diff --git a/include/nil/crypto3/zk/components/hashes/sha256/plonk/sha512.hpp b/include/nil/crypto3/zk/components/hashes/sha256/plonk/sha512.hpp index 9487d0fd1b..1e37dea3ad 100644 --- a/include/nil/crypto3/zk/components/hashes/sha256/plonk/sha512.hpp +++ b/include/nil/crypto3/zk/components/hashes/sha256/plonk/sha512.hpp @@ -33,7 +33,7 @@ #include #include #include -#include +//#include namespace nil { namespace crypto3 { @@ -54,90 +54,164 @@ namespace nil { using var = snark::plonk_variable; - using sha512_process_component = - sha512_process; - using decomposition_component = - decomposition; + using sha512_process_component = + sha512_process; + // using decomposition_component = + // decomposition; - public: + public: +// constexpr static const std::size_t rows_RAM_and_input_words = 16; +// constexpr static const std::size_t rows_amount = - sha512_process_component::rows_amount * 2 + decomposition_component::rows_amount * 2 + 1; + 2 + 3 + sha512_process_component::rows_amount * 2 + 2; - struct params_type { - std::array block_data; + struct var_ec_point { + std::array x; + std::array y; }; - struct allocated_data_type { - allocated_data_type() { - previously_allocated = false; - } - - // TODO access modifiers - bool previously_allocated; + struct params_type { + var_ec_point R; + var_ec_point A; + std::array M; }; struct result_type { - std::array output = {var(0, 0, false), var(0, 0, false)}; + std::array output_state; - result_type(std::size_t component_start_row) { - std::array output = {var(W0, component_start_row + rows_amount - 1, false), - var(W1, component_start_row + rows_amount - 1, false)}; + result_type(const std::size_t &start_row_index) { + output_state = {var(W0, start_row_index + rows_amount - 3, false), + var(W1, start_row_index + rows_amount - 3, false), + var(W2, start_row_index + rows_amount - 3, false), + var(W3, start_row_index + rows_amount - 3, false), + var(W0, start_row_index + rows_amount - 1, false), + var(W1, start_row_index + rows_amount - 1, false), + var(W2, start_row_index + rows_amount - 1, false), + var(W3, start_row_index + rows_amount - 1, false)}; } }; - - static std::size_t allocate_rows(blueprint &bp) { - return bp.allocate_rows(rows_amount); - } - static result_type generate_circuit(blueprint &bp, - blueprint_assignment_table &assignment, - const params_type ¶ms, - allocated_data_type &allocated_data, - std::size_t component_start_row) { + blueprint_public_assignment_table &assignment, + const params_type & params, + const std::size_t start_row_index) { + + generate_gates(bp, assignment, start_row_index); + generate_copy_constraints(bp, assignment, params, start_row_index); + return result_type(start_row_index); - generate_gates(bp, assignment, params, allocated_data, component_start_row); - generate_copy_constraints(bp, assignment, params, component_start_row); - return result_type(component_start_row); } static result_type generate_assignments(blueprint_assignment_table &assignment, const params_type ¶ms, std::size_t component_start_row) { std::size_t row = component_start_row; - std::array input_params_1 = {params.block_data[0], params.block_data[1]}; - typename decomposition_component::params_type decomposition_params = {input_params_1}; - auto sha_block_part_1 = - decomposition_component::generate_assignments(assignment, decomposition_params, row); - row += decomposition_component::rows_amount; - std::array input_params_2 = {params.block_data[2], params.block_data[3]}; - decomposition_params = {input_params_2}; - auto sha_block_part_2 = - decomposition_component::generate_assignments(assignment, decomposition_params, row); - row += decomposition_component::rows_amount; - std::vector input_words(16); - for (int i = 0; i < 8; i++) { - input_words[i] = sha_block_part_1.output_state[i]; - input_words[8 + i] = sha_block_part_2.output_state[i]; + + std::array RAM = { + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.R.x[0]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.R.x[1]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.R.x[2]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.R.x[3]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.R.y[0]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.R.y[1]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.R.y[2]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.R.y[3]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.A.x[0]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.A.x[1]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.A.x[2]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.A.x[3]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.A.y[0]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.A.y[1]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.A.y[2]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.A.y[3]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.M[0]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.M[1]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.M[2]).data), + typename ArithmetizationType::field_type::integral_type(assignment.var_value(params.M[3]).data) + }; + + for (std::size_t i = 0; i < 4; i++) { + assignment.witness(i)[row] = RAM[i]; + assignment.witness(i+4)[row] = RAM[i+4]; + assignment.witness(i)[row+1] = RAM[i+8]; + assignment.witness(i+4)[row+1] = RAM[i+12]; + assignment.witness(i)[row+2] = RAM[i+16]; + } + + std::array input_words_values; + typename ArithmetizationType::field_type::integral_type integral_one = 1; + typename ArithmetizationType::field_type::integral_type mask = ((integral_one<<64) - 1); + input_words_values[0] = (RAM[0]) & mask; + input_words_values[1] = ((RAM[0] >> 64) + (RAM[1] << 2)) & mask; + input_words_values[2] = ((RAM[1] >> 62) + (RAM[2] << 4)) & mask; + input_words_values[3] = ((RAM[2] >> 60) + (RAM[3] << 6) + (RAM[4] << 63)) & mask; + input_words_values[4] = ((RAM[4] >> 1)) & mask; + input_words_values[5] = ((RAM[4] >> 65) + (RAM[5] << 1)) & mask; + input_words_values[6] = ((RAM[5] >> 63) + (RAM[6] << 3)) & mask; + input_words_values[7] = ((RAM[6] >> 61) + (RAM[7] << 5) + (RAM[8] << 62)) & mask; + input_words_values[8] = ((RAM[8] >> 2)) & mask; + input_words_values[9] = ((RAM[9])) & mask; + input_words_values[10] = ((RAM[9] >> 64) + (RAM[10] << 2)) & mask; + input_words_values[11] = ((RAM[10] >> 62) + (RAM[11] << 4) + (RAM[12] << 61)) & mask; + input_words_values[12] = ((RAM[12] >> 3) + (RAM[13] << 63)) & mask; + input_words_values[13] = ((RAM[13] >> 1)) & mask; + input_words_values[14] = ((RAM[13] >> 65) + (RAM[14] << 1)) & mask; + input_words_values[15] = ((RAM[14] >> 63) + (RAM[15] << 3) + (RAM[16] << 60)) & mask; + + row = row + 3; + std::array input_words_vars; + + for (std::size_t i = 0; i < 8; i++) { + assignment.witness(i)[row] = input_words_values[i]; + assignment.witness(i)[row+1] = input_words_values[i+8]; + input_words_vars[i] = var(i, row, false); + input_words_vars[i+8] = var(i, row+1, false); } + + row = row + 2; + std::array constants = { - 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, - 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; + 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1, + 0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179}; for (int i = 0; i < 8; i++) { - assignment.constant(0)[component_start_row + i] = constants[i]; + assignment.constant(0)[component_start_row + i] = constants[i]; } - std::array constants_var = {var(0, row, false, var::column_type::constant), - var(0, row + 1, false, var::column_type::constant), - var(0, row + 2, false, var::column_type::constant), - var(0, row + 3, false, var::column_type::constant), - var(0, row + 4, false, var::column_type::constant), - var(0, row + 5, false, var::column_type::constant), - var(0, row + 6, false, var::column_type::constant), - var(0, row + 7, false, var::column_type::constant)}; - typename sha512_process_component::params_type sha_params = {constants_var, input_words}; - auto sha_output = sha512_process_component::generate_assignments(assignment, sha_params, row); + + std::array constants_var = {var(0, component_start_row, false, var::column_type::constant), + var(0, component_start_row + 1, false, var::column_type::constant), + var(0, component_start_row + 2, false, var::column_type::constant), + var(0, component_start_row + 3, false, var::column_type::constant), + var(0, component_start_row + 4, false, var::column_type::constant), + var(0, component_start_row + 5, false, var::column_type::constant), + var(0, component_start_row + 6, false, var::column_type::constant), + var(0, component_start_row + 7, false, var::column_type::constant)}; + typename sha512_process_component::params_type sha_params = {constants_var, input_words_vars}; + auto sha_output = sha512_process_component::generate_assignments(assignment, sha_params, row).output_state; row += sha512_process_component::rows_amount; - std::array input_words2 = { + input_words_values[0] = ((RAM[16] >> 4) + (RAM[17] << 62)) & mask; + input_words_values[1] = ((RAM[17] >> 2)) & mask; + input_words_values[2] = ((RAM[18])) & mask; + input_words_values[3] = ((RAM[18] >> 64) + (RAM[19] << 2) + (integral_one << 60)) << 3; + + + for (std::size_t i = 4; i < 15; ++i) { + input_words_values[i] = 0; + } + input_words_values[15] = 1024 + 252; + + for (std::size_t i = 0; i < 8; i++) { + assignment.witness(i)[row] = input_words_values[i]; + assignment.witness(i)[row+1] = input_words_values[i+8]; + input_words_vars[i] = var(i, row, false); + input_words_vars[i+8] = var(i, row+1, false); + } + + row = row + 2; + sha_params = {sha_output, input_words_vars}; + + + +/* std::array input_words2 = { 1 << 31, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 << 9}; for (int i = 0; i < 16; i++) { assignment.constant(0)[component_start_row + 8 + i] = input_words2[i]; @@ -159,33 +233,25 @@ namespace nil { var(0, row + 22, false, var::column_type::constant), var(0, row + 23, false, var::column_type::constant)}; typename sha512_process_component::params_type sha_params2 = {sha_output.output_state, - input_words2_var}; - sha512_process_component::generate_assignments(assignment, sha_params2, row); + input_words2_var}; */ + + sha512_process_component::generate_assignments(assignment, sha_params, row); return result_type(component_start_row); } private: static void generate_gates(blueprint &bp, - blueprint_assignment_table &assignment, - const params_type ¶ms, - allocated_data_type &allocated_data, + blueprint_public_assignment_table &assignment, std::size_t component_start_row) { std::size_t row = component_start_row; - decomposition_component::generate_gates(bp, assignment, allocated_data, row); - decomposition_component::generate_gates(bp, assignment, allocated_data, row); - sha512_process_component::generate_gates(bp, assignment, allocated_data, row); - sha512_process_component::generate_gates(bp, assignment, allocated_data, row); + } static void generate_copy_constraints(blueprint &bp, - blueprint_assignment_table &assignment, + blueprint_public_assignment_table &assignment, const params_type ¶ms, - std::size_t component_start_row) { + const std::size_t &component_start_row) { std::size_t j = component_start_row; - decomposition_component::generate_copy_constraints(bp, assignment, j); - decomposition_component::generate_copy_constraints(bp, assignment, j); - sha512_process_component::generate_copy_constraints(bp, assignment, j); - sha512_process_component::generate_copy_constraints(bp, assignment, j); } }; diff --git a/include/nil/crypto3/zk/components/hashes/sha256/plonk/sha512_process.hpp b/include/nil/crypto3/zk/components/hashes/sha256/plonk/sha512_process.hpp index b24727692c..28646f85e1 100644 --- a/include/nil/crypto3/zk/components/hashes/sha256/plonk/sha512_process.hpp +++ b/include/nil/crypto3/zk/components/hashes/sha256/plonk/sha512_process.hpp @@ -250,7 +250,7 @@ namespace nil { assignment.witness(W6)[i + 2] = sigma0_chunks[0][4]; assignment.witness(W7)[i + 2] = message_scheduling_words[(i - row) / 6 + 9]; assignment.witness(W8)[i + 2] = message_scheduling_words[(i - row) / 6]; - + typename CurveType::base_field_type::integral_type integral_b = typename CurveType::base_field_type::integral_type( message_scheduling_words[(i - row) / 6 + 14].data); @@ -310,7 +310,7 @@ namespace nil { typename CurveType::base_field_type::integral_type(typename CurveType::base_field_type::value_type(2).pow(64).data); assignment.witness(W5)[i + 3] = message_scheduling_words[(i - row) / 6 + 16]; assignment.witness(W6)[i + 3] = (sum - message_scheduling_words[(i - row) / 6 + 16]) / - typename CurveType::base_field_type::integral_type(typename CurveType::base_field_type::value_type(2).pow(64).data); + typename CurveType::base_field_type::integral_type(typename CurveType::base_field_type::value_type(2).pow(64).data); } row = row + 384; for (std::size_t i = row; i < row + 720; i = i + 9) { @@ -364,9 +364,9 @@ namespace nil { assignment.witness(W4)[i + 2] = Sigma1_chunks[0][4]; typename CurveType::base_field_type::integral_type Sigma1 = Sigma1_chunks[0][0] + Sigma1_chunks[0][1] * (1 << (sigma_sizes[0])) + - Sigma1_chunks[0][2] * (1 << (sigma_sizes[0] + sigma_sizes[1])) + - Sigma1_chunks[0][3] * (1 << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2])) + - Sigma1_chunks[0][4] * (1 << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2] + sigma_sizes[3])); + Sigma1_chunks[0][2] * (one << (sigma_sizes[0] + sigma_sizes[1])) + + Sigma1_chunks[0][3] * (one << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2])) + + Sigma1_chunks[0][4] * (one << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2] + sigma_sizes[3])); sparse_values[4] = typename CurveType::base_field_type::integral_type((e_chunks[1][0] + @@ -460,9 +460,9 @@ namespace nil { typename CurveType::base_field_type::integral_type Sigma0 = Sigma0_chunks[0][0] + Sigma0_chunks[0][1] * (1 << sigma_sizes[0]) + - Sigma0_chunks[0][2] * (1 << (sigma_sizes[0] + sigma_sizes[1])) + - Sigma0_chunks[0][3] * (1 << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2])) + - Sigma0_chunks[0][4] * (1 << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2] + sigma_sizes[3])); + Sigma0_chunks[0][2] * (one << (sigma_sizes[0] + sigma_sizes[1])) + + Sigma0_chunks[0][3] * (one << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2])) + + Sigma0_chunks[0][4] * (one << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2] + sigma_sizes[3])); sparse_values[0] = typename CurveType::base_field_type::integral_type((a_chunks[1][0] + a_chunks[1][1] * base4_value.pow(a_sizes[0]) + a_chunks[1][2] * base4_value.pow(a_sizes[0] + a_sizes[1]) + @@ -695,9 +695,9 @@ namespace nil { var(W1, +1) - (var(W8, 0) + var(W0, +1) + var(W0, -1) + var(W1, -1) * (1 << (sigma_sizes[0])) + - var(W2, -1) * (1 << (sigma_sizes[0] + sigma_sizes[1])) + - var(W3, -1) * (1 << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2])) + - var(W4, -1) * (1 << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2] + sigma_sizes[3])) + + var(W2, -1) * (one << (sigma_sizes[0] + sigma_sizes[1])) + + var(W3, -1) * (one << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2])) + + var(W4, -1) * (one << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2] + sigma_sizes[3])) + var(W2, 0) + var(W3, 0) * (1 << 16) + var(W4, 0) * (one << 32) + var(W5, 0) * (one << 48) + var(W0, 0, true, var::column_type::constant))); @@ -713,9 +713,9 @@ namespace nil { var(W7, 0) + m*var(W8, 0)- (var(W1, -1) + var(W0, +1) + var(W1, +1) * (1 << sigma_sizes[0]) + - var(W2, +1) * (1 << (sigma_sizes[0] + sigma_sizes[1])) + - var(W3, +1) * (1 << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2])) + - var(W4, +1) * (1 << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2] + sigma_sizes[3])) + + var(W2, +1) * (one << (sigma_sizes[0] + sigma_sizes[1])) + + var(W3, +1) * (one << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2])) + + var(W4, +1) * (one << (sigma_sizes[0] + sigma_sizes[1] + sigma_sizes[2] + sigma_sizes[3])) + var(W2, 0) + var(W3, 0) * (1 << 16) + var(W4, 0) * (one << 32) + var(W5, 0) * (one << 48))); auto constraint_5 = bp.add_constraint((var(W8, 0) - 6) * (var(W8, 0) - 5) * @@ -870,6 +870,51 @@ namespace nil { blueprint_public_assignment_table &assignment, const params_type ¶ms, const std::size_t &start_row_index) { + + std::size_t row = start_row_index + 2; + + for (std::size_t i = 1; i <= 15; ++i) { + bp.add_copy_constraint({var(W0, row + (i - 1)*6 + 0, false), params.input_words[i]}); + } + for (std::size_t i = 9; i <= 15; ++i) { + bp.add_copy_constraint({var(W7, row + (i - 9)*6 + 2, false), params.input_words[i]}); + } + for (std::size_t i = 0; i <= 15; ++i) { + bp.add_copy_constraint({var(W8, row + (i - 0)*6 + 2, false), params.input_words[i]}); + } + for (std::size_t i = 14; i <= 15; ++i) { + bp.add_copy_constraint({var(W0, row + (i - 14)*6 + 5, false), params.input_words[i]}); + } + + row = row + 384; + + bp.add_copy_constraint({var(W6, row + 2, false), var(W5, start_row_index + 1)}); + bp.add_copy_constraint({var(W6, row + 3, false), var(W6, start_row_index + 1)}); + bp.add_copy_constraint({var(W6, row + 6, false), var(W1, start_row_index + 1)}); + bp.add_copy_constraint({var(W6, row + 5, false), var(W2, start_row_index + 1)}); + + for (std::size_t i = row; i < row + 720 - 9; i = i + 9){ + bp.add_copy_constraint ({var(W6, (i + 2) + 9, false), var(W5, (i + 2), false)}); + bp.add_copy_constraint ({var(W6, (i + 3) + 9, false), var(W6, (i + 2), false)}); + bp.add_copy_constraint ({var(W6, (i + 5) + 9, false), var(W6, (i + 6), false)}); + bp.add_copy_constraint ({var(W6, (i + 6) + 9, false), var(W5, (i + 6), false)}); + } + + bp.add_copy_constraint({var(W0, row + 8, false), params.input_state[0]}); + bp.add_copy_constraint({var(W7, row + 3, false), params.input_state[3]}); + bp.add_copy_constraint({var(W0, row + 0, false), params.input_state[4]}); + bp.add_copy_constraint({var(W8, row + 3, false), params.input_state[7]}); + + row = row + 720; + + bp.add_copy_constraint({var(W0, row, false), params.input_state[0]}); + bp.add_copy_constraint({var(W1, row, false), params.input_state[1]}); + bp.add_copy_constraint({var(W2, row, false), params.input_state[2]}); + bp.add_copy_constraint({var(W3, row, false), params.input_state[3]}); + bp.add_copy_constraint({var(W0, row + 2, false), params.input_state[4]}); + bp.add_copy_constraint({var(W1, row + 2, false), params.input_state[5]}); + bp.add_copy_constraint({var(W2, row + 2, false), params.input_state[6]}); + bp.add_copy_constraint({var(W3, row + 2, false), params.input_state[7]}); } static void generate_assignments_constant(blueprint &bp, diff --git a/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/complete_addition_edwards25519.hpp b/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/complete_addition_edwards25519.hpp index f722e59a3b..62a6716597 100644 --- a/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/complete_addition_edwards25519.hpp +++ b/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/complete_addition_edwards25519.hpp @@ -89,7 +89,7 @@ namespace nil { public: constexpr static const std::size_t rows_amount = 2 * non_native_range_component::rows_amount + 8 * multiplication_component::rows_amount + - 3 * addition_component::rows_amount + subtraction_component::rows_amount + 2; + 3 * addition_component::rows_amount + subtraction_component::rows_amount; constexpr static const std::size_t gates_amount = 0; @@ -176,7 +176,6 @@ namespace nil { assignment.witness(W2)[row] = x3[2]; assignment.witness(W3)[row] = x3[3]; std::array P_x = {var(W0, row), var(W1, row), var(W2, row), var(W3, row)}; - row++; typename non_native_range_component::params_type range_params_x3 = {P_x}; non_native_range_component::generate_assignments(assignment, range_params_x3, row); @@ -187,7 +186,6 @@ namespace nil { assignment.witness(W2)[row] = y3[2]; assignment.witness(W3)[row] = y3[3]; std::array P_y = {var(W0, row), var(W1, row), var(W2, row), var(W3, row)}; - row++; typename non_native_range_component::params_type range_params_y3 = {P_y}; non_native_range_component::generate_assignments(assignment, range_params_y3, row); @@ -255,14 +253,12 @@ namespace nil { } std::size_t row = start_row_index; std::array P_x = {var(W0, row), var(W1, row), var(W2, row), var(W3, row)}; - row++; typename