From 6cd5c4eb5648b3bd82477924954acc7cac5ddd27 Mon Sep 17 00:00:00 2001 From: zhiqiangxu <652732310@qq.com> Date: Wed, 16 Nov 2022 00:41:48 +0800 Subject: [PATCH 1/8] add Decompose --- utils/decompose.go | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 utils/decompose.go diff --git a/utils/decompose.go b/utils/decompose.go new file mode 100644 index 0000000000..10c26aad23 --- /dev/null +++ b/utils/decompose.go @@ -0,0 +1,21 @@ +package utils + +import "math/big" + +func Decompose(rawBytes []byte, modulos *big.Int) (decomposed []byte) { + raw := big.NewInt(0).SetBytes(rawBytes) + + var chunk [32]byte + decomposed = make([]byte, 0, len(rawBytes)) + for raw.Cmp(modulos) >= 0 { + mod := big.NewInt(0).Mod(raw, modulos) + mod.FillBytes(chunk[:]) + decomposed = append(decomposed, chunk[:]...) + + raw.Div(raw, modulos) + } + + raw.FillBytes(chunk[:]) + decomposed = append(decomposed, chunk[:]...) + return decomposed +} From add171a609c7c2a63c75863c520e3aa7db5d47b2 Mon Sep 17 00:00:00 2001 From: Thomas Piellard Date: Tue, 15 Nov 2022 18:17:52 +0100 Subject: [PATCH 2/8] feat: bn254 -> utils/decompose.go --- utils/decompose.go | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/utils/decompose.go b/utils/decompose.go index 10c26aad23..dc847b696d 100644 --- a/utils/decompose.go +++ b/utils/decompose.go @@ -1,18 +1,35 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License.s + package utils import "math/big" -func Decompose(rawBytes []byte, modulos *big.Int) (decomposed []byte) { +// Decompose interpret rawBytes as a bigInt x in big endian, +// and returns the digits of x (from LSB to MSB) when x is written +// in basis modulo. +func Decompose(rawBytes []byte, modulo *big.Int) (decomposed []byte) { raw := big.NewInt(0).SetBytes(rawBytes) var chunk [32]byte decomposed = make([]byte, 0, len(rawBytes)) - for raw.Cmp(modulos) >= 0 { - mod := big.NewInt(0).Mod(raw, modulos) + for raw.Cmp(modulo) >= 0 { + mod := big.NewInt(0).Mod(raw, modulo) mod.FillBytes(chunk[:]) decomposed = append(decomposed, chunk[:]...) - raw.Div(raw, modulos) + raw.Div(raw, modulo) } raw.FillBytes(chunk[:]) From cfd18eafc2c820604c33105dc4102f90a3b1dba0 Mon Sep 17 00:00:00 2001 From: Thomas Piellard Date: Tue, 15 Nov 2022 19:00:11 +0100 Subject: [PATCH 3/8] feat: added test for decompose --- ecc/bn254/fr/mimc/mimc.go | 20 ++++++------- ecc/bn254/fr/mimc/utils.go | 45 +++++++++++++++++++++++++++++ ecc/bn254/fr/mimc/utils_test.go | 51 +++++++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+), 10 deletions(-) create mode 100644 ecc/bn254/fr/mimc/utils.go create mode 100644 ecc/bn254/fr/mimc/utils_test.go diff --git a/ecc/bn254/fr/mimc/mimc.go b/ecc/bn254/fr/mimc/mimc.go index 43cc82ec43..69001b0806 100644 --- a/ecc/bn254/fr/mimc/mimc.go +++ b/ecc/bn254/fr/mimc/mimc.go @@ -12,17 +12,16 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Code generated by consensys/gnark-crypto DO NOT EDIT - package mimc import ( "hash" - "github.com/consensys/gnark-crypto/ecc/bn254/fr" - "golang.org/x/crypto/sha3" "math/big" "sync" + + "github.com/consensys/gnark-crypto/ecc/bn254/fr" + "golang.org/x/crypto/sha3" ) const ( @@ -103,7 +102,7 @@ func (d *digest) Write(p []byte) (n int, err error) { // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { - var buffer [BlockSize]byte + // var buffer [BlockSize]byte var x fr.Element // if data size is not multiple of BlockSizes we padd: @@ -124,12 +123,13 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, 32) } - nbChunks := len(d.data) / BlockSize + //nbChunks := len(d.data) / BlockSize - for i := 0; i < nbChunks; i++ { - copy(buffer[:], d.data[i*BlockSize:(i+1)*BlockSize]) - x.SetBytes(buffer[:]) - r := d.encrypt(x) + chunks := decompose(d.data) + for i := 0; i < len(chunks); i++ { + // copy(buffer[:], d.data[i*BlockSize:(i+1)*BlockSize]) + // x.SetBytes(buffer[:]) + r := d.encrypt(chunks[i]) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bn254/fr/mimc/utils.go b/ecc/bn254/fr/mimc/utils.go new file mode 100644 index 0000000000..11667be069 --- /dev/null +++ b/ecc/bn254/fr/mimc/utils.go @@ -0,0 +1,45 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// See the License for the specific language governing permissions and +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// limitations under the License. + +package mimc + +import ( + "math/big" + + "github.com/consensys/gnark-crypto/ecc/bn254/fr" +) + +// decompose interpret rawBytes as a bigInt x in big endian, +// and returns the digits of x (from LSB to MSB) when x is written +// in basis modulo. +func decompose(rawBytes []byte) []fr.Element { + + rawBigInt := big.NewInt(0).SetBytes(rawBytes) + modulo := fr.Modulus() + + // maximum number of chunks that a function + maxNbChunks := len(rawBytes) / fr.Bytes + + res := make([]fr.Element, 0, maxNbChunks) + var tmp fr.Element + var zero big.Int + + for rawBigInt.Cmp(&zero) > 0 { + tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + res = append(res, tmp) + rawBigInt.Div(rawBigInt, modulo) + } + + return res +} diff --git a/ecc/bn254/fr/mimc/utils_test.go b/ecc/bn254/fr/mimc/utils_test.go new file mode 100644 index 0000000000..1b7a2775c9 --- /dev/null +++ b/ecc/bn254/fr/mimc/utils_test.go @@ -0,0 +1,51 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// See the License for the specific language governing permissions and +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// limitations under the License. + +package mimc + +import ( + "math/big" + "testing" + + "github.com/consensys/gnark-crypto/ecc/bn254/fr" +) + +func TestDecompose(t *testing.T) { + + // create 10 random digits in basis r + nbDigits := 10 + a := make([]fr.Element, nbDigits) + for i := 0; i < nbDigits; i++ { + a[i].SetRandom() + } + + // create a big int whose digits in basis r are a + m := fr.Modulus() + var b, tmp big.Int + for i := nbDigits - 1; i >= 0; i-- { + b.Mul(&b, m) + a[i].ToBigIntRegular(&tmp) + b.Add(&b, &tmp) + } + + // query the decomposition and compare to a + bb := b.Bytes() + d := decompose(bb) + for i := 0; i < nbDigits; i++ { + if !d[i].Equal(&a[i]) { + t.Fatal("error decomposition") + } + } + +} From b0cae4a573978e5136aa67c8118a97c4b528c39c Mon Sep 17 00:00:00 2001 From: Thomas Piellard Date: Tue, 15 Nov 2022 19:05:57 +0100 Subject: [PATCH 4/8] feat: code gen for decompose + modif mimc --- ecc/bls12-377/fr/mimc/mimc.go | 10 ++-- ecc/bls12-377/fr/mimc/utils.go | 47 ++++++++++++++++ ecc/bls12-377/fr/mimc/utils_test.go | 53 +++++++++++++++++++ ecc/bls12-378/fr/mimc/mimc.go | 10 ++-- ecc/bls12-378/fr/mimc/utils.go | 47 ++++++++++++++++ ecc/bls12-378/fr/mimc/utils_test.go | 53 +++++++++++++++++++ ecc/bls12-381/fr/mimc/mimc.go | 10 ++-- ecc/bls12-381/fr/mimc/utils.go | 47 ++++++++++++++++ ecc/bls12-381/fr/mimc/utils_test.go | 53 +++++++++++++++++++ ecc/bls24-315/fr/mimc/mimc.go | 10 ++-- ecc/bls24-315/fr/mimc/utils.go | 47 ++++++++++++++++ ecc/bls24-315/fr/mimc/utils_test.go | 53 +++++++++++++++++++ ecc/bls24-317/fr/mimc/mimc.go | 10 ++-- ecc/bls24-317/fr/mimc/utils.go | 47 ++++++++++++++++ ecc/bls24-317/fr/mimc/utils_test.go | 53 +++++++++++++++++++ ecc/bw6-633/fr/mimc/mimc.go | 10 ++-- ecc/bw6-633/fr/mimc/utils.go | 47 ++++++++++++++++ ecc/bw6-633/fr/mimc/utils_test.go | 53 +++++++++++++++++++ ecc/bw6-756/fr/mimc/mimc.go | 10 ++-- ecc/bw6-756/fr/mimc/utils.go | 47 ++++++++++++++++ ecc/bw6-756/fr/mimc/utils_test.go | 53 +++++++++++++++++++ ecc/bw6-761/fr/mimc/mimc.go | 10 ++-- ecc/bw6-761/fr/mimc/utils.go | 47 ++++++++++++++++ ecc/bw6-761/fr/mimc/utils_test.go | 53 +++++++++++++++++++ .../hash/mimc/template/tests/utils.go.tmpl | 35 ++++++++++++ .../crypto/hash/mimc/template/utils.go.tmpl | 29 ++++++++++ 26 files changed, 888 insertions(+), 56 deletions(-) create mode 100644 ecc/bls12-377/fr/mimc/utils.go create mode 100644 ecc/bls12-377/fr/mimc/utils_test.go create mode 100644 ecc/bls12-378/fr/mimc/utils.go create mode 100644 ecc/bls12-378/fr/mimc/utils_test.go create mode 100644 ecc/bls12-381/fr/mimc/utils.go create mode 100644 ecc/bls12-381/fr/mimc/utils_test.go create mode 100644 ecc/bls24-315/fr/mimc/utils.go create mode 100644 ecc/bls24-315/fr/mimc/utils_test.go create mode 100644 ecc/bls24-317/fr/mimc/utils.go create mode 100644 ecc/bls24-317/fr/mimc/utils_test.go create mode 100644 ecc/bw6-633/fr/mimc/utils.go create mode 100644 ecc/bw6-633/fr/mimc/utils_test.go create mode 100644 ecc/bw6-756/fr/mimc/utils.go create mode 100644 ecc/bw6-756/fr/mimc/utils_test.go create mode 100644 ecc/bw6-761/fr/mimc/utils.go create mode 100644 ecc/bw6-761/fr/mimc/utils_test.go create mode 100644 internal/generator/crypto/hash/mimc/template/tests/utils.go.tmpl create mode 100644 internal/generator/crypto/hash/mimc/template/utils.go.tmpl diff --git a/ecc/bls12-377/fr/mimc/mimc.go b/ecc/bls12-377/fr/mimc/mimc.go index 2fd03ea0c1..73fb941adc 100644 --- a/ecc/bls12-377/fr/mimc/mimc.go +++ b/ecc/bls12-377/fr/mimc/mimc.go @@ -103,7 +103,6 @@ func (d *digest) Write(p []byte) (n int, err error) { // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { - var buffer [BlockSize]byte var x fr.Element // if data size is not multiple of BlockSizes we padd: @@ -124,12 +123,9 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, 32) } - nbChunks := len(d.data) / BlockSize - - for i := 0; i < nbChunks; i++ { - copy(buffer[:], d.data[i*BlockSize:(i+1)*BlockSize]) - x.SetBytes(buffer[:]) - r := d.encrypt(x) + chunks := decompose(d.data) + for i := 0; i < len(chunks); i++ { + r := d.encrypt(chunks[i]) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bls12-377/fr/mimc/utils.go b/ecc/bls12-377/fr/mimc/utils.go new file mode 100644 index 0000000000..cdc502ab9d --- /dev/null +++ b/ecc/bls12-377/fr/mimc/utils.go @@ -0,0 +1,47 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + + "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" +) + +// decompose interpret rawBytes as a bigInt x in big endian, +// and returns the digits of x (from LSB to MSB) when x is written +// in basis modulo. +func decompose(rawBytes []byte) []fr.Element { + + rawBigInt := big.NewInt(0).SetBytes(rawBytes) + modulo := fr.Modulus() + + // maximum number of chunks that a function + maxNbChunks := len(rawBytes) / fr.Bytes + + res := make([]fr.Element, 0, maxNbChunks) + var tmp fr.Element + var zero big.Int + + for rawBigInt.Cmp(&zero) > 0 { + tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + res = append(res, tmp) + rawBigInt.Div(rawBigInt, modulo) + } + + return res +} diff --git a/ecc/bls12-377/fr/mimc/utils_test.go b/ecc/bls12-377/fr/mimc/utils_test.go new file mode 100644 index 0000000000..ca3094de53 --- /dev/null +++ b/ecc/bls12-377/fr/mimc/utils_test.go @@ -0,0 +1,53 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + "testing" + + "github.com/consensys/gnark-crypto/ecc/bn254/fr" +) + +func TestDecompose(t *testing.T) { + + // create 10 random digits in basis r + nbDigits := 10 + a := make([]fr.Element, nbDigits) + for i := 0; i < nbDigits; i++ { + a[i].SetRandom() + } + + // create a big int whose digits in basis r are a + m := fr.Modulus() + var b, tmp big.Int + for i := nbDigits - 1; i >= 0; i-- { + b.Mul(&b, m) + a[i].ToBigIntRegular(&tmp) + b.Add(&b, &tmp) + } + + // query the decomposition and compare to a + bb := b.Bytes() + d := decompose(bb) + for i := 0; i < nbDigits; i++ { + if !d[i].Equal(&a[i]) { + t.Fatal("error decomposition") + } + } + +} diff --git a/ecc/bls12-378/fr/mimc/mimc.go b/ecc/bls12-378/fr/mimc/mimc.go index 7d788e8f42..c8073ce42a 