starkshield 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +101 -0
- package/bin/circom +0 -0
- package/bin/cli.js +36 -0
- package/bin/index.js +13 -0
- package/circomlib/.vscode/launch.json +63 -0
- package/circomlib/README.md +18 -0
- package/circomlib/circuits/README.md +830 -0
- package/circomlib/circuits/aliascheck.circom +33 -0
- package/circomlib/circuits/babyjub.circom +107 -0
- package/circomlib/circuits/binsub.circom +74 -0
- package/circomlib/circuits/binsum.circom +101 -0
- package/circomlib/circuits/bitify.circom +106 -0
- package/circomlib/circuits/comparators.circom +141 -0
- package/circomlib/circuits/compconstant.circom +74 -0
- package/circomlib/circuits/eddsa.circom +139 -0
- package/circomlib/circuits/eddsamimc.circom +124 -0
- package/circomlib/circuits/eddsamimcsponge.circom +124 -0
- package/circomlib/circuits/eddsaposeidon.circom +123 -0
- package/circomlib/circuits/escalarmul.circom +166 -0
- package/circomlib/circuits/escalarmulany.circom +197 -0
- package/circomlib/circuits/escalarmulfix.circom +299 -0
- package/circomlib/circuits/escalarmulw4table.circom +52 -0
- package/circomlib/circuits/gates.circom +96 -0
- package/circomlib/circuits/mimc.circom +156 -0
- package/circomlib/circuits/mimcsponge.circom +293 -0
- package/circomlib/circuits/montgomery.circom +142 -0
- package/circomlib/circuits/multiplexer.circom +115 -0
- package/circomlib/circuits/mux1.circom +48 -0
- package/circomlib/circuits/mux2.circom +63 -0
- package/circomlib/circuits/mux3.circom +75 -0
- package/circomlib/circuits/mux4.circom +119 -0
- package/circomlib/circuits/pedersen.circom +257 -0
- package/circomlib/circuits/pedersen_old.circom +68 -0
- package/circomlib/circuits/pointbits.circom +164 -0
- package/circomlib/circuits/poseidon.circom +208 -0
- package/circomlib/circuits/poseidon_constants.circom +24959 -0
- package/circomlib/circuits/poseidon_constants_old.circom +252 -0
- package/circomlib/circuits/poseidon_old.circom +97 -0
- package/circomlib/circuits/sha256/ch.circom +47 -0
- package/circomlib/circuits/sha256/constants.circom +53 -0
- package/circomlib/circuits/sha256/main.circom +35 -0
- package/circomlib/circuits/sha256/maj.circom +45 -0
- package/circomlib/circuits/sha256/rotate.circom +28 -0
- package/circomlib/circuits/sha256/sha256.circom +81 -0
- package/circomlib/circuits/sha256/sha256_2.circom +91 -0
- package/circomlib/circuits/sha256/sha256compression.circom +166 -0
- package/circomlib/circuits/sha256/sha256compression_function.circom +112 -0
- package/circomlib/circuits/sha256/shift.circom +33 -0
- package/circomlib/circuits/sha256/sigma.circom +77 -0
- package/circomlib/circuits/sha256/sigmaplus.circom +50 -0
- package/circomlib/circuits/sha256/t1.circom +58 -0
- package/circomlib/circuits/sha256/t2.circom +51 -0
- package/circomlib/circuits/sha256/xor3.circom +45 -0
- package/circomlib/circuits/sign.circom +36 -0
- package/circomlib/circuits/smt/smthash_mimc.circom +58 -0
- package/circomlib/circuits/smt/smthash_poseidon.circom +57 -0
- package/circomlib/circuits/smt/smtlevins.circom +103 -0
- package/circomlib/circuits/smt/smtprocessor.circom +261 -0
- package/circomlib/circuits/smt/smtprocessorlevel.circom +95 -0
- package/circomlib/circuits/smt/smtprocessorsm.circom +165 -0
- package/circomlib/circuits/smt/smtverifier.circom +138 -0
- package/circomlib/circuits/smt/smtverifierlevel.circom +71 -0
- package/circomlib/circuits/smt/smtverifiersm.circom +106 -0
- package/circomlib/circuits/switcher.circom +42 -0
- package/circomlib/doc/root_transfer.monopic +0 -0
- package/circomlib/doc/smt_diagram_0.monopic +0 -0
- package/circomlib/doc/smt_diagram_1.monopic +0 -0
- package/circomlib/doc/smt_hash.monopic +0 -0
- package/circomlib/doc/smt_levins.monopic +0 -0
- package/circomlib/doc/smt_sm.monopic +0 -0
- package/circomlib/doc/smt_verifier_sm.monopic +0 -0
- package/circomlib/doc/voting.monopic +0 -0
- package/circomlib/doc/window.monopic +0 -0
- package/circomlib/doc/window_chain.monopic +0 -0
- package/circomlib/index.js +2 -0
- package/circomlib/package.json +33 -0
- package/circomlib/test/aliascheck.js +77 -0
