From 2a78039e6116e88d886e4bc118742ddd3bd4cbcf Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Fri, 27 Mar 2020 18:18:52 +0100
Subject: [PATCH 01/27] Changed js to test.js
---
test/aliascheck.js | 73 -------------
test/babyjub.js | 112 --------------------
test/babyjub_js.js | 164 -----------------------------
test/binsub.js | 51 ---------
test/binsum.js | 37 -------
test/comparators.js | 184 --------------------------------
test/eddsa.js | 67 ------------
test/eddsa_js.js | 82 ---------------
test/eddsamimc.js | 96 -----------------
test/eddsaposeidon.js | 99 ------------------
test/escalarmul.js | 114 --------------------
test/escalarmulany.js | 46 --------
test/escalarmulfix.js | 90 ----------------
test/mimccircuit.js | 25 -----
test/mimccontract.js | 48 ---------
test/mimcspongecircuit.js | 37 -------
test/mimcspongecontract.js | 43 --------
test/montgomery.js | 91 ----------------
test/multiplexer.js | 98 -----------------
test/pedersen.js | 77 --------------
test/pedersen2.js | 49 ---------
test/point2bits.js | 23 ----
test/poseidoncircuit.js | 76 --------------
test/poseidoncontract.js | 69 ------------
test/sha256.js | 115 --------------------
test/sign.js | 79 --------------
test/smtjs.js | 181 --------------------------------
test/smtprocessor.js | 208 -------------------------------------
test/smtverifier.js | 136 ------------------------
29 files changed, 2570 deletions(-)
delete mode 100644 test/aliascheck.js
delete mode 100644 test/babyjub.js
delete mode 100644 test/babyjub_js.js
delete mode 100644 test/binsub.js
delete mode 100644 test/binsum.js
delete mode 100644 test/comparators.js
delete mode 100644 test/eddsa.js
delete mode 100644 test/eddsa_js.js
delete mode 100644 test/eddsamimc.js
delete mode 100644 test/eddsaposeidon.js
delete mode 100644 test/escalarmul.js
delete mode 100644 test/escalarmulany.js
delete mode 100644 test/escalarmulfix.js
delete mode 100644 test/mimccircuit.js
delete mode 100644 test/mimccontract.js
delete mode 100644 test/mimcspongecircuit.js
delete mode 100644 test/mimcspongecontract.js
delete mode 100644 test/montgomery.js
delete mode 100644 test/multiplexer.js
delete mode 100644 test/pedersen.js
delete mode 100644 test/pedersen2.js
delete mode 100644 test/point2bits.js
delete mode 100644 test/poseidoncircuit.js
delete mode 100644 test/poseidoncontract.js
delete mode 100644 test/sha256.js
delete mode 100644 test/sign.js
delete mode 100644 test/smtjs.js
delete mode 100644 test/smtprocessor.js
delete mode 100644 test/smtverifier.js
diff --git a/test/aliascheck.js b/test/aliascheck.js
deleted file mode 100644
index 2ec8700a..00000000
--- a/test/aliascheck.js
+++ /dev/null
@@ -1,73 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const assert = chai.assert;
-
-const bigInt = require("big-integer");
-
-const tester = require("circom").tester;
-
-function print(circuit, w, s) {
- console.log(s + ": " + w[circuit.getSignalIdx(s)]);
-}
-
-function getBits(v, n) {
- const res = [];
- for (let i=0; i<n; i++) {
- if (v.shiftRight(i).isOdd()) {
- res.push(bigInt.one);
- } else {
- res.push(bigInt.zero);
- }
- }
- return res;
-}
-
-const q = bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617");
-
-describe("Aliascheck test", function () {
- this.timeout(100000);
-
- let cir;
- before( async() => {
-
- cir = await tester(path.join(__dirname, "circuits", "aliascheck_test.circom"));
- });
-
- it("Satisfy the aliastest 0", async () => {
- const inp = getBits(bigInt.zero, 254);
- await cir.calculateWitness({in: inp}, true);
- });
-
- it("Satisfy the aliastest 3", async () => {
- const inp = getBits(bigInt(3), 254);
- await cir.calculateWitness({in: inp}, true);
- });
-
- it("Satisfy the aliastest q-1", async () => {
- const inp = getBits(q.minus(bigInt.one), 254);
- await cir.calculateWitness({in: inp}, true);
- });
-
- it("Should not satisfy an input of q", async () => {
- const inp = getBits(q, 254);
- try {
- await cir.calculateWitness({in: inp}, true);
- assert(false);
- } catch(err) {
- assert(/Constraint\sdoesn't\smatch(.*)1\s!=\s0/.test(err.message) );
- }
- });
-
- it("Should not satisfy all ones", async () => {
-
- const inp = getBits(bigInt(1).shiftLeft(254).minus(bigInt.one), 254);
- try {
- await cir.calculateWitness({in: inp}, true);
- assert(false);
- } catch(err) {
- assert(/Constraint\sdoesn't\smatch(.*)1\s!=\s0/.test(err.message) );
- }
- });
-
-});
diff --git a/test/babyjub.js b/test/babyjub.js
deleted file mode 100644
index 4a89cc83..00000000
--- a/test/babyjub.js
+++ /dev/null
@@ -1,112 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const createBlakeHash = require("blake-hash");
-const eddsa = require("../src/eddsa.js");
-
-const assert = chai.assert;
-
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-const utils = require("../src/utils.js");
-
-describe("Baby Jub test", function () {
- let circuitAdd;
- let circuitTest;
- let circuitPbk;
-
- this.timeout(100000);
-
- before( async() => {
- circuitAdd = await tester(path.join(__dirname, "circuits", "babyadd_tester.circom"));
-
- circuitTest = await tester(path.join(__dirname, "circuits", "babycheck_test.circom"));
-
- circuitPbk = await tester(path.join(__dirname, "circuits", "babypbk_test.circom"));
- });
-
- it("Should add point (0,1) and (0,1)", async () => {
-
- const input={
- x1: bigInt(0),
- y1: bigInt(1),
- x2: bigInt(0),
- y2: bigInt(1)
- };
-
- const w = await circuitAdd.calculateWitness(input, true);
-
- await circuitAdd.assertOut(w, {xout: bigInt(0), yout: bigInt(1)});
- });
-
- it("Should add 2 same numbers", async () => {
-
- const input={
- x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- y1: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- x2: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- y2: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")
- };
-
- const w = await circuitAdd.calculateWitness(input, true);
-
- await circuitAdd.assertOut(w, {
- xout: bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
- yout: bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889")
- });
-
- });
-
- it("Should add 2 different numbers", async () => {
-
- const input={
- x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- y1: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- x2: bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
- y2: bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311")
- };
-
- const w = await circuitAdd.calculateWitness(input, true);
-
- await circuitAdd.assertOut(w, {
- xout: bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937"),
- yout: bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499")
- });
-
- });
-
- it("Should check (0,1) is a valid point", async() => {
- const w = await circuitTest.calculateWitness({x: 0, y:1}, true);
-
- await circuitTest.checkConstraints(w);
- });
-
- it("Should check (1,0) is an invalid point", async() => {
- try {
- await circuitTest.calculateWitness({x: 1, y: 0}, true);
- assert(false, "Should be a valid point");
- } catch(err) {
- assert(/Constraint\sdoesn't\smatch(.*)168700\s!=\s1/.test(err.message) );
- }
- });
-
- it("Should extract the public key from the private one", async () => {
-
- const rawpvk = Buffer.from("0001020304050607080900010203040506070809000102030405060708090021", "hex");
- const pvk = eddsa.pruneBuffer(createBlakeHash("blake512").update(rawpvk).digest().slice(0,32));
- const S = utils.leBuff2int(pvk).shiftRight(3);
-
- const A = eddsa.prv2pub(rawpvk);
-
- const input = {
- in : S
- };
-
- const w = await circuitPbk.calculateWitness(input, true);
-
- await circuitPbk.assertOut(w, {Ax : A[0], Ay: A[1]});
-
- await circuitPbk.checkConstraints(w);
- });
-
-});
diff --git a/test/babyjub_js.js b/test/babyjub_js.js
deleted file mode 100644
index b65d71c6..00000000
--- a/test/babyjub_js.js
+++ /dev/null
@@ -1,164 +0,0 @@
-const chai = require("chai");
-const bigInt = require("big-integer");
-const babyjub = require("../src/babyjub.js");
-
-const assert = chai.assert;
-
-// const bigInt = require("big-integer");
-
-
-describe("Baby Jub js test", function () {
-
- this.timeout(100000);
-
- it("Should add point (0,1) and (0,1)", () => {
-
- const p1 = [
- bigInt(0),
- bigInt(1)];
- const p2 = [
- bigInt(0),
- bigInt(1)
- ];
-
- const out = babyjub.addPoint(p1, p2);
- assert(out[0].equals(0));
- assert(out[1].equals(1));
- });
-
- it("Should base be 8*generator", () => {
- let res;
- res = babyjub.addPoint(babyjub.Generator, babyjub.Generator);
- res = babyjub.addPoint(res, res);
- res = babyjub.addPoint(res, res);
-
- assert(res[0].equals(babyjub.Base8[0]));
- assert(res[1].equals(babyjub.Base8[1]));
- });
-
- it("Should add 2 same numbers", () => {
-
- const p1 = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
- const p2 = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
-
- const out = babyjub.addPoint(p1, p2);
- assert(out[0].equals(bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365")));
- assert(out[1].equals(bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889")));
- });
-
- it("Should add 2 different numbers", () => {
-
- const p1 = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
- const p2 = [
- bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
- bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311"),
- ];
-
- const out = babyjub.addPoint(p1, p2);
-
- assert(out[0].equals(bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937")));
- assert(out[1].equals(bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499")));
- });
-
- it("should mulPointEscalar 0", () => {
- const p = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
-
- const r = babyjub.mulPointEscalar(p, bigInt("3"));
- let r2 = babyjub.addPoint(p, p);
- r2 = babyjub.addPoint(r2, p);
- assert.equal(r2[0].toString(), r[0].toString());
- assert.equal(r2[1].toString(), r[1].toString());
- assert.equal(r[0].toString(), "19372461775513343691590086534037741906533799473648040012278229434133483800898");
- assert.equal(r[1].toString(), "9458658722007214007257525444427903161243386465067105737478306991484593958249");
- });
-
- it("should mulPointEscalar 1", () => {
- const p = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
-
- const r = babyjub.mulPointEscalar(p, bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499"));
- assert.equal(r[0].toString(), "17070357974431721403481313912716834497662307308519659060910483826664480189605");
- assert.equal(r[1].toString(), "4014745322800118607127020275658861516666525056516280575712425373174125159339");
- });
-
- it("should mulPointEscalar 2", () => {
- const p = [
- bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
- bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
- ];
-
- const r = babyjub.mulPointEscalar(p, bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311"));
- assert.equal(r[0].toString(), "13563888653650925984868671744672725781658357821216877865297235725727006259983");
- assert.equal(r[1].toString(), "8442587202676550862664528699803615547505326611544120184665036919364004251662");
- });
-
- it("should inCurve 1", () => {
- const p = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
- assert(babyjub.inCurve(p));
- });
-
- it("should inCurve 2", () => {
- const p = [
- bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
- bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
- ];
- assert(babyjub.inCurve(p));
- });
-
- it("should inSubgroup 1", () => {
- const p = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
- assert(babyjub.inSubgroup(p));
- });
-
- it("should inSubgroup 2", () => {
- const p = [
- bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
- bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
- ];
- assert(babyjub.inSubgroup(p));
- });
-
- it("should packPoint - unpackPoint 1", () => {
- const p = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
- const buf = babyjub.packPoint(p);
- assert.equal(buf.toString("hex"), "53b81ed5bffe9545b54016234682e7b2f699bd42a5e9eae27ff4051bc698ce85");
- const p2 = babyjub.unpackPoint(buf);
- assert.equal(p2[0].toString(), "17777552123799933955779906779655732241715742912184938656739573121738514868268");
- assert.equal(p2[1].toString(), "2626589144620713026669568689430873010625803728049924121243784502389097019475");
- });
-
- it("should packPoint - unpackPoint 2", () => {
- const p = [
- bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
- bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
- ];
- const buf = babyjub.packPoint(p);
- assert.equal(buf.toString("hex"), "e114eb17eddf794f063a68fecac515e3620e131976108555735c8b0773929709");
- const p2 = babyjub.unpackPoint(buf);
- assert.equal(p2[0].toString(), "6890855772600357754907169075114257697580319025794532037257385534741338397365");
- assert.equal(p2[1].toString(), "4338620300185947561074059802482547481416142213883829469920100239455078257889");
- });
-});
diff --git a/test/binsub.js b/test/binsub.js
deleted file mode 100644
index 972f1dbe..00000000
--- a/test/binsub.js
+++ /dev/null
@@ -1,51 +0,0 @@
-const path = require("path");
-
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-function print(circuit, w, s) {
- console.log(s + ": " + w[circuit.getSignalIdx(s)]);
-}
-
-async function checkSub(_a,_b, circuit) {
- let a=bigInt(_a);
- let b=bigInt(_b);
- if (a.lesser(bigInt.zero)) a = a.add(bigInt.one.shiftLeft(16));
- if (b.lesser(bigInt.zero)) b = b.add(bigInt.one.shiftLeft(16));
- const w = await circuit.calculateWitness({a: a, b: b}, true);
-
- let res = a.minus(b);
- if (res.lesser(bigInt.zero)) res = res.add(bigInt.one.shiftLeft(16));
- await circuit.assertOut(w, {out: bigInt(res)});
-}
-
-describe("BinSub test", function () {
-
- this.timeout(100000);
-
- let circuit;
- before( async() => {
- circuit = await tester(path.join(__dirname, "circuits", "binsub_test.circom"));
- });
-
- it("Should check variuos ege cases", async () => {
- await checkSub(0,0, circuit);
- await checkSub(1,0, circuit);
- await checkSub(-1,0, circuit);
- await checkSub(2,1, circuit);
- await checkSub(2,2, circuit);
- await checkSub(2,3, circuit);
- await checkSub(2,-1, circuit);
- await checkSub(2,-2, circuit);
- await checkSub(2,-3, circuit);
- await checkSub(-2,-3, circuit);
- await checkSub(-2,-2, circuit);
- await checkSub(-2,-1, circuit);
- await checkSub(-2,0, circuit);
- await checkSub(-2,1, circuit);
- await checkSub(-2,2, circuit);
- await checkSub(-2,3, circuit);
- });
-
-
-});
diff --git a/test/binsum.js b/test/binsum.js
deleted file mode 100644
index 54d75000..00000000
--- a/test/binsum.js
+++ /dev/null
@@ -1,37 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const tester = require("circom").tester;
-
-const bigInt = require("big-integer");
-
-const assert = chai.assert;
-
-describe("Binary sum test", function () {
-
- this.timeout(100000000);
-
- it("Should create a constant circuit", async () => {
- const circuit = await tester(path.join(__dirname, "circuits", "constants_test.circom"));
- await circuit.loadConstraints();
-
- assert.equal(circuit.nVars, 2);
- assert.equal(circuit.constraints.length, 1);
-
- const witness = await circuit.calculateWitness({ "in": bigInt("d807aa98", 16)}, true);
-
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt("d807aa98", 16)));
- });
- it("Should create a sum circuit", async () => {
- const circuit = await tester(path.join(__dirname, "circuits", "sum_test.circom"));
- await circuit.loadConstraints();
-
- assert.equal(circuit.constraints.length, 97); // 32 (in1) + 32(in2) + 32(out) + 1 (carry)
-
- const witness = await circuit.calculateWitness({ "a": "111", "b": "222" }, true);
-
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt("333")));
- });
-});
diff --git a/test/comparators.js b/test/comparators.js
deleted file mode 100644
index ea263e06..00000000
--- a/test/comparators.js
+++ /dev/null
@@ -1,184 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const tester = require("circom").tester;
-
-const bigInt = require("big-integer");
-
-const assert = chai.assert;
-
-describe("Comparators test", function () {
-
- this.timeout(100000);
-
- it("Should create a iszero circuit", async() => {
- const circuit = await tester(path.join(__dirname, "circuits", "iszero.circom"));
-
- let witness;
- witness = await circuit.calculateWitness({ "in": 111}, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": 0 }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
- });
- it("Should create a isequal circuit", async() => {
- const circuit = await tester(path.join(__dirname, "circuits", "isequal.circom"));
-
- let witness;
- witness = await circuit.calculateWitness({ "in": [111,222] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [444,444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
- });
- it("Should create a comparison lessthan", async() => {
- const circuit = await tester(path.join(__dirname, "circuits", "lessthan.circom"));
