tornadocash/snarkjs
1
0
Fork 0
mirror of https://github.com/tornadocash/snarkjs.git synced 2024-06-26 03:16:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

bls12-381 all working

Browse Source
This commit is contained in:
Jordi Baylina 2020-06-30 21:39:25 +02:00
parent 6b08298526
commit 1d3ad357c1
No known key found for this signature in database
GPG Key ID: 7480C80C1BE43112
9 changed files with 36 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cli.js
View File

@ -916,7 +916,7 @@ async function zkeyChallangeContribute(params, options) {
let challangeName;
let responseName;
const curve = curves.getCurveFromName(params[0]);
const curve = await curves.getCurveFromName(params[0]);
challangeName = params[1];

2
src/mpc_applykey.js
View File

@ -26,7 +26,7 @@ async function applyKeyToSection(fdOld, sections, fdNew, idSection, curve, group
buff = await fdOld.read(n*sG);
buff = await G.batchApplyKey(buff, t, inc);
await fdNew.write(buff);
t = curve.Fr.mul(t, curve.Fr.pow(inc, n));
t = curve.Fr.mul(t, curve.Fr.exp(inc, n));
}
await binFileUtils.endWriteSection(fdNew);

11
src/zkey_beacon.js
View File

@ -33,8 +33,7 @@ module.exports = async function beacon(zkeyNameOld, zkeyNameNew, name, numIterat
const {fd: fdOld, sections: sections} = await binFileUtils.readBinFile(zkeyNameOld, "zkey", 2);
const zkey = await zkeyUtils.readHeader(fdOld, sections, "groth16");
const curve = getCurve(zkey.q);
await curve.loadEngine();
const curve = await getCurve(zkey.q);
const mpcParams = await zkeyUtils.readMPCParams(fdOld, curve, sections);
@ -52,15 +51,15 @@ module.exports = async function beacon(zkeyNameOld, zkeyNameNew, name, numIterat
curContribution.delta = {};
curContribution.delta.prvKey = curve.Fr.fromRng(rng);
curContribution.delta.g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
curContribution.delta.g1_sx = curve.G1.toAffine(curve.G1.timesScalar(curContribution.delta.g1_s, curContribution.delta.prvKey));
curContribution.delta.g1_sx = curve.G1.toAffine(curve.G1.timesFr(curContribution.delta.g1_s, curContribution.delta.prvKey));
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_s);
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_sx);
curContribution.transcript = transcriptHasher.digest();
curContribution.delta.g2_sp = hashToG2(curve, curContribution.transcript);
curContribution.delta.g2_spx = curve.G2.toAffine(curve.G2.timesScalar(curContribution.delta.g2_sp, curContribution.delta.prvKey));
curContribution.delta.g2_spx = curve.G2.toAffine(curve.G2.timesFr(curContribution.delta.g2_sp, curContribution.delta.prvKey));
zkey.vk_delta_1 = curve.G1.timesScalar(zkey.vk_delta_1, curContribution.delta.prvKey);
zkey.vk_delta_2 = curve.G2.timesScalar(zkey.vk_delta_2, curContribution.delta.prvKey);
zkey.vk_delta_1 = curve.G1.timesFr(zkey.vk_delta_1, curContribution.delta.prvKey);
zkey.vk_delta_2 = curve.G2.timesFr(zkey.vk_delta_2, curContribution.delta.prvKey);
curContribution.deltaAfter = zkey.vk_delta_1;

8
src/zkey_challangecontribute.js
View File

@ -44,10 +44,10 @@ async function challangeContribute(curve, challangeFilename, responesFileName, e
await copy(sG2); // beta2
await copy(sG2); // gamma2
const oldDelta1 = await readG1();
const delta1 = curve.G1.timesScalar(oldDelta1, delta);
const delta1 = curve.G1.timesFr(oldDelta1, delta);
await writeG1(delta1);
const oldDelta2 = await readG2();
const delta2 = curve.G2.timesScalar(oldDelta2, delta);
const delta2 = curve.G2.timesFr(oldDelta2, delta);
await writeG2(delta2);
// IC
@ -108,12 +108,12 @@ async function challangeContribute(curve, challangeFilename, responesFileName, e
curContribution.delta = {};
curContribution.delta.prvKey = delta;
curContribution.delta.g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
curContribution.delta.g1_sx = curve.G1.toAffine(curve.G1.timesScalar(curContribution.delta.g1_s, delta));
curContribution.delta.g1_sx = curve.G1.toAffine(curve.G1.timesFr(curContribution.delta.g1_s, delta));
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_s);
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_sx);
curContribution.transcript = transcriptHasher.digest();
curContribution.delta.g2_sp = hashToG2(curve, curContribution.transcript);
curContribution.delta.g2_spx = curve.G2.toAffine(curve.G2.timesScalar(curContribution.delta.g2_sp, delta));
curContribution.delta.g2_spx = curve.G2.toAffine(curve.G2.timesFr(curContribution.delta.g2_sp, delta));
curContribution.deltaAfter = delta1;
curContribution.type = 0;
mpcParams.contributions.push(curContribution);