- package/circomlib/test/babyjub.js +118 -0
- package/circomlib/test/binsub.js +52 -0
- package/circomlib/test/binsum.js +38 -0
- package/circomlib/test/circuits/aliascheck_test.circom +4 -0
- package/circomlib/test/circuits/babyadd_tester.circom +4 -0
- package/circomlib/test/circuits/babycheck_test.circom +4 -0
- package/circomlib/test/circuits/babypbk_test.circom +4 -0
- package/circomlib/test/circuits/binsub_test.circom +33 -0
- package/circomlib/test/circuits/constants_test.circom +20 -0
- package/circomlib/test/circuits/eddsa_test.circom +5 -0
- package/circomlib/test/circuits/eddsamimc_test.circom +5 -0
- package/circomlib/test/circuits/eddsaposeidon_test.circom +5 -0
- package/circomlib/test/circuits/edwards2montgomery.circom +5 -0
- package/circomlib/test/circuits/escalarmul_min_test.circom +27 -0
- package/circomlib/test/circuits/escalarmul_test.circom +33 -0
- package/circomlib/test/circuits/escalarmul_test_min.circom +28 -0
- package/circomlib/test/circuits/escalarmulany_test.circom +30 -0
- package/circomlib/test/circuits/escalarmulfix_test.circom +31 -0
- package/circomlib/test/circuits/escalarmulw4table.circom +20 -0
- package/circomlib/test/circuits/escalarmulw4table_test.circom +19 -0
- package/circomlib/test/circuits/escalarmulw4table_test3.circom +19 -0
- package/circomlib/test/circuits/greatereqthan.circom +5 -0
- package/circomlib/test/circuits/greaterthan.circom +5 -0
- package/circomlib/test/circuits/isequal.circom +5 -0
- package/circomlib/test/circuits/iszero.circom +5 -0
- package/circomlib/test/circuits/lesseqthan.circom +5 -0
- package/circomlib/test/circuits/lessthan.circom +5 -0
- package/circomlib/test/circuits/mimc_sponge_hash_test.circom +5 -0
- package/circomlib/test/circuits/mimc_sponge_test.circom +5 -0
- package/circomlib/test/circuits/mimc_test.circom +5 -0
- package/circomlib/test/circuits/montgomery2edwards.circom +5 -0
- package/circomlib/test/circuits/montgomeryadd.circom +5 -0
- package/circomlib/test/circuits/montgomerydouble.circom +5 -0
- package/circomlib/test/circuits/mux1_1.circom +33 -0
- package/circomlib/test/circuits/mux2_1.circom +37 -0
- package/circomlib/test/circuits/mux3_1.circom +41 -0
- package/circomlib/test/circuits/mux4_1.circom +56 -0
- package/circomlib/test/circuits/pedersen2_test.circom +34 -0
- package/circomlib/test/circuits/pedersen_test.circom +31 -0
- package/circomlib/test/circuits/pointbits_loopback.circom +25 -0
- package/circomlib/test/circuits/poseidon3_test.circom +5 -0
- package/circomlib/test/circuits/poseidon6_test.circom +5 -0
- package/circomlib/test/circuits/poseidonex_test.circom +5 -0
- package/circomlib/test/circuits/sha256_2_test.circom +17 -0
- package/circomlib/test/circuits/sha256_test448.circom +5 -0
- package/circomlib/test/circuits/sha256_test512.circom +5 -0
- package/circomlib/test/circuits/sign_test.circom +5 -0
- package/circomlib/test/circuits/smtprocessor10_test.circom +5 -0
- package/circomlib/test/circuits/smtverifier10_test.circom +5 -0
- package/circomlib/test/circuits/sum_test.circom +33 -0
- package/circomlib/test/comparators.js +187 -0
- package/circomlib/test/eddsa.js +75 -0
- package/circomlib/test/eddsamimc.js +102 -0
- package/circomlib/test/eddsaposeidon.js +103 -0
- package/circomlib/test/escalarmul.js +121 -0
- package/circomlib/test/escalarmulany.js +51 -0
- package/circomlib/test/escalarmulfix.js +95 -0
- package/circomlib/test/helpers/printsignal.js +22 -0
- package/circomlib/test/helpers/sha256.js +178 -0
- package/circomlib/test/mimccircuit.js +27 -0
- package/circomlib/test/mimcspongecircuit.js +47 -0
- package/circomlib/test/montgomery.js +101 -0
- package/circomlib/test/multiplexer.js +101 -0
- package/circomlib/test/pedersen.js +83 -0
- package/circomlib/test/pedersen2.js +56 -0
- package/circomlib/test/point2bits.js +30 -0
- package/circomlib/test/poseidoncircuit.js +80 -0
- package/circomlib/test/sha256.js +118 -0
- package/circomlib/test/sign.js +82 -0
- package/circomlib/test/smtprocessor.js +219 -0
- package/circomlib/test/smtverifier.js +141 -0
- package/lib/compile.js +82 -0
- package/lib/deploy.js +391 -0
- package/lib/test.js +47 -0
