From 7e3e95f4efb78db14cca613c5d6a1329eecb0c23 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 12 Jan 2023 13:28:28 -0500 Subject: [PATCH 01/30] test: failing test --- ecc/bn254/fr/mimc/mimc_test.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 ecc/bn254/fr/mimc/mimc_test.go diff --git a/ecc/bn254/fr/mimc/mimc_test.go b/ecc/bn254/fr/mimc/mimc_test.go new file mode 100644 index 000000000..651d130a8 --- /dev/null +++ b/ecc/bn254/fr/mimc/mimc_test.go @@ -0,0 +1,16 @@ +package mimc + +import ( + fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir" + "github.com/stretchr/testify/assert" + "testing" +) + +func TestMiMCFiatShamir(t *testing.T) { + fs := fiatshamir.NewTranscript(NewMiMC(), "c0") + zero := make([]byte, BlockSize) + err := fs.Bind("c0", zero) + assert.NoError(t, err) + _, err = fs.ComputeChallenge("c0") + assert.NoError(t, err) +} From 0fc86727e9a0a0b609c6a6d9a750c10890b0d675 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 12 Jan 2023 15:41:57 -0500 Subject: [PATCH 02/30] fix: align challenge name, prepending with zeros to avoid field overflow --- fiat-shamir/transcript.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/fiat-shamir/transcript.go b/fiat-shamir/transcript.go index d371556d0..c8fcd7a2e 100644 --- a/fiat-shamir/transcript.go +++ b/fiat-shamir/transcript.go @@ -16,6 +16,7 @@ package fiatshamir import ( "errors" + "fmt" "hash" ) @@ -83,7 +84,7 @@ func (t *Transcript) Bind(challengeID string, bValue []byte) error { // ComputeChallenge computes the challenge corresponding to the given name. // The challenge is: // * H(name || previous_challenge || binded_values...) if the challenge is not the first one -// * H(name || binded_values... ) if it's is the first challenge +// * H(name || binded_values... ) if it is the first challenge func (t *Transcript) ComputeChallenge(challengeID string) ([]byte, error) { challenge, ok := t.challenges[challengeID] @@ -101,7 +102,12 @@ func (t *Transcript) ComputeChallenge(challengeID string) ([]byte, error) { defer t.h.Reset() // write the challenge name, the purpose is to have a domain separator - bName := []byte(challengeID) + bName := make([]byte, t.h.BlockSize()) + if len(challengeID) < len(bName) { // strict inequality because don't even want to have to deal with modular reduction in case of arithmetic hashes TODO: Replace with strict + copy(bName[len(bName)-len(challengeID):], challengeID) + } else { + return nil, fmt.Errorf("challenge name too large") + } if _, err := t.h.Write(bName); err != nil { return nil, err } From 6ed76e65149cd52e80d37c5daa5310ba66412516 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Mon, 16 Jan 2023 15:56:32 -0500 Subject: [PATCH 03/30] feat: decomposing long challenge names bn254 --- ecc/bn254/fr/mimc/decompose.go | 13 +++++++++++-- ecc/bn254/fr/mimc/mimc_test.go | 7 ++++--- fiat-shamir/transcript.go | 28 ++++++++++++++++++++-------- hash/hashes.go | 4 ++++ 4 files changed, 39 insertions(+), 13 deletions(-) diff --git a/ecc/bn254/fr/mimc/decompose.go b/ecc/bn254/fr/mimc/decompose.go index e61417b9b..2c5b176fe 100644 --- a/ecc/bn254/fr/mimc/decompose.go +++ b/ecc/bn254/fr/mimc/decompose.go @@ -17,9 +17,8 @@ package mimc import ( - "math/big" - "github.com/consensys/gnark-crypto/ecc/bn254/fr" + "math/big" ) // Decompose interpret rawBytes as a bigInt x in big endian, @@ -44,3 +43,13 @@ func Decompose(rawBytes []byte) []fr.Element { return res } + +func (d *digest) Decompose(rawBytes []byte) [][]byte { + asElems := Decompose(rawBytes) + res := make([][]byte, len(asElems)) + for i := range res { + b := asElems[i].Bytes() + res[i] = b[:] + } + return res +} diff --git a/ecc/bn254/fr/mimc/mimc_test.go b/ecc/bn254/fr/mimc/mimc_test.go index 651d130a8..11c693852 100644 --- a/ecc/bn254/fr/mimc/mimc_test.go +++ b/ecc/bn254/fr/mimc/mimc_test.go @@ -1,14 +1,15 @@ -package mimc +package mimc_test import ( + "github.com/consensys/gnark-crypto/ecc/bn254/fr/mimc" fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir" "github.com/stretchr/testify/assert" "testing" ) func TestMiMCFiatShamir(t *testing.T) { - fs := fiatshamir.NewTranscript(NewMiMC(), "c0") - zero := make([]byte, BlockSize) + fs := fiatshamir.NewTranscript(mimc.NewMiMC(), "c0") + zero := make([]byte, mimc.BlockSize) err := fs.Bind("c0", zero) assert.NoError(t, err) _, err = fs.ComputeChallenge("c0") diff --git a/fiat-shamir/transcript.go b/fiat-shamir/transcript.go index c8fcd7a2e..7709dd2e8 100644 --- a/fiat-shamir/transcript.go +++ b/fiat-shamir/transcript.go @@ -16,7 +16,7 @@ package fiatshamir import ( "errors" - "fmt" + gcHash "github.com/consensys/gnark-crypto/hash" "hash" ) @@ -102,13 +102,7 @@ func (t *Transcript) ComputeChallenge(challengeID string) ([]byte, error) { defer t.h.Reset() // write the challenge name, the purpose is to have a domain separator - bName := make([]byte, t.h.BlockSize()) - if len(challengeID) < len(bName) { // strict inequality because don't even want to have to deal with modular reduction in case of arithmetic hashes TODO: Replace with strict - copy(bName[len(bName)-len(challengeID):], challengeID) - } else { - return nil, fmt.Errorf("challenge name too large") - } - if _, err := t.h.Write(bName); err != nil { + if err := t.writeString([]byte(challengeID)); err != nil { return nil, err } @@ -140,3 +134,21 @@ func (t *Transcript) ComputeChallenge(challengeID string) ([]byte, error) { return res, nil } + +func (t *Transcript) writeString(bytes []byte) error { + + if aHash, ok := t.h.(gcHash.ArithmeticHash); ok { + blocks := aHash.Decompose(bytes) + for _, block := range blocks { + if _, err := t.h.Write(block); err != nil { + return err + } + } + } else { + // no padding needed + _, err := t.h.Write(bytes) + return err + } + + return nil +} diff --git a/hash/hashes.go b/hash/hashes.go index 37bce2959..b4f4f1562 100644 --- a/hash/hashes.go +++ b/hash/hashes.go @@ -115,3 +115,7 @@ func (m Hash) String() string { func (m Hash) Size() int { return int(digestSize[m]) } + +type ArithmeticHash interface { + Decompose(rawBytes []byte) [][]byte +} From 31f311a61a7f6468d8449a14b0cad8f144f80d76 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Mon, 16 Jan 2023 16:00:16 -0500 Subject: [PATCH 04/30] feat: generify Decomposition solution --- ecc/bls12-377/fr/mimc/decompose.go | 10 ++++++++++ ecc/bls12-378/fr/mimc/decompose.go | 10 ++++++++++ ecc/bls12-381/fr/mimc/decompose.go | 10 ++++++++++ ecc/bls24-315/fr/mimc/decompose.go | 10 ++++++++++ ecc/bls24-317/fr/mimc/decompose.go | 10 ++++++++++ ecc/bn254/fr/mimc/decompose.go | 3 ++- ecc/bw6-633/fr/mimc/decompose.go | 10 ++++++++++ ecc/bw6-756/fr/mimc/decompose.go | 10 ++++++++++ ecc/bw6-761/fr/mimc/decompose.go | 10 ++++++++++ .../crypto/hash/mimc/template/decompose.go.tmpl | 10 ++++++++++ 10 files changed, 92 insertions(+), 1 deletion(-) diff --git a/ecc/bls12-377/fr/mimc/decompose.go b/ecc/bls12-377/fr/mimc/decompose.go index a51138765..4bd383ea7 100644 --- a/ecc/bls12-377/fr/mimc/decompose.go +++ b/ecc/bls12-377/fr/mimc/decompose.go @@ -44,3 +44,13 @@ func Decompose(rawBytes []byte) []fr.Element { return res } + +func (d *digest) Decompose(rawBytes []byte) [][]byte { + asElems := Decompose(rawBytes) + res := make([][]byte, len(asElems)) + for i := range res { + b := asElems[i].Bytes() + res[i] = b[:] + } + return res +} diff --git a/ecc/bls12-378/fr/mimc/decompose.go b/ecc/bls12-378/fr/mimc/decompose.go index 50a124f54..909cc9251 100644 --- a/ecc/bls12-378/fr/mimc/decompose.go +++ b/ecc/bls12-378/fr/mimc/decompose.go @@ -44,3 +44,13 @@ func Decompose(rawBytes []byte) []fr.Element { return res } + +func (d *digest) Decompose(rawBytes []byte) [][]byte { + asElems := Decompose(rawBytes) + res := make([][]byte, len(asElems)) + for i := range res { + b := asElems[i].Bytes() + res[i] = b[:] + } + return res +} diff --git a/ecc/bls12-381/fr/mimc/decompose.go b/ecc/bls12-381/fr/mimc/decompose.go index 925d67932..5795decd0 100644 --- a/ecc/bls12-381/fr/mimc/decompose.go +++ b/ecc/bls12-381/fr/mimc/decompose.go @@ -44,3 +44,13 @@ func Decompose(rawBytes []byte) []fr.Element { return res } + +func (d *digest) Decompose(rawBytes []byte) [][]byte { + asElems := Decompose(rawBytes) + res := make([][]byte, len(asElems)) + for i := range res { + b := asElems[i].Bytes() + res[i] = b[:] + } + return res +} diff --git a/ecc/bls24-315/fr/mimc/decompose.go b/ecc/bls24-315/fr/mimc/decompose.go index 4a962631f..03a91dd4d 100644 --- a/ecc/bls24-315/fr/mimc/decompose.go +++ b/ecc/bls24-315/fr/mimc/decompose.go @@ -44,3 +44,13 @@ func Decompose(rawBytes []byte) []fr.Element { return res } + +func (d *digest) Decompose(rawBytes []byte) [][]byte { + asElems := Decompose(rawBytes) + res := make([][]byte, len(asElems)) + for i := range res { + b := asElems[i].Bytes() + res[i] = b[:] + } + return res +} diff --git a/ecc/bls24-317/fr/mimc/decompose.go b/ecc/bls24-317/fr/mimc/decompose.go index b027d8bbc..f2a7d8fc6 100644 --- a/ecc/bls24-317/fr/mimc/decompose.go +++ b/ecc/bls24-317/fr/mimc/decompose.go @@ -44,3 +44,13 @@ func Decompose(rawBytes []byte) []fr.Element { return res } + +func (d *digest) Decompose(rawBytes []byte) [][]byte { + asElems := Decompose(rawBytes) + res := make([][]byte, len(asElems)) + for i := range res { + b := asElems[i].Bytes() + res[i] = b[:] + } + return res +} diff --git a/ecc/bn254/fr/mimc/decompose.go b/ecc/bn254/fr/mimc/decompose.go index 2c5b176fe..4c3878adc 100644 --- a/ecc/bn254/fr/mimc/decompose.go +++ b/ecc/bn254/fr/mimc/decompose.go @@ -17,8 +17,9 @@ package mimc import ( - "github.com/consensys/gnark-crypto/ecc/bn254/fr" "math/big" + + "github.com/consensys/gnark-crypto/ecc/bn254/fr" ) // Decompose interpret rawBytes as a bigInt x in big endian, diff --git a/ecc/bw6-633/fr/mimc/decompose.go b/ecc/bw6-633/fr/mimc/decompose.go index 0f4cc36c9..a9fd5c34e 100644 --- a/ecc/bw6-633/fr/mimc/decompose.go +++ b/ecc/bw6-633/fr/mimc/decompose.go @@ -44,3 +44,13 @@ func Decompose(rawBytes []byte) []fr.Element { return res } + +func (d *digest) Decompose(rawBytes []byte) [][]byte { + asElems := Decompose(rawBytes) + res := make([][]byte, len(asElems)) + for i := range res { + b := asElems[i].Bytes() + res[i] = b[:] + } + return res +} diff --git a/ecc/bw6-756/fr/mimc/decompose.go b/ecc/bw6-756/fr/mimc/decompose.go index c5bb70239..f94688309 100644 --- a/ecc/bw6-756/fr/mimc/decompose.go +++ b/ecc/bw6-756/fr/mimc/decompose.go @@ -44,3 +44,13 @@ func Decompose(rawBytes []byte) []fr.Element { return res } + +func (d *digest) Decompose(rawBytes []byte) [][]byte { + asElems := Decompose(rawBytes) + res := make([][]byte, len(asElems)) + for i := range res { + b := asElems[i].Bytes() + res[i] = b[:] + } + return res +} diff --git a/ecc/bw6-761/fr/mimc/decompose.go b/ecc/bw6-761/fr/mimc/decompose.go index 06761e28f..864a529d8 100644 --- a/ecc/bw6-761/fr/mimc/decompose.go +++ b/ecc/bw6-761/fr/mimc/decompose.go @@ -44,3 +44,13 @@ func Decompose(rawBytes []byte) []fr.Element { return res } + +func (d *digest) Decompose(rawBytes []byte) [][]byte { + asElems := Decompose(rawBytes) + res := make([][]byte, len(asElems)) + for i := range res { + b := asElems[i].Bytes() + res[i] = b[:] + } + return res +} diff --git a/internal/generator/crypto/hash/mimc/template/decompose.go.tmpl b/internal/generator/crypto/hash/mimc/template/decompose.go.tmpl index 1658a9e1d..3e5fee103 100644 --- a/internal/generator/crypto/hash/mimc/template/decompose.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/decompose.go.tmpl @@ -26,3 +26,13 @@ func Decompose(rawBytes []byte) []fr.Element { return res } + +func (d *digest) Decompose(rawBytes []byte) [][]byte { + asElems := Decompose(rawBytes) + res := make([][]byte, len(asElems)) + for i := range res { + b := asElems[i].Bytes() + res[i] = b[:] + } + return res +} From bb6a8660e83885bf0ba8dc6ae4c62ec27720b26c Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Mon, 16 Jan 2023 16:21:25 -0500 Subject: [PATCH 05/30] feat: more usable WriteString instead of "Decompose" --- ecc/bls12-377/fr/mimc/decompose.go | 10 ------- ecc/bls12-377/fr/mimc/mimc.go | 12 ++++++++ ecc/bls12-378/fr/mimc/decompose.go | 10 ------- ecc/bls12-378/fr/mimc/mimc.go | 12 ++++++++ ecc/bls12-381/fr/mimc/decompose.go | 10 ------- ecc/bls12-381/fr/mimc/mimc.go | 12 ++++++++ ecc/bls24-315/fr/mimc/decompose.go | 10 ------- ecc/bls24-315/fr/mimc/mimc.go | 12 ++++++++ ecc/bls24-317/fr/mimc/decompose.go | 10 ------- ecc/bls24-317/fr/mimc/mimc.go | 12 ++++++++ ecc/bn254/fr/mimc/decompose.go | 10 ------- ecc/bn254/fr/mimc/mimc.go | 12 ++++++++ ecc/bw6-633/fr/mimc/decompose.go | 10 ------- ecc/bw6-633/fr/mimc/mimc.go | 12 ++++++++ ecc/bw6-756/fr/mimc/decompose.go | 10 ------- ecc/bw6-756/fr/mimc/mimc.go | 12 ++++++++ ecc/bw6-761/fr/mimc/decompose.go | 10 ------- ecc/bw6-761/fr/mimc/mimc.go | 12 ++++++++ ecc/secp256k1/g1_test.go | 6 ++-- fiat-shamir/transcript.go | 28 ++++++------------- hash/hashes.go | 2 +- .../hash/mimc/template/decompose.go.tmpl | 12 +------- .../crypto/hash/mimc/template/mimc.go.tmpl | 12 ++++++++ 23 files changed, 133 insertions(+), 125 deletions(-) diff --git a/ecc/bls12-377/fr/mimc/decompose.go b/ecc/bls12-377/fr/mimc/decompose.go index 4bd383ea7..a51138765 100644 --- a/ecc/bls12-377/fr/mimc/decompose.go +++ b/ecc/bls12-377/fr/mimc/decompose.go @@ -44,13 +44,3 @@ func Decompose(rawBytes []byte) []fr.Element { return res } - -func (d *digest) Decompose(rawBytes []byte) [][]byte { - asElems := Decompose(rawBytes) - res := make([][]byte, len(asElems)) - for i := range res { - b := asElems[i].Bytes() - res[i] = b[:] - } - return res -} diff --git a/ecc/bls12-377/fr/mimc/mimc.go b/ecc/bls12-377/fr/mimc/mimc.go index 0ce9f4ec0..b5d6c6e28 100644 --- a/ecc/bls12-377/fr/mimc/mimc.go +++ b/ecc/bls12-377/fr/mimc/mimc.go @@ -178,3 +178,15 @@ func initConstants() { _, _ = hash.Write(rnd) } } + +// WriteString writes a string that doesn't necessarily consist of field elements +func (d *digest) WriteString(rawBytes []byte) error { + asElems := Decompose(rawBytes) + for i := range asElems { + b := asElems[i].Bytes() + if _, err := d.Write(b[:]); err != nil { + return err + } + } + return nil +} diff --git a/ecc/bls12-378/fr/mimc/decompose.go b/ecc/bls12-378/fr/mimc/decompose.go index 909cc9251..50a124f54 100644 --- a/ecc/bls12-378/fr/mimc/decompose.go +++ b/ecc/bls12-378/fr/mimc/decompose.go @@ -44,13 +44,3 @@ func Decompose(rawBytes []byte) []fr.Element { return res } - -func (d *digest) Decompose(rawBytes []byte) [][]byte { - asElems := Decompose(rawBytes) - res := make([][]byte, len(asElems)) - for i := range res { - b := asElems[i].Bytes() - res[i] = b[:] - } - return res -} diff --git a/ecc/bls12-378/fr/mimc/mimc.go b/ecc/bls12-378/fr/mimc/mimc.go index e20b5ee79..e18a9a796 100644 --- a/ecc/bls12-378/fr/mimc/mimc.go +++ b/ecc/bls12-378/fr/mimc/mimc.go @@ -182,3 +182,15 @@ func initConstants() { _, _ = hash.Write(rnd) } } + +// WriteString writes a string that doesn't necessarily consist of field elements +func (d *digest) WriteString(rawBytes []byte) error { + asElems := Decompose(rawBytes) + for i := range asElems { + b := asElems[i].Bytes() + if _, err := d.Write(b[:]); err != nil { + return err + } + } + return nil +} diff --git a/ecc/bls12-381/fr/mimc/decompose.go b/ecc/bls12-381/fr/mimc/decompose.go index 5795decd0..925d67932 100644 --- a/ecc/bls12-381/fr/mimc/decompose.go +++ b/ecc/bls12-381/fr/mimc/decompose.go @@ -44,13 +44,3 @@ func Decompose(rawBytes []byte) []fr.Element { return res } - -func (d *digest) Decompose(rawBytes []byte) [][]byte { - asElems := Decompose(rawBytes) - res := make([][]byte, len(asElems)) - for i := range res { - b := asElems[i].Bytes() - res[i] = b[:] - } - return res -} diff --git a/ecc/bls12-381/fr/mimc/mimc.go b/ecc/bls12-381/fr/mimc/mimc.go index e704e01f7..8cb93f013 100644 --- a/ecc/bls12-381/fr/mimc/mimc.go +++ b/ecc/bls12-381/fr/mimc/mimc.go @@ -182,3 +182,15 @@ func initConstants() { _, _ = hash.Write(rnd) } } + +// WriteString writes a string that doesn't necessarily consist of field elements +func (d *digest) WriteString(rawBytes []byte) error { + asElems := Decompose(rawBytes) + for i := range asElems { + b := asElems[i].Bytes() + if _, err := d.Write(b[:]); err != nil { + return err + } + } + return nil +} diff --git a/ecc/bls24-315/fr/mimc/decompose.go b/ecc/bls24-315/fr/mimc/decompose.go index 03a91dd4d..4a962631f 100644 --- a/ecc/bls24-315/fr/mimc/decompose.go +++ b/ecc/bls24-315/fr/mimc/decompose.go @@ -44,13 +44,3 @@ func Decompose(rawBytes []byte) []fr.Element { return res } - -func (d *digest) Decompose(rawBytes []byte) [][]byte { - asElems := Decompose(rawBytes) - res := make([][]byte, len(asElems)) - for i := range res { - b := asElems[i].Bytes() - res[i] = b[:] - } - return res -} diff --git a/ecc/bls24-315/fr/mimc/mimc.go b/ecc/bls24-315/fr/mimc/mimc.go index f9971a900..b40aae850 100644 --- a/ecc/bls24-315/fr/mimc/mimc.go +++ b/ecc/bls24-315/fr/mimc/mimc.go @@ -182,3 +182,15 @@ func initConstants() { _, _ = hash.Write(rnd) } } + +// WriteString writes a string that doesn't necessarily consist of field elements +func (d *digest) WriteString(rawBytes []byte) error { + asElems := Decompose(rawBytes) + for i := range asElems { + b := asElems[i].Bytes() + if _, err := d.Write(b[:]); err != nil { + return err + } + } + return nil +} diff --git a/ecc/bls24-317/fr/mimc/decompose.go b/ecc/bls24-317/fr/mimc/decompose.go index f2a7d8fc6..b027d8bbc 100644 --- a/ecc/bls24-317/fr/mimc/decompose.go +++ b/ecc/bls24-317/fr/mimc/decompose.go @@ -44,13 +44,3 @@ func Decompose(rawBytes []byte) []fr.Element { return res } - -func (d *digest) Decompose(rawBytes []byte) [][]byte { - asElems := Decompose(rawBytes) - res := make([][]byte, len(asElems)) - for i := range res { - b := asElems[i].Bytes() - res[i] = b[:] - } - return res -} diff --git a/ecc/bls24-317/fr/mimc/mimc.go b/ecc/bls24-317/fr/mimc/mimc.go index c950b0575..28f0324bd 100644 --- a/ecc/bls24-317/fr/mimc/mimc.go +++ b/ecc/bls24-317/fr/mimc/mimc.go @@ -184,3 +184,15 @@ func initConstants() { _, _ = hash.Write(rnd) } } + +// WriteString writes a string that doesn't necessarily consist of field elements +func (d *digest) WriteString(rawBytes []byte) error { + asElems := Decompose(rawBytes) + for i := range asElems { + b := asElems[i].Bytes() + if _, err := d.Write(b[:]); err != nil { + return err + } + } + return nil +} diff --git a/ecc/bn254/fr/mimc/decompose.go b/ecc/bn254/fr/mimc/decompose.go index 4c3878adc..e61417b9b 100644 --- a/ecc/bn254/fr/mimc/decompose.go +++ b/ecc/bn254/fr/mimc/decompose.go @@ -44,13 +44,3 @@ func Decompose(rawBytes []byte) []fr.Element { return res } - -func (d *digest) Decompose(rawBytes []byte) [][]byte { - asElems := Decompose(rawBytes) - res := make([][]byte, len(asElems)) - for i := range res { - b := asElems[i].Bytes() - res[i] = b[:] - } - return res -} diff --git a/ecc/bn254/fr/mimc/mimc.go b/ecc/bn254/fr/mimc/mimc.go index 87a9776ee..705ba307b 100644 --- a/ecc/bn254/fr/mimc/mimc.go +++ b/ecc/bn254/fr/mimc/mimc.go @@ -182,3 +182,15 @@ func initConstants() { _, _ = hash.Write(rnd) } } + +// WriteString writes a string that doesn't necessarily consist of field elements +func (d *digest) WriteString(rawBytes []byte) error { + asElems := Decompose(rawBytes) + for i := range asElems { + b := asElems[i].Bytes() + if _, err := d.Write(b[:]); err != nil { + return err + } + } + return nil +} diff --git a/ecc/bw6-633/fr/mimc/decompose.go b/ecc/bw6-633/fr/mimc/decompose.go index a9fd5c34e..0f4cc36c9 100644 --- a/ecc/bw6-633/fr/mimc/decompose.go +++ b/ecc/bw6-633/fr/mimc/decompose.go @@ -44,13 +44,3 @@ func Decompose(rawBytes []byte) []fr.Element { return res } - -func (d *digest) Decompose(rawBytes []byte) [][]byte { - asElems := Decompose(rawBytes) - res := make([][]byte, len(asElems)) - for i := range res { - b := asElems[i].Bytes() - res[i] = b[:] - } - return res -} diff --git a/ecc/bw6-633/fr/mimc/mimc.go b/ecc/bw6-633/fr/mimc/mimc.go index d02685515..28ac30bfe 100644 --- a/ecc/bw6-633/fr/mimc/mimc.go +++ b/ecc/bw6-633/fr/mimc/mimc.go @@ -182,3 +182,15 @@ func initConstants() { _, _ = hash.Write(rnd) } } + +// WriteString writes a string that doesn't necessarily consist of field elements +func (d *digest) WriteString(rawBytes []byte) error { + asElems := Decompose(rawBytes) + for i := range asElems { + b := asElems[i].Bytes() + if _, err := d.Write(b[:]); err != nil { + return err + } + } + return nil +} diff --git a/ecc/bw6-756/fr/mimc/decompose.go b/ecc/bw6-756/fr/mimc/decompose.go index f94688309..c5bb70239 100644 --- a/ecc/bw6-756/fr/mimc/decompose.go +++ b/ecc/bw6-756/fr/mimc/decompose.go @@ -44,13 +44,3 @@ func Decompose(rawBytes []byte) []fr.Element { return res } - -func (d *digest) Decompose(rawBytes []byte) [][]byte { - asElems := Decompose(rawBytes) - res := make([][]byte, len(asElems)) - for i := range res { - b := asElems[i].Bytes() - res[i] = b[:] - } - return res -} diff --git a/ecc/bw6-756/fr/mimc/mimc.go b/ecc/bw6-756/fr/mimc/mimc.go index 9218a8e35..b1d59c106 100644 --- a/ecc/bw6-756/fr/mimc/mimc.go +++ b/ecc/bw6-756/fr/mimc/mimc.go @@ -182,3 +182,15 @@ func initConstants() { _, _ = hash.Write(rnd) } } + +// WriteString writes a string that doesn't necessarily consist of field elements +func (d *digest) WriteString(rawBytes []byte) error { + asElems := Decompose(rawBytes) + for i := range asElems { + b := asElems[i].Bytes() + if _, err := d.Write(b[:]); err != nil { + return err + } + } + return nil +} diff --git a/ecc/bw6-761/fr/mimc/decompose.go b/ecc/bw6-761/fr/mimc/decompose.go index 864a529d8..06761e28f 100644 --- a/ecc/bw6-761/fr/mimc/decompose.go +++ b/ecc/bw6-761/fr/mimc/decompose.go @@ -44,13 +44,3 @@ func Decompose(rawBytes []byte) []fr.Element { return res } - -func (d *digest) Decompose(rawBytes []byte) [][]byte { - asElems := Decompose(rawBytes) - res := make([][]byte, len(asElems)) - for i := range res { - b := asElems[i].Bytes() - res[i] = b[:] - } - return res -} diff --git a/ecc/bw6-761/fr/mimc/mimc.go b/ecc/bw6-761/fr/mimc/mimc.go index 3b69ba02b..fa9329df6 100644 --- a/ecc/bw6-761/fr/mimc/mimc.go +++ b/ecc/bw6-761/fr/mimc/mimc.go @@ -182,3 +182,15 @@ func initConstants() { _, _ = hash.Write(rnd) } } + +// WriteString writes a string that doesn't necessarily consist of field elements +func (d *digest) WriteString(rawBytes []byte) error { + asElems := Decompose(rawBytes) + for i := range asElems { + b := asElems[i].Bytes() + if _, err := d.Write(b[:]); err != nil { + return err + } + } + return nil +} diff --git a/ecc/secp256k1/g1_test.go b/ecc/secp256k1/g1_test.go index 0de1717a8..32e4e7827 100644 --- a/ecc/secp256k1/g1_test.go +++ b/ecc/secp256k1/g1_test.go @@ -350,7 +350,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g1Gen, &scalar) op2.mulWindowed(&g1Gen, &blindedScalar) @@ -373,7 +373,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g1Gen, &scalar) op2.ScalarMultiplication(&g1Gen, &blindedScalar) @@ -389,7 +389,7 @@ func TestG1AffineOps(t *testing.T) { var r big.Int var op1, op2 G1Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g1Gen, &r) op2.mulGLV(&g1Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g1Infinity) diff --git a/fiat-shamir/transcript.go b/fiat-shamir/transcript.go index 7709dd2e8..6c98aeda0 100644 --- a/fiat-shamir/transcript.go +++ b/fiat-shamir/transcript.go @@ -102,8 +102,14 @@ func (t *Transcript) ComputeChallenge(challengeID string) ([]byte, error) { defer t.h.Reset() // write the challenge name, the purpose is to have a domain separator - if err := t.writeString([]byte(challengeID)); err != nil { - return nil, err + if aHash, ok := t.h.(gcHash.ArithmeticHash); ok { + if err := aHash.WriteString([]byte(challengeID)); err != nil { + return nil, err + } + } else { + if _, err := t.h.Write([]byte(challengeID)); err != nil { + return nil, err + } } // write the previous challenge if it's not the first challenge @@ -134,21 +140,3 @@ func (t *Transcript) ComputeChallenge(challengeID string) ([]byte, error) { return res, nil } - -func (t *Transcript) writeString(bytes []byte) error { - - if aHash, ok := t.h.(gcHash.ArithmeticHash); ok { - blocks := aHash.Decompose(bytes) - for _, block := range blocks { - if _, err := t.h.Write(block); err != nil { - return err - } - } - } else { - // no padding needed - _, err := t.h.Write(bytes) - return err - } - - return nil -} diff --git a/hash/hashes.go b/hash/hashes.go index b4f4f1562..0548e1ff9 100644 --- a/hash/hashes.go +++ b/hash/hashes.go @@ -117,5 +117,5 @@ func (m Hash) Size() int { } type ArithmeticHash interface { - Decompose(rawBytes []byte) [][]byte + WriteString(rawBytes []byte) error } diff --git a/internal/generator/crypto/hash/mimc/template/decompose.go.tmpl b/internal/generator/crypto/hash/mimc/template/decompose.go.tmpl index 3e5fee103..b5a061739 100644 --- a/internal/generator/crypto/hash/mimc/template/decompose.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/decompose.go.tmpl @@ -25,14 +25,4 @@ func Decompose(rawBytes []byte) []fr.Element { } return res -} - -func (d *digest) Decompose(rawBytes []byte) [][]byte { - asElems := Decompose(rawBytes) - res := make([][]byte, len(asElems)) - for i := range res { - b := asElems[i].Bytes() - res[i] = b[:] - } - return res -} +} \ No newline at end of file diff --git a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl index 463a6767c..324909c26 100644 --- a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl @@ -206,3 +206,15 @@ func initConstants() { _, _ = hash.Write(rnd) } } + +// WriteString writes a string that doesn't necessarily consist of field elements +func (d *digest) WriteString(rawBytes []byte) error { + asElems := Decompose(rawBytes) + for i := range asElems { + b := asElems[i].Bytes() + if _, err := d.Write(b[:]); err != nil { + return err + } + } + return nil +} From eaa4a169b79d9c5f3c444fe6517f64a4672552f2 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Mon, 16 Jan 2023 16:28:42 -0500 Subject: [PATCH 06/30] fix: eddsa to use WriteString --- ecc/bls12-377/twistededwards/eddsa/eddsa.go | 25 +++++++++++++++---- ecc/bls12-378/twistededwards/eddsa/eddsa.go | 25 +++++++++++++++---- ecc/bls12-381/bandersnatch/eddsa/eddsa.go | 25 +++++++++++++++---- ecc/bls12-381/twistededwards/eddsa/eddsa.go | 25 +++++++++++++++---- ecc/bls24-315/twistededwards/eddsa/eddsa.go | 25 +++++++++++++++---- ecc/bls24-317/twistededwards/eddsa/eddsa.go | 25 +++++++++++++++---- ecc/bn254/twistededwards/eddsa/eddsa.go | 25 +++++++++++++++---- ecc/bw6-633/twistededwards/eddsa/eddsa.go | 25 +++++++++++++++---- ecc/bw6-756/twistededwards/eddsa/eddsa.go | 25 +++++++++++++++---- ecc/bw6-761/twistededwards/eddsa/eddsa.go | 25 +++++++++++++++---- .../edwards/eddsa/template/eddsa.go.tmpl | 25 +++++++++++++++---- 11 files changed, 220 insertions(+), 55 deletions(-) diff --git a/ecc/bls12-377/twistededwards/eddsa/eddsa.go b/ecc/bls12-377/twistededwards/eddsa/eddsa.go index 82c7839eb..d0f4c69f8 100644 --- a/ecc/bls12-377/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-377/twistededwards/eddsa/eddsa.go @@ -155,9 +155,16 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[3*sizeFr:], resAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - _, err := hFunc.Write(dataToHash[:]) - if err != nil { - return nil, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return nil, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return nil, err + } } var hramInt big.Int @@ -210,8 +217,16 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[3*sizeFr:], sigAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - if _, err := hFunc.Write(dataToHash[:]); err != nil { - return false, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return false, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return false, err + } } var hramInt big.Int diff --git a/ecc/bls12-378/twistededwards/eddsa/eddsa.go b/ecc/bls12-378/twistededwards/eddsa/eddsa.go index 8e12207ba..bf0a4ec5c 100644 --- a/ecc/bls12-378/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-378/twistededwards/eddsa/eddsa.go @@ -155,9 +155,16 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[3*sizeFr:], resAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - _, err := hFunc.Write(dataToHash[:]) - if err != nil { - return nil, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return nil, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return nil, err + } } var hramInt big.Int @@ -210,8 +217,16 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[3*sizeFr:], sigAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - if _, err := hFunc.Write(dataToHash[:]); err != nil { - return false, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return false, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return false, err + } } var hramInt big.Int diff --git a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go index c9e883d76..2987448bd 100644 --- a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go +++ b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go @@ -155,9 +155,16 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[3*sizeFr:], resAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - _, err := hFunc.Write(dataToHash[:]) - if err != nil { - return nil, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return nil, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return nil, err + } } var hramInt big.Int @@ -210,8 +217,16 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[3*sizeFr:], sigAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - if _, err := hFunc.Write(dataToHash[:]); err != nil { - return false, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return false, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return false, err + } } var hramInt big.Int diff --git a/ecc/bls12-381/twistededwards/eddsa/eddsa.go b/ecc/bls12-381/twistededwards/eddsa/eddsa.go index c9e883d76..2987448bd 100644 --- a/ecc/bls12-381/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-381/twistededwards/eddsa/eddsa.go @@ -155,9 +155,16 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[3*sizeFr:], resAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - _, err := hFunc.Write(dataToHash[:]) - if err != nil { - return nil, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return nil, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return nil, err + } } var hramInt big.Int @@ -210,8 +217,16 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[3*sizeFr:], sigAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - if _, err := hFunc.Write(dataToHash[:]); err != nil { - return false, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return false, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return false, err + } } var hramInt big.Int diff --git a/ecc/bls24-315/twistededwards/eddsa/eddsa.go b/ecc/bls24-315/twistededwards/eddsa/eddsa.go index 144e3e38b..00c11c171 100644 --- a/ecc/bls24-315/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-315/twistededwards/eddsa/eddsa.go @@ -155,9 +155,16 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[3*sizeFr:], resAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - _, err := hFunc.Write(dataToHash[:]) - if err != nil { - return nil, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return nil, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return nil, err + } } var hramInt big.Int @@ -210,8 +217,16 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[3*sizeFr:], sigAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - if _, err := hFunc.Write(dataToHash[:]); err != nil { - return false, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return false, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return false, err + } } var hramInt big.Int diff --git a/ecc/bls24-317/twistededwards/eddsa/eddsa.go b/ecc/bls24-317/twistededwards/eddsa/eddsa.go index 4bf98697e..0dd99c274 100644 --- a/ecc/bls24-317/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-317/twistededwards/eddsa/eddsa.go @@ -155,9 +155,16 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[3*sizeFr:], resAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - _, err := hFunc.Write(dataToHash[:]) - if err != nil { - return nil, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return nil, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return nil, err + } } var hramInt big.Int @@ -210,8 +217,16 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[3*sizeFr:], sigAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - if _, err := hFunc.Write(dataToHash[:]); err != nil { - return false, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return false, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return false, err + } } var hramInt big.Int diff --git a/ecc/bn254/twistededwards/eddsa/eddsa.go b/ecc/bn254/twistededwards/eddsa/eddsa.go index a25f74e15..1df97e083 100644 --- a/ecc/bn254/twistededwards/eddsa/eddsa.go +++ b/ecc/bn254/twistededwards/eddsa/eddsa.go @@ -155,9 +155,16 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[3*sizeFr:], resAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - _, err := hFunc.Write(dataToHash[:]) - if err != nil { - return nil, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return nil, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return nil, err + } } var hramInt big.Int @@ -210,8 +217,16 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[3*sizeFr:], sigAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - if _, err := hFunc.Write(dataToHash[:]); err != nil { - return false, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return false, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return false, err + } } var hramInt big.Int diff --git a/ecc/bw6-633/twistededwards/eddsa/eddsa.go b/ecc/bw6-633/twistededwards/eddsa/eddsa.go index 1767ebb29..67df508f8 100644 --- a/ecc/bw6-633/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-633/twistededwards/eddsa/eddsa.go @@ -164,9 +164,16 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[3*sizeFr:], resAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - _, err := hFunc.Write(dataToHash[:]) - if err != nil { - return nil, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return nil, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return nil, err + } } var hramInt big.Int @@ -219,8 +226,16 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[3*sizeFr:], sigAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - if _, err := hFunc.Write(dataToHash[:]); err != nil { - return false, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return false, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return false, err + } } var hramInt big.Int diff --git a/ecc/bw6-756/twistededwards/eddsa/eddsa.go b/ecc/bw6-756/twistededwards/eddsa/eddsa.go index c09978073..b439c54bb 100644 --- a/ecc/bw6-756/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-756/twistededwards/eddsa/eddsa.go @@ -164,9 +164,16 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[3*sizeFr:], resAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - _, err := hFunc.Write(dataToHash[:]) - if err != nil { - return nil, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return nil, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return nil, err + } } var hramInt big.Int @@ -219,8 +226,16 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[3*sizeFr:], sigAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - if _, err := hFunc.Write(dataToHash[:]); err != nil { - return false, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return false, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return false, err + } } var hramInt big.Int diff --git a/ecc/bw6-761/twistededwards/eddsa/eddsa.go b/ecc/bw6-761/twistededwards/eddsa/eddsa.go index cf0574e10..381853f8f 100644 --- a/ecc/bw6-761/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-761/twistededwards/eddsa/eddsa.go @@ -164,9 +164,16 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[3*sizeFr:], resAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - _, err := hFunc.Write(dataToHash[:]) - if err != nil { - return nil, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return nil, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return nil, err + } } var hramInt big.Int @@ -219,8 +226,16 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[3*sizeFr:], sigAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - if _, err := hFunc.Write(dataToHash[:]); err != nil { - return false, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return false, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return false, err + } } var hramInt big.Int diff --git a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl index 61708430f..7b8c6af4a 100644 --- a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl +++ b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl @@ -172,9 +172,16 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[3*sizeFr:], resAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - _, err := hFunc.Write(dataToHash[:]) - if err != nil { - return nil, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return nil, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return nil, err + } } var hramInt big.Int @@ -227,8 +234,16 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[3*sizeFr:], sigAY[:]) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() - if _, err := hFunc.Write(dataToHash[:]); err != nil { - return false, err + if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + _, err := arithHFunc.WriteString(dataToHash[:]) + if err != nil { + return false, err + } + } else { + _, err := hFunc.Write(dataToHash[:]) + if err != nil { + return false, err + } } var hramInt big.Int From 7140b8fa41e690ddfbbc3d855290f9f565610e81 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Mon, 16 Jan 2023 16:34:59 -0500 Subject: [PATCH 07/30] fix: minor error --- ecc/bls12-377/twistededwards/eddsa/eddsa.go | 7 ++++--- ecc/bls12-378/twistededwards/eddsa/eddsa.go | 7 ++++--- ecc/bls12-381/bandersnatch/eddsa/eddsa.go | 7 ++++--- ecc/bls12-381/twistededwards/eddsa/eddsa.go | 7 ++++--- ecc/bls24-315/twistededwards/eddsa/eddsa.go | 7 ++++--- ecc/bls24-317/twistededwards/eddsa/eddsa.go | 7 ++++--- ecc/bn254/twistededwards/eddsa/eddsa.go | 7 ++++--- ecc/bw6-633/twistededwards/eddsa/eddsa.go | 7 ++++--- ecc/bw6-756/twistededwards/eddsa/eddsa.go | 7 ++++--- ecc/bw6-761/twistededwards/eddsa/eddsa.go | 7 ++++--- internal/generator/edwards/eddsa/template/eddsa.go.tmpl | 7 ++++--- 11 files changed, 44 insertions(+), 33 deletions(-) diff --git a/ecc/bls12-377/twistededwards/eddsa/eddsa.go b/ecc/bls12-377/twistededwards/eddsa/eddsa.go index d0f4c69f8..6cb7396f5 100644 --- a/ecc/bls12-377/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-377/twistededwards/eddsa/eddsa.go @@ -25,6 +25,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" "github.com/consensys/gnark-crypto/ecc/bls12-377/twistededwards" + gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -156,7 +157,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err } @@ -218,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err } @@ -236,7 +237,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err // lhs = cofactor*S*Base var lhs twistededwards.PointAffine var bCofactor, bs big.Int - curveParams.Cofactor.ToBigIntRegular(&bCofactor) + curveParams.Cofactor.BigInt(&bCofactor) bs.SetBytes(sig.S[:]) lhs.ScalarMultiplication(&curveParams.Base, &bs). ScalarMultiplication(&lhs, &bCofactor) diff --git a/ecc/bls12-378/twistededwards/eddsa/eddsa.go b/ecc/bls12-378/twistededwards/eddsa/eddsa.go index bf0a4ec5c..6b30ff7e8 100644 --- a/ecc/bls12-378/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-378/twistededwards/eddsa/eddsa.go @@ -25,6 +25,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" "github.com/consensys/gnark-crypto/ecc/bls12-378/twistededwards" + gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -156,7 +157,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err } @@ -218,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err } @@ -236,7 +237,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err // lhs = cofactor*S*Base var lhs twistededwards.PointAffine var bCofactor, bs big.Int - curveParams.Cofactor.ToBigIntRegular(&bCofactor) + curveParams.Cofactor.BigInt(&bCofactor) bs.SetBytes(sig.S[:]) lhs.ScalarMultiplication(&curveParams.Base, &bs). ScalarMultiplication(&lhs, &bCofactor) diff --git a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go index 2987448bd..606a46ff8 100644 --- a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go +++ b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go @@ -25,6 +25,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" "github.com/consensys/gnark-crypto/ecc/bls12-381/twistededwards" + gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -156,7 +157,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err } @@ -218,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err } @@ -236,7 +237,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err // lhs = cofactor*S*Base var lhs twistededwards.PointAffine var bCofactor, bs big.Int - curveParams.Cofactor.ToBigIntRegular(&bCofactor) + curveParams.Cofactor.BigInt(&bCofactor) bs.SetBytes(sig.S[:]) lhs.ScalarMultiplication(&curveParams.Base, &bs). ScalarMultiplication(&lhs, &bCofactor) diff --git a/ecc/bls12-381/twistededwards/eddsa/eddsa.go b/ecc/bls12-381/twistededwards/eddsa/eddsa.go index 2987448bd..606a46ff8 100644 --- a/ecc/bls12-381/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-381/twistededwards/eddsa/eddsa.go @@ -25,6 +25,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" "github.com/consensys/gnark-crypto/ecc/bls12-381/twistededwards" + gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -156,7 +157,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err } @@ -218,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err } @@ -236,7 +237,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err // lhs = cofactor*S*Base var lhs twistededwards.PointAffine var bCofactor, bs big.Int - curveParams.Cofactor.ToBigIntRegular(&bCofactor) + curveParams.Cofactor.BigInt(&bCofactor) bs.SetBytes(sig.S[:]) lhs.ScalarMultiplication(&curveParams.Base, &bs). ScalarMultiplication(&lhs, &bCofactor) diff --git a/ecc/bls24-315/twistededwards/eddsa/eddsa.go b/ecc/bls24-315/twistededwards/eddsa/eddsa.go index 00c11c171..ea48d6107 100644 --- a/ecc/bls24-315/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-315/twistededwards/eddsa/eddsa.go @@ -25,6 +25,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" "github.com/consensys/gnark-crypto/ecc/bls24-315/twistededwards" + gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -156,7 +157,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err } @@ -218,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err } @@ -236,7 +237,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err // lhs = cofactor*S*Base var lhs twistededwards.PointAffine var bCofactor, bs big.Int - curveParams.Cofactor.ToBigIntRegular(&bCofactor) + curveParams.Cofactor.BigInt(&bCofactor) bs.SetBytes(sig.S[:]) lhs.ScalarMultiplication(&curveParams.Base, &bs). ScalarMultiplication(&lhs, &bCofactor) diff --git a/ecc/bls24-317/twistededwards/eddsa/eddsa.go b/ecc/bls24-317/twistededwards/eddsa/eddsa.go index 0dd99c274..180e27d62 100644 --- a/ecc/bls24-317/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-317/twistededwards/eddsa/eddsa.go @@ -25,6 +25,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" "github.com/consensys/gnark-crypto/ecc/bls24-317/twistededwards" + gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -156,7 +157,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err } @@ -218,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err } @@ -236,7 +237,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err // lhs = cofactor*S*Base var lhs twistededwards.PointAffine var bCofactor, bs big.Int - curveParams.Cofactor.ToBigIntRegular(&bCofactor) + curveParams.Cofactor.BigInt(&bCofactor) bs.SetBytes(sig.S[:]) lhs.ScalarMultiplication(&curveParams.Base, &bs). ScalarMultiplication(&lhs, &bCofactor) diff --git a/ecc/bn254/twistededwards/eddsa/eddsa.go b/ecc/bn254/twistededwards/eddsa/eddsa.go index 1df97e083..e49059599 100644 --- a/ecc/bn254/twistededwards/eddsa/eddsa.go +++ b/ecc/bn254/twistededwards/eddsa/eddsa.go @@ -25,6 +25,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bn254/fr" "github.com/consensys/gnark-crypto/ecc/bn254/twistededwards" + gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -156,7 +157,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err } @@ -218,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err } @@ -236,7 +237,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err // lhs = cofactor*S*Base var lhs twistededwards.PointAffine var bCofactor, bs big.Int - curveParams.Cofactor.ToBigIntRegular(&bCofactor) + curveParams.Cofactor.BigInt(&bCofactor) bs.SetBytes(sig.S[:]) lhs.ScalarMultiplication(&curveParams.Base, &bs). ScalarMultiplication(&lhs, &bCofactor) diff --git a/ecc/bw6-633/twistededwards/eddsa/eddsa.go b/ecc/bw6-633/twistededwards/eddsa/eddsa.go index 67df508f8..1c151e2fc 100644 --- a/ecc/bw6-633/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-633/twistededwards/eddsa/eddsa.go @@ -25,6 +25,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" "github.com/consensys/gnark-crypto/ecc/bw6-633/twistededwards" + gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -165,7 +166,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err } @@ -227,7 +228,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err } @@ -245,7 +246,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err // lhs = cofactor*S*Base var lhs twistededwards.PointAffine var bCofactor, bs big.Int - curveParams.Cofactor.ToBigIntRegular(&bCofactor) + curveParams.Cofactor.BigInt(&bCofactor) bs.SetBytes(sig.S[:]) lhs.ScalarMultiplication(&curveParams.Base, &bs). ScalarMultiplication(&lhs, &bCofactor) diff --git a/ecc/bw6-756/twistededwards/eddsa/eddsa.go b/ecc/bw6-756/twistededwards/eddsa/eddsa.go index b439c54bb..fe110c88b 100644 --- a/ecc/bw6-756/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-756/twistededwards/eddsa/eddsa.go @@ -25,6 +25,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" "github.com/consensys/gnark-crypto/ecc/bw6-756/twistededwards" + gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -165,7 +166,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err } @@ -227,7 +228,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err } @@ -245,7 +246,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err // lhs = cofactor*S*Base var lhs twistededwards.PointAffine var bCofactor, bs big.Int - curveParams.Cofactor.ToBigIntRegular(&bCofactor) + curveParams.Cofactor.BigInt(&bCofactor) bs.SetBytes(sig.S[:]) lhs.ScalarMultiplication(&curveParams.Base, &bs). ScalarMultiplication(&lhs, &bCofactor) diff --git a/ecc/bw6-761/twistededwards/eddsa/eddsa.go b/ecc/bw6-761/twistededwards/eddsa/eddsa.go index 381853f8f..f2612ac10 100644 --- a/ecc/bw6-761/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-761/twistededwards/eddsa/eddsa.go @@ -25,6 +25,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" "github.com/consensys/gnark-crypto/ecc/bw6-761/twistededwards" + gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -165,7 +166,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err } @@ -227,7 +228,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err } @@ -245,7 +246,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err // lhs = cofactor*S*Base var lhs twistededwards.PointAffine var bCofactor, bs big.Int - curveParams.Cofactor.ToBigIntRegular(&bCofactor) + curveParams.Cofactor.BigInt(&bCofactor) bs.SetBytes(sig.S[:]) lhs.ScalarMultiplication(&curveParams.Base, &bs). ScalarMultiplication(&lhs, &bCofactor) diff --git a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl index 7b8c6af4a..0c433e4e6 100644 --- a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl +++ b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl @@ -8,6 +8,7 @@ import ( "github.com/consensys/gnark-crypto/signature" "github.com/consensys/gnark-crypto/ecc/{{.Name}}/twistededwards" "github.com/consensys/gnark-crypto/ecc/{{.Name}}/fr" + gcHash "github.com/consensys/gnark-crypto/hash" "golang.org/x/crypto/blake2b" ) @@ -173,7 +174,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err } @@ -235,7 +236,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { - _, err := arithHFunc.WriteString(dataToHash[:]) + err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err } @@ -253,7 +254,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err // lhs = cofactor*S*Base var lhs twistededwards.PointAffine var bCofactor, bs big.Int - curveParams.Cofactor.ToBigIntRegular(&bCofactor) + curveParams.Cofactor.BigInt(&bCofactor) bs.SetBytes(sig.S[:]) lhs.ScalarMultiplication(&curveParams.Base, &bs). ScalarMultiplication(&lhs, &bCofactor) From 06d1651880f60a373e483e62aa27e73a3a025cae Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Mon, 16 Jan 2023 17:00:07 -0500 Subject: [PATCH 08/30] fix: eddsa: separate field element and non-field-element hash inputs --- ecc/bls12-377/twistededwards/eddsa/eddsa.go | 12 ++++++++---- ecc/bls12-378/twistededwards/eddsa/eddsa.go | 12 ++++++++---- ecc/bls12-381/bandersnatch/eddsa/eddsa.go | 12 ++++++++---- ecc/bls12-381/twistededwards/eddsa/eddsa.go | 12 ++++++++---- ecc/bls24-315/twistededwards/eddsa/eddsa.go | 12 ++++++++---- ecc/bls24-317/twistededwards/eddsa/eddsa.go | 12 ++++++++---- ecc/bn254/twistededwards/eddsa/eddsa.go | 12 ++++++++---- ecc/bw6-633/twistededwards/eddsa/eddsa.go | 12 ++++++++---- ecc/bw6-756/twistededwards/eddsa/eddsa.go | 12 ++++++++---- ecc/bw6-761/twistededwards/eddsa/eddsa.go | 12 ++++++++---- .../generator/edwards/eddsa/template/eddsa.go.tmpl | 12 ++++++++---- 11 files changed, 88 insertions(+), 44 deletions(-) diff --git a/ecc/bls12-377/twistededwards/eddsa/eddsa.go b/ecc/bls12-377/twistededwards/eddsa/eddsa.go index 6cb7396f5..a23408d6b 100644 --- a/ecc/bls12-377/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-377/twistededwards/eddsa/eddsa.go @@ -148,13 +148,12 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) resRY := res.R.Y.Bytes() resAX := privKey.PublicKey.A.X.Bytes() resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], resRX[:]) copy(dataToHash[sizeFr:], resRY[:]) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -167,6 +166,9 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return nil, err } } + if _, err := hFunc.Write(message); err != nil { + return nil, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -210,13 +212,12 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err sigRY := sig.R.Y.Bytes() sigAX := pub.A.X.Bytes() sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], sigRX[:]) copy(dataToHash[sizeFr:], sigRY[:]) copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -229,6 +230,9 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err return false, err } } + if _, err := hFunc.Write(message); err != nil { + return false, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bls12-378/twistededwards/eddsa/eddsa.go b/ecc/bls12-378/twistededwards/eddsa/eddsa.go index 6b30ff7e8..ebaffcf31 100644 --- a/ecc/bls12-378/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-378/twistededwards/eddsa/eddsa.go @@ -148,13 +148,12 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) resRY := res.R.Y.Bytes() resAX := privKey.PublicKey.A.X.Bytes() resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], resRX[:]) copy(dataToHash[sizeFr:], resRY[:]) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -167,6 +166,9 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return nil, err } } + if _, err := hFunc.Write(message); err != nil { + return nil, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -210,13 +212,12 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err sigRY := sig.R.Y.Bytes() sigAX := pub.A.X.Bytes() sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], sigRX[:]) copy(dataToHash[sizeFr:], sigRY[:]) copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -229,6 +230,9 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err return false, err } } + if _, err := hFunc.Write(message); err != nil { + return false, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go index 606a46ff8..90fc695be 100644 --- a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go +++ b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go @@ -148,13 +148,12 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) resRY := res.R.Y.Bytes() resAX := privKey.PublicKey.A.X.Bytes() resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], resRX[:]) copy(dataToHash[sizeFr:], resRY[:]) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -167,6 +166,9 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return nil, err } } + if _, err := hFunc.Write(message); err != nil { + return nil, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -210,13 +212,12 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err sigRY := sig.R.Y.Bytes() sigAX := pub.A.X.Bytes() sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], sigRX[:]) copy(dataToHash[sizeFr:], sigRY[:]) copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -229,6 +230,9 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err return false, err } } + if _, err := hFunc.Write(message); err != nil { + return false, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bls12-381/twistededwards/eddsa/eddsa.go b/ecc/bls12-381/twistededwards/eddsa/eddsa.go index 606a46ff8..90fc695be 100644 --- a/ecc/bls12-381/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-381/twistededwards/eddsa/eddsa.go @@ -148,13 +148,12 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) resRY := res.R.Y.Bytes() resAX := privKey.PublicKey.A.X.Bytes() resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], resRX[:]) copy(dataToHash[sizeFr:], resRY[:]) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -167,6 +166,9 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return nil, err } } + if _, err := hFunc.Write(message); err != nil { + return nil, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -210,13 +212,12 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err sigRY := sig.R.Y.Bytes() sigAX := pub.A.X.Bytes() sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], sigRX[:]) copy(dataToHash[sizeFr:], sigRY[:]) copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -229,6 +230,9 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err return false, err } } + if _, err := hFunc.Write(message); err != nil { + return false, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bls24-315/twistededwards/eddsa/eddsa.go b/ecc/bls24-315/twistededwards/eddsa/eddsa.go index ea48d6107..22406644f 100644 --- a/ecc/bls24-315/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-315/twistededwards/eddsa/eddsa.go @@ -148,13 +148,12 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) resRY := res.R.Y.Bytes() resAX := privKey.PublicKey.A.X.Bytes() resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], resRX[:]) copy(dataToHash[sizeFr:], resRY[:]) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -167,6 +166,9 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return nil, err } } + if _, err := hFunc.Write(message); err != nil { + return nil, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -210,13 +212,12 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err sigRY := sig.R.Y.Bytes() sigAX := pub.A.X.Bytes() sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], sigRX[:]) copy(dataToHash[sizeFr:], sigRY[:]) copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -229,6 +230,9 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err return false, err } } + if _, err := hFunc.Write(message); err != nil { + return false, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bls24-317/twistededwards/eddsa/eddsa.go b/ecc/bls24-317/twistededwards/eddsa/eddsa.go index 180e27d62..f72b46698 100644 --- a/ecc/bls24-317/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-317/twistededwards/eddsa/eddsa.go @@ -148,13 +148,12 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) resRY := res.R.Y.Bytes() resAX := privKey.PublicKey.A.X.Bytes() resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], resRX[:]) copy(dataToHash[sizeFr:], resRY[:]) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -167,6 +166,9 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return nil, err } } + if _, err := hFunc.Write(message); err != nil { + return nil, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -210,13 +212,12 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err sigRY := sig.R.Y.Bytes() sigAX := pub.A.X.Bytes() sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], sigRX[:]) copy(dataToHash[sizeFr:], sigRY[:]) copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -229,6 +230,9 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err return false, err } } + if _, err := hFunc.Write(message); err != nil { + return false, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bn254/twistededwards/eddsa/eddsa.go b/ecc/bn254/twistededwards/eddsa/eddsa.go index e49059599..81106d927 100644 --- a/ecc/bn254/twistededwards/eddsa/eddsa.go +++ b/ecc/bn254/twistededwards/eddsa/eddsa.go @@ -148,13 +148,12 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) resRY := res.R.Y.Bytes() resAX := privKey.PublicKey.A.X.Bytes() resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], resRX[:]) copy(dataToHash[sizeFr:], resRY[:]) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -167,6 +166,9 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return nil, err } } + if _, err := hFunc.Write(message); err != nil { + return nil, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -210,13 +212,12 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err sigRY := sig.R.Y.Bytes() sigAX := pub.A.X.Bytes() sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], sigRX[:]) copy(dataToHash[sizeFr:], sigRY[:]) copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -229,6 +230,9 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err return false, err } } + if _, err := hFunc.Write(message); err != nil { + return false, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bw6-633/twistededwards/eddsa/eddsa.go b/ecc/bw6-633/twistededwards/eddsa/eddsa.go index 1c151e2fc..5f43e94b2 100644 --- a/ecc/bw6-633/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-633/twistededwards/eddsa/eddsa.go @@ -157,13 +157,12 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) resRY := res.R.Y.Bytes() resAX := privKey.PublicKey.A.X.Bytes() resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], resRX[:]) copy(dataToHash[sizeFr:], resRY[:]) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -176,6 +175,9 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return nil, err } } + if _, err := hFunc.Write(message); err != nil { + return nil, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -219,13 +221,12 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err sigRY := sig.R.Y.Bytes() sigAX := pub.A.X.Bytes() sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], sigRX[:]) copy(dataToHash[sizeFr:], sigRY[:]) copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -238,6 +239,9 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err return false, err } } + if _, err := hFunc.Write(message); err != nil { + return false, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bw6-756/twistededwards/eddsa/eddsa.go b/ecc/bw6-756/twistededwards/eddsa/eddsa.go index fe110c88b..ff555c978 100644 --- a/ecc/bw6-756/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-756/twistededwards/eddsa/eddsa.go @@ -157,13 +157,12 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) resRY := res.R.Y.Bytes() resAX := privKey.PublicKey.A.X.Bytes() resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], resRX[:]) copy(dataToHash[sizeFr:], resRY[:]) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -176,6 +175,9 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return nil, err } } + if _, err := hFunc.Write(message); err != nil { + return nil, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -219,13 +221,12 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err sigRY := sig.R.Y.Bytes() sigAX := pub.A.X.Bytes() sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], sigRX[:]) copy(dataToHash[sizeFr:], sigRY[:]) copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -238,6 +239,9 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err return false, err } } + if _, err := hFunc.Write(message); err != nil { + return false, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bw6-761/twistededwards/eddsa/eddsa.go b/ecc/bw6-761/twistededwards/eddsa/eddsa.go index f2612ac10..aff80e74a 100644 --- a/ecc/bw6-761/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-761/twistededwards/eddsa/eddsa.go @@ -157,13 +157,12 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) resRY := res.R.Y.Bytes() resAX := privKey.PublicKey.A.X.Bytes() resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], resRX[:]) copy(dataToHash[sizeFr:], resRY[:]) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -176,6 +175,9 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return nil, err } } + if _, err := hFunc.Write(message); err != nil { + return nil, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -219,13 +221,12 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err sigRY := sig.R.Y.Bytes() sigAX := pub.A.X.Bytes() sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4 * sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], sigRX[:]) copy(dataToHash[sizeFr:], sigRY[:]) copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -238,6 +239,9 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err return false, err } } + if _, err := hFunc.Write(message); err != nil { + return false, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl index 0c433e4e6..803071587 100644 --- a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl +++ b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl @@ -165,13 +165,12 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) resRY := res.R.Y.Bytes() resAX := privKey.PublicKey.A.X.Bytes() resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4*sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], resRX[:]) copy(dataToHash[sizeFr:], resRY[:]) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -184,6 +183,9 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return nil, err } } + if _, err := hFunc.Write(message); err != nil { + return nil, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -227,13 +229,12 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err sigRY := sig.R.Y.Bytes() sigAX := pub.A.X.Bytes() sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4*sizeFr + len(message) + sizeDataToHash := 4*sizeFr dataToHash := make([]byte, sizeDataToHash) copy(dataToHash[:], sigRX[:]) copy(dataToHash[sizeFr:], sigRY[:]) copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) - copy(dataToHash[4*sizeFr:], message) hFunc.Reset() if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { err := arithHFunc.WriteString(dataToHash[:]) @@ -246,6 +247,9 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err return false, err } } + if _, err := hFunc.Write(message); err != nil { + return false, err + } var hramInt big.Int hramBin := hFunc.Sum(nil) From 71ad8f3fa0f803edb1aea972a64ba5fd31f9ae5a Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 26 Jan 2023 12:30:53 -0500 Subject: [PATCH 09/30] feat: hash.ToField compatible with hash.Hash --- ecc/bls12-377/twistededwards/eddsa/eddsa.go | 4 +- ecc/bls12-378/twistededwards/eddsa/eddsa.go | 4 +- ecc/bls12-381/bandersnatch/eddsa/eddsa.go | 4 +- ecc/bls12-381/twistededwards/eddsa/eddsa.go | 4 +- ecc/bls24-315/twistededwards/eddsa/eddsa.go | 4 +- ecc/bls24-317/twistededwards/eddsa/eddsa.go | 4 +- ecc/bn254/fr/mimc/decompose.go | 46 ----------------- ecc/bn254/fr/mimc/decompose_test.go | 53 ------------------- ecc/bn254/fr/mimc/mimc.go | 57 +++++++-------------- ecc/bn254/twistededwards/eddsa/eddsa.go | 4 +- ecc/bw6-633/twistededwards/eddsa/eddsa.go | 4 +- ecc/bw6-756/twistededwards/eddsa/eddsa.go | 4 +- ecc/bw6-761/twistededwards/eddsa/eddsa.go | 4 +- fiat-shamir/transcript.go | 6 +-- hash/hashes.go | 4 -- hash/to_field.go | 5 ++ 16 files changed, 46 insertions(+), 165 deletions(-) delete mode 100644 ecc/bn254/fr/mimc/decompose.go delete mode 100644 ecc/bn254/fr/mimc/decompose_test.go create mode 100644 hash/to_field.go diff --git a/ecc/bls12-377/twistededwards/eddsa/eddsa.go b/ecc/bls12-377/twistededwards/eddsa/eddsa.go index a23408d6b..b4606b904 100644 --- a/ecc/bls12-377/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-377/twistededwards/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bls12-378/twistededwards/eddsa/eddsa.go b/ecc/bls12-378/twistededwards/eddsa/eddsa.go index ebaffcf31..bd86836db 100644 --- a/ecc/bls12-378/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-378/twistededwards/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go index 90fc695be..48c0056a5 100644 --- a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go +++ b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bls12-381/twistededwards/eddsa/eddsa.go b/ecc/bls12-381/twistededwards/eddsa/eddsa.go index 90fc695be..48c0056a5 100644 --- a/ecc/bls12-381/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-381/twistededwards/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bls24-315/twistededwards/eddsa/eddsa.go b/ecc/bls24-315/twistededwards/eddsa/eddsa.go index 22406644f..bfa677d85 100644 --- a/ecc/bls24-315/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-315/twistededwards/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bls24-317/twistededwards/eddsa/eddsa.go b/ecc/bls24-317/twistededwards/eddsa/eddsa.go index f72b46698..f2f8858a1 100644 --- a/ecc/bls24-317/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-317/twistededwards/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bn254/fr/mimc/decompose.go b/ecc/bn254/fr/mimc/decompose.go deleted file mode 100644 index e61417b9b..000000000 --- a/ecc/bn254/fr/mimc/decompose.go +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - - "github.com/consensys/gnark-crypto/ecc/bn254/fr" -) - -// Decompose interpret rawBytes as a bigInt x in big endian, -// and returns the digits of x (from LSB to MSB) when x is written -// in basis modulo. -func Decompose(rawBytes []byte) []fr.Element { - - rawBigInt := big.NewInt(0).SetBytes(rawBytes) - modulo := fr.Modulus() - - // maximum number of chunks that a function - maxNbChunks := len(rawBytes) / fr.Bytes - - res := make([]fr.Element, 0, maxNbChunks) - var tmp fr.Element - t := new(big.Int) - for rawBigInt.Sign() != 0 { - rawBigInt.DivMod(rawBigInt, modulo, t) - tmp.SetBigInt(t) - res = append(res, tmp) - } - - return res -} diff --git a/ecc/bn254/fr/mimc/decompose_test.go b/ecc/bn254/fr/mimc/decompose_test.go deleted file mode 100644 index 3597da7a3..000000000 --- a/ecc/bn254/fr/mimc/decompose_test.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - "testing" - - "github.com/consensys/gnark-crypto/ecc/bn254/fr" -) - -func TestDecompose(t *testing.T) { - - // create 10 random digits in basis r - nbDigits := 10 - a := make([]fr.Element, nbDigits) - for i := 0; i < nbDigits; i++ { - a[i].SetRandom() - } - - // create a big int whose digits in basis r are a - m := fr.Modulus() - var b, tmp big.Int - for i := nbDigits - 1; i >= 0; i-- { - b.Mul(&b, m) - a[i].ToBigIntRegular(&tmp) - b.Add(&b, &tmp) - } - - // query the decomposition and compare to a - bb := b.Bytes() - d := Decompose(bb) - for i := 0; i < nbDigits; i++ { - if !d[i].Equal(&a[i]) { - t.Fatal("error decomposition") - } - } - -} diff --git a/ecc/bn254/fr/mimc/mimc.go b/ecc/bn254/fr/mimc/mimc.go index 705ba307b..fdbdf7dab 100644 --- a/ecc/bn254/fr/mimc/mimc.go +++ b/ecc/bn254/fr/mimc/mimc.go @@ -17,7 +17,6 @@ package mimc import ( - "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bn254/fr" @@ -42,7 +41,7 @@ var ( // along with the params of the mimc function type digest struct { h fr.Element - data []byte // data to hash + data []fr.Element // data to hash } // GetConstants exposed to be used in gnark @@ -92,29 +91,14 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// -// Each []byte block of size BlockSize represents a big endian fr.Element. -// -// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer -// larger than fr.Modulus, this function returns an error. -// -// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose -// function in this package. -func (d *digest) Write(p []byte) (n int, err error) { - n = len(p) - if n%BlockSize != 0 { - return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") +// p represents a big endian fr.Element. For non-field-elements strings use WriteString +func (d *digest) Write(p []byte) (int, error) { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err } - - // ensure each block represents a field element in canonical reduced form - for i := 0; i < n; i += BlockSize { - if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { - return 0, err - } - } - - d.data = append(d.data, p...) - return } // Hash hash using Miyaguchi-Preneel: @@ -124,14 +108,14 @@ func (d *digest) checksum() fr.Element { // Write guarantees len(data) % BlockSize == 0 // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? - if len(d.data) == 0 { + // TODO: @Tabaie, @Thomas Piellard Now sure what to make of this + /*if len(d.data) == 0 { d.data = make([]byte, BlockSize) - } + }*/ - for i := 0; i < len(d.data); i += BlockSize { - x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) - r := d.encrypt(x) - d.h.Add(&r, &d.h).Add(&d.h, &x) + for i := range d.data { + r := d.encrypt(d.data[i]) + d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } return d.h @@ -184,13 +168,10 @@ func initConstants() { } // WriteString writes a string that doesn't necessarily consist of field elements -func (d *digest) WriteString(rawBytes []byte) error { - asElems := Decompose(rawBytes) - for i := range asElems { - b := asElems[i].Bytes() - if _, err := d.Write(b[:]); err != nil { - return err - } +func (d *digest) WriteString(rawBytes []byte) { + if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + panic(err) + } else { + d.data = append(d.data, elems[0]) } - return nil } diff --git a/ecc/bn254/twistededwards/eddsa/eddsa.go b/ecc/bn254/twistededwards/eddsa/eddsa.go index 81106d927..27e4e7006 100644 --- a/ecc/bn254/twistededwards/eddsa/eddsa.go +++ b/ecc/bn254/twistededwards/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bw6-633/twistededwards/eddsa/eddsa.go b/ecc/bw6-633/twistededwards/eddsa/eddsa.go index 5f43e94b2..63f19e1ab 100644 --- a/ecc/bw6-633/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-633/twistededwards/eddsa/eddsa.go @@ -164,7 +164,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -228,7 +228,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bw6-756/twistededwards/eddsa/eddsa.go b/ecc/bw6-756/twistededwards/eddsa/eddsa.go index ff555c978..66dba3a4d 100644 --- a/ecc/bw6-756/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-756/twistededwards/eddsa/eddsa.go @@ -164,7 +164,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -228,7 +228,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bw6-761/twistededwards/eddsa/eddsa.go b/ecc/bw6-761/twistededwards/eddsa/eddsa.go index aff80e74a..6b40dc981 100644 --- a/ecc/bw6-761/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-761/twistededwards/eddsa/eddsa.go @@ -164,7 +164,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -228,7 +228,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/fiat-shamir/transcript.go b/fiat-shamir/transcript.go index 6c98aeda0..153873599 100644 --- a/fiat-shamir/transcript.go +++ b/fiat-shamir/transcript.go @@ -102,10 +102,8 @@ func (t *Transcript) ComputeChallenge(challengeID string) ([]byte, error) { defer t.h.Reset() // write the challenge name, the purpose is to have a domain separator - if aHash, ok := t.h.(gcHash.ArithmeticHash); ok { - if err := aHash.WriteString([]byte(challengeID)); err != nil { - return nil, err - } + if hashToField, ok := t.h.(gcHash.ToField); ok { + hashToField.WriteString([]byte(challengeID)) } else { if _, err := t.h.Write([]byte(challengeID)); err != nil { return nil, err diff --git a/hash/hashes.go b/hash/hashes.go index 0548e1ff9..37bce2959 100644 --- a/hash/hashes.go +++ b/hash/hashes.go @@ -115,7 +115,3 @@ func (m Hash) String() string { func (m Hash) Size() int { return int(digestSize[m]) } - -type ArithmeticHash interface { - WriteString(rawBytes []byte) error -} diff --git a/hash/to_field.go b/hash/to_field.go new file mode 100644 index 000000000..ee0e7b294 --- /dev/null +++ b/hash/to_field.go @@ -0,0 +1,5 @@ +package hash + +type ToField interface { + WriteString(rawBytes []byte) +} From 4d64a23c34c3b5a963b940611b68792e93a49ca2 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 26 Jan 2023 12:42:12 -0500 Subject: [PATCH 10/30] build: generify bn254 mimc changes --- ecc/bls12-377/fr/mimc/decompose.go | 46 --------------- ecc/bls12-377/fr/mimc/decompose_test.go | 53 ----------------- ecc/bls12-377/fr/mimc/mimc.go | 57 +++++++------------ ecc/bls12-377/twistededwards/eddsa/eddsa.go | 4 +- ecc/bls12-378/fr/mimc/decompose.go | 46 --------------- ecc/bls12-378/fr/mimc/decompose_test.go | 53 ----------------- ecc/bls12-378/fr/mimc/mimc.go | 57 +++++++------------ ecc/bls12-378/twistededwards/eddsa/eddsa.go | 4 +- ecc/bls12-381/bandersnatch/eddsa/eddsa.go | 4 +- ecc/bls12-381/fr/mimc/decompose.go | 46 --------------- ecc/bls12-381/fr/mimc/decompose_test.go | 53 ----------------- ecc/bls12-381/fr/mimc/mimc.go | 57 +++++++------------ ecc/bls12-381/twistededwards/eddsa/eddsa.go | 4 +- ecc/bls24-315/fr/mimc/decompose.go | 46 --------------- ecc/bls24-315/fr/mimc/decompose_test.go | 53 ----------------- ecc/bls24-315/fr/mimc/mimc.go | 57 +++++++------------ ecc/bls24-315/twistededwards/eddsa/eddsa.go | 4 +- ecc/bls24-317/fr/mimc/decompose.go | 46 --------------- ecc/bls24-317/fr/mimc/decompose_test.go | 53 ----------------- ecc/bls24-317/fr/mimc/mimc.go | 57 +++++++------------ ecc/bls24-317/twistededwards/eddsa/eddsa.go | 4 +- ecc/bn254/twistededwards/eddsa/eddsa.go | 4 +- ecc/bw6-633/fr/mimc/decompose.go | 46 --------------- ecc/bw6-633/fr/mimc/decompose_test.go | 53 ----------------- ecc/bw6-633/fr/mimc/mimc.go | 57 +++++++------------ ecc/bw6-633/twistededwards/eddsa/eddsa.go | 4 +- ecc/bw6-756/fr/mimc/decompose.go | 46 --------------- ecc/bw6-756/fr/mimc/decompose_test.go | 53 ----------------- ecc/bw6-756/fr/mimc/mimc.go | 57 +++++++------------ ecc/bw6-756/twistededwards/eddsa/eddsa.go | 4 +- ecc/bw6-761/fr/mimc/decompose.go | 46 --------------- ecc/bw6-761/fr/mimc/decompose_test.go | 53 ----------------- ecc/bw6-761/fr/mimc/mimc.go | 57 +++++++------------ ecc/bw6-761/twistededwards/eddsa/eddsa.go | 4 +- .../generator/crypto/hash/mimc/generate.go | 3 +- .../hash/mimc/template/decompose.go.tmpl | 28 --------- .../crypto/hash/mimc/template/mimc.go.tmpl | 57 +++++++------------ .../mimc/template/tests/decompose.go.tmpl | 35 ------------ .../edwards/eddsa/template/eddsa.go.tmpl | 4 +- 39 files changed, 194 insertions(+), 1221 deletions(-) delete mode 100644 ecc/bls12-377/fr/mimc/decompose.go delete mode 100644 ecc/bls12-377/fr/mimc/decompose_test.go delete mode 100644 ecc/bls12-378/fr/mimc/decompose.go delete mode 100644 ecc/bls12-378/fr/mimc/decompose_test.go delete mode 100644 ecc/bls12-381/fr/mimc/decompose.go delete mode 100644 ecc/bls12-381/fr/mimc/decompose_test.go delete mode 100644 ecc/bls24-315/fr/mimc/decompose.go delete mode 100644 ecc/bls24-315/fr/mimc/decompose_test.go delete mode 100644 ecc/bls24-317/fr/mimc/decompose.go delete mode 100644 ecc/bls24-317/fr/mimc/decompose_test.go delete mode 100644 ecc/bw6-633/fr/mimc/decompose.go delete mode 100644 ecc/bw6-633/fr/mimc/decompose_test.go delete mode 100644 ecc/bw6-756/fr/mimc/decompose.go delete mode 100644 ecc/bw6-756/fr/mimc/decompose_test.go delete mode 100644 ecc/bw6-761/fr/mimc/decompose.go delete mode 100644 ecc/bw6-761/fr/mimc/decompose_test.go delete mode 100644 internal/generator/crypto/hash/mimc/template/decompose.go.tmpl delete mode 100644 internal/generator/crypto/hash/mimc/template/tests/decompose.go.tmpl diff --git a/ecc/bls12-377/fr/mimc/decompose.go b/ecc/bls12-377/fr/mimc/decompose.go deleted file mode 100644 index a51138765..000000000 --- a/ecc/bls12-377/fr/mimc/decompose.go +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - - "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" -) - -// Decompose interpret rawBytes as a bigInt x in big endian, -// and returns the digits of x (from LSB to MSB) when x is written -// in basis modulo. -func Decompose(rawBytes []byte) []fr.Element { - - rawBigInt := big.NewInt(0).SetBytes(rawBytes) - modulo := fr.Modulus() - - // maximum number of chunks that a function - maxNbChunks := len(rawBytes) / fr.Bytes - - res := make([]fr.Element, 0, maxNbChunks) - var tmp fr.Element - t := new(big.Int) - for rawBigInt.Sign() != 0 { - rawBigInt.DivMod(rawBigInt, modulo, t) - tmp.SetBigInt(t) - res = append(res, tmp) - } - - return res -} diff --git a/ecc/bls12-377/fr/mimc/decompose_test.go b/ecc/bls12-377/fr/mimc/decompose_test.go deleted file mode 100644 index 937192ced..000000000 --- a/ecc/bls12-377/fr/mimc/decompose_test.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - "testing" - - "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" -) - -func TestDecompose(t *testing.T) { - - // create 10 random digits in basis r - nbDigits := 10 - a := make([]fr.Element, nbDigits) - for i := 0; i < nbDigits; i++ { - a[i].SetRandom() - } - - // create a big int whose digits in basis r are a - m := fr.Modulus() - var b, tmp big.Int - for i := nbDigits - 1; i >= 0; i-- { - b.Mul(&b, m) - a[i].ToBigIntRegular(&tmp) - b.Add(&b, &tmp) - } - - // query the decomposition and compare to a - bb := b.Bytes() - d := Decompose(bb) - for i := 0; i < nbDigits; i++ { - if !d[i].Equal(&a[i]) { - t.Fatal("error decomposition") - } - } - -} diff --git a/ecc/bls12-377/fr/mimc/mimc.go b/ecc/bls12-377/fr/mimc/mimc.go index b5d6c6e28..af2ec6ae1 100644 --- a/ecc/bls12-377/fr/mimc/mimc.go +++ b/ecc/bls12-377/fr/mimc/mimc.go @@ -17,7 +17,6 @@ package mimc import ( - "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" @@ -42,7 +41,7 @@ var ( // along with the params of the mimc function type digest struct { h fr.Element - data []byte // data to hash + data []fr.Element // data to hash } // GetConstants exposed to be used in gnark @@ -92,29 +91,14 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// -// Each []byte block of size BlockSize represents a big endian fr.Element. -// -// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer -// larger than fr.Modulus, this function returns an error. -// -// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose -// function in this package. -func (d *digest) Write(p []byte) (n int, err error) { - n = len(p) - if n%BlockSize != 0 { - return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") +// p represents a big endian fr.Element. For non-field-elements strings use WriteString +func (d *digest) Write(p []byte) (int, error) { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err } - - // ensure each block represents a field element in canonical reduced form - for i := 0; i < n; i += BlockSize { - if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { - return 0, err - } - } - - d.data = append(d.data, p...) - return } // Hash hash using Miyaguchi-Preneel: @@ -124,14 +108,14 @@ func (d *digest) checksum() fr.Element { // Write guarantees len(data) % BlockSize == 0 // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? - if len(d.data) == 0 { + // TODO: @Tabaie, @Thomas Piellard Now sure what to make of this + /*if len(d.data) == 0 { d.data = make([]byte, BlockSize) - } + }*/ - for i := 0; i < len(d.data); i += BlockSize { - x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) - r := d.encrypt(x) - d.h.Add(&r, &d.h).Add(&d.h, &x) + for i := range d.data { + r := d.encrypt(d.data[i]) + d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } return d.h @@ -180,13 +164,10 @@ func initConstants() { } // WriteString writes a string that doesn't necessarily consist of field elements -func (d *digest) WriteString(rawBytes []byte) error { - asElems := Decompose(rawBytes) - for i := range asElems { - b := asElems[i].Bytes() - if _, err := d.Write(b[:]); err != nil { - return err - } +func (d *digest) WriteString(rawBytes []byte) { + if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + panic(err) + } else { + d.data = append(d.data, elems[0]) } - return nil } diff --git a/ecc/bls12-377/twistededwards/eddsa/eddsa.go b/ecc/bls12-377/twistededwards/eddsa/eddsa.go index b4606b904..b1d90f3f2 100644 --- a/ecc/bls12-377/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-377/twistededwards/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bls12-378/fr/mimc/decompose.go b/ecc/bls12-378/fr/mimc/decompose.go deleted file mode 100644 index 50a124f54..000000000 --- a/ecc/bls12-378/fr/mimc/decompose.go +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - - "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" -) - -// Decompose interpret rawBytes as a bigInt x in big endian, -// and returns the digits of x (from LSB to MSB) when x is written -// in basis modulo. -func Decompose(rawBytes []byte) []fr.Element { - - rawBigInt := big.NewInt(0).SetBytes(rawBytes) - modulo := fr.Modulus() - - // maximum number of chunks that a function - maxNbChunks := len(rawBytes) / fr.Bytes - - res := make([]fr.Element, 0, maxNbChunks) - var tmp fr.Element - t := new(big.Int) - for rawBigInt.Sign() != 0 { - rawBigInt.DivMod(rawBigInt, modulo, t) - tmp.SetBigInt(t) - res = append(res, tmp) - } - - return res -} diff --git a/ecc/bls12-378/fr/mimc/decompose_test.go b/ecc/bls12-378/fr/mimc/decompose_test.go deleted file mode 100644 index a63b57ff5..000000000 --- a/ecc/bls12-378/fr/mimc/decompose_test.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - "testing" - - "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" -) - -func TestDecompose(t *testing.T) { - - // create 10 random digits in basis r - nbDigits := 10 - a := make([]fr.Element, nbDigits) - for i := 0; i < nbDigits; i++ { - a[i].SetRandom() - } - - // create a big int whose digits in basis r are a - m := fr.Modulus() - var b, tmp big.Int - for i := nbDigits - 1; i >= 0; i-- { - b.Mul(&b, m) - a[i].ToBigIntRegular(&tmp) - b.Add(&b, &tmp) - } - - // query the decomposition and compare to a - bb := b.Bytes() - d := Decompose(bb) - for i := 0; i < nbDigits; i++ { - if !d[i].Equal(&a[i]) { - t.Fatal("error decomposition") - } - } - -} diff --git a/ecc/bls12-378/fr/mimc/mimc.go b/ecc/bls12-378/fr/mimc/mimc.go index e18a9a796..1be5722a5 100644 --- a/ecc/bls12-378/fr/mimc/mimc.go +++ b/ecc/bls12-378/fr/mimc/mimc.go @@ -17,7 +17,6 @@ package mimc import ( - "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" @@ -42,7 +41,7 @@ var ( // along with the params of the mimc function type digest struct { h fr.Element - data []byte // data to hash + data []fr.Element // data to hash } // GetConstants exposed to be used in gnark @@ -92,29 +91,14 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// -// Each []byte block of size BlockSize represents a big endian fr.Element. -// -// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer -// larger than fr.Modulus, this function returns an error. -// -// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose -// function in this package. -func (d *digest) Write(p []byte) (n int, err error) { - n = len(p) - if n%BlockSize != 0 { - return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") +// p represents a big endian fr.Element. For non-field-elements strings use WriteString +func (d *digest) Write(p []byte) (int, error) { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err } - - // ensure each block represents a field element in canonical reduced form - for i := 0; i < n; i += BlockSize { - if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { - return 0, err - } - } - - d.data = append(d.data, p...) - return } // Hash hash using Miyaguchi-Preneel: @@ -124,14 +108,14 @@ func (d *digest) checksum() fr.Element { // Write guarantees len(data) % BlockSize == 0 // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? - if len(d.data) == 0 { + // TODO: @Tabaie, @Thomas Piellard Now sure what to make of this + /*if len(d.data) == 0 { d.data = make([]byte, BlockSize) - } + }*/ - for i := 0; i < len(d.data); i += BlockSize { - x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) - r := d.encrypt(x) - d.h.Add(&r, &d.h).Add(&d.h, &x) + for i := range d.data { + r := d.encrypt(d.data[i]) + d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } return d.h @@ -184,13 +168,10 @@ func initConstants() { } // WriteString writes a string that doesn't necessarily consist of field elements -func (d *digest) WriteString(rawBytes []byte) error { - asElems := Decompose(rawBytes) - for i := range asElems { - b := asElems[i].Bytes() - if _, err := d.Write(b[:]); err != nil { - return err - } +func (d *digest) WriteString(rawBytes []byte) { + if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + panic(err) + } else { + d.data = append(d.data, elems[0]) } - return nil } diff --git a/ecc/bls12-378/twistededwards/eddsa/eddsa.go b/ecc/bls12-378/twistededwards/eddsa/eddsa.go index bd86836db..f4d80c0a8 100644 --- a/ecc/bls12-378/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-378/twistededwards/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go index 48c0056a5..1f63c2e38 100644 --- a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go +++ b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bls12-381/fr/mimc/decompose.go b/ecc/bls12-381/fr/mimc/decompose.go deleted file mode 100644 index 925d67932..000000000 --- a/ecc/bls12-381/fr/mimc/decompose.go +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - - "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" -) - -// Decompose interpret rawBytes as a bigInt x in big endian, -// and returns the digits of x (from LSB to MSB) when x is written -// in basis modulo. -func Decompose(rawBytes []byte) []fr.Element { - - rawBigInt := big.NewInt(0).SetBytes(rawBytes) - modulo := fr.Modulus() - - // maximum number of chunks that a function - maxNbChunks := len(rawBytes) / fr.Bytes - - res := make([]fr.Element, 0, maxNbChunks) - var tmp fr.Element - t := new(big.Int) - for rawBigInt.Sign() != 0 { - rawBigInt.DivMod(rawBigInt, modulo, t) - tmp.SetBigInt(t) - res = append(res, tmp) - } - - return res -} diff --git a/ecc/bls12-381/fr/mimc/decompose_test.go b/ecc/bls12-381/fr/mimc/decompose_test.go deleted file mode 100644 index 36809a2aa..000000000 --- a/ecc/bls12-381/fr/mimc/decompose_test.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - "testing" - - "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" -) - -func TestDecompose(t *testing.T) { - - // create 10 random digits in basis r - nbDigits := 10 - a := make([]fr.Element, nbDigits) - for i := 0; i < nbDigits; i++ { - a[i].SetRandom() - } - - // create a big int whose digits in basis r are a - m := fr.Modulus() - var b, tmp big.Int - for i := nbDigits - 1; i >= 0; i-- { - b.Mul(&b, m) - a[i].ToBigIntRegular(&tmp) - b.Add(&b, &tmp) - } - - // query the decomposition and compare to a - bb := b.Bytes() - d := Decompose(bb) - for i := 0; i < nbDigits; i++ { - if !d[i].Equal(&a[i]) { - t.Fatal("error decomposition") - } - } - -} diff --git a/ecc/bls12-381/fr/mimc/mimc.go b/ecc/bls12-381/fr/mimc/mimc.go index 8cb93f013..0d9a0bf50 100644 --- a/ecc/bls12-381/fr/mimc/mimc.go +++ b/ecc/bls12-381/fr/mimc/mimc.go @@ -17,7 +17,6 @@ package mimc import ( - "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" @@ -42,7 +41,7 @@ var ( // along with the params of the mimc function type digest struct { h fr.Element - data []byte // data to hash + data []fr.Element // data to hash } // GetConstants exposed to be used in gnark @@ -92,29 +91,14 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// -// Each []byte block of size BlockSize represents a big endian fr.Element. -// -// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer -// larger than fr.Modulus, this function returns an error. -// -// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose -// function in this package. -func (d *digest) Write(p []byte) (n int, err error) { - n = len(p) - if n%BlockSize != 0 { - return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") +// p represents a big endian fr.Element. For non-field-elements strings use WriteString +func (d *digest) Write(p []byte) (int, error) { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err } - - // ensure each block represents a field element in canonical reduced form - for i := 0; i < n; i += BlockSize { - if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { - return 0, err - } - } - - d.data = append(d.data, p...) - return } // Hash hash using Miyaguchi-Preneel: @@ -124,14 +108,14 @@ func (d *digest) checksum() fr.Element { // Write guarantees len(data) % BlockSize == 0 // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? - if len(d.data) == 0 { + // TODO: @Tabaie, @Thomas Piellard Now sure what to make of this + /*if len(d.data) == 0 { d.data = make([]byte, BlockSize) - } + }*/ - for i := 0; i < len(d.data); i += BlockSize { - x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) - r := d.encrypt(x) - d.h.Add(&r, &d.h).Add(&d.h, &x) + for i := range d.data { + r := d.encrypt(d.data[i]) + d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } return d.h @@ -184,13 +168,10 @@ func initConstants() { } // WriteString writes a string that doesn't necessarily consist of field elements -func (d *digest) WriteString(rawBytes []byte) error { - asElems := Decompose(rawBytes) - for i := range asElems { - b := asElems[i].Bytes() - if _, err := d.Write(b[:]); err != nil { - return err - } +func (d *digest) WriteString(rawBytes []byte) { + if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + panic(err) + } else { + d.data = append(d.data, elems[0]) } - return nil } diff --git a/ecc/bls12-381/twistededwards/eddsa/eddsa.go b/ecc/bls12-381/twistededwards/eddsa/eddsa.go index 48c0056a5..1f63c2e38 100644 --- a/ecc/bls12-381/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-381/twistededwards/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bls24-315/fr/mimc/decompose.go b/ecc/bls24-315/fr/mimc/decompose.go deleted file mode 100644 index 4a962631f..000000000 --- a/ecc/bls24-315/fr/mimc/decompose.go +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - - "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" -) - -// Decompose interpret rawBytes as a bigInt x in big endian, -// and returns the digits of x (from LSB to MSB) when x is written -// in basis modulo. -func Decompose(rawBytes []byte) []fr.Element { - - rawBigInt := big.NewInt(0).SetBytes(rawBytes) - modulo := fr.Modulus() - - // maximum number of chunks that a function - maxNbChunks := len(rawBytes) / fr.Bytes - - res := make([]fr.Element, 0, maxNbChunks) - var tmp fr.Element - t := new(big.Int) - for rawBigInt.Sign() != 0 { - rawBigInt.DivMod(rawBigInt, modulo, t) - tmp.SetBigInt(t) - res = append(res, tmp) - } - - return res -} diff --git a/ecc/bls24-315/fr/mimc/decompose_test.go b/ecc/bls24-315/fr/mimc/decompose_test.go deleted file mode 100644 index 817a588f2..000000000 --- a/ecc/bls24-315/fr/mimc/decompose_test.