Skip to content

Commit

Permalink
refactor pk compression
Browse files Browse the repository at this point in the history
  • Loading branch information
RajeshRk18 committed Nov 18, 2023
1 parent c594796 commit 3a07645
Showing 1 changed file with 26 additions and 17 deletions.
43 changes: 26 additions & 17 deletions circuits/verify_nullifier.circom
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,18 @@ template plume_v1(n, k, message_length) {
signal input q1_x_mapped[4];
signal input q1_y_mapped[4];

// compressing public key here to avoid compressing it twice in both `check_ec_equations1 and `sha256_12_coordinates`
component pk_compressor = compress_ec_point(n, k);
pk_compressor.uncompressed <== pk;

// precomputed value for the sha256 component. TODO: calculate internally in circom to simplify API
signal input sha256_preimage_bit_length;

component check_ec_equations = check_ec_equations(n, k, message_length);

check_ec_equations.c <== c;
check_ec_equations.s <== s;
check_ec_equations.pk <== pk;
check_ec_equations.pk <== pk_compressor.compressed;
check_ec_equations.nullifier <== nullifier;

check_ec_equations.plume_message <== plume_message;
Expand All @@ -59,15 +63,15 @@ template plume_v1(n, k, message_length) {
g[0] = get_genx(n, k);
g[1] = get_geny(n, k);
c_sha256.preimage_bit_length <== sha256_preimage_bit_length;
c_sha256.pk_compressed <== pk_compressor.compressed;

for (var i = 0; i < 2; i++) {
for (var j = 0; j < k; j++) {
c_sha256.coordinates[i][j] <== g[i][j];
c_sha256.coordinates[2+i][j] <== pk[i][j];
c_sha256.coordinates[4+i][j] <== check_ec_equations.hashed_to_curve[i][j];
c_sha256.coordinates[6+i][j] <== nullifier[i][j];
c_sha256.coordinates[8+i][j] <== check_ec_equations.r_point[i][j];
c_sha256.coordinates[10+i][j] <== check_ec_equations.hashed_to_curve_r[i][j];
c_sha256.coordinates[2+i][j] <== check_ec_equations.hashed_to_curve[i][j];
c_sha256.coordinates[4+i][j] <== nullifier[i][j];
c_sha256.coordinates[6+i][j] <== check_ec_equations.r_point[i][j];
c_sha256.coordinates[8+i][j] <== check_ec_equations.hashed_to_curve_r[i][j];
}
}

Expand Down Expand Up @@ -115,11 +119,14 @@ template plume_v2(n, k, message_length) {
signal input q1_x_mapped[4];
signal input q1_y_mapped[4];

component pk_compressor = compress_ec_point(n, k);
pk_compressor.uncompressed <== pk;

component check_ec_equations = check_ec_equations(n, k, message_length);

check_ec_equations.c <== c;
check_ec_equations.s <== s;
check_ec_equations.pk <== pk;
check_ec_equations.pk_compressed <== pk_compressor.compressed;
check_ec_equations.nullifier <== nullifier;

check_ec_equations.plume_message <== plume_message;
Expand All @@ -144,7 +151,7 @@ template check_ec_equations(n, k, message_length) {
signal input c[k];
signal input s[k];
signal input plume_message[message_length];
signal input pk[2][k];
signal input pk_compressed[33];
signal input nullifier[2][k];

signal output r_point[2][k];
Expand Down Expand Up @@ -186,14 +193,10 @@ template check_ec_equations(n, k, message_length) {
component hash_to_curve = HashToCurve(message_length + 33);
for (var i = 0; i < message_length; i++) {
hash_to_curve.msg[i] <== plume_message[i];
}

component pk_compressor = compress_ec_point(n, k);

pk_compressor.uncompressed <== pk;
}

for (var i = 0; i < 33; i++) {
hash_to_curve.msg[message_length + i] <== pk_compressor.compressed[i];
hash_to_curve.msg[message_length + i] <== pk_compressed[i];
}

// Input precalculated values into HashToCurve
Expand Down Expand Up @@ -258,13 +261,14 @@ template a_div_b_pow_c(n, k) {
}

template sha256_12_coordinates(n, k) {
signal input coordinates[12][k];
signal input pk_compressed[33];
signal input coordinates[10][k];
signal input preimage_bit_length;
signal output out[256];

// compress coordinates
component compressors[6];
for (var i = 0; i < 6; i++) {
component compressors[5];
for (var i = 0; i < 5; i++) {
compressors[i] = compress_ec_point(n, k);
compressors[i].uncompressed[0] <== coordinates[2*i];
compressors[i].uncompressed[1] <== coordinates[2*i + 1];
Expand All @@ -274,8 +278,13 @@ template sha256_12_coordinates(n, k) {
component binary[6*33];
for (var i = 0; i < 6; i++) { // for each compressor
for (var j = 0; j < 33; j++) { // for each byte
if (i == 1) {
binary[33*i + j] = Num2Bits(8);
binary[33*i + j].in <== pk_compressed[j];
} else {
binary[33*i + j] = Num2Bits(8);
binary[33*i + j].in <== compressors[i].compressed[j];
}
}
}

Expand Down

0 comments on commit 3a07645

Please sign in to comment.