circomlibjs-hinkal-fork 0.0.1

package/src/evmasm.js

@@ -0,0 +1,209 @@
+// Copyright (c) 2018 Jordi Baylina
+// License: LGPL-3.0+
+//
+
+import { ethers } from "ethers";
+import {Scalar} from "ffjavascript";
+
+export default class Contract {
+    constructor() {
+        this.code = [];
+        this.labels = {};
+        this.pendingLabels = {};
+    }
+
+    createTxData() {
+        let C;
+
+        // Check all labels are defined
+        const pendingLabels = Object.keys(this.pendingLabels);
+        if (pendingLabels.length>0) {
+            throw new Error("Lables not defined: "+ pendingLabels.join(", "));
+        }
+
+        let setLoaderLength = 0;
+        let genLoadedLength = -1;
+
+        while  (genLoadedLength!=setLoaderLength) {
+            setLoaderLength = genLoadedLength;
+            C = new Contract();
+            C.codesize();
+            C.push(setLoaderLength);
+            C.push(0);
+            C.codecopy();
+
+            C.push(this.code.length);
+            C.push(0);
+            C.return();
+            genLoadedLength = C.code.length;
+        }
+
+        return ethers.utils.hexlify(C.code.concat(this.code));
+    }
+
+    stop() { this.code.push(0x00); }
+    add()  { this.code.push(0x01); }
+    mul()  { this.code.push(0x02); }
+    sub()  { this.code.push(0x03); }
+    div()  { this.code.push(0x04); }
+    sdiv() { this.code.push(0x05); }
+    mod()  { this.code.push(0x06); }
+    smod()  { this.code.push(0x07); }
+    addmod()  { this.code.push(0x08); }
+    mulmod()  { this.code.push(0x09); }
+    exp()  { this.code.push(0x0a); }
+    signextend()  { this.code.push(0x0b); }
+
+    lt()   { this.code.push(0x10); }
+    gt()   { this.code.push(0x11); }
+    slt()  { this.code.push(0x12); }
+    sgt()  { this.code.push(0x13); }
+    eq()   { this.code.push(0x14); }
+    iszero()  { this.code.push(0x15); }
+    and()  { this.code.push(0x16); }
+    or()  { this.code.push(0x17); }
+    shor()  { this.code.push(0x18); }
+    not()  { this.code.push(0x19); }
+    byte()  { this.code.push(0x1a); }
+
+    keccak() { this.code.push(0x20); }
+    sha3() { this.code.push(0x20); }   // alias
+
+    address()  { this.code.push(0x30); }
+    balance()  { this.code.push(0x31); }
+    origin()  { this.code.push(0x32); }
+    caller()  { this.code.push(0x33); }
+    callvalue()  { this.code.push(0x34); }
+    calldataload()  { this.code.push(0x35); }
+    calldatasize()  { this.code.push(0x36); }
+    calldatacopy()  { this.code.push(0x37); }
+    codesize()  { this.code.push(0x38); }
+    codecopy()  { this.code.push(0x39); }
+    gasprice()  { this.code.push(0x3a); }
+    extcodesize()  { this.code.push(0x3b); }
+    extcodecopy()  { this.code.push(0x3c); }
+    returndatasize()  { this.code.push(0x3d); }
+    returndatacopy()  { this.code.push(0x3e); }
+
+    blockhash()  { this.code.push(0x40); }
+    coinbase()  { this.code.push(0x41); }
+    timestamp()  { this.code.push(0x42); }
+    number()  { this.code.push(0x43); }
+    difficulty()  { this.code.push(0x44); }
+    gaslimit()  { this.code.push(0x45); }
+
+    pop()  { this.code.push(0x50); }
+    mload()  { this.code.push(0x51); }
+    mstore()  { this.code.push(0x52); }
+    mstore8()  { this.code.push(0x53); }
+    sload()  { this.code.push(0x54); }
+    sstore()  { this.code.push(0x55); }
+
+    _pushLabel(label) {
+        if (typeof this.labels[label] != "undefined") {
+            this.push(this.labels[label]);
+        } else {
+            this.pendingLabels[label] = this.pendingLabels[label] || [];
+            this.pendingLabels[label].push(this.code.length);
+            this.push("0x000000");
+        }
+    }
+
+    _fillLabel(label) {
+        if (!this.pendingLabels[label]) return;
+
+        let dst = this.labels[label];
+
+        const dst3 = [dst >> 16, (dst >> 8) & 0xFF, dst & 0xFF];
+
+        this.pendingLabels[label].forEach((p) => {
+            for (let i=0; i<3; i++) {
+                this.code[p+i+1] = dst3[i];
+            }
+        });
+
+        delete this.pendingLabels[label];
+    }
+
+
+    jmp(label)  {
+        if (typeof label !== "undefined") {
+            this._pushLabel(label);
+        }
+        this.code.push(0x56);
+    }
+
+    jmpi(label)  {
+        if (typeof label !== "undefined") {
+            this._pushLabel(label);
+        }
+        this.code.push(0x57);
+    }
+
+    pc()  { this.code.push(0x58); }
+    msize()  { this.code.push(0x59); }
+    gas()  { this.code.push(0x5a); }
+    label(name)  {
+        if (typeof this.labels[name] != "undefined") {
+            throw new Error("Label already defined");
+        }
+        this.labels[name] = this.code.length;
+        this.code.push(0x5b);
+
+        this._fillLabel(name);
+    }
+
+    push(data) {
+        if ((typeof data !== "string") || (data.slice(0,2) != "0x")) {
+            let v = Scalar.e(data);
+            if (Scalar.isNegative(v)) {
+                v = Scalar.add(Scalar.shl(Scalar.e(1), 256), v);
+            }
+            let S = Scalar.toString(v, 16);
+            if (S.length % 2) S = "0"+S;
+            S = "0x" +S;
+            data = S;
+        }
+        const d = ethers.utils.arrayify(data);
+        if (d.length == 0 || d.length > 32) {
+            throw new Error("Assertion failed");
+        }
+        const a = [];
+        this.code.push(0x5F + d.length);
+        for (let i=0; i<d.length; i++) {
+            this.code.push(d[i]);
+        }
+    }
+
+    dup(n) {
+        if (n < 0 || n >= 16) {
+            throw new Error("Assertion failed");
+        }
+        this.code.push(0x80 + n);
+    }
+
+    swap(n) {
+        if (n < 1 || n > 16) {
+            throw new Error("Assertion failed");
+        }
+        this.code.push(0x8f + n);
+    }
+
+    log0()  { this.code.push(0xa0); }
+    log1()  { this.code.push(0xa1); }
+    log2()  { this.code.push(0xa2); }
+    log3()  { this.code.push(0xa3); }
+    log4()  { this.code.push(0xa4); }
+
+    create()  { this.code.push(0xf0); }
+    call()  { this.code.push(0xf1); }
+    callcode()  { this.code.push(0xf2); }
+    return()  { this.code.push(0xf3); }
+    delegatecall()  { this.code.push(0xf4); }
+
+    staticcall()  { this.code.push(0xfa); }
+    revert()  { this.code.push(0xfd); }
+    invalid()  { this.code.push(0xfe); }
+    selfdestruct()  { this.code.push(0xff); }
+}
+