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - "testing" - - "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" -) - -func TestDecompose(t *testing.T) { - - // create 10 random digits in basis r - nbDigits := 10 - a := make([]fr.Element, nbDigits) - for i := 0; i < nbDigits; i++ { - a[i].SetRandom() - } - - // create a big int whose digits in basis r are a - m := fr.Modulus() - var b, tmp big.Int - for i := nbDigits - 1; i >= 0; i-- { - b.Mul(&b, m) - a[i].ToBigIntRegular(&tmp) - b.Add(&b, &tmp) - } - - // query the decomposition and compare to a - bb := b.Bytes() - d := Decompose(bb) - for i := 0; i < nbDigits; i++ { - if !d[i].Equal(&a[i]) { - t.Fatal("error decomposition") - } - } - -} diff --git a/ecc/bls24-315/fr/mimc/mimc.go b/ecc/bls24-315/fr/mimc/mimc.go index b40aae850..479371aaf 100644 --- a/ecc/bls24-315/fr/mimc/mimc.go +++ b/ecc/bls24-315/fr/mimc/mimc.go @@ -17,7 +17,6 @@ package mimc import ( - "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" @@ -42,7 +41,7 @@ var ( // along with the params of the mimc function type digest struct { h fr.Element - data []byte // data to hash + data []fr.Element // data to hash } // GetConstants exposed to be used in gnark @@ -92,29 +91,14 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// -// Each []byte block of size BlockSize represents a big endian fr.Element. -// -// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer -// larger than fr.Modulus, this function returns an error. -// -// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose -// function in this package. -func (d *digest) Write(p []byte) (n int, err error) { - n = len(p) - if n%BlockSize != 0 { - return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") +// p represents a big endian fr.Element. For non-field-elements strings use WriteString +func (d *digest) Write(p []byte) (int, error) { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err } - - // ensure each block represents a field element in canonical reduced form - for i := 0; i < n; i += BlockSize { - if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { - return 0, err - } - } - - d.data = append(d.data, p...) - return } // Hash hash using Miyaguchi-Preneel: @@ -124,14 +108,14 @@ func (d *digest) checksum() fr.Element { // Write guarantees len(data) % BlockSize == 0 // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? - if len(d.data) == 0 { + // TODO: @Tabaie, @Thomas Piellard Now sure what to make of this + /*if len(d.data) == 0 { d.data = make([]byte, BlockSize) - } + }*/ - for i := 0; i < len(d.data); i += BlockSize { - x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) - r := d.encrypt(x) - d.h.Add(&r, &d.h).Add(&d.h, &x) + for i := range d.data { + r := d.encrypt(d.data[i]) + d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } return d.h @@ -184,13 +168,10 @@ func initConstants() { } // WriteString writes a string that doesn't necessarily consist of field elements -func (d *digest) WriteString(rawBytes []byte) error { - asElems := Decompose(rawBytes) - for i := range asElems { - b := asElems[i].Bytes() - if _, err := d.Write(b[:]); err != nil { - return err - } +func (d *digest) WriteString(rawBytes []byte) { + if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + panic(err) + } else { + d.data = append(d.data, elems[0]) } - return nil } diff --git a/ecc/bls24-315/twistededwards/eddsa/eddsa.go b/ecc/bls24-315/twistededwards/eddsa/eddsa.go index bfa677d85..d78c9a9a7 100644 --- a/ecc/bls24-315/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-315/twistededwards/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bls24-317/fr/mimc/decompose.go b/ecc/bls24-317/fr/mimc/decompose.go deleted file mode 100644 index b027d8bbc..000000000 --- a/ecc/bls24-317/fr/mimc/decompose.go +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - - "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" -) - -// Decompose interpret rawBytes as a bigInt x in big endian, -// and returns the digits of x (from LSB to MSB) when x is written -// in basis modulo. -func Decompose(rawBytes []byte) []fr.Element { - - rawBigInt := big.NewInt(0).SetBytes(rawBytes) - modulo := fr.Modulus() - - // maximum number of chunks that a function - maxNbChunks := len(rawBytes) / fr.Bytes - - res := make([]fr.Element, 0, maxNbChunks) - var tmp fr.Element - t := new(big.Int) - for rawBigInt.Sign() != 0 { - rawBigInt.DivMod(rawBigInt, modulo, t) - tmp.SetBigInt(t) - res = append(res, tmp) - } - - return res -} diff --git a/ecc/bls24-317/fr/mimc/decompose_test.go b/ecc/bls24-317/fr/mimc/decompose_test.go deleted file mode 100644 index 26a476920..000000000 --- a/ecc/bls24-317/fr/mimc/decompose_test.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - "testing" - - "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" -) - -func TestDecompose(t *testing.T) { - - // create 10 random digits in basis r - nbDigits := 10 - a := make([]fr.Element, nbDigits) - for i := 0; i < nbDigits; i++ { - a[i].SetRandom() - } - - // create a big int whose digits in basis r are a - m := fr.Modulus() - var b, tmp big.Int - for i := nbDigits - 1; i >= 0; i-- { - b.Mul(&b, m) - a[i].ToBigIntRegular(&tmp) - b.Add(&b, &tmp) - } - - // query the decomposition and compare to a - bb := b.Bytes() - d := Decompose(bb) - for i := 0; i < nbDigits; i++ { - if !d[i].Equal(&a[i]) { - t.Fatal("error decomposition") - } - } - -} diff --git a/ecc/bls24-317/fr/mimc/mimc.go b/ecc/bls24-317/fr/mimc/mimc.go index 28f0324bd..9b7e40c22 100644 --- a/ecc/bls24-317/fr/mimc/mimc.go +++ b/ecc/bls24-317/fr/mimc/mimc.go @@ -17,7 +17,6 @@ package mimc import ( - "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" @@ -42,7 +41,7 @@ var ( // along with the params of the mimc function type digest struct { h fr.Element - data []byte // data to hash + data []fr.Element // data to hash } // GetConstants exposed to be used in gnark @@ -92,29 +91,14 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// -// Each []byte block of size BlockSize represents a big endian fr.Element. -// -// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer -// larger than fr.Modulus, this function returns an error. -// -// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose -// function in this package. -func (d *digest) Write(p []byte) (n int, err error) { - n = len(p) - if n%BlockSize != 0 { - return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") +// p represents a big endian fr.Element. For non-field-elements strings use WriteString +func (d *digest) Write(p []byte) (int, error) { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err } - - // ensure each block represents a field element in canonical reduced form - for i := 0; i < n; i += BlockSize { - if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { - return 0, err - } - } - - d.data = append(d.data, p...) - return } // Hash hash using Miyaguchi-Preneel: @@ -124,14 +108,14 @@ func (d *digest) checksum() fr.Element { // Write guarantees len(data) % BlockSize == 0 // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? - if len(d.data) == 0 { + // TODO: @Tabaie, @Thomas Piellard Now sure what to make of this + /*if len(d.data) == 0 { d.data = make([]byte, BlockSize) - } + }*/ - for i := 0; i < len(d.data); i += BlockSize { - x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) - r := d.encrypt(x) - d.h.Add(&r, &d.h).Add(&d.h, &x) + for i := range d.data { + r := d.encrypt(d.data[i]) + d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } return d.h @@ -186,13 +170,10 @@ func initConstants() { } // WriteString writes a string that doesn't necessarily consist of field elements -func (d *digest) WriteString(rawBytes []byte) error { - asElems := Decompose(rawBytes) - for i := range asElems { - b := asElems[i].Bytes() - if _, err := d.Write(b[:]); err != nil { - return err - } +func (d *digest) WriteString(rawBytes []byte) { + if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + panic(err) + } else { + d.data = append(d.data, elems[0]) } - return nil } diff --git a/ecc/bls24-317/twistededwards/eddsa/eddsa.go b/ecc/bls24-317/twistededwards/eddsa/eddsa.go index f2f8858a1..9e1dd1f75 100644 --- a/ecc/bls24-317/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-317/twistededwards/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bn254/twistededwards/eddsa/eddsa.go b/ecc/bn254/twistededwards/eddsa/eddsa.go index 27e4e7006..e7f5f788c 100644 --- a/ecc/bn254/twistededwards/eddsa/eddsa.go +++ b/ecc/bn254/twistededwards/eddsa/eddsa.go @@ -155,7 +155,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -219,7 +219,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bw6-633/fr/mimc/decompose.go b/ecc/bw6-633/fr/mimc/decompose.go deleted file mode 100644 index 0f4cc36c9..000000000 --- a/ecc/bw6-633/fr/mimc/decompose.go +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - - "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" -) - -// Decompose interpret rawBytes as a bigInt x in big endian, -// and returns the digits of x (from LSB to MSB) when x is written -// in basis modulo. -func Decompose(rawBytes []byte) []fr.Element { - - rawBigInt := big.NewInt(0).SetBytes(rawBytes) - modulo := fr.Modulus() - - // maximum number of chunks that a function - maxNbChunks := len(rawBytes) / fr.Bytes - - res := make([]fr.Element, 0, maxNbChunks) - var tmp fr.Element - t := new(big.Int) - for rawBigInt.Sign() != 0 { - rawBigInt.DivMod(rawBigInt, modulo, t) - tmp.SetBigInt(t) - res = append(res, tmp) - } - - return res -} diff --git a/ecc/bw6-633/fr/mimc/decompose_test.go b/ecc/bw6-633/fr/mimc/decompose_test.go deleted file mode 100644 index 26518fd46..000000000 --- a/ecc/bw6-633/fr/mimc/decompose_test.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - "testing" - - "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" -) - -func TestDecompose(t *testing.T) { - - // create 10 random digits in basis r - nbDigits := 10 - a := make([]fr.Element, nbDigits) - for i := 0; i < nbDigits; i++ { - a[i].SetRandom() - } - - // create a big int whose digits in basis r are a - m := fr.Modulus() - var b, tmp big.Int - for i := nbDigits - 1; i >= 0; i-- { - b.Mul(&b, m) - a[i].ToBigIntRegular(&tmp) - b.Add(&b, &tmp) - } - - // query the decomposition and compare to a - bb := b.Bytes() - d := Decompose(bb) - for i := 0; i < nbDigits; i++ { - if !d[i].Equal(&a[i]) { - t.Fatal("error decomposition") - } - } - -} diff --git a/ecc/bw6-633/fr/mimc/mimc.go b/ecc/bw6-633/fr/mimc/mimc.go index 28ac30bfe..93a615cc3 100644 --- a/ecc/bw6-633/fr/mimc/mimc.go +++ b/ecc/bw6-633/fr/mimc/mimc.go @@ -17,7 +17,6 @@ package mimc import ( - "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" @@ -42,7 +41,7 @@ var ( // along with the params of the mimc function type digest struct { h fr.Element - data []byte // data to hash + data []fr.Element // data to hash } // GetConstants exposed to be used in gnark @@ -92,29 +91,14 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// -// Each []byte block of size BlockSize represents a big endian fr.Element. -// -// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer -// larger than fr.Modulus, this function returns an error. -// -// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose -// function in this package. -func (d *digest) Write(p []byte) (n int, err error) { - n = len(p) - if n%BlockSize != 0 { - return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") +// p represents a big endian fr.Element. For non-field-elements strings use WriteString +func (d *digest) Write(p []byte) (int, error) { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err } - - // ensure each block represents a field element in canonical reduced form - for i := 0; i < n; i += BlockSize { - if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { - return 0, err - } - } - - d.data = append(d.data, p...) - return } // Hash hash using Miyaguchi-Preneel: @@ -124,14 +108,14 @@ func (d *digest) checksum() fr.Element { // Write guarantees len(data) % BlockSize == 0 // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? - if len(d.data) == 0 { + // TODO: @Tabaie, @Thomas Piellard Now sure what to make of this + /*if len(d.data) == 0 { d.data = make([]byte, BlockSize) - } + }*/ - for i := 0; i < len(d.data); i += BlockSize { - x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) - r := d.encrypt(x) - d.h.Add(&r, &d.h).Add(&d.h, &x) + for i := range d.data { + r := d.encrypt(d.data[i]) + d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } return d.h @@ -184,13 +168,10 @@ func initConstants() { } // WriteString writes a string that doesn't necessarily consist of field elements -func (d *digest) WriteString(rawBytes []byte) error { - asElems := Decompose(rawBytes) - for i := range asElems { - b := asElems[i].Bytes() - if _, err := d.Write(b[:]); err != nil { - return err - } +func (d *digest) WriteString(rawBytes []byte) { + if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + panic(err) + } else { + d.data = append(d.data, elems[0]) } - return nil } diff --git a/ecc/bw6-633/twistededwards/eddsa/eddsa.go b/ecc/bw6-633/twistededwards/eddsa/eddsa.go index 63f19e1ab..a7470d68a 100644 --- a/ecc/bw6-633/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-633/twistededwards/eddsa/eddsa.go @@ -164,7 +164,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -228,7 +228,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bw6-756/fr/mimc/decompose.go b/ecc/bw6-756/fr/mimc/decompose.go deleted file mode 100644 index c5bb70239..000000000 --- a/ecc/bw6-756/fr/mimc/decompose.go +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - - "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" -) - -// Decompose interpret rawBytes as a bigInt x in big endian, -// and returns the digits of x (from LSB to MSB) when x is written -// in basis modulo. -func Decompose(rawBytes []byte) []fr.Element { - - rawBigInt := big.NewInt(0).SetBytes(rawBytes) - modulo := fr.Modulus() - - // maximum number of chunks that a function - maxNbChunks := len(rawBytes) / fr.Bytes - - res := make([]fr.Element, 0, maxNbChunks) - var tmp fr.Element - t := new(big.Int) - for rawBigInt.Sign() != 0 { - rawBigInt.DivMod(rawBigInt, modulo, t) - tmp.SetBigInt(t) - res = append(res, tmp) - } - - return res -} diff --git a/ecc/bw6-756/fr/mimc/decompose_test.go b/ecc/bw6-756/fr/mimc/decompose_test.go deleted file mode 100644 index 04d86a58c..000000000 --- a/ecc/bw6-756/fr/mimc/decompose_test.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - "testing" - - "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" -) - -func TestDecompose(t *testing.T) { - - // create 10 random digits in basis r - nbDigits := 10 - a := make([]fr.Element, nbDigits) - for i := 0; i < nbDigits; i++ { - a[i].SetRandom() - } - - // create a big int whose digits in basis r are a - m := fr.Modulus() - var b, tmp big.Int - for i := nbDigits - 1; i >= 0; i-- { - b.Mul(&b, m) - a[i].ToBigIntRegular(&tmp) - b.Add(&b, &tmp) - } - - // query the decomposition and compare to a - bb := b.Bytes() - d := Decompose(bb) - for i := 0; i < nbDigits; i++ { - if !d[i].Equal(&a[i]) { - t.Fatal("error decomposition") - } - } - -} diff --git a/ecc/bw6-756/fr/mimc/mimc.go b/ecc/bw6-756/fr/mimc/mimc.go index b1d59c106..bf14e766c 100644 --- a/ecc/bw6-756/fr/mimc/mimc.go +++ b/ecc/bw6-756/fr/mimc/mimc.go @@ -17,7 +17,6 @@ package mimc import ( - "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" @@ -42,7 +41,7 @@ var ( // along with the params of the mimc function type digest struct { h fr.Element - data []byte // data to hash + data []fr.Element // data to hash } // GetConstants exposed to be used in gnark @@ -92,29 +91,14 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// -// Each []byte block of size BlockSize represents a big endian fr.Element. -// -// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer -// larger than fr.Modulus, this function returns an error. -// -// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose -// function in this package. -func (d *digest) Write(p []byte) (n int, err error) { - n = len(p) - if n%BlockSize != 0 { - return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") +// p represents a big endian fr.Element. For non-field-elements strings use WriteString +func (d *digest) Write(p []byte) (int, error) { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err } - - // ensure each block represents a field element in canonical reduced form - for i := 0; i < n; i += BlockSize { - if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { - return 0, err - } - } - - d.data = append(d.data, p...) - return } // Hash hash using Miyaguchi-Preneel: @@ -124,14 +108,14 @@ func (d *digest) checksum() fr.Element { // Write guarantees len(data) % BlockSize == 0 // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? - if len(d.data) == 0 { + // TODO: @Tabaie, @Thomas Piellard Now sure what to make of this + /*if len(d.data) == 0 { d.data = make([]byte, BlockSize) - } + }*/ - for i := 0; i < len(d.data); i += BlockSize { - x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) - r := d.encrypt(x) - d.h.Add(&r, &d.h).Add(&d.h, &x) + for i := range d.data { + r := d.encrypt(d.data[i]) + d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } return d.h @@ -184,13 +168,10 @@ func initConstants() { } // WriteString writes a string that doesn't necessarily consist of field elements -func (d *digest) WriteString(rawBytes []byte) error { - asElems := Decompose(rawBytes) - for i := range asElems { - b := asElems[i].Bytes() - if _, err := d.Write(b[:]); err != nil { - return err - } +func (d *digest) WriteString(rawBytes []byte) { + if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + panic(err) + } else { + d.data = append(d.data, elems[0]) } - return nil } diff --git a/ecc/bw6-756/twistededwards/eddsa/eddsa.go b/ecc/bw6-756/twistededwards/eddsa/eddsa.go index 66dba3a4d..28d7e43ce 100644 --- a/ecc/bw6-756/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-756/twistededwards/eddsa/eddsa.go @@ -164,7 +164,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -228,7 +228,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/ecc/bw6-761/fr/mimc/decompose.go b/ecc/bw6-761/fr/mimc/decompose.go deleted file mode 100644 index 06761e28f..000000000 --- a/ecc/bw6-761/fr/mimc/decompose.go +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - - "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" -) - -// Decompose interpret rawBytes as a bigInt x in big endian, -// and returns the digits of x (from LSB to MSB) when x is written -// in basis modulo. -func Decompose(rawBytes []byte) []fr.Element { - - rawBigInt := big.NewInt(0).SetBytes(rawBytes) - modulo := fr.Modulus() - - // maximum number of chunks that a function - maxNbChunks := len(rawBytes) / fr.Bytes - - res := make([]fr.Element, 0, maxNbChunks) - var tmp fr.Element - t := new(big.Int) - for rawBigInt.Sign() != 0 { - rawBigInt.DivMod(rawBigInt, modulo, t) - tmp.SetBigInt(t) - res = append(res, tmp) - } - - return res -} diff --git a/ecc/bw6-761/fr/mimc/decompose_test.go b/ecc/bw6-761/fr/mimc/decompose_test.go deleted file mode 100644 index 031367811..000000000 --- a/ecc/bw6-761/fr/mimc/decompose_test.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by consensys/gnark-crypto DO NOT EDIT - -package mimc - -import ( - "math/big" - "testing" - - "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" -) - -func TestDecompose(t *testing.T) { - - // create 10 random digits in basis r - nbDigits := 10 - a := make([]fr.Element, nbDigits) - for i := 0; i < nbDigits; i++ { - a[i].SetRandom() - } - - // create a big int whose digits in basis r are a - m := fr.Modulus() - var b, tmp big.Int - for i := nbDigits - 1; i >= 0; i-- { - b.Mul(&b, m) - a[i].ToBigIntRegular(&tmp) - b.Add(&b, &tmp) - } - - // query the decomposition and compare to a - bb := b.Bytes() - d := Decompose(bb) - for i := 0; i < nbDigits; i++ { - if !d[i].Equal(&a[i]) { - t.Fatal("error decomposition") - } - } - -} diff --git a/ecc/bw6-761/fr/mimc/mimc.go b/ecc/bw6-761/fr/mimc/mimc.go index fa9329df6..0ee727977 100644 --- a/ecc/bw6-761/fr/mimc/mimc.go +++ b/ecc/bw6-761/fr/mimc/mimc.go @@ -17,7 +17,6 @@ package mimc import ( - "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" @@ -42,7 +41,7 @@ var ( // along with the params of the mimc function type digest struct { h fr.Element - data []byte // data to hash + data []fr.Element // data to hash } // GetConstants exposed to be used in gnark @@ -92,29 +91,14 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// -// Each []byte block of size BlockSize represents a big endian fr.Element. -// -// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer -// larger than fr.Modulus, this function returns an error. -// -// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose -// function in this package. -func (d *digest) Write(p []byte) (n int, err error) { - n = len(p) - if n%BlockSize != 0 { - return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") +// p represents a big endian fr.Element. For non-field-elements strings use WriteString +func (d *digest) Write(p []byte) (int, error) { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err } - - // ensure each block represents a field element in canonical reduced form - for i := 0; i < n; i += BlockSize { - if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { - return 0, err - } - } - - d.data = append(d.data, p...) - return } // Hash hash using Miyaguchi-Preneel: @@ -124,14 +108,14 @@ func (d *digest) checksum() fr.Element { // Write guarantees len(data) % BlockSize == 0 // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? - if len(d.data) == 0 { + // TODO: @Tabaie, @Thomas Piellard Now sure what to make of this + /*if len(d.data) == 0 { d.data = make([]byte, BlockSize) - } + }*/ - for i := 0; i < len(d.data); i += BlockSize { - x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) - r := d.encrypt(x) - d.h.Add(&r, &d.h).Add(&d.h, &x) + for i := range d.data { + r := d.encrypt(d.data[i]) + d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } return d.h @@ -184,13 +168,10 @@ func initConstants() { } // WriteString writes a string that doesn't necessarily consist of field elements -func (d *digest) WriteString(rawBytes []byte) error { - asElems := Decompose(rawBytes) - for i := range asElems { - b := asElems[i].Bytes() - if _, err := d.Write(b[:]); err != nil { - return err - } +func (d *digest) WriteString(rawBytes []byte) { + if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + panic(err) + } else { + d.data = append(d.data, elems[0]) } - return nil } diff --git a/ecc/bw6-761/twistededwards/eddsa/eddsa.go b/ecc/bw6-761/twistededwards/eddsa/eddsa.go index 6b40dc981..32029b09c 100644 --- a/ecc/bw6-761/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-761/twistededwards/eddsa/eddsa.go @@ -164,7 +164,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -228,7 +228,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.HashToField); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err diff --git a/internal/generator/crypto/hash/mimc/generate.go b/internal/generator/crypto/hash/mimc/generate.go index 94caf7f56..4b43c4210 100644 --- a/internal/generator/crypto/hash/mimc/generate.go +++ b/internal/generator/crypto/hash/mimc/generate.go @@ -17,11 +17,10 @@ func Generate(conf config.Curve, baseDir string, bgen *bavard.BatchGenerator) er entries := []bavard.Entry{ {File: filepath.Join(baseDir, "doc.go"), Templates: []string{"doc.go.tmpl"}}, {File: filepath.Join(baseDir, "mimc.go"), Templates: []string{"mimc.go.tmpl"}}, - {File: filepath.Join(baseDir, "decompose.go"), Templates: []string{"decompose.go.tmpl"}}, - {File: filepath.Join(baseDir, "decompose_test.go"), Templates: []string{"tests/decompose.go.tmpl"}}, } os.Remove(filepath.Join(baseDir, "utils.go")) os.Remove(filepath.Join(baseDir, "utils_test.go")) + return bgen.Generate(conf, conf.Package, "./crypto/hash/mimc/template", entries...) } diff --git a/internal/generator/crypto/hash/mimc/template/decompose.go.tmpl b/internal/generator/crypto/hash/mimc/template/decompose.go.tmpl deleted file mode 100644 index b5a061739..000000000 --- a/internal/generator/crypto/hash/mimc/template/decompose.go.tmpl +++ /dev/null @@ -1,28 +0,0 @@ - -import ( "math/big" - - "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr" -) - -// Decompose interpret rawBytes as a bigInt x in big endian, -// and returns the digits of x (from LSB to MSB) when x is written -// in basis modulo. -func Decompose(rawBytes []byte) []fr.Element { - - rawBigInt := big.NewInt(0).SetBytes(rawBytes) - modulo := fr.Modulus() - - // maximum number of chunks that a function - maxNbChunks := len(rawBytes) / fr.Bytes - - res := make([]fr.Element, 0, maxNbChunks) - var tmp fr.Element - t := new(big.Int) - for rawBigInt.Sign() != 0 { - rawBigInt.DivMod(rawBigInt, modulo, t) - tmp.SetBigInt(t) - res = append(res, tmp) - } - - return res -} \ No newline at end of file diff --git a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl index 324909c26..7a7a6e17c 100644 --- a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl @@ -1,6 +1,5 @@ import ( "hash" - "errors" "math/big" "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr" @@ -28,7 +27,7 @@ var ( // along with the params of the mimc function type digest struct { h fr.Element - data []byte // data to hash + data []fr.Element // data to hash } // GetConstants exposed to be used in gnark @@ -78,29 +77,14 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// -// Each []byte block of size BlockSize represents a big endian fr.Element. -// -// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer -// larger than fr.Modulus, this function returns an error. -// -// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose -// function in this package. -func (d *digest) Write(p []byte) (n int, err error) { - n = len(p) - if n % BlockSize != 0 { - return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") +// p represents a big endian fr.Element. For non-field-elements strings use WriteString +func (d *digest) Write(p []byte) (int, error) { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err } - - // ensure each block represents a field element in canonical reduced form - for i := 0; i < n; i += BlockSize { - if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i:i+BlockSize])); err != nil { - return 0, err - } - } - - d.data = append(d.data, p...) - return } // Hash hash using Miyaguchi-Preneel: @@ -110,14 +94,14 @@ func (d *digest) checksum() fr.Element { // Write guarantees len(data) % BlockSize == 0 // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? - if len(d.data) == 0 { + // TODO: @Tabaie, @Thomas Piellard Now sure what to make of this + /*if len(d.data) == 0 { d.data = make([]byte, BlockSize) - } + }*/ - for i := 0; i < len(d.data); i+=BlockSize { - x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i:i+BlockSize])) - r := d.encrypt(x) - d.h.Add(&r, &d.h).Add(&d.h, &x) + for i := range d.data { + r := d.encrypt(d.data[i]) + d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } return d.h @@ -208,13 +192,10 @@ func initConstants() { } // WriteString writes a string that doesn't necessarily consist of field elements -func (d *digest) WriteString(rawBytes []byte) error { - asElems := Decompose(rawBytes) - for i := range asElems { - b := asElems[i].Bytes() - if _, err := d.Write(b[:]); err != nil { - return err - } +func (d *digest) WriteString(rawBytes []byte) { + if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + panic(err) + } else { + d.data = append(d.data, elems[0]) } - return nil } diff --git a/internal/generator/crypto/hash/mimc/template/tests/decompose.go.tmpl b/internal/generator/crypto/hash/mimc/template/tests/decompose.go.tmpl deleted file mode 100644 index 26dc6661f..000000000 --- a/internal/generator/crypto/hash/mimc/template/tests/decompose.go.tmpl +++ /dev/null @@ -1,35 +0,0 @@ -import ( - "math/big" - "testing" - - "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr" -) - -func TestDecompose(t *testing.T) { - - // create 10 random digits in basis r - nbDigits := 10 - a := make([]fr.Element, nbDigits) - for i := 0; i < nbDigits; i++ { - a[i].SetRandom() - } - - // create a big int whose digits in basis r are a - m := fr.Modulus() - var b, tmp big.Int - for i := nbDigits - 1; i >= 0; i-- { - b.Mul(&b, m) - a[i].ToBigIntRegular(&tmp) - b.Add(&b, &tmp) - } - - // query the decomposition and compare to a - bb := b.Bytes() - d := Decompose(bb) - for i := 0; i < nbDigits; i++ { - if !d[i].Equal(&a[i]) { - t.Fatal("error decomposition") - } - } - -} diff --git a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl index 803071587..5765e37bb 100644 --- a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl +++ b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl @@ -172,7 +172,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return nil, err @@ -236,7 +236,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ArithmeticHash); ok { + if arithHFunc, ok := hFunc.(gcHash.ToField); ok { err := arithHFunc.WriteString(dataToHash[:]) if err != nil { return false, err From 7a3a1880417f2c8b403a1709ed9e232e11ccbe49 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 26 Jan 2023 12:51:30 -0500 Subject: [PATCH 11/30] chore: staticcheck --- ecc/bls12-377/fr/kzg/kzg.go | 6 +++--- ecc/bls12-377/fr/kzg/kzg_test.go | 2 +- ecc/bls12-377/fr/mimc/mimc.go | 2 +- ecc/bls12-377/fr/plookup/table.go | 2 +- ecc/bls12-377/g1_test.go | 8 ++++---- ecc/bls12-377/g2_test.go | 8 ++++---- ecc/bls12-377/internal/fptower/e12_test.go | 2 +- ecc/bls12-377/marshal_test.go | 8 ++++---- ecc/bls12-377/multiexp_test.go | 12 +++++------ ecc/bls12-377/pairing_test.go | 20 +++++++++---------- ecc/bls12-378/fr/kzg/kzg.go | 6 +++--- ecc/bls12-378/fr/kzg/kzg_test.go | 2 +- ecc/bls12-378/fr/mimc/mimc.go | 2 +- ecc/bls12-378/fr/plookup/table.go | 2 +- ecc/bls12-378/g1_test.go | 8 ++++---- ecc/bls12-378/g2_test.go | 8 ++++---- ecc/bls12-378/internal/fptower/e12_test.go | 2 +- ecc/bls12-378/marshal_test.go | 8 ++++---- ecc/bls12-378/multiexp_test.go | 12 +++++------ ecc/bls12-378/pairing_test.go | 20 +++++++++---------- ecc/bls12-381/fr/kzg/kzg.go | 6 +++--- ecc/bls12-381/fr/kzg/kzg_test.go | 2 +- ecc/bls12-381/fr/mimc/mimc.go | 2 +- ecc/bls12-381/fr/plookup/table.go | 2 +- ecc/bls12-381/g1_test.go | 8 ++++---- ecc/bls12-381/g2_test.go | 8 ++++---- ecc/bls12-381/internal/fptower/e12_test.go | 2 +- ecc/bls12-381/marshal_test.go | 8 ++++---- ecc/bls12-381/multiexp_test.go | 12 +++++------ ecc/bls12-381/pairing_test.go | 20 +++++++++---------- ecc/bls24-315/fr/kzg/kzg.go | 6 +++--- ecc/bls24-315/fr/kzg/kzg_test.go | 2 +- ecc/bls24-315/fr/mimc/mimc.go | 2 +- ecc/bls24-315/fr/plookup/table.go | 2 +- ecc/bls24-315/g1_test.go | 8 ++++---- ecc/bls24-315/g2_test.go | 8 ++++---- ecc/bls24-315/marshal_test.go | 8 ++++---- ecc/bls24-315/multiexp_test.go | 12 +++++------ ecc/bls24-315/pairing_test.go | 20 +++++++++---------- ecc/bls24-317/fr/kzg/kzg.go | 6 +++--- ecc/bls24-317/fr/kzg/kzg_test.go | 2 +- ecc/bls24-317/fr/mimc/mimc.go | 2 +- ecc/bls24-317/fr/plookup/table.go | 2 +- ecc/bls24-317/g1_test.go | 8 ++++---- ecc/bls24-317/g2_test.go | 8 ++++---- ecc/bls24-317/marshal_test.go | 8 ++++---- ecc/bls24-317/multiexp_test.go | 12 +++++------ ecc/bls24-317/pairing_test.go | 20 +++++++++---------- ecc/bn254/fr/kzg/kzg.go | 6 +++--- ecc/bn254/fr/kzg/kzg_test.go | 2 +- ecc/bn254/fr/mimc/mimc.go | 2 +- ecc/bn254/fr/plookup/table.go | 2 +- ecc/bn254/g1_test.go | 8 ++++---- ecc/bn254/g2_test.go | 8 ++++---- ecc/bn254/internal/fptower/e12_test.go | 2 +- ecc/bn254/marshal_test.go | 8 ++++---- ecc/bn254/multiexp_test.go | 12 +++++------ ecc/bn254/pairing_test.go | 20 +++++++++---------- ecc/bw6-633/fr/kzg/kzg.go | 6 +++--- ecc/bw6-633/fr/kzg/kzg_test.go | 2 +- ecc/bw6-633/fr/mimc/mimc.go | 2 +- ecc/bw6-633/fr/plookup/table.go | 2 +- ecc/bw6-633/g1_test.go | 8 ++++---- ecc/bw6-633/g2_test.go | 8 ++++---- ecc/bw6-633/marshal_test.go | 8 ++++---- ecc/bw6-633/multiexp_test.go | 12 +++++------ ecc/bw6-633/pairing_test.go | 20 +++++++++---------- ecc/bw6-756/fr/kzg/kzg.go | 6 +++--- ecc/bw6-756/fr/kzg/kzg_test.go | 2 +- ecc/bw6-756/fr/mimc/mimc.go | 2 +- ecc/bw6-756/fr/plookup/table.go | 2 +- ecc/bw6-756/g1_test.go | 8 ++++---- ecc/bw6-756/g2_test.go | 8 ++++---- ecc/bw6-756/marshal_test.go | 8 ++++---- ecc/bw6-756/multiexp_test.go | 12 +++++------ ecc/bw6-756/pairing_test.go | 20 +++++++++---------- ecc/bw6-761/fr/kzg/kzg.go | 6 +++--- ecc/bw6-761/fr/kzg/kzg_test.go | 2 +- ecc/bw6-761/fr/mimc/mimc.go | 2 +- ecc/bw6-761/fr/plookup/table.go | 2 +- ecc/bw6-761/g1_test.go | 8 ++++---- ecc/bw6-761/g2_test.go | 8 ++++---- ecc/bw6-761/marshal_test.go | 8 ++++---- ecc/bw6-761/multiexp_test.go | 12 +++++------ ecc/bw6-761/pairing_test.go | 20 +++++++++---------- .../crypto/hash/mimc/template/mimc.go.tmpl | 2 +- .../ecc/template/tests/marshal.go.tmpl | 4 ++-- .../ecc/template/tests/multiexp.go.tmpl | 6 +++--- .../ecc/template/tests/point.go.tmpl | 8 ++++---- internal/generator/kzg/template/kzg.go.tmpl | 6 +++--- .../generator/kzg/template/kzg.test.go.tmpl | 2 +- .../pairing/template/tests/pairing.go.tmpl | 20 +++++++++---------- .../generator/plookup/template/table.go.tmpl | 2 +- .../fq12over6over2/tests/fq12.go.tmpl | 2 +- 94 files changed, 336 insertions(+), 336 deletions(-) diff --git a/ecc/bls12-377/fr/kzg/kzg.go b/ecc/bls12-377/fr/kzg/kzg.go index d1ad98ad7..c7d579af3 100644 --- a/ecc/bls12-377/fr/kzg/kzg.go +++ b/ecc/bls12-377/fr/kzg/kzg.go @@ -168,7 +168,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [f(a)]G₁ var claimedValueG1Aff bls12377.G1Jac var claimedValueBigInt big.Int - proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt) + proof.ClaimedValue.BigInt(&claimedValueBigInt) claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) // [f(α) - f(a)]G₁ @@ -183,7 +183,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [α-a]G₂ var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls12377.G2Jac var pointBigInt big.Int - point.ToBigIntRegular(&pointBigInt) + point.BigInt(&pointBigInt) genG2Jac.FromAffine(&srs.G2[0]) alphaG2Jac.FromAffine(&srs.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). @@ -414,7 +414,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // compute commitment to folded Eval [∑ᵢλᵢfᵢ(aᵢ)]G₁ var foldedEvalsCommit bls12377.G1Affine var foldedEvalsBigInt big.Int - foldedEvals.ToBigIntRegular(&foldedEvalsBigInt) + foldedEvals.BigInt(&foldedEvalsBigInt) foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ diff --git a/ecc/bls12-377/fr/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go index e09042bdf..0836edb7c 100644 --- a/ecc/bls12-377/fr/kzg/kzg_test.go +++ b/ecc/bls12-377/fr/kzg/kzg_test.go @@ -127,7 +127,7 @@ func TestCommit(t *testing.T) { x.SetString("42") fx := eval(f, x) var fxbi big.Int - fx.ToBigIntRegular(&fxbi) + fx.BigInt(&fxbi) var manualCommit bls12377.G1Affine manualCommit.Set(&testSRS.G1[0]) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) diff --git a/ecc/bls12-377/fr/mimc/mimc.go b/ecc/bls12-377/fr/mimc/mimc.go index af2ec6ae1..7aa7de0ba 100644 --- a/ecc/bls12-377/fr/mimc/mimc.go +++ b/ecc/bls12-377/fr/mimc/mimc.go @@ -49,7 +49,7 @@ func GetConstants() []big.Int { once.Do(initConstants) // init constants res := make([]big.Int, mimcNbRounds) for i := 0; i < mimcNbRounds; i++ { - mimcConstants[i].ToBigIntRegular(&res[i]) + mimcConstants[i].BigInt(&res[i]) } return res } diff --git a/ecc/bls12-377/fr/plookup/table.go b/ecc/bls12-377/fr/plookup/table.go index e5347c1e3..5d8e86c4e 100644 --- a/ecc/bls12-377/fr/plookup/table.go +++ b/ecc/bls12-377/fr/plookup/table.go @@ -207,7 +207,7 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { comf.Set(&proof.fs[nbRows-1]) comt.Set(&proof.ts[nbRows-1]) var blambda big.Int - lambda.ToBigIntRegular(&blambda) + lambda.BigInt(&blambda) for i := nbRows - 2; i >= 0; i-- { comf.ScalarMultiplication(&comf, &blambda). Add(&comf, &proof.fs[i]) diff --git a/ecc/bls12-377/g1_test.go b/ecc/bls12-377/g1_test.go index 94f0c32de..69fd99df0 100644 --- a/ecc/bls12-377/g1_test.go +++ b/ecc/bls12-377/g1_test.go @@ -346,7 +346,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g1Gen, &scalar) op2.mulWindowed(&g1Gen, &blindedScalar) @@ -369,7 +369,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g1Gen, &scalar) op2.ScalarMultiplication(&g1Gen, &blindedScalar) @@ -385,7 +385,7 @@ func TestG1AffineOps(t *testing.T) { var r big.Int var op1, op2 G1Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g1Gen, &r) op2.mulGLV(&g1Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g1Infinity) @@ -472,7 +472,7 @@ func TestG1AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G1Jac var expected G1Affine var b big.Int - expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bls12-377/g2_test.go b/ecc/bls12-377/g2_test.go index e0ed36073..8e08ffe32 100644 --- a/ecc/bls12-377/g2_test.go +++ b/ecc/bls12-377/g2_test.go @@ -347,7 +347,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g2Gen, &scalar) op2.mulWindowed(&g2Gen, &blindedScalar) @@ -378,7 +378,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g2Gen, &scalar) op2.ScalarMultiplication(&g2Gen, &blindedScalar) @@ -394,7 +394,7 @@ func TestG2AffineOps(t *testing.T) { var r big.Int var op1, op2 G2Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g2Gen, &r) op2.mulGLV(&g2Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g2Infinity) @@ -478,7 +478,7 @@ func TestG2AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G2Jac var expected G2Affine var b big.Int - expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bls12-377/internal/fptower/e12_test.go b/ecc/bls12-377/internal/fptower/e12_test.go index c0141ed17..ab7e3d514 100644 --- a/ecc/bls12-377/internal/fptower/e12_test.go +++ b/ecc/bls12-377/internal/fptower/e12_test.go @@ -413,7 +413,7 @@ func TestE12Ops(t *testing.T) { var _e big.Int k := new(big.Int).SetUint64(12) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) c.Exp(*a, &_e) d.CyclotomicExp(*a, &_e) diff --git a/ecc/bls12-377/marshal_test.go b/ecc/bls12-377/marshal_test.go index aac2cf9a6..4210f29be 100644 --- a/ecc/bls12-377/marshal_test.go +++ b/ecc/bls12-377/marshal_test.go @@ -262,7 +262,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.RawBytes() @@ -282,7 +282,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.Bytes() @@ -355,7 +355,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.RawBytes() @@ -375,7 +375,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.Bytes() diff --git a/ecc/bls12-377/multiexp_test.go b/ecc/bls12-377/multiexp_test.go index 6d11510f9..efc4e6783 100644 --- a/ecc/bls12-377/multiexp_test.go +++ b/ecc/bls12-377/multiexp_test.go @@ -112,7 +112,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -147,7 +147,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -220,7 +220,7 @@ func TestMultiExpG1(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G1Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g1GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) @@ -526,7 +526,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -561,7 +561,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -634,7 +634,7 @@ func TestMultiExpG2(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G2Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g2GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) diff --git a/ecc/bls12-377/pairing_test.go b/ecc/bls12-377/pairing_test.go index c64efebad..5c0d371b2 100644 --- a/ecc/bls12-377/pairing_test.go +++ b/ecc/bls12-377/pairing_test.go @@ -73,7 +73,7 @@ func TestPairing(t *testing.T) { k := new(big.Int).SetUint64(12) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) ne.Neg(&_e) var b, c, d GT @@ -116,8 +116,8 @@ func TestPairing(t *testing.T) { var abigint, bbigint, ab big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ab.Mul(&abigint, &bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) @@ -182,8 +182,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -225,8 +225,8 @@ func TestMillerLoop(t *testing.T) { one.SetOne() - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -263,8 +263,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -391,7 +391,7 @@ func BenchmarkExpGT(b *testing.B) { k := new(big.Int).SetUint64(12) e.Exp(e, k) var _e big.Int - e.ToBigIntRegular(&_e) + e.BigInt(&_e) b.Run("Naive windowed Exp", func(b *testing.B) { b.ResetTimer() diff --git a/ecc/bls12-378/fr/kzg/kzg.go b/ecc/bls12-378/fr/kzg/kzg.go index 4da124de6..984ece8f1 100644 --- a/ecc/bls12-378/fr/kzg/kzg.go +++ b/ecc/bls12-378/fr/kzg/kzg.go @@ -168,7 +168,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [f(a)]G₁ var claimedValueG1Aff bls12378.G1Jac var claimedValueBigInt big.Int - proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt) + proof.ClaimedValue.BigInt(&claimedValueBigInt) claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) // [f(α) - f(a)]G₁ @@ -183,7 +183,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [α-a]G₂ var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls12378.G2Jac var pointBigInt big.Int - point.ToBigIntRegular(&pointBigInt) + point.BigInt(&pointBigInt) genG2Jac.FromAffine(&srs.G2[0]) alphaG2Jac.FromAffine(&srs.