11
src/zkey_contribute.js
View File

@ -14,8 +14,7 @@ module.exports = async function phase2contribute(zkeyNameOld, zkeyNameNew, name
const {fd: fdOld, sections: sections} = await binFileUtils.readBinFile(zkeyNameOld, "zkey", 2);
const zkey = await zkeyUtils.readHeader(fdOld, sections, "groth16");
const curve = getCurve(zkey.q);
await curve.loadEngine();
const curve = await getCurve(zkey.q);
const mpcParams = await zkeyUtils.readMPCParams(fdOld, curve, sections);
@ -34,15 +33,15 @@ module.exports = async function phase2contribute(zkeyNameOld, zkeyNameNew, name
curContribution.delta = {};
curContribution.delta.prvKey = curve.Fr.fromRng(rng);
curContribution.delta.g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
curContribution.delta.g1_sx = curve.G1.toAffine(curve.G1.timesScalar(curContribution.delta.g1_s, curContribution.delta.prvKey));
curContribution.delta.g1_sx = curve.G1.toAffine(curve.G1.timesFr(curContribution.delta.g1_s, curContribution.delta.prvKey));
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_s);
utils.hashG1(transcriptHasher, curve, curContribution.delta.g1_sx);
curContribution.transcript = transcriptHasher.digest();
curContribution.delta.g2_sp = hashToG2(curve, curContribution.transcript);
curContribution.delta.g2_spx = curve.G2.toAffine(curve.G2.timesScalar(curContribution.delta.g2_sp, curContribution.delta.prvKey));
curContribution.delta.g2_spx = curve.G2.toAffine(curve.G2.timesFr(curContribution.delta.g2_sp, curContribution.delta.prvKey));
zkey.vk_delta_1 = curve.G1.timesScalar(zkey.vk_delta_1, curContribution.delta.prvKey);
zkey.vk_delta_2 = curve.G2.timesScalar(zkey.vk_delta_2, curContribution.delta.prvKey);
zkey.vk_delta_1 = curve.G1.timesFr(zkey.vk_delta_1, curContribution.delta.prvKey);
zkey.vk_delta_2 = curve.G2.timesFr(zkey.vk_delta_2, curContribution.delta.prvKey);
curContribution.deltaAfter = zkey.vk_delta_1;

5
src/zkey_export_bellman.js
View File

@ -9,8 +9,7 @@ module.exports = async function phase2exportMPCParams(zkeyName, mpcparamsName,
const {fd: fdZKey, sections: sectionsZKey} = await binFileUtils.readBinFile(zkeyName, "zkey", 2);
const zkey = await zkeyUtils.readHeader(fdZKey, sectionsZKey, "groth16");
const curve = getCurve(zkey.q);
await curve.loadEngine();
const curve = await getCurve(zkey.q);
const sG1 = curve.G1.F.n8*2;
const sG2 = curve.G2.F.n8*2;
@ -42,7 +41,7 @@ module.exports = async function phase2exportMPCParams(zkeyName, mpcparamsName,
let buffBasesH_Tau;
buffBasesH_Tau = await curve.G1.fft(buffBasesH_Lodd, "affine", "jacobian", verbose ? console.log : undefined);
buffBasesH_Tau = await curve.G1.batchApplyKey(buffBasesH_Tau, curve.Fr.neg(curve.Fr.e(2)), curve.PFr.w[zkey.power+1], "jacobian", "affine", verbose ? console.log : undefined);
buffBasesH_Tau = await curve.G1.batchApplyKey(buffBasesH_Tau, curve.Fr.neg(curve.Fr.e(2)), curve.Fr.w[zkey.power+1], "jacobian", "affine", verbose ? console.log : undefined);
// Remove last element. (The degree of H will be allways m-2)
buffBasesH_Tau = buffBasesH_Tau.slice(0, buffBasesH_Tau.byteLength - sG1);

