From 0c7231adb4bdd321c963f6b82985c0b3528f2379 Mon Sep 17 00:00:00 2001
From: Waylon Jepsen <waylonjepsen1@gmail.com>
Date: Tue, 29 Oct 2024 09:44:47 +0700
Subject: [PATCH] address todo to reduce redundant constraint and input value

---
 circuits/aes-gcm/aes-gcm-fold.circom       | 28 +++++++++++++---------
 circuits/test/aes-gcm/aes-gcm-fold.test.ts | 24 +++++++------------
 2 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/circuits/aes-gcm/aes-gcm-fold.circom b/circuits/aes-gcm/aes-gcm-fold.circom
index d01eb42..2c9808b 100644
--- a/circuits/aes-gcm/aes-gcm-fold.circom
+++ b/circuits/aes-gcm/aes-gcm-fold.circom
@@ -7,7 +7,8 @@ include "./utils.circom";
 template AESGCMFOLD(INPUT_LEN) {
     assert(INPUT_LEN % 16 == 0);
 
-    var DATA_BYTES = (INPUT_LEN * 2) + 5;
+    var DATA_BYTES = (INPUT_LEN * 2) + 4;
+    log(DATA_BYTES);
 
     signal input key[16];
     signal input iv[12];
@@ -17,10 +18,22 @@ template AESGCMFOLD(INPUT_LEN) {
     // step_in[0..INPUT_LEN] => accumulate plaintext blocks
     // step_in[INPUT_LEN..INPUT_LEN*2]  => accumulate ciphertext blocks
     // step_in[INPUT_LEN*2..INPUT_LEN*2+4]  => lastCounter
-    // step_in[INPUT_LEN*2+5]     => foldedBlocks // TODO(WJ 2024-10-24): technically not needed if can read 4 bytes as a 32 bit number, Can do this easy with bits2num
     signal input step_in[DATA_BYTES]; 
     signal output step_out[DATA_BYTES];
-    signal counter <== step_in[INPUT_LEN*2 + 4];
+    signal counter;
+
+    // We extract the number from the 4 byte word counter
+    component last_counter_bits = BytesToBits(4);
+    for(var i = 0; i < 4; i ++) {
+        last_counter_bits.in[i] <== step_in[INPUT_LEN*2 + i];
+    }
+    component last_counter_num = Bits2Num(32);
+    // pass in reverse order
+    for (var i = 0; i< 32; i++){
+        last_counter_num.in[i] <== last_counter_bits.out[31 - i];
+    }
+
+    counter <== last_counter_num.out - 1;
 
     // write new plain text block.
     signal plainTextAccumulator[DATA_BYTES];    
@@ -55,12 +68,5 @@ template AESGCMFOLD(INPUT_LEN) {
     writeCounter.array_to_write_to <== cipherTextAccumulator;
     writeCounter.array_to_write_at_index <== aes.counter;
     writeCounter.index <== INPUT_LEN*2;
-    writeCounter.out ==> counterAccumulator;
-
-    // accumulate number of folded blocks
-    component writeNumberOfFoldedBlocks = WriteToIndex(DATA_BYTES, 1);
-    writeNumberOfFoldedBlocks.array_to_write_to <== counterAccumulator;
-    writeNumberOfFoldedBlocks.array_to_write_at_index <== [step_in[INPUT_LEN*2 + 4] + 1];
-    writeNumberOfFoldedBlocks.index <== INPUT_LEN*2 + 4;
-    writeNumberOfFoldedBlocks.out ==> step_out;
+    writeCounter.out ==> step_out;
 }
\ No newline at end of file
diff --git a/circuits/test/aes-gcm/aes-gcm-fold.test.ts b/circuits/test/aes-gcm/aes-gcm-fold.test.ts
index d8ef052..fb6dadb 100644
--- a/circuits/test/aes-gcm/aes-gcm-fold.test.ts
+++ b/circuits/test/aes-gcm/aes-gcm-fold.test.ts
@@ -18,12 +18,10 @@ describe("aes-gcm-fold", () => {
         let aad       = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
         let ct        = [0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78];
 
