-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
First commit. Implements a 0k proof of key ownership on baby_jubjub i…
…n a ZkSnark and a series of EC libraries.
- Loading branch information
Louis Guthmann
committed
Nov 26, 2018
1 parent
b78fc1a
commit 9ca9b34
Showing
8 changed files
with
95 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| import "./baby_jubjub_curve_parameters.code" as params | ||
|
|
||
| def main(field u, field v, field x, field y) -> (field, field): | ||
| //https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Addition_on_twisted_Edwards_curves | ||
| d, a, gu, gv, zerou, zerov = params() | ||
|
|
||
| field du = (u*y + x*v) / (1 + d * u*v*x*y) | ||
| field dv = (v*y - a * u*x)/(1 - d * u*v*x*y) | ||
|
|
||
| return du, dv |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| import "./baby_jubjub_curve_parameters.code" as params | ||
|
|
||
| def main(field u, field v) -> (field): | ||
| // See appendix 3.3.1 of Zcash protocol specification: | ||
| // https://github.com/zcash/zips/blob/master/protocol/protocol.pdf | ||
| d, a, gu, gv, zerou, zerov = params() | ||
|
|
||
| field uu = u * u | ||
| field vv = v * v | ||
| field uuvv = uu * vv | ||
| a * uu + vv == 1 + d * uuvv | ||
| return 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| import "./baby_jubjub_curve_parameter_d.code" as dJ | ||
| import "./baby_jubjub_curve_parameter_a.code" as aJ | ||
|
|
||
| def main(field u, field v) -> (field): | ||
| // See appendix 3.3.1 of Zcash protocol specification: | ||
| // https://github.com/zcash/zips/blob/master/protocol/protocol.pdf | ||
| field uu = u * u | ||
| field vv = v * v | ||
| field uuvv = uu * vv | ||
| aJ() * uu + vv == 1 + dJ() * uuvv | ||
| return 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| import "./baby_jubjub_curve_addition.code" as add | ||
| import "./baby_jubjub_curve_parameters.code" as params | ||
| import "./baby_jubjub_curve_assert_on_curve.code" as assertOnCurve | ||
| import "../ZoKrates_primitives/isBooleanValue.code" as boolCheck | ||
|
|
||
| def main(field h255, field h254, field h253, field h252, field h251, field h250, field h249, field h248, field h247, field h246, field h245, field h244, field h243, field h242, field h241, field h240, field h239, field h238, field h237, field h236, field h235, field h234, field h233, field h232, field h231, field h230, field h229, field h228, field h227, field h226, field h225, field h224, field h223, field h222, field h221, field h220, field h219, field h218, field h217, field h216, field h215, field h214, field h213, field h212, field h211, field h210, field h209, field h208, field h207, field h206, field h205, field h204, field h203, field h202, field h201, field h200, field h199, field h198, field h197, field h196, field h195, field h194, field h193, field h192, field h191, field h190, field h189, field h188, field h187, field h186, field h185, field h184, field h183, field h182, field h181, field h180, field h179, field h178, field h177, field h176, field h175, field h174, field h173, field h172, field h171, field h170, field h169, field h168, field h167, field h166, field h165, field h164, field h163, field h162, field h161, field h160, field h159, field h158, field h157, field h156, field h155, field h154, field h153, field h152, field h151, field h150, field h149, field h148, field h147, field h146, field h145, field h144, field h143, field h142, field h141, field h140, field h139, field h138, field h137, field h136, field h135, field h134, field h133, field h132, field h131, field h130, field h129, field h128, field h127, field h126, field h125, field h124, field h123, field h122, field h121, field h120, field h119, field h118, field h117, field h116, field h115, field h114, field h113, field h112, field h111, field h110, field h109, field h108, field h107, field h106, field h105, field h104, field h103, field h102, field h101, field h100, field h99, field h98, field h97, field h96, field h95, field h94, field h93, field h92, field h91, field h90, field h89, field h88, field h87, field h86, field h85, field h84, field h83, field h82, field h81, field h80, field h79, field h78, field h77, field h76, field h75, field h74, field h73, field h72, field h71, field h70, field h69, field h68, field h67, field h66, field h65, field h64, field h63, field h62, field h61, field h60, field h59, field h58, field h57, field h56, field h55, field h54, field h53, field h52, field h51, field h50, field h49, field h48, field h47, field h46, field h45, field h44, field h43, field h42, field h41, field h40, field h39, field h38, field h37, field h36, field h35, field h34, field h33, field h32, field h31, field h30, field h29, field h28, field h27, field h26, field h25, field h24, field h23, field h22, field h21, field h20, field h19, field h18, field h17, field h16, field h15, field h14, field h13, field h12, field h11, field h10, field h9, field h8, field h7, field h6, field h5, field h4, field h3, field h2, field h1, field h0) -> (field, field): | ||
