diff --git a/circuits/mix_columns.circom b/circuits/mix_columns.circom index 817103a..5e81db8 100644 --- a/circuits/mix_columns.circom +++ b/circuits/mix_columns.circom @@ -4,7 +4,7 @@ include "transformations.circom"; include "circomlib/circuits/comparators.circom"; include "circomlib/circuits/bitify.circom"; include "circomlib/circuits/gates.circom"; - +include "tbox.circom"; // MixColumns: Applies the equation for each column: // [s'0,c] [2 3 1 1][s0,c] @@ -49,20 +49,20 @@ template S0(){ component num2bits[4]; component xor[3]; - for (var i = 0; i < 4; i++) { + for (var i = 2; i < 4; i++) { num2bits[i] = Num2Bits(8); num2bits[i].in <== in[i]; } - component mul = XTimes2(); - mul.in <== num2bits[0].out; + num2bits[0] = Num2Bits(8); + num2bits[0].in <-- TBox(2, in[0]); - component mul2 = XTimes(3); - mul2.in <== num2bits[1].out; + num2bits[1] = Num2Bits(8); + num2bits[1].in <-- TBox(3, in[1]); xor[0] = XorBits(); - xor[0].a <== mul.out; - xor[0].b <== mul2.out; + xor[0].a <== num2bits[0].out; + xor[0].b <== num2bits[1].out; xor[1] = XorBits(); xor[1].a <== xor[0].out; @@ -88,24 +88,25 @@ template S1(){ component num2bits[4]; component xor[3]; - for (var i = 0; i < 4; i++) { - num2bits[i] = Num2Bits(8); - num2bits[i].in <== in[i]; - } + num2bits[0] = Num2Bits(8); + num2bits[0].in <== in[0]; + + num2bits[1] = Num2Bits(8); + num2bits[1].in <-- TBox(2, in[1]); - component mul = XTimes2(); - mul.in <== num2bits[1].out; + num2bits[2] = Num2Bits(8); + num2bits[2].in <-- TBox(3, in[2]); - component mul2 = XTimes(3); - mul2.in <== num2bits[2].out; + num2bits[3] = Num2Bits(8); + num2bits[3].in <== in[3]; xor[0] = XorBits(); xor[0].a <== num2bits[0].out; - xor[0].b <== mul.out; + xor[0].b <== num2bits[1].out; xor[1] = XorBits(); xor[1].a <== xor[0].out; - xor[1].b <== mul2.out; + xor[1].b <== num2bits[2].out; xor[2] = XorBits(); xor[2].a <== xor[1].out; @@ -127,28 +128,28 @@ template S2() { component num2bits[4]; component xor[3]; - for (var i = 0; i < 4; i++) { + for (var i = 0; i < 2; i++) { num2bits[i] = Num2Bits(8); num2bits[i].in <== in[i]; } + num2bits[2] = Num2Bits(8); + num2bits[2].in <-- TBox(2, in[2]); + + num2bits[3] = Num2Bits(8); + num2bits[3].in <-- TBox(3, in[3]); + xor[0] = XorBits(); xor[0].a <== num2bits[0].out; xor[0].b <== num2bits[1].out; - component mul2 = XTimes2(); - mul2.in <== num2bits[2].out; - - component mul = XTimes(3); - mul.in <== num2bits[3].out; - xor[1] = XorBits(); xor[1].a <== xor[0].out; - xor[1].b <== mul2.out; + xor[1].b <== num2bits[2].out; xor[2] = XorBits(); xor[2].a <== xor[1].out; - xor[2].b <== mul.out; + xor[2].b <== num2bits[3].out; component b2n = Bits2Num(8); for (var i = 0; i < 8; i++) { @@ -166,27 +167,27 @@ template S3() { component num2bits[4]; component xor[3]; - for (var i = 0; i < 4; i++) { + for (var i = 1; i < 3; i++) { num2bits[i] = Num2Bits(8); num2bits[i].in <== in[i]; } - component mul3 = XTimes(3); - mul3.in <== num2bits[0].out; + num2bits[0] = Num2Bits(8); + num2bits[0].in <-- TBox(3, in[0]); + + num2bits[3] = Num2Bits(8); + num2bits[3].in <-- TBox(2, in[3]); xor[0] = XorBits(); - xor[0].a <== mul3.out; + xor[0].a <== num2bits[0].out; xor[0].b <== num2bits[1].out; xor[1] = XorBits(); xor[1].a <== xor[0].out; xor[1].b <== num2bits[2].out; - component mul2 = XTimes2(); - mul2.in <== num2bits[3].out; - xor[2] = XorBits(); - xor[2].a <== mul2.out; + xor[2].a <-- num2bits[3].out; xor[2].b <== xor[1].out; component b2n = Bits2Num(8); diff --git a/circuits/tbox.circom b/circuits/tbox.circom new file mode 100644 index 0000000..a2bc12c --- /dev/null +++ b/circuits/tbox.circom @@ -0,0 +1,38 @@ +pragma circom 2.1.8; + +include "transformations.circom"; +include "circomlib/circuits/bitify.circom"; + +//tbox[0] =>> multiplication by 2 +//tbox[1] =>> multiplication by 3 +function TBox(index, subbyte) { + var tbox[2][16*16] = [ + [ + 0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, + 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, + 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, + 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192, 194, 196, 198, 200, 202, 204, 206, + 208, 210, 212, 214, 216, 218, 220, 222, 224, 226, 228, 230, 232, 234, 236, 238, 240, 242, 244, 246, 248, 250, 252, + 254, 27, 25, 31, 29, 19, 17, 23, 21, 11, 9, 15, 13, 3, 1, 7, 5, 59, 57, 63, 61, 51, 49, 55, 53, 43, 41, 47, 45, 35, + 33, 39, 37, 91, 89, 95, 93, 83, 81, 87, 85, 75, 73, 79, 77, 67, 65, 71, 69, 123, 121, 127, 125, 115, 113, 119, 117, + 107, 105, 111, 109, 99, 97, 103, 101, 155, 153, 159, 157, 147, 145, 151, 149, 139, 137, 143, 141, 131, 129, 135, 133, + 187, 185, 191, 189, 179, 177, 183, 181, 171, 169, 175, 173, 163, 161, 167, 165, 219, 217, 223, 221, 211, 209, 215, + 213, 203, 201, 207, 205, 195, 193, 199, 197, 251, 249, 255, 253, 243, 241, 247, 245, 235, 233, 239, 237, 227, 225, + 231, 229 + ], + [ + 0, 3, 6, 5, 12, 15, 10, 9, 24, 27, 30, 29, 20, 23, 18, 17, 48, 51, 54, 53, 60, 63, 58, 57, 40, 43, 46, 45, 36, 39, 34, + 33, 96, 99, 102, 101, 108, 111, 106, 105, 120, 123, 126, 125, 116, 119, 114, 113, 80, 83, 86, 85, 92, 95, 90, 89, 72, + 75, 78, 77, 68, 71, 66, 65, 192, 195, 198, 197, 204, 207, 202, 201, 216, 219, 222, 221, 212, 215, 210, 209, 240, 243, + 246, 245, 252, 255, 250, 249, 232, 235, 238, 237, 228, 231, 226, 225, 160, 163, 166, 165, 172, 175, 170, 169, 184, + 187, 190, 189, 180, 183, 178, 177, 144, 147, 150, 149, 156, 159, 154, 153, 136, 139, 142, 141, 132, 135, 130, 129, + 155, 152, 157, 158, 151, 148, 145, 146, 131, 128, 133, 134, 143, 140, 137, 138, 171, 168, 173, 174, 167, 164, 161, + 162, 179, 176, 181, 182, 191, 188, 185, 186, 251, 248, 253, 254, 247, 244, 241, 242, 227, 224, 229, 230, 239, 236, + 233, 234, 203, 200, 205, 206, 199, 196, 193, 194, 211, 208, 213, 214, 223, 220, 217, 218, 91, 88, 93, 94, 87, 84, 81, + 82, 67, 64, 69, 70, 79, 76, 73, 74, 107, 104, 109, 110, 103, 100, 97, 98, 115, 112, 117, 118, 127, 124, 121, 122, 59, + 56, 61, 62, 55, 52, 49, 50, 35, 32, 37, 38, 47, 44, 41, 42, 11, 8, 13, 14, 7, 4, 1, 2, 19, 16, 21, 22, 31, 28, 25, 26 + ] + ]; + + return tbox[index][subbyte]; +} \ No newline at end of file diff --git a/circuits/transformations.circom b/circuits/transformations.circom index 83625bf..f3b83e9 100644 --- a/circuits/transformations.circom +++ b/circuits/transformations.circom @@ -3,6 +3,7 @@ pragma circom 2.1.8; include "circomlib/circuits/comparators.circom"; include "circomlib/circuits/bitify.circom"; include "circomlib/circuits/gates.circom"; +include "utils.circom"; // ShiftRows: Performs circular left shift on each row // 0, 1, 2, 3 shifts for rows 0, 1, 2, 3 respectively diff --git a/tests/tbox.test.ts b/tests/tbox.test.ts new file mode 100644 index 0000000..6800ef3 --- /dev/null +++ b/tests/tbox.test.ts @@ -0,0 +1,15 @@ +// import { WitnessTester } from "circomkit"; +// import { circomkit } from "./common"; + +// describe.only("TBox", () => { +// let circuit: WitnessTester; + +// it("should compute correctly", async () => { +// circuit = await circomkit.WitnessTester(`TBox`, { +// file: "tbox", +// template: "TBox", +// params: [0, 3], +// }); +// console.log("#constraints:", await circuit.getConstraintCount()); +// }); +// });