non_native_range_component::params_type range_params_x3 = {P_x}; non_native_range_component::generate_circuit(bp, assignment, range_params_x3, row); row+=non_native_range_component::rows_amount; std::array P_y = {var(W0, row), var(W1, row), var(W2, row), var(W3, row)}; - row++; typename non_native_range_component::params_type range_params_y3 = {P_y}; non_native_range_component::generate_circuit(bp, assignment, range_params_y3, row); @@ -333,7 +329,6 @@ namespace nil { const std::size_t start_row_index) { std::size_t row = start_row_index; - row+=2; row+=non_native_range_component::rows_amount; row+=non_native_range_component::rows_amount; row+=multiplication_component::rows_amount; diff --git a/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/ec_point_edwards25519.hpp b/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/ec_point_edwards25519.hpp index e4e3eacaa1..7be384a36f 100644 --- a/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/ec_point_edwards25519.hpp +++ b/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/ec_point_edwards25519.hpp @@ -163,11 +163,6 @@ namespace nil { row += mult_component::rows_amount; auto right = add_component::generate_assignments(assignment, {one_var, t2}, row).output; row += add_component::rows_amount; - - for (int i = 0; i < 4; ++i) { - std::cout << assignment.var_value(left[i]).data << ' ' << assignment.var_value(right[i]).data << '\n'; - } - return result_type(component_start_row); } @@ -204,14 +199,12 @@ namespace nil { auto t0 = mult_component::generate_circuit(bp, assignment, {x_2, a_var}, row).output; row += mult_component::rows_amount; auto left = add_component::generate_circuit(bp, assignment, {y_2, t0}, row).output; - std::cout << row << '\n'; row += add_component::rows_amount; auto t1 = mult_component::generate_circuit(bp, assignment, {y_2, x_2}, row).output; row += mult_component::rows_amount; auto t2 = mult_component::generate_circuit(bp, assignment, {d_var, t1}, row).output; row += mult_component::rows_amount; auto right = add_component::generate_circuit(bp, assignment, {one_var, t2}, row).output; - std::cout << row << '\n'; row += add_component::rows_amount; generate_copy_constraints(bp, assignment, params, start_row_index); @@ -234,9 +227,9 @@ namespace nil { const params_type ¶ms, std::size_t component_start_row) { std::size_t row = component_start_row + 2 * non_native_range_component::rows_amount + 3 * mult_component::rows_amount; - auto left = (typename add_component::result_type(25)).output; + auto left = (typename add_component::result_type(component_start_row + 25)).output; row += 2 * mult_component::rows_amount + add_component::rows_amount; - auto right = (typename add_component::result_type(43)).output; + auto right = (typename add_component::result_type(component_start_row + 43)).output; bp.add_copy_constraint({left[0], right[0]}); bp.add_copy_constraint({left[1], right[1]}); diff --git a/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/ed25519.hpp b/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/ed25519.hpp index 3035324842..2b9464683d 100644 --- a/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/ed25519.hpp +++ b/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/ed25519.hpp @@ -36,6 +36,7 @@ #include #include #include +#include #include namespace nil { @@ -92,6 +93,8 @@ namespace nil { W0, W1, W2, W3, W4, W5, W6, W7, W8>; using scalar_non_native_range_component = scalar_non_native_range; + using non_addition_component = non_native_field_element_addition; using sha512_component = sha512; @@ -99,12 +102,12 @@ namespace nil { constexpr static const std::size_t selector_seed = 0xfcc2; public: - constexpr static const std::size_t rows_amount = 4 * non_native_range_component::rows_amount - + scalar_non_native_range_component::rows_amount + constexpr static const std::size_t rows_amount = /*262144;*/scalar_non_native_range_component::rows_amount + variable_base_mult_component::rows_amount + fixed_base_mult_component::rows_amount + addition_component::rows_amount - + reduction_component::rows_amount; + + reduction_component::rows_amount + + 2 * check_ec_point_component::rows_amount + sha512_component::rows_amount; constexpr static const std::size_t gates_amount = 0; @@ -119,7 +122,7 @@ namespace nil { }; signature e; var_ec_point public_key; - var M; + std::array M; }; //TODO: check if points R and public_key lie on the curve @@ -133,11 +136,15 @@ namespace nil { const params_type ¶ms, std::size_t component_start_row) { std::size_t row = component_start_row; - + //generate_lookup_table(assignment, params, component_start_row); + /*std::size_t n = (1 << 18); + for(std::size_t i = 0; i < n; i++) { + assignment.constant(1)[i] = i; + }*/ var s = params.e.s; auto R = params.e.R; auto pk = params.public_key; - var M = params.M; + std::array M = params.M; /* here we check if s lies in range */ scalar_non_native_range_component::generate_assignments(assignment, {s}, row); @@ -148,29 +155,14 @@ namespace nil { row += check_ec_point_component::rows_amount; /* here we get k = SHA(R||A||M) */ - /* 66*15 + 34 = 1024 bits */ - // auto padded = ...; - // row += ...; - // auto k_vec = sha512_component::generate_assignments(assignment, {padded}, row).output; - // row += sha512_component::rows_amount; - std::array constants = { - 0x66666666, 0x11111111, 0x22222222, 0x55555555, - 0x33333333, 0x99999999, 0x11111111, 0x77777777}; - for (int i = 0; i < 8; i++) { - assignment.constant(0)[component_start_row + i] = constants[i]; - } - std::array k_vec = {var(0, component_start_row, false, var::column_type::constant), - var(0, component_start_row + 1, false, var::column_type::constant), - var(0, component_start_row + 2, false, var::column_type::constant), - var(0, component_start_row + 3, false, var::column_type::constant), - var(0, component_start_row + 4, false, var::column_type::constant), - var(0, component_start_row + 5, false, var::column_type::constant), - var(0, component_start_row + 6, false, var::column_type::constant), - var(0, component_start_row + 7, false, var::column_type::constant)}; + auto k_vec = sha512_component::generate_assignments(assignment, {{{R.x[0], R.x[1], R.x[2], R.x[3]}, + {R.y[0], R.y[1], R.y[2], R.y[3]}}, {{pk.x[0], pk.x[1], pk.x[2], pk.x[3]}, + {pk.y[0], pk.y[1], pk.y[2], pk.y[3]}}, M}, row).output_state; + row += sha512_component::rows_amount; var k = reduction_component::generate_assignments(assignment, {k_vec}, row).output; row += reduction_component::rows_amount; - /* here we check sB == R + kA */ + auto S = fixed_base_mult_component::generate_assignments(assignment, {s}, row).output; row += fixed_base_mult_component::rows_amount; auto A = variable_base_mult_component::generate_assignments(assignment, {{pk.x, pk.y}, k}, row).output; @@ -178,7 +170,6 @@ namespace nil { typename addition_component::params_type add_params = {{A.x, A.y}, {R.x, R.y}}; auto res = addition_component::generate_assignments(assignment, add_params, row).output; row += addition_component::rows_amount; - return result_type(component_start_row); } @@ -191,7 +182,7 @@ namespace nil { var s = params.e.s; auto R = params.e.R; auto pk = params.public_key; - var M = params.M; + std::array M = params.M; /* here we check if s lies in range */ scalar_non_native_range_component::generate_circuit(bp, assignment, {s}, row); @@ -202,21 +193,12 @@ namespace nil { row += check_ec_point_component::rows_amount; /* here we get k = SHA(R||A||M) */ - // auto padded = ...; - // row += ...; - // auto k_vec = sha512_component::generate_circuit(bp, assignment, {padded}, row).output; - // row += sha512_component::rows_amount; - std::array k_vec = {var(0, start_row_index, false, var::column_type::constant), - var(0, start_row_index + 1, false, var::column_type::constant), - var(0, start_row_index + 2, false, var::column_type::constant), - var(0, start_row_index + 3, false, var::column_type::constant), - var(0, start_row_index + 4, false, var::column_type::constant), - var(0, start_row_index + 5, false, var::column_type::constant), - var(0, start_row_index + 6, false, var::column_type::constant), - var(0, start_row_index + 7, false, var::column_type::constant)}; + auto k_vec = sha512_component::generate_circuit(bp, assignment, {{{R.x[0], R.x[1], R.x[2], R.x[3]}, + {R.y[0], R.y[1], R.y[2], R.y[3]}}, {{pk.x[0], pk.x[1], pk.x[2], pk.x[3]}, + {pk.y[0], pk.y[1], pk.y[2], pk.y[3]}}, M}, row).output_state; + row += sha512_component::rows_amount; var k = reduction_component::generate_circuit(bp, assignment, {k_vec}, row).output; row += reduction_component::rows_amount; - /* here we check sB == R + kA */ auto S = fixed_base_mult_component::generate_circuit(bp, assignment, {s}, row).output; row += fixed_base_mult_component::rows_amount; @@ -225,7 +207,7 @@ namespace nil { typename addition_component::params_type add_params = {{A.x, A.y}, {R.x, R.y}}; auto res = addition_component::generate_circuit(bp, assignment, add_params, row).output; row += addition_component::rows_amount; - + generate_copy_constraints(bp, assignment, params, start_row_index); return result_type(start_row_index); } @@ -244,9 +226,10 @@ namespace nil { const params_type ¶ms, std::size_t component_start_row) { std::size_t row = component_start_row; - row += 5 * non_native_range_component::rows_amount + reduction_component::rows_amount; - auto S = (typename fixed_base_mult_component::result_type(row)).output; - row += fixed_base_mult_component::rows_amount + variable_base_mult_component::rows_amount; + row += scalar_non_native_range_component::rows_amount + 2 * check_ec_point_component::rows_amount + + reduction_component::rows_amount + sha512_component::rows_amount + fixed_base_mult_component::rows_amount; + auto S = (typename fixed_base_mult_component::result_type(row - 1 - addition_component::rows_amount)).output; + row += variable_base_mult_component::rows_amount; auto res = (typename addition_component::result_type(row)).output; bp.add_copy_constraint({{S.x[0]}, {res.x[0]}}); bp.add_copy_constraint({{S.x[1]}, {res.x[1]}}); @@ -254,9 +237,20 @@ namespace nil { bp.add_copy_constraint({{S.x[3]}, {res.x[3]}}); bp.add_copy_constraint({{S.y[0]}, {res.y[0]}}); bp.add_copy_constraint({{S.y[1]}, {res.y[1]}}); - bp.add_copy_constraint({{S.y[2]}, {res.y[2]}}); + bp.add_copy_constraint({{S.y[2]}, {res.y[2]}}); bp.add_copy_constraint({{S.y[3]}, {res.y[3]}}); } + + static void generate_lookup_table(blueprint_assignment_table &assignment, + const params_type ¶ms, + std::size_t component_start_row) { + + std::size_t row = component_start_row; + std::size_t n = (1 << 16); + for(std::size_t i = 0; i < 2; i++) { + assignment.constant(1)[i] = 0; + } + } }; } // namespace components diff --git a/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/multiplication.hpp b/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/multiplication.hpp index c0d7cab56c..3b882da824 100644 --- a/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/multiplication.hpp +++ b/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/multiplication.hpp @@ -324,10 +324,10 @@ namespace nil { std::size_t row = component_start_row; - // bp.add_copy_constraint({var(W0, row + 4, false), params.A[0]}); - // bp.add_copy_constraint({var(W1, row + 4, false), params.A[1]}); - // bp.add_copy_constraint({var(W2, row + 4, false), params.A[2]}); - // bp.add_copy_constraint({var(W3, row + 4, false), params.A[3]}); + bp.add_copy_constraint({var(W0, row + 4, false), params.A[0]}); + bp.add_copy_constraint({var(W1, row + 4, false), params.A[1]}); + bp.add_copy_constraint({var(W2, row + 4, false), params.A[2]}); + bp.add_copy_constraint({var(W3, row + 4, false), params.A[3]}); bp.add_copy_constraint({var(W4, row + 4, false), params.B[0]}); bp.add_copy_constraint({var(W5, row + 4, false), params.B[1]}); bp.add_copy_constraint({var(W6, row + 4, false), params.B[2]}); diff --git a/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/reduction.hpp b/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/reduction.hpp index 0c3a51fe0c..e5776b0734 100644 --- a/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/reduction.hpp +++ b/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/reduction.hpp @@ -32,6 +32,7 @@ #include #include +#include #include namespace nil { @@ -73,25 +74,21 @@ namespace nil { public: constexpr static const std::size_t rows_amount = 4; - constexpr static const std::size_t selector_seed = 0x0fFD; + constexpr static const std::size_t selector_seed = 0xff34; - constexpr static const std::size_t gates_amount = 3; + constexpr static const std::size_t gates_amount = 2; struct params_type { std::array k; }; struct result_type { - var output = var(W4, 1, false); + var output; result_type(std::size_t component_start_row) { - var(W4, component_start_row + rows_amount - 3, false); + output = var(W4, component_start_row + rows_amount - 3, false); } }; - static std::size_t allocate_rows(blueprint &bp) { - return bp.allocate_rows(rows_amount); - } - static result_type generate_circuit(blueprint &bp, blueprint_public_assignment_table &assignment, @@ -107,7 +104,9 @@ namespace nil { first_selector_index = selector_iterator->second; } - assignment.enable_selector(first_selector_index, start_row_index); + assignment.enable_selector(first_selector_index, start_row_index + 1); + assignment.enable_selector(first_selector_index + 1, start_row_index + 2); + generate_copy_constraints(bp, assignment, params, start_row_index); return result_type(start_row_index); @@ -154,39 +153,52 @@ namespace nil { assignment.witness(0)[row + 2] = (q >> 47) & ((1 << (20)) - 1); assignment.witness(4)[row + 1] = r; - assignment.witness(3)[row + 1] = (r) & ((1 << (13)) - 1); - assignment.witness(2)[row + 1] = (r >> 13) & ((1 << (20)) - 1); - assignment.witness(1)[row + 1] = (r >> 33) & ((1 << (20)) - 1); - assignment.witness(0)[row + 1] = (r >> 53) & ((1 << (20)) - 1); - assignment.witness(8)[row] = (r >> 73) & ((1 << (20)) - 1); - assignment.witness(7)[row] = (r >> 93) & ((1 << (20)) - 1); - assignment.witness(6)[row] = (r >> 113) & ((1 << (20)) - 1); - assignment.witness(5)[row] = (r >> 133) & ((1 << (20)) - 1); - assignment.witness(4)[row] = (r >> 153) & ((1 << (20)) - 1); - assignment.witness(3)[row] = (r >> 173) & ((1 << (20)) - 1); - assignment.witness(2)[row] = (r >> 193) & ((1 << (20)) - 1); - assignment.witness(1)[row] = (r >> 213) & ((1 << (20)) - 1); - assignment.witness(0)[row] = (r >> 233); - - auto s_r = assignment.witness(0)[row]; + assignment.witness(3)[row + 1] = typename ArithmetizationType::field_type::value_type((r) & ((1 << (13)) - 1)); + assignment.witness(2)[row + 1] = typename ArithmetizationType::field_type::value_type((r >> 13) & ((1 << (20)) - 1)); + assignment.witness(1)[row + 1] = typename ArithmetizationType::field_type::value_type((r >> 33) & ((1 << (20)) - 1)); + assignment.witness(0)[row + 1] = typename ArithmetizationType::field_type::value_type((r >> 53) & ((1 << (20)) - 1)); + assignment.witness(8)[row] = typename ArithmetizationType::field_type::value_type((r >> 73) & ((1 << (20)) - 1)); + assignment.witness(7)[row] = typename ArithmetizationType::field_type::value_type((r >> 93) & ((1 << (20)) - 1)); + assignment.witness(6)[row] = typename ArithmetizationType::field_type::value_type((r >> 113) & ((1 << (20)) - 1)); + assignment.witness(5)[row] = typename ArithmetizationType::field_type::value_type((r >> 133) & ((1 << (20)) - 1)); + assignment.witness(4)[row] = typename ArithmetizationType::field_type::value_type((r >> 153) & ((1 << (20)) - 1)); + assignment.witness(3)[row] = typename ArithmetizationType::field_type::value_type((r >> 173) & ((1 << (20)) - 1)); + assignment.witness(2)[row] = typename ArithmetizationType::field_type::value_type((r >> 193) & ((1 << (20)) - 1)); + assignment.witness(1)[row] = typename ArithmetizationType::field_type::value_type((r >> 213) & ((1 << (20)) - 1)); + assignment.witness(0)[row] = typename ArithmetizationType::field_type::value_type((r >> 233)); + + typename ArithmetizationType::field_type::value_type s_r = assignment.witness(0)[row]; for (size_t i = 1; i < 9; i++) { s_r += assignment.witness(i)[row]; } s_r += assignment.witness(0)[row + 1] + assignment.witness(1)[row + 1] + - assignment.witness(2)[row + 1] + assignment.witness(3)[row + 1]; + assignment.witness(2)[row + 1]; s_r -= 12 * ((1 << (20)) - 1); - - assignment.witness(5)[row + 1] = 1 / s_r; - assignment.witness(6)[row + 1] = 1; - - auto v = (data[0] + data[1] * 0x10000000000000000_cppui512 + - q * (0x165812631a5cf5d3ed_cppui512) - (r & 0x1ffffffffffffffffff_cppui512)); + algebra::curves::ed25519::scalar_field_type::extended_integral_type one = 1; + assignment.witness(5)[row + 1] = s_r.inversed(); + + //if ((r) & ((1 << (13)) - 1) (L - (one << 252))) { \\TO-DO + assignment.witness(6)[row + 1] = 1; + //} else { + //} + + auto c = data[0] + data[1] * ((one << 64)) + data[3] * (((one << 192)%L) & ((one << 73) - 1)) + + data[4] * (((one << 256)%L) & ((one << 73) - 1)) + + data[5] * (((one << 320)%L) & ((one << 73) - 1)) + + data[6] * (((one << 384)%L) & ((one << 73) - 1)) + + data[7] * (((one << 448)%L) & ((one << 73) - 1)) + + q * ((one << 73) - (L % (one << 73))); + auto d = (r) & ((1 << (13)) - 1) + + ((r >> 13) & ((1 << (20)) - 1))* (one << 13) + + ((r >> 33) & ((1 << (20)) - 1)) * (one << 33) + + ((r >> 53) & ((1 << (20)) - 1)) * (one << 53); + auto v = (c - d) >> 69; assignment.witness(8)[row + 3] = v; - assignment.witness(4)[row + 2] = v >> 41; - assignment.witness(5)[row + 2] = (v >> 21) & ((1 << (20)) - 1); - assignment.witness(6)[row + 2] = (v >> 1) & ((1 << (20)) - 1); - assignment.witness(7)[row + 2] = v & 1; + assignment.witness(4)[row + 2] = v >> 56; + assignment.witness(5)[row + 2] = (v >> 34) & ((1 << (22)) - 1); + assignment.witness(6)[row + 2] = (v >> 12) & ((1 << (22)) - 1); + assignment.witness(7)[row + 2] = v & 4095; return result_type(start_row_index); } @@ -201,56 +213,63 @@ namespace nil { auto L = 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed_cppui512; auto constraint_1 = bp.add_constraint( - var(W0, +3) * 0x01_cppui512 + var(W1, +3) * 0x10000000000000000_cppui512 + - var(W2, +3) * 0x100000000000000000000000000000000_cppui512 + - var(W3, +3) * 0x1000000000000000000000000000000000000000000000000_cppui512 + - var(W4, +3) * 0xffffffffffffffffffffffffffffffec6ef5bf4737dcf70d6ec31748d98951d_cppui512 + - var(W5, +3) * 0xffffffffffffffeb2106215d086329a93b8c838d39a5e065812631a5cf5d3ed_cppui512 + - var(W6, +3) * 0x2106215d086329a7ed9ce5a30a2c131b64a7f435e4fdd9539822129a02a6271_cppui512 + - var(W7, +3) * 0xed9ce5a30a2c131b399411b7c309a3de24babbe38d1d7a979daf520a00acb65_cppui512 - - var(W4, 1) - - (var(W0, +2) * 0x800000000000_cppui512 + var(W1, +2) * 0x8000000_cppui512 + - var(W2, +2) * 0x80_cppui512 + var(W3, +2)) * L); - - auto s_r = var(W0, 0) + var(W1, 0) + var(W2, 0) + var(W3, 0) + var(W4, 0) + var(W5, 0) + - var(W6, 0) + var(W7, 0) + var(W8, 0) + var(W0, 1) + var(W1, 1) + var(W2, 1) + - var(W3, 1) - 12 * ((1 << (20)) - 1); + var(W0, +1) * 0x01_cppui512 + var(W1, +1) * 0x10000000000000000_cppui512 + + var(W2, +1) * 0x100000000000000000000000000000000_cppui512 + + var(W3, +1) * 0x1000000000000000000000000000000000000000000000000_cppui512 + + var(W4, +1) * 0xffffffffffffffffffffffffffffffec6ef5bf4737dcf70d6ec31748d98951d_cppui512 + + var(W5, +1) * 0xffffffffffffffeb2106215d086329a93b8c838d39a5e065812631a5cf5d3ed_cppui512 + + var(W6, +1) * 0x2106215d086329a7ed9ce5a30a2c131b64a7f435e4fdd9539822129a02a6271_cppui512 + + var(W7, +1) * 0xed9ce5a30a2c131b399411b7c309a3de24babbe38d1d7a979daf520a00acb65_cppui512 - + var(W4, -1) - + (var(W0, 0) * 0x800000000000_cppui512 + var(W1, 0) * 0x8000000_cppui512 + + var(W2, 0) * 0x80_cppui512 + var(W3, 0)) * L); + + auto s_r = var(W0, -1) + var(W1, -1) + var(W2, -1) + var(W3, -1) + var(W4, -1) + var(W5, -1) + + var(W6, -1) + var(W7, -1) + var(W8, -1) + var(W0, 0) + var(W1, 0) + var(W2, 0) - 12 * ((1 << (20)) - 1); auto constraint_2 = bp.add_constraint( - var(W4, +1) - - (var(W3, +1) + var(W2, +1) * 0x2000_cppui255 + var(W1, +1) * 0x200000000_cppui255 + - var(W0, +1) * 0x20000000000000_cppui255 + var(W8, +0) * 0x2000000000000000000_cppui255 + - var(W7, +0) * 0x200000000000000000000000_cppui255 + - var(W6, +0) * 