100644 --- a/ecc/bls12-378/fr/mimc/mimc.go +++ b/ecc/bls12-378/fr/mimc/mimc.go @@ -103,7 +103,6 @@ func (d *digest) Write(p []byte) (n int, err error) { // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { - var buffer [BlockSize]byte var x fr.Element // if data size is not multiple of BlockSizes we padd: @@ -124,12 +123,9 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, 32) } - nbChunks := len(d.data) / BlockSize - - for i := 0; i < nbChunks; i++ { - copy(buffer[:], d.data[i*BlockSize:(i+1)*BlockSize]) - x.SetBytes(buffer[:]) - r := d.encrypt(x) + chunks := decompose(d.data) + for i := 0; i < len(chunks); i++ { + r := d.encrypt(chunks[i]) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bls12-378/fr/mimc/utils.go b/ecc/bls12-378/fr/mimc/utils.go new file mode 100644 index 0000000000..1de8df4176 --- /dev/null +++ b/ecc/bls12-378/fr/mimc/utils.go @@ -0,0 +1,47 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + + "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" +) + +// decompose interpret rawBytes as a bigInt x in big endian, +// and returns the digits of x (from LSB to MSB) when x is written +// in basis modulo. +func decompose(rawBytes []byte) []fr.Element { + + rawBigInt := big.NewInt(0).SetBytes(rawBytes) + modulo := fr.Modulus() + + // maximum number of chunks that a function + maxNbChunks := len(rawBytes) / fr.Bytes + + res := make([]fr.Element, 0, maxNbChunks) + var tmp fr.Element + var zero big.Int + + for rawBigInt.Cmp(&zero) > 0 { + tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + res = append(res, tmp) + rawBigInt.Div(rawBigInt, modulo) + } + + return res +} diff --git a/ecc/bls12-378/fr/mimc/utils_test.go b/ecc/bls12-378/fr/mimc/utils_test.go new file mode 100644 index 0000000000..ca3094de53 --- /dev/null +++ b/ecc/bls12-378/fr/mimc/utils_test.go @@ -0,0 +1,53 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + "testing" + + "github.com/consensys/gnark-crypto/ecc/bn254/fr" +) + +func TestDecompose(t *testing.T) { + + // create 10 random digits in basis r + nbDigits := 10 + a := make([]fr.Element, nbDigits) + for i := 0; i < nbDigits; i++ { + a[i].SetRandom() + } + + // create a big int whose digits in basis r are a + m := fr.Modulus() + var b, tmp big.Int + for i := nbDigits - 1; i >= 0; i-- { + b.Mul(&b, m) + a[i].ToBigIntRegular(&tmp) + b.Add(&b, &tmp) + } + + // query the decomposition and compare to a + bb := b.Bytes() + d := decompose(bb) + for i := 0; i < nbDigits; i++ { + if !d[i].Equal(&a[i]) { + t.Fatal("error decomposition") + } + } + +} diff --git a/ecc/bls12-381/fr/mimc/mimc.go b/ecc/bls12-381/fr/mimc/mimc.go index 89287dd062..3408fd2184 100644 --- a/ecc/bls12-381/fr/mimc/mimc.go +++ b/ecc/bls12-381/fr/mimc/mimc.go @@ -103,7 +103,6 @@ func (d *digest) Write(p []byte) (n int, err error) { // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { - var buffer [BlockSize]byte var x fr.Element // if data size is not multiple of BlockSizes we padd: @@ -124,12 +123,9 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, 32) } - nbChunks := len(d.data) / BlockSize - - for i := 0; i < nbChunks; i++ { - copy(buffer[:], d.data[i*BlockSize:(i+1)*BlockSize]) - x.SetBytes(buffer[:]) - r := d.encrypt(x) + chunks := decompose(d.data) + for i := 0; i < len(chunks); i++ { + r := d.encrypt(chunks[i]) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bls12-381/fr/mimc/utils.go b/ecc/bls12-381/fr/mimc/utils.go new file mode 100644 index 0000000000..e7a5f39d36 --- /dev/null +++ b/ecc/bls12-381/fr/mimc/utils.go @@ -0,0 +1,47 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + + "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" +) + +// decompose interpret rawBytes as a bigInt x in big endian, +// and returns the digits of x (from LSB to MSB) when x is written +// in basis modulo. +func decompose(rawBytes []byte) []fr.Element { + + rawBigInt := big.NewInt(0).SetBytes(rawBytes) + modulo := fr.Modulus() + + // maximum number of chunks that a function + maxNbChunks := len(rawBytes) / fr.Bytes + + res := make([]fr.Element, 0, maxNbChunks) + var tmp fr.Element + var zero big.Int + + for rawBigInt.Cmp(&zero) > 0 { + tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + res = append(res, tmp) + rawBigInt.Div(rawBigInt, modulo) + } + + return res +} diff --git a/ecc/bls12-381/fr/mimc/utils_test.go b/ecc/bls12-381/fr/mimc/utils_test.go new file mode 100644 index 0000000000..ca3094de53 --- /dev/null +++ b/ecc/bls12-381/fr/mimc/utils_test.go @@ -0,0 +1,53 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + "testing" + + "github.com/consensys/gnark-crypto/ecc/bn254/fr" +) + +func TestDecompose(t *testing.T) { + + // create 10 random digits in basis r + nbDigits := 10 + a := make([]fr.Element, nbDigits) + for i := 0; i < nbDigits; i++ { + a[i].SetRandom() + } + + // create a big int whose digits in basis r are a + m := fr.Modulus() + var b, tmp big.Int + for i := nbDigits - 1; i >= 0; i-- { + b.Mul(&b, m) + a[i].ToBigIntRegular(&tmp) + b.Add(&b, &tmp) + } + + // query the decomposition and compare to a + bb := b.Bytes() + d := decompose(bb) + for i := 0; i < nbDigits; i++ { + if !d[i].Equal(&a[i]) { + t.Fatal("error decomposition") + } + } + +} diff --git a/ecc/bls24-315/fr/mimc/mimc.go b/ecc/bls24-315/fr/mimc/mimc.go index 63e8f5e1f8..39089d135a 100644 --- a/ecc/bls24-315/fr/mimc/mimc.go +++ b/ecc/bls24-315/fr/mimc/mimc.go @@ -103,7 +103,6 @@ func (d *digest) Write(p []byte) (n int, err error) { // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { - var buffer [BlockSize]byte var x fr.Element // if data size is not multiple of BlockSizes we padd: @@ -124,12 +123,9 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, 32) } - nbChunks := len(d.data) / BlockSize - - for i := 0; i < nbChunks; i++ { - copy(buffer[:], d.data[i*BlockSize:(i+1)*BlockSize]) - x.SetBytes(buffer[:]) - r := d.encrypt(x) + chunks := decompose(d.data) + for i := 0; i < len(chunks); i++ { + r := d.encrypt(chunks[i]) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bls24-315/fr/mimc/utils.go b/ecc/bls24-315/fr/mimc/utils.go new file mode 100644 index 0000000000..519ac21183 --- /dev/null +++ b/ecc/bls24-315/fr/mimc/utils.go @@ -0,0 +1,47 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + + "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" +) + +// decompose interpret rawBytes as a bigInt x in big endian, +// and returns the digits of x (from LSB to MSB) when x is written +// in basis modulo. +func decompose(rawBytes []byte) []fr.Element { + + rawBigInt := big.NewInt(0).SetBytes(rawBytes) + modulo := fr.Modulus() + + // maximum number of chunks that a function + maxNbChunks := len(rawBytes) / fr.Bytes + + res := make([]fr.Element, 0, maxNbChunks) + var tmp fr.Element + var zero big.Int + + for rawBigInt.Cmp(&zero) > 0 { + tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + res = append(res, tmp) + rawBigInt.Div(rawBigInt, modulo) + } + + return res +} diff --git a/ecc/bls24-315/fr/mimc/utils_test.go b/ecc/bls24-315/fr/mimc/utils_test.go new file mode 100644 index 0000000000..ca3094de53 --- /dev/null +++ b/ecc/bls24-315/fr/mimc/utils_test.go @@ -0,0 +1,53 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + "testing" + + "github.com/consensys/gnark-crypto/ecc/bn254/fr" +) + +func TestDecompose(t *testing.T) { + + // create 10 random digits in basis r + nbDigits := 10 + a := make([]fr.Element, nbDigits) + for i := 0; i < nbDigits; i++ { + a[i].SetRandom() + } + + // create a big int whose digits in basis r are a + m := fr.Modulus() + var b, tmp big.Int + for i := nbDigits - 1; i >= 0; i-- { + b.Mul(&b, m) + a[i].ToBigIntRegular(&tmp) + b.Add(&b, &tmp) + } + + // query the decomposition and compare to a + bb := b.Bytes() + d := decompose(bb) + for i := 0; i < nbDigits; i++ { + if !d[i].Equal(&a[i]) { + t.Fatal("error decomposition") + } + } + +} diff --git a/ecc/bls24-317/fr/mimc/mimc.go b/ecc/bls24-317/fr/mimc/mimc.go index 45a9262762..58ed3c7ccc 100644 --- a/ecc/bls24-317/fr/mimc/mimc.go +++ b/ecc/bls24-317/fr/mimc/mimc.go @@ -103,7 +103,6 @@ func (d *digest) Write(p []byte) (n int, err error) { // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { - var buffer [BlockSize]byte var x fr.Element // if data size is not multiple of BlockSizes we padd: @@ -124,12 +123,9 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, 32) } - nbChunks := len(d.data) / BlockSize - - for i := 0; i < nbChunks; i++ { - copy(buffer[:], d.data[i*BlockSize:(i+1)*BlockSize]) - x.SetBytes(buffer[:]) - r := d.encrypt(x) + chunks := decompose(d.data) + for i := 0; i < len(chunks); i++ { + r := d.encrypt(chunks[i]) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bls24-317/fr/mimc/utils.go b/ecc/bls24-317/fr/mimc/utils.go new file mode 100644 index 0000000000..4ed1fd7434 --- /dev/null +++ b/ecc/bls24-317/fr/mimc/utils.go @@ -0,0 +1,47 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + + "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" +) + +// decompose interpret rawBytes as a bigInt x in big endian, +// and returns the digits of x (from LSB to MSB) when x is written +// in basis modulo. +func decompose(rawBytes []byte) []fr.Element { + + rawBigInt := big.NewInt(0).SetBytes(rawBytes) + modulo := fr.Modulus() + + // maximum number of chunks that a function + maxNbChunks := len(rawBytes) / fr.Bytes + + res := make([]fr.Element, 0, maxNbChunks) + var tmp fr.Element + var zero big.Int + + for rawBigInt.Cmp(&zero) > 0 { + tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + res = append(res, tmp) + rawBigInt.Div(rawBigInt, modulo) + } + + return res +} diff --git a/ecc/bls24-317/fr/mimc/utils_test.go b/ecc/bls24-317/fr/mimc/utils_test.go new file mode 100644 index 0000000000..ca3094de53 --- /dev/null +++ b/ecc/bls24-317/fr/mimc/utils_test.go @@ -0,0 +1,53 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + "testing" + + "github.com/consensys/gnark-crypto/ecc/bn254/fr" +) + +func TestDecompose(t *testing.T) { + + // create 10 random digits in basis r + nbDigits := 10 + a := make([]fr.Element, nbDigits) + for i := 0; i < nbDigits; i++ { + a[i].SetRandom() + } + + // create a big int whose digits in basis r are a + m := fr.Modulus() + var b, tmp big.Int + for i := nbDigits - 1; i >= 0; i-- { + b.Mul(&b, m) + a[i].ToBigIntRegular(&tmp) + b.Add(&b, &tmp) + } + + // query the decomposition and compare to a + bb := b.Bytes() + d := decompose(bb) + for i := 0; i < nbDigits; i++ { + if !d[i].Equal(&a[i]) { + t.Fatal("error decomposition") + } + } + +} diff --git a/ecc/bw6-633/fr/mimc/mimc.go b/ecc/bw6-633/fr/mimc/mimc.go index 687bd79e46..19841a9fe1 100644 --- a/ecc/bw6-633/fr/mimc/mimc.go +++ b/ecc/bw6-633/fr/mimc/mimc.go @@ -103,7 +103,6 @@ func (d *digest) Write(p []byte) (n int, err error) { // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { - var buffer [BlockSize]byte var x fr.Element // if data size is not multiple of BlockSizes we padd: @@ -124,12 +123,9 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, 32) } - nbChunks := len(d.data) / BlockSize - - for i := 0; i < nbChunks; i++ { - copy(buffer[:], d.data[i*BlockSize:(i+1)*BlockSize]) - x.SetBytes(buffer[:]) - r := d.encrypt(x) + chunks := decompose(d.data) + for i := 0; i < len(chunks); i++ { + r := d.encrypt(chunks[i]) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bw6-633/fr/mimc/utils.go b/ecc/bw6-633/fr/mimc/utils.go new file mode 100644 index 0000000000..2d699df7ae --- /dev/null +++ b/ecc/bw6-633/fr/mimc/utils.go @@ -0,0 +1,47 