diff --git a/.husky/pre-push b/.husky/pre-commit similarity index 100% rename from .husky/pre-push rename to .husky/pre-commit diff --git a/Cargo.lock b/Cargo.lock index cffcbc47c6..7937229399 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3547,7 +3547,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.59.0", + "windows-sys 0.52.0", ] [[package]] @@ -7125,7 +7125,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys 0.59.0", + "windows-sys 0.52.0", ] [[package]] @@ -7222,7 +7222,7 @@ dependencies = [ [[package]] name = "safe" version = "0.1.7" -source = "git+https://github.com/gnosisguild/enclave#5f3b221938efc52ad48cee3db8fcbda795b08e9e" +source = "git+https://github.com/gnosisguild/enclave#dd9095cb560ff1b8c3c8e36cfd6ed2edf86ed2c2" dependencies = [ "ark-bn254 0.5.0", "ark-ff 0.5.0", @@ -7902,7 +7902,7 @@ dependencies = [ "getrandom 0.3.4", "once_cell", "rustix", - "windows-sys 0.59.0", + "windows-sys 0.52.0", ] [[package]] @@ -9337,7 +9337,7 @@ dependencies = [ [[package]] name = "zkfhe-greco" version = "0.1.0" -source = "git+https://github.com/gnosisguild/zkfhe-generator#fec2bc0ceb372e8ea03fce1ea1c90f561acfebfc" +source = "git+https://github.com/gnosisguild/zkfhe-generator#d8c501e3eace1f9c5038b24caa654991a4d6f978" dependencies = [ "anyhow", "ark-bn254 0.5.0", @@ -9362,7 +9362,7 @@ dependencies = [ [[package]] name = "zkfhe-shared" version = "0.1.0" -source = "git+https://github.com/gnosisguild/zkfhe-generator#fec2bc0ceb372e8ea03fce1ea1c90f561acfebfc" +source = "git+https://github.com/gnosisguild/zkfhe-generator#d8c501e3eace1f9c5038b24caa654991a4d6f978" dependencies = [ "anyhow", "ark-bn254 0.5.0", diff --git a/circuits/bin/insecure/pk_trbfv/src/main.nr b/circuits/bin/insecure/pk_trbfv/src/main.nr index b79b9fc5c1..3eafede8c1 100644 --- a/circuits/bin/insecure/pk_trbfv/src/main.nr +++ b/circuits/bin/insecure/pk_trbfv/src/main.nr @@ -15,7 +15,7 @@ fn main( a: pub [Polynomial; L], eek: Polynomial, sk: Polynomial, - e_sm: Polynomial, + e_sm: [Polynomial; L], r1is: [Polynomial<(2 * N) - 1>; L], r2is: [Polynomial; L], pk0is: [Polynomial; L], diff --git a/circuits/bin/production/pk_trbfv/src/main.nr b/circuits/bin/production/pk_trbfv/src/main.nr index 314e0a66b8..e303f93d05 100644 --- a/circuits/bin/production/pk_trbfv/src/main.nr +++ b/circuits/bin/production/pk_trbfv/src/main.nr @@ -15,7 +15,7 @@ fn main( a: pub [Polynomial; L], eek: Polynomial, sk: Polynomial, - e_sm: Polynomial, + e_sm: [Polynomial; L], r1is: [Polynomial<(2 * N) - 1>; L], r2is: [Polynomial; L], pk0is: [Polynomial; L], diff --git a/circuits/lib/src/core/bfv_dec.nr b/circuits/lib/src/core/bfv_dec.nr index 20ee81bcca..83308dfc84 100644 --- a/circuits/lib/src/core/bfv_dec.nr +++ b/circuits/lib/src/core/bfv_dec.nr @@ -5,8 +5,7 @@ // or FITNESS FOR A PARTICULAR PURPOSE. use crate::math::commitments::{ - compute_aggregated_shares_commitment, compute_shares_party_modulus_commitment, - prepare_aggregated_shares_commitment_payload, prepare_single_polynomial_commitment_payload, + compute_aggregated_shares_commitment, compute_spm_commitment_from_message, }; use crate::math::polynomial::Polynomial; @@ -38,12 +37,11 @@ impl BfvDecCommitVerify( - self.decrypted_shares[party_idx][mod_idx], - ); - let computed = compute_shares_party_modulus_commitment(payload); assert( - computed == self.expected_commitments[party_idx][mod_idx], + compute_spm_commitment_from_message::( + self.decrypted_shares[party_idx][mod_idx], + ) + == self.expected_commitments[party_idx][mod_idx], "Commitment mismatch", ); } @@ -80,7 +78,6 @@ impl BfvDecCommitVerify(aggregated); - compute_aggregated_shares_commitment(payload) + compute_aggregated_shares_commitment::(aggregated) } } diff --git a/circuits/lib/src/core/bfv_enc.nr b/circuits/lib/src/core/bfv_enc.nr index 763e01ceb8..354f65ce8c 100644 --- a/circuits/lib/src/core/bfv_enc.nr +++ b/circuits/lib/src/core/bfv_enc.nr @@ -5,9 +5,7 @@ // or FITNESS FOR A PARTICULAR PURPOSE. use crate::math::commitments::{ - compute_bfv_enc_challenge_commitment, compute_pk_bfv_commitment, - compute_shares_party_modulus_commitment, prepare_message_commitment_payload, - prepare_pk_commitment_payload, + compute_bfv_enc_challenge, compute_pk_bfv_commitment, compute_spm_commitment_from_message, }; use crate::math::helpers::flatten; use crate::math::modulo::U128::ModU128; @@ -170,20 +168,18 @@ impl(self.pk0is, self.pk1is); - let computed_commitment = compute_pk_bfv_commitment(payload); assert( - computed_commitment == self.expected_pk_commitment, + compute_pk_bfv_commitment::(self.pk0is, self.pk1is) + == self.expected_pk_commitment, "Public key commitment mismatch", ); } /// Verifies that the message polynomial hashes to the expected commitment fn verify_message_commitment(self) { - let payload = prepare_message_commitment_payload::(self.message); - let computed_commitment = compute_shares_party_modulus_commitment(payload); assert( - computed_commitment == self.expected_message_commitment, + compute_spm_commitment_from_message::(self.message) + == self.expected_message_commitment, "Message commitment mismatch", ); } @@ -330,7 +326,7 @@ impl) -> Vec { let inputs = self.payload(k1); - compute_bfv_enc_challenge_commitment::(inputs) + compute_bfv_enc_challenge::(inputs) } /// Verifies BFV encryption constraints using Fiat-Shamir challenges and the Schwartz-Zippel lemma diff --git a/circuits/lib/src/core/bfv_pk.nr b/circuits/lib/src/core/bfv_pk.nr index 8ff85013f3..d4cd09d5db 100644 --- a/circuits/lib/src/core/bfv_pk.nr +++ b/circuits/lib/src/core/bfv_pk.nr @@ -4,7 +4,7 @@ // without even the implied warranty of MERCHANTABILITY // or FITNESS FOR A PARTICULAR PURPOSE. -use crate::math::commitments::{compute_pk_bfv_commitment, prepare_pk_commitment_payload}; +use crate::math::commitments::compute_pk_bfv_commitment; use crate::math::polynomial::Polynomial; /// BFV Public Key Commitment Circuit (Circuit 0). @@ -27,8 +27,6 @@ impl BfvPkCommit { /// Main verification function /// Returns commitment to BFV public key pub fn verify(self) -> Field { - // Compute and return the pk bfv commitment - let payload = prepare_pk_commitment_payload::(self.pk0, self.pk1); - compute_pk_bfv_commitment(payload) + compute_pk_bfv_commitment::(self.pk0, self.pk1) } } diff --git a/circuits/lib/src/core/greco.nr b/circuits/lib/src/core/greco.nr index 9a52fa1993..1b0aa60f3a 100644 --- a/circuits/lib/src/core/greco.nr +++ b/circuits/lib/src/core/greco.nr @@ -143,22 +143,6 @@ impl Vec { - let mut inputs = Vec::new(); - - inputs = flatten::<_, _, BIT_PK>(inputs, self.pk0is); - inputs = flatten::<_, _, BIT_PK>(inputs, self.pk1is); - - inputs - } - /// Flattens all polynomials coefficients into a single array for challenge generation. /// /// This function serializes all polynomial coefficients into a 1D array to enable @@ -318,12 +302,10 @@ impl Vec { - let commitment_payload = self.commitment_payload(); - let