Merge pull request #4 from crema-labs/feat/tbox

feat: add tbox
crema-labs · Aug 3, 2024 · 00fb36e · 00fb36e
2 parents ab8039c + c581e68
commit 00fb36e
Show file tree

Hide file tree

Showing 11 changed files with 93 additions and 53 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -19,9 +19,9 @@ jobs:
             nasm \
             nlohmann-json3-dev
 
-      - name: Download Circom Binary v2.1.5\8
+      - name: Download Circom Binary v2.1.9
         run: |
-          wget -qO /home/runner/work/circom https://github.com/iden3/circom/releases/download/v2.1.8/circom-linux-amd64
+          wget -qO /home/runner/work/circom https://github.com/iden3/circom/releases/download/v2.1.9/circom-linux-amd64
           chmod +x /home/runner/work/circom
           sudo mv /home/runner/work/circom /bin/circom
 

diff --git a/circomkit.json b/circomkit.json
@@ -1,5 +1,5 @@
 {
-  "version": "2.1.8",
+  "version": "2.1.9",
   "proofSystem": "groth16",
   "curve": "bn128"
 }
diff --git a/circuits/cipher.circom b/circuits/cipher.circom
@@ -1,4 +1,4 @@
-pragma circom 2.1.8;
+pragma circom 2.1.9;
 
 include "key_expansion.circom";
 include "circomlib/circuits/comparators.circom";

diff --git a/circuits/ctr.circom b/circuits/ctr.circom
@@ -1,4 +1,4 @@
-pragma circom 2.1.8;
+pragma circom 2.1.9;
 
 include "cipher.circom";
 include "transformations.circom";

diff --git a/circuits/key_expansion.circom b/circuits/key_expansion.circom
@@ -1,4 +1,4 @@
-pragma circom 2.1.8;
+pragma circom 2.1.9;
 
 include "sbox128.circom";
 include "utils.circom";

diff --git a/circuits/mix_columns.circom b/circuits/mix_columns.circom
@@ -1,10 +1,10 @@
-pragma circom 2.1.8;
+pragma circom 2.1.9;
 
 include "transformations.circom";
 include "circomlib/circuits/comparators.circom";
 include "circomlib/circuits/bitify.circom";
 include "circomlib/circuits/gates.circom";
-
+include "tbox.circom";
 
 // MixColumns: Applies the equation for each column:
 // [s'0,c]   [2 3 1 1][s0,c]
@@ -49,20 +49,20 @@ template S0(){
     component num2bits[4];
     component xor[3];
 
-    for (var i = 0; i < 4; i++) {
+    for (var i = 2; i < 4; i++) {
         num2bits[i] = Num2Bits(8);
         num2bits[i].in <== in[i];
     }
 
-    component mul = XTimes2();
-    mul.in <== num2bits[0].out;
+    num2bits[0] = Num2Bits(8);
+    num2bits[0].in <-- TBox(0, in[0]);
 
-    component mul2 = XTimes(3);
-    mul2.in <== num2bits[1].out;
+    num2bits[1] = Num2Bits(8);
+    num2bits[1].in <-- TBox(1, in[1]);
 
     xor[0] = XorBits();
-    xor[0].a <== mul.out;
-    xor[0].b <== mul2.out;
+    xor[0].a <== num2bits[0].out;
+    xor[0].b <== num2bits[1].out;
 
     xor[1] = XorBits();
     xor[1].a <== xor[0].out;
@@ -88,24 +88,25 @@ template S1(){
     component num2bits[4];
     component xor[3];
 
-    for (var i = 0; i < 4; i++) {
-        num2bits[i] = Num2Bits(8);
-        num2bits[i].in <== in[i];
-    }
+    num2bits[0] = Num2Bits(8);
+    num2bits[0].in <== in[0];
+
+    num2bits[1] = Num2Bits(8);
+    num2bits[1].in <-- TBox(0, in[1]);
 
-    component mul = XTimes2();
-    mul.in <== num2bits[1].out;
+    num2bits[2] = Num2Bits(8);
+    num2bits[2].in <-- TBox(1, in[2]);
 
-    component mul2 = XTimes(3);
-    mul2.in <== num2bits[2].out;
+    num2bits[3] = Num2Bits(8);
+    num2bits[3].in <== in[3];
 
     xor[0] = XorBits();
     xor[0].a <== num2bits[0].out;
-    xor[0].b <== mul.out;
+    xor[0].b <== num2bits[1].out;
 
     xor[1] = XorBits();
     xor[1].a <== xor[0].out;
-    xor[1].b <== mul2.out;
+    xor[1].b <== num2bits[2].out;
 
     xor[2] = XorBits();
     xor[2].a <== xor[1].out;
@@ -127,28 +128,28 @@ template S2() {
     component num2bits[4];
     component xor[3];
 
