setup chacha circuit for NIVC folding (#63)

* chacha: add step_in as public input

* fix: makefile build

* format chacha circuit

* update package json

Author: lonerapier

Makefile

@@ -12,7 +12,7 @@ $(shell mkdir -p $(addsuffix /artifacts,$(TARGET_DIRS)))
 
 # Default target
 .PHONY: all clean
-all: buildmak
+all: build params
 
 # Build target
 .PHONY: build

builds/target_1024b/chacha20_nivc_1024.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../../circuits/chacha20/nivc/chacha20_nivc.circom";
 
-component main = ChaCha20_NIVC(256);
+component main { public [step_in] } = ChaCha20_NIVC(256);

builds/target_512b/chacha20_nivc_512b.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../../circuits/chacha20/nivc/chacha20_nivc.circom";
 
-component main = ChaCha20_NIVC(128);
+component main { public [step_in] } = ChaCha20_NIVC(128);

circuits/chacha20/nivc/chacha20_nivc.circom

@@ -24,116 +24,116 @@ include "../../utils/array.circom";
 // +---+---+---+---+
 // paramaterized by n which is the number of 32-bit words to encrypt
 template ChaCha20_NIVC(N) {
-	// key => 8 32-bit words = 32 bytes
-	signal input key[8][32];
-	// nonce => 3 32-bit words = 12 bytes
-	signal input nonce[3][32];
-	// counter => 32-bit word to apply w nonce
-	signal input counter[32];
+  // key => 8 32-bit words = 32 bytes
+  signal input key[8][32];
+  // nonce => 3 32-bit words = 12 bytes
+  signal input nonce[3][32];
+  // counter => 32-bit word to apply w nonce
+  signal input counter[32];
 
-	// the below can be both ciphertext or plaintext depending on the direction
-	// in => N 32-bit words => N 4 byte words
-	signal input plainText[N][32];
-	// out => N 32-bit words => N 4 byte words
-	signal input cipherText[N][32];
+  // the below can be both ciphertext or plaintext depending on the direction
+  // in => N 32-bit words => N 4 byte words
+  signal input plainText[N][32];
+  // out => N 32-bit words => N 4 byte words
+  signal input cipherText[N][32];
 
-	signal input step_in[1];
-	signal output step_out[1];
+  signal input step_in[1];
+  signal output step_out[1];
 
-	var tmp[16][32] = [
-		[
-			// constant 0x61707865
-			0, 1, 1, 0, 0, 0, 0, 1, 0,
-			1, 1, 1, 0, 0, 0, 0, 0, 1,
-			1, 1, 1, 0, 0, 0, 0, 1, 1,
-			0, 0, 1, 0, 1
-		],
-		[
-			// constant 0x3320646e
-			0, 0, 1, 1, 0, 0, 1, 1, 0,
-			0, 1, 0, 0, 0, 0, 0, 0, 1,
-			1, 0, 0, 1, 0, 0, 0, 1, 1,
-			0, 1, 1, 1, 0
-		],
-		[
-			// constant 0x79622d32
-			0, 1, 1, 1, 1, 0, 0, 1, 0,
-			1, 1, 0, 0, 0, 1, 0, 0, 0,
-			1, 0, 1, 1, 0, 1, 0, 0, 1,
-			1, 0, 0, 1, 0
-		],
-		[
-			// constant 0x6b206574
-			0, 1, 1, 0, 1, 0, 1, 1, 0,
-			0, 1, 0, 0, 0, 0, 0, 0, 1,
-			1, 0, 0, 1, 0, 1, 0, 1, 1,
-			1, 0, 1, 0, 0
-		],
-		key[0], key[1], key[2], key[3], 
-		key[4], key[5], key[6], key[7],
-		counter, nonce[0], nonce[1], nonce[2]
-	];
+  var tmp[16][32] = [
+    [
+      // constant 0x61707865
+      0, 1, 1, 0, 0, 0, 0, 1, 0,
+      1, 1, 1, 0, 0, 0, 0, 0, 1,
+      1, 1, 1, 0, 0, 0, 0, 1, 1,
+      0, 0, 1, 0, 1
+    ],
+    [
+      // constant 0x3320646e
+      0, 0, 1, 1, 0, 0, 1, 1, 0,
+      0, 1, 0, 0, 0, 0, 0, 0, 1,
+      1, 0, 0, 1, 0, 0, 0, 1, 1,
+      0, 1, 1, 1, 0
+    ],
+    [
+      // constant 0x79622d32
+      0, 1, 1, 1, 1, 0, 0, 1, 0,
+      1, 1, 0, 0, 0, 1, 0, 0, 0,
+      1, 0, 1, 1, 0, 1, 0, 0, 1,
+      1, 0, 0, 1, 0
+    ],
+    [
+      // constant 0x6b206574
+      0, 1, 1, 0, 1, 0, 1, 1, 0,
+      0, 1, 0, 0, 0, 0, 0, 0, 1,
+      1, 0, 0, 1, 0, 1, 0, 1, 1,
+      1, 0, 1, 0, 0
+    ],
+    key[0], key[1], key[2], key[3],
+    key[4], key[5], key[6], key[7],
+    counter, nonce[0], nonce[1], nonce[2]
+  ];
 