- package/lib/verify.js +153 -0
- package/package.json +43 -0
- package/pot12_0000.ptau +0 -0
- package/pot12_0001.ptau +0 -0
- package/ptau/pot12_final.ptau +0 -0
|
@@ -0,0 +1,187 @@
|
|
|
1
|
+
const chai = require("chai");
|
|
2
|
+
const path = require("path");
|
|
3
|
+
const F1Field = require("ffjavascript").F1Field;
|
|
4
|
+
const Scalar = require("ffjavascript").Scalar;
|
|
5
|
+
exports.p = Scalar.fromString("21888242871839275222246405745257275088548364400416034343698204186575808495617");
|
|
6
|
+
const Fr = new F1Field(exports.p);
|
|
7
|
+
|
|
8
|
+
const wasm_tester = require("circom_tester").wasm;
|
|
9
|
+
|
|
10
|
+
const assert = chai.assert;
|
|
11
|
+
|
|
12
|
+
describe("Comparators test", function () {
|
|
13
|
+
|
|
14
|
+
this.timeout(100000);
|
|
15
|
+
|
|
16
|
+
it("Should create a iszero circuit", async() => {
|
|
17
|
+
const circuit = await wasm_tester(path.join(__dirname, "circuits", "iszero.circom"));
|
|
18
|
+
|
|
19
|
+
let witness;
|
|
20
|
+
witness = await circuit.calculateWitness({ "in": 111}, true);
|
|
21
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
22
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
23
|
+
|
|
24
|
+
witness = await circuit.calculateWitness({ "in": 0 }, true);
|
|
25
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
26
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
27
|
+
});
|
|
28
|
+
it("Should create a isequal circuit", async() => {
|
|
29
|
+
const circuit = await wasm_tester(path.join(__dirname, "circuits", "isequal.circom"));
|
|
30
|
+
|
|
31
|
+
let witness;
|
|
32
|
+
witness = await circuit.calculateWitness({ "in": [111,222] }, true);
|
|
33
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
34
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
35
|
+
|
|
36
|
+
|
|
37
|
+
witness = await circuit.calculateWitness({ "in": [444,444] }, true);
|
|
38
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
39
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
40
|
+
});
|
|
41
|
+
it("Should create a comparison lessthan", async() => {
|
|
42
|
+
const circuit = await wasm_tester(path.join(__dirname, "circuits", "lessthan.circom"));
|
|
43
|
+
|
|
44
|
+
let witness;
|
|
45
|
+
witness = await circuit.calculateWitness({ "in": [333,444] }), true;
|
|
46
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
47
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
48
|
+
|
|
49
|
+
witness = await circuit.calculateWitness({ "in":[1,1] }, true);
|
|
50
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
51
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
52
|
+
|
|
53
|
+
witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
|
|
54
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
55
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
56
|
+
|
|
57
|
+
witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
|
|
58
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
59
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
60
|
+
|
|
61
|
+
witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
|
|
62
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
63
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
64
|
+
|
|
65
|
+
witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
|
|
66
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
67
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
68
|
+
|
|
69
|
+
witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
|
|
70
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
71
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
72
|
+
|
|
73
|
+
witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
|
|
74
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
75
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
76
|
+
});
|
|
77
|
+
it("Should create a comparison lesseqthan", async() => {
|
|
78
|
+
|
|
79
|
+
const circuit = await wasm_tester(path.join(__dirname, "circuits", "lesseqthan.circom"));
|
|
80
|
+
|
|
81
|
+
let witness;
|
|
82
|
+
witness = await circuit.calculateWitness({ "in": [333,444] }, true);
|
|
83
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
84