0x20000000000000000000000000000_cppui255 + - var(W5, +0) * 0x2000000000000000000000000000000000_cppui255 + - var(W4, +0) * 0x200000000000000000000000000000000000000_cppui255 + - var(W3, +0) * 0x20000000000000000000000000000000000000000000_cppui255 + - var(W2, +0) * 0x2000000000000000000000000000000000000000000000000_cppui255 + - var(W1, +0) * 0x200000000000000000000000000000000000000000000000000000_cppui255 + - var(W0, +0) * 0x20000000000000000000000000000000000000000000000000000000000_cppui255)); - - auto constraint_3 = bp.add_constraint((s_r) * ((s_r)*var(W5, +1) - 1)); + var(W4, 0) - + (var(W3, 0) + var(W2, 0) * 0x2000_cppui255 + var(W1, 0) * 0x200000000_cppui255 + + var(W0, 0) * 0x20000000000000_cppui255 + var(W8, -1) * 0x2000000000000000000_cppui255 + + var(W7, -1) * 0x200000000000000000000000_cppui255 + + var(W6, -1) * 0x20000000000000000000000000000_cppui255 + + var(W5, -1) * 0x2000000000000000000000000000000000_cppui255 + + var(W4, -1) * 0x200000000000000000000000000000000000000_cppui255 + + var(W3, -1) * 0x20000000000000000000000000000000000000000000_cppui255 + + var(W2, -1) * 0x2000000000000000000000000000000000000000000000000_cppui255 + + var(W1, -1) * 0x200000000000000000000000000000000000000000000000000000_cppui255 + + var(W0, -1) * 0x20000000000000000000000000000000000000000000000000000000000_cppui255)); + + auto constraint_3 = bp.add_constraint((s_r) * ((s_r)*var(W5, 0) - 1)); auto constraint_4 = - bp.add_constraint((s_r)*var(W5, +1) + (1 - (s_r)*var(W5, +1)) * var(W6, +1) - 1); - + bp.add_constraint((s_r)*var(W5, 0) + (1 - (s_r)*var(W5, 0)) * var(W6, 0) - 1); + algebra::curves::ed25519::scalar_field_type::extended_integral_type one = 1; + std::array m = + {((one << 192)%L), ((one << 256)%L), ((one << 320)%L), ((one << 384)%L), ((one << 448)%L)}; auto constraint_5 = bp.add_constraint( - var(W0, 3) + var(W1, 3) * 0x10000000000000000_cppui512 + - (var(W0, +2) * 0x800000000000_cppui512 + var(W1, +2) * 0x8000000_cppui512 + - var(W2, +2) * 0x80_cppui512 + var(W3, +2)) * (0x165812631a5cf5d3ed_cppui512) - - (var(W3, +1) + var(W2, +1) * 0x2000_cppui512 + var(W1, +1) * 0x200000000_cppui512 + - var(W0, +1) * 0x20000000000000_cppui512) - - var(W8, 3)); - - auto constraint_6 = bp.add_constraint(var(W8, +3) - (var(W4, +2) * 0x20000000000_cppui255 + - var(W5, +2) * 0x200000_cppui255 + - var(W6, +2) * 2 + var(W7, +2))); + var(W0, +1) + var(W1, +1) * (one << 64) + + var(W3, + 1) * ( m[0] & ((one << 73) - 1)) + + var(W4, + 1) * ( m[1] & ((one << 73) - 1)) + + var(W5, + 1) * ( m[2]& ((one << 73) - 1)) + + var(W6, + 1) * ( m[3]& ((one << 73) - 1)) + + var(W7, + 1) * ( m[4]& ((one << 73) - 1)) + + (var(W0, 0) * 0x800000000000_cppui512 + var(W1, 0) * 0x8000000_cppui512 + + var(W2, 0) * 0x80_cppui512 + var(W3, 0)) * ((one << 73) - (L % (one << 73))) - + (var(W3, -1) + var(W2, -1) * (one << 13) + var(W1, -1) * (one << 33) + + var(W0, -1) * (one << 53)) - + var(W8, +1) * (one << 69)); + + auto constraint_6 = bp.add_constraint(var(W8, +1) - (var(W4, 0) * (one << 56) + + var(W5, 0) * (one << 34) + + var(W6, 0) * (one << 12) + var(W7, 0))); - auto constraint_7 = bp.add_constraint((var(W6, 1) - 1) * var(W6, +1)); bp.add_gate(selector_index, - {constraint_1, constraint_2, constraint_3, constraint_4, constraint_5, constraint_6, - constraint_7}); + {constraint_2, constraint_3, constraint_4}); + + bp.add_gate(selector_index + 1, + {constraint_1, constraint_5, constraint_6}); } static void diff --git a/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/signatures_verification.hpp b/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/signatures_verification.hpp new file mode 100644 index 0000000000..53dd38f2f0 --- /dev/null +++ b/include/nil/crypto3/zk/components/non_native/algebra/fields/plonk/signatures_verification.hpp @@ -0,0 +1,154 @@ +//---------------------------------------------------------------------------// +// Copyright (c) 2022 Alisa Cherniaeva +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +//---------------------------------------------------------------------------// +// @file Declaration of interfaces for auxiliary components for the EDDSA25519 component. +//---------------------------------------------------------------------------// + +#ifndef CRYPTO3_ZK_BLUEPRINT_SIGNATURES_VERIFICATION_HPP +#define CRYPTO3_ZK_BLUEPRINT_SIGNATURES_VERIFICATION_HPP + +#include +#include +#include + +namespace nil { + namespace crypto3 { + namespace zk { + namespace components { + + template + class signatures_verification; + + template + class signatures_verification, + CurveType, + Ed25519Type, + k, + W0, + W1, + W2, + W3, + W4, + W5, + W6, + W7, + W8> { + + typedef snark::plonk_constraint_system ArithmetizationType; + + using ed25519_component = eddsa25519; + + using var = snark::plonk_variable; + using var_ec_point = typename ed25519_component::params_type::var_ec_point; + using signature = typename ed25519_component::params_type::signature; + constexpr static const std::size_t selector_seed = 0xfcc7; + + public: + constexpr static const std::size_t rows_amount = ed25519_component::rows_amount*k; + + constexpr static const std::size_t gates_amount = 0; + + struct params_type { + std::array signatures; + std::array public_keys; + std::array M; + }; + + struct result_type { + result_type(std::size_t component_start_row) { + } + }; + + static result_type generate_assignments(blueprint_assignment_table &assignment, + const params_type ¶ms, + std::size_t component_start_row) { + std::size_t row = component_start_row; + for (std::size_t i = 0; i < k; i++){ + ed25519_component::generate_assignments(assignment, {params.signatures[i], params.public_keys[i], params.M}, row); + row += ed25519_component::rows_amount; + } + return result_type(component_start_row); + } + + static result_type generate_circuit(blueprint &bp, + blueprint_public_assignment_table &assignment, + const params_type ¶ms, + const std::size_t component_start_row){ + std::size_t row = component_start_row; + for (std::size_t i = 0; i < k; i++){ + ed25519_component::generate_circuit(bp, assignment, {params.signatures[i], params.public_keys[i], params.M}, row); + row += ed25519_component::rows_amount; + } + return result_type(component_start_row); + } + + private: + + static void generate_gates( + blueprint &bp, + blueprint_public_assignment_table &public_assignment, + const params_type ¶ms, + const std::size_t first_selector_index) { + + } + + static void generate_copy_constraints(blueprint &bp, + blueprint_public_assignment_table &public_assignment, + const params_type ¶ms, + std::size_t component_start_row) { + } + + static void generate_lookup_table(blueprint_assignment_table &assignment, + const params_type ¶ms, + std::size_t component_start_row) { + + std::size_t row = component_start_row; + std::size_t n = (1 << 16); + for(std::size_t i = 0; i < 2; i++) { + assignment.constant(1)[i] = 0; + } + } + }; + + } // namespace components + } // namespace zk + } // namespace crypto3 +} // namespace nil + +#endif // CRYPTO3_ZK_BLUEPRINT_VARIABLE_BASE_MULTIPLICATION_EDWARD25519_HPP \ No newline at end of file diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 106d54043f..5b6ad1ed58 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -63,6 +63,7 @@ set(NON_NATIVE_TESTS_FILES "non_native/plonk/non_native_demo" "non_native/plonk/reduction" "non_native/plonk/ed25519" + "non_native/plonk/signatures_verification" "non_native/plonk/ec_point" ) @@ -80,6 +81,7 @@ set(PLONK_TESTS_FILES "algebra/curves/plonk/multi_scalar_multiplication" "hashes/plonk/poseidon" "hashes/plonk/sha256" + "hashes/plonk/sha512" "hashes/plonk/sha256_process" "hashes/plonk/sha512_process" "hashes/plonk/decomposition" diff --git a/test/hashes/plonk/sha512.cpp b/test/hashes/plonk/sha512.cpp new file mode 100644 index 0000000000..191da628ef --- /dev/null +++ b/test/hashes/plonk/sha512.cpp @@ -0,0 +1,109 @@ +//---------------------------------------------------------------------------// +// Copyright (c) 2021-2022 Mikhail Komarov +// Copyright (c) 2021-2022 Nikita Kaskov +// Copyright (c) 2022 Alisa Cherniaeva +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +//---------------------------------------------------------------------------// + +#define BOOST_TEST_MODULE plonk_sha512_test + +#include + +#include +#include +#include + +#include +#include +#include + +#include + +#include +#include +#include + +#include "../../test_plonk_component.hpp" + +#include + +using namespace nil::crypto3; + +BOOST_AUTO_TEST_SUITE(blueprint_plonk_test_suite) + +BOOST_AUTO_TEST_CASE(blueprint_plonk_sha512) { + auto start = std::chrono::high_resolution_clock::now(); + + using curve_type = algebra::curves::pallas; + using BlueprintFieldType = typename curve_type::base_field_type; + using FieldType = typename curve_type::base_field_type; + + constexpr std::size_t WitnessColumns = 9; + constexpr std::size_t PublicInputColumns = 5; + constexpr std::size_t ConstantColumns = 2; + constexpr std::size_t SelectorColumns = 10; + using hash_type = nil::crypto3::hashes::keccak_1600<256>; + constexpr std::size_t Lambda = 1; + + using ArithmetizationParams = + zk::snark::plonk_arithmetization_params; + using ArithmetizationType = zk::snark::plonk_constraint_system; + using AssignmentType = zk::blueprint_assignment_table; + using var = zk::snark::plonk_variable; + + using component_type = zk::components::sha512; + + std::array public_input = {0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0}; + + std::array input_state_var = { // + var(0, 0, false, var::column_type::public_input), var(0, 1, false, var::column_type::public_input), + var(0, 2, false, var::column_type::public_input), var(0, 3, false, var::column_type::public_input), + var(0, 4, false, var::column_type::public_input), var(0, 5, false, var::column_type::public_input), + var(0, 6, false, var::column_type::public_input), var(0, 7, false, var::column_type::public_input), + var(0, 8, false, var::column_type::public_input), var(0, 9, false, var::column_type::public_input), + var(0, 10, false, var::column_type::public_input), var(0, 11, false, var::column_type::public_input), + var(0, 