circomlibjs-hinkal-fork 0.0.1

package/hardhat.config.js

@@ -0,0 +1,6 @@
+/**
+ * @type import('hardhat/config').HardhatUserConfig
+ */
+module.exports = {
+  solidity: "0.7.3",
+};

package/main.js

@@ -0,0 +1,25 @@
+export {default as buildBabyjub} from "./src/babyjub.js";
+export {default as buildEddsa} from "./src/eddsa.js";
+export {default as evmasm} from "./src/evmasm.js";
+
+export {default as buildMimc7} from "./src/mimc7.js";
+import * as _mimc7Contract  from "./src/mimc7_gencontract.js";
+export const mimc7Contract=_mimc7Contract;
+
+export {default as buildMimcSponge} from "./src/mimcsponge.js";
+import * as _mimcSpongeContract  from "./src/mimcsponge_gencontract.js";
+export const mimcSpongecontract=_mimcSpongeContract;
+
+export {default as buildPedersenHash} from "./src/pedersen_hash.js";
+
+export { buildPoseidon, buildPoseidonWasm } from "./src/poseidon_wasm.js";
+import * as _poseidonContract  from "./src/poseidon_gencontract.js";
+export const poseidonContract=_poseidonContract;
+
+export {default as buildPoseidonReference} from "./src/poseidon_reference.js";
+export {default as buildPoseidonOpt} from "./src/poseidon_opt.js";
+
+export {SMT, buildSMT, newMemEmptyTrie} from "./src/smt.js";
+
+export { default as SMTMemDb } from "./src/smt_memdb.js";
+

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "circomlibjs-hinkal-fork",
+  "type": "module",
+  "main": "./build/main.cjs",
+  "module": "./main.js",
+  "exports": {
+    "import": "./main.js",
+    "require": "./build/main.cjs"
+  },
+  "version": "0.0.1",
+  "description": "Javascript library to work with circomlib",
+  "scripts": {
+    "test": "mocha",
+    "poseidonOptimizeConstants": "node tools/poseidon_optimize_constants.js",
+    "build": "rollup -c rollup.cjs.config.js"
+  },
+  "keywords": [
+    "circom",
+    "circomlib",
+    "iden3",
+    "snarkjs",
+    "snark",
+    "zero",
+    "knowledge"
+  ],
+  "license": "GPL-3.0",
+  "devDependencies": {
+    "chai": "^4.3.4",
+    "ganache": "^7.3.0",
+    "mocha": "^9.1.3"
+  },
+  "dependencies": {
+    "blake-hash": "^2.0.0",
+    "blake2b": "^2.1.3",
+    "ethers": "^5.5.1",
+    "ffjavascript": "^0.3.0",
+    "buffer": "6.0.3",
+    "process": "0.11.10"
+  }
+}

package/rollup.cjs.config.js

@@ -0,0 +1,16 @@
+import fs from "fs";
+import { builtinModules as builtin } from "module";
+
+const pkg = JSON.parse(fs.readFileSync("./package.json"));
+
+export default {
+    input: "./main.js",
+    output: {
+        file: "build/main.cjs",
+        format: "cjs",
+    },
+    external: [
+        ...Object.keys(pkg.dependencies),
+        ...builtin,
+    ]
+};

