gfmul debugged

pluto · Sep 13, 2024 · a37608c · a37608c
1 parent 3046074
commit a37608c
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 38 deletions.
diff --git a/circuits/aes-gcm/gfmul.circom b/circuits/aes-gcm/gfmul.circom
@@ -36,6 +36,7 @@ template MUL() {
     h[1] <== a[1];
     y[0] <== b[0];
     y[1] <== b[1];
+
     component Revs[4];
     for (var i = 0; i < 2; i++) {
         Revs[i] = REV64();
@@ -82,7 +83,7 @@ template MUL() {
         BMUL64_z[i+3].y <== h_r[i];
         zh[i] <== BMUL64_z[i+3].out;
     }
-
+    
     // _z2 = z0 ^ z1 ^ z2;
     // _z2h = z0h ^ z1h ^ z2h;
     signal _z2[64];
@@ -94,14 +95,13 @@ template MUL() {
 
     XorMultiples[1] = XorMultiple(3, 64);
     XorMultiples[1].inputs <== zh;
-    _zh[0] <== XorMultiples[1].out;
+    _zh[2] <== XorMultiples[1].out;
     _zh[1] <== zh[1];
-    _zh[2] <== zh[2];
+    _zh[0] <== zh[0];
 
-    // z0h = rev64(z0h) >> 1;
-    // z1h = rev64(z1h) >> 1;
-    // _z2h = rev64(_z2h) >> 1;
-    // signal _zh[3][64];
+    // __z0h = rev64(z0h) >> 1;
+    // __z1h = rev64(z1h) >> 1;
+    // __z2h = rev64(_z2h) >> 1;
     signal __zh[3][64];
     component Revs_zh[3];
     component RightShifts_zh[3];
@@ -120,7 +120,6 @@ template MUL() {
     signal v[4][64];
     component Xors_v[2];
     v[0] <== z[0];
-    v[3] <== __zh[1];
     Xors_v[0] = BitwiseXor(64);
     Xors_v[0].a <== __zh[0];
     Xors_v[0].b <== _z2;
@@ -129,16 +128,12 @@ template MUL() {
     Xors_v[1].a <== z[1];
     Xors_v[1].b <== __zh[2];
     v[2] <== Xors_v[1].out;
-
+    v[3] <== __zh[1];
 
     // _v2 = v2 ^ v0 ^ (v0 >> 1) ^ (v0 >> 2) ^ (v0 >> 7);
     // _v1 = v1 ^ (v0 << 63) ^ (v0 << 62) ^ (v0 << 57);
-    // _v3 = v3 ^ _v1 ^ (_v1 >> 1) ^ (_v1 >> 2) ^ (_v1 >> 7);
-    // __v2 = _v2 ^ (_v1 << 63) ^ (_v1 << 62) ^ (_v1 << 57);
     signal _v2[64];
     signal _v1[64];
-    signal _v3[64];
-    signal __v2[64];
     component RS_v[6];
     component LS_v[6];
 
@@ -168,6 +163,10 @@ template MUL() {
     XorMultiples_L[0].inputs <== [v[1], LS_v[0].out, LS_v[1].out, LS_v[2].out];
     _v1 <== XorMultiples_L[0].out;
 
+    // __v3 = v3 ^ _v1 ^ (_v1 >> 1) ^ (_v1 >> 2) ^ (_v1 >> 7);
+    // __v2 = _v2 ^ (_v1 << 63) ^ (_v1 << 62) ^ (_v1 << 57);
+    signal __v3[64];
+    signal __v2[64];
     RS_v[3] = BitwiseRightShift(64, 1);
     RS_v[3].in <== _v1;
     RS_v[4] = BitwiseRightShift(64, 2);
@@ -183,15 +182,11 @@ template MUL() {
     LS_v[5].in <== _v1;
 
     XorMultiples_R[1].inputs <== [v[3], _v1, RS_v[3].out, RS_v[4].out, RS_v[5].out];
-    _v3 <== XorMultiples_R[1].out;
-    XorMultiples_L[1].inputs <== [_v2, LS_v[0].out, LS_v[1].out, LS_v[2].out];
+    __v3 <== XorMultiples_R[1].out;
+    XorMultiples_L[1].inputs <== [_v2, LS_v[3].out, LS_v[4].out, LS_v[5].out];
     __v2 <== XorMultiples_L[1].out;
 
-    log(__v2[0]);  
-    log(_v3[0]);
-    out[0] <== __v2;
-    out[1] <== _v3;
-    // out <== [__v2, _v3];
+    out <== [__v2, __v3];
 }
 
 // Multiplication in GF(2)[X], truncated to the low 64-bits, with “holes”

diff --git a/circuits/aes-gcm/helper_functions.circom b/circuits/aes-gcm/helper_functions.circom
@@ -46,13 +46,11 @@ template ParseBEBytes64() {
 template BitwiseRightShift(n, r) {
     signal input in[n];
     signal output out[n];
-
-    for(var i=0; i<n; i++){
-        if(i+r>=n){
-            out[i] <== 0;
-        } else {
-            out[i] <== in[i+r];
-        }
+    for (var i=0; i<r; i++) {
+        out[i] <== 0;
+    }
+    for (var i=r; i<n; i++) {
+        out[i] <== in[i-r];
     }
 }
 
@@ -77,14 +75,11 @@ template IntRightShift(n, x)
 template BitwiseLeftShift(n, r) {
     signal input in[n];
     signal output out[n];
-    var j=0;
-    for (var i=0; i<n; i++) {
-        if (i < r) {
-            out[i] <== 0;
-        } else {
-            out[i] <== in[j];
-            j++;
-        }
+    for (var i=0; i<n-r; i++) {
+        out[i] <== in[i+r];
+    }
+    for (var i=n-r; i<n; i++) {
+        out[i] <== 0;
     }
 }
 

diff --git a/circuits/test/gfmul.test.ts b/circuits/test/gfmul.test.ts
@@ -132,11 +132,11 @@ describe("GF_MUL", () => {
   });
 
   it("GF_MUL 4", async () => {
-    const A = hexToBitArray("0x00000000000000F1");
-    const B = hexToBitArray("0x000000000000BB00");
+    const f1 = hexToBitArray("0x00000000000000F1");
+    const bb = hexToBitArray("0x000000000000BB00");
     const expected = "006F2B000000000000000000";
 
-    const _res = await circuit.compute({ a: [ZERO, A], b: [B, ZERO] }, ["out"]);
+    const _res = await circuit.compute({ a: [bb, ZERO], b: [ZERO, f1] }, ["out"]);
     const result = bitArrayToHex(
       (_res.out as number[]).map((bit) => Number(bit))
     ).slice(0, 64);