diff --git a/zokrates_core_test/tests/tests/arrays/fun_spread.zok b/zokrates_core_test/tests/tests/arrays/fun_spread.zok index 7a2ccd905..861c05368 100644 --- a/zokrates_core_test/tests/tests/arrays/fun_spread.zok +++ b/zokrates_core_test/tests/tests/arrays/fun_spread.zok @@ -1,6 +1,6 @@ import "utils/pack/bool/nonStrictUnpack256.zok" as unpack256; def main(field[2] inputs) -> bool[512] { - bool[512] preimage512 = [...unpack256(inputs[0]), ...unpack256(inputs[1])]; + bool[512] preimage512 = [...unpack256(inputs[0], 254), ...unpack256(inputs[1], 254)]; return preimage512; } \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/ecc/babyjubjub.zok b/zokrates_stdlib/stdlib/ecc/babyjubjub.zok new file mode 100644 index 000000000..2df5ec0f8 --- /dev/null +++ b/zokrates_stdlib/stdlib/ecc/babyjubjub.zok @@ -0,0 +1,46 @@ +#pragma curve bn128 + +import "./proofOfOwnership" as edwardsProofOfOwnership; +import "./verifyEddsa" as edwardsSignature; +import "utils/pack/bool/nonStrictUnpack256" as unpack256; + + +// The `a` coefficient of the twisted Edwards curve +const field EDWARDS_A = 168700; + +// The `d` coefficient of the twisted Edwards curve +const field EDWARDS_D = 168696; + +// The generator point +const field[2] G = [ + 16540640123574156134436876038791482806971768689494387082833631921987005038935, // Gx + 20819045374670962167435360035096875258406992893633759881276124905556507972311 // Gy +]; + +const u32 bit_size = 254; + + +def proofOfOwnership(field[2] pk, field sk) -> bool { + + return edwardsProofOfOwnership(pk, sk, G, EDWARDS_A, EDWARDS_D, bit_size); +} + + +def verifyEddsa(field[2] R, field S, field[2] A, u32[8] M0, u32[8] M1) -> bool { + + return edwardsSignature(R, S, A, M0, M1, G, EDWARDS_A, EDWARDS_D, bit_size); +} + + +def compress(field[2] pt) -> bool[256] { + field x = pt[0]; + field y = pt[1]; + + bool[256] xBits = unpack256(x, 254); + bool[256] mut yBits = unpack256(y, 254); + + bool sign = xBits[255]; + yBits[0] = sign; + + return yBits; +} \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/ecc/babyjubjub/compress.zok b/zokrates_stdlib/stdlib/ecc/babyjubjub/compress.zok deleted file mode 100644 index 4351b36ac..000000000 --- a/zokrates_stdlib/stdlib/ecc/babyjubjub/compress.zok +++ /dev/null @@ -1,20 +0,0 @@ -import "utils/pack/bool/nonStrictUnpack256" as unpack256; - -// Compress curve point to a 256-bit boolean array using the big-endian bit order -// Python code reference: -// def compress(self): -// x = self.x.n -// y = self.y.n -// return int.to_bytes(y | ((x & 1) << 255), 32, "big") -def main(field[2] pt) -> bool[256] { - field x = pt[0]; - field y = pt[1]; - - bool[256] xBits = unpack256(x); - bool[256] mut yBits = unpack256(y); - - bool sign = xBits[255]; - yBits[0] = sign; - - return yBits; -} \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/ecc/babyjubjub/params.zok b/zokrates_stdlib/stdlib/ecc/babyjubjub/params.zok deleted file mode 100644 index 6dd695dd1..000000000 --- a/zokrates_stdlib/stdlib/ecc/babyjubjub/params.zok +++ /dev/null @@ -1,13 +0,0 @@ -#pragma curve bn128 - -// The `a` coefficient of the twisted Edwards curve -const field EDWARDS_A = 168700; - -// The `d` coefficient of the twisted Edwards curve -const field EDWARDS_D = 168696; - -// The generator point -const field[2] G = [ - 16540640123574156134436876038791482806971768689494387082833631921987005038935, // Gx - 20819045374670962167435360035096875258406992893633759881276124905556507972311 // Gy -]; \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/ecc/jubjub/params.zok b/zokrates_stdlib/stdlib/ecc/jubjub.zok similarity index 53% rename from zokrates_stdlib/stdlib/ecc/jubjub/params.zok rename to zokrates_stdlib/stdlib/ecc/jubjub.zok index c4273750f..89eb6e9a0 100644 --- a/zokrates_stdlib/stdlib/ecc/jubjub/params.zok +++ b/zokrates_stdlib/stdlib/ecc/jubjub.zok @@ -1,5 +1,9 @@ #pragma curve bls12_381 +import "./proofOfOwnership" as edwardsProofOfOwnership; +import "./verifyEddsa" as edwardsSignature; + + // The `a` coefficient of the twisted Edwards curve const field EDWARDS_A = -1; @@ -10,4 +14,18 @@ const field EDWARDS_D = 19257038036680949359750312669786877991949435402254120286 const field[2] G = [ 11076627216317271660298050606127911965867021807910416450833192264015104452986, // Gx 44412834903739585386157632289020980010620626017712148233229312325549216099227 // Gy -]; \ No newline at end of file +]; + +const u32 bit_size = 255; + + +def proofOfOwnership(field[2] pk, field sk) -> bool { + + return