Skip to content

Commit

Permalink
Fix/http verification (#85)
Browse files Browse the repository at this point in the history
* fix: `zeroed_data` for `data_digest` in `http_verification`

* add test for 1024
  • Loading branch information
lonerapier authored Dec 17, 2024
1 parent 218d14f commit 12ced74
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 19 deletions.
3 changes: 1 addition & 2 deletions circuits/chacha20/authentication.circom
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ template PlaintextAuthentication(DATA_BYTES) {

component toCiphertextBytes[DATA_BYTES / 4];
signal bigEndianCiphertext[DATA_BYTES];

for (var i = 0 ; i < DATA_BYTES / 4 ; i++) {
toCiphertextBytes[i] = fromLittleEndianToWords32();
for (var j = 0 ; j < 32 ; j++) {
Expand All @@ -151,7 +151,6 @@ template PlaintextAuthentication(DATA_BYTES) {
}
signal plaintext_digest <== PolynomialDigest(DATA_BYTES)(zeroed_plaintext, ciphertext_digest);
signal plaintext_digest_hashed <== Poseidon(1)([plaintext_digest]);

// TODO: I'm not sure we need to subtract the CT digest
step_out[0] <== step_in[0] - ciphertext_digest + plaintext_digest_hashed;
}
8 changes: 4 additions & 4 deletions circuits/http/verification.circom
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ include "../utils/hash.circom";
template HTTPVerification(DATA_BYTES, MAX_NUMBER_OF_HEADERS) {
signal input step_in[1];
signal output step_out[1];

signal input ciphertext_digest;

signal input data[DATA_BYTES];
Expand Down Expand Up @@ -49,7 +49,7 @@ template HTTPVerification(DATA_BYTES, MAX_NUMBER_OF_HEADERS) {
}

signal main_monomials[DATA_BYTES];
main_monomials[0] <== 1;
main_monomials[0] <== 1;

signal is_line_change[DATA_BYTES-1];
signal was_cleared[DATA_BYTES-1];
Expand Down Expand Up @@ -95,7 +95,7 @@ template HTTPVerification(DATA_BYTES, MAX_NUMBER_OF_HEADERS) {
body_accum[i + 1] <== body_accum[i] + State[i + 1].parsing_body;
body_switch[i] <== IsEqual()([body_accum[i + 1], 1]);
body_monomials[i + 1] <== body_monomials[i] * ciphertext_digest + body_switch[i];
body_digest[i + 1] <== body_digest[i] + body_monomials[i + 1] * data[i + 1];
body_digest[i + 1] <== body_digest[i] + body_monomials[i + 1] * zeroed_data[i + 1];
}

// Verify machine ends in a valid state
Expand All @@ -117,6 +117,6 @@ template HTTPVerification(DATA_BYTES, MAX_NUMBER_OF_HEADERS) {
main_digests_hashed[i] <== (1 - not_contained[i]) * option_hash[i];
accumulated_main_digests_hashed += main_digests_hashed[i];
}

step_out[0] <== step_in[0] + body_digest_hashed - accumulated_main_digests_hashed - data_digest_hashed; // TODO: data_digest is really plaintext_digest from before, consider changing names
}
42 changes: 29 additions & 13 deletions circuits/test/full/full.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -23,17 +23,14 @@ import { poseidon1 } from "poseidon-lite";

// 320 bytes in the HTTP response

const DATA_BYTES = 320;
const MAX_NUMBER_OF_HEADERS = 2;
const MAX_STACK_HEIGHT = 5;
const DATA_BYTES = 1024;
const MAX_NUMBER_OF_HEADERS = 25;
const MAX_STACK_HEIGHT = 10;