-	// 1 in 32-bit words
-	signal one[32];
-	one <== [
-		0, 0, 0, 0, 0, 0, 0, 0,
-		0, 0, 0, 0, 0, 0, 0, 0,
-		0, 0, 0, 0, 0, 0, 0, 0,
-		0, 0, 0, 0, 0, 0, 0, 1
-	];
+  // 1 in 32-bit words
+  signal one[32];
+  one <== [
+    0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 1
+  ];
 
-	var i = 0;
-	var j = 0;
+  var i = 0;
+  var j = 0;
 
-	// do the ChaCha20 rounds
-    // rounds opperates on 4 words at a time
-	component rounds[N/16];
-	component xors[N];
-	component counter_adder[N/16 - 1];
+  // do the ChaCha20 rounds
+  // rounds opperates on 4 words at a time
+  component rounds[N/16];
+  component xors[N];
+  component counter_adder[N/16 - 1];
 
-    signal computedCipherText[N][32];
+  signal computedCipherText[N][32];
 
-	for(i = 0; i < N/16; i++) {
-		rounds[i] = Round();
-		rounds[i].in <== tmp;
-		// XOR block with input
-		for(j = 0; j < 16; j++) {
-			xors[i*16 + j] = XorBits(32);
-			xors[i*16 + j].a <== plainText[i*16 + j];
-			xors[i*16 + j].b <== rounds[i].out[j];
-			computedCipherText[i*16 + j] <== xors[i*16 + j].out;
-		}
+  for(i = 0; i < N/16; i++) {
+    rounds[i] = Round();
+    rounds[i].in <== tmp;
+    // XOR block with input
+    for(j = 0; j < 16; j++) {
+      xors[i*16 + j] = XorBits(32);
+      xors[i*16 + j].a <== plainText[i*16 + j];
+      xors[i*16 + j].b <== rounds[i].out[j];
+      computedCipherText[i*16 + j] <== xors[i*16 + j].out;
+    }
 
-		if(i < N/16 - 1) {
-			counter_adder[i] = AddBits(32);
-			counter_adder[i].a <== tmp[12];
-			counter_adder[i].b <== one;
+    if(i < N/16 - 1) {
+      counter_adder[i] = AddBits(32);
+      counter_adder[i].a <== tmp[12];
+      counter_adder[i].b <== one;
 
-			// increment the counter
-			tmp[12] = counter_adder[i].out;
-		}
-	}
+      // increment the counter
+      tmp[12] = counter_adder[i].out;
+    }
+  }
 
-	signal ciphertext_equal_check[N][32];
-    for(var i = 0 ; i < N; i++) {
-        for(var j = 0 ; j < 32 ; j++) {
-            ciphertext_equal_check[i][j] <== IsEqual()([computedCipherText[i][j], cipherText[i][j]]);
-            ciphertext_equal_check[i][j] === 1;
-        }
+  signal ciphertext_equal_check[N][32];
+  for(var i = 0 ; i < N; i++) {
+    for(var j = 0 ; j < 32 ; j++) {
+      ciphertext_equal_check[i][j] <== IsEqual()([computedCipherText[i][j], cipherText[i][j]]);
+      ciphertext_equal_check[i][j] === 1;
     }
+  }
 
-    component toBytes[N];
-    signal bigEndianPlaintext[N*4];
-    for(var i = 0 ; i < N; i++) {
-        toBytes[i] = fromLittleEndianToWords32();
-        for(var j = 0 ; j < 32 ; j++) {
-            toBytes[i].data[j] <== plainText[i][j];
-        }
-        for(var j = 0; j < 4; j++) {
-            bigEndianPlaintext[i*4 + j] <== toBytes[i].words[j];
-        }
+  component toBytes[N];
+  signal bigEndianPlaintext[N*4];
+  for(var i = 0 ; i < N; i++) {
+    toBytes[i] = fromLittleEndianToWords32();
+    for(var j = 0 ; j < 32 ; j++) {
+      toBytes[i].data[j] <== plainText[i][j];
+    }
+    for(var j = 0; j < 4; j++) {
+      bigEndianPlaintext[i*4 + j] <== toBytes[i].words[j];
     }
-    signal data_hash <== DataHasher(N*4)(bigEndianPlaintext);
-    step_out[0] <== data_hash;
+  }
+  signal data_hash <== DataHasher(N*4)(bigEndianPlaintext);
+  step_out[0] <== data_hash;
 }

