Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: public key compression #77

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Prev Previous commit
Next Next commit
fix binary decomposition
  • Loading branch information
RajeshRk18 committed Dec 9, 2023
commit 74f30c297b341b1b77cb40698595f87f24076cd0
29 changes: 18 additions & 11 deletions circuits/circom/verify_nullifier.circom
Original file line number Diff line number Diff line change
@@ -30,7 +30,7 @@ template plume_v1(n, k, message_length) {
signal input q1_x_mapped[4];
signal input q1_y_mapped[4];

// compressing public key here to avoid compressing it twice in both `check_ec_equations1 and `sha256_12_coordinates`
// compressing public key here to avoid compressing it twice in both `check_ec_equations` and `sha256_12_coordinates`
component pk_compressor = compress_ec_point(n, k);
pk_compressor.uncompressed <== pk;

@@ -41,7 +41,8 @@ template plume_v1(n, k, message_length) {

check_ec_equations.c <== c;
check_ec_equations.s <== s;
check_ec_equations.pk <== pk_compressor.compressed;
check_ec_equations.pk <== pk;
check_ec_equations.pk_compressed <== pk_compressor.compressed;
check_ec_equations.nullifier <== nullifier;

check_ec_equations.plume_message <== plume_message;
@@ -127,6 +128,7 @@ template plume_v2(n, k, message_length) {

check_ec_equations.c <== c;
check_ec_equations.s <== s;
check_ec_equations.pk <== pk;
check_ec_equations.pk_compressed <== pk_compressor.compressed;
check_ec_equations.nullifier <== nullifier;

@@ -152,6 +154,7 @@ template check_ec_equations(n, k, message_length) {
signal input c[k];
signal input s[k];
signal input plume_message[message_length];
signal input pk[2][k];
signal input pk_compressed[33];
signal input nullifier[2][k];

@@ -181,14 +184,13 @@ template check_ec_equations(n, k, message_length) {
component s_point = ECDSAPrivToPub(n, k);
s_point.privkey <== s;

component r_point_comp = a_div_b_pow_c(n, k);
r_point_comp.a <== s_point.pubkey;
r_point_comp.b <== pk_compressed;
r_point_comp.c <== c;

// Calculate hash[m, pk]^r
// hash[m, pk]^r = hash[m, pk]^s / (hash[m, pk]^sk)^c
// Note this implicitly checks the second equation in the blog
component r_point_comp = a_div_b_pow_c(n, k);
r_point_comp.a <== s_point.pubkey;
r_point_comp.b <== pk;
r_point_comp.c <== c;

// Calculate hash[m, pk]^r
component hash_to_curve = HashToCurve(message_length + 33);
@@ -279,12 +281,15 @@ template sha256_12_coordinates(n, k) {
component binary[6*33];
for (var i = 0; i < 6; i++) { // for each compressor
for (var j = 0; j < 33; j++) { // for each byte
if (i == 1) {
binary[33*i + j] = Num2Bits(8);
binary[33*i + j].in <== pk_compressed[j];
if (i == 0) {
binary[j] = Num2Bits(8);
binary[j].in <== compressors[i].compressed[j];
} else if (i == 1) {
binary[33 + j] = Num2Bits(8);
binary[33 + j].in <== pk_compressed[j];
} else {
binary[33*i + j] = Num2Bits(8);
binary[33*i + j].in <== compressors[i].compressed[j];
binary[33*i + j].in <== compressors[i-1].compressed[j];
}
}
}
@@ -416,3 +421,5 @@ function get_geny(n, k) {
}
return ret;
}

component main = plume_v1(64, 4, 29);