diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 511d0ff..4a4a27d 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -19,9 +19,9 @@ jobs: nasm \ nlohmann-json3-dev - - name: Download Circom Binary v2.1.5\8 + - name: Download Circom Binary v2.1.9 run: | - wget -qO /home/runner/work/circom https://github.com/iden3/circom/releases/download/v2.1.8/circom-linux-amd64 + wget -qO /home/runner/work/circom https://github.com/iden3/circom/releases/download/v2.1.9/circom-linux-amd64 chmod +x /home/runner/work/circom sudo mv /home/runner/work/circom /bin/circom diff --git a/circomkit.json b/circomkit.json index cd5fed7..bdc8e25 100644 --- a/circomkit.json +++ b/circomkit.json @@ -1,5 +1,5 @@ { - "version": "2.1.8", + "version": "2.1.9", "proofSystem": "groth16", "curve": "bn128" } diff --git a/circuits/cipher.circom b/circuits/cipher.circom index 50b806f..ee8a9c1 100644 --- a/circuits/cipher.circom +++ b/circuits/cipher.circom @@ -1,4 +1,4 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "key_expansion.circom"; include "circomlib/circuits/comparators.circom"; diff --git a/circuits/ctr.circom b/circuits/ctr.circom index 696d295..c388d99 100644 --- a/circuits/ctr.circom +++ b/circuits/ctr.circom @@ -1,4 +1,4 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "cipher.circom"; include "transformations.circom"; diff --git a/circuits/key_expansion.circom b/circuits/key_expansion.circom index 5686474..81c8c14 100644 --- a/circuits/key_expansion.circom +++ b/circuits/key_expansion.circom @@ -1,4 +1,4 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "sbox128.circom"; include "utils.circom"; diff --git a/circuits/mix_columns.circom b/circuits/mix_columns.circom index 817103a..ec8ff70 100644 --- a/circuits/mix_columns.circom +++ b/circuits/mix_columns.circom @@ -1,10 +1,10 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "transformations.circom"; include "circomlib/circuits/comparators.circom"; include "circomlib/circuits/bitify.circom"; include "circomlib/circuits/gates.circom"; - +include "tbox.circom"; // MixColumns: Applies the equation for each column: // [s'0,c] [2 3 1 1][s0,c] @@ -49,20 +49,20 @@ template S0(){ component num2bits[4]; component xor[3]; - for (var i = 0; i < 4; i++) { + for (var i = 2; i < 4; i++) { num2bits[i] = Num2Bits(8); num2bits[i].in <== in[i]; } - component mul = XTimes2(); - mul.in <== num2bits[0].out; + num2bits[0] = Num2Bits(8); + num2bits[0].in <-- TBox(0, in[0]); - component mul2 = XTimes(3); - mul2.in <== num2bits[1].out; + num2bits[1] = Num2Bits(8); + num2bits[1].in <-- TBox(1, in[1]); xor[0] = XorBits(); - xor[0].a <== mul.out; - xor[0].b <== mul2.out; + xor[0].a <== num2bits[0].out; + xor[0].b <== num2bits[1].out; xor[1] = XorBits(); xor[1].a <== xor[0].out; @@ -88,24 +88,25 @@ template S1(){ component num2bits[4]; component xor[3]; - for (var i = 0; i < 4; i++) { - num2bits[i] = Num2Bits(8); - num2bits[i].in <== in[i]; - } + num2bits[0] = Num2Bits(8); + num2bits[0].in <== in[0]; + + num2bits[1] = Num2Bits(8); + num2bits[1].in <-- TBox(0, in[1]); - component mul = XTimes2(); - mul.in <== num2bits[1].out; + num2bits[2] = Num2Bits(8); + num2bits[2].in <-- TBox(1, in[2]); - component mul2 = XTimes(3); - mul2.in <== num2bits[2].out; + num2bits[3] = Num2Bits(8); + num2bits[3].in <== in[3]; xor[0] = XorBits(); xor[0].a <== num2bits[0].out; - xor[0].b <== mul.out; + xor[0].b <== num2bits[1].out; xor[1] = XorBits(); xor[1].a <== xor[0].out; - xor[1].b <== mul2.out; + xor[1].b <== num2bits[2].out; xor[2] = XorBits(); xor[2].a <== xor[1].out; @@ -127,28 +128,28 @@ template S2() { component num2bits[4]; component