Merge pull request #319 from zk-passport/refactor/circom-bigint

imports circom-bigint from node_modules
zk-passport · Jan 21, 2025 · 622edd7 · 622edd7
2 parents 34541e0 + 59c16d6
commit 622edd7
Show file tree

Hide file tree

Showing 22 changed files with 187 additions and 84 deletions.
diff --git a/circuits/circuits/dsc/dsc.circom b/circuits/circuits/dsc/dsc.circom
@@ -9,7 +9,8 @@ include "@zk-kit/binary-merkle-root.circom/src/binary-merkle-root.circom";
 include "../utils/passport/customHashers.circom";
 include "../utils/passport/signatureAlgorithm.circom";
 include "../utils/passport/signatureVerifier.circom";
-include "@zk-email/circuits/utils/bytes.circom";
+include "@openpassport/zk-email-circuits/utils/bytes.circom";
+include "../utils/crypto/bitify/bytes.circom";
 
 
 template DSC(signatureAlgorithm, n_dsc, k_dsc, n_csca, k_csca, max_cert_bytes, dscPubkeyBytesLength, nLevels) {

diff --git a/circuits/circuits/utils/crypto/bigInt/bigInt.circom b/circuits/circuits/utils/crypto/bigInt/bigInt.circom
@@ -70,7 +70,7 @@ template BigMultModP(CHUNK_SIZE, CHUNK_NUMBER_GREATER, CHUNK_NUMBER_LESS, CHUNK_
         mult2.in1 <== modulus;
     }
 
-    component isZero = BigIntIsZero(CHUNK_SIZE, CHUNK_SIZE * 2 + log_ceil_dl(CHUNK_NUMBER_MODULUS + CHUNK_NUMBER_DIV - 1), CHUNK_NUMBER_BASE - 1);
+    component isZero = BigIntIsZero(CHUNK_SIZE, CHUNK_SIZE * 2 + log_ceil(CHUNK_NUMBER_MODULUS + CHUNK_NUMBER_DIV - 1), CHUNK_NUMBER_BASE - 1);
     for (var i = 0; i < CHUNK_NUMBER_MODULUS; i++) {
         isZero.in[i] <== mult.out[i] - mult2.out[i] - mod[i];
     }

diff --git a/circuits/circuits/utils/crypto/bigInt/bigIntFunc.circom b/circuits/circuits/utils/crypto/bigInt/bigIntFunc.circom
@@ -1,39 +1,7 @@
 pragma circom 2.1.6;
-
+include "circom-bigint/circuits/bigint_func.circom";
 include "./shouldUseKaratsuba.circom";
 
-function is_negative_dl(x) {
-    return x > 10944121435919637611123202872628637544274182200208017171849102093287904247808 ? 1 : 0;
-}
-
-function div_ceil_dl(m, n) {
-    var ret = 0;
-    if (m % n == 0) {
-        ret = m \ n;
-    } else {
-        ret = m \ n + 1;
-    }
-    return ret;
-}
-
-function log_ceil_dl(n) {
-    var n_temp = n;
-    for (var i = 0; i < 254; i++) {
-        if (n_temp == 0) {
-            return i;
-        }
-        n_temp = n_temp \ 2;
-    }
-    return 254;
-}
-
-function SplitFn_dl(in, n, m) {
-    return [in % (1 << n), (in \ (1 << n)) % (1 << m)];
-}
-
-function SplitThreeFn_dl(in, n, m, k) {
-    return [in % (1 << n), (in \ (1 << n)) % (1 << m), (in \ (1 << n + m)) % (1 << k)];
-}
 
 // in is an m bit number
 // split into ceil(m/n) n-bit registers
@@ -44,7 +12,7 @@ function splitOverflowedRegister_dl(m, n, in) {
         out[i] = 0;
     }
 
-    var nRegisters = div_ceil_dl(m, n);
+    var nRegisters = div_ceil(m, n);
     var running = in;
     for (var i = 0; i < nRegisters; i++) {
         out[i] = running % (1 << n);
@@ -74,7 +42,7 @@ function getProperRepresentation_dl(m, n, k, in) {
         for (var j = 0; j < 200; j++) {
             pieces[i][j] = 0;
         }
-        if (is_negative_dl(in[i]) == 1) {
+        if (isNegative(in[i]) == 1) {
             var negPieces[200] = splitOverflowedRegister_dl(m, n, - 1 * in[i]);
             for (var j = 0; j < ceilMN; j++) {
                 pieces[i][j] =  - 1 * negPieces[j];
@@ -108,7 +76,7 @@ function getProperRepresentation_dl(m, n, k, in) {
             }
         }
 
