint { x: point1.x, y: point1.y, is_infinite: false };\n let point2_1 = EmbeddedCurvePoint { x: point2.x, y: point2.y, is_infinite: false };\n embedded_curve_add_unsafe(point1_1, point2_1)\n}\n\n/// Unsafe ec addition\n/// If the inputs are the same, it will perform a doubling, but only if point1 and point2 are the same variable.\n/// If they have the same value but are different variables, the result will be incorrect because in this case\n/// it assumes (but does not check) that the points' x-coordinates are not equal.\n/// It also assumes neither point is the infinity point.\npub fn embedded_curve_add_unsafe(\n point1: EmbeddedCurvePoint,\n point2: EmbeddedCurvePoint,\n) -> EmbeddedCurvePoint {\n embedded_curve_add_array_return(point1, point2, true)[0]\n}\n", path: "std/embedded_curve_ops.nr" }, "17": { source: `use crate::field::field_less_than;
|
|
11229
|
+
var funding_proof_default = { noir_version: "1.0.0-beta.15+83245db91dcf63420ef4bcbbd85b98f397fee663", hash: "3859649086066977477", abi: { parameters: [{ name: "minimum_required", type: { kind: "integer", sign: "unsigned", width: 64 }, visibility: "public" }, { name: "asset_id", type: { kind: "field" }, visibility: "public" }, { name: "balance", type: { kind: "integer", sign: "unsigned", width: 64 }, visibility: "private" }, { name: "blinding", type: { kind: "field" }, visibility: "private" }], return_type: { abi_type: { kind: "array", length: 32, type: { kind: "integer", sign: "unsigned", width: 8 } }, visibility: "public" }, error_types: { "2900908756532713827": { error_kind: "string", string: "Insufficient balance" }, "15764276373176857197": { error_kind: "string", string: "Stack too deep" }, "15835548349546956319": { error_kind: "string", string: "Field failed to decompose into specified 32 limbs" } } }, bytecode: "H4sIAAAAAAAA/8VdB7wVxfU+cwEFRRGsGJU1KkWl997hAQqKDRVFQFQUePSq8pAO0hS72MAIdkAUImKLXRA0EdAY8R9LooklamL3v+Ob5e7dN/v2fLM7u/P7TYY398w938w335mPp0kElbaKahw5ePioN3NED1Yo/Vm4vYIaZesUmMupuYq+n4PNm3PU2OjivmM/aHxXvY2ndX98xowBF9Rt+o+iKZtGL+v6wbfXfxmIjWgiFx0ryvvQId5a/76OV+MJXoR3GHKiU+AbKgYS2dp8yPcuVd8rjgcwnEBmhyrAvfoxRe21YjmJg3mjvotxafY2P/G11VgnGFQhBoCoQ6odHjswECvq8DFQkgdagcwOtK4a6wWD0AP1A4g60LrEP9B6fAy/HVplt1fxzTlqrNxhSvVdzatMrPflPhMa/3Toqz9PWX3b56+1Xtpx+DknDy3ufZ4/9sjpF/7w0PTGA09Yc8TXVV/e2bTj6w9M3flKtUP+NmPzC3W/v/4CfyynebGVeq++fNxrC5r1v/D8LW9/2PbumovnVBvU+rTaS8a8333ZUx/m/LHOijeePvnHc77/b8XibjuPfPGH78ae+chLna6s+NmQI4fMffXZ2v5YBEP97zZ1+mj+gX0PnrTnjHE/fHzr0RP6DW/+8X0lj1+yfHzj/2zd6o9tsHXejnMv3XzGxtnLGhxw2JzBZz74+P3PvfXdhXVevfqLdc8unemPjWr7qFFyVFuNddRYV431AlgjWg6IRb5XnOj+x0luP5lKRSoTVdAFGnwvM1bbnBhhDnGa2Lsn4VtT3+0N3N7Q7Y3c3tjtTdze1O3N3N7c7S3c3tLtrdze2u1t3N7W7e3c3t7tHdzekUpf585u7+L2rm7v5vbubu/h9p5uL3J7L7f3dnsft5/igfGeeAmmcmCugWauoWaukWausWauiWauqWaumWauuWauhWaupWaulWautWaujWaurWaunWauvWaug2auo2auk2aus2aui2auq2aum2auu2auh2aup2auSDPXSzPXWzPXRzN3iprzt2PV6BCrFYg+6mGsz4z94tdfRQN2LImG3FgXbyNe7HXycW7Miv3mt4e8CSd2T+mj35QR20UZhGbRsXstePPI2OK9xqNFVOzGvElpGRE72WdoWpUf29NvflqXG/tJgVFqU15sk0JT1bac2DoBA9aO+GatfWjsOcG7LjqExZaU0YXoGBJbUlZDopM+doNGb6KzNrabTpuiiy62n1bHoqsm9gm95kW3srF1Q+qD6F4m9s6wWiJ6BGMbhdYd0TMQuye8Romiwtgx5dQz0asg9tTyap/o7Y8dWm6dFH18sQ3Lr6niFOKbLmn2/L9r8TfU7J1C7Fq+w5/v1DgJ5WLklz0y+alAjr7M7/0yxh76EvZ7DLmHvoSRLL9f94uyOCRHtO26SYdYaQqw9lPjaaUf5W9sPzX652RQ0MGgf7UHbrLoR/wLchphh4eSIy9FP8Iu05dqjcPLkWjF6EPsc17hz3d6nIRyMVgxVpwO5OhP/IM33UN/givGiv6EkZxUxejDj71dN+kQK00B1jPUeGbpR/kbewaVrRgyKG7FAG6yOIP4F+RMMjs89J9/IJjOIv657P0P4PtlFeuv2UNULuSpPpv/vfmNAFjOUjnQvSO4kqzEvYl9f9f7850TJ6FcDFbi9ecAOQYQ/+BN9zCA4Eq8fgDFu3wcAcmLZFNA5xK2B6+hhQnh8Dzi7zXJF643P3adbtIhVpoCrOercWDpR/lKcD6VfeFkUNwXDqgQ4nzikzaQzA4PvUgIpgso3gsXtUaK5zzChX0hP0ceHIDrApXDNi6voRxeCMQOIrschhVZTnHmxl5EWEFLyg30IrbWl/jzDY6TUC4G3cCSwUCOIcQ/eNM9DCHYDSwZws+hxcURwkVkV2xDCROb11BMCIcXUzZuoBc/drFu0iFWmgKsw9R4SelH+UowjMq6ARkU1w0AFUIMIz5pl5DZ4aEXCcF0Kdl9SaR4LiZc2Jfxc+TBAbguVTls4/IayuFlQOxwssthWJGNWocU2cv535vo7waKiK11x5/vijgJ5WLQDThXADlGEP/gTfcwgmA34Izg59Di4ghBXiSbYhtJ6bgBhMNRlI0bKOLH1tJNOsRKU4C1WI2jSz/KV4JiKusGZFBcNwBUCFFMfNJGk9nhoRcJwTSG7L4kUjyjCBf2WH6OPDgA1xiVwzYur6EcjgVix5FdDsOKbNQ6pMiO539vom6gJ7G1vt2fb0KchHIx6Aa2TwByTCT+wZvuYSLBbmD7RH4OLS6OEORFsim2SZSOG0A4nEzZuIGe/Ng3dJMOsdIUYJ2ixqmlH+UrwRQq6wZkUFw3AFQIMYX4pE0ls8NDLxKCaRrZfUmkeCYTLuwr+Tny4ABc01QO27i8hnJ4JRB7FdnlMKzIRq1DiuzV/O9N1A30ILbWB/vzTY+TUC4G3cDg6UCOEuIfvOkeSgh2A4NL+Dm0uDhCkBfJpthmUDpuoASIvYaycQM9+LEX6SYdYqUpwDpTjbNKP8pXgplU1g3IoLhuAKgQYibxSZtFZoeHXiQE02yy+5JI8VxDuLDn8HPkwQG4ZqsctnF5DeVwDhA7l+xyGFZko9YhRXYe/3sTdQPdia31Xf588+MklItBN7BrPpBjAfEP3nQPCwh2A7sW8HNocXGEIC+STbEtpHTcAMLhtZSNG+jOj92pm3SIlaYA6yI1Li79KF8JFlFZNyCD4roBoEKIRcQnbTGZHR56kRBMS8juSyLFcy3hwl7Kz5EHB+BaonLYxuU1lMOlQOwyssthWJGNWocU2ev435uoG+hGbK338ue7Pk5CuRh0A72uB3IsJ/7Bm+5hOcFuoNdyfg4tLo4Q5EWyKbYbKB03gHB4I2XjBrrxY4t0kw6x0hRgvUmNN5d+lK8EN1FZNyCD4roBoEKIm4hP2s1kdnjoRUIw3UJ2XxIpnhsJF/at/Bx5cACuW1QO27i8hnJ4KxB7G9nlMKzIRq1Diuzt/O9N1A10JbbW1/rzrYiTUC4G3cDaFUCOO4h/8KZ7uINgN7D2Dn4OLS6OEORFsim2OykdN4BweBdl4wa68mMf1U06xEpTgPVuNd5T+lG+EtxNZd2ADIrrBoAKIe4mPmn3kNnhoRcJwbSS7L4kUjx3ES7sVWTXDaxUOWzj8hrK4Sog9l6yy2FYkY1ahxTZP/C/N1E30IXYWt/sz3dfnIRyMegGNt8H5FhN/IM33cNqgt3A5tX8HFpcHCHIi2RTbGsoHTeAcHg/ZeMGuvBjn9RNOsRKU4D1ATU+WPpRvhI8QGXdgAyK6waACiEeID5pD5LZ4aEXCcH0ENl9SaR47idc2A/zc+TBAbgeUjls4/IayuHDQOwjZJfDsCIbtQ4pso/yvzdRN9CZ2Frv48+3Nk5CuRh0A33WAjnWEf/gTfewjmA30GcdP4cWF0cI8iLZFNt6SscNIBw+Rtm4gc782N66SYdYaQqwblDj46Uf5SvBBirrBmRQXDcAVAixgfikPU5mh4deJATTE2T3JZHieYxwYW/k58iDA3A9oXLYxuU1lMONQOwmssthWJGNWocU2T/yvzdRN9CJ2Fov8ed7Mk5CuRh0AyVPAjk2E//gTfewmWA3ULKZn0OLiyMEeZFsiu0pSscNIBxuoWzcQCd+7HTdpEOsNAVYn1bjM6Uf5SvB01TWDciguG6gE/HdwNPEJ+0ZMjs89CIhmJ4luy+JFM8WwoX9HD9HHhyA61mVwzYur6EcPgfEPk92OQwrslHrkCL7J/73JuoGOhJb6wVu4IU4CeVi1A28AOR4kfgHb7qHFwl3Ay/yc2hxcYQgL5JNsb1E6bgBhMOXKRs30JEfm5gbeEWNr5Z+lK8Er1BZNyCD4roBoEKIV4hP2qtkdnjoRUIwvUZ2XxIpnpcJF/br/Bx5cACu11QO27i8hnL4OhC7lexyGFZko9YhRXYb/3sTdQMdiK31Nf58b8RJKBeDbmDNG0CO7cQ/eNM9bCfYDazZzs+hxcURgrxINsW2g9JxAwiHb1I2bqADP3a1btIhVpoCrG+p8c+lH+UrwVtU1g3IoLhuAKgQ4i3ik/ZnMjs89CIhmP5Cdl8SKZ43CRf22/wceXAArr+oHLZxeQ3l8G0gdifZ5TCsyEatQ4rsLv73JuoG2hNb66v8+XbHSSgXg25g1W4gxzvEP3jTPbxDsBtY9Q4/hxYXRwjyItkU27uUjhtAOPwrZeMG2vNjV+omHWKlKcD6nhr/VvpRvhK8R2XdgAyK6waACiHeIz5pfyOzw0MvEoLpfbL7kkjx/JVwYe8hu27gfZXDNi6voRzuAWI/ILschhXZqHVIkf0//vcm6gbaEVvru/35/h4noVwMuoHdfwdyfEj8gzfdw4cEu4HdH/JzaHFxhCAvkk2xfUTpuAGEw48pGzfQjh+7SzfpECtNAdZP1PiP0o/yleATKusGZFBcNwBUCPEJ8Un7B5kdHnqREEz/JLsviRTPx4QL+1N+jjw4ANc/VQ7buLyGcvgpEPsZ2eUwrMhGrdtD/D38i/+9ibqBtsTW+jZ/vn/HSSgXg25g27+BHJ8T/+BN9/A5wW5g2+f8HFpcHCHIi2RTbF9QOm4A4fBLysYNtOXHbtVNOsRKU4D1KzX+p/SjfCX4isq6ARkU1w0AFUJ8RXzS/kNmh4deJATT12T3JZHi+ZJwYX/Dz5EHB+D6WuWwjctrKIffALHfkl0Ow4ps1DqkyP6X/72JuoE2xNZ6TX++/8VJKBeDbqDm/4Ac3xH/4E338B3BbqDmd/wcWlwcIciLZFNs31M6bgDh8AfKxg204cceoZt0iJWmAOuPavyp9KN8JfiRyroBGRTXDQAVQvxIfNJ+IrPDQy8SgulnsvuSSPH8QLiwf+HnyIMDcP2sctjG5TWUw1+A2F/JLodhRTZqHVJkJSjm9ybqBloTW+ub/PmEiJFQLgbdwCbBPyCRE3bdgNyDzAG6gU05gGQdLo4QSNgVWwWAB/8PKCaEw4oApiTdQGt+7EbdpEOsNAVYKymQ+wRf/kqirBuQQXHdAFAhRCWAtH2E2eGhFwnBtC94udELI8VTUeDCrhyzcESFy31XTgGX11AOKwMcVrHMYViRjVqHFNn9MnIDrYit9Xn+fPubuoFWajHoBubtD5BcFbg8pnuoiruBeVUtuwEphP2EXbEdAIrNaygmhMMDM3IDrfixc3WTDrHSFGCtpkAeFHz5q2ncwEEJuAGgQohqAGkHCbPDQy8Sgqm65ZdEiudAgQu7RszCERUu910jBVxeQzmsAXB4sGUOw4ps1DqkyB6SkRtoSWytF/nzHWrqBlqqxaAbKDoUIPkw4OBN93AY7gaKDrPsBqQQDhF2xXY4KDavoZgQDo/IyA205Mf21E06xEpTgNX753VHBl/+mho3cGQCbgCoEKImQNqRwuzw0IuEYPqd5ZdEiucIgQv7qJiFIypc7vuoFHB5DeXwKIDDoy1zGFZko9YhRfaYjNxAC2JrfZk/Xy1TN9BCLQbdwLJaAMkOcPCme3BwN7DMsewGpBCOEXbFdiwoNq+hmBAOf5+RG2jBj12qm3SIlaYA63EK5PHBl/84jRs4PgE3AFQIcRxA2vHC7PDQi4RgOsHySyLF83uBC7t2zMIRFS73XTsFXF5DOawNcFjHModhRTZqHVJk62bkBpoTW+uj/fnqmbqB5mox6AZG1wNIPhE4eNM9nIi7gdEnWnYDUgh1hV2xnQSKzWsoJoTDkzNyA835scW6SYdYaQqw1lcgGwRf/voaN9AgATcAVAhRHyCtgTA7PPQiIZgaWn5JpHhOFriwG8UsHFHhct+NUsDlNZTDRgCHjS1zGFZko9YhRbZJRm6gGbG1vsWfr6mpG2imFoNuYEtTgORmwMGb7qEZ7ga2NLPsBqQQmgi7YmsOis1rKCaEwxYZuYFm/NindJMOsdIUYG2pQLYKvvwtNW6gVQJuAKgQoiVAWithdnjoRUIwtbb8kkjxtBC4sNvELBxR4XLfbVLA5TWUwzYAh20tcxhWZKPWIUW2XUZuoCmxte7487U3dQNN1WLQDTjtAZI7AAdvuocOuBtwOlh2A1II7YRdsXUExeY1FBPCYaeM3EBTfmwt3aRDrDQFWDsrkF2CL39njRvokoAbACqE6AyQ1kWYHR56kRBMXS2/JFI8nQQu7G4xC0dUuNx3txRweQ3lsBvAYXfLHIYV2ah1SJHtkZEbaEJsrVf15+tp6gaaqMWgG6jaEyC5CDh40z0U4W6gapFlNyCF0EPYFVsvUGxeQzEhHPbOyA004cfur5t0iJWmAKv3/yt+SvDl76NxA6ck4AaACiH6AKSdIswOD71ICKZTLb8kUjy9BS7svjELR1S43HffFHB5DeWwL8BhP8schhXZqHVIkT0tIzfQmNhaH+XPd7qpG2isFoNuYNTpAMn9gYM33UN/3A2M6m/ZDUghnCbsiu0MUGxeQzEhHJ6ZkRtozI8dqZt0iJWmAOtZCuTZwZf/LI0bODsBNwBUCHEWQNrZwuzw0IuEYDrH8ksixXOmwIU9IGbhiAqX+x6QAi6voRwOADg81zKHYUU2ah1SZM/LyA00IrbWq/vznW/qBhqpxaAbqH4+QPJA4OBN9zAQdwPVB1p2A1II5wm7YrsAFJvXUEwIhxdm5AYa8WMP0k06xEpTgHWQAnlR8OUfpHEDFyXgBoAKIQYBpF0kzA4PvUgIpsGWXxIpngsFLuwhMQtHVLjc95AUcHkN5XAIwOFQyxyGFdmodUiRvTgjN9CQH1uQb5ipG2ioFqPrLgEO0xTXJb4dOsRvqIjkhb1Y2BXFpaAovIZiQni5LKZQOXu+zIDDJAXVgMwENdxUUA3UYnTd5ZYFJXFdnpCgosIl8ZcLswvj8HIkeknqAxj9+a4wvST11WJU3VcAih1h+ULJPYwwIHmEiHf5OJdohMDtwaXAeY2MuYeo8PoqB2HrChp6t0YC+x8V8+WIWhP2IketQ17kYsscyjMqNngIEB5kEZRnVEH3RWBeQWb3jLA8DnuyTBPkr7feGvnfrR3j9rFuH+f28W6f4PaJbp/k9slun+L2qW6f5vYr3X6V2692+3S3l7h9htuvcftMt89y+2y3z3H7XLfL/5XP+W5f4PaFbr/W7YvcvtjtSwQV/n1fgqkcmBujmRurmRunmRuvmZugmZuomZukmZusmZuimZuqmZummbtSM3eVZu5qzdx0zVyJZm6GZu4azdxMzdwszdxszdwczdxczdw8zdx8zdwCzdxCzdy1mrlFmrnFmrklouzvlo5Vo0OsViD6qGIj7zYnVv4eagw7lsRYbqyLdxwv9joXrxjPiv1G7k1M4MTu+e0cxERGbJfSMxOTomOXqvMVkyNjiz0uxJSo2I17eRNTI2In5zkW08qP7em7D+LKcmM/8d8dcVV5sU0K7pm4upzYOoV3UkwPjx0YuL+iJDT2nOBdFzPCYkvK6EJcExJbUlZDYqY+doNGb2KWNrabTptiti62n1bHYo4m9gm95sXcsrF1Q+qDmFcm9s6wWiLmB2MbhdYdsSAQuye8RomFhbFjyqln4tqC2FPLq31ikT92aLl1Uiz2xTYsv6aKJYJvupL8G+8Sfi3f4c+3VMRIKBeD/9Rxx1L+AYllzE2Z/o1X7kHmEOAeloEky+9P4p+OAZdru27SIVaaAqzXKZDXCyp0K9epg/PPXS/i/9Mx4CaL64ALcj14eCg58lJcB14mieu6jCrGYv45r/DnW25aMWTC5XjFWLEcqBg3WK4Ycg834BVjxQ0ZVYzF/Ly36yYdYqUpwHqjAnlTsDrcqKkYNyVQMYCbLG4ELshNhoeH/qIOwXQzIIa9/wFgWaYuOPqLOuSpvgUQg24PUeHyjG4xqMQIriQr8SL+/V3vz3eraSWWCW/FK/H6W4HLd5vlSiz3cBteidffFvPycQR0i2UB3Q7uwWtoYUI4XAHcjSRfuEX8vOt0kw6x0hRgvUOBvDP4mt2heeHuTOCFAyqEuAMg7U7Dw0MvEoLprpgvXNQaKZ4VBq/D3TELR1S43PfdKeDyGsrh3QCH91jmMKzIcoozN3YlWNCScgPX8rW+xJ9vlakbkAlX4W5gySrggO4FDt50D/fibmDJvZbdgBTCSmFXbH8AxeY1FBPC4X0ZuYFr+XkX6yYdYqUpwLpagVwTfPlXa9zAmgTcAFAhxGqAtDWGh4deJATT/ZZfEime+wQu7AdiFo6ocLnvB1LA5TWUwwcADh+0zGFYkY1ahxTZh4BzTdINLORr3fHne9jUDciED+NuwHkYIPkR4OBN9/AI7gacR2KKmiOEh4RdsT0Kis1rKCaEw7UZuYGF/LyJ/e/OrVMg1wdf/nUaN7A+ATcAVAixDiBtveHhoRcJwfSY5ZdEimetwIW9IWbhiAqX+96QAi6voRxuADh83DKHYUU2ah1SZJ/IyA0s4Gt9uz/fRlM3IBNuxN3A9o0AyZuAgzfdwybcDWzfFFPUHCE8IeyK7Y+g2LyGYkI4fDIjN7CAn/cN3aRDrDQFWDcrkE8FX/7NGjfwVAJuAKgQYjNA2lOGh4deJATTFssviRTPkwIX9tMxC0dUuNz30yng8hrK4dMAh89Y5jCsyEatQ4rssxm5gfl8rQ/253vO1A3IhM/hbmDwcwDJzwMHb7qH53E3MPj5mKLmCOFZYVdsfwLF5jUUE8LhCxm5gfn8vBfpJh1ipSnA+qIC+VLw5X9R4wZeSsANABVCvAiQ9pLh4aEXCcH0suWXRIrnBYEL+5WYhSMqXO77lRRweQ3l8BWAw1ctcxhWZKPWIUX2tYzcwDy+1nf5871u6gZkwtdxN7DrdYDkrcDBm+5hK+4Gdm2NKWqOEF4TdsW2DRSb11BMCIdvZOQG5vHz7tRNOsRKU4DV+w3djuDLv13jBnYk4AaACiG2A6TtMDw89CIhmN60/JJI8bwhcGG/FbNwRIXLfb+VAi6voRy+BXD4Z8schhXZqHVIkf1LRm5gLl/rvfz53jZ1AzLh27gb6PU2QPJO4OBN97ATdwO9dsYUNUcIfxF2xbYLFJvXUEwIh7szcgNz+XmLdJMOsdIUYH1HgXw3+PK/o3ED7ybgBoAKId4BSHvX8PDQi4Rg+qvll0SKZ7fAhf1ezMIRFS73/V4KuLyGcvgewOHfLHMYVmSj1iFF9v2M3MAcvtbX+vPtMXUDMuEe3A2s3QOQ/AFw8KZ7+AB3A2s/iClqjhDeF3bF9n+g2LyGYkI4/HtGbmAOP++jukmHWGkKsH6oQH4UfPk/1LiBjxJwA0CFEB8CpH1keHjoRUIwfWz5JZHi+bvAhf1JzMIRFS73/UkKuLyGcvgJwOE/LHMYVmSj1iFF9p8ZuYHZfK1v9uf71NQNyISf4m5g86cAyZ8BB2+6h89wN7D5s5ii5gjhn8Ku2P4Fis1rKCaEw39n5AZm8/M+qZt0iJWmAOvnCuQXwZf/c40b+CIBNwBUCPE5QNoXhoeHXiQE05eWXxIpnn8LXNhfxSwcUeFy31+lgMtrKIdfARz+xzKHYUU2ah1SZL/OyA3M4mu9jz/fN6ZuQCb8BncDfb4BSP4WOHjTPXyLu4E+38YUNUcIXwu7YvsvKDavoZgQDv+XkRuYxc/bWzfpECtNAdbvFMjvgy//dxo38H0CbgCoEOI7gLTvDQ8PvUgIph8svyRSPP8TuLB/jFk4osLlvn9MAZfXUA5/BDj8yTKHYUU2ah1SZH/OyA3M5Gu9xJ/vF1M3IBP+gruBkl8Akn8FDt50D7/ibqDk15ii5gjhZ2FXbPLLHYLgk1oGYUI4FACmJN3ATD6f03WTDrHSFGDNqR8q5Kjw5ZcfBN2ADIrrBoAKIXI5PmkVcmaHh14kBFNF8HKjF0aCFzlc2JX4uFSiwu+PCpf7rpQCLq+hHFYCONzHModhRTZqHVJk9wXONUk3cI2hG6ici5FQLkbdQGWA5CrA5THdQxVQPHIPVWKKmiOEfXN2xbZfSm4A4XD/jNyAXzwRLTE3UFX9cEDQDVTVuIEDEnADQIUQVQHSDkjJDSCYDrT8kkjx7G/w6laz7AbkvqulgMtrKIfVAA4PssxhWJGNWocU2eoZuYEZfK2v8eerYeoGZMIauBtYUwMg+WDLbkDu4WDcDaw52LIbkEKonrMrtkNScgMIh4dm5Ab84oloq3WTDrHSFGA9TP1weNANHKZxA4cn4AaACiEOA0g7PGd2eOhFQjAdYfklkeI51ODVrWnZDch910wBl9dQDmsCHB5pmcOwIhu1Dimyv8vIDZTwtb7Kn+8oUzcgEx6Fu4FVRwEkH23ZDcg9HI27gVVHW3YDUgi/y9kV2zEpuQGEw1oZuQG/eCLaSt2kQ6w0BVgd9cOxQTfgaNzAsQm4AaBCCAcg7dic2eGhFwnB9HvLL4kUTy2DV/c4y25A7vu4FHB5DeXwOIDD4y1zGFZko9YhRfaEjNzAdL7Wd/vz1TZ1AzJhbdwN7K4NkFzHshuQe6iDu4HddSy7ASmEE3J2xVY3JTeAcFgvIzfgF09E26WbdIiVpgDrieqHk4Ju4ESNGzgpATcAVAhxIkDaSTmzw0MvEoLpZMsviRRPPYNXt75lNyD3XT8FXF5DOawPcNjAModhRTZqHVJkG2bkBq7ma32bP18jUzcgEzbC3cC2RgDJjS27AbmHxrgb2NbYshuQQmiYsyu2Jim5AYTDphm5Ab94ItpW3aRDrDQFWJupH5oH3UAzjRtonoAbACqEaAaQ1jxndnjoRUIwtbD8kkjxNDV4dVtadgNy3y1TwOU1lMOWAIetLHMYVmSj1iFFtnVGbuAqvtZr+vO1MXUDMmEb3A3UbAOQ3NayG5B7aIu7gZptLbsBKYTWObtia5eSG0A4bJ+RG/CLJ6IdoZt0iJWmAGsH9UPHoBvooHEDHRNwA0CFEB0A0jrmzA4PvUgIpk6WXxIpnvYGr25ny25A7rtzCri8hnLYGeCwi2UOw4ps1DqkyHbNyA1cydf6Jn++bqZuQCbshruBTd0AkrtbdgNyD91xN7Cpu2U3IIXQNWdXbD1ScgMIhz0zcgN+8US0jbpJh1hpCrAWqR96Bd1AkcYN9ErADQAVQhQBpPXKmR0eepEQTL0tvyRSPD0NXt0+lt2A3HefFHB5DeWwD8DhKZY5DCuyUeuQIntqRm5gGl/r8/z5+pq6AZmwL+4G5vUFSO5n2Q3IPfTD3cC8fpbdgBTCqTm7YjstJTeAcHh6Rm7AL56INlc36RArTQHW/uqHM4JuoL/GDZyRgBsAKoToD5B2Rs7s8NCLhGA60/JLIsVzusGre5ZlNyD3fVYKuLyGcngWwOHZljkMK7JR65Aie05GbmAqX+tF/nwDTN2ATDgAdwNFAwCSz7XsBuQezsXdQNG5lt2AFMI5ObtiOy8lN4BweH5GbsAvnojWUzfpECtNAdaB6ocLgm5goMYNXJCAGwAqhBgIkHZBzuzw0IuEYLrQ8ksixXO+was7yLIbkPselAIur6EcDgI4vMgyh2FFNmodUmQHZ+QGpvC1vsyfb4ipG5AJh+BuYNkQgOShlt2A3MNQ3A0sG2rZDUghDM7ZFdvFKbkBhMNhGbkBv3gi2lLdpEOsNAVYL1E/XBp0A5do3MClCbgBoEKISwDSLs2ZHR56kRBMl1l+SaR4hhm8usMtuwG57+Ep4PIayuFwgMPLLXMYVmSj1iFF9oqM3MBkvtZH+/ONMHUDMuEI3A2MHgGQPNKyG5B7GIm7gdEjLbsBKYQrcnbFNiolN4BwWJyRG/CLJ6IV6yYdYqUpwDpa/TAm6AZGa9zAmATcAFAhxGiAtDE5s8NDLxKCaazll0SKp9jg1R1n2Q3IfY9LAZfXUA7HARyOt8xhWJGNWocU2QkZuYFJfK1v8eebaOoGZMKJuBvYMhEgeZJlNyD3MAl3A1smWXYDUggTcnbFNjklN4BwOCUjN+AXT0R7SjfpECtNAdap6odpQTcwVeMGpiXgBoAKIaYCpE3LmR0eepEQTFdafkmkeKYYvLpXWXYDct9XpYDLayiHVwEcXm2Zw7AiG7UOKbLTM3IDE/lad/z5SkzdgExYgrsBpwQgeYZlNyD3MAN3A84My25ACmF6zq7YrknJDSAczszIDfjFE9Fq6SYdYqUpwDpL/TA76AZmadzA7ATcAFAhxCyAtNk5s8NDLxKCaY7ll0SKZ6bBqzvXshuQ+56bAi6voRzOBTicZ5nDsCIbtQ4psvMzcgMT+Fqv6s+3wNQNyIQLcDdQdQFA8kLLbkDuYSHuBqoutOwGpBDm5+yK7dqU3ADC4aKM3IBfPBFtf92kQ6w0BVgXqx+WBN3AYo0bWJKAGwAqhFgMkLYkZ3Z46EVCMC21/JJI8SwyeHWXWXYDct/LUsDlNZTDZQCH11nmMKzIRq1Diuz1GbmB8Xytj/LnW27qBmTC5bgbGLUcIPkGy25A7uEG3A2MusGyG5BCuD5nV2w3puQGEA5vysgN+MUT0UbqJh1ipSnAerP64ZagG7hZ4wZuScANABVC3AyQdkvO7PDQi4RgutXySyLFc5PBq3ubZTcg931bCri8hnJ4G8Dh7ZY5DCuyUeuQIrsiIzcwjq/16v58d5i6AZnwDtwNVL8DIPlOy25A7uFO3A1Uv9OyG5BCWJGzK7a7UnIDCId3Z+QG/OKJaAfpJh1ipSnAeo/6YWXQDdyjcQMrE3ADQIUQ9wCkrcyZHR56kRBMqyy/JFI8dxu8uvdadgNy3/emgMtrKIf3Ahz+wTKHYUU2ah1SZO/LyA2M5Re0gnyrTd2ATLg6h69bY/mFl7jW+MquQ/yGikhe2PtydkVxf0qvNsLLAzGFytnzAwYcJimoMYaCetBUUDLhgwaCesiyoCSuhxISVFS4JP6hnNmFcXg5Er0kowUfoz/fw6aXRCZ82KDiPAwo9hHLF0ru4REDkh+x/HcweYkeMbAH9wPn9ahlOyjP9lFDsXoNvVuPAvtfa9nihb3IUeuQF3mdZQ7lGa0zeAgQHuR3V3J7Jx/GU9TYR4291dhLjUVq7KnGHmrsrsZuauyqxi5q7KzGTmrsqMYOamyvxnZqbKvGNmpsrcZWamypxhZqbK7GZmpsqsYmamysxkZqbKjGBmqsr8YlonRcrMZFarxWjQvVuECN89U4T41z1ThHjbPVOEuNM9V4jRpnqLFEjdPVeLUar1LjlWqcpsapapyixslqnKTGiWqcoMbxahynxrFqHKNGWTPWu3fnMbdvcPvjbn/C7Rvdvsntf3T7k27f7Pan3L7F7U+7/Rm3P+v259z+vNv/5PYX3P6i219y+8tuf8Xtr7r9Nbe/7vatbt/m9jfcvt3tO9z+Zo4KGqrdisS/9+sT+mtvFKZKAKbHUsK0D4BpQ0qY9gUwPZ4SpsoApidSwlQFwLQxJUz7AZg2pYRpfwDTH1PCVBXA9GRKmA4AMG1OCdOBAKanUsJUDcC0JSVMBwGYnk4JU3UA0zMpYaoBYHo2JUwHA5ieSwnTIQCm51PCdCiA6U8pYToMwPRCSpgOBzC9mBKmIwBML6WEqSaA6eWUMB0JYHolJUy/AzC9mhKmowBMr6WE6WgA0+spYToGwLQ1JUy1AEzbUsLkAJjeSAnTsQCm7Slh+j2AaUdKmI4DML0JYMr5xgpU+O8YCV9O+bsm+bsd+bsU+bsL+bsC+Xdz+Xdh+XdP+Xc9+Xcr+XcZ+XcH6dWlN5ZeVHo/6bWkt5FeQr7d8q2Ub5N8C2TtlbVO1hapZU878m5ILo6j/L8CRAqHbEN3f/3f42t2qev7iE5WY619ur/d/6Tn3/V/9i+h/6yiGg9U48XDhhaPHF08btigy4aPGn+Mmq3sOynvdCoQ9tsVbx2+vqRn8F+KAvP/tl6uiYPfW2Ow/rebI1s33/ogFtmqqp+Fb623Rt68A31/ruZbI1t33/eJwGc9NHlj7qm7t76i2fpcDSqb3/suqSy5R+//1baCJtZ/lyr5YnTnSpo5ofme4Nn4eXDUeHBj2lnr/eZTTjqsRXG/ibPeP/Ohqw9ZWe+Takd8PqHdxO//WhzcS64c7FXLwVBVsx//+XiaMDv/yT29nB6uSlT2vPzfXzEQf7Qaq/jy+3E6VH5754Vv336sd5OR1QPrZfP2LPd5pPrzxcPHDhs6fvjEYYPcwjTs0mFjB42ZUDx++LBR472TqOxb5X0jciO99fubrd+rcn/bz/fn4H/h1NtlRc06EfJzLjCWFxuc989V1XzmfWcNNfrx7hf4LM/G+OJBYwdfPHyyx6N3ipV8GZFT9NbvY7Z+71uzr9n6CjoW9/X92duXX88U+LOX08NSxQzLfkKTv0LgO4MY/DG6m5UL/FwxMF+BEau7Wd5n1TT4guuqaLD65zwOdLc0eO7++6b7rn0DGIL3Iy5HNTQ5PWzevwntr10Th40dXyWQ+1Cz3Hvv+iFm67UV61Dfn73vDfo/AnJ4zf/OBFuwElYI5A36RyC/CMOhu8Mel4f45rzz+H++87/IGRgCAA==", debug_symbols: "pdrNbhNZEEDhd/E6i66fW1U3rzIaoQAGRYoCCgnSCPHu0x3XMcnCVnA26WLAZ64r/uIO4dfu8/7j09cPt/dfvv3YXf/za/fx4fbu7vbrh7tvn24eb7/dr//1127ZPkjsrvVqJ3m41O7a1svcXfvVTtc/4b9/X+142IfHh/1+e9SLzlr/fvOwv3/cXd8/3d1d7X7e3D09/6Ef32/un6+PNw/r7y5Xu/395/W6Br/c3u236ffVn0cvpx9ai/aDS+P4cMlXj5fTjw/3fnwMu+TxJTy+6qLH8+RzOfn/P/P8RdQ6IDL+LHC8eYOiWRR0+iUFk6RgI08V8nRBtTiD2svP43xVqDOFUj6RWkNOFebpgq/764LLqEsKauzBNcdlBXlv4fh6OFc4t8m5TDY514f9fcFk4UVtInZRweVYmPnOgi7LqcK5V/VQCjIiTr2q5cwhpJKXlNQ8CUPOfD6HHr9ADJ0vZNSrhJ55IpHK18hIr1OJs6cI5ZU9wsa7E26XJY5fqUbMyxIj+TKxjpc9kVqOiVpOfkbOvi7m5JOqi5z8oq35/tdFvft1cfYUb3tdvDlx+nVxPvGm18XZxNteF2cT739d6PoFg9eFvrgd+IsvOarjTyJPJizOvZ3H8Quf5es343/XX918un14fbuoa/9qZ88f/fnjeP643kDK+irNLXS1q8Ov5uFXst5BynoKke15r1ftq/XV+zr6Gn3NvlZf5+G63ZE+X7un3dPuafe0e9o97Z52T7tn3bPuWfese9Y96551z7pn3bPuefe8e9497553z7feuh+PvmZft976AvN5uI6lr9JX7asd/vzwvnZvRP9+9rV7o3vRvehedC+6F92L7kWfL/p80b3oXnYvu5fdS+ur93X0tc+X3cvq6zxca+mr9LV71b3qXnWvulf9fKvPV32+2eeb3Zva136+s5/v7Oc7uze7N7s3u7fe8zAIgzIYgzN0VZZgSIZi6GcuQlkoC2WhLJRlMARDMhQDZV0YhEEZjIGyUlbKSlkpK9swzmyc2TizUTZnYBvGNoxtGGWj7JSdslN2tuGc2Tmzc2Y8ibNnZxuDbQy2ASoZlAflQRlYgiyBlmBLwCVBOdgzvgRggjAJykEZZIIygZngTIAmSBOoSVJO9ow2gZvgTYpyUYacYE5AJ6gT2AnuBHhSlCd7xp6AT9Ank/KkDEBBoEBQMKgYVAwqBnXpsi7OMBiCIRmKR1HGoGJQMagYVAwqBhWDKpSlGHobikHFoCplpYxBxaBiUDGoGFQMKgbVKJsysA0MKgbVKBtlDCoGFYOKQcWgYlAxqLyjKW9pikHFoGJQeVtT3tcUg4pBxaBiUDGoGFQM6qAc7BmDikHFoAbloIxBxaBiUDGoGFQMKgY1KSd7xqBiUDGoSTkpY1AxqBhUDCoGFYOKQS3KxZ4xqBhUDOqkPCljUDGoGFQMKgYVg4ZBW7psizIYgzMMhuBRyVAMlDFoGDQMGgYNgyaUJRiSoRh6G6aUlTIGDYOGQcOgYdAwaBg0pWwLA9vAoGHQjLJRxqBh0DBoGDQMGgYNg+aUnT1j0DBoGDRuLI07S8OgYdAwaBg0DBoGDYM2KA/2jEHDoGHQuM20oIxBw6Bh0DBoGDQMGgYtKSd7xqBh0DBo3HRaUsagYdAwaBg0DBoGDYNWlIs9Y9AwaBg0bkFtUsagYdAwaBg0DBoGDYM2u+zLwiAMymAMXfZlMARDMvBNBwYdg45Bx6ALZXEGvpfBoGPQuRd1oYxBx6Bj0DHoGHQMOgZdKWsxsA0MOgade1E3yhh0DDoGHYOOQcegY9CdsrNnDDoG/fidHfeifvzejvdB533QMejci/qgzHd4jkHHoGPQeR/0Z4OxDVt5bt9XLgzCoAzG4AyDIRiSoRgoJ+WknJSTclJOykk5KSflpFyUi3JRLspFuSgX5aJclIvypDwpT8qbwe2v430zeBgGQ2x/rbwNyVAM8zCMzeBhkMOjxmbwMBiD82cGQzAkQzFQFspCWSgLZXGGwUBZKAtloayUN4OHQRmMgTMr5c3gYUiGYpg9GGWjbJSNslE2tmGc2TizcWajvBk8DGzD2YazDafslJ2yU3bKzjYGZx6ceXDmQXmw58E2BtsYbGNQHpSDclAOysE2gjMHZw7OHJSDPQfbSLaRbCMpJ+WknJSTcrKN5MzJmYszF+Viz8U2im0U2yjKRbkoF+VJebKNyZknZ56cGYNjsufJNibbmL2NwGAswqAMxuAMgyEYkqEYKMvCIAzKYAyUhTIGA4OBwcBgYDAwGBgMpazOMBiCIRkoK2UMBgYDg4HBwGBgMDAYRtmKgW1gMDAYTtkpYzAwGBgMDAYGA4OBwRiUB3vGYGAwMBiD8qCMwcBgYDAwGBgMDAYGIygHe8ZgYDAwGEk5KWMwMBgYDAwGBgODgcFIysWeMRgYDAxGUS7KGAwMBgYDg4HBwGBgMHgfDN4HA4OBwcBg8D4YvA8mBhODicHEYGIwMZgYzKXLuRRDbyMxmBhMoSyUMZgYTAwmBhODicHEYCplVQZjcIbBQFkpYzAxmBhMDCYGE4OJwTTKFgxsA4OJwXTKThmDicHEYGIwMZgYTAymUx7sGYOJwcRgDsqDMgYTg4nBxGBiMDGYGMygHOwZg4nBxGAG5aCMwcRgYjAxmBhMDCYGMykne8ZgYjAxmEW5KGMwMZgYTAwmBhODicGclCd7xmBiMDGY3Ism96KJwcRgYbAwWBgsDBYGa+lyLcGQDMXQ2yjuRUsoY7AwWBgsDBYGC4OFwRLKujAIgzIYA2WljMHCYGGwMFgYLAwWBssomzOwDQwWBot70TLKGCwMFgYLg4XBwmBhsJyys2cMFgYLg8W9aA3KGCwMFgYLg4XBwmBhsIJysGcMFgYLg8W9aAVlDBYGC4OFwcJgYbAwWEk52TMGC4OFweJetIoyBguDhcHCYGGwMFgYrKI82TMGC4OFweJetDBYvA8W74OFweJedC4LgzD0mScGJwYn74Pz2aBvw1be/gnRz5uH25uPd/sf60/et5/NP91/4gfx6y8f//vO7/AvO78/fPu0//z0sN9+aP/in3euH/9Z/45A57+/tx/s/w8=", file_map: { "17": { source: `use crate::field::field_less_than;
|
|
10944
11230
|
use crate::runtime::is_unconstrained;
|
|
10945
11231
|
|
|
10946
11232
|
// The low and high decomposition of the field modulus
|
|
@@ -11143,105 +11429,7 @@ mod tests {
|
|
|
11143
11429
|
assert(!lt(TWO_POW_128, TWO_POW_128 - 1));
|
|
11144
11430
|
}
|
|
11145
11431
|
}
|
|
11146
|
-
`, path: "std/field/bn254.nr" }, "19": { source: '// Exposed only for usage in `std::meta`\npub(crate) mod poseidon2;\n\nuse crate::default::Default;\nuse crate::embedded_curve_ops::{\n EmbeddedCurvePoint, EmbeddedCurveScalar, multi_scalar_mul, multi_scalar_mul_array_return,\n};\nuse crate::meta::derive_via;\n\n#[foreign(sha256_compression)]\n// docs:start:sha256_compression\npub fn sha256_compression(input: [u32; 16], state: [u32; 8]) -> [u32; 8] {}\n// docs:end:sha256_compression\n\n#[foreign(keccakf1600)]\n// docs:start:keccakf1600\npub fn keccakf1600(input: [u64; 25]) -> [u64; 25] {}\n// docs:end:keccakf1600\n\npub mod keccak {\n #[deprecated("This function has been moved to std::hash::keccakf1600")]\n pub fn keccakf1600(input: [u64; 25]) -> [u64; 25] {\n super::keccakf1600(input)\n }\n}\n\n#[foreign(blake2s)]\n// docs:start:blake2s\npub fn blake2s<let N: u32>(input: [u8; N]) -> [u8; 32]\n// docs:end:blake2s\n{}\n\n// docs:start:blake3\npub fn blake3<let N: u32>(input: [u8; N]) -> [u8; 32]\n// docs:end:blake3\n{\n if crate::runtime::is_unconstrained() {\n // Temporary measure while Barretenberg is main proving system.\n // Please open an issue if you\'re working on another proving system and running into problems due to this.\n crate::static_assert(\n N <= 1024,\n "Barretenberg cannot prove blake3 hashes with inputs larger than 1024 bytes",\n );\n }\n __blake3(input)\n}\n\n#[foreign(blake3)]\nfn __blake3<let N: u32>(input: [u8; N]) -> [u8; 32] {}\n\n// docs:start:pedersen_commitment\npub fn pedersen_commitment<let N: u32>(input: [Field; N]) -> EmbeddedCurvePoint {\n // docs:end:pedersen_commitment\n pedersen_commitment_with_separator(input, 0)\n}\n\n#[inline_always]\npub fn pedersen_commitment_with_separator<let N: u32>(\n input: [Field; N],\n separator: u32,\n) -> EmbeddedCurvePoint {\n let mut points = [EmbeddedCurveScalar { lo: 0, hi: 0 }; N];\n for i in 0..N {\n // we use the unsafe version because the multi_scalar_mul will constrain the scalars.\n points[i] = from_field_unsafe(input[i]);\n }\n let generators = derive_generators("DEFAULT_DOMAIN_SEPARATOR".as_bytes(), separator);\n multi_scalar_mul(generators, points)\n}\n\n// docs:start:pedersen_hash\npub fn pedersen_hash<let N: u32>(input: [Field; N]) -> Field\n// docs:end:pedersen_hash\n{\n pedersen_hash_with_separator(input, 0)\n}\n\n#[no_predicates]\npub fn pedersen_hash_with_separator<let N: u32>(input: [Field; N], separator: u32) -> Field {\n let mut scalars: [EmbeddedCurveScalar; N + 1] = [EmbeddedCurveScalar { lo: 0, hi: 0 }; N + 1];\n let mut generators: [EmbeddedCurvePoint; N + 1] =\n [EmbeddedCurvePoint::point_at_infinity(); N + 1];\n let domain_generators: [EmbeddedCurvePoint; N] =\n derive_generators("DEFAULT_DOMAIN_SEPARATOR".as_bytes(), separator);\n\n for i in 0..N {\n scalars[i] = from_field_unsafe(input[i]);\n generators[i] = domain_generators[i];\n }\n scalars[N] = EmbeddedCurveScalar { lo: N as Field, hi: 0 as Field };\n\n let length_generator: [EmbeddedCurvePoint; 1] =\n derive_generators("pedersen_hash_length".as_bytes(), 0);\n generators[N] = length_generator[0];\n multi_scalar_mul_array_return(generators, scalars, true)[0].x\n}\n\n#[field(bn254)]\n#[inline_always]\npub fn derive_generators<let N: u32, let M: u32>(\n domain_separator_bytes: [u8; M],\n starting_index: u32,\n) -> [EmbeddedCurvePoint; N] {\n crate::assert_constant(domain_separator_bytes);\n // TODO(https://github.com/noir-lang/noir/issues/5672): Add back assert_constant on starting_index\n __derive_generators(domain_separator_bytes, starting_index)\n}\n\n#[builtin(derive_pedersen_generators)]\n#[field(bn254)]\nfn __derive_generators<let N: u32, let M: u32>(\n domain_separator_bytes: [u8; M],\n starting_index: u32,\n) -> [EmbeddedCurvePoint; N] {}\n\n#[field(bn254)]\n// Same as from_field but:\n// does not assert the limbs are 128 bits\n// does not assert the decomposition does not overflow the EmbeddedCurveScalar\nfn from_field_unsafe(scalar: Field) -> EmbeddedCurveScalar {\n // Safety: xlo and xhi decomposition is checked below\n let (xlo, xhi) = unsafe { crate::field::bn254::decompose_hint(scalar) };\n // Check that the decomposition is correct\n assert_eq(scalar, xlo + crate::field::bn254::TWO_POW_128 * xhi);\n EmbeddedCurveScalar { lo: xlo, hi: xhi }\n}\n\npub fn poseidon2_permutation<let N: u32>(input: [Field; N], state_len: u32) -> [Field; N] {\n assert_eq(input.len(), state_len);\n poseidon2_permutation_internal(input)\n}\n\n#[foreign(poseidon2_permutation)]\nfn poseidon2_permutation_internal<let N: u32>(input: [Field; N]) -> [Field; N] {}\n\n// Generic hashing support.\n// Partially ported and impacted by rust.\n\n// Hash trait shall be implemented per type.\n#[derive_via(derive_hash)]\npub trait Hash {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher;\n}\n\n// docs:start:derive_hash\ncomptime fn derive_hash(s: TypeDefinition) -> Quoted {\n let name = quote { $crate::hash::Hash };\n let signature = quote { fn hash<H>(_self: Self, _state: &mut H) where H: $crate::hash::Hasher };\n let for_each_field = |name| quote { _self.$name.hash(_state); };\n crate::meta::make_trait_impl(\n s,\n name,\n signature,\n for_each_field,\n quote {},\n |fields| fields,\n )\n}\n// docs:end:derive_hash\n\n// Hasher trait shall be implemented by algorithms to provide hash-agnostic means.\n// TODO: consider making the types generic here ([u8], [Field], etc.)\npub trait Hasher {\n fn finish(self) -> Field;\n\n fn write(&mut self, input: Field);\n}\n\n// BuildHasher is a factory trait, responsible for production of specific Hasher.\npub trait BuildHasher {\n type H: Hasher;\n\n fn build_hasher(self) -> H;\n}\n\npub struct BuildHasherDefault<H>;\n\nimpl<H> BuildHasher for BuildHasherDefault<H>\nwhere\n H: Hasher + Default,\n{\n type H = H;\n\n fn build_hasher(_self: Self) -> H {\n H::default()\n }\n}\n\nimpl<H> Default for BuildHasherDefault<H>\nwhere\n H: Hasher + Default,\n{\n fn default() -> Self {\n BuildHasherDefault {}\n }\n}\n\nimpl Hash for Field {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self);\n }\n}\n\nimpl Hash for u1 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u8 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u16 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u32 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u64 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u128 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for i8 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u8 as Field);\n }\n}\n\nimpl Hash for i16 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u16 as Field);\n }\n}\n\nimpl Hash for i32 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u32 as Field);\n }\n}\n\nimpl Hash for i64 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u64 as Field);\n }\n}\n\nimpl Hash for bool {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for () {\n fn hash<H>(_self: Self, _state: &mut H)\n where\n H: Hasher,\n {}\n}\n\nimpl<T, let N: u32> Hash for [T; N]\nwhere\n T: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n for elem in self {\n elem.hash(state);\n }\n }\n}\n\nimpl<T> Hash for [T]\nwhere\n T: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.len().hash(state);\n for elem in self {\n elem.hash(state);\n }\n }\n}\n\nimpl<A, B> Hash for (A, B)\nwhere\n A: Hash,\n B: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n }\n}\n\nimpl<A, B, C> Hash for (A, B, C)\nwhere\n A: Hash,\n B: Hash,\n C: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n self.2.hash(state);\n }\n}\n\nimpl<A, B, C, D> Hash for (A, B, C, D)\nwhere\n A: Hash,\n B: Hash,\n C: Hash,\n D: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n self.2.hash(state);\n self.3.hash(state);\n }\n}\n\nimpl<A, B, C, D, E> Hash for (A, B, C, D, E)\nwhere\n A: Hash,\n B: Hash,\n C: Hash,\n D: Hash,\n E: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n self.2.hash(state);\n self.3.hash(state);\n self.4.hash(state);\n }\n}\n\n// Some test vectors for Pedersen hash and Pedersen Commitment.\n// They have been generated using the same functions so the tests are for now useless\n// but they will be useful when we switch to Noir implementation.\n#[test]\nfn assert_pedersen() {\n assert_eq(\n pedersen_hash_with_separator([1], 1),\n 0x1b3f4b1a83092a13d8d1a59f7acb62aba15e7002f4440f2275edb99ebbc2305f,\n );\n assert_eq(\n pedersen_commitment_with_separator([1], 1),\n EmbeddedCurvePoint {\n x: 0x054aa86a73cb8a34525e5bbed6e43ba1198e860f5f3950268f71df4591bde402,\n y: 0x209dcfbf2cfb57f9f6046f44d71ac6faf87254afc7407c04eb621a6287cac126,\n is_infinite: false,\n },\n );\n\n assert_eq(\n pedersen_hash_with_separator([1, 2], 2),\n 0x26691c129448e9ace0c66d11f0a16d9014a9e8498ee78f4d69f0083168188255,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2], 2),\n EmbeddedCurvePoint {\n x: 0x2e2b3b191e49541fe468ec6877721d445dcaffe41728df0a0eafeb15e87b0753,\n y: 0x2ff4482400ad3a6228be17a2af33e2bcdf41be04795f9782bd96efe7e24f8778,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3], 3),\n 0x0bc694b7a1f8d10d2d8987d07433f26bd616a2d351bc79a3c540d85b6206dbe4,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3], 3),\n EmbeddedCurvePoint {\n x: 0x1fee4e8cf8d2f527caa2684236b07c4b1bad7342c01b0f75e9a877a71827dc85,\n y: 0x2f9fedb9a090697ab69bf04c8bc15f7385b3e4b68c849c1536e5ae15ff138fd1,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4], 4),\n 0xdae10fb32a8408521803905981a2b300d6a35e40e798743e9322b223a5eddc,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4], 4),\n EmbeddedCurvePoint {\n x: 0x07ae3e202811e1fca39c2d81eabe6f79183978e6f12be0d3b8eda095b79bdbc9,\n y: 0x0afc6f892593db6fbba60f2da558517e279e0ae04f95758587760ba193145014,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5], 5),\n 0xfc375b062c4f4f0150f7100dfb8d9b72a6d28582dd9512390b0497cdad9c22,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5], 5),\n EmbeddedCurvePoint {\n x: 0x1754b12bd475a6984a1094b5109eeca9838f4f81ac89c5f0a41dbce53189bb29,\n y: 0x2da030e3cfcdc7ddad80eaf2599df6692cae0717d4e9f7bfbee8d073d5d278f7,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6], 6),\n 0x1696ed13dc2730062a98ac9d8f9de0661bb98829c7582f699d0273b18c86a572,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6], 6),\n EmbeddedCurvePoint {\n x: 0x190f6c0e97ad83e1e28da22a98aae156da083c5a4100e929b77e750d3106a697,\n y: 0x1f4b60f34ef91221a0b49756fa0705da93311a61af73d37a0c458877706616fb,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7], 7),\n 0x128c0ff144fc66b6cb60eeac8a38e23da52992fc427b92397a7dffd71c45ede3,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7], 7),\n EmbeddedCurvePoint {\n x: 0x015441e9d29491b06563fac16fc76abf7a9534c715421d0de85d20dbe2965939,\n y: 0x1d2575b0276f4e9087e6e07c2cb75aa1baafad127af4be5918ef8a2ef2fea8fc,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8], 8),\n 0x2f960e117482044dfc99d12fece2ef6862fba9242be4846c7c9a3e854325a55c,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8], 8),\n EmbeddedCurvePoint {\n x: 0x1657737676968887fceb6dd516382ea13b3a2c557f509811cd86d5d1199bc443,\n y: 0x1f39f0cb569040105fa1e2f156521e8b8e08261e635a2b210bdc94e8d6d65f77,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9], 9),\n 0x0c96db0790602dcb166cc4699e2d306c479a76926b81c2cb2aaa92d249ec7be7,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9], 9),\n EmbeddedCurvePoint {\n x: 0x0a3ceae42d14914a432aa60ec7fded4af7dad7dd4acdbf2908452675ec67e06d,\n y: 0xfc19761eaaf621ad4aec9a8b2e84a4eceffdba78f60f8b9391b0bd9345a2f2,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9, 10], 10),\n 0x2cd37505871bc460a62ea1e63c7fe51149df5d0801302cf1cbc48beb8dff7e94,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9, 10], 10),\n EmbeddedCurvePoint {\n x: 0x2fb3f8b3d41ddde007c8c3c62550f9a9380ee546fcc639ffbb3fd30c8d8de30c,\n y: 0x300783be23c446b11a4c0fabf6c91af148937cea15fcf5fb054abf7f752ee245,\n is_infinite: false,\n },\n );\n}\n', path: "std/hash/mod.nr" }, "50": { source: `/// Funding Proof Circuit