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
85
|
+
|
|
86
|
+
witness = await circuit.calculateWitness({ "in":[1,1] }, true);
|
|
87
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
88
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
89
|
+
|
|
90
|
+
witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
|
|
91
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
92
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
93
|
+
|
|
94
|
+
witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
|
|
95
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
96
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
97
|
+
|
|
98
|
+
witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
|
|
99
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
100
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
101
|
+
|
|
102
|
+
witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
|
|
103
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
104
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
105
|
+
|
|
106
|
+
witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
|
|
107
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
108
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
109
|
+
|
|
110
|
+
witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
|
|
111
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
112
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
113
|
+
});
|
|
114
|
+
it("Should create a comparison greaterthan", async() => {
|
|
115
|
+
|
|
116
|
+
const circuit = await wasm_tester(path.join(__dirname, "circuits", "greaterthan.circom"));
|
|
117
|
+
|
|
118
|
+
let witness;
|
|
119
|
+
witness = await circuit.calculateWitness({ "in": [333,444] }, true);
|
|
120
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
121
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
122
|
+
|
|
123
|
+
witness = await circuit.calculateWitness({ "in":[1,1] }, true);
|
|
124
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
125
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
126
|
+
|
|
127
|
+
witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
|
|
128
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
129
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
130
|
+
|
|
131
|
+
witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
|
|
132
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
133
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
134
|
+
|
|
135
|
+
witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
|
|
136
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
137
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
138
|
+
|
|
139
|
+
witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
|
|
140
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
141
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
142
|
+
|
|
143
|
+
witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
|
|
144
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
145
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
146
|
+
|
|
147
|
+
witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
|
|
148
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
149
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
150
|
+
});
|
|
151
|
+
it("Should create a comparison greatereqthan", async() => {
|
|
152
|
+
const circuit = await wasm_tester(path.join(__dirname, "circuits", "greatereqthan.circom"));
|
|
153
|
+
|
|
154
|
+
let witness;
|
|
155
|
+
witness = await circuit.calculateWitness({ "in": [333,444] }, true);
|
|
156
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
157
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
158
|
+
|
|
159
|
+
witness = await circuit.calculateWitness({ "in":[1,1] }, true);
|
|
160
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
161
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
162
|
+
|
|
163
|
+
witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
|
|
164
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
165
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
166
|
+
|
|
167
|
+
witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
