feat: generic chunked AES NIVC

pluto · Nov 13, 2024 · e18a2b7 · e18a2b7
1 parent 73260ab
commit e18a2b7
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 19 deletions.
diff --git a/builds/target_512b/aes_gctr_nivc_512b.circom b/builds/target_512b/aes_gctr_nivc_512b.circom
@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../../circuits/aes-gcm/nivc/aes-gctr-nivc.circom";
 
-component main { public [step_in] } = AESGCTRFOLD();
+component main { public [step_in] } = AESGCTRFOLD(4);
diff --git a/circuits/aes-gcm/nivc/aes-gctr-nivc.circom b/circuits/aes-gcm/nivc/aes-gctr-nivc.circom
@@ -5,35 +5,57 @@ include "../../utils/array.circom";
 include "../../utils/hash.circom";
 
 // Compute AES-GCTR
-template AESGCTRFOLD() {
+template AESGCTRFOLD(NUM_CHUNKS) {
     signal input key[16];
     signal input iv[12];
     signal input aad[16];
+
     signal input ctr[4];
-    signal input plainText[16];
 
-    signal input cipherText[16];
+    signal input plainText[NUM_CHUNKS][16];
+    signal input cipherText[NUM_CHUNKS][16];
 
     signal input step_in[1];
     signal output step_out[1];
 
-    component aes     = AESGCTRFOLDABLE();
-    aes.key         <== key;
-    aes.iv          <== iv;
-    aes.aad         <== aad;
-    aes.plainText   <== plainText;
-    aes.lastCounter <== ctr;
-
-    signal ciphertext_equal_check[16];
-    for(var i = 0 ; i < 16 ; i++) {
-        ciphertext_equal_check[i] <== IsEqual()([aes.cipherText[i], cipherText[i]]);
-        ciphertext_equal_check[i] === 1;
+    component aes[NUM_CHUNKS];
+    for(var i = 0 ; i < NUM_CHUNKS ; i++) {
+        aes[i]            = AESGCTRFOLDABLE();
+        if( i == 0) {
+            aes[i].plainText   <== plainText[i];
+            aes[i].lastCounter <== ctr;
+        } else {
+            aes[i].plainText   <== plainText[i];
+            aes[i].lastCounter <== aes[i - 1].counter;
+        }
+        aes[i].key         <== key;
+        aes[i].iv          <== iv;
+        aes[i].aad         <== aad;
+    }
+
+    signal ciphertext_equal_check[NUM_CHUNKS][16];
+    for(var i = 0 ; i < NUM_CHUNKS; i++) {
+        for(var j = 0 ; j < 16 ; j++) {
+            ciphertext_equal_check[i][j] <== IsEqual()([aes[i].cipherText[j], cipherText[i][j]]);
+            ciphertext_equal_check[i][j] === 1;
+        }
     }
 
 
-    var packedPlaintext = 0;
-    for(var i = 0 ; i < 16 ; i++) {
-        packedPlaintext += plainText[i] * 2**(8*i);
+    var packedPlaintext[NUM_CHUNKS];
+    for(var i = 0 ; i < NUM_CHUNKS ; i++) {
+        packedPlaintext[i] = 0;
+        for(var j = 0 ; j < 16 ; j++) {
+            packedPlaintext[i] += plainText[i][j] * 2**(8*j);
+        }
+    }
+    var hash = 0;
+    for(var i = 0 ; i < NUM_CHUNKS ; i++) {
+        if(i == 0) {
+            hash = PoseidonChainer()([step_in[0],packedPlaintext[i]]);
+        } else {
+            hash = PoseidonChainer()([hash, packedPlaintext[i]]);
+        }
     }
-    step_out[0] <== PoseidonChainer()([step_in[0],packedPlaintext]);
+    step_out[0] <== hash;
 }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,4 +2,4 @@ pragma circom 2.1.9;

		include "../../circuits/aes-gcm/nivc/aes-gctr-nivc.circom";

		component main { public [step_in] } = AESGCTRFOLD();
		component main { public [step_in] } = AESGCTRFOLD(4);