gf_mul polyval passing tests

pluto · Aug 16, 2024 · ddd4858 · ddd4858
1 parent 4538c2b
commit ddd4858
Show file tree

Hide file tree

Showing 2 changed files with 126 additions and 123 deletions.
diff --git a/circuits/aes-gcm/gfmulx.circom b/circuits/aes-gcm/gfmulx.circom
@@ -112,7 +112,7 @@ template polyval_GFMULX() {
     signal v[block];
     // if `in` MSB set, assign irreducible poly bits, otherwise zero
     signal irreducible_poly[block];
-    var msb = in[0]; // endianness: 0 in polyval, 127(?) in ghash
+    var msb = in[block - 8]; // endianness: 0 in polyval, 127(?) in ghash
 
     component left_shift = LeftShiftLE(1);
     for (var i = 0; i < block; i++) {
@@ -123,8 +123,10 @@ template polyval_GFMULX() {
     }
 
     for (var i = 0; i < 128; i++) {
-        // irreducible_poly has 1s at positions 127, 126, 121, 1
-        if (i==0 || i == 121 || i == 126 || i==127) {
+        // irreducible_poly has 1s at positions 1, 121, 126, 127
+        // 0000 0001... <== encodes 1
+        // ...1100 0010 <== encodes 121, 126, 127
+        if (i==7 || i == 120 || i==121 || i==126) {
             irreducible_poly[i] <== msb;
         } else {
             irreducible_poly[i] <== 0;
@@ -146,6 +148,7 @@ template polyval_GFMULX() {
 // mid1= [a b c d e f g h, i j k l m n o p] // swap order of bits in each byte
 // mid2= [0 a b c d e f g, h i j k l m n o] // shift bits right by 1
 // out = [g f e d c b a 0, o n m l k j i h] // swap order of bits in each byte
+// TODO(TK 2024-08-15): optimize
 template LeftShiftLE(shift) {
     signal input in[128];
     signal output out[128];