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + + "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" +) + +// decompose interpret rawBytes as a bigInt x in big endian, +// and returns the digits of x (from LSB to MSB) when x is written +// in basis modulo. +func decompose(rawBytes []byte) []fr.Element { + + rawBigInt := big.NewInt(0).SetBytes(rawBytes) + modulo := fr.Modulus() + + // maximum number of chunks that a function + maxNbChunks := len(rawBytes) / fr.Bytes + + res := make([]fr.Element, 0, maxNbChunks) + var tmp fr.Element + var zero big.Int + + for rawBigInt.Cmp(&zero) > 0 { + tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + res = append(res, tmp) + rawBigInt.Div(rawBigInt, modulo) + } + + return res +} diff --git a/ecc/bw6-633/fr/mimc/utils_test.go b/ecc/bw6-633/fr/mimc/utils_test.go new file mode 100644 index 0000000000..ca3094de53 --- /dev/null +++ b/ecc/bw6-633/fr/mimc/utils_test.go @@ -0,0 +1,53 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + "testing" + + "github.com/consensys/gnark-crypto/ecc/bn254/fr" +) + +func TestDecompose(t *testing.T) { + + // create 10 random digits in basis r + nbDigits := 10 + a := make([]fr.Element, nbDigits) + for i := 0; i < nbDigits; i++ { + a[i].SetRandom() + } + + // create a big int whose digits in basis r are a + m := fr.Modulus() + var b, tmp big.Int + for i := nbDigits - 1; i >= 0; i-- { + b.Mul(&b, m) + a[i].ToBigIntRegular(&tmp) + b.Add(&b, &tmp) + } + + // query the decomposition and compare to a + bb := b.Bytes() + d := decompose(bb) + for i := 0; i < nbDigits; i++ { + if !d[i].Equal(&a[i]) { + t.Fatal("error decomposition") + } + } + +} diff --git a/ecc/bw6-756/fr/mimc/mimc.go b/ecc/bw6-756/fr/mimc/mimc.go index 26f6bb9e84..bc3d83fec0 100644 --- a/ecc/bw6-756/fr/mimc/mimc.go +++ b/ecc/bw6-756/fr/mimc/mimc.go @@ -103,7 +103,6 @@ func (d *digest) Write(p []byte) (n int, err error) { // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { - var buffer [BlockSize]byte var x fr.Element // if data size is not multiple of BlockSizes we padd: @@ -124,12 +123,9 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, 32) } - nbChunks := len(d.data) / BlockSize - - for i := 0; i < nbChunks; i++ { - copy(buffer[:], d.data[i*BlockSize:(i+1)*BlockSize]) - x.SetBytes(buffer[:]) - r := d.encrypt(x) + chunks := decompose(d.data) + for i := 0; i < len(chunks); i++ { + r := d.encrypt(chunks[i]) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bw6-756/fr/mimc/utils.go b/ecc/bw6-756/fr/mimc/utils.go new file mode 100644 index 0000000000..e6c1dc5227 --- /dev/null +++ b/ecc/bw6-756/fr/mimc/utils.go @@ -0,0 +1,47 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + + "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" +) + +// decompose interpret rawBytes as a bigInt x in big endian, +// and returns the digits of x (from LSB to MSB) when x is written +// in basis modulo. +func decompose(rawBytes []byte) []fr.Element { + + rawBigInt := big.NewInt(0).SetBytes(rawBytes) + modulo := fr.Modulus() + + // maximum number of chunks that a function + maxNbChunks := len(rawBytes) / fr.Bytes + + res := make([]fr.Element, 0, maxNbChunks) + var tmp fr.Element + var zero big.Int + + for rawBigInt.Cmp(&zero) > 0 { + tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + res = append(res, tmp) + rawBigInt.Div(rawBigInt, modulo) + } + + return res +} diff --git a/ecc/bw6-756/fr/mimc/utils_test.go b/ecc/bw6-756/fr/mimc/utils_test.go new file mode 100644 index 0000000000..ca3094de53 --- /dev/null +++ b/ecc/bw6-756/fr/mimc/utils_test.go @@ -0,0 +1,53 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + "testing" + + "github.com/consensys/gnark-crypto/ecc/bn254/fr" +) + +func TestDecompose(t *testing.T) { + + // create 10 random digits in basis r + nbDigits := 10 + a := make([]fr.Element, nbDigits) + for i := 0; i < nbDigits; i++ { + a[i].SetRandom() + } + + // create a big int whose digits in basis r are a + m := fr.Modulus() + var b, tmp big.Int + for i := nbDigits - 1; i >= 0; i-- { + b.Mul(&b, m) + a[i].ToBigIntRegular(&tmp) + b.Add(&b, &tmp) + } + + // query the decomposition and compare to a + bb := b.Bytes() + d := decompose(bb) + for i := 0; i < nbDigits; i++ { + if !d[i].Equal(&a[i]) { + t.Fatal("error decomposition") + } + } + +} diff --git a/ecc/bw6-761/fr/mimc/mimc.go b/ecc/bw6-761/fr/mimc/mimc.go index 5c8bc52e7b..eb1f213aeb 100644 --- a/ecc/bw6-761/fr/mimc/mimc.go +++ b/ecc/bw6-761/fr/mimc/mimc.go @@ -103,7 +103,6 @@ func (d *digest) Write(p []byte) (n int, err error) { // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { - var buffer [BlockSize]byte var x fr.Element // if data size is not multiple of BlockSizes we padd: @@ -124,12 +123,9 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, 32) } - nbChunks := len(d.data) / BlockSize - - for i := 0; i < nbChunks; i++ { - copy(buffer[:], d.data[i*BlockSize:(i+1)*BlockSize]) - x.SetBytes(buffer[:]) - r := d.encrypt(x) + chunks := decompose(d.data) + for i := 0; i < len(chunks); i++ { + r := d.encrypt(chunks[i]) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bw6-761/fr/mimc/utils.go b/ecc/bw6-761/fr/mimc/utils.go new file mode 100644 index 0000000000..a22877ec39 --- /dev/null +++ b/ecc/bw6-761/fr/mimc/utils.go @@ -0,0 +1,47 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + + "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" +) + +// decompose interpret rawBytes as a bigInt x in big endian, +// and returns the digits of x (from LSB to MSB) when x is written +// in basis modulo. +func decompose(rawBytes []byte) []fr.Element { + + rawBigInt := big.NewInt(0).SetBytes(rawBytes) + modulo := fr.Modulus() + + // maximum number of chunks that a function + maxNbChunks := len(rawBytes) / fr.Bytes + + res := make([]fr.Element, 0, maxNbChunks) + var tmp fr.Element + var zero big.Int + + for rawBigInt.Cmp(&zero) > 0 { + tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + res = append(res, tmp) + rawBigInt.Div(rawBigInt, modulo) + } + + return res +} diff --git a/ecc/bw6-761/fr/mimc/utils_test.go b/ecc/bw6-761/fr/mimc/utils_test.go new file mode 100644 index 0000000000..ca3094de53 --- /dev/null +++ b/ecc/bw6-761/fr/mimc/utils_test.go @@ -0,0 +1,53 @@ +// Copyright 2020 ConsenSys Software Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by consensys/gnark-crypto DO NOT EDIT + +package mimc + +import ( + "math/big" + "testing" + + "github.com/consensys/gnark-crypto/ecc/bn254/fr" +) + +func TestDecompose(t *testing.T) { + + // create 10 random digits in basis r + nbDigits := 10 + a := make([]fr.Element, nbDigits) + for i := 0; i < nbDigits; i++ { + a[i].SetRandom() + } + + // create a big int whose digits in basis r are a + m := fr.Modulus() + var b, tmp big.Int + for i := nbDigits - 1; i >= 0; i-- { + b.Mul(&b, m) + a[i].ToBigIntRegular(&tmp) + b.Add(&b, &tmp) + } + + // query the decomposition and compare to a + bb := b.Bytes() + d := decompose(bb) + for i := 0; i < nbDigits; i++ { + if !d[i].Equal(&a[i]) { + t.Fatal("error decomposition") + } + } + +} diff --git a/internal/generator/crypto/hash/mimc/template/tests/utils.go.tmpl b/internal/generator/crypto/hash/mimc/template/tests/utils.go.tmpl new file mode 100644 index 0000000000..413e6a2b27 --- /dev/null +++ b/internal/generator/crypto/hash/mimc/template/tests/utils.go.tmpl @@ -0,0 +1,35 @@ +import ( + "math/big" + "testing" + + "github.com/consensys/gnark-crypto/ecc/bn254/fr" +) + +func TestDecompose(t *testing.T) { + + // create 10 random digits in basis r + nbDigits := 10 + a := make([]fr.Element, nbDigits) + for i := 0; i < nbDigits; i++ { + a[i].SetRandom() + } + + // create a big int whose digits in basis r are a + m := fr.Modulus() + var b, tmp big.Int + for i := nbDigits - 1; i >= 0; i-- { + b.Mul(&b, m) + a[i].ToBigIntRegular(&tmp) + b.Add(&b, &tmp) + } + + // query the decomposition and compare to a + bb := b.Bytes() + d := decompose(bb) + for i := 0; i < nbDigits; i++ { + if !d[i].Equal(&a[i]) { + t.Fatal("error decomposition") + } + } + +} diff --git a/internal/generator/crypto/hash/mimc/template/utils.go.tmpl b/internal/generator/crypto/hash/mimc/template/utils.go.tmpl new file mode 100644 index 0000000000..1483dd4df6 --- /dev/null +++ b/internal/generator/crypto/hash/mimc/template/utils.go.tmpl @@ -0,0 +1,29 @@ + +import ( "math/big" + + "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr" +) + +// decompose interpret rawBytes as a bigInt x in big endian, +// and returns the digits of x (from LSB to MSB) when x is written +// in basis modulo. +func decompose(rawBytes []byte) []fr.Element { + + rawBigInt := big.NewInt(0).SetBytes(rawBytes) + modulo := fr.Modulus() + + // maximum number of chunks that a function + maxNbChunks := len(rawBytes) / fr.Bytes + + res := make([]fr.Element, 0, maxNbChunks) + var tmp fr.Element + var zero big.Int + + for rawBigInt.Cmp(&zero) > 0 { + tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + res = append(res, tmp) + rawBigInt.Div(rawBigInt, modulo) + } + + return res +} From c6287f12bba765c02b6cc713e5727515d8f24b38 Mon Sep 17 00:00:00 2001 From: Thomas Piellard Date: Tue, 15 Nov 2022 19:06:51 +0100 Subject: [PATCH 5/8] feat: commit template --- ecc/bn254/fr/mimc/mimc.go | 12 ++-- ecc/bn254/fr/mimc/mimc_test.go | 60 ------------------- ecc/bn254/fr/mimc/utils.go | 4 +- ecc/bn254/fr/mimc/utils_test.go | 4 +- .../crypto/hash/mimc/template/mimc.go.tmpl | 10 +--- 5 files changed, 13 insertions(+), 77 deletions(-) delete mode 100644 ecc/bn254/fr/mimc/mimc_test.go diff --git a/ecc/bn254/fr/mimc/mimc.go b/ecc/bn254/fr/mimc/mimc.go index 69001b0806..9681a9bc66 100644 --- a/ecc/bn254/fr/mimc/mimc.go +++ b/ecc/bn254/fr/mimc/mimc.go @@ -12,16 +12,17 @@ // See the License for the specific language governing permissions and // limitations under the License. +// Code generated by consensys/gnark-crypto DO NOT EDIT + package mimc import ( "hash" - "math/big" - "sync" - "github.com/consensys/gnark-crypto/ecc/bn254/fr" "golang.org/x/crypto/sha3" + "math/big" + "sync" ) const ( @@ -102,7 +103,6 @@ func (d *digest) Write(p []byte) (n int, err error) { // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { - // var buffer [BlockSize]byte var x fr.Element // if data size is not multiple of BlockSizes we padd: @@ -123,12 +123,8 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, 32) } - //nbChunks := len(d.data) / BlockSize - chunks := decompose(d.data) for i := 0; i < len(chunks); i++ { - // copy(buffer[:], d.data[i*BlockSize:(i+1)*BlockSize]) - // x.SetBytes(buffer[:]) r := d.encrypt(chunks[i]) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bn254/fr/mimc/mimc_test.go b/ecc/bn254/fr/mimc/mimc_test.go deleted file mode 100644 index cb8995c030..0000000000 --- a/ecc/bn254/fr/mimc/mimc_test.go +++ /dev/null @@ -1,60 +0,0 @@ -package mimc - -// import ( -// "testing" -// ) - -// func TestMimc(t *testing.T) { - -// // Expected result from ethereum -// var data [3]fr.Element -// data[0].SetString("10909369219534740878285360918369814291778422174980871969149168794639722256599") -// data[1].SetString("3811523387212735178398974960485340561880938762308498768570292593755555588442") -// data[2].SetString("21761276089180230617904476026690048826689721630933485969915548849196498965166") - -// h := NewMiMC() -// h.Write(data[0].Marshal()) -// h.Write(data[1].Marshal()) -// h.Write(data[2].Marshal()) - -// r := h.Sum(nil) - -// var b big.Int -// b.SetBytes(r) -// fmt.Printf("%s\n", b.String()) - -//------- - -// h := NewMiMC("mimc") -// var a [3]fr.Element -// a[0].SetRandom() -// a[1].SetRandom() -// a[2].SetRandom() -// fmt.Printf("%s\n", a[0].String()) -// fmt.Printf("%s\n", a[1].String()) -// fmt.Printf("%s\n", a[2].String()) -// fmt.Println("") -// h.Write(a[0].Marshal()) -// h.Write(a[1].Marshal()) -// h.Write(a[2].Marshal()) -// var a fr.Element -// a.SetUint64(2323) -// h.Write(a.Marshal()) -// r := h.Sum(nil) -// var br big.Int -// br.SetBytes(r) -// fmt.Printf("%s\n", br.String()) -//_h := h.