-    for (var i = 0; i < 4; i++) {
+    for (var i = 0; i < 2; i++) {
         num2bits[i] = Num2Bits(8);
         num2bits[i].in <== in[i];
     }
 
+    num2bits[2] = Num2Bits(8);
+    num2bits[2].in <-- TBox(0, in[2]);
+
+    num2bits[3] = Num2Bits(8);
+    num2bits[3].in <-- TBox(1, in[3]);
+
     xor[0] = XorBits();
     xor[0].a <== num2bits[0].out;
     xor[0].b <== num2bits[1].out;
 
-    component mul2 = XTimes2();
-    mul2.in <== num2bits[2].out;
-
-    component mul = XTimes(3);
-    mul.in <== num2bits[3].out;
-
     xor[1] = XorBits();
     xor[1].a <== xor[0].out;
-    xor[1].b <== mul2.out;
+    xor[1].b <== num2bits[2].out;
 
     xor[2] = XorBits();
     xor[2].a <== xor[1].out;
-    xor[2].b <== mul.out;
+    xor[2].b <== num2bits[3].out;
 
     component b2n = Bits2Num(8);
     for (var i = 0; i < 8; i++) {
@@ -166,27 +167,27 @@ template S3() {
     component num2bits[4];
     component xor[3];
 
-    for (var i = 0; i < 4; i++) {
+    for (var i = 1; i < 3; i++) {
         num2bits[i] = Num2Bits(8);
         num2bits[i].in <== in[i];
     }
 
-    component mul3 = XTimes(3);
-    mul3.in <== num2bits[0].out;
+    num2bits[0] = Num2Bits(8);
+    num2bits[0].in <-- TBox(1, in[0]);
+
+    num2bits[3] = Num2Bits(8);
+    num2bits[3].in <-- TBox(0, in[3]);
 
     xor[0] = XorBits();
-    xor[0].a <== mul3.out;
+    xor[0].a <== num2bits[0].out;
     xor[0].b <== num2bits[1].out;
 
     xor[1] = XorBits();
     xor[1].a <== xor[0].out;
     xor[1].b <== num2bits[2].out;
 
-    component mul2 = XTimes2();
-    mul2.in <== num2bits[3].out;
-
     xor[2] = XorBits();
-    xor[2].a <== mul2.out;
+    xor[2].a <-- num2bits[3].out;
     xor[2].b <== xor[1].out;
 
     component b2n = Bits2Num(8);

diff --git a/circuits/sbox128.circom b/circuits/sbox128.circom
@@ -1,4 +1,4 @@
-pragma circom 2.1.8;
+pragma circom 2.1.9;
 
 include "circomlib/circuits/comparators.circom";
 