-
- let witness;
- witness = await circuit.calculateWitness({ "in": [333,444] }), true;
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in":[1,1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
- });
- it("Should create a comparison lesseqthan", async() => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "lesseqthan.circom"));
-
- let witness;
- witness = await circuit.calculateWitness({ "in": [333,444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in":[1,1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
- });
- it("Should create a comparison greaterthan", async() => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "greaterthan.circom"));
-
- let witness;
- witness = await circuit.calculateWitness({ "in": [333,444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in":[1,1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
- });
- it("Should create a comparison greatereqthan", async() => {
- const circuit = await tester(path.join(__dirname, "circuits", "greatereqthan.circom"));
-
- let witness;
- witness = await circuit.calculateWitness({ "in": [333,444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in":[1,1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
- });
-});
diff --git a/test/eddsa.js b/test/eddsa.js
deleted file mode 100644
index 7d2e02f3..00000000
--- a/test/eddsa.js
+++ /dev/null
@@ -1,67 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const tester = require("circom").tester;
-const bigInt = require("big-integer");
-
-const eddsa = require("../src/eddsa.js");
-const babyJub = require("../src/babyjub.js");
-
-const assert = chai.assert;
-
-function print(circuit, w, s) {
- console.log(s + ": " + w[circuit.getSignalIdx(s)]);
-}
-
-function buffer2bits(buff) {
- const res = [];
- for (let i=0; i<buff.length; i++) {
- for (let j=0; j<8; j++) {
- if ((buff[i]>>j)&1) {
- res.push(bigInt.one);
- } else {
- res.push(bigInt.zero);
- }
- }
- }
- return res;
-}
-
-
-describe("EdDSA test", function () {
- let circuit;
-
- this.timeout(100000);
-
- before( async () => {
- circuit = await tester(path.join(__dirname, "circuits", "eddsa_test.circom"));
- });
-
- it("Sign a single 10 bytes from 0 to 9", async () => {
- const msg = Buffer.from("00010203040506070809", "hex");
-
-// const prvKey = crypto.randomBytes(32);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
- const pPubKey = babyJub.packPoint(pubKey);
-
- const signature = eddsa.sign(prvKey, msg);
-
- const pSignature = eddsa.packSignature(signature);
- const uSignature = eddsa.unpackSignature(pSignature);
-
- assert(eddsa.verify(msg, uSignature, pubKey));
-
- const msgBits = buffer2bits(msg);
- const r8Bits = buffer2bits(pSignature.slice(0, 32));
- const sBits = buffer2bits(pSignature.slice(32, 64));
- const aBits = buffer2bits(pPubKey);
-
- const w = await circuit.calculateWitness({A: aBits, R8: r8Bits, S: sBits, msg: msgBits}, true);
-
- await circuit.checkConstraints(w);
- });
-});
diff --git a/test/eddsa_js.js b/test/eddsa_js.js
deleted file mode 100644
index 11996264..00000000
--- a/test/eddsa_js.js
+++ /dev/null
@@ -1,82 +0,0 @@
-const chai = require("chai");
-
-const eddsa = require("../src/eddsa.js");
-const babyJub = require("../src/babyjub.js");
-
-const assert = chai.assert;
-
-const bigInt = require("big-integer");
-const utils = require("../src/utils.js");
-
-describe("EdDSA js test", function () {
-
- this.timeout(100000);
-
- it("Sign (using Mimc7) a single 10 bytes from 0 to 9", () => {
- const msgBuf = Buffer.from("00010203040506070809", "hex");
- const msg = utils.leBuff2int(msgBuf);
-
- // const prvKey = crypto.randomBytes(32);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
- assert.equal(pubKey[0].toString(),
- "13277427435165878497778222415993513565335242147425444199013288855685581939618");
- assert.equal(pubKey[1].toString(),
- "13622229784656158136036771217484571176836296686641868549125388198837476602820");
-
- const pPubKey = babyJub.packPoint(pubKey);
-
- const signature = eddsa.signMiMC(prvKey, msg);
- assert.equal(signature.R8[0].toString(),
- "11384336176656855268977457483345535180380036354188103142384839473266348197733");
- assert.equal(signature.R8[1].toString(),
- "15383486972088797283337779941324724402501462225528836549661220478783371668959");
- assert.equal(signature.S.toString(),
- "2523202440825208709475937830811065542425109372212752003460238913256192595070");
-
- const pSignature = eddsa.packSignature(signature);
- assert.equal(pSignature.toString("hex"), ""+
- "dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
- "7ed40dab29bf993c928e789d007387998901a24913d44fddb64b1f21fc149405");
-
- const uSignature = eddsa.unpackSignature(pSignature);
- assert(eddsa.verifyMiMC(msg, uSignature, pubKey));
-
- });
-
- it("Sign (using Poseidon) a single 10 bytes from 0 to 9", () => {
- const msgBuf = Buffer.from("00010203040506070809", "hex");
- const msg = utils.leBuff2int(msgBuf);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
- assert.equal(pubKey[0].toString(),
- "13277427435165878497778222415993513565335242147425444199013288855685581939618");
- assert.equal(pubKey[1].toString(),
- "13622229784656158136036771217484571176836296686641868549125388198837476602820");
-
- const pPubKey = babyJub.packPoint(pubKey);
-
- const signature = eddsa.signPoseidon(prvKey, msg);
- assert.equal(signature.R8[0].toString(),
- "11384336176656855268977457483345535180380036354188103142384839473266348197733");
- assert.equal(signature.R8[1].toString(),
- "15383486972088797283337779941324724402501462225528836549661220478783371668959");
- assert.equal(signature.S.toString(),
- "248298168863866362217836334079793350221620631973732197668910946177382043688");
-
- const pSignature = eddsa.packSignature(signature);
- assert.equal(pSignature.toString("hex"), ""+
- "dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
- "28506bce274aa1b3f7e7c2fd7e4fe09bff8f9aa37a42def7994e98f322888c00");
-
- const uSignature = eddsa.unpackSignature(pSignature);
- assert(eddsa.verifyPoseidon(msg, uSignature, pubKey));
-
- });
-});
diff --git a/test/eddsamimc.js b/test/eddsamimc.js
deleted file mode 100644
index 6e14fd6c..00000000
--- a/test/eddsamimc.js
+++ /dev/null
@@ -1,96 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const tester = require("circom").tester;
-const bigInt = require("big-integer");
-
-const eddsa = require("../src/eddsa.js");
-
-const assert = chai.assert;
-
-describe("EdDSA MiMC test", function () {
- let circuit;
-
- this.timeout(100000);
-
- before( async () => {
-
- circuit = await tester(path.join(__dirname, "circuits", "eddsamimc_test.circom"));
- });
-
- it("Sign a single number", async () => {
- const msg = bigInt(1234);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
- const signature = eddsa.signMiMC(prvKey, msg);
-
- assert(eddsa.verifyMiMC(msg, signature, pubKey));
-
- const w = await circuit.calculateWitness({
- enabled: 1,
- Ax: pubKey[0],
- Ay: pubKey[1],
- R8x: signature.R8[0],
- R8y: signature.R8[1],
- S: signature.S,
- M: msg}, true);
-
-
- await circuit.checkConstraints(w);
-
- });
-
- it("Detect Invalid signature", async () => {
- const msg = bigInt(1234);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
-
- const signature = eddsa.signMiMC(prvKey, msg);
-
- assert(eddsa.verifyMiMC(msg, signature, pubKey));
- try {
- const w = await circuit.calculateWitness({
- enabled: 1,
- Ax: pubKey[0],
- Ay: pubKey[1],
- R8x: signature.R8[0].add(bigInt(1)),
- R8y: signature.R8[1],
- S: signature.S,
- M: msg}, true);
- assert(false);
- } catch(err) {
- assert(/Constraint\sdoesn't\smatch(.*)1\s!=\s0/.test(err.message) );
- }
- });
-
-
- it("Test a dissabled circuit with a bad signature", async () => {
- const msg = bigInt(1234);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
-
- const signature = eddsa.signMiMC(prvKey, msg);
-
- assert(eddsa.verifyMiMC(msg, signature, pubKey));
-
- const w = await circuit.calculateWitness({
- enabled: 0,
- Ax: pubKey[0],
- Ay: pubKey[1],
- R8x: signature.R8[0].add(bigInt(1)),
- R8y: signature.R8[1],
- S: signature.S,
- M: msg}, true);
-
- await circuit.checkConstraints(w);
-
- });
-});
diff --git a/test/eddsaposeidon.js b/test/eddsaposeidon.js
deleted file mode 100644
index 31fad9c8..00000000
--- a/test/eddsaposeidon.js
+++ /dev/null
@@ -1,99 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-const eddsa = require("../src/eddsa.js");
-
-const assert = chai.assert;
-
-describe("EdDSA Poseidon test", function () {
- let circuit;
-
- this.timeout(100000);
-
- before( async () => {
-
- circuit = await tester(path.join(__dirname, "circuits", "eddsaposeidon_test.circom"));
-
- });
-
- it("Sign a single number", async () => {
- const msg = bigInt(1234);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
- const signature = eddsa.signPoseidon(prvKey, msg);
-
- assert(eddsa.verifyPoseidon(msg, signature, pubKey));
-
- const input = {
- enabled: 1,
- Ax: pubKey[0],
- Ay: pubKey[1],
- R8x: signature.R8[0],
- R8y: signature.R8[1],
- S: signature.S,
- M: msg
- };
-
- // console.log(JSON.stringify(utils.stringifyBigInts(input)));
-
- const w = await circuit.calculateWitness(input, true);
-
- await circuit.checkConstraints(w);
- });
-
- it("Detect Invalid signature", async () => {
- const msg = bigInt(1234);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
-
- const signature = eddsa.signPoseidon(prvKey, msg);
-
- assert(eddsa.verifyPoseidon(msg, signature, pubKey));
- try {
- await circuit.calculateWitness({
- enabled: 1,
- Ax: pubKey[0],
- Ay: pubKey[1],
- R8x: signature.R8[0].add(bigInt(1)),
- R8y: signature.R8[1],
- S: signature.S,
- M: msg}, true);
- assert(false);
- } catch(err) {
- assert(/Constraint\sdoesn't\smatch(.*)1\s!=\s0/.test(err.message) );
- }
- });
-
-
- it("Test a dissabled circuit with a bad signature", async () => {
- const msg = bigInt(1234);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
-
- const signature = eddsa.signPoseidon(prvKey, msg);
-
- assert(eddsa.verifyPoseidon(msg, signature, pubKey));
-
- const w = await circuit.calculateWitness({
- enabled: 0,
- Ax: pubKey[0],
- Ay: pubKey[1],
- R8x: signature.R8[0].add(bigInt(1)),
- R8y: signature.R8[1],
- S: signature.S,
- M: msg}, true);
-
- await circuit.checkConstraints(w);
- });
-});
diff --git a/test/escalarmul.js b/test/escalarmul.js
deleted file mode 100644
index ec605976..00000000
--- a/test/escalarmul.js
+++ /dev/null
@@ -1,114 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-const babyJub = require("../src/babyjub.js");
-
-const assert = chai.assert;
-
-function print(circuit, w, s) {
- console.log(s + ": " + w[circuit.getSignalIdx(s)]);
-}
-
-describe("Exponentioation test", function () {
-
- this.timeout(100000);
-
- it("Should generate the Exponentiation table in k=0", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "escalarmulw4table_test.circom"));
-
- const w = await circuit.calculateWitness({in: 1});
-
- await circuit.checkConstraints(w);
-
- let g = [
- bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
- bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
- ];
-
- let dbl= [bigInt("0"), bigInt("1")];
-
- const expectedOut = [];
-
- for (let i=0; i<16; i++) {
-
- expectedOut.push(dbl);
- dbl = babyJub.addPoint(dbl,g);
- }
-
- await circuit.assertOut(w, {out: expectedOut});
-
- });
-
- it("Should generate the Exponentiation table in k=3", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "escalarmulw4table_test3.circom"));
-
- const w = await circuit.calculateWitness({in: 1});
-
- await circuit.checkConstraints(w);
-
- let g = [
- bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
- bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
- ];
-
- for (let i=0; i<12;i++) {
- g = babyJub.addPoint(g,g);
- }
-
- let dbl= [bigInt("0"), bigInt("1")];
-
- const expectedOut = [];
-
- for (let i=0; i<16; i++) {
- expectedOut.push(dbl);
-
- dbl = babyJub.addPoint(dbl,g);
- }
-
- await circuit.assertOut(w, {out: expectedOut});
-
- });
-
- it("Should exponentiate g^31", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "escalarmul_test.circom"));
-
- const w = await circuit.calculateWitness({"in": 31});
-
- await circuit.checkConstraints(w);
-
- let g = [
- bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
- bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
- ];
-
- let c = [bigInt(0), bigInt(1)];
-
- for (let i=0; i<31;i++) {
- c = babyJub.addPoint(c,g);
- }
-
- await circuit.assertOut(w, {out: c});
-
- const w2 = await circuit.calculateWitness({"in": bigInt(1).shiftLeft(252).add(bigInt.one)});
-
- c = [g[0], g[1]];
- for (let i=0; i<252;i++) {
- c = babyJub.addPoint(c,c);
- }
- c = babyJub.addPoint(c,g);
-
- await circuit.assertOut(w2, {out: c});
-
- }).timeout(10000000);
-
- it("Number of constrains for 256 bits", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "escalarmul_test_min.circom"));
-
- }).timeout(10000000);
-
-});
diff --git a/test/escalarmulany.js b/test/escalarmulany.js
deleted file mode 100644
index 3a831d09..00000000
--- a/test/escalarmulany.js
+++ /dev/null
@@ -1,46 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-function print(circuit, w, s) {
- console.log(s + ": " + w[circuit.getSignalIdx(s)]);
-}
-
-describe("Escalarmul test", function () {
- let circuitEMulAny;
-
- this.timeout(100000);
-
- let g = [
- bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
- bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
- ];
-
- before( async() => {
- circuitEMulAny = await tester(path.join(__dirname, "circuits", "escalarmulany_test.circom"));
- });
-
- it("Should generate Same escalar mul", async () => {
-
- const w = await circuitEMulAny.calculateWitness({"e": 1, "p": g});
-
- await circuitEMulAny.checkConstraints(w);
-
- await circuitEMulAny.assertOut(w, {out: g}, true);
-
- });
-
- it("If multiply by order should return 0", async () => {
-
- const r = bigInt("2736030358979909402780800718157159386076813972158567259200215660948447373041");
- const w = await circuitEMulAny.calculateWitness({"e": r, "p": g});
-
- await circuitEMulAny.checkConstraints(w);
-
- await circuitEMulAny.assertOut(w, {out: [0,1]}, true);
-
- });
-
-});
-
diff --git a/test/escalarmulfix.js b/test/escalarmulfix.js
deleted file mode 100644
index 2486695f..00000000
--- a/test/escalarmulfix.js
+++ /dev/null
@@ -1,90 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-const babyjub = require("../src/babyjub");
-
-const assert = chai.assert;
-
-function print(circuit, w, s) {
- console.log(s + ": " + w[circuit.getSignalIdx(s)]);
-}
-
-describe("Escalarmul test", function () {
- let circuit;
-
- this.timeout(100000);
-
- before( async() => {
- circuit = await tester(path.join(__dirname, "circuits", "escalarmulfix_test.circom"));
- });
-
- it("Should generate Same escalar mul", async () => {
-
- const w = await circuit.calculateWitness({"e": 0});
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {out: [0,1]}, true);
-
- });
-
- it("Should generate Same escalar mul", async () => {
-
- const w = await circuit.calculateWitness({"e": 1}, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {out: babyjub.Base8});
-
- });
-
- it("Should generate scalar mul of a specific constant", async () => {
-
- const s = bigInt("2351960337287830298912035165133676222414898052661454064215017316447594616519");
- const base8 = [
- bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
- bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
- ];
-
- const w = await circuit.calculateWitness({"e": s}, true);
-
- await circuit.checkConstraints(w);
-
- const expectedRes = babyjub.mulPointEscalar(base8, s);
-
- await circuit.assertOut(w, {out: expectedRes});
-
- });
-
- it("Should generate scalar mul of the firsts 50 elements", async () => {
-
- const base8 = [
- bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
- bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
- ];
-
- for (let i=0; i<50; i++) {
- const s = bigInt(i);
-
- const w = await circuit.calculateWitness({"e": s}, true);
-
- await circuit.checkConstraints(w);
-
- const expectedRes = babyjub.mulPointEscalar(base8, s);
-
- await circuit.assertOut(w, {out: expectedRes});
- }
- });
-
- it("If multiply by order should return 0", async () => {
-
- const w = await circuit.calculateWitness({"e": babyjub.subOrder }, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {out: [0,1]});
- });
-
-});
-
diff --git a/test/mimccircuit.js b/test/mimccircuit.js
deleted file mode 100644
index 5601811b..00000000
--- a/test/mimccircuit.js
+++ /dev/null
@@ -1,25 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const tester = require("circom").tester;
-
-const mimcjs = require("../src/mimc7.js");
-
-describe("MiMC Circuit test", function () {
- let circuit;
-
- this.timeout(100000);
-
- before( async () => {
- circuit = await tester(path.join(__dirname, "circuits", "mimc_test.circom"));