package/src/mimc7.js

@@ -0,0 +1,78 @@
+import {getCurveFromName, Scalar} from "ffjavascript";
+
+import { ethers } from "ethers";
+
+const SEED = "mimc";
+const NROUNDS = 91;
+
+export default async function buildMimc7() {
+    const bn128 = await getCurveFromName("bn128", true);
+    return new Mimc7(bn128.Fr);
+}
+
+
+class Mimc7 {
+    constructor (F) {
+        this.F = F;
+        this.cts = this.getConstants(SEED, 91);
+    }
+
+    getIV(seed) {
+        const F = this.F;
+        if (typeof seed === "undefined") seed = SEED;
+        const c = ethers.utils.keccak256(ethers.utils.toUtf8Bytes(seed+"_iv"));
+        const cn = Scalar.e(c);
+        const iv = Scalar.mod(cn, F.p);
+        return iv;
+    };
+
+    getConstants(seed, nRounds) {
+        const F = this.F;
+        if (typeof seed === "undefined") seed = SEED;
+        if (typeof nRounds === "undefined") nRounds = NROUNDS;
+        const cts = new Array(nRounds);
+        let c = ethers.utils.keccak256(ethers.utils.toUtf8Bytes(SEED));
+        for (let i=1; i<nRounds; i++) {
+            c = ethers.utils.keccak256(c);
+
+            cts[i] = F.e(c);
+        }
+        cts[0] = F.e(0);
+        return cts;
+    }
+
+    hash (_x_in, _k) {
+        const F = this.F;
+        const x_in = F.e(_x_in);
+        const k = F.e(_k);
+        let r;
+        for (let i=0; i<NROUNDS; i++) {
+            const c = this.cts[i];
+            const t = (i==0) ? F.add(x_in, k) : F.add(F.add(r, k), c);
+            const t2 = F.square(t);
+            const t4 = F.square(t2);
+            r = F.mul(F.mul(t4, t2), t);
+        }
+        return F.add(r, k);
+    }
+
+    multiHash(arr, key) {
+        const F = this.F;
+        let r;
+        if (typeof(key) === "undefined") {
+            r = F.zero;
+        } else {
+            r = F.e(key);
+        }
+        for (let i=0; i<arr.length; i++) {
+            r = F.add(
+                F.add(
+                    r,
+                    F.e(arr[i])
+                ),
+                this.hash(F.e(arr[i]), r)
+            );
+        }
+        return r;
+    }
+}