-        if (is_negative_dl(thisRegisterValue) == 1) {
+        if (isNegative(thisRegisterValue) == 1) {
             var thisRegisterAbs =  - 1 * thisRegisterValue;
             out[registerIdx] = (1 << n) - (thisRegisterAbs % (1 << n));
             carries[registerIdx] =  - 1 * (thisRegisterAbs >> n) - 1;
@@ -121,19 +89,6 @@ function getProperRepresentation_dl(m, n, k, in) {
     return out;
 }
 
-// 1 if true, 0 if false
-function long_gt_dl(n, k, a, b) {
-    for (var i = k - 1; i >= 0; i--) {
-        if (a[i] > b[i]) {
-            return 1;
-        }
-        if (a[i] < b[i]) {
-            return 0;
-        }
-    }
-    return 0;
-}
-
 // n bits per register
 // a has k registers
 // b has k registers
@@ -293,9 +248,9 @@ function short_div_norm_dl(n, k, a, b) {
     }
 
     var mult[200] = long_scalar_mult_dl(n, k, qhat, b);
-    if (long_gt_dl(n, k + 1, mult, a) == 1) {
+    if (long_gt(n, k + 1, mult, a) == 1) {
         mult = long_sub_dl(n, k + 1, mult, b);
-        if (long_gt_dl(n, k + 1, mult, a) == 1) {
+        if (long_gt(n, k + 1, mult, a) == 1) {
             return qhat - 2;
         } else {
             return qhat - 1;
@@ -352,20 +307,20 @@ function prod_dl(n, k, a, b) {
 
     var split[200][3];
     for (var i = 0; i < 2 * k - 1; i++) {
-        split[i] = SplitThreeFn_dl(prod_val[i], n, n, n);
+        split[i] = SplitThreeFn(prod_val[i], n, n, n);
     }
 
     var carry[200];
     carry[0] = 0;
     out[0] = split[0][0];
     if (2 * k - 1 > 1) {
-        var sumAndCarry[2] = SplitFn_dl(split[0][1] + split[1][0], n, n);
+        var sumAndCarry[2] = SplitFn(split[0][1] + split[1][0], n, n);
         out[1] = sumAndCarry[0];
         carry[1] = sumAndCarry[1];
     }
     if (2 * k - 1 > 2) {
         for (var i = 2; i < 2 * k - 1; i++) {
-            var sumAndCarry[2] = SplitFn_dl(split[i][0] + split[i - 1][1] + split[i - 2][2] + carry[i - 1], n, n);
+            var sumAndCarry[2] = SplitFn(split[i][0] + split[i - 1][1] + split[i - 2][2] + carry[i - 1], n, n);
             out[i] = sumAndCarry[0];
             carry[i] = sumAndCarry[1];
         }
@@ -465,7 +420,7 @@ function mod_inv_dl(n, k, a, p) {
 
 // a, b and out are all n bits k registers
 function long_sub_mod_p_dl(n, k, a, b, p){
-    var gt = long_gt_dl(n, k, a, b);
+    var gt = long_gt(n, k, a, b);
     var tmp[200];
     if (gt){
         tmp = long_sub_dl(n, k, a, b);
@@ -503,7 +458,7 @@ function long_add_dl(CHUNK_SIZE, CHUNK_NUMBER, A, B){
     var carry = 0;
     var sum[200];
     for (var i = 0; i < CHUNK_NUMBER; i++){
-        var sumAndCarry[2] = SplitFn_dl(A[i] + B[i] + carry, CHUNK_SIZE, CHUNK_SIZE);
+        var sumAndCarry[2] = SplitFn(A[i] + B[i] + carry, CHUNK_SIZE, CHUNK_SIZE);
         sum[i] = sumAndCarry[0];
         carry = sumAndCarry[1];
     }
@@ -513,7 +468,7 @@ function long_add_dl(CHUNK_SIZE, CHUNK_NUMBER, A, B){
 
 
 function long_sub_mod_dl(CHUNK_SIZE, CHUNK_NUMBER, A, B, P) {
-    if (long_gt_dl(CHUNK_SIZE, CHUNK_NUMBER, B, A) == 1){
+    if (long_gt(CHUNK_SIZE, CHUNK_NUMBER, B, A) == 1){
         return long_add_dl(CHUNK_SIZE, CHUNK_NUMBER, A, long_sub_dl(CHUNK_SIZE,CHUNK_NUMBER,P,B));
     } else {
         return long_sub_dl(CHUNK_SIZE, CHUNK_NUMBER, A, B);
@@ -630,7 +585,7 @@ function is_karatsuba_optimal_dl(a, b){
     return 0;
 }
 