| field[256] array = [h0, h1, h2, h3, h4, h5, h6, h7, h8, h9, h10, h11, h12, h13, h14, h15, h16, h17, h18, h19, h20, h21, h22, h23, h24, h25, h26, h27, h28, h29, h30, h31, h32, h33, h34, h35, h36, h37, h38, h39, h40, h41, h42, h43, h44, h45, h46, h47, h48, h49, h50, h51, h52, h53, h54, h55, h56, h57, h58, h59, h60, h61, h62, h63, h64, h65, h66, h67, h68, h69, h70, h71, h72, h73, h74, h75, h76, h77, h78, h79, h80, h81, h82, h83, h84, h85, h86, h87, h88, h89, h90, h91, h92, h93, h94, h95, h96, h97, h98, h99, h100, h101, h102, h103, h104, h105, h106, h107, h108, h109, h110, h111, h112, h113, h114, h115, h116, h117, h118, h119, h120, h121, h122, h123, h124, h125, h126, h127, h128, h129, h130, h131, h132, h133, h134, h135, h136, h137, h138, h139, h140, h141, h142, h143, h144, h145, h146, h147, h148, h149, h150, h151, h152, h153, h154, h155, h156, h157, h158, h159, h160, h161, h162, h163, h164, h165, h166, h167, h168, h169, h170, h171, h172, h173, h174, h175, h176, h177, h178, h179, h180, h181, h182, h183, h184, h185, h186, h187, h188, h189, h190, h191, h192, h193, h194, h195, h196, h197, h198, h199, h200, h201, h202, h203, h204, h205, h206, h207, h208, h209, h210, h211, h212, h213, h214, h215, h216, h217, h218, h219, h220, h221, h222, h223, h224, h225, h226, h227, h228, h229, h230, h231, h232, h233, h234, h235, h236, h237, h238, h239, h240, h241, h242, h243, h244, h245, h246, h247, h248, h249, h250, h251, h252, h253, h254, h255] | ||
|
|
||
| d, a, gu, gv, zerou, zerov = params() | ||
|
|
||
| field du = gu | ||
| field dv = gv | ||
| field currentu = zerou | ||
| field currentv = zerov | ||
|
|
||
| 1 == boolCheck(array[0]) | ||
| currentu = if array[0] == 1 then du else currentu fi | ||
| currentv = if array[0] == 1 then dv else currentv fi | ||
| for field i in 1..256 do | ||
| 1 == boolCheck(array[i]) | ||
| du, dv = add(du, dv, du, dv) | ||
|
|
||
| tmpu, tmpv = add(currentu, currentv, du, dv) | ||
| currentu = if array[i] == 1 then tmpu else currentu fi | ||
| currentv = if array[i] == 1 then tmpv else currentv fi | ||
| endfor | ||
| 1 == assertOnCurve(currentu, currentv) | ||
| return currentu, currentv |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| //BN254 curve | ||
| //b = 126 | ||
| //q = 21888242871839275222246405745257275088548364400416034343698204186575808495617 | ||
|
|
||
| //Edwards Twisted Curve: 168700.x^2 + y^2 = 1 + 168696.x^2.y^2 | ||
| //field: GF(21888242871839275222246405745257275088548364400416034343698204186575808495617) | ||
| //l = 2736030358979909402780800718157159386076813972158567259200215660948447373041 | ||
| //cofactor = 8 | ||
|
|
||
| def main() -> (field, field, field, field, field, field): | ||
| field d = 168696 | ||
| field a = 168700 | ||
| field gu = 16540640123574156134436876038791482806971768689494387082833631921987005038935 | ||
| field gv = 20819045374670962167435360035096875258406992893633759881276124905556507972311 | ||
| field zerou = 0 | ||
| field zerov = 1 | ||
| return d, a, gu, gv, zerou, zerov |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| def main(field a) -> (field): | ||
| 0 == (a-1)*a | ||
| return 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| // https://github.com/barryWhiteHat/baby_jubjub_ecc | ||
| import "./baby_jubjub_curve_parameters.code" as params | ||
| import "./baby_jubjub_curve_addition.code" as add | ||
| import "./baby_jubjub_curve_multiply.code" as multiply | ||
| import "./baby_jubjub_curve_assert_on_curve.code" as assertOnCurve | ||
|
|
||
| def main(private field h255, private field h254, private field h253, private field h252, private field h251, private field h250, private field h249, private field h248, private field h247, private field h246, private field h245, private field h244, private field h243, private field h242, private field h241, private field h240, private field h239, private field h238, private field h237, private field h236, private field h235, private field h234, private field h233, private field h232, private field h231, private field h230, private field h229, private field h228, private field h227, private field h226, private field h225, private field h224, private field h223, private field h222, private field h221, private field h220, private field h219, private field h218, private field h217, private field h216, private field h215, private field h214, private field h213, private field h212, private field h211, private field h210, private field h209, private field h208, private field h207, private field h206, private field h205, private field h204, private field h203, private field h202, private field h201, private field h200, private field h199, private field h198, private field h197, private field h196, private field h195, private field h194, private field h193, private field h192, private field h191, private field h190, private field h189, private field h188, private field h187, private field h186, private field h185, private field h184, private field h183, private field h182, private field h181, private field h180, private field