// These `check_*` are currently from Rust to ensure we have parity
const check_ciphertext_digest = BigInt("5947802862726868637928743536818722886587721698845887498686185738472802646104");
const check_init_nivc_input = BigInt("10288873638660630335427615297930270928433661836597941144520949467184902553219");

const [ciphertext_digest, init_nivc_input] = InitialDigest(MockManifest(), http_response_ciphertext, MAX_STACK_HEIGHT);
assert.deepEqual(ciphertext_digest, check_ciphertext_digest);
assert.deepEqual(init_nivc_input, check_init_nivc_input);

describe("Example NIVC Proof", async () => {
let PlaintextAuthentication: WitnessTester<["step_in", "plaintext", "key", "nonce", "counter"], ["step_out"]>;
Expand Down Expand Up @@ -62,17 +59,28 @@ describe("Example NIVC Proof", async () => {

it("Spotify Example", async () => {
// Run PlaintextAuthentication

let http_response_padded = http_response_plaintext.concat(Array(DATA_BYTES - http_response_plaintext.length).fill(-1));
let http_response_0_padded = http_response_plaintext.concat(Array(DATA_BYTES - http_start_line.length).fill(0));
let ciphertext_padded = http_response_ciphertext.concat(Array(DATA_BYTES - http_response_ciphertext.length).fill(-1));


const [ciphertext_digest, init_nivc_input] = InitialDigest(MockManifest(), ciphertext_padded, MAX_STACK_HEIGHT);
assert.deepEqual(ciphertext_digest, check_ciphertext_digest);
assert.deepEqual(init_nivc_input, check_init_nivc_input);

const counterBits = uintArray32ToBits([1])[0]
const keyIn = toInput(Buffer.from(Array(32).fill(0)));
const nonceIn = toInput(Buffer.from([0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x00, 0x00, 0x00]));
let plaintext_authentication = await PlaintextAuthentication.compute({
step_in: init_nivc_input,
plaintext: http_response_plaintext,
plaintext: http_response_padded,
key: keyIn,
nonce: nonceIn,
counter: counterBits,
}, ["step_out"]);
const http_response_plaintext_digest = PolynomialDigest(http_response_plaintext, ciphertext_digest);

const http_response_plaintext_digest = PolynomialDigest(http_response_0_padded, ciphertext_digest);
const http_response_plaintext_digest_hashed = poseidon1([http_response_plaintext_digest]);
const correct_plaintext_authentication_step_out = modAdd(init_nivc_input - ciphertext_digest, http_response_plaintext_digest_hashed);
assert.deepEqual(plaintext_authentication.step_out, correct_plaintext_authentication_step_out);
Expand All @@ -81,17 +89,25 @@ describe("Example NIVC Proof", async () => {
const start_line_digest = PolynomialDigest(http_start_line, ciphertext_digest);
const header_0_digest = PolynomialDigest(http_header_0, ciphertext_digest);
const header_1_digest = PolynomialDigest(http_header_1, ciphertext_digest);
const padded_http_body = http_body.concat(Array(320 - http_body.length).fill(-1));

let main_digests = Array(MAX_NUMBER_OF_HEADERS + 1).fill(0);
main_digests[0] = start_line_digest;
main_digests[1] = header_0_digest;
main_digests[2] = header_1_digest;

let step_in = BigInt(plaintext_authentication.step_out.toString(10));
let http_verification = await HTTPVerification.compute({
step_in,
ciphertext_digest,
data: http_response_plaintext,
main_digests: [start_line_digest, header_0_digest, header_1_digest],
data: http_response_padded,
main_digests,
}, ["step_out"]);
// (autoparallel) This next line gives me an aneurysm

const padded_http_body = http_body.concat(Array(DATA_BYTES - http_body.length).fill(0));
let http_verification_step_out = BigInt((http_verification.step_out as number[])[0]);
const body_digest_hashed = poseidon1([PolynomialDigest(http_body, ciphertext_digest)]);
let body_digest = PolynomialDigest(http_body, ciphertext_digest);

const body_digest_hashed = poseidon1([body_digest]);
const start_line_digest_digest_hashed = poseidon1([start_line_digest]);
const header_0_digest_hashed = poseidon1([header_0_digest]);
const header_1_digest_hashed = poseidon1([header_1_digest]);
Expand Down

0 comments on commit 12ced74

Please sign in to comment.