gammas_payload = self.gammas_payload(); - - compute_greco_challenge_commitment::( - commitment_payload, - gammas_payload, + compute_greco_challenge_commitment::( + self.pk0is, + self.pk1is, + self.gammas_payload(), self.pk_commitment, ) } diff --git a/circuits/lib/src/core/trbfv_dec_share.nr b/circuits/lib/src/core/trbfv_dec_share.nr index fa6800d9b5..d11e81beaa 100644 --- a/circuits/lib/src/core/trbfv_dec_share.nr +++ b/circuits/lib/src/core/trbfv_dec_share.nr @@ -4,10 +4,7 @@ // without even the implied warranty of MERCHANTABILITY // or FITNESS FOR A PARTICULAR PURPOSE. -use crate::math::commitments::{ - compute_aggregated_shares_commitment, compute_dec_share_challenge_commitment, - prepare_aggregated_shares_from_values_commitment_payload, -}; +use crate::math::commitments::{compute_aggregated_shares_commitment, compute_dec_share_challenge}; use crate::math::helpers::flatten; use crate::math::polynomial::Polynomial; @@ -96,16 +93,20 @@ impl(self.s); - let computed_commitment = compute_aggregated_shares_commitment(payload); - assert(computed_commitment == self.expected_s_commitment, "S commitment mismatch"); + assert( + compute_aggregated_shares_commitment::(self.s) + == self.expected_s_commitment, + "S commitment mismatch", + ); } /// Verifies that e hashes to expected_e_commitment fn verify_e_commitment(self) { - let payload = prepare_aggregated_shares_from_values_commitment_payload::(self.e); - let computed_commitment = compute_aggregated_shares_commitment(payload); - assert(computed_commitment == self.expected_e_commitment, "E commitment mismatch"); + assert( + compute_aggregated_shares_commitment::(self.e) + == self.expected_e_commitment, + "E commitment mismatch", + ); } /// Flattens all witness data into a single array for Fiat-Shamir challenge generation. @@ -231,7 +232,7 @@ impl Field { let inputs = self.payload(); - compute_dec_share_challenge_commitment(inputs) + compute_dec_share_challenge::(inputs) } /// Verifies the lifted decryption share computation formula for a specific CRT basis using the Schwartz-Zippel lemma. diff --git a/circuits/lib/src/core/trbfv_pk.nr b/circuits/lib/src/core/trbfv_pk.nr index c910523283..bb4175c067 100644 --- a/circuits/lib/src/core/trbfv_pk.nr +++ b/circuits/lib/src/core/trbfv_pk.nr @@ -5,8 +5,8 @@ // or FITNESS FOR A PARTICULAR PURPOSE. use crate::math::commitments::{ - compute_pk_trbfv_commitment, compute_secret_commitment, compute_trbfv_pk_challenge_commitment, - prepare_pk_commitment_payload, prepare_single_polynomial_commitment_payload, + compute_pk_trbfv_challenge, compute_pk_trbfv_commitment, compute_secret_e_sm_commitment, + compute_secret_sk_commitment, }; use crate::math::helpers::flatten; use crate::math::polynomial::Polynomial; @@ -69,7 +69,7 @@ pub struct TrbfvPublicKey, + e_sm: [Polynomial; L], /// Quotients from polynomial operations (secret witnesses) /// r1[i] are quotients from modulus switching for modulus i (can be negative, degree 2*N-1) @@ -90,7 +90,7 @@ impl; L], eek: Polynomial, sk: Polynomial, - e_sm: Polynomial, + e_sm: [Polynomial; L], r1: [Polynomial<2 * N - 1>; L], r2: [Polynomial; L], pk0: [Polynomial; L], @@ -133,13 +133,9 @@ impl(self.sk); - let e_sm_payload = prepare_single_polynomial_commitment_payload::(self.e_sm); - let pk_payload = prepare_pk_commitment_payload::(self.pk0, self.pk1); - - let sk_commitment = compute_secret_commitment(sk_payload); - let e_sm_commitment = compute_secret_commitment(e_sm_payload); - let pk_commitment = compute_pk_trbfv_commitment(pk_payload); + let sk_commitment = compute_secret_sk_commitment::(self.sk); + let e_sm_commitment = compute_secret_e_sm_commitment::(self.e_sm); + let pk_commitment = compute_pk_trbfv_commitment::(self.pk0, self.pk1); // Step 3: Generate Fiat-Shamir challenges using commitments let gammas = self.generate_challenge(sk_commitment, pk_commitment, e_sm_commitment); @@ -163,7 +159,7 @@ impl Vec { let inputs = self.payload(sk_commitment, pk_commitment, e_sm_commitment); - compute_trbfv_pk_challenge_commitment::(inputs) + compute_pk_trbfv_challenge::(inputs) } /// Performs range checks on all secret witness values @@ -174,11 +170,13 @@ impl(self.configs.sk_bound, self.configs.sk_bound); - // Check that smudging noise polynomial has small coefficients - self.e_sm.range_check_2bounds::(self.configs.e_sm_bound, self.configs.e_sm_bound); - // Check quotient terms are within expected bounds (per modulus) for i in 0..L { + self.e_sm[i].range_check_2bounds::( + self.configs.e_sm_bound, + self.configs.e_sm_bound, + ); + self.r1[i].range_check_2bounds::( self.configs.r1_bounds[i], self.configs.r1_bounds[i], diff --git a/circuits/lib/src/core/trbfv_pk_agg.nr b/circuits/lib/src/core/trbfv_pk_agg.nr index a94a7c3c58..a79730e95a 100644 --- a/circuits/lib/src/core/trbfv_pk_agg.nr +++ b/circuits/lib/src/core/trbfv_pk_agg.nr @@ -4,8 +4,7 @@ // without even the implied warranty of MERCHANTABILITY // or FITNESS FOR A PARTICULAR PURPOSE. -use crate::math::commitments::compute_greco_pk_agg_commitment; -use crate::math::commitments::{compute_pk_trbfv_commitment, prepare_pk_commitment_payload}; +use crate::math::commitments::{compute_pk_agg_commitment, compute_pk_trbfv_commitment}; use crate::math::modulo::U128::ModU128; use crate::math::polynomial::Polynomial; @@ -74,10 +73,9 @@ impl TrbfvPublicKeyAggregat /// Verifies that pk trbfv hashes to each expected_pk_trbfv_commitment fn verify_pk_commitments(self) { for i in 0..H { - let payload = prepare_pk_commitment_payload::(self.pk0[i], self.pk1[i]); - let computed_commitment = compute_pk_trbfv_commitment(payload); assert( - computed_commitment == self.expected_pk_trbfv_commitments[i], + compute_pk_trbfv_commitment::(self.pk0[i], self.pk1[i]) + == self.expected_pk_trbfv_commitments[i], "PK commitment mismatch", ); } @@ -123,7 +121,6 @@ impl TrbfvPublicKeyAggregat } // 2. Commit to aggregated public key - let payload = prepare_pk_commitment_payload::(self.pk0_agg, self.pk1_agg); - compute_greco_pk_agg_commitment(payload) + compute_pk_agg_commitment::(self.pk0_agg, self.pk1_agg) } } diff --git a/circuits/lib/src/core/trbfv_verify_shares.nr b/circuits/lib/src/core/trbfv_verify_shares.nr index 29c0552414..7e347e4c9c 100644 --- a/circuits/lib/src/core/trbfv_verify_shares.nr +++ b/circuits/lib/src/core/trbfv_verify_shares.nr @@ -5,8 +5,8 @@ // or FITNESS FOR A PARTICULAR PURPOSE. use crate::math::commitments::{ - compute_secret_commitment, compute_shares_party_modulus_commitment, - prepare_shares_party_modulus_commitment_payload, prepare_single_polynomial_commitment_payload, + compute_secret_e_sm_commitment, compute_secret_sk_commitment, + compute_spm_commitment_from_shares, }; use crate::math::modulo::U128::ModU128; use crate::math::polynomial::Polynomial; @@ -64,7 +64,8 @@ pub struct VerifySharesSk { configs: Configs, /// Expected commitment to secret (from C1) - /// This is computed from the first modulus's RNS representation. + /// This is computed from all L RNS polynomials (matching + /// multiple_polynomial_payload's behavior which hashes all L modulus polynomials) expected_secret_commitment: Field, /// Smudging noise polynomial per modulus: [Polynomial; L] /// For ESM: each modulus has its own polynomial (RNS representation) @@ -109,9 +110,11 @@ impl(self.secret_sk); - let computed_commitment = compute_secret_commitment(payload); - assert(computed_commitment == self.expected_secret_commitment, "SK commitment mismatch"); + assert( + compute_secret_sk_commitment::(self.secret_sk) + == self.expected_secret_commitment, + "SK commitment mismatch", + ); } /// Verifies secret consistency: `y[i][j][0] == secret_sk[i]` for all i, j. @@ -167,13 +170,14 @@ impl(self.secret_e_sm[0]); - let computed_commitment = compute_secret_commitment(payload); - assert(computed_commitment == self.expected_secret_commitment, "ESM commitment mismatch"); + assert( + compute_secret_e_sm_commitment::(self.secret_e_sm) + == self.expected_secret_commitment, + "ESM commitment mismatch", + ); } /// Verifies secret consistency: `y[i][j][0] == secret_e_sm[j][i]` for all i, j. @@ -278,13 +282,8 @@ pub fn commit_to_party_shares( for party_idx in 0..N_PARTIES { for mod_idx in 0..L { - let payload = prepare_shares_party_modulus_commitment_payload::( - y, - party_idx, - mod_idx, - ); - - commitments[party_idx][mod_idx] = compute_shares_party_modulus_commitment(payload); + commitments[party_idx][mod_idx] = + compute_spm_commitment_from_shares::(y, party_idx, mod_idx); } } diff --git a/circuits/lib/src/math/commitments.nr b/circuits/lib/src/math/commitments.nr index b8bfa06e7d..6789c4674f 100644 --- a/circuits/lib/src/math/commitments.nr +++ b/circuits/lib/src/math/commitments.nr @@ -7,303 +7,219 @@ use crate::math::helpers::{compute_safe, flatten}; use crate::math::polynomial::Polynomial; -/// Prepares the payload for TRBFV & BFV public key commitment -/// Flattens pk0 and pk1 polynomial arrays into a single Vec -/// Used in C0, C1, C3. -pub fn prepare_pk_commitment_payload( - pk0: [Polynomial; L], - pk1: [Polynomial; L], +/// DOMAIN SEPARATORS + +// Domain separator - "PK_BFV" +pub global DS_PK_BFV: [u8; 64] = [ + 0x50, 0x4b, 0x5f, 0x42, 0x46, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; +// Domain separator - "PK_TRBFV" +pub global DS_PK_TRBFV: [u8; 64] = [ + 0x50, 0x4b, 0x5f, 0x54, 0x52, 0x42, 0x46, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; +// Domain separator - "SECRET" +pub global DS_SECRET: [u8; 64] = [ + 0x53, 0x45, 0x43, 0x52, 0x45, 0x54, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; +// Domain separator - "SPM" +pub global DS_SPM: [u8; 64] = [ + 0x53, 0x50, 0x4d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; +// Domain separator - "AGG_SHARES" +pub global DS_AGG_SHARES: [u8; 64] = [ + 0x41, 0x47, 0x47, 0x5f, 0x53, 0x48, 0x41, 0x52, 0x45, 0x53, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; +// Domain separator - "PK_AGG" +pub global DS_PK_AGG: [u8; 64] = [ + 0x50, 0x4b, 0x5f, 0x41, 0x47, 0x47, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; +// Domain separator - "AGGREGATION" +pub global DS_AGGREGATION: [u8; 64] = [ + 0x41, 0x47, 0x47, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; +// Domain separator - "CLG_PK_TRBFV" +pub global DS_CLG_PK_TRBFV: [u8; 64] = [ + 0x43, 0x4c, 0x47, 0x5f, 0x50, 0x4b, 0x5f, 0x54, 0x52, 0x42, 0x46, 0x56, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; +// Domain separator - "CLG_ENC_BFV" +pub global DS_CLG_ENC_BFV: [u8; 64] = [ + 0x43, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x43, 0x5f, 0x42, 0x46, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; +// Domain separator - "CLG_GRECO" +pub global DS_CLG_GRECO: [u8; 64] = [ + 0x43, 0x4c, 0x47, 0x5f, 0x47, 0x72, 0x65, 0x63, 0x6f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; +// Domain separator - "CLG_DEC_SHARE" +pub global DS_CLG_DEC_SHARE: [u8; 64] = [ + 0x43, 0x4c, 0x47, 0x5f, 0x44, 0x65, 0x63, 0x53, 0x68, 0x61, 0x72, 0x65, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; + +/// WRAPPERS + +pub fn compute_commitments( + payload: Vec, + domain_separator: [u8; 64], + io_pattern: [u32; 2], ) -> Vec { - let mut inputs = Vec::new(); - - // Flatten pk0 polynomials - inputs = flatten::<_, _, BIT_PK>(inputs, pk0); - - // Flatten pk1 polynomials - inputs = flatten::<_, _, BIT_PK>(inputs, pk1); + compute_safe(domain_separator, payload, io_pattern) +} - inputs +pub fn single_polynomial_payload( + payload: Vec, + input: Polynomial, +) -> Vec { + flatten::<_, _, BIT_POLY>(payload, [input]) } -/// Flattens shares for a specific party and modulus into Vec -/// Returns N field elements: y[0][mod_idx][party_idx+1], ..., y[N-1][mod_idx][party_idx+1] -/// Used in C2. -pub fn prepare_shares_party_modulus_commitment_payload( - y: [[[Field; N_PARTIES + 1]; L]; N], - party_idx: u32, - mod_idx: u32, +pub fn multiple_polynomial_payload( + payload: Vec, + inputs: [Polynomial; L], ) -> Vec { - let mut inputs = Vec::new(); + flatten::<_, _, BIT_POLY>(payload, inputs) +} - for coeff_idx in 0..N { - inputs.push(y[coeff_idx][mod_idx][party_idx + 1]); - } +/// COMMITMENTS - // Include party_idx and mod_idx in the hash - inputs.push(party_idx as Field); - inputs.push(mod_idx as Field); +pub fn compute_pk_bfv_commitment( + pk0: [Polynomial; L], + pk1: [Polynomial; L], +) -> Field { + let mut payload = multiple_polynomial_payload::(Vec::new(), pk0); + payload = multiple_polynomial_payload::(payload, pk1); - inputs + compute_commitments(payload, DS_PK_BFV, [0x80000000 | payload.len(), 1]).get(0) } -/// Prepares the payload for message commitment (must match C2). -/// Used in C3. -pub fn prepare_message_commitment_payload(message: Polynomial) -> Vec { - let mut inputs = Vec::new(); +pub fn compute_pk_trbfv_commitment( + pk0: [Polynomial; L], + pk1: [Polynomial; L], +) -> Field { + let mut payload = multiple_polynomial_payload::(Vec::new(), pk0); + payload = multiple_polynomial_payload::(payload, pk1); - for i in 0..N { - inputs.push(message.coefficients[i]); - } + compute_commitments(payload, DS_PK_TRBFV, [0x80000000 | payload.len(), 1]).get(0) +} - inputs +pub fn compute_secret_sk_commitment(sk: Polynomial) -> Field { + let mut payload = single_polynomial_payload::(Vec::new(), sk); + compute_commitments(payload, DS_SECRET, [0x80000000 | payload.len(), 1]).get(0) } -/// Prepares the payload for single polynomial commitment (must match C2). -/// Used in C1, C2, C4. -pub fn prepare_single_polynomial_commitment_payload( - poly: Polynomial, -) -> Vec { - flatten::<_, _, BIT_POLY>(Vec::new(), [poly]) +pub fn compute_secret_e_sm_commitment( + e_sm: [Polynomial; L], +) -> Field { + let mut payload = multiple_polynomial_payload::(Vec::new(), e_sm); + compute_commitments(payload, DS_SECRET, [0x80000000 | payload.len(), 1]).get(0) } -/// Prepares the payload for aggregated shares commitment. -/// Used in C4. -pub fn prepare_aggregated_shares_commitment_payload( - aggregated: [Polynomial; L], -) -> Vec { - flatten::<_, _, BIT_MSG>(Vec::new(), aggregated) +pub fn compute_spm_commitment_from_message( + message: Polynomial, +) -> Field { + let mut payload = single_polynomial_payload::(Vec::new(), message); + compute_commitments(payload, DS_SPM, [0x80000000 | payload.len(), 1]).get(0) } -/// Prepares the payload for aggregated shares from values commitment. -/// Used in C6. -pub fn prepare_aggregated_shares_from_values_commitment_payload( - values: [Polynomial; L], -) -> Vec { - let mut inputs = Vec::new(); +pub fn compute_spm_commitment_from_shares( + y: [[[Field; N_PARTIES + 1]; L]; N], + party_idx: u32, + mod_idx: u32, +) -> Field { + let mut payload = Vec::new(); - for basis_idx in 0..L { - for coeff_idx in 0..N { - inputs.push(values[basis_idx].coefficients[coeff_idx]); - } + for coeff_idx in 0..N { + payload.push(y[coeff_idx][mod_idx][party_idx + 1]); } - inputs -} - -/// Computes commitment to the BFV public key -/// Used in C0, C3. -pub fn compute_pk_bfv_commitment(payload: Vec) -> Field { - // Domain separator - "PVSS_pk_bfv" - let domain_separator = [ - 0x50, 0x56, 0x53, 0x53, 0x5f, 0x70, 0x6b, 0x5f, 0x62, 0x66, 0x76, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - ]; + // Include party_idx and mod_idx in the hash + payload.push(party_idx as Field); + payload.push(mod_idx as Field); - compute_safe( - domain_separator, - payload, - [0x80000000 | payload.len(), 0x00000001], - ) - .get(0) + compute_commitments(payload, DS_SPM, [0x80000000 | payload.len(), 1]).get(0) } -/// Computes commitment to the TRBFV public key -/// Used in C1. -pub fn compute_pk_trbfv_commitment(payload: Vec) -> Field { - // Domain separator - "PVSS_pk_trbfv" in hex - let domain_separator = [ - 0x50, 0x56, 0x53, 0x53, 0x5f, 0x70, 0x6b, 0x5f, 0x74, 0x72, 0x62, 0x66, 0x76, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - ]; - - compute_safe( - domain_separator, - payload, - [0x80000000 | payload.len(), 0x00000001], - ) - .get(0) +pub fn compute_aggregated_shares_commitment( + agg_shares: [Polynomial; L], +) -> Field { + let mut payload = multiple_polynomial_payload::(Vec::new(), agg_shares); + compute_commitments(payload, DS_AGG_SHARES, [0x80000000 | payload.len(), 1]).get(0) } -/// Computes commitment to the secret (either sk_trbfv or e_sm) -/// Used in C1, C2. -pub fn compute_secret_commitment(payload: Vec) -> Field { - // Domain separator - "PVSS_secret" in hex - let domain_separator = [ - 0x50, 0x56, 0x53, 0x53, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - ]; +pub fn compute_pk_agg_commitment( + pk0: [Polynomial; L], + pk1: [Polynomial; L], +) -> Field { + let mut payload = multiple_polynomial_payload::(Vec::new(), pk0); + payload = multiple_polynomial_payload::(payload, pk1); - compute_safe( - domain_separator, - payload, - [0x80000000 | payload.len(), 0x00000001], - ) - .get(0) + compute_commitments(payload, DS_PK_AGG, [0x80000000 | payload.len(), 1]).get(0) } -/// Computes share party-modulus commitment (either sk_shares or e_sm_shares) -/// Used in C2, C3 (message), C4 (single polynomial). -pub fn compute_shares_party_modulus_commitment(payload: Vec) -> Field { - // Domain separator - "PVSS_sh_pm" (shares party-modulus) - let domain_separator = [ - 0x50, 0x56, 0x53, 0x53, 0x5f, 0x73, 0x68, 0x5f, 0x70, 0x6d, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - ]; - - compute_safe( - domain_separator, - payload, - [0x80000000 | payload.len(), 0x00000001], - ) - .get(0) +pub fn compute_aggregation_commitment(payload: Vec) -> Field { + compute_safe(DS_AGGREGATION, payload, [0x80000000 | payload.len(), 1]).get(0) } -/// Computes aggregated shares commitment (either sk_shares or e_sm_shares) -/// Used in C4. -pub fn compute_aggregated_shares_commitment(payload: Vec) -> Field { - // Domain separator - "PVSS_agg_sh" - let domain_separator = [ - 0x50, 0x56, 0x53, 0x53, 0x5f, 0x61, 0x67, 0x67, 0x5f, 0x73, 0x68, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - ]; +/// COMMITMENTS FOR CHALLENGES - compute_safe( - domain_separator, +pub fn compute_pk_trbfv_challenge(payload: Vec) -> Vec { + compute_commitments( payload, - [0x80000000 | payload.len(), 0x00000001], + DS_CLG_PK_TRBFV, + [0x80000000 | payload.len(), 2 * L], ) - .get(0) -} - -/// Computes decryption share challenge commitment -/// Used in C6. -pub fn compute_dec_share_challenge_commitment(payload: Vec) -> Field { - // Domain separator for decryption share circuit - "DecShare" in hex - let domain_separator = [ - 0x44, 0x65, 0x63, 0x53, 0x68, 0x61, 0x72, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - ]; - - // IO Pattern: ABSORB(input_size), SQUEEZE(1) - let input_size = payload.len(); - let io_pattern = [0x80000000 | input_size, 0x00000001]; - - compute_safe(domain_separator, payload, io_pattern).get(0) -} - -/// Computes TRBFV pk challenge commitment -/// Used in C1. -pub fn compute_trbfv_pk_challenge_commitment(payload: Vec) -> Vec { - // Domain separator for trbfv_pk circuit - "trbfv_pk" in hex - let domain_separator = [ - 0x74, 0x72, 0x62, 0x66, 0x76, 0x5f, 0x70, 0x6b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - ]; - - // IO Pattern: ABSORB(input_size), SQUEEZE(2 * L) - let input_size = payload.len(); - let io_pattern = [0x80000000 | input_size, 0x00000000 | (2 * L)]; - - compute_safe(domain_separator, payload, io_pattern) } -/// Computes Greco pk agg commitment -/// Used in Greco, C5. -pub fn compute_greco_pk_agg_commitment(payload: Vec) -> Field { - // Domain separator - "Greco" - let domain_separator = [ - 0x47, 0x72, 0x65, 0x63, 0x6f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - ]; - - // IO Pattern: ABSORB(input_size), SQUEEZE(1) - let input_size = payload.len(); - let io_pattern = [0x80000000 | input_size, 0x00000000 | 1]; - - compute_safe(domain_separator, payload, io_pattern).get(0) +pub fn compute_bfv_enc_challenge(payload: Vec) -> Vec { + compute_commitments(payload, DS_CLG_ENC_BFV, [0x80000000 | payload.len(), 2 * L]) } -/// Computes Greco challenge commitment -/// Used in Greco. -pub fn compute_greco_challenge_commitment( - commitment_payload: Vec, +pub fn compute_greco_challenge_commitment( + pk0is: [Polynomial; L], + pk1is: [Polynomial; L], gammas_payload: Vec, pk_commitment: Field, ) -> Vec { - // Domain separator - "Greco" - let domain_separator = [ - 0x47, 0x72, 0x65, 0x63, 0x6f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - ]; - - assert(compute_greco_pk_agg_commitment(commitment_payload) == pk_commitment); - - // IO Pattern: ABSORB(input_size), SQUEEZE(2*L) - let input_size = gammas_payload.len(); - let io_pattern = [0x80000000 | input_size, 0x00000000 | (2 * L)]; - - compute_safe(domain_separator, gammas_payload, io_pattern) -} - -/// Computes BFV encryption challenge commitment -/// Used in C3. -pub fn compute_bfv_enc_challenge_commitment(payload: Vec) -> Vec { - // Domain separator - "EncBfv" - let domain_separator = [ - 0x45, 0x6e, 0x63, 0x42, 0x66, 0x76, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - ]; + assert(compute_pk_agg_commitment::(pk0is, pk1is) == pk_commitment); - let input_size = payload.len(); - let io_pattern = [0x80000000 | input_size, 0x00000000 | (2 * L)]; - - compute_safe(domain_separator, payload, io_pattern) + compute_commitments( + gammas_payload, + DS_CLG_GRECO, + [0x80000000 | gammas_payload.len(), 2 * L], + ) } -/// Computes aggregation commitment -/// Used in aggregation circuits. -pub fn compute_aggregation_commitment(payload: Vec) -> Field { - // Domain separator - "Aggregation" - let domain_separator = [ - 0x41, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - ]; - - // IO Pattern: ABSORB(payload.len()), SQUEEZE(1) - let io_pattern = [0x80000000 | payload.len(), 0x00000001]; - - compute_safe(domain_separator, payload, io_pattern).get(0) +pub fn compute_dec_share_challenge(payload: Vec) -> Field { + compute_commitments(payload, DS_CLG_DEC_SHARE, [0x80000000 | payload.len(), 1]).get(0) } diff --git a/examples/CRISP/Cargo.lock b/examples/CRISP/Cargo.lock index 4eaf560a61..b545a2ae44 100644 --- a/examples/CRISP/Cargo.lock +++ b/examples/CRISP/Cargo.lock @@ -1127,7 +1127,7 @@ version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc" dependencies = [ - "windows-sys 0.61.2", + "windows-sys 0.60.2", ] [[package]] @@ -1138,7 +1138,7 @@ checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d" dependencies = [ "anstyle", "once_cell_polyfill", - "windows-sys 0.61.2", + "windows-sys 0.60.2", ] [[package]] @@ -2639,7 +2639,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.61.2", + "windows-sys 0.59.0", ] [[package]] @@ -4969,7 +4969,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys 0.61.2", + "windows-sys 0.59.0", ] [[package]] @@ -5034,7 +5034,7 @@ checksum = "62049b2877bf12821e8f9ad256ee38fdc31db7387ec2d3b3f403024de2034aea" [[package]] name = "safe" version = "0.1.7" -source = "git+https://github.com/gnosisguild/enclave#5f3b221938efc52ad48cee3db8fcbda795b08e9e" +source = "git+https://github.com/gnosisguild/enclave#dd9095cb560ff1b8c3c8e36cfd6ed2edf86ed2c2" dependencies = [ "ark-bn254 0.5.0", "ark-ff 0.5.0", @@ -6745,7 +6745,7 @@ dependencies = [ [[package]] name = "zkfhe-greco" version = "0.1.0" -source = "git+https://github.com/gnosisguild/zkfhe-generator#fec2bc0ceb372e8ea03fce1ea1c90f561acfebfc" +source = "git+https://github.com/gnosisguild/zkfhe-generator#d8c501e3eace1f9c5038b24caa654991a4d6f978" dependencies = [ "anyhow", "ark-bn254 0.5.0", @@ -6770,7 +6770,7 @@ dependencies = [ [[package]] name = "zkfhe-shared" version = "0.1.0" -source = "git+https://github.com/gnosisguild/zkfhe-generator#fec2bc0ceb372e8ea03fce1ea1c90f561acfebfc" +source = "git+https://github.com/gnosisguild/zkfhe-generator#d8c501e3eace1f9c5038b24caa654991a4d6f978" dependencies = [ "anyhow", "ark-bn254 0.5.0", diff --git a/examples/CRISP/circuits/src/ciphertext_addition.nr b/examples/CRISP/circuits/src/ciphertext_addition.nr index 72c81cad7b..f7877e093a 100644 --- a/examples/CRISP/circuits/src/ciphertext_addition.nr +++ b/examples/CRISP/circuits/src/ciphertext_addition.nr @@ -40,10 +40,9 @@ //! 4. Checks range constraints on all coefficients use lib::core::greco::Configs as GrecoConfigs; +use lib::math::commitments::compute_commitments; use lib::math::polynomial::Polynomial; -use crate::hash::generate_hash; - /// Parameters for ciphertext addition verification. /// /// # Arguments @@ -196,24 +195,22 @@ impl Vec { - let mut inputs = Vec::new(); - - inputs.push(self.ct_commitment); - inputs.push(self.prev_ct_commitment); - inputs.push(self.sum_ct_commitment); - - // Domain separator for ciphertext addition circuit - "CiphertextAddition" in hex - let domain_separator = [ - 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x41, 0x64, 0x64, 0x69, - 0x74, 0x69, 0x6f, 0x6e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + // Domain separator - "CLG_CT_ADD" + let DS_CLG_CT_ADD: [u8; 64] = [ + 0x43, 0x4c, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x41, 0x44, 0x44, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ]; - let gammas = generate_hash::(inputs, domain_separator, 2 * L); + let mut payload = Vec::new(); + + payload.push(self.ct_commitment); + payload.push(self.prev_ct_commitment); + payload.push(self.sum_ct_commitment); - gammas + compute_commitments(payload, DS_CLG_CT_ADD, [0x80000000 | payload.len(), 2 * L]) } /// Verifies ciphertext addition constraints using Fiat-Shamir challenges. diff --git a/examples/CRISP/circuits/src/commitments.nr b/examples/CRISP/circuits/src/commitments.nr new file mode 100644 index 0000000000..063043897b --- /dev/null +++ b/examples/CRISP/circuits/src/commitments.nr @@ -0,0 +1,27 @@ +// SPDX-License-Identifier: LGPL-3.0-only +// +// This file is provided WITHOUT ANY WARRANTY; +// without even the implied warranty of MERCHANTABILITY +// or FITNESS FOR A PARTICULAR PURPOSE. + +use lib::math::commitments::compute_commitments; +use lib::math::commitments::multiple_polynomial_payload; +use lib::math::polynomial::Polynomial; + +// Domain separator - "CRISP_CT" +pub global DS_CRISP_CT: [u8; 64] = [ + 0x43, 0x52, 0x49, 0x53, 0x50, 0x5f, 0x43, 0x54, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; + +pub fn compute_ct_commitment( + ct0: [Polynomial; L], + ct1: [Polynomial; L], +) -> Field { + let mut payload = multiple_polynomial_payload::(Vec::new(), ct0); + payload = multiple_polynomial_payload::(payload, ct1); + + compute_commitments(payload, DS_CRISP_CT, [0x80000000 | payload.len(), 1]).get(0) +} diff --git a/examples/CRISP/circuits/src/hash.nr b/examples/CRISP/circuits/src/hash.nr deleted file mode 100644 index bdcc2fb5ce..0000000000 --- a/examples/CRISP/circuits/src/hash.nr +++ /dev/null @@ -1,75 +0,0 @@ -// SPDX-License-Identifier: LGPL-3.0-only -// -// This file is provided WITHOUT ANY WARRANTY; -// without even the implied warranty of MERCHANTABILITY -// or FITNESS FOR A PARTICULAR PURPOSE. - -use lib::math::helpers::flatten; -use lib::math::polynomial::Polynomial; -use lib::math::safe::SafeSponge; - -/// Generates a commitment to a set of polynomials by hashing the polynomial coefficients. -/// This is done by flattening the polynomial coefficients and hashing them. -/// TODO: Replace with a function from Enclave circuits (PVSS circuits). -/// -/// # Arguments -/// * `poly0is` - The first set of polynomials. -/// * `poly1is` - The second set of polynomials. -/// -/// # Returns -/// A field element representing the commitment. -pub fn generate_commitment( - poly0is: [Polynomial; L], - poly1is: [Polynomial; L], -) -> Field { - let mut inputs = Vec::new(); - - // Flatten polynomials - inputs = flatten::<_, _, BIT>(inputs, poly0is); - inputs = flatten::<_, _, BIT>(inputs, poly1is); - - // Domain separator for commitment - "Greco" in hex - let domain_separator = [ - 0x47, 0x72, 0x65, 0x63, 0x6f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - ]; - - let hash = generate_hash::(inputs, domain_separator, 1); - - hash.get(0) -} - -/// Generates a hash of a set of field elements using a cryptographic sponge -/// -/// The sponge absorbs all field elements and squeezes out a single deterministic field element -/// that will be used as the hash. -/// -/// # Arguments -/// * `inputs` - The input field elements to hash. -/// * `domain_separator` - The domain separator to use for the sponge. -/// * `squeeze_count` - The number of field elements to squeeze out of the sponge. -/// -/// # Returns -/// A field element representing the hash. -pub fn generate_hash( - inputs: Vec, - domain_separator: [u8; 64], - squeeze_count: u32, -) -> Vec { - // IO Pattern: ABSORB(input_size), SQUEEZE(squeeze_count) - let input_size = inputs.len(); - let io_pattern = [0x80000000 | input_size, 0x00000000 | squeeze_count]; - - let mut sponge = SafeSponge::start(io_pattern, domain_separator); - - sponge.absorb(inputs); - - let hash = sponge.squeeze(); - - sponge.finish(); - - hash -} diff --git a/examples/CRISP/circuits/src/main.nr b/examples/CRISP/circuits/src/main.nr index 56ac71f7b8..d33a8a19fc 100644 --- a/examples/CRISP/circuits/src/main.nr +++ b/examples/CRISP/circuits/src/main.nr @@ -4,6 +4,7 @@ // without even the implied warranty of MERCHANTABILITY // or FITNESS FOR A PARTICULAR PURPOSE. +use commitments::compute_ct_commitment; use lib::configs::insecure::trbfv::{ GRECO_BIT_CT, GRECO_BIT_E0, GRECO_BIT_E1, GRECO_BIT_K, GRECO_BIT_P1, GRECO_BIT_P2, GRECO_BIT_PK, GRECO_BIT_R1, GRECO_BIT_R2, GRECO_BIT_U, GRECO_CONFIGS, L, N, Q_MOD_T_MOD_P, @@ -11,8 +12,7 @@ use lib::configs::insecure::trbfv::{ use lib::core::greco::Greco; use lib::math::polynomial::Polynomial; -mod hash; -use hash::generate_commitment; +mod commitments; mod constants; mod ciphertext_addition; use ciphertext_addition::CiphertextAddition; @@ -172,7 +172,7 @@ fn main( // * Return sum ciphertext commitment (sum_ct_commitment) // Generate the vote ciphertext commitment. - let ct_commitment = generate_commitment::<512, 2, 36>(ct0is, ct1is); + let ct_commitment = compute_ct_commitment::<512, 2, 36>(ct0is, ct1is); if is_mask_vote == false { check_coefficient_values_with_balance(k1, Q_MOD_T_MOD_P, balance); @@ -188,8 +188,8 @@ fn main( if is_first_vote { ct_commitment } else { - let _prev_ct_commitment = generate_commitment::<512, 2, 36>(prev_ct0is, prev_ct1is); - let sum_ct_commitment = generate_commitment::<512, 2, 36>(sum_ct0is, sum_ct1is); + let _prev_ct_commitment = compute_ct_commitment::<512, 2, 36>(prev_ct0is, prev_ct1is); + let sum_ct_commitment = compute_ct_commitment::<512, 2, 36>(sum_ct0is, sum_ct1is); let ct_add: CiphertextAddition<512, 2, 36, 36, 36> = CiphertextAddition::new( GRECO_CONFIGS, diff --git a/examples/CRISP/crates/zk-inputs/src/ciphertext_addition.rs b/examples/CRISP/crates/zk-inputs/src/ciphertext_addition.rs index d49210ef60..c6695cfed4 100644 --- a/examples/CRISP/crates/zk-inputs/src/ciphertext_addition.rs +++ b/examples/CRISP/crates/zk-inputs/src/ciphertext_addition.rs @@ -4,6 +4,7 @@ // without even the implied warranty of MERCHANTABILITY // or FITNESS FOR A PARTICULAR PURPOSE. +use crate::commitments::compute_commitment; use bigint_poly::*; use eyre::{Context, Result}; use fhe::bfv::BfvParameters; @@ -18,8 +19,6 @@ use rayon::iter::{ParallelBridge, ParallelIterator}; use shared::constants::get_zkp_modulus; use std::sync::Arc; -use shared::commitments::compute_poly_commitment; - /// Set of inputs for validation of a ciphertext addition. /// /// This struct contains all the necessary data to prove that a ciphertext addition @@ -70,8 +69,7 @@ impl CiphertextAdditionInputs { prev_ct: &Ciphertext, ct: &Ciphertext, sum_ct: &Ciphertext, - params: &BfvParameters, - bit_ct: u32, + params: Arc, ) -> Result { let ctx: &Arc = params .ctx_at_level(pt.level()) @@ -232,7 +230,7 @@ impl CiphertextAdditionInputs { res.r1is[i] = r1i; } - res.prev_ct_commitment = compute_poly_commitment(&res.prev_ct0is, &res.prev_ct1is, bit_ct); + res.prev_ct_commitment = compute_commitment(params, &res.prev_ct0is, &res.prev_ct1is)?; Ok(res) } @@ -283,13 +281,6 @@ mod tests { Plaintext::try_encode(&message_data, Encoding::poly(), params).unwrap() } - fn calculate_bit_ct(params: &Arc) -> u32 { - use greco::bounds::GrecoBounds; - use shared::template::calculate_bit_width; - let (_, bounds) = GrecoBounds::compute(params, 0).unwrap(); - calculate_bit_width(&bounds.pk_bounds[0].to_string()).unwrap() - } - #[test] fn test_new_initialization() { let inputs = CiphertextAdditionInputs::new(2, 1024); @@ -319,9 +310,8 @@ mod tests { let sum_ct = &ct1 + &ct2; // Compute ciphertext addition inputs. - let bit_ct = calculate_bit_ct(&bfv_params); let result = - CiphertextAdditionInputs::compute(&pt2, &ct1, &ct2, &sum_ct, &bfv_params, bit_ct); + CiphertextAdditionInputs::compute(&pt2, &ct1, &ct2, &sum_ct, bfv_params.clone()); assert!(result.is_ok()); let inputs = result.unwrap(); @@ -345,9 +335,8 @@ mod tests { let (ct2, _u2, _e0_2, _e1_2) = pk.try_encrypt_extended(&pt, &mut rng).unwrap(); let sum_ct = &ct1 + &ct2; - let bit_ct = calculate_bit_ct(&bfv_params); let inputs = - CiphertextAdditionInputs::compute(&pt, &ct1, &ct2, &sum_ct, &bfv_params, bit_ct) + CiphertextAdditionInputs::compute(&pt, &ct1, &ct2, &sum_ct, bfv_params.clone()) .unwrap(); let standard_form = inputs.standard_form(); diff --git a/examples/CRISP/crates/zk-inputs/src/commitments.rs b/examples/CRISP/crates/zk-inputs/src/commitments.rs new file mode 100644 index 0000000000..b64f3e1508 --- /dev/null +++ b/examples/CRISP/crates/zk-inputs/src/commitments.rs @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: LGPL-3.0-only +// +// This file is provided WITHOUT ANY WARRANTY; +// without even the implied warranty of MERCHANTABILITY +// or FITNESS FOR A PARTICULAR PURPOSE. + +use ark_bn254::Fr as Field; +use ark_ff::BigInteger; +use ark_ff::PrimeField; +use eyre::Result; +use fhe::bfv::BfvParameters; +use greco::bounds::GrecoBounds; +use num_bigint::BigInt; +use shared::packing::flatten; +use shared::utils::compute_safe; +use std::sync::Arc; + +/// Computes the commitment to a set of ciphertext polynomials. +/// +/// # Arguments +/// * `ct0is` - The first component of the ciphertext polynomials. +/// * `ct1is` - The second component of the ciphertext polynomials. +/// +/// # Returns +/// The commitment as a BigInt. +pub fn compute_commitment( + bfv_params: Arc, + ct0is: &[Vec], + ct1is: &[Vec], +) -> Result { + let (_, bounds) = GrecoBounds::compute(&bfv_params, 