From ebf840d17aaed2250d6cf8c42500bd8c60bdf997 Mon Sep 17 00:00:00 2001 From: ayman Date: Wed, 31 Jul 2024 08:31:43 +0530 Subject: [PATCH 1/5] feat: add tbox --- circuits/mix_columns.circom | 71 +++++++++++++++++---------------- circuits/tbox.circom | 38 ++++++++++++++++++ circuits/transformations.circom | 1 + tests/tbox.test.ts | 15 +++++++ 4 files changed, 90 insertions(+), 35 deletions(-) create mode 100644 circuits/tbox.circom create mode 100644 tests/tbox.test.ts diff --git a/circuits/mix_columns.circom b/circuits/mix_columns.circom index 817103a..5e81db8 100644 --- a/circuits/mix_columns.circom +++ b/circuits/mix_columns.circom @@ -4,7 +4,7 @@ include "transformations.circom"; include "circomlib/circuits/comparators.circom"; include "circomlib/circuits/bitify.circom"; include "circomlib/circuits/gates.circom"; - +include "tbox.circom"; // MixColumns: Applies the equation for each column: // [s'0,c] [2 3 1 1][s0,c] @@ -49,20 +49,20 @@ template S0(){ component num2bits[4]; component xor[3]; - for (var i = 0; i < 4; i++) { + for (var i = 2; i < 4; i++) { num2bits[i] = Num2Bits(8); num2bits[i].in <== in[i]; } - component mul = XTimes2(); - mul.in <== num2bits[0].out; + num2bits[0] = Num2Bits(8); + num2bits[0].in <-- TBox(2, in[0]); - component mul2 = XTimes(3); - mul2.in <== num2bits[1].out; + num2bits[1] = Num2Bits(8); + num2bits[1].in <-- TBox(3, in[1]); xor[0] = XorBits(); - xor[0].a <== mul.out; - xor[0].b <== mul2.out; + xor[0].a <== num2bits[0].out; + xor[0].b <== num2bits[1].out; xor[1] = XorBits(); xor[1].a <== xor[0].out; @@ -88,24 +88,25 @@ template S1(){ component num2bits[4]; component xor[3]; - for (var i = 0; i < 4; i++) { - num2bits[i] = Num2Bits(8); - num2bits[i].in <== in[i]; - } + num2bits[0] = Num2Bits(8); + num2bits[0].in <== in[0]; + + num2bits[1] = Num2Bits(8); + num2bits[1].in <-- TBox(2, in[1]); - component mul = XTimes2(); - mul.in <== num2bits[1].out; + num2bits[2] = Num2Bits(8); + num2bits[2].in <-- TBox(3, in[2]); - component mul2 = XTimes(3); - mul2.in <== num2bits[2].out; + num2bits[3] = Num2Bits(8); + num2bits[3].in <== in[3]; xor[0] = XorBits(); xor[0].a <== num2bits[0].out; - xor[0].b <== mul.out; + xor[0].b <== num2bits[1].out; xor[1] = XorBits(); xor[1].a <== xor[0].out; - xor[1].b <== mul2.out; + xor[1].b <== num2bits[2].out; xor[2] = XorBits(); xor[2].a <== xor[1].out; @@ -127,28 +128,28 @@ template S2() { component num2bits[4]; component xor[3]; - for (var i = 0; i < 4; i++) { + for (var i = 0; i < 2; i++) { num2bits[i] = Num2Bits(8); num2bits[i].in <== in[i]; } + num2bits[2] = Num2Bits(8); + num2bits[2].in <-- TBox(2, in[2]); + + num2bits[3] = Num2Bits(8); + num2bits[3].in <-- TBox(3, in[3]); + xor[0] = XorBits(); xor[0].a <== num2bits[0].out; xor[0].b <== num2bits[1].out; - component mul2 = XTimes2(); - mul2.in <== num2bits[2].out; - - component mul = XTimes(3); - mul.in <== num2bits[3].out; - xor[1] = XorBits(); xor[1].a <== xor[0].out; - xor[1].b <== mul2.out; + xor[1].b <== num2bits[2].out; xor[2] = XorBits(); xor[2].a <== xor[1].out; - xor[2].b <== mul.out; + xor[2].b <== num2bits[3].out; component b2n = Bits2Num(8); for (var i = 0; i < 8; i++) { @@ -166,27 +167,27 @@ template S3() { component