package/src/mimc7_gencontract.js

@@ -0,0 +1,113 @@
+// Copyright (c) 2018 Jordi Baylina
+// License: LGPL-3.0+
+//
+
+import { ethers } from "ethers";
+
+import Contract from "./evmasm.js";
+
+export function createCode(seed, n) {
+
+    let ci = ethers.utils.keccak256(ethers.utils.toUtf8Bytes(seed));;
+
+    const C = new Contract();
+
+    C.push(0x44);
+    C.push("0x00");
+    C.push("0x00");
+    C.calldatacopy();
+    C.push("0x0100000000000000000000000000000000000000000000000000000000");
+    C.push("0x00");
+    C.mload();
+    C.div();
+    C.push("0xd15ca109"); // MiMCpe7(uint256,uint256)
+//    C.push("0x8c42199e"); // MiMCpe7(uint256,uint256,uint256)
+    C.eq();
+    C.jmpi("start");
+    C.invalid();
+
+    C.label("start");
+    C.push("0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001");  // q
+    C.push("0x24");
+    C.mload();          // k q
+
+
+    C.dup(1);           // q k q
+    C.dup(0);           // q q k q
+    C.push("0x04");
+    C.mload();          // x q q k q
+    C.dup(3);           // k x q q k q
+    C.addmod();         // t=x+k q k q
+    C.dup(1);           // q t q k q
+    C.dup(0);           // q q t q k q
+    C.dup(2);           // t q q t q k q
+    C.dup(0);           // t t q q t q k q
+    C.mulmod();         // a=t^2 q t q k q
+    C.dup(1);           // q a q t q k q
+    C.dup(1);           // a q a q t q k q
+    C.dup(0);           // a a q a q t q k q
+    C.mulmod();         // b=t^4 a q t q k q
+    C.mulmod();         // c=t^6 t q k q
+    C.mulmod();         // r=t^7 k q
+
+    for (let i=0; i<n-1; i++) {
+        ci = ethers.utils.keccak256(ci);
+        C.dup(2);       // q r k q
+        C.dup(0);       // q q r k q
+        C.dup(0);       // q q q r k q
+        C.swap(3);      // r q q q k q
+        C.push(ci);     // c r q q k q
+        C.addmod();     // s=c+r q q k q
+        C.dup(3);       // k s q q k q
+        C.addmod();     // t=s+k q k q
+        C.dup(1);       // q t q k q
+        C.dup(0);       // q q t q k q
+        C.dup(2);       // t q q t q k q
+        C.dup(0);       // t t q q t q k q
+        C.mulmod();     // a=t^2 q t q k q
+        C.dup(1);       // q a q t q k q
+        C.dup(1);       // a q a q t q k q
+        C.dup(0);       // a a q a q t q k q
+        C.mulmod();     // b=t^4 a q t q k q
+        C.mulmod();     // c=t^6 t q k q
+        C.mulmod();     // r=t^7 k q
+    }
+
+    C.addmod();     // res=t^7+k
+    C.push("0x00");
+    C.mstore();     // Save it to pos 0;
+    C.push("0x20");
+    C.push("0x00");
+    C.return();
+
+    return C.createTxData();
+}
+
+export const abi = [
+    {
+        "constant": true,
+        "inputs": [
+            {
+                "name": "in_x",
+                "type": "uint256"
+            },
+            {
+                "name": "in_k",
+                "type": "uint256"
+            }
+        ],
+        "name": "MiMCpe7",
+        "outputs": [
+            {
+                "name": "out_x",
+                "type": "uint256"
+            }
+        ],
+        "payable": false,
+        "stateMutability": "pure",
+        "type": "function"
+    }
+];
+
+
+