h179, private field h178, private field h177, private field h176, private field h175, private field h174, private field h173, private field h172, private field h171, private field h170, private field h169, private field h168, private field h167, private field h166, private field h165, private field h164, private field h163, private field h162, private field h161, private field h160, private field h159, private field h158, private field h157, private field h156, private field h155, private field h154, private field h153, private field h152, private field h151, private field h150, private field h149, private field h148, private field h147, private field h146, private field h145, private field h144, private field h143, private field h142, private field h141, private field h140, private field h139, private field h138, private field h137, private field h136, private field h135, private field h134, private field h133, private field h132, private field h131, private field h130, private field h129, private field h128, private field h127, private field h126, private field h125, private field h124, private field h123, private field h122, private field h121, private field h120, private field h119, private field h118, private field h117, private field h116, private field h115, private field h114, private field h113, private field h112, private field h111, private field h110, private field h109, private field h108, private field h107, private field h106, private field h105, private field h104, private field h103, private field h102, private field h101, private field h100, private field h99, private field h98, private field h97, private field h96, private field h95, private field h94, private field h93, private field h92, private field h91, private field h90, private field h89, private field h88, private field h87, private field h86, private field h85, private field h84, private field h83, private field h82, private field h81, private field h80, private field h79, private field h78, private field h77, private field h76, private field h75, private field h74, private field h73, private field h72, private field h71, private field h70, private field h69, private field h68, private field h67, private field h66, private field h65, private field h64, private field h63, private field h62, private field h61, private field h60, private field h59, private field h58, private field h57, private field h56, private field h55, private field h54, private field h53, private field h52, private field h51, private field h50, private field h49, private field h48, private field h47, private field h46, private field h45, private field h44, private field h43, private field h42, private field h41, private field h40, private field h39, private field h38, private field h37, private field h36, private field h35, private field h34, private field h33, private field h32, private field h31, private field h30, private field h29, private field h28, private field h27, private field h26, private field h25, private field h24, private field h23, private field h22, private field h21, private field h20, private field h19, private field h18, private field h17, private field h16, private field h15, private field h14, private field h13, private field h12, private field h11, private field h10, private field h9, private field h8, private field h7, private field h6, private field h5, private field h4, private field h3, private field h2, private field h1, private field h0, field u2, field v2) -> (field): | ||
| 1 == assertOnCurve(u2, v2) | ||
|
|
||
| ku, kv = multiply(h255, h254, h253, h252, h251, h250, h249, h248, h247, h246, h245, h244, h243, h242, h241, h240, h239, h238, h237, h236, h235, h234, h233, h232, h231, h230, h229, h228, h227, h226, h225, h224, h223, h222, h221, h220, h219, h218, h217, h216, h215, h214, h213, h212, h211, h210, h209, h208, h207, h206, h205, h204, h203, h202, h201, h200, h199, h198, h197, h196, h195, h194, h193, h192, h191, h190, h189, h188, h187, h186, h185, h184, h183, h182, h181, h180, h179, h178, h177, h176, h175, h174, h173, h172, h171, h170, h169, h168, h167, h166, h165, h164, h163, h162, h161, h160, h159, h158, h157, h156, h155, h154, h153, h152, h151, h150, h149, h148, h147, h146, h145, h144, h143, h142, h141, h140, h139, h138, h137, h136, h135, h134, h133, h132, h131, h130, h129, h128, h127, h126, h125, h124, h123, h122, h121, h120, h119, h118, h117, h116, h115, h114, h113, h112, h111, h110, h109, h108, h107, h106, h105, h104, h103, h102, h101, h100, h99, h98, h97, h96, h95, h94, h93, h92, h91, h90, h89, h88, h87, h86, h85, h84, h83, h82, h81, h80, h79, h78, h77, h76, h75, h74, h73, h72, h71, h70, h69, h68, h67, h66, h65, h64, h63, h62, h61, h60, h59, h58, h57, h56, h55, h54, h53, h52, h51, h50, h49, h48, h47, h46, h45, h44, h43, h42, h41, h40, h39, h38, h37, h36, h35, h34, h33, h32, h31, h30, h29, h28, h27, h26, h25, h24, h23, h22, h21, h20, h19, h18, h17, h16, h15, h14, h13, h12, h11, h10, h9, h8, h7, h6, h5, h4, h3, h2, h1, h0) | ||
|
|
||
| u2 == ku | ||
| v2 == kv | ||
| return 1 |