xor[3]; - for (var i = 0; i < 4; i++) { + for (var i = 0; i < 2; i++) { num2bits[i] = Num2Bits(8); num2bits[i].in <== in[i]; } + num2bits[2] = Num2Bits(8); + num2bits[2].in <-- TBox(0, in[2]); + + num2bits[3] = Num2Bits(8); + num2bits[3].in <-- TBox(1, in[3]); + xor[0] = XorBits(); xor[0].a <== num2bits[0].out; xor[0].b <== num2bits[1].out; - component mul2 = XTimes2(); - mul2.in <== num2bits[2].out; - - component mul = XTimes(3); - mul.in <== num2bits[3].out; - xor[1] = XorBits(); xor[1].a <== xor[0].out; - xor[1].b <== mul2.out; + xor[1].b <== num2bits[2].out; xor[2] = XorBits(); xor[2].a <== xor[1].out; - xor[2].b <== mul.out; + xor[2].b <== num2bits[3].out; component b2n = Bits2Num(8); for (var i = 0; i < 8; i++) { @@ -166,27 +167,27 @@ template S3() { component num2bits[4]; component xor[3]; - for (var i = 0; i < 4; i++) { + for (var i = 1; i < 3; i++) { num2bits[i] = Num2Bits(8); num2bits[i].in <== in[i]; } - component mul3 = XTimes(3); - mul3.in <== num2bits[0].out; + num2bits[0] = Num2Bits(8); + num2bits[0].in <-- TBox(1, in[0]); + + num2bits[3] = Num2Bits(8); + num2bits[3].in <-- TBox(0, in[3]); xor[0] = XorBits(); - xor[0].a <== mul3.out; + xor[0].a <== num2bits[0].out; xor[0].b <== num2bits[1].out; xor[1] = XorBits(); xor[1].a <== xor[0].out; xor[1].b <== num2bits[2].out; - component mul2 = XTimes2(); - mul2.in <== num2bits[3].out; - xor[2] = XorBits(); - xor[2].a <== mul2.out; + xor[2].a <-- num2bits[3].out; xor[2].b <== xor[1].out; component b2n = Bits2Num(8); diff --git a/circuits/sbox128.circom b/circuits/sbox128.circom index b1dba34..c949f0e 100644 --- a/circuits/sbox128.circom +++ b/circuits/sbox128.circom @@ -1,4 +1,4 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "circomlib/circuits/comparators.circom"; diff --git a/circuits/tbox.circom b/circuits/tbox.circom new file mode 100644 index 0000000..976fbea --- /dev/null +++ b/circuits/tbox.circom @@ -0,0 +1,38 @@ +pragma circom 2.1.9; + +include "transformations.circom"; +include "circomlib/circuits/bitify.circom"; + +//tbox[0] =>> multiplication by 2 +//tbox[1] =>> multiplication by 3 +function TBox(index, subbyte) { + var tbox[2][256] = [ + [ + 0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, + 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, + 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, + 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192, 194, 196, 198, 200, 202, 204, 206, + 208, 210, 212, 214, 216, 218, 220, 222, 224, 226, 228, 230, 232, 234, 236, 238, 240, 242, 244, 246, 248, 250, 252, + 254, 27, 25, 31, 29, 19, 17, 23, 21, 11, 9, 15, 13, 3, 1, 7, 5, 59, 57, 63, 61, 51, 49, 55, 53, 43, 41, 47, 45, 35, + 33, 39, 37, 91, 89, 95, 93, 83, 81, 87, 85, 75, 73, 79, 77, 67, 65, 71, 69, 123, 121, 127, 125, 115, 113, 119, 117, + 107, 105, 111, 109, 99, 97, 103, 101, 155, 153, 159, 157, 147, 145, 151, 149, 139, 137, 143, 141, 131, 129, 135, 133, + 187, 185, 191, 189, 179, 177, 183, 181, 171, 169, 175, 173, 163, 161, 167, 165, 219, 217, 223, 221, 211, 209, 215, + 213, 203, 201, 207, 205, 195, 193, 199, 197, 251, 249, 255, 253, 243, 241, 247, 245, 235, 233, 239, 237, 227, 225, + 231, 229 + ], + [ + 0, 3, 6, 5, 12, 15, 10, 9, 24, 27, 30, 29, 20, 23, 18, 17, 48, 51, 54, 53, 60, 63, 58, 57, 40, 43, 46, 45, 36, 39, 34, + 33, 96, 99, 102, 101, 108, 111, 106, 105, 120, 123, 126, 125, 116, 119, 114, 113, 80, 83, 86, 85, 92, 95, 90, 89, 72, + 75, 78, 77, 68, 71, 66, 65, 192, 195, 198, 197, 204, 207, 202, 201, 216, 219, 222, 221, 212, 215, 210, 209, 240, 243, + 246, 245, 252, 255, 250, 249, 232, 235, 238, 237, 228, 231, 226, 225, 160, 163, 166, 