12, false, var::column_type::public_input), var(0, 13, false, var::column_type::public_input), + var(0, 14, false, var::column_type::public_input), var(0, 15, false, var::column_type::public_input), + var(0, 16, false, var::column_type::public_input), var(0, 17, false, var::column_type::public_input), + var(0, 18, false, var::column_type::public_input), var(0, 19, false, var::column_type::public_input)}; + + + + + typename component_type::params_type params = { + { {input_state_var[0],input_state_var[1],input_state_var[2],input_state_var[3]}, {input_state_var[4],input_state_var[5],input_state_var[6],input_state_var[7]}}, + { {input_state_var[8],input_state_var[9],input_state_var[10],input_state_var[11]}, {input_state_var[12],input_state_var[13],input_state_var[14],input_state_var[15]}}, + {input_state_var[16],input_state_var[17],input_state_var[18],input_state_var[19]} + }; + + auto result_check = [](AssignmentType &assignment, component_type::result_type &real_res) {}; + test_component(params, public_input, + result_check); + + auto duration = std::chrono::duration_cast(std::chrono::high_resolution_clock::now() - start); + std::cout << "Time_execution: " << duration.count() << "ms" << std::endl; +} + +BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/test/hashes/plonk/sha512_process.cpp b/test/hashes/plonk/sha512_process.cpp index d106cc7259..1bb694a3fe 100644 --- a/test/hashes/plonk/sha512_process.cpp +++ b/test/hashes/plonk/sha512_process.cpp @@ -109,18 +109,18 @@ BOOST_AUTO_TEST_CASE(blueprint_plonk_sha512_process) { message_schedule_array[i] = typename BlueprintFieldType::integral_type(public_input[8 + i].data); } for(std::size_t i = 16; i < 80; i ++){ - typename BlueprintFieldType::integral_type s0 = ((message_schedule_array[i - 15] >> 7)|((message_schedule_array[i - 15] << (64 - 7)) + typename BlueprintFieldType::integral_type s0 = ((message_schedule_array[i - 15] >> 1)|((message_schedule_array[i - 15] << (64 - 1)) & typename BlueprintFieldType::integral_type((typename BlueprintFieldType::value_type(2).pow(64) - 1).data))) ^ - ((message_schedule_array[i - 15] >> 18)|((message_schedule_array[i - 15] << (64 - 18)) + ((message_schedule_array[i - 15] >> 8)|((message_schedule_array[i - 15] << (64 - 8)) & typename BlueprintFieldType::integral_type((typename BlueprintFieldType::value_type(2).pow(64) - 1).data))) - ^ (message_schedule_array[i - 15] >> 3); - typename BlueprintFieldType::integral_type s1 = ((message_schedule_array[i - 2] >> 17)|((message_schedule_array[i - 2] << (64 - 17)) + ^ (message_schedule_array[i - 15] >> 7); + typename BlueprintFieldType::integral_type s1 = ((message_schedule_array[i - 2] >> 19)|((message_schedule_array[i - 2] << (64 - 19)) & typename BlueprintFieldType::integral_type((typename BlueprintFieldType::value_type(2).pow(64) - 1).data))) ^ - ((message_schedule_array[i - 2] >> 19)|((message_schedule_array[i - 2] << (64 - 19)) + ((message_schedule_array[i - 2] >> 61)|((message_schedule_array[i - 2] << (64 - 61)) & typename BlueprintFieldType::integral_type((typename BlueprintFieldType::value_type(2).pow(64) - 1).data))) - ^ (message_schedule_array[i - 2] >> 10); + ^ (message_schedule_array[i - 2] >> 6); message_schedule_array[i] = (message_schedule_array[i - 16] + s0 + s1 + message_schedule_array[i - 7])% - typename curve_type::base_field_type::integral_type(typename curve_type::base_field_type::value_type(2).pow(64).data); + typename curve_type::base_field_type::integral_type(typename curve_type::base_field_type::value_type(2).pow(64).data); } typename ArithmetizationType::field_type::integral_type a = typename ArithmetizationType::field_type::integral_type(public_input[0].data); typename ArithmetizationType::field_type::integral_type b = typename ArithmetizationType::field_type::integral_type(public_input[1].data); @@ -131,43 +131,22 @@ BOOST_AUTO_TEST_CASE(blueprint_plonk_sha512_process) { typename ArithmetizationType::field_type::integral_type g = typename ArithmetizationType::field_type::integral_type(public_input[6].data); typename ArithmetizationType::field_type::integral_type h = typename ArithmetizationType::field_type::integral_type(public_input[7].data); for(std::size_t i = 0; i < 80; i ++){ - typename BlueprintFieldType::integral_type S0 = ((a >> 2)|((a << (64 - 2)) + typename BlueprintFieldType::integral_type S0 = ((a >> 28)|((a << (64 - 28)) & typename BlueprintFieldType::integral_type((typename BlueprintFieldType::value_type(2).pow(64) - 1).data))) ^ - ((a >> 13)|((a << (64 - 13)) + ((a >> 34)|((a << (64 - 34)) & typename BlueprintFieldType::integral_type((typename BlueprintFieldType::value_type(2).pow(64) - 1).data))) - ^ ((a >> 22)|((a << (64 - 22)) + ^ ((a >> 39)|((a << (64 - 39)) & typename BlueprintFieldType::integral_type((typename BlueprintFieldType::value_type(2).pow(64) - 1).data))); - typename BlueprintFieldType::integral_type S1 = ((e >> 6)|((e << (64 - 6)) + + typename BlueprintFieldType::integral_type S1 = ((e >> 14)|((e << (64 - 14)) & typename BlueprintFieldType::integral_type((typename BlueprintFieldType::value_type(2).pow(64) - 1).data))) ^ - ((e >> 11)|((e << (64 - 11)) + ((e >> 18)|((e << (64 - 18)) & typename BlueprintFieldType::integral_type((typename BlueprintFieldType::value_type(2).pow(64) - 1).data))) - ^ ((e >> 25)|((e << (64 - 25)) + ^ ((e >> 41)|((e << (64 - 41)) & typename BlueprintFieldType::integral_type((typename BlueprintFieldType::value_type(2).pow(64) - 1).data))); + typename BlueprintFieldType::integral_type maj = (a & b) ^ (a & c) ^ (b & c); typename BlueprintFieldType::integral_type ch = (e & f) ^ ((~e)& g); - - /*std::vector e_bits(32); - for (std::size_t j = 0; j < 32; j++) { - e_bits[32 - j - 1] = multiprecision::bit_test(e, j); - } - std::vector f_bits(32); - for (std::size_t j = 0; j < 32; j++) { - f_bits[32 - j - 1] = multiprecision::bit_test(f, j); - } - std::vector g_bits(32); - for (std::size_t j = 0; j < 32; j++) { - g_bits[32 - j - 1] = multiprecision::bit_test(g, j); - } - std::vector sizes = {32}; - std::size_t base = 7; - std::array, 2> e_s = - component_type::split_and_sparse(e_bits, sizes, base); - - std::array, 2> f_s = - component_type::split_and_sparse(f_bits, sizes, base); - - std::array, 2> g_s = - component_type::split_and_sparse(g_bits, sizes, base);*/ typename BlueprintFieldType::integral_type tmp1 = h + S1 + ch + round_constant[i] + message_schedule_array[i]; typename BlueprintFieldType::integral_type tmp2 = S0 + maj; h = g; diff --git a/test/non_native/plonk/ed25519.cpp b/test/non_native/plonk/ed25519.cpp index cfe2791f9f..a05a8efe6e 100644 --- a/test/non_native/plonk/ed25519.cpp +++ b/test/non_native/plonk/ed25519.cpp @@ -58,7 +58,7 @@ BOOST_AUTO_TEST_CASE(blueprint_edwards) { constexpr std::size_t WitnessColumns = 9; constexpr std::size_t PublicInputColumns = 1; constexpr std::size_t ConstantColumns = 1; - constexpr std::size_t SelectorColumns = 10; + constexpr std::size_t SelectorColumns = 11; using ArithmetizationParams = zk::snark::plonk_arithmetization_params; using ArithmetizationType = zk::snark::plonk_constraint_system; @@ -70,8 +70,22 @@ BOOST_AUTO_TEST_CASE(blueprint_edwards) { using component_type = zk::components::eddsa25519; - - std::vector public_input = {455245345345345, 523553453454343, 68753453534534689, 54355345344544, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17}; + ed25519_type::template g1_type::value_type B = + ed25519_type::template g1_type::value_type::one(); + ed25519_type::template g1_type::value_type R = 2*B; + ed25519_type::scalar_field_type::value_type b = algebra::random_element(); + ed25519_type::template g1_type::value_type T = b*R; + ed25519_type::scalar_field_type::value_type s = 2*b + 2; + ed25519_type::base_field_type::integral_type Tx = ed25519_type::base_field_type::integral_type(T.X.data); + ed25519_type::base_field_type::integral_type Ty = ed25519_type::base_field_type::integral_type(T.Y.data); + ed25519_type::base_field_type::integral_type Rx = ed25519_type::base_field_type::integral_type(R.X.data); + ed25519_type::base_field_type::integral_type Ry = ed25519_type::base_field_type::integral_type(R.Y.data); + typename ed25519_type::base_field_type::integral_type base = 1; + typename ed25519_type::base_field_type::integral_type mask = (base << 66) - 1; + std::vector public_input = {Tx & mask, (Tx >> 66) & mask, (Tx >> 132) & mask, (Tx >> 198) & mask, + Ty & mask, (Ty >> 66) & mask, (Ty >> 132) & mask, (Ty >> 198) & mask, typename BlueprintFieldType::integral_type(s.data), + Rx & mask, (Rx >> 66) & mask, (Rx >> 132) & mask, (Rx >> 198) & mask, + Ry & mask, (Ry >> 66) & mask, (Ry >> 132) & mask, (Ry >> 198) & mask, 1}; std::array e_R_x = {var(0, 0, false, var::column_type::public_input), var(0, 1, false, var::column_type::public_input), var(0, 2, false, var::column_type::public_input), var(0, 3, false, var::column_type::public_input)}; diff --git a/test/non_native/plonk/reduction.cpp b/test/non_native/plonk/reduction.cpp index fe9a934ede..9dcc9b346c 100644 --- a/test/non_native/plonk/reduction.cpp +++ b/test/non_native/plonk/reduction.cpp @@ -55,7 +55,7 @@ BOOST_AUTO_TEST_CASE(blueprint_variable_base_decomposition_edward25519) { constexpr std::size_t WitnessColumns = 9; constexpr std::size_t PublicInputColumns = 1; constexpr std::size_t ConstantColumns = 0; - constexpr std::size_t SelectorColumns = 1; + constexpr std::size_t SelectorColumns = 3; using hash_type = nil::crypto3::hashes::keccak_1600<256>; constexpr std::size_t Lambda = 40; @@ -67,7 +67,7 @@ BOOST_AUTO_TEST_CASE(blueprint_variable_base_decomposition_edward25519) { using AssignmentType = zk::blueprint_assignment_table; using component_type = zk::components::reduction; - std::vector public_input = {1,1,1,1,1,1,1,1}; + std::vector public_input = {0,0,0,0,0,0,0,1}; std::array input_state_var = {var(0, 0, false, var::column_type::public_input), var(0, 1, false, var::column_type::public_input), var(0, 2, false, var::column_type::public_input), @@ -80,7 +80,7 @@ BOOST_AUTO_TEST_CASE(blueprint_variable_base_decomposition_edward25519) { typename component_type::params_type params = {input_state_var}; auto result_check = [](AssignmentType &assignment, component_type::result_type &real_res) { - // std::cout<( diff --git a/test/non_native/plonk/signatures_verification.cpp b/test/non_native/plonk/signatures_verification.cpp new file mode 100644 index 0000000000..b52b8df35c --- /dev/null +++ b/test/non_native/plonk/signatures_verification.cpp @@ -0,0 +1,354 @@ +//---------------------------------------------------------------------------// +// Copyright (c) 2022 Alisa Cherniaeva +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +//---------------------------------------------------------------------------// + +#define BOOST_TEST_MODULE blueprint_plonk_signatures_verification_test + +#include + +#include +#include +#include + +#include +#include + +#include +#include +#include + +#include + +#include +#include +#include +#include + +#include "../../test_plonk_component.hpp" + +using namespace nil::crypto3; + +BOOST_AUTO_TEST_SUITE(blueprint_plonk_test_suite) + +template +typename ed25519_type::scalar_field_type::value_type sha512(typename ed25519_type::template g1_type::value_type R, + typename ed25519_type::template g1_type::value_type pk, std::array M) { + std::array + round_constant = { + 0x428a2f98d728ae22_cppui64, 0x7137449123ef65cd_cppui64, 0xb5c0fbcfec4d3b2f_cppui64, 0xe9b5dba58189dbbc_cppui64, + 0x3956c25bf348b538_cppui64, 0x59f111f1b605d019_cppui64, 0x923f82a4af194f9b_cppui64, 0xab1c5ed5da6d8118_cppui64, + 0xd807aa98a3030242_cppui64, 0x12835b0145706fbe_cppui64, 0x243185be4ee4b28c_cppui64, 0x550c7dc3d5ffb4e2_cppui64, + 0x72be5d74f27b896f_cppui64, 0x80deb1fe3b1696b1_cppui64, 0x9bdc06a725c71235_cppui64, 0xc19bf174cf692694_cppui64, + 0xe49b69c19ef14ad2_cppui64, 0xefbe4786384f25e3_cppui64, 0x0fc19dc68b8cd5b5_cppui64, 0x240ca1cc77ac9c65_cppui64, + 0x2de92c6f592b0275_cppui64, 0x4a7484aa6ea6e483_cppui64, 0x5cb0a9dcbd41fbd4_cppui64, 0x76f988da831153b5_cppui64, + 0x983e5152ee66dfab_cppui64, 0xa831c66d2db43210_cppui64, 0xb00327c898fb213f_cppui64, 0xbf597fc7beef0ee4_cppui64, + 0xc6e00bf33da88fc2_cppui64, 0xd5a79147930aa725_cppui64, 0x06ca6351e003826f_cppui64, 0x142929670a0e6e70_cppui64, + 0x27b70a8546d22ffc_cppui64, 0x2e1b21385c26c926_cppui64, 0x4d2c6dfc5ac42aed_cppui64, 0x53380d139d95b3df_cppui64, + 0x650a73548baf63de_cppui64, 0x766a0abb3c77b2a8_cppui64, 0x81c2c92e47edaee6_cppui64, 0x92722c851482353b_cppui64, + 0xa2bfe8a14cf10364_cppui64, 0xa81a664bbc423001_cppui64, 0xc24b8b70d0f89791_cppui64, 0xc76c51a30654be30_cppui64, + 0xd192e819d6ef5218_cppui64, 0xd69906245565a910_cppui64, 0xf40e35855771202a_cppui64, 0x106aa07032bbd1b8_cppui64, + 0x19a4c116b8d2d0c8_cppui64, 0x1e376c085141ab53_cppui64, 0x2748774cdf8eeb99_cppui64, 0x34b0bcb5e19b48a8_cppui64, + 0x391c0cb3c5c95a63_cppui64, 0x4ed8aa4ae3418acb_cppui64, 0x5b9cca4f7763e373_cppui64, 0x682e6ff3d6b2b8a3_cppui64, + 0x748f82ee5defb2fc_cppui64, 0x78a5636f43172f60_cppui64, 0x84c87814a1f0ab72_cppui64, 0x8cc702081a6439ec_cppui64, + 0x90befffa23631e28_cppui64, 0xa4506cebde82bde9_cppui64, 0xbef9a3f7b2c67915_cppui64, 0xc67178f2e372532b_cppui64, + 0xca273eceea26619c_cppui64, 0xd186b8c721c0c207_cppui64, 0xeada7dd6cde0eb1e_cppui64, 0xf57d4f7fee6ed178_cppui64, + 0x06f067aa72176fba_cppui64, 0x0a637dc5a2c898a6_cppui64, 0x113f9804bef90dae_cppui64, 0x1b710b35131c471b_cppui64, + 0x28db77f523047d84_cppui64, 0x32caab7b40c72493_cppui64, 0x3c9ebe0a15c9bebc_cppui64, 0x431d67c49c100d4c_cppui64, + 0x4cc5d4becb3e42b6_cppui64, 0x597f299cfc657e2a_cppui64, 0x5fcb6fab3ad6faec_cppui64, 0x6c44198c4a475817_cppui64}; + + std::array message_schedule_array; + std::array public_input = {0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1, + 0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179}; + typename ed25519_type::base_field_type::integral_type one = 1; + typename ed25519_type::base_field_type::integral_type mask = (one << 64) - 1; + typename ed25519_type::base_field_type::integral_type Rx = typename ed25519_type::base_field_type::integral_type(R.X.data); + typename ed25519_type::base_field_type::integral_type Ry = typename ed25519_type::base_field_type::integral_type(R.Y.data); + typename ed25519_type::base_field_type::integral_type pkx = typename ed25519_type::base_field_type::integral_type(pk.X.data); + typename ed25519_type::base_field_type::integral_type pky = typename ed25519_type::base_field_type::integral_type(pk.Y.data); + message_schedule_array[0] = Rx & mask; + message_schedule_array[1] = (Rx >> 64) & mask; + message_schedule_array[2] = (Rx >> 128) & mask; + message_schedule_array[3] = ((Rx >> 192) & mask) + (Ry & 1) * (one << 63); + message_schedule_array[4] = (Ry >> 1) & mask; + message_schedule_array[5] = (Ry >> 65) & mask; + message_schedule_array[6] = (Ry >> 129) & mask; + message_schedule_array[7] = ((Ry >> 193) & mask) + (pkx & 3) * (one << 62); + message_schedule_array[8] = (pkx >> 2) & mask; + message_schedule_array[9] = (pkx >> 66) & mask; + message_schedule_array[10] = (pkx >> 130) & mask; + message_schedule_array[11] = ((pkx >> 194) & mask) + (pky & 7) * (one << 61); + message_schedule_array[12] = (pky >> 3) & mask; + message_schedule_array[13] = (pky >> 67) & mask; + message_schedule_array[14] = (pky >> 131) & mask; + message_schedule_array[15] = ((pky >> 195) & mask) + (M[0] & 15) * (one << 60); + for(std::size_t i = 16; i < 80; i ++){ + typename ed25519_type::base_field_type::integral_type s0 = ((message_schedule_array[i - 15] >> 1)|((message_schedule_array[i - 15] << (64 - 1)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) ^ + ((message_schedule_array[i - 15] >> 8)|((message_schedule_array[i - 15] << (64 - 8)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) + ^ (message_schedule_array[i - 15] >> 7); + typename ed25519_type::base_field_type::integral_type s1 = ((message_schedule_array[i - 2] >> 19)|((message_schedule_array[i - 2] << (64 - 19)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) ^ + ((message_schedule_array[i - 2] >> 61)|((message_schedule_array[i - 2] << (64 - 61)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) + ^ (message_schedule_array[i - 2] >> 6); + message_schedule_array[i] = (message_schedule_array[i - 16] + s0 + s1 + message_schedule_array[i - 7])% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data); + } + typename ed25519_type::base_field_type::integral_type a = typename ed25519_type::base_field_type::integral_type(public_input[0]); + typename ed25519_type::base_field_type::integral_type b = typename ed25519_type::base_field_type::integral_type(public_input[1]); + typename ed25519_type::base_field_type::integral_type c = typename ed25519_type::base_field_type::integral_type(public_input[2]); + typename ed25519_type::base_field_type::integral_type d = typename ed25519_type::base_field_type::integral_type(public_input[3]); + typename ed25519_type::base_field_type::integral_type e = typename ed25519_type::base_field_type::integral_type(public_input[4]); + typename ed25519_type::base_field_type::integral_type f = typename ed25519_type::base_field_type::integral_type(public_input[5]); + typename ed25519_type::base_field_type::integral_type g = typename ed25519_type::base_field_type::integral_type(public_input[6]); + typename ed25519_type::base_field_type::integral_type h = typename ed25519_type::base_field_type::integral_type(public_input[7]); + for(std::size_t i = 0; i < 80; i ++){ + typename ed25519_type::base_field_type::integral_type S0 = ((a >> 28)|((a << (64 - 28)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) ^ + ((a >> 34)|((a << (64 - 34)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) + ^ ((a >> 39)|((a << (64 - 39)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))); + + typename ed25519_type::base_field_type::integral_type S1 = ((e >> 14)|((e << (64 - 14)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) ^ + ((e >> 18)|((e << (64 - 18)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) + ^ ((e >> 41)|((e << (64 - 41)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))); + + typename ed25519_type::base_field_type::integral_type maj = (a & b) ^ (a & c) ^ (b & c); + typename ed25519_type::base_field_type::integral_type ch = (e & f) ^ ((~e)& g); + typename ed25519_type::base_field_type::integral_type tmp1 = h + S1 + ch + round_constant[i] + message_schedule_array[i]; + typename ed25519_type::base_field_type::integral_type tmp2 = S0 + maj; + h = g; + g = f; + f = e; + e = (d + tmp1)% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data); + d = c; + c = b; + b = a; + a = (tmp1 + tmp2)% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data); + } + std::array output_state = {(a + typename ed25519_type::base_field_type::integral_type(public_input[0]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (b + typename ed25519_type::base_field_type::integral_type(public_input[1]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (c + typename ed25519_type::base_field_type::integral_type(public_input[2]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (d + typename ed25519_type::base_field_type::integral_type(public_input[3]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (e + typename ed25519_type::base_field_type::integral_type(public_input[4]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (f + typename ed25519_type::base_field_type::integral_type(public_input[5]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (g + typename ed25519_type::base_field_type::integral_type(public_input[6]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (h + typename ed25519_type::base_field_type::integral_type(public_input[7]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data)}; + typename ed25519_type::base_field_type::integral_type bits_amount = 255*4+256; + message_schedule_array[0] = ((M[0] >> 4) & mask) + (M[1] & 3) * (one << 62); + message_schedule_array[1] = (M[1] >> 2) & mask; + message_schedule_array[2] = M[2] & mask; + message_schedule_array[3] = ((M[2] >> 64) + (M[3]) * (one << 2) + 1 * (one << 60)) << 3; + message_schedule_array[4] = 0; + message_schedule_array[5] = 0; + message_schedule_array[6] = 0; + message_schedule_array[7] = 0; + message_schedule_array[8] = 0; + message_schedule_array[9] = 