starkshield 1.0.0

package/circomlib/test/escalarmulfix.js

@@ -0,0 +1,95 @@
+const chai = require("chai");
+const path = require("path");
+const wasm_tester = require("circom_tester").wasm;
+const buildBabyjub = require("circomlibjs").buildBabyjub;
+const Scalar = require("ffjavascript").Scalar;
+
+const assert = chai.assert;
+
+function print(circuit, w, s) {
+    console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+describe("Escalarmul test", function () {
+    let babyJub;
+    let Fr;
+    let circuit;
+
+    this.timeout(100000);
+
+
+    before( async() => {
+        babyJub = await buildBabyjub();
+        Fr = babyJub.F;
+        circuit = await wasm_tester(path.join(__dirname, "circuits", "escalarmulfix_test.circom"));
+    });
+
+    it("Should generate Same escalar mul", async () => {
+
+        const w = await circuit.calculateWitness({"e": 0});
+
+        await circuit.checkConstraints(w);
+
+        await circuit.assertOut(w, {out: [0,1]}, true);
+
+    });
+
+    it("Should generate Same escalar mul", async () => {
+
+        const w = await circuit.calculateWitness({"e": 1}, true);
+
+        await circuit.checkConstraints(w);
+
+        await circuit.assertOut(w, {out: [Fr.toObject(babyJub.Base8[0]), Fr.toObject(babyJub.Base8[1])]});
+
+    });
+
+    it("Should generate scalar mul of a specific constant", async () => {
+
+        const s = Scalar.e("2351960337287830298912035165133676222414898052661454064215017316447594616519");
+        const base8 = [
+            Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+            Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+        ];
+
+        const w = await circuit.calculateWitness({"e": s}, true);
+
+        await circuit.checkConstraints(w);
+
+        const expectedRes = babyJub.mulPointEscalar(base8, s);
+
+        await circuit.assertOut(w, {out: [Fr.toObject(expectedRes[0]), Fr.toObject(expectedRes[1])]});
+
+    });
+
+    it("Should generate scalar mul of the firsts 50 elements", async () => {
+
+        const base8 = [
+            Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+            Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+        ];
+
+        for (let i=0; i<50; i++) {
+            const s = Scalar.e(i);
+
+            const w = await circuit.calculateWitness({"e": s}, true);
+
+            await circuit.checkConstraints(w);
+
+            const expectedRes = babyJub.mulPointEscalar(base8, s);
+
+            await circuit.assertOut(w, {out: [Fr.toObject(expectedRes[0]), Fr.toObject(expectedRes[1])]});
+        }
+    });
+
+    it("If multiply by order should return 0", async () => {
+
+        const w = await circuit.calculateWitness({"e": babyJub.subOrder }, true);
+
+        await circuit.checkConstraints(w);
+
+        await circuit.assertOut(w, {out: [0,1]});
+    });
+
+});
+

package/circomlib/test/helpers/printsignal.js

@@ -0,0 +1,22 @@
+
+const snarkjs = require("snarkjs");
+
+const bigInt = snarkjs.bigInt;
+
+module.exports = function hexBits(cir, witness, sig, nBits) {
+    let v = bigInt(0);
+    for (let i=nBits-1; i>=0; i--) {
+        v = v.shiftLeft(1);
+        const name = sig+"["+i+"]";
+        const idx = cir.getSignalIdx(name);
+        const vbit = bigInt(witness[idx].toString());
+        if (vbit.equals(bigInt(1))) {
+            v = v.add(bigInt(1));
+        } else if (vbit.equals(bigInt(0))) {
+            v;
+        } else {
+            console.log("Not Binary: "+name);
+        }
+    }
+    return v.toString(16);
+};