0)?; + let bit = shared::template::calculate_bit_width(&bounds.pk_bounds[0].to_string())?; + + // Step 1: Flatten both polynomial components (matches commitment_payload in Noir) + let mut inputs: Vec = Vec::new(); + inputs = flatten(inputs, ct0is, bit); + inputs = flatten(inputs, ct1is, bit); + + // Step 2: Hash using SafeSponge (matches generate_challenge in Noir) + // Domain separator - "CRISP_CT" + let domain_separator: [u8; 64] = [ + 0x43, 0x52, 0x49, 0x53, 0x50, 0x5f, 0x43, 0x54, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + ]; + + // IO Pattern: ABSORB(input_size), SQUEEZE(1) + let input_size = inputs.len() as u32; + let io_pattern = [0x80000000 | input_size, 1]; + + let commitment = compute_safe(domain_separator, inputs, io_pattern); + + // Convert Field to BigInt + let commitment_field = commitment[0]; + let commitment_bytes = commitment_field.into_bigint().to_bytes_le(); + + Ok(BigInt::from_bytes_le( + num_bigint::Sign::Plus, + &commitment_bytes, + )) +} diff --git a/examples/CRISP/crates/zk-inputs/src/lib.rs b/examples/CRISP/crates/zk-inputs/src/lib.rs index 9bbfb0fe51..7e42e6e2be 100644 --- a/examples/CRISP/crates/zk-inputs/src/lib.rs +++ b/examples/CRISP/crates/zk-inputs/src/lib.rs @@ -8,6 +8,7 @@ //! //! This crate contains the main logic for generating CRISP inputs for zero-knowledge proofs. +use crate::commitments::compute_commitment; use crisp_constants::get_default_paramset; use e3_sdk::bfv_helpers::build_bfv_params_arc; use e3_sdk::bfv_helpers::BfvParamSet; @@ -23,13 +24,12 @@ use greco::vectors::GrecoVectors; use num_bigint::BigInt; use num_traits::Zero; use rand::thread_rng; -use shared::commitments::compute_poly_commitment; use std::sync::Arc; mod ciphertext_addition; use crate::ciphertext_addition::CiphertextAdditionInputs; - mod serialization; use serialization::{construct_inputs, serialize_inputs_to_json}; +mod commitments; pub struct ZKInputsGenerator { bfv_params: Arc, @@ -123,15 +123,9 @@ impl ZKInputsGenerator { let sum_ct = &ct + &prev_ct; // Compute the inputs of the ciphertext addition. - let ciphertext_addition_inputs = CiphertextAdditionInputs::compute( - &pt, - &prev_ct, - &ct, - &sum_ct, - &self.bfv_params, - bit_pk, - ) - .with_context(|| "Failed to compute ciphertext addition inputs")?; + let ciphertext_addition_inputs = + CiphertextAdditionInputs::compute(&pt, &prev_ct, &ct, &sum_ct, self.bfv_params.clone()) + .with_context(|| "Failed to compute ciphertext addition inputs")?; // Construct Inputs Section. let inputs = construct_inputs( @@ -205,15 +199,9 @@ impl ZKInputsGenerator { let sum_ct = &ct + &prev_ct; // Compute the inputs of the ciphertext addition. - let mut ciphertext_addition_inputs = CiphertextAdditionInputs::compute( - &pt, - &prev_ct, - &ct, - &sum_ct, - &self.bfv_params, - bit_pk, - ) - .with_context(|| "Failed to compute ciphertext addition inputs")?; + let mut ciphertext_addition_inputs = + CiphertextAdditionInputs::compute(&pt, &prev_ct, &ct, &sum_ct, self.bfv_params.clone()) + .with_context(|| "Failed to compute ciphertext addition inputs")?; // For first votes, set prev_ct_commitment to 0 since there's no previous ciphertext ciphertext_addition_inputs.prev_ct_commitment = BigInt::zero(); @@ -267,6 +255,11 @@ impl ZKInputsGenerator { Ok(pk.to_bytes()) } + /// Returns a clone of the BFV parameters used by this generator. + pub fn get_bfv_params(&self) -> Arc { + self.bfv_params.clone() + } + /// Computes the commitment to a set of ciphertext polynomials. /// /// # Arguments @@ -280,15 +273,7 @@ impl ZKInputsGenerator { ct0is: &[Vec], ct1is: &[Vec], ) -> Result { - let (_, bounds) = GrecoBounds::compute(&self.bfv_params, 0)?; - let bit = shared::template::calculate_bit_width(&bounds.pk_bounds[0].to_string())?; - - Ok(compute_poly_commitment(ct0is, ct1is, bit)) - } - - /// Returns a clone of the BFV parameters used by this generator. - pub fn get_bfv_params(&self) -> Arc { - self.bfv_params.clone() + compute_commitment(self.bfv_params.clone(), ct0is, ct1is) } } diff --git a/examples/CRISP/packages/crisp-contracts/contracts/CRISPVerifier.sol b/examples/CRISP/packages/crisp-contracts/contracts/CRISPVerifier.sol index 1ed10e7a17..5282fc495d 100644 --- a/examples/CRISP/packages/crisp-contracts/contracts/CRISPVerifier.sol +++ b/examples/CRISP/packages/crisp-contracts/contracts/CRISPVerifier.sol @@ -8,7 +8,7 @@ pragma solidity >=0.8.21; uint256 constant N = 524288; uint256 constant LOG_N = 19; uint256 constant NUMBER_OF_PUBLIC_INPUTS = 22; -uint256 constant VK_HASH = 0x17d6bf392f96d9d4c2616045ca7298f94a7811f71e89e21e811df6ea8fda2d71; +uint256 constant VK_HASH = 0x2db23f945f10f8251c7fae6d42923485512fb4ae365cae7afb2088bf1f8fcba4; library HonkVerificationKey { function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { Honk.VerificationKey memory vk = Honk.VerificationKey({ @@ -16,76 +16,76 @@ library HonkVerificationKey { logCircuitSize: uint256(19), publicInputsSize: uint256(22), ql: Honk.G1Point({ - x: uint256(0x201ca76d778ca0640a230dff71a7345c30a05b33f94202574ac13241a43ec601), - y: uint256(0x2f63fc1bd520fc36e2059a0bf4c9adcd8393b0887da0c1741a7fe7397e9c7da8) + x: uint256(0x0d306d1d0c63613a48dc5abe4b2d7d89e680fc23e7bb9d336cfb508f74bcfaf3), + y: uint256(0x29429b5c554e27fcac103767a9f6f2bab4aae92dfb15fd6bc48514e4314faffb) }), qr: Honk.G1Point({ - x: uint256(0x06f98facee515b87d5264772d53b0eb4bd282242c5875a2fe604fb2eff7e3b51), - y: uint256(0x2f35cbbca311c61ef34f245e15afa02dd4f2e2bfdb97ae8d3deaf7637fb1b0a1) + x: uint256(0x12aa83a3bb7c76aa0c9ab474db4e54b58bf32db8a0eb3c8f8f77df9153dad683), + y: uint256(0x1a7319cfed3b28a31452d319dd658b434ed14bbcefa15454a4b5222deb719ac8) }), qo: Honk.G1Point({ - x: uint256(0x2fcff4b6b929edea1d8b95063f743b15fd9be8357383d75e11b1d3d23f0b8ab8), - y: uint256(0x0e8864144bfea1c7c401566b6eaef1ed13006acf6b78ad09482e60879fd3c8eb) + x: uint256(0x043209f3c3339044bc2f357345b0cdaa38fff6764c552ab6b594a13508e9f5cb), + y: uint256(0x1154d66255304bf2cf33d5f8c787581f9da9c9fcfec6f27a55fa41c40896cde3) }), q4: Honk.G1Point({ - x: uint256(0x209b78a4a8c8aca16be35dc1902e836f9b26963310f44b72c1c3d43b838176e1), - y: uint256(0x159828bef076d9cc71fb0a9f7f4da93f1df070666ed6507c0e288fe4df7043a3) + x: uint256(0x25c3c2dd37835eb64ad767434d7dcca998202ea1b40ea8566f1fa5502ca7cdaa), + y: uint256(0x119dd1ff560c0d3166d0077cff431634c26419c4183f51552eb746e41014c78b) }), qm: Honk.G1Point({ - x: uint256(0x193e024bd335740e4b9f6a7775eca3333c818faac35ef53b0bdbd7fb30ecdd3d), - y: uint256(0x0d49ad0fe39a9edaf4d3cb0789d3057302aba3dd2aaef447c70ff1fed45a7e32) + x: uint256(0x13d119792e7e750790cf48119095b26413c1441d811ed78bc471374043d6f4f2), + y: uint256(0x0a9c42dc2ec320da7f3be004c85731dfc8de9f97d78e6cdd25e3e0c5aa26e366) }), qc: Honk.G1Point({ - x: uint256(0x186dbdf151dd0b68d86e060ef25624b0db55b25a1145d221d4b82e220528c37f), - y: uint256(0x2100edd66fd054be8971fcda53bbaeee855b73579829f4287ef08cf3ac9701b4) + x: uint256(0x2cea75256a79391fa13e40b434288ce68ab5c8707c2fff771405c11682141696), + y: uint256(0x0a32621fc716daa418f975b8cb711449937aec57aff134bca7f8b13bd4bc14d1) }), qLookup: Honk.G1Point({ x: uint256(0x111ada27d4243c5df982e1cd77f2d9aff394ba4f2ba2faf8ec1a8e5b6d78d1e7), y: uint256(0x1cf81a5fe339ef18222213e43155e149d0211317fe0a68d795681f31ef25ad0f) }), qArith: Honk.G1Point({ - x: uint256(0x08ece1e91721cf4bfdfd0fe72b01dcf0a296f8bceb23e0f53b23334e6d90786e), - y: uint256(0x03e8a9efb8b6cdac795aed61b57f5e4db243ced17e36f395120e23225d1ddb7d) + x: uint256(0x0e6e2cfb84841f47a5fa298f450fd5243d507fcdb00f4c48f1e243cf57049a67), + y: uint256(0x00d9ab0bb955c983e38300c94e5ae861a08885fc8bb305d91e67f11c874a1001) }), qDeltaRange: Honk.G1Point({ - x: uint256(0x1a60147b34d93b20415b95e490ea7be8dc2c3a11e0d6151c4aa0b27f2a7d8e78), - y: uint256(0x0bd085733f21156eab043e5a069932b244989e30ded0014897bbbffa92cb7b21) + x: uint256(0x2ba1b435d3f81aa89afed52806855ff1d8b90c2a7aee4ee8fd52eb625a3b7ebd), + y: uint256(0x0007a55c032aade5d159dd462c04c83e64098ec3c1151d9c8f9eef8f2b1fba05) }), qElliptic: Honk.G1Point({ - x: uint256(0x09cf687c3908ee950debdd4424e183c573695401fbcafb28298cec594bd749e0), - y: uint256(0x28a95beee30f02ee547055ae480a7770e624854e6e352559567e84ba2caf204a) + x: uint256(0x2b24f14283de6577a18ef01dbc9022725fb5c62a82fd8c4713f0e62f6253a595), + y: uint256(0x0d044e82b87a1ad728e0523fb22bc6762e5e0938afc863f91b255cef0bd5af18) }), qMemory: Honk.G1Point({ - x: uint256(0x1faea00dfc82a34dd3f0b8b3710a1c6bd0aa2e33ea4dc1bb7912989d3107317d), - y: uint256(0x15a071c984d2f7e587d75a895a90212bbaed233eaa47728d7a091727071fa65b) + x: uint256(0x0df15372ccc6ce24c6751d8c896204faef619787c6c02b21978672ecba3d24a7), + y: uint256(0x143888f072a0e5872f7d1e8ac3781f077628ea2d6f2e13025ae7fe2060c4acc4) }), qNnf: Honk.G1Point({ - x: uint256(0x087b9a39420e42d9b6018916398869e864306e4cc71c4f038992095b22408bb3), - y: uint256(0x254a3a5359708f470a4dbe548e73b9639b6d434f153f7024e74a98f069bdf4f7) + x: uint256(0x1b72e8b6ba56d190a83fa6d1970de92ae5ab6f927bcef54624d9bbbb46dc4e9d), + y: uint256(0x0c97aefa71025d186851d72ed7094b649e2e691ff943f6a6941f1a0bef03351e) }), qPoseidon2External: Honk.G1Point({ - x: uint256(0x01cc2586c0a90d6eada6829a81be823f51b800ed81921e9a7118ed6375d3ef90), - y: uint256(0x1614ad33641650bc5b0fddb1d33b1b0905ac76e314ba68643816f5ab4be5f32b) + x: uint256(0x23d582f227815530d77e689696ed98a5d1fc9f673b8b24397fdae321e6914f8f), + y: uint256(0x270ff538446d18c614d2a48011428aaae8b1a2f8d11d83ce4896af795a9a63f8) }), qPoseidon2Internal: Honk.G1Point({ - x: uint256(0x2714df1e9e7e810b5552b5c89959d2cb3c4bd7279dc905006e5adc8aeee702ef), - y: uint256(0x2237896379a3e05feda2f73e7b3f2c448d386fb79d2dcb58993f3f843ff593e1) + x: uint256(0x08183c7bc115e1108efc636a0ae1f642aaa943272a215ed2228b1cd77a9f1e3c), + y: uint256(0x21f39dc097acbf0fedd82157aa1aab463983efc62a6c662dc65565403a763daa) }), s1: Honk.G1Point({ - x: uint256(0x0901065fc928846a5c3ca18824b71fcf1e8255af3de10ed78bc0eb2a07c802e1), - y: uint256(0x2de55a389e7233b391480f9017e48c27cb933aef58783329f67abb97cfb3c4f7) + x: uint256(0x0040fbe6b6de18f635fbfe6df0390a99dd432b0bb7c570db5e74bf9a070ca7c2), + y: uint256(0x25062102553ab2e993c4e14223952c978de971f23a461e10b9bd04f0fdeab4d5) }), s2: Honk.G1Point({ - x: uint256(0x0dce58adbf68bb4d24b2cb12225fbb7ea87b75fa1bf4b191f9156eed6cd118c8), - y: uint256(0x1119b21af9e60ab4ed8a053142ffba8729ad596a42f0a897f5e7f0fe443ab6d1) + x: uint256(0x22a3a51c8383d307eebb0fc19bfa4936e2c618e0220229b184918f15987f3e26), + y: uint256(0x27b77c9721777a091171595b7841a7510b2fb232fb7150088d25232d1b06fb79) }), s3: Honk.G1Point({ - x: uint256(0x29c0dac401bb440653c13bfe5b2a7f533bcbeff32197ea0689c87a1b1d8d3243), - y: uint256(0x1fcb8593d6a7646cfdf79d0356ac6cd3490e37d9e3c1e63d6f699138d8047862) + x: uint256(0x2dcca1266a5c5d36ada653c4763f4117c3195eb90f64a862660955d8c5057996), + y: uint256(0x0731e236fdd155990552885f3fcb1aea9dd2367bedc1b19b76ad0d7e8fc6a940) }), s4: Honk.G1Point({ - x: uint256(0x300e30489aeb10e362e7f22fd9937bb1bcf48134a5b7f30eb543f24c7b73e196), - y: uint256(0x20e75d26db3654395e2a6d098259dad7b3b2eb704b1a1b89027ed954a055f0de) + x: uint256(0x14ad36c110bdde3d7015314b9be1047dc9c680eb68de696f74ec149596132b09), + y: uint256(0x2cb9687e59419594e09a6e5e57b054e31e70d7ff41ab966abcb7922cf9376c0c) }), t1: Honk.G1Point({ x: uint256(0x1f16b037f0b4c96ea2a30a118a44e139881c0db8a4d6c9fde7db5c1c1738e61f), @@ -104,28 +104,28 @@ library HonkVerificationKey { y: uint256(0x2d7e8c1ecb92e2490049b50efc811df63f1ca97e58d5e82852dbec0c29715d71) }), id1: Honk.G1Point({ - x: uint256(0x016533e08fe7e63f5937efd35c053f1d285c0c3641941ef8549f7111475b2b48), - y: uint256(0x280345c9954e0411ced2a0047f7896a991c2dd9ef8cd71c498dd9006183a6552) + x: uint256(0x103a82e5af3ccf8643340b5f15768479a4782a49162765bc61e6fc846726021c), + y: uint256(0x0dd1ee161e5b8ff32d37fb77678dec1bb40bd4b8cd74858604d3ab6eaaed3310) }), id2: Honk.G1Point({ - x: uint256(0x014eb30843d99be05cc9a65cca85350936000ebe851df702424750d8ba3eefb3), - y: uint256(0x005b877c1222731bcef28ebe51c015e282d9822e5355584765c4b3d433da3bd7) + x: uint256(0x17de68e6aee588fe846863e52d2465668f70642ac0b8fa0fcc3a3604a28e3ec7), + y: uint256(0x1a6fce004d6919a0bfcb90700446fcda044728ac7d372ca53046dec27043c1c3) }), id3: Honk.G1Point({ - x: uint256(0x105390d6f0c9c55ae11af6da3b7b096d024e24306e347a9e09fd3a1387b4adac), - y: uint256(0x0f2f04a199fe491694caf93e3502919c4d42c6fa4ec6e7519930de754bf7e449) + x: uint256(0x14a6b51bfb858091c94eff6a421fdab3fbc85f2c83822a7eadc8b1a4c4e60a27), + y: uint256(0x1262e534b80be874e870d42a49a16680742ed79775e56423ee5c575ffff49829) }), id4: Honk.G1Point({ - x: uint256(0x2400c1703add89e06b7dbb4db20cfe3b821b2b30202a5ccf143eccf12f21da2f), - y: uint256(0x107524fede03fc1cd700efc0be3a5d8cc6f967de3765217d99e3c8b0cc8415a8) + x: uint256(0x138bcba7c660c48a5043506dcc3155b6a8e42ac5fbc6740711318258083c4019), + y: uint256(0x27d9d0e5d7fc355126383d930123a4b27c01cb762d9c54b5ff76b0da55a4b0cf) }), lagrangeFirst: Honk.G1Point({ x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) }), lagrangeLast: Honk.G1Point({ - x: uint256(0x1654162a2d2b8fff1690509e5ffb19ffc51d4139653da0d23130536d88772453), - y: uint256(0x2e00da8af6c5abf721b41071479ff1fdf35e930437c6e0ae1715a5a3aa9c90a7) + x: uint256(0x0acf43d755049cab0c892f5431e112f0f1fc59eaad7fe2a4d5acf910a9ad4ec2), + y: uint256(0x1672c20921ffdc4da8f5357b4a85ba97d3131364017d9a511d7c620c1672b9f7) }) }); return vk; diff --git a/scripts/check-license-headers.sh b/scripts/check-license-headers.sh index 46599b6f55..451642abf0 100755 --- a/scripts/check-license-headers.sh +++ b/scripts/check-license-headers.sh @@ -218,6 +218,10 @@ else else echo -e "${BLUE}Run with --fix to automatically add missing headers${NC}" echo -e "${BLUE}Run with --check-only for CI/CD usage (exits with code 1 if issues found)${NC}" - exit 0 + if [[ ${#MISSING_FILES[@]} -gt 0 ]]; then + exit 1 + else + exit 0 + fi fi fi