|
|
168
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
169
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
170
|
+
|
|
171
|
+
witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
|
|
172
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
173
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(0)));
|
|
174
|
+
|
|
175
|
+
witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
|
|
176
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
177
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
178
|
+
|
|
179
|
+
witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
|
|
180
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
181
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
182
|
+
|
|
183
|
+
witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
|
|
184
|
+
assert(Fr.eq(Fr.e(witness[0]), Fr.e(1)));
|
|
185
|
+
assert(Fr.eq(Fr.e(witness[1]), Fr.e(1)));
|
|
186
|
+
});
|
|
187
|
+
});
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
const chai = require("chai");
|
|
2
|
+
const path = require("path");
|
|
3
|
+
|
|
4
|
+
const wasm_tester = require("circom_tester").wasm;
|
|
5
|
+
|
|
6
|
+
const buildEddsa = require("circomlibjs").buildEddsa;
|
|
7
|
+
const buildBabyjub = require("circomlibjs").buildBabyjub;
|
|
8
|
+
|
|
9
|
+
const Scalar = require("ffjavascript").Scalar;
|
|
10
|
+
|
|
11
|
+
const assert = chai.assert;
|
|
12
|
+
|
|
13
|
+
function print(circuit, w, s) {
|
|
14
|
+
console.log(s + ": " + w[circuit.getSignalIdx(s)]);
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
function buffer2bits(buff) {
|
|
18
|
+
const res = [];
|
|
19
|
+
for (let i=0; i<buff.length; i++) {
|
|
20
|
+
for (let j=0; j<8; j++) {
|
|
21
|
+
if ((buff[i]>>j)&1) {
|
|
22
|
+
res.push(1n);
|
|
23
|
+
} else {
|
|
24
|
+
res.push(0n);
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
return res;
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
|
|
32
|
+
describe("EdDSA test", function () {
|
|
33
|
+
let circuit;
|
|
34
|
+
let eddsa;
|
|
35
|
+
let babyJub;
|
|
36
|
+
let F;
|
|
37
|
+
|
|
38
|
+
this.timeout(100000);
|
|
39
|
+
|
|
40
|
+
before( async () => {
|
|
41
|
+
eddsa = await buildEddsa();
|
|
42
|
+
babyJub = await buildBabyjub();
|
|
43
|
+
F = babyJub.F;
|
|
44
|
+
circuit = await wasm_tester(path.join(__dirname, "circuits", "eddsa_test.circom"));
|
|
45
|
+
});
|
|
46
|
+
|
|
47
|
+
|
|
48
|
+
it("Sign a single 10 bytes from 0 to 9", async () => {
|
|
49
|
+
const msg = Buffer.from("00010203040506070809", "hex");
|
|
50
|
+
|
|
51
|
+
// const prvKey = crypto.randomBytes(32);
|
|
52
|
+
|
|
53
|
+
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
|
|
54
|
+
|
|
55
|
+
const pubKey = eddsa.prv2pub(prvKey);
|
|
56
|
+
|
|
57
|
+
const pPubKey = babyJub.packPoint(pubKey);
|
|
58
|
+
|
|
59
|
+
const signature = eddsa.signPedersen(prvKey, msg);
|
|
60
|
+
|
|
61
|
+
const pSignature = eddsa.packSignature(signature);
|
|
62
|
+
const uSignature = eddsa.unpackSignature(pSignature);
|
|
63
|
+
|
|
64
|
+
assert(eddsa.verifyPedersen(msg, uSignature, pubKey));
|
|
65
|
+
|
|
66
|
+
const msgBits = buffer2bits( msg);
|
|
67
|
+
const r8Bits = buffer2bits( pSignature.slice(0, 32));
|
|
68
|
+
const sBits = buffer2bits( pSignature.slice(32, 64));
|
|
69
|
+
const aBits = buffer2bits( pPubKey);
|
|
70
|
+
|
|
71
|
+
const w = await circuit.calculateWitness({A: aBits, R8: r8Bits, S: sBits, msg: msgBits}, true);
|
|
72
|
+
|
|
73
|
+
await circuit.checkConstraints(w);
|
|
74
|
+
});
|
|
75
|
+
});
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
const chai = require("chai");
|
|
2
|
+
const path = require("path");
|
|
3
|
+
const wasm_tester = require("circom_tester").wasm;
|
|
4
|
+
|
|
5
|
+
const buildEddsa = require("circomlibjs").buildEddsa;
|
|
6
|
+
const buildBabyjub = require("circomlibjs").buildBabyjub;
|
|
7
|
+
|
|
8
|
+
const assert = chai.assert;
|
|
9
|
+
|
|
10
|
+
describe("EdDSA MiMC test", function () {
|
|
11
|
+
let circuit;
|
|
12
|
+
let eddsa;
|
|
13
|
+
let babyJub;
|
|
14
|
+
let F;
|
|
15
|
+
|
|
16
|
+
this.timeout(100000);
|
|
17
|
+
|
|
18
|
+