165, 172, 175, 170, 169, 184, + 187, 190, 189, 180, 183, 178, 177, 144, 147, 150, 149, 156, 159, 154, 153, 136, 139, 142, 141, 132, 135, 130, 129, + 155, 152, 157, 158, 151, 148, 145, 146, 131, 128, 133, 134, 143, 140, 137, 138, 171, 168, 173, 174, 167, 164, 161, + 162, 179, 176, 181, 182, 191, 188, 185, 186, 251, 248, 253, 254, 247, 244, 241, 242, 227, 224, 229, 230, 239, 236, + 233, 234, 203, 200, 205, 206, 199, 196, 193, 194, 211, 208, 213, 214, 223, 220, 217, 218, 91, 88, 93, 94, 87, 84, 81, + 82, 67, 64, 69, 70, 79, 76, 73, 74, 107, 104, 109, 110, 103, 100, 97, 98, 115, 112, 117, 118, 127, 124, 121, 122, 59, + 56, 61, 62, 55, 52, 49, 50, 35, 32, 37, 38, 47, 44, 41, 42, 11, 8, 13, 14, 7, 4, 1, 2, 19, 16, 21, 22, 31, 28, 25, 26 + ] + ]; + + return tbox[index][subbyte]; +} \ No newline at end of file diff --git a/circuits/transformations.circom b/circuits/transformations.circom index 83625bf..3120e52 100644 --- a/circuits/transformations.circom +++ b/circuits/transformations.circom @@ -1,8 +1,9 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "circomlib/circuits/comparators.circom"; include "circomlib/circuits/bitify.circom"; include "circomlib/circuits/gates.circom"; +include "utils.circom"; // ShiftRows: Performs circular left shift on each row // 0, 1, 2, 3 shifts for rows 0, 1, 2, 3 respectively diff --git a/circuits/utils.circom b/circuits/utils.circom index 26a4ea3..d9b6bea 100644 --- a/circuits/utils.circom +++ b/circuits/utils.circom @@ -1,4 +1,4 @@ -pragma circom 2.1.8; +pragma circom 2.1.9; include "sbox128.circom"; include "circomlib/circuits/comparators.circom"; diff --git a/tests/ctr.test.ts b/tests/ctr.test.ts index 20a671a..0b83b4e 100644 --- a/tests/ctr.test.ts +++ b/tests/ctr.test.ts @@ -10,7 +10,7 @@ describe("ToBlocks", () => { template: "ToBlocks", params: [16], }); - console.log("@ToBLocks #constraints:", await circuit.getConstraintCount()); + console.log("@ToBlocks #constraints:", await circuit.getConstraintCount()); await circuit.expectPass( { @@ -34,7 +34,7 @@ describe("ToBlocks", () => { template: "ToBlocks", params: [15], }); - console.log("@ToBLocks #constraints:", await circuit.getConstraintCount()); + console.log("@EncryptCTR #constraints:", await circuit.getConstraintCount()); await circuit.expectPass( { @@ -156,9 +156,9 @@ describe("EncryptCTR", () => { { plainText: [ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, - 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, - 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, - 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10, + 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46, + 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, + 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10, ], iv: [0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff], key: [0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c], @@ -166,9 +166,9 @@ describe("EncryptCTR", () => { { cipher: [ 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, 0x98, 0x06, - 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff, - 0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e, 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab, - 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1, 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee, + 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff, 0x5a, 0xe4, 0xdf, 0x3e, + 0xdb, 0xd5, 0xd3, 0x5e, 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab, 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, + 0x03, 0xd1, 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee, ], } );