-function is_negative_chunk_dl(x, n) {
+function isNegative_chunk_dl(x, n) {
     var x2 = x;
     for (var i = 0; i < n; i++){
         x2 = x2 \ 2;
@@ -649,7 +604,7 @@ function reduce_overflow_signed_dl(n, k, k2, max_n, in){
         clone[i] = in[i];
     }
     for (var i = 0; i < k2; i++){
-        if (is_negative_chunk_dl(clone[i], max_n) == 0){
+        if (isNegative_chunk_dl(clone[i], max_n) == 0){
             out[i] = clone[i] % 2 ** n;
             clone[i + 1] += clone[i] \ 2 ** n;
         } else {
@@ -674,7 +629,7 @@ function reduce_overflow_signed_dl(n, k, k2, max_n, in){
         }
 
         for (var i = 0; i < k2; i++){
-            if (is_negative_chunk_dl(clone[i], max_n) == 0){
+            if (isNegative_chunk_dl(clone[i], max_n) == 0){
                 out[i] = clone[i] % 2 ** n;
                 clone[i + 1] += clone[i] \ 2 ** n;
             } else {

diff --git a/circuits/circuits/utils/crypto/bitify/bytes.circom b/circuits/circuits/utils/crypto/bitify/bytes.circom
@@ -0,0 +1,34 @@
+// NOTE: this circuit is unaudited and should not be used in production
+/// @title SplitBytesToWords
+/// @notice split an array of bytes into an array of words
+/// @notice useful for casting a message or modulus before RSA verification
+/// @param l: number of bytes in the input array
+/// @param n: number of bits in a word
+/// @param k: number of words
+/// @input in: array of bytes
+/// @output out: array of words
+template SplitBytesToWords (l,n,k) {
+    signal input in[l];
+    signal output out[k];
+
+    component num2bits[l];
+    for (var i = 0 ; i < l ; i++){
+        num2bits[i] = Num2Bits(8);
+        num2bits[i].in <== in[i];
+    }
+    component bits2num[k];
+    for (var i = 0 ; i < k ; i++){
+        bits2num[i] = Bits2Num(n);
+        for(var j = 0 ; j < n ; j++){
+            if(i*n + j >=  8 * l){
+                bits2num[i].in[j] <==  0;
+            }
+            else{
+                bits2num[i].in[j] <== num2bits[l - (( i * n + j) \ 8) - 1].out[ ((i * n + j) % 8)];
+            }
+        }
+    }
+    for( var i = 0 ; i< k ; i++){
+    out[i] <== bits2num[i].out;
+    }
+}
diff --git a/circuits/circuits/utils/crypto/hasher/sha2/sha224/sha224HashChunks.circom b/circuits/circuits/utils/crypto/hasher/sha2/sha224/sha224HashChunks.circom
@@ -3,7 +3,7 @@ pragma circom 2.0.0;
 include "../sha2Common.circom";
 include "../sha256/sha256Schedule.circom";
 include "../sha256/sha256Rounds.circom";
-include "@zk-email/circuits/utils/array.circom";
+include "@openpassport/zk-email-circuits/utils/array.circom";
 include "sha224InitialValue.circom";
 
 template Sha224HashChunks(MAX_BLOCKS) {

diff --git a/circuits/circuits/utils/crypto/hasher/sha2/sha384/sha384HashChunks.circom b/circuits/circuits/utils/crypto/hasher/sha2/sha384/sha384HashChunks.circom
@@ -3,7 +3,7 @@ pragma circom 2.0.0;
 include "../sha2Common.circom";
 include "../sha512/sha512Schedule.circom";
 include "../sha512/sha512Rounds.circom";
-include "@zk-email/circuits/utils/array.circom";
+include "@openpassport/zk-email-circuits/utils/array.circom";
 include "sha384InitialValue.circom";
 