diff --git a/circuits/test/gfmulx/polyval_mulx.test.ts b/circuits/test/gfmulx/polyval_mulx.test.ts
@@ -14,126 +14,126 @@ const mulXTestVectors = [
   "40000000000000000000000000000000",
   "80000000000000000000000000000000",
   "00010000000000000000000000000000",
-  // "00020000000000000000000000000000",
-  // "00040000000000000000000000000000",
-  // "00080000000000000000000000000000",
-  // "00100000000000000000000000000000",
-  // "00200000000000000000000000000000",
-  // "00400000000000000000000000000000",
-  // "00800000000000000000000000000000",
-  // "00000100000000000000000000000000",
-  // "00000200000000000000000000000000",
-  // "00000400000000000000000000000000",
-  // "00000800000000000000000000000000",
-  // "00001000000000000000000000000000",
-  // "00002000000000000000000000000000",
-  // "00004000000000000000000000000000",
-  // "00008000000000000000000000000000",
-  // "00000001000000000000000000000000",
-  // "00000002000000000000000000000000",
-  // "00000004000000000000000000000000",
-  // "00000008000000000000000000000000",
-  // "00000010000000000000000000000000",
-  // "00000020000000000000000000000000",
-  // "00000040000000000000000000000000",
-  // "00000080000000000000000000000000",
-  // "00000000010000000000000000000000",
-  // "00000000020000000000000000000000",
-  // "00000000040000000000000000000000",
-  // "00000000080000000000000000000000",
-  // "00000000100000000000000000000000",
-  // "00000000200000000000000000000000",
-  // "00000000400000000000000000000000",
-  // "00000000800000000000000000000000",
-  // "00000000000100000000000000000000",
-  // "00000000000200000000000000000000",
-  // "00000000000400000000000000000000",
-  // "00000000000800000000000000000000",
-  // "00000000001000000000000000000000",
-  // "00000000002000000000000000000000",
-  // "00000000004000000000000000000000",
-  // "00000000008000000000000000000000",
-  // "00000000000001000000000000000000",
-  // "00000000000002000000000000000000",
-  // "00000000000004000000000000000000",
-  // "00000000000008000000000000000000",
-  // "00000000000010000000000000000000",
-  // "00000000000020000000000000000000",
-  // "00000000000040000000000000000000",
-  // "00000000000080000000000000000000",
-  // "00000000000000010000000000000000",
-  // "00000000000000020000000000000000",
-  // "00000000000000040000000000000000",
-  // "00000000000000080000000000000000",
-  // "00000000000000100000000000000000",
-  // "00000000000000200000000000000000",
-  // "00000000000000400000000000000000",
-  // "00000000000000800000000000000000",
-  // "00000000000000000100000000000000",
-  // "00000000000000000200000000000000",
-  // "00000000000000000400000000000000",
-  // "00000000000000000800000000000000",
-  // "00000000000000001000000000000000",
-  // "00000000000000002000000000000000",
-  // "00000000000000004000000000000000",
-  // "00000000000000008000000000000000",
-  // "00000000000000000001000000000000",
-  // "00000000000000000002000000000000",
-  // "00000000000000000004000000000000",
-  // "00000000000000000008000000000000",
-  // "00000000000000000010000000000000",
-  // "00000000000000000020000000000000",
-  // "00000000000000000040000000000000",
-  // "00000000000000000080000000000000",
-  // "00000000000000000000010000000000",
-  // "00000000000000000000020000000000",
-  // "00000000000000000000040000000000",
-  // "00000000000000000000080000000000",
-  // "00000000000000000000100000000000",
-  // "00000000000000000000200000000000",
-  // "00000000000000000000400000000000",
-  // "00000000000000000000800000000000",
-  // "00000000000000000000000100000000",
-  // "00000000000000000000000200000000",
-  // "00000000000000000000000400000000",
-  // "00000000000000000000000800000000",
-  // "00000000000000000000001000000000",
-  // "00000000000000000000002000000000",
-  // "00000000000000000000004000000000",
-  // "00000000000000000000008000000000",
-  // "00000000000000000000000001000000",
-  // "00000000000000000000000002000000",
-  // "00000000000000000000000004000000",
-  // "00000000000000000000000008000000",
-  // "00000000000000000000000010000000",
-  // "00000000000000000000000020000000",
-  // "00000000000000000000000040000000",
-  // "00000000000000000000000080000000",
-  // "00000000000000000000000000010000",
-  // "00000000000000000000000000020000",
-  // "00000000000000000000000000040000",
-  // "00000000000000000000000000080000",
-  // "00000000000000000000000000100000",
-  // "00000000000000000000000000200000",
-  // "00000000000000000000000000400000",
-  // "00000000000000000000000000800000",
-  // "00000000000000000000000000000100",
-  // "00000000000000000000000000000200",
-  // "00000000000000000000000000000400",
-  // "00000000000000000000000000000800",
-  // "00000000000000000000000000001000",
-  // "00000000000000000000000000002000",
-  // "00000000000000000000000000004000",
-  // "00000000000000000000000000008000",
-  // "00000000000000000000000000000001",
-  // "00000000000000000000000000000002",
