working AES out

pluto · Nov 7, 2024 · 0852d17 · 0852d17
1 parent f6a9735
commit 0852d17
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 54 deletions.
diff --git a/circuits/aes-gcm/nivc/aes-gctr-nivc.circom b/circuits/aes-gcm/nivc/aes-gctr-nivc.circom
@@ -4,11 +4,10 @@ include "gctr-nivc.circom";
 include "../../utils/array.circom";
 include "../../utils/hash.circom";
 
-
 // Compute AES-GCTR
 template AESGCTRFOLD(DATA_BYTES) {
     assert(DATA_BYTES % 16 == 0);
-    
+
     signal input key[16];
     signal input iv[12];
     signal input aad[16];
@@ -27,7 +26,7 @@ template AESGCTRFOLD(DATA_BYTES) {
 
     var packedPlaintext = 0;
     for(var i = 0 ; i < 16 ; i++) {
-        packedPlaintext += plainText[i] * 2**i;
+        packedPlaintext += plainText[i] * 2**(8*i);
     }
     step_out[0] <== PoseidonChainer()([step_in[0],packedPlaintext]);
 }

diff --git a/circuits/test/aes-gcm/nivc/aes-gctr-nivc.test.ts b/circuits/test/aes-gcm/nivc/aes-gctr-nivc.test.ts
@@ -1,13 +1,22 @@
 import { assert } from "chai";
 import { WitnessTester } from "circomkit";
 import { circomkit } from "../../common";
+import { PoseidonModular } from "../../common/poseidon";
 
-describe("aes-gctr-nivc", () => {
-    let circuit_one_block: WitnessTester<["key", "iv", "plainText", "aad", "step_in"], ["step_out"]>;
+function bytesToBigInt(bytes: number[] | Uint8Array): bigint {
+    let result = BigInt(0);
+
+    for (let i = 0; i < 16; i++) {
+        result += BigInt(bytes[i]) * BigInt(2 ** (8 * i));
+    }
 
+    return result;
+}
+
+describe("aes-gctr-nivc", () => {
+    let circuit_one_block: WitnessTester<["key", "iv", "plainText", "aad", "ctr", "step_in"], ["step_out"]>;
 
     const DATA_BYTES_0 = 16;
-    const TOTAL_BYTES_ACROSS_NIVC_0 = DATA_BYTES_0 + 4;
 
     it("all correct for self generated single zero pt block case", async () => {
         circuit_one_block = await circomkit.WitnessTester("aes-gcm-fold", {
@@ -20,19 +29,13 @@ describe("aes-gctr-nivc", () => {
         let plainText = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
         let iv = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
         let aad = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
-        let ct = [0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78];
+        // let ct = [0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78];
 
-        const counter = [0x00, 0x00, 0x00, 0x01];
-        const step_in = new Array(TOTAL_BYTES_ACROSS_NIVC_0).fill(0x00);
-        counter.forEach((value, index) => {
-            step_in[DATA_BYTES_0 + index] = value;
-        });
-
-        const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, step_in: step_in }, ["step_out"])
+        const ctr = [0x00, 0x00, 0x00, 0x01];
+        const step_in = 0;
 
-        let packed = plainText.map((x, i) => x + (ct[i] * 256));
-        let expected = [...packed, 0x00, 0x00, 0x00, 0x02];
-        assert.deepEqual(witness.step_out, expected.map(BigInt));
+        const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, ctr: ctr, step_in: step_in }, ["step_out"])
+        assert.deepEqual(witness.step_out, PoseidonModular([step_in, bytesToBigInt(plainText)]));
     });
 
     it("all correct for self generated single non zero pt block", async () => {
@@ -46,33 +49,24 @@ describe("aes-gctr-nivc", () => {
         let plainText = [0x74, 0x65, 0x73, 0x74, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30];
         let iv = [0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31];
         let aad = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
-        let ct = [0x29, 0x29, 0xd2, 0xbb, 0x1a, 0xe9, 0x48, 0x04, 0x40, 0x2b, 0x8e, 0x77, 0x6e, 0x0d, 0x33, 0x56];
+        // let ct = [0x29, 0x29, 0xd2, 0xbb, 0x1a, 0xe9, 0x48, 0x04, 0x40, 0x2b, 0x8e, 0x77, 0x6e, 0x0d, 0x33, 0x56];
 
-        const counter = [0x00, 0x00, 0x00, 0x01];
-        const step_in = new Array(TOTAL_BYTES_ACROSS_NIVC_0).fill(0x00);
-        counter.forEach((value, index) => {
-            step_in[DATA_BYTES_0 + index] = value;
-        });
+        const ctr = [0x00, 0x00, 0x00, 0x01];
+        const step_in = 0;
 
