Merge pull request #143 from costa-group/only_adding_tags

Sync from costa-group/circomlib

Author: OBrezhniev

circuits/binsum.circom

@@ -22,25 +22,6 @@
 
 // The templates and functions in this file are general and work for any prime field
 
-/*
-*** nbits(x): function that returns the number of bits that we need to represent the value x
-        - Inputs: x -> field value 
-        - Output: number of bits needed to represent x
-        
-    Example: nbits(7) = 3, nbits(10) = 4
-
-*/
-
-function nbits(a) {
-    var n = 1;
-    var r = 0;
-    while (n-1<a) {
-        r++;
-        n *= 2;
-    }
-    return r;
-}
-
 
 /*
 

circuits/bitify.circom

@@ -22,6 +22,26 @@ include "comparators.circom";
 include "aliascheck.circom";
 
 
+/*
+*** nbits(x): function that returns the number of bits that we need to represent the value x
+        - Inputs: x -> field value 
+        - Output: number of bits needed to represent x
+        
+    Example: nbits(7) = 3, nbits(10) = 4
+
+*/
+
+function nbits(a) {
+    var n = 1;
+    var r = 0;
+    while (n-1<a) {
+        r++;
+        n *= 2;
+    }
+    return r;
+}
+
+
 /*
 *** Num2Bits(n): template that transforms an input into its binary representation using n bits
         - Inputs: in -> field value

circuits/comparators.circom

@@ -291,58 +291,3 @@ template CompConstant(ct) {
     out <== num2bits.out[127];
 }
 
-/*
-*** MaxValueCheck(ct): template that receives an input, checks its value is smaller than or equal to the constant value ct given as a parameter, and returns the same input but with the tag maxvalue with value ct 
-        - Inputs: in -> field number
-        - Outputs: out -> field number 
-                          satisfies tag maxvalue with value ct
-*/
-
-template MaxValueCheck(ct){
-    signal input in;
-    signal output {maxvalue} out;
-
-    signal res <== CompConstant(ct)(Num2Bits(254)(in));
-    res === 0;
-    out.maxvalue = ct;
-    out <== in;
-}
-
-/*
-*** MinValueCheck(ct): template that receives an input, checks its value is greater than or equal to the constant value ct given as a parameter, and returns the same input but with the tag minvalue with value ct 
-        - Inputs: in -> field number
-        - Outputs: out -> field number 
-                          satisfies tag minvalue with value ct
-*/
-
-template MinValueCheck(ct){
-    signal input in;
-    signal output {minvalue} out;
-
-    signal res <== CompConstant(ct-1)(Num2Bits(254)(in));
-    res === 1;
-    out.minvalue = ct;
-    out <== in;
-}
-
-/*
-*** MinMaxValueCheck(ct): template that receives an input, checks its value is greater than or equal to the constant value ct1 given as a first parameter and smaller than or equal to the constant value ct2 given as a second parameter, and returns the same input but with the tag minvalue with value ct1 and the tag maxvalue with value ct2 
-        - Inputs: in -> field number
-        - Outputs: out -> field number 
-                          satisfies tag minvalue with value ct1
-                          satisfies tag maxvalue with value ct2
-*/
-
-template MinMaxValueCheck(ct1,ct2){
-    signal input in;
-    signal output {minvalue,maxvalue} out;
-    
-    signal inb[254] <== Num2Bits(254)(in);
-    signal res1 <== CompConstant(ct1-1)(inb);
-    res1 === 1;
-    out.minvalue = ct1;
-    signal res2 <== CompConstant(ct2)(inb);
-    res2 === 0;    
-    out.maxvalue = ct2;
-    out <== in;
-}

circuits/sha256/ch.circom

@@ -17,23 +17,33 @@
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
 
-/* Ch
 
-000 0
-001 1
-010 0
-011 1
-100 0
-101 0
-110 1
-111 1
+pragma circom 2.1.5;
 