package/src/babyjub.js

@@ -0,0 +1,139 @@
+import { getCurveFromName, Scalar }  from "ffjavascript";
+
+export default async function buildBabyJub() {
+    const bn128 = await getCurveFromName("bn128", true);
+    return new BabyJub(bn128.Fr);
+}
+
+class BabyJub {
+    constructor(F) {
+        this.F = F;
+        this.p = Scalar.fromString("21888242871839275222246405745257275088548364400416034343698204186575808495617");
+        this.pm1d2 = Scalar.div(Scalar.sub(this.p, Scalar.e(1)),  Scalar.e(2));
+
+        this.Generator = [
+            F.e("995203441582195749578291179787384436505546430278305826713579947235728471134"),
+            F.e("5472060717959818805561601436314318772137091100104008585924551046643952123905")
+        ];
+        this.Base8 = [
+            F.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+            F.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+        ];
+        this.order = Scalar.fromString("21888242871839275222246405745257275088614511777268538073601725287587578984328");
+        this.subOrder = Scalar.shiftRight(this.order, 3);
+        this.A = F.e("168700");
+        this.D = F.e("168696");
+    }
+
+
+    addPoint(a,b) {
+        const F = this.F;
+
+        const res = [];
+
+        /* does the equivalent of:
+        res[0] = bigInt((a[0]*b[1] + b[0]*a[1]) *  bigInt(bigInt("1") + d*a[0]*b[0]*a[1]*b[1]).inverse(q)).affine(q);
+        res[1] = bigInt((a[1]*b[1] - cta*a[0]*b[0]) * bigInt(bigInt("1") - d*a[0]*b[0]*a[1]*b[1]).inverse(q)).affine(q);
+        */
+
+        const beta = F.mul(a[0],b[1]);
+        const gamma = F.mul(a[1],b[0]);
+        const delta = F.mul(
+            F.sub(a[1], F.mul(this.A, a[0])),
+            F.add(b[0], b[1])
+        );
+        const tau = F.mul(beta, gamma);
+        const dtau = F.mul(this.D, tau);
+
+        res[0] = F.div(
+            F.add(beta, gamma),
+            F.add(F.one, dtau)
+        );
+
+        res[1] = F.div(
+            F.add(delta, F.sub(F.mul(this.A,beta), gamma)),
+            F.sub(F.one, dtau)
+        );
+
+        return res;
+    }
+
+    mulPointEscalar(base, e) {
+        const F = this.F;
+        let res = [F.e("0"),F.e("1")];
+        let rem = e;
+        let exp = base;
+
+        while (! Scalar.isZero(rem)) {
+            if (Scalar.isOdd(rem)) {
+                res = this.addPoint(res, exp);
+            }
+            exp = this.addPoint(exp, exp);
+            rem = Scalar.shiftRight(rem, 1);
+        }
+
+        return res;
+    }
+
+    inSubgroup(P) {
+        const F = this.F;
+        if (!this.inCurve(P)) return false;
+        const res= this.mulPointEscalar(P, this.subOrder);
+        return (F.isZero(res[0]) && F.eq(res[1], F.one));
+    }
+
+    inCurve(P) {
+        const F = this.F;
+        const x2 = F.square(P[0]);
+        const y2 = F.square(P[1]);
+
+        if (!F.eq(
+            F.add(F.mul(this.A, x2), y2),
+            F.add(F.one, F.mul(F.mul(x2, y2), this.D)))) return false;
+
+        return true;
+    }
+
+    packPoint(P) {
+        const F = this.F;
+        const buff = new Uint8Array(32);
+        F.toRprLE(buff, 0, P[1]);
+        const n = F.toObject(P[0]);
+        if (Scalar.gt(n, this.pm1d2)) {
+            buff[31] = buff[31] | 0x80;
+        }
+        return buff;
+    }
+
+    unpackPoint(buff) {
+        const F = this.F;
+        let sign = false;
+        const P = new Array(2);
+        if (buff[31] & 0x80) {
+            sign = true;
+            buff[31] = buff[31] & 0x7F;
+        }
+        P[1] = F.fromRprLE(buff, 0);
+        if (Scalar.gt(F.toObject(P[1]), this.p)) return null;
+
+        const y2 = F.square(P[1]);
+
+        const x2 = F.div(
+            F.sub(F.one, y2),
+            F.sub(this.A, F.mul(this.D, y2))
+        );
+
+        const x2h = F.exp(x2, F.half);
+        if (! F.eq(F.one, x2h)) return null;
+
+        let x = F.sqrt(x2);
+
+        if (x == null) return null;
+
+        if (sign) x = F.neg(x);
+
+        P[0] = x;
+
+        return P;
+    }
+}