- });
-
- it("Should check constrain", async () => {
- const w = await circuit.calculateWitness({x_in: 1, k: 2}, true);
-
- const res2 = mimcjs.hash(1,2,91);
-
- await circuit.assertOut(w, {out: res2});
-
- await circuit.checkConstraints(w);
- });
-});
diff --git a/test/mimccontract.js b/test/mimccontract.js
deleted file mode 100644
index 9c135d5b..00000000
--- a/test/mimccontract.js
+++ /dev/null
@@ -1,48 +0,0 @@
-const ganache = require("ganache-cli");
-const Web3 = require("web3");
-const chai = require("chai");
-const mimcGenContract = require("../src/mimc_gencontract.js");
-const mimcjs = require("../src/mimc7.js");
-
-
-const assert = chai.assert;
-const log = (msg) => { if (process.env.MOCHA_VERBOSE) console.log(msg); };
-
-const SEED = "mimc";
-
-describe("MiMC Smart contract test", function () {
- let testrpc;
- let web3;
- let mimc;
- let accounts;
-
- this.timeout(100000);
-
- before(async () => {
- web3 = new Web3(ganache.provider(), null, { transactionConfirmationBlocks: 1 });
- accounts = await web3.eth.getAccounts();
- });
-
- it("Should deploy the contract", async () => {
- const C = new web3.eth.Contract(mimcGenContract.abi);
-
- mimc = await C.deploy({
- data: mimcGenContract.createCode(SEED, 91),
- arguments: []
- }).send({
- gas: 1500000,
- gasPrice: '30000000000000',
- from: accounts[0]
- }).on("error", (error) => {
- console.log("ERROR: "+error);
- });
- });
-
- it("Shold calculate the mimic correctly", async () => {
- const res = await mimc.methods.MiMCpe7(1,2).call();
- const res2 = await mimcjs.hash(1,2,91);
-
- assert.equal(res.toString(), res2.toString());
- });
-});
-
diff --git a/test/mimcspongecircuit.js b/test/mimcspongecircuit.js
deleted file mode 100644
index 32055340..00000000
--- a/test/mimcspongecircuit.js
+++ /dev/null
@@ -1,37 +0,0 @@
-const path = require("path");
-const tester = require("circom").tester;
-
-const mimcjs = require("../src/mimcsponge.js");
-
-
-describe("MiMC Sponge Circuit test", function () {
- let circuit;
-
- this.timeout(100000);
-
- it("Should check permutation", async () => {
-
- circuit = await tester(path.join(__dirname, "circuits", "mimc_sponge_test.circom"));
-
- const w = await circuit.calculateWitness({xL_in: 1, xR_in: 2, k: 3});
-
- const out2 = mimcjs.hash(1,2,3);
-
- await circuit.assertOut(w, {xL_out: out2.xL, xR_out: out2.xR});
-
- await circuit.checkConstraints(w);
-
- });
-
- it("Should check hash", async () => {
- circuit = await tester(path.join(__dirname, "circuits", "mimc_sponge_hash_test.circom"));
-
- const w = await circuit.calculateWitness({ins: [1, 2], k: 0});
-
- const out2 = mimcjs.multiHash([1,2], 0, 3);
-
- await circuit.assertOut(w, {outs: out2});
-
- await circuit.checkConstraints(w);
- });
-});
diff --git a/test/mimcspongecontract.js b/test/mimcspongecontract.js
deleted file mode 100644
index a2e7394c..00000000
--- a/test/mimcspongecontract.js
+++ /dev/null
@@ -1,43 +0,0 @@
-const ganache = require("ganache-cli");
-const Web3 = require("web3");
-const chai = require("chai");
-const mimcGenContract = require("../src/mimcsponge_gencontract.js");
-const mimcjs = require("../src/mimcsponge.js");
-
-
-const assert = chai.assert;
-const log = (msg) => { if (process.env.MOCHA_VERBOSE) console.log(msg); };
-
-const SEED = "mimcsponge";
-
-describe("MiMC Sponge Smart contract test", () => {
- let testrpc;
- let web3;
- let mimc;
- let accounts;
-
- before(async () => {
- web3 = new Web3(ganache.provider(), null, { transactionConfirmationBlocks: 1 });
- accounts = await web3.eth.getAccounts();
- });
-
- it("Should deploy the contract", async () => {
- const C = new web3.eth.Contract(mimcGenContract.abi);
-
- mimc = await C.deploy({
- data: mimcGenContract.createCode(SEED, 220)
- }).send({
- gas: 3500000,
- from: accounts[0]
- });
- });
-
- it("Shold calculate the mimc correctly", async () => {
- const res = await mimc.methods.MiMCSponge(1,2,3).call();
- const res2 = await mimcjs.hash(1,2,3);
-
- assert.equal(res.xL.toString(), res2.xL.toString());
- assert.equal(res.xR.toString(), res2.xR.toString());
- });
-});
-
diff --git a/test/montgomery.js b/test/montgomery.js
deleted file mode 100644
index d53fa5a3..00000000
--- a/test/montgomery.js
+++ /dev/null
@@ -1,91 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-const babyJub = require("../src/babyjub.js");
-
-const assert = chai.assert;
-
-describe("Montgomery test", function () {
- let circuitE2M;
- let circuitM2E;
- let circuitMAdd;
- let circuitMDouble;
-
- let g = [
- bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
- bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
- ];
-
- let mg, mg2, g2, g3, mg3;
-
- this.timeout(100000);
- before( async() => {
- circuitE2M = await tester(path.join(__dirname, "circuits", "edwards2montgomery.circom"));
- await circuitE2M.loadSymbols();
- circuitM2E = await tester(path.join(__dirname, "circuits", "montgomery2edwards.circom"));
- await circuitM2E.loadSymbols();
- circuitMAdd = await tester(path.join(__dirname, "circuits", "montgomeryadd.circom"));
- await circuitMAdd.loadSymbols();
- circuitMDouble = await tester(path.join(__dirname, "circuits", "montgomerydouble.circom"));
- await circuitMDouble.loadSymbols();
- });
- it("Convert Edwards to Montgomery and back again", async () => {
- let w, xout, yout;
-
- w = await circuitE2M.calculateWitness({ in: g}, true);
-
- xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
- yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
-
- mg = [xout, yout];
-
- w = await circuitM2E.calculateWitness({ in: [xout, yout]}, true);
-
- xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
- yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
-
- assert(xout.equals(g[0]));
- assert(yout.equals(g[1]));
- });
- it("Should double a point", async () => {
- let w, xout, yout;
-
- g2 = babyJub.addPoint(g,g);
-
- w = await circuitMDouble.calculateWitness({ in: mg}, true);
-
- xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
- yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
-
- mg2 = [xout, yout];
-
- w = await circuitM2E.calculateWitness({ in: mg2}, true);
-
- xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
- yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
-
- assert(xout.equals(g2[0]));
- assert(yout.equals(g2[1]));
- });
- it("Should add a point", async () => {
- let w, xout, yout;
-
- g3 = babyJub.addPoint(g,g2);
-
- w = await circuitMAdd.calculateWitness({ in1: mg, in2: mg2}, true);
-
- xout = w[circuitMAdd.symbols["main.out[0]"].varIdx];
- yout = w[circuitMAdd.symbols["main.out[1]"].varIdx];
-
- mg3 = [xout, yout];
-
- w = await circuitM2E.calculateWitness({ in: mg3}, true);
-
- xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
- yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
-
- assert(xout.equals(g3[0]));
- assert(yout.equals(g3[1]));
- });
-});
diff --git a/test/multiplexer.js b/test/multiplexer.js
deleted file mode 100644
index 01a83380..00000000
--- a/test/multiplexer.js
+++ /dev/null
@@ -1,98 +0,0 @@
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-describe("Mux4 test", function() {
- this.timeout(100000);
- it("Should create a constant multiplexer 4", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "mux4_1.circom"));
-
- const ct16 = [
- bigInt("123"),
- bigInt("456"),
- bigInt("789"),
- bigInt("012"),
- bigInt("111"),
- bigInt("222"),
- bigInt("333"),
- bigInt("4546"),
- bigInt("134523"),
- bigInt("44356"),
- bigInt("15623"),
- bigInt("4566"),
- bigInt("1223"),
- bigInt("4546"),
- bigInt("4256"),
- bigInt("4456")
- ];
-
- for (let i=0; i<16; i++) {
- const w = await circuit.calculateWitness({ "selector": i }, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {out: ct16[i]});
- }
- });
-
- it("Should create a constant multiplexer 3", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "mux3_1.circom"));
-
- const ct8 = [
- bigInt("37"),
- bigInt("47"),
- bigInt("53"),
- bigInt("71"),
- bigInt("89"),
- bigInt("107"),
- bigInt("163"),
- bigInt("191")
- ];
-
- for (let i=0; i<8; i++) {
- const w = await circuit.calculateWitness({ "selector": i }, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {out: ct8[i]});
- }
- });
- it("Should create a constant multiplexer 2", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "mux2_1.circom"));
-
- const ct4 = [
- bigInt("37"),
- bigInt("47"),
- bigInt("53"),
- bigInt("71"),
- ];
-
- for (let i=0; i<4; i++) {
- const w = await circuit.calculateWitness({ "selector": i }, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {out: ct4[i]});
- }
- });
- it("Should create a constant multiplexer 1", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "mux1_1.circom"));
-
- const ct2 = [
- bigInt("37"),
- bigInt("47"),
- ];
-
- for (let i=0; i<2; i++) {
- const w = await circuit.calculateWitness({ "selector": i }, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {out: ct2[i]});
- }
- });
-});
diff --git a/test/pedersen.js b/test/pedersen.js
deleted file mode 100644
index 5de92769..00000000
--- a/test/pedersen.js
+++ /dev/null
@@ -1,77 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-const babyJub = require("../src/babyjub.js");
-
-const PBASE =
- [
- [bigInt("10457101036533406547632367118273992217979173478358440826365724437999023779287"),bigInt("19824078218392094440610104313265183977899662750282163392862422243483260492317")],
- [bigInt("2671756056509184035029146175565761955751135805354291559563293617232983272177"),bigInt("2663205510731142763556352975002641716101654201788071096152948830924149045094")],
- [bigInt("5802099305472655231388284418920769829666717045250560929368476121199858275951"),bigInt("5980429700218124965372158798884772646841287887664001482443826541541529227896")],
- [bigInt("7107336197374528537877327281242680114152313102022415488494307685842428166594"),bigInt("2857869773864086953506483169737724679646433914307247183624878062391496185654")],
- [bigInt("20265828622013100949498132415626198973119240347465898028410217039057588424236"),bigInt("1160461593266035632937973507065134938065359936056410650153315956301179689506")]
- ];
-
-describe("Double Pedersen test", function() {
- let circuit;
- this.timeout(100000);
- before( async() => {
-
- circuit = await tester(path.join(__dirname, "circuits", "pedersen_test.circom"));
-
- });
- it("Should pedersen at zero", async () => {
-
- let w;
-
- w = await circuit.calculateWitness({ in: ["0", "0"]}, true);
-
- await circuit.assertOut(w, {out: [0,1]});
-
- });
- it("Should pedersen at one first generator", async () => {
- let w;
-
- w = await circuit.calculateWitness({ in: ["1", "0"]}, true);
-
- await circuit.assertOut(w, {out: PBASE[0]});
-
- });
- it("Should pedersen at one second generator", async () => {
- let w;
-
- w = await circuit.calculateWitness({ in: ["0", "1"]}, true);
-
- await circuit.assertOut(w, {out: PBASE[1]});
-
- });
- it("Should pedersen at mixed generators", async () => {
- let w;
- w = await circuit.calculateWitness({ in: ["3", "7"]}, true);
-
- const r = babyJub.addPoint(
- babyJub.mulPointEscalar(PBASE[0], 3),
- babyJub.mulPointEscalar(PBASE[1], 7)
- );
-
- await circuit.assertOut(w, {out: r});
-
- });
- it("Should pedersen all ones", async () => {
- let w;
-
- const allOnes = bigInt("1").shiftLeft(250).minus(bigInt("1"));
- w = await circuit.calculateWitness({ in: [allOnes, allOnes]}, true);
-
-
- const r2 = babyJub.addPoint(
- babyJub.mulPointEscalar(PBASE[0], allOnes),
- babyJub.mulPointEscalar(PBASE[1], allOnes)
- );
-
- await circuit.assertOut(w, {out: r2});
- });
-});
diff --git a/test/pedersen2.js b/test/pedersen2.js
deleted file mode 100644
index 9a9712d8..00000000
--- a/test/pedersen2.js
+++ /dev/null
@@ -1,49 +0,0 @@
-const path = require("path");
-
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-const babyJub = require("../src/babyjub.js");
-const pedersen = require("../src/pedersenHash.js");
-
-
-describe("Pedersen test", function() {
- let circuit;
- this.timeout(100000);
- before( async() => {
-
- circuit = await tester(path.join(__dirname, "circuits", "pedersen2_test.circom"));
- });
- it("Should pedersen at zero", async () => {
-
- let w;
-
- w = await circuit.calculateWitness({ in: 0}, true);
-
- const b = Buffer.alloc(32);
-
- const h = pedersen.hash(b);
- const hP = babyJub.unpackPoint(h);
-
- await circuit.assertOut(w, {out: hP});
-
- });
- it("Should pedersen with 253 ones", async () => {
-
- let w;
-
- const n = bigInt.one.shiftLeft(253).minus(bigInt.one);
-
- w = await circuit.calculateWitness({ in: n}, true);
-
- const b = Buffer.alloc(32);
- for (let i=0; i<31; i++) b[i] = 0xFF;
- b[31] = 0x1F;
-
- const h = pedersen.hash(b);
- const hP = babyJub.unpackPoint(h);
-
- await circuit.assertOut(w, {out: hP});
-
- });
-});
diff --git a/test/point2bits.js b/test/point2bits.js
deleted file mode 100644
index f0697a18..00000000
--- a/test/point2bits.js
+++ /dev/null
@@ -1,23 +0,0 @@
-const path = require("path");
-const tester = require("circom").tester;
-
-const babyJub = require("../src/babyjub.js");
-
-
-describe("Point 2 bits test", function() {
- let circuit;
- this.timeout(100000);
- before( async() => {
- circuit = await tester(path.join(__dirname, "circuits", "pointbits_loopback.circom"));
- });
- it("Should do the both convertions for 8Base", async () => {
- const w = await circuit.calculateWitness({ in: babyJub.Base8}, true);
-
- await circuit.checkConstraints(w);
- });
- it("Should do the both convertions for Zero point", async () => {
- const w = await circuit.calculateWitness({ in: [0, 1]}, true);
-
- await circuit.checkConstraints(w);
- });
-});
diff --git a/test/poseidoncircuit.js b/test/poseidoncircuit.js
deleted file mode 100644
index d5e2a9f0..00000000
--- a/test/poseidoncircuit.js
+++ /dev/null
@@ -1,76 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-var blake2b = require("blake2b");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-const poseidon = require("../src/poseidon.js");
-
-const assert = chai.assert;
-
-describe("Blake2b version test", function() {
- it("Should give the expected output for blake2b version", async () => {
- var output = new Uint8Array(32);
- var input = Buffer.from("poseidon_constants");
- const h = blake2b(output.length).update(input).digest("hex");
- assert.equal("e57ba154fb2c47811dc1a2369b27e25a44915b4e4ece4eb8ec74850cb78e01b1", h);
- });
-});
-
-describe("Poseidon Circuit test", function () {
- let circuit6;
- let circuit3;
-
- this.timeout(100000);
-
- before( async () => {
- circuit6 = await tester(path.join(__dirname, "circuits", "poseidon6_test.circom"));
- circuit3 = await tester(path.join(__dirname, "circuits", "poseidon3_test.circom"));
- });
-
- it("Should check constrain of hash([1, 2]) t=6", async () => {
- const w = await circuit6.calculateWitness({inputs: [1, 2]}, true);
-
- const hash = poseidon.createHash(6, 8, 57);
-
- const res2 = hash([1,2]);
- assert.equal("12242166908188651009877250812424843524687801523336557272219921456462821518061", res2.toString());
- await circuit6.assertOut(w, {out : res2});
- await circuit6.checkConstraints(w);
- });
-
- it("Should check constrain of hash([3, 4]) t=6", async () => {
- const w = await circuit6.calculateWitness({inputs: [3, 4]});
-
- const hash = poseidon.createHash(6, 8, 57);
-
- const res2 = hash([3, 4]);
-
- assert.equal("17185195740979599334254027721507328033796809509313949281114643312710535000993", res2.toString());
- await circuit6.assertOut(w, {out : res2});
- await circuit6.checkConstraints(w);
- });
-
-
- it("Should check constrain of hash([1, 2]) t=3", async () => {
- const w = await circuit3.calculateWitness({inputs: [1, 2]});
-
- const hash = poseidon.createHash(3, 8, 57);
-
- const res2 = hash([1,2]);
- assert.equal("2104035019328376391822106787753454168168617545136592089411833517434990977743", res2.toString());
- await circuit3.assertOut(w, {out : res2});
- await circuit3.checkConstraints(w);
- });
-
- it("Should check constrain of hash([3, 4]) t=3", async () => {
- const w = await circuit3.calculateWitness({inputs: [3, 4]});
-
- const hash = poseidon.createHash(3, 8, 57);
-
- const res2 = hash([3, 4]);
- assert.equal("12456141564250880945411182508630957604732712316993112736876413121277158512223", res2.toString());
- await circuit3.assertOut(w, {out : res2});
- await circuit3.checkConstraints(w);
- });
-});
diff --git a/test/poseidoncontract.js b/test/poseidoncontract.js
deleted file mode 100644
index caad1cad..00000000
--- a/test/poseidoncontract.js
+++ /dev/null
@@ -1,69 +0,0 @@
-const ganache = require("ganache-cli");
-const Web3 = require("web3");
-const chai = require("chai");
-const poseidonGenContract = require("../src/poseidon_gencontract.js");
-const Poseidon = require("../src/poseidon.js");
-const bigInt = require("snarkjs").bigInt;
-
-const assert = chai.assert;
-const log = (msg) => { if (process.env.MOCHA_VERBOSE) console.log(msg); };
-