0; + message_schedule_array[10] = 0; + message_schedule_array[11] = 0; + message_schedule_array[12] = 0; + message_schedule_array[13] = 0; + message_schedule_array[14] = 0; + message_schedule_array[15] = bits_amount; + for(std::size_t i = 16; i < 80; i ++){ + typename ed25519_type::base_field_type::integral_type s0 = ((message_schedule_array[i - 15] >> 1)|((message_schedule_array[i - 15] << (64 - 1)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) ^ + ((message_schedule_array[i - 15] >> 8)|((message_schedule_array[i - 15] << (64 - 8)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) + ^ (message_schedule_array[i - 15] >> 7); + typename ed25519_type::base_field_type::integral_type s1 = ((message_schedule_array[i - 2] >> 19)|((message_schedule_array[i - 2] << (64 - 19)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) ^ + ((message_schedule_array[i - 2] >> 61)|((message_schedule_array[i - 2] << (64 - 61)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) + ^ (message_schedule_array[i - 2] >> 6); + message_schedule_array[i] = (message_schedule_array[i - 16] + s0 + s1 + message_schedule_array[i - 7])% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data); + } + a = typename ed25519_type::base_field_type::integral_type(output_state[0]); + b = typename ed25519_type::base_field_type::integral_type(output_state[1]); + c = typename ed25519_type::base_field_type::integral_type(output_state[2]); + d = typename ed25519_type::base_field_type::integral_type(output_state[3]); + e = typename ed25519_type::base_field_type::integral_type(output_state[4]); + f = typename ed25519_type::base_field_type::integral_type(output_state[5]); + g = typename ed25519_type::base_field_type::integral_type(output_state[6]); + h = typename ed25519_type::base_field_type::integral_type(output_state[7]); + for(std::size_t i = 0; i < 80; i ++){ + typename ed25519_type::base_field_type::integral_type S0 = ((a >> 28)|((a << (64 - 28)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) ^ + ((a >> 34)|((a << (64 - 34)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) + ^ ((a >> 39)|((a << (64 - 39)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))); + + typename ed25519_type::base_field_type::integral_type S1 = ((e >> 14)|((e << (64 - 14)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) ^ + ((e >> 18)|((e << (64 - 18)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))) + ^ ((e >> 41)|((e << (64 - 41)) + & typename ed25519_type::base_field_type::integral_type((typename ed25519_type::base_field_type::value_type(2).pow(64) - 1).data))); + + typename ed25519_type::base_field_type::integral_type maj = (a & b) ^ (a & c) ^ (b & c); + typename ed25519_type::base_field_type::integral_type ch = (e & f) ^ ((~e)& g); + typename ed25519_type::base_field_type::integral_type tmp1 = h + S1 + ch + round_constant[i] + message_schedule_array[i]; + typename ed25519_type::base_field_type::integral_type tmp2 = S0 + maj; + h = g; + g = f; + f = e; + e = (d + tmp1)% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data); + d = c; + c = b; + b = a; + a = (tmp1 + tmp2)% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data); + } + std::array result_state1 = {(a + typename ed25519_type::base_field_type::integral_type(output_state[0]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (b + typename ed25519_type::base_field_type::integral_type(output_state[1]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (c + typename ed25519_type::base_field_type::integral_type(output_state[2]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (d + typename ed25519_type::base_field_type::integral_type(output_state[3]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (e + typename ed25519_type::base_field_type::integral_type(output_state[4]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (f + typename ed25519_type::base_field_type::integral_type(output_state[5]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (g + typename ed25519_type::base_field_type::integral_type(output_state[6]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data), + (h + typename ed25519_type::base_field_type::integral_type(output_state[7]))% + typename ed25519_type::base_field_type::integral_type(typename ed25519_type::base_field_type::value_type(2).pow(64).data)}; + typename ed25519_type::scalar_field_type::value_type two = 2; + typename ed25519_type::scalar_field_type::value_type res = result_state1[0] + result_state1[1] * two.pow(64) + result_state1[2] * two.pow(128) + + result_state1[3] * two.pow(192) + result_state1[4] * two.pow(256) + result_state1[5] * two.pow(320) + result_state1[6] * two.pow(384) + + result_state1[7] * two.pow(448); + + return res; + } + +BOOST_AUTO_TEST_CASE(blueprint_signatures_verification) { + auto start = std::chrono::high_resolution_clock::now(); + + using curve_type = algebra::curves::pallas; + using ed25519_type = algebra::curves::ed25519; + using BlueprintFieldType = typename curve_type::base_field_type; + constexpr std::size_t WitnessColumns = 9; + constexpr std::size_t PublicInputColumns = 1; + constexpr std::size_t ConstantColumns = 1; + constexpr std::size_t SelectorColumns = 21; + using ArithmetizationParams = + zk::snark::plonk_arithmetization_params; + using ArithmetizationType = zk::snark::plonk_constraint_system; + using AssignmentType = zk::blueprint_assignment_table; + using hash_type = nil::crypto3::hashes::keccak_1600<256>; + constexpr std::size_t Lambda = 1; + + using var = zk::snark::plonk_variable; + constexpr const std::size_t k = 1; + using component_type = zk::components::signatures_verification; + using ed25519_component = zk::components::eddsa25519; + using var_ec_point = typename ed25519_component::params_type::var_ec_point; + using signature = typename ed25519_component::params_type::signature; + + ed25519_type::template g1_type::value_type B = + ed25519_type::template g1_type::value_type::one(); + auto M = 0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001_cppui256; + + std::vector public_input; + typename ed25519_type::base_field_type::integral_type base = 1; + typename ed25519_type::base_field_type::integral_type mask = (base << 66) - 1; + std::array Signatures; + std::array Public_keys; + std::array::value_type, k> Signatures_point; + std::array Signatures_scalar; + std::array::value_type, k> Public_keys_values; + for(std::size_t i = 0; i < k; i++) { + ed25519_type::scalar_field_type::value_type r = algebra::random_element(); + ed25519_type::scalar_field_type::value_type c = algebra::random_element(); + ed25519_type::template g1_type::value_type R = r*B; + Signatures_point[i] = R; + ed25519_type::template g1_type::value_type P = c*B; + Public_keys_values[i] = P; + auto sha_output = sha512(R, P, {ed25519_type::base_field_type::integral_type(M & mask), ed25519_type::base_field_type::integral_type((M >> 66) & mask) + , ed25519_type::base_field_type::integral_type((M >> 132) & mask), ed25519_type::base_field_type::integral_type((M >> 198) & mask)}); + ed25519_type::scalar_field_type::value_type s = r + sha_output*c; + Signatures_scalar[i] = s; + ed25519_type::base_field_type::integral_type Rx = ed25519_type::base_field_type::integral_type(R.X.data); + ed25519_type::base_field_type::integral_type Ry = ed25519_type::base_field_type::integral_type(R.Y.data); + ed25519_type::base_field_type::integral_type Px = ed25519_type::base_field_type::integral_type(P.X.data); + ed25519_type::base_field_type::integral_type Py = ed25519_type::base_field_type::integral_type(P.Y.data); + public_input.insert(public_input.end(), {Rx & mask, (Rx >> 66) & mask, (Rx >> 132) & mask, (Rx >> 198) & mask, + Ry & mask, (Ry >> 66) & mask, (Ry >> 132) & mask, (Ry >> 198) & mask, typename BlueprintFieldType::integral_type(s.data), + Px & mask, (Px >> 66) & mask, (Px >> 132) & mask, (Px >> 198) & mask, + Py & mask, (Py >> 66) & mask, (Py >> 132) & mask, (Py >> 198) & mask}); + std::array e_R_x = {var(0, i*17 + 0, false, var::column_type::public_input), var(0, i*17 + 1, false, var::column_type::public_input), + var(0, i*17 + 2, false, var::column_type::public_input), var(0, i*17 + 3, false, var::column_type::public_input)}; + std::array e_R_y = {var(0, i*17 + 4, false, var::column_type::public_input), var(0, i*17 + 5, false, var::column_type::public_input), + var(0, i*17 + 6, false, var::column_type::public_input), var(0, i*17 + 7, false, var::column_type::public_input)}; + var_ec_point R_i = {e_R_x, e_R_y}; + var e_s = var(0, i*17 + 8, false, var::column_type::public_input); + Signatures[i] = {R_i, e_s}; + std::array pk_x = {var(0, i*17 + 9, false, var::column_type::public_input), var(0, i*17 + 10, false, var::column_type::public_input), + var(0, i*17 + 11, false, var::column_type::public_input), var(0, i*17 + 12, false, var::column_type::public_input)}; + std::array pk_y = {var(0, i*17 + 13, false, var::column_type::public_input), var(0, i*17 + 14, false, var::column_type::public_input), + var(0, i*17 + 15, false, var::column_type::public_input), var(0, i*17 + 16, false, var::column_type::public_input)}; + Public_keys[i] = {pk_x, pk_y}; + } + public_input.insert(public_input.end(), {ed25519_type::base_field_type::integral_type(M & mask), ed25519_type::base_field_type::integral_type((M >> 66) & mask) + , ed25519_type::base_field_type::integral_type((M >> 132) & mask), ed25519_type::base_field_type::integral_type((M >> 198) & mask)}); + + std::array M_var = {var(0, k*17, false, var::column_type::public_input), var(0, k*17 + 1, false, var::column_type::public_input), + var(0, k*17 + 2, false, var::column_type::public_input), var(0, k*17 + 3, false, var::column_type::public_input)}; + + + typename component_type::params_type params = {Signatures, Public_keys, M_var}; + + auto result_check = [](AssignmentType &assignment, + component_type::result_type &real_res) { + }; + + test_component(params, public_input, result_check); + + auto duration = std::chrono::duration_cast(std::chrono::high_resolution_clock::now() - start); + std::cout << "Time_execution: " << duration.count() << "ms" << std::endl; +} + +BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file