num2bits[4]; component xor[3]; - for (var i = 0; i < 4; i++) { + for (var i = 1; i < 3; i++) { num2bits[i] = Num2Bits(8); num2bits[i].in <== in[i]; } - component mul3 = XTimes(3); - mul3.in <== num2bits[0].out; + num2bits[0] = Num2Bits(8); + num2bits[0].in <-- TBox(3, in[0]); + + num2bits[3] = Num2Bits(8); + num2bits[3].in <-- TBox(2, in[3]); xor[0] = XorBits(); - xor[0].a <== mul3.out; + xor[0].a <== num2bits[0].out; xor[0].b <== num2bits[1].out; xor[1] = XorBits(); xor[1].a <== xor[0].out; xor[1].b <== num2bits[2].out; - component mul2 = XTimes2(); - mul2.in <== num2bits[3].out; - xor[2] = XorBits(); - xor[2].a <== mul2.out; + xor[2].a <-- num2bits[3].out; xor[2].b <== xor[1].out; component b2n = Bits2Num(8); diff --git a/circuits/tbox.circom b/circuits/tbox.circom new file mode 100644 index 0000000..a2bc12c --- /dev/null +++ b/circuits/tbox.circom @@ -0,0 +1,38 @@ +pragma circom 2.1.8; + +include "transformations.circom"; +include "circomlib/circuits/bitify.circom"; + +//tbox[0] =>> multiplication by 2 +//tbox[1] =>> multiplication by 3 +function TBox(index, subbyte) { + var tbox[2][16*16] = [ + [ + 0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, + 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, + 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, + 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192, 194, 196, 198, 200, 202, 204, 206, + 208, 210, 212, 214, 216, 218, 220, 222, 224, 226, 228, 230, 232, 234, 236, 238, 240, 242, 244, 246, 248, 250, 252, + 254, 27, 25, 31, 29, 19, 17, 23, 21, 11, 9, 15, 13, 3, 1, 7, 5, 59, 57, 63, 61, 51, 49, 55, 53, 43, 41, 47, 45, 35, + 33, 39, 37, 91, 89, 95, 93, 83, 81, 87, 85, 75, 73, 79, 77, 67, 65, 71, 69, 123, 121, 127, 125, 115, 113, 119, 117, + 107, 105, 111, 109, 99, 97, 103, 101, 155, 153, 159, 157, 147, 145, 151, 149, 139, 137, 143, 141, 131, 129, 135, 133, + 187, 185, 191, 189, 179, 177, 183, 181, 171, 169, 175, 173, 163, 161, 167, 165, 219, 217, 223, 221, 211, 209, 215, + 213, 203, 201, 207, 205, 195, 193, 199, 197, 251, 249, 255, 253, 243, 241, 247, 245, 235, 233, 239, 237, 227, 225, + 231, 229 + ], + [ + 0, 3, 6, 5, 12, 15, 10, 9, 24, 27, 30, 29, 20, 23, 18, 17, 48, 51, 54, 53, 60, 63, 58, 57, 40, 43, 46, 45, 36, 39, 34, + 33, 96, 99, 102, 101, 108, 111, 106, 105, 120, 123, 126, 125, 116, 119, 114, 113, 80, 83, 86, 85, 92, 95, 90, 89, 72, + 75, 78, 77, 68, 71, 66, 65, 192, 195, 198, 197, 204, 207, 202, 201, 216, 219, 222, 221, 212, 215, 210, 209, 240, 243, + 246, 245, 252, 255, 250, 249, 232, 235, 238, 237, 228, 231, 226, 225, 160, 163, 166, 165, 172, 175, 170, 169, 184, + 187, 190, 189, 180, 183, 178, 177, 144, 147, 150, 149, 156, 159, 154, 153, 136, 139, 142, 141, 132, 135, 130, 129, + 155, 152, 157, 158, 151, 148, 145, 146, 131, 128, 133, 134, 143, 140, 137, 138, 171, 168, 173, 174, 167, 164, 161, + 162, 179, 176, 181, 182, 191, 188, 185, 186, 251, 248, 253, 254, 247, 244, 241, 242, 227, 224, 229, 230, 239, 236, + 233, 234, 203, 200, 205, 206, 199, 196, 193, 194, 211, 208, 213, 214, 223, 220, 217, 218, 91, 88, 93, 94, 87, 84, 81, + 82, 67, 64, 69, 70, 79, 76, 73, 74, 107, 104, 109, 110, 103, 100, 97, 98, 115, 112, 117, 118, 127, 124, 121, 122, 59, + 56, 61, 62, 55, 52, 49, 50, 35, 32, 