(*digest) - -// //var h1, h2, h3 fr.Element -// var h1, h2 fr.Element -// h1.SetString("948723") -// h2.SetString("236878") -// // h3.SetString("283") -// _h.data = append(_h.data, h1.Marshal()...) -// _h.data = append(_h.data, h2.Marshal()...) -// // _h.data = append(_h.data, h3.Marshal()...) - -// _h.checksum() -// fmt.Printf("%s\n", _h.h.String()) -// } diff --git a/ecc/bn254/fr/mimc/utils.go b/ecc/bn254/fr/mimc/utils.go index 11667be069..10efdb5f95 100644 --- a/ecc/bn254/fr/mimc/utils.go +++ b/ecc/bn254/fr/mimc/utils.go @@ -8,10 +8,12 @@ // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, -// See the License for the specific language governing permissions and // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and // limitations under the License. +// Code generated by consensys/gnark-crypto DO NOT EDIT + package mimc import ( diff --git a/ecc/bn254/fr/mimc/utils_test.go b/ecc/bn254/fr/mimc/utils_test.go index 1b7a2775c9..ca3094de53 100644 --- a/ecc/bn254/fr/mimc/utils_test.go +++ b/ecc/bn254/fr/mimc/utils_test.go @@ -8,10 +8,12 @@ // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, -// See the License for the specific language governing permissions and // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and // limitations under the License. +// Code generated by consensys/gnark-crypto DO NOT EDIT + package mimc import ( diff --git a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl index b14de2c01b..3033ea116c 100644 --- a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl @@ -89,7 +89,6 @@ func (d *digest) Write(p []byte) (n int, err error) { // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { - var buffer [BlockSize]byte var x fr.Element // if data size is not multiple of BlockSizes we padd: @@ -110,12 +109,9 @@ func (d *digest) checksum() fr.Element { d.data = make([]byte, 32) } - nbChunks := len(d.data) / BlockSize - - for i := 0; i < nbChunks; i++ { - copy(buffer[:], d.data[i*BlockSize:(i+1)*BlockSize]) - x.SetBytes(buffer[:]) - r := d.encrypt(x) + chunks := decompose(d.data) + for i := 0; i < len(chunks); i++ { + r := d.encrypt(chunks[i]) d.h.Add(&r, &d.h).Add(&d.h, &x) } From 64a49a87a80381d152bafd976a838eb2c2005097 Mon Sep 17 00:00:00 2001 From: Thomas Piellard Date: Tue, 15 Nov 2022 19:12:43 +0100 Subject: [PATCH 6/8] fix: fixed bad import fr --- ecc/bls12-377/fr/mimc/utils_test.go | 2 +- ecc/bls12-378/fr/mimc/utils_test.go | 2 +- ecc/bls12-381/fr/mimc/utils_test.go | 2 +- ecc/bls24-315/fr/mimc/utils_test.go | 2 +- ecc/bls24-317/fr/mimc/utils_test.go | 2 +- ecc/bw6-633/fr/mimc/utils_test.go | 2 +- ecc/bw6-756/fr/mimc/utils_test.go | 2 +- ecc/bw6-761/fr/mimc/utils_test.go | 2 +- internal/generator/crypto/hash/mimc/generate.go | 2 ++ .../generator/crypto/hash/mimc/template/tests/utils.go.tmpl | 2 +- 10 files changed, 11 insertions(+), 9 deletions(-) diff --git a/ecc/bls12-377/fr/mimc/utils_test.go b/ecc/bls12-377/fr/mimc/utils_test.go index ca3094de53..06ef3b3666 100644 --- a/ecc/bls12-377/fr/mimc/utils_test.go +++ b/ecc/bls12-377/fr/mimc/utils_test.go @@ -20,7 +20,7 @@ import ( "math/big" "testing" - "github.com/consensys/gnark-crypto/ecc/bn254/fr" + "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" ) func TestDecompose(t *testing.T) { diff --git a/ecc/bls12-378/fr/mimc/utils_test.go b/ecc/bls12-378/fr/mimc/utils_test.go index ca3094de53..5562fe02b2 100644 --- a/ecc/bls12-378/fr/mimc/utils_test.go +++ b/ecc/bls12-378/fr/mimc/utils_test.go @@ -20,7 +20,7 @@ import ( "math/big" "testing" - "github.com/consensys/gnark-crypto/ecc/bn254/fr" + "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" ) func TestDecompose(t *testing.T) { diff --git a/ecc/bls12-381/fr/mimc/utils_test.go b/ecc/bls12-381/fr/mimc/utils_test.go index ca3094de53..eb7fe077fb 100644 --- a/ecc/bls12-381/fr/mimc/utils_test.go +++ b/ecc/bls12-381/fr/mimc/utils_test.go @@ -20,7 +20,7 @@ import ( "math/big" "testing" - "github.com/consensys/gnark-crypto/ecc/bn254/fr" + "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" ) func TestDecompose(t *testing.T) { diff --git a/ecc/bls24-315/fr/mimc/utils_test.go b/ecc/bls24-315/fr/mimc/utils_test.go index ca3094de53..234f08826c 100644 --- a/ecc/bls24-315/fr/mimc/utils_test.go +++ b/ecc/bls24-315/fr/mimc/utils_test.go @@ -20,7 +20,7 @@ import ( "math/big" "testing" - "github.com/consensys/gnark-crypto/ecc/bn254/fr" + "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" ) func TestDecompose(t *testing.T) { diff --git a/ecc/bls24-317/fr/mimc/utils_test.go b/ecc/bls24-317/fr/mimc/utils_test.go index ca3094de53..a19f185901 100644 --- a/ecc/bls24-317/fr/mimc/utils_test.go +++ b/ecc/bls24-317/fr/mimc/utils_test.go @@ -20,7 +20,7 @@ import ( "math/big" "testing" - "github.com/consensys/gnark-crypto/ecc/bn254/fr" + "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" ) func TestDecompose(t *testing.T) { diff --git a/ecc/bw6-633/fr/mimc/utils_test.go b/ecc/bw6-633/fr/mimc/utils_test.go index ca3094de53..98673febb4 100644 --- a/ecc/bw6-633/fr/mimc/utils_test.go +++ b/ecc/bw6-633/fr/mimc/utils_test.go @@ -20,7 +20,7 @@ import ( "math/big" "testing" - "github.com/consensys/gnark-crypto/ecc/bn254/fr" + "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" ) func TestDecompose(t *testing.T) { diff --git a/ecc/bw6-756/fr/mimc/utils_test.go b/ecc/bw6-756/fr/mimc/utils_test.go index ca3094de53..02180094e4 100644 --- a/ecc/bw6-756/fr/mimc/utils_test.go +++ b/ecc/bw6-756/fr/mimc/utils_test.go @@ -20,7 +20,7 @@ import ( "math/big" "testing" - "github.com/consensys/gnark-crypto/ecc/bn254/fr" + "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" ) func TestDecompose(t *testing.T) { diff --git a/ecc/bw6-761/fr/mimc/utils_test.go b/ecc/bw6-761/fr/mimc/utils_test.go index ca3094de53..10bff7cf3b 100644 --- a/ecc/bw6-761/fr/mimc/utils_test.go +++ b/ecc/bw6-761/fr/mimc/utils_test.go @@ -20,7 +20,7 @@ import ( "math/big" "testing" - "github.com/consensys/gnark-crypto/ecc/bn254/fr" + "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" ) func TestDecompose(t *testing.T) { diff --git a/internal/generator/crypto/hash/mimc/generate.go b/internal/generator/crypto/hash/mimc/generate.go index c26a08452d..239122fa6e 100644 --- a/internal/generator/crypto/hash/mimc/generate.go +++ b/internal/generator/crypto/hash/mimc/generate.go @@ -12,6 +12,8 @@ func Generate(conf config.Curve, baseDir string, bgen *bavard.BatchGenerator) er entries := []bavard.Entry{ {File: filepath.Join(baseDir, "doc.go"), Templates: []string{"doc.go.tmpl"}}, {File: filepath.Join(baseDir, "mimc.go"), Templates: []string{"mimc.go.tmpl"}}, + {File: filepath.Join(baseDir, "utils.go"), Templates: []string{"utils.go.tmpl"}}, + {File: filepath.Join(baseDir, "utils_test.go"), Templates: []string{"tests/utils.go.tmpl"}}, } return bgen.Generate(conf, conf.Package, "./crypto/hash/mimc/template", entries...) diff --git a/internal/generator/crypto/hash/mimc/template/tests/utils.go.tmpl b/internal/generator/crypto/hash/mimc/template/tests/utils.go.tmpl index 413e6a2b27..e8f31500f1 100644 --- a/internal/generator/crypto/hash/mimc/template/tests/utils.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/tests/utils.go.tmpl @@ -2,7 +2,7 @@ import ( "math/big" "testing" - "github.com/consensys/gnark-crypto/ecc/bn254/fr" + "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr" ) func TestDecompose(t *testing.T) { From a7bed5c7143958865527735d99247b8dfe31978f Mon Sep 17 00:00:00 2001 From: Gautam Botrel Date: Thu, 5 Jan 2023 10:35:24 -0600 Subject: [PATCH 7/8] feat: mimc.Write returns error if bad input --- .../fr/mimc/{utils.go => decompose.go} | 13 +++-- .../mimc/{utils_test.go => decompose_test.go} | 2 +- ecc/bls12-377/fr/mimc/mimc.go | 49 +++++++++-------- .../fr/mimc/{utils.go => decompose.go} | 13 +++-- .../mimc/{utils_test.go => decompose_test.go} | 2 +- ecc/bls12-378/fr/mimc/mimc.go | 49 +++++++++-------- .../fr/mimc/{utils.go => decompose.go} | 13 +++-- .../mimc/{utils_test.go => decompose_test.go} | 2 +- ecc/bls12-381/fr/mimc/mimc.go | 49 +++++++++-------- .../fr/mimc/{utils.go => decompose.go} | 13 +++-- .../mimc/{utils_test.go => decompose_test.go} | 2 +- ecc/bls24-315/fr/mimc/mimc.go | 49 +++++++++-------- .../fr/mimc/{utils.go => decompose.go} | 13 +++-- .../mimc/{utils_test.go => decompose_test.go} | 2 +- ecc/bls24-317/fr/mimc/mimc.go | 49 +++++++++-------- ecc/bn254/fr/mimc/{utils.go => decompose.go} | 13 +++-- .../mimc/{utils_test.go => decompose_test.go} | 2 +- ecc/bn254/fr/mimc/mimc.go | 49 +++++++++-------- .../fr/mimc/{utils.go => decompose.go} | 13 +++-- .../mimc/{utils_test.go => decompose_test.go} | 2 +- ecc/bw6-633/fr/mimc/mimc.go | 49 +++++++++-------- .../fr/mimc/{utils.go => decompose.go} | 13 +++-- .../mimc/{utils_test.go => decompose_test.go} | 2 +- ecc/bw6-756/fr/mimc/mimc.go | 49 +++++++++-------- .../fr/mimc/{utils.go => decompose.go} | 13 +++-- .../mimc/{utils_test.go => decompose_test.go} | 2 +- ecc/bw6-761/fr/mimc/mimc.go | 49 +++++++++-------- .../generator/crypto/hash/mimc/generate.go | 7 ++- .../{utils.go.tmpl => decompose.go.tmpl} | 13 +++-- .../crypto/hash/mimc/template/mimc.go.tmpl | 53 ++++++++++--------- .../{utils.go.tmpl => decompose.go.tmpl} | 2 +- 31 files changed, 347 insertions(+), 304 deletions(-) rename ecc/bls12-377/fr/mimc/{utils.go => decompose.go} (81%) rename ecc/bls12-377/fr/mimc/{utils_test.go => decompose_test.go} (98%) rename ecc/bls12-378/fr/mimc/{utils.go => decompose.go} (81%) rename ecc/bls12-378/fr/mimc/{utils_test.go => decompose_test.go} (98%) rename ecc/bls12-381/fr/mimc/{utils.go => decompose.go} (81%) rename ecc/bls12-381/fr/mimc/{utils_test.go => decompose_test.go} (98%) rename ecc/bls24-315/fr/mimc/{utils.go => decompose.go} (81%) rename ecc/bls24-315/fr/mimc/{utils_test.go => decompose_test.go} (98%) rename ecc/bls24-317/fr/mimc/{utils.go => decompose.go} (81%) rename ecc/bls24-317/fr/mimc/{utils_test.go => decompose_test.go} (98%) rename ecc/bn254/fr/mimc/{utils.go => decompose.go} (81%) rename ecc/bn254/fr/mimc/{utils_test.go => decompose_test.go} (98%) rename ecc/bw6-633/fr/mimc/{utils.go => decompose.go} (81%) rename ecc/bw6-633/fr/mimc/{utils_test.go => decompose_test.go} (98%) rename ecc/bw6-756/fr/mimc/{utils.go => decompose.go} (81%) rename ecc/bw6-756/fr/mimc/{utils_test.go => decompose_test.go} (98%) rename ecc/bw6-761/fr/mimc/{utils.go => decompose.go} (81%) rename ecc/bw6-761/fr/mimc/{utils_test.go => decompose_test.go} (98%) rename internal/generator/crypto/hash/mimc/template/{utils.go.tmpl => decompose.go.tmpl} (63%) rename internal/generator/crypto/hash/mimc/template/tests/{utils.go.tmpl => decompose.go.tmpl} (96%) diff --git a/ecc/bls12-377/fr/mimc/utils.go b/ecc/bls12-377/fr/mimc/decompose.go similarity index 81% rename from ecc/bls12-377/fr/mimc/utils.go rename to ecc/bls12-377/fr/mimc/decompose.go index cdc502ab9d..a51138765e 100644 --- a/ecc/bls12-377/fr/mimc/utils.go +++ b/ecc/bls12-377/fr/mimc/decompose.go @@ -22,10 +22,10 