diff --git a/circuits/tbox.circom b/circuits/tbox.circom
@@ -0,0 +1,38 @@
+pragma circom 2.1.9;
+
+include "transformations.circom";
+include "circomlib/circuits/bitify.circom";
+
+//tbox[0] =>> multiplication by 2
+//tbox[1] =>> multiplication by 3
+function TBox(index, subbyte) {
+    var tbox[2][256] = [
+        [
+            0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60,
+            62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114,
+            116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160,
+            162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192, 194, 196, 198, 200, 202, 204, 206,
+            208, 210, 212, 214, 216, 218, 220, 222, 224, 226, 228, 230, 232, 234, 236, 238, 240, 242, 244, 246, 248, 250, 252,
+            254, 27, 25, 31, 29, 19, 17, 23, 21, 11, 9, 15, 13, 3, 1, 7, 5, 59, 57, 63, 61, 51, 49, 55, 53, 43, 41, 47, 45, 35,
+            33, 39, 37, 91, 89, 95, 93, 83, 81, 87, 85, 75, 73, 79, 77, 67, 65, 71, 69, 123, 121, 127, 125, 115, 113, 119, 117,
+            107, 105, 111, 109, 99, 97, 103, 101, 155, 153, 159, 157, 147, 145, 151, 149, 139, 137, 143, 141, 131, 129, 135, 133,
+            187, 185, 191, 189, 179, 177, 183, 181, 171, 169, 175, 173, 163, 161, 167, 165, 219, 217, 223, 221, 211, 209, 215,
+            213, 203, 201, 207, 205, 195, 193, 199, 197, 251, 249, 255, 253, 243, 241, 247, 245, 235, 233, 239, 237, 227, 225,
+            231, 229
+        ],
+        [
+            0, 3, 6, 5, 12, 15, 10, 9, 24, 27, 30, 29, 20, 23, 18, 17, 48, 51, 54, 53, 60, 63, 58, 57, 40, 43, 46, 45, 36, 39, 34,
+            33, 96, 99, 102, 101, 108, 111, 106, 105, 120, 123, 126, 125, 116, 119, 114, 113, 80, 83, 86, 85, 92, 95, 90, 89, 72,
+            75, 78, 77, 68, 71, 66, 65, 192, 195, 198, 197, 204, 207, 202, 201, 216, 219, 222, 221, 212, 215, 210, 209, 240, 243,
+            246, 245, 252, 255, 250, 249, 232, 235, 238, 237, 228, 231, 226, 225, 160, 163, 166, 165, 172, 175, 170, 169, 184,
+            187, 190, 189, 180, 183, 178, 177, 144, 147, 150, 149, 156, 159, 154, 153, 136, 139, 142, 141, 132, 135, 130, 129,
+            155, 152, 157, 158, 151, 148, 145, 146, 131, 128, 133, 134, 143, 140, 137, 138, 171, 168, 173, 174, 167, 164, 161,
+            162, 179, 176, 181, 182, 191, 188, 185, 186, 251, 248, 253, 254, 247, 244, 241, 242, 227, 224, 229, 230, 239, 236,
+            233, 234, 203, 200, 205, 206, 199, 196, 193, 194, 211, 208, 213, 214, 223, 220, 217, 218, 91, 88, 93, 94, 87, 84, 81,
+            82, 67, 64, 69, 70, 79, 76, 73, 74, 107, 104, 109, 110, 103, 100, 97, 98, 115, 112, 117, 118, 127, 124, 121, 122, 59,
+            56, 61, 62, 55, 52, 49, 50, 35, 32, 37, 38, 47, 44, 41, 42, 11, 8, 13, 14, 7, 4, 1, 2, 19, 16, 21, 22, 31, 28, 25, 26
+        ]
+    ];
+
+    return tbox[index][subbyte];
+}
diff --git a/circuits/transformations.circom b/circuits/transformations.circom
@@ -1,8 +1,9 @@
-pragma circom 2.1.8;
+pragma circom 2.1.9;
 
 include "circomlib/circuits/comparators.circom";
 include "circomlib/circuits/bitify.circom";
 include "circomlib/circuits/gates.circom";
+include "utils.circom";
 
 // ShiftRows: Performs circular left shift on each row
 // 0, 1, 2, 3 shifts for rows 0, 1, 2, 3 respectively

diff --git a/circuits/utils.circom b/circuits/utils.circom
@@ -1,4 +1,4 @@
-pragma circom 2.1.8;
+pragma circom 2.1.9;
 
 include "sbox128.circom";
 include "circomlib/circuits/comparators.circom";

diff --git a/tests/ctr.test.ts b/tests/ctr.test.ts
@@ -10,7 +10,7 @@ describe("ToBlocks", () => {
       template: "ToBlocks",
       params: [16],
     });
-    console.log("@ToBLocks #constraints:", await circuit.getConstraintCount());
+    console.log("@ToBlocks #constraints:", await circuit.getConstraintCount());
 
     await circuit.expectPass(
       {
@@ -34,7 +34,7 @@ describe("ToBlocks", () => {
       template: "ToBlocks",
       params: [15],
     });
-    console.log("@ToBLocks #constraints:", await circuit.getConstraintCount());
+    console.log("@EncryptCTR #constraints:", await circuit.getConstraintCount());
 
     await circuit.expectPass(
       {
@@ -156,19 +156,19 @@ describe("EncryptCTR", () => {
       {
         plainText: [
           0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d,
-          0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
-          0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
-          0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
+          0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46,
+          0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f,
+          0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
         ],
         iv: [0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff],
         key: [0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c],
       },
       {
         cipher: [
           0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, 0x98, 0x06,
-          0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff,
-          0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e, 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab,
-          0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1, 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee,
+          0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff, 0x5a, 0xe4, 0xdf, 0x3e,
+          0xdb, 0xd5, 0xd3, 0x5e, 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab, 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe,
+          0x03, 0xd1, 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee,
         ],
       }
     );