feat: add tbox

crema-labs · Jul 31, 2024 · ebf840d · ebf840d
1 parent 6269088
commit ebf840d
Show file tree

Hide file tree

Showing 4 changed files with 90 additions and 35 deletions.
diff --git a/circuits/mix_columns.circom b/circuits/mix_columns.circom
@@ -4,7 +4,7 @@ include "transformations.circom";
 include "circomlib/circuits/comparators.circom";
 include "circomlib/circuits/bitify.circom";
 include "circomlib/circuits/gates.circom";
-
+include "tbox.circom";
 
 // MixColumns: Applies the equation for each column:
 // [s'0,c]   [2 3 1 1][s0,c]
@@ -49,20 +49,20 @@ template S0(){
     component num2bits[4];
     component xor[3];
 
-    for (var i = 0; i < 4; i++) {
+    for (var i = 2; i < 4; i++) {
         num2bits[i] = Num2Bits(8);
         num2bits[i].in <== in[i];
     }
 
-    component mul = XTimes2();
-    mul.in <== num2bits[0].out;
+    num2bits[0] = Num2Bits(8);
+    num2bits[0].in <-- TBox(2, in[0]);
 
-    component mul2 = XTimes(3);
-    mul2.in <== num2bits[1].out;
+    num2bits[1] = Num2Bits(8);
+    num2bits[1].in <-- TBox(3, in[1]);
 
     xor[0] = XorBits();
-    xor[0].a <== mul.out;
-    xor[0].b <== mul2.out;
+    xor[0].a <== num2bits[0].out;
+    xor[0].b <== num2bits[1].out;
 
     xor[1] = XorBits();
     xor[1].a <== xor[0].out;
@@ -88,24 +88,25 @@ template S1(){
     component num2bits[4];
     component xor[3];
 
-    for (var i = 0; i < 4; i++) {
-        num2bits[i] = Num2Bits(8);
-        num2bits[i].in <== in[i];
-    }
+    num2bits[0] = Num2Bits(8);
+    num2bits[0].in <== in[0];
+
+    num2bits[1] = Num2Bits(8);
+    num2bits[1].in <-- TBox(2, in[1]);
 
-    component mul = XTimes2();
-    mul.in <== num2bits[1].out;
+    num2bits[2] = Num2Bits(8);
+    num2bits[2].in <-- TBox(3, in[2]);
 
-    component mul2 = XTimes(3);
-    mul2.in <== num2bits[2].out;
+    num2bits[3] = Num2Bits(8);
+    num2bits[3].in <== in[3];
 
     xor[0] = XorBits();
     xor[0].a <== num2bits[0].out;
-    xor[0].b <== mul.out;
+    xor[0].b <== num2bits[1].out;
 
     xor[1] = XorBits();
     xor[1].a <== xor[0].out;
-    xor[1].b <== mul2.out;
+    xor[1].b <== num2bits[2].out;
 
     xor[2] = XorBits();
     xor[2].a <== xor[1].out;
@@ -127,28 +128,28 @@ template S2() {
     component num2bits[4];
     component xor[3];
 
-    for (var i = 0; i < 4; i++) {
+    for (var i = 0; i < 2; i++) {
         num2bits[i] = Num2Bits(8);
         num2bits[i].in <== in[i];
     }
 
+    num2bits[2] = Num2Bits(8);
+    num2bits[2].in <-- TBox(2, in[2]);
+
+    num2bits[3] = Num2Bits(8);
+    num2bits[3].in <-- TBox(3, in[3]);
+
     xor[0] = XorBits();
     xor[0].a <== num2bits[0].out;
     xor[0].b <== num2bits[1].out;
 
-    component mul2 = XTimes2();
-    mul2.in <== num2bits[2].out;
-
-    component mul = XTimes(3);
-    mul.in <== num2bits[3].out;
-
     xor[1] = XorBits();
     xor[1].a <== xor[0].out;
-    xor[1].b <== mul2.out;
+    xor[1].b <== num2bits[2].out;
 
     xor[2] = XorBits();
     xor[2].a <== xor[1].out;
-    xor[2].b <== mul.out;
+    xor[2].b <== num2bits[3].out;
 
     component b2n = Bits2Num(8);
     for (var i = 0; i < 8; i++) {
@@ -166,27 +167,27 @@ template S3() {
     component num2bits[4];
     component xor[3];
 
-    for (var i = 0; i < 4; i++) {
+    for (var i = 1; i < 3; i++) {
         num2bits[i] = Num2Bits(8);
         num2bits[i].in <== in[i];
     }
 
-    component mul3 = XTimes(3);
-    mul3.in <== num2bits[0].out;
+    num2bits[0] = Num2Bits(8);
+    num2bits[0].in <-- TBox(3, in[0]);
+
+    num2bits[3] = Num2Bits(8);
+    num2bits[3].in <-- TBox(2, in[3]);
 
     xor[0] = XorBits();
-    xor[0].a <== mul3.out;
+    xor[0].a <== num2bits[0].out;
     xor[0].b <== num2bits[1].out;
 
     xor[1] = XorBits();
     xor[1].a <== xor[0].out;
     xor[1].b <== num2bits[2].out;
 