37, 38, 47, 44, 41, 42, 11, 8, 13, 14, 7, 4, 1, 2, 19, 16, 21, 22, 31, 28, 25, 26 + ] + ]; + + return tbox[index][subbyte]; +} \ No newline at end of file diff --git a/circuits/transformations.circom b/circuits/transformations.circom index 83625bf..f3b83e9 100644 --- a/circuits/transformations.circom +++ b/circuits/transformations.circom @@ -3,6 +3,7 @@ pragma circom 2.1.8; include "circomlib/circuits/comparators.circom"; include "circomlib/circuits/bitify.circom"; include "circomlib/circuits/gates.circom"; +include "utils.circom"; // ShiftRows: Performs circular left shift on each row // 0, 1, 2, 3 shifts for rows 0, 1, 2, 3 respectively diff --git a/tests/tbox.test.ts b/tests/tbox.test.ts new file mode 100644 index 0000000..6800ef3 --- /dev/null +++ b/tests/tbox.test.ts @@ -0,0 +1,15 @@ +// import { WitnessTester } from "circomkit"; +// import { circomkit } from "./common"; + +// describe.only("TBox", () => { +// let circuit: WitnessTester; + +// it("should compute correctly", async () => { +// circuit = await circomkit.WitnessTester(`TBox`, { +// file: "tbox", +// template: "TBox", +// params: [0, 3], +// }); +// console.log("#constraints:", await circuit.getConstraintCount()); +// }); +// }); From 190342416b34e58b219f69e5e41abf2156f950ce Mon Sep 17 00:00:00 2001 From: yash1io Date: Sat, 3 Aug 2024 15:45:47 +0530 Subject: [PATCH 2/5] test:workflow --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 511d0ff..4a4a27d 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -19,9 +19,9 @@ jobs: nasm \ nlohmann-json3-dev - - name: Download Circom Binary v2.1.5\8 + - name: Download Circom Binary v2.1.9 run: | - wget -qO /home/runner/work/circom https://github.com/iden3/circom/releases/download/v2.1.8/circom-linux-amd64 + wget -qO /home/runner/work/circom https://github.com/iden3/circom/releases/download/v2.1.9/circom-linux-amd64 chmod +x /home/runner/work/circom sudo mv /home/runner/work/circom /bin/circom From fceeb027b8ae8f1a78a7407f044df7056c91ba44 Mon Sep 17 00:00:00 2001 From: yash1io Date: Sat, 3 Aug 2024 17:32:35 +0530 Subject: [PATCH 3/5] bump version and fix tbox --- circomkit.json | 2 +- circuits/cipher.circom | 2 +- circuits/ctr.circom | 2 +- circuits/key_expansion.circom | 2 +- circuits/mix_columns.circom | 18 +++++++++--------- circuits/sbox128.circom | 2 +- circuits/tbox.circom | 4 ++-- circuits/transformations.circom | 2 +- circuits/utils.circom | 2 +- tests/tbox.test.ts | 15 --------------- 10 files changed, 18 insertions(+), 33 deletions(-) delete mode 100644 tests/tbox.test.ts diff --git a/circomkit.json b/circomkit.json index cd5fed7..bdc8e25 100644 --- a/circomkit.json +++ b/circomkit.json @@ -1,5 +1,5 @@ { - "version": "2.1.8", + "version": "2.1.9", "proofSystem": "groth16", "curve": "bn128" } diff --git a/circuits/cipher.circom b/circuits/cipher.circom index 50b806f..ee8a9c1 100644 --- a/circuits/cipher.circom +++ b/circuits/cipher.circom @@ -1,4 +1,4 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "key_expansion.circom"; include "circomlib/circuits/comparators.circom"; diff --git a/circuits/ctr.circom b/circuits/ctr.circom index 696d295..c388d99 100644 --- a/circuits/ctr.circom +++ b/circuits/ctr.circom @@ -1,4 +1,4 