-describe("Poseidon Smart contract test", function () {
- let testrpc;
- let web3;
- let poseidon6;
- let poseidon3;
- let accounts;
- this.timeout(100000);
-
- before(async () => {
- web3 = new Web3(ganache.provider(), null, { transactionConfirmationBlocks: 1 });
- accounts = await web3.eth.getAccounts();
- });
-
- it("Should deploy the contract", async () => {
- const C = new web3.eth.Contract(poseidonGenContract.abi);
-
- poseidon6 = await C.deploy({
- data: poseidonGenContract.createCode(6)
- }).send({
- gas: 2500000,
- from: accounts[0]
- });
- poseidon3 = await C.deploy({
- data: poseidonGenContract.createCode(3)
- }).send({
- gas: 2500000,
- from: accounts[0]
- });
- });
-
- it("Shold calculate the poseidon correctly t=6", async () => {
-
- const res = await poseidon6.methods.poseidon([1,2]).call();
-
- // console.log("Cir: " + bigInt(res.toString(16)).toString(16));
-
- const hash = Poseidon.createHash(6, 8, 57);
-
- const res2 = hash([1,2]);
- // console.log("Ref: " + bigInt(res2).toString(16));
-
- assert.equal(res.toString(), res2.toString());
- });
- it("Shold calculate the poseidon correctly t=3", async () => {
-
- const res = await poseidon3.methods.poseidon([1,2]).call();
-
- // console.log("Cir: " + bigInt(res.toString(16)).toString(16));
-
- const hash = Poseidon.createHash(3, 8, 57);
-
- const res2 = hash([1,2]);
- // console.log("Ref: " + bigInt(res2).toString(16));
-
- assert.equal(res.toString(), res2.toString());
- });
-
-});
-
diff --git a/test/sha256.js b/test/sha256.js
deleted file mode 100644
index e7344903..00000000
--- a/test/sha256.js
+++ /dev/null
@@ -1,115 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const snarkjs = require("snarkjs");
-const crypto = require("crypto");
-
-const assert = chai.assert;
-
-const sha256 = require("./helpers/sha256");
-
-const tester = require("circom").tester;
-
-// const printSignal = require("./helpers/printsignal");
-
-
-function buffer2bitArray(b) {
- const res = [];
- for (let i=0; i<b.length; i++) {
- for (let j=0; j<8; j++) {
- res.push((b[i] >> (7-j) &1));
- }
- }
- return res;
-}
-
-function bitArray2buffer(a) {
- const len = Math.floor((a.length -1 )/8)+1;
- const b = new Buffer.alloc(len);
-
- for (let i=0; i<a.length; i++) {
- const p = Math.floor(i/8);
- b[p] = b[p] | (Number(a[i]) << ( 7 - (i%8) ));
- }
- return b;
-}
-
-
-describe("SHA256 test", function () {
- this.timeout(100000);
-
-
- it("Should work bits to array and array to bits", async () => {
- const b = new Buffer.alloc(64);
- for (let i=0; i<64; i++) {
- b[i] = i+1;
- }
- const a = buffer2bitArray(b);
- const b2 = bitArray2buffer(a);
-
- assert.equal(b.toString("hex"), b2.toString("hex"), true);
- });
-
- it("Should calculate a hash of 1 compressor", async () => {
- const cir = await tester(path.join(__dirname, "circuits", "sha256_2_test.circom"));
-
- const witness = await cir.calculateWitness({ "a": "1", "b": "2" }, true);
-
- const b = new Buffer.alloc(54);
- b[26] = 1;
- b[53] = 2;
-
- const hash = crypto.createHash("sha256")
- .update(b)
- .digest("hex");
- const r = "0x" + hash.slice(10);
-
- const hash2 = sha256.hash(b.toString("hex"), {msgFormat: "hex-bytes"});
-
- assert.equal(hash, hash2);
-
- assert(witness[1].equals(snarkjs.bigInt(r)));
- }).timeout(1000000);
-
- it("Should calculate a hash of 2 compressor", async () => {
- const cir = await tester(path.join(__dirname, "circuits", "sha256_test512.circom"));
-
- const b = new Buffer.alloc(64);
- for (let i=0; i<64; i++) {
- b[i] = i+1;
- }
-
- const hash = crypto.createHash("sha256")
- .update(b)
- .digest("hex");
-
- const arrIn = buffer2bitArray(b);
- const witness = await cir.calculateWitness({ "in": arrIn }, true);
-
- const arrOut = witness.slice(1, 257);
- const hash2 = bitArray2buffer(arrOut).toString("hex");
-
- assert.equal(hash, hash2);
-
- }).timeout(1000000);
- it ("Should calculate a hash of 2 compressor", async () => {
- const cir = await tester(path.join(__dirname, "circuits", "sha256_test448.circom"));
-
- const testStr = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-
- const b = Buffer.from(testStr, "utf8");
-
- const hash = crypto.createHash("sha256")
- .update(b)
- .digest("hex");
-
- const arrIn = buffer2bitArray(b);
-
- const witness = await cir.calculateWitness({ "in": arrIn }, true);
-
- const arrOut = witness.slice(1, 257);
- const hash2 = bitArray2buffer(arrOut).toString("hex");
-
- assert.equal(hash, hash2);
- });
-
-});
diff --git a/test/sign.js b/test/sign.js
deleted file mode 100644
index b3e9452b..00000000
--- a/test/sign.js
+++ /dev/null
@@ -1,79 +0,0 @@
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-function print(circuit, w, s) {
- console.log(s + ": " + w[circuit.getSignalIdx(s)]);
-}
-
-function getBits(v, n) {
- const res = [];
- for (let i=0; i<n; i++) {
- if (v.shiftRight(i).isOdd()) {
- res.push(bigInt.one);
- } else {
- res.push(bigInt.zero);
- }
- }
- return res;
-}
-
-const q = bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617");
-
-describe("Sign test", function() {
- let circuit;
- this.timeout(100000);
-
- before( async() => {
- circuit = await tester(path.join(__dirname, "circuits", "sign_test.circom"));
- });
-
- it("Sign of 0", async () => {
- const inp = getBits(bigInt.zero, 254);
- const w = await circuit.calculateWitness({in: inp}, true);
-
- await circuit.assertOut(w, {sign: 0});
- });
-
- it("Sign of 3", async () => {
- const inp = getBits(bigInt(3), 254);
- const w = await circuit.calculateWitness({in: inp}, true);
-
- await circuit.assertOut(w, {sign: 0});
- });
-
- it("Sign of q/2", async () => {
- const inp = getBits(q.shiftRight(bigInt.one), 254);
- const w = await circuit.calculateWitness({in: inp}, true);
-
- await circuit.assertOut(w, {sign: 0});
- });
-
- it("Sign of q/2+1", async () => {
- const inp = getBits(q.shiftRight(bigInt.one).add(bigInt.one), 254);
- const w = await circuit.calculateWitness({in: inp}, true);
-
- await circuit.assertOut(w, {sign: 1});
- });
-
- it("Sign of q-1", async () => {
- const inp = getBits(q.minus(bigInt.one), 254);
- const w = await circuit.calculateWitness({in: inp}, true);
-
- await circuit.assertOut(w, {sign: 1});
- });
-
- it("Sign of q", async () => {
- const inp = getBits(q, 254);
- const w = await circuit.calculateWitness({in: inp}, true);
-
- await circuit.assertOut(w, {sign: 1});
- });
-
- it("Sign of all ones", async () => {
- const inp = getBits(bigInt(1).shiftLeft(254).minus(bigInt(1)), 254);
- const w = await circuit.calculateWitness({in: inp}, true);
-
- await circuit.assertOut(w, {sign: 1});
- });
-});
diff --git a/test/smtjs.js b/test/smtjs.js
deleted file mode 100644
index 732a3986..00000000
--- a/test/smtjs.js
+++ /dev/null
@@ -1,181 +0,0 @@
-const chai = require("chai");
-
-const bigInt = require("big-integer");
-
-const smt = require("../src/smt.js");
-
-const assert = chai.assert;
-
-
-function stringifyBigInts(o) {
- if ((typeof(o) == "bigint") || (o instanceof bigInt)) {
- return o.toString(10);
- } else if (Array.isArray(o)) {
- return o.map(stringifyBigInts);
- } else if (typeof o == "object") {
- const res = {};
- for (let k in o) {
- res[k] = stringifyBigInts(o[k]);
- }
- return res;
- } else {
- return o;
- }
-}
-
-describe("SMT Javascript test", function () {
- this.timeout(100000);
- before( async () => {
- });
-
- it("Should insert 2 elements and empty them", async () => {
- const tree = await smt.newMemEmptyTrie();
- const key1 = bigInt(111);
- const value1 = bigInt(222);
- const key2 = bigInt(333);
- const value2 = bigInt(444);
-
- await tree.insert(key1,value1);
- await tree.insert(key2,value2);
- await tree.delete(key2);
- await tree.delete(key1);
-
- assert(tree.root.isZero());
- });
-
- it("Should insert 3 elements in dferent order and should be the same", async () => {
- const keys = [bigInt(8), bigInt(9), bigInt(32)];
- const values = [bigInt(88), bigInt(99), bigInt(3232)];
- const tree1 = await smt.newMemEmptyTrie();
- const tree2 = await smt.newMemEmptyTrie();
- const tree3 = await smt.newMemEmptyTrie();
- const tree4 = await smt.newMemEmptyTrie();
- const tree5 = await smt.newMemEmptyTrie();
- const tree6 = await smt.newMemEmptyTrie();
-
- await tree1.insert(keys[0],values[0]);
- await tree1.insert(keys[1],values[1]);
- await tree1.insert(keys[2],values[2]);
-
- await tree2.insert(keys[0],values[0]);
- await tree2.insert(keys[2],values[2]);
- await tree2.insert(keys[1],values[1]);
-
- await tree3.insert(keys[1],values[1]);
- await tree3.insert(keys[0],values[0]);
- await tree3.insert(keys[2],values[2]);
-
- await tree4.insert(keys[1],values[1]);
- await tree4.insert(keys[2],values[2]);
- await tree4.insert(keys[0],values[0]);
-
- await tree5.insert(keys[2],values[2]);
- await tree5.insert(keys[0],values[0]);
- await tree5.insert(keys[1],values[1]);
-
- await tree6.insert(keys[2],values[2]);
- await tree6.insert(keys[1],values[1]);
- await tree6.insert(keys[0],values[0]);
-
- assert(tree1.root.equals(tree2.root));
- assert(tree2.root.equals(tree3.root));
- assert(tree3.root.equals(tree4.root));
- assert(tree4.root.equals(tree5.root));
- assert(tree5.root.equals(tree6.root));
-
- assert.equal(Object.keys(tree1.db.nodes).length, Object.keys(tree2.db.nodes).length);
- assert.equal(Object.keys(tree2.db.nodes).length, Object.keys(tree3.db.nodes).length);
- assert.equal(Object.keys(tree3.db.nodes).length, Object.keys(tree4.db.nodes).length);
- assert.equal(Object.keys(tree4.db.nodes).length, Object.keys(tree5.db.nodes).length);
- assert.equal(Object.keys(tree5.db.nodes).length, Object.keys(tree6.db.nodes).length);
-
- await tree1.delete(keys[0]);
- await tree1.delete(keys[1]);
- await tree2.delete(keys[1]);
- await tree2.delete(keys[0]);
- assert(tree1.root.equals(tree2.root));
-
- await tree3.delete(keys[0]);
- await tree3.delete(keys[2]);
- await tree4.delete(keys[2]);
- await tree4.delete(keys[0]);
- assert(tree3.root.equals(tree4.root));
-
- await tree5.delete(keys[1]);
- await tree5.delete(keys[2]);
- await tree6.delete(keys[2]);
- await tree6.delete(keys[1]);
- assert(tree5.root.equals(tree6.root));
-
- await tree1.delete(keys[2]);
- await tree2.delete(keys[2]);
- await tree3.delete(keys[1]);
- await tree4.delete(keys[1]);
- await tree5.delete(keys[0]);
- await tree6.delete(keys[0]);
-
- assert(tree1.root.isZero());
- assert(tree2.root.isZero());
- assert(tree3.root.isZero());
- assert(tree4.root.isZero());
- assert(tree5.root.isZero());
- assert(tree6.root.isZero());
-
- assert.equal(Object.keys(tree1.db.nodes).length, 0);
- assert.equal(Object.keys(tree2.db.nodes).length, 0);
- assert.equal(Object.keys(tree3.db.nodes).length, 0);
- assert.equal(Object.keys(tree4.db.nodes).length, 0);
- assert.equal(Object.keys(tree5.db.nodes).length, 0);
- assert.equal(Object.keys(tree6.db.nodes).length, 0);
- });
-
- it("Insert and remove 100 numbers randomly", async () => {
- function perm(a) {
- const arr = a.slice();
- const rArr = [];
- for (let i=0; i<arr.length; i++) {
- let rIdx = Math.floor(Math.random() * (arr.length - i));
- rArr.push(arr[rIdx]);
- arr[rIdx] = arr[arr.length - i - 1];
- }
- return rArr;
- }
- const tree = await smt.newMemEmptyTrie();
- const arr = [];
- const N = 100;
- for (let i=0; i<N; i++) {
- arr.push(bigInt(i));
- }
- const insArr = perm(arr);
- for (let i=0; i<N; i++) {
- await tree.insert(insArr[i], i);
- }
- const delArr = perm(insArr);
- for (let i=0; i<N; i++) {
- await tree.delete(delArr[i]);
- }
-
- assert(tree.root.isZero());
- assert.equal(Object.keys(tree.db.nodes).length, 0);
- });
-
- it("Should test update", async () => {
- const tree1 = await smt.newMemEmptyTrie();
- const tree2 = await smt.newMemEmptyTrie();
-
- await tree1.insert(8,88);
- await tree1.insert(9,99,);
- await tree1.insert(32,3232);
-
- await tree2.insert(8,888);
- await tree2.insert(9,999);
- await tree2.insert(32,323232);
-
- await tree1.update(8, 888);
- await tree1.update(9, 999);
- await tree1.update(32, 323232);
-
- assert(tree1.root.equals(tree2.root));
- });
-
-});
diff --git a/test/smtprocessor.js b/test/smtprocessor.js
deleted file mode 100644
index e2577071..00000000
--- a/test/smtprocessor.js
+++ /dev/null
@@ -1,208 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-const smt = require("../src/smt.js");
-
-const assert = chai.assert;
-
-function print(circuit, w, s) {
- console.log(s + ": " + w[circuit.getSignalIdx(s)]);
-}
-
-async function testInsert(tree, key, value, circuit ) {
-
- const res = await tree.insert(key,value);
- let siblings = res.siblings;
- while (siblings.length<10) siblings.push(bigInt(0));
-
- const w = await circuit.calculateWitness({
- fnc: [1,0],
- oldRoot: res.oldRoot,
- siblings: siblings,
- oldKey: res.isOld0 ? 0 : res.oldKey,
- oldValue: res.isOld0 ? 0 : res.oldValue,
- isOld0: res.isOld0 ? 1 : 0,
- newKey: key,
- newValue: value
- }, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {newRoot: res.newRoot});
-
-}
-
-async function testDelete(tree, key, circuit) {
- const res = await tree.delete(key);
- let siblings = res.siblings;
- while (siblings.length<10) siblings.push(bigInt(0));
-
- const w = await circuit.calculateWitness({
- fnc: [1,1],
- oldRoot: res.oldRoot,
- siblings: siblings,
- oldKey: res.isOld0 ? 0 : res.oldKey,
- oldValue: res.isOld0 ? 0 : res.oldValue,
- isOld0: res.isOld0 ? 1 : 0,
- newKey: res.delKey,
- newValue: res.delValue
- }, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {newRoot: res.newRoot});
-}
-
-async function testUpdate(tree, key, newValue, circuit) {
- const res = await tree.update(key, newValue);
- let siblings = res.siblings;
- while (siblings.length<10) siblings.push(bigInt(0));
-
- const w = await circuit.calculateWitness({
- fnc: [0,1],
- oldRoot: res.oldRoot,
- siblings: siblings,
- oldKey: res.oldKey,
- oldValue: res.oldValue,
- isOld0: 0,
- newKey: res.newKey,
- newValue: res.newValue
- });
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {newRoot: res.newRoot});
-}
-
-
-describe("SMT Processor test", function () {
- let circuit;
- let tree;
-
- this.timeout(10000000);
-
- before( async () => {
- circuit = await tester(path.join(__dirname, "circuits", "smtprocessor10_test.circom"));
- await circuit.loadSymbols();
-
- tree = await smt.newMemEmptyTrie();
- });
-
- it("Should verify an insert to an empty tree", async () => {
- const key = bigInt(111);
- const value = bigInt(222);
-
- await testInsert(tree, key, value, circuit);
- });
-
- it("It should add another element", async () => {
- const key = bigInt(333);
- const value = bigInt(444);
-
- await testInsert(tree, key, value, circuit);
- });
-
- it("Should remove an element", async () => {
- await testDelete(tree, 111, circuit);
- await testDelete(tree, 333, circuit);
- });
-
- it("Should test convination of adding and removing 3 elements", async () => {
- const keys = [bigInt(8), bigInt(9), bigInt(32)];
- const values = [bigInt(88), bigInt(99), bigInt(3232)];
- const tree1 = await smt.newMemEmptyTrie();
- const tree2 = await smt.newMemEmptyTrie();
- const tree3 = await smt.newMemEmptyTrie();
- const tree4 = await smt.newMemEmptyTrie();
- const tree5 = await smt.newMemEmptyTrie();
- const tree6 = await smt.newMemEmptyTrie();
-
- await testInsert(tree1,keys[0],values[0], circuit);
- await testInsert(tree1,keys[1],values[1], circuit);
- await testInsert(tree1,keys[2],values[2], circuit);
-
- await testInsert(tree2,keys[0],values[0], circuit);
- await testInsert(tree2,keys[2],values[2], circuit);
- await testInsert(tree2,keys[1],values[1], circuit);
-
- await testInsert(tree3,keys[1],values[1], circuit);
- await testInsert(tree3,keys[0],values[0], circuit);
- await testInsert(tree3,keys[2],values[2], circuit);
-
- await testInsert(tree4,keys[1],values[1], circuit);
- await testInsert(tree4,keys[2],values[2], circuit);
- await testInsert(tree4,keys[0],values[0], circuit);
-
- await testInsert(tree5,keys[2],values[2], circuit);
- await testInsert(tree5,keys[0],values[0], circuit);
- await testInsert(tree5,keys[1],values[1], circuit);
-
- await testInsert(tree6,keys[2],values[2], circuit);
- await testInsert(tree6,keys[1],values[1], circuit);
- await testInsert(tree6,keys[0],values[0], circuit);
-
-
- await testDelete(tree1, keys[0], circuit);
- await testDelete(tree1, keys[1], circuit);
- await testDelete(tree2, keys[1], circuit);
- await testDelete(tree2, keys[0], circuit);
-
- await testDelete(tree3, keys[0], circuit);
- await testDelete(tree3, keys[2], circuit);
- await testDelete(tree4, keys[2], circuit);
- await testDelete(tree4, keys[0], circuit);
-
-
- await testDelete(tree5, keys[1], circuit);
- await testDelete(tree5, keys[2], circuit);
- await testDelete(tree6, keys[2], circuit);
- await testDelete(tree6, keys[1], circuit);
-
- await testDelete(tree1, keys[2], circuit);
- await testDelete(tree2, keys[2], circuit);
- await testDelete(tree3, keys[1], circuit);
- await testDelete(tree4, keys[1], circuit);