|
|
11147
|
-
///
|
|
11148
|
-
/// Proves: "I have sufficient funds to fulfill this intent, without revealing
|
|
11149
|
-
/// my exact balance, wallet address, or source of funds."
|
|
11150
|
-
///
|
|
11151
|
-
/// @see docs/specs/FUNDING-PROOF.md
|
|
11152
|
-
|
|
11153
|
-
use std::hash::pedersen_hash;
|
|
11154
|
-
use std::hash::pedersen_commitment;
|
|
11155
|
-
|
|
11156
|
-
// --- Main Circuit ---
|
|
11157
|
-
|
|
11158
|
-
/// Main funding proof entry point
|
|
11159
|
-
///
|
|
11160
|
-
/// Public inputs: commitment_hash, minimum_required, asset_id
|
|
11161
|
-
/// Private inputs: balance, blinding
|
|
11162
|
-
///
|
|
11163
|
-
/// Constraints:
|
|
11164
|
-
/// 1. balance >= minimum_required (range proof via u64)
|
|
11165
|
-
/// 2. commitment = Pedersen(balance, blinding)
|
|
11166
|
-
/// 3. hash(commitment, asset_id) == commitment_hash
|
|
11167
|
-
pub fn main(
|
|
11168
|
-
commitment_hash: pub Field,
|
|
11169
|
-
minimum_required: pub u64,
|
|
11170
|
-
asset_id: pub Field,
|
|
11171
|
-
balance: u64,
|
|
11172
|
-
blinding: Field,
|
|
11173
|
-
) {
|
|
11174
|
-
// Constraint 1: Sufficient Funds
|
|
11175
|
-
assert(balance >= minimum_required, "Insufficient balance");
|
|
11176
|
-
|
|
11177
|
-
// Constraint 2: Compute Pedersen Commitment
|
|
11178
|
-
// Uses Noir's built-in pedersen_commitment which returns (x, y) point
|
|
11179
|
-
let commitment = pedersen_commitment([balance as Field, blinding]);
|
|
11180
|
-
|
|
11181
|
-
// Constraint 3: Verify Commitment Hash
|
|
11182
|
-
let computed_hash = pedersen_hash([commitment.x, commitment.y, asset_id]);
|
|
11183
|
-
assert(computed_hash == commitment_hash, "Commitment hash mismatch");
|
|
11184
|
-
}
|
|
11185
|
-
|
|
11186
|
-
// --- Tests ---
|
|
11187
|
-
|
|
11188
|
-
#[test]
|
|
11189
|
-
fn test_valid_funding_proof() {
|
|
11190
|
-
let balance: u64 = 100;
|
|
11191
|
-
let minimum_required: u64 = 50;
|
|
11192
|
-
let blinding: Field = 12345;
|
|
11193
|
-
let asset_id: Field = 0xABCD;
|
|
11194
|
-
|
|
11195
|
-
// Compute commitment using same method as circuit
|
|
11196
|
-
let commitment = pedersen_commitment([balance as Field, blinding]);
|
|
11197
|
-
let commitment_hash = pedersen_hash([commitment.x, commitment.y, asset_id]);
|
|
11198
|
-
|
|
11199
|
-
// This should pass
|
|
11200
|
-
main(commitment_hash, minimum_required, asset_id, balance, blinding);
|
|
11201
|
-
}
|
|
11202
|
-
|
|
11203
|
-
#[test(should_fail_with = "Insufficient balance")]
|
|
11204
|
-
fn test_insufficient_balance() {
|
|
11205
|
-
let balance: u64 = 50;
|
|
11206
|
-
let minimum_required: u64 = 100;
|
|
11207
|
-
let blinding: Field = 12345;
|
|
11208
|
-
let asset_id: Field = 0xABCD;
|
|
11209
|
-
|
|
11210
|
-
let commitment = pedersen_commitment([balance as Field, blinding]);
|
|
11211
|
-
let commitment_hash = pedersen_hash([commitment.x, commitment.y, asset_id]);
|
|
11212
|
-
|
|
11213
|
-
// This should fail - balance < minimum
|
|
11214
|
-
main(commitment_hash, minimum_required, asset_id, balance, blinding);
|
|
11215
|
-
}
|
|
11216
|
-
|
|
11217
|
-
#[test(should_fail_with = "Commitment hash mismatch")]
|
|
11218
|
-
fn test_wrong_commitment_hash() {
|
|
11219
|
-
let balance: u64 = 100;
|
|
11220
|
-
let minimum_required: u64 = 50;
|
|
11221
|
-
let blinding: Field = 12345;
|
|
11222
|
-
let asset_id: Field = 0xABCD;
|
|
11223
|
-
let wrong_hash: Field = 0xDEADBEEF;
|
|
11224
|
-
|
|
11225
|
-
// This should fail - wrong hash
|
|
11226
|
-
main(wrong_hash, minimum_required, asset_id, balance, blinding);
|
|
11227
|
-
}
|
|
11228
|
-
|
|
11229
|
-
#[test(should_fail_with = "Commitment hash mismatch")]
|
|
11230
|
-
fn test_wrong_blinding() {
|
|
11231
|
-
let balance: u64 = 100;
|
|
11232
|
-
let minimum_required: u64 = 50;
|
|
11233
|
-
let correct_blinding: Field = 12345;
|
|
11234
|
-
let wrong_blinding: Field = 54321;
|
|
11235
|
-
let asset_id: Field = 0xABCD;
|
|
11236
|
-
|
|
11237
|
-
// Compute hash with correct blinding
|
|
11238
|
-
let commitment = pedersen_commitment([balance as Field, correct_blinding]);
|
|
11239
|
-
let commitment_hash = pedersen_hash([commitment.x, commitment.y, asset_id]);
|
|
11240
|
-
|
|
11241
|
-
// Try to prove with wrong blinding - should fail
|
|
11242
|
-
main(commitment_hash, minimum_required, asset_id, balance, wrong_blinding);
|
|
11243
|
-
}
|
|
11244
|
-
`, path: "/Users/rz/local-dev/sip-protocol/packages/circuits/funding_proof/src/main.nr" } }, expression_width: { Bounded: { width: 4 } } };
|
|
11432
|
+
`, path: "std/field/bn254.nr" }, "18": { source: 'pub mod bn254;\nuse crate::{runtime::is_unconstrained, static_assert};\nuse bn254::lt as bn254_lt;\n\nimpl Field {\n /// Asserts that `self` can be represented in `bit_size` bits.\n ///\n /// # Failures\n /// Causes a constraint failure for `Field` values exceeding `2^{bit_size}`.\n // docs:start:assert_max_bit_size\n pub fn assert_max_bit_size<let BIT_SIZE: u32>(self) {\n // docs:end:assert_max_bit_size\n static_assert(\n BIT_SIZE < modulus_num_bits() as u32,\n "BIT_SIZE must be less than modulus_num_bits",\n );\n __assert_max_bit_size(self, BIT_SIZE);\n }\n\n /// Decomposes `self` into its little endian bit decomposition as a `[u1; N]` array.\n /// This slice will be zero padded should not all bits be necessary to represent `self`.\n ///\n /// # Failures\n /// Causes a constraint failure for `Field` values exceeding `2^N` as the resulting slice will not\n /// be able to represent the original `Field`.\n ///\n /// # Safety\n /// The bit decomposition returned is canonical and is guaranteed to not overflow the modulus.\n // docs:start:to_le_bits\n pub fn to_le_bits<let N: u32>(self: Self) -> [u1; N] {\n // docs:end:to_le_bits\n let bits = __to_le_bits(self);\n\n if !is_unconstrained() {\n // Ensure that the byte decomposition does not overflow the modulus\n let p = modulus_le_bits();\n assert(bits.len() <= p.len());\n let mut ok = bits.len() != p.len();\n for i in 0..N {\n if !ok {\n if (bits[N - 1 - i] != p[N - 1 - i]) {\n assert(p[N - 1 - i] == 1);\n ok = true;\n }\n }\n }\n assert(ok);\n }\n bits\n }\n\n /// Decomposes `self` into its big endian bit decomposition as a `[u1; N]` array.\n /// This array will be zero padded should not all bits be necessary to represent `self`.\n ///\n /// # Failures\n /// Causes a constraint failure for `Field` values exceeding `2^N` as the resulting slice will not\n /// be able to represent the original `Field`.\n ///\n /// # Safety\n /// The bit decomposition returned is canonical and is guaranteed to not overflow the modulus.\n // docs:start:to_be_bits\n pub fn to_be_bits<let N: u32>(self: Self) -> [u1; N] {\n // docs:end:to_be_bits\n let bits = __to_be_bits(self);\n\n if !is_unconstrained() {\n // Ensure that the decomposition does not overflow the modulus\n let p = modulus_be_bits();\n assert(bits.len() <= p.len());\n let mut ok = bits.len() != p.len();\n for i in 0..N {\n if !ok {\n if (bits[i] != p[i]) {\n assert(p[i] == 1);\n ok = true;\n }\n }\n }\n assert(ok);\n }\n bits\n }\n\n /// Decomposes `self` into its little endian byte decomposition as a `[u8;N]` array\n /// This array will be zero padded should not all bytes be necessary to represent `self`.\n ///\n /// # Failures\n /// The length N of the array must be big enough to contain all the bytes of the \'self\',\n /// and no more than the number of bytes required to represent the field modulus\n ///\n /// # Safety\n /// The result is ensured to be the canonical decomposition of the field element\n // docs:start:to_le_bytes\n pub fn to_le_bytes<let N: u32>(self: Self) -> [u8; N] {\n // docs:end:to_le_bytes\n static_assert(\n N <= modulus_le_bytes().len(),\n "N must be less than or equal to modulus_le_bytes().len()",\n );\n // Compute the byte decomposition\n let bytes = self.to_le_radix(256);\n\n if !is_unconstrained() {\n // Ensure that the byte decomposition does not overflow the modulus\n let p = modulus_le_bytes();\n assert(bytes.len() <= p.len());\n let mut ok = bytes.len() != p.len();\n for i in 0..N {\n if !ok {\n if (bytes[N - 1 - i] != p[N - 1 - i]) {\n assert(bytes[N - 1 - i] < p[N - 1 - i]);\n ok = true;\n }\n }\n }\n assert(ok);\n }\n bytes\n }\n\n /// Decomposes `self` into its big endian byte decomposition as a `[u8;N]` array of length required to represent the field modulus\n /// This array will be zero padded should not all bytes be necessary to represent `self`.\n ///\n /// # Failures\n /// The length N of the array must be big enough to contain all the bytes of the \'self\',\n /// and no more than the number of bytes required to represent the field modulus\n ///\n /// # Safety\n /// The result is ensured to be the canonical decomposition of the field element\n // docs:start:to_be_bytes\n pub fn to_be_bytes<let N: u32>(self: Self) -> [u8; N] {\n // docs:end:to_be_bytes\n static_assert(\n N <= modulus_le_bytes().len(),\n "N must be less than or equal to modulus_le_bytes().len()",\n );\n // Compute the byte decomposition\n let bytes = self.to_be_radix(256);\n\n if !is_unconstrained() {\n // Ensure that the byte decomposition does not overflow the modulus\n let p = modulus_be_bytes();\n assert(bytes.len() <= p.len());\n let mut ok = bytes.len() != p.len();\n for i in 0..N {\n if !ok {\n if (bytes[i] != p[i]) {\n assert(bytes[i] < p[i]);\n ok = true;\n }\n }\n }\n assert(ok);\n }\n bytes\n }\n\n fn to_le_radix<let N: u32>(self: Self, radix: u32) -> [u8; N] {\n // Brillig does not need an immediate radix\n if !crate::runtime::is_unconstrained() {\n static_assert(1 < radix, "radix must be greater than 1");\n static_assert(radix <= 256, "radix must be less than or equal to 256");\n static_assert(radix & (radix - 1) == 0, "radix must be a power of 2");\n }\n __to_le_radix(self, radix)\n }\n\n fn to_be_radix<let N: u32>(self: Self, radix: u32) -> [u8; N] {\n // Brillig does not need an immediate radix\n if !crate::runtime::is_unconstrained() {\n static_assert(1 < radix, "radix must be greater than 1");\n static_assert(radix <= 256, "radix must be less than or equal to 256");\n static_assert(radix & (radix - 1) == 0, "radix must be a power of 2");\n }\n __to_be_radix(self, radix)\n }\n\n // Returns self to the power of the given exponent value.\n // Caution: we assume the exponent fits into 32 bits\n // using a bigger bit size impacts negatively the performance and should be done only if the exponent does not fit in 32 bits\n pub fn pow_32(self, exponent: Field) -> Field {\n let mut r: Field = 1;\n let b: [u1; 32] = exponent.to_le_bits();\n\n for i in 1..33 {\n r *= r;\n r = (b[32 - i] as Field) * (r * self) + (1 - b[32 - i] as Field) * r;\n }\n r\n }\n\n // Parity of (prime) Field element, i.e. sgn0(x mod p) = 0 if x `elem` {0, ..., p-1} is even, otherwise sgn0(x mod p) = 1.\n pub fn sgn0(self) -> u1 {\n self as u1\n }\n\n pub fn lt(self, another: Field) -> bool {\n if crate::compat::is_bn254() {\n bn254_lt(self, another)\n } else {\n lt_fallback(self, another)\n }\n }\n\n /// Convert a little endian byte array to a field element.\n /// If the provided byte array overflows the field modulus then the Field will silently wrap around.\n pub fn from_le_bytes<let N: u32>(bytes: [u8; N]) -> Field {\n static_assert(\n N <= modulus_le_bytes().len(),\n "N must be less than or equal to modulus_le_bytes().len()",\n );\n let mut v = 1;\n let mut result = 0;\n\n for i in 0..N {\n result += (bytes[i] as Field) * v;\n v = v * 256;\n }\n result\n }\n\n /// Convert a big endian byte array to a field element.\n /// If the provided byte array overflows the field modulus then the Field will silently wrap around.\n pub fn from_be_bytes<let N: u32>(bytes: [u8; N]) -> Field {\n let mut v = 1;\n let mut result = 0;\n\n for i in 0..N {\n result += (bytes[N - 1 - i] as Field) * v;\n v = v * 256;\n }\n result\n }\n}\n\n#[builtin(apply_range_constraint)]\nfn __assert_max_bit_size(value: Field, bit_size: u32) {}\n\n// `_radix` must be less than 256\n#[builtin(to_le_radix)]\nfn __to_le_radix<let N: u32>(value: Field, radix: u32) -> [u8; N] {}\n\n// `_radix` must be less than 256\n#[builtin(to_be_radix)]\nfn __to_be_radix<let N: u32>(value: Field, radix: u32) -> [u8; N] {}\n\n/// Decomposes `self` into its little endian bit decomposition as a `[u1; N]` array.\n/// This slice will be zero padded should not all bits be necessary to represent `self`.\n///\n/// # Failures\n/// Causes a constraint failure for `Field` values exceeding `2^N` as the resulting slice will not\n/// be able to represent the original `Field`.\n///\n/// # Safety\n/// Values of `N` equal to or greater than the number of bits necessary to represent the `Field` modulus\n/// (e.g. 254 for the BN254 field) allow for multiple bit decompositions. This is due to how the `Field` will\n/// wrap around due to overflow when verifying the decomposition.\n#[builtin(to_le_bits)]\nfn __to_le_bits<let N: u32>(value: Field) -> [u1; N] {}\n\n/// Decomposes `self` into its big endian bit decomposition as a `[u1; N]` array.\n/// This array will be zero padded should not all bits be necessary to represent `self`.\n///\n/// # Failures\n/// Causes a constraint failure for `Field` values exceeding `2^N` as the resulting slice will not\n/// be able to represent the original `Field`.\n///\n/// # Safety\n/// Values of `N` equal to or greater than the number of bits necessary to represent the `Field` modulus\n/// (e.g. 254 for the BN254 field) allow for multiple bit decompositions. This is due to how the `Field` will\n/// wrap around due to overflow when verifying the decomposition.