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "cipher.circom"; include "transformations.circom"; diff --git a/circuits/key_expansion.circom b/circuits/key_expansion.circom index 5686474..81c8c14 100644 --- a/circuits/key_expansion.circom +++ b/circuits/key_expansion.circom @@ -1,4 +1,4 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "sbox128.circom"; include "utils.circom"; diff --git a/circuits/mix_columns.circom b/circuits/mix_columns.circom index 5e81db8..ec8ff70 100644 --- a/circuits/mix_columns.circom +++ b/circuits/mix_columns.circom @@ -1,4 +1,4 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "transformations.circom"; include "circomlib/circuits/comparators.circom"; @@ -55,10 +55,10 @@ template S0(){ } num2bits[0] = Num2Bits(8); - num2bits[0].in <-- TBox(2, in[0]); + num2bits[0].in <-- TBox(0, in[0]); num2bits[1] = Num2Bits(8); - num2bits[1].in <-- TBox(3, in[1]); + num2bits[1].in <-- TBox(1, in[1]); xor[0] = XorBits(); xor[0].a <== num2bits[0].out; @@ -92,10 +92,10 @@ template S1(){ num2bits[0].in <== in[0]; num2bits[1] = Num2Bits(8); - num2bits[1].in <-- TBox(2, in[1]); + num2bits[1].in <-- TBox(0, in[1]); num2bits[2] = Num2Bits(8); - num2bits[2].in <-- TBox(3, in[2]); + num2bits[2].in <-- TBox(1, in[2]); num2bits[3] = Num2Bits(8); num2bits[3].in <== in[3]; @@ -134,10 +134,10 @@ template S2() { } num2bits[2] = Num2Bits(8); - num2bits[2].in <-- TBox(2, in[2]); + num2bits[2].in <-- TBox(0, in[2]); num2bits[3] = Num2Bits(8); - num2bits[3].in <-- TBox(3, in[3]); + num2bits[3].in <-- TBox(1, in[3]); xor[0] = XorBits(); xor[0].a <== num2bits[0].out; @@ -173,10 +173,10 @@ template S3() { } num2bits[0] = Num2Bits(8); - num2bits[0].in <-- TBox(3, in[0]); + num2bits[0].in <-- TBox(1, in[0]); num2bits[3] = Num2Bits(8); - num2bits[3].in <-- TBox(2, in[3]); + num2bits[3].in <-- TBox(0, in[3]); xor[0] = XorBits(); xor[0].a <== num2bits[0].out; diff --git a/circuits/sbox128.circom b/circuits/sbox128.circom index b1dba34..c949f0e 100644 --- a/circuits/sbox128.circom +++ b/circuits/sbox128.circom @@ -1,4 +1,4 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "circomlib/circuits/comparators.circom"; diff --git a/circuits/tbox.circom b/circuits/tbox.circom index a2bc12c..976fbea 100644 --- a/circuits/tbox.circom +++ b/circuits/tbox.circom @@ -1,4 +1,4 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "transformations.circom"; include "circomlib/circuits/bitify.circom"; @@ -6,7 +6,7 @@ include "circomlib/circuits/bitify.circom"; //tbox[0] =>> multiplication by 2 //tbox[1] =>> multiplication by 3 function TBox(index, subbyte) { - var tbox[2][16*16] = [ + var tbox[2][256] = [ [ 0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, diff --git a/circuits/transformations.circom b/circuits/transformations.circom index f3b83e9..3120e52 100644 --- a/circuits/transformations.circom +++ b/circuits/transformations.circom @@ -1,4 +1,4 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "circomlib/circuits/comparators.circom"; include "circomlib/circuits/bitify.circom"; diff --git a/circuits/utils.circom b/circuits/utils.circom index 26a4ea3..d9b6bea 100644 --- a/circuits/utils.circom +++ b/circuits/utils.circom @@ -1,4 +1,4 