- await testDelete(tree5, keys[0], circuit);
- await testDelete(tree6, keys[0], circuit);
- });
-
- it("Should match a NOp with random vals", async () => {
- let siblings = [];
- while (siblings.length<10) siblings.push(bigInt(88));
- const w = await circuit.calculateWitness({
- fnc: [0,0],
- oldRoot: 11,
- siblings: siblings,
- oldKey: 33,
- oldValue: 44,
- isOld0: 55,
- newKey: 66,
- newValue: 77
- });
-
- const root1 = w[circuit.symbols["main.oldRoot"].varIdx];
- const root2 = w[circuit.symbols["main.newRoot"].varIdx];
-
- await circuit.checkConstraints(w);
-
- assert(root1.equals(root2));
- });
- it("Should update an element", async () => {
- const tree1 = await smt.newMemEmptyTrie();
- const tree2 = await smt.newMemEmptyTrie();
-
- await testInsert(tree1,8,88, circuit);
- await testInsert(tree1,9,99, circuit);
- await testInsert(tree1,32,3232, circuit);
-
- await testInsert(tree2,8,888, circuit);
- await testInsert(tree2,9,999, circuit);
- await testInsert(tree2,32,323232, circuit);
-
- await testUpdate(tree1, 8, 888, circuit);
- await testUpdate(tree1, 9, 999, circuit);
- await testUpdate(tree1, 32, 323232, circuit);
- });
-});
diff --git a/test/smtverifier.js b/test/smtverifier.js
deleted file mode 100644
index f5992ade..00000000
--- a/test/smtverifier.js
+++ /dev/null
@@ -1,136 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-const smt = require("../src/smt.js");
-
-const assert = chai.assert;
-
-function print(circuit, w, s) {
- console.log(s + ": " + w[circuit.getSignalIdx(s)]);
-}
-
-async function testInclusion(tree, key, circuit) {
-
- const res = await tree.find(key);
-
- assert(res.found);
- let siblings = res.siblings;
- while (siblings.length<10) siblings.push(bigInt(0));
-
- const w = await circuit.calculateWitness({
- enabled: 1,
- fnc: 0,
- root: tree.root,
- siblings: siblings,
- oldKey: 0,
- oldValue: 0,
- isOld0: 0,
- key: key,
- value: res.foundValue
- }, true);
-
- await circuit.checkConstraints(w);
-
-}
-
-async function testExclusion(tree, key, circuit) {
- const res = await tree.find(key);
-
- assert(!res.found);
- let siblings = res.siblings;
- while (siblings.length<10) siblings.push(bigInt(0));
-
- const w = await circuit.calculateWitness({
- enabled: 1,
- fnc: 1,
- root: tree.root,
- siblings: siblings,
- oldKey: res.isOld0 ? 0 : res.notFoundKey,
- oldValue: res.isOld0 ? 0 : res.notFoundValue,
- isOld0: res.isOld0 ? 1 : 0,
- key: key,
- value: 0
- });
-
- await circuit.checkConstraints(w);
-
-}
-
-describe("SMT Verifier test", function () {
- let circuit;
- let tree;
-
- this.timeout(100000);
-
- before( async () => {
- circuit = await tester(path.join(__dirname, "circuits", "smtverifier10_test.circom"));
-
- tree = await smt.newMemEmptyTrie();
- await tree.insert(7,77);
- await tree.insert(8,88);
- await tree.insert(32,3232);
- });
-
- it("Check inclussion in a tree of 3", async () => {
- await testInclusion(tree, 7, circuit);
- await testInclusion(tree, 8, circuit);
- await testInclusion(tree, 32, circuit);
- });
-
- it("Check exclussion in a tree of 3", async () => {
- await testExclusion(tree, 0, circuit);
- await testExclusion(tree, 6, circuit);
- await testExclusion(tree, 9, circuit);
- await testExclusion(tree, 33, circuit);
- await testExclusion(tree, 31, circuit);
- await testExclusion(tree, 16, circuit);
- await testExclusion(tree, 64, circuit);
- });
-
- it("Check not enabled accepts any thing", async () => {
- let siblings = [];
- for (let i=0; i<10; i++) siblings.push(i);
-
- const w = await circuit.calculateWitness({
- enabled: 0,
- fnc: 0,
- root: 1,
- siblings: siblings,
- oldKey: 22,
- oldValue: 33,
- isOld0: 0,
- key: 44,
- value: 0
- });
-
-
- await circuit.checkConstraints(w);
- });
-
- it("Check inclussion Adria case", async () => {
- const e1_hi= bigInt("17124152697573569611556136390143205198134245887034837071647643529178599000839");
- const e1_hv= bigInt("19650379996168153643111744440707177573540245771926102415571667548153444658179");
-
- const e2ok_hi= bigInt("16498254692537945203721083102154618658340563351558973077349594629411025251262");
- const e2ok_hv= bigInt("19650379996168153643111744440707177573540245771926102415571667548153444658179");
-
- const e2fail_hi= bigInt("17195092312975762537892237130737365903429674363577646686847513978084990105579");
- const e2fail_hv= bigInt("19650379996168153643111744440707177573540245771926102415571667548153444658179");
-
- const tree1 = await smt.newMemEmptyTrie();
- await tree1.insert(e1_hi,e1_hv);
- await tree1.insert(e2ok_hi,e2ok_hv);
-
- await testInclusion(tree1, e2ok_hi, circuit);
-
- const tree2 = await smt.newMemEmptyTrie();
- await tree2.insert(e1_hi,e1_hv);
- await tree2.insert(e2fail_hi,e2fail_hv);
-
- await testInclusion(tree2, e2fail_hi, circuit);
- });
-
-
-});
From b164812472fe1cd1e9f9abc1a599a1b1bffd3a1d Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 1 Apr 2020 09:54:47 +0200
Subject: [PATCH 02/27] Worked on basics folder
---
README.md | 89 ++-
circuits/README.md | 831 +----------------------
circuits/aliascheck.circom | 32 -
circuits/babyjub.circom | 106 ---
circuits/binsub.circom | 73 --
circuits/binsum.circom | 100 ---
circuits/bitify.circom | 105 ---
circuits/comparators.circom | 139 ----
circuits/compconstant.circom | 73 --
circuits/eddsa.circom | 138 ----
circuits/eddsamimc.circom | 123 ----
circuits/eddsamimcsponge.circom | 123 ----
circuits/eddsaposeidon.circom | 122 ----
circuits/escalarmul.circom | 165 -----
circuits/escalarmulany.circom | 196 ------
circuits/escalarmulfix.circom | 298 --------
circuits/escalarmulw4table.circom | 51 --
circuits/gates.circom | 93 ---
circuits/mimc.circom | 155 -----
circuits/mimcsponge.circom | 290 --------
circuits/montgomery.circom | 141 ----
circuits/multiplexer.circom | 113 ---
circuits/mux1.circom | 47 --
circuits/mux2.circom | 62 --
circuits/mux3.circom | 74 --
circuits/mux4.circom | 118 ----
circuits/pedersen.circom | 255 -------
circuits/pedersen_old.circom | 66 --
circuits/pointbits.circom | 163 -----
circuits/poseidon.circom | 208 ------
circuits/sha256/ch.circom | 46 --
circuits/sha256/constants.circom | 52 --
circuits/sha256/main.circom | 34 -
circuits/sha256/maj.circom | 44 --
circuits/sha256/rotate.circom | 27 -
circuits/sha256/sha256.circom | 81 ---
circuits/sha256/sha256_2.circom | 90 ---
circuits/sha256/sha256compression.circom | 159 -----
circuits/sha256/shift.circom | 32 -
circuits/sha256/sigma.circom | 76 ---
circuits/sha256/sigmaplus.circom | 49 --
circuits/sha256/t1.circom | 57 --
circuits/sha256/t2.circom | 50 --
circuits/sha256/xor3.circom | 44 --
circuits/sign.circom | 35 -
circuits/smt/smthash_mimc.circom | 57 --
circuits/smt/smthash_poseidon.circom | 56 --
circuits/smt/smtlevins.circom | 102 ---
circuits/smt/smtprocessor.circom | 260 -------
circuits/smt/smtprocessorlevel.circom | 94 ---
circuits/smt/smtprocessorsm.circom | 164 -----
circuits/smt/smtverifier.circom | 137 ----
circuits/smt/smtverifierlevel.circom | 71 --
circuits/smt/smtverifiersm.circom | 105 ---
circuits/switcher.circom | 40 --
test/circuits/aliascheck_test.circom | 3 -
test/circuits/babyadd_tester.circom | 3 -
test/circuits/binsub_test.circom | 31 -
test/circuits/greatereqthan.circom | 4 -
test/circuits/greaterthan.circom | 4 -
test/circuits/isequal.circom | 4 -
test/circuits/iszero.circom | 5 -
test/circuits/lesseqthan.circom | 4 -
test/circuits/lessthan.circom | 4 -
64 files changed, 90 insertions(+), 6483 deletions(-)
delete mode 100644 circuits/aliascheck.circom
delete mode 100644 circuits/babyjub.circom
delete mode 100644 circuits/binsub.circom
delete mode 100644 circuits/binsum.circom
delete mode 100644 circuits/bitify.circom
delete mode 100644 circuits/comparators.circom
delete mode 100644 circuits/compconstant.circom
delete mode 100644 circuits/eddsa.circom
delete mode 100644 circuits/eddsamimc.circom
delete mode 100644 circuits/eddsamimcsponge.circom
delete mode 100644 circuits/eddsaposeidon.circom
delete mode 100644 circuits/escalarmul.circom
delete mode 100644 circuits/escalarmulany.circom
delete mode 100644 circuits/escalarmulfix.circom
delete mode 100644 circuits/escalarmulw4table.circom
delete mode 100644 circuits/gates.circom
delete mode 100644 circuits/mimc.circom
delete mode 100644 circuits/mimcsponge.circom
delete mode 100644 circuits/montgomery.circom
delete mode 100644 circuits/multiplexer.circom
delete mode 100644 circuits/mux1.circom
delete mode 100644 circuits/mux2.circom
delete mode 100644 circuits/mux3.circom
delete mode 100644 circuits/mux4.circom
delete mode 100644 circuits/pedersen.circom
delete mode 100644 circuits/pedersen_old.circom
delete mode 100644 circuits/pointbits.circom
delete mode 100644 circuits/poseidon.circom
delete mode 100644 circuits/sha256/ch.circom
delete mode 100644 circuits/sha256/constants.circom
delete mode 100644 circuits/sha256/main.circom
delete mode 100644 circuits/sha256/maj.circom
delete mode 100644 circuits/sha256/rotate.circom
delete mode 100644 circuits/sha256/sha256.circom
delete mode 100644 circuits/sha256/sha256_2.circom
delete mode 100644 circuits/sha256/sha256compression.circom
delete mode 100644 circuits/sha256/shift.circom
delete mode 100644 circuits/sha256/sigma.circom
delete mode 100644 circuits/sha256/sigmaplus.circom
delete mode 100644 circuits/sha256/t1.circom
delete mode 100644 circuits/sha256/t2.circom
delete mode 100644 circuits/sha256/xor3.circom
delete mode 100644 circuits/sign.circom
delete mode 100644 circuits/smt/smthash_mimc.circom
delete mode 100644 circuits/smt/smthash_poseidon.circom
delete mode 100644 circuits/smt/smtlevins.circom
delete mode 100644 circuits/smt/smtprocessor.circom
delete mode 100644 circuits/smt/smtprocessorlevel.circom
delete mode 100644 circuits/smt/smtprocessorsm.circom
delete mode 100644 circuits/smt/smtverifier.circom
delete mode 100644 circuits/smt/smtverifierlevel.circom
delete mode 100644 circuits/smt/smtverifiersm.circom
delete mode 100644 circuits/switcher.circom
delete mode 100644 test/circuits/aliascheck_test.circom
delete mode 100644 test/circuits/babyadd_tester.circom
delete mode 100644 test/circuits/binsub_test.circom
delete mode 100644 test/circuits/greatereqthan.circom
delete mode 100644 test/circuits/greaterthan.circom
delete mode 100644 test/circuits/isequal.circom
delete mode 100644 test/circuits/iszero.circom
delete mode 100644 test/circuits/lesseqthan.circom
delete mode 100644 test/circuits/lessthan.circom
diff --git a/README.md b/README.md
index 9dfb0208..1f5fba0f 100644
--- a/README.md
+++ b/README.md
@@ -1,17 +1,98 @@
-# CircomLib
+# Library of Circom Templates
+
+This is the library of templates of functions for [`circom`](https://github.com/iden3/circom), a circuit compiler for zero-knowledge circuits.
## Description
- This repository contains a library of circuit templates.
- All files are copyrighted under 2018 0KIMS association and part of the free software [circom](https://github.com/iden3/circom) (Zero Knowledge Circuit Compiler).
-## Organisation
+## Organisation (old)
This respository contains 5 folders:
- `circuits`: it contains the implementation of different cryptographic primitives in circom language.
- `calcpedersenbases`: set of functions in JavaScript used to find a set of points in [Baby Jubjub](https://github.com/barryWhiteHat/baby_jubjub) elliptic curve that serve as basis for the [Pedersen Hash](https://github.com/zcash/zcash/issues/2234).
- `doc`: it contains some circuit schemes in ASCII (must be opened with Monodraw, an ASCII art editor for Mac).
-- `src`: it contains similar implementation of circuits in JavaScript.
+- `src`: it contains implementation of circuits in JavaScript.
- `test`: tests.
-A description of the specific circuit templates for the `circuit` folder will be soon updated.
\ No newline at end of file
+A description of the specific circuit templates for the `circuit` folder will be soon updated.
+
+## Structure of the Library
+
+TODO: CHANGE IT!!!!!
+
+- [`basics`](circomlib-doc/basics)
+ - [`aliascheck`](circomlib-doc/basics/aliascheck)
+ - [`binary_arithmetic`](circomlib-doc/basics/binary_arithmetic)
+ - [`binsub`](circomlib-doc/basics/binary_arithmetic/binsub)
+ - [`binsum`](circomlib-doc/basics/binary_arithmetic/binsum)
+ - [`bitify`](circomlib-doc/basics/bitify)
+ - [`bits2num`](circomlib-doc/basics/bitify/bits2num)
+ - [`bits2num_strict`](circomlib-doc/basics/bitify/bits2num_strict)
+ - [`num2bits`](circomlib-doc/basics/bitify/num2bits)
+ - [`num2bits_strict`](circomlib-doc/basics/bitify/num2bits_strict)
+ - [`num2bitsneg`](circomlib-doc/basics/bitify/num2bitsneg)
+ - [`comparators`](circomlib-doc/basics/comparators)
+ - [`forceequalifenable`](circomlib-doc/basics/comparators/forceequalifenable)
+ - [`greatereqthan`](circomlib-doc/basics/comparators/greatereqthan)
+ - [`greaterthan`](circomlib-doc/basics/comparators/greaterthan)
+ - [`isequal`](circomlib-doc/basics/comparators/isequal)
+ - [`iszero`](circomlib-doc/basics/comparators/iszero)
+ - [`lesseqthan`](circomlib-doc/basics/comparators/lesseqthan)
+ - [`lessthan`](circomlib-doc/basics/comparators/lessthan)
+ - [`compconstant`](circomlib-doc/basics/compconstant)
+ - [`logic_gates`](circomlib-doc/basics/logic_gates)
+ - [`AND`](circomlib-doc/basics/logic_gates/AND)
+ - [`MultiAND`](circomlib-doc/basics/logic_gates/MultiAND)
+ - [`NAND`](circomlib-doc/basics/logic_gates/NAND)
+ - [`NOR`](circomlib-doc/basics/logic_gates/NOR)
+ - [`NOT`](circomlib-doc/basics/logic_gates/NOT)
+ - [`OR`](circomlib-doc/basics/logic_gates/OR)
+ - [`XOR`](circomlib-doc/basics/logic_gates/XOR)
+ - [`multiplexer`](circomlib-doc/basics/multiplexer)
+ - [`mux`](circomlib-doc/basics/mux)
+ - [`multimux1`](circomlib-doc/basics/mux/multimux1)
+ - [`multimux2`](circomlib-doc/basics/mux/multimux2)
+ - [`multimux3`](circomlib-doc/basics/mux/multimux3)
+ - [`multimux4`](circomlib-doc/basics/mux/multimux4)
+ - [`mux1`](circomlib-doc/basics/mux/mux1)
+ - [`mux2`](circomlib-doc/basics/mux/mux2)
+ - [`mux3`](circomlib-doc/basics/mux/mux3)
+ - [`mux4`](circomlib-doc/basics/mux/mux4)
+ - [`sign`](circomlib-doc/basics/sign)
+ - [`switcher`](circomlib-doc/basics/switcher)
+- [`cryptography`](circomlib-doc/cryptography)
+ - [`hash_functions`](circomlib-doc/cryptography/hash_functions)
+ - [`mimc`](circomlib-doc/cryptography/hash_functions/mimc)
+ - [`mimc7`](circomlib-doc/cryptography/hash_functions/mimc/mimc7)
+ - [`mimcfeistel`](circomlib-doc/cryptography/hash_functions/mimc/mimcfeistel)
+ - [`mimcsponge`](circomlib-doc/cryptography/hash_functions/mimc/mimcsponge)
+ - [`multimimc7`](circomlib-doc/cryptography/hash_functions/mimc/multimimc7)
+ - [`pedersen`](circomlib-doc/cryptography/hash_functions/pedersen)
+ - [`segment`](circomlib-doc/cryptography/hash_functions/pedersen/segment)
+ - [`window3`](circomlib-doc/cryptography/hash_functions/pedersen/window3)
+ - [`window4`](circomlib-doc/cryptography/hash_functions/pedersen/window4)
+ - [`poseidon`](circomlib-doc/cryptography/hash_functions/poseidon)
+ - [`sha256`](circomlib-doc/cryptography/hash_functions/sha256)
+ - [`signatures`](circomlib-doc/cryptography/signatures)
+ - [`eddsa`](circomlib-doc/cryptography/signatures/eddsa)
+ - [`smt`](circomlib-doc/cryptography/smt)
+- [`elliptic_curves`](circomlib-doc/elliptic_curves)
+ - [`baby_jubjub`](circomlib-doc/elliptic_curves/baby_jubjub)
+ - [`edwards`](circomlib-doc/elliptic_curves/baby_jubjub/edwards)
+ - [`babyadd`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/babyadd)
+ - [`babycheck`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/babycheck)
+ - [`babydbl`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/babydbl)
+ - [`babypbk`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/babypbk)
+ - [`scalar_mul`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/scalar_mul)
+ - [`scalarmul`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul)
+ - [`scalarmulany`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany)
+ - [`scalarmulfix`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix)
+ - [`scalarmulwtable`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable)
+ - [`edwards2montgomery`](circomlib-doc/elliptic_curves/baby_jubjub/edwards2montgomery)
+ - [`montgomery`](circomlib-doc/elliptic_curves/baby_jubjub/montgomery)
+ - [`montgomeryadd`](circomlib-doc/elliptic_curves/baby_jubjub/montgomery/montgomeryadd)
+ - [`montgomerydouble`](circomlib-doc/elliptic_curves/baby_jubjub/montgomery/montgomerydouble)
+ - [`montgomery2edwards`](circomlib-doc/elliptic_curves/baby_jubjub/montgomery2edwards)
+ - [`point2bits`](circomlib-doc/elliptic_curves/baby_jubjub/point2bits)
diff --git a/circuits/README.md b/circuits/README.md
index 30b1cd28..15526200 100644
--- a/circuits/README.md
+++ b/circuits/README.md
@@ -1,830 +1,9 @@
-# CircomLib/Circuits
+# `folder name`
-## Description
+This folder contains the templates ... ".