-    component mul2 = XTimes2();
-    mul2.in <== num2bits[3].out;
-
     xor[2] = XorBits();
-    xor[2].a <== mul2.out;
+    xor[2].a <-- num2bits[3].out;
     xor[2].b <== xor[1].out;
 
     component b2n = Bits2Num(8);

diff --git a/circuits/tbox.circom b/circuits/tbox.circom
@@ -0,0 +1,38 @@
+pragma circom 2.1.8;
+
+include "transformations.circom";
+include "circomlib/circuits/bitify.circom";
+
+//tbox[0] =>> multiplication by 2
+//tbox[1] =>> multiplication by 3
+function TBox(index, subbyte) {
+    var tbox[2][16*16] = [
+        [
+            0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60,
+            62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114,
+            116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160,
+            162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192, 194, 196, 198, 200, 202, 204, 206,
+            208, 210, 212, 214, 216, 218, 220, 222, 224, 226, 228, 230, 232, 234, 236, 238, 240, 242, 244, 246, 248, 250, 252,
+            254, 27, 25, 31, 29, 19, 17, 23, 21, 11, 9, 15, 13, 3, 1, 7, 5, 59, 57, 63, 61, 51, 49, 55, 53, 43, 41, 47, 45, 35,
+            33, 39, 37, 91, 89, 95, 93, 83, 81, 87, 85, 75, 73, 79, 77, 67, 65, 71, 69, 123, 121, 127, 125, 115, 113, 119, 117,
+            107, 105, 111, 109, 99, 97, 103, 101, 155, 153, 159, 157, 147, 145, 151, 149, 139, 137, 143, 141, 131, 129, 135, 133,
+            187, 185, 191, 189, 179, 177, 183, 181, 171, 169, 175, 173, 163, 161, 167, 165, 219, 217, 223, 221, 211, 209, 215,
+            213, 203, 201, 207, 205, 195, 193, 199, 197, 251, 249, 255, 253, 243, 241, 247, 245, 235, 233, 239, 237, 227, 225,
+            231, 229
+        ],
+        [
+            0, 3, 6, 5, 12, 15, 10, 9, 24, 27, 30, 29, 20, 23, 18, 17, 48, 51, 54, 53, 60, 63, 58, 57, 40, 43, 46, 45, 36, 39, 34,
+            33, 96, 99, 102, 101, 108, 111, 106, 105, 120, 123, 126, 125, 116, 119, 114, 113, 80, 83, 86, 85, 92, 95, 90, 89, 72,
+            75, 78, 77, 68, 71, 66, 65, 192, 195, 198, 197, 204, 207, 202, 201, 216, 219, 222, 221, 212, 215, 210, 209, 240, 243,
+            246, 245, 252, 255, 250, 249, 232, 235, 238, 237, 228, 231, 226, 225, 160, 163, 166, 165, 172, 175, 170, 169, 184,
+            187, 190, 189, 180, 183, 178, 177, 144, 147, 150, 149, 156, 159, 154, 153, 136, 139, 142, 141, 132, 135, 130, 129,
+            155, 152, 157, 158, 151, 148, 145, 146, 131, 128, 133, 134, 143, 140, 137, 138, 171, 168, 173, 174, 167, 164, 161,
+            162, 179, 176, 181, 182, 191, 188, 185, 186, 251, 248, 253, 254, 247, 244, 241, 242, 227, 224, 229, 230, 239, 236,
+            233, 234, 203, 200, 205, 206, 199, 196, 193, 194, 211, 208, 213, 214, 223, 220, 217, 218, 91, 88, 93, 94, 87, 84, 81,
+            82, 67, 64, 69, 70, 79, 76, 73, 74, 107, 104, 109, 110, 103, 100, 97, 98, 115, 112, 117, 118, 127, 124, 121, 122, 59,
+            56, 61, 62, 55, 52, 49, 50, 35, 32, 37, 38, 47, 44, 41, 42, 11, 8, 13, 14, 7, 4, 1, 2, 19, 16, 21, 22, 31, 28, 25, 26
+        ]
+    ];
+
+    return tbox[index][subbyte];
+}
diff --git a/circuits/transformations.circom b/circuits/transformations.circom
@@ -3,6 +3,7 @@ pragma circom 2.1.8;
 include "circomlib/circuits/comparators.circom";
 include "circomlib/circuits/bitify.circom";
 include "circomlib/circuits/gates.circom";
+include "utils.circom";
 
 // ShiftRows: Performs circular left shift on each row
 // 0, 1, 2, 3 shifts for rows 0, 1, 2, 3 respectively

diff --git a/tests/tbox.test.ts b/tests/tbox.test.ts
@@ -0,0 +1,15 @@
+// import { WitnessTester } from "circomkit";
+// import { circomkit } from "./common";
+
+// describe.only("TBox", () => {
+//   let circuit: WitnessTester;
+
+//   it("should compute correctly", async () => {
+//     circuit = await circomkit.WitnessTester(`TBox`, {
+//       file: "tbox",
+//       template: "TBox",
+//       params: [0, 3],
+//     });
+//     console.log("#constraints:", await circuit.getConstraintCount());
+//   });
+// });