Skip to content

Commit

Permalink
Added polyval test consistent with ghash
Browse files Browse the repository at this point in the history
  • Loading branch information
KaiGeffen committed Aug 19, 2024
1 parent 5f0cd96 commit b21c3ce
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 8 deletions.
13 changes: 12 additions & 1 deletion circuits/aes-gcm/hashes.circom
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,18 @@ template GHASH(n_msg_bits) {
// }


// template POLYVAL(n_bits)
template POLYVAL(n_msg_bits)
{
signal input msg[n_msg_bits];
signal input H[128];
// signal input T[2][64]; // TODO
signal output out[128];

for (var i = 0; i < 128; i++) {
out[i] <== 1;
}

}
// {
// var msg_len = n_bits/8;
// signal input in[n_bits];
Expand Down
7 changes: 3 additions & 4 deletions circuits/test/hashes/ghash.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ const H = hexToBitArray("25629347589242761d31f826ba4b757b");
const X1 = "4f4f95668c83dfb6401762bb2d01a262";
const X2 = "d1a24ddd2721d006bbe45f20d3c9f362";
const M = hexToBitArray(X1.concat(X2));
const EXPECT = "bd9b3997046731fb96251b91f9c99d7a";

describe("ghash-hash", () => {
let circuit: WitnessTester<["msg", "H"], ["out"]>;
Expand All @@ -22,16 +23,14 @@ describe("ghash-hash", () => {

it("test ghash", async () => {
const input = { msg: M, H: H };
// https://datatracker.ietf.org/doc/html/rfc8452#appendix-A
const expect = "bd9b3997046731fb96251b91f9c99d7a";
const _res = await circuit.compute(input, ["out"]);
// TODO(TK 2024-08-15): bug, result returns 256 bits
// take the first 32 bytes
const result = bitArrayToHex(
(_res.out as number[]).map((bit) => Number(bit))
).slice(0, 32);
console.log("expect: ", expect, "\nresult: ", result);
assert.equal(result, expect);
console.log("expect: ", EXPECT, "\nresult: ", result);
assert.equal(result, EXPECT);
});
});

Expand Down
26 changes: 23 additions & 3 deletions circuits/test/hashes/polyval.test.ts
Original file line number Diff line number Diff line change
@@ -1,19 +1,39 @@
import { WitnessTester } from "circomkit";
import { circomkit } from "../common";
import { bitArrayToHex, circomkit, hexToBitArray } from "../common";
import { assert } from "chai";

// https://datatracker.ietf.org/doc/html/rfc8452#appendix-A
const H = hexToBitArray("25629347589242761d31f826ba4b757b");
const X1 = "4f4f95668c83dfb6401762bb2d01a262";
const X2 = "d1a24ddd2721d006bbe45f20d3c9f362";
const M = hexToBitArray(X1.concat(X2));
const EXPECT = "f7a3b47b846119fae5b7866cf5e5b77e";

describe("polyval", () => {
let circuit: WitnessTester<["in"], ["out"]>;
let circuit: WitnessTester<["msg", "H"], ["out"]>;

before(async () => {
circuit = await circomkit.WitnessTester(`polyval`, {
file: "aes-gcm/hashes",
template: "POLYVAL",
params: [128],
params: [128 * 2],
});
console.log("#constraints:", await circuit.getConstraintCount());
});

it("should have correct number of constraints", async () => {
await circuit.expectConstraintCount(74754, true);
});

it("todo name polyval", async () => {
const input = { msg: M, H: H };
const _res = await circuit.compute(input, ["out"]);
// TODO(TK 2024-08-15): bug, result returns 256 bits
// take the first 32 bytes
const result = bitArrayToHex(
(_res.out as number[]).map((bit) => Number(bit))
).slice(0, 32);
console.log("expect: ", EXPECT, "\nresult: ", result);
assert.equal(result, EXPECT);
});
});

0 comments on commit b21c3ce

Please sign in to comment.