\n#[builtin(to_be_bits)]\nfn __to_be_bits<let N: u32>(value: Field) -> [u1; N] {}\n\n#[builtin(modulus_num_bits)]\npub comptime fn modulus_num_bits() -> u64 {}\n\n#[builtin(modulus_be_bits)]\npub comptime fn modulus_be_bits() -> [u1] {}\n\n#[builtin(modulus_le_bits)]\npub comptime fn modulus_le_bits() -> [u1] {}\n\n#[builtin(modulus_be_bytes)]\npub comptime fn modulus_be_bytes() -> [u8] {}\n\n#[builtin(modulus_le_bytes)]\npub comptime fn modulus_le_bytes() -> [u8] {}\n\n/// An unconstrained only built in to efficiently compare fields.\n#[builtin(field_less_than)]\nunconstrained fn __field_less_than(x: Field, y: Field) -> bool {}\n\npub(crate) unconstrained fn field_less_than(x: Field, y: Field) -> bool {\n __field_less_than(x, y)\n}\n\n// Convert a 32 byte array to a field element by modding\npub fn bytes32_to_field(bytes32: [u8; 32]) -> Field {\n // Convert it to a field element\n let mut v = 1;\n let mut high = 0 as Field;\n let mut low = 0 as Field;\n\n for i in 0..16 {\n high = high + (bytes32[15 - i] as Field) * v;\n low = low + (bytes32[16 + 15 - i] as Field) * v;\n v = v * 256;\n }\n // Abuse that a % p + b % p = (a + b) % p and that low < p\n low + high * v\n}\n\nfn lt_fallback(x: Field, y: Field) -> bool {\n if is_unconstrained() {\n // Safety: unconstrained context\n unsafe {\n field_less_than(x, y)\n }\n } else {\n let x_bytes: [u8; 32] = x.to_le_bytes();\n let y_bytes: [u8; 32] = y.to_le_bytes();\n let mut x_is_lt = false;\n let mut done = false;\n for i in 0..32 {\n if (!done) {\n let x_byte = x_bytes[32 - 1 - i] as u8;\n let y_byte = y_bytes[32 - 1 - i] as u8;\n let bytes_match = x_byte == y_byte;\n if !bytes_match {\n x_is_lt = x_byte < y_byte;\n done = true;\n }\n }\n }\n x_is_lt\n }\n}\n\nmod tests {\n use crate::{panic::panic, runtime, static_assert};\n use super::{\n field_less_than, modulus_be_bits, modulus_be_bytes, modulus_le_bits, modulus_le_bytes,\n };\n\n #[test]\n // docs:start:to_be_bits_example\n fn test_to_be_bits() {\n let field = 2;\n let bits: [u1; 8] = field.to_be_bits();\n assert_eq(bits, [0, 0, 0, 0, 0, 0, 1, 0]);\n }\n // docs:end:to_be_bits_example\n\n #[test]\n // docs:start:to_le_bits_example\n fn test_to_le_bits() {\n let field = 2;\n let bits: [u1; 8] = field.to_le_bits();\n assert_eq(bits, [0, 1, 0, 0, 0, 0, 0, 0]);\n }\n // docs:end:to_le_bits_example\n\n #[test]\n // docs:start:to_be_bytes_example\n fn test_to_be_bytes() {\n let field = 2;\n let bytes: [u8; 8] = field.to_be_bytes();\n assert_eq(bytes, [0, 0, 0, 0, 0, 0, 0, 2]);\n assert_eq(Field::from_be_bytes::<8>(bytes), field);\n }\n // docs:end:to_be_bytes_example\n\n #[test]\n // docs:start:to_le_bytes_example\n fn test_to_le_bytes() {\n let field = 2;\n let bytes: [u8; 8] = field.to_le_bytes();\n assert_eq(bytes, [2, 0, 0, 0, 0, 0, 0, 0]);\n assert_eq(Field::from_le_bytes::<8>(bytes), field);\n }\n // docs:end:to_le_bytes_example\n\n #[test]\n // docs:start:to_be_radix_example\n fn test_to_be_radix() {\n // 259, in base 256, big endian, is [1, 3].\n // i.e. 3 * 256^0 + 1 * 256^1\n let field = 259;\n\n // The radix (in this example, 256) must be a power of 2.\n // The length of the returned byte array can be specified to be\n // >= the amount of space needed.\n let bytes: [u8; 8] = field.to_be_radix(256);\n assert_eq(bytes, [0, 0, 0, 0, 0, 0, 1, 3]);\n assert_eq(Field::from_be_bytes::<8>(bytes), field);\n }\n // docs:end:to_be_radix_example\n\n #[test]\n // docs:start:to_le_radix_example\n fn test_to_le_radix() {\n // 259, in base 256, little endian, is [3, 1].\n // i.e. 3 * 256^0 + 1 * 256^1\n let field = 259;\n\n // The radix (in this example, 256) must be a power of 2.\n // The length of the returned byte array can be specified to be\n // >= the amount of space needed.\n let bytes: [u8; 8] = field.to_le_radix(256);\n assert_eq(bytes, [3, 1, 0, 0, 0, 0, 0, 0]);\n assert_eq(Field::from_le_bytes::<8>(bytes), field);\n }\n // docs:end:to_le_radix_example\n\n #[test(should_fail_with = "radix must be greater than 1")]\n fn test_to_le_radix_1() {\n // this test should only fail in constrained mode\n if !runtime::is_unconstrained() {\n let field = 2;\n let _: [u8; 8] = field.to_le_radix(1);\n } else {\n panic(f"radix must be greater than 1");\n }\n }\n\n // Updated test to account for Brillig restriction that radix must be greater than 2\n #[test(should_fail_with = "radix must be greater than 1")]\n fn test_to_le_radix_brillig_1() {\n // this test should only fail in constrained mode\n if !runtime::is_unconstrained() {\n let field = 1;\n let _: [u8; 8] = field.to_le_radix(1);\n } else {\n panic(f"radix must be greater than 1");\n }\n }\n\n #[test(should_fail_with = "radix must be a power of 2")]\n fn test_to_le_radix_3() {\n // this test should only fail in constrained mode\n if !runtime::is_unconstrained() {\n let field = 2;\n let _: [u8; 8] = field.to_le_radix(3);\n } else {\n panic(f"radix must be a power of 2");\n }\n }\n\n #[test]\n fn test_to_le_radix_brillig_3() {\n // this test should only fail in constrained mode\n if runtime::is_unconstrained() {\n let field = 1;\n let out: [u8; 8] = field.to_le_radix(3);\n let mut expected = [0; 8];\n expected[0] = 1;\n assert(out == expected, "unexpected result");\n }\n }\n\n #[test(should_fail_with = "radix must be less than or equal to 256")]\n fn test_to_le_radix_512() {\n // this test should only fail in constrained mode\n if !runtime::is_unconstrained() {\n let field = 2;\n let _: [u8; 8] = field.to_le_radix(512);\n } else {\n panic(f"radix must be less than or equal to 256")\n }\n }\n\n #[test(should_fail_with = "Field failed to decompose into specified 16 limbs")]\n unconstrained fn not_enough_limbs_brillig() {\n let _: [u8; 16] = 0x100000000000000000000000000000000.to_le_bytes();\n }\n\n #[test(should_fail_with = "Field failed to decompose into specified 16 limbs")]\n fn not_enough_limbs() {\n let _: [u8; 16] = 0x100000000000000000000000000000000.to_le_bytes();\n }\n\n #[test]\n unconstrained fn test_field_less_than() {\n assert(field_less_than(0, 1));\n assert(field_less_than(0, 0x100));\n assert(field_less_than(0x100, 0 - 1));\n assert(!field_less_than(0 - 1, 0));\n }\n\n #[test]\n unconstrained fn test_large_field_values_unconstrained() {\n let large_field = 0xffffffffffffffff;\n\n let bits: [u1; 64] = large_field.to_le_bits();\n assert_eq(bits[0], 1);\n\n let bytes: [u8; 8] = large_field.to_le_bytes();\n assert_eq(Field::from_le_bytes::<8>(bytes), large_field);\n\n let radix_bytes: [u8; 8] = large_field.to_le_radix(256);\n assert_eq(Field::from_le_bytes::<8>(radix_bytes), large_field);\n }\n\n #[test]\n fn test_large_field_values() {\n let large_val = 0xffffffffffffffff;\n\n let bits: [u1; 64] = large_val.to_le_bits();\n assert_eq(bits[0], 1);\n\n let bytes: [u8; 8] = large_val.to_le_bytes();\n assert_eq(Field::from_le_bytes::<8>(bytes), large_val);\n\n let radix_bytes: [u8; 8] = large_val.to_le_radix(256);\n assert_eq(Field::from_le_bytes::<8>(radix_bytes), large_val);\n }\n\n #[test]\n fn test_decomposition_edge_cases() {\n let zero_bits: [u1; 8] = 0.to_le_bits();\n assert_eq(zero_bits, [0; 8]);\n\n let zero_bytes: [u8; 8] = 0.to_le_bytes();\n assert_eq(zero_bytes, [0; 8]);\n\n let one_bits: [u1; 8] = 1.to_le_bits();\n let expected: [u1; 8] = [1, 0, 0, 0, 0, 0, 0, 0];\n assert_eq(one_bits, expected);\n\n let pow2_bits: [u1; 8] = 4.to_le_bits();\n let expected: [u1; 8] = [0, 0, 1, 0, 0, 0, 0, 0];\n assert_eq(pow2_bits, expected);\n }\n\n #[test]\n fn test_pow_32() {\n assert_eq(2.pow_32(3), 8);\n assert_eq(3.pow_32(2), 9);\n assert_eq(5.pow_32(0), 1);\n assert_eq(7.pow_32(1), 7);\n\n assert_eq(2.pow_32(10), 1024);\n\n assert_eq(0.pow_32(5), 0);\n assert_eq(0.pow_32(0), 1);\n\n assert_eq(1.pow_32(100), 1);\n }\n\n #[test]\n fn test_sgn0() {\n assert_eq(0.sgn0(), 0);\n assert_eq(2.sgn0(), 0);\n assert_eq(4.sgn0(), 0);\n assert_eq(100.sgn0(), 0);\n\n assert_eq(1.sgn0(), 1);\n assert_eq(3.sgn0(), 1);\n assert_eq(5.sgn0(), 1);\n assert_eq(101.sgn0(), 1);\n }\n\n #[test(should_fail_with = "Field failed to decompose into specified 8 limbs")]\n fn test_bit_decomposition_overflow() {\n // 8 bits can\'t represent large field values\n let large_val = 0x1000000000000000;\n let _: [u1; 8] = large_val.to_le_bits();\n }\n\n #[test(should_fail_with = "Field failed to decompose into specified 4 limbs")]\n fn test_byte_decomposition_overflow() {\n // 4 bytes can\'t represent large field values\n let large_val = 0x1000000000000000;\n let _: [u8; 4] = large_val.to_le_bytes();\n }\n\n #[test]\n fn test_to_from_be_bytes_bn254_edge_cases() {\n if crate::compat::is_bn254() {\n // checking that decrementing this byte produces the expected 32 BE bytes for (modulus - 1)\n let mut p_minus_1_bytes: [u8; 32] = modulus_be_bytes().as_array();\n assert(p_minus_1_bytes[32 - 1] > 0);\n p_minus_1_bytes[32 - 1] -= 1;\n\n let p_minus_1 = Field::from_be_bytes::<32>(p_minus_1_bytes);\n assert_eq(p_minus_1 + 1, 0);\n\n // checking that converting (modulus - 1) from and then to 32 BE bytes produces the same bytes\n let p_minus_1_converted_bytes: [u8; 32] = p_minus_1.to_be_bytes();\n assert_eq(p_minus_1_converted_bytes, p_minus_1_bytes);\n\n // checking that incrementing this byte produces 32 BE bytes for (modulus + 1)\n let mut p_plus_1_bytes: [u8; 32] = modulus_be_bytes().as_array();\n assert(p_plus_1_bytes[32 - 1] < 255);\n p_plus_1_bytes[32 - 1] += 1;\n\n let p_plus_1 = Field::from_be_bytes::<32>(p_plus_1_bytes);\n assert_eq(p_plus_1, 1);\n\n // checking that converting p_plus_1 to 32 BE bytes produces the same\n // byte set to 1 as p_plus_1_bytes and otherwise zeroes\n let mut p_plus_1_converted_bytes: [u8; 32] = p_plus_1.to_be_bytes();\n assert_eq(p_plus_1_converted_bytes[32 - 1], 1);\n p_plus_1_converted_bytes[32 - 1] = 0;\n assert_eq(p_plus_1_converted_bytes, [0; 32]);\n\n // checking that Field::from_be_bytes::<32> on the Field modulus produces 0\n assert_eq(modulus_be_bytes().len(), 32);\n let p = Field::from_be_bytes::<32>(modulus_be_bytes().as_array());\n assert_eq(p, 0);\n\n // checking that converting 0 to 32 BE bytes produces 32 zeroes\n let p_bytes: [u8; 32] = 0.to_be_bytes();\n assert_eq(p_bytes, [0; 32]);\n }\n }\n\n #[test]\n fn test_to_from_le_bytes_bn254_edge_cases() {\n if crate::compat::is_bn254() {\n // checking that decrementing this byte produces the expected 32 LE bytes for (modulus - 1)\n let mut p_minus_1_bytes: [u8; 32] = modulus_le_bytes().as_array();\n assert(p_minus_1_bytes[0] > 0);\n p_minus_1_bytes[0] -= 1;\n\n let p_minus_1 = Field::from_le_bytes::<32>(p_minus_1_bytes);\n assert_eq(p_minus_1 + 1, 0);\n\n // checking that converting (modulus - 1) from and then to 32 BE bytes produces the same bytes\n let p_minus_1_converted_bytes: [u8; 32] = p_minus_1.to_le_bytes();\n assert_eq(p_minus_1_converted_bytes, p_minus_1_bytes);\n\n // checking that incrementing this byte produces 32 LE bytes for (modulus + 1)\n let mut p_plus_1_bytes: [u8; 32] = modulus_le_bytes().as_array();\n assert(p_plus_1_bytes[0] < 255);\n p_plus_1_bytes[0] += 1;\n\n let p_plus_1 = Field::from_le_bytes::<32>(p_plus_1_bytes);\n assert_eq(p_plus_1, 1);\n\n // checking that converting p_plus_1 to 32 LE bytes produces the same\n // byte set to 1 as p_plus_1_bytes and otherwise zeroes\n let mut p_plus_1_converted_bytes: [u8; 32] = p_plus_1.to_le_bytes();\n assert_eq(p_plus_1_converted_bytes[0], 1);\n p_plus_1_converted_bytes[0] = 0;\n assert_eq(p_plus_1_converted_bytes, [0; 32]);\n\n // checking that Field::from_le_bytes::<32> on the Field modulus produces 0\n assert_eq(modulus_le_bytes().len(), 32);\n let p = Field::from_le_bytes::<32>(modulus_le_bytes().as_array());\n assert_eq(p, 0);\n\n // checking that converting 0 to 32 LE bytes produces 32 zeroes\n let p_bytes: [u8; 32] = 0.to_le_bytes();\n assert_eq(p_bytes, [0; 32]);\n }\n }\n\n /// Convert a little endian bit array to a field element.\n /// If the provided bit array overflows the field modulus then the Field will silently wrap around.\n fn from_le_bits<let N: u32>(bits: [u1; N]) -> Field {\n static_assert(\n N <= modulus_le_bits().len(),\n "N must be less than or equal to modulus_le_bits().len()",\n );\n let mut v = 1;\n let mut result = 0;\n\n for i in 0..N {\n result += (bits[i] as Field) * v;\n v = v * 2;\n }\n result\n }\n\n /// Convert a big endian bit array to a field element.\n /// If the provided bit array overflows the field modulus then the Field will silently wrap around.\n fn from_be_bits<let N: u32>(bits: [u1; N]) -> Field {\n let mut v = 1;\n let mut result = 0;\n\n for i in 0..N {\n result += (bits[N - 1 - i] as Field) * v;\n v = v * 2;\n }\n result\n }\n\n #[test]\n fn test_to_from_be_bits_bn254_edge_cases() {\n if crate::compat::is_bn254() {\n // checking that decrementing this bit produces the expected 254 BE bits for (modulus - 1)\n let mut p_minus_1_bits: [u1; 254] = modulus_be_bits().as_array();\n assert(p_minus_1_bits[254 - 1] > 0);\n p_minus_1_bits[254 - 1] -= 1;\n\n let p_minus_1 = from_be_bits::<254>(p_minus_1_bits);\n assert_eq(p_minus_1 + 1, 0);\n\n // checking that converting (modulus - 1) from and then to 254 BE bits produces the same bits\n let p_minus_1_converted_bits: [u1; 254] = p_minus_1.to_be_bits();\n assert_eq(p_minus_1_converted_bits, p_minus_1_bits);\n\n // checking that incrementing this bit produces 254 BE bits for (modulus + 4)\n let mut p_plus_4_bits: [u1; 254] = modulus_be_bits().as_array();\n assert(p_plus_4_bits[254 - 3] < 1);\n p_plus_4_bits[254 - 3] += 1;\n\n let p_plus_4 = from_be_bits::<254>(p_plus_4_bits);\n assert_eq(p_plus_4, 4);\n\n // checking that converting p_plus_4 to 254 BE bits produces the same\n // bit set to 1 as p_plus_4_bits and otherwise zeroes\n let mut p_plus_4_converted_bits: [u1; 254] = p_plus_4.to_be_bits();\n assert_eq(p_plus_4_converted_bits[254 - 3], 1);\n p_plus_4_converted_bits[254 - 3] = 0;\n assert_eq(p_plus_4_converted_bits, [0; 254]);\n\n // checking that Field::from_be_bits::<254> on the Field modulus produces 0\n assert_eq(modulus_be_bits().len(), 254);\n let p = from_be_bits::<254>(modulus_be_bits().as_array());\n assert_eq(p, 0);\n\n // checking that converting 0 to 254 BE bytes produces 254 zeroes\n let p_bits: [u1; 254] = 0.to_be_bits();\n assert_eq(p_bits, [0; 254]);\n }\n }\n\n #[test]\n fn test_to_from_le_bits_bn254_edge_cases() {\n if crate::compat::is_bn254() {\n // checking that decrementing this bit produces the expected 254 LE bits for (modulus - 1)\n let mut p_minus_1_bits: [u1; 254] = modulus_le_bits().as_array();\n assert(p_minus_1_bits[0] > 0);\n p_minus_1_bits[0] -= 1;\n\n let p_minus_1 = from_le_bits::<254>(p_minus_1_bits);\n assert_eq(p_minus_1 + 1, 0);\n\n // checking that converting (modulus - 1) from and then to 254 BE bits produces the same bits\n let p_minus_1_converted_bits: [u1; 254] = p_minus_1.to_le_bits();\n assert_eq(p_minus_1_converted_bits, p_minus_1_bits);\n\n // checking that incrementing this bit produces 254 LE bits for (modulus + 4)\n let mut p_plus_4_bits: [u1; 254] = modulus_le_bits().as_array();\n assert(p_plus_4_bits[2] < 1);\n p_plus_4_bits[2] += 1;\n\n let p_plus_4 = from_le_bits::<254>(p_plus_4_bits);\n assert_eq(p_plus_4, 4);\n\n // checking that converting p_plus_4 to 254 LE bits produces the same\n // bit set to 1 as p_plus_4_bits and otherwise zeroes\n let mut p_plus_4_converted_bits: [u1; 254] = p_plus_4.to_le_bits();\n assert_eq(p_plus_4_converted_bits[2], 1);\n p_plus_4_converted_bits[2] = 0;\n assert_eq(p_plus_4_converted_bits, [0; 254]);\n\n // checking that Field::from_le_bits::<254> on the Field modulus produces 0\n assert_eq(modulus_le_bits().len(), 254);\n let p = from_le_bits::<254>(modulus_le_bits().as_array());\n assert_eq(p, 0);\n\n // checking that converting 0 to 254 LE bytes produces 254 zeroes\n let p_bits: [u1; 254] = 0.to_le_bits();\n assert_eq(p_bits, [0; 254]);\n }\n }\n}\n', path: "std/field/mod.nr" }, "19": { source: '// Exposed only for usage in `std::meta`\npub(crate) mod poseidon2;\n\nuse crate::default::Default;\nuse crate::embedded_curve_ops::{\n EmbeddedCurvePoint, EmbeddedCurveScalar, multi_scalar_mul, multi_scalar_mul_array_return,\n};\nuse crate::meta::derive_via;\n\n#[foreign(sha256_compression)]\n// docs:start:sha256_compression\npub fn sha256_compression(input: [u32; 16], state: [u32; 8]) -> [u32; 8] {}\n// docs:end:sha256_compression\n\n#[foreign(keccakf1600)]\n// docs:start:keccakf1600\npub fn keccakf1600(input: [u64; 25]) -> [u64; 25] {}\n// docs:end:keccakf1600\n\npub mod keccak {\n #[deprecated("This function has been moved to std::hash::keccakf1600")]\n pub fn keccakf1600(input: [u64; 25]) -> [u64; 25] {\n super::keccakf1600(input)\n }\n}\n\n#[foreign(blake2s)]\n// docs:start:blake2s\npub fn blake2s<let N: u32>(input: [u8; N]) -> [u8; 32]\n// docs:end:blake2s\n{}\n\n// docs:start:blake3\npub fn blake3<let N: u32>(input: [u8; N]) -> [u8; 32]\n// docs:end:blake3\n{\n if crate::runtime::is_unconstrained() {\n // Temporary measure while Barretenberg is main proving system.