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). @@ -414,7 +414,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // compute commitment to folded Eval [∑ᵢλᵢfᵢ(aᵢ)]G₁ var foldedEvalsCommit bls12378.G1Affine var foldedEvalsBigInt big.Int - foldedEvals.ToBigIntRegular(&foldedEvalsBigInt) + foldedEvals.BigInt(&foldedEvalsBigInt) foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ diff --git a/ecc/bls12-378/fr/kzg/kzg_test.go b/ecc/bls12-378/fr/kzg/kzg_test.go index 7e8fdc320..475f39b33 100644 --- a/ecc/bls12-378/fr/kzg/kzg_test.go +++ b/ecc/bls12-378/fr/kzg/kzg_test.go @@ -127,7 +127,7 @@ func TestCommit(t *testing.T) { x.SetString("42") fx := eval(f, x) var fxbi big.Int - fx.ToBigIntRegular(&fxbi) + fx.BigInt(&fxbi) var manualCommit bls12378.G1Affine manualCommit.Set(&testSRS.G1[0]) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) diff --git a/ecc/bls12-378/fr/mimc/mimc.go b/ecc/bls12-378/fr/mimc/mimc.go index 1be5722a5..e9a39c6b3 100644 --- a/ecc/bls12-378/fr/mimc/mimc.go +++ b/ecc/bls12-378/fr/mimc/mimc.go @@ -49,7 +49,7 @@ func GetConstants() []big.Int { once.Do(initConstants) // init constants res := make([]big.Int, mimcNbRounds) for i := 0; i < mimcNbRounds; i++ { - mimcConstants[i].ToBigIntRegular(&res[i]) + mimcConstants[i].BigInt(&res[i]) } return res } diff --git a/ecc/bls12-378/fr/plookup/table.go b/ecc/bls12-378/fr/plookup/table.go index 8c7299969..a63d8c1e0 100644 --- a/ecc/bls12-378/fr/plookup/table.go +++ b/ecc/bls12-378/fr/plookup/table.go @@ -207,7 +207,7 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { comf.Set(&proof.fs[nbRows-1]) comt.Set(&proof.ts[nbRows-1]) var blambda big.Int - lambda.ToBigIntRegular(&blambda) + lambda.BigInt(&blambda) for i := nbRows - 2; i >= 0; i-- { comf.ScalarMultiplication(&comf, &blambda). Add(&comf, &proof.fs[i]) diff --git a/ecc/bls12-378/g1_test.go b/ecc/bls12-378/g1_test.go index 93f106197..b26c899a9 100644 --- a/ecc/bls12-378/g1_test.go +++ b/ecc/bls12-378/g1_test.go @@ -346,7 +346,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g1Gen, &scalar) op2.mulWindowed(&g1Gen, &blindedScalar) @@ -369,7 +369,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g1Gen, &scalar) op2.ScalarMultiplication(&g1Gen, &blindedScalar) @@ -385,7 +385,7 @@ func TestG1AffineOps(t *testing.T) { var r big.Int var op1, op2 G1Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g1Gen, &r) op2.mulGLV(&g1Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g1Infinity) @@ -472,7 +472,7 @@ func TestG1AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G1Jac var expected G1Affine var b big.Int - expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bls12-378/g2_test.go b/ecc/bls12-378/g2_test.go index e2eaa4454..2aca6ece1 100644 --- a/ecc/bls12-378/g2_test.go +++ b/ecc/bls12-378/g2_test.go @@ -347,7 +347,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g2Gen, &scalar) op2.mulWindowed(&g2Gen, &blindedScalar) @@ -378,7 +378,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g2Gen, &scalar) op2.ScalarMultiplication(&g2Gen, &blindedScalar) @@ -394,7 +394,7 @@ func TestG2AffineOps(t *testing.T) { var r big.Int var op1, op2 G2Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g2Gen, &r) op2.mulGLV(&g2Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g2Infinity) @@ -478,7 +478,7 @@ func TestG2AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G2Jac var expected G2Affine var b big.Int - expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bls12-378/internal/fptower/e12_test.go b/ecc/bls12-378/internal/fptower/e12_test.go index 51a5042c7..c34e1342a 100644 --- a/ecc/bls12-378/internal/fptower/e12_test.go +++ b/ecc/bls12-378/internal/fptower/e12_test.go @@ -413,7 +413,7 @@ func TestE12Ops(t *testing.T) { var _e big.Int k := new(big.Int).SetUint64(12) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) c.Exp(*a, &_e) d.CyclotomicExp(*a, &_e) diff --git a/ecc/bls12-378/marshal_test.go b/ecc/bls12-378/marshal_test.go index fa23da6fa..88d895280 100644 --- a/ecc/bls12-378/marshal_test.go +++ b/ecc/bls12-378/marshal_test.go @@ -262,7 +262,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.RawBytes() @@ -282,7 +282,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.Bytes() @@ -355,7 +355,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.RawBytes() @@ -375,7 +375,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.Bytes() diff --git a/ecc/bls12-378/multiexp_test.go b/ecc/bls12-378/multiexp_test.go index 7e8cdd73a..ea26a15aa 100644 --- a/ecc/bls12-378/multiexp_test.go +++ b/ecc/bls12-378/multiexp_test.go @@ -112,7 +112,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -147,7 +147,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -220,7 +220,7 @@ func TestMultiExpG1(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G1Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g1GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) @@ -526,7 +526,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -561,7 +561,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -634,7 +634,7 @@ func TestMultiExpG2(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G2Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g2GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) diff --git a/ecc/bls12-378/pairing_test.go b/ecc/bls12-378/pairing_test.go index 790d64d88..18772721c 100644 --- a/ecc/bls12-378/pairing_test.go +++ b/ecc/bls12-378/pairing_test.go @@ -73,7 +73,7 @@ func TestPairing(t *testing.T) { k := new(big.Int).SetUint64(12) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) ne.Neg(&_e) var b, c, d GT @@ -116,8 +116,8 @@ func TestPairing(t *testing.T) { var abigint, bbigint, ab big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ab.Mul(&abigint, &bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) @@ -182,8 +182,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -225,8 +225,8 @@ func TestMillerLoop(t *testing.T) { one.SetOne() - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -263,8 +263,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -391,7 +391,7 @@ func BenchmarkExpGT(b *testing.B) { k := new(big.Int).SetUint64(12) e.Exp(e, k) var _e big.Int - e.ToBigIntRegular(&_e) + e.BigInt(&_e) b.Run("Naive windowed Exp", func(b *testing.B) { b.ResetTimer() diff --git a/ecc/bls12-381/fr/kzg/kzg.go b/ecc/bls12-381/fr/kzg/kzg.go index e7e4d3d3b..6a8036740 100644 --- a/ecc/bls12-381/fr/kzg/kzg.go +++ b/ecc/bls12-381/fr/kzg/kzg.go @@ -168,7 +168,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [f(a)]G₁ var claimedValueG1Aff bls12381.G1Jac var claimedValueBigInt big.Int - proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt) + proof.ClaimedValue.BigInt(&claimedValueBigInt) claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) // [f(α) - f(a)]G₁ @@ -183,7 +183,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [α-a]G₂ var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls12381.G2Jac var pointBigInt big.Int - point.ToBigIntRegular(&pointBigInt) + point.BigInt(&pointBigInt) genG2Jac.FromAffine(&srs.G2[0]) alphaG2Jac.FromAffine(&srs.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). @@ -414,7 +414,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // compute commitment to folded Eval [∑ᵢλᵢfᵢ(aᵢ)]G₁ var foldedEvalsCommit bls12381.G1Affine var foldedEvalsBigInt big.Int - foldedEvals.ToBigIntRegular(&foldedEvalsBigInt) + foldedEvals.BigInt(&foldedEvalsBigInt) foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ diff --git a/ecc/bls12-381/fr/kzg/kzg_test.go b/ecc/bls12-381/fr/kzg/kzg_test.go index 2332edb46..94b32ee58 100644 --- a/ecc/bls12-381/fr/kzg/kzg_test.go +++ b/ecc/bls12-381/fr/kzg/kzg_test.go @@ -127,7 +127,7 @@ func TestCommit(t *testing.T) { x.SetString("42") fx := eval(f, x) var fxbi big.Int - fx.ToBigIntRegular(&fxbi) + fx.BigInt(&fxbi) var manualCommit bls12381.G1Affine manualCommit.Set(&testSRS.G1[0]) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) diff --git a/ecc/bls12-381/fr/mimc/mimc.go b/ecc/bls12-381/fr/mimc/mimc.go index 0d9a0bf50..5dfbd5a1a 100644 --- a/ecc/bls12-381/fr/mimc/mimc.go +++ b/ecc/bls12-381/fr/mimc/mimc.go @@ -49,7 +49,7 @@ func GetConstants() []big.Int { once.Do(initConstants) // init constants res := make([]big.Int, mimcNbRounds) for i := 0; i < mimcNbRounds; i++ { - mimcConstants[i].ToBigIntRegular(&res[i]) + mimcConstants[i].BigInt(&res[i]) } return res } diff --git a/ecc/bls12-381/fr/plookup/table.go b/ecc/bls12-381/fr/plookup/table.go index 8593e30c6..ffc8df4c3 100644 --- a/ecc/bls12-381/fr/plookup/table.go +++ b/ecc/bls12-381/fr/plookup/table.go @@ -207,7 +207,7 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { comf.Set(&proof.fs[nbRows-1]) comt.Set(&proof.ts[nbRows-1]) var blambda big.Int - lambda.ToBigIntRegular(&blambda) + lambda.BigInt(&blambda) for i := nbRows - 2; i >= 0; i-- { comf.ScalarMultiplication(&comf, &blambda). Add(&comf, &proof.fs[i]) diff --git a/ecc/bls12-381/g1_test.go b/ecc/bls12-381/g1_test.go index 7e25d4d4e..93f2c75d2 100644 --- a/ecc/bls12-381/g1_test.go +++ b/ecc/bls12-381/g1_test.go @@ -346,7 +346,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g1Gen, &scalar) op2.mulWindowed(&g1Gen, &blindedScalar) @@ -369,7 +369,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g1Gen, &scalar) op2.ScalarMultiplication(&g1Gen, &blindedScalar) @@ -385,7 +385,7 @@ func TestG1AffineOps(t *testing.T) { var r big.Int var op1, op2 G1Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g1Gen, &r) op2.mulGLV(&g1Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g1Infinity) @@ -472,7 +472,7 @@ func TestG1AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G1Jac var expected G1Affine var b big.Int - expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bls12-381/g2_test.go b/ecc/bls12-381/g2_test.go index 026c06e4c..3882c86fc 100644 --- a/ecc/bls12-381/g2_test.go +++ b/ecc/bls12-381/g2_test.go @@ -347,7 +347,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g2Gen, &scalar) op2.mulWindowed(&g2Gen, &blindedScalar) @@ -378,7 +378,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g2Gen, &scalar) op2.ScalarMultiplication(&g2Gen, &blindedScalar) @@ -394,7 +394,7 @@ func TestG2AffineOps(t *testing.T) { var r big.Int var op1, op2 G2Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g2Gen, &r) op2.mulGLV(&g2Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g2Infinity) @@ -478,7 +478,7 @@ func TestG2AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G2Jac var expected G2Affine var b big.Int - expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bls12-381/internal/fptower/e12_test.go b/ecc/bls12-381/internal/fptower/e12_test.go index 2855516d6..715223f84 100644 --- a/ecc/bls12-381/internal/fptower/e12_test.go +++ b/ecc/bls12-381/internal/fptower/e12_test.go @@ -413,7 +413,7 @@ func TestE12Ops(t *testing.T) { var _e big.Int k := new(big.Int).SetUint64(12) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) c.Exp(*a, &_e) d.CyclotomicExp(*a, &_e) diff --git a/ecc/bls12-381/marshal_test.go b/ecc/bls12-381/marshal_test.go index 6fb4c0f62..f2c414206 100644 --- a/ecc/bls12-381/marshal_test.go +++ b/ecc/bls12-381/marshal_test.go @@ -262,7 +262,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.RawBytes() @@ -282,7 +282,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.Bytes() @@ -355,7 +355,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.RawBytes() @@ -375,7 +375,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.Bytes() diff --git a/ecc/bls12-381/multiexp_test.go b/ecc/bls12-381/multiexp_test.go index f5a52ce42..3fdb2cb03 100644 --- a/ecc/bls12-381/multiexp_test.go +++ b/ecc/bls12-381/multiexp_test.go @@ -112,7 +112,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -147,7 +147,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -220,7 +220,7 @@ func TestMultiExpG1(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G1Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g1GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) @@ -526,7 +526,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -561,7 +561,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -634,7 +634,7 @@ func TestMultiExpG2(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G2Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g2GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) diff --git a/ecc/bls12-381/pairing_test.go b/ecc/bls12-381/pairing_test.go index 3262379ef..4360e7b09 100644 --- a/ecc/bls12-381/pairing_test.go +++ b/ecc/bls12-381/pairing_test.go @@ -73,7 +73,7 @@ func TestPairing(t *testing.T) { k := new(big.Int).SetUint64(12) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) ne.Neg(&_e) var b, c, d GT @@ -116,8 +116,8 @@ func TestPairing(t *testing.T) { var abigint, bbigint, ab big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ab.Mul(&abigint, &bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) @@ -182,8 +182,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -225,8 +225,8 @@ func TestMillerLoop(t *testing.T) { one.SetOne() - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -263,8 +263,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -391,7 +391,7 @@ func BenchmarkExpGT(b *testing.B) { k := new(big.Int).SetUint64(12) e.Exp(e, k) var _e big.Int - e.ToBigIntRegular(&_e) + e.BigInt(&_e) b.Run("Naive windowed Exp", func(b *testing.B) { b.ResetTimer() diff --git a/ecc/bls24-315/fr/kzg/kzg.go b/ecc/bls24-315/fr/kzg/kzg.go index a844089a5..108163d55 100644 --- a/ecc/bls24-315/fr/kzg/kzg.go +++ b/ecc/bls24-315/fr/kzg/kzg.go @@ -168,7 +168,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [f(a)]G₁ var claimedValueG1Aff bls24315.G1Jac var claimedValueBigInt big.Int - proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt) + proof.ClaimedValue.BigInt(&claimedValueBigInt) claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) // [f(α) - f(a)]G₁ @@ -183,7 +183,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [α-a]G₂ var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls24315.G2Jac var pointBigInt big.Int - point.ToBigIntRegular(&pointBigInt) + point.BigInt(&pointBigInt) genG2Jac.FromAffine(&srs.G2[0]) alphaG2Jac.FromAffine(&srs.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). @@ -414,7 +414,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // compute commitment to folded Eval [∑ᵢλᵢfᵢ(aᵢ)]G₁ var foldedEvalsCommit bls24315.G1Affine var foldedEvalsBigInt big.Int - foldedEvals.ToBigIntRegular(&foldedEvalsBigInt) + foldedEvals.BigInt(&foldedEvalsBigInt) foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ diff --git a/ecc/bls24-315/fr/kzg/kzg_test.go b/ecc/bls24-315/fr/kzg/kzg_test.go index 780824d3b..37fd8c023 100644 --- a/ecc/bls24-315/fr/kzg/kzg_test.go +++ b/ecc/bls24-315/fr/kzg/kzg_test.go @@ -127,7 +127,7 @@ func TestCommit(t *testing.T) { x.SetString("42") fx := eval(f, x) var fxbi big.Int - fx.ToBigIntRegular(&fxbi) + fx.BigInt(&fxbi) var manualCommit bls24315.G1Affine manualCommit.Set(&testSRS.G1[0]) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) diff --git a/ecc/bls24-315/fr/mimc/mimc.go b/ecc/bls24-315/fr/mimc/mimc.go index 479371aaf..a44ed57bb 100644 --- a/ecc/bls24-315/fr/mimc/mimc.go +++ b/ecc/bls24-315/fr/mimc/mimc.go @@ -49,7 +49,7 @@ func GetConstants() []big.Int { once.Do(initConstants) // init constants res := make([]big.Int, mimcNbRounds) for i := 0; i < mimcNbRounds; i++ { - mimcConstants[i].ToBigIntRegular(&res[i]) + mimcConstants[i].BigInt(&res[i]) } return res } diff --git a/ecc/bls24-315/fr/plookup/table.go b/ecc/bls24-315/fr/plookup/table.go index 1eb07b83a..770cd0c99 100644 --- a/ecc/bls24-315/fr/plookup/table.go +++ b/ecc/bls24-315/fr/plookup/table.go @@ -207,7 +207,7 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { comf.Set(&proof.fs[nbRows-1]) comt.Set(&proof.ts[nbRows-1]) var blambda big.Int - lambda.ToBigIntRegular(&blambda) + lambda.BigInt(&blambda) for i := nbRows - 2; i >= 0; i-- { comf.ScalarMultiplication(&comf, &blambda). Add(&comf, &proof.fs[i]) diff --git a/ecc/bls24-315/g1_test.go b/ecc/bls24-315/g1_test.go index 6f553b866..d2bb9796c 100644 --- a/ecc/bls24-315/g1_test.go +++ b/ecc/bls24-315/g1_test.go @@ -346,7 +346,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g1Gen, &scalar) op2.mulWindowed(&g1Gen, &blindedScalar) @@ -369,7 +369,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g1Gen, &scalar) op2.ScalarMultiplication(&g1Gen, &blindedScalar) @@ -385,7 +385,7 @@ func TestG1AffineOps(t *testing.T) { var r big.Int var op1, op2 G1Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g1Gen, &r) op2.mulGLV(&g1Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g1Infinity) @@ -472,7 +472,7 @@ func TestG1AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G1Jac var expected G1Affine var b big.Int - expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bls24-315/g2_test.go b/ecc/bls24-315/g2_test.go index f89f79150..785606e1f 100644 --- a/ecc/bls24-315/g2_test.go +++ b/ecc/bls24-315/g2_test.go @@ -347,7 +347,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g2Gen, &scalar) op2.mulWindowed(&g2Gen, &blindedScalar) @@ -378,7 +378,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g2Gen, &scalar) op2.ScalarMultiplication(&g2Gen, &blindedScalar) @@ -394,7 +394,7 @@ func TestG2AffineOps(t *testing.T) { var r big.Int var op1, op2 G2Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g2Gen, &r) op2.mulGLV(&g2Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g2Infinity) @@ -478,7 +478,7 @@ func TestG2AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G2Jac var expected G2Affine var b big.Int - expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bls24-315/marshal_test.go b/ecc/bls24-315/marshal_test.go index 4a038f6f4..3690d497c 100644 --- a/ecc/bls24-315/marshal_test.go +++ b/ecc/bls24-315/marshal_test.go @@ -262,7 +262,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.RawBytes() @@ -282,7 +282,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.Bytes() @@ -355,7 +355,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.RawBytes() @@ -375,7 +375,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.Bytes() diff --git a/ecc/bls24-315/multiexp_test.go b/ecc/bls24-315/multiexp_test.go index 945da773a..579024d3d 100644 --- a/ecc/bls24-315/multiexp_test.go +++ b/ecc/bls24-315/multiexp_test.go @@ -112,7 +112,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -147,7 +147,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -220,7 +220,7 @@ func TestMultiExpG1(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G1Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g1GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) @@ -526,7 +526,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -561,7 +561,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -634,7 +634,7 @@ func TestMultiExpG2(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G2Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g2GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) diff --git a/ecc/bls24-315/pairing_test.go b/ecc/bls24-315/pairing_test.go index 44a645790..b7bb32925 100644 --- a/ecc/bls24-315/pairing_test.go +++ b/ecc/bls24-315/pairing_test.go @@ -75,7 +75,7 @@ func TestPairing(t *testing.T) { k := new(big.Int).SetUint64(24) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) ne.Neg(&_e) var b, c, d GT @@ -118,8 +118,8 @@ func TestPairing(t *testing.T) { var abigint, bbigint, ab big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ab.Mul(&abigint, &bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) @@ -184,8 +184,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -227,8 +227,8 @@ func TestMillerLoop(t *testing.T) { one.SetOne() - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -265,8 +265,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -394,7 +394,7 @@ func BenchmarkExpGT(b *testing.B) { e.Exp(e, k) var _e big.Int - e.ToBigIntRegular(&_e) + e.BigInt(&_e) b.Run("Naive windowed Exp", func(b *testing.B) { b.ResetTimer() diff --git a/ecc/bls24-317/fr/kzg/kzg.go b/ecc/bls24-317/fr/kzg/kzg.go index 5afa077e4..be8cbadbd 100644 --- a/ecc/bls24-317/fr/kzg/kzg.go +++ b/ecc/bls24-317/fr/kzg/kzg.go @@ -168,7 +168,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [f(a)]G₁ var claimedValueG1Aff bls24317.G1Jac var claimedValueBigInt big.Int - proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt) + proof.ClaimedValue.BigInt(&claimedValueBigInt) claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) // [f(α) - f(a)]G₁ @@ -183,7 +183,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [α-a]G₂ var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls24317.G2Jac var pointBigInt big.Int - point.ToBigIntRegular(&pointBigInt) + point.BigInt(&pointBigInt) genG2Jac.FromAffine(&srs.G2[0]) alphaG2Jac.FromAffine(&srs.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). @@ -414,7 +414,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // compute commitment to folded Eval [∑ᵢλᵢfᵢ(aᵢ)]G₁ var foldedEvalsCommit bls24317.G1Affine var foldedEvalsBigInt big.Int - foldedEvals.ToBigIntRegular(&foldedEvalsBigInt) + foldedEvals.BigInt(&foldedEvalsBigInt) foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ diff --git a/ecc/bls24-317/fr/kzg/kzg_test.go b/ecc/bls24-317/fr/kzg/kzg_test.go index 907c67c85..1a68e5901 100644 --- a/ecc/bls24-317/fr/kzg/kzg_test.go +++ b/ecc/bls24-317/fr/kzg/kzg_test.go @@ -127,7 +127,7 @@ func TestCommit(t *testing.T) { x.SetString("42") fx := eval(f, x) var fxbi big.Int - fx.ToBigIntRegular(&fxbi) + fx.BigInt(&fxbi) var manualCommit bls24317.G1Affine manualCommit.Set(&testSRS.G1[0]) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) diff --git a/ecc/bls24-317/fr/mimc/mimc.go b/ecc/bls24-317/fr/mimc/mimc.go index 9b7e40c22..4d4d614f2 100644 --- a/ecc/bls24-317/fr/mimc/mimc.go +++ b/ecc/bls24-317/fr/mimc/mimc.go @@ -49,7 +49,7 @@ func GetConstants() []big.Int { once.Do(initConstants) // init constants res := make([]big.Int, mimcNbRounds) for i := 0; i < mimcNbRounds; i++ { - mimcConstants[i].ToBigIntRegular(&res[i]) + mimcConstants[i].BigInt(&res[i]) } return res } diff --git a/ecc/bls24-317/fr/plookup/table.go b/ecc/bls24-317/fr/plookup/table.go index bb87525fb..cb4851b4f 100644 --- a/ecc/bls24-317/fr/plookup/table.go +++ b/ecc/bls24-317/fr/plookup/table.go @@ -207,7 +207,7 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { comf.Set(&proof.fs[nbRows-1]) comt.Set(&proof.ts[nbRows-1]) var blambda big.Int - lambda.ToBigIntRegular(&blambda) + lambda.BigInt(&blambda) for i := nbRows - 2; i >= 0; i-- { comf.ScalarMultiplication(&comf, &blambda). Add(&comf, &proof.fs[i]) diff --git a/ecc/bls24-317/g1_test.go b/ecc/bls24-317/g1_test.go index dc50ffb49..34ce1a8a4 100644 --- a/ecc/bls24-317/g1_test.go +++ b/ecc/bls24-317/g1_test.go @@ -346,7 +346,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g1Gen, &scalar) op2.mulWindowed(&g1Gen, &blindedScalar) @@ -369,7 +369,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g1Gen, &scalar) op2.ScalarMultiplication(&g1Gen, &blindedScalar) @@ -385,7 +385,7 @@ func TestG1AffineOps(t *testing.T) { var r big.Int var op1, op2 G1Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g1Gen, &r) op2.mulGLV(&g1Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g1Infinity) @@ -472,7 +472,7 @@ func TestG1AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G1Jac var expected G1Affine var b big.Int - expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bls24-317/g2_test.go b/ecc/bls24-317/g2_test.go index 89046a867..8736bde8d 100644 --- a/ecc/bls24-317/g2_test.go +++ b/ecc/bls24-317/g2_test.go @@ -347,7 +347,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g2Gen, &scalar) op2.mulWindowed(&g2Gen, &blindedScalar) @@ -378,7 +378,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g2Gen, &scalar) op2.ScalarMultiplication(&g2Gen, &blindedScalar) @@ -394,7 +394,7 @@ func TestG2AffineOps(t *testing.T) { var r big.Int var op1, op2 G2Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g2Gen, &r) op2.mulGLV(&g2Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g2Infinity) @@ -478,7 +478,7 @@ func TestG2AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G2Jac var expected G2Affine var b big.Int - expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bls24-317/marshal_test.go b/ecc/bls24-317/marshal_test.go index f4934f6fb..c1e0c7f3a 100644 --- a/ecc/bls24-317/marshal_test.go +++ b/ecc/bls24-317/marshal_test.go @@ -262,7 +262,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.RawBytes() @@ -282,7 +282,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.Bytes() @@ -355,7 +355,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.RawBytes() @@ -375,7 +375,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.Bytes() diff --git a/ecc/bls24-317/multiexp_test.go b/ecc/bls24-317/multiexp_test.go index 326cdaa45..0d9d43039 100644 --- a/ecc/bls24-317/multiexp_test.go +++ b/ecc/bls24-317/multiexp_test.go @@ -112,7 +112,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -147,7 +147,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -220,7 +220,7 @@ func TestMultiExpG1(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G1Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g1GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) @@ -526,7 +526,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -561,7 +561,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -634,7 +634,7 @@ func TestMultiExpG2(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G2Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g2GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) diff --git a/ecc/bls24-317/pairing_test.go b/ecc/bls24-317/pairing_test.go index 23e7792c8..f1248e79a 100644 --- a/ecc/bls24-317/pairing_test.go +++ b/ecc/bls24-317/pairing_test.go @@ -74,7 +74,7 @@ func TestPairing(t *testing.T) { k := new(big.Int).SetUint64(12) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) ne.Neg(&_e) var b, c, d GT @@ -117,8 +117,8 @@ func TestPairing(t *testing.T) { var abigint, bbigint, ab big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ab.Mul(&abigint, &bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) @@ -183,8 +183,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -226,8 +226,8 @@ func TestMillerLoop(t *testing.T) { one.SetOne() - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -264,8 +264,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -392,7 +392,7 @@ func BenchmarkExpGT(b *testing.B) { k := new(big.Int).SetUint64(12) e.Exp(e, k) var _e big.Int - e.ToBigIntRegular(&_e) + e.BigInt(&_e) b.Run("Naive windowed Exp", func(b *testing.B) { b.ResetTimer() diff --git a/ecc/bn254/fr/kzg/kzg.go b/ecc/bn254/fr/kzg/kzg.go index 8de86fa92..c0d1d2638 100644 --- a/ecc/bn254/fr/kzg/kzg.go +++ b/ecc/bn254/fr/kzg/kzg.go @@ -168,7 +168,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [f(a)]G₁ var claimedValueG1Aff bn254.G1Jac var claimedValueBigInt big.Int - proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt) + proof.ClaimedValue.BigInt(&claimedValueBigInt) claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) // [f(α) - f(a)]G₁ @@ -183,7 +183,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [α-a]G₂ var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bn254.G2Jac var pointBigInt big.Int - point.ToBigIntRegular(&pointBigInt) + point.BigInt(&pointBigInt) genG2Jac.FromAffine(&srs.G2[0]) alphaG2Jac.FromAffine(&srs.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). @@ -414,7 +414,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // compute commitment to folded Eval [∑ᵢλᵢfᵢ(aᵢ)]G₁ var foldedEvalsCommit bn254.G1Affine var foldedEvalsBigInt big.Int - foldedEvals.ToBigIntRegular(&foldedEvalsBigInt) + foldedEvals.BigInt(&foldedEvalsBigInt) foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ diff --git a/ecc/bn254/fr/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go index 42ad48388..bf78f0d71 100644 --- a/ecc/bn254/fr/kzg/kzg_test.go +++ b/ecc/bn254/fr/kzg/kzg_test.go @@ -127,7 +127,7 @@ func TestCommit(t *testing.T) { x.SetString("42") fx := eval(f, x) var fxbi big.Int - fx.ToBigIntRegular(&fxbi) + fx.BigInt(&fxbi) var manualCommit bn254.G1Affine manualCommit.Set(&testSRS.G1[0]) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) diff --git a/ecc/bn254/fr/mimc/mimc.go b/ecc/bn254/fr/mimc/mimc.go index fdbdf7dab..3294d8f72 100644 --- a/ecc/bn254/fr/mimc/mimc.go +++ b/ecc/bn254/fr/mimc/mimc.go @@ -49,7 +49,7 @@ func GetConstants() []big.Int { once.Do(initConstants) // init constants res := make([]big.Int, mimcNbRounds) for i := 0; i < mimcNbRounds; i++ { - mimcConstants[i].ToBigIntRegular(&res[i]) + mimcConstants[i].BigInt(&res[i]) } return res } diff --git a/ecc/bn254/fr/plookup/table.go b/ecc/bn254/fr/plookup/table.go index bb2d7d6b0..16ba25f89 100644 --- a/ecc/bn254/fr/plookup/table.go +++ b/ecc/bn254/fr/plookup/table.go @@ -207,7 +207,7 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { comf.Set(&proof.fs[nbRows-1]) comt.Set(&proof.ts[nbRows-1]) var blambda big.Int - lambda.ToBigIntRegular(&blambda) + lambda.BigInt(&blambda) for i := nbRows - 2; i >= 0; i-- { comf.ScalarMultiplication(&comf, &blambda). Add(&comf, &proof.fs[i]) diff --git a/ecc/bn254/g1_test.go b/ecc/bn254/g1_test.go index ec7ce9eed..9e4d7855e 100644 --- a/ecc/bn254/g1_test.go +++ b/ecc/bn254/g1_test.go @@ -346,7 +346,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g1Gen, &scalar) op2.mulWindowed(&g1Gen, &blindedScalar) @@ -369,7 +369,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g1Gen, &scalar) op2.ScalarMultiplication(&g1Gen, &blindedScalar) @@ -385,7 +385,7 @@ func TestG1AffineOps(t *testing.T) { var r big.Int var op1, op2 G1Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g1Gen, &r) op2.mulGLV(&g1Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g1Infinity) @@ -433,7 +433,7 @@ func TestG1AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G1Jac var expected G1Affine var b big.Int - expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bn254/g2_test.go b/ecc/bn254/g2_test.go index bc0b7fff4..469a39cb4 100644 --- a/ecc/bn254/g2_test.go +++ b/ecc/bn254/g2_test.go @@ -346,7 +346,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g2Gen, &scalar) op2.mulWindowed(&g2Gen, &blindedScalar) @@ -377,7 +377,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g2Gen, &scalar) op2.ScalarMultiplication(&g2Gen, &blindedScalar) @@ -393,7 +393,7 @@ func TestG2AffineOps(t *testing.T) { var r big.Int var op1, op2 G2Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g2Gen, &r) op2.mulGLV(&g2Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g2Infinity) @@ -477,7 +477,7 @@ func TestG2AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G2Jac var expected G2Affine var b big.Int - expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bn254/internal/fptower/e12_test.go b/ecc/bn254/internal/fptower/e12_test.go index db3e38e9b..d7e1f7261 100644 --- a/ecc/bn254/internal/fptower/e12_test.go +++ b/ecc/bn254/internal/fptower/e12_test.go @@ -413,7 +413,7 @@ func TestE12Ops(t *testing.T) { var _e big.Int k := new(big.Int).SetUint64(12) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) c.Exp(*a, &_e) d.CyclotomicExp(*a, &_e) diff --git a/ecc/bn254/marshal_test.go b/ecc/bn254/marshal_test.go index 9d95d3f4a..9efb0365b 100644 --- a/ecc/bn254/marshal_test.go +++ b/ecc/bn254/marshal_test.go @@ -262,7 +262,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.RawBytes() @@ -282,7 +282,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.Bytes() @@ -355,7 +355,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.RawBytes() @@ -375,7 +375,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.Bytes() diff --git a/ecc/bn254/multiexp_test.go b/ecc/bn254/multiexp_test.go index d1b70087c..014341923 100644 --- a/ecc/bn254/multiexp_test.go +++ b/ecc/bn254/multiexp_test.go @@ -112,7 +112,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -147,7 +147,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -220,7 +220,7 @@ func TestMultiExpG1(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G1Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g1GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) @@ -526,7 +526,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -561,7 +561,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -634,7 +634,7 @@ func TestMultiExpG2(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G2Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g2GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) diff --git a/ecc/bn254/pairing_test.go b/ecc/bn254/pairing_test.go index da3325608..9f2ba1e4d 100644 --- a/ecc/bn254/pairing_test.go +++ b/ecc/bn254/pairing_test.go @@ -73,7 +73,7 @@ func TestPairing(t *testing.T) { k := new(big.Int).SetUint64(12) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) ne.Neg(&_e) var b, c, d GT @@ -116,8 +116,8 @@ func TestPairing(t *testing.T) { var abigint, bbigint, ab big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ab.Mul(&abigint, &bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) @@ -182,8 +182,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -225,8 +225,8 @@ func TestMillerLoop(t *testing.T) { one.SetOne() - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -263,8 +263,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -391,7 +391,7 @@ func BenchmarkExpGT(b *testing.B) { k := new(big.Int).SetUint64(12) e.Exp(e, k) var _e big.Int - e.ToBigIntRegular(&_e) + e.BigInt(&_e) b.Run("Naive windowed Exp", func(b *testing.B) { b.ResetTimer() diff --git a/ecc/bw6-633/fr/kzg/kzg.go b/ecc/bw6-633/fr/kzg/kzg.go index d9eb12d4c..e0dc1e66f 100644 --- a/ecc/bw6-633/fr/kzg/kzg.go +++ b/ecc/bw6-633/fr/kzg/kzg.go @@ -168,7 +168,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [f(a)]G₁ var claimedValueG1Aff bw6633.G1Jac var claimedValueBigInt big.Int - proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt) + proof.ClaimedValue.BigInt(&claimedValueBigInt) claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) // [f(α) - f(a)]G₁ @@ -183,7 +183,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [α-a]G₂ var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bw6633.G2Jac var pointBigInt big.Int - point.ToBigIntRegular(&pointBigInt) + point.BigInt(&pointBigInt) genG2Jac.FromAffine(&srs.G2[0]) alphaG2Jac.FromAffine(&srs.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). @@ -414,7 +414,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // compute commitment to folded Eval [∑ᵢλᵢfᵢ(aᵢ)]G₁ var foldedEvalsCommit bw6633.G1Affine var foldedEvalsBigInt big.Int - foldedEvals.ToBigIntRegular(&foldedEvalsBigInt) + foldedEvals.BigInt(&foldedEvalsBigInt) foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ diff --git a/ecc/bw6-633/fr/kzg/kzg_test.go b/ecc/bw6-633/fr/kzg/kzg_test.go index 32acddce5..55daca27b 100644 --- a/ecc/bw6-633/fr/kzg/kzg_test.go +++ b/ecc/bw6-633/fr/kzg/kzg_test.go @@ -127,7 +127,7 @@ func TestCommit(t *testing.T) { x.SetString("42") fx := eval(f, x) var fxbi big.Int - fx.ToBigIntRegular(&fxbi) + fx.BigInt(&fxbi) var manualCommit bw6633.G1Affine manualCommit.Set(&testSRS.G1[0]) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) diff --git a/ecc/bw6-633/fr/mimc/mimc.go b/ecc/bw6-633/fr/mimc/mimc.go index 93a615cc3..b18256d38 100644 --- a/ecc/bw6-633/fr/mimc/mimc.go +++ b/ecc/bw6-633/fr/mimc/mimc.go @@ -49,7 +49,7 @@ func GetConstants() []big.Int { once.Do(initConstants) // init constants res := make([]big.Int, mimcNbRounds) for i := 0; i < mimcNbRounds; i++ { - mimcConstants[i].ToBigIntRegular(&res[i]) + mimcConstants[i].BigInt(&res[i]) } return res } diff --git a/ecc/bw6-633/fr/plookup/table.go b/ecc/bw6-633/fr/plookup/table.go index dd6b02ba7..fb3c4969b 100644 --- a/ecc/bw6-633/fr/plookup/table.go +++ b/ecc/bw6-633/fr/plookup/table.go @@ -207,7 +207,7 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { comf.Set(&proof.fs[nbRows-1]) comt.Set(&proof.ts[nbRows-1]) var blambda big.Int - lambda.ToBigIntRegular(&blambda) + lambda.BigInt(&blambda) for i := nbRows - 2; i >= 0; i-- { comf.ScalarMultiplication(&comf, &blambda). Add(&comf, &proof.fs[i]) diff --git a/ecc/bw6-633/g1_test.go b/ecc/bw6-633/g1_test.go index bf3e45975..fa3ae952a 100644 --- a/ecc/bw6-633/g1_test.go +++ b/ecc/bw6-633/g1_test.go @@ -346,7 +346,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g1Gen, &scalar) op2.mulWindowed(&g1Gen, &blindedScalar) @@ -369,7 +369,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g1Gen, &scalar) op2.ScalarMultiplication(&g1Gen, &blindedScalar) @@ -385,7 +385,7 @@ func TestG1AffineOps(t *testing.T) { var r big.Int var op1, op2 G1Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g1Gen, &r) op2.mulGLV(&g1Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g1Infinity) @@ -472,7 +472,7 @@ func TestG1AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G1Jac var expected G1Affine var b big.Int - expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bw6-633/g2_test.go b/ecc/bw6-633/g2_test.go index e5091c050..2a04a341d 100644 --- a/ecc/bw6-633/g2_test.go +++ b/ecc/bw6-633/g2_test.go @@ -333,7 +333,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g2Gen, &scalar) op2.mulWindowed(&g2Gen, &blindedScalar) @@ -356,7 +356,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g2Gen, &scalar) op2.ScalarMultiplication(&g2Gen, &blindedScalar) @@ -372,7 +372,7 @@ func TestG2AffineOps(t *testing.T) { var r big.Int var op1, op2 G2Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g2Gen, &r) op2.mulGLV(&g2Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g2Infinity) @@ -459,7 +459,7 @@ func TestG2AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G2Jac var expected G2Affine var b big.Int - expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bw6-633/marshal_test.go b/ecc/bw6-633/marshal_test.go index 469356726..93ff07df0 100644 --- a/ecc/bw6-633/marshal_test.go +++ b/ecc/bw6-633/marshal_test.go @@ -262,7 +262,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.RawBytes() @@ -282,7 +282,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.Bytes() @@ -355,7 +355,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.RawBytes() @@ -375,7 +375,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.Bytes() diff --git a/ecc/bw6-633/multiexp_test.go b/ecc/bw6-633/multiexp_test.go index 6014b1b10..d2005ae2c 100644 --- a/ecc/bw6-633/multiexp_test.go +++ b/ecc/bw6-633/multiexp_test.go @@ -112,7 +112,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -147,7 +147,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -220,7 +220,7 @@ func TestMultiExpG1(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G1Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g1GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) @@ -526,7 +526,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -561,7 +561,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -634,7 +634,7 @@ func TestMultiExpG2(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G2Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g2GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) diff --git a/ecc/bw6-633/pairing_test.go b/ecc/bw6-633/pairing_test.go index f8a0f84bb..2303c0438 100644 --- a/ecc/bw6-633/pairing_test.go +++ b/ecc/bw6-633/pairing_test.go @@ -75,7 +75,7 @@ func TestPairing(t *testing.T) { k := new(big.Int).SetUint64(6) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) ne.Neg(&_e) var b, c, d GT @@ -118,8 +118,8 @@ func TestPairing(t *testing.T) { var abigint, bbigint, ab big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ab.Mul(&abigint, &bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) @@ -184,8 +184,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -227,8 +227,8 @@ func TestMillerLoop(t *testing.T) { one.SetOne() - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -265,8 +265,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -394,7 +394,7 @@ func BenchmarkExpGT(b *testing.B) { e.Exp(e, k) var _e big.Int - e.ToBigIntRegular(&_e) + e.BigInt(&_e) b.Run("Naive windowed Exp", func(b *testing.B) { b.ResetTimer() diff --git a/ecc/bw6-756/fr/kzg/kzg.go b/ecc/bw6-756/fr/kzg/kzg.go index fa3e1f420..aa75cea3b 100644 --- a/ecc/bw6-756/fr/kzg/kzg.go +++ b/ecc/bw6-756/fr/kzg/kzg.go @@ -168,7 +168,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [f(a)]G₁ var claimedValueG1Aff bw6756.G1Jac var claimedValueBigInt big.Int - proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt) + proof.ClaimedValue.BigInt(&claimedValueBigInt) claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) // [f(α) - f(a)]G₁ @@ -183,7 +183,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [α-a]G₂ var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bw6756.G2Jac var pointBigInt big.Int - point.ToBigIntRegular(&pointBigInt) + point.BigInt(&pointBigInt) genG2Jac.FromAffine(&srs.G2[0]) alphaG2Jac.FromAffine(&srs.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). @@ -414,7 +414,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // compute commitment to folded Eval [∑ᵢλᵢfᵢ(aᵢ)]G₁ var foldedEvalsCommit bw6756.G1Affine var foldedEvalsBigInt big.Int - foldedEvals.ToBigIntRegular(&foldedEvalsBigInt) + foldedEvals.BigInt(&foldedEvalsBigInt) foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ diff --git a/ecc/bw6-756/fr/kzg/kzg_test.go b/ecc/bw6-756/fr/kzg/kzg_test.go index b644f7f0c..f86a9235e 100644 --- a/ecc/bw6-756/fr/kzg/kzg_test.go +++ b/ecc/bw6-756/fr/kzg/kzg_test.go @@ -127,7 +127,7 @@ func TestCommit(t *testing.T) { x.SetString("42") fx := eval(f, x) var fxbi big.Int - fx.ToBigIntRegular(&fxbi) + fx.BigInt(&fxbi) var manualCommit bw6756.G1Affine manualCommit.Set(&testSRS.G1[0]) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) diff --git a/ecc/bw6-756/fr/mimc/mimc.go b/ecc/bw6-756/fr/mimc/mimc.go index bf14e766c..0081bac32 100644 --- a/ecc/bw6-756/fr/mimc/mimc.go +++ b/ecc/bw6-756/fr/mimc/mimc.go @@ -49,7 +49,7 @@ func GetConstants() []big.Int { once.Do(initConstants) // init constants res := make([]big.Int, mimcNbRounds) for i := 0; i < mimcNbRounds; i++ { - mimcConstants[i].ToBigIntRegular(&res[i]) + mimcConstants[i].BigInt(&res[i]) } return res } diff --git a/ecc/bw6-756/fr/plookup/table.go b/ecc/bw6-756/fr/plookup/table.go index 318fe646b..a0721d1cb 100644 --- a/ecc/bw6-756/fr/plookup/table.go +++ b/ecc/bw6-756/fr/plookup/table.go @@ -207,7 +207,7 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { comf.Set(&proof.fs[nbRows-1]) comt.Set(&proof.ts[nbRows-1]) var blambda big.Int - lambda.ToBigIntRegular(&blambda) + lambda.BigInt(&blambda) for i := nbRows - 2; i >= 0; i-- { comf.ScalarMultiplication(&comf, &blambda). Add(&comf, &proof.fs[i]) diff --git a/ecc/bw6-756/g1_test.go b/ecc/bw6-756/g1_test.go index 4ab6a4cee..14a225336 100644 --- a/ecc/bw6-756/g1_test.go +++ b/ecc/bw6-756/g1_test.go @@ -346,7 +346,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g1Gen, &scalar) op2.mulWindowed(&g1Gen, &blindedScalar) @@ -369,7 +369,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g1Gen, &scalar) op2.ScalarMultiplication(&g1Gen, &blindedScalar) @@ -385,7 +385,7 @@ func TestG1AffineOps(t *testing.T) { var r big.Int var op1, op2 G1Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g1Gen, &r) op2.mulGLV(&g1Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g1Infinity) @@ -472,7 +472,7 @@ func TestG1AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G1Jac var expected G1Affine var b big.Int - expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bw6-756/g2_test.go b/ecc/bw6-756/g2_test.go index fb099c989..29a83a3c1 100644 --- a/ecc/bw6-756/g2_test.go +++ b/ecc/bw6-756/g2_test.go @@ -333,7 +333,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g2Gen, &scalar) op2.mulWindowed(&g2Gen, &blindedScalar) @@ -356,7 +356,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g2Gen, &scalar) op2.ScalarMultiplication(&g2Gen, &blindedScalar) @@ -372,7 +372,7 @@ func TestG2AffineOps(t *testing.T) { var r big.Int var op1, op2 G2Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g2Gen, &r) op2.mulGLV(&g2Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g2Infinity) @@ -459,7 +459,7 @@ func TestG2AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G2Jac var expected G2Affine var b big.Int - expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bw6-756/marshal_test.go b/ecc/bw6-756/marshal_test.go index ca8954523..991e9cf1d 100644 --- a/ecc/bw6-756/marshal_test.go +++ b/ecc/bw6-756/marshal_test.go @@ -262,7 +262,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.RawBytes() @@ -282,7 +282,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.Bytes() @@ -355,7 +355,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.RawBytes() @@ -375,7 +375,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.Bytes() diff --git a/ecc/bw6-756/multiexp_test.go b/ecc/bw6-756/multiexp_test.go index 8c8dec367..573a57662 100644 --- a/ecc/bw6-756/multiexp_test.go +++ b/ecc/bw6-756/multiexp_test.go @@ -112,7 +112,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -147,7 +147,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -220,7 +220,7 @@ func TestMultiExpG1(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G1Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g1GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) @@ -526,7 +526,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -561,7 +561,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -634,7 +634,7 @@ func TestMultiExpG2(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G2Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g2GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) diff --git a/ecc/bw6-756/pairing_test.go b/ecc/bw6-756/pairing_test.go index 5c111bbd4..779743a1f 100644 --- a/ecc/bw6-756/pairing_test.go +++ b/ecc/bw6-756/pairing_test.go @@ -74,7 +74,7 @@ func TestPairing(t *testing.T) { k := new(big.Int).SetUint64(12) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) ne.Neg(&_e) var b, c, d GT @@ -117,8 +117,8 @@ func TestPairing(t *testing.T) { var abigint, bbigint, ab big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ab.Mul(&abigint, &bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) @@ -183,8 +183,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -226,8 +226,8 @@ func TestMillerLoop(t *testing.T) { one.SetOne() - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -264,8 +264,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -392,7 +392,7 @@ func BenchmarkExpGT(b *testing.B) { k := new(big.Int).SetUint64(12) e.Exp(e, k) var _e big.Int - e.ToBigIntRegular(&_e) + e.BigInt(&_e) b.Run("Naive windowed Exp", func(b *testing.B) { b.ResetTimer() diff --git a/ecc/bw6-761/fr/kzg/kzg.go b/ecc/bw6-761/fr/kzg/kzg.go index 5650b88b3..516589b9b 100644 --- a/ecc/bw6-761/fr/kzg/kzg.go +++ b/ecc/bw6-761/fr/kzg/kzg.go @@ -168,7 +168,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [f(a)]G₁ var claimedValueG1Aff bw6761.G1Jac var claimedValueBigInt big.Int - proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt) + proof.ClaimedValue.BigInt(&claimedValueBigInt) claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) // [f(α) - f(a)]G₁ @@ -183,7 +183,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [α-a]G₂ var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bw6761.G2Jac var pointBigInt big.Int - point.ToBigIntRegular(&pointBigInt) + point.BigInt(&pointBigInt) genG2Jac.FromAffine(&srs.G2[0]) alphaG2Jac.FromAffine(&srs.