package/circomlib/test/helpers/sha256.js

@@ -0,0 +1,178 @@
+/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */
+/* SHA-256 (FIPS 180-4) implementation in JavaScript                  (c) Chris Veness 2002-2017  */
+/*                                                                                   MIT Licence  */
+/* www.movable-type.co.uk/scripts/sha256.html                                                     */
+/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */
+
+'use strict';
+
+
+/**
+ * SHA-256 hash function reference implementation.
+ *
+ * This is an annotated direct implementation of FIPS 180-4, without any optimisations. It is
+ * intended to aid understanding of the algorithm rather than for production use.
+ *
+ * While it could be used where performance is not critical, I would recommend using the ‘Web
+ * Cryptography API’ (developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest) for the browser,
+ * or the ‘crypto’ library (nodejs.org/api/crypto.html#crypto_class_hash) in Node.js.
+ *
+ * See csrc.nist.gov/groups/ST/toolkit/secure_hashing.html
+ *     csrc.nist.gov/groups/ST/toolkit/examples.html
+ */
+class Sha256 {
+
+    /**
+     * Generates SHA-256 hash of string.
+     *
+     * @param   {string} msg - (Unicode) string to be hashed.
+     * @param   {Object} [options]
+     * @param   {string} [options.msgFormat=string] - Message format: 'string' for JavaScript string
+     *   (gets converted to UTF-8 for hashing); 'hex-bytes' for string of hex bytes ('616263' ≡ 'abc') .
+     * @param   {string} [options.outFormat=hex] - Output format: 'hex' for string of contiguous
+     *   hex bytes; 'hex-w' for grouping hex bytes into groups of (4 byte / 8 character) words.
+     * @returns {string} Hash of msg as hex character string.
+     */
+    static hash(msg, options) {
+        const defaults = { msgFormat: 'string', outFormat: 'hex' };
+        const opt = Object.assign(defaults, options);
+
+        // note use throughout this routine of 'n >>> 0' to coerce Number 'n' to unsigned 32-bit integer
+
+        switch (opt.msgFormat) {
+            default: // default is to convert string to UTF-8, as SHA only deals with byte-streams
+            case 'string':   msg = utf8Encode(msg);       break;
+            case 'hex-bytes':msg = hexBytesToString(msg); break; // mostly for running tests
+        }
+
+        // constants [§4.2.2]
+        const K = [
+            0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+            0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+            0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+            0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+            0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+            0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+            0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+            0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 ];
+
+        // initial hash value [§5.3.3]
+        const H = [
+            0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 ];
+
+        // PREPROCESSING [§6.2.1]
+
+        msg += String.fromCharCode(0x80);  // add trailing '1' bit (+ 0's padding) to string [§5.1.1]
+
+        // convert string msg into 512-bit blocks (array of 16 32-bit integers) [§5.2.1]
+        const l = msg.length/4 + 2; // length (in 32-bit integers) of msg + ‘1’ + appended length
+        const N = Math.ceil(l/16);  // number of 16-integer (512-bit) blocks required to hold 'l' ints
+        const M = new Array(N);     // message M is N×16 array of 32-bit integers
+
+        for (let i=0; i<N; i++) {
+            M[i] = new Array(16);
+            for (let j=0; j<16; j++) { // encode 4 chars per integer (64 per block), big-endian encoding
+                M[i][j] = (msg.charCodeAt(i*64+j*4+0)<<24) | (msg.charCodeAt(i*64+j*4+1)<<16)
+                        | (msg.charCodeAt(i*64+j*4+2)<< 8) | (msg.charCodeAt(i*64+j*4+3)<< 0);