\n // Please open an issue if you\'re working on another proving system and running into problems due to this.\n crate::static_assert(\n N <= 1024,\n "Barretenberg cannot prove blake3 hashes with inputs larger than 1024 bytes",\n );\n }\n __blake3(input)\n}\n\n#[foreign(blake3)]\nfn __blake3<let N: u32>(input: [u8; N]) -> [u8; 32] {}\n\n// docs:start:pedersen_commitment\npub fn pedersen_commitment<let N: u32>(input: [Field; N]) -> EmbeddedCurvePoint {\n // docs:end:pedersen_commitment\n pedersen_commitment_with_separator(input, 0)\n}\n\n#[inline_always]\npub fn pedersen_commitment_with_separator<let N: u32>(\n input: [Field; N],\n separator: u32,\n) -> EmbeddedCurvePoint {\n let mut points = [EmbeddedCurveScalar { lo: 0, hi: 0 }; N];\n for i in 0..N {\n // we use the unsafe version because the multi_scalar_mul will constrain the scalars.\n points[i] = from_field_unsafe(input[i]);\n }\n let generators = derive_generators("DEFAULT_DOMAIN_SEPARATOR".as_bytes(), separator);\n multi_scalar_mul(generators, points)\n}\n\n// docs:start:pedersen_hash\npub fn pedersen_hash<let N: u32>(input: [Field; N]) -> Field\n// docs:end:pedersen_hash\n{\n pedersen_hash_with_separator(input, 0)\n}\n\n#[no_predicates]\npub fn pedersen_hash_with_separator<let N: u32>(input: [Field; N], separator: u32) -> Field {\n let mut scalars: [EmbeddedCurveScalar; N + 1] = [EmbeddedCurveScalar { lo: 0, hi: 0 }; N + 1];\n let mut generators: [EmbeddedCurvePoint; N + 1] =\n [EmbeddedCurvePoint::point_at_infinity(); N + 1];\n let domain_generators: [EmbeddedCurvePoint; N] =\n derive_generators("DEFAULT_DOMAIN_SEPARATOR".as_bytes(), separator);\n\n for i in 0..N {\n scalars[i] = from_field_unsafe(input[i]);\n generators[i] = domain_generators[i];\n }\n scalars[N] = EmbeddedCurveScalar { lo: N as Field, hi: 0 as Field };\n\n let length_generator: [EmbeddedCurvePoint; 1] =\n derive_generators("pedersen_hash_length".as_bytes(), 0);\n generators[N] = length_generator[0];\n multi_scalar_mul_array_return(generators, scalars, true)[0].x\n}\n\n#[field(bn254)]\n#[inline_always]\npub fn derive_generators<let N: u32, let M: u32>(\n domain_separator_bytes: [u8; M],\n starting_index: u32,\n) -> [EmbeddedCurvePoint; N] {\n crate::assert_constant(domain_separator_bytes);\n // TODO(https://github.com/noir-lang/noir/issues/5672): Add back assert_constant on starting_index\n __derive_generators(domain_separator_bytes, starting_index)\n}\n\n#[builtin(derive_pedersen_generators)]\n#[field(bn254)]\nfn __derive_generators<let N: u32, let M: u32>(\n domain_separator_bytes: [u8; M],\n starting_index: u32,\n) -> [EmbeddedCurvePoint; N] {}\n\n#[field(bn254)]\n// Same as from_field but:\n// does not assert the limbs are 128 bits\n// does not assert the decomposition does not overflow the EmbeddedCurveScalar\nfn from_field_unsafe(scalar: Field) -> EmbeddedCurveScalar {\n // Safety: xlo and xhi decomposition is checked below\n let (xlo, xhi) = unsafe { crate::field::bn254::decompose_hint(scalar) };\n // Check that the decomposition is correct\n assert_eq(scalar, xlo + crate::field::bn254::TWO_POW_128 * xhi);\n EmbeddedCurveScalar { lo: xlo, hi: xhi }\n}\n\npub fn poseidon2_permutation<let N: u32>(input: [Field; N], state_len: u32) -> [Field; N] {\n assert_eq(input.len(), state_len);\n poseidon2_permutation_internal(input)\n}\n\n#[foreign(poseidon2_permutation)]\nfn poseidon2_permutation_internal<let N: u32>(input: [Field; N]) -> [Field; N] {}\n\n// Generic hashing support.\n// Partially ported and impacted by rust.\n\n// Hash trait shall be implemented per type.\n#[derive_via(derive_hash)]\npub trait Hash {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher;\n}\n\n// docs:start:derive_hash\ncomptime fn derive_hash(s: TypeDefinition) -> Quoted {\n let name = quote { $crate::hash::Hash };\n let signature = quote { fn hash<H>(_self: Self, _state: &mut H) where H: $crate::hash::Hasher };\n let for_each_field = |name| quote { _self.$name.hash(_state); };\n crate::meta::make_trait_impl(\n s,\n name,\n signature,\n for_each_field,\n quote {},\n |fields| fields,\n )\n}\n// docs:end:derive_hash\n\n// Hasher trait shall be implemented by algorithms to provide hash-agnostic means.\n// TODO: consider making the types generic here ([u8], [Field], etc.)\npub trait Hasher {\n fn finish(self) -> Field;\n\n fn write(&mut self, input: Field);\n}\n\n// BuildHasher is a factory trait, responsible for production of specific Hasher.\npub trait BuildHasher {\n type H: Hasher;\n\n fn build_hasher(self) -> H;\n}\n\npub struct BuildHasherDefault<H>;\n\nimpl<H> BuildHasher for BuildHasherDefault<H>\nwhere\n H: Hasher + Default,\n{\n type H = H;\n\n fn build_hasher(_self: Self) -> H {\n H::default()\n }\n}\n\nimpl<H> Default for BuildHasherDefault<H>\nwhere\n H: Hasher + Default,\n{\n fn default() -> Self {\n BuildHasherDefault {}\n }\n}\n\nimpl Hash for Field {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self);\n }\n}\n\nimpl Hash for u1 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u8 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u16 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u32 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u64 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u128 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for i8 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u8 as Field);\n }\n}\n\nimpl Hash for i16 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u16 as Field);\n }\n}\n\nimpl Hash for i32 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u32 as Field);\n }\n}\n\nimpl Hash for i64 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u64 as Field);\n }\n}\n\nimpl Hash for bool {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for () {\n fn hash<H>(_self: Self, _state: &mut H)\n where\n H: Hasher,\n {}\n}\n\nimpl<T, let N: u32> Hash for [T; N]\nwhere\n T: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n for elem in self {\n elem.hash(state);\n }\n }\n}\n\nimpl<T> Hash for [T]\nwhere\n T: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.len().hash(state);\n for elem in self {\n elem.hash(state);\n }\n }\n}\n\nimpl<A, B> Hash for (A, B)\nwhere\n A: Hash,\n B: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n }\n}\n\nimpl<A, B, C> Hash for (A, B, C)\nwhere\n A: Hash,\n B: Hash,\n C: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n self.2.hash(state);\n }\n}\n\nimpl<A, B, C, D> Hash for (A, B, C, D)\nwhere\n A: Hash,\n B: Hash,\n C: Hash,\n D: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n self.2.hash(state);\n self.3.hash(state);\n }\n}\n\nimpl<A, B, C, D, E> Hash for (A, B, C, D, E)\nwhere\n A: Hash,\n B: Hash,\n C: Hash,\n D: Hash,\n E: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n self.2.hash(state);\n self.3.hash(state);\n self.4.hash(state);\n }\n}\n\n// Some test vectors for Pedersen hash and Pedersen Commitment.\n// They have been generated using the same functions so the tests are for now useless\n// but they will be useful when we switch to Noir implementation.\n#[test]\nfn assert_pedersen() {\n assert_eq(\n pedersen_hash_with_separator([1], 1),\n 0x1b3f4b1a83092a13d8d1a59f7acb62aba15e7002f4440f2275edb99ebbc2305f,\n );\n assert_eq(\n pedersen_commitment_with_separator([1], 1),\n EmbeddedCurvePoint {\n x: 0x054aa86a73cb8a34525e5bbed6e43ba1198e860f5f3950268f71df4591bde402,\n y: 0x209dcfbf2cfb57f9f6046f44d71ac6faf87254afc7407c04eb621a6287cac126,\n is_infinite: false,\n },\n );\n\n assert_eq(\n pedersen_hash_with_separator([1, 2], 2),\n 0x26691c129448e9ace0c66d11f0a16d9014a9e8498ee78f4d69f0083168188255,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2], 2),\n EmbeddedCurvePoint {\n x: 0x2e2b3b191e49541fe468ec6877721d445dcaffe41728df0a0eafeb15e87b0753,\n y: 0x2ff4482400ad3a6228be17a2af33e2bcdf41be04795f9782bd96efe7e24f8778,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3], 3),\n 0x0bc694b7a1f8d10d2d8987d07433f26bd616a2d351bc79a3c540d85b6206dbe4,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3], 3),\n EmbeddedCurvePoint {\n x: 0x1fee4e8cf8d2f527caa2684236b07c4b1bad7342c01b0f75e9a877a71827dc85,\n y: 0x2f9fedb9a090697ab69bf04c8bc15f7385b3e4b68c849c1536e5ae15ff138fd1,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4], 4),\n 0xdae10fb32a8408521803905981a2b300d6a35e40e798743e9322b223a5eddc,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4], 4),\n EmbeddedCurvePoint {\n x: 0x07ae3e202811e1fca39c2d81eabe6f79183978e6f12be0d3b8eda095b79bdbc9,\n y: 0x0afc6f892593db6fbba60f2da558517e279e0ae04f95758587760ba193145014,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5], 5),\n 0xfc375b062c4f4f0150f7100dfb8d9b72a6d28582dd9512390b0497cdad9c22,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5], 5),\n EmbeddedCurvePoint {\n x: 0x1754b12bd475a6984a1094b5109eeca9838f4f81ac89c5f0a41dbce53189bb29,\n y: 0x2da030e3cfcdc7ddad80eaf2599df6692cae0717d4e9f7bfbee8d073d5d278f7,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6], 6),\n 0x1696ed13dc2730062a98ac9d8f9de0661bb98829c7582f699d0273b18c86a572,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6], 6),\n EmbeddedCurvePoint {\n x: 0x190f6c0e97ad83e1e28da22a98aae156da083c5a4100e929b77e750d3106a697,\n y: 0x1f4b60f34ef91221a0b49756fa0705da93311a61af73d37a0c458877706616fb,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7], 7),\n 0x128c0ff144fc66b6cb60eeac8a38e23da52992fc427b92397a7dffd71c45ede3,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7], 7),\n EmbeddedCurvePoint {\n x: 0x015441e9d29491b06563fac16fc76abf7a9534c715421d0de85d20dbe2965939,\n y: 0x1d2575b0276f4e9087e6e07c2cb75aa1baafad127af4be5918ef8a2ef2fea8fc,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8], 8),\n 0x2f960e117482044dfc99d12fece2ef6862fba9242be4846c7c9a3e854325a55c,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8], 8),\n EmbeddedCurvePoint {\n x: 0x1657737676968887fceb6dd516382ea13b3a2c557f509811cd86d5d1199bc443,\n y: 0x1f39f0cb569040105fa1e2f156521e8b8e08261e635a2b210bdc94e8d6d65f77,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9], 9),\n 0x0c96db0790602dcb166cc4699e2d306c479a76926b81c2cb2aaa92d249ec7be7,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9], 9),\n EmbeddedCurvePoint {\n x: 0x0a3ceae42d14914a432aa60ec7fded4af7dad7dd4acdbf2908452675ec67e06d,\n y: 0xfc19761eaaf621ad4aec9a8b2e84a4eceffdba78f60f8b9391b0bd9345a2f2,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9, 10], 10),\n 0x2cd37505871bc460a62ea1e63c7fe51149df5d0801302cf1cbc48beb8dff7e94,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9, 10], 10),\n EmbeddedCurvePoint {\n x: 0x2fb3f8b3d41ddde007c8c3c62550f9a9380ee546fcc639ffbb3fd30c8d8de30c,\n y: 0x300783be23c446b11a4c0fabf6c91af148937cea15fcf5fb054abf7f752ee245,\n is_infinite: false,\n },\n );\n}\n', path: "std/hash/mod.nr" }, "50": { source: '/// Funding Proof Circuit\n///\n/// Proves that a user has sufficient balance to cover a transaction\n/// without revealing the actual balance.\n///\n/// Public inputs:\n/// - commitment_hash: Hash of the Pedersen commitment to balance\n/// - minimum_required: Minimum balance required\n/// - asset_id: Asset identifier\n///\n/// Private inputs (witness):\n/// - balance: Actual user balance\n/// - blinding: Blinding factor for commitment\n///\n/// Constraints:\n/// 1. balance >= minimum_required\n/// 2. commitment = pedersen([balance, blinding])\n/// 3. commitment_hash = hash(commitment, asset_id)\n\nuse std::hash::pedersen_hash;\nuse std::hash::blake3;\n\n/// Main entry point for the funding proof circuit\n///\n/// Returns the commitment hash as a public output rather than taking it as input.\n/// This allows the SDK to verify the proof without needing to compute Pedersen hashes.\nfn main(\n // Public inputs\n minimum_required: pub u64,\n asset_id: pub Field,\n\n // Private inputs (witness)\n balance: u64,\n blinding: Field,\n) -> pub [u8; 32] {\n // Constraint 1: Balance must be at least the minimum required\n assert(balance >= minimum_required, "Insufficient balance");\n\n // Constraint 2: Compute the Pedersen commitment to (balance, blinding)\n let balance_field = balance as Field;\n let commitment = pedersen_hash([balance_field, blinding]);\n\n // Constraint 3: Compute and return the commitment hash\n // We hash: commitment || asset_id to bind the commitment to the asset\n let commitment_hash = compute_commitment_hash(commitment, asset_id);\n\n commitment_hash\n}\n\n/// Compute the commitment hash from commitment and asset_id\n/// Uses BLAKE3 for efficiency (built-in to Noir)\nfn compute_commitment_hash(commitment: Field, asset_id: Field) -> [u8; 32] {\n // Convert commitment to bytes (32 bytes, big-endian)\n let commitment_bytes: [u8; 32] = commitment.to_be_bytes();\n\n // Convert asset_id to bytes (32 bytes, big-endian)\n let asset_bytes: [u8; 32] = asset_id.to_be_bytes();\n\n // Create preimage: commitment || asset_id (64 bytes)\n let mut preimage: [u8; 64] = [0; 64];\n for i in 0..32 {\n preimage[i] = commitment_bytes[i];\n preimage[i + 32] = asset_bytes[i];\n }\n\n // Hash with BLAKE3\n blake3(preimage)\n}\n\n// --- Tests ---\n\n#[test]\nfn test_valid_funding_proof() {\n // Test case: balance = 100, minimum = 50\n let balance: u64 = 100;\n let minimum_required: u64 = 50;\n let blinding = 12345 as Field;\n let asset_id = 1 as Field;\n\n // Execute the circuit - it should return the commitment hash\n let commitment_hash = main(minimum_required, asset_id, balance, blinding);\n\n // Verify it returned a hash (not all zeros)\n let mut has_nonzero = false;\n for i in 0..32 {\n if commitment_hash[i] != 0 {\n has_nonzero = true;\n }\n }\n assert(has_nonzero, "Commitment hash should not be all zeros");\n}\n\n#[test]\nfn test_exact_balance_passes() {\n // Test case: balance exactly equals minimum\n let balance: u64 = 50;\n let minimum_required: u64 = 50;\n let blinding = 67890 as Field;\n let asset_id = 2 as Field;\n\n // Should succeed and return a hash\n let _commitment_hash = main(minimum_required, asset_id, balance, blinding);\n}\n\n#[test(should_fail_with = "Insufficient balance")]\nfn test_insufficient_balance_fails() {\n // Test case: balance < minimum should fail\n let balance: u64 = 40;\n let minimum_required: u64 = 50;\n let blinding = 11111 as Field;\n let asset_id = 1 as Field;\n\n // Should fail because balance < minimum_required\n let _commitment_hash = main(minimum_required, asset_id, balance, blinding);\n}\n\n#[test]\nfn test_different_blinding_produces_different_hash() {\n // Test that different blinding factors produce different commitment hashes\n let balance: u64 = 100;\n let minimum_required: u64 = 50;\n let blinding1 = 12345 as Field;\n let blinding2 = 99999 as Field;\n let asset_id = 1 as Field;\n\n let hash1 = main(minimum_required, asset_id, balance, blinding1);\n let hash2 = main(minimum_required, asset_id, balance, blinding2);\n\n // Hashes should be different\n let mut hashes_differ = false;\n for i in 0..32 {\n if hash1[i] != hash2[i] {\n hashes_differ = true;\n }\n }\n assert(hashes_differ, "Different blindings should produce different hashes");\n}\n', path: "/Users/rz/local-dev/circuits/funding_proof/src/main.nr" } }, expression_width: { Bounded: { width: 4 } } };