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). @@ -414,7 +414,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // compute commitment to folded Eval [∑ᵢλᵢfᵢ(aᵢ)]G₁ var foldedEvalsCommit bw6761.G1Affine var foldedEvalsBigInt big.Int - foldedEvals.ToBigIntRegular(&foldedEvalsBigInt) + foldedEvals.BigInt(&foldedEvalsBigInt) foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ diff --git a/ecc/bw6-761/fr/kzg/kzg_test.go b/ecc/bw6-761/fr/kzg/kzg_test.go index ec89a0510..67c2025f6 100644 --- a/ecc/bw6-761/fr/kzg/kzg_test.go +++ b/ecc/bw6-761/fr/kzg/kzg_test.go @@ -127,7 +127,7 @@ func TestCommit(t *testing.T) { x.SetString("42") fx := eval(f, x) var fxbi big.Int - fx.ToBigIntRegular(&fxbi) + fx.BigInt(&fxbi) var manualCommit bw6761.G1Affine manualCommit.Set(&testSRS.G1[0]) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) diff --git a/ecc/bw6-761/fr/mimc/mimc.go b/ecc/bw6-761/fr/mimc/mimc.go index 0ee727977..aba964f60 100644 --- a/ecc/bw6-761/fr/mimc/mimc.go +++ b/ecc/bw6-761/fr/mimc/mimc.go @@ -49,7 +49,7 @@ func GetConstants() []big.Int { once.Do(initConstants) // init constants res := make([]big.Int, mimcNbRounds) for i := 0; i < mimcNbRounds; i++ { - mimcConstants[i].ToBigIntRegular(&res[i]) + mimcConstants[i].BigInt(&res[i]) } return res } diff --git a/ecc/bw6-761/fr/plookup/table.go b/ecc/bw6-761/fr/plookup/table.go index d5eaec0b6..166714465 100644 --- a/ecc/bw6-761/fr/plookup/table.go +++ b/ecc/bw6-761/fr/plookup/table.go @@ -207,7 +207,7 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { comf.Set(&proof.fs[nbRows-1]) comt.Set(&proof.ts[nbRows-1]) var blambda big.Int - lambda.ToBigIntRegular(&blambda) + lambda.BigInt(&blambda) for i := nbRows - 2; i >= 0; i-- { comf.ScalarMultiplication(&comf, &blambda). Add(&comf, &proof.fs[i]) diff --git a/ecc/bw6-761/g1_test.go b/ecc/bw6-761/g1_test.go index 5a3edef3d..2f978affa 100644 --- a/ecc/bw6-761/g1_test.go +++ b/ecc/bw6-761/g1_test.go @@ -346,7 +346,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g1Gen, &scalar) op2.mulWindowed(&g1Gen, &blindedScalar) @@ -369,7 +369,7 @@ func TestG1AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g1Gen, &rminusone) gneg.Neg(&g1Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g1Gen, &scalar) op2.ScalarMultiplication(&g1Gen, &blindedScalar) @@ -385,7 +385,7 @@ func TestG1AffineOps(t *testing.T) { var r big.Int var op1, op2 G1Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g1Gen, &r) op2.mulGLV(&g1Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g1Infinity) @@ -472,7 +472,7 @@ func TestG1AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G1Jac var expected G1Affine var b big.Int - expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g1Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bw6-761/g2_test.go b/ecc/bw6-761/g2_test.go index 8c3f321e6..54a13948d 100644 --- a/ecc/bw6-761/g2_test.go +++ b/ecc/bw6-761/g2_test.go @@ -333,7 +333,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&g2Gen, &scalar) op2.mulWindowed(&g2Gen, &blindedScalar) @@ -356,7 +356,7 @@ func TestG2AffineOps(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&g2Gen, &rminusone) gneg.Neg(&g2Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&g2Gen, &scalar) op2.ScalarMultiplication(&g2Gen, &blindedScalar) @@ -372,7 +372,7 @@ func TestG2AffineOps(t *testing.T) { var r big.Int var op1, op2 G2Jac - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&g2Gen, &r) op2.mulGLV(&g2Gen, &r) return op1.Equal(&op2) && !op1.Equal(&g2Infinity) @@ -459,7 +459,7 @@ func TestG2AffineBatchScalarMultiplication(t *testing.T) { var expectedJac G2Jac var expected G2Affine var b big.Int - expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&g2Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/ecc/bw6-761/marshal_test.go b/ecc/bw6-761/marshal_test.go index 51487badf..7e2554349 100644 --- a/ecc/bw6-761/marshal_test.go +++ b/ecc/bw6-761/marshal_test.go @@ -262,7 +262,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.RawBytes() @@ -282,7 +282,7 @@ func TestG1AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G1Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g1GenAff, &ab) buf := start.Bytes() @@ -355,7 +355,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.RawBytes() @@ -375,7 +375,7 @@ func TestG2AffineSerialization(t *testing.T) { func(a fp.Element) bool { var start, end G2Affine var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&g2GenAff, &ab) buf := start.Bytes() diff --git a/ecc/bw6-761/multiexp_test.go b/ecc/bw6-761/multiexp_test.go index 112cee7c8..82a44ae55 100644 --- a/ecc/bw6-761/multiexp_test.go +++ b/ecc/bw6-761/multiexp_test.go @@ -112,7 +112,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -147,7 +147,7 @@ func TestMultiExpG1(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g1Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -220,7 +220,7 @@ func TestMultiExpG1(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G1Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g1GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) @@ -526,7 +526,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -561,7 +561,7 @@ func TestMultiExpG2(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&g2Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -634,7 +634,7 @@ func TestMultiExpG2(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul G2Affine finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&g2GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) diff --git a/ecc/bw6-761/pairing_test.go b/ecc/bw6-761/pairing_test.go index 76bf81eb3..37255a3e9 100644 --- a/ecc/bw6-761/pairing_test.go +++ b/ecc/bw6-761/pairing_test.go @@ -75,7 +75,7 @@ func TestPairing(t *testing.T) { k := new(big.Int).SetUint64(6) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) ne.Neg(&_e) var b, c, d GT @@ -118,8 +118,8 @@ func TestPairing(t *testing.T) { var abigint, bbigint, ab big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ab.Mul(&abigint, &bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) @@ -184,8 +184,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -227,8 +227,8 @@ func TestMillerLoop(t *testing.T) { one.SetOne() - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -265,8 +265,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -394,7 +394,7 @@ func BenchmarkExpGT(b *testing.B) { e.Exp(e, k) var _e big.Int - e.ToBigIntRegular(&_e) + e.BigInt(&_e) b.Run("Naive windowed Exp", func(b *testing.B) { b.ResetTimer() diff --git a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl index 7a7a6e17c..adbd34041 100644 --- a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl @@ -35,7 +35,7 @@ func GetConstants() []big.Int { once.Do(initConstants) // init constants res := make([]big.Int, mimcNbRounds) for i := 0; i < mimcNbRounds; i++ { - mimcConstants[i].ToBigIntRegular(&res[i]) + mimcConstants[i].BigInt(&res[i]) } return res } diff --git a/internal/generator/ecc/template/tests/marshal.go.tmpl b/internal/generator/ecc/template/tests/marshal.go.tmpl index 2503b5d5b..809a1f7e0 100644 --- a/internal/generator/ecc/template/tests/marshal.go.tmpl +++ b/internal/generator/ecc/template/tests/marshal.go.tmpl @@ -272,7 +272,7 @@ func Test{{ $.TAffine }}Serialization(t *testing.T) { func(a fp.Element) bool { var start, end {{ $.TAffine }} var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&{{ toLower .PointName }}GenAff, &ab) buf := start.RawBytes() @@ -292,7 +292,7 @@ func Test{{ $.TAffine }}Serialization(t *testing.T) { func(a fp.Element) bool { var start, end {{ $.TAffine }} var ab big.Int - a.ToBigIntRegular(&ab) + a.BigInt(&ab) start.ScalarMultiplication(&{{ toLower .PointName }}GenAff, &ab) buf := start.Bytes() diff --git a/internal/generator/ecc/template/tests/multiexp.go.tmpl b/internal/generator/ecc/template/tests/multiexp.go.tmpl index 3be1ec4b4..c116c1de9 100644 --- a/internal/generator/ecc/template/tests/multiexp.go.tmpl +++ b/internal/generator/ecc/template/tests/multiexp.go.tmpl @@ -119,7 +119,7 @@ func TestMultiExp{{$.UPointName}}(t *testing.T) { // compute expected result with double and add var finalScalar,mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&{{ toLower $.PointName }}Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -155,7 +155,7 @@ func TestMultiExp{{$.UPointName}}(t *testing.T) { // compute expected result with double and add var finalScalar, mixerBigInt big.Int - finalScalar.Mul(&scalar, mixer.ToBigIntRegular(&mixerBigInt)) + finalScalar.Mul(&scalar, mixer.BigInt(&mixerBigInt)) expected.ScalarMultiplication(&{{ toLower $.PointName }}Gen, &finalScalar) // mixer ensures that all the words of a fpElement are set @@ -230,7 +230,7 @@ func TestMultiExp{{$.UPointName}}(t *testing.T) { var finalBigScalarBi big.Int var op1ScalarMul {{ $.TAffine }} finalBigScalar.SetUint64(9455).Mul(&finalBigScalar, &mixer) - finalBigScalar.ToBigIntRegular(&finalBigScalarBi) + finalBigScalar.BigInt(&finalBigScalarBi) op1ScalarMul.ScalarMultiplication(&{{ toLower .PointName}}GenAff, &finalBigScalarBi) return op1ScalarMul.Equal(&op1MultiExp) diff --git a/internal/generator/ecc/template/tests/point.go.tmpl b/internal/generator/ecc/template/tests/point.go.tmpl index 161177d0f..ca0edcc7d 100644 --- a/internal/generator/ecc/template/tests/point.go.tmpl +++ b/internal/generator/ecc/template/tests/point.go.tmpl @@ -378,7 +378,7 @@ func Test{{ $TAffine }}Ops(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.mulWindowed(&{{.PointName}}Gen, &rminusone) gneg.Neg(&{{.PointName}}Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.mulWindowed(&{{.PointName}}Gen, &scalar) op2.mulWindowed(&{{.PointName}}Gen, &blindedScalar) @@ -412,7 +412,7 @@ func Test{{ $TAffine }}Ops(t *testing.T) { rminusone.SetUint64(1).Sub(r, &rminusone) op3.ScalarMultiplication(&{{.PointName}}Gen, &rminusone) gneg.Neg(&{{.PointName}}Gen) - s.ToBigIntRegular(&scalar) + s.BigInt(&scalar) blindedScalar.Mul(&scalar, r).Add(&blindedScalar, &scalar) op1.ScalarMultiplication(&{{.PointName}}Gen, &scalar) op2.ScalarMultiplication(&{{.PointName}}Gen, &blindedScalar) @@ -428,7 +428,7 @@ func Test{{ $TAffine }}Ops(t *testing.T) { var r big.Int var op1, op2 {{ $TJacobian }} - s.ToBigIntRegular(&r) + s.BigInt(&r) op1.mulWindowed(&{{.PointName}}Gen, &r) op2.mulGLV(&{{.PointName}}Gen, &r) return op1.Equal(&op2) && !op1.Equal(&{{.PointName}}Infinity) @@ -532,7 +532,7 @@ func Test{{ $TAffine }}BatchScalarMultiplication(t *testing.T) { var expectedJac {{ $TJacobian }} var expected {{ $TAffine }} var b big.Int - expectedJac.ScalarMultiplication(&{{.PointName}}Gen, sampleScalars[i].ToBigIntRegular(&b)) + expectedJac.ScalarMultiplication(&{{.PointName}}Gen, sampleScalars[i].BigInt(&b)) expected.FromJacobian(&expectedJac) if !result[i].Equal(&expected) { return false diff --git a/internal/generator/kzg/template/kzg.go.tmpl b/internal/generator/kzg/template/kzg.go.tmpl index 216b05008..91b1db22a 100644 --- a/internal/generator/kzg/template/kzg.go.tmpl +++ b/internal/generator/kzg/template/kzg.go.tmpl @@ -150,7 +150,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [f(a)]G₁ var claimedValueG1Aff {{ .CurvePackage }}.G1Jac var claimedValueBigInt big.Int - proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt) + proof.ClaimedValue.BigInt(&claimedValueBigInt) claimedValueG1Aff.ScalarMultiplicationAffine(&srs.G1[0], &claimedValueBigInt) // [f(α) - f(a)]G₁ @@ -165,7 +165,7 @@ func Verify(commitment *Digest, proof *OpeningProof, point fr.Element, srs *SRS) // [α-a]G₂ var alphaMinusaG2Jac, genG2Jac, alphaG2Jac {{ .CurvePackage }}.G2Jac var pointBigInt big.Int - point.ToBigIntRegular(&pointBigInt) + point.BigInt(&pointBigInt) genG2Jac.FromAffine(&srs.G2[0]) alphaG2Jac.FromAffine(&srs.G2[1]) alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt). @@ -396,7 +396,7 @@ func BatchVerifyMultiPoints(digests []Digest, proofs []OpeningProof, points []fr // compute commitment to folded Eval [∑ᵢλᵢfᵢ(aᵢ)]G₁ var foldedEvalsCommit {{ .CurvePackage }}.G1Affine var foldedEvalsBigInt big.Int - foldedEvals.ToBigIntRegular(&foldedEvalsBigInt) + foldedEvals.BigInt(&foldedEvalsBigInt) foldedEvalsCommit.ScalarMultiplication(&srs.G1[0], &foldedEvalsBigInt) // compute foldedDigests = ∑ᵢλᵢ[fᵢ(α)]G₁ - [∑ᵢλᵢfᵢ(aᵢ)]G₁ diff --git a/internal/generator/kzg/template/kzg.test.go.tmpl b/internal/generator/kzg/template/kzg.test.go.tmpl index 1f7ba7773..a0cd06300 100644 --- a/internal/generator/kzg/template/kzg.test.go.tmpl +++ b/internal/generator/kzg/template/kzg.test.go.tmpl @@ -109,7 +109,7 @@ func TestCommit(t *testing.T) { x.SetString("42") fx := eval(f, x) var fxbi big.Int - fx.ToBigIntRegular(&fxbi) + fx.BigInt(&fxbi) var manualCommit {{ .CurvePackage }}.G1Affine manualCommit.Set(&testSRS.G1[0]) manualCommit.ScalarMultiplication(&manualCommit, &fxbi) diff --git a/internal/generator/pairing/template/tests/pairing.go.tmpl b/internal/generator/pairing/template/tests/pairing.go.tmpl index a8209b7ac..4839053c6 100644 --- a/internal/generator/pairing/template/tests/pairing.go.tmpl +++ b/internal/generator/pairing/template/tests/pairing.go.tmpl @@ -66,7 +66,7 @@ func TestPairing(t *testing.T) { k := new(big.Int).SetUint64(12) {{- end}} e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) ne.Neg(&_e) var b, c, d GT @@ -114,8 +114,8 @@ func TestPairing(t *testing.T) { var abigint, bbigint, ab big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ab.Mul(&abigint, &bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) @@ -184,8 +184,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -227,8 +227,8 @@ func TestMillerLoop(t *testing.T) { one.SetOne() - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -265,8 +265,8 @@ func TestMillerLoop(t *testing.T) { var abigint, bbigint big.Int - a.ToBigIntRegular(&abigint) - b.ToBigIntRegular(&bbigint) + a.BigInt(&abigint) + b.BigInt(&bbigint) ag1.ScalarMultiplication(&g1GenAff, &abigint) bg2.ScalarMultiplication(&g2GenAff, &bbigint) @@ -399,7 +399,7 @@ func BenchmarkExpGT(b *testing.B) { {{- end}} e.Exp(e, k) var _e big.Int - e.ToBigIntRegular(&_e) + e.BigInt(&_e) b.Run("Naive windowed Exp", func(b *testing.B) { b.ResetTimer() diff --git a/internal/generator/plookup/template/table.go.tmpl b/internal/generator/plookup/template/table.go.tmpl index b15a297e9..390fd0299 100644 --- a/internal/generator/plookup/template/table.go.tmpl +++ b/internal/generator/plookup/template/table.go.tmpl @@ -189,7 +189,7 @@ func VerifyLookupTables(srs *kzg.SRS, proof ProofLookupTables) error { comf.Set(&proof.fs[nbRows-1]) comt.Set(&proof.ts[nbRows-1]) var blambda big.Int - lambda.ToBigIntRegular(&blambda) + lambda.BigInt(&blambda) for i := nbRows - 2; i >= 0; i-- { comf.ScalarMultiplication(&comf, &blambda). Add(&comf, &proof.fs[i]) diff --git a/internal/generator/tower/template/fq12over6over2/tests/fq12.go.tmpl b/internal/generator/tower/template/fq12over6over2/tests/fq12.go.tmpl index d7131bd29..f0fba7370 100644 --- a/internal/generator/tower/template/fq12over6over2/tests/fq12.go.tmpl +++ b/internal/generator/tower/template/fq12over6over2/tests/fq12.go.tmpl @@ -398,7 +398,7 @@ func TestE12Ops(t *testing.T) { var _e big.Int k := new(big.Int).SetUint64(12) e.Exp(e, k) - e.ToBigIntRegular(&_e) + e.BigInt(&_e) c.Exp(*a, &_e) d.CyclotomicExp(*a, &_e) From 0f21a1d8f798d91b6de913fd87de6909c650d919 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 26 Jan 2023 12:55:22 -0500 Subject: [PATCH 12/30] fix: WriteString returns no error now --- ecc/bls12-377/twistededwards/eddsa/eddsa.go | 14 ++++---------- ecc/bls12-378/twistededwards/eddsa/eddsa.go | 14 ++++---------- ecc/bls12-381/bandersnatch/eddsa/eddsa.go | 14 ++++---------- ecc/bls12-381/twistededwards/eddsa/eddsa.go | 14 ++++---------- ecc/bls24-315/twistededwards/eddsa/eddsa.go | 14 ++++---------- ecc/bls24-317/twistededwards/eddsa/eddsa.go | 14 ++++---------- ecc/bn254/twistededwards/eddsa/eddsa.go | 14 ++++---------- ecc/bw6-633/twistededwards/eddsa/eddsa.go | 14 ++++---------- ecc/bw6-756/twistededwards/eddsa/eddsa.go | 14 ++++---------- ecc/bw6-761/twistededwards/eddsa/eddsa.go | 14 ++++---------- .../generator/edwards/eddsa/template/eddsa.go.tmpl | 14 ++++---------- 11 files changed, 44 insertions(+), 110 deletions(-) diff --git a/ecc/bls12-377/twistededwards/eddsa/eddsa.go b/ecc/bls12-377/twistededwards/eddsa/eddsa.go index b1d90f3f2..2a0811f7c 100644 --- a/ecc/bls12-377/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-377/twistededwards/eddsa/eddsa.go @@ -155,11 +155,8 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return nil, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { @@ -219,11 +216,8 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return false, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { diff --git a/ecc/bls12-378/twistededwards/eddsa/eddsa.go b/ecc/bls12-378/twistededwards/eddsa/eddsa.go index f4d80c0a8..7a48529a6 100644 --- a/ecc/bls12-378/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-378/twistededwards/eddsa/eddsa.go @@ -155,11 +155,8 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return nil, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { @@ -219,11 +216,8 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return false, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { diff --git a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go index 1f63c2e38..78ddfe1d4 100644 --- a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go +++ b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go @@ -155,11 +155,8 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return nil, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { @@ -219,11 +216,8 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return false, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { diff --git a/ecc/bls12-381/twistededwards/eddsa/eddsa.go b/ecc/bls12-381/twistededwards/eddsa/eddsa.go index 1f63c2e38..78ddfe1d4 100644 --- a/ecc/bls12-381/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-381/twistededwards/eddsa/eddsa.go @@ -155,11 +155,8 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return nil, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { @@ -219,11 +216,8 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return false, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { diff --git a/ecc/bls24-315/twistededwards/eddsa/eddsa.go b/ecc/bls24-315/twistededwards/eddsa/eddsa.go index d78c9a9a7..afeebdb6d 100644 --- a/ecc/bls24-315/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-315/twistededwards/eddsa/eddsa.go @@ -155,11 +155,8 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return nil, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { @@ -219,11 +216,8 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return false, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { diff --git a/ecc/bls24-317/twistededwards/eddsa/eddsa.go b/ecc/bls24-317/twistededwards/eddsa/eddsa.go index 9e1dd1f75..b6e11a00b 100644 --- a/ecc/bls24-317/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-317/twistededwards/eddsa/eddsa.go @@ -155,11 +155,8 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return nil, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { @@ -219,11 +216,8 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return false, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { diff --git a/ecc/bn254/twistededwards/eddsa/eddsa.go b/ecc/bn254/twistededwards/eddsa/eddsa.go index e7f5f788c..aaa5bb8c5 100644 --- a/ecc/bn254/twistededwards/eddsa/eddsa.go +++ b/ecc/bn254/twistededwards/eddsa/eddsa.go @@ -155,11 +155,8 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return nil, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { @@ -219,11 +216,8 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return false, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { diff --git a/ecc/bw6-633/twistededwards/eddsa/eddsa.go b/ecc/bw6-633/twistededwards/eddsa/eddsa.go index a7470d68a..40deb7d0a 100644 --- a/ecc/bw6-633/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-633/twistededwards/eddsa/eddsa.go @@ -164,11 +164,8 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return nil, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { @@ -228,11 +225,8 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return false, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { diff --git a/ecc/bw6-756/twistededwards/eddsa/eddsa.go b/ecc/bw6-756/twistededwards/eddsa/eddsa.go index 28d7e43ce..7e21ff170 100644 --- a/ecc/bw6-756/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-756/twistededwards/eddsa/eddsa.go @@ -164,11 +164,8 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return nil, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { @@ -228,11 +225,8 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return false, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { diff --git a/ecc/bw6-761/twistededwards/eddsa/eddsa.go b/ecc/bw6-761/twistededwards/eddsa/eddsa.go index 32029b09c..84e520dd9 100644 --- a/ecc/bw6-761/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-761/twistededwards/eddsa/eddsa.go @@ -164,11 +164,8 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return nil, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { @@ -228,11 +225,8 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return false, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { diff --git a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl index 5765e37bb..294d8535e 100644 --- a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl +++ b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl @@ -172,11 +172,8 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) copy(dataToHash[2*sizeFr:], resAX[:]) copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return nil, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { @@ -236,11 +233,8 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err copy(dataToHash[2*sizeFr:], sigAX[:]) copy(dataToHash[3*sizeFr:], sigAY[:]) hFunc.Reset() - if arithHFunc, ok := hFunc.(gcHash.ToField); ok { - err := arithHFunc.WriteString(dataToHash[:]) - if err != nil { - return false, err - } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { + hToFieldFunc.WriteString(dataToHash[:]) } else { _, err := hFunc.Write(dataToHash[:]) if err != nil { From 96ff306031e2513f5b699c45f168c395ec189ccd Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 26 Jan 2023 13:08:08 -0500 Subject: [PATCH 13/30] feat: edDSA to write element by element --- ecc/bls12-377/twistededwards/eddsa/eddsa.go | 53 ++++++++----------- ecc/bls12-378/twistededwards/eddsa/eddsa.go | 53 ++++++++----------- ecc/bls12-381/bandersnatch/eddsa/eddsa.go | 53 ++++++++----------- ecc/bls12-381/twistededwards/eddsa/eddsa.go | 53 ++++++++----------- ecc/bls24-315/twistededwards/eddsa/eddsa.go | 53 ++++++++----------- ecc/bls24-317/twistededwards/eddsa/eddsa.go | 53 ++++++++----------- ecc/bn254/twistededwards/eddsa/eddsa.go | 53 ++++++++----------- ecc/bw6-633/twistededwards/eddsa/eddsa.go | 53 ++++++++----------- ecc/bw6-756/twistededwards/eddsa/eddsa.go | 53 ++++++++----------- ecc/bw6-761/twistededwards/eddsa/eddsa.go | 53 ++++++++----------- .../edwards/eddsa/template/eddsa.go.tmpl | 53 ++++++++----------- 11 files changed, 231 insertions(+), 352 deletions(-) diff --git a/ecc/bls12-377/twistededwards/eddsa/eddsa.go b/ecc/bls12-377/twistededwards/eddsa/eddsa.go index 2a0811f7c..a366be6b3 100644 --- a/ecc/bls12-377/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-377/twistededwards/eddsa/eddsa.go @@ -144,28 +144,22 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) } // compute H(R, A, M), all parameters in data are in Montgomery form - resRX := res.R.X.Bytes() - resRY := res.R.Y.Bytes() - resAX := privKey.PublicKey.A.X.Bytes() - resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], resRX[:]) - copy(dataToHash[sizeFr:], resRY[:]) - copy(dataToHash[2*sizeFr:], resAX[:]) - copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() + + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return nil, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return nil, err } } - if _, err := hFunc.Write(message); err != nil { - return nil, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -205,28 +199,23 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err } // compute H(R, A, M), all parameters in data are in Montgomery form - sigRX := sig.R.X.Bytes() - sigRY := sig.R.Y.Bytes() - sigAX := pub.A.X.Bytes() - sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], sigRX[:]) - copy(dataToHash[sizeFr:], sigRY[:]) - copy(dataToHash[2*sizeFr:], sigAX[:]) - copy(dataToHash[3*sizeFr:], sigAY[:]) + hFunc.Reset() + + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return false, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return false, err } } - if _, err := hFunc.Write(message); err != nil { - return false, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bls12-378/twistededwards/eddsa/eddsa.go b/ecc/bls12-378/twistededwards/eddsa/eddsa.go index 7a48529a6..8ea5373c7 100644 --- a/ecc/bls12-378/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-378/twistededwards/eddsa/eddsa.go @@ -144,28 +144,22 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) } // compute H(R, A, M), all parameters in data are in Montgomery form - resRX := res.R.X.Bytes() - resRY := res.R.Y.Bytes() - resAX := privKey.PublicKey.A.X.Bytes() - resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], resRX[:]) - copy(dataToHash[sizeFr:], resRY[:]) - copy(dataToHash[2*sizeFr:], resAX[:]) - copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() + + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return nil, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return nil, err } } - if _, err := hFunc.Write(message); err != nil { - return nil, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -205,28 +199,23 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err } // compute H(R, A, M), all parameters in data are in Montgomery form - sigRX := sig.R.X.Bytes() - sigRY := sig.R.Y.Bytes() - sigAX := pub.A.X.Bytes() - sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], sigRX[:]) - copy(dataToHash[sizeFr:], sigRY[:]) - copy(dataToHash[2*sizeFr:], sigAX[:]) - copy(dataToHash[3*sizeFr:], sigAY[:]) + hFunc.Reset() + + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return false, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return false, err } } - if _, err := hFunc.Write(message); err != nil { - return false, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go index 78ddfe1d4..f9e313f21 100644 --- a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go +++ b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go @@ -144,28 +144,22 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) } // compute H(R, A, M), all parameters in data are in Montgomery form - resRX := res.R.X.Bytes() - resRY := res.R.Y.Bytes() - resAX := privKey.PublicKey.A.X.Bytes() - resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], resRX[:]) - copy(dataToHash[sizeFr:], resRY[:]) - copy(dataToHash[2*sizeFr:], resAX[:]) - copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() + + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return nil, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return nil, err } } - if _, err := hFunc.Write(message); err != nil { - return nil, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -205,28 +199,23 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err } // compute H(R, A, M), all parameters in data are in Montgomery form - sigRX := sig.R.X.Bytes() - sigRY := sig.R.Y.Bytes() - sigAX := pub.A.X.Bytes() - sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], sigRX[:]) - copy(dataToHash[sizeFr:], sigRY[:]) - copy(dataToHash[2*sizeFr:], sigAX[:]) - copy(dataToHash[3*sizeFr:], sigAY[:]) + hFunc.Reset() + + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return false, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return false, err } } - if _, err := hFunc.Write(message); err != nil { - return false, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bls12-381/twistededwards/eddsa/eddsa.go b/ecc/bls12-381/twistededwards/eddsa/eddsa.go index 78ddfe1d4..f9e313f21 100644 --- a/ecc/bls12-381/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-381/twistededwards/eddsa/eddsa.go @@ -144,28 +144,22 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) } // compute H(R, A, M), all parameters in data are in Montgomery form - resRX := res.R.X.Bytes() - resRY := res.R.Y.Bytes() - resAX := privKey.PublicKey.A.X.Bytes() - resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], resRX[:]) - copy(dataToHash[sizeFr:], resRY[:]) - copy(dataToHash[2*sizeFr:], resAX[:]) - copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() + + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return nil, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return nil, err } } - if _, err := hFunc.Write(message); err != nil { - return nil, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -205,28 +199,23 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err } // compute H(R, A, M), all parameters in data are in Montgomery form - sigRX := sig.R.X.Bytes() - sigRY := sig.R.Y.Bytes() - sigAX := pub.A.X.Bytes() - sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], sigRX[:]) - copy(dataToHash[sizeFr:], sigRY[:]) - copy(dataToHash[2*sizeFr:], sigAX[:]) - copy(dataToHash[3*sizeFr:], sigAY[:]) + hFunc.Reset() + + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return false, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return false, err } } - if _, err := hFunc.Write(message); err != nil { - return false, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bls24-315/twistededwards/eddsa/eddsa.go b/ecc/bls24-315/twistededwards/eddsa/eddsa.go index afeebdb6d..ea35e3a05 100644 --- a/ecc/bls24-315/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-315/twistededwards/eddsa/eddsa.go @@ -144,28 +144,22 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) } // compute H(R, A, M), all parameters in data are in Montgomery form - resRX := res.R.X.Bytes() - resRY := res.R.Y.Bytes() - resAX := privKey.PublicKey.A.X.Bytes() - resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], resRX[:]) - copy(dataToHash[sizeFr:], resRY[:]) - copy(dataToHash[2*sizeFr:], resAX[:]) - copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() + + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return nil, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return nil, err } } - if _, err := hFunc.Write(message); err != nil { - return nil, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -205,28 +199,23 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err } // compute H(R, A, M), all parameters in data are in Montgomery form - sigRX := sig.R.X.Bytes() - sigRY := sig.R.Y.Bytes() - sigAX := pub.A.X.Bytes() - sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], sigRX[:]) - copy(dataToHash[sizeFr:], sigRY[:]) - copy(dataToHash[2*sizeFr:], sigAX[:]) - copy(dataToHash[3*sizeFr:], sigAY[:]) + hFunc.Reset() + + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return false, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return false, err } } - if _, err := hFunc.Write(message); err != nil { - return false, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bls24-317/twistededwards/eddsa/eddsa.go b/ecc/bls24-317/twistededwards/eddsa/eddsa.go index b6e11a00b..26276114c 100644 --- a/ecc/bls24-317/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-317/twistededwards/eddsa/eddsa.go @@ -144,28 +144,22 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) } // compute H(R, A, M), all parameters in data are in Montgomery form - resRX := res.R.X.Bytes() - resRY := res.R.Y.Bytes() - resAX := privKey.PublicKey.A.X.Bytes() - resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], resRX[:]) - copy(dataToHash[sizeFr:], resRY[:]) - copy(dataToHash[2*sizeFr:], resAX[:]) - copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() + + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return nil, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return nil, err } } - if _, err := hFunc.Write(message); err != nil { - return nil, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -205,28 +199,23 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err } // compute H(R, A, M), all parameters in data are in Montgomery form - sigRX := sig.R.X.Bytes() - sigRY := sig.R.Y.Bytes() - sigAX := pub.A.X.Bytes() - sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], sigRX[:]) - copy(dataToHash[sizeFr:], sigRY[:]) - copy(dataToHash[2*sizeFr:], sigAX[:]) - copy(dataToHash[3*sizeFr:], sigAY[:]) + hFunc.Reset() + + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return false, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return false, err } } - if _, err := hFunc.Write(message); err != nil { - return false, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bn254/twistededwards/eddsa/eddsa.go b/ecc/bn254/twistededwards/eddsa/eddsa.go index aaa5bb8c5..8bd774c50 100644 --- a/ecc/bn254/twistededwards/eddsa/eddsa.go +++ b/ecc/bn254/twistededwards/eddsa/eddsa.go @@ -144,28 +144,22 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) } // compute H(R, A, M), all parameters in data are in Montgomery form - resRX := res.R.X.Bytes() - resRY := res.R.Y.Bytes() - resAX := privKey.PublicKey.A.X.Bytes() - resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], resRX[:]) - copy(dataToHash[sizeFr:], resRY[:]) - copy(dataToHash[2*sizeFr:], resAX[:]) - copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() + + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return nil, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return nil, err } } - if _, err := hFunc.Write(message); err != nil { - return nil, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -205,28 +199,23 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err } // compute H(R, A, M), all parameters in data are in Montgomery form - sigRX := sig.R.X.Bytes() - sigRY := sig.R.Y.Bytes() - sigAX := pub.A.X.Bytes() - sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], sigRX[:]) - copy(dataToHash[sizeFr:], sigRY[:]) - copy(dataToHash[2*sizeFr:], sigAX[:]) - copy(dataToHash[3*sizeFr:], sigAY[:]) + hFunc.Reset() + + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return false, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return false, err } } - if _, err := hFunc.Write(message); err != nil { - return false, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bw6-633/twistededwards/eddsa/eddsa.go b/ecc/bw6-633/twistededwards/eddsa/eddsa.go index 40deb7d0a..9211a8800 100644 --- a/ecc/bw6-633/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-633/twistededwards/eddsa/eddsa.go @@ -153,28 +153,22 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) } // compute H(R, A, M), all parameters in data are in Montgomery form - resRX := res.R.X.Bytes() - resRY := res.R.Y.Bytes() - resAX := privKey.PublicKey.A.X.Bytes() - resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], resRX[:]) - copy(dataToHash[sizeFr:], resRY[:]) - copy(dataToHash[2*sizeFr:], resAX[:]) - copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() + + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return nil, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return nil, err } } - if _, err := hFunc.Write(message); err != nil { - return nil, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -214,28 +208,23 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err } // compute H(R, A, M), all parameters in data are in Montgomery form - sigRX := sig.R.X.Bytes() - sigRY := sig.R.Y.Bytes() - sigAX := pub.A.X.Bytes() - sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], sigRX[:]) - copy(dataToHash[sizeFr:], sigRY[:]) - copy(dataToHash[2*sizeFr:], sigAX[:]) - copy(dataToHash[3*sizeFr:], sigAY[:]) + hFunc.Reset() + + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return false, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return false, err } } - if _, err := hFunc.Write(message); err != nil { - return false, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bw6-756/twistededwards/eddsa/eddsa.go b/ecc/bw6-756/twistededwards/eddsa/eddsa.go index 7e21ff170..8cf54b458 100644 --- a/ecc/bw6-756/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-756/twistededwards/eddsa/eddsa.go @@ -153,28 +153,22 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) } // compute H(R, A, M), all parameters in data are in Montgomery form - resRX := res.R.X.Bytes() - resRY := res.R.Y.Bytes() - resAX := privKey.PublicKey.A.X.Bytes() - resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], resRX[:]) - copy(dataToHash[sizeFr:], resRY[:]) - copy(dataToHash[2*sizeFr:], resAX[:]) - copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() + + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return nil, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return nil, err } } - if _, err := hFunc.Write(message); err != nil { - return nil, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -214,28 +208,23 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err } // compute H(R, A, M), all parameters in data are in Montgomery form - sigRX := sig.R.X.Bytes() - sigRY := sig.R.Y.Bytes() - sigAX := pub.A.X.Bytes() - sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], sigRX[:]) - copy(dataToHash[sizeFr:], sigRY[:]) - copy(dataToHash[2*sizeFr:], sigAX[:]) - copy(dataToHash[3*sizeFr:], sigAY[:]) + hFunc.Reset() + + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return false, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return false, err } } - if _, err := hFunc.Write(message); err != nil { - return false, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/ecc/bw6-761/twistededwards/eddsa/eddsa.go b/ecc/bw6-761/twistededwards/eddsa/eddsa.go index 84e520dd9..2dba6a60d 100644 --- a/ecc/bw6-761/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-761/twistededwards/eddsa/eddsa.go @@ -153,28 +153,22 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) } // compute H(R, A, M), all parameters in data are in Montgomery form - resRX := res.R.X.Bytes() - resRY := res.R.Y.Bytes() - resAX := privKey.PublicKey.A.X.Bytes() - resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], resRX[:]) - copy(dataToHash[sizeFr:], resRY[:]) - copy(dataToHash[2*sizeFr:], resAX[:]) - copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() + + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return nil, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return nil, err } } - if _, err := hFunc.Write(message); err != nil { - return nil, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -214,28 +208,23 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err } // compute H(R, A, M), all parameters in data are in Montgomery form - sigRX := sig.R.X.Bytes() - sigRY := sig.R.Y.Bytes() - sigAX := pub.A.X.Bytes() - sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4 * sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], sigRX[:]) - copy(dataToHash[sizeFr:], sigRY[:]) - copy(dataToHash[2*sizeFr:], sigAX[:]) - copy(dataToHash[3*sizeFr:], sigAY[:]) + hFunc.Reset() + + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return false, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return false, err } } - if _, err := hFunc.Write(message); err != nil { - return false, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) diff --git a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl index 294d8535e..80fdd5261 100644 --- a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl +++ b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl @@ -161,28 +161,22 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) } // compute H(R, A, M), all parameters in data are in Montgomery form - resRX := res.R.X.Bytes() - resRY := res.R.Y.Bytes() - resAX := privKey.PublicKey.A.X.Bytes() - resAY := privKey.PublicKey.A.Y.Bytes() - sizeDataToHash := 4*sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], resRX[:]) - copy(dataToHash[sizeFr:], resRY[:]) - copy(dataToHash[2*sizeFr:], resAX[:]) - copy(dataToHash[3*sizeFr:], resAY[:]) hFunc.Reset() + + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return nil, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return nil, err } } - if _, err := hFunc.Write(message); err != nil { - return nil, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) @@ -222,28 +216,23 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err } // compute H(R, A, M), all parameters in data are in Montgomery form - sigRX := sig.R.X.Bytes() - sigRY := sig.R.Y.Bytes() - sigAX := pub.A.X.Bytes() - sigAY := pub.A.Y.Bytes() - sizeDataToHash := 4*sizeFr - dataToHash := make([]byte, sizeDataToHash) - copy(dataToHash[:], sigRX[:]) - copy(dataToHash[sizeFr:], sigRY[:]) - copy(dataToHash[2*sizeFr:], sigAX[:]) - copy(dataToHash[3*sizeFr:], sigAY[:]) + hFunc.Reset() + + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + for i := range toWrite { + if _, err := hFunc.Write(toWrite[i][:]); err != nil { + return false, err + } + } + if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(dataToHash[:]) + hToFieldFunc.WriteString(message) } else { - _, err := hFunc.Write(dataToHash[:]) - if err != nil { + if _, err := hFunc.Write(message); err != nil { return false, err } } - if _, err := hFunc.Write(message); err != nil { - return false, err - } var hramInt big.Int hramBin := hFunc.Sum(nil) From 1a3bd6ce6212496751970eeca703add093945eda Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Mon, 30 Jan 2023 11:12:35 -0500 Subject: [PATCH 14/30] refactor: remove Decompose entirely --- utils/decompose.go | 38 -------------------------------------- 1 file changed, 38 deletions(-) delete mode 100644 utils/decompose.go diff --git a/utils/decompose.go b/utils/decompose.go deleted file mode 100644 index dc847b696..000000000 --- a/utils/decompose.go +++ /dev/null @@ -1,38 +0,0 @@ -// Copyright 2020 ConsenSys Software Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License.s - -package utils - -import "math/big" - -// Decompose interpret rawBytes as a bigInt x in big endian, -// and returns the digits of x (from LSB to MSB) when x is written -// in basis modulo. -func Decompose(rawBytes []byte, modulo *big.Int) (decomposed []byte) { - raw := big.NewInt(0).SetBytes(rawBytes) - - var chunk [32]byte - decomposed = make([]byte, 0, len(rawBytes)) - for raw.Cmp(modulo) >= 0 { - mod := big.NewInt(0).Mod(raw, modulo) - mod.FillBytes(chunk[:]) - decomposed = append(decomposed, chunk[:]...) - - raw.Div(raw, modulo) - } - - raw.FillBytes(chunk[:]) - decomposed = append(decomposed, chunk[:]...) - return decomposed -} From 861de5490919e2a70ff7b99405e44887ce87f53c Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Mon, 30 Jan 2023 11:19:13 -0500 Subject: [PATCH 15/30] chore: simpler dst for hash.WriteString --- ecc/bls12-377/fr/mimc/mimc.go | 2 +- ecc/bls12-378/fr/mimc/mimc.go | 2 +- ecc/bls12-381/fr/mimc/mimc.go | 2 +- ecc/bls24-315/fr/mimc/mimc.go | 2 +- ecc/bls24-317/fr/mimc/mimc.go | 2 +- ecc/bn254/fr/mimc/mimc.go | 2 +- ecc/bw6-633/fr/mimc/mimc.go | 2 +- ecc/bw6-756/fr/mimc/mimc.go | 2 +- ecc/bw6-761/fr/mimc/mimc.go | 2 +- field/utils.go | 2 +- internal/generator/crypto/hash/mimc/template/mimc.go.tmpl | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/ecc/bls12-377/fr/mimc/mimc.go b/ecc/bls12-377/fr/mimc/mimc.go index 7aa7de0ba..c2fca6f02 100644 --- a/ecc/bls12-377/fr/mimc/mimc.go +++ b/ecc/bls12-377/fr/mimc/mimc.go @@ -165,7 +165,7 @@ func initConstants() { // WriteString writes a string that doesn't necessarily consist of field elements func (d *digest) WriteString(rawBytes []byte) { - if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + if elems, err := fr.Hash(rawBytes, []byte("string:"), 1); err != nil { panic(err) } else { d.data = append(d.data, elems[0]) diff --git