-- This folder contains circuit templates for standard operations and many cryptographic primitives.
-- Below you can find specifications of each function. In the representation of elements, there are three tyes:
- - Binary
- - String
- - Field element (the field is specified in each case. We consider 2 possible fields: Fp and Fr, where p... and r... .)
+## Structure of the Folder
-## Table of Contents
+TOC
-[TOC]
-
-## Jordi
-
-* compconstant - Returns 1 if `in` (expanded to binary array) > `ct`
-* aliascheck - check if `in` (expanded to binary array) oveflowed its 254 bits (<= -1)
-* babyjub - twisted Edwards curve 168700.x^2 + y^2 = 1 + 168696.x^2.y^2
- * BabyAdd - (`xout`,`yout`) = (`x1`,`y1`) + (`x2`,`y2`)
- * BabyDbl - (`xout`,`yout`) = 2*(`x`,`y`)
- * BabyCheck - check that (`x`,`y`) is on the curve
-* binsub - binary subtraction
-* gates - logical gates
-* mimc - SNARK-friendly hash Minimal Multiplicative Complexity.
- * https://eprint.iacr.org/2016/492.pdf
- * zcash/zcash#2233
-* smt - Sparse Merkle Tree
- * https://ethresear.ch/t/optimizing-sparse-merkle-trees/3751
-* montgomery https://en.wikipedia.org/wiki/Montgomery_curve
-
-## Circuits
-
-### sha256
-
-Folder containing the implementation of sha256 hash circuit.
-
-### smt
-
-Folder containing the circuit implementation of Sparse Merkle Trees.
-
-### aliascheck
-
-- `AliasCheck()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### babyjub
-
-Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby_jubjub) in twisted Edwards form. (TODO: Expose here the characteristics of the curve?)
-
-
-- `BabyAdd()`
-
- - DESCRIPTION
-
- It adds two points on the Baby Jubjub curve. More specifically, given two points P1 = (`x1`, `y1`) and P2 = (`x2`, `y2`) it returns a point P3 = (`xout`, `yout`) such that
-
- (`xout`, `yout`) = (`x1`,`y1`) + (`x2`,`y2`)
- = ((`x1y2`+`y1x2`)/(1+`dx1x2y1y2`)),(`y1y2`-`ax1x2`)/(1-`dx1x2y1y2`))
-
- - SCHEMA
- ```
- var a var d
- | |
- | |
- ______v_________v_______
- input x1 ----> | |
- input y1 ----> | BabyAdd() | ----> output xout
- input x2 ----> | | ----> output yout
- input y2 ----> |________________________|
- ```
-
- - INPUTS
-
- | Input | Representation | Description | |
- | ------------- | ------------- | ------------- | ------------- |
- | `x1` | Bigint | Field element of Fp | First coordinate of a point (x1, y1) on E. |
- | `y1` | Bigint | Field element of Fp | Second coordinate of a point (x1, y1) on E. |
- | `x2` | Bigint | Field element of Fp | First coordinate of a point (x2, y2) on E. |
- | `y2` | Bigint | Field element of Fp | Second coordinate of a point (x2, y2) on E. |
-
- Requirement: at least `x1`!=`x2` or `y1`!=`y2`.
-
- - OUTPUT
-
- | Input | Representation | Description | |
- | ------------- | ------------- | ------------- | ------------- |
- | `xout` | Bigint | Field element of Fp | First coordinate of the addition point (xout, yout) = (x1, y1) + (x2, y2). |
- | `yout` | Bigint | Field element of Fp | Second coordinate of the addition point (xout, yout) = (x1, y1) + (x2, y2). |
-
- - BENCHMARKS (constraints)
-
- - EXAMPLE
-
-- `BabyDbl()`
- - DESCRIPTION : doubles a point (`xout`,`yout`) = 2*(`x`,`y`).
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `BabyCheck()`
-
- - DESCRIPTION : checks if a given point is in the curve.
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `BabyPbk()`
-
- - DESCRIPTION: : given a private key, it returns the associated public key.
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-
-### binsub
-
-- `BinSub(n)`
-
- - DESCRIPTION: binary substraction.
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### binsum
-
-- `nbits(a)`
-
- - DESCRIPTION : binary sum.
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `BinSum(n, ops)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### bitify
-
-- `Num2Bits()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Num2Bits_strict()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Bits2Num()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Bits2Num_strict()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Num2BitsNeg()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### comparators
-
-- `IsZero() `
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `IsEqual()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `ForceEqualIfEnabled()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `LessThan()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `GreaterThan()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `GreaterEqThan()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### compconstant
-
-- `CompConstant(ct)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### eddsa
-
-Edwards Digital Signature Algorithm in Baby Jubjbub (link a eddsa)
-
-- `EdDSAVerifier(n)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### eddsamimc
-
-- `EdDSAMiMCVerifier()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### eddsamimcsponge
-
-- `EdDSAMiMCSpongeVerifier()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### eddsaposeidon
-
-- `EdDSAPoseidonVerifier()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### escalarmul
-
-- `EscalarMulWindow(base, k)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `EscalarMul(n, base)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### escalarmulany
-
-- `Multiplexor2()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `BitElementMulAny()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `SegmentMulAny(n)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `EscalarMulAny(n)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### escalarmulfix
-
-- `WindowMulFix()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `SegmentMulFix(nWindows)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `EscalarMulFix(n, BASE)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### escalarmulw4table
-
-- `pointAdd`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `EscalarMulW4Table`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### gates
-
-- `XOR`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `AND`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `OR`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `NOT`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `NAND`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `NOR`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `MultiAND`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### mimc
-
-Implementation of MiMC-7 hash in Fp being... (link to description of the hash)
-
-- `MiMC7(nrounds)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `MultiMiMC7(nInputs, nRounds)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### mimcsponge
-
-- `MiMCSponge(nInputs, nRounds, nOutputs)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `MiMCFeistel(nrounds)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### montgomery
-
-- `Edwards2Montgomery()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Montgomery2Edwards()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `MontgomeryAdd()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `MontgomeryDouble()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### multiplexer
-
-- `log2(a)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `EscalarProduct(w)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Decoder(w)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Multiplexer(wIn, nIn)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### mux1
-
-- `MultiMux1(n)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Mux1()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### mux2
-
-- `MultiMux2(n)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Mux2()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### mux3
-
-- `MultiMux3(n)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Mux3()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### mux4
-
-- `MultiMux4(n)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Mux4()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### pedersen_old
-
-Old version of the Pedersen hash (do not use any
-more?).
-
-### pedersen
-
-- `Window4()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Segment(nWindows)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Pedersen(n)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### pointbits
-
-- `sqrt(n)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Bits2Point()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Bits2Point_Strict()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Point2Bits`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Point2Bits_Strict`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### poseidon
-
-Implementation of Poseidon hash function (LINK)
-
-- `Sigma()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Ark(t, C)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Mix(t, M)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-- `Poseidon(nInputs, t, nRoundsF, nRoundsP)`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### sign
-
-- `Sign()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
-
-### switcher
-
-- `Switcher()`
-
- - DESCRIPTION
- - SCHEMA
- - INPUT
- - OUTPUT
- - BENCHMARKS
- - EXAMPLE
+## Background on ... (if necessary)
\ No newline at end of file
diff --git a/circuits/aliascheck.circom b/circuits/aliascheck.circom
deleted file mode 100644
index c4dfad57..00000000
--- a/circuits/aliascheck.circom
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "compconstant.circom";
-
-
-template AliasCheck() {
-
- signal input in[254];
-
- component compConstant = CompConstant(-1);
-
- for (var i=0; i<254; i++) in[i] ==> compConstant.in[i];
-
- compConstant.out === 0;
-}
diff --git a/circuits/babyjub.circom b/circuits/babyjub.circom
deleted file mode 100644
index 537b1a0d..00000000
--- a/circuits/babyjub.circom
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "bitify.circom";
-include "escalarmulfix.circom";
-
-template BabyAdd() {
- signal input x1;
- signal input y1;
- signal input x2;
- signal input y2;
- signal output xout;
- signal output yout;
-
- signal beta;
- signal gamma;
- signal delta;
- signal tau;
-
- var a = 168700;
- var d = 168696;
-
- beta <== x1*y2;
- gamma <== y1*x2;
- delta <== (-a*x1+y1)*(x2 + y2);
- tau <== beta * gamma;
-
- xout <-- (beta + gamma) / (1+ d*tau);
- (1+ d*tau) * xout === (beta + gamma);
-
- yout <-- (delta + a*beta - gamma) / (1-d*tau);
- (1-d*tau)*yout === (delta + a*beta - gamma);
-}
-
-template BabyDbl() {
- signal input x;
- signal input y;
- signal output xout;
- signal output yout;
-
- component adder = BabyAdd();
- adder.x1 <== x;
- adder.y1 <== y;
- adder.x2 <== x;
- adder.y2 <== y;
-
- adder.xout ==> xout;
- adder.yout ==> yout;
-}
-
-
-template BabyCheck() {
- signal input x;
- signal input y;
-
- signal x2;
- signal y2;
-
- var a = 168700;
- var d = 168696;
-
- x2 <== x*x;
- y2 <== y*y;
-
- a*x2 + y2 === 1 + d*x2*y2;
-}
-
-// Extracts the public key from private key
-template BabyPbk() {
- signal private input in;
- signal output Ax;
- signal output Ay;
-
- var BASE8[2] = [
- 5299619240641551281634865583518297030282874472190772894086521144482721001553,
- 16950150798460657717958625567821834550301663161624707787222815936182638968203
- ];
-
- component pvkBits = Num2Bits(253);
- pvkBits.in <== in;
-
- component mulFix = EscalarMulFix(253, BASE8);
-
- var i;
- for (i=0; i<253; i++) {
- mulFix.e[i] <== pvkBits.out[i];
- }
- Ax <== mulFix.out[0];
- Ay <== mulFix.out[1];
-}
diff --git a/circuits/binsub.circom b/circuits/binsub.circom
deleted file mode 100644
index 67214427..00000000
--- a/circuits/binsub.circom
+++ /dev/null
@@ -1,73 +0,0 @@
- /*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/*
-This component creates a binary substraction.
-
-
-Main Constraint:
- (in[0][0] * 2^0 + in[0][1] * 2^1 + ..... + in[0][n-1] * 2^(n-1)) +
- + 2^n
- - (in[1][0] * 2^0 + in[1][1] * 2^1 + ..... + in[1][n-1] * 2^(n-1))
- ===
- out[0] * 2^0 + out[1] * 2^1 + + out[n-1] *2^(n-1) + aux
-
-
- out[0] * (out[0] - 1) === 0
- out[1] * (out[0] - 1) === 0
- .
- .
- .
- out[n-1] * (out[n-1] - 1) === 0
- aux * (aux-1) == 0
-
-*/
-
-template BinSub(n) {
- signal input in[2][n];
- signal output out[n];
-
- signal aux;
-
- var lin = 2**n;
- var lout = 0;
-
- var i;
-
- for (i=0; i<n; i++) {
- lin = lin + in[0][i]*(2**i);
- lin = lin - in[1][i]*(2**i);
- }
-
- for (i=0; i<n; i++) {
- out[i] <-- (lin >> i) & 1;
-
- // Ensure out is binary
- out[i] * (out[i] - 1) === 0;
-
- lout = lout + out[i]*(2**i);
- }
-
- aux <-- (lin >> n) & 1;
- aux*(aux-1) === 0;
- lout = lout + aux*(2**n);
-
- // Ensure the sum;
- lin === lout;
-}
diff --git a/circuits/binsum.circom b/circuits/binsum.circom
deleted file mode 100644
index 6fd79adc..00000000
--- a/circuits/binsum.circom
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/*
-
-Binary Sum
-==========
-
-This component creates a binary sum componet of ops operands and n bits each operand.
-
-e is Number of carries: Depends on the number of operands in the input.
-
-Main Constraint:
- in[0][0] * 2^0 + in[0][1] * 2^1 + ..... + in[0][n-1] * 2^(n-1) +
- + in[1][0] * 2^0 + in[1][1] * 2^1 + ..... + in[1][n-1] * 2^(n-1) +
- + ..
- + in[ops-1][0] * 2^0 + in[ops-1][1] * 2^1 + ..... + in[ops-1][n-1] * 2^(n-1) +
- ===
- out[0] * 2^0 + out[1] * 2^1 + + out[n+e-1] *2(n+e-1)
-
-To waranty binary outputs:
-
- out[0] * (out[0] - 1) === 0
- out[1] * (out[0] - 1) === 0
- .
- .
- .
- out[n+e-1] * (out[n+e-1] - 1) == 0
-
- */
-
-
-/*
- This function calculates the number of extra bits in the output to do the full sum.
- */
-
-function nbits(a) {
- var n = 1;
- var r = 0;
- while (n-1<a) {
- r++;
- n *= 2;
- }
- return r;
-}
-
-
-template BinSum(n, ops) {
- var nout = nbits((2**n -1)*ops);
- signal input in[ops][n];
- signal output out[nout];
-
- var lin = 0;
- var lout = 0;
-
- var k;
- var j;
-
- var e2;
-
- e2 = 1;
- for (k=0; k<n; k++) {
- for (j=0; j<ops; j++) {
- lin += in[j][k] * e2;
- }
- e2 = e2 + e2;
- }
-
- e2 = 1;
- for (k=0; k<nout; k++) {
- out[k] <-- (lin >> k) & 1;
-
- // Ensure out is binary
- out[k] * (out[k] - 1) === 0;
-
- lout += out[k] * e2;
-
- e2 = e2+e2;
- }
-
- // Ensure the sum;
-
- lin === lout;
-}
diff --git a/circuits/bitify.circom b/circuits/bitify.circom
deleted file mode 100644
index 60fb89c8..00000000
--- a/circuits/bitify.circom
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "comparators.circom";
-include "aliascheck.circom";
-
-
-template Num2Bits(n) {
- signal input in;
- signal output out[n];
- var lc1=0;
-
- var e2=1;
- for (var i = 0; i<n; i++) {
- out[i] <-- (in >> i) & 1;
- out[i] * (out[i] -1 ) === 0;
- lc1 += out[i] * e2;
- e2 = e2+e2;
- }
-
- lc1 === in;
-}
-
-template Num2Bits_strict() {
- signal input in;
- signal output out[254];
-
- component aliasCheck = AliasCheck();
- component n2b = Num2Bits(254);
- in ==> n2b.in;
-
- for (var i=0; i<254; i++) {
- n2b.out[i] ==> out[i];
- n2b.out[i] ==> aliasCheck.in[i];
- }
-}
-
-template Bits2Num(n) {
- signal input in[n];
- signal output out;
- var lc1=0;
-
- var e2 = 1;
- for (var i = 0; i<n; i++) {
- lc1 += in[i] * e2;
- e2 = e2 + e2;
- }
-
- lc1 ==> out;
-}
-
-template Bits2Num_strict() {
- signal input in[n];
- signal output out;
-
- component aliasCheck = AliasCheck();
- component b2n = Bits2Num(254);
-
- for (var i=0; i<254; i++) {
- in[i] ==> b2n.in[i];
- in[i] ==> aliasCheck.in[i];
- }
-
- b2n.out ==> out;
-}
-
-template Num2BitsNeg(n) {
- signal input in;
- signal output out[n];
- var lc1=0;
-
- component isZero;
-
- isZero = IsZero();
-
- var neg = n == 0 ? 0 : 2**n - in;
-
- for (var i = 0; i<n; i++) {
- out[i] <-- (neg >> i) & 1;
- out[i] * (out[i] -1 ) === 0;
- lc1 += out[i] * 2**i;
- }
-
- in ==> isZero.in;
-
-
-
- lc1 + isZero.out * 2**n === 2**n - in;
-}
diff --git a/circuits/comparators.circom b/circuits/comparators.circom
deleted file mode 100644
index 3eaa3d8d..00000000
--- a/circuits/comparators.circom
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "bitify.circom";
-include "binsum.circom";
-
-template IsZero() {
- signal input in;
- signal output out;
-
- signal inv;
-
- inv <-- in!=0 ? 1/in : 0;
-
- out <== -in*inv +1;
- in*out === 0;
-}
-
-
-template IsEqual() {
- signal input in[2];
- signal output out;
-
- component isz = IsZero();
-
- in[1] - in[0] ==> isz.in;
-
- isz.out ==> out;
-}
-
-template ForceEqualIfEnabled() {
- signal input enabled;
- signal input in[2];
-
- component isz = IsZero();
-
- in[1] - in[0] ==> isz.in;
-
- (1 - isz.out)*enabled === 0;
-}
-
-/*
-// N is the number of bits the input have.