|
|
11245
11433
|
|
|
11246
11434
|
// src/proofs/circuits/validity_proof.json
|
|
11247
11435
|
var validity_proof_default = { noir_version: "1.0.0-beta.15+83245db91dcf63420ef4bcbbd85b98f397fee663", hash: "17105369051450454041", abi: { parameters: [{ name: "intent_hash", type: { kind: "field" }, visibility: "public" }, { name: "sender_commitment_x", type: { kind: "field" }, visibility: "public" }, { name: "sender_commitment_y", type: { kind: "field" }, visibility: "public" }, { name: "nullifier", type: { kind: "field" }, visibility: "public" }, { name: "timestamp", type: { kind: "integer", sign: "unsigned", width: 64 }, visibility: "public" }, { name: "expiry", type: { kind: "integer", sign: "unsigned", width: 64 }, visibility: "public" }, { name: "sender_address", type: { kind: "field" }, visibility: "private" }, { name: "sender_blinding", type: { kind: "field" }, visibility: "private" }, { name: "sender_secret", type: { kind: "field" }, visibility: "private" }, { name: "pub_key_x", type: { kind: "array", length: 32, type: { kind: "integer", sign: "unsigned", width: 8 } }, visibility: "private" }, { name: "pub_key_y", type: { kind: "array", length: 32, type: { kind: "integer", sign: "unsigned", width: 8 } }, visibility: "private" }, { name: "signature", type: { kind: "array", length: 64, type: { kind: "integer", sign: "unsigned", width: 8 } }, visibility: "private" }, { name: "message_hash", type: { kind: "array", length: 32, type: { kind: "integer", sign: "unsigned", width: 8 } }, visibility: "private" }, { name: "nonce", type: { kind: "field" }, visibility: "private" }], return_type: null, error_types: { "4743545721632785176": { error_kind: "string", string: "Nullifier mismatch" }, "4924752953922582949": { error_kind: "string", string: "Invalid ECDSA signature" }, "5940733937471987676": { error_kind: "string", string: "Intent expired" }, "9872184990886929843": { error_kind: "string", string: "Sender commitment X mismatch" }, "14620555433709191364": { error_kind: "string", string: "Sender commitment Y mismatch" }, "15764276373176857197": { error_kind: "string", string: "Stack too deep" } } }, bytecode: "H4sIAAAAAAAA/+WZaXBV5QGGz81CAwTCTogsF2XfJEBQBCFAQjAqIETZQgIkAYJmXyCIkMgaUEgENxBli8SQlEpCCAK1MsVWLNPptCMdxyl1xlI7Tqm1QwdoO9O85D345fAm997AjD88M+FJnvOdc77zeXPufaLLatgCyLQlqeln61nHn131X/4kxkQ6XKBwreu/ghyujXBthQsWrp1w7YULEa6DcB2F6yRcZ+G6CNdVuG7CdRcuVLgewoUJd59wPYXrJVxv4foI5xaur3D3C/eAcP2E6y/cAOEGCjdIuMHCDRFuqHDDhBsu3AjhHhRupHDhwo0SbrRwY4SLEG6scA8J97Bw44R7RLjxwk0Q7lHhJgo3SbhI4SYLN0W4qcJFCRct3DThYoSbLtxjwsUK97hwTwj3pHAzhJsp3CzhnhJutnBzhIsT7mnhnhFurnDzhJsv3ALhFgoXL9wi4RKESxRusXBLhFsqXJJwycKlCLdMuOXCrRAuVbiVwj0r3HPCpQmXLlyGcJnCZQmXLVyOcLnC5QmXL9wq4VYLVyDcGuGeF26tcC8It0649cIVClck3IvCbRBuo3CbhNss3BbhtgpXLNw24bYL95JwLwu3Q7idwpUIVyrcK8LtEm63cK8K95pwrwv3hnBvCrdHuL3CvSXcPuHeFu4d4fYLd0C4g8IdEu6wcGXCvSvcEeHK6ex+cVl3brZzW15trlbej7X8jO8ryKPOQf53MYGRyTOyvwzfP7huVnRtUdG8RYNGfz294FRm6dQvr+36lhdtYmy8Y6zrqPdzuKcL+hOrZQtaSVY5B/m6oOYEPC1opeX9glZ5P4dbi4ZXaivDucmgiQUd/xjROn/wt63ywv/b9cL/Csr3Xv10XMmk1LnDkjJiF5hjw9Yn3KxaHx7f/73QfwX/+tLoSb85uubSJyFd/lR05vygG7sWmWO92eyxgbHlK3M+3TZmdsLCn3/21fgDPXZsDkkcN2vAzqzL0aVnv/Izx7r3/fbDYf+Ze+PfARlRl8I+vnk9O+7YryLXBnyzNGzplgsfDTDHetrMF1oFeZSsJKscc/WwuX5a/8+x+q+fOXb4Oc7j6bXgsny7ppdj72pOfpb3czpmtWxOLh/n9L7l/Zxw7la8RmuyDdmWDCbbke3JELID2ZHsRHYmu5BdyW5kdzKU7EGGkfeRPcleZG+yj/X9awLsS95PPkD2I/uTA8iB5CByMDmEHEoOI4eTI8gHyZFkODmKHE2OISPIseRD5MPkOPIRcjw5gXyUnEhOIiPJyeQUcioZRUaT08gYcjr5GBlLPk4+QT5JziBnkrPIp8jZ5BwyjnyafIacS84j55MLyIVkPLmITCATycXkEnIpmUQmkynkMnI5uYJMJVeSz5LPkWlkOplBZpJZZDaZQ+aSeWQ+uYpcTRaQa8jnybXkC+Q6cj1ZSBaRL5IbyI3kJnIzuYXcShaT28jt5Evky+QOcidZQpaSr5C7yN3kq+Rr5OvkG+Sb5B5yL/kWuY98m3yH3E8eIA+Sh8jDZBn5LnmELCfx3DxuNd5cpNvyanMdN8Z6ek7fyw91Qd6PbfShrpqscQ7y9UOdOQFPN17d9Ng7PtTVeD+He7qgPoxttKAnyFrnIF8X1BzraUFPWN4vaK31wyzoe1bLFvQkWecc5OuCmhPwtKAnLe8XtM77OdxaNPymBBvOTf6Ys8Mc2zPquzL32qJz2zb0LSuK//r98A79Tv+9c2iP059fO1hVHjPdHOtfcXXslSlDerlKk4Z8PH/P374pqxzWvfwTd8WEY9uLz18vN8f6Mofh109F/qW4/YzOq/48J+fmlT298mamRlw5Uli7bHdu+HcXL5pjR1zc+rv5y8/MqdtUOqJdt81L4iprK879/nrCwAvr/nH8o5IN5lhPWxCJ10k1WUOeIGvJk2SdY+4eNn8fxvpyXtep+n8+qP867djha1L5W75d08uxtx5mLqvxw6WpOXq6boDl/f0Eej6vq7mdbsu7Y837OkOetUfYf6GDiHScIcC7C92+YEtvvomxJfaD9IwP5z1rtWxRne9anq5jzsnTdphET+NvXPhlRlOjp9HSeOijodHPaGd0M5oZvYxWRiejkdHHaGN0MZoYPYwWRgejgdG/fTivvlZD76J10bloXDx50bboWjQtehYti45Fw6Jf0a7oVjQrehWtik5Fo6JP0aboUjQpehQtig5Fg6I/0Z6RVkNzojfRmuhMNCb6Em2JJzWaEj2JlkRHoiHRj2hHdCOaEb2IVkQnohHRh2hDdCGaEO98aEF0IN7Z0H9ov8VWQ/Oh99B66Dw0HvoObYeuQ9Oh59By6Dg0HPoN7YZuQ7Oh19Bq6DQ0GvoMbYYuQ5Ohx9Bi6DA0GPoL7VVoNTQXegtPeXQWGgt9hbZCV6Gp0FNoKXQUGgr9hHZCN6GZ0EtoJXQSGgl9hDZCF6GJ0ENoIXQQGgj9g/bZbzU0D3oHrYPXHxoHfYO2wbsfPvSYf+O0H4B4HuD3ONDYZ35/hKzuf+74P9u6io1dt86L7Ze/6BdRU3blgrnP/mt7WUHPHnUT5kWZ++zWCPX/sLQ67w+TzX32p7wv+rgz23yQNdv29kOtPZmckpSRlpmRk5K4IjU9tzdtkGO0/cRzW15tLvNt1/fjC2OCnCf06Xgrxv7/KHczf/uYFhx/+xUSZRzvnAs2+y+B5qPVPgZPvPbG9yHGMdiijfO5HPumieve5T1F28cHtOx4v07Wnde3z4UnOu4xlD/7i7HmaynQGKPW1RLOJc7jXBvzv4Ob7BxuXepzOaJgaLexGTPzN16Oq1rX5dDgv4aEXs2bkH/jiwznvfg1M/fgZuYQLO7HXB/7d6Jl6786xr6mPa9A6871Ms8f4Bjfi2xtXN+cp9tqfvv8/LXPamJHpXV0HI/NvmfcZxi/T07NTknKTc1PSax/MKUsT8lOzMrLyE1NSc+1VyLIOMo+oy+vSPv4ti07vtH7gOWYi3ne2xckA8RxriZ+9nOwubFOb7pgsc8+ZyfSnK99H/8HYaTeT0IrAAA=", debug_symbols: "pZbNjuIwDIDfJeceYsf541VGI1SgM6pUFdSBlVaId9+YxaU9JMuGS+O69dfYsV1f1aHbXb63/fh1/FGbj6vaTf0w9N/b4bhvz/1xTNqr0nwBpzbYKPB/l6A2Ji1RbahRmN6g261RYrY9T13HVgtOop/aqRvPajNehqFRv9rhcn/p59SO9/XcTumpblQ3HtKagF/90LF0a57WOm8aND6MA7rZHPzKHvL2juhh76ypsQ8g9iFU2YvzXme/X/AfCCQAQO4ZAbuOoC0QHIgL4Kx97iGuCK5AiDE8CKgxS/B5AgHYB4HAhhoCGi8E9LaOAO8S0LxAKEYyODmLGGsIqK0kNAJCjgAmjzCWJBDGaV2zCUA/b8KZ7CYKWUk2ih/kaFHZrhIRc4hicfkox2GBcsVVIlinZ8LiQP+D4IOUBgQKOQKWENpJXgKYRSDo5U0EN/eI4HWFGykvYU4JDVk3CnmJGOY2Y5bNfp1VSAVEwLk6gs1WB9q3W1UR8Vqv+gcC3ka81K2K4Yxa6gMjxBqEAS0FYlJy1iGe/QqifxeB+ZZXym+AZ9+lmkJHREksRDIrwme6a/f9tJ7SwGEae9JM5gxXNgv0UFhROO53LHguXRYCu8VC5K3yfKdFAP40C4mLbOUNnywLJBorGicaLxqeEO/miWyIR0bNfxMWQAQUwbBw43BMfbsbOvaIfb6Me3Ew3Z5/n+SJDKqn6bjvDpep42AsptV0/UhnjPHzxgH7Aw==", file_map: { "14": { source: "// docs:start:ecdsa_secp256k1\n/// Verifies a ECDSA signature over the secp256k1 curve.\n/// - inputs:\n/// - x coordinate of public key as 32 bytes\n/// - y coordinate of public key as 32 bytes\n/// - the signature, as a 64 bytes array\n/// The signature internally will be represented as `(r, s)`,\n/// where `r` and `s` are fixed-sized big endian scalar values.\n/// As the `secp256k1` has a 256-bit modulus, we have a 64 byte signature\n/// while `r` and `s` will both be 32 bytes.\n/// We expect `s` to be normalized. This means given the curve's order,\n/// `s` should be less than or equal to `order / 2`.\n/// This is done to prevent malleability.\n/// For more context regarding malleability you can reference BIP 0062.\n/// - the hash of the message, as a vector of bytes\n/// - output: false for failure and true for success\npub fn verify_signature(\n public_key_x: [u8; 32],\n public_key_y: [u8; 32],\n signature: [u8; 64],\n message_hash: [u8; 32],\n) -> bool\n// docs:end:ecdsa_secp256k1\n{\n _verify_signature(public_key_x, public_key_y, signature, message_hash, true)\n}\n\n#[foreign(ecdsa_secp256k1)]\npub fn _verify_signature(\n public_key_x: [u8; 32],\n public_key_y: [u8; 32],\n signature: [u8; 64],\n message_hash: [u8; 32],\n predicate: bool,\n) -> bool {}\n", path: "std/ecdsa_secp256k1.nr" }, "16": { source: "use crate::cmp::Eq;\nuse crate::hash::Hash;\nuse crate::ops::arith::{Add, Neg, Sub};\n\n/// A point on the embedded elliptic curve\n/// By definition, the base field of the embedded curve is the scalar field of the proof system curve, i.e the Noir Field.\n/// x and y denotes the Weierstrass coordinates of the point, if is_infinite is false.\npub struct EmbeddedCurvePoint {\n pub x: Field,\n pub y: Field,\n pub is_infinite: bool,\n}\n\nimpl EmbeddedCurvePoint {\n /// Elliptic curve point doubling operation\n /// returns the doubled point of a point P, i.e P+P\n pub fn double(self) -> EmbeddedCurvePoint {\n embedded_curve_add(self, self)\n }\n\n /// Returns the null element of the curve; 'the point at infinity'\n pub fn point_at_infinity() -> EmbeddedCurvePoint {\n EmbeddedCurvePoint { x: 0, y: 0, is_infinite: true }\n }\n\n /// Returns the curve's generator point.\n pub fn generator() -> EmbeddedCurvePoint {\n // Generator point for the grumpkin curve (y^2 = x^3 - 17)\n EmbeddedCurvePoint {\n x: 1,\n y: 17631683881184975370165255887551781615748388533673675138860, // sqrt(-16)\n is_infinite: false,\n }\n }\n}\n\nimpl Add for EmbeddedCurvePoint {\n /// Adds two points P+Q, using the curve addition formula, and also handles point at infinity\n fn add(self, other: EmbeddedCurvePoint) -> EmbeddedCurvePoint {\n embedded_curve_add(self, other)\n }\n}\n\nimpl Sub for EmbeddedCurvePoint {\n /// Points subtraction operation, using addition and negation\n fn sub(self, other: EmbeddedCurvePoint) -> EmbeddedCurvePoint {\n self + other.neg()\n }\n}\n\nimpl Neg for EmbeddedCurvePoint {\n /// Negates a point P, i.e returns -P, by negating the y coordinate.\n /// If the point is at infinity, then the result is also at infinity.\n fn neg(self) -> EmbeddedCurvePoint {\n EmbeddedCurvePoint { x: self.x, y: -self.y, is_infinite: self.is_infinite }\n }\n}\n\nimpl Eq for EmbeddedCurvePoint {\n /// Checks whether two points are equal\n fn eq(self: Self, b: EmbeddedCurvePoint) -> bool {\n (self.is_infinite & b.is_infinite)\n | ((self.is_infinite == b.is_infinite) & (self.x == b.x) & (self.y == b.y))\n }\n}\n\nimpl Hash for EmbeddedCurvePoint {\n fn hash<H>(self, state: &mut H)\n where\n H: crate::hash::Hasher,\n {\n if self.is_infinite {\n self.is_infinite.hash(state);\n } else {\n self.x.hash(state);\n self.y.hash(state);\n }\n }\n}\n\n/// Scalar for the embedded curve represented as low and high limbs\n/// By definition, the scalar field of the embedded curve is base field of the proving system curve.\n/// It may not fit into a Field element, so it is represented with two Field elements; its low and high limbs.\npub struct EmbeddedCurveScalar {\n pub lo: Field,\n pub hi: Field,\n}\n\nimpl EmbeddedCurveScalar {\n pub fn new(lo: Field, hi: Field) -> Self {\n EmbeddedCurveScalar { lo, hi }\n }\n\n #[field(bn254)]\n pub fn from_field(scalar: Field) -> EmbeddedCurveScalar {\n let (a, b) = crate::field::bn254::decompose(scalar);\n EmbeddedCurveScalar { lo: a, hi: b }\n }\n\n //Bytes to scalar: take the first (after the specified offset) 16 bytes of the input as the lo value, and the next 16 bytes as the hi value\n #[field(bn254)]\n pub(crate) fn from_bytes(bytes: [u8; 64], offset: u32) -> EmbeddedCurveScalar {\n let mut v = 1;\n let mut lo = 0 as Field;\n let mut hi = 0 as Field;\n for i in 0..16 {\n lo = lo + (bytes[offset + 31 - i] as Field) * v;\n hi = hi + (bytes[offset + 15 - i] as Field) * v;\n v = v * 256;\n }\n let sig_s = crate::embedded_curve_ops::EmbeddedCurveScalar { lo, hi };\n sig_s\n }\n}\n\nimpl Eq for EmbeddedCurveScalar {\n fn eq(self, other: Self) -> bool {\n (other.hi == self.hi) & (other.lo == self.lo)\n }\n}\n\nimpl Hash for EmbeddedCurveScalar {\n fn hash<H>(self, state: &mut H)\n where\n H: crate::hash::Hasher,\n {\n self.hi.hash(state);\n self.lo.hash(state);\n }\n}\n\n// Computes a multi scalar multiplication over the embedded curve.\n// For bn254, We have Grumpkin and Baby JubJub.\n// For bls12-381, we have JubJub and Bandersnatch.\n//\n// The embedded curve being used is decided by the\n// underlying proof system.\n// docs:start:multi_scalar_mul\npub fn multi_scalar_mul<let N: u32>(\n points: [EmbeddedCurvePoint; N],\n scalars: [EmbeddedCurveScalar; N],\n) -> EmbeddedCurvePoint\n// docs:end:multi_scalar_mul\n{\n multi_scalar_mul_array_return(points, scalars, true)[0]\n}\n\n#[foreign(multi_scalar_mul)]\npub(crate) fn multi_scalar_mul_array_return<let N: u32>(\n points: [EmbeddedCurvePoint; N],\n scalars: [EmbeddedCurveScalar; N],\n predicate: bool,\n) -> [EmbeddedCurvePoint; 1] {}\n\n// docs:start:fixed_base_scalar_mul\npub fn fixed_base_scalar_mul(scalar: EmbeddedCurveScalar) -> EmbeddedCurvePoint\n// docs:end:fixed_base_scalar_mul\n{\n multi_scalar_mul([EmbeddedCurvePoint::generator()], [scalar])\n}\n\n/// This function only assumes that the points are on the curve\n/// It handles corner cases around the infinity point causing some overhead compared to embedded_curve_add_not_nul and embedded_curve_add_unsafe\n// docs:start:embedded_curve_add\npub fn embedded_curve_add(\n point1: EmbeddedCurvePoint,\n point2: EmbeddedCurvePoint,\n) -> EmbeddedCurvePoint {\n // docs:end:embedded_curve_add\n if crate::runtime::is_unconstrained() {\n // `embedded_curve_add_unsafe` requires the inputs not to be the infinity point, so we check it here.\n // This is because `embedded_curve_add_unsafe` uses the `embedded_curve_add` opcode.\n // For efficiency, the backend does not check the inputs for the infinity point, but it assumes that they are not the infinity point\n // so that it can apply the ec addition formula directly.\n if point1.is_infinite {\n point2\n } else if point2.is_infinite {\n point1\n } else {\n embedded_curve_add_unsafe(point1, point2)\n }\n } else {\n // In a constrained context, we also need to check the inputs are not the infinity point because we also use `embedded_curve_add_unsafe`\n // However we also need to identify the case where the two inputs are the same, because then\n // the addition formula does not work and we need to use the doubling formula instead.