a/ecc/bls12-378/fr/mimc/mimc.go b/ecc/bls12-378/fr/mimc/mimc.go index e9a39c6b3..edf93f189 100644 --- a/ecc/bls12-378/fr/mimc/mimc.go +++ b/ecc/bls12-378/fr/mimc/mimc.go @@ -169,7 +169,7 @@ func initConstants() { // WriteString writes a string that doesn't necessarily consist of field elements func (d *digest) WriteString(rawBytes []byte) { - if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + if elems, err := fr.Hash(rawBytes, []byte("string:"), 1); err != nil { panic(err) } else { d.data = append(d.data, elems[0]) diff --git a/ecc/bls12-381/fr/mimc/mimc.go b/ecc/bls12-381/fr/mimc/mimc.go index 5dfbd5a1a..a2fc1d36c 100644 --- a/ecc/bls12-381/fr/mimc/mimc.go +++ b/ecc/bls12-381/fr/mimc/mimc.go @@ -169,7 +169,7 @@ func initConstants() { // WriteString writes a string that doesn't necessarily consist of field elements func (d *digest) WriteString(rawBytes []byte) { - if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + if elems, err := fr.Hash(rawBytes, []byte("string:"), 1); err != nil { panic(err) } else { d.data = append(d.data, elems[0]) diff --git a/ecc/bls24-315/fr/mimc/mimc.go b/ecc/bls24-315/fr/mimc/mimc.go index a44ed57bb..b0391252a 100644 --- a/ecc/bls24-315/fr/mimc/mimc.go +++ b/ecc/bls24-315/fr/mimc/mimc.go @@ -169,7 +169,7 @@ func initConstants() { // WriteString writes a string that doesn't necessarily consist of field elements func (d *digest) WriteString(rawBytes []byte) { - if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + if elems, err := fr.Hash(rawBytes, []byte("string:"), 1); err != nil { panic(err) } else { d.data = append(d.data, elems[0]) diff --git a/ecc/bls24-317/fr/mimc/mimc.go b/ecc/bls24-317/fr/mimc/mimc.go index 4d4d614f2..71c33b25e 100644 --- a/ecc/bls24-317/fr/mimc/mimc.go +++ b/ecc/bls24-317/fr/mimc/mimc.go @@ -171,7 +171,7 @@ func initConstants() { // WriteString writes a string that doesn't necessarily consist of field elements func (d *digest) WriteString(rawBytes []byte) { - if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + if elems, err := fr.Hash(rawBytes, []byte("string:"), 1); err != nil { panic(err) } else { d.data = append(d.data, elems[0]) diff --git a/ecc/bn254/fr/mimc/mimc.go b/ecc/bn254/fr/mimc/mimc.go index 3294d8f72..d1df96bed 100644 --- a/ecc/bn254/fr/mimc/mimc.go +++ b/ecc/bn254/fr/mimc/mimc.go @@ -169,7 +169,7 @@ func initConstants() { // WriteString writes a string that doesn't necessarily consist of field elements func (d *digest) WriteString(rawBytes []byte) { - if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + if elems, err := fr.Hash(rawBytes, []byte("string:"), 1); err != nil { panic(err) } else { d.data = append(d.data, elems[0]) diff --git a/ecc/bw6-633/fr/mimc/mimc.go b/ecc/bw6-633/fr/mimc/mimc.go index b18256d38..bd7f91666 100644 --- a/ecc/bw6-633/fr/mimc/mimc.go +++ b/ecc/bw6-633/fr/mimc/mimc.go @@ -169,7 +169,7 @@ func initConstants() { // WriteString writes a string that doesn't necessarily consist of field elements func (d *digest) WriteString(rawBytes []byte) { - if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + if elems, err := fr.Hash(rawBytes, []byte("string:"), 1); err != nil { panic(err) } else { d.data = append(d.data, elems[0]) diff --git a/ecc/bw6-756/fr/mimc/mimc.go b/ecc/bw6-756/fr/mimc/mimc.go index 0081bac32..ec87100a8 100644 --- a/ecc/bw6-756/fr/mimc/mimc.go +++ b/ecc/bw6-756/fr/mimc/mimc.go @@ -169,7 +169,7 @@ func initConstants() { // WriteString writes a string that doesn't necessarily consist of field elements func (d *digest) WriteString(rawBytes []byte) { - if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + if elems, err := fr.Hash(rawBytes, []byte("string:"), 1); err != nil { panic(err) } else { d.data = append(d.data, elems[0]) diff --git a/ecc/bw6-761/fr/mimc/mimc.go b/ecc/bw6-761/fr/mimc/mimc.go index aba964f60..e6ffcefa9 100644 --- a/ecc/bw6-761/fr/mimc/mimc.go +++ b/ecc/bw6-761/fr/mimc/mimc.go @@ -169,7 +169,7 @@ func initConstants() { // WriteString writes a string that doesn't necessarily consist of field elements func (d *digest) WriteString(rawBytes []byte) { - if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + if elems, err := fr.Hash(rawBytes, []byte("string:"), 1); err != nil { panic(err) } else { d.data = append(d.data, elems[0]) diff --git a/field/utils.go b/field/utils.go index 27db0c7c6..471068511 100644 --- a/field/utils.go +++ b/field/utils.go @@ -26,7 +26,7 @@ func (bigIntPool) Put(v *big.Int) { _bigIntPool.Put(v) } -// BigIntMatchUint64Slice is a test helper to match big.Int words againt a uint64 slice +// BigIntMatchUint64Slice is a test helper to match big.Int words against a uint64 slice func BigIntMatchUint64Slice(aInt *big.Int, a []uint64) error { words := aInt.Bits() diff --git a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl index adbd34041..141925ba4 100644 --- a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl @@ -193,7 +193,7 @@ func initConstants() { // WriteString writes a string that doesn't necessarily consist of field elements func (d *digest) WriteString(rawBytes []byte) { - if elems, err := fr.Hash(rawBytes, []byte("bn254_mimc_sha256"), 1); err != nil { + if elems, err := fr.Hash(rawBytes, []byte("string:"), 1); err != nil { panic(err) } else { d.data = append(d.data, elems[0]) From 17e54bc038aae5a9afcda56aebc56c654e7b66d1 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Mon, 30 Jan 2023 14:26:06 -0500 Subject: [PATCH 16/30] fix: fiatshamir to write bindings one by one --- fiat-shamir/transcript.go | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/fiat-shamir/transcript.go b/fiat-shamir/transcript.go index 153873599..91a65df52 100644 --- a/fiat-shamir/transcript.go +++ b/fiat-shamir/transcript.go @@ -37,9 +37,9 @@ type Transcript struct { } type challenge struct { - position int // position of the challenge in the Transcript. order matters. - bindings []byte // bindings stores the variables a challenge is binded to. - value []byte // value stores the computed challenge + position int // position of the challenge in the Transcript. order matters. + bindings [][]byte // bindings stores the variables a challenge is binded to. + value []byte // value stores the computed challenge isComputed bool } @@ -74,7 +74,10 @@ func (t *Transcript) Bind(challengeID string, bValue []byte) error { if challenge.isComputed { return errChallengeAlreadyComputed } - challenge.bindings = append(challenge.bindings, bValue...) + + bCopy := make([]byte, len(bValue)) + copy(bCopy, bValue) + challenge.bindings = append(challenge.bindings, bCopy) t.challenges[challengeID] = challenge return nil @@ -121,8 +124,10 @@ func (t *Transcript) ComputeChallenge(challengeID string) ([]byte, error) { } // write the binded values in the order they were added - if _, err := t.h.Write(challenge.bindings); err != nil { - return nil, err + for _, b := range challenge.bindings { + if _, err := t.h.Write(b); err != nil { + return nil, err + } } // compute the hash of the accumulated values From 6679affa2da445066d42543e138df227a042db5c Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Mon, 30 Jan 2023 15:04:18 -0500 Subject: [PATCH 17/30] feat: edDsa SignFr and VerifyFr --- ecc/bls12-377/twistededwards/eddsa/eddsa.go | 47 ++++++++++--------- ecc/bls12-378/twistededwards/eddsa/eddsa.go | 47 ++++++++++--------- ecc/bls12-381/bandersnatch/eddsa/eddsa.go | 47 ++++++++++--------- ecc/bls12-381/twistededwards/eddsa/eddsa.go | 47 ++++++++++--------- ecc/bls24-315/twistededwards/eddsa/eddsa.go | 47 ++++++++++--------- ecc/bls24-317/twistededwards/eddsa/eddsa.go | 47 ++++++++++--------- ecc/bn254/twistededwards/eddsa/eddsa.go | 47 ++++++++++--------- ecc/bw6-633/twistededwards/eddsa/eddsa.go | 47 ++++++++++--------- ecc/bw6-756/twistededwards/eddsa/eddsa.go | 47 ++++++++++--------- ecc/bw6-761/twistededwards/eddsa/eddsa.go | 47 ++++++++++--------- .../edwards/eddsa/template/eddsa.go.tmpl | 47 ++++++++++--------- 11 files changed, 264 insertions(+), 253 deletions(-) diff --git a/ecc/bls12-377/twistededwards/eddsa/eddsa.go b/ecc/bls12-377/twistededwards/eddsa/eddsa.go index a366be6b3..4550cfd60 100644 --- a/ecc/bls12-377/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-377/twistededwards/eddsa/eddsa.go @@ -25,7 +25,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" "github.com/consensys/gnark-crypto/ecc/bls12-377/twistededwards" - gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -115,9 +114,18 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -// Sign sign a message -// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return privKey.SignFr(xBytes, hFunc) + } else { + return nil, err + } +} + +// SignFr sign a field element +// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) +func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -131,7 +139,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message) + copy(randSrc[32:], message[:]) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -146,21 +154,13 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return nil, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) @@ -182,8 +182,17 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return res.Bytes(), nil } -// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return pub.VerifyFr(sigBin, xBytes, hFunc) + } else { + return false, err + } +} + +// Verify verifies an eddsa signature +func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -202,21 +211,13 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return false, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) diff --git a/ecc/bls12-378/twistededwards/eddsa/eddsa.go b/ecc/bls12-378/twistededwards/eddsa/eddsa.go index 8ea5373c7..a30da0df8 100644 --- a/ecc/bls12-378/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-378/twistededwards/eddsa/eddsa.go @@ -25,7 +25,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" "github.com/consensys/gnark-crypto/ecc/bls12-378/twistededwards" - gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -115,9 +114,18 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -// Sign sign a message -// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return privKey.SignFr(xBytes, hFunc) + } else { + return nil, err + } +} + +// SignFr sign a field element +// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) +func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -131,7 +139,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message) + copy(randSrc[32:], message[:]) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -146,21 +154,13 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return nil, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) @@ -182,8 +182,17 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return res.Bytes(), nil } -// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return pub.VerifyFr(sigBin, xBytes, hFunc) + } else { + return false, err + } +} + +// Verify verifies an eddsa signature +func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -202,21 +211,13 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return false, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) diff --git a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go index f9e313f21..b8c46ceb4 100644 --- a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go +++ b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go @@ -25,7 +25,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" "github.com/consensys/gnark-crypto/ecc/bls12-381/twistededwards" - gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -115,9 +114,18 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -// Sign sign a message -// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return privKey.SignFr(xBytes, hFunc) + } else { + return nil, err + } +} + +// SignFr sign a field element +// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) +func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -131,7 +139,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message) + copy(randSrc[32:], message[:]) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -146,21 +154,13 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return nil, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) @@ -182,8 +182,17 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return res.Bytes(), nil } -// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return pub.VerifyFr(sigBin, xBytes, hFunc) + } else { + return false, err + } +} + +// Verify verifies an eddsa signature +func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -202,21 +211,13 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return false, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) diff --git a/ecc/bls12-381/twistededwards/eddsa/eddsa.go b/ecc/bls12-381/twistededwards/eddsa/eddsa.go index f9e313f21..b8c46ceb4 100644 --- a/ecc/bls12-381/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-381/twistededwards/eddsa/eddsa.go @@ -25,7 +25,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" "github.com/consensys/gnark-crypto/ecc/bls12-381/twistededwards" - gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -115,9 +114,18 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -// Sign sign a message -// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return privKey.SignFr(xBytes, hFunc) + } else { + return nil, err + } +} + +// SignFr sign a field element +// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) +func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -131,7 +139,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message) + copy(randSrc[32:], message[:]) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -146,21 +154,13 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return nil, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) @@ -182,8 +182,17 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return res.Bytes(), nil } -// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return pub.VerifyFr(sigBin, xBytes, hFunc) + } else { + return false, err + } +} + +// Verify verifies an eddsa signature +func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -202,21 +211,13 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return false, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) diff --git a/ecc/bls24-315/twistededwards/eddsa/eddsa.go b/ecc/bls24-315/twistededwards/eddsa/eddsa.go index ea35e3a05..8aedf3fe3 100644 --- a/ecc/bls24-315/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-315/twistededwards/eddsa/eddsa.go @@ -25,7 +25,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" "github.com/consensys/gnark-crypto/ecc/bls24-315/twistededwards" - gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -115,9 +114,18 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -// Sign sign a message -// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return privKey.SignFr(xBytes, hFunc) + } else { + return nil, err + } +} + +// SignFr sign a field element +// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) +func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -131,7 +139,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message) + copy(randSrc[32:], message[:]) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -146,21 +154,13 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return nil, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) @@ -182,8 +182,17 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return res.Bytes(), nil } -// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return pub.VerifyFr(sigBin, xBytes, hFunc) + } else { + return false, err + } +} + +// Verify verifies an eddsa signature +func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -202,21 +211,13 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return false, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) diff --git a/ecc/bls24-317/twistededwards/eddsa/eddsa.go b/ecc/bls24-317/twistededwards/eddsa/eddsa.go index 26276114c..644d5c7fb 100644 --- a/ecc/bls24-317/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-317/twistededwards/eddsa/eddsa.go @@ -25,7 +25,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" "github.com/consensys/gnark-crypto/ecc/bls24-317/twistededwards" - gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -115,9 +114,18 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -// Sign sign a message -// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return privKey.SignFr(xBytes, hFunc) + } else { + return nil, err + } +} + +// SignFr sign a field element +// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) +func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -131,7 +139,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message) + copy(randSrc[32:], message[:]) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -146,21 +154,13 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return nil, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) @@ -182,8 +182,17 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return res.Bytes(), nil } -// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return pub.VerifyFr(sigBin, xBytes, hFunc) + } else { + return false, err + } +} + +// Verify verifies an eddsa signature +func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -202,21 +211,13 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return false, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) diff --git a/ecc/bn254/twistededwards/eddsa/eddsa.go b/ecc/bn254/twistededwards/eddsa/eddsa.go index 8bd774c50..0806ec0f0 100644 --- a/ecc/bn254/twistededwards/eddsa/eddsa.go +++ b/ecc/bn254/twistededwards/eddsa/eddsa.go @@ -25,7 +25,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bn254/fr" "github.com/consensys/gnark-crypto/ecc/bn254/twistededwards" - gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -115,9 +114,18 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -// Sign sign a message -// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return privKey.SignFr(xBytes, hFunc) + } else { + return nil, err + } +} + +// SignFr sign a field element +// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) +func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -131,7 +139,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message) + copy(randSrc[32:], message[:]) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -146,21 +154,13 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return nil, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) @@ -182,8 +182,17 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return res.Bytes(), nil } -// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return pub.VerifyFr(sigBin, xBytes, hFunc) + } else { + return false, err + } +} + +// Verify verifies an eddsa signature +func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -202,21 +211,13 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return false, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) diff --git a/ecc/bw6-633/twistededwards/eddsa/eddsa.go b/ecc/bw6-633/twistededwards/eddsa/eddsa.go index 9211a8800..803715ef4 100644 --- a/ecc/bw6-633/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-633/twistededwards/eddsa/eddsa.go @@ -25,7 +25,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" "github.com/consensys/gnark-crypto/ecc/bw6-633/twistededwards" - gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -124,9 +123,18 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -// Sign sign a message -// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return privKey.SignFr(xBytes, hFunc) + } else { + return nil, err + } +} + +// SignFr sign a field element +// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) +func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -140,7 +148,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message) + copy(randSrc[32:], message[:]) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -155,21 +163,13 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return nil, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) @@ -191,8 +191,17 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return res.Bytes(), nil } -// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return pub.VerifyFr(sigBin, xBytes, hFunc) + } else { + return false, err + } +} + +// Verify verifies an eddsa signature +func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -211,21 +220,13 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return false, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) diff --git a/ecc/bw6-756/twistededwards/eddsa/eddsa.go b/ecc/bw6-756/twistededwards/eddsa/eddsa.go index 8cf54b458..aab30b524 100644 --- a/ecc/bw6-756/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-756/twistededwards/eddsa/eddsa.go @@ -25,7 +25,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" "github.com/consensys/gnark-crypto/ecc/bw6-756/twistededwards" - gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -124,9 +123,18 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -// Sign sign a message -// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return privKey.SignFr(xBytes, hFunc) + } else { + return nil, err + } +} + +// SignFr sign a field element +// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) +func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -140,7 +148,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message) + copy(randSrc[32:], message[:]) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -155,21 +163,13 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return nil, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) @@ -191,8 +191,17 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return res.Bytes(), nil } -// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return pub.VerifyFr(sigBin, xBytes, hFunc) + } else { + return false, err + } +} + +// Verify verifies an eddsa signature +func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -211,21 +220,13 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return false, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) diff --git a/ecc/bw6-761/twistededwards/eddsa/eddsa.go b/ecc/bw6-761/twistededwards/eddsa/eddsa.go index 2dba6a60d..364a78aca 100644 --- a/ecc/bw6-761/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-761/twistededwards/eddsa/eddsa.go @@ -25,7 +25,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" "github.com/consensys/gnark-crypto/ecc/bw6-761/twistededwards" - gcHash "github.com/consensys/gnark-crypto/hash" "github.com/consensys/gnark-crypto/signature" "golang.org/x/crypto/blake2b" ) @@ -124,9 +123,18 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -// Sign sign a message -// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return privKey.SignFr(xBytes, hFunc) + } else { + return nil, err + } +} + +// SignFr sign a field element +// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) +func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -140,7 +148,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message) + copy(randSrc[32:], message[:]) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -155,21 +163,13 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return nil, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) @@ -191,8 +191,17 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return res.Bytes(), nil } -// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return pub.VerifyFr(sigBin, xBytes, hFunc) + } else { + return false, err + } +} + +// Verify verifies an eddsa signature +func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -211,21 +220,13 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return false, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) diff --git a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl index 80fdd5261..83be3ce91 100644 --- a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl +++ b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl @@ -8,7 +8,6 @@ import ( "github.com/consensys/gnark-crypto/signature" "github.com/consensys/gnark-crypto/ecc/{{.Name}}/twistededwards" "github.com/consensys/gnark-crypto/ecc/{{.Name}}/fr" - gcHash "github.com/consensys/gnark-crypto/hash" "golang.org/x/crypto/blake2b" ) @@ -132,9 +131,18 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -// Sign sign a message -// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return privKey.SignFr(xBytes, hFunc) + } else { + return nil, err + } +} + +// SignFr sign a field element +// Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) +func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -148,7 +156,7 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message) + copy(randSrc[32:], message[:]) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -163,21 +171,13 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes()} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return nil, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) @@ -199,8 +199,17 @@ func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) return res.Bytes(), nil } -// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { + if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { + xBytes := x[0].Bytes() + return pub.VerifyFr(sigBin, xBytes, hFunc) + } else { + return false, err + } +} + +// Verify verifies an eddsa signature +func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -219,21 +228,13 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes()} + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err } } - if hToFieldFunc, ok := hFunc.(gcHash.ToField); ok { - hToFieldFunc.WriteString(message) - } else { - if _, err := hFunc.Write(message); err != nil { - return false, err - } - } - var hramInt big.Int hramBin := hFunc.Sum(nil) hramInt.SetBytes(hramBin) From 81ae8e0273278c79d3e6be98b790401f9a097793 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Mon, 30 Jan 2023 16:38:41 -0500 Subject: [PATCH 18/30] feat: signing interface changes and bn254 impl --- ecc/bn254/twistededwards/eddsa/eddsa.go | 32 ++++++++++++++++--------- go.mod | 2 +- signature/signature.go | 7 +++++- 3 files changed, 28 insertions(+), 13 deletions(-) diff --git a/ecc/bn254/twistededwards/eddsa/eddsa.go b/ecc/bn254/twistededwards/eddsa/eddsa.go index 0806ec0f0..deac682b1 100644 --- a/ecc/bn254/twistededwards/eddsa/eddsa.go +++ b/ecc/bn254/twistededwards/eddsa/eddsa.go @@ -116,16 +116,17 @@ func (privKey *PrivateKey) Public() signature.PublicKey { func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return privKey.SignFr(xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return privKey.SignNum(i, hFunc) } else { return nil, err } } -// SignFr sign a field element +// SignNum sign a field element // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -136,10 +137,14 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(message)) + randSrc := make([]byte, 32+len(messageBytes)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message[:]) + copy(randSrc[32:], messageBytes) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -154,7 +159,7 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err @@ -184,15 +189,16 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return pub.VerifyFr(sigBin, xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return pub.VerifyNum(sigBin, i, hFunc) } else { return false, err } } // Verify verifies an eddsa signature -func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { +func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -211,7 +217,11 @@ func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.H hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err diff --git a/go.mod b/go.mod index fe822ccf5..4c6426bcf 100644 --- a/go.mod +++ b/go.mod @@ -19,4 +19,4 @@ require ( github.com/spf13/pflag v1.0.5 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect rsc.io/tmplfunc v0.0.3 // indirect -) +) \ No newline at end of file diff --git a/signature/signature.go b/signature/signature.go index 7fe8d7834..8e3915705 100644 --- a/signature/signature.go +++ b/signature/signature.go @@ -19,6 +19,7 @@ package signature import ( "hash" + "math/big" ) // PublicKey public key interface. @@ -30,6 +31,8 @@ type PublicKey interface { // to be pre-hashed, else, will use hFunc to hash the message. Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) + VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) + // SetBytes sets p from binary representation in buf. // buf represents a public key as x||y where x, y are // interpreted as big endian binary numbers corresponding @@ -55,7 +58,9 @@ type Signer interface { // Sign signs a message. If hFunc is not provided, implementation may consider the message // to be pre-hashed, else, will use hFunc to hash the message. // Returns Signature or error - Sign(message []byte, hFunc hash.Hash) ([]byte, error) + Sign(message []byte) ([]byte, error) + + SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) // Bytes returns the binary representation of pk, // as byte array publicKey||scalar||randSrc From 9cfd858d1517d6d53bb561ee7823342c0b5ec969 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Mon, 30 Jan 2023 16:44:49 -0500 Subject: [PATCH 19/30] build: generify --- ecc/bls12-377/twistededwards/eddsa/eddsa.go | 34 +++++++++++------- ecc/bls12-378/twistededwards/eddsa/eddsa.go | 34 +++++++++++------- ecc/bls12-381/bandersnatch/eddsa/eddsa.go | 34 +++++++++++------- ecc/bls12-381/twistededwards/eddsa/eddsa.go | 34 +++++++++++------- ecc/bls24-315/twistededwards/eddsa/eddsa.go | 34 +++++++++++------- ecc/bls24-317/twistededwards/eddsa/eddsa.go | 34 +++++++++++------- ecc/bn254/twistededwards/eddsa/eddsa.go | 4 +-- ecc/bw6-633/twistededwards/eddsa/eddsa.go | 34 +++++++++++------- ecc/bw6-756/twistededwards/eddsa/eddsa.go | 34 +++++++++++------- ecc/bw6-761/twistededwards/eddsa/eddsa.go | 34 +++++++++++------- .../edwards/eddsa/template/eddsa.go.tmpl | 36 ++++++++++++------- signature/signature.go | 2 +- 12 files changed, 224 insertions(+), 124 deletions(-) diff --git a/ecc/bls12-377/twistededwards/eddsa/eddsa.go b/ecc/bls12-377/twistededwards/eddsa/eddsa.go index 4550cfd60..cd332be87 100644 --- a/ecc/bls12-377/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-377/twistededwards/eddsa/eddsa.go @@ -116,16 +116,17 @@ func (privKey *PrivateKey) Public() signature.PublicKey { func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return privKey.SignFr(xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return privKey.SignNum(i, hFunc) } else { return nil, err } } -// SignFr sign a field element +// SignNum sign a field element // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -136,10 +137,14 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(message)) + randSrc := make([]byte, 32+len(messageBytes)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message[:]) + copy(randSrc[32:], messageBytes) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -154,7 +159,7 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err @@ -184,15 +189,16 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return pub.VerifyFr(sigBin, xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return pub.VerifyNum(sigBin, i, hFunc) } else { return false, err } } -// Verify verifies an eddsa signature -func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { +// VerifyNum verifies an eddsa signature +func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -211,7 +217,11 @@ func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.H hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err diff --git a/ecc/bls12-378/twistededwards/eddsa/eddsa.go b/ecc/bls12-378/twistededwards/eddsa/eddsa.go index a30da0df8..2b1efbaaf 100644 --- a/ecc/bls12-378/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-378/twistededwards/eddsa/eddsa.go @@ -116,16 +116,17 @@ func (privKey *PrivateKey) Public() signature.PublicKey { func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return privKey.SignFr(xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return privKey.SignNum(i, hFunc) } else { return nil, err } } -// SignFr sign a field element +// SignNum sign a field element // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -136,10 +137,14 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(message)) + randSrc := make([]byte, 32+len(messageBytes)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message[:]) + copy(randSrc[32:], messageBytes) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -154,7 +159,7 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err @@ -184,15 +189,16 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return pub.VerifyFr(sigBin, xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return pub.VerifyNum(sigBin, i, hFunc) } else { return false, err } } -// Verify verifies an eddsa signature -func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { +// VerifyNum verifies an eddsa signature +func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -211,7 +217,11 @@ func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.H hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err diff --git a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go index b8c46ceb4..3f64d9ddc 100644 --- a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go +++ b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go @@ -116,16 +116,17 @@ func (privKey *PrivateKey) Public() signature.PublicKey { func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return privKey.SignFr(xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return privKey.SignNum(i, hFunc) } else { return nil, err } } -// SignFr sign a field element +// SignNum sign a field element // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -136,10 +137,14 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(message)) + randSrc := make([]byte, 32+len(messageBytes)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message[:]) + copy(randSrc[32:], messageBytes) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -154,7 +159,7 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err @@ -184,15 +189,16 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return pub.VerifyFr(sigBin, xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return pub.VerifyNum(sigBin, i, hFunc) } else { return false, err } } -// Verify verifies an eddsa signature -func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { +// VerifyNum verifies an eddsa signature +func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -211,7 +217,11 @@ func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.H hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err diff --git a/ecc/bls12-381/twistededwards/eddsa/eddsa.go b/ecc/bls12-381/twistededwards/eddsa/eddsa.go index b8c46ceb4..3f64d9ddc 100644 --- a/ecc/bls12-381/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-381/twistededwards/eddsa/eddsa.go @@ -116,16 +116,17 @@ func (privKey *PrivateKey) Public() signature.PublicKey { func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return privKey.SignFr(xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return privKey.SignNum(i, hFunc) } else { return nil, err } } -// SignFr sign a field element +// SignNum sign a field element // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -136,10 +137,14 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(message)) + randSrc := make([]byte, 32+len(messageBytes)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message[:]) + copy(randSrc[32:], messageBytes) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -154,7 +159,7 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err @@ -184,15 +189,16 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return pub.VerifyFr(sigBin, xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return pub.VerifyNum(sigBin, i, hFunc) } else { return false, err } } -// Verify verifies an eddsa signature -func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { +// VerifyNum verifies an eddsa signature +func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -211,7 +217,11 @@ func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.H hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err diff --git a/ecc/bls24-315/twistededwards/eddsa/eddsa.go b/ecc/bls24-315/twistededwards/eddsa/eddsa.go index 8aedf3fe3..66ab7a14b 100644 --- a/ecc/bls24-315/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-315/twistededwards/eddsa/eddsa.go @@ -116,16 +116,17 @@ func (privKey *PrivateKey) Public() signature.PublicKey { func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return privKey.SignFr(xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return privKey.SignNum(i, hFunc) } else { return nil, err } } -// SignFr sign a field element +// SignNum sign a field element // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -136,10 +137,14 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(message)) + randSrc := make([]byte, 32+len(messageBytes)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message[:]) + copy(randSrc[32:], messageBytes) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -154,7 +159,7 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err @@ -184,15 +189,16 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return pub.VerifyFr(sigBin, xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return pub.VerifyNum(sigBin, i, hFunc) } else { return false, err } } -// Verify verifies an eddsa signature -func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { +// VerifyNum verifies an eddsa signature +func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -211,7 +217,11 @@ func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.H hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err diff --git a/ecc/bls24-317/twistededwards/eddsa/eddsa.go b/ecc/bls24-317/twistededwards/eddsa/eddsa.go index 644d5c7fb..0095f480f 100644 --- a/ecc/bls24-317/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-317/twistededwards/eddsa/eddsa.go @@ -116,16 +116,17 @@ func (privKey *PrivateKey) Public() signature.PublicKey { func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return privKey.SignFr(xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return privKey.SignNum(i, hFunc) } else { return nil, err } } -// SignFr sign a field element +// SignNum sign a field element // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -136,10 +137,14 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(message)) + randSrc := make([]byte, 32+len(messageBytes)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message[:]) + copy(randSrc[32:], messageBytes) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -154,7 +159,7 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err @@ -184,15 +189,16 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return pub.VerifyFr(sigBin, xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return pub.VerifyNum(sigBin, i, hFunc) } else { return false, err } } -// Verify verifies an eddsa signature -func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { +// VerifyNum verifies an eddsa signature +func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -211,7 +217,11 @@ func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.H hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err diff --git a/ecc/bn254/twistededwards/eddsa/eddsa.go b/ecc/bn254/twistededwards/eddsa/eddsa.go index deac682b1..5a6cd3d97 100644 --- a/ecc/bn254/twistededwards/eddsa/eddsa.go +++ b/ecc/bn254/twistededwards/eddsa/eddsa.go @@ -197,7 +197,7 @@ func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, err } } -// Verify verifies an eddsa signature +// VerifyNum verifies an eddsa signature func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -220,8 +220,8 @@ func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) var messageBytesCanonical [sizeFr]byte messageBytes := message.Bytes() copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err diff --git a/ecc/bw6-633/twistededwards/eddsa/eddsa.go b/ecc/bw6-633/twistededwards/eddsa/eddsa.go index 803715ef4..a87f3ea36 100644 --- a/ecc/bw6-633/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-633/twistededwards/eddsa/eddsa.go @@ -125,16 +125,17 @@ func (privKey *PrivateKey) Public() signature.PublicKey { func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return privKey.SignFr(xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return privKey.SignNum(i, hFunc) } else { return nil, err } } -// SignFr sign a field element +// SignNum sign a field element // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -145,10 +146,14 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(message)) + randSrc := make([]byte, 32+len(messageBytes)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message[:]) + copy(randSrc[32:], messageBytes) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -163,7 +168,7 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err @@ -193,15 +198,16 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return pub.VerifyFr(sigBin, xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return pub.VerifyNum(sigBin, i, hFunc) } else { return false, err } } -// Verify verifies an eddsa signature -func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { +// VerifyNum verifies an eddsa signature +func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -220,7 +226,11 @@ func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.H hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err diff --git a/ecc/bw6-756/twistededwards/eddsa/eddsa.go b/ecc/bw6-756/twistededwards/eddsa/eddsa.go index aab30b524..09d32f7fc 100644 --- a/ecc/bw6-756/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-756/twistededwards/eddsa/eddsa.go @@ -125,16 +125,17 @@ func (privKey *PrivateKey) Public() signature.PublicKey { func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return privKey.SignFr(xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return privKey.SignNum(i, hFunc) } else { return nil, err } } -// SignFr sign a field element +// SignNum sign a field element // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -145,10 +146,14 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(message)) + randSrc := make([]byte, 32+len(messageBytes)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message[:]) + copy(randSrc[32:], messageBytes) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -163,7 +168,7 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err @@ -193,15 +198,16 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return pub.VerifyFr(sigBin, xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return pub.VerifyNum(sigBin, i, hFunc) } else { return false, err } } -// Verify verifies an eddsa signature -func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { +// VerifyNum verifies an eddsa signature +func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -220,7 +226,11 @@ func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.H hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err diff --git a/ecc/bw6-761/twistededwards/eddsa/eddsa.go b/ecc/bw6-761/twistededwards/eddsa/eddsa.go index 364a78aca..81bc87544 100644 --- a/ecc/bw6-761/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-761/twistededwards/eddsa/eddsa.go @@ -125,16 +125,17 @@ func (privKey *PrivateKey) Public() signature.PublicKey { func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return privKey.SignFr(xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return privKey.SignNum(i, hFunc) } else { return nil, err } } -// SignFr sign a field element +// SignNum sign a field element // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -145,10 +146,14 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(message)) + randSrc := make([]byte, 32+len(messageBytes)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message[:]) + copy(randSrc[32:], messageBytes) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -163,7 +168,7 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err @@ -193,15 +198,16 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return pub.VerifyFr(sigBin, xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return pub.VerifyNum(sigBin, i, hFunc) } else { return false, err } } -// Verify verifies an eddsa signature -func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { +// VerifyNum verifies an eddsa signature +func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -220,7 +226,11 @@ func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.H hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err diff --git a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl index 83be3ce91..5b221ed2f 100644 --- a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl +++ b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl @@ -133,16 +133,17 @@ func (privKey *PrivateKey) Public() signature.PublicKey { func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return privKey.SignFr(xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return privKey.SignNum(i, hFunc) } else { return nil, err } } -// SignFr sign a field element +// SignNum sign a field element // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -153,10 +154,14 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int - // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(message)) + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + +// randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) + randSrc := make([]byte, 32+len(messageBytes)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], message[:]) + copy(randSrc[32:], messageBytes) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -171,7 +176,7 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), message} + toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return nil, err @@ -201,15 +206,16 @@ func (privKey *PrivateKey) SignFr(message [sizeFr]byte, hFunc hash.Hash) ([]byte func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - xBytes := x[0].Bytes() - return pub.VerifyFr(sigBin, xBytes, hFunc) + var i big.Int + x[0].BigInt(&i) + return pub.VerifyNum(sigBin, i, hFunc) } else { return false, err } } -// Verify verifies an eddsa signature -func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.Hash) (bool, error) { +// VerifyNum verifies an eddsa signature +func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { curveParams := twistededwards.GetEdwardsCurve() @@ -228,7 +234,11 @@ func (pub *PublicKey) VerifyFr(sigBin []byte, message [sizeFr]byte, hFunc hash.H hFunc.Reset() - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), message} + var messageBytesCanonical [sizeFr]byte + messageBytes := message.Bytes() + copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend + toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + for i := range toWrite { if _, err := hFunc.Write(toWrite[i][:]); err != nil { return false, err diff --git a/signature/signature.go b/signature/signature.go index 8e3915705..f10b6e0b9 100644 --- a/signature/signature.go +++ b/signature/signature.go @@ -58,7 +58,7 @@ type Signer interface { // Sign signs a message. If hFunc is not provided, implementation may consider the message // to be pre-hashed, else, will use hFunc to hash the message. // Returns Signature or error - Sign(message []byte) ([]byte, error) + Sign(message []byte, hFunc hash.Hash) ([]byte, error) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) From 46d9e868f98c4cb1b23f179c99a5da9e73d14cd1 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Wed, 1 Feb 2023 17:41:35 -0500 Subject: [PATCH 20/30] feat: Merkle tree to panic upon hash write error --- accumulator/merkletree/tree.