-out = a&b ^ (!a)&c =>
-
-out = a*(b-c) + c
+/*
 
-*/
-pragma circom 2.0.0;
+*** Ch_t(n): template that receives three inputs of n bits and returns for each i = 0..n-1
+        out[i] = (a[i] & b[i]) or (!a[i] & c[i]) (that is, (a[i] => b[i]) & (!a[i] => c[i]))
+ 
+        - Inputs: a[n] -> array of n bits
+                          requires tag binary
+                  b[n] -> array of n bits
+                          requires tag binary
+                  c[n] -> array of n bits
+                          requires tag binary
+        - Output: out[n] -> array of n bits, it takes the value out[i] = (a[i] & b[i]) or (!a[i] & c[i])
+                            satisfies tag binary
+        
+    Example:    a b c   out
+                0 0 0    0
+                0 0 1    1
+                0 1 0    0
+                0 1 1    1
+                1 0 0    0
+                1 0 1    0
+                1 1 0    1
+                1 1 1    1
+ */
 
 template Ch_t(n) {
     signal input {binary} a[n];

circuits/sha256/constants.circom

@@ -18,6 +18,16 @@
 */
 pragma circom 2.0.0;
 
+
+/*
+
+*** H(x): template that returns the value of the constant H(x) used in the sha256 protocol represented using 32 bits
+
+        - Output: out[32] -> array of 32 bits, returns the constant H(x)
+                             satisfies tag binary
+
+ */
+
 template H(x) {
     signal output {binary} out[32];
     var c[8] = [0x6a09e667,
@@ -34,6 +44,16 @@ template H(x) {
     }
 }
 
+/*
+
+*** K(x): template that returns the value of the constant K(x) used in the sha256 protocol represented using 32 bits
+
+        - Output: out[32] -> array of 32 bits, returns the constant K(x)
+                             satisfies tag binary
+                             
+ */
+
+
 template K(x) {
     signal output {binary} out[32];
     var c[64] = [

circuits/sha256/maj.circom

@@ -17,19 +17,32 @@
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
 
-/* Maj function for sha256
+pragma circom 2.1.5;
 
-out = a&b ^ a&c ^ b&c  =>
-
-out = a*b   +  a*c  +  b*c  -  2*a*b*c  =>
-
-out = a*( b + c - 2*b*c ) + b*c =>
-
-mid = b*c
-out = a*( b + c - 2*mid ) + mid
+/*
 
-*/
-pragma circom 2.0.0;
+*** Maj_t(n): template that receives three inputs of n bits and returns for each i = 0..n out[i] = 1 in case at least two of a the values of a[i], b[i] and c[i] are 1, and 0 otherwise
+ 
+        - Inputs: a[n] -> array of n bits
+                          requires tag binary
+                  b[n] -> array of n bits
+                          requires tag binary
+                  c[n] -> array of n bits
+                          requires tag binary
+        - Output: out[n] -> array of n bits, it takes the value: 
+                                out[i] = a[i] & b[i] \/ a[i] & c[i] \/ b[i] & c[i]
+                            satisfies tag binary
+        
+    Example:    a b c   out
+                0 0 0    0
+                0 0 1    0
+                0 1 0    0
+                0 1 1    1
+                1 0 0    0
+                1 0 1    1
+                1 1 0    1
+                1 1 1    1
+ */
 
 template Maj_t(n) {
     signal input {binary} a[n];

circuits/sha256/rotate.circom

@@ -16,7 +16,21 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.0.0;
+pragma circom 2.1.5;
+
+/*
+
+*** RotR(n, r): template that receives an array of n bits and returns the array rotated r positions to the right
+ 
+        - Inputs: in[n] -> array of n bits
+                          requires tag binary
+        - Output: out[n] -> array of n bits, it takes the value: 
+                                out[i] = in[(i + r) % n]
+                            satisfies tag binary
+        
+    Example: RotR(4, 1)([1, 0, 1, 1]) = [0, 1, 1, 1]
+
+*/
 
 template RotR(n, r) {
     signal input {binary} in[n];

