-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aes gcm #71
aes gcm #71
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Nice work.
For sequential proving it seems very close. We should be able to have this working today!
/// cipherText: encrypted ciphertext | ||
/// authTag: authentication tag | ||
/// | ||
template AESGCM(l) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AES_GCM_128 might be a more precise name, unless we want to modify this to very over key/iv size.
incJ0.in <== J0; | ||
|
||
// TODO(WJ 2024-09-09): stopping point | ||
component gctr = GCTR(l, nk); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
where is nk defined?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should set it as a param to allow for many keys
var v = 128 * Math.ceil(additionalData.length / 128) - additionalData.length; | ||
|
||
// Step 5: Define a block, S | ||
component ghash = GHASH(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems like this is setup to handle "l" bits of plaintext, but this doesn't seems to accept a variable number of ciphertext bits.
// generate plaintext blocks | ||
// note to not use the last block of plaintext | ||
// because it will be padded byt the toBlocks components | ||
component plainTextBlocks = ToBlocks(INPUT_LEN); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of moving between blocks and stream in circuit, would it make more sense to accept input as sequence of blocks?
nice |
No description provided.