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" ) -// decompose interpret rawBytes as a bigInt x in big endian, +// Decompose interpret rawBytes as a bigInt x in big endian, // and returns the digits of x (from LSB to MSB) when x is written // in basis modulo. -func decompose(rawBytes []byte) []fr.Element { +func Decompose(rawBytes []byte) []fr.Element { rawBigInt := big.NewInt(0).SetBytes(rawBytes) modulo := fr.Modulus() @@ -35,12 +35,11 @@ func decompose(rawBytes []byte) []fr.Element { res := make([]fr.Element, 0, maxNbChunks) var tmp fr.Element - var zero big.Int - - for rawBigInt.Cmp(&zero) > 0 { - tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + t := new(big.Int) + for rawBigInt.Sign() != 0 { + rawBigInt.DivMod(rawBigInt, modulo, t) + tmp.SetBigInt(t) res = append(res, tmp) - rawBigInt.Div(rawBigInt, modulo) } return res diff --git a/ecc/bls12-377/fr/mimc/utils_test.go b/ecc/bls12-377/fr/mimc/decompose_test.go similarity index 98% rename from ecc/bls12-377/fr/mimc/utils_test.go rename to ecc/bls12-377/fr/mimc/decompose_test.go index 06ef3b3666..937192cedf 100644 --- a/ecc/bls12-377/fr/mimc/utils_test.go +++ b/ecc/bls12-377/fr/mimc/decompose_test.go @@ -43,7 +43,7 @@ func TestDecompose(t *testing.T) { // query the decomposition and compare to a bb := b.Bytes() - d := decompose(bb) + d := Decompose(bb) for i := 0; i < nbDigits; i++ { if !d[i].Equal(&a[i]) { t.Fatal("error decomposition") diff --git a/ecc/bls12-377/fr/mimc/mimc.go b/ecc/bls12-377/fr/mimc/mimc.go index 73fb941adc..0ce9f4ec0b 100644 --- a/ecc/bls12-377/fr/mimc/mimc.go +++ b/ecc/bls12-377/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" @@ -91,41 +92,45 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// It never returns an error. +// +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose +// function in this package. func (d *digest) Write(p []byte) (n int, err error) { n = len(p) + if n%BlockSize != 0 { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") + } + + // ensure each block represents a field element in canonical reduced form + for i := 0; i < n; i += BlockSize { + if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { + return 0, err + } + } + d.data = append(d.data, p...) return } -// Hash hash using Miyaguchi–Preneel: +// Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { + // Write guarantees len(data) % BlockSize == 0 - var x fr.Element - - // if data size is not multiple of BlockSizes we padd: - // .. || 0xaf8 -> .. || 0x0000...0af8 - if len(d.data)%BlockSize != 0 { - q := len(d.data) / BlockSize - r := len(d.data) % BlockSize - sliceq := make([]byte, q*BlockSize) - copy(sliceq, d.data) - slicer := make([]byte, r) - copy(slicer, d.data[q*BlockSize:]) - sliceremainder := make([]byte, BlockSize-r) - d.data = append(sliceq, sliceremainder...) - d.data = append(d.data, slicer...) - } - + // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? if len(d.data) == 0 { - d.data = make([]byte, 32) + d.data = make([]byte, BlockSize) } - chunks := decompose(d.data) - for i := 0; i < len(chunks); i++ { - r := d.encrypt(chunks[i]) + for i := 0; i < len(d.data); i += BlockSize { + x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) + r := d.encrypt(x) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bls12-378/fr/mimc/utils.go b/ecc/bls12-378/fr/mimc/decompose.go similarity index 81% rename from ecc/bls12-378/fr/mimc/utils.go rename to ecc/bls12-378/fr/mimc/decompose.go index 1de8df4176..50a124f541 100644 --- a/ecc/bls12-378/fr/mimc/utils.go +++ b/ecc/bls12-378/fr/mimc/decompose.go @@ -22,10 +22,10 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" ) -// decompose interpret rawBytes as a bigInt x in big endian, +// Decompose interpret rawBytes as a bigInt x in big endian, // and returns the digits of x (from LSB to MSB) when x is written // in basis modulo. -func decompose(rawBytes []byte) []fr.Element { +func Decompose(rawBytes []byte) []fr.Element { rawBigInt := big.NewInt(0).SetBytes(rawBytes) modulo := fr.Modulus() @@ -35,12 +35,11 @@ func decompose(rawBytes []byte) []fr.Element { res := make([]fr.Element, 0, maxNbChunks) var tmp fr.Element - var zero big.Int - - for rawBigInt.Cmp(&zero) > 0 { - tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + t := new(big.Int) + for rawBigInt.Sign() != 0 { + rawBigInt.DivMod(rawBigInt, modulo, t) + tmp.SetBigInt(t) res = append(res, tmp) - rawBigInt.Div(rawBigInt, modulo) } return res diff --git a/ecc/bls12-378/fr/mimc/utils_test.go b/ecc/bls12-378/fr/mimc/decompose_test.go similarity index 98% rename from ecc/bls12-378/fr/mimc/utils_test.go rename to ecc/bls12-378/fr/mimc/decompose_test.go index 5562fe02b2..a63b57ff51 100644 --- a/ecc/bls12-378/fr/mimc/utils_test.go +++ b/ecc/bls12-378/fr/mimc/decompose_test.go @@ -43,7 +43,7 @@ func TestDecompose(t *testing.T) { // query the decomposition and compare to a bb := b.Bytes() - d := decompose(bb) + d := Decompose(bb) for i := 0; i < nbDigits; i++ { if !d[i].Equal(&a[i]) { t.Fatal("error decomposition") diff --git a/ecc/bls12-378/fr/mimc/mimc.go b/ecc/bls12-378/fr/mimc/mimc.go index c8073ce42a..e20b5ee79c 100644 --- a/ecc/bls12-378/fr/mimc/mimc.go +++ b/ecc/bls12-378/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls12-378/fr" @@ -91,41 +92,45 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// It never returns an error. +// +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose +// function in this package. func (d *digest) Write(p []byte) (n int, err error) { n = len(p) + if n%BlockSize != 0 { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") + } + + // ensure each block represents a field element in canonical reduced form + for i := 0; i < n; i += BlockSize { + if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { + return 0, err + } + } + d.data = append(d.data, p...) return } -// Hash hash using Miyaguchi–Preneel: +// Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { + // Write guarantees len(data) % BlockSize == 0 - var x fr.Element - - // if data size is not multiple of BlockSizes we padd: - // .. || 0xaf8 -> .. || 0x0000...0af8 - if len(d.data)%BlockSize != 0 { - q := len(d.data) / BlockSize - r := len(d.data) % BlockSize - sliceq := make([]byte, q*BlockSize) - copy(sliceq, d.data) - slicer := make([]byte, r) - copy(slicer, d.data[q*BlockSize:]) - sliceremainder := make([]byte, BlockSize-r) - d.data = append(sliceq, sliceremainder...) - d.data = append(d.data, slicer...) - } - + // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? if len(d.data) == 0 { - d.data = make([]byte, 32) + d.data = make([]byte, BlockSize) } - chunks := decompose(d.data) - for i := 0; i < len(chunks); i++ { - r := d.encrypt(chunks[i]) + for i := 0; i < len(d.data); i += BlockSize { + x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) + r := d.encrypt(x) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bls12-381/fr/mimc/utils.go b/ecc/bls12-381/fr/mimc/decompose.go similarity index 81% rename from ecc/bls12-381/fr/mimc/utils.go rename to ecc/bls12-381/fr/mimc/decompose.go index e7a5f39d36..925d679327 100644 --- a/ecc/bls12-381/fr/mimc/utils.go +++ b/ecc/bls12-381/fr/mimc/decompose.go @@ -22,10 +22,10 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" ) -// decompose interpret rawBytes as a bigInt x in big endian, +// Decompose interpret rawBytes as a bigInt x in big endian, // and returns the digits of x (from LSB to MSB) when x is written // in basis modulo. -func decompose(rawBytes []byte) []fr.Element { +func Decompose(rawBytes []byte) []fr.Element { rawBigInt := big.NewInt(0).SetBytes(rawBytes) modulo := fr.Modulus() @@ -35,12 +35,11 @@ func decompose(rawBytes []byte) []fr.Element { res := make([]fr.Element, 0, maxNbChunks) var tmp fr.Element - var zero big.Int - - for rawBigInt.Cmp(&zero) > 0 { - tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + t := new(big.Int) + for rawBigInt.Sign() != 0 { + rawBigInt.DivMod(rawBigInt, modulo, t) + tmp.SetBigInt(t) res = append(res, tmp) - rawBigInt.Div(rawBigInt, modulo) } return res diff --git a/ecc/bls12-381/fr/mimc/utils_test.go b/ecc/bls12-381/fr/mimc/decompose_test.go similarity index 98% rename from ecc/bls12-381/fr/mimc/utils_test.go rename to ecc/bls12-381/fr/mimc/decompose_test.go index eb7fe077fb..36809a2aa9 100644 --- a/ecc/bls12-381/fr/mimc/utils_test.go +++ b/ecc/bls12-381/fr/mimc/decompose_test.go @@ -43,7 +43,7 @@ func TestDecompose(t *testing.T) { // query the decomposition and compare to a bb := b.Bytes() - d := decompose(bb) + d := Decompose(bb) for i := 0; i < nbDigits; i++ { if !d[i].Equal(&a[i]) { t.Fatal("error decomposition") diff --git a/ecc/bls12-381/fr/mimc/mimc.go b/ecc/bls12-381/fr/mimc/mimc.go index 3408fd2184..e704e01f7a 100644 --- a/ecc/bls12-381/fr/mimc/mimc.go +++ b/ecc/bls12-381/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" @@ -91,41 +92,45 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// It never returns an error. +// +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose +// function in this package. func (d *digest) Write(p []byte) (n int, err error) { n = len(p) + if n%BlockSize != 0 { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") + } + + // ensure each block represents a field element in canonical reduced form + for i := 0; i < n; i += BlockSize { + if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { + return 0, err + } + } + d.data = append(d.data, p...) return } -// Hash hash using Miyaguchi–Preneel: +// Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { + // Write guarantees len(data) % BlockSize == 0 - var x fr.Element - - // if data size is not multiple of BlockSizes we padd: - // .. || 0xaf8 -> .. || 0x0000...0af8 - if len(d.data)%BlockSize != 0 { - q := len(d.data) / BlockSize - r := len(d.data) % BlockSize - sliceq := make([]byte, q*BlockSize) - copy(sliceq, d.data) - slicer := make([]byte, r) - copy(slicer, d.data[q*BlockSize:]) - sliceremainder := make([]byte, BlockSize-r) - d.data = append(sliceq, sliceremainder...) - d.data = append(d.data, slicer...) - } - + // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? if len(d.data) == 0 { - d.data = make([]byte, 32) + d.data = make([]byte, BlockSize) } - chunks := decompose(d.data) - for i := 0; i < len(chunks); i++ { - r := d.encrypt(chunks[i]) + for i := 0; i < len(d.data); i += BlockSize { + x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) + r := d.encrypt(x) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bls24-315/fr/mimc/utils.go b/ecc/bls24-315/fr/mimc/decompose.go similarity index 81% rename from ecc/bls24-315/fr/mimc/utils.go rename to ecc/bls24-315/fr/mimc/decompose.go index 519ac21183..4a962631fc 100644 --- a/ecc/bls24-315/fr/mimc/utils.go +++ b/ecc/bls24-315/fr/mimc/decompose.go @@ -22,10 +22,10 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" ) -// decompose interpret rawBytes as a bigInt x in big endian, +// Decompose interpret rawBytes as a bigInt x in big endian, // and returns the digits of x (from LSB to MSB) when x is written // in basis modulo. -func decompose(rawBytes []byte) []fr.Element { +func Decompose(rawBytes []byte) []fr.Element { rawBigInt := big.NewInt(0).SetBytes(rawBytes) modulo := fr.Modulus() @@ -35,12 +35,11 @@ func decompose(rawBytes []byte) []fr.Element { res := make([]fr.Element, 0, maxNbChunks) var tmp fr.Element - var zero big.Int - - for rawBigInt.Cmp(&zero) > 0 { - tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + t := new(big.Int) + for rawBigInt.Sign() != 0 { + rawBigInt.DivMod(rawBigInt, modulo, t) + tmp.SetBigInt(t) res = append(res, tmp) - rawBigInt.Div(rawBigInt, modulo) } return res diff --git a/ecc/bls24-315/fr/mimc/utils_test.go b/ecc/bls24-315/fr/mimc/decompose_test.go similarity index 98% rename from ecc/bls24-315/fr/mimc/utils_test.go rename to ecc/bls24-315/fr/mimc/decompose_test.go index 234f08826c..817a588f22 100644 --- a/ecc/bls24-315/fr/mimc/utils_test.go +++ b/ecc/bls24-315/fr/mimc/decompose_test.go @@ -43,7 +43,7 @@ func TestDecompose(t *testing.T) { // query the decomposition and compare to a bb := b.Bytes() - d := decompose(bb) + d := Decompose(bb) for i := 0; i < nbDigits; i++ { if !d[i].Equal(&a[i]) { t.Fatal("error decomposition") diff --git a/ecc/bls24-315/fr/mimc/mimc.go b/ecc/bls24-315/fr/mimc/mimc.go index 39089d135a..f9971a900a 100644 --- a/ecc/bls24-315/fr/mimc/mimc.go +++ b/ecc/bls24-315/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" @@ -91,41 +92,45 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// It never returns an error. +// +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose +// function in this package. func (d *digest) Write(p []byte) (n int, err error) { n = len(p) + if n%BlockSize != 0 { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") + } + + // ensure each block represents a field element in canonical reduced form + for i := 0; i < n; i += BlockSize { + if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { + return 0, err + } + } + d.data = append(d.data, p...) return } -// Hash hash using Miyaguchi–Preneel: +// Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { + // Write guarantees len(data) % BlockSize == 0 - var x fr.Element - - // if data size is not multiple of BlockSizes we padd: - // .. || 0xaf8 -> .. || 0x0000...0af8 - if len(d.data)%BlockSize != 0 { - q := len(d.data) / BlockSize - r := len(d.data) % BlockSize - sliceq := make([]byte, q*BlockSize) - copy(sliceq, d.data) - slicer := make([]byte, r) - copy(slicer, d.data[q*BlockSize:]) - sliceremainder := make([]byte, BlockSize-r) - d.data = append(sliceq, sliceremainder...) - d.data = append(d.data, slicer...) - } - + // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? if len(d.data) == 0 { - d.data = make([]byte, 32) + d.data = make([]byte, BlockSize) } - chunks := decompose(d.data) - for i := 0; i < len(chunks); i++ { - r := d.encrypt(chunks[i]) + for i := 0; i < len(d.data); i += BlockSize { + x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) + r := d.encrypt(x) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bls24-317/fr/mimc/utils.go b/ecc/bls24-317/fr/mimc/decompose.go similarity index 81% rename from ecc/bls24-317/fr/mimc/utils.go rename to ecc/bls24-317/fr/mimc/decompose.go index 4ed1fd7434..b027d8bbc1 100644 --- a/ecc/bls24-317/fr/mimc/utils.go +++ b/ecc/bls24-317/fr/mimc/decompose.go @@ -22,10 +22,10 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" ) -// decompose interpret rawBytes as a bigInt x in big endian, +// Decompose interpret rawBytes as a bigInt x in big endian, // and returns the digits of x (from LSB to MSB) when x is written // in basis modulo. -func decompose(rawBytes []byte) []fr.Element { +func Decompose(rawBytes []byte) []fr.Element { rawBigInt := big.NewInt(0).SetBytes(rawBytes) modulo := fr.Modulus() @@ -35,12 +35,11 @@ func decompose(rawBytes []byte) []fr.Element { res := make([]fr.Element, 0, maxNbChunks) var tmp fr.Element - var zero big.Int - - for rawBigInt.Cmp(&zero) > 0 { - tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + t := new(big.Int) + for rawBigInt.Sign() != 0 { + rawBigInt.DivMod(rawBigInt, modulo, t) + tmp.SetBigInt(t) res = append(res, tmp) - rawBigInt.Div(rawBigInt, modulo) } return res diff --git a/ecc/bls24-317/fr/mimc/utils_test.go b/ecc/bls24-317/fr/mimc/decompose_test.go similarity index 98% rename from ecc/bls24-317/fr/mimc/utils_test.go rename to ecc/bls24-317/fr/mimc/decompose_test.go index a19f185901..26a4769202 100644 --- a/ecc/bls24-317/fr/mimc/utils_test.go +++ b/ecc/bls24-317/fr/mimc/decompose_test.go @@ -43,7 +43,7 @@ func TestDecompose(t *testing.T) { // query the decomposition and compare to a bb := b.Bytes() - d := decompose(bb) + d := Decompose(bb) for i := 0; i < nbDigits; i++ { if !d[i].Equal(&a[i]) { t.Fatal("error decomposition") diff --git a/ecc/bls24-317/fr/mimc/mimc.go b/ecc/bls24-317/fr/mimc/mimc.go index 58ed3c7ccc..c950b05750 100644 --- a/ecc/bls24-317/fr/mimc/mimc.go +++ b/ecc/bls24-317/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" @@ -91,41 +92,45 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// It never returns an error. +// +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose +// function in this package. func (d *digest) Write(p []byte) (n int, err error) { n = len(p) + if n%BlockSize != 0 { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") + } + + // ensure each block represents a field element in canonical reduced form + for i := 0; i < n; i += BlockSize { + if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { + return 0, err + } + } + d.data = append(d.data, p...) return } -// Hash hash using Miyaguchi–Preneel: +// Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { + // Write guarantees len(data) % BlockSize == 0 - var x fr.Element - - // if data size is not multiple of BlockSizes we padd: - // .. || 0xaf8 -> .. || 0x0000...0af8 - if len(d.data)%BlockSize != 0 { - q := len(d.data) / BlockSize - r := len(d.data) % BlockSize - sliceq := make([]byte, q*BlockSize) - copy(sliceq, d.data) - slicer := make([]byte, r) - copy(slicer, d.data[q*BlockSize:]) - sliceremainder := make([]byte, BlockSize-r) - d.data = append(sliceq, sliceremainder...) - d.data = append(d.data, slicer...) - } - + // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? if len(d.data) == 0 { - d.data = make([]byte, 32) + d.data = make([]byte, BlockSize) } - chunks := decompose(d.data) - for i := 0; i < len(chunks); i++ { - r := d.encrypt(chunks[i]) + for i := 0; i < len(d.data); i += BlockSize { + x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) + r := d.encrypt(x) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bn254/fr/mimc/utils.go b/ecc/bn254/fr/mimc/decompose.go similarity index 81% rename from ecc/bn254/fr/mimc/utils.go rename to ecc/bn254/fr/mimc/decompose.go index 10efdb5f95..e61417b9bb 100644 --- a/ecc/bn254/fr/mimc/utils.go +++ b/ecc/bn254/fr/mimc/decompose.go @@ -22,10 +22,10 @@ import ( "github.com/consensys/gnark-crypto/ecc/bn254/fr" ) -// decompose interpret rawBytes as a bigInt x in big endian, +// Decompose interpret rawBytes as a bigInt x in big endian, // and returns the digits of x (from LSB to MSB) when x is written // in basis modulo. -func decompose(rawBytes []byte) []fr.Element { +func Decompose(rawBytes []byte) []fr.Element { rawBigInt := big.NewInt(0).SetBytes(rawBytes) modulo := fr.Modulus() @@ -35,12 +35,11 @@ func decompose(rawBytes []byte) []fr.Element { res := make([]fr.Element, 0, maxNbChunks) var tmp fr.Element - var zero big.Int - - for rawBigInt.Cmp(&zero) > 0 { - tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + t := new(big.Int) + for rawBigInt.Sign() != 0 { + rawBigInt.DivMod(rawBigInt, modulo, t) + tmp.SetBigInt(t) res = append(res, tmp) - rawBigInt.Div(rawBigInt, modulo) } return res diff --git a/ecc/bn254/fr/mimc/utils_test.go b/ecc/bn254/fr/mimc/decompose_test.go similarity index 98% rename from ecc/bn254/fr/mimc/utils_test.go rename to ecc/bn254/fr/mimc/decompose_test.go index ca3094de53..3597da7a38 100644 --- a/ecc/bn254/fr/mimc/utils_test.go +++ b/ecc/bn254/fr/mimc/decompose_test.go @@ -43,7 +43,7 @@ func TestDecompose(t *testing.T) { // query the decomposition and compare to a bb := b.Bytes() - d := decompose(bb) + d := Decompose(bb) for i := 0; i < nbDigits; i++ { if !d[i].Equal(&a[i]) { t.Fatal("error decomposition") diff --git a/ecc/bn254/fr/mimc/mimc.go b/ecc/bn254/fr/mimc/mimc.go index 9681a9bc66..87a9776eef 100644 --- a/ecc/bn254/fr/mimc/mimc.go +++ b/ecc/bn254/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bn254/fr" @@ -91,41 +92,45 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// It never returns an error. +// +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose +// function in this package. func (d *digest) Write(p []byte) (n int, err error) { n = len(p) + if n%BlockSize != 0 { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") + } + + // ensure each block represents a field element in canonical reduced form + for i := 0; i < n; i += BlockSize { + if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { + return 0, err + } + } + d.data = append(d.data, p...) return } -// Hash hash using Miyaguchi–Preneel: +// Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { + // Write guarantees len(data) % BlockSize == 0 - var x fr.Element - - // if data size is not multiple of BlockSizes we padd: - // .. || 0xaf8 -> .. || 0x0000...0af8 - if len(d.data)%BlockSize != 0 { - q := len(d.data) / BlockSize - r := len(d.data) % BlockSize - sliceq := make([]byte, q*BlockSize) - copy(sliceq, d.data) - slicer := make([]byte, r) - copy(slicer, d.data[q*BlockSize:]) - sliceremainder := make([]byte, BlockSize-r) - d.data = append(sliceq, sliceremainder...) - d.data = append(d.data, slicer...) - } - + // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? if len(d.data) == 0 { - d.data = make([]byte, 32) + d.data = make([]byte, BlockSize) } - chunks := decompose(d.data) - for i := 0; i < len(chunks); i++ { - r := d.encrypt(chunks[i]) + for i := 0; i < len(d.data); i += BlockSize { + x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) + r := d.encrypt(x) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bw6-633/fr/mimc/utils.go b/ecc/bw6-633/fr/mimc/decompose.go similarity index 81% rename from ecc/bw6-633/fr/mimc/utils.go rename to ecc/bw6-633/fr/mimc/decompose.go index 2d699df7ae..0f4cc36c96 100644 --- a/ecc/bw6-633/fr/mimc/utils.go +++ b/ecc/bw6-633/fr/mimc/decompose.go @@ -22,10 +22,10 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" ) -// decompose interpret rawBytes as a bigInt x in big endian, +// Decompose interpret rawBytes as a bigInt x in big endian, // and returns the digits of x (from LSB to MSB) when x is written // in basis modulo. -func decompose(rawBytes []byte) []fr.Element { +func Decompose(rawBytes []byte) []fr.Element { rawBigInt := big.NewInt(0).SetBytes(rawBytes) modulo := fr.Modulus() @@ -35,12 +35,11 @@ func decompose(rawBytes []byte) []fr.Element { res := make([]fr.Element, 0, maxNbChunks) var tmp fr.Element - var zero big.Int - - for rawBigInt.Cmp(&zero) > 0 { - tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + t := new(big.Int) + for rawBigInt.Sign() != 0 { + rawBigInt.DivMod(rawBigInt, modulo, t) + tmp.SetBigInt(t) res = append(res, tmp) - rawBigInt.Div(rawBigInt, modulo) } return res diff --git a/ecc/bw6-633/fr/mimc/utils_test.go b/ecc/bw6-633/fr/mimc/decompose_test.go similarity index 98% rename from ecc/bw6-633/fr/mimc/utils_test.go rename to ecc/bw6-633/fr/mimc/decompose_test.go index 98673febb4..26518fd462 100644 --- a/ecc/bw6-633/fr/mimc/utils_test.go +++ b/ecc/bw6-633/fr/mimc/decompose_test.go @@ -43,7 +43,7 @@ func TestDecompose(t *testing.T) { // query the decomposition and compare to a bb := b.Bytes() - d := decompose(bb) + d := Decompose(bb) for i := 0; i < nbDigits; i++ { if !d[i].Equal(&a[i]) { t.Fatal("error decomposition") diff --git a/ecc/bw6-633/fr/mimc/mimc.go b/ecc/bw6-633/fr/mimc/mimc.go index 19841a9fe1..d026855152 