search

sCrypt-Inc / zokrates

A zero-knowledge proof toolbox on Bitcoin. A fork of zokrates (https://github.com/Zokrates/ZoKrates).
GNU Lesser General Public License v3.0
14 stars 1 forks source link

Sha256 arithmetic circuit #4

Closed xhliu closed 3 years ago

xhliu commented 3 years ago

not flattened, meaning not all constraints r add/mul.

To reproduce, use this zok code.

import "hashes/sha256/512bit" as sha256

def main(u32[16] hashMe, u32[8] h1):
  u32[8] h = sha256(hashMe[0..8], hashMe[8..16])
  assert(h == h1)
  return

and modify src

diff --git a/zokrates_core/src/compile.rs b/zokrates_core/src/compile.rs
index 093031ec..779f7006 100644
--- a/zokrates_core/src/compile.rs
+++ b/zokrates_core/src/compile.rs
@@ -193,6 +193,7 @@ pub fn compile<T: Field, E: Into<imports::Error>>(

     // flatten input program
     let program_flattened = Flattener::flatten(typed_ast, config);
+    println!("flattern: {}", program_flattened);

Then run cargo r -- compile -i sha256.zok > sha256.txt

In sha256.txt, u can find, e.g.,

_0 == ((((((1 _32) + (2 _31)) + ((4 _30) + (8 _29))) + (((16 _28) + (32 _27)) + ((64 _26) + (128 _25)))) + ((((256 _24) + (512 _23)) + ((1024 _22) + (2048 _21))) + (((4096 _20) + (8192 _19)) + ((16384 _18) + (32768 _17))))) + (((((65536 _16) + (131072 _15)) + ((262144 _14) + (524288 _13))) + (((1048576 _12) + (2097152 _11)) + ((4194304 _10) + (8388608 _9)))) + ((((16777216 _8) + (33554432 _7)) + ((67108864 _6) + (134217728 _5))) + (((268435456 _4) + (536870912 _3)) + ((1073741824 _2) + (2147483648 _1))))))

xhliu commented 3 years ago

Line 2380

_2352 = ((((((1 _121) + (2 _120)) + ((4 _119) + (8 _118))) + (((16 _117) + (32 _116)) + ((64 _115) + (128 _114)))) + ((((256 _113) + (512 _112)) + ((1024 _111) + (2048 _110))) + (((4096 _109) + (8192 _108)) + ((16384 _107) + (32768 _106))))) + (((((65536 _105) + (131072 _104)) + ((262144 _103) + (524288 _102))) + (((1048576 _101) + (2097152 _100)) + ((4194304 _99) + (8388608 _98)))) + ((((16777216 _97) + (33554432 _128)) + ((67108864 _127) + (134217728 _126))) + (((268435456 _125) + (536870912 _124)) + ((1073741824 _123) + (2147483648 _122))))))

Line 155071

_141685 = ((((((1 _141042) + (2 _141041)) + ((4 _141040) + (8 _141039))) + (((16 _141038) + (32 _141037)) + ((64 _141036) + (128 _141035)))) + ((((256 _141034) + (512 _141033)) + ((1024 _141032) + (2048 _141031))) + (((4096 _141030) + (8192 _141029)) + ((16384 _141028) + (32768 _141027))))) + (((((65536 _141026) + (131072 _141025)) + ((262144 _141024) + (524288 _141023))) + (((1048576 _141022) + (2097152 _141053)) + ((4194304 _141052) + (8388608 _141051)))) + ((((16777216 _141050) + (33554432 _141049)) + ((67108864 _141048) + (134217728 _141047))) + (((268435456 _141046) + (536870912 _141045)) + ((1073741824 _141044) + (2147483648 _141043))))))

xhliu commented 3 years ago

test.zok

import "hashes/sha256/512bitPacked" as sha256packed

def main(private field a, private field b, private field c, private field d):
    field[2] h = sha256packed([a, b, c, d])
    assert(h[0] == 263561599766550617289250058199814760685)
    assert(h[1] == 65303172752238645975888084098459749904)
    return

Inputs zokrates compute-witness -a 0 0 0 5