15
src/zkey_import_bellman.js
View File

@ -9,8 +9,7 @@ module.exports = async function phase2importMPCParams(zkeyNameOld, mpcparamsNam
const {fd: fdZKeyOld, sections: sectionsZKeyOld} = await binFileUtils.readBinFile(zkeyNameOld, "zkey", 2);
const zkeyHeader = await zkeyUtils.readHeader(fdZKeyOld, sectionsZKeyOld, "groth16");
const curve = getCurve(zkeyHeader.q);
await curve.loadEngine();
const curve = await getCurve(zkeyHeader.q);
const sG1 = curve.G1.F.n8*2;
const sG2 = curve.G2.F.n8*2;
@ -39,6 +38,16 @@ module.exports = async function phase2importMPCParams(zkeyNameOld, mpcparamsNam
c.delta.g1_sx = await readG1(fdMPCParams);
c.delta.g2_spx = await readG2(fdMPCParams);
c.transcript = await fdMPCParams.read(64);
if (i<oldMPCParams.contributions.length) {
c.type = oldMPCParams.contributions[i].type;
if (c.type==1) {
c.beaconHash = oldMPCParams.contributions[i].beaconHash;
c.numIterationsExp = oldMPCParams.contributions[i].numIterationsExp;
}
if (oldMPCParams.contributions[i].name) {
c.name = oldMPCParams.contributions[i].name;
}
}
newMPCParams.contributions.push(c);
}
@ -98,7 +107,7 @@ module.exports = async function phase2importMPCParams(zkeyNameOld, mpcparamsNam
buffH = new Uint8Array(zkeyHeader.domainSize*sG1);
buffH.set(buffTauLEM); // Let the last one to zero.
const n2Inv = curve.Fr.neg(curve.Fr.inv(curve.Fr.e(2)));
const wInv = curve.Fr.inv(curve.PFr.w[zkeyHeader.power+1]);
const wInv = curve.Fr.inv(curve.Fr.w[zkeyHeader.power+1]);
buffH = await curve.G1.batchApplyKey(buffH, n2Inv, wInv, "affine", "jacobian", verbose ? console.log : undefined);
buffH = await curve.G1.ifft(buffH, "jacobian", "affine", verbose ? console.log : undefined);
await binFileUtils.startWriteSection(fdZKeyNew, 9);

2
src/zkey_utils.js
View File

@ -46,7 +46,7 @@ async function writeHeader(fd, zkey) {
// Write the Groth header section
///////////
const curve = getCurve(zkey.q);
const curve = await getCurve(zkey.q);
await binFileUtils.startWriteSection(fd, 2);
const primeQ = curve.q;

11
src/zkey_verify.js
View File

@ -20,8 +20,7 @@ module.exports = async function phase2verify(r1csFileName, pTauFileName, zkeyFi
const {fd, sections} = await binFileUtils.readBinFile(zkeyFileName, "zkey", 2);
const zkey = await zkeyUtils.readHeader(fd, sections, "groth16");
const curve = getCurve(zkey.q);
await curve.loadEngine();
const curve = await getCurve(zkey.q);
const sG1 = curve.G1.F.n8*2;
const sG2 = curve.G2.F.n8*2;
@ -60,7 +59,7 @@ module.exports = async function phase2verify(r1csFileName, pTauFileName, zkeyFi
const rng = misc.rngFromBeaconParams(c.beaconHash, c.numIterationsExp);
const expected_prvKey = curve.Fr.fromRng(rng);
const expected_g1_s = curve.G1.toAffine(curve.G1.fromRng(rng));
const expected_g1_sx = curve.G1.toAffine(curve.G1.timesScalar(expected_g1_s, expected_prvKey));
const expected_g1_sx = curve.G1.toAffine(curve.G1.timesFr(expected_g1_s, expected_prvKey));
if (curve.G1.eq(expected_g1_s, c.delta.g1_s) !== true) {
console.log(`INVALID(${i}): Key of the beacon does not match. g1_s `);
return false;
@ -288,7 +287,7 @@ module.exports = async function phase2verify(r1csFileName, pTauFileName, zkeyFi
// Works*2 const first = curve.Fr.neg(curve.Fr.e(2));
const first = curve.Fr.neg(curve.Fr.e(2));
// const inc = curve.Fr.inv(curve.PFr.w[zkey.power+1]);
const inc = curve.PFr.w[zkey.power+1];
const inc = curve.Fr.w[zkey.power+1];
buff_r = await curve.Fr.batchApplyKey(buff_r, first, inc);
buff_r = await curve.Fr.fft(buff_r);
buff_r = await curve.Fr.batchFromMontgomery(buff_r);
@ -317,7 +316,7 @@ module.exports = async function phase2verify(r1csFileName, pTauFileName, zkeyFi
async function batchSubstract(buff1, buff2) {
const sG = curve.G1.F.n8*2;
const nPoints = buff1.byteLength / sG;
const concurrency= curve.engine.concurrency;
const concurrency= curve.tm.concurrency;
const nPointsPerThread = Math.floor(nPoints / concurrency);
const opPromises = [];
for (let i=0; i<concurrency; i++) {
@ -374,7 +373,7 @@ module.exports = async function phase2verify(r1csFileName, pTauFileName, zkeyFi
]});
task.push({cmd: "GET", out: 0, var: 2, len: nPoints*sG1});
const res = await curve.engine.queueAction(task);
const res = await curve.tm.queueAction(task);
return res;
}