-        const counter = [0x00, 0x00, 0x00, 0x01];
-        const foldedBlocks = [0x00];
-        const step_in = new Array(32).fill(0x00).concat(counter).concat(foldedBlocks); 
-
-        let expected = plainText.concat(ct).concat([0x00, 0x00, 0x00, 0x02]).concat([0x01]);
+        const counter = [0x00, 0x00, 0x00, 0x01];        
+        const step_in = new Array(32).fill(0x00).concat(counter); 
 
+        let expected = plainText.concat(ct).concat([0x00, 0x00, 0x00, 0x02]);
         const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, step_in: step_in }, ["step_out"])
         assert.deepEqual(witness.step_out, expected.map(BigInt));
     });
@@ -34,7 +32,6 @@ describe("aes-gcm-fold", () => {
             template: "AESGCMFOLD",
             params: [16], // input len is 16 bytes
         });
-
         
         let key       = [0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31];
         let plainText = [0x74, 0x65, 0x73, 0x74, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30];
@@ -43,10 +40,9 @@ describe("aes-gcm-fold", () => {
         let ct        = [0x29, 0x29, 0xd2, 0xbb, 0x1a, 0xe9, 0x48, 0x04, 0x40, 0x2b, 0x8e, 0x77, 0x6e, 0x0d, 0x33, 0x56];
 
         const counter = [0x00, 0x00, 0x00, 0x01];
-        const foldedBlocks = [0x00];
-        const step_in = new Array(32).fill(0x00).concat(counter).concat(foldedBlocks); 
+        const step_in = new Array(32).fill(0x00).concat(counter); 
 
-        let expected = plainText.concat(ct).concat([0x00, 0x00, 0x00, 0x02]).concat([0x01]);
+        let expected = plainText.concat(ct).concat([0x00, 0x00, 0x00, 0x02]);
 
         const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, step_in: step_in }, ["step_out"])
         assert.deepEqual(witness.step_out, expected.map(BigInt));
@@ -71,9 +67,8 @@ describe("aes-gcm-fold", () => {
         let ct_part2 = [0x26, 0x75, 0x65, 0x30, 0x71, 0x3e, 0x4c, 0x06, 0x5a, 0xf1, 0xd3, 0xc4, 0xf5, 0x6e, 0x02, 0x04];
 
         const counter = [0x00, 0x00, 0x00, 0x01];
-        const foldedBlocks = [0x00];
-        const step_in = new Array(64).fill(0x00).concat(counter).concat(foldedBlocks); 
-        let expected = plainText1.concat(zero_block).concat(ct_part1).concat(zero_block).concat([0x00, 0x00, 0x00, 0x02]).concat([0x01]);
+        const step_in = new Array(64).fill(0x00).concat(counter); 
+        let expected = plainText1.concat(zero_block).concat(ct_part1).concat(zero_block).concat([0x00, 0x00, 0x00, 0x02]);
 
         const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText1, aad: aad, step_in: step_in }, ["step_out"])
         assert.deepEqual(witness.step_out, expected.map(BigInt));
@@ -96,9 +91,8 @@ describe("aes-gcm-fold", () => {
         let ct_part2 = [0x26, 0x75, 0x65, 0x30, 0x71, 0x3e, 0x4c, 0x06, 0x5a, 0xf1, 0xd3, 0xc4, 0xf5, 0x6e, 0x02, 0x04];
 
         const counter = [0x00, 0x00, 0x00, 0x02];
-        const foldedBlocks = [0x01];
-        const step_in = plainText1.concat(zero_block).concat(ct_part1).concat(zero_block).concat(counter).concat(foldedBlocks); 
-        let expected = plainText1.concat(plainText2).concat(ct_part1).concat(ct_part2).concat([0x00, 0x00, 0x00, 0x03]).concat([0x02]);
+        const step_in = plainText1.concat(zero_block).concat(ct_part1).concat(zero_block).concat(counter); 
+        let expected = plainText1.concat(plainText2).concat(ct_part1).concat(ct_part2).concat([0x00, 0x00, 0x00, 0x03]);
 
         const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText2, aad: aad, step_in: step_in }, ["step_out"])
         assert.deepEqual(witness.step_out, expected.map(BigInt));