 template Sha384HashChunks(MAX_BLOCKS) {

diff --git a/circuits/circuits/utils/crypto/hasher/sha2/sha512/sha512HashChunks.circom b/circuits/circuits/utils/crypto/hasher/sha2/sha512/sha512HashChunks.circom
@@ -3,7 +3,7 @@ pragma circom 2.0.0;
 include "../sha2Common.circom";
 include "sha512InitialValue.circom";
 include "sha512Schedule.circom";
-include "@zk-email/circuits/utils/array.circom";
+include "@openpassport/zk-email-circuits/utils/array.circom";
 include "sha512Rounds.circom";
 
 template Sha512HashChunks(MAX_BLOCKS) {

diff --git a/circuits/circuits/utils/crypto/hasher/shaBytes/dynamic/sha1Bytes.circom b/circuits/circuits/utils/crypto/hasher/shaBytes/dynamic/sha1Bytes.circom
@@ -2,10 +2,10 @@ pragma circom 2.1.5;
 
 include "../../sha1/sha1compression.circom";
 include "../../sha1/constants.circom";
-include "@zk-email/circuits/utils/array.circom";
+include "@openpassport/zk-email-circuits/utils/array.circom";
 include "circomlib/circuits/bitify.circom";
 
-//Adapted from @zk-email/circuits/helpers/sha.circom
+//Adapted from @openpassport/zk-email-circuits/helpers/sha.circom
 template Sha1Bytes(max_num_bytes) {
     signal input in_padded[max_num_bytes];
     signal input in_len_padded_bytes;
@@ -31,7 +31,7 @@ template Sha1Bytes(max_num_bytes) {
 
 }
 
-//Adapted from @zk-email/circuits/helpers/sha256general.circom
+//Adapted from @openpassport/zk-email-circuits/helpers/sha256general.circom
 //Sha1 template from https://github.com/dmpierre/sha1-circom/blob/fe18319cf72b9f3b83d0cea8f49a1f04482c125b/circuits/sha1.circom
 template Sha1General(maxBitsPadded) {
     assert(maxBitsPadded % 512 == 0);

diff --git a/circuits/circuits/utils/crypto/hasher/shaBytes/shaBytesDynamic.circom b/circuits/circuits/utils/crypto/hasher/shaBytes/shaBytesDynamic.circom
@@ -2,7 +2,7 @@ pragma circom 2.1.9;
 
 include "./dynamic/sha1Bytes.circom";
 include "./dynamic/sha224Bytes.circom";
-include "@zk-email/circuits/lib/sha.circom";
+include "@openpassport/zk-email-circuits/lib/sha.circom";
 include "./dynamic/sha384Bytes.circom";
 include "./dynamic/sha512Bytes.circom";
 

diff --git a/circuits/circuits/utils/crypto/merkle-trees/smt.circom b/circuits/circuits/utils/crypto/merkle-trees/smt.circom
@@ -2,7 +2,7 @@ pragma circom 2.1.9;
 
 include "circomlib/circuits/comparators.circom";
 include "circomlib/circuits/bitify.circom";
-include "@zk-email/circuits/utils/array.circom";
+include "@openpassport/zk-email-circuits/utils/array.circom";
 include "@zk-kit/binary-merkle-root.circom/src/binary-merkle-root.circom";
 include "circomlib/circuits/poseidon.circom";
 

diff --git a/circuits/circuits/utils/crypto/signature/FpPowMod.circom b/circuits/circuits/utils/crypto/signature/FpPowMod.circom
@@ -1,6 +1,6 @@
 pragma circom 2.1.9;
 
-include "@zk-email/circuits/lib/fp.circom";
+include "@openpassport/zk-email-circuits/lib/fp.circom";
 include "circomlib/circuits/bitify.circom";
 
 /// @title FpPow3Mod

diff --git a/circuits/circuits/utils/crypto/signature/rsa/verifyRsa3Pkcs1v1_5.circom b/circuits/circuits/utils/crypto/signature/rsa/verifyRsa3Pkcs1v1_5.circom
@@ -1,6 +1,6 @@
 pragma circom 2.1.9;
 