circuits/sha256/shift.circom

@@ -16,7 +16,22 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.0.0;
+pragma circom 2.1.5;
+
+
+/*
+
+*** ShR(n, r): template that receives an array of n bits and returns the array shifted r positions to the right
+ 
+        - Inputs: in[n] -> array of n bits
+                          requires tag binary
+        - Output: out[n] -> array of n bits, it takes the value: 
+                                out[i] = in[i + r] if i + r < n, out[i] = 0 otherwise
+                            satisfies tag binary
+        
+    Example: ShR(4, 2)([1, 0, 0, 1]) = [0, 1, 0, 0]
+
+*/
 
 template ShR(n, r) {
     signal input {binary} in[n];

circuits/sha256/sigma.circom

@@ -16,12 +16,26 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.0.0;
+pragma circom 2.1.5;
 
 include "xor3.circom";
 include "rotate.circom";
 include "shift.circom";
 
+
+/*
+
+*** SmallSigma(ra, rb, rc): template that receives an array in of 32 bits and returns an array out of 32 bits s.t. out[i] = XOR3(rot_a[i], rot_b[i], shift_c[i]) with
+     * rot_a is the array in rotated ra bits to the right (see rotate.circom)
+     * rot_b is the array in rotated rb bits to the right (see rotate.circom)
+     * shift_c is the array in shifted rc bits to the right (see shift.circom)
+        - Inputs: in[n] -> array of n bits
+                          requires tag binary
+        - Output: out[n] -> array of n bits, it takes the value described above
+                            satisfies tag binary
+
+*/
+
 template SmallSigma(ra, rb, rc) {
     signal input {binary} in[32];
     signal output {binary} out[32];
@@ -49,6 +63,20 @@ template SmallSigma(ra, rb, rc) {
     }
 }
 
+/*
+
+*** BigSigma(ra, rb, rc): template that receives an array in of 32 bits and returns an array out of 32 bits s.t. out[i] = XOR3(rot_a[i], rot_b[i], rot_c[i]) with
+     * rot_a is the array in rotated ra bits to the right (see rotate.circom)
+     * rot_b is the array in rotated rb bits to the right (see rotate.circom)
+     * rot_c is the array in rotated rc bits to the right (see rotate.circom)
+        - Inputs: in[n] -> array of n bits
+                          requires tag binary
+        - Output: out[n] -> array of n bits, it takes the value described above
+                            satisfies tag binary
+
+*/
+*/
+
 template BigSigma(ra, rb, rc) {
     signal input {binary} in[32];
     signal output {binary} out[32];

circuits/sha256/xor3.circom

@@ -17,19 +17,32 @@
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
 
-/* Xor3 function for sha256
+pragma circom 2.1.5;
 
-out = a ^ b ^ c  =>
-
-out = a+b+c - 2*a*b - 2*a*c - 2*b*c + 4*a*b*c   =>
-
-out = a*( 1 - 2*b - 2*c + 4*b*c ) + b + c - 2*b*c =>
-
-mid = b*c
-out = a*( 1 - 2*b -2*c + 4*mid ) + b + c - 2 * mid
+/*
 
-*/
-pragma circom 2.0.0;
+*** Xor3(n): template that receives three inputs of n bits and returns for each i = 0..n-1
+        out[i] = xor3(a[i], b[i], c[i]), more details in the table below
+ 
+        - Inputs: a[n] -> array of n bits
+                          requires tag binary
+                  b[n] -> array of n bits
+                          requires tag binary
+                  c[n] -> array of n bits
+                          requires tag binary
+        - Output: out[n] -> array of n bits, it takes the value out[i] = xor3(a[i], b[i], c[i])
+                            satisfies tag binary
+        
+    Example:    a b c   out
+                0 0 0    0
+                0 0 1    1
+                0 1 0    1
+                0 1 1    0
+                1 0 0    1
+                1 0 1    0
+                1 1 0    0
+                1 1 1    1
+ */
 
 template Xor3(n) {
     signal input {binary} a[n];