edwardsProofOfOwnership(pk, sk, G, EDWARDS_A, EDWARDS_D, bit_size); +} + + +def verifyEddsa(field[2] R, field S, field[2] A, u32[8] M0, u32[8] M1) -> bool { + + return edwardsSignature(R, S, A, M0, M1, G, EDWARDS_A, EDWARDS_D, bit_size); +} \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/ecc/babyjubjub/proofOfOwnership.zok b/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok similarity index 80% rename from zokrates_stdlib/stdlib/ecc/babyjubjub/proofOfOwnership.zok rename to zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok index 53f09125c..7642737e2 100644 --- a/zokrates_stdlib/stdlib/ecc/babyjubjub/proofOfOwnership.zok +++ b/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok @@ -1,5 +1,4 @@ import "utils/pack/bool/nonStrictUnpack256" as unpack256; -from "./params" import EDWARDS_A, EDWARDS_D, G; from "ecc/edwards" import scalarMul; /// Verifies match of a given public/private keypair. @@ -14,8 +13,8 @@ from "ecc/edwards" import scalarMul; /// sk: Private key /// /// Returns true for pk/sk being a valid keypair, false otherwise. -def main(field[2] pk, field sk) -> bool { - bool[256] sk_bits = unpack256(sk); +def main(field[2] pk, field sk, field[2] G, field EDWARDS_A, field EDWARDS_D, u32 bit_size) -> bool { + bool[256] sk_bits = unpack256(sk, bit_size); field[2] res = scalarMul(sk_bits, G, EDWARDS_A, EDWARDS_D); return (res[0] == pk[0] && res[1] == pk[1]); } \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/ecc/babyjubjub/verifyEddsa.zok b/zokrates_stdlib/stdlib/ecc/verifyEddsa.zok similarity index 85% rename from zokrates_stdlib/stdlib/ecc/babyjubjub/verifyEddsa.zok rename to zokrates_stdlib/stdlib/ecc/verifyEddsa.zok index bb8e5c785..51103e745 100644 --- a/zokrates_stdlib/stdlib/ecc/babyjubjub/verifyEddsa.zok +++ b/zokrates_stdlib/stdlib/ecc/verifyEddsa.zok @@ -3,7 +3,6 @@ import "utils/pack/bool/nonStrictUnpack256" as unpack256bool; import "utils/pack/u32/nonStrictUnpack256" as unpack256u; from "utils/casts" import cast; from "ecc/edwards" import add, scalarMul, onCurve, orderCheck; -from "./params" import EDWARDS_A, EDWARDS_D, G; /// Verifies an EdDSA Signature. /// @@ -25,18 +24,18 @@ from "./params" import EDWARDS_A, EDWARDS_D, G; /// /// Returns: /// Return true for S being a valid EdDSA Signature, false otherwise. -def main(field[2] R, field S, field[2] A, u32[8] M0, u32[8] M1) -> bool { +def main(field[2] R, field S, field[2] A, u32[8] M0, u32[8] M1, field[2] G, field EDWARDS_A, field EDWARDS_D, u32 bit_size) -> bool { // Check if R is on curve and if it is not in a small subgroup. A is public input and can be checked offline assert(onCurve(R, EDWARDS_A, EDWARDS_D)); // throws if R is not on curve assert(orderCheck(R, EDWARDS_A, EDWARDS_D)); - u32[8] Rx = unpack256u(R[0]); - u32[8] Ax = unpack256u(A[0]); + u32[8] Rx = unpack256u(R[0], bit_size); + u32[8] Ax = unpack256u(A[0], bit_size); u32[8] h = sha256(Rx, Ax, M0, M1); bool[256] hRAM = cast(h); - bool[256] sBits = unpack256bool(S); + bool[256] sBits = unpack256bool(S, bit_size); field[2] lhs = scalarMul(sBits, G, EDWARDS_A, EDWARDS_D); field[2] AhRAM = scalarMul(hRAM, A, EDWARDS_A, EDWARDS_D); diff --git a/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok b/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok index aa9a62afb..0e1786a0b 100644 --- a/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok +++ b/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok @@ -1,8 +1,7 @@ import "utils/multiplexer/lookup3bitSigned" as sel3s; import "utils/multiplexer/lookup2bit" as sel2; -import "ecc/babyjubjub/compress"; from "ecc/edwards" import add; -from "ecc/babyjubjub/params" import EDWARDS_A, EDWARDS_D; +from "ecc/babyjubjub" import EDWARDS_A, EDWARDS_D, compress; // Code to export generators used in this example: // import bitstring diff --git a/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok b/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok index c0f0b81c7..070a865a9 100644 --- a/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok +++ b/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok @@ -1,11 +1,11 @@ -#pragma curve bn128 - import "./unpack_unchecked"; // Unpack a field element as 256 big-endian bits // Note: uniqueness of the output is not guaranteed // For example, `0` can map to `[0, 0, ..., 0]` or to `bits(p)` -def main(field i) -> bool[256] { - bool[254] b = unpack_unchecked(i); - return [false, false, ...b]; +def main(field i, u32 bit_size) -> bool[256] { + assert(bit_size <= 256); + u32 padding_size = 256 - bit_size; + bool[bit_size] b = unpack_unchecked(i); + return [...