before( async () => {
|
|
19
|
+
eddsa = await buildEddsa();
|
|
20
|
+
babyJub = await buildBabyjub();
|
|
21
|
+
F = babyJub.F;
|
|
22
|
+
|
|
23
|
+
circuit = await wasm_tester(path.join(__dirname, "circuits", "eddsamimc_test.circom"));
|
|
24
|
+
});
|
|
25
|
+
|
|
26
|
+
it("Sign a single number", async () => {
|
|
27
|
+
const msg = F.e(1234);
|
|
28
|
+
|
|
29
|
+
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
|
|
30
|
+
|
|
31
|
+
const pubKey = eddsa.prv2pub(prvKey);
|
|
32
|
+
|
|
33
|
+
const signature = eddsa.signMiMC(prvKey, msg);
|
|
34
|
+
|
|
35
|
+
assert(eddsa.verifyMiMC(msg, signature, pubKey));
|
|
36
|
+
|
|
37
|
+
const w = await circuit.calculateWitness({
|
|
38
|
+
enabled: 1,
|
|
39
|
+
Ax: F.toObject(pubKey[0]),
|
|
40
|
+
Ay: F.toObject(pubKey[1]),
|
|
41
|
+
R8x: F.toObject(signature.R8[0]),
|
|
42
|
+
R8y: F.toObject(signature.R8[1]),
|
|
43
|
+
S: signature.S,
|
|
44
|
+
M: F.toObject(msg)}, true);
|
|
45
|
+
|
|
46
|
+
|
|
47
|
+
await circuit.checkConstraints(w);
|
|
48
|
+
|
|
49
|
+
});
|
|
50
|
+
|
|
51
|
+
it("Detect Invalid signature", async () => {
|
|
52
|
+
const msg = F.e(1234);
|
|
53
|
+
|
|
54
|
+
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
|
|
55
|
+
|
|
56
|
+
const pubKey = eddsa.prv2pub(prvKey);
|
|
57
|
+
|
|
58
|
+
|
|
59
|
+
const signature = eddsa.signMiMC(prvKey, msg);
|
|
60
|
+
|
|
61
|
+
assert(eddsa.verifyMiMC(msg, signature, pubKey));
|
|
62
|
+
try {
|
|
63
|
+
const w = await circuit.calculateWitness({
|
|
64
|
+
enabled: 1,
|
|
65
|
+
Ax: F.toObject(pubKey[0]),
|
|
66
|
+
Ay: F.toObject(pubKey[1]),
|
|
67
|
+
R8x: F.toObject(F.add(signature.R8[0], F.e(1))),
|
|
68
|
+
R8y: F.toObject(signature.R8[1]),
|
|
69
|
+
S: signature.S,
|
|
70
|
+
M: F.toObject(msg)}, true);
|
|
71
|
+
assert(false);
|
|
72
|
+
} catch(err) {
|
|
73
|
+
assert(err.message.includes("Assert Failed"));
|
|
74
|
+
}
|
|
75
|
+
});
|
|
76
|
+
|
|
77
|
+
|
|
78
|
+
it("Test a dissabled circuit with a bad signature", async () => {
|
|
79
|
+
const msg = F.e(1234);
|
|
80
|
+
|
|
81
|
+
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
|
|
82
|
+
|
|
83
|
+
const pubKey = eddsa.prv2pub(prvKey);
|
|
84
|
+
|
|
85
|
+
|
|
86
|
+
const signature = eddsa.signMiMC(prvKey, msg);
|
|
87
|
+
|
|
88
|
+
assert(eddsa.verifyMiMC(msg, signature, pubKey));
|
|
89
|
+
|
|
90
|
+
const w = await circuit.calculateWitness({
|
|
91
|
+
enabled: 0,
|
|
92
|
+
Ax: F.toObject(pubKey[0]),
|
|
93
|
+
Ay: F.toObject(pubKey[1]),
|
|
94
|
+
R8x: F.toObject(F.add(signature.R8[0], F.e(1))),
|
|
95
|
+
R8y: F.toObject(signature.R8[1]),
|
|
96
|
+
S: signature.S,
|
|
97
|
+
M: F.toObject(msg)}, true);
|
|
98
|
+
|
|
99
|
+
await circuit.checkConstraints(w);
|
|
100
|
+
|
|
101
|
+
});
|
|
102
|
+
});
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
const chai = require("chai");
|
|
2
|
+
const path = require("path");
|
|
3
|
+
const wasm_tester = require("circom_tester").wasm;
|
|
4
|
+
|
|
5
|
+
const buildEddsa = require("circomlibjs").buildEddsa;
|
|
6
|
+
const buildBabyjub = require("circomlibjs").buildBabyjub;
|
|
7
|
+
|
|
8
|
+
const assert = chai.assert;
|
|
9
|
+
|
|
10
|
+
describe("EdDSA Poseidon test", function () {
|
|
11
|
+
let circuit;
|
|
12
|
+
let eddsa;
|
|
13
|
+
let babyJub;
|
|
14
|
+
let F;
|
|
15
|
+
|
|
16
|
+
this.timeout(100000);
|
|
17
|
+
|
|
18
|
+
before( async () => {
|
|
19
|
+
eddsa = await buildEddsa();
|
|
20
|
+
babyJub = await buildBabyjub();
|
|
21
|
+
F = babyJub.F;
|
|
22
|
+
circuit = await wasm_tester(path.join(__dirname, "circuits", "eddsaposeidon_test.circom"));
|
|
23
|
+
});
|
|
24
|
+
|
|
25
|
+
it("Sign a single number", async () => {
|
|
26
|
+
const msg = F.e(1234);
|
|
27
|
+
|
|
28
|
+
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
|
|
29
|
+
|
|
30
|
+
const pubKey = eddsa.prv2pub(prvKey);
|
|
31
|
+
|
|
32
|
+
const signature = eddsa.signPoseidon(prvKey, msg);
|
|
33
|
+
|
|
34
|
+
assert(eddsa.verifyPoseidon(msg, signature, pubKey));
|
|
35
|
+
|
|
36
|
+
const input = {
|
|
37
|
+
enabled: 1,
|
|
38
|
+
Ax: F.toObject(pubKey[0]),
|
|
39
|
+
Ay: F.toObject(pubKey[1]),
|
|
40
|