+            } // note running off the end of msg is ok 'cos bitwise ops on NaN return 0
+        }
+        // add length (in bits) into final pair of 32-bit integers (big-endian) [§5.1.1]
+        // note: most significant word would be (len-1)*8 >>> 32, but since JS converts
+        // bitwise-op args to 32 bits, we need to simulate this by arithmetic operators
+        const lenHi = ((msg.length-1)*8) / Math.pow(2, 32);
+        const lenLo = ((msg.length-1)*8) >>> 0;
+        M[N-1][14] = Math.floor(lenHi);
+        M[N-1][15] = lenLo;
+
+        // HASH COMPUTATION [§6.2.2]
+
+        for (let i=0; i<N; i++) {
+            const W = new Array(64);
+
+            // 1 - prepare message schedule 'W'
+            for (let t=0;  t<16; t++) W[t] = M[i][t];
+            for (let t=16; t<64; t++) {
+                W[t] = (Sha256.σ1(W[t-2]) + W[t-7] + Sha256.σ0(W[t-15]) + W[t-16]) >>> 0;
+            }
+
+            // 2 - initialise working variables a, b, c, d, e, f, g, h with previous hash value
+            let a = H[0], b = H[1], c = H[2], d = H[3], e = H[4], f = H[5], g = H[6], h = H[7];
+
+            // 3 - main loop (note '>>> 0' for 'addition modulo 2^32')
+            for (let t=0; t<64; t++) {
+                const T1 = h + Sha256.Σ1(e) + Sha256.Ch(e, f, g) + K[t] + W[t];
+                const T2 =     Sha256.Σ0(a) + Sha256.Maj(a, b, c);
+                h = g;
+                g = f;
+                f = e;
+                e = (d + T1) >>> 0;
+                d = c;
+                c = b;
+                b = a;
+                a = (T1 + T2) >>> 0;
+            }
+
+            // 4 - compute the new intermediate hash value (note '>>> 0' for 'addition modulo 2^32')
+            H[0] = (H[0]+a) >>> 0;
+            H[1] = (H[1]+b) >>> 0;
+            H[2] = (H[2]+c) >>> 0;
+            H[3] = (H[3]+d) >>> 0;
+            H[4] = (H[4]+e) >>> 0;
+            H[5] = (H[5]+f) >>> 0;
+            H[6] = (H[6]+g) >>> 0;
+            H[7] = (H[7]+h) >>> 0;
+        }
+
+        // convert H0..H7 to hex strings (with leading zeros)
+        for (let h=0; h<H.length; h++) H[h] = ('00000000'+H[h].toString(16)).slice(-8);
+
+        // concatenate H0..H7, with separator if required
+        const separator = opt.outFormat=='hex-w' ? ' ' : '';
+
+        return H.join(separator);
+
+        /* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */
+
+        function utf8Encode(str) {
+            try {
+                return new TextEncoder().encode(str, 'utf-8').reduce((prev, curr) => prev + String.fromCharCode(curr), '');
+            } catch (e) { // no TextEncoder available?
+                return unescape(encodeURIComponent(str)); // monsur.hossa.in/2012/07/20/utf-8-in-javascript.html
+            }
+        }
+
+        function hexBytesToString(hexStr) { // convert string of hex numbers to a string of chars (eg '616263' -> 'abc').
+            const str = hexStr.replace(' ', ''); // allow space-separated groups
+            return str=='' ? '' : str.match(/.{2}/g).map(byte => String.fromCharCode(parseInt(byte, 16))).join('');
+        }
+    }
+
+
+
+    /**
+     * Rotates right (circular right shift) value x by n positions [§3.2.4].
+     * @private
+     */
+    static ROTR(n, x) {
+        return (x >>> n) | (x << (32-n));
+    }
+
+
+    /**
+     * Logical functions [§4.1.2].
+     * @private
+     */
+    static Σ0(x) { return Sha256.ROTR(2,  x) ^ Sha256.ROTR(13, x) ^ Sha256.ROTR(22, x); }
+    static Σ1(x) { return Sha256.ROTR(6,  x) ^ Sha256.ROTR(11, x) ^ Sha256.ROTR(25, x); }
+    static σ0(x) { return Sha256.ROTR(7,  x) ^ Sha256.ROTR(18, x) ^ (x>>>3);  }
+    static σ1(x) { return Sha256.ROTR(17, x) ^ Sha256.ROTR(19, x) ^ (x>>>10); }
+    static Ch(x, y, z)  { return (x & y) ^ (~x & z); }          // 'choice'
+    static Maj(x, y, z) { return (x & y) ^ (x & z) ^ (y & z); } // 'majority'
+
+}
+
+
+/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */
+
+if (typeof module != 'undefined' && module.exports) module.exports = Sha256; // ≡ export default Sha256
+