[false; padding_size], ...b]; } \ No newline at end of file diff --git a/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok b/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok index c84ff0c29..c85e4f3e5 100644 --- a/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok +++ b/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok @@ -1,4 +1,3 @@ -#pragma curve bn128 import "./pack" as pack; diff --git a/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok b/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok index 37311a5cf..3a3a70039 100644 --- a/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok +++ b/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok @@ -1,11 +1,9 @@ -#pragma curve bn128 - import "../bool/nonStrictUnpack256" as unpack; import "../../casts/bool_256_to_u32_8" as from_bits; // Unpack a field element as a u32[8] (big-endian) // Note: uniqueness of the output is not guaranteed // For example, `0` can map to `[0, 0, ..., 0]` or to `bits(p)` -def main(field i) -> u32[8] { - return from_bits(unpack(i)); +def main(field i, u32 bit_size) -> u32[8] { + return from_bits(unpack(i, bit_size)); } \ No newline at end of file diff --git a/zokrates_stdlib/tests/tests/ecc/babyjubjub/compress.zok b/zokrates_stdlib/tests/tests/ecc/babyjubjub/compress.zok index b74505d43..2f174fe4c 100644 --- a/zokrates_stdlib/tests/tests/ecc/babyjubjub/compress.zok +++ b/zokrates_stdlib/tests/tests/ecc/babyjubjub/compress.zok @@ -1,5 +1,4 @@ -import "ecc/babyjubjub/compress"; -from "ecc/babyjubjub/params" import G; +from "ecc/babyjubjub" import G, compress; // Code to create test cases: // https://github.com/Zokrates/pycrypto diff --git a/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsAdd.zok b/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsAdd.zok index d38391e2b..802c63873 100644 --- a/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsAdd.zok +++ b/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsAdd.zok @@ -1,5 +1,5 @@ from "ecc/edwards" import add, negate; -from "ecc/babyjubjub/params" import G, EDWARDS_A, EDWARDS_D; +from "ecc/babyjubjub" import G, EDWARDS_A, EDWARDS_D; // Code to create test cases: // https://github.com/Zokrates/pycrypto diff --git a/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsOnCurve.zok b/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsOnCurve.zok index 45b14bf8a..6be0b79d7 100644 --- a/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsOnCurve.zok +++ b/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsOnCurve.zok @@ -1,5 +1,5 @@ from "ecc/edwards" import onCurve; -from "ecc/babyjubjub/params" import EDWARDS_A, EDWARDS_D; +from "ecc/babyjubjub" import EDWARDS_A, EDWARDS_D; // Code to create test cases: // https://github.com/Zokrates/pycrypto diff --git a/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsOrderCheck.zok b/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsOrderCheck.zok index 6d44f2db2..bf16f0bf8 100644 --- a/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsOrderCheck.zok +++ b/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsOrderCheck.zok @@ -1,5 +1,5 @@ from "ecc/edwards" import orderCheck; -from "ecc/babyjubjub/params" import EDWARDS_A, EDWARDS_D; +from "ecc/babyjubjub" import EDWARDS_A, EDWARDS_D; // Code to create test cases: // https://github.com/Zokrates/pycrypto diff --git a/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsScalarMult.zok b/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsScalarMult.zok index bcf1efdbb..960acddfe 100644 --- a/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsScalarMult.zok +++ b/zokrates_stdlib/tests/tests/ecc/babyjubjub/edwardsScalarMult.zok @@ -1,5 +1,5 @@ from "ecc/edwards" import scalarMul as mul; -from "ecc/babyjubjub/params" import G, EDWARDS_A, EDWARDS_D; +from "ecc/babyjubjub" import G, EDWARDS_A, EDWARDS_D; // Code to create test cases: // https://github.com/Zokrates/pycrypto diff --git a/zokrates_stdlib/tests/tests/ecc/babyjubjub/proofOfOwnership.zok b/zokrates_stdlib/tests/tests/ecc/babyjubjub/proofOfOwnership.zok index 98c387bff..bacbdae21 100644 --- a/zokrates_stdlib/tests/tests/ecc/babyjubjub/proofOfOwnership.zok +++ b/zokrates_stdlib/tests/tests/ecc/babyjubjub/proofOfOwnership.zok @@ -1,5 +1,5 @@ -import "ecc/babyjubjub/proofOfOwnership" as proofOfOwnership; -from "ecc/edwards" import scalarMul; +from "ecc/babyjubjub" import proofOfOwnership; + // Code to create test cases: // https://github.com/Zokrates/pycrypto diff --git a/zokrates_stdlib/tests/tests/ecc/babyjubjub/verifyEddsa.zok b/zokrates_stdlib/tests/tests/ecc/babyjubjub/verifyEddsa.zok index e813aa133..ff86dc696 100644 --- a/zokrates_stdlib/tests/tests/ecc/babyjubjub/verifyEddsa.zok +++ b/zokrates_stdlib/tests/tests/ecc/babyjubjub/verifyEddsa.zok @@ -1,4 +1,4 @@ -import "ecc/babyjubjub/verifyEddsa" as verifyEddsa; +from "ecc/babyjubjub" import verifyEddsa; // Code to create test case: // https://github.com/Zokrates/pycrypto diff --git a/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsAdd.zok b/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsAdd.zok index 2d72da6dd..4306cfb55 100644 --- a/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsAdd.zok +++ b/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsAdd.zok @@ -1,5 +1,5 @@ from "ecc/edwards" import add, negate; -from "ecc/jubjub/params" import G, EDWARDS_A, EDWARDS_D; +from "ecc/jubjub" import G, EDWARDS_A, EDWARDS_D; def testDoubleViaAdd() -> bool { field[2] out = add(G, G, EDWARDS_A, EDWARDS_D); diff --git a/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsOnCurve.zok b/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsOnCurve.zok index 68e0b0be6..dda5bd262 100644 --- a/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsOnCurve.zok +++ b/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsOnCurve.zok @@ -1,5 +1,5 @@ from "ecc/edwards" import onCurve; -from "ecc/jubjub/params" import EDWARDS_A, EDWARDS_D; +from "ecc/jubjub" import EDWARDS_A, EDWARDS_D; def main() { field u = 11076627216317271660298050606127911965867021807910416450833192264015104452986; diff --git a/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsOrderCheck.zok b/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsOrderCheck.zok index 93332d861..e6c10e323 100644 --- a/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsOrderCheck.zok +++ b/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsOrderCheck.zok @@ -1,5 +1,5 @@ from "ecc/edwards" import orderCheck; -from "ecc/jubjub/params" import EDWARDS_A, EDWARDS_D; +from "ecc/jubjub" import EDWARDS_A, EDWARDS_D; def testOrderCheckTrue() -> bool { field u = 11076627216317271660298050606127911965867021807910416450833192264015104452986; diff --git a/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsScalarMult.zok b/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsScalarMult.zok index 348b0b977..64590c424 100644 --- a/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsScalarMult.zok +++ b/zokrates_stdlib/tests/tests/ecc/jubjub/edwardsScalarMult.zok @@ -1,5 +1,5 @@ from "ecc/edwards" import scalarMul as mul; -from "ecc/jubjub/params" import G, EDWARDS_A, EDWARDS_D; +from "ecc/jubjub" import G, EDWARDS_A, EDWARDS_D; /* def testCyclic() -> bool { diff --git a/zokrates_stdlib/tests/tests/ecc/jubjub/proofOfOwnership.json b/zokrates_stdlib/tests/tests/ecc/jubjub/proofOfOwnership.json new file mode 100644 index 000000000..f702e1da9 --- /dev/null +++ b/zokrates_stdlib/tests/tests/ecc/jubjub/proofOfOwnership.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/jubjub/proofOfOwnership.zok", + "curves": ["Bls12_381"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/zokrates_stdlib/tests/tests/ecc/jubjub/proofOfOwnership.zok b/zokrates_stdlib/tests/tests/ecc/jubjub/proofOfOwnership.zok new file mode 100644 index 000000000..ea6b20e6a --- /dev/null +++ b/zokrates_stdlib/tests/tests/ecc/jubjub/proofOfOwnership.zok @@ -0,0 +1,29 @@ +from "ecc/jubjub" import proofOfOwnership; + + +// Code to create test cases: +// https://github.com/Zokrates/pycrypto +def testOwnershipTrue() -> bool { + field[2] pk = [14197449566532409051373899088449039913101429151158365207762164998470111126084, 39815292783067036895376009933490224522172606808755118734518018525613835149403]; + field sk = 24537266074035586913841246471742714563414767347802800698790739697702568093815; + + bool out = proofOfOwnership(pk, sk); + + assert(out); + return true; +} + +def testOwnershipFalse() -> bool { + field[2] pk = [14197449566532409051373899088449039913101429151158365207762164998470111126084, 39815292783067036895376009933490224522172606808755118734518018525613835149403]; + field sk = 47423927973606838312622698773159954626747140530476271492884670927146733875544; + + bool out = proofOfOwnership(pk, sk); + + assert(!out); + return true; +} + +def main() { + assert(testOwnershipTrue()); + assert(testOwnershipFalse()); +} \ No newline at end of file diff --git a/zokrates_stdlib/tests/tests/ecc/jubjub/verifyEddsa.json b/zokrates_stdlib/tests/tests/ecc/jubjub/verifyEddsa.json new file mode 100644 index 000000000..98b1e734d --- /dev/null +++ b/zokrates_stdlib/tests/tests/ecc/jubjub/verifyEddsa.