package/src/eddsa.js

@@ -0,0 +1,286 @@
+import { Scalar } from "ffjavascript";
+import buildBabyJub from "./babyjub.js";
+import buildPedersenHash from "./pedersen_hash.js";
+import buildMimc7 from "./mimc7.js";
+import { buildPoseidon } from "./poseidon_wasm.js";
+import buildMimcSponge from "./mimcsponge.js";
+import createBlakeHash from "blake-hash";
+import {Buffer} from 'buffer';
+
+export default async function buildEddsa() {
+    const babyJub = await buildBabyJub("bn128");
+    const pedersenHash = await buildPedersenHash();
+    const mimc7 = await buildMimc7();
+    const poseidon = await buildPoseidon();
+    const mimcSponge = await buildMimcSponge();
+    return new Eddsa(babyJub, pedersenHash, mimc7, poseidon, mimcSponge);
+}
+
+class Eddsa {
+
+    constructor(babyJub, pedersenHash, mimc7, poseidon, mimcSponge) {
+        this.babyJub = babyJub;
+        this.pedersenHash = pedersenHash;
+        this.mimc7 = mimc7;
+        this.poseidon = poseidon;
+        this.mimcSponge = mimcSponge;
+        this.F = babyJub.F;
+    }
+
+    pruneBuffer(buff) {
+        buff[0] = buff[0] & 0xF8;
+        buff[31] = buff[31] & 0x7F;
+        buff[31] = buff[31] | 0x40;
+        return buff;
+    }
+
+    prv2pub(prv) {
+        const F = this.babyJub.F;
+        const sBuff = this.pruneBuffer(createBlakeHash("blake512").update(Buffer.from(prv)).digest());
+        let s = Scalar.fromRprLE(sBuff, 0, 32);
+        const A = this.babyJub.mulPointEscalar(this.babyJub.Base8, Scalar.shr(s,3));
+        return A;
+    }
+
+    signPedersen(prv, msg) {
+        const F = this.babyJub.F;
+        const sBuff = this.pruneBuffer(createBlakeHash("blake512").update(Buffer.from(prv)).digest());
+        const s = Scalar.fromRprLE(sBuff, 0, 32);
+        const A = this.babyJub.mulPointEscalar(this.babyJub.Base8, Scalar.shr(s, 3));
+
+        const composeBuff = new Uint8Array(32 + msg.length);
+        composeBuff.set(sBuff.slice(32), 0);
+        composeBuff.set(msg, 32);
+        const rBuff = createBlakeHash("blake512").update(Buffer.from(composeBuff)).digest();
+        let r = Scalar.mod(Scalar.fromRprLE(rBuff, 0, 64), this.babyJub.subOrder);
+        const R8 = this.babyJub.mulPointEscalar(this.babyJub.Base8, r);
+        const R8p = this.babyJub.packPoint(R8);
+        const Ap = this.babyJub.packPoint(A);
+
+        const composeBuff2 = new Uint8Array(64 + msg.length);
+        composeBuff2.set(R8p, 0);
+        composeBuff2.set(Ap, 32);
+        composeBuff2.set(msg, 64);
+
+        const hmBuff = this.pedersenHash.hash(composeBuff2);
+        const hm = Scalar.fromRprLE(hmBuff, 0, 32);
+
+        const S = Scalar.mod(
+            Scalar.add(
+                r,
+                Scalar.mul(hm, s)
+            ),
+            this.babyJub.subOrder
+        )
+        return {
+            R8: R8,
+            S: S
+        };
+    }
+
+    signMiMC(prv, msg) {
+        const F = this.babyJub.F;
+        const sBuff = this.pruneBuffer(createBlakeHash("blake512").update(Buffer.from(prv)).digest());
+        const s = Scalar.fromRprLE(sBuff, 0, 32);
+        const A = this.babyJub.mulPointEscalar(this.babyJub.Base8, Scalar.shr(s, 3));
+
+
+        const composeBuff = new Uint8Array(32 + msg.length);
+        composeBuff.set(sBuff.slice(32), 0);
+        F.toRprLE(composeBuff, 32, msg);
+        const rBuff = createBlakeHash("blake512").update(Buffer.from(composeBuff)).digest();
+        let r = Scalar.mod(Scalar.fromRprLE(rBuff, 0, 64), this.babyJub.subOrder);
+        const R8 = this.babyJub.mulPointEscalar(this.babyJub.Base8, r);
+