+
R8x: F.toObject(signature.R8[0]),
|
|
41
|
+
R8y: F.toObject(signature.R8[1]),
|
|
42
|
+
S: signature.S,
|
|
43
|
+
M: F.toObject(msg)
|
|
44
|
+
};
|
|
45
|
+
|
|
46
|
+
// console.log(JSON.stringify(utils.stringifyBigInts(input)));
|
|
47
|
+
|
|
48
|
+
const w = await circuit.calculateWitness(input, true);
|
|
49
|
+
|
|
50
|
+
await circuit.checkConstraints(w);
|
|
51
|
+
});
|
|
52
|
+
|
|
53
|
+
it("Detect Invalid signature", async () => {
|
|
54
|
+
const msg = F.e(1234);
|
|
55
|
+
|
|
56
|
+
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
|
|
57
|
+
|
|
58
|
+
const pubKey = eddsa.prv2pub(prvKey);
|
|
59
|
+
|
|
60
|
+
|
|
61
|
+
const signature = eddsa.signPoseidon(prvKey, msg);
|
|
62
|
+
|
|
63
|
+
assert(eddsa.verifyPoseidon(msg, signature, pubKey));
|
|
64
|
+
try {
|
|
65
|
+
await circuit.calculateWitness({
|
|
66
|
+
enabled: 1,
|
|
67
|
+
Ax: F.toObject(pubKey[0]),
|
|
68
|
+
Ay: F.toObject(pubKey[1]),
|
|
69
|
+
R8x: F.toObject(F.add(signature.R8[0], F.e(1))),
|
|
70
|
+
R8y: F.toObject(signature.R8[1]),
|
|
71
|
+
S: signature.S,
|
|
72
|
+
M: F.toObject(msg)}, true);
|
|
73
|
+
assert(false);
|
|
74
|
+
} catch(err) {
|
|
75
|
+
assert(err.message.includes("Assert Failed"));
|
|
76
|
+
}
|
|
77
|
+
});
|
|
78
|
+
|
|
79
|
+
|
|
80
|
+
it("Test a dissabled circuit with a bad signature", async () => {
|
|
81
|
+
const msg = F.e(1234);
|
|
82
|
+
|
|
83
|
+
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
|
|
84
|
+
|
|
85
|
+
const pubKey = eddsa.prv2pub(prvKey);
|
|
86
|
+
|
|
87
|
+
|
|
88
|
+
const signature = eddsa.signPoseidon(prvKey, msg);
|
|
89
|
+
|
|
90
|
+
assert(eddsa.verifyPoseidon(msg, signature, pubKey));
|
|
91
|
+
|
|
92
|
+
const w = await circuit.calculateWitness({
|
|
93
|
+
enabled: 0,
|
|
94
|
+
Ax: F.toObject(pubKey[0]),
|
|
95
|
+
Ay: F.toObject(pubKey[1]),
|
|
96
|
+
R8x: F.toObject(F.add(signature.R8[0], F.e(1))),
|
|
97
|
+
R8y: F.toObject(signature.R8[1]),
|
|
98
|
+
S: signature.S,
|
|
99
|
+
M: F.toObject(msg)}, true);
|
|
100
|
+
|
|
101
|
+
await circuit.checkConstraints(w);
|
|
102
|
+
});
|
|
103
|
+
});
|
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
const chai = require("chai");
|
|
2
|
+
const path = require("path");
|
|
3
|
+
const wasm_tester = require("circom_tester").wasm;
|
|
4
|
+
const buildBabyjub = require("circomlibjs").buildBabyjub;
|
|
5
|
+
|
|
6
|
+
const Scalar = require("ffjavascript").Scalar;
|
|
7
|
+
|
|
8
|
+
const assert = chai.assert;
|
|
9
|
+
|
|
10
|
+
function print(circuit, w, s) {
|
|
11
|
+
console.log(s + ": " + w[circuit.getSignalIdx(s)]);
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
describe("Exponentioation test", function () {
|
|
15
|
+
let babyJub;
|
|
16
|
+
let Fr;
|
|
17
|
+
this.timeout(100000);
|
|
18
|
+
|
|
19
|
+
before( async () => {
|
|
20
|
+
babyJub = await buildBabyjub();
|
|
21
|
+
Fr = babyJub.F;
|
|
22
|
+
});
|
|
23
|
+
|
|
24
|
+
it("Should generate the Exponentiation table in k=0", async () => {
|
|
25
|
+
|
|
26
|
+
const circuit = await wasm_tester(path.join(__dirname, "circuits", "escalarmulw4table_test.circom"));
|
|
27
|
+
|
|
28
|
+
const w = await circuit.calculateWitness({in: 1});
|
|
29
|
+
|
|
30
|
+
await circuit.checkConstraints(w);
|
|
31
|
+
|
|
32
|
+
let g = [
|
|
33
|
+
Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
|
|
34
|
+
Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
|
|
35
|
+
];
|
|
36
|
+
|
|
37
|
+
let dbl= [Fr.e("0"), Fr.e("1")];
|
|
38
|
+
|
|
39
|
+
const expectedOut = [];
|
|
40
|
+
|
|
41
|
+
for (let i=0; i<16; i++) {
|
|
42
|
+
|
|
43
|
+
expectedOut.push([Fr.toObject(dbl[0]), Fr.toObject(dbl[1])]);
|
|
44
|
+
dbl = babyJub.addPoint(dbl,g);
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
await circuit.assertOut(w, {out: expectedOut});
|
|
48
|
+
|
|
49
|
+
});
|
|
50
|
+
|
|
51
|
+
it("Should generate the Exponentiation table in k=3", async () => {
|
|
52
|
+
|
|
53
|
+
const circuit = await wasm_tester(path.join(__dirname, "circuits", "escalarmulw4table_test3.circom"));
|
|
54
|
+
|
|
55
|
+
const w = await circuit.calculateWitness({in: 1});
|
|
56
|
+
|
|
57
|