-// The MSF is the sign bit.
-template LessThan(n) {
- signal input in[2];
- signal output out;
-
- component num2Bits0;
- component num2Bits1;
-
- component adder;
-
- adder = BinSum(n, 2);
-
- num2Bits0 = Num2Bits(n);
- num2Bits1 = Num2BitsNeg(n);
-
- in[0] ==> num2Bits0.in;
- in[1] ==> num2Bits1.in;
-
- var i;
- for (i=0;i<n;i++) {
- num2Bits0.out[i] ==> adder.in[0][i];
- num2Bits1.out[i] ==> adder.in[1][i];
- }
-
- adder.out[n-1] ==> out;
-}
-*/
-
-template LessThan(n) {
- signal input in[2];
- signal output out;
-
- component n2b = Num2Bits(n*2+1);
-
- n2b.in <== in[0]+ (1<<n) - in[1];
-
- out <== 1-n2b.out[n];
-}
-
-
-
-// N is the number of bits the input have.
-// The MSF is the sign bit.
-template LessEqThan(n) {
- signal input in[2];
- signal output out;
-
- component lt = LessThan(n);
-
- lt.in[0] <== in[0];
- lt.in[1] <== in[1]+1;
- lt.out ==> out;
-}
-
-// N is the number of bits the input have.
-// The MSF is the sign bit.
-template GreaterThan(n) {
- signal input in[2];
- signal output out;
-
- component lt = LessThan(n);
-
- lt.in[0] <== in[1];
- lt.in[1] <== in[0];
- lt.out ==> out;
-}
-
-// N is the number of bits the input have.
-// The MSF is the sign bit.
-template GreaterEqThan(n) {
- signal input in[2];
- signal output out;
-
- component lt = LessThan(n);
-
- lt.in[0] <== in[1];
- lt.in[1] <== in[0]+1;
- lt.out ==> out;
-}
-
diff --git a/circuits/compconstant.circom b/circuits/compconstant.circom
deleted file mode 100644
index e7fb3f0a..00000000
--- a/circuits/compconstant.circom
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "bitify.circom";
-
-// Returns 1 if in (in binary) > ct
-
-template CompConstant(ct) {
- signal input in[254];
- signal output out;
-
- signal parts[127];
- signal sout;
-
- var clsb;
- var cmsb;
- var slsb;
- var smsb;
-
- var sum=0;
-
- var b = (1 << 128) -1;
- var a = 1;
- var e = 1;
- var i;
-
- for (i=0;i<127; i++) {
- clsb = (ct >> (i*2)) & 1;
- cmsb = (ct >> (i*2+1)) & 1;
- slsb = in[i*2];
- smsb = in[i*2+1];
-
- if ((cmsb==0)&&(clsb==0)) {
- parts[i] <== -b*smsb*slsb + b*smsb + b*slsb;
- } else if ((cmsb==0)&&(clsb==1)) {
- parts[i] <== a*smsb*slsb - a*slsb + b*smsb - a*smsb + a;
- } else if ((cmsb==1)&&(clsb==0)) {
- parts[i] <== b*smsb*slsb - a*smsb + a;
- } else {
- parts[i] <== -a*smsb*slsb + a;
- }
-
- sum = sum + parts[i];
-
- b = b -e;
- a = a +e;
- e = e*2;
- }
-
- sout <== sum;
-
- component num2bits = Num2Bits(135);
-
- num2bits.in <== sout;
-
- out <== num2bits.out[127];
-}
diff --git a/circuits/eddsa.circom b/circuits/eddsa.circom
deleted file mode 100644
index bf126a78..00000000
--- a/circuits/eddsa.circom
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "compconstant.circom";
-include "pointbits.circom";
-include "pedersen.circom";
-include "escalarmulany.circom";
-include "escalarmulfix.circom";
-
-template EdDSAVerifier(n) {
- signal input msg[n];
-
- signal input A[256];
- signal input R8[256];
- signal input S[256];
-
- signal Ax;
- signal Ay;
-
- signal R8x;
- signal R8y;
-
- var i;
-
-// Ensure S<Subgroup Order
-
- component compConstant = CompConstant(2736030358979909402780800718157159386076813972158567259200215660948447373040);
-
- for (i=0; i<254; i++) {
- S[i] ==> compConstant.in[i];
- }
- compConstant.out === 0;
- S[254] === 0;
- S[255] === 0;
-
-// Convert A to Field elements (And verify A)
-
- component bits2pointA = Bits2Point_Strict();
-
- for (i=0; i<256; i++) {
- bits2pointA.in[i] <== A[i];
- }
- Ax <== bits2pointA.out[0];
- Ay <== bits2pointA.out[1];
-
-// Convert R8 to Field elements (And verify R8)
-
- component bits2pointR8 = Bits2Point_Strict();
-
- for (i=0; i<256; i++) {
- bits2pointR8.in[i] <== R8[i];
- }
- R8x <== bits2pointR8.out[0];
- R8y <== bits2pointR8.out[1];
-
-// Calculate the h = H(R,A, msg)
-
- component hash = Pedersen(512+n);
-
- for (i=0; i<256; i++) {
- hash.in[i] <== R8[i];
- hash.in[256+i] <== A[i];
- }
- for (i=0; i<n; i++) {
- hash.in[512+i] <== msg[i];
- }
-
- component point2bitsH = Point2Bits_Strict();
- point2bitsH.in[0] <== hash.out[0];
- point2bitsH.in[1] <== hash.out[1];
-
-// Calculate second part of the right side: right2 = h*8*A
-
- // Multiply by 8 by adding it 3 times. This also ensure that the result is in
- // the subgroup.
- component dbl1 = BabyDbl();
- dbl1.x <== Ax;
- dbl1.y <== Ay;
- component dbl2 = BabyDbl();
- dbl2.x <== dbl1.xout;
- dbl2.y <== dbl1.yout;
- component dbl3 = BabyDbl();
- dbl3.x <== dbl2.xout;
- dbl3.y <== dbl2.yout;
-
- // We check that A is not zero.
- component isZero = IsZero();
- isZero.in <== dbl3.x;
- isZero.out === 0;
-
- component mulAny = EscalarMulAny(256);
- for (i=0; i<256; i++) {
- mulAny.e[i] <== point2bitsH.out[i];
- }
- mulAny.p[0] <== dbl3.xout;
- mulAny.p[1] <== dbl3.yout;
-
-
-// Compute the right side: right = R8 + right2
-
- component addRight = BabyAdd();
- addRight.x1 <== R8x;
- addRight.y1 <== R8y;
- addRight.x2 <== mulAny.out[0];
- addRight.y2 <== mulAny.out[1];
-
-// Calculate left side of equation left = S*B8
-
- var BASE8[2] = [
- 5299619240641551281634865583518297030282874472190772894086521144482721001553,
- 16950150798460657717958625567821834550301663161624707787222815936182638968203
- ];
- component mulFix = EscalarMulFix(256, BASE8);
- for (i=0; i<256; i++) {
- mulFix.e[i] <== S[i];
- }
-
-// Do the comparation left == right
-
- mulFix.out[0] === addRight.xout;
- mulFix.out[1] === addRight.yout;
-}
diff --git a/circuits/eddsamimc.circom b/circuits/eddsamimc.circom
deleted file mode 100644
index 5f0917ad..00000000
--- a/circuits/eddsamimc.circom
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "compconstant.circom";
-include "pointbits.circom";
-include "mimc.circom";
-include "bitify.circom";
-include "escalarmulany.circom";
-include "escalarmulfix.circom";
-
-template EdDSAMiMCVerifier() {
- signal input enabled;
- signal input Ax;
- signal input Ay;
-
- signal input S;
- signal input R8x;
- signal input R8y;
-
- signal input M;
-
- var i;
-
-// Ensure S<Subgroup Order
-
- component snum2bits = Num2Bits(253);
- snum2bits.in <== S;
-
- component compConstant = CompConstant(2736030358979909402780800718157159386076813972158567259200215660948447373040);
-
- for (i=0; i<253; i++) {
- snum2bits.out[i] ==> compConstant.in[i];
- }
- compConstant.in[253] <== 0;
- compConstant.out === 0;
-
-// Calculate the h = H(R,A, msg)
-
- component hash = MultiMiMC7(5, 91);
- hash.in[0] <== R8x;
- hash.in[1] <== R8y;
- hash.in[2] <== Ax;
- hash.in[3] <== Ay;
- hash.in[4] <== M;
- hash.k <== 0;
-
- component h2bits = Num2Bits_strict();
- h2bits.in <== hash.out;
-
-// Calculate second part of the right side: right2 = h*8*A
-
- // Multiply by 8 by adding it 3 times. This also ensure that the result is in
- // the subgroup.
- component dbl1 = BabyDbl();
- dbl1.x <== Ax;
- dbl1.y <== Ay;
- component dbl2 = BabyDbl();
- dbl2.x <== dbl1.xout;
- dbl2.y <== dbl1.yout;
- component dbl3 = BabyDbl();
- dbl3.x <== dbl2.xout;
- dbl3.y <== dbl2.yout;
-
- // We check that A is not zero.
- component isZero = IsZero();
- isZero.in <== dbl3.x;
- isZero.out === 0;
-
- component mulAny = EscalarMulAny(254);
- for (i=0; i<254; i++) {
- mulAny.e[i] <== h2bits.out[i];
- }
- mulAny.p[0] <== dbl3.xout;
- mulAny.p[1] <== dbl3.yout;
-
-
-// Compute the right side: right = R8 + right2
-
- component addRight = BabyAdd();
- addRight.x1 <== R8x;
- addRight.y1 <== R8y;
- addRight.x2 <== mulAny.out[0];
- addRight.y2 <== mulAny.out[1];
-
-// Calculate left side of equation left = S*B8
-
- var BASE8[2] = [
- 5299619240641551281634865583518297030282874472190772894086521144482721001553,
- 16950150798460657717958625567821834550301663161624707787222815936182638968203
- ];
- component mulFix = EscalarMulFix(253, BASE8);
- for (i=0; i<253; i++) {
- mulFix.e[i] <== snum2bits.out[i];
- }
-
-// Do the comparation left == right if enabled;
-
- component eqCheckX = ForceEqualIfEnabled();
- eqCheckX.enabled <== enabled;
- eqCheckX.in[0] <== mulFix.out[0];
- eqCheckX.in[1] <== addRight.xout;
-
- component eqCheckY = ForceEqualIfEnabled();
- eqCheckY.enabled <== enabled;
- eqCheckY.in[0] <== mulFix.out[1];
- eqCheckY.in[1] <== addRight.yout;
-}
diff --git a/circuits/eddsamimcsponge.circom b/circuits/eddsamimcsponge.circom
deleted file mode 100644
index 8b2577d4..00000000
--- a/circuits/eddsamimcsponge.circom
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "compconstant.circom";
-include "pointbits.circom";
-include "mimcsponge.circom";
-include "bitify.circom";
-include "escalarmulany.circom";
-include "escalarmulfix.circom";
-
-template EdDSAMiMCSpongeVerifier() {
- signal input enabled;
- signal input Ax;
- signal input Ay;
-
- signal input S;
- signal input R8x;
- signal input R8y;
-
- signal input M;
-
- var i;
-
-// Ensure S<Subgroup Order
-
- component snum2bits = Num2Bits(253);
- snum2bits.in <== S;
-
- component compConstant = CompConstant(2736030358979909402780800718157159386076813972158567259200215660948447373040);
-
- for (i=0; i<253; i++) {
- snum2bits.out[i] ==> compConstant.in[i];
- }
- compConstant.in[253] <== 0;
- compConstant.out === 0;
-
-// Calculate the h = H(R,A, msg)
-
- component hash = MiMCSponge(5, 220, 1);
- hash.ins[0] <== R8x;
- hash.ins[1] <== R8y;
- hash.ins[2] <== Ax;
- hash.ins[3] <== Ay;
- hash.ins[4] <== M;
- hash.k <== 0;
-
- component h2bits = Num2Bits_strict();
- h2bits.in <== hash.outs[0];
-
-// Calculate second part of the right side: right2 = h*8*A
-
- // Multiply by 8 by adding it 3 times. This also ensure that the result is in
- // the subgroup.
- component dbl1 = BabyDbl();
- dbl1.x <== Ax;
- dbl1.y <== Ay;
- component dbl2 = BabyDbl();
- dbl2.x <== dbl1.xout;
- dbl2.y <== dbl1.yout;
- component dbl3 = BabyDbl();
- dbl3.x <== dbl2.xout;
- dbl3.y <== dbl2.yout;
-
- // We check that A is not zero.
- component isZero = IsZero();
- isZero.in <== dbl3.x;
- isZero.out === 0;
-
- component mulAny = EscalarMulAny(254);
- for (i=0; i<254; i++) {
- mulAny.e[i] <== h2bits.out[i];
- }
- mulAny.p[0] <== dbl3.xout;
- mulAny.p[1] <== dbl3.yout;
-
-
-// Compute the right side: right = R8 + right2
-
- component addRight = BabyAdd();
- addRight.x1 <== R8x;
- addRight.y1 <== R8y;
- addRight.x2 <== mulAny.out[0];
- addRight.y2 <== mulAny.out[1];
-
-// Calculate left side of equation left = S*B8
-
- var BASE8[2] = [
- 5299619240641551281634865583518297030282874472190772894086521144482721001553,
- 16950150798460657717958625567821834550301663161624707787222815936182638968203
- ];
- component mulFix = EscalarMulFix(253, BASE8);
- for (i=0; i<253; i++) {
- mulFix.e[i] <== snum2bits.out[i];
- }
-
-// Do the comparation left == right if enabled;
-
- component eqCheckX = ForceEqualIfEnabled();
- eqCheckX.enabled <== enabled;
- eqCheckX.in[0] <== mulFix.out[0];
- eqCheckX.in[1] <== addRight.xout;
-
- component eqCheckY = ForceEqualIfEnabled();
- eqCheckY.enabled <== enabled;
- eqCheckY.in[0] <== mulFix.out[1];
- eqCheckY.in[1] <== addRight.yout;
-}
diff --git a/circuits/eddsaposeidon.circom b/circuits/eddsaposeidon.circom
deleted file mode 100644
index 5ed63c92..00000000
--- a/circuits/eddsaposeidon.circom
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "compconstant.circom";
-include "poseidon.circom";
-include "bitify.circom";
-include "escalarmulany.circom";
-include "escalarmulfix.circom";
-
-template EdDSAPoseidonVerifier() {
- signal input enabled;
- signal input Ax;
- signal input Ay;
-
- signal input S;
- signal input R8x;
- signal input R8y;
-
- signal input M;
-
- var i;
-
-// Ensure S<Subgroup Order
-
- component snum2bits = Num2Bits(253);
- snum2bits.in <== S;
-
- component compConstant = CompConstant(2736030358979909402780800718157159386076813972158567259200215660948447373040);
-
- for (i=0; i<253; i++) {
- snum2bits.out[i] ==> compConstant.in[i];
- }
- compConstant.in[253] <== 0;
- compConstant.out*enabled === 0;
-
-// Calculate the h = H(R,A, msg)
-
- component hash = Poseidon(5, 6, 8, 57);
-
- hash.inputs[0] <== R8x;
- hash.inputs[1] <== R8y;
- hash.inputs[2] <== Ax;
- hash.inputs[3] <== Ay;
- hash.inputs[4] <== M;
-
- component h2bits = Num2Bits_strict();
- h2bits.in <== hash.out;
-
-// Calculate second part of the right side: right2 = h*8*A
-
- // Multiply by 8 by adding it 3 times. This also ensure that the result is in
- // the subgroup.
- component dbl1 = BabyDbl();
- dbl1.x <== Ax;
- dbl1.y <== Ay;
- component dbl2 = BabyDbl();
- dbl2.x <== dbl1.xout;
- dbl2.y <== dbl1.yout;
- component dbl3 = BabyDbl();
- dbl3.x <== dbl2.xout;
- dbl3.y <== dbl2.yout;
-
- // We check that A is not zero.
