Merge pull request #78 from plume-sig/13

Solve #13
plume-sig · Dec 9, 2023 · 42789dc · 42789dc
2 parents 3d91809 + 93e8844
commit 42789dc
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 12 deletions.
diff --git a/circuits/circom/test/sha256Circuit.test.ts b/circuits/circom/test/sha256Circuit.test.ts
@@ -65,10 +65,7 @@ describe("SHA256 Circuit", () => {
     const p = path.join(__dirname, "./circuits/12_point_sha_256_test.circom");
     const circuit = await wasm_tester(p, { json: true, sym: true });
 
-    const w = await circuit.calculateWitness(
-      { coordinates, preimage_bit_length: v1_sha256_preimage_bit_length },
-      true,
-    );
+    const w = await circuit.calculateWitness({ coordinates }, true);
     await circuit.checkConstraints(w);
     await circuit.assertOut(w, { out: v1_binary_c });
   });

diff --git a/circuits/circom/test/v1.test.ts b/circuits/circom/test/v1.test.ts
@@ -74,7 +74,6 @@ describe("V1 Circuit", () => {
       pk: pointToCircuitValue(Point.fromPrivateKey(testSecretKey)),
       nullifier: pointToCircuitValue(nullifier),
       ...htci,
-      sha256_preimage_bit_length: v1_sha256_preimage_bit_length,
     });
     await circuit.checkConstraints(w);
   });

diff --git a/circuits/circom/verify_nullifier.circom b/circuits/circom/verify_nullifier.circom
@@ -6,6 +6,7 @@ include "./node_modules/circom-ecdsa/circuits/secp256k1_func.circom";
 include "./node_modules/secp256k1_hash_to_curve_circom/circom/hash_to_curve.circom";
 include "./node_modules/secp256k1_hash_to_curve_circom/circom/Sha256.circom";
 include "./node_modules/circomlib/circuits/bitify.circom";
+include "./node_modules/circomlib/circuits/comparators.circom";
 
 // Verifies that a nullifier belongs to a specific public key \
 // This blog explains the intuition behind the construction https://blog.aayushg.com/posts/nullifier
@@ -29,9 +30,6 @@ template plume_v1(n, k, message_length) {
     signal input q1_x_mapped[4];
     signal input q1_y_mapped[4];
 
-    // precomputed value for the sha256 component. TODO: calculate internally in circom to simplify API
-    signal input sha256_preimage_bit_length;
-
     component check_ec_equations = check_ec_equations(n, k, message_length);
 
     check_ec_equations.c <== c;
@@ -58,7 +56,6 @@ template plume_v1(n, k, message_length) {
     var g[2][100];
     g[0] = get_genx(n, k);
     g[1] = get_geny(n, k);
-    c_sha256.preimage_bit_length <== sha256_preimage_bit_length;
 
     for (var i = 0; i < 2; i++) {
         for (var j = 0; j < k; j++) {
@@ -259,7 +256,6 @@ template a_div_b_pow_c(n, k) {
 
 template sha256_12_coordinates(n, k) {
     signal input coordinates[12][k];
-    signal input preimage_bit_length;
     signal output out[256];
 
     // compress coordinates
@@ -305,13 +301,18 @@ template sha256_12_coordinates(n, k) {
             sha256.padded_bits[i] <== sha256.msg[i];
         }
     }
-
+  
     component bit_length_binary = Num2Bits(64);
-    bit_length_binary.in <== preimage_bit_length;
+    bit_length_binary.in <== message_bits;
     for (var i = 0; i < 64; i++) {
         sha256.padded_bits[total_bits - i - 1] <== bit_length_binary.out[i];
     }
 
+    // feels like a needed check as `Num2Bits.in` doesn't participate in a quadratic constraint
+    component preimage_bit_length_check = ForceEqualIfEnabled();
+    preimage_bit_length_check.enabled <== 1;
+    preimage_bit_length_check.in <== [message_bits, bit_length_binary.in];
+
     out <== sha256.out;
 }