-  // "00000000000000000000000000000004",
-  // "00000000000000000000000000000008",
-  // "00000000000000000000000000000010",
-  // "00000000000000000000000000000020",
-  // "00000000000000000000000000000040",
-  // "00000000000000000000000000000080",
-  // "010000000000000000000000000000c2",
+  "00020000000000000000000000000000",
+  "00040000000000000000000000000000",
+  "00080000000000000000000000000000",
+  "00100000000000000000000000000000",
+  "00200000000000000000000000000000",
+  "00400000000000000000000000000000",
+  "00800000000000000000000000000000",
+  "00000100000000000000000000000000",
+  "00000200000000000000000000000000",
+  "00000400000000000000000000000000",
+  "00000800000000000000000000000000",
+  "00001000000000000000000000000000",
+  "00002000000000000000000000000000",
+  "00004000000000000000000000000000",
+  "00008000000000000000000000000000",
+  "00000001000000000000000000000000",
+  "00000002000000000000000000000000",
+  "00000004000000000000000000000000",
+  "00000008000000000000000000000000",
+  "00000010000000000000000000000000",
+  "00000020000000000000000000000000",
+  "00000040000000000000000000000000",
+  "00000080000000000000000000000000",
+  "00000000010000000000000000000000",
+  "00000000020000000000000000000000",
+  "00000000040000000000000000000000",
+  "00000000080000000000000000000000",
+  "00000000100000000000000000000000",
+  "00000000200000000000000000000000",
+  "00000000400000000000000000000000",
+  "00000000800000000000000000000000",
+  "00000000000100000000000000000000",
+  "00000000000200000000000000000000",
+  "00000000000400000000000000000000",
+  "00000000000800000000000000000000",
+  "00000000001000000000000000000000",
+  "00000000002000000000000000000000",
+  "00000000004000000000000000000000",
+  "00000000008000000000000000000000",
+  "00000000000001000000000000000000",
+  "00000000000002000000000000000000",
+  "00000000000004000000000000000000",
+  "00000000000008000000000000000000",
+  "00000000000010000000000000000000",
+  "00000000000020000000000000000000",
+  "00000000000040000000000000000000",
+  "00000000000080000000000000000000",
+  "00000000000000010000000000000000",
+  "00000000000000020000000000000000",
+  "00000000000000040000000000000000",
+  "00000000000000080000000000000000",
+  "00000000000000100000000000000000",
+  "00000000000000200000000000000000",
+  "00000000000000400000000000000000",
+  "00000000000000800000000000000000",
+  "00000000000000000100000000000000",
+  "00000000000000000200000000000000",
+  "00000000000000000400000000000000",
+  "00000000000000000800000000000000",
+  "00000000000000001000000000000000",
+  "00000000000000002000000000000000",
+  "00000000000000004000000000000000",
+  "00000000000000008000000000000000",
+  "00000000000000000001000000000000",
+  "00000000000000000002000000000000",
+  "00000000000000000004000000000000",
+  "00000000000000000008000000000000",
+  "00000000000000000010000000000000",
+  "00000000000000000020000000000000",
+  "00000000000000000040000000000000",
+  "00000000000000000080000000000000",
+  "00000000000000000000010000000000",
+  "00000000000000000000020000000000",
+  "00000000000000000000040000000000",
+  "00000000000000000000080000000000",
+  "00000000000000000000100000000000",
+  "00000000000000000000200000000000",
+  "00000000000000000000400000000000",
+  "00000000000000000000800000000000",
+  "00000000000000000000000100000000",
+  "00000000000000000000000200000000",
+  "00000000000000000000000400000000",
+  "00000000000000000000000800000000",
+  "00000000000000000000001000000000",
+  "00000000000000000000002000000000",
+  "00000000000000000000004000000000",
+  "00000000000000000000008000000000",
+  "00000000000000000000000001000000",
+  "00000000000000000000000002000000",
+  "00000000000000000000000004000000",
+  "00000000000000000000000008000000",
+  "00000000000000000000000010000000",
+  "00000000000000000000000020000000",
+  "00000000000000000000000040000000",
+  "00000000000000000000000080000000",
+  "00000000000000000000000000010000",
+  "00000000000000000000000000020000",
+  "00000000000000000000000000040000",
+  "00000000000000000000000000080000",
+  "00000000000000000000000000100000",
+  "00000000000000000000000000200000",
+  "00000000000000000000000000400000",
+  "00000000000000000000000000800000",
+  "00000000000000000000000000000100",
+  "00000000000000000000000000000200",
+  "00000000000000000000000000000400",
+  "00000000000000000000000000000800",
+  "00000000000000000000000000001000",
+  "00000000000000000000000000002000",
+  "00000000000000000000000000004000",
+  "00000000000000000000000000008000",
+  "00000000000000000000000000000001",
+  "00000000000000000000000000000002",
+  "00000000000000000000000000000004",
+  "00000000000000000000000000000008",
+  "00000000000000000000000000000010",
+  "00000000000000000000000000000020",
+  "00000000000000000000000000000040",
+  "00000000000000000000000000000080",
+  "010000000000000000000000000000c2",
 ];
 
 // polyval irreducible polynomial: x^128 + x^127 + x^126 + x^121 + 1