+        const hm = this.mimc7.multiHash([R8[0], R8[1], A[0], A[1], msg]);
+        const hms = Scalar.e(this.babyJub.F.toObject(hm));
+        const S = Scalar.mod(
+            Scalar.add(
+                r,
+                Scalar.mul(hms, s)
+            ),
+            this.babyJub.subOrder
+        )
+        return {
+            R8: R8,
+            S: S
+        };
+    }
+
+    signMiMCSponge(prv, msg) {
+        const F = this.babyJub.F;
+        const sBuff = this.pruneBuffer(createBlakeHash("blake512").update(Buffer.from(prv)).digest());
+        const s = Scalar.fromRprLE(sBuff, 0, 32);
+        const A = this.babyJub.mulPointEscalar(this.babyJub.Base8, Scalar.shr(s, 3));
+
+        const composeBuff = new Uint8Array(32 + msg.length);
+        composeBuff.set(sBuff.slice(32), 0);
+        F.toRprLE(composeBuff, 32, msg);
+        const rBuff = createBlakeHash("blake512").update(Buffer.from(composeBuff)).digest();
+        let r = Scalar.mod(Scalar.fromRprLE(rBuff, 0, 64), this.babyJub.subOrder);
+        const R8 = this.babyJub.mulPointEscalar(this.babyJub.Base8, r);
+
+        const hm = this.mimcSponge.multiHash([R8[0], R8[1], A[0], A[1], msg]);
+        const hms = Scalar.e(this.babyJub.F.toObject(hm));
+        const S = Scalar.mod(
+            Scalar.add(
+                r,
+                Scalar.mul(hms, s)
+            ),
+            this.babyJub.subOrder
+        )
+        return {
+            R8: R8,
+            S: S
+        };
+    }
+
+    signPoseidon(prv, msg) {
+        const F = this.babyJub.F;
+        const sBuff = this.pruneBuffer(createBlakeHash("blake512").update(Buffer.from(prv)).digest());
+        const s = Scalar.fromRprLE(sBuff, 0, 32);
+        const A = this.babyJub.mulPointEscalar(this.babyJub.Base8, Scalar.shr(s, 3));
+
+        const composeBuff = new Uint8Array(32 + msg.length);
+        composeBuff.set(sBuff.slice(32), 0);
+        F.toRprLE(composeBuff, 32, msg);
+        const rBuff = createBlakeHash("blake512").update(Buffer.from(composeBuff)).digest();
+        let r = Scalar.mod(Scalar.fromRprLE(rBuff, 0, 64), this.babyJub.subOrder);
+        const R8 = this.babyJub.mulPointEscalar(this.babyJub.Base8, r);
+
+        const hm = this.poseidon([R8[0], R8[1], A[0], A[1], msg]);
+        const hms = Scalar.e(this.babyJub.F.toObject(hm));
+        const S = Scalar.mod(
+            Scalar.add(
+                r,
+                Scalar.mul(hms, s)
+            ),
+            this.babyJub.subOrder
+        )
+        return {
+            R8: R8,
+            S: S
+        };
+    }
+
+    verifyPedersen(msg, sig, A) {
+        // Check parameters
+        if (typeof sig != "object") return false;
+        if (!Array.isArray(sig.R8)) return false;
+        if (sig.R8.length!= 2) return false;
+        if (!this.babyJub.inCurve(sig.R8)) return false;
+        if (!Array.isArray(A)) return false;
+        if (A.length!= 2) return false;
+        if (!this.babyJub.inCurve(A)) return false;
+        if (Scalar.geq(sig.S, this.babyJub.subOrder)) return false;
+
+        const R8p = this.babyJub.packPoint(sig.R8);
+        const Ap = this.babyJub.packPoint(A);
+
+
+        const composeBuff2 = new Uint8Array(64 + msg.length);
+        composeBuff2.set(R8p, 0);
+        composeBuff2.set(Ap, 32);
+        composeBuff2.set(msg, 64);
+
+
+        const hmBuff = this.pedersenHash.hash(composeBuff2);
+        const hm = Scalar.fromRprLE(hmBuff, 0, 32);
+
+        const Pleft = this.babyJub.mulPointEscalar(this.babyJub.Base8, sig.S);
+        let Pright = this.babyJub.mulPointEscalar(A, Scalar.mul(hm,8));