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/jubjub/verifyEddsa.zok", + "curves": ["Bls12_381"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/zokrates_stdlib/tests/tests/ecc/jubjub/verifyEddsa.zok b/zokrates_stdlib/tests/tests/ecc/jubjub/verifyEddsa.zok new file mode 100644 index 000000000..ce07cdc51 --- /dev/null +++ b/zokrates_stdlib/tests/tests/ecc/jubjub/verifyEddsa.zok @@ -0,0 +1,21 @@ +from "ecc/jubjub" import verifyEddsa; + + +// Code to create test case: +// https://github.com/Zokrates/pycrypto +def main() { + + // TODO: Jubjub currently work only for keys <=254 bit long + // With the following keys should also work: + field[2] R = [32866767109220564315580607107081162920517672350707254238793964527466586251974, 31852087390335520207922973662676180854641055992940928475111512263314053365736]; + field S = 43627586196239283173178511316555190744314536456808505435494185841008559853678; + + // Public Key + field[2] A = [26479653887939839327536384197110148123933856719900448942651733342668343953867, 21757919891968253927635241665494706427345455214116275076018069565740804326091]; + + u32[8] M0 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]; + u32[8] M1 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]; + + bool isVerified = verifyEddsa(R, S, A, M0, M1); + assert(isVerified); +} \ No newline at end of file diff --git a/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json b/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json index dc6f88bd7..e7c734581 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json +++ b/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json @@ -1,6 +1,6 @@ { "entry_point": "./tests/tests/utils/pack/bool/nonStrictUnpack256.zok", - "curves": ["Bn128"], + "curves": ["Bls12_381"], "tests": [ { "input": { diff --git a/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok b/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok index 9cd9694ad..8e8746b26 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok +++ b/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok @@ -1,26 +1,44 @@ import "utils/pack/bool/nonStrictUnpack256" as unpack256; def testFive() -> bool { - bool[256] b = unpack256(5); + bool[256] b = unpack256(5, 254); assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]); + + bool[256] b = unpack256(5, 255); + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]); + return true; } def testZero() -> bool { - bool[256] b = unpack256(0); + bool[256] b = unpack256(0, 254); + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]); + + bool[256] b = unpack256(0, 255); assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]); + return true; } def testLarge() -> bool { - bool[256] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991); + bool[256] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991, 254); assert(b == [false, false, false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true]); + + bool[256] b = unpack256(28948022309329048855892746252171976963317496166410141009864396001978282409983, 255); + assert(b == [false, false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true]); + return true; } def testMax() -> bool { - bool[256] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616); + // bn128 + bool[256] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616, 254); assert(b == [false, false, true, true, false, false, false, false, false, true, true, false, false, true, false, false, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, true, false, false, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, false, false, true, true, false, true, true, true, false, false, false, false, true, false, true, false, false, false, false, false, true, false, false, false, true, false, true, true, false, true, true, false, true, true, false, true, false, false, false, false, false, false, true, true, false, false, false, false, false, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, false, true, false, false, true, false, true, false, false, false, false, false, true, true, false, false, true, true, true, true, true, false, true, false, false, false, false, true, false, false, true, false, false, false, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, false, false, false, true, false, true, false, false, false, false, true, true, true, true, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, false, true, false, false, true, true, true, true, true, true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]); + + // bls12_381 + bool[256] b = unpack256(52435875175126190479447740508185965837690552500527637822603658699938581184512, 255); + assert(b == [false, true, true, true, false, false, true, true, true, true, true, false, true, true, false, true, true, false, true, false, false, true, true, true, false, true, false, true, false, false, true, true, false, false, true, false, true, false, false, true, true, false, false, true, true, true, false, true, false, true, true, true, true, true, false, true, false, true, false, false, true, false, false, false, false, false, true, true, false, false, true, true, false, false, true, true, true, false, false, true, true, true, false, true, true, false, false, false, false, false, false, false, true, false, false, false, false, false, false, false, true, false, false, true, true, false, true, false, false, false, false, true, true, true, false, true, true, false, false, false, false, false, false, false, false, true, false, true, false, true, false, true, false, false, true, true, true, false, true, true, true, true, false, true, true, false, true, false, false, true, false, false, false, false, false, false, false, false, true, false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, false, false, true, false, true, true, false, true, true, true, true, true, true, true, true, true, false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]); + return true; } diff --git a/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json b/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json index 00815fc75..5a8dc41e3 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json +++ b/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json @@ -1,6 +1,6 @@ { "entry_point": "./tests/tests/utils/pack/u32/nonStrictUnpack256.zok", - "curves": ["Bn128"], + "curves": ["Bls12_381"], "tests": [ { "input": { diff --git a/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok b/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok index 4a865fb6e..67be9afda 100644 --- a/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok +++ b/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok @@ -1,26 +1,41 @@ import "utils/pack/u32/nonStrictUnpack256" as unpack256; def testFive() -> bool { - u32[8] b = unpack256(5); + u32[8] b = unpack256(5, 254); assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]); + + u32[8] b = unpack256(5, 255); + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]); + return true; } def testZero() -> bool { - u32[8] b = unpack256(0); + u32[8] b = unpack256(0, 254); + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]); + + u32[8] b = unpack256(0, 255); assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]); return true; } def testLarge() -> bool { - u32[8] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991); + u32[8] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991, 254); assert(b == [0x1fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]); + + u32[8] b = unpack256(28948022309329048855892746252171976963317496166410141009864396001978282409983, 255); + assert(b == [0x3fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]); return true; } def testMax() -> bool { - u32[8] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616); + // bn128 + u32[8] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616, 254); assert(b == [0x30644e72, 0xe131a029, 0xb85045b6, 0x8181585d, 0x2833e848, 0x79b97091, 0x43e1f593, 0xf0000000]); + + // bls12_381 + u32[8] b = unpack256(52435875175126190479447740508185965837690552500527637822603658699938581184512, 255); + assert(b == [0x73eda753, 0x299d7d48, 0x3339d808, 0x09a1d805, 0x53bda402, 0xfffe5bfe, 0xffffffff, 0x00000000]); return true; } diff --git a/zokrates_test/tests/out_of_range.rs b/zokrates_test/tests/out_of_range.rs index ea2800252..730485ae7 100644 --- a/zokrates_test/tests/out_of_range.rs +++ b/zokrates_test/tests/out_of_range.rs @@ -133,7 +133,7 @@ fn unpack256_unchecked() { import "utils/pack/bool/nonStrictUnpack256"; def main(private field a) { - bool[256] bits = nonStrictUnpack256(a); + bool[256] bits = nonStrictUnpack256(a, 254); assert(bits[255]); return; }