+
await circuit.checkConstraints(w);
|
|
58
|
+
|
|
59
|
+
let g = [
|
|
60
|
+
Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
|
|
61
|
+
Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
|
|
62
|
+
];
|
|
63
|
+
|
|
64
|
+
for (let i=0; i<12;i++) {
|
|
65
|
+
g = babyJub.addPoint(g,g);
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
let dbl= [Fr.e("0"), Fr.e("1")];
|
|
69
|
+
|
|
70
|
+
const expectedOut = [];
|
|
71
|
+
|
|
72
|
+
for (let i=0; i<16; i++) {
|
|
73
|
+
expectedOut.push([Fr.toObject(dbl[0]), Fr.toObject(dbl[1])]);
|
|
74
|
+
|
|
75
|
+
dbl = babyJub.addPoint(dbl,g);
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
await circuit.assertOut(w, {out: expectedOut});
|
|
79
|
+
|
|
80
|
+
});
|
|
81
|
+
|
|
82
|
+
it("Should exponentiate g^31", async () => {
|
|
83
|
+
|
|
84
|
+
const circuit = await wasm_tester(path.join(__dirname, "circuits", "escalarmul_test.circom"));
|
|
85
|
+
|
|
86
|
+
const w = await circuit.calculateWitness({"in": 31});
|
|
87
|
+
|
|
88
|
+
await circuit.checkConstraints(w);
|
|
89
|
+
|
|
90
|
+
let g = [
|
|
91
|
+
Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
|
|
92
|
+
Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
|
|
93
|
+
];
|
|
94
|
+
|
|
95
|
+
let c = [Fr.e(0), Fr.e(1)];
|
|
96
|
+
|
|
97
|
+
for (let i=0; i<31;i++) {
|
|
98
|
+
c = babyJub.addPoint(c,g);
|
|
99
|
+
}
|
|
100
|
+
|
|
101
|
+
await circuit.assertOut(w, {out: [Fr.toObject(c[0]), Fr.toObject(c[1])] });
|
|
102
|
+
|
|
103
|
+
const w2 = await circuit.calculateWitness({"in": Scalar.add(Scalar.shl(Scalar.e(1), 252),Scalar.e(1))});
|
|
104
|
+
|
|
105
|
+
c = [g[0], g[1]];
|
|
106
|
+
for (let i=0; i<252;i++) {
|
|
107
|
+
c = babyJub.addPoint(c,c);
|
|
108
|
+
}
|
|
109
|
+
c = babyJub.addPoint(c,g);
|
|
110
|
+
|
|
111
|
+
await circuit.assertOut(w2, {out: [Fr.toObject(c[0]), Fr.toObject(c[1])] });
|
|
112
|
+
|
|
113
|
+
}).timeout(10000000);
|
|
114
|
+
|
|
115
|
+
it("Number of constrains for 256 bits", async () => {
|
|
116
|
+
|
|
117
|
+
const circuit = await wasm_tester(path.join(__dirname, "circuits", "escalarmul_test_min.circom"));
|
|
118
|
+
|
|
119
|
+
}).timeout(10000000);
|
|
120
|
+
|
|
121
|
+
});
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
const chai = require("chai");
|
|
2
|
+
const path = require("path");
|
|
3
|
+
const wasm_tester = require("circom_tester").wasm;
|
|
4
|
+
|
|
5
|
+
const F1Field = require("ffjavascript").F1Field;
|
|
6
|
+
const Scalar = require("ffjavascript").Scalar;
|
|
7
|
+
exports.p = Scalar.fromString("21888242871839275222246405745257275088548364400416034343698204186575808495617");
|
|
8
|
+
const Fr = new F1Field(exports.p);
|
|
9
|
+
|
|
10
|
+
function print(circuit, w, s) {
|
|
11
|
+
console.log(s + ": " + w[circuit.getSignalIdx(s)]);
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
describe("Escalarmul test", function () {
|
|
15
|
+
let circuitEMulAny;
|
|
16
|
+
|
|
17
|
+
this.timeout(100000);
|
|
18
|
+
|
|
19
|
+
let g;
|
|
20
|
+
|
|
21
|
+
before( async() => {
|
|
22
|
+
circuitEMulAny = await wasm_tester(path.join(__dirname, "circuits", "escalarmulany_test.circom"));
|
|
23
|
+
g = [
|
|
24
|
+
Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
|
|
25
|
+
Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
|
|
26
|
+
]
|
|
27
|
+
});
|
|
28
|
+
|
|
29
|
+
it("Should generate Same escalar mul", async () => {
|
|
30
|
+
|
|
31
|
+
const w = await circuitEMulAny.calculateWitness({"e": 1, "p": g});
|
|
32
|
+
|
|
33
|
+
await circuitEMulAny.checkConstraints(w);
|
|
34
|
+
|
|
35
|
+
await circuitEMulAny.assertOut(w, {out: g}, true);
|
|
36
|
+
|
|
37
|
+
});
|
|
38
|
+
|
|
39
|
+
it("If multiply by order should return 0", async () => {
|
|
40
|
+
|
|
41
|
+
const r = Fr.e("2736030358979909402780800718157159386076813972158567259200215660948447373041");
|
|
42
|
+
const w = await circuitEMulAny.calculateWitness({"e": r, "p": g});
|
|
43
|
+
|
|
44
|
+
await circuitEMulAny.checkConstraints(w);
|
|
45
|
+
|
|
46
|
+
await circuitEMulAny.assertOut(w, {out: [0,1]}, true);
|
|
47
|
+
|
|
48
|
+
});
|
|
49
|
+
|
|
50
|
+
});
|
|
51
|
+
|