package/circomlib/test/mimccircuit.js

@@ -0,0 +1,27 @@
+const chai = require("chai");
+const path = require("path");
+const wasm_tester = require("circom_tester").wasm;
+
+const buildMimc7 = require("circomlibjs").buildMimc7;
+
+describe("MiMC Circuit test", function () {
+    let circuit;
+    let mimc7;
+
+    this.timeout(100000);
+
+    before( async () => {
+        mimc7 = await buildMimc7();
+        circuit = await wasm_tester(path.join(__dirname, "circuits", "mimc_test.circom"));
+    });
+
+    it("Should check constrain", async () => {
+        const w = await circuit.calculateWitness({x_in: 1, k: 2}, true);
+
+        const res2 = mimc7.hash(1,2,91);
+
+        await circuit.assertOut(w, {out: mimc7.F.toObject(res2)});
+
+        await circuit.checkConstraints(w);
+    });
+});

package/circomlib/test/mimcspongecircuit.js

@@ -0,0 +1,47 @@
+const path = require("path");
+const wasm_tester = require("circom_tester").wasm;
+
+const buildMimcSponge = require("circomlibjs").buildMimcSponge;
+
+
+describe("MiMC Sponge Circuit test", function () {
+    let circuit;
+    let mimcSponge;
+    let F;
+
+    this.timeout(100000);
+
+    before( async () => {
+        mimcSponge = await buildMimcSponge();
+        F = mimcSponge.F;
+    });
+
+
+    it("Should check permutation", async () => {
+
+        circuit = await wasm_tester(path.join(__dirname, "circuits", "mimc_sponge_test.circom"));
+
+        const w = await circuit.calculateWitness({xL_in: 1, xR_in: 2, k: 3});
+
+        const out2 = mimcSponge.hash(1,2,3);
+
+        await circuit.assertOut(w, {xL_out: F.toObject(out2.xL), xR_out: F.toObject(out2.xR)});
+
+        await circuit.checkConstraints(w);
+
+    });
+
+    it("Should check hash", async () => {
+        circuit = await wasm_tester(path.join(__dirname, "circuits", "mimc_sponge_hash_test.circom"));
+
+        const w = await circuit.calculateWitness({ins: [1, 2], k: 0});
+
+        const out2 = mimcSponge.multiHash([1,2], 0, 3);
+
+        for (let i=0; i<out2.length; i++) out2[i] = F.toObject(out2[i]);
+
+        await circuit.assertOut(w, {outs: out2});
+
+        await circuit.checkConstraints(w);
+    });
+});

package/circomlib/test/montgomery.js

@@ -0,0 +1,101 @@
+const chai = require("chai");
+const path = require("path");
+const wasm_tester = require("circom_tester").wasm;
+const Scalar = require("ffjavascript").Scalar;
+const buildBabyjub = require("circomlibjs").buildBabyjub;
+
+const assert = chai.assert;
+
+describe("Montgomery test", function () {
+    let babyJub;
+    let Fr;
+    let circuitE2M;
+    let circuitM2E;
+    let circuitMAdd;
+    let circuitMDouble;
+
+    let g;
+
+    let mg, mg2, g2, g3, mg3;
+
+    this.timeout(100000);
+
+
+    before( async() => {
+        babyJub = await buildBabyjub();
+        Fr = babyJub.F;
+        g = [
+            Fr.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+            Fr.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+        ];
+
+        circuitE2M = await wasm_tester(path.join(__dirname, "circuits", "edwards2montgomery.circom"));
+        await circuitE2M.loadSymbols();
+        circuitM2E = await wasm_tester(path.join(__dirname, "circuits", "montgomery2edwards.circom"));
+        await circuitM2E.loadSymbols();
+        circuitMAdd = await wasm_tester(path.join(__dirname, "circuits", "montgomeryadd.circom"));
+        await circuitMAdd.loadSymbols();
+        circuitMDouble = await wasm_tester(path.join(__dirname, "circuits", "montgomerydouble.circom"));
+        await circuitMDouble.loadSymbols();
+    });
+
+    it("Convert Edwards to Montgomery and back again", async () => {
+        let w, xout, yout;
+
+        w = await circuitE2M.calculateWitness({ in: [Fr.toObject(g[0]), Fr.toObject(g[1])]}, true);
+
+        xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+        yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+        mg = [xout, yout];
+
+        w = await circuitM2E.calculateWitness({ in: [xout, yout]}, true);
+
+        xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+        yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+        assert(Fr.eq(Fr.e(xout), g[0]));
+        assert(Fr.eq(Fr.e(yout), g[1]));
+    });
+    it("Should double a point", async () => {
+        let w, xout, yout;
+
+        g2 = babyJub.addPoint(g,g);
+
+        w = await circuitMDouble.calculateWitness({ in: mg}, true);
+
+        xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+        yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+        mg2 = [xout, yout];
+
+        w = await circuitM2E.calculateWitness({ in: mg2}, true);
+
+        xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+        yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+
+        assert(Fr.eq(Fr.e(xout), g2[0]));
+        assert(Fr.eq(Fr.e(yout), g2[1]));
+    });
+    it("Should add a point", async () => {
+        let w, xout, yout;
+
+        g3 = babyJub.addPoint(g,g2);
+
+        w = await circuitMAdd.calculateWitness({ in1: mg, in2: mg2}, true);
+
+        xout = w[circuitMAdd.symbols["main.out[0]"].varIdx];
+        yout = w[circuitMAdd.symbols["main.out[1]"].varIdx];
+
+        mg3 = [xout, yout];
+
+        w = await circuitM2E.calculateWitness({ in: mg3}, true);
+
+        xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+        yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+        assert(Fr.eq(Fr.e(xout), g3[0]));
+        assert(Fr.eq(Fr.e(yout), g3[1]));
+    });
+});