+        Pright = this.babyJub.addPoint(sig.R8, Pright);
+
+        if (!this.babyJub.F.eq(Pleft[0],Pright[0])) return false;
+        if (!this.babyJub.F.eq(Pleft[1],Pright[1])) return false;
+        return true;
+    }
+
+    verifyMiMC(msg, sig, A) {
+        // Check parameters
+        if (typeof sig != "object") return false;
+        if (!Array.isArray(sig.R8)) return false;
+        if (sig.R8.length!= 2) return false;
+        if (!this.babyJub.inCurve(sig.R8)) return false;
+        if (!Array.isArray(A)) return false;
+        if (A.length!= 2) return false;
+        if (!this.babyJub.inCurve(A)) return false;
+        if (sig.S>= this.babyJub.subOrder) return false;
+
+        const hm = this.mimc7.multiHash([sig.R8[0], sig.R8[1], A[0], A[1], msg]);
+        const hms = Scalar.e(this.babyJub.F.toObject(hm));
+
+        const Pleft = this.babyJub.mulPointEscalar(this.babyJub.Base8, sig.S);
+        let Pright = this.babyJub.mulPointEscalar(A, Scalar.mul(hms, 8));
+        Pright = this.babyJub.addPoint(sig.R8, Pright);
+
+        if (!this.babyJub.F.eq(Pleft[0],Pright[0])) return false;
+        if (!this.babyJub.F.eq(Pleft[1],Pright[1])) return false;
+        return true;
+    }
+
+    verifyPoseidon(msg, sig, A) {
+
+        // Check parameters
+        if (typeof sig != "object") return false;
+        if (!Array.isArray(sig.R8)) return false;
+        if (sig.R8.length!= 2) return false;
+        if (!this.babyJub.inCurve(sig.R8)) return false;
+        if (!Array.isArray(A)) return false;
+        if (A.length!= 2) return false;
+        if (!this.babyJub.inCurve(A)) return false;
+        if (sig.S>= this.babyJub.subOrder) return false;
+
+        const hm = this.poseidon([sig.R8[0], sig.R8[1], A[0], A[1], msg]);
+        const hms = Scalar.e(this.babyJub.F.toObject(hm));
+
+        const Pleft = this.babyJub.mulPointEscalar(this.babyJub.Base8, sig.S);
+        let Pright = this.babyJub.mulPointEscalar(A, Scalar.mul(hms, 8));
+        Pright = this.babyJub.addPoint(sig.R8, Pright);
+
+        if (!this.babyJub.F.eq(Pleft[0],Pright[0])) return false;
+        if (!this.babyJub.F.eq(Pleft[1],Pright[1])) return false;
+        return true;
+    }
+
+    verifyMiMCSponge(msg, sig, A) {
+
+        // Check parameters
+        if (typeof sig != "object") return false;
+        if (!Array.isArray(sig.R8)) return false;
+        if (sig.R8.length!= 2) return false;
+        if (!this.babyJub.inCurve(sig.R8)) return false;
+        if (!Array.isArray(A)) return false;
+        if (A.length!= 2) return false;
+        if (!this.babyJub.inCurve(A)) return false;
+        if (sig.S>= this.babyJub.subOrder) return false;
+
+        const hm = this.mimcSponge.multiHash([sig.R8[0], sig.R8[1], A[0], A[1], msg]);
+        const hms = Scalar.e(this.babyJub.F.toObject(hm));
+
+        const Pleft = this.babyJub.mulPointEscalar(this.babyJub.Base8, sig.S);
+        let Pright = this.babyJub.mulPointEscalar(A, Scalar.mul(hms, 8));
+        Pright = this.babyJub.addPoint(sig.R8, Pright);
+
+        if (!this.babyJub.F.eq(Pleft[0],Pright[0])) return false;
+        if (!this.babyJub.F.eq(Pleft[1],Pright[1])) return false;
+        return true;
+    }
+
+    packSignature(sig) {
+        const buff = new Uint8Array(64);
+        const R8p = this.babyJub.packPoint(sig.R8);
+        buff.set(R8p, 0)
+        const Sp = Scalar.toRprLE(buff, 32, sig.S, 32);
+        return buff;
+    }
+
+    unpackSignature(sigBuff) {
+        return {
+            R8: this.babyJub.unpackPoint(sigBuff.slice(0,32)),
+            S: Scalar.fromRprLE(sigBuff, 32, 32)
+        };
+    }
+}
+
+