From 4aae0edf74d5b6070305eb40f2f70562b793f40d Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Sun, 7 Jul 2019 15:01:14 +0300 Subject: [PATCH] fix: makes mimcsponge act like the paper description * last constant is 0 * no swap at the last round --- circuits/mimcsponge.circom | 6 +++--- src/mimcsponge.js | 11 ++++++++--- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/circuits/mimcsponge.circom b/circuits/mimcsponge.circom index 3debbb8b..de9bf1ec 100644 --- a/circuits/mimcsponge.circom +++ b/circuits/mimcsponge.circom @@ -259,7 +259,7 @@ template MiMCFeistel(nrounds) { 274945154732293792784580363548970818611304339008964723447672490026510689427, 11050822248291117548220126630860474473945266276626263036056336623671308219529, 2119542016932434047340813757208803962484943912710204325088879681995922344971, - 12785816057369026966653780180257549951796705239580629452502836335892168319323 + 0 ]; var t; @@ -276,8 +276,8 @@ template MiMCFeistel(nrounds) { xL[i] <== ((i==0) ? xR_in : xR[i-1]) + t4[i]*t; xR[i] = (i==0) ? xL_in : xL[i-1]; } else { - xL_out <== xR[i-1] + t4[i]*t; - xR_out <== xL[i-1]; + xR_out <== xR[i-1] + t4[i]*t; + xL_out <== xL[i-1]; } } } diff --git a/src/mimcsponge.js b/src/mimcsponge.js index bb37a9d1..73ce0c5a 100644 --- a/src/mimcsponge.js +++ b/src/mimcsponge.js @@ -27,10 +27,11 @@ exports.getConstants = (seed, nRounds) => { cts[i] = bigInt(Web3Utils.toBN(c2).toString()); } cts[0] = bigInt(0); + cts[cts.length - 1] = bigInt(0); return cts; }; -const cts = exports.getConstants(SEED, 220); +const cts = exports.getConstants(SEED, NROUNDS); exports.hash = (_xL_in, _xR_in, _k) =>{ let xL = bigInt(_xL_in); @@ -40,8 +41,12 @@ exports.hash = (_xL_in, _xR_in, _k) =>{ const c = cts[i]; const t = (i==0) ? F.add(xL, k) : F.add(F.add(xL, k), c); const xR_tmp = bigInt(xR); - xR = xL; - xL = F.add(xR_tmp, F.exp(t, 5)); + if (i < (NROUNDS - 1)) { + xR = xL; + xL = F.add(xR_tmp, F.exp(t, 5)); + } else { + xR = F.add(xR_tmp, F.exp(t, 5)); + } } return { xL: F.affine(xL),