100644 --- a/ecc/bw6-633/fr/mimc/mimc.go +++ b/ecc/bw6-633/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" @@ -91,41 +92,45 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// It never returns an error. +// +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose +// function in this package. func (d *digest) Write(p []byte) (n int, err error) { n = len(p) + if n%BlockSize != 0 { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") + } + + // ensure each block represents a field element in canonical reduced form + for i := 0; i < n; i += BlockSize { + if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { + return 0, err + } + } + d.data = append(d.data, p...) return } -// Hash hash using Miyaguchi–Preneel: +// Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { + // Write guarantees len(data) % BlockSize == 0 - var x fr.Element - - // if data size is not multiple of BlockSizes we padd: - // .. || 0xaf8 -> .. || 0x0000...0af8 - if len(d.data)%BlockSize != 0 { - q := len(d.data) / BlockSize - r := len(d.data) % BlockSize - sliceq := make([]byte, q*BlockSize) - copy(sliceq, d.data) - slicer := make([]byte, r) - copy(slicer, d.data[q*BlockSize:]) - sliceremainder := make([]byte, BlockSize-r) - d.data = append(sliceq, sliceremainder...) - d.data = append(d.data, slicer...) - } - + // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? if len(d.data) == 0 { - d.data = make([]byte, 32) + d.data = make([]byte, BlockSize) } - chunks := decompose(d.data) - for i := 0; i < len(chunks); i++ { - r := d.encrypt(chunks[i]) + for i := 0; i < len(d.data); i += BlockSize { + x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) + r := d.encrypt(x) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bw6-756/fr/mimc/utils.go b/ecc/bw6-756/fr/mimc/decompose.go similarity index 81% rename from ecc/bw6-756/fr/mimc/utils.go rename to ecc/bw6-756/fr/mimc/decompose.go index e6c1dc5227..c5bb70239e 100644 --- a/ecc/bw6-756/fr/mimc/utils.go +++ b/ecc/bw6-756/fr/mimc/decompose.go @@ -22,10 +22,10 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" ) -// decompose interpret rawBytes as a bigInt x in big endian, +// Decompose interpret rawBytes as a bigInt x in big endian, // and returns the digits of x (from LSB to MSB) when x is written // in basis modulo. -func decompose(rawBytes []byte) []fr.Element { +func Decompose(rawBytes []byte) []fr.Element { rawBigInt := big.NewInt(0).SetBytes(rawBytes) modulo := fr.Modulus() @@ -35,12 +35,11 @@ func decompose(rawBytes []byte) []fr.Element { res := make([]fr.Element, 0, maxNbChunks) var tmp fr.Element - var zero big.Int - - for rawBigInt.Cmp(&zero) > 0 { - tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + t := new(big.Int) + for rawBigInt.Sign() != 0 { + rawBigInt.DivMod(rawBigInt, modulo, t) + tmp.SetBigInt(t) res = append(res, tmp) - rawBigInt.Div(rawBigInt, modulo) } return res diff --git a/ecc/bw6-756/fr/mimc/utils_test.go b/ecc/bw6-756/fr/mimc/decompose_test.go similarity index 98% rename from ecc/bw6-756/fr/mimc/utils_test.go rename to ecc/bw6-756/fr/mimc/decompose_test.go index 02180094e4..04d86a58c7 100644 --- a/ecc/bw6-756/fr/mimc/utils_test.go +++ b/ecc/bw6-756/fr/mimc/decompose_test.go @@ -43,7 +43,7 @@ func TestDecompose(t *testing.T) { // query the decomposition and compare to a bb := b.Bytes() - d := decompose(bb) + d := Decompose(bb) for i := 0; i < nbDigits; i++ { if !d[i].Equal(&a[i]) { t.Fatal("error decomposition") diff --git a/ecc/bw6-756/fr/mimc/mimc.go b/ecc/bw6-756/fr/mimc/mimc.go index bc3d83fec0..9218a8e359 100644 --- a/ecc/bw6-756/fr/mimc/mimc.go +++ b/ecc/bw6-756/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bw6-756/fr" @@ -91,41 +92,45 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// It never returns an error. +// +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose +// function in this package. func (d *digest) Write(p []byte) (n int, err error) { n = len(p) + if n%BlockSize != 0 { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") + } + + // ensure each block represents a field element in canonical reduced form + for i := 0; i < n; i += BlockSize { + if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { + return 0, err + } + } + d.data = append(d.data, p...) return } -// Hash hash using Miyaguchi–Preneel: +// Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { + // Write guarantees len(data) % BlockSize == 0 - var x fr.Element - - // if data size is not multiple of BlockSizes we padd: - // .. || 0xaf8 -> .. || 0x0000...0af8 - if len(d.data)%BlockSize != 0 { - q := len(d.data) / BlockSize - r := len(d.data) % BlockSize - sliceq := make([]byte, q*BlockSize) - copy(sliceq, d.data) - slicer := make([]byte, r) - copy(slicer, d.data[q*BlockSize:]) - sliceremainder := make([]byte, BlockSize-r) - d.data = append(sliceq, sliceremainder...) - d.data = append(d.data, slicer...) - } - + // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? if len(d.data) == 0 { - d.data = make([]byte, 32) + d.data = make([]byte, BlockSize) } - chunks := decompose(d.data) - for i := 0; i < len(chunks); i++ { - r := d.encrypt(chunks[i]) + for i := 0; i < len(d.data); i += BlockSize { + x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) + r := d.encrypt(x) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/ecc/bw6-761/fr/mimc/utils.go b/ecc/bw6-761/fr/mimc/decompose.go similarity index 81% rename from ecc/bw6-761/fr/mimc/utils.go rename to ecc/bw6-761/fr/mimc/decompose.go index a22877ec39..06761e28fe 100644 --- a/ecc/bw6-761/fr/mimc/utils.go +++ b/ecc/bw6-761/fr/mimc/decompose.go @@ -22,10 +22,10 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" ) -// decompose interpret rawBytes as a bigInt x in big endian, +// Decompose interpret rawBytes as a bigInt x in big endian, // and returns the digits of x (from LSB to MSB) when x is written // in basis modulo. -func decompose(rawBytes []byte) []fr.Element { +func Decompose(rawBytes []byte) []fr.Element { rawBigInt := big.NewInt(0).SetBytes(rawBytes) modulo := fr.Modulus() @@ -35,12 +35,11 @@ func decompose(rawBytes []byte) []fr.Element { res := make([]fr.Element, 0, maxNbChunks) var tmp fr.Element - var zero big.Int - - for rawBigInt.Cmp(&zero) > 0 { - tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + t := new(big.Int) + for rawBigInt.Sign() != 0 { + rawBigInt.DivMod(rawBigInt, modulo, t) + tmp.SetBigInt(t) res = append(res, tmp) - rawBigInt.Div(rawBigInt, modulo) } return res diff --git a/ecc/bw6-761/fr/mimc/utils_test.go b/ecc/bw6-761/fr/mimc/decompose_test.go similarity index 98% rename from ecc/bw6-761/fr/mimc/utils_test.go rename to ecc/bw6-761/fr/mimc/decompose_test.go index 10bff7cf3b..031367811e 100644 --- a/ecc/bw6-761/fr/mimc/utils_test.go +++ b/ecc/bw6-761/fr/mimc/decompose_test.go @@ -43,7 +43,7 @@ func TestDecompose(t *testing.T) { // query the decomposition and compare to a bb := b.Bytes() - d := decompose(bb) + d := Decompose(bb) for i := 0; i < nbDigits; i++ { if !d[i].Equal(&a[i]) { t.Fatal("error decomposition") diff --git a/ecc/bw6-761/fr/mimc/mimc.go b/ecc/bw6-761/fr/mimc/mimc.go index eb1f213aeb..3b69ba02b7 100644 --- a/ecc/bw6-761/fr/mimc/mimc.go +++ b/ecc/bw6-761/fr/mimc/mimc.go @@ -17,6 +17,7 @@ package mimc import ( + "errors" "hash" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" @@ -91,41 +92,45 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// It never returns an error. +// +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose +// function in this package. func (d *digest) Write(p []byte) (n int, err error) { n = len(p) + if n%BlockSize != 0 { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") + } + + // ensure each block represents a field element in canonical reduced form + for i := 0; i < n; i += BlockSize { + if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i : i+BlockSize])); err != nil { + return 0, err + } + } + d.data = append(d.data, p...) return } -// Hash hash using Miyaguchi–Preneel: +// Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { + // Write guarantees len(data) % BlockSize == 0 - var x fr.Element - - // if data size is not multiple of BlockSizes we padd: - // .. || 0xaf8 -> .. || 0x0000...0af8 - if len(d.data)%BlockSize != 0 { - q := len(d.data) / BlockSize - r := len(d.data) % BlockSize - sliceq := make([]byte, q*BlockSize) - copy(sliceq, d.data) - slicer := make([]byte, r) - copy(slicer, d.data[q*BlockSize:]) - sliceremainder := make([]byte, BlockSize-r) - d.data = append(sliceq, sliceremainder...) - d.data = append(d.data, slicer...) - } - + // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? if len(d.data) == 0 { - d.data = make([]byte, 32) + d.data = make([]byte, BlockSize) } - chunks := decompose(d.data) - for i := 0; i < len(chunks); i++ { - r := d.encrypt(chunks[i]) + for i := 0; i < len(d.data); i += BlockSize { + x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i : i+BlockSize])) + r := d.encrypt(x) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/internal/generator/crypto/hash/mimc/generate.go b/internal/generator/crypto/hash/mimc/generate.go index 2b39820199..94caf7f56c 100644 --- a/internal/generator/crypto/hash/mimc/generate.go +++ b/internal/generator/crypto/hash/mimc/generate.go @@ -1,6 +1,7 @@ package mimc import ( + "os" "path/filepath" "github.com/consensys/bavard" @@ -16,9 +17,11 @@ func Generate(conf config.Curve, baseDir string, bgen *bavard.BatchGenerator) er entries := []bavard.Entry{ {File: filepath.Join(baseDir, "doc.go"), Templates: []string{"doc.go.tmpl"}}, {File: filepath.Join(baseDir, "mimc.go"), Templates: []string{"mimc.go.tmpl"}}, - {File: filepath.Join(baseDir, "utils.go"), Templates: []string{"utils.go.tmpl"}}, - {File: filepath.Join(baseDir, "utils_test.go"), Templates: []string{"tests/utils.go.tmpl"}}, + {File: filepath.Join(baseDir, "decompose.go"), Templates: []string{"decompose.go.tmpl"}}, + {File: filepath.Join(baseDir, "decompose_test.go"), Templates: []string{"tests/decompose.go.tmpl"}}, } + os.Remove(filepath.Join(baseDir, "utils.go")) + os.Remove(filepath.Join(baseDir, "utils_test.go")) return bgen.Generate(conf, conf.Package, "./crypto/hash/mimc/template", entries...) } diff --git a/internal/generator/crypto/hash/mimc/template/utils.go.tmpl b/internal/generator/crypto/hash/mimc/template/decompose.go.tmpl similarity index 63% rename from internal/generator/crypto/hash/mimc/template/utils.go.tmpl rename to internal/generator/crypto/hash/mimc/template/decompose.go.tmpl index 1483dd4df6..1658a9e1d0 100644 --- a/internal/generator/crypto/hash/mimc/template/utils.