\n // In unconstrained context, we can check directly if the input values are the same when solving the opcode, so it is not an issue.\n\n // x_coordinates_match is true if both abscissae are the same\n let x_coordinates_match = point1.x == point2.x;\n // y_coordinates_match is true if both ordinates are the same\n let y_coordinates_match = point1.y == point2.y;\n // double_predicate is true if both abscissae and ordinates are the same\n let double_predicate = (x_coordinates_match & y_coordinates_match);\n // If the abscissae are the same, but not the ordinates, then one point is the opposite of the other\n let infinity_predicate = (x_coordinates_match & !y_coordinates_match);\n\n // `embedded_curve_add_unsafe` would not perform doubling, even if the inputs point1 and point2 are the same, because it cannot know this without adding some logic (and some constraints)\n // However we did this logic when we computed `double_predicate`, so we set the result to 2*point1 if point1 and point2 are the same\n let mut result = if double_predicate {\n // `embedded_curve_add_unsafe` is doing a doubling if the input is the same variable, because in this case it is guaranteed (at 'compile time') that the input is the same.\n embedded_curve_add_unsafe(point1, point1)\n } else {\n let point1_1 = EmbeddedCurvePoint {\n x: point1.x + (x_coordinates_match as Field),\n y: point1.y,\n is_infinite: false,\n };\n let point2_1 = EmbeddedCurvePoint { x: point2.x, y: point2.y, is_infinite: false };\n // point1_1 is guaranteed to have a different abscissa than point2:\n // - if x_coordinates_match is 0, that means point1.x != point2.x, and point1_1.x = point1.x + 0\n // - if x_coordinates_match is 1, that means point1.x = point2.x, but point1_1.x = point1.x + 1 in this case\n // Because the abscissa is different, the addition formula is guaranteed to succeed, so we can safely use `embedded_curve_add_unsafe`\n // Note that this computation may be garbage: if x_coordinates_match is 1, or if one of the input is the point at infinity.\n // therefore we only want to do this if we need the result, otherwise it needs to be eliminated as a dead instruction, lest we want the circuit to fail.\n embedded_curve_add_unsafe(point1_1, point2_1)\n };\n\n // Same logic as above for unconstrained context, we set the proper result when one of the inputs is the infinity point\n if point1.is_infinite {\n result = point2;\n }\n if point2.is_infinite {\n result = point1;\n }\n\n // Finally, we set the is_infinity flag of the result:\n // Opposite points should sum into the infinity point, however, if one of them is point at infinity, their coordinates are not meaningful\n // so we should not use the fact that the inputs are opposite in this case:\n let mut result_is_infinity =\n infinity_predicate & (!point1.is_infinite & !point2.is_infinite);\n // However, if both of them are at infinity, then the result is also at infinity\n result.is_infinite = result_is_infinity | (point1.is_infinite & point2.is_infinite);\n result\n }\n}\n\n#[foreign(embedded_curve_add)]\nfn embedded_curve_add_array_return(\n _point1: EmbeddedCurvePoint,\n _point2: EmbeddedCurvePoint,\n _predicate: bool,\n) -> [EmbeddedCurvePoint; 1] {}\n\n/// This function assumes that:\n/// The points are on the curve, and\n/// The points don't share an x-coordinate, and\n/// Neither point is the infinity point.\n/// If it is used with correct input, the function ensures the correct non-zero result is returned.\n/// Except for points on the curve, the other assumptions are checked by the function. It will cause assertion failure if they are not respected.\npub fn embedded_curve_add_not_nul(\n point1: EmbeddedCurvePoint,\n point2: EmbeddedCurvePoint,\n) -> EmbeddedCurvePoint {\n assert(point1.x != point2.x);\n assert(!point1.is_infinite);\n assert(!point2.is_infinite);\n // Ensure is_infinite is comptime\n let point1_1 = EmbeddedCurvePoint { x: point1.x, y: point1.y, is_infinite: false };\n let point2_1 = EmbeddedCurvePoint { x: point2.x, y: point2.y, is_infinite: false };\n embedded_curve_add_unsafe(point1_1, point2_1)\n}\n\n/// Unsafe ec addition\n/// If the inputs are the same, it will perform a doubling, but only if point1 and point2 are the same variable.\n/// If they have the same value but are different variables, the result will be incorrect because in this case\n/// it assumes (but does not check) that the points' x-coordinates are not equal.\n/// It also assumes neither point is the infinity point.\npub fn embedded_curve_add_unsafe(\n point1: EmbeddedCurvePoint,\n point2: EmbeddedCurvePoint,\n) -> EmbeddedCurvePoint {\n embedded_curve_add_array_return(point1, point2, true)[0]\n}\n", path: "std/embedded_curve_ops.nr" }, "17": { source: `use crate::field::field_less_than;
|
|
@@ -11921,6 +12109,9 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
11921
12109
|
framework = "noir";
|
|
11922
12110
|
_isReady = false;
|
|
11923
12111
|
config;
|
|
12112
|
+
// Mobile device info (cached)
|
|
12113
|
+
deviceInfo = null;
|
|
12114
|
+
wasmCompatibility = null;
|
|
11924
12115
|
// Circuit instances
|
|
11925
12116
|
fundingNoir = null;
|
|
11926
12117
|
fundingBackend = null;
|
|
@@ -11932,17 +12123,25 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
11932
12123
|
worker = null;
|
|
11933
12124
|
workerPending = /* @__PURE__ */ new Map();
|
|
11934
12125
|
constructor(config = {}) {
|
|
12126
|
+
this.deviceInfo = getMobileDeviceInfo();
|
|
12127
|
+
const isMobile = this.deviceInfo.isMobile;
|
|
12128
|
+
const defaultTimeout = isMobile ? 12e4 : 6e4;
|
|
11935
12129
|
this.config = {
|
|
11936
12130
|
useWorker: config.useWorker ?? true,
|
|
11937
12131
|
verbose: config.verbose ?? false,
|
|
11938
12132
|
oraclePublicKey: config.oraclePublicKey ?? void 0,
|
|
11939
|
-
timeout: config.timeout ??
|
|
12133
|
+
timeout: config.timeout ?? defaultTimeout,
|
|
12134
|
+
mobileMode: config.mobileMode ?? isMobile,
|
|
12135
|
+
forceInitialize: config.forceInitialize ?? false
|
|
11940
12136
|
};
|
|
11941
12137
|
if (!isBrowser()) {
|
|
11942
12138
|
console.warn(
|
|
11943
12139
|
"[BrowserNoirProvider] Not running in browser environment. Consider using NoirProofProvider for Node.js."
|
|
11944
12140
|
);
|
|
11945
12141
|
}
|
|
12142
|
+
if (this.config.verbose && this.deviceInfo) {
|
|
12143
|
+
console.log("[BrowserNoirProvider] Device info:", this.deviceInfo);
|
|
12144
|
+
}
|
|
11946
12145
|
}
|
|
11947
12146
|
get isReady() {
|
|
11948
12147
|
return this._isReady;
|
|
@@ -11972,6 +12171,67 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
11972
12171
|
missing
|
|
11973
12172
|
};
|
|
11974
12173
|
}
|
|
12174
|
+
/**
|
|
12175
|
+
* Get detailed mobile device information
|
|
12176
|
+
*/
|
|
12177
|
+
static getMobileInfo() {
|
|
12178
|
+
return getMobileDeviceInfo();
|
|
12179
|
+
}
|
|
12180
|
+
/**
|
|
12181
|
+
* Check mobile WASM compatibility
|
|
12182
|
+
*
|
|
12183
|
+
* Returns detailed compatibility information including:
|
|
12184
|
+
* - Feature support (WASM, SharedArrayBuffer, Workers, SIMD)
|
|
12185
|
+
* - Compatibility score (0-100)
|
|
12186
|
+
* - Issues and recommendations
|
|
12187
|
+
*
|
|
12188
|
+
* @example
|
|
12189
|
+
* ```typescript
|
|
12190
|
+
* const compat = BrowserNoirProvider.checkMobileCompatibility()
|
|
12191
|
+
* if (compat.score < 70) {
|
|
12192
|
+
* console.warn('Limited mobile support:', compat.issues)
|
|
12193
|
+
* }
|
|
12194
|
+
* ```
|
|
12195
|
+
*/
|
|
12196
|
+
static checkMobileCompatibility() {
|
|
12197
|
+
return checkMobileWASMCompatibility();
|
|
12198
|
+
}
|
|
12199
|
+
/**
|
|
12200
|
+
* Check if the current device is mobile
|
|
12201
|
+
*/
|
|
12202
|
+
static isMobile() {
|
|
12203
|
+
return getMobileDeviceInfo().isMobile;
|
|
12204
|
+
}
|
|
12205
|
+
/**
|
|
12206
|
+
* Get recommended configuration for the current device
|
|
12207
|
+
*
|
|
12208
|
+
* Automatically adjusts settings based on device capabilities:
|
|
12209
|
+
* - Mobile devices get longer timeouts
|
|
12210
|
+
* - Low-memory devices disable workers
|
|
12211
|
+
* - Tablets get intermediate settings
|
|
12212
|
+
*/
|
|
12213
|
+
static getRecommendedConfig() {
|
|
12214
|
+
const deviceInfo = getMobileDeviceInfo();
|
|
12215
|
+
const compat = checkMobileWASMCompatibility();
|
|
12216
|
+
const config = {};
|
|
12217
|
+
if (deviceInfo.isMobile) {
|
|
12218
|
+
config.timeout = 12e4;
|
|
12219
|
+
config.mobileMode = true;
|
|
12220
|
+
if (deviceInfo.deviceMemoryGB !== null && deviceInfo.deviceMemoryGB < 2) {
|
|
12221
|
+
config.useWorker = false;
|
|
12222
|
+
}
|
|
12223
|
+
if (deviceInfo.platform === "ios" && deviceInfo.browser === "safari") {
|
|
12224
|
+
config.useWorker = compat.sharedArrayBuffer;
|
|
12225
|
+
}
|
|
12226
|
+
} else if (deviceInfo.isTablet) {
|
|
12227
|
+
config.timeout = 9e4;
|
|
12228
|
+
config.mobileMode = true;
|
|
12229
|
+
}
|
|
12230
|
+
if (compat.score < 50) {
|
|
12231
|
+
config.forceInitialize = false;
|
|
12232
|
+
}
|
|
12233
|
+
return config;
|
|
12234
|
+
}
|
|
11975
12235
|
/**
|
|
11976
12236
|
* Derive secp256k1 public key coordinates from a private key
|
|
11977
12237
|
*/
|
|
@@ -11981,6 +12241,18 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
11981
12241
|
const y = Array.from(uncompressedPubKey.slice(33, 65));
|
|
11982
12242
|
return { x, y };
|
|
11983
12243
|
}
|
|
12244
|
+
/**
|
|
12245
|
+
* Get the cached WASM compatibility info (available after construction)
|
|
12246
|
+
*/
|
|
12247
|
+
getWASMCompatibility() {
|
|
12248
|
+
return this.wasmCompatibility;
|
|
12249
|
+
}
|
|
12250
|
+
/**
|
|
12251
|
+
* Get the cached device info (available after construction)
|
|
12252
|
+
*/
|
|
12253
|
+
getDeviceInfo() {
|
|
12254
|
+
return this.deviceInfo;
|
|
12255
|
+
}
|
|
11984
12256
|
/**
|
|
11985
12257
|
* Initialize the browser provider
|
|
11986
12258
|
*
|
|
@@ -11993,8 +12265,18 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
11993
12265
|
if (this._isReady) {
|
|
11994
12266
|
return;
|
|
11995
12267
|
}
|
|
12268
|
+
this.wasmCompatibility = checkMobileWASMCompatibility();
|
|
12269
|
+
if (this.config.verbose) {
|
|
12270
|
+
console.log("[BrowserNoirProvider] WASM compatibility:", this.wasmCompatibility);
|
|
12271
|
+
}
|
|
12272
|
+
if (this.wasmCompatibility.score < 50 && !this.config.forceInitialize) {
|
|
12273
|
+
throw new ProofError(
|
|
12274
|
+
`Device has poor WASM compatibility (score: ${this.wasmCompatibility.score}). Issues: ${this.wasmCompatibility.issues.join(", ")}. Set forceInitialize: true to override.`,
|
|
12275
|
+
"SIP_4004" /* PROOF_PROVIDER_NOT_READY */
|
|
12276
|
+
);
|
|
12277
|
+
}
|
|
11996
12278
|
const { supported, missing } = _BrowserNoirProvider.checkBrowserSupport();
|
|
11997
|
-
if (!supported) {
|
|
12279
|
+
if (!supported && !this.config.forceInitialize) {
|
|
11998
12280
|
throw new ProofError(
|
|
11999
12281
|
`Browser missing required features: ${missing.join(", ")}`,
|
|
12000
12282
|
"SIP_4004" /* PROOF_PROVIDER_NOT_READY */
|
|
@@ -12058,8 +12340,69 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
12058
12340
|
* Initialize Web Worker for off-main-thread proof generation
|
|
12059
12341
|
*/
|
|
12060
12342
|
async initializeWorker() {
|
|
12061
|
-
if (
|
|
12062
|
-
|
|
12343
|
+
if (!supportsWebWorkers()) {
|
|
12344
|
+
if (this.config.verbose) {
|
|
12345
|
+
console.log("[BrowserNoirProvider] Web Workers not supported, using main thread");
|
|
12346
|
+
}
|
|
12347
|
+
return;
|
|
12348
|
+
}
|
|
12349
|
+
try {
|
|
12350
|
+
const workerCode = this.getWorkerCode();
|
|
12351
|
+
const blob = new Blob([workerCode], { type: "application/javascript" });
|
|
12352
|
+
const workerURL = URL.createObjectURL(blob);
|
|
12353
|
+
this.worker = new Worker(workerURL, { type: "module" });
|
|
12354
|
+
this.worker.onmessage = (event) => {
|
|
12355
|
+
this.handleWorkerMessage(event.data);
|
|
12356
|
+
};
|
|
12357
|
+
this.worker.onerror = (error) => {
|
|
12358
|
+
console.error("[BrowserNoirProvider] Worker error:", error);
|
|
12359
|
+
for (const [id, { reject }] of this.workerPending) {
|
|
12360
|
+
reject(new Error(`Worker error: ${error.message}`));
|
|
12361
|
+
this.workerPending.delete(id);
|
|
12362
|
+
}
|
|
12363
|
+
this.worker?.terminate();
|
|
12364
|
+
this.worker = null;
|
|
12365
|
+
};
|
|
12366
|
+
URL.revokeObjectURL(workerURL);
|
|
12367
|
+
if (this.config.verbose) {
|
|
12368
|
+
console.log("[BrowserNoirProvider] Web Worker initialized successfully");
|
|
12369
|
+
}
|
|
12370
|
+
} catch (error) {
|
|
12371
|
+
if (this.config.verbose) {
|
|
12372
|
+
console.warn("[BrowserNoirProvider] Failed to initialize worker, using main thread:", error);
|
|
12373
|
+
}
|
|
12374
|
+
this.worker = null;
|
|
12375
|
+
}
|
|
12376
|
+
}
|
|
12377
|
+
/**
|
|
12378
|
+
* Get inline worker code for bundler compatibility
|
|
12379
|
+
*/
|
|
12380
|
+
getWorkerCode() {
|
|
12381
|
+
return `
|
|
12382
|
+
self.onmessage = async function(event) {
|
|
12383
|
+
const { id, type } = event.data;
|
|
12384
|
+
// Signal that worker received message but proof gen happens on main thread
|
|
12385
|
+
self.postMessage({ id, type: 'fallback', message: 'Worker initialized, using main thread for proofs' });
|
|
12386
|
+
};
|
|
12387
|
+
`;
|
|
12388
|
+
}
|
|
12389
|
+
/**
|
|
12390
|
+
* Handle messages from worker
|
|
12391
|
+
*/
|
|
12392
|
+
handleWorkerMessage(data) {
|
|
12393
|
+
const pending = this.workerPending.get(data.id);
|
|
12394
|
+
if (!pending) return;
|
|
12395
|
+
switch (data.type) {
|
|
12396
|
+
case "success":
|
|
12397
|
+
this.workerPending.delete(data.id);
|
|
12398
|
+
pending.resolve(data.result);
|
|
12399
|
+
break;
|
|
12400
|
+
case "error":
|
|
12401
|
+
this.workerPending.delete(data.id);
|
|
12402
|
+
pending.reject(new Error(data.error));
|
|
12403
|
+
break;
|
|
12404
|
+
case "fallback":
|
|
12405
|
+
break;
|
|
12063
12406
|
}
|
|
12064
12407
|
}
|
|
12065
12408
|
/**
|
|
@@ -12081,15 +12424,10 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
12081
12424
|
percent: 10,
|
|
12082
12425
|
message: "Preparing witness inputs..."
|
|
12083
12426
|
});
|
|
12084
|
-
const
|
|
12085
|
-
params.balance,
|
|
12086
|
-
params.blindingFactor,
|
|
12087
|
-
params.assetId
|
|
12088
|
-
);
|
|
12427
|
+
const blindingField = this.bytesToField(params.blindingFactor);
|
|
12089
12428
|
const witnessInputs = {
|
|
12090
|
-
commitment_hash: commitmentHash,
|
|
12091
12429
|
minimum_required: params.minimumRequired.toString(),
|
|
12092
|
-
asset_id: this.assetIdToField(params.assetId)
|
|
12430
|
+
asset_id: `0x${this.assetIdToField(params.assetId)}`,
|
|
12093
12431
|
balance: params.balance.toString(),
|
|
12094
12432
|
blinding: blindingField
|
|
12095
12433
|
};
|
|
@@ -12098,7 +12436,7 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
12098
12436
|
percent: 30,
|
|
12099
12437
|
message: "Generating witness..."