package/circomlib/test/multiplexer.js

@@ -0,0 +1,101 @@
+const path = require("path");
+const wasm_tester = require("circom_tester").wasm;
+const F1Field = require("ffjavascript").F1Field;
+const Scalar = require("ffjavascript").Scalar;
+exports.p = Scalar.fromString("21888242871839275222246405745257275088548364400416034343698204186575808495617");
+const Fr = new F1Field(exports.p);
+
+describe("Mux4 test", function() {
+    this.timeout(100000);
+    it("Should create a constant multiplexer 4", async () => {
+
+        const circuit = await wasm_tester(path.join(__dirname, "circuits", "mux4_1.circom"));
+
+        const ct16 = [
+            Fr.e("123"),
+            Fr.e("456"),
+            Fr.e("789"),
+            Fr.e("012"),
+            Fr.e("111"),
+            Fr.e("222"),
+            Fr.e("333"),
+            Fr.e("4546"),
+            Fr.e("134523"),
+            Fr.e("44356"),
+            Fr.e("15623"),
+            Fr.e("4566"),
+            Fr.e("1223"),
+            Fr.e("4546"),
+            Fr.e("4256"),
+            Fr.e("4456")
+        ];
+
+        for (let i=0; i<16; i++) {
+            const w = await circuit.calculateWitness({ "selector": i }, true);
+
+            await circuit.checkConstraints(w);
+
+            await circuit.assertOut(w, {out: ct16[i]});
+        }
+    });
+
+    it("Should create a constant multiplexer 3", async () => {
+
+        const circuit = await wasm_tester(path.join(__dirname, "circuits", "mux3_1.circom"));
+
+        const ct8 = [
+            Fr.e("37"),
+            Fr.e("47"),
+            Fr.e("53"),
+            Fr.e("71"),
+            Fr.e("89"),
+            Fr.e("107"),
+            Fr.e("163"),
+            Fr.e("191")
+        ];
+
+        for (let i=0; i<8; i++) {
+            const w = await circuit.calculateWitness({ "selector": i }, true);
+
+            await circuit.checkConstraints(w);
+
+            await circuit.assertOut(w, {out: ct8[i]});
+        }
+    });
+    it("Should create a constant multiplexer 2", async () => {
+
+        const circuit = await wasm_tester(path.join(__dirname, "circuits", "mux2_1.circom"));
+
+        const ct4 = [
+            Fr.e("37"),
+            Fr.e("47"),
+            Fr.e("53"),
+            Fr.e("71"),
+        ];
+
+        for (let i=0; i<4; i++) {
+            const w = await circuit.calculateWitness({ "selector": i }, true);
+
+            await circuit.checkConstraints(w);
+
+            await circuit.assertOut(w, {out: ct4[i]});
+        }
+    });
+    it("Should create a constant multiplexer 1", async () => {
+
+        const circuit = await wasm_tester(path.join(__dirname, "circuits", "mux1_1.circom"));
+
+        const ct2 = [
+            Fr.e("37"),
+            Fr.e("47"),
+        ];
+
+        for (let i=0; i<2; i++) {
+            const w = await circuit.calculateWitness({ "selector": i }, true);
+
+            await circuit.checkConstraints(w);
+
+            await circuit.assertOut(w, {out: ct2[i]});
+        }
+    });
+});