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/accumulator/merkletree/tree.go b/accumulator/merkletree/tree.go index bb5ec8c72..136af1e16 100644 --- a/accumulator/merkletree/tree.go +++ b/accumulator/merkletree/tree.go @@ -77,7 +77,10 @@ func sum(h hash.Hash, data ...[]byte) []byte { for _, d := range data { // the Hash interface specifies that Write never returns an error - _, _ = h.Write(d) + _, err := h.Write(d) + if err != nil { + panic(err) + } } return h.Sum(nil) } From 389d5e4a0a6dee3c19134e1669afd69b38cf610d Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 2 Feb 2023 12:52:04 -0500 Subject: [PATCH 21/30] revert: mimc to take in multiple elements --- ecc/bls12-377/fr/mimc/mimc.go | 29 ++++++++++++++----- ecc/bls12-378/fr/mimc/mimc.go | 29 ++++++++++++++----- ecc/bls12-381/fr/mimc/mimc.go | 29 ++++++++++++++----- ecc/bls24-315/fr/mimc/mimc.go | 29 ++++++++++++++----- ecc/bls24-317/fr/mimc/mimc.go | 29 ++++++++++++++----- ecc/bn254/fr/mimc/mimc.go | 29 ++++++++++++++----- ecc/bw6-633/fr/mimc/mimc.go | 29 ++++++++++++++----- ecc/bw6-756/fr/mimc/mimc.go | 29 ++++++++++++++----- ecc/bw6-761/fr/mimc/mimc.go | 29 ++++++++++++++----- .../crypto/hash/mimc/template/mimc.go.tmpl | 14 ++++----- 10 files changed, 205 insertions(+), 70 deletions(-) diff --git a/ecc/bls12-377/fr/mimc/mimc.go b/ecc/bls12-377/fr/mimc/mimc.go index f4e46564a..709f63b9b 100644 --- a/ecc/bls12-377/fr/mimc/mimc.go +++ b/ecc/bls12-377/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" @@ -90,15 +91,29 @@ func (d *digest) BlockSize() int { return BlockSize } -// Write (via the embedded io.Writer interface) adds more data to the running hash. -// p represents a big endian fr.Element. For non-field-elements strings use WriteString +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first + func (d *digest) Write(p []byte) (int, error) { - if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { - d.data = append(d.data, elem) - return BlockSize, nil - } else { - return 0, err + + var start int + for start = 0; start < len(p); start += BlockSize { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err + } + } + + if start != len(p) { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") } + return len(p), nil } // Hash hash using Miyaguchi-Preneel: diff --git a/ecc/bls12-378/fr/mimc/mimc.go b/ecc/bls12-378/fr/mimc/mimc.go index 264af5372..607859828 100644 --- a/ecc/bls12-378/fr/mimc/mimc.go +++ b/ecc/bls12-378/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" @@ -90,15 +91,29 @@ func (d *digest) BlockSize() int { return BlockSize } -// Write (via the embedded io.Writer interface) adds more data to the running hash. -// p represents a big endian fr.Element. For non-field-elements strings use WriteString +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first + func (d *digest) Write(p []byte) (int, error) { - if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { - d.data = append(d.data, elem) - return BlockSize, nil - } else { - return 0, err + + var start int + for start = 0; start < len(p); start += BlockSize { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err + } + } + + if start != len(p) { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") } + return len(p), nil } // Hash hash using Miyaguchi-Preneel: diff --git a/ecc/bls12-381/fr/mimc/mimc.go b/ecc/bls12-381/fr/mimc/mimc.go index cacad8e72..22f583823 100644 --- a/ecc/bls12-381/fr/mimc/mimc.go +++ b/ecc/bls12-381/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" @@ -90,15 +91,29 @@ func (d *digest) BlockSize() int { return BlockSize } -// Write (via the embedded io.Writer interface) adds more data to the running hash. -// p represents a big endian fr.Element. For non-field-elements strings use WriteString +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first + func (d *digest) Write(p []byte) (int, error) { - if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { - d.data = append(d.data, elem) - return BlockSize, nil - } else { - return 0, err + + var start int + for start = 0; start < len(p); start += BlockSize { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err + } + } + + if start != len(p) { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") } + return len(p), nil } // Hash hash using Miyaguchi-Preneel: diff --git a/ecc/bls24-315/fr/mimc/mimc.go b/ecc/bls24-315/fr/mimc/mimc.go index e1b082b18..4f9c3a9dc 100644 --- a/ecc/bls24-315/fr/mimc/mimc.go +++ b/ecc/bls24-315/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" @@ -90,15 +91,29 @@ func (d *digest) BlockSize() int { return BlockSize } -// Write (via the embedded io.Writer interface) adds more data to the running hash. -// p represents a big endian fr.Element. For non-field-elements strings use WriteString +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first + func (d *digest) Write(p []byte) (int, error) { - if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { - d.data = append(d.data, elem) - return BlockSize, nil - } else { - return 0, err + + var start int + for start = 0; start < len(p); start += BlockSize { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err + } + } + + if start != len(p) { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") } + return len(p), nil } // Hash hash using Miyaguchi-Preneel: diff --git a/ecc/bls24-317/fr/mimc/mimc.go b/ecc/bls24-317/fr/mimc/mimc.go index cfa9be49c..7f2776cdf 100644 --- a/ecc/bls24-317/fr/mimc/mimc.go +++ b/ecc/bls24-317/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" @@ -90,15 +91,29 @@ func (d *digest) BlockSize() int { return BlockSize } -// Write (via the embedded io.Writer interface) adds more data to the running hash. -// p represents a big endian fr.Element. For non-field-elements strings use WriteString +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first + func (d *digest) Write(p []byte) (int, error) { - if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { - d.data = append(d.data, elem) - return BlockSize, nil - } else { - return 0, err + + var start int + for start = 0; start < len(p); start += BlockSize { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err + } + } + + if start != len(p) { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") } + return len(p), nil } // Hash hash using Miyaguchi-Preneel: diff --git a/ecc/bn254/fr/mimc/mimc.go b/ecc/bn254/fr/mimc/mimc.go index 5aae2621e..dc364fd50 100644 --- a/ecc/bn254/fr/mimc/mimc.go +++ b/ecc/bn254/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bn254/fr" @@ -90,15 +91,29 @@ func (d *digest) BlockSize() int { return BlockSize } -// Write (via the embedded io.Writer interface) adds more data to the running hash. -// p represents a big endian fr.Element. For non-field-elements strings use WriteString +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first + func (d *digest) Write(p []byte) (int, error) { - if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { - d.data = append(d.data, elem) - return BlockSize, nil - } else { - return 0, err + + var start int + for start = 0; start < len(p); start += BlockSize { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err + } + } + + if start != len(p) { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") } + return len(p), nil } // Hash hash using Miyaguchi-Preneel: diff --git a/ecc/bw6-633/fr/mimc/mimc.go b/ecc/bw6-633/fr/mimc/mimc.go index d4054b56e..6db87045f 100644 --- a/ecc/bw6-633/fr/mimc/mimc.go +++ b/ecc/bw6-633/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" @@ -90,15 +91,29 @@ func (d *digest) BlockSize() int { return BlockSize } -// Write (via the embedded io.Writer interface) adds more data to the running hash. -// p represents a big endian fr.Element. For non-field-elements strings use WriteString +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first + func (d *digest) Write(p []byte) (int, error) { - if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { - d.data = append(d.data, elem) - return BlockSize, nil - } else { - return 0, err + + var start int + for start = 0; start < len(p); start += BlockSize { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err + } + } + + if start != len(p) { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") } + return len(p), nil } // Hash hash using Miyaguchi-Preneel: diff --git a/ecc/bw6-756/fr/mimc/mimc.go b/ecc/bw6-756/fr/mimc/mimc.go index fb95b3066..cb0bfeedc 100644 --- a/ecc/bw6-756/fr/mimc/mimc.go +++ b/ecc/bw6-756/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" @@ -90,15 +91,29 @@ func (d *digest) BlockSize() int { return BlockSize } -// Write (via the embedded io.Writer interface) adds more data to the running hash. -// p represents a big endian fr.Element. For non-field-elements strings use WriteString +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first + func (d *digest) Write(p []byte) (int, error) { - if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { - d.data = append(d.data, elem) - return BlockSize, nil - } else { - return 0, err + + var start int + for start = 0; start < len(p); start += BlockSize { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err + } + } + + if start != len(p) { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") } + return len(p), nil } // Hash hash using Miyaguchi-Preneel: diff --git a/ecc/bw6-761/fr/mimc/mimc.go b/ecc/bw6-761/fr/mimc/mimc.go index 7cdb425e6..115ba2925 100644 --- a/ecc/bw6-761/fr/mimc/mimc.go +++ b/ecc/bw6-761/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" @@ -90,15 +91,29 @@ func (d *digest) BlockSize() int { return BlockSize } -// Write (via the embedded io.Writer interface) adds more data to the running hash. -// p represents a big endian fr.Element. For non-field-elements strings use WriteString +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first + func (d *digest) Write(p []byte) (int, error) { - if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p)); err == nil { - d.data = append(d.data, elem) - return BlockSize, nil - } else { - return 0, err + + var start int + for start = 0; start < len(p); start += BlockSize { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { + d.data = append(d.data, elem) + return BlockSize, nil + } else { + return 0, err + } + } + + if start != len(p) { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") } + return len(p), nil } // Hash hash using Miyaguchi-Preneel: diff --git a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl index b53e05b90..ed0a87cf9 100644 --- a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl @@ -1,4 +1,5 @@ import ( + "errors" "hash" "math/big" @@ -99,9 +100,9 @@ func (d *digest) BlockSize() int { func (d *digest) Write(p []byte) (int, error) { - var end int - for end = BlockSize; end < len(p); end += BlockSize { - if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[end-BlockSize:end])); err == nil { + var start int + for start = 0; start < len(p); start += BlockSize { + if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start:start+BlockSize])); err == nil { d.data = append(d.data, elem) return BlockSize, nil } else { @@ -109,11 +110,10 @@ func (d *digest) Write(p []byte) (int, error) { } } - var err error - if end != len(p) { - err = errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") + if start != len(p) { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") } - return end, error + return len(p), nil } // Hash hash using Miyaguchi-Preneel: From fa19919b4fc6336dead884fe38884e284772222c Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 2 Feb 2023 12:53:15 -0500 Subject: [PATCH 22/30] revert: remove SignNum and VerifyNum --- signature/signature.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/signature/signature.go b/signature/signature.go index f10b6e0b9..7fe8d7834 100644 --- a/signature/signature.go +++ b/signature/signature.go @@ -19,7 +19,6 @@ package signature import ( "hash" - "math/big" ) // PublicKey public key interface. @@ -31,8 +30,6 @@ type PublicKey interface { // to be pre-hashed, else, will use hFunc to hash the message. Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) - VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) - // SetBytes sets p from binary representation in buf. // buf represents a public key as x||y where x, y are // interpreted as big endian binary numbers corresponding @@ -60,8 +57,6 @@ type Signer interface { // Returns Signature or error Sign(message []byte, hFunc hash.Hash) ([]byte, error) - SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) - // Bytes returns the binary representation of pk, // as byte array publicKey||scalar||randSrc // where publicKey is as publicKey.Bytes(), and From 4dd000a64ac4f07832e16389a06a42b8274de80b Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 2 Feb 2023 13:07:16 -0500 Subject: [PATCH 23/30] revert: Remove EdDSA SignNum and VerifyNum --- ecc/bls12-377/twistededwards/eddsa/eddsa.go | 58 +++++++------------ ecc/bls12-378/twistededwards/eddsa/eddsa.go | 58 +++++++------------ ecc/bls12-381/bandersnatch/eddsa/eddsa.go | 58 +++++++------------ ecc/bls12-381/twistededwards/eddsa/eddsa.go | 58 +++++++------------ ecc/bls24-315/twistededwards/eddsa/eddsa.go | 58 +++++++------------ ecc/bls24-317/twistededwards/eddsa/eddsa.go | 58 +++++++------------ ecc/bn254/twistededwards/eddsa/eddsa.go | 58 +++++++------------ ecc/bw6-633/twistededwards/eddsa/eddsa.go | 58 +++++++------------ ecc/bw6-756/twistededwards/eddsa/eddsa.go | 58 +++++++------------ ecc/bw6-761/twistededwards/eddsa/eddsa.go | 58 +++++++------------ .../edwards/eddsa/template/eddsa.go.tmpl | 58 +++++++------------ 11 files changed, 220 insertions(+), 418 deletions(-) diff --git a/ecc/bls12-377/twistededwards/eddsa/eddsa.go b/ecc/bls12-377/twistededwards/eddsa/eddsa.go index 4c515377e..7504f8be5 100644 --- a/ecc/bls12-377/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-377/twistededwards/eddsa/eddsa.go @@ -115,19 +115,10 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return privKey.SignNum(i, hFunc) - } else { - return nil, err - } -} - -// SignNum sign a field element +// Sign sign a sequence of field elements +// For arbitrary strings use fr.Hash first // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -144,14 +135,10 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(messageBytes)) + randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], messageBytes) + copy(randSrc[32:], message) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -166,9 +153,13 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + resRX := res.R.X.Bytes() + resRY := res.R.Y.Bytes() + resAX := privKey.PublicKey.A.X.Bytes() + resAY := privKey.PublicKey.A.Y.Bytes() + toWrite := [][]byte{resRX[:], resRY[:], resAX[:], resAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return nil, err } } @@ -194,18 +185,8 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er return res.Bytes(), nil } +// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return pub.VerifyNum(sigBin, i, hFunc) - } else { - return false, err - } -} - -// VerifyNum verifies an eddsa signature -func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -230,13 +211,14 @@ func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) hFunc.Reset() - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + sigRX := sig.R.X.Bytes() + sigRY := sig.R.Y.Bytes() + sigAX := pub.A.X.Bytes() + sigAY := pub.A.Y.Bytes() - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + toWrite := [][]byte{sigRX[:], sigRY[:], sigAX[:], sigAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return false, err } } diff --git a/ecc/bls12-378/twistededwards/eddsa/eddsa.go b/ecc/bls12-378/twistededwards/eddsa/eddsa.go index 1722ce768..69c203cb4 100644 --- a/ecc/bls12-378/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-378/twistededwards/eddsa/eddsa.go @@ -115,19 +115,10 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return privKey.SignNum(i, hFunc) - } else { - return nil, err - } -} - -// SignNum sign a field element +// Sign sign a sequence of field elements +// For arbitrary strings use fr.Hash first // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -144,14 +135,10 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(messageBytes)) + randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], messageBytes) + copy(randSrc[32:], message) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -166,9 +153,13 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + resRX := res.R.X.Bytes() + resRY := res.R.Y.Bytes() + resAX := privKey.PublicKey.A.X.Bytes() + resAY := privKey.PublicKey.A.Y.Bytes() + toWrite := [][]byte{resRX[:], resRY[:], resAX[:], resAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return nil, err } } @@ -194,18 +185,8 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er return res.Bytes(), nil } +// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return pub.VerifyNum(sigBin, i, hFunc) - } else { - return false, err - } -} - -// VerifyNum verifies an eddsa signature -func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -230,13 +211,14 @@ func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) hFunc.Reset() - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + sigRX := sig.R.X.Bytes() + sigRY := sig.R.Y.Bytes() + sigAX := pub.A.X.Bytes() + sigAY := pub.A.Y.Bytes() - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + toWrite := [][]byte{sigRX[:], sigRY[:], sigAX[:], sigAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return false, err } } diff --git a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go index f53f75ca8..79563ce32 100644 --- a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go +++ b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go @@ -115,19 +115,10 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return privKey.SignNum(i, hFunc) - } else { - return nil, err - } -} - -// SignNum sign a field element +// Sign sign a sequence of field elements +// For arbitrary strings use fr.Hash first // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -144,14 +135,10 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(messageBytes)) + randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], messageBytes) + copy(randSrc[32:], message) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -166,9 +153,13 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + resRX := res.R.X.Bytes() + resRY := res.R.Y.Bytes() + resAX := privKey.PublicKey.A.X.Bytes() + resAY := privKey.PublicKey.A.Y.Bytes() + toWrite := [][]byte{resRX[:], resRY[:], resAX[:], resAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return nil, err } } @@ -194,18 +185,8 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er return res.Bytes(), nil } +// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return pub.VerifyNum(sigBin, i, hFunc) - } else { - return false, err - } -} - -// VerifyNum verifies an eddsa signature -func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -230,13 +211,14 @@ func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) hFunc.Reset() - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + sigRX := sig.R.X.Bytes() + sigRY := sig.R.Y.Bytes() + sigAX := pub.A.X.Bytes() + sigAY := pub.A.Y.Bytes() - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + toWrite := [][]byte{sigRX[:], sigRY[:], sigAX[:], sigAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return false, err } } diff --git a/ecc/bls12-381/twistededwards/eddsa/eddsa.go b/ecc/bls12-381/twistededwards/eddsa/eddsa.go index f53f75ca8..79563ce32 100644 --- a/ecc/bls12-381/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-381/twistededwards/eddsa/eddsa.go @@ -115,19 +115,10 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return privKey.SignNum(i, hFunc) - } else { - return nil, err - } -} - -// SignNum sign a field element +// Sign sign a sequence of field elements +// For arbitrary strings use fr.Hash first // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -144,14 +135,10 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(messageBytes)) + randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], messageBytes) + copy(randSrc[32:], message) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -166,9 +153,13 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + resRX := res.R.X.Bytes() + resRY := res.R.Y.Bytes() + resAX := privKey.PublicKey.A.X.Bytes() + resAY := privKey.PublicKey.A.Y.Bytes() + toWrite := [][]byte{resRX[:], resRY[:], resAX[:], resAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return nil, err } } @@ -194,18 +185,8 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er return res.Bytes(), nil } +// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return pub.VerifyNum(sigBin, i, hFunc) - } else { - return false, err - } -} - -// VerifyNum verifies an eddsa signature -func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -230,13 +211,14 @@ func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) hFunc.Reset() - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + sigRX := sig.R.X.Bytes() + sigRY := sig.R.Y.Bytes() + sigAX := pub.A.X.Bytes() + sigAY := pub.A.Y.Bytes() - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + toWrite := [][]byte{sigRX[:], sigRY[:], sigAX[:], sigAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return false, err } } diff --git a/ecc/bls24-315/twistededwards/eddsa/eddsa.go b/ecc/bls24-315/twistededwards/eddsa/eddsa.go index a11735cbc..e050ada3a 100644 --- a/ecc/bls24-315/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-315/twistededwards/eddsa/eddsa.go @@ -115,19 +115,10 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return privKey.SignNum(i, hFunc) - } else { - return nil, err - } -} - -// SignNum sign a field element +// Sign sign a sequence of field elements +// For arbitrary strings use fr.Hash first // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -144,14 +135,10 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(messageBytes)) + randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], messageBytes) + copy(randSrc[32:], message) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -166,9 +153,13 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + resRX := res.R.X.Bytes() + resRY := res.R.Y.Bytes() + resAX := privKey.PublicKey.A.X.Bytes() + resAY := privKey.PublicKey.A.Y.Bytes() + toWrite := [][]byte{resRX[:], resRY[:], resAX[:], resAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return nil, err } } @@ -194,18 +185,8 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er return res.Bytes(), nil } +// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return pub.VerifyNum(sigBin, i, hFunc) - } else { - return false, err - } -} - -// VerifyNum verifies an eddsa signature -func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -230,13 +211,14 @@ func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) hFunc.Reset() - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + sigRX := sig.R.X.Bytes() + sigRY := sig.R.Y.Bytes() + sigAX := pub.A.X.Bytes() + sigAY := pub.A.Y.Bytes() - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + toWrite := [][]byte{sigRX[:], sigRY[:], sigAX[:], sigAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return false, err } } diff --git a/ecc/bls24-317/twistededwards/eddsa/eddsa.go b/ecc/bls24-317/twistededwards/eddsa/eddsa.go index 544f5f7a8..8068188fb 100644 --- a/ecc/bls24-317/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-317/twistededwards/eddsa/eddsa.go @@ -115,19 +115,10 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return privKey.SignNum(i, hFunc) - } else { - return nil, err - } -} - -// SignNum sign a field element +// Sign sign a sequence of field elements +// For arbitrary strings use fr.Hash first // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -144,14 +135,10 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(messageBytes)) + randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], messageBytes) + copy(randSrc[32:], message) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -166,9 +153,13 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + resRX := res.R.X.Bytes() + resRY := res.R.Y.Bytes() + resAX := privKey.PublicKey.A.X.Bytes() + resAY := privKey.PublicKey.A.Y.Bytes() + toWrite := [][]byte{resRX[:], resRY[:], resAX[:], resAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return nil, err } } @@ -194,18 +185,8 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er return res.Bytes(), nil } +// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return pub.VerifyNum(sigBin, i, hFunc) - } else { - return false, err - } -} - -// VerifyNum verifies an eddsa signature -func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -230,13 +211,14 @@ func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) hFunc.Reset() - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + sigRX := sig.R.X.Bytes() + sigRY := sig.R.Y.Bytes() + sigAX := pub.A.X.Bytes() + sigAY := pub.A.Y.Bytes() - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + toWrite := [][]byte{sigRX[:], sigRY[:], sigAX[:], sigAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return false, err } } diff --git a/ecc/bn254/twistededwards/eddsa/eddsa.go b/ecc/bn254/twistededwards/eddsa/eddsa.go index e8758ceb5..f73cf9271 100644 --- a/ecc/bn254/twistededwards/eddsa/eddsa.go +++ b/ecc/bn254/twistededwards/eddsa/eddsa.go @@ -115,19 +115,10 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return privKey.SignNum(i, hFunc) - } else { - return nil, err - } -} - -// SignNum sign a field element +// Sign sign a sequence of field elements +// For arbitrary strings use fr.Hash first // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -144,14 +135,10 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(messageBytes)) + randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], messageBytes) + copy(randSrc[32:], message) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -166,9 +153,13 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + resRX := res.R.X.Bytes() + resRY := res.R.Y.Bytes() + resAX := privKey.PublicKey.A.X.Bytes() + resAY := privKey.PublicKey.A.Y.Bytes() + toWrite := [][]byte{resRX[:], resRY[:], resAX[:], resAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return nil, err } } @@ -194,18 +185,8 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er return res.Bytes(), nil } +// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return pub.VerifyNum(sigBin, i, hFunc) - } else { - return false, err - } -} - -// VerifyNum verifies an eddsa signature -func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -230,13 +211,14 @@ func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) hFunc.Reset() - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + sigRX := sig.R.X.Bytes() + sigRY := sig.R.Y.Bytes() + sigAX := pub.A.X.Bytes() + sigAY := pub.A.Y.Bytes() - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + toWrite := [][]byte{sigRX[:], sigRY[:], sigAX[:], sigAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return false, err } } diff --git a/ecc/bw6-633/twistededwards/eddsa/eddsa.go b/ecc/bw6-633/twistededwards/eddsa/eddsa.go index d7d9d9677..2b51803c5 100644 --- a/ecc/bw6-633/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-633/twistededwards/eddsa/eddsa.go @@ -124,19 +124,10 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return privKey.SignNum(i, hFunc) - } else { - return nil, err - } -} - -// SignNum sign a field element +// Sign sign a sequence of field elements +// For arbitrary strings use fr.Hash first // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -153,14 +144,10 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(messageBytes)) + randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], messageBytes) + copy(randSrc[32:], message) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -175,9 +162,13 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + resRX := res.R.X.Bytes() + resRY := res.R.Y.Bytes() + resAX := privKey.PublicKey.A.X.Bytes() + resAY := privKey.PublicKey.A.Y.Bytes() + toWrite := [][]byte{resRX[:], resRY[:], resAX[:], resAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return nil, err } } @@ -203,18 +194,8 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er return res.Bytes(), nil } +// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return pub.VerifyNum(sigBin, i, hFunc) - } else { - return false, err - } -} - -// VerifyNum verifies an eddsa signature -func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -239,13 +220,14 @@ func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) hFunc.Reset() - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + sigRX := sig.R.X.Bytes() + sigRY := sig.R.Y.Bytes() + sigAX := pub.A.X.Bytes() + sigAY := pub.A.Y.Bytes() - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + toWrite := [][]byte{sigRX[:], sigRY[:], sigAX[:], sigAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return false, err } } diff --git a/ecc/bw6-756/twistededwards/eddsa/eddsa.go b/ecc/bw6-756/twistededwards/eddsa/eddsa.go index fb844181e..69a31dc54 100644 --- a/ecc/bw6-756/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-756/twistededwards/eddsa/eddsa.go @@ -124,19 +124,10 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return privKey.SignNum(i, hFunc) - } else { - return nil, err - } -} - -// SignNum sign a field element +// Sign sign a sequence of field elements +// For arbitrary strings use fr.Hash first // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -153,14 +144,10 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(messageBytes)) + randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], messageBytes) + copy(randSrc[32:], message) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -175,9 +162,13 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + resRX := res.R.X.Bytes() + resRY := res.R.Y.Bytes() + resAX := privKey.PublicKey.A.X.Bytes() + resAY := privKey.PublicKey.A.Y.Bytes() + toWrite := [][]byte{resRX[:], resRY[:], resAX[:], resAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return nil, err } } @@ -203,18 +194,8 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er return res.Bytes(), nil } +// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return pub.VerifyNum(sigBin, i, hFunc) - } else { - return false, err - } -} - -// VerifyNum verifies an eddsa signature -func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -239,13 +220,14 @@ func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) hFunc.Reset() - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + sigRX := sig.R.X.Bytes() + sigRY := sig.R.Y.Bytes() + sigAX := pub.A.X.Bytes() + sigAY := pub.A.Y.Bytes() - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + toWrite := [][]byte{sigRX[:], sigRY[:], sigAX[:], sigAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return false, err } } diff --git a/ecc/bw6-761/twistededwards/eddsa/eddsa.go b/ecc/bw6-761/twistededwards/eddsa/eddsa.go index 791ae6e58..400b07bee 100644 --- a/ecc/bw6-761/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-761/twistededwards/eddsa/eddsa.go @@ -124,19 +124,10 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return privKey.SignNum(i, hFunc) - } else { - return nil, err - } -} - -// SignNum sign a field element +// Sign sign a sequence of field elements +// For arbitrary strings use fr.Hash first // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -153,14 +144,10 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(messageBytes)) + randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], messageBytes) + copy(randSrc[32:], message) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -175,9 +162,13 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + resRX := res.R.X.Bytes() + resRY := res.R.Y.Bytes() + resAX := privKey.PublicKey.A.X.Bytes() + resAY := privKey.PublicKey.A.Y.Bytes() + toWrite := [][]byte{resRX[:], resRY[:], resAX[:], resAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return nil, err } } @@ -203,18 +194,8 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er return res.Bytes(), nil } +// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return pub.VerifyNum(sigBin, i, hFunc) - } else { - return false, err - } -} - -// VerifyNum verifies an eddsa signature -func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -239,13 +220,14 @@ func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) hFunc.Reset() - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + sigRX := sig.R.X.Bytes() + sigRY := sig.R.Y.Bytes() + sigAX := pub.A.X.Bytes() + sigAY := pub.A.Y.Bytes() - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + toWrite := [][]byte{sigRX[:], sigRY[:], sigAX[:], sigAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return false, err } } diff --git a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl index 3eb3332dc..244d2bdf2 100644 --- a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl +++ b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl @@ -132,19 +132,10 @@ func (privKey *PrivateKey) Public() signature.PublicKey { return &pub } -func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return privKey.SignNum(i, hFunc) - } else { - return nil, err - } -} - -// SignNum sign a field element +// Sign sign a sequence of field elements +// For arbitrary strings use fr.Hash first // Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8) -func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, error) { +func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -161,14 +152,10 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // blindingFactorBigInt = h(randomness_source||message)[:sizeFr] var blindingFactorBigInt big.Int - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - // randSrc = privKey.randSrc || msg (-> message = MSB message .. LSB message) - randSrc := make([]byte, 32+len(messageBytes)) + randSrc := make([]byte, 32+len(message)) copy(randSrc, privKey.randSrc[:]) - copy(randSrc[32:], messageBytes) + copy(randSrc[32:], message) // randBytes = H(randSrc) blindingFactorBytes := blake2b.Sum512(randSrc[:]) // TODO ensures that the hash used to build the key and the one used here is the same @@ -183,9 +170,13 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er // compute H(R, A, M), all parameters in data are in Montgomery form hFunc.Reset() - toWrite := [][sizeFr]byte{res.R.X.Bytes(), res.R.Y.Bytes(), privKey.PublicKey.A.X.Bytes(), privKey.PublicKey.A.Y.Bytes(), messageBytesCanonical} - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + resRX := res.R.X.Bytes() + resRY := res.R.Y.Bytes() + resAX := privKey.PublicKey.A.X.Bytes() + resAY := privKey.PublicKey.A.Y.Bytes() + toWrite := [][]byte{resRX[:], resRY[:], resAX[:], resAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return nil, err } } @@ -211,18 +202,8 @@ func (privKey *PrivateKey) SignNum(message big.Int, hFunc hash.Hash) ([]byte, er return res.Bytes(), nil } +// Verify verifies an eddsa signature func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error) { - if x, err := fr.Hash(message, []byte("string:"), 1); err == nil { - var i big.Int - x[0].BigInt(&i) - return pub.VerifyNum(sigBin, i, hFunc) - } else { - return false, err - } -} - -// VerifyNum verifies an eddsa signature -func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) (bool, error) { // hFunc cannot be nil. // We need a hash function for the Fiat-Shamir. @@ -247,13 +228,14 @@ func (pub *PublicKey) VerifyNum(sigBin []byte, message big.Int, hFunc hash.Hash) hFunc.Reset() - var messageBytesCanonical [sizeFr]byte - messageBytes := message.Bytes() - copy(messageBytesCanonical[sizeFr-len(messageBytes):], messageBytes) // little endian zero extend - toWrite := [][sizeFr]byte{sig.R.X.Bytes(), sig.R.Y.Bytes(), pub.A.X.Bytes(), pub.A.Y.Bytes(), messageBytesCanonical} + sigRX := sig.R.X.Bytes() + sigRY := sig.R.Y.Bytes() + sigAX := pub.A.X.Bytes() + sigAY := pub.A.Y.Bytes() - for i := range toWrite { - if _, err := hFunc.Write(toWrite[i][:]); err != nil { + toWrite := [][]byte{sigRX[:], sigRY[:], sigAX[:], sigAY[:], message} + for _, bytes := range toWrite { + if _, err := hFunc.Write(bytes); err != nil { return false, err } } From aa62b7ebb3a24db62b354d50c8ad2b14a96d5563 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 2 Feb 2023 13:10:05 -0500 Subject: [PATCH 24/30] build: weird staticcheck rule --- ecc/bls12-377/twistededwards/eddsa/eddsa.go | 2 +- ecc/bls12-378/twistededwards/eddsa/eddsa.go | 2 +- ecc/bls12-381/bandersnatch/eddsa/eddsa.go | 2 +- ecc/bls12-381/twistededwards/eddsa/eddsa.go | 2 +- ecc/bls24-315/twistededwards/eddsa/eddsa.go | 2 +- ecc/bls24-317/twistededwards/eddsa/eddsa.go | 2 +- ecc/bn254/twistededwards/eddsa/eddsa.go | 2 +- ecc/bw6-633/twistededwards/eddsa/eddsa.go | 2 +- ecc/bw6-756/twistededwards/eddsa/eddsa.go | 2 +- ecc/bw6-761/twistededwards/eddsa/eddsa.go | 2 +- internal/generator/edwards/eddsa/template/eddsa.go.tmpl | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/ecc/bls12-377/twistededwards/eddsa/eddsa.go b/ecc/bls12-377/twistededwards/eddsa/eddsa.go index 7504f8be5..10936f8f0 100644 --- a/ecc/bls12-377/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-377/twistededwards/eddsa/eddsa.go @@ -30,7 +30,7 @@ import ( ) var errNotOnCurve = errors.New("point not on curve") -var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir.") +var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir") const ( sizeFr = fr.Bytes diff --git a/ecc/bls12-378/twistededwards/eddsa/eddsa.go b/ecc/bls12-378/twistededwards/eddsa/eddsa.go index 69c203cb4..93507b1bd 100644 --- a/ecc/bls12-378/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-378/twistededwards/eddsa/eddsa.go @@ -30,7 +30,7 @@ import ( ) var errNotOnCurve = errors.New("point not on curve") -var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir.") +var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir") const ( sizeFr = fr.Bytes diff --git a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go index 79563ce32..cf54a5e30 100644 --- a/ecc/bls12-381/bandersnatch/eddsa/eddsa.go +++ b/ecc/bls12-381/bandersnatch/eddsa/eddsa.go @@ -30,7 +30,7 @@ import ( ) var errNotOnCurve = errors.New("point not on curve") -var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir.") +var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir") const ( sizeFr = fr.Bytes diff --git a/ecc/bls12-381/twistededwards/eddsa/eddsa.go b/ecc/bls12-381/twistededwards/eddsa/eddsa.go index 79563ce32..cf54a5e30 100644 --- a/ecc/bls12-381/twistededwards/eddsa/eddsa.go +++ b/ecc/bls12-381/twistededwards/eddsa/eddsa.go @@ -30,7 +30,7 @@ import ( ) var errNotOnCurve = errors.New("point not on curve") -var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir.") +var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir") const ( sizeFr = fr.Bytes diff --git a/ecc/bls24-315/twistededwards/eddsa/eddsa.go b/ecc/bls24-315/twistededwards/eddsa/eddsa.go index e050ada3a..2370508c7 100644 --- a/ecc/bls24-315/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-315/twistededwards/eddsa/eddsa.go @@ -30,7 +30,7 @@ import ( ) var errNotOnCurve = errors.New("point not on curve") -var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir.") +var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir") const ( sizeFr = fr.Bytes diff --git a/ecc/bls24-317/twistededwards/eddsa/eddsa.go b/ecc/bls24-317/twistededwards/eddsa/eddsa.go index 8068188fb..0968378a4 100644 --- a/ecc/bls24-317/twistededwards/eddsa/eddsa.go +++ b/ecc/bls24-317/twistededwards/eddsa/eddsa.go @@ -30,7 +30,7 @@ import ( ) var errNotOnCurve = errors.New("point not on curve") -var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir.") +var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir") const ( sizeFr = fr.Bytes diff --git a/ecc/bn254/twistededwards/eddsa/eddsa.go b/ecc/bn254/twistededwards/eddsa/eddsa.go index f73cf9271..dbe9d655f 100644 --- a/ecc/bn254/twistededwards/eddsa/eddsa.go +++ b/ecc/bn254/twistededwards/eddsa/eddsa.go @@ -30,7 +30,7 @@ import ( ) var errNotOnCurve = errors.New("point not on curve") -var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir.") +var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir") const ( sizeFr = fr.Bytes diff --git a/ecc/bw6-633/twistededwards/eddsa/eddsa.go b/ecc/bw6-633/twistededwards/eddsa/eddsa.go index 2b51803c5..64468787f 100644 --- a/ecc/bw6-633/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-633/twistededwards/eddsa/eddsa.go @@ -30,7 +30,7 @@ import ( ) var errNotOnCurve = errors.New("point not on curve") -var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir.") +var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir") const ( sizeFr = fr.Bytes diff --git a/ecc/bw6-756/twistededwards/eddsa/eddsa.go b/ecc/bw6-756/twistededwards/eddsa/eddsa.go index 69a31dc54..cca418c74 100644 --- a/ecc/bw6-756/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-756/twistededwards/eddsa/eddsa.go @@ -30,7 +30,7 @@ import ( ) var errNotOnCurve = errors.New("point not on curve") -var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir.") +var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir") const ( sizeFr = fr.Bytes diff --git a/ecc/bw6-761/twistededwards/eddsa/eddsa.go b/ecc/bw6-761/twistededwards/eddsa/eddsa.go index 400b07bee..c0facc74e 100644 --- a/ecc/bw6-761/twistededwards/eddsa/eddsa.go +++ b/ecc/bw6-761/twistededwards/eddsa/eddsa.go @@ -30,7 +30,7 @@ import ( ) var errNotOnCurve = errors.New("point not on curve") -var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir.") +var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir") const ( sizeFr = fr.Bytes diff --git a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl index 244d2bdf2..7b345572d 100644 --- a/internal/generator/edwards/eddsa/template/eddsa.go.tmpl +++ b/internal/generator/edwards/eddsa/template/eddsa.go.tmpl @@ -12,7 +12,7 @@ import ( ) var errNotOnCurve = errors.New("point not on curve") -var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir.") +var errHashNeeded = errors.New("hFunc cannot be nil. We need a hash for Fiat-Shamir") const ( sizeFr = fr.Bytes From