circuits/test/full/full.test.ts

@@ -41,18 +41,18 @@ const http_response_plaintext = [
     10, 32, 32, 32, 125, 13, 10, 125];
 
 const chacha20_http_response_ciphertext = [
-    2,125,219,141,140,93,49,129,95,178,135,109,48,36,194,46,239,155,160,70,208,147,37,212,17,195,149,
-    190,38,215,23,241,84,204,167,184,179,172,187,145,38,75,123,96,81,6,149,36,135,227,226,254,177,90,
-    241,159,0,230,183,163,210,88,133,176,9,122,225,83,171,157,185,85,122,4,110,52,2,90,36,189,145,63,
-    122,75,94,21,163,24,77,85,110,90,228,157,103,41,59,128,233,149,57,175,121,163,185,144,162,100,17,
-    34,9,252,162,223,59,221,106,127,104,11,121,129,154,49,66,220,65,130,171,165,43,8,21,248,12,214,33,
-    6,109,3,144,52,124,225,206,223,213,86,186,93,170,146,141,145,140,57,152,226,218,57,30,4,131,161,0,
-    248,172,49,206,181,47,231,87,72,96,139,145,117,45,77,134,249,71,87,178,239,30,244,156,70,118,180,
-    176,90,92,80,221,177,86,120,222,223,244,109,150,226,142,97,171,210,38,117,143,163,204,25,223,238,
-    209,58,59,100,1,86,241,103,152,228,37,187,79,36,136,133,171,41,184,145,146,45,192,173,219,146,133,
-    12,246,190,5,54,99,155,8,198,156,174,99,12,210,95,5,128,166,118,50,66,26,20,3,129,232,1,192,104,
-    23,152,212,94,97,138,162,90,185,108,221,211,247,184,253,15,16,24,32,240,240,3,148,89,30,54,161,
-    131,230,161,217,29,229,251,33,220,230,102,131,245,27,141,220,67,16,26
+    2, 125, 219, 141, 140, 93, 49, 129, 95, 178, 135, 109, 48, 36, 194, 46, 239, 155, 160, 70, 208, 147, 37, 212, 17, 195, 149,
+    190, 38, 215, 23, 241, 84, 204, 167, 184, 179, 172, 187, 145, 38, 75, 123, 96, 81, 6, 149, 36, 135, 227, 226, 254, 177, 90,
+    241, 159, 0, 230, 183, 163, 210, 88, 133, 176, 9, 122, 225, 83, 171, 157, 185, 85, 122, 4, 110, 52, 2, 90, 36, 189, 145, 63,
+    122, 75, 94, 21, 163, 24, 77, 85, 110, 90, 228, 157, 103, 41, 59, 128, 233, 149, 57, 175, 121, 163, 185, 144, 162, 100, 17,
+    34, 9, 252, 162, 223, 59, 221, 106, 127, 104, 11, 121, 129, 154, 49, 66, 220, 65, 130, 171, 165, 43, 8, 21, 248, 12, 214, 33,
+    6, 109, 3, 144, 52, 124, 225, 206, 223, 213, 86, 186, 93, 170, 146, 141, 145, 140, 57, 152, 226, 218, 57, 30, 4, 131, 161, 0,
+    248, 172, 49, 206, 181, 47, 231, 87, 72, 96, 139, 145, 117, 45, 77, 134, 249, 71, 87, 178, 239, 30, 244, 156, 70, 118, 180,
+    176, 90, 92, 80, 221, 177, 86, 120, 222, 223, 244, 109, 150, 226, 142, 97, 171, 210, 38, 117, 143, 163, 204, 25, 223, 238,
+    209, 58, 59, 100, 1, 86, 241, 103, 152, 228, 37, 187, 79, 36, 136, 133, 171, 41, 184, 145, 146, 45, 192, 173, 219, 146, 133,
+    12, 246, 190, 5, 54, 99, 155, 8, 198, 156, 174, 99, 12, 210, 95, 5, 128, 166, 118, 50, 66, 26, 20, 3, 129, 232, 1, 192, 104,
+    23, 152, 212, 94, 97, 138, 162, 90, 185, 108, 221, 211, 247, 184, 253, 15, 16, 24, 32, 240, 240, 3, 148, 89, 30, 54, 161,
+    131, 230, 161, 217, 29, 229, 251, 33, 220, 230, 102, 131, 245, 27, 141, 220, 67, 16, 26
 ];
 
 const aes_http_response_ciphertext = [

package.json

@@ -1,7 +1,7 @@
 {
   "name": "web-prover-circuits",
   "description": "ZK Circuits for WebProofs",
-  "version": "0.5.8",
+  "version": "0.5.9",
   "license": "Apache-2.0",
   "repository": {
     "type": "git",