-include "@zk-email/circuits/lib/fp.circom";
+include "@openpassport/zk-email-circuits/lib/fp.circom";
 include "./pkcs1v1_5Padding.circom";
 include "../FpPowMod.circom";
 

diff --git a/circuits/circuits/utils/crypto/signature/rsa/verifyRsa65537Pkcs1v1_5.circom b/circuits/circuits/utils/crypto/signature/rsa/verifyRsa65537Pkcs1v1_5.circom
@@ -1,6 +1,6 @@
 pragma circom 2.1.9;
 
-include "@zk-email/circuits/lib/bigint.circom";
+include "@openpassport/zk-email-circuits/lib/bigint.circom";
 include "./pkcs1v1_5Padding.circom";
 include "../FpPowMod.circom";
 

diff --git a/circuits/circuits/utils/passport/computeCommitment.circom b/circuits/circuits/utils/passport/computeCommitment.circom
@@ -1,7 +1,7 @@
 pragma circom 2.1.9;
 
 include "circomlib/circuits/poseidon.circom";
-include "@zk-email/circuits/utils/bytes.circom";
+include "@openpassport/zk-email-circuits/utils/bytes.circom";
 include "./customHashers.circom";
 
 template ComputeCommitment() {

diff --git a/circuits/circuits/utils/passport/customHashers.circom b/circuits/circuits/utils/passport/customHashers.circom
@@ -4,7 +4,7 @@ include "circomlib/circuits/poseidon.circom";
 
 template CustomHasher(k) {
     signal input in[k];
-    var rounds =  div_ceil_dl(k, 16);
+    var rounds =  div_ceil(k, 16);
     assert(rounds < 17);
 
     component hash[rounds];

diff --git a/circuits/circuits/utils/passport/disclose/disclose.circom b/circuits/circuits/utils/passport/disclose/disclose.circom
@@ -1,6 +1,6 @@
 pragma circom 2.1.9;
 
-include "@zk-email/circuits/utils/bytes.circom";
+include "@openpassport/zk-email-circuits/utils/bytes.circom";
 include "../date/isOlderThan.circom";
 
 template DISCLOSE() {

diff --git a/circuits/circuits/utils/passport/disclose/proveCountryIsNotInList.circom b/circuits/circuits/utils/passport/disclose/proveCountryIsNotInList.circom
@@ -1,7 +1,7 @@
 pragma circom 2.1.5;
 
 include "circomlib/circuits/comparators.circom";
-include "@zk-email/circuits/utils/bytes.circom";
+include "@openpassport/zk-email-circuits/utils/bytes.circom";
 
 template ProveCountryIsNotInList(forbiddenCountriesListLength) {
     signal input dg1[93];

diff --git a/circuits/circuits/utils/passport/disclose/verify_commitment.circom b/circuits/circuits/utils/passport/disclose/verify_commitment.circom
@@ -1,6 +1,6 @@
 pragma circom 2.1.9;
 
-include "@zk-email/circuits/utils/bytes.circom";
+include "@openpassport/zk-email-circuits/utils/bytes.circom";
 include "@zk-kit/binary-merkle-root.circom/src/binary-merkle-root.circom";
 include "../computeCommitment.circom";
 

diff --git a/circuits/circuits/utils/passport/passportVerifier.circom b/circuits/circuits/utils/passport/passportVerifier.circom
@@ -1,7 +1,7 @@
 pragma circom 2.1.9;
 
-include "@zk-email/circuits/utils/array.circom";
-include "@zk-email/circuits/utils/bytes.circom";
+include "@openpassport/zk-email-circuits/utils/array.circom";
+include "@openpassport/zk-email-circuits/utils/bytes.circom";
 include "../crypto/hasher/shaBytes/shaBytesDynamic.circom";
 include "../crypto/hasher/hash.circom";
 include "./signatureAlgorithm.circom";

diff --git a/circuits/circuits/utils/passport/signatureVerifier.circom b/circuits/circuits/utils/passport/signatureVerifier.circom
@@ -5,7 +5,7 @@ include "../crypto/signature/rsapss/rsapss65537.circom";
 include "../crypto/signature/ecdsa/ecdsaVerifier.circom";
 include "../crypto/signature/rsa/verifyRsa3Pkcs1v1_5.circom";
 include "../crypto/signature/rsa/verifyRsa65537Pkcs1v1_5.circom";
-include "@zk-email/circuits/utils/bytes.circom";
+include "@openpassport/zk-email-circuits/utils/bytes.circom";
 
 template SignatureVerifier(signatureAlgorithm, n, k) {
     var kLengthFactor = getKLengthFactor(signatureAlgorithm);