c9b64ee67f01506e2e42cb232d910667adf21dc9 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 2 Feb 2023 13:33:51 -0500 Subject: [PATCH 25/30] revert: deleted mimc.Write documentation --- ecc/bls12-377/fr/mimc/mimc.go | 3 ++- ecc/bls12-378/fr/mimc/mimc.go | 3 ++- ecc/bls12-381/fr/mimc/mimc.go | 3 ++- ecc/bls24-315/fr/mimc/mimc.go | 3 ++- ecc/bls24-317/fr/mimc/mimc.go | 3 ++- ecc/bn254/fr/mimc/mimc.go | 3 ++- ecc/bw6-633/fr/mimc/mimc.go | 3 ++- ecc/bw6-756/fr/mimc/mimc.go | 3 ++- ecc/bw6-761/fr/mimc/mimc.go | 3 ++- internal/generator/crypto/hash/mimc/template/mimc.go.tmpl | 3 ++- 10 files changed, 20 insertions(+), 10 deletions(-) diff --git a/ecc/bls12-377/fr/mimc/mimc.go b/ecc/bls12-377/fr/mimc/mimc.go index 709f63b9b..d343bc382 100644 --- a/ecc/bls12-377/fr/mimc/mimc.go +++ b/ecc/bls12-377/fr/mimc/mimc.go @@ -91,13 +91,14 @@ func (d *digest) BlockSize() int { return BlockSize } +// Write (via the embedded io.Writer interface) adds more data to the running hash. +// // Each []byte block of size BlockSize represents a big endian fr.Element. // // If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer // larger than fr.Modulus, this function returns an error. // // To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first - func (d *digest) Write(p []byte) (int, error) { var start int diff --git a/ecc/bls12-378/fr/mimc/mimc.go b/ecc/bls12-378/fr/mimc/mimc.go index 607859828..e0a63b874 100644 --- a/ecc/bls12-378/fr/mimc/mimc.go +++ b/ecc/bls12-378/fr/mimc/mimc.go @@ -91,13 +91,14 @@ func (d *digest) BlockSize() int { return BlockSize } +// Write (via the embedded io.Writer interface) adds more data to the running hash. +// // Each []byte block of size BlockSize represents a big endian fr.Element. // // If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer // larger than fr.Modulus, this function returns an error. // // To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first - func (d *digest) Write(p []byte) (int, error) { var start int diff --git a/ecc/bls12-381/fr/mimc/mimc.go b/ecc/bls12-381/fr/mimc/mimc.go index 22f583823..6c3f62b91 100644 --- a/ecc/bls12-381/fr/mimc/mimc.go +++ b/ecc/bls12-381/fr/mimc/mimc.go @@ -91,13 +91,14 @@ func (d *digest) BlockSize() int { return BlockSize } +// Write (via the embedded io.Writer interface) adds more data to the running hash. +// // Each []byte block of size BlockSize represents a big endian fr.Element. // // If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer // larger than fr.Modulus, this function returns an error. // // To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first - func (d *digest) Write(p []byte) (int, error) { var start int diff --git a/ecc/bls24-315/fr/mimc/mimc.go b/ecc/bls24-315/fr/mimc/mimc.go index 4f9c3a9dc..0fa81bd8f 100644 --- a/ecc/bls24-315/fr/mimc/mimc.go +++ b/ecc/bls24-315/fr/mimc/mimc.go @@ -91,13 +91,14 @@ func (d *digest) BlockSize() int { return BlockSize } +// Write (via the embedded io.Writer interface) adds more data to the running hash. +// // Each []byte block of size BlockSize represents a big endian fr.Element. // // If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer // larger than fr.Modulus, this function returns an error. // // To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first - func (d *digest) Write(p []byte) (int, error) { var start int diff --git a/ecc/bls24-317/fr/mimc/mimc.go b/ecc/bls24-317/fr/mimc/mimc.go index 7f2776cdf..0dfcfbeed 100644 --- a/ecc/bls24-317/fr/mimc/mimc.go +++ b/ecc/bls24-317/fr/mimc/mimc.go @@ -91,13 +91,14 @@ func (d *digest) BlockSize() int { return BlockSize } +// Write (via the embedded io.Writer interface) adds more data to the running hash. +// // Each []byte block of size BlockSize represents a big endian fr.Element. // // If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer // larger than fr.Modulus, this function returns an error. // // To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first - func (d *digest) Write(p []byte) (int, error) { var start int diff --git a/ecc/bn254/fr/mimc/mimc.go b/ecc/bn254/fr/mimc/mimc.go index dc364fd50..9736e56e7 100644 --- a/ecc/bn254/fr/mimc/mimc.go +++ b/ecc/bn254/fr/mimc/mimc.go @@ -91,13 +91,14 @@ func (d *digest) BlockSize() int { return BlockSize } +// Write (via the embedded io.Writer interface) adds more data to the running hash. +// // Each []byte block of size BlockSize represents a big endian fr.Element. // // If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer // larger than fr.Modulus, this function returns an error. // // To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first - func (d *digest) Write(p []byte) (int, error) { var start int diff --git a/ecc/bw6-633/fr/mimc/mimc.go b/ecc/bw6-633/fr/mimc/mimc.go index 6db87045f..c85ba1ba3 100644 --- a/ecc/bw6-633/fr/mimc/mimc.go +++ b/ecc/bw6-633/fr/mimc/mimc.go @@ -91,13 +91,14 @@ func (d *digest) BlockSize() int { return BlockSize } +// Write (via the embedded io.Writer interface) adds more data to the running hash. +// // Each []byte block of size BlockSize represents a big endian fr.Element. // // If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer // larger than fr.Modulus, this function returns an error. // // To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first - func (d *digest) Write(p []byte) (int, error) { var start int diff --git a/ecc/bw6-756/fr/mimc/mimc.go b/ecc/bw6-756/fr/mimc/mimc.go index cb0bfeedc..cbac9d8be 100644 --- a/ecc/bw6-756/fr/mimc/mimc.go +++ b/ecc/bw6-756/fr/mimc/mimc.go @@ -91,13 +91,14 @@ func (d *digest) BlockSize() int { return BlockSize } +// Write (via the embedded io.Writer interface) adds more data to the running hash. +// // Each []byte block of size BlockSize represents a big endian fr.Element. // // If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer // larger than fr.Modulus, this function returns an error. // // To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first - func (d *digest) Write(p []byte) (int, error) { var start int diff --git a/ecc/bw6-761/fr/mimc/mimc.go b/ecc/bw6-761/fr/mimc/mimc.go index 115ba2925..2ea4de12f 100644 --- a/ecc/bw6-761/fr/mimc/mimc.go +++ b/ecc/bw6-761/fr/mimc/mimc.go @@ -91,13 +91,14 @@ func (d *digest) BlockSize() int { return BlockSize } +// Write (via the embedded io.Writer interface) adds more data to the running hash. +// // Each []byte block of size BlockSize represents a big endian fr.Element. // // If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer // larger than fr.Modulus, this function returns an error. // // To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first - func (d *digest) Write(p []byte) (int, error) { var start int diff --git a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl index ed0a87cf9..59ee2aab2 100644 --- a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl @@ -91,13 +91,14 @@ func (d *digest) BlockSize() int { return BlockSize } +// Write (via the embedded io.Writer interface) adds more data to the running hash. +// // Each []byte block of size BlockSize represents a big endian fr.Element. // // If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer // larger than fr.Modulus, this function returns an error. // // To hash arbitrary data ([]byte not representing canonical field elements) use fr.Hash first - func (d *digest) Write(p []byte) (int, error) { var start int From 28a5eb34d36c5dcb9de5df7ae811ee22fa63f14c Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 2 Feb 2023 13:49:49 -0500 Subject: [PATCH 26/30] test: mimc to write out its ins and outs --- ecc/bn254/fr/mimc/mimc.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ecc/bn254/fr/mimc/mimc.go b/ecc/bn254/fr/mimc/mimc.go index 9736e56e7..d586d454a 100644 --- a/ecc/bn254/fr/mimc/mimc.go +++ b/ecc/bn254/fr/mimc/mimc.go @@ -18,6 +18,7 @@ package mimc import ( "errors" + "fmt" "hash" "github.com/consensys/gnark-crypto/ecc/bn254/fr" @@ -117,6 +118,13 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } +func prefix(s string) string { + if len(s) < 5 { + return s + } + return s[:5] +} + // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -129,11 +137,16 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ + fmt.Print("hashing ") + for i := range d.data { + fmt.Print(prefix(d.data[i].Text(10)), ",") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } + fmt.Println(" =>", prefix(d.h.Text(10))) + return d.h } From 8126db3a93d6a7ce1f393c21f0d5ab9c3b189fdd Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 2 Feb 2023 13:56:20 -0500 Subject: [PATCH 27/30] test: printfs in mimc --- ecc/bls12-377/fr/mimc/mimc.go | 14 ++++++++++++++ ecc/bls12-378/fr/mimc/mimc.go | 14 ++++++++++++++ ecc/bls12-381/fr/mimc/mimc.go | 14 ++++++++++++++ ecc/bls24-315/fr/mimc/mimc.go | 14 ++++++++++++++ ecc/bls24-317/fr/mimc/mimc.go | 14 ++++++++++++++ ecc/bn254/fr/mimc/mimc.go | 3 ++- ecc/bw6-633/fr/mimc/mimc.go | 14 ++++++++++++++ ecc/bw6-756/fr/mimc/mimc.go | 14 ++++++++++++++ ecc/bw6-761/fr/mimc/mimc.go | 14 ++++++++++++++ .../crypto/hash/mimc/template/mimc.go.tmpl | 15 +++++++++++++++ 10 files changed, 129 insertions(+), 1 deletion(-) diff --git a/ecc/bls12-377/fr/mimc/mimc.go b/ecc/bls12-377/fr/mimc/mimc.go index d343bc382..932082118 100644 --- a/ecc/bls12-377/fr/mimc/mimc.go +++ b/ecc/bls12-377/fr/mimc/mimc.go @@ -18,6 +18,7 @@ package mimc import ( "errors" + "fmt" "hash" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" @@ -117,6 +118,14 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } +// For debugging TODO Remove +func prefix(s string) string { + if len(s) < 5 { + return s + } + return s[:5] +} + // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -129,11 +138,16 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ + fmt.Print("hashing ") // TODO For debugging remove + for i := range d.data { + fmt.Print(prefix(d.data[i].Text(10)), ",") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } + fmt.Println(" =>", prefix(d.h.Text(10))) + return d.h } diff --git a/ecc/bls12-378/fr/mimc/mimc.go b/ecc/bls12-378/fr/mimc/mimc.go index e0a63b874..783f95489 100644 --- a/ecc/bls12-378/fr/mimc/mimc.go +++ b/ecc/bls12-378/fr/mimc/mimc.go @@ -18,6 +18,7 @@ package mimc import ( "errors" + "fmt" "hash" "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" @@ -117,6 +118,14 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } +// For debugging TODO Remove +func prefix(s string) string { + if len(s) < 5 { + return s + } + return s[:5] +} + // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -129,11 +138,16 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ + fmt.Print("hashing ") // TODO For debugging remove + for i := range d.data { + fmt.Print(prefix(d.data[i].Text(10)), ",") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } + fmt.Println(" =>", prefix(d.h.Text(10))) + return d.h } diff --git a/ecc/bls12-381/fr/mimc/mimc.go b/ecc/bls12-381/fr/mimc/mimc.go index 6c3f62b91..60f1e3b1d 100644 --- a/ecc/bls12-381/fr/mimc/mimc.go +++ b/ecc/bls12-381/fr/mimc/mimc.go @@ -18,6 +18,7 @@ package mimc import ( "errors" + "fmt" "hash" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" @@ -117,6 +118,14 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } +// For debugging TODO Remove +func prefix(s string) string { + if len(s) < 5 { + return s + } + return s[:5] +} + // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -129,11 +138,16 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ + fmt.Print("hashing ") // TODO For debugging remove + for i := range d.data { + fmt.Print(prefix(d.data[i].Text(10)), ",") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } + fmt.Println(" =>", prefix(d.h.Text(10))) + return d.h } diff --git a/ecc/bls24-315/fr/mimc/mimc.go b/ecc/bls24-315/fr/mimc/mimc.go index 0fa81bd8f..c8be35270 100644 --- a/ecc/bls24-315/fr/mimc/mimc.go +++ b/ecc/bls24-315/fr/mimc/mimc.go @@ -18,6 +18,7 @@ package mimc import ( "errors" + "fmt" "hash" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" @@ -117,6 +118,14 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } +// For debugging TODO Remove +func prefix(s string) string { + if len(s) < 5 { + return s + } + return s[:5] +} + // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -129,11 +138,16 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ + fmt.Print("hashing ") // TODO For debugging remove + for i := range d.data { + fmt.Print(prefix(d.data[i].Text(10)), ",") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } + fmt.Println(" =>", prefix(d.h.Text(10))) + return d.h } diff --git a/ecc/bls24-317/fr/mimc/mimc.go b/ecc/bls24-317/fr/mimc/mimc.go index 0dfcfbeed..b058452ac 100644 --- a/ecc/bls24-317/fr/mimc/mimc.go +++ b/ecc/bls24-317/fr/mimc/mimc.go @@ -18,6 +18,7 @@ package mimc import ( "errors" + "fmt" "hash" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" @@ -117,6 +118,14 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } +// For debugging TODO Remove +func prefix(s string) string { + if len(s) < 5 { + return s + } + return s[:5] +} + // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -129,11 +138,16 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ + fmt.Print("hashing ") // TODO For debugging remove + for i := range d.data { + fmt.Print(prefix(d.data[i].Text(10)), ",") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } + fmt.Println(" =>", prefix(d.h.Text(10))) + return d.h } diff --git a/ecc/bn254/fr/mimc/mimc.go b/ecc/bn254/fr/mimc/mimc.go index d586d454a..99994deae 100644 --- a/ecc/bn254/fr/mimc/mimc.go +++ b/ecc/bn254/fr/mimc/mimc.go @@ -118,6 +118,7 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } +// For debugging TODO Remove func prefix(s string) string { if len(s) < 5 { return s @@ -137,7 +138,7 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ - fmt.Print("hashing ") + fmt.Print("hashing ") // TODO For debugging remove for i := range d.data { fmt.Print(prefix(d.data[i].Text(10)), ",") diff --git a/ecc/bw6-633/fr/mimc/mimc.go b/ecc/bw6-633/fr/mimc/mimc.go index c85ba1ba3..045ad98c7 100644 --- a/ecc/bw6-633/fr/mimc/mimc.go +++ b/ecc/bw6-633/fr/mimc/mimc.go @@ -18,6 +18,7 @@ package mimc import ( "errors" + "fmt" "hash" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" @@ -117,6 +118,14 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } +// For debugging TODO Remove +func prefix(s string) string { + if len(s) < 5 { + return s + } + return s[:5] +} + // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -129,11 +138,16 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ + fmt.Print("hashing ") // TODO For debugging remove + for i := range d.data { + fmt.Print(prefix(d.data[i].Text(10)), ",") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } + fmt.Println(" =>", prefix(d.h.Text(10))) + return d.h } diff --git a/ecc/bw6-756/fr/mimc/mimc.go b/ecc/bw6-756/fr/mimc/mimc.go index cbac9d8be..f80a1261e 100644 --- a/ecc/bw6-756/fr/mimc/mimc.go +++ b/ecc/bw6-756/fr/mimc/mimc.go @@ -18,6 +18,7 @@ package mimc import ( "errors" + "fmt" "hash" "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" @@ -117,6 +118,14 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } +// For debugging TODO Remove +func prefix(s string) string { + if len(s) < 5 { + return s + } + return s[:5] +} + // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -129,11 +138,16 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ + fmt.Print("hashing ") // TODO For debugging remove + for i := range d.data { + fmt.Print(prefix(d.data[i].Text(10)), ",") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } + fmt.Println(" =>", prefix(d.h.Text(10))) + return d.h } diff --git a/ecc/bw6-761/fr/mimc/mimc.go b/ecc/bw6-761/fr/mimc/mimc.go index 2ea4de12f..83011c193 100644 --- a/ecc/bw6-761/fr/mimc/mimc.go +++ b/ecc/bw6-761/fr/mimc/mimc.go @@ -18,6 +18,7 @@ package mimc import ( "errors" + "fmt" "hash" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" @@ -117,6 +118,14 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } +// For debugging TODO Remove +func prefix(s string) string { + if len(s) < 5 { + return s + } + return s[:5] +} + // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -129,11 +138,16 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ + fmt.Print("hashing ") // TODO For debugging remove + for i := range d.data { + fmt.Print(prefix(d.data[i].Text(10)), ",") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } + fmt.Println(" =>", prefix(d.h.Text(10))) + return d.h } diff --git a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl index 59ee2aab2..f5a5ec5dd 100644 --- a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl @@ -1,4 +1,5 @@ import ( + "fmt" "errors" "hash" @@ -117,6 +118,14 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } +// For debugging TODO Remove +func prefix(s string) string { + if len(s) < 5 { + return s + } + return s[:5] +} + // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -129,11 +138,17 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ + + fmt.Print("hashing ") // TODO For debugging remove + for i := range d.data { + fmt.Print(prefix(d.data[i].Text(10)), ",") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } + fmt.Println(" =>", prefix(d.h.Text(10))) + return d.h } From 630e96ddf613377449a2cf9a91e62ee7c6fd4ffa Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 2 Feb 2023 17:11:20 -0500 Subject: [PATCH 28/30] test: more debug output --- ecc/bls12-377/fr/mimc/mimc.go | 10 +++++++-- ecc/bls12-378/fr/mimc/mimc.go | 9 ++++++-- ecc/bls12-381/fr/mimc/mimc.go | 9 ++++++-- ecc/bls24-315/fr/mimc/mimc.go | 9 ++++++-- ecc/bls24-317/fr/mimc/mimc.go | 10 +++++++-- ecc/bn254/fr/mimc/mimc.go | 9 ++++++-- ecc/bw6-633/fr/mimc/mimc.go | 9 ++++++-- ecc/bw6-756/fr/mimc/mimc.go | 9 ++++++-- ecc/bw6-761/fr/mimc/mimc.go | 9 ++++++-- .../crypto/hash/mimc/template/mimc.go.tmpl | 21 +++++++++++++++++-- 10 files changed, 84 insertions(+), 20 deletions(-) diff --git a/ecc/bls12-377/fr/mimc/mimc.go b/ecc/bls12-377/fr/mimc/mimc.go index 932082118..4487c5fa1 100644 --- a/ecc/bls12-377/fr/mimc/mimc.go +++ b/ecc/bls12-377/fr/mimc/mimc.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "hash" + "strings" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" "golang.org/x/crypto/sha3" @@ -106,7 +107,6 @@ func (d *digest) Write(p []byte) (int, error) { for start = 0; start < len(p); start += BlockSize { if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { d.data = append(d.data, elem) - return BlockSize, nil } else { return 0, err } @@ -141,7 +141,7 @@ func (d *digest) checksum() fr.Element { fmt.Print("hashing ") // TODO For debugging remove for i := range d.data { - fmt.Print(prefix(d.data[i].Text(10)), ",") + fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } @@ -157,6 +157,8 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants + var sbb strings.Builder + for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^**17 var tmp fr.Element @@ -166,7 +168,11 @@ func (d *digest) encrypt(m fr.Element) fr.Element { Square(&m). Square(&m). Mul(&m, &tmp) + + sbb.Write([]byte(m.String())) + sbb.WriteByte(' ') } + fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bls12-378/fr/mimc/mimc.go b/ecc/bls12-378/fr/mimc/mimc.go index 783f95489..c5e5971b4 100644 --- a/ecc/bls12-378/fr/mimc/mimc.go +++ b/ecc/bls12-378/fr/mimc/mimc.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "hash" + "strings" "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" "golang.org/x/crypto/sha3" @@ -106,7 +107,6 @@ func (d *digest) Write(p []byte) (int, error) { for start = 0; start < len(p); start += BlockSize { if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { d.data = append(d.data, elem) - return BlockSize, nil } else { return 0, err } @@ -141,7 +141,7 @@ func (d *digest) checksum() fr.Element { fmt.Print("hashing ") // TODO For debugging remove for i := range d.data { - fmt.Print(prefix(d.data[i].Text(10)), ",") + fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } @@ -157,6 +157,7 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants + var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -164,7 +165,11 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) + + sbb.Write([]byte(m.String())) + sbb.WriteByte(' ') } + fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bls12-381/fr/mimc/mimc.go b/ecc/bls12-381/fr/mimc/mimc.go index 60f1e3b1d..34bd1652f 100644 --- a/ecc/bls12-381/fr/mimc/mimc.go +++ b/ecc/bls12-381/fr/mimc/mimc.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "hash" + "strings" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" "golang.org/x/crypto/sha3" @@ -106,7 +107,6 @@ func (d *digest) Write(p []byte) (int, error) { for start = 0; start < len(p); start += BlockSize { if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { d.data = append(d.data, elem) - return BlockSize, nil } else { return 0, err } @@ -141,7 +141,7 @@ func (d *digest) checksum() fr.Element { fmt.Print("hashing ") // TODO For debugging remove for i := range d.data { - fmt.Print(prefix(d.data[i].Text(10)), ",") + fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } @@ -157,6 +157,7 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants + var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -164,7 +165,11 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) + + sbb.Write([]byte(m.String())) + sbb.WriteByte(' ') } + fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bls24-315/fr/mimc/mimc.go b/ecc/bls24-315/fr/mimc/mimc.go index c8be35270..776101698 100644 --- a/ecc/bls24-315/fr/mimc/mimc.go +++ b/ecc/bls24-315/fr/mimc/mimc.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "hash" + "strings" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" "golang.org/x/crypto/sha3" @@ -106,7 +107,6 @@ func (d *digest) Write(p []byte) (int, error) { for start = 0; start < len(p); start += BlockSize { if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { d.data = append(d.data, elem) - return BlockSize, nil } else { return 0, err } @@ -141,7 +141,7 @@ func (d *digest) checksum() fr.Element { fmt.Print("hashing ") // TODO For debugging remove for i := range d.data { - fmt.Print(prefix(d.data[i].Text(10)), ",") + fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } @@ -157,6 +157,7 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants + var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -164,7 +165,11 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) + + sbb.Write([]byte(m.String())) + sbb.WriteByte(' ') } + fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bls24-317/fr/mimc/mimc.go b/ecc/bls24-317/fr/mimc/mimc.go index b058452ac..3813a24ff 100644 --- a/ecc/bls24-317/fr/mimc/mimc.go +++ b/ecc/bls24-317/fr/mimc/mimc.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "hash" + "strings" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" "golang.org/x/crypto/sha3" @@ -106,7 +107,6 @@ func (d *digest) Write(p []byte) (int, error) { for start = 0; start < len(p); start += BlockSize { if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { d.data = append(d.data, elem) - return BlockSize, nil } else { return 0, err } @@ -141,7 +141,7 @@ func (d *digest) checksum() fr.Element { fmt.Print("hashing ") // TODO For debugging remove for i := range d.data { - fmt.Print(prefix(d.data[i].Text(10)), ",") + fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } @@ -157,6 +157,7 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants + var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^7 var tmp1, tmp2 fr.Element @@ -165,7 +166,12 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp2). Mul(&m, &tmp1). Mul(&m, &tmp1) + + sbb.Write([]byte(m.String())) + sbb.WriteByte(' ') } + fmt.Println(sbb.String()) + m.Add(&m, &d.h) return m } diff --git a/ecc/bn254/fr/mimc/mimc.go b/ecc/bn254/fr/mimc/mimc.go index 99994deae..28e3f0601 100644 --- a/ecc/bn254/fr/mimc/mimc.go +++ b/ecc/bn254/fr/mimc/mimc.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "hash" + "strings" "github.com/consensys/gnark-crypto/ecc/bn254/fr" "golang.org/x/crypto/sha3" @@ -106,7 +107,6 @@ func (d *digest) Write(p []byte) (int, error) { for start = 0; start < len(p); start += BlockSize { if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { d.data = append(d.data, elem) - return BlockSize, nil } else { return 0, err } @@ -141,7 +141,7 @@ func (d *digest) checksum() fr.Element { fmt.Print("hashing ") // TODO For debugging remove for i := range d.data { - fmt.Print(prefix(d.data[i].Text(10)), ",") + fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } @@ -157,6 +157,7 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants + var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -164,7 +165,11 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) + + sbb.Write([]byte(m.String())) + sbb.WriteByte(' ') } + fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bw6-633/fr/mimc/mimc.go b/ecc/bw6-633/fr/mimc/mimc.go index 045ad98c7..a1c43467b 100644 --- a/ecc/bw6-633/fr/mimc/mimc.go +++ b/ecc/bw6-633/fr/mimc/mimc.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "hash" + "strings" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" "golang.org/x/crypto/sha3" @@ -106,7 +107,6 @@ func (d *digest) Write(p []byte) (int, error) { for start = 0; start < len(p); start += BlockSize { if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { d.data = append(d.data, elem) - return BlockSize, nil } else { return 0, err } @@ -141,7 +141,7 @@ func (d *digest) checksum() fr.Element { fmt.Print("hashing ") // TODO For debugging remove for i := range d.data { - fmt.Print(prefix(d.data[i].Text(10)), ",") + fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } @@ -157,6 +157,7 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants + var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -164,7 +165,11 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) + + sbb.Write([]byte(m.String())) + sbb.WriteByte(' ') } + fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bw6-756/fr/mimc/mimc.go b/ecc/bw6-756/fr/mimc/mimc.go index f80a1261e..dce931a96 100644 --- a/ecc/bw6-756/fr/mimc/mimc.go +++ b/ecc/bw6-756/fr/mimc/mimc.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "hash" + "strings" "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" "golang.org/x/crypto/sha3" @@ -106,7 +107,6 @@ func (d *digest) Write(p []byte) (int, error) { for start = 0; start < len(p); start += BlockSize { if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { d.data = append(d.data, elem) - return BlockSize, nil } else { return 0, err } @@ -141,7 +141,7 @@ func (d *digest) checksum() fr.Element { fmt.Print("hashing ") // TODO For debugging remove for i := range d.data { - fmt.Print(prefix(d.data[i].Text(10)), ",") + fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } @@ -157,6 +157,7 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants + var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -164,7 +165,11 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) + + sbb.Write([]byte(m.String())) + sbb.WriteByte(' ') } + fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bw6-761/fr/mimc/mimc.go b/ecc/bw6-761/fr/mimc/mimc.go index 83011c193..b3ca66ff0 100644 --- a/ecc/bw6-761/fr/mimc/mimc.go +++ b/ecc/bw6-761/fr/mimc/mimc.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "hash" + "strings" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" "golang.org/x/crypto/sha3" @@ -106,7 +107,6 @@ func (d *digest) Write(p []byte) (int, error) { for start = 0; start < len(p); start += BlockSize { if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start : start+BlockSize])); err == nil { d.data = append(d.data, elem) - return BlockSize, nil } else { return 0, err } @@ -141,7 +141,7 @@ func (d *digest) checksum() fr.Element { fmt.Print("hashing ") // TODO For debugging remove for i := range d.data { - fmt.Print(prefix(d.data[i].Text(10)), ",") + fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } @@ -157,6 +157,7 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants + var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -164,7 +165,11 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) + + sbb.Write([]byte(m.String())) + sbb.WriteByte(' ') } + fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl index f5a5ec5dd..5b5df97d6 100644 --- a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl @@ -1,4 +1,5 @@ import ( + "strings" "fmt" "errors" "hash" @@ -106,7 +107,6 @@ func (d *digest) Write(p []byte) (int, error) { for start = 0; start < len(p); start += BlockSize { if elem, err := fr.BigEndian.Element((*[BlockSize]byte)(p[start:start+BlockSize])); err == nil { d.data = append(d.data, elem) - return BlockSize, nil } else { return 0, err } @@ -142,7 +142,7 @@ func (d *digest) checksum() fr.Element { fmt.Print("hashing ") // TODO For debugging remove for i := range d.data { - fmt.Print(prefix(d.data[i].Text(10)), ",") + fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } @@ -160,6 +160,8 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants + var sbb strings.Builder + for i:=0; i < mimcNbRounds; i++ { // m = (m+k+c)^**17 var tmp fr.Element @@ -169,7 +171,11 @@ func (d *digest) encrypt(m fr.Element) fr.Element { Square(&m). Square(&m). Mul(&m, &tmp) + + sbb.Write([]byte(m.String())) + sbb.WriteByte(' ') } + fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } @@ -180,6 +186,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants + var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^7 var tmp1, tmp2 fr.Element @@ -188,7 +195,12 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp2). Mul(&m, &tmp1). Mul(&m, &tmp1) + + sbb.Write([]byte(m.String())) + sbb.WriteByte(' ') } + fmt.Println(sbb.String()) + m.Add(&m, &d.h) return m } @@ -199,6 +211,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants + var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -206,7 +219,11 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) + + sbb.Write([]byte(m.String())) + sbb.WriteByte(' ') } + fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } From a83456a152e0c7d8d1391e6c941e8fadb56618f3 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Thu, 9 Feb 2023 18:57:34 -0500 Subject: [PATCH 29/30] fix: remove mimc printfs --- ecc/bls12-377/fr/mimc/mimc.go | 21 ------------ ecc/bls12-378/fr/mimc/mimc.go | 20 ------------ ecc/bls12-381/fr/mimc/mimc.go | 20 ------------ ecc/bls24-315/fr/mimc/mimc.go | 20 ------------ ecc/bls24-317/fr/mimc/mimc.go | 20 ------------ ecc/bn254/fr/mimc/mimc.go | 20 ------------ ecc/bw6-633/fr/mimc/mimc.go | 20 ------------ ecc/bw6-756/fr/mimc/mimc.go | 20 ------------ ecc/bw6-761/fr/mimc/mimc.go | 20 ------------ .../crypto/hash/mimc/template/mimc.go.tmpl | 32 ------------------- 10 files changed, 213 deletions(-) diff --git a/ecc/bls12-377/fr/mimc/mimc.go b/ecc/bls12-377/fr/mimc/mimc.go index 4487c5fa1..b9bd68bdb 100644 --- a/ecc/bls12-377/fr/mimc/mimc.go +++ b/ecc/bls12-377/fr/mimc/mimc.go @@ -18,9 +18,7 @@ package mimc import ( "errors" - "fmt" "hash" - "strings" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" "golang.org/x/crypto/sha3" @@ -118,14 +116,6 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } -// For debugging TODO Remove -func prefix(s string) string { - if len(s) < 5 { - return s - } - return s[:5] -} - // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -138,16 +128,11 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ - fmt.Print("hashing ") // TODO For debugging remove - for i := range d.data { - fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } - fmt.Println(" =>", prefix(d.h.Text(10))) - return d.h } @@ -157,8 +142,6 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants - var sbb strings.Builder - for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^**17 var tmp fr.Element @@ -168,11 +151,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { Square(&m). Square(&m). Mul(&m, &tmp) - - sbb.Write([]byte(m.String())) - sbb.WriteByte(' ') } - fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bls12-378/fr/mimc/mimc.go b/ecc/bls12-378/fr/mimc/mimc.go index c5e5971b4..f61b46403 100644 --- a/ecc/bls12-378/fr/mimc/mimc.go +++ b/ecc/bls12-378/fr/mimc/mimc.go @@ -18,9 +18,7 @@ package mimc import ( "errors" - "fmt" "hash" - "strings" "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" "golang.org/x/crypto/sha3" @@ -118,14 +116,6 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } -// For debugging TODO Remove -func prefix(s string) string { - if len(s) < 5 { - return s - } - return s[:5] -} - // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -138,16 +128,11 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ - fmt.Print("hashing ") // TODO For debugging remove - for i := range d.data { - fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } - fmt.Println(" =>", prefix(d.h.Text(10))) - return d.h } @@ -157,7 +142,6 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants - var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -165,11 +149,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) - - sbb.Write([]byte(m.String())) - sbb.WriteByte(' ') } - fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bls12-381/fr/mimc/mimc.go b/ecc/bls12-381/fr/mimc/mimc.go index 34bd1652f..02221ae18 100644 --- a/ecc/bls12-381/fr/mimc/mimc.go +++ b/ecc/bls12-381/fr/mimc/mimc.go @@ -18,9 +18,7 @@ package mimc import ( "errors" - "fmt" "hash" - "strings" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" "golang.org/x/crypto/sha3" @@ -118,14 +116,6 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } -// For debugging TODO Remove -func prefix(s string) string { - if len(s) < 5 { - return s - } - return s[:5] -} - // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -138,16 +128,11 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ - fmt.Print("hashing ") // TODO For debugging remove - for i := range d.data { - fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } - fmt.Println(" =>", prefix(d.h.Text(10))) - return d.h } @@ -157,7 +142,6 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants - var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -165,11 +149,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) - - sbb.Write([]byte(m.String())) - sbb.WriteByte(' ') } - fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bls24-315/fr/mimc/mimc.go b/ecc/bls24-315/fr/mimc/mimc.go index 776101698..acb69e3e6 100644 --- a/ecc/bls24-315/fr/mimc/mimc.go +++ b/ecc/bls24-315/fr/mimc/mimc.go @@ -18,9 +18,7 @@ package mimc import ( "errors" - "fmt" "hash" - "strings" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" "golang.org/x/crypto/sha3" @@ -118,14 +116,6 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } -// For debugging TODO Remove -func prefix(s string) string { - if len(s) < 5 { - return s - } - return s[:5] -} - // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -138,16 +128,11 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ - fmt.Print("hashing ") // TODO For debugging remove - for i := range d.data { - fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } - fmt.Println(" =>", prefix(d.h.Text(10))) - return d.h } @@ -157,7 +142,6 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants - var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -165,11 +149,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) - - sbb.Write([]byte(m.String())) - sbb.WriteByte(' ') } - fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bls24-317/fr/mimc/mimc.go b/ecc/bls24-317/fr/mimc/mimc.go index a55fdc546..2dd13db92 100644 --- a/ecc/bls24-317/fr/mimc/mimc.go +++ b/ecc/bls24-317/fr/mimc/mimc.go @@ -18,9 +18,7 @@ package mimc import ( "errors" - "fmt" "hash" - "strings" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" "golang.org/x/crypto/sha3" @@ -118,14 +116,6 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } -// For debugging TODO Remove -func prefix(s string) string { - if len(s) < 5 { - return s - } - return s[:5] -} - // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -138,16 +128,11 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ - fmt.Print("hashing ") // TODO For debugging remove - for i := range d.data { - fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } - fmt.Println(" =>", prefix(d.h.Text(10))) - return d.h } @@ -157,7 +142,6 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants - var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^7 var tmp1, tmp2 fr.Element @@ -166,11 +150,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp2). Mul(&m, &tmp2). Mul(&m, &tmp1) - - sbb.Write([]byte(m.String())) - sbb.WriteByte(' ') } - fmt.Println(sbb.String()) m.Add(&m, &d.h) return m diff --git a/ecc/bn254/fr/mimc/mimc.go b/ecc/bn254/fr/mimc/mimc.go index 28e3f0601..fcd3cc949 100644 --- a/ecc/bn254/fr/mimc/mimc.go +++ b/ecc/bn254/fr/mimc/mimc.go @@ -18,9 +18,7 @@ package mimc import ( "errors" - "fmt" "hash" - "strings" "github.com/consensys/gnark-crypto/ecc/bn254/fr" "golang.org/x/crypto/sha3" @@ -118,14 +116,6 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } -// For debugging TODO Remove -func prefix(s string) string { - if len(s) < 5 { - return s - } - return s[:5] -} - // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -138,16 +128,11 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ - fmt.Print("hashing ") // TODO For debugging remove - for i := range d.data { - fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } - fmt.Println(" =>", prefix(d.h.Text(10))) - return d.h } @@ -157,7 +142,6 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants - var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -165,11 +149,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) - - sbb.Write([]byte(m.String())) - sbb.WriteByte(' ') } - fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bw6-633/fr/mimc/mimc.go b/ecc/bw6-633/fr/mimc/mimc.go index a1c43467b..9f0546f71 100644 --- a/ecc/bw6-633/fr/mimc/mimc.go +++ b/ecc/bw6-633/fr/mimc/mimc.go @@ -18,9 +18,7 @@ package mimc import ( "errors" - "fmt" "hash" - "strings" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" "golang.org/x/crypto/sha3" @@ -118,14 +116,6 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } -// For debugging TODO Remove -func prefix(s string) string { - if len(s) < 5 { - return s - } - return s[:5] -} - // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -138,16 +128,11 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ - fmt.Print("hashing ") // TODO For debugging remove - for i := range d.data { - fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } - fmt.Println(" =>", prefix(d.h.Text(10))) - return d.h } @@ -157,7 +142,6 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants - var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -165,11 +149,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) - - sbb.Write([]byte(m.String())) - sbb.WriteByte(' ') } - fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bw6-756/fr/mimc/mimc.go b/ecc/bw6-756/fr/mimc/mimc.go index dce931a96..eeaea42cc 100644 --- a/ecc/bw6-756/fr/mimc/mimc.go +++ b/ecc/bw6-756/fr/mimc/mimc.go @@ -18,9 +18,7 @@ package mimc import ( "errors" - "fmt" "hash" - "strings" "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" "golang.org/x/crypto/sha3" @@ -118,14 +116,6 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } -// For debugging TODO Remove -func prefix(s string) string { - if len(s) < 5 { - return s - } - return s[:5] -} - // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -138,16 +128,11 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ - fmt.Print("hashing ") // TODO For debugging remove - for i := range d.data { - fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } - fmt.Println(" =>", prefix(d.h.Text(10))) - return d.h } @@ -157,7 +142,6 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants - var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -165,11 +149,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) - - sbb.Write([]byte(m.String())) - sbb.WriteByte(' ') } - fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/ecc/bw6-761/fr/mimc/mimc.go b/ecc/bw6-761/fr/mimc/mimc.go index b3ca66ff0..26d27cc98 100644 --- a/ecc/bw6-761/fr/mimc/mimc.go +++ b/ecc/bw6-761/fr/mimc/mimc.go @@ -18,9 +18,7 @@ package mimc import ( "errors" - "fmt" "hash" - "strings" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" "golang.org/x/crypto/sha3" @@ -118,14 +116,6 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } -// For debugging TODO Remove -func prefix(s string) string { - if len(s) < 5 { - return s - } - return s[:5] -} - // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -138,16 +128,11 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ - fmt.Print("hashing ") // TODO For debugging remove - for i := range d.data { - fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } - fmt.Println(" =>", prefix(d.h.Text(10))) - return d.h } @@ -157,7 +142,6 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants - var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -165,11 +149,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) - - sbb.Write([]byte(m.String())) - sbb.WriteByte(' ') } - fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } diff --git a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl index 8ef36f958..de55af69f 100644 --- a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl @@ -1,6 +1,4 @@ import ( - "strings" - "fmt" "errors" "hash" @@ -118,14 +116,6 @@ func (d *digest) Write(p []byte) (int, error) { return len(p), nil } -// For debugging TODO Remove -func prefix(s string) string { - if len(s) < 5 { - return s - } - return s[:5] -} - // Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form @@ -138,17 +128,11 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, BlockSize) }*/ - - fmt.Print("hashing ") // TODO For debugging remove - for i := range d.data { - fmt.Println(prefix(d.data[i].Text(10)), ":") r := d.encrypt(d.data[i]) d.h.Add(&r, &d.h).Add(&d.h, &d.data[i]) } - fmt.Println(" =>", prefix(d.h.Text(10))) - return d.h } @@ -160,8 +144,6 @@ func (d *digest) checksum() fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants - var sbb strings.Builder - for i:=0; i < mimcNbRounds; i++ { // m = (m+k+c)^**17 var tmp fr.Element @@ -171,11 +153,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { Square(&m). Square(&m). Mul(&m, &tmp) - - sbb.Write([]byte(m.String())) - sbb.WriteByte(' ') } - fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } @@ -186,7 +164,6 @@ func (d *digest) encrypt(m fr.Element) fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants - var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^7 var tmp1, tmp2 fr.Element @@ -195,11 +172,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp2). Mul(&m, &tmp2). Mul(&m, &tmp1) - - sbb.Write([]byte(m.String())) - sbb.WriteByte(' ') } - fmt.Println(sbb.String()) m.Add(&m, &d.h) return m @@ -211,7 +184,6 @@ func (d *digest) encrypt(m fr.Element) fr.Element { func (d *digest) encrypt(m fr.Element) fr.Element { once.Do(initConstants) // init constants - var sbb strings.Builder for i := 0; i < mimcNbRounds; i++ { // m = (m+k+c)^5 var tmp fr.Element @@ -219,11 +191,7 @@ func (d *digest) encrypt(m fr.Element) fr.Element { m.Square(&tmp). Square(&m). Mul(&m, &tmp) - - sbb.Write([]byte(m.String())) - sbb.WriteByte(' ') } - fmt.Println(sbb.String()) m.Add(&m, &d.h) return m } From a40378ceef5e0d5b5e59e18c826a8f99fde5f0cb Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Fri, 10 Feb 2023 14:21:05 -0500 Subject: [PATCH 30/30] refactor: remove ToField interface --- fiat-shamir/transcript.go | 7 ++++--- hash/to_field.go | 5 ----- 2 files changed, 4 insertions(+), 8 deletions(-) delete mode 100644 hash/to_field.go diff --git a/fiat-shamir/transcript.go b/fiat-shamir/transcript.go index 91a65df52..110d8aed5 100644 --- a/fiat-shamir/transcript.go +++ b/fiat-shamir/transcript.go @@ -16,7 +16,6 @@ package fiatshamir import ( "errors" - gcHash "github.com/consensys/gnark-crypto/hash" "hash" ) @@ -105,8 +104,10 @@ func (t *Transcript) ComputeChallenge(challengeID string) ([]byte, error) { defer t.h.Reset() // write the challenge name, the purpose is to have a domain separator - if hashToField, ok := t.h.(gcHash.ToField); ok { - hashToField.WriteString([]byte(challengeID)) + if hashToField, ok := t.h.(interface { + WriteString(rawBytes []byte) + }); ok { + hashToField.WriteString([]byte(challengeID)) // TODO: Replace with a function returning field identifier, whence we can find the correct hash to field function. Better than confusingly embedding hash to field into another hash } else { if _, err := t.h.Write([]byte(challengeID)); err != nil { return nil, err diff --git a/hash/to_field.go b/hash/to_field.go deleted file mode 100644 index ee0e7b294..000000000 --- a/hash/to_field.go +++ /dev/null @@ -1,5 +0,0 @@ -package hash - -type ToField interface { - WriteString(rawBytes []byte) -}