feat: verify ciphertext (#61)

* add ciphertext matching in aes * increase http nivc max number of headers
pluto · Nov 22, 2024 · a97cc1a · a97cc1a
1 parent cabfa34
commit a97cc1a
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 9 deletions.
diff --git a/builds/target_1024b/http_nivc_1024b.circom b/builds/target_1024b/http_nivc_1024b.circom
@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../../circuits/http/nivc/http_nivc.circom";
 
-component main { public [step_in] } = HttpNIVC(1024, 5);
+component main { public [step_in] } = HttpNIVC(1024, 25);
diff --git a/builds/target_512b/http_nivc_512b.circom b/builds/target_512b/http_nivc_512b.circom
@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../../circuits/http/nivc/http_nivc.circom";
 
-component main { public [step_in] } = HttpNIVC(512, 5);
+component main { public [step_in] } = HttpNIVC(512, 10);
diff --git a/circuits/aes-gcm/nivc/aes-gctr-nivc.circom b/circuits/aes-gcm/nivc/aes-gctr-nivc.circom
@@ -38,6 +38,14 @@ template AESGCTRFOLD(NUM_CHUNKS) {
     for(var i = 0 ; i < NUM_CHUNKS ; i++) {
         computedCipherText[i] = aes[i].cipherText;
     }
+
+    // verify that ciphertext supplied as private input match the computed one
+    signal matchedCiphertext[NUM_CHUNKS];
+    for (var i = 0 ; i < NUM_CHUNKS ; i++) {
+        matchedCiphertext[i] <== IsEqualArray(16)([cipherText[i], aes[i].cipherText]);
+        matchedCiphertext[i] === 1;
+    }
+
     signal packedCiphertext[NUM_CHUNKS] <== GenericBytePackArray(NUM_CHUNKS, 16)(cipherText);
     signal packedComputedCiphertext[NUM_CHUNKS] <== GenericBytePackArray(NUM_CHUNKS, 16)(computedCipherText);
     signal packedPlaintext[NUM_CHUNKS] <== GenericBytePackArray(NUM_CHUNKS, 16)(plainText);
@@ -48,7 +56,7 @@ template AESGCTRFOLD(NUM_CHUNKS) {
     signal ciphertext_option[NUM_CHUNKS];
     signal ciphertext_equal_check[NUM_CHUNKS];
     for(var i = 0 ; i < NUM_CHUNKS; i++) {
-            plaintext_input_was_zero_chunk[i] <== IsZero()(packedPlaintext[i]);   
+            plaintext_input_was_zero_chunk[i] <== IsZero()(packedPlaintext[i]);
             ciphertext_input_was_zero_chunk[i] <== IsZero()(packedCiphertext[i]);
             both_input_chunks_were_zero[i] <== plaintext_input_was_zero_chunk[i] * ciphertext_input_was_zero_chunk[i];
             ciphertext_option[i] <== (1 - both_input_chunks_were_zero[i]) * packedComputedCiphertext[i];

diff --git a/circuits/test/aes-gcm/nivc/aes-gctr-nivc.test.ts b/circuits/test/aes-gcm/nivc/aes-gctr-nivc.test.ts
@@ -18,12 +18,12 @@ describe("aes-gctr-nivc", () => {
         let plainText = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
         let iv = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
         let aad = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
-        // let ct = [0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78];
+        let ct = [0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78];
 
         const ctr = [0x00, 0x00, 0x00, 0x01];
         const step_in = 0;
 
-        const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, ctr: ctr, cipherText: plainText, step_in: step_in }, ["step_out"])
+        const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, ctr: ctr, cipherText: ct, step_in: step_in }, ["step_out"])
         console.log(witness.step_out);
         assert.deepEqual(witness.step_out, BigInt(0));
     });
@@ -55,6 +55,9 @@ describe("aes-gctr-nivc", () => {
     let aad = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
     let ct_part1 = [0x29, 0x29, 0xd2, 0xbb, 0x1a, 0xe9, 0x48, 0x04, 0x40, 0x2b, 0x8e, 0x77, 0x6e, 0x0d, 0x33, 0x56];
     let ct_part2 = [0x26, 0x75, 0x65, 0x30, 0x71, 0x3e, 0x4c, 0x06, 0x5a, 0xf1, 0xd3, 0xc4, 0xf5, 0x6e, 0x02, 0x04];
+    // 2929d2bb1ae94804402b8e776e0d3356
+    // 52101644195b206a35c1e3f4c55e3234
+    // be0fe3e07b837d0103332436f8f0bbd
 
     it("all correct for self generated two block case first fold", async () => {
         circuit_one_block = await circomkit.WitnessTester("aes-gcm-fold", {
@@ -112,8 +115,9 @@ describe("aes-gctr-nivc", () => {
         const ctr_0 = [0x00, 0x00, 0x00, 0x01];
         const step_in_0 = 0;
         let zero_chunk = Array(16).fill(0);
+        let zero_ct = [0x52, 0x10, 0x16, 0x44, 0x19, 0x5b, 0x20, 0x6a, 0x35, 0xc1, 0xe3, 0xf4, 0xc5, 0x5e, 0x32, 0x34];
 
-        const witness = await circuit_two_block.compute({ key: key, iv: iv, aad: aad, ctr: ctr_0, plainText: [plainText1, zero_chunk], cipherText: [ct_part1, zero_chunk], step_in: step_in_0 }, ["step_out"])
+        const witness = await circuit_two_block.compute({ key: key, iv: iv, aad: aad, ctr: ctr_0, plainText: [plainText1, zero_chunk], cipherText: [ct_part1, zero_ct], step_in: step_in_0 }, ["step_out"])
         let hash_0 = PoseidonModular([step_in_0, bytesToBigInt(plainText1)]);
         assert.deepEqual(witness.step_out, hash_0);
     });

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "web-prover-circuits",
   "description": "ZK Circuits for WebProofs",
-  "version": "0.5.6",
+  "version": "0.5.7",
   "license": "Apache-2.0",
   "repository": {
     "type": "git",
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,4 +2,4 @@ pragma circom 2.1.9;

		include "../../circuits/http/nivc/http_nivc.circom";

		component main { public [step_in] } = HttpNIVC(1024, 5);
		component main { public [step_in] } = HttpNIVC(1024, 25);