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "sbox128.circom"; include "circomlib/circuits/comparators.circom"; diff --git a/tests/tbox.test.ts b/tests/tbox.test.ts deleted file mode 100644 index 6800ef3..0000000 --- a/tests/tbox.test.ts +++ /dev/null @@ -1,15 +0,0 @@ -// import { WitnessTester } from "circomkit"; -// import { circomkit } from "./common"; - -// describe.only("TBox", () => { -// let circuit: WitnessTester; - -// it("should compute correctly", async () => { -// circuit = await circomkit.WitnessTester(`TBox`, { -// file: "tbox", -// template: "TBox", -// params: [0, 3], -// }); -// console.log("#constraints:", await circuit.getConstraintCount()); -// }); -// }); From e6fcfaceddffa190aa099e5407963bd347f5b3d4 Mon Sep 17 00:00:00 2001 From: yash1io Date: Sat, 3 Aug 2024 17:40:50 +0530 Subject: [PATCH 4/5] fix test desc --- tests/ctr.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ctr.test.ts b/tests/ctr.test.ts index 20a671a..9d0ec43 100644 --- a/tests/ctr.test.ts +++ b/tests/ctr.test.ts @@ -34,7 +34,7 @@ describe("ToBlocks", () => { template: "ToBlocks", params: [15], }); - console.log("@ToBLocks #constraints:", await circuit.getConstraintCount()); + console.log("@EncryptCTR #constraints:", await circuit.getConstraintCount()); await circuit.expectPass( { From c581e68b49c2448b7ef5a5bf42db14e02e38917f Mon Sep 17 00:00:00 2001 From: yash1io Date: Sat, 3 Aug 2024 17:48:19 +0530 Subject: [PATCH 5/5] fix test desc --- tests/ctr.test.ts | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/ctr.test.ts b/tests/ctr.test.ts index 9d0ec43..0b83b4e 100644 --- a/tests/ctr.test.ts +++ b/tests/ctr.test.ts @@ -10,7 +10,7 @@ describe("ToBlocks", () => { template: "ToBlocks", params: [16], }); - console.log("@ToBLocks #constraints:", await circuit.getConstraintCount()); + console.log("@ToBlocks #constraints:", await circuit.getConstraintCount()); await circuit.expectPass( { @@ -156,9 +156,9 @@ describe("EncryptCTR", () => { { plainText: [ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, - 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, - 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, - 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10, + 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46, + 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, + 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10, ], iv: [0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff], key: [0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c], @@ -166,9 +166,9 @@ describe("EncryptCTR", () => { { cipher: [ 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, 0x98, 0x06, - 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff, - 0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e, 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab, - 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1, 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee, + 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff, 0x5a, 0xe4, 0xdf, 0x3e, + 0xdb, 0xd5, 0xd3, 0x5e, 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab, 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, + 0x03, 0xd1, 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee, ], } );