From 73260ab65ae1cb20988bc46364c06c8ccfffb518 Mon Sep 17 00:00:00 2001 From: Colin Roberts Date: Wed, 13 Nov 2024 10:15:17 -0700 Subject: [PATCH] fix: aes-gctr-nivc (#43) * fix: broken input length * bump: package version * fix: `HttpNIVC` equal checks * move final extract value to be multiple of 16 --------- Co-authored-by: lonerapier --- builds/target_512b/json_extract_value_512b.circom | 2 +- circuits/aes-gcm/nivc/aes-gctr-nivc.circom | 8 +++++++- circuits/http/nivc/http_nivc.circom | 12 +++++++++--- package.json | 2 +- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/builds/target_512b/json_extract_value_512b.circom b/builds/target_512b/json_extract_value_512b.circom index 600cc0a..e7ad1f8 100644 --- a/builds/target_512b/json_extract_value_512b.circom +++ b/builds/target_512b/json_extract_value_512b.circom @@ -2,4 +2,4 @@ pragma circom 2.1.9; include "../../circuits/json/nivc/extractor.circom"; -component main { public [step_in] } = MaskExtractFinal(512, 50); \ No newline at end of file +component main { public [step_in] } = MaskExtractFinal(512, 48); \ No newline at end of file diff --git a/circuits/aes-gcm/nivc/aes-gctr-nivc.circom b/circuits/aes-gcm/nivc/aes-gctr-nivc.circom index 75920ab..0088873 100644 --- a/circuits/aes-gcm/nivc/aes-gctr-nivc.circom +++ b/circuits/aes-gcm/nivc/aes-gctr-nivc.circom @@ -24,7 +24,13 @@ template AESGCTRFOLD() { aes.plainText <== plainText; aes.lastCounter <== ctr; - aes.cipherText === cipherText; + signal ciphertext_equal_check[16]; + for(var i = 0 ; i < 16 ; i++) { + ciphertext_equal_check[i] <== IsEqual()([aes.cipherText[i], cipherText[i]]); + ciphertext_equal_check[i] === 1; + } + + var packedPlaintext = 0; for(var i = 0 ; i < 16 ; i++) { packedPlaintext += plainText[i] * 2**(8*i); diff --git a/circuits/http/nivc/http_nivc.circom b/circuits/http/nivc/http_nivc.circom index b7d652e..8187c1b 100644 --- a/circuits/http/nivc/http_nivc.circom +++ b/circuits/http/nivc/http_nivc.circom @@ -47,7 +47,8 @@ template HttpNIVC(DATA_BYTES, MAX_NUMBER_OF_HEADERS) { start_line[i] <== data[i] * (1 - not_start_line_mask[i]); } signal inner_start_line_hash <== DataHasher(DATA_BYTES)(start_line); - inner_start_line_hash === start_line_hash; + signal start_line_hash_equal_check <== IsEqual()([inner_start_line_hash, start_line_hash]); + start_line_hash_equal_check === 1; // Get the header shit signal header[MAX_NUMBER_OF_HEADERS][DATA_BYTES]; @@ -60,10 +61,12 @@ template HttpNIVC(DATA_BYTES, MAX_NUMBER_OF_HEADERS) { } signal inner_header_hashes[MAX_NUMBER_OF_HEADERS]; signal header_is_unused[MAX_NUMBER_OF_HEADERS]; // If a header hash is passed in as 0, it is not used (no way to compute preimage of 0) + signal header_hashes_equal_check[MAX_NUMBER_OF_HEADERS]; for(var i = 0 ; i < MAX_NUMBER_OF_HEADERS ; i++) { header_is_unused[i] <== IsZero()(header_hashes[i]); inner_header_hashes[i] <== DataHasher(DATA_BYTES)(header[i]); - (1 - header_is_unused[i]) * inner_header_hashes[i] === header_hashes[i]; + header_hashes_equal_check[i] <== IsEqual()([(1 - header_is_unused[i]) * inner_header_hashes[i], header_hashes[i]]); + header_hashes_equal_check[i] === 1; } // Get the body shit @@ -72,6 +75,9 @@ template HttpNIVC(DATA_BYTES, MAX_NUMBER_OF_HEADERS) { body[i] <== data[i] * State[i].parsing_body; } signal inner_body_hash <== DataHasher(DATA_BYTES)(body); - inner_body_hash === body_hash; + signal body_hash_equal_check <== IsEqual()([inner_body_hash, body_hash]); + body_hash_equal_check === 1; + + step_out[0] <== inner_body_hash; } diff --git a/package.json b/package.json index 67c33e4..8207423 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "web-prover-circuits", "description": "ZK Circuits for WebProofs", - "version": "0.5.1", + "version": "0.5.2", "license": "Apache-2.0", "repository": { "type": "git",