diff --git a/builds/target_1024b/http_nivc_1024b.circom b/builds/target_1024b/http_nivc_1024b.circom index 69a9fe7..68ed7dd 100644 --- a/builds/target_1024b/http_nivc_1024b.circom +++ b/builds/target_1024b/http_nivc_1024b.circom @@ -2,4 +2,4 @@ pragma circom 2.1.9; include "../../circuits/http/nivc/http_nivc.circom"; -component main { public [step_in] } = HttpNIVC(1024, 5); +component main { public [step_in] } = HttpNIVC(1024, 25); diff --git a/builds/target_512b/http_nivc_512b.circom b/builds/target_512b/http_nivc_512b.circom index 5fda566..a202b7d 100644 --- a/builds/target_512b/http_nivc_512b.circom +++ b/builds/target_512b/http_nivc_512b.circom @@ -2,4 +2,4 @@ pragma circom 2.1.9; include "../../circuits/http/nivc/http_nivc.circom"; -component main { public [step_in] } = HttpNIVC(512, 5); +component main { public [step_in] } = HttpNIVC(512, 10); diff --git a/circuits/aes-gcm/nivc/aes-gctr-nivc.circom b/circuits/aes-gcm/nivc/aes-gctr-nivc.circom index 76e815e..c8ce9dd 100644 --- a/circuits/aes-gcm/nivc/aes-gctr-nivc.circom +++ b/circuits/aes-gcm/nivc/aes-gctr-nivc.circom @@ -38,6 +38,14 @@ template AESGCTRFOLD(NUM_CHUNKS) { for(var i = 0 ; i < NUM_CHUNKS ; i++) { computedCipherText[i] = aes[i].cipherText; } + + // verify that ciphertext supplied as private input match the computed one + signal matchedCiphertext[NUM_CHUNKS]; + for (var i = 0 ; i < NUM_CHUNKS ; i++) { + matchedCiphertext[i] <== IsEqualArray(16)([cipherText[i], aes[i].cipherText]); + matchedCiphertext[i] === 1; + } + signal packedCiphertext[NUM_CHUNKS] <== GenericBytePackArray(NUM_CHUNKS, 16)(cipherText); signal packedComputedCiphertext[NUM_CHUNKS] <== GenericBytePackArray(NUM_CHUNKS, 16)(computedCipherText); signal packedPlaintext[NUM_CHUNKS] <== GenericBytePackArray(NUM_CHUNKS, 16)(plainText); @@ -48,7 +56,7 @@ template AESGCTRFOLD(NUM_CHUNKS) { signal ciphertext_option[NUM_CHUNKS]; signal ciphertext_equal_check[NUM_CHUNKS]; for(var i = 0 ; i < NUM_CHUNKS; i++) { - plaintext_input_was_zero_chunk[i] <== IsZero()(packedPlaintext[i]); + plaintext_input_was_zero_chunk[i] <== IsZero()(packedPlaintext[i]); ciphertext_input_was_zero_chunk[i] <== IsZero()(packedCiphertext[i]); both_input_chunks_were_zero[i] <== plaintext_input_was_zero_chunk[i] * ciphertext_input_was_zero_chunk[i]; ciphertext_option[i] <== (1 - both_input_chunks_were_zero[i]) * packedComputedCiphertext[i]; diff --git a/circuits/test/aes-gcm/nivc/aes-gctr-nivc.test.ts b/circuits/test/aes-gcm/nivc/aes-gctr-nivc.test.ts index 28f1faf..d44afa4 100644 --- a/circuits/test/aes-gcm/nivc/aes-gctr-nivc.test.ts +++ b/circuits/test/aes-gcm/nivc/aes-gctr-nivc.test.ts @@ -18,12 +18,12 @@ describe("aes-gctr-nivc", () => { let plainText = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; let iv = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; let aad = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; - // let ct = [0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78]; + let ct = [0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78]; const ctr = [0x00, 0x00, 0x00, 0x01]; const step_in = 0; - const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, ctr: ctr, cipherText: plainText, step_in: step_in }, ["step_out"]) + const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: plainText, aad: aad, ctr: ctr, cipherText: ct, step_in: step_in }, ["step_out"]) console.log(witness.step_out); assert.deepEqual(witness.step_out, BigInt(0)); }); @@ -55,6 +55,9 @@ describe("aes-gctr-nivc", () => { let aad = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; let ct_part1 = [0x29, 0x29, 0xd2, 0xbb, 0x1a, 0xe9, 0x48, 0x04, 0x40, 0x2b, 0x8e, 0x77, 0x6e, 0x0d, 0x33, 0x56]; let ct_part2 = [0x26, 0x75, 0x65, 0x30, 0x71, 0x3e, 0x4c, 0x06, 0x5a, 0xf1, 0xd3, 0xc4, 0xf5, 0x6e, 0x02, 0x04]; + // 2929d2bb1ae94804402b8e776e0d3356 + // 52101644195b206a35c1e3f4c55e3234 + // be0fe3e07b837d0103332436f8f0bbd it("all correct for self generated two block case first fold", async () => { circuit_one_block = await circomkit.WitnessTester("aes-gcm-fold", { @@ -112,8 +115,9 @@ describe("aes-gctr-nivc", () => { const ctr_0 = [0x00, 0x00, 0x00, 0x01]; const step_in_0 = 0; let zero_chunk = Array(16).fill(0); + let zero_ct = [0x52, 0x10, 0x16, 0x44, 0x19, 0x5b, 0x20, 0x6a, 0x35, 0xc1, 0xe3, 0xf4, 0xc5, 0x5e, 0x32, 0x34]; - const witness = await circuit_two_block.compute({ key: key, iv: iv, aad: aad, ctr: ctr_0, plainText: [plainText1, zero_chunk], cipherText: [ct_part1, zero_chunk], step_in: step_in_0 }, ["step_out"]) + const witness = await circuit_two_block.compute({ key: key, iv: iv, aad: aad, ctr: ctr_0, plainText: [plainText1, zero_chunk], cipherText: [ct_part1, zero_ct], step_in: step_in_0 }, ["step_out"]) let hash_0 = PoseidonModular([step_in_0, bytesToBigInt(plainText1)]); assert.deepEqual(witness.step_out, hash_0); }); diff --git a/package-lock.json b/package-lock.json index b4e8631..512bfea 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "web-prover-circuits", - "version": "0.2.5", + "version": "0.5.7", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "web-prover-circuits", - "version": "0.2.5", + "version": "0.5.7", "license": "Apache-2.0", "dependencies": { "@zk-email/circuits": "^6.1.1", diff --git a/package.json b/package.json index 2094b0c..15810f0 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "web-prover-circuits", "description": "ZK Circuits for WebProofs", - "version": "0.5.6", + "version": "0.5.7", "license": "Apache-2.0", "repository": { "type": "git",