package/src/mimc7_print_iv.js

@@ -0,0 +1,18 @@
+import buildMimc7 from "./mimc7.js";
+import process from "process";
+
+async function run() {
+    const mimc7 = await buildMimc7();
+
+    console.log("IV: "+mimc7.getIV().toString());
+}
+
+run().then(()=> {
+    process.exit(0);
+}, (err) => {
+    console.log(err.stack);
+    console.log(err.message);
+    process.exit(1);
+});
+
+

package/src/mimc7_printconstants.js

@@ -0,0 +1,26 @@
+import buildMimc7 from "./mimc7.js";
+import process from "process";
+
+async function run() {
+    const mimc7 = await buildMimc7();
+    const nRounds = 91;
+    let S = "[\n";
+    const cts = mimc7.getConstants();
+    for (let i=0; i<nRounds; i++) {
+        S = S + mimc7.F.toString(cts[i]);
+        if (i<nRounds-1) S = S + ",";
+        S=S+"\n";
+    }
+    S = S + "]\n";
+    
+    console.log(S);
+}
+
+run().then(()=> {
+    process.exit(0);
+}, (err) => {
+    console.log(err.stack);
+    console.log(err.message);
+    process.exit(1);
+});
+

package/src/mimc7_printcontract.js

@@ -0,0 +1,14 @@
+import {createCode} from "./mimc7_gencontract.js";
+import process from "process";
+
+const SEED = "mimc";
+
+let nRounds;
+if (typeof process.argv[2] != "undefined") {
+    nRounds = parseInt(process.argv[2]);
+} else {
+    nRounds = 91;
+}
+
+console.log(createCode(SEED, nRounds));
+

package/src/mimcsponge.js

@@ -0,0 +1,100 @@
+import { Scalar, getCurveFromName } from "ffjavascript";
+import { ethers } from "ethers";
+
+const SEED = "mimcsponge";
+const NROUNDS = 220;
+
+export default async function buildMimcSponge() {
+    const bn128 = await getCurveFromName("bn128", true);
+    return new MimcSponge(bn128.Fr);
+}
+
+class MimcSponge {
+    constructor (F) {
+        this.F = F;
+        this.cts = this.getConstants(SEED, NROUNDS);
+    }
+
+    getIV (seed)  {
+        const F = this.F;
+        if (typeof seed === "undefined") seed = SEED;
+        const c = ethers.utils.keccak256(ethers.utils.toUtf8Bytes(seed+"_iv"));
+        const cn = Scalar.e(c);
+        const iv = cn.mod(F.p);
+        return iv;
+    };
+
+    getConstants (seed, nRounds)  {
+        const F = this.F;
+        if (typeof seed === "undefined") seed = SEED;
+        if (typeof nRounds === "undefined") nRounds = NROUNDS;
+        const cts = new Array(nRounds);
+        let c = ethers.utils.keccak256(ethers.utils.toUtf8Bytes(SEED));;
+        for (let i=1; i<nRounds; i++) {
+            c = ethers.utils.keccak256(c);
+
+            cts[i] = F.e(c);
+        }
+        cts[0] = F.e(0);
+        cts[cts.length - 1] = F.e(0);
+        return cts;
+    };
+
+
+    hash(_xL_in, _xR_in, _k) {
+        const F = this.F;
+        let xL = F.e(_xL_in);
+        let xR = F.e(_xR_in);
+        const k = F.e(_k);
+        for (let i=0; i<NROUNDS; i++) {
+            const c = this.cts[i];
+            const t = (i==0) ? F.add(xL, k) : F.add(F.add(xL, k), c);
+            const t2 = F.square(t);
+            const t4 = F.square(t2);
+            const t5 = F.mul(t4, t);
+            const xR_tmp = F.e(xR);
+            if (i < (NROUNDS - 1)) {
+                xR = xL;
+                xL = F.add(xR_tmp, t5);
+            } else {
+                xR = F.add(xR_tmp, t5);
+            }
+        }
+        return {
+            xL: xL,
+            xR: xR
+        };
+    }
+
+    multiHash(arr, key, numOutputs)  {
+        const F = this.F;
+        if (typeof(numOutputs) === "undefined") {
+            numOutputs = 1;
+        }
+        if (typeof(key) === "undefined") {
+            key = F.zero;
+        }
+
+        let R = F.zero;
+        let C = F.zero;
+
+        for (let i=0; i<arr.length; i++) {
+            R = F.add(R, F.e(arr[i]));
+            const S = this.hash(R, C, key);
+            R = S.xL;
+            C = S.xR;
+        }
+        let outputs = [R];
+        for (let i=1; i < numOutputs; i++) {
+            const S = this.hash(R, C, key);
+            R = S.xL;
+            C = S.xR;
+            outputs.push(R);
+        }
+        if (numOutputs == 1) {
+            return outputs[0];
+        } else {
+            return outputs;
+        }
+    }
+}

