From 2c03acee4b80002ac1fc9808520c9a73f06f538e Mon Sep 17 00:00:00 2001 From: Colin Roberts Date: Wed, 13 Nov 2024 15:45:45 -0700 Subject: [PATCH] fix: aes-gctr-nivc and test --- circuits/aes-gcm/nivc/aes-gctr-nivc.circom | 8 +- .../test/aes-gcm/nivc/aes-gctr-nivc.test.ts | 136 +++++++++--------- 2 files changed, 69 insertions(+), 75 deletions(-) diff --git a/circuits/aes-gcm/nivc/aes-gctr-nivc.circom b/circuits/aes-gcm/nivc/aes-gctr-nivc.circom index 84dc371..4293d88 100644 --- a/circuits/aes-gcm/nivc/aes-gctr-nivc.circom +++ b/circuits/aes-gcm/nivc/aes-gctr-nivc.circom @@ -56,12 +56,6 @@ template AESGCTRFOLD(NUM_CHUNKS) { } else { hash[i] <== PoseidonChainer()([hash[i-1], packedPlaintext[i]]); } - for(var i = 0 ; i < NUM_CHUNKS ; i++) { - if(i == 0) { - hash = PoseidonChainer()([step_in[0],packedPlaintext[i]]); - } else { - hash = PoseidonChainer()([hash, packedPlaintext[i]]); - } } - step_out[0] <== hash; + step_out[0] <== hash[NUM_CHUNKS - 1]; } diff --git a/circuits/test/aes-gcm/nivc/aes-gctr-nivc.test.ts b/circuits/test/aes-gcm/nivc/aes-gctr-nivc.test.ts index 04f9e94..c1f2de2 100644 --- a/circuits/test/aes-gcm/nivc/aes-gctr-nivc.test.ts +++ b/circuits/test/aes-gcm/nivc/aes-gctr-nivc.test.ts @@ -17,45 +17,45 @@ describe("aes-gctr-nivc", () => { let circuit_one_block: WitnessTester<["key", "iv", "plainText", "aad", "ctr", "cipherText", "step_in"], ["step_out"]>; - // it("all correct for self generated single zero pt block case", async () => { - // circuit_one_block = await circomkit.WitnessTester("aes-gcm-fold", { - // file: "aes-gcm/nivc/aes-gctr-nivc", - // template: "AESGCTRFOLD", - // params: [1] - // }); - - // let key = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; - // let plainText = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; - // let iv = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; - // let aad = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; - // let ct = [0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78]; - - // const ctr = [0x00, 0x00, 0x00, 0x01]; - // const step_in = 0; - - // const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, ctr: ctr, cipherText: ct, step_in: step_in }, ["step_out"]) - // assert.deepEqual(witness.step_out, PoseidonModular([step_in, bytesToBigInt(plainText)])); - // }); - - // it("all correct for self generated single non zero pt block", async () => { - // circuit_one_block = await circomkit.WitnessTester("aes-gcm-fold", { - // file: "aes-gcm/nivc/aes-gctr-nivc", - // template: "AESGCTRFOLD", - // params: [1] - // }); - - // let key = [0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31]; - // let plainText = [0x74, 0x65, 0x73, 0x74, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30]; - // let iv = [0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31]; - // let aad = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; - // let ct = [0x29, 0x29, 0xd2, 0xbb, 0x1a, 0xe9, 0x48, 0x04, 0x40, 0x2b, 0x8e, 0x77, 0x6e, 0x0d, 0x33, 0x56]; - - // const ctr = [0x00, 0x00, 0x00, 0x01]; - // const step_in = 0; - - // const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, ctr: ctr, cipherText: ct, step_in: step_in }, ["step_out"]) - // assert.deepEqual(witness.step_out, PoseidonModular([step_in, bytesToBigInt(plainText)])); - // }); + it("all correct for self generated single zero pt block case", async () => { + circuit_one_block = await circomkit.WitnessTester("aes-gcm-fold", { + file: "aes-gcm/nivc/aes-gctr-nivc", + template: "AESGCTRFOLD", + params: [1] + }); + + let key = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; + let plainText = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; + let iv = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; + let aad = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; + let ct = [0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78]; + + const ctr = [0x00, 0x00, 0x00, 0x01]; + const step_in = 0; + + const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, ctr: ctr, cipherText: ct, step_in: step_in }, ["step_out"]) + assert.deepEqual(witness.step_out, PoseidonModular([step_in, bytesToBigInt(plainText)])); + }); + + it("all correct for self generated single non zero pt block", async () => { + circuit_one_block = await circomkit.WitnessTester("aes-gcm-fold", { + file: "aes-gcm/nivc/aes-gctr-nivc", + template: "AESGCTRFOLD", + params: [1] + }); + + let key = [0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31]; + let plainText = [0x74, 0x65, 0x73, 0x74, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30]; + let iv = [0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31]; + let aad = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; + let ct = [0x29, 0x29, 0xd2, 0xbb, 0x1a, 0xe9, 0x48, 0x04, 0x40, 0x2b, 0x8e, 0x77, 0x6e, 0x0d, 0x33, 0x56]; + + const ctr = [0x00, 0x00, 0x00, 0x01]; + const step_in = 0; + + const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, ctr: ctr, cipherText: ct, step_in: step_in }, ["step_out"]) + assert.deepEqual(witness.step_out, PoseidonModular([step_in, bytesToBigInt(plainText)])); + }); let key = [0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31]; let plainText1 = [0x74, 0x65, 0x73, 0x74, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30]; @@ -65,35 +65,35 @@ describe("aes-gctr-nivc", () => { let ct_part1 = [0x29, 0x29, 0xd2, 0xbb, 0x1a, 0xe9, 0x48, 0x04, 0x40, 0x2b, 0x8e, 0x77, 0x6e, 0x0d, 0x33, 0x56]; let ct_part2 = [0x26, 0x75, 0x65, 0x30, 0x71, 0x3e, 0x4c, 0x06, 0x5a, 0xf1, 0xd3, 0xc4, 0xf5, 0x6e, 0x02, 0x04]; - // it("all correct for self generated two block case first fold", async () => { - // circuit_one_block = await circomkit.WitnessTester("aes-gcm-fold", { - // file: "aes-gcm/nivc/aes-gctr-nivc", - // template: "AESGCTRFOLD", - // params: [1] - // }); - - // const ctr = [0x00, 0x00, 0x00, 0x01]; - // const step_in = 0; - - // const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText1, aad: aad, ctr: ctr, cipherText: ct_part1, step_in: step_in }, ["step_out"]) - // assert.deepEqual(witness.step_out, PoseidonModular([step_in, bytesToBigInt(plainText1)])); - // }); - - // it("all correct for self generated two block case second fold", async () => { - // circuit_one_block = await circomkit.WitnessTester("aes-gcm-fold", { - // file: "aes-gcm/nivc/aes-gctr-nivc", - // template: "AESGCTRFOLD", - // params: [1] - // }); - - // const ctr_0 = [0x00, 0x00, 0x00, 0x01]; - // const ctr_1 = [0x00, 0x00, 0x00, 0x02]; - // const step_in_0 = 0; - - // const witness_0 = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText1, aad: aad, ctr: ctr_0, cipherText: ct_part1, step_in: step_in_0 }, ["step_out"]) - // const witness_1 = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText2, aad: aad, ctr: ctr_1, cipherText: ct_part2, step_in: witness_0.step_out }, ["step_out"]) - // assert.deepEqual(witness_1.step_out, PoseidonModular([BigInt(witness_0.step_out.toString()), bytesToBigInt(plainText2)])); - // }); + it("all correct for self generated two block case first fold", async () => { + circuit_one_block = await circomkit.WitnessTester("aes-gcm-fold", { + file: "aes-gcm/nivc/aes-gctr-nivc", + template: "AESGCTRFOLD", + params: [1] + }); + + const ctr = [0x00, 0x00, 0x00, 0x01]; + const step_in = 0; + + const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText1, aad: aad, ctr: ctr, cipherText: ct_part1, step_in: step_in }, ["step_out"]) + assert.deepEqual(witness.step_out, PoseidonModular([step_in, bytesToBigInt(plainText1)])); + }); + + it("all correct for self generated two block case second fold", async () => { + circuit_one_block = await circomkit.WitnessTester("aes-gcm-fold", { + file: "aes-gcm/nivc/aes-gctr-nivc", + template: "AESGCTRFOLD", + params: [1] + }); + + const ctr_0 = [0x00, 0x00, 0x00, 0x01]; + const ctr_1 = [0x00, 0x00, 0x00, 0x02]; + const step_in_0 = 0; + + const witness_0 = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText1, aad: aad, ctr: ctr_0, cipherText: ct_part1, step_in: step_in_0 }, ["step_out"]) + const witness_1 = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText2, aad: aad, ctr: ctr_1, cipherText: ct_part2, step_in: witness_0.step_out }, ["step_out"]) + assert.deepEqual(witness_1.step_out, PoseidonModular([BigInt(witness_0.step_out.toString()), bytesToBigInt(plainText2)])); + }); let circuit_two_block: WitnessTester<["key", "iv", "plainText", "aad", "ctr", "cipherText", "step_in"], ["step_out"]>; it("all correct for two folds at once", async () => {