|
|
12100
12438
|
});
|
|
12101
|
-
const { witness } = await this.fundingNoir.execute(witnessInputs);
|
|
12439
|
+
const { witness, returnValue } = await this.fundingNoir.execute(witnessInputs);
|
|
12102
12440
|
onProgress?.({
|
|
12103
12441
|
stage: "proving",
|
|
12104
12442
|
percent: 50,
|
|
@@ -12110,10 +12448,12 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
12110
12448
|
percent: 100,
|
|
12111
12449
|
message: "Proof generated successfully"
|
|
12112
12450
|
});
|
|
12451
|
+
const commitmentHashBytes = returnValue;
|
|
12452
|
+
const commitmentHashHex = bytesToHex7(new Uint8Array(commitmentHashBytes));
|
|
12113
12453
|
const publicInputs = [
|
|
12114
|
-
`0x${commitmentHash}`,
|
|
12115
12454
|
`0x${params.minimumRequired.toString(16).padStart(16, "0")}`,
|
|
12116
|
-
`0x${this.assetIdToField(params.assetId)}
|
|
12455
|
+
`0x${this.assetIdToField(params.assetId)}`,
|
|
12456
|
+
`0x${commitmentHashHex}`
|
|
12117
12457
|
];
|
|
12118
12458
|
const proof = {
|
|
12119
12459
|
type: "funding",
|
|
@@ -12515,6 +12855,314 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
12515
12855
|
return { x, y };
|
|
12516
12856
|
}
|
|
12517
12857
|
};
|
|
12858
|
+
|
|
12859
|
+
// src/proofs/worker.ts
|
|
12860
|
+
function createWorkerBlobURL() {
|
|
12861
|
+
const workerCode = `
|
|
12862
|
+
// Proof Generation Worker
|
|
12863
|
+
// This code runs in a separate thread
|
|
12864
|
+
|
|
12865
|
+
let fundingNoir = null;
|
|
12866
|
+
let fundingBackend = null;
|
|
12867
|
+
let validityNoir = null;
|
|
12868
|
+
let validityBackend = null;
|
|
12869
|
+
let fulfillmentNoir = null;
|
|
12870
|
+
let fulfillmentBackend = null;
|
|
12871
|
+
let isReady = false;
|
|
12872
|
+
let config = { verbose: false };
|
|
12873
|
+
|
|
12874
|
+
// Helper to send progress updates
|
|
12875
|
+
function sendProgress(id, stage, percent, message) {
|
|
12876
|
+
self.postMessage({
|
|
12877
|
+
id,
|
|
12878
|
+
type: 'progress',
|
|
12879
|
+
progress: { stage, percent, message }
|
|
12880
|
+
});
|
|
12881
|
+
}
|
|
12882
|
+
|
|
12883
|
+
// Helper to send error
|
|
12884
|
+
function sendError(id, error) {
|
|
12885
|
+
self.postMessage({
|
|
12886
|
+
id,
|
|
12887
|
+
type: 'error',
|
|
12888
|
+
error: error.message || String(error)
|
|
12889
|
+
});
|
|
12890
|
+
}
|
|
12891
|
+
|
|
12892
|
+
// Helper to send success
|
|
12893
|
+
function sendSuccess(id, result) {
|
|
12894
|
+
self.postMessage({
|
|
12895
|
+
id,
|
|
12896
|
+
type: 'success',
|
|
12897
|
+
result
|
|
12898
|
+
});
|
|
12899
|
+
}
|
|
12900
|
+
|
|
12901
|
+
// Initialize circuits (called once)
|
|
12902
|
+
async function initialize(id, initConfig) {
|
|
12903
|
+
try {
|
|
12904
|
+
sendProgress(id, 'initializing', 10, 'Loading Noir JS...');
|
|
12905
|
+
|
|
12906
|
+
// Dynamic imports for Noir
|
|
12907
|
+
const { Noir } = await import('@noir-lang/noir_js');
|
|
12908
|
+
const { UltraHonkBackend } = await import('@aztec/bb.js');
|
|
12909
|
+
|
|
12910
|
+
sendProgress(id, 'initializing', 30, 'Loading circuit artifacts...');
|
|
12911
|
+
|
|
12912
|
+
// Load circuit artifacts
|
|
12913
|
+
const [fundingArtifact, validityArtifact, fulfillmentArtifact] = await Promise.all([
|
|
12914
|
+
fetch(new URL('./circuits/funding_proof.json', import.meta.url)).then(r => r.json()),
|
|
12915
|
+
fetch(new URL('./circuits/validity_proof.json', import.meta.url)).then(r => r.json()),
|
|
12916
|
+
fetch(new URL('./circuits/fulfillment_proof.json', import.meta.url)).then(r => r.json()),
|
|
12917
|
+
]);
|
|
12918
|
+
|
|
12919
|
+
sendProgress(id, 'initializing', 50, 'Initializing backends...');
|
|
12920
|
+
|
|
12921
|
+
// Initialize Noir instances
|
|
12922
|
+
fundingNoir = new Noir(fundingArtifact);
|
|
12923
|
+
fundingBackend = new UltraHonkBackend(fundingArtifact.bytecode);
|
|
12924
|
+
|
|
12925
|
+
sendProgress(id, 'initializing', 70, 'Initializing validity circuit...');
|
|
12926
|
+
validityNoir = new Noir(validityArtifact);
|
|
12927
|
+
validityBackend = new UltraHonkBackend(validityArtifact.bytecode);
|
|
12928
|
+
|
|
12929
|
+
sendProgress(id, 'initializing', 90, 'Initializing fulfillment circuit...');
|
|
12930
|
+
fulfillmentNoir = new Noir(fulfillmentArtifact);
|
|
12931
|
+
fulfillmentBackend = new UltraHonkBackend(fulfillmentArtifact.bytecode);
|
|
12932
|
+
|
|
12933
|
+
config = initConfig || { verbose: false };
|
|
12934
|
+
isReady = true;
|
|
12935
|
+
|
|
12936
|
+
sendProgress(id, 'complete', 100, 'Worker initialized');
|
|
12937
|
+
sendSuccess(id, { initialized: true });
|
|
12938
|
+
} catch (error) {
|
|
12939
|
+
sendError(id, error);
|
|
12940
|
+
}
|
|
12941
|
+
}
|
|
12942
|
+
|
|
12943
|
+
// Generate funding proof
|
|
12944
|
+
async function generateFundingProof(id, params) {
|
|
12945
|
+
if (!isReady) {
|
|
12946
|
+
sendError(id, new Error('Worker not initialized'));
|
|
12947
|
+
return;
|
|
12948
|
+
}
|
|
12949
|
+
|
|
12950
|
+
try {
|
|
12951
|
+
sendProgress(id, 'witness', 20, 'Preparing witness...');
|
|
12952
|
+
|
|
12953
|
+
// Convert blinding factor to field
|
|
12954
|
+
const blindingField = bytesToField(params.blindingFactor);
|
|
12955
|
+
|
|
12956
|
+
const witnessInputs = {
|
|
12957
|
+
minimum_required: params.minimumRequired.toString(),
|
|
12958
|
+
asset_id: '0x' + assetIdToField(params.assetId),
|
|
12959
|
+
balance: params.balance.toString(),
|
|
12960
|
+
blinding: blindingField,
|
|
12961
|
+
};
|
|
12962
|
+
|
|
12963
|
+
sendProgress(id, 'witness', 40, 'Executing circuit...');
|
|
12964
|
+
const { witness, returnValue } = await fundingNoir.execute(witnessInputs);
|
|
12965
|
+
|
|
12966
|
+
sendProgress(id, 'proving', 60, 'Generating proof...');
|
|
12967
|
+
const proofData = await fundingBackend.generateProof(witness);
|
|
12968
|
+
|
|
12969
|
+
sendProgress(id, 'complete', 100, 'Proof generated');
|
|
12970
|
+
|
|
12971
|
+
// Extract commitment hash from return value
|
|
12972
|
+
const commitmentHashHex = bytesToHex(new Uint8Array(returnValue));
|
|
12973
|
+
|
|
12974
|
+
const publicInputs = [
|
|
12975
|
+
'0x' + params.minimumRequired.toString(16).padStart(16, '0'),
|
|
12976
|
+
'0x' + assetIdToField(params.assetId),
|
|
12977
|
+
'0x' + commitmentHashHex,
|
|
12978
|
+
];
|
|
12979
|
+
|
|
12980
|
+
const proof = {
|
|
12981
|
+
type: 'funding',
|
|
12982
|
+
proof: '0x' + bytesToHex(proofData.proof),
|
|
12983
|
+
publicInputs,
|
|
12984
|
+
};
|
|
12985
|
+
|
|
12986
|
+
sendSuccess(id, { proof, publicInputs });
|
|
12987
|
+
} catch (error) {
|
|
12988
|
+
sendError(id, error);
|
|
12989
|
+
}
|
|
12990
|
+
}
|
|
12991
|
+
|
|
12992
|
+
// Helper functions
|
|
12993
|
+
function bytesToField(bytes) {
|
|
12994
|
+
let result = 0n;
|
|
12995
|
+
const len = Math.min(bytes.length, 31);
|
|
12996
|
+
for (let i = 0; i < len; i++) {
|
|
12997
|
+
result = result * 256n + BigInt(bytes[i]);
|
|
12998
|
+
}
|
|
12999
|
+
return result.toString();
|
|
13000
|
+
}
|
|
13001
|
+
|
|
13002
|
+
function assetIdToField(assetId) {
|
|
13003
|
+
if (assetId.startsWith('0x')) {
|
|
13004
|
+
return assetId.slice(2).padStart(64, '0');
|
|
13005
|
+
}
|
|
13006
|
+
const encoder = new TextEncoder();
|
|
13007
|
+
const bytes = encoder.encode(assetId);
|
|
13008
|
+
let result = 0n;
|
|
13009
|
+
for (let i = 0; i < bytes.length && i < 31; i++) {
|
|
13010
|
+
result = result * 256n + BigInt(bytes[i]);
|
|
13011
|
+
}
|
|
13012
|
+
return result.toString(16).padStart(64, '0');
|
|
13013
|
+
}
|
|
13014
|
+
|
|
13015
|
+
function bytesToHex(bytes) {
|
|
13016
|
+
return Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('');
|
|
13017
|
+
}
|
|
13018
|
+
|
|
13019
|
+
// Message handler
|
|
13020
|
+
self.onmessage = async function(event) {
|
|
13021
|
+
const { id, type, params, config: initConfig } = event.data;
|
|
13022
|
+
|
|
13023
|
+
switch (type) {
|
|
13024
|
+
case 'init':
|
|
13025
|
+
await initialize(id, initConfig);
|
|
13026
|
+
break;
|
|
13027
|
+
case 'generateFundingProof':
|
|
13028
|
+
await generateFundingProof(id, params);
|
|
13029
|
+
break;
|
|
13030
|
+
case 'generateValidityProof':
|
|
13031
|
+
// TODO: Implement
|
|
13032
|
+
sendError(id, new Error('Validity proof not yet implemented in worker'));
|
|
13033
|
+
break;
|
|
13034
|
+
case 'generateFulfillmentProof':
|
|
13035
|
+
// TODO: Implement
|
|
13036
|
+
sendError(id, new Error('Fulfillment proof not yet implemented in worker'));
|
|
13037
|
+
break;
|
|
13038
|
+
case 'destroy':
|
|
13039
|
+
// Cleanup
|
|
13040
|
+
fundingNoir = null;
|
|
13041
|
+
fundingBackend = null;
|
|
13042
|
+
validityNoir = null;
|
|
13043
|
+
validityBackend = null;
|
|
13044
|
+
fulfillmentNoir = null;
|
|
13045
|
+
fulfillmentBackend = null;
|
|
13046
|
+
isReady = false;
|
|
13047
|
+
sendSuccess(id, { destroyed: true });
|
|
13048
|
+
break;
|
|
13049
|
+
default:
|
|
13050
|
+
sendError(id, new Error('Unknown message type: ' + type));
|
|
13051
|
+
}
|
|
13052
|
+
};
|
|
13053
|
+
`;
|
|
13054
|
+
const blob = new Blob([workerCode], { type: "application/javascript" });
|
|
13055
|
+
return URL.createObjectURL(blob);
|
|
13056
|
+
}
|
|
13057
|
+
var ProofWorker = class _ProofWorker {
|
|
13058
|
+
worker = null;
|
|
13059
|
+
pendingRequests = /* @__PURE__ */ new Map();
|
|
13060
|
+
_isReady = false;
|
|
13061
|
+
requestCounter = 0;
|
|
13062
|
+
/**
|
|
13063
|
+
* Check if Web Workers are supported
|
|
13064
|
+
*/
|
|
13065
|
+
static isSupported() {
|
|
13066
|
+
return typeof Worker !== "undefined" && typeof Blob !== "undefined";
|
|
13067
|
+
}
|
|
13068
|
+
/**
|
|
13069
|
+
* Check if worker is initialized and ready
|
|
13070
|
+
*/
|
|
13071
|
+
get isReady() {
|
|
13072
|
+
return this._isReady;
|
|
13073
|
+
}
|
|
13074
|
+
/**
|
|
13075
|
+
* Initialize the worker
|
|
13076
|
+
*/
|
|
13077
|
+
async initialize(config) {
|
|
13078
|
+
if (this._isReady) {
|
|
13079
|
+
return;
|
|
13080
|
+
}
|
|
13081
|
+
if (!_ProofWorker.isSupported()) {
|
|
13082
|
+
throw new Error("Web Workers not supported in this environment");
|
|
13083
|
+
}
|
|
13084
|
+
const workerURL = createWorkerBlobURL();
|
|
13085
|
+
this.worker = new Worker(workerURL, { type: "module" });
|
|
13086
|
+
this.worker.onmessage = (event) => {
|
|
13087
|
+
this.handleWorkerMessage(event.data);
|
|
13088
|
+
};
|
|
13089
|
+
this.worker.onerror = (error) => {
|
|
13090
|
+
console.error("[ProofWorker] Worker error:", error);
|
|
13091
|
+
for (const [id, { reject }] of this.pendingRequests) {
|
|
13092
|
+
reject(new Error(`Worker error: ${error.message}`));
|
|
13093
|
+
this.pendingRequests.delete(id);
|
|
13094
|
+
}
|
|
13095
|
+
};
|
|
13096
|
+
await this.sendRequest("init", void 0, config);
|
|
13097
|
+
this._isReady = true;
|
|
13098
|
+
URL.revokeObjectURL(workerURL);
|
|
13099
|
+
}
|
|
13100
|
+
/**
|
|
13101
|
+
* Generate a proof using the worker
|
|
13102
|
+
*/
|
|
13103
|
+
async generateProof(type, params, onProgress) {
|
|
13104
|
+
if (!this._isReady || !this.worker) {
|
|
13105
|
+
throw new Error("Worker not initialized. Call initialize() first.");
|
|
13106
|
+
}
|
|
13107
|
+
const messageType = type === "funding" ? "generateFundingProof" : type === "validity" ? "generateValidityProof" : "generateFulfillmentProof";
|
|
13108
|
+
return this.sendRequest(messageType, params, void 0, onProgress);
|
|
13109
|
+
}
|
|
13110
|
+
/**
|
|
13111
|
+
* Destroy the worker and free resources
|
|
13112
|
+
*/
|
|
13113
|
+
async destroy() {
|
|
13114
|
+
if (this.worker) {
|
|
13115
|
+
try {
|
|
13116
|
+
await this.sendRequest("destroy");
|
|
13117
|
+
} catch {
|
|
13118
|
+
}
|
|
13119
|
+
this.worker.terminate();
|
|
13120
|
+
this.worker = null;
|
|
13121
|
+
}
|
|
13122
|
+
this._isReady = false;
|
|
13123
|
+
this.pendingRequests.clear();
|
|
13124
|
+
}
|
|
13125
|
+
/**
|
|
13126
|
+
* Send a request to the worker
|
|
13127
|
+
*/
|
|
13128
|
+
sendRequest(type, params, config, onProgress) {
|
|
13129
|
+
return new Promise((resolve, reject) => {
|
|
13130
|
+
if (!this.worker) {
|
|
13131
|
+
reject(new Error("Worker not available"));
|
|
13132
|
+
return;
|
|
13133
|
+
}
|
|
13134
|
+
const id = `req_${++this.requestCounter}_${Date.now()}`;
|
|
13135
|
+
this.pendingRequests.set(id, { resolve, reject, onProgress });
|
|
13136
|
+
const request = { id, type, params, config };
|
|
13137
|
+
this.worker.postMessage(request);
|
|
13138
|
+
});
|
|
13139
|
+
}
|
|
13140
|
+
/**
|
|
13141
|
+
* Handle messages from the worker
|
|
13142
|
+
*/
|
|
13143
|
+
handleWorkerMessage(response) {
|
|
13144
|
+
const pending = this.pendingRequests.get(response.id);
|
|
13145
|
+
if (!pending) {
|
|
13146
|
+
console.warn("[ProofWorker] Received response for unknown request:", response.id);
|
|
13147
|
+
return;
|
|
13148
|
+
}
|
|
13149
|
+
switch (response.type) {
|
|
13150
|
+
case "success":
|
|
13151
|
+
this.pendingRequests.delete(response.id);
|
|
13152
|
+
pending.resolve(response.result);
|
|
13153
|
+
break;
|
|
13154
|
+
case "error":
|
|
13155
|
+
this.pendingRequests.delete(response.id);
|
|
13156
|
+
pending.reject(new Error(response.error));
|
|
13157
|
+
break;
|
|
13158
|
+
case "progress":
|
|
13159
|
+
if (pending.onProgress && response.progress) {
|
|
13160
|
+
pending.onProgress(response.progress);
|
|
13161
|
+
}
|
|
13162
|
+
break;
|
|
13163
|
+
}
|
|
13164
|
+
}
|
|
13165
|
+
};
|
|
12518
13166
|
// Annotate the CommonJS export names for ESM import in node:
|
|
12519
13167
|
0 && (module.exports = {
|
|
12520
13168
|
ATTESTATION_VERSION,
|
|
@@ -12558,6 +13206,7 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
12558
13206
|
ProofError,
|
|
12559
13207
|
ProofGenerationError,
|
|
12560
13208
|
ProofNotImplementedError,
|
|
13209
|
+
ProofWorker,
|
|
12561
13210
|
ProposalStatus,
|
|
12562
13211
|
ReportStatus,
|
|
12563
13212
|
SIP,
|
|
@@ -12585,6 +13234,7 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
12585
13234
|
browserBytesToHex,
|
|
12586
13235
|
browserHexToBytes,
|
|
12587
13236
|
checkEd25519StealthAddress,
|
|
13237
|
+
checkMobileWASMCompatibility,
|
|
12588
13238
|
checkStealthAddress,
|
|
12589
13239
|
commit,
|
|
12590
13240
|
commitZero,
|
|
@@ -12609,6 +13259,7 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
12609
13259
|
createSolanaAdapter,
|
|
12610
13260
|
createTrezorAdapter,
|
|
12611
13261
|
createWalletFactory,
|
|
13262
|
+
createWorkerBlobURL,
|
|
12612
13263
|
createZcashClient,
|
|
12613
13264
|
createZcashShieldedService,
|
|
12614
13265
|
createZcashSwapService,
|
|
@@ -12623,6 +13274,8 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
12623
13274
|
deserializeIntent,
|
|
12624
13275
|
deserializePayment,
|
|
12625
13276
|
detectEthereumWallets,
|
|
13277
|
+
detectMobileBrowser,
|
|
13278
|
+
detectMobilePlatform,
|
|
12626
13279
|
detectSolanaWallets,
|
|
12627
13280
|
ed25519PublicKeyToNearAddress,
|
|
12628
13281
|
ed25519PublicKeyToSolanaAddress,
|
|
@@ -12643,6 +13296,7 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
12643
13296
|
getActiveOracles,
|
|
12644
13297
|
getAvailableTransports,
|
|
12645
13298
|
getBrowserInfo,
|
|
13299
|
+
getBrowserVersion,
|
|
12646
13300
|
getChainNumericId,
|
|
12647
13301
|
getChainsForStablecoin,
|
|
12648
13302
|
getCurveForChain,
|
|
@@ -12652,6 +13306,8 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
12652
13306
|
getEthereumProvider,
|
|
12653
13307
|
getGenerators,
|
|
12654
13308
|
getIntentSummary,
|
|
13309
|
+
getMobileDeviceInfo,
|
|
13310
|
+
getOSVersion,
|
|
12655
13311
|
getPaymentSummary,
|
|
12656
13312
|
getPaymentTimeRemaining,
|
|
12657
13313
|
getPrivacyConfig,
|
|
@@ -12677,6 +13333,7 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
12677
13333
|
isSIPError,
|
|
12678
13334
|
isStablecoin,
|
|
12679
13335
|
isStablecoinOnChain,
|
|
13336
|
+
isTablet,
|
|
12680
13337
|
isValidAmount,
|
|
12681
13338
|
isValidChainId,
|
|
12682
13339
|
isValidCompressedPublicKey,
|
|
@@ -12708,7 +13365,10 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
|
|
|
12708
13365
|
subtractBlindings,
|
|
12709
13366
|
subtractCommitments,
|
|
12710
13367
|
supportsSharedArrayBuffer,
|
|
13368
|
+
supportsTouch,
|
|
12711
13369
|
supportsViewingKey,
|
|
13370
|
+
supportsWASMBulkMemory,
|
|
13371
|
+
supportsWASMSimd,
|
|
12712
13372
|
supportsWebBluetooth,
|
|
12713
13373
|
supportsWebHID,
|
|
12714
13374
|
supportsWebUSB,
|