package/src/mimcsponge_gencontract.js

@@ -0,0 +1,125 @@
+// Copyright (c) 2018 Jordi Baylina
+// License: LGPL-3.0+
+//
+
+import { ethers } from "ethers";
+
+import Contract from "./evmasm.js";
+
+export function createCode(seed, n) {
+
+    let ci = ethers.utils.keccak256(ethers.utils.toUtf8Bytes(seed));
+
+    const C = new Contract();
+
+    C.push(0x64);
+    C.push("0x00");
+    C.push("0x00");
+    C.calldatacopy();
+    C.push("0x0100000000000000000000000000000000000000000000000000000000");
+    C.push("0x00");
+    C.mload();
+    C.div();
+    C.push("0x3f1a1187"); // MiMCSponge(uint256,uint256,uint256)
+    C.eq();
+    C.jmpi("start");
+    C.invalid();
+
+    C.label("start");
+    C.push("0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001");  // q
+    C.push("0x44");
+    C.mload();          // k q
+    C.push("0x04");
+    C.mload();          // xL k q
+    C.dup(2);           // q xL k q
+    C.push("0x24");
+    C.mload();          // xR q xL k q
+    C.dup(1);           // q xR q xL k q
+    C.dup(0);           // q q xR q xL k q
+    C.dup(4);           // xL q q xR q xL k q
+    C.dup(6);           // k xL q q xR q xL k q
+    C.addmod();         // t=k+xL q xR q xL k q
+    C.dup(1);           // q t q xR q xL k q
+    C.dup(0);           // q q t q xR q xL k q
+    C.dup(2);           // t q q t q xR q xL k q
+    C.dup(0);           // t t q q t q xR q xL k q
+    C.mulmod();         // b=t^2 q t q xR q xL k q
+    C.dup(0);           // b b q t q xR q xL k q
+    C.mulmod();         // c=t^4 t q xR q xL k q
+    C.mulmod();         // d=t^5 xR q xL k q
+    C.addmod();         // e=t^5+xR xL k q (for next round: xL xR k q)
+
+    for (let i=0; i<n-1; i++) {
+        if (i < n-2) {
+          ci = ethers.utils.keccak256(ci);
+        } else {
+          ci = "0x00";
+        }
+        C.swap(1);      // xR xL k q
+        C.dup(3);       // q xR xL k q
+        C.dup(3);       // k q xR xL k q
+        C.dup(1);       // q k q xR xL k q
+        C.dup(4);       // xL q k q xR xL k q
+        C.push(ci);     // ci xL q k q xR xL k q
+        C.addmod();     // a=ci+xL k q xR xL k q
+        C.addmod();     // t=a+k xR xL k q
+        C.dup(4);       // q t xR xL k q
+        C.swap(1);      // t q xR xL k q
+        C.dup(1);       // q t q xR xL k q
+        C.dup(0);       // q q t q xR xL k q
+        C.dup(2);       // t q q t q xR xL k q
+        C.dup(0);       // t t q q t q xR xL k q
+        C.mulmod();     // b=t^2 q t q xR xL k q
+        C.dup(0);       // b b q t q xR xL k q
+        C.mulmod();     // c=t^4 t q xR xL k q
+        C.mulmod();     // d=t^5 xR xL k q
+        C.dup(4);       // q d xR xL k q
+        C.swap(2);      // xR d q xL k q
+        C.addmod();     // e=t^5+xR xL k q (for next round: xL xR k q)
+    }
+
+    C.push("0x20");
+    C.mstore();     // Save it to pos 0;
+    C.push("0x00");
+    C.mstore();     // Save it to pos 1;
+    C.push("0x40");
+    C.push("0x00");
+    C.return();
+
+    return C.createTxData();
+}
+
+export const abi = [
+    {
+        "constant": true,
+        "inputs": [
+            {
+                "name": "xL_in",
+                "type": "uint256"
+            },
+            {
+                "name": "xR_in",
+                "type": "uint256"
+            },
+            {
+                "name": "k",
+                "type": "uint256"
+            }
+        ],
+        "name": "MiMCSponge",
+        "outputs": [
+            {
+                "name": "xL",
+                "type": "uint256"
+            },
+            {
+                "name": "xR",
+                "type": "uint256"
+            }
+        ],
+        "payable": false,
+        "stateMutability": "pure",
+        "type": "function"
+    }
+];
+