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/decompose.go.tmpl @@ -4,10 +4,10 @@ import ( "math/big" "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr" ) -// decompose interpret rawBytes as a bigInt x in big endian, +// Decompose interpret rawBytes as a bigInt x in big endian, // and returns the digits of x (from LSB to MSB) when x is written // in basis modulo. -func decompose(rawBytes []byte) []fr.Element { +func Decompose(rawBytes []byte) []fr.Element { rawBigInt := big.NewInt(0).SetBytes(rawBytes) modulo := fr.Modulus() @@ -17,12 +17,11 @@ func decompose(rawBytes []byte) []fr.Element { res := make([]fr.Element, 0, maxNbChunks) var tmp fr.Element - var zero big.Int - - for rawBigInt.Cmp(&zero) > 0 { - tmp.SetBigInt(rawBigInt) // tmp <- rawBitInt [r] + t := new(big.Int) + for rawBigInt.Sign() != 0 { + rawBigInt.DivMod(rawBigInt, modulo, t) + tmp.SetBigInt(t) res = append(res, tmp) - rawBigInt.Div(rawBigInt, modulo) } return res diff --git a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl index 3033ea116c..463a6767ce 100644 --- a/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/mimc.go.tmpl @@ -1,5 +1,6 @@ import ( "hash" + "errors" "math/big" "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr" @@ -77,41 +78,45 @@ func (d *digest) BlockSize() int { } // Write (via the embedded io.Writer interface) adds more data to the running hash. -// It never returns an error. +// +// Each []byte block of size BlockSize represents a big endian fr.Element. +// +// If len(p) is not a multiple of BlockSize and any of the []byte in p represent an integer +// larger than fr.Modulus, this function returns an error. +// +// To hash arbitrary data ([]byte not representing canonical field elements) use Decompose +// function in this package. func (d *digest) Write(p []byte) (n int, err error) { n = len(p) + if n % BlockSize != 0 { + return 0, errors.New("invalid input length: must represent a list of field elements, expects a []byte of len m*BlockSize") + } + + // ensure each block represents a field element in canonical reduced form + for i := 0; i < n; i += BlockSize { + if _, err = fr.BigEndian.Element((*[BlockSize]byte)(p[i:i+BlockSize])); err != nil { + return 0, err + } + } + d.data = append(d.data, p...) return } -// Hash hash using Miyaguchi–Preneel: +// Hash hash using Miyaguchi-Preneel: // https://en.wikipedia.org/wiki/One-way_compression_function // The XOR operation is replaced by field addition, data is in Montgomery form func (d *digest) checksum() fr.Element { - - var x fr.Element - - // if data size is not multiple of BlockSizes we padd: - // .. || 0xaf8 -> .. || 0x0000...0af8 - if len(d.data)%BlockSize != 0 { - q := len(d.data) / BlockSize - r := len(d.data) % BlockSize - sliceq := make([]byte, q*BlockSize) - copy(sliceq, d.data) - slicer := make([]byte, r) - copy(slicer, d.data[q*BlockSize:]) - sliceremainder := make([]byte, BlockSize-r) - d.data = append(sliceq, sliceremainder...) - d.data = append(d.data, slicer...) - } - - if len(d.data) == 0 { - d.data = make([]byte, 32) + // Write guarantees len(data) % BlockSize == 0 + + // TODO @ThomasPiellard shouldn't Sum() returns an error if there is no data? + if len(d.data) == 0 { + d.data = make([]byte, BlockSize) } - chunks := decompose(d.data) - for i := 0; i < len(chunks); i++ { - r := d.encrypt(chunks[i]) + for i := 0; i < len(d.data); i+=BlockSize { + x, _ := fr.BigEndian.Element((*[BlockSize]byte)(d.data[i:i+BlockSize])) + r := d.encrypt(x) d.h.Add(&r, &d.h).Add(&d.h, &x) } diff --git a/internal/generator/crypto/hash/mimc/template/tests/utils.go.tmpl b/internal/generator/crypto/hash/mimc/template/tests/decompose.go.tmpl similarity index 96% rename from internal/generator/crypto/hash/mimc/template/tests/utils.go.tmpl rename to internal/generator/crypto/hash/mimc/template/tests/decompose.go.tmpl index e8f31500f1..26dc6661f4 100644 --- a/internal/generator/crypto/hash/mimc/template/tests/utils.go.tmpl +++ b/internal/generator/crypto/hash/mimc/template/tests/decompose.go.tmpl @@ -25,7 +25,7 @@ func TestDecompose(t *testing.T) { // query the decomposition and compare to a bb := b.Bytes() - d := decompose(bb) + d := Decompose(bb) for i := 0; i < nbDigits; i++ { if !d[i].Equal(&a[i]) { t.Fatal("error decomposition") From 630ec6397f342f8f2690b5a5f27a447a90a28bf4 Mon Sep 17 00:00:00 2001 From: Thomas Piellard Date: Thu, 5 Jan 2023 18:02:35 +0100 Subject: [PATCH 8/8] fix: fixed ecdsa example --- ecc/bls12-377/twistededwards/eddsa/eddsa_test.go | 6 ++++-- ecc/bls12-378/twistededwards/eddsa/eddsa_test.go | 6 ++++-- ecc/bls12-381/bandersnatch/eddsa/eddsa_test.go | 6 ++++-- ecc/bls12-381/twistededwards/eddsa/eddsa_test.go | 6 ++++-- ecc/bls24-315/twistededwards/eddsa/eddsa_test.go | 6 ++++-- ecc/bls24-317/twistededwards/eddsa/eddsa_test.go | 6 ++++-- ecc/bn254/twistededwards/eddsa/eddsa_test.go | 6 ++++-- ecc/bw6-633/twistededwards/eddsa/eddsa_test.go | 6 ++++-- ecc/bw6-756/twistededwards/eddsa/eddsa_test.go | 6 ++++-- ecc/bw6-761/twistededwards/eddsa/eddsa_test.go | 6 ++++-- .../generator/edwards/eddsa/template/eddsa.test.go.tmpl | 6 ++++-- 11 files changed, 44 insertions(+), 22 deletions(-) diff --git a/ecc/bls12-377/twistededwards/eddsa/eddsa_test.go b/ecc/bls12-377/twistededwards/eddsa/eddsa_test.go index aaf4b94cf7..1175d7458a 100644 --- a/ecc/bls12-377/twistededwards/eddsa/eddsa_test.go +++ b/ecc/bls12-377/twistededwards/eddsa/eddsa_test.go @@ -37,8 +37,10 @@ func Example() { privateKey, _ := GenerateKey(crand.Reader) publicKey := privateKey.PublicKey - // note that the message is on 4 bytes - msg := []byte{0xde, 0xad, 0xf0, 0x0d} + // generate a message (the size must be a multiple of the size of Fr) + var _msg fr.Element + _msg.SetRandom() + msg := _msg.Marshal() // sign the message signature, _ := privateKey.Sign(msg, hFunc) diff --git a/ecc/bls12-378/twistededwards/eddsa/eddsa_test.go b/ecc/bls12-378/twistededwards/eddsa/eddsa_test.go index 5cfc0927f2..f7e0956696 100644 --- a/ecc/bls12-378/twistededwards/eddsa/eddsa_test.go +++ b/ecc/bls12-378/twistededwards/eddsa/eddsa_test.go @@ -37,8 +37,10 @@ func Example() { privateKey, _ := GenerateKey(crand.Reader) publicKey := privateKey.PublicKey - // note that the message is on 4 bytes - msg := []byte{0xde, 0xad, 0xf0, 0x0d} + // generate a message (the size must be a multiple of the size of Fr) + var _msg fr.Element + _msg.SetRandom() + msg := _msg.Marshal() // sign the message signature, _ := privateKey.Sign(msg, hFunc) diff --git a/ecc/bls12-381/bandersnatch/eddsa/eddsa_test.go b/ecc/bls12-381/bandersnatch/eddsa/eddsa_test.go index 967aac1db9..85bd27ca02 100644 --- a/ecc/bls12-381/bandersnatch/eddsa/eddsa_test.go +++ b/ecc/bls12-381/bandersnatch/eddsa/eddsa_test.go @@ -37,8 +37,10 @@ func Example() { privateKey, _ := GenerateKey(crand.Reader) publicKey := privateKey.PublicKey - // note that the message is on 4 bytes - msg := []byte{0xde, 0xad, 0xf0, 0x0d} + // generate a message (the size must be a multiple of the size of Fr) + var _msg fr.Element + _msg.SetRandom() + msg := _msg.Marshal() // sign the message signature, _ := privateKey.Sign(msg, hFunc) diff --git a/ecc/bls12-381/twistededwards/eddsa/eddsa_test.go b/ecc/bls12-381/twistededwards/eddsa/eddsa_test.go index 967aac1db9..85bd27ca02 100644 --- a/ecc/bls12-381/twistededwards/eddsa/eddsa_test.go +++ b/ecc/bls12-381/twistededwards/eddsa/eddsa_test.go @@ -37,8 +37,10 @@ func Example() { privateKey, _ := GenerateKey(crand.Reader) publicKey := privateKey.PublicKey - // note that the message is on 4 bytes - msg := []byte{0xde, 0xad, 0xf0, 0x0d} + // generate a message (the size must be a multiple of the size of Fr) + var _msg fr.Element + _msg.SetRandom() + msg := _msg.Marshal() // sign the message signature, _ := privateKey.Sign(msg, hFunc) diff --git a/ecc/bls24-315/twistededwards/eddsa/eddsa_test.go b/ecc/bls24-315/twistededwards/eddsa/eddsa_test.go index 334b1cc0e1..669bce5e65 100644 --- a/ecc/bls24-315/twistededwards/eddsa/eddsa_test.go +++ b/ecc/bls24-315/twistededwards/eddsa/eddsa_test.go @@ -37,8 +37,10 @@ func Example() { privateKey, _ := GenerateKey(crand.Reader) publicKey := privateKey.PublicKey - // note that the message is on 4 bytes - msg := []byte{0xde, 0xad, 0xf0, 0x0d} + // generate a message (the size must be a multiple of the size of Fr) + var _msg fr.Element + _msg.SetRandom() + msg := _msg.Marshal() // sign the message signature, _ := privateKey.Sign(msg, hFunc) diff --git a/ecc/bls24-317/twistededwards/eddsa/eddsa_test.go b/ecc/bls24-317/twistededwards/eddsa/eddsa_test.go index 776d3894a4..34464874cd 100644 --- a/ecc/bls24-317/twistededwards/eddsa/eddsa_test.go +++ b/ecc/bls24-317/twistededwards/eddsa/eddsa_test.go @@ -37,8 +37,10 @@ func Example() { privateKey, _ := GenerateKey(crand.Reader) publicKey := privateKey.PublicKey - // note that the message is on 4 bytes - msg := []byte{0xde, 0xad, 0xf0, 0x0d} + // generate a message (the size must be a multiple of the size of Fr) + var _msg fr.Element + _msg.SetRandom() + msg := _msg.Marshal() // sign the message signature, _ := privateKey.Sign(msg, hFunc) diff --git a/ecc/bn254/twistededwards/eddsa/eddsa_test.go b/ecc/bn254/twistededwards/eddsa/eddsa_test.go index c05a995a8d..3bf8c9d989 100644 --- a/ecc/bn254/twistededwards/eddsa/eddsa_test.go +++ b/ecc/bn254/twistededwards/eddsa/eddsa_test.go @@ -37,8 +37,10 @@ func Example() { privateKey, _ := GenerateKey(crand.Reader) publicKey := privateKey.PublicKey - // note that the message is on 4 bytes - msg := []byte{0xde, 0xad, 0xf0, 0x0d} + // generate a message (the size must be a multiple of the size of Fr) + var _msg fr.Element + _msg.SetRandom() + msg := _msg.Marshal() // sign the message signature, _ := privateKey.Sign(msg, hFunc) diff --git a/ecc/bw6-633/twistededwards/eddsa/eddsa_test.go b/ecc/bw6-633/twistededwards/eddsa/eddsa_test.go index 93e70b88ea..066a7ac20a 100644 --- a/ecc/bw6-633/twistededwards/eddsa/eddsa_test.go +++ b/ecc/bw6-633/twistededwards/eddsa/eddsa_test.go @@ -37,8 +37,10 @@ func Example() { privateKey, _ := GenerateKey(crand.Reader) publicKey := privateKey.PublicKey - // note that the message is on 4 bytes - msg := []byte{0xde, 0xad, 0xf0, 0x0d} + // generate a message (the size must be a multiple of the size of Fr) + var _msg fr.Element + _msg.SetRandom() + msg := _msg.Marshal() // sign the message signature, _ := privateKey.Sign(msg, hFunc) diff --git a/ecc/bw6-756/twistededwards/eddsa/eddsa_test.go b/ecc/bw6-756/twistededwards/eddsa/eddsa_test.go index 8cc3ed1f41..82388cfdd4 100644 --- a/ecc/bw6-756/twistededwards/eddsa/eddsa_test.go +++ b/ecc/bw6-756/twistededwards/eddsa/eddsa_test.go @@ -37,8 +37,10 @@ func Example() { privateKey, _ := GenerateKey(crand.Reader) publicKey := privateKey.PublicKey - // note that the message is on 4 bytes - msg := []byte{0xde, 0xad, 0xf0, 0x0d} + // generate a message (the size must be a multiple of the size of Fr) + var _msg fr.Element + _msg.SetRandom() + msg := _msg.Marshal() // sign the message signature, _ := privateKey.Sign(msg, hFunc) diff --git a/ecc/bw6-761/twistededwards/eddsa/eddsa_test.go b/ecc/bw6-761/twistededwards/eddsa/eddsa_test.go index 6918f7c441..f8929c461a 100644 --- a/ecc/bw6-761/twistededwards/eddsa/eddsa_test.go +++ b/ecc/bw6-761/twistededwards/eddsa/eddsa_test.go @@ -37,8 +37,10 @@ func Example() { privateKey, _ := GenerateKey(crand.Reader) publicKey := privateKey.PublicKey - // note that the message is on 4 bytes - msg := []byte{0xde, 0xad, 0xf0, 0x0d} + // generate a message (the size must be a multiple of the size of Fr) + var _msg fr.Element + _msg.SetRandom() + msg := _msg.Marshal() // sign the message signature, _ := privateKey.Sign(msg, hFunc) diff --git a/internal/generator/edwards/eddsa/template/eddsa.test.go.tmpl b/internal/generator/edwards/eddsa/template/eddsa.test.go.tmpl index 09a2b32e73..0f0f04effb 100644 --- a/internal/generator/edwards/eddsa/template/eddsa.test.go.tmpl +++ b/internal/generator/edwards/eddsa/template/eddsa.test.go.tmpl @@ -20,8 +20,10 @@ func Example() { privateKey, _ := GenerateKey(crand.Reader) publicKey := privateKey.PublicKey - // note that the message is on 4 bytes - msg := []byte{0xde, 0xad, 0xf0, 0x0d} + // generate a message (the size must be a multiple of the size of Fr) + var _msg fr.Element + _msg.SetRandom() + msg := _msg.Marshal() // sign the message signature, _ := privateKey.Sign(msg, hFunc)