-        const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, step_in: step_in }, ["step_out"])
-
-        let packed = plainText.map((x, i) => x + (ct[i] * 256));
-        let expected = [...packed, 0x00, 0x00, 0x00, 0x02];
-        assert.deepEqual(witness.step_out, expected.map(BigInt));
+        const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, ctr: ctr, step_in: step_in }, ["step_out"])
+        assert.deepEqual(witness.step_out, PoseidonModular([step_in, bytesToBigInt(plainText)]));
     });
 
     const DATA_BYTES_1 = 32;
-    const TOTAL_BYTES_ACROSS_NIVC_1 = DATA_BYTES_1 + 4;
-
 
-    let zero_block = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
     let key = [0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31];
     let plainText1 = [0x74, 0x65, 0x73, 0x74, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30];
     let plainText2 = [0x74, 0x65, 0x73, 0x74, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30];
     let iv = [0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31];
     let aad = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
-    let ct_part1 = [0x29, 0x29, 0xd2, 0xbb, 0x1a, 0xe9, 0x48, 0x04, 0x40, 0x2b, 0x8e, 0x77, 0x6e, 0x0d, 0x33, 0x56];
-    let ct_part2 = [0x26, 0x75, 0x65, 0x30, 0x71, 0x3e, 0x4c, 0x06, 0x5a, 0xf1, 0xd3, 0xc4, 0xf5, 0x6e, 0x02, 0x04];
+    // let ct_part1 = [0x29, 0x29, 0xd2, 0xbb, 0x1a, 0xe9, 0x48, 0x04, 0x40, 0x2b, 0x8e, 0x77, 0x6e, 0x0d, 0x33, 0x56];
+    // let ct_part2 = [0x26, 0x75, 0x65, 0x30, 0x71, 0x3e, 0x4c, 0x06, 0x5a, 0xf1, 0xd3, 0xc4, 0xf5, 0x6e, 0x02, 0x04];
 
     it("all correct for self generated two block case first fold", async () => {
         circuit_one_block = await circomkit.WitnessTester("aes-gcm-fold", {
@@ -81,17 +75,11 @@ describe("aes-gctr-nivc", () => {
             params: [DATA_BYTES_1], // input len is 32 bytes
         });
 
-        const counter = [0x00, 0x00, 0x00, 0x01];
-        const step_in = new Array(TOTAL_BYTES_ACROSS_NIVC_1).fill(0x00);
-        counter.forEach((value, index) => {
-            step_in[DATA_BYTES_1 + index] = value;
-        });
-
-        const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText1, aad: aad, step_in: step_in }, ["step_out"])
+        const ctr = [0x00, 0x00, 0x00, 0x01];
+        const step_in = 0;
 
-        let packed1 = plainText1.map((x, i) => x + (ct_part1[i] * 256));
-        let expected = packed1.concat(zero_block).concat([0x00, 0x00, 0x00, 0x02]);
-        assert.deepEqual(witness.step_out, expected.map(BigInt));
+        const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText1, aad: aad, ctr: ctr, step_in: step_in }, ["step_out"])
+        assert.deepEqual(witness.step_out, PoseidonModular([step_in, bytesToBigInt(plainText1)]));
     });
 
     it("all correct for self generated two block case second fold", async () => {
@@ -101,15 +89,12 @@ describe("aes-gctr-nivc", () => {
             params: [DATA_BYTES_1], // input len is 32 bytes
         });
 
-        let packed1 = plainText1.map((x, i) => x + (ct_part1[i] * 256));
-        let packed2 = plainText2.map((x, i) => x + (ct_part2[i] * 256));
-        let step_in = packed1.concat(zero_block).concat([0x00, 0x00, 0x00, 0x02]);
-        step_in = step_in.concat(new Array(TOTAL_BYTES_ACROSS_NIVC_1 - step_in.length).fill(0));
-
-
-        let expected = packed1.concat(packed2).concat([0x00, 0x00, 0x00, 0x03]);
+        const ctr_0 = [0x00, 0x00, 0x00, 0x01];
+        const ctr_1 = [0x00, 0x00, 0x00, 0x02];
+        const step_in_0 = 0;
 
-        const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText2, aad: aad, step_in: step_in }, ["step_out"])
-        assert.deepEqual(witness.step_out, expected.map(BigInt));
+        const witness_0 = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText1, aad: aad, ctr: ctr_0, step_in: step_in_0 }, ["step_out"])
+        const witness_1 = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText2, aad: aad, ctr: ctr_1, step_in: witness_0.step_out }, ["step_out"])
+        assert.deepEqual(witness_1.step_out, PoseidonModular([BigInt(witness_0.step_out.toString()), bytesToBigInt(plainText2)]));
     });
 });
diff --git a/circuits/test/utils/hash.test.ts b/circuits/test/utils/hash.test.ts
@@ -61,10 +61,10 @@ describe("hash", () => {
 
         it("witness: in = [69,420]", async () => {
             const input = [69, 420];
-
+            const hash = PoseidonModular(input);
             await circuit.expectPass(
                 { in: input },
-                { out: "1151215739047799093319595745775265667199521703808900505592836422736499172874" }
+                { out: hash }
             );
         });
     });