package/circomlib/test/pedersen.js

@@ -0,0 +1,83 @@
+const chai = require("chai");
+const path = require("path");
+
+const Scalar = require("ffjavascript").Scalar;
+
+const wasm_tester = require("circom_tester").wasm;
+
+const buildBabyjub = require("circomlibjs").buildBabyjub;
+
+
+describe("Double Pedersen test", function() {
+    let babyJub;
+    let Fr;
+    let PBASE;
+    let circuit;
+    this.timeout(100000);
+    before( async() => {
+        babyJub = await buildBabyjub();
+        Fr = babyJub.F;
+        PBASE =
+        [
+            [Fr.e("10457101036533406547632367118273992217979173478358440826365724437999023779287"),Fr.e("19824078218392094440610104313265183977899662750282163392862422243483260492317")],
+            [Fr.e("2671756056509184035029146175565761955751135805354291559563293617232983272177"),Fr.e("2663205510731142763556352975002641716101654201788071096152948830924149045094")],
+            [Fr.e("5802099305472655231388284418920769829666717045250560929368476121199858275951"),Fr.e("5980429700218124965372158798884772646841287887664001482443826541541529227896")],
+            [Fr.e("7107336197374528537877327281242680114152313102022415488494307685842428166594"),Fr.e("2857869773864086953506483169737724679646433914307247183624878062391496185654")],
+            [Fr.e("20265828622013100949498132415626198973119240347465898028410217039057588424236"),Fr.e("1160461593266035632937973507065134938065359936056410650153315956301179689506")]
+        ];
+        circuit = await wasm_tester(path.join(__dirname, "circuits", "pedersen_test.circom"));
+
+    });
+
+    it("Should pedersen at zero", async () => {
+
+        let w;
+
+        w = await circuit.calculateWitness({ in: ["0", "0"]}, true);
+
+        await circuit.assertOut(w, {out: [0,1]});
+
+    });
+    it("Should pedersen at one first generator", async () => {
+        let w;
+
+        w = await circuit.calculateWitness({ in: ["1", "0"]}, true);
+
+        await circuit.assertOut(w, {out: [Fr.toObject(PBASE[0][0]), Fr.toObject(PBASE[0][1])]});
+
+    });
+    it("Should pedersen at one second generator", async () => {
+        let w;
+
+        w = await circuit.calculateWitness({ in: ["0", "1"]}, true);
+
+        await circuit.assertOut(w, {out: [Fr.toObject(PBASE[1][0]), Fr.toObject(PBASE[1][1])]});
+
+    });
+    it("Should pedersen at mixed generators", async () => {
+        let w;
+        w = await circuit.calculateWitness({ in: ["3", "7"]}, true);
+
+        const r = babyJub.addPoint(
+            babyJub.mulPointEscalar(PBASE[0], 3),
+            babyJub.mulPointEscalar(PBASE[1], 7)
+        );
+
+        await circuit.assertOut(w, {out: [Fr.toObject(r[0]), Fr.toObject(r[1])]});
+
+    });
+    it("Should pedersen all ones", async () => {
+        let w;
+
+        const allOnes = Scalar.sub(Scalar.shl(Scalar.e(1), 250), Scalar.e(1));
+        w = await circuit.calculateWitness({ in: [allOnes, allOnes]}, true);
+
+
+        const r2 = babyJub.addPoint(
+            babyJub.mulPointEscalar(PBASE[0], allOnes),
+            babyJub.mulPointEscalar(PBASE[1], allOnes)
+        );
+
+        await circuit.assertOut(w, {out: [Fr.toObject(r2[0]), Fr.toObject(r2[1])]});
+    });
+});