- component isZero = IsZero();
- isZero.in <== dbl3.x;
- isZero.out*enabled === 0;
-
- component mulAny = EscalarMulAny(254);
- for (i=0; i<254; i++) {
- mulAny.e[i] <== h2bits.out[i];
- }
- mulAny.p[0] <== dbl3.xout;
- mulAny.p[1] <== dbl3.yout;
-
-
-// Compute the right side: right = R8 + right2
-
- component addRight = BabyAdd();
- addRight.x1 <== R8x;
- addRight.y1 <== R8y;
- addRight.x2 <== mulAny.out[0];
- addRight.y2 <== mulAny.out[1];
-
-// Calculate left side of equation left = S*B8
-
- var BASE8[2] = [
- 5299619240641551281634865583518297030282874472190772894086521144482721001553,
- 16950150798460657717958625567821834550301663161624707787222815936182638968203
- ];
- component mulFix = EscalarMulFix(253, BASE8);
- for (i=0; i<253; i++) {
- mulFix.e[i] <== snum2bits.out[i];
- }
-
-// Do the comparation left == right if enabled;
-
- component eqCheckX = ForceEqualIfEnabled();
- eqCheckX.enabled <== enabled;
- eqCheckX.in[0] <== mulFix.out[0];
- eqCheckX.in[1] <== addRight.xout;
-
- component eqCheckY = ForceEqualIfEnabled();
- eqCheckY.enabled <== enabled;
- eqCheckY.in[0] <== mulFix.out[1];
- eqCheckY.in[1] <== addRight.yout;
-}
diff --git a/circuits/escalarmul.circom b/circuits/escalarmul.circom
deleted file mode 100644
index 9cd13f7c..00000000
--- a/circuits/escalarmul.circom
+++ /dev/null
@@ -1,165 +0,0 @@
- /*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/*
-
- ┏━━━━━━━━━━━┓
- ┃ ┃
- ┃ ┃
- (inx, iny) ══════════════════════════════════════════▶┃ EC Point ┃
- ┃ ╠═▶ (outx, outy)
- ╔══▶┃ Adder ┃
- ║ ┃ ┃
- ║ ┃ ┃
- ║ ┃ ┃
- ┏━━━━━━━━━━━┓ ┏━━━━━━━━━━━━┓ ║ ┗━━━━━━━━━━━┛
- ┃ ┃ ┃ ┃ ║
- ┃ ┃ ┃ ┃ ║
- ┃ ╠═══(p0x,p0y)═══▶┃ ┃ ║
- ┃ ╠═══(p1x,p1y)═══▶┃ ┃ ║
- ┃ ╠═══(p2x,p2y)═══▶┃ ┃ ║
- ┃ ╠═══(p3x,p3y)═══▶┃ ┃ ║
- ┃ ╠═══(p4x,p4y)═══▶┃ ┃ ║
- ┃ ╠═══(p5x,p5y)═══▶┃ ┃ ║
- ┃ ╠═══(p6x,p6y)═══▶┃ ┃ ║
- ┃ Constant ╠═══(p7x,p7y)═══▶┃ ┃ ║
- ┃ Points ┃ ┃ Mux4 ╠══╝
- ┃ ╠═══(p8x,p8y)═══▶┃ ┃
- ┃ ╠═══(p9x,p9y)═══▶┃ ┃
- ┃ ╠══(p10x,p10y)══▶┃ ┃
- ┃ ╠══(p11x,p11y)══▶┃ ┃
- ┃ ╠══(p12x,p12y)══▶┃ ┃
- ┃ ╠══(p13x,p13y)══▶┃ ┃
- ┃ ╠══(p14x,p14y)══▶┃ ┃
- ┃ ╠══(p15x,p15y)══▶┃ ┃
- ┃ ┃ ┃ ┃
- ┃ ┃ ┃ ┃
- ┗━━━━━━━━━━━┛ ┗━━━━━━━━━━━━┛
- ▲ ▲ ▲ ▲
- │ │ │ │
- s0 ─────────────────────────────────┘ │ │ │
- s1 ────────────────────────────────────┘ │ │
- s2 ───────────────────────────────────────┘ │
- s3 ──────────────────────────────────────────┘
-
-
- */
-
-include "mux4.circom";
-include "escalarmulw4table.circom";
-include "babyjub.circom";
-
-template EscalarMulWindow(base, k) {
-
- signal input in[2];
- signal input sel[4];
- signal output out[2];
-
- var table[16][2];
- component mux;
- component adder;
-
- var i;
-
- table = EscalarMulW4Table(base, k);
- mux = MultiMux4(2);
- adder = BabyAdd();
-
- for (i=0; i<4; i++) {
- sel[i] ==> mux.s[i];
- }
-
- for (i=0; i<16; i++) {
- mux.c[0][i] <== table[i][0];
- mux.c[1][i] <== table[i][1];
- }
-
- in[0] ==> adder.x1;
- in[1] ==> adder.y1;
-
- mux.out[0] ==> adder.x2;
- mux.out[1] ==> adder.y2;
-
- adder.xout ==> out[0];
- adder.yout ==> out[1];
-}
-
-/*
-
-
- ┏━━━━━━━━━┓ ┏━━━━━━━━━┓ ┏━━━━━━━━━━━━━━━━━━━┓
- ┃ ┃ ┃ ┃ ┃ ┃
- inp ════▶┃Window(0)┃═════▶┃Window(1)┃════════ . . . . ═════════▶┃ Window(nBlocks-1) ┃═════▶ out
- ┃ ┃ ┃ ┃ ┃ ┃
- ┗━━━━━━━━━┛ ┗━━━━━━━━━┛ ┗━━━━━━━━━━━━━━━━━━━┛
- ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲
- in[0]─────────┘ │ │ │ │ │ │ │ │ │ │ │
- in[1]───────────┘ │ │ │ │ │ │ │ │ │ │
- in[2]─────────────┘ │ │ │ │ │ │ │ 0 0
- in[3]───────────────┘ │ │ │ │ │ │
- in[4]──────────────────────────┘ │ │ │ │ │
- in[5]────────────────────────────┘ │ │ │ │
- in[6]──────────────────────────────┘ │ │ │
- in[7]────────────────────────────────┘ │ │
- . │ │
- . │ │
- in[n-2]─────────────────────────────────────────────────────────────────────┘ │
- in[n-1]───────────────────────────────────────────────────────────────────────┘
-
- */
-
-template EscalarMul(n, base) {
- signal input in[n];
- signal input inp[2]; // Point input to be added
- signal output out[2];
-
- var nBlocks = ((n-1)>>2)+1;
- var i;
- var j;
-
- component windows[nBlocks];
-
- // Construct the windows
- for (i=0; i<nBlocks; i++) {
- windows[i] = EscalarMulWindow(base, i);
- }
-
- // Connect the selectors
- for (i=0; i<nBlocks; i++) {
- for (j=0; j<4; j++) {
- if (i*4+j >= n) {
- windows[i].sel[j] <== 0;
- } else {
- windows[i].sel[j] <== in[i*4+j];
- }
- }
- }
-
- // Start with generator
- windows[0].in[0] <== inp[0];
- windows[0].in[1] <== inp[1];
-
- for(i=0; i<nBlocks-1; i++) {
- windows[i].out[0] ==> windows[i+1].in[0];
- windows[i].out[1] ==> windows[i+1].in[1];
- }
-
- windows[nBlocks-1].out[0] ==> out[0];
- windows[nBlocks-1].out[1] ==> out[1];
-}
diff --git a/circuits/escalarmulany.circom b/circuits/escalarmulany.circom
deleted file mode 100644
index 3f6aec4d..00000000
--- a/circuits/escalarmulany.circom
+++ /dev/null
@@ -1,196 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "montgomery.circom";
-include "babyjub.circom";
-include "comparators.circom";
-
-template Multiplexor2() {
- signal input sel;
- signal input in[2][2];
- signal output out[2];
-
- out[0] <== (in[1][0] - in[0][0])*sel + in[0][0];
- out[1] <== (in[1][1] - in[0][1])*sel + in[0][1];
-}
-
-template BitElementMulAny() {
- signal input sel;
- signal input dblIn[2];
- signal input addIn[2];
- signal output dblOut[2];
- signal output addOut[2];
-
- component doubler = MontgomeryDouble();
- component adder = MontgomeryAdd();
- component selector = Multiplexor2();
-
-
- sel ==> selector.sel;
-
- dblIn[0] ==> doubler.in[0];
- dblIn[1] ==> doubler.in[1];
- doubler.out[0] ==> adder.in1[0];
- doubler.out[1] ==> adder.in1[1];
- addIn[0] ==> adder.in2[0];
- addIn[1] ==> adder.in2[1];
- addIn[0] ==> selector.in[0][0];
- addIn[1] ==> selector.in[0][1];
- adder.out[0] ==> selector.in[1][0];
- adder.out[1] ==> selector.in[1][1];
-
- doubler.out[0] ==> dblOut[0];
- doubler.out[1] ==> dblOut[1];
- selector.out[0] ==> addOut[0];
- selector.out[1] ==> addOut[1];
-}
-
-// p is montgomery point
-// n must be <= 248
-// returns out in twisted edwards
-// Double is in montgomery to be linked;
-
-template SegmentMulAny(n) {
- signal input e[n];
- signal input p[2];
- signal output out[2];
- signal output dbl[2];
-
- component bits[n-1];
-
- component e2m = Edwards2Montgomery();
-
- p[0] ==> e2m.in[0];
- p[1] ==> e2m.in[1];
-
- var i;
-
- bits[0] = BitElementMulAny();
- e2m.out[0] ==> bits[0].dblIn[0]
- e2m.out[1] ==> bits[0].dblIn[1]
- e2m.out[0] ==> bits[0].addIn[0]
- e2m.out[1] ==> bits[0].addIn[1]
- e[1] ==> bits[0].sel;
-
- for (i=1; i<n-1; i++) {
- bits[i] = BitElementMulAny();
-
- bits[i-1].dblOut[0] ==> bits[i].dblIn[0]
- bits[i-1].dblOut[1] ==> bits[i].dblIn[1]
- bits[i-1].addOut[0] ==> bits[i].addIn[0]
- bits[i-1].addOut[1] ==> bits[i].addIn[1]
- e[i+1] ==> bits[i].sel;
- }
-
- bits[n-2].dblOut[0] ==> dbl[0];
- bits[n-2].dblOut[1] ==> dbl[1];
-
- component m2e = Montgomery2Edwards();
-
- bits[n-2].addOut[0] ==> m2e.in[0];
- bits[n-2].addOut[1] ==> m2e.in[1];
-
- component eadder = BabyAdd();
-
- m2e.out[0] ==> eadder.x1;
- m2e.out[1] ==> eadder.y1;
- -p[0] ==> eadder.x2;
- p[1] ==> eadder.y2;
-
- component lastSel = Multiplexor2();
-
- e[0] ==> lastSel.sel;
- eadder.xout ==> lastSel.in[0][0];
- eadder.yout ==> lastSel.in[0][1];
- m2e.out[0] ==> lastSel.in[1][0];
- m2e.out[1] ==> lastSel.in[1][1];
-
- lastSel.out[0] ==> out[0];
- lastSel.out[1] ==> out[1];
-}
-
-// This function assumes that p is in the subgroup and it is different to 0
-
-template EscalarMulAny(n) {
- signal input e[n]; // Input in binary format
- signal input p[2]; // Point (Twisted format)
- signal output out[2]; // Point (Twisted format)
-
- var nsegments = (n-1)\148 +1;
- var nlastsegment = n - (nsegments-1)*148;
-
- component segments[nsegments];
- component doublers[nsegments-1];
- component m2e[nsegments-1];
- component adders[nsegments-1];
- component zeropoint = IsZero();
- zeropoint.in <== p[0];
-
- var s;
- var i;
- var nseg;
-
- for (s=0; s<nsegments; s++) {
-
- nseg = (s < nsegments-1) ? 148 : nlastsegment;
-
- segments[s] = SegmentMulAny(nseg);
-
- for (i=0; i<nseg; i++) {
- e[s*148+i] ==> segments[s].e[i];
- }
-
- if (s==0) {
- // force G8 point if input point is zero
- segments[s].p[0] <== p[0] + (5299619240641551281634865583518297030282874472190772894086521144482721001553 - p[0])*zeropoint.out;
- segments[s].p[1] <== p[1] + (16950150798460657717958625567821834550301663161624707787222815936182638968203 - p[1])*zeropoint.out;
- } else {
- doublers[s-1] = MontgomeryDouble();
- m2e[s-1] = Montgomery2Edwards();
- adders[s-1] = BabyAdd();
-
- segments[s-1].dbl[0] ==> doublers[s-1].in[0];
- segments[s-1].dbl[1] ==> doublers[s-1].in[1];
-
- doublers[s-1].out[0] ==> m2e[s-1].in[0];
- doublers[s-1].out[1] ==> m2e[s-1].in[1];
-
- m2e[s-1].out[0] ==> segments[s].p[0];
- m2e[s-1].out[1] ==> segments[s].p[1];
-
- if (s==1) {
- segments[s-1].out[0] ==> adders[s-1].x1;
- segments[s-1].out[1] ==> adders[s-1].y1;
- } else {
- adders[s-2].xout ==> adders[s-1].x1;
- adders[s-2].yout ==> adders[s-1].y1;
- }
- segments[s].out[0] ==> adders[s-1].x2;
- segments[s].out[1] ==> adders[s-1].y2;
- }
- }
-
- if (nsegments == 1) {
- segments[0].out[0]*(1-zeropoint.out) ==> out[0];
- segments[0].out[1]+(1-segments[0].out[1])*zeropoint.out ==> out[1];
- } else {
- adders[nsegments-2].xout*(1-zeropoint.out) ==> out[0];
- adders[nsegments-2].yout+(1-adders[nsegments-2].yout)*zeropoint.out ==> out[1];
- }
-}
diff --git a/circuits/escalarmulfix.circom b/circuits/escalarmulfix.circom
deleted file mode 100644
index e2c0998b..00000000
--- a/circuits/escalarmulfix.circom
+++ /dev/null
@@ -1,298 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "mux3.circom";
-include "montgomery.circom";
-include "babyjub.circom";
-
-/*
- Window of 3 elements, it calculates
- out = base + base*in[0] + 2*base*in[1] + 4*base*in[2]
- out4 = 4*base
-
- The result should be compensated.
- */
-
-/*
-
- The scalar is s = a0 + a1*2^3 + a2*2^6 + ...... + a81*2^243
- First We calculate Q = B + 2^3*B + 2^6*B + ......... + 2^246*B
-
- Then we calculate S1 = 2*2^246*B + (1 + a0)*B + (2^3 + a1)*B + .....+ (2^243 + a81)*B
-
- And Finaly we compute the result: RES = SQ - Q
-
- As you can see the input of the adders cannot be equal nor zero, except for the last
- substraction that it's done in montgomery.
-
- A good way to see it is that the accumulator input of the adder >= 2^247*B and the other input
- is the output of the windows that it's going to be <= 2^246*B
- */
-template WindowMulFix() {
- signal input in[3];
- signal input base[2];
- signal output out[2];
- signal output out8[2]; // Returns 8*Base (To be linked)
-
- component mux = MultiMux3(2);
-
- mux.s[0] <== in[0];
- mux.s[1] <== in[1];
- mux.s[2] <== in[2];
-
- component dbl2 = MontgomeryDouble();
- component adr3 = MontgomeryAdd();
- component adr4 = MontgomeryAdd();
- component adr5 = MontgomeryAdd();
- component adr6 = MontgomeryAdd();
- component adr7 = MontgomeryAdd();
- component adr8 = MontgomeryAdd();
-
-// in[0] -> 1*BASE
-
- mux.c[0][0] <== base[0];
- mux.c[1][0] <== base[1];
-
-// in[1] -> 2*BASE
- dbl2.in[0] <== base[0];
- dbl2.in[1] <== base[1];
- mux.c[0][1] <== dbl2.out[0];
- mux.c[1][1] <== dbl2.out[1];
-
-// in[2] -> 3*BASE
- adr3.in1[0] <== base[0];
- adr3.in1[1] <== base[1];
- adr3.in2[0] <== dbl2.out[0];
- adr3.in2[1] <== dbl2.out[1];
- mux.c[0][2] <== adr3.out[0];
- mux.c[1][2] <== adr3.out[1];
-
-// in[3] -> 4*BASE
- adr4.in1[0] <== base[0];
- adr4.in1[1] <== base[1];
- adr4.in2[0] <== adr3.out[0];
- adr4.in2[1] <== adr3.out[1];
- mux.c[0][3] <== adr4.out[0];
- mux.c[1][3] <== adr4.out[1];
-
-// in[4] -> 5*BASE
- adr5.in1[0] <== base[0];
- adr5.in1[1] <== base[1];
- adr5.in2[0] <== adr4.out[0];
- adr5.in2[1] <== adr4.out[1];
- mux.c[0][4] <== adr5.out[0];
- mux.c[1][4] <== adr5.out[1];
-
-// in[5] -> 6*BASE
- adr6.in1[0] <== base[0];
- adr6.in1[1] <== base[1];
- adr6.in2[0] <== adr5.out[0];
- adr6.in2[1] <== adr5.out[1];
- mux.c[0][5] <== adr6.out[0];
- mux.c[1][5] <== adr6.out[1];
-
-// in[6] -> 7*BASE
- adr7.in1[0] <== base[0];
- adr7.in1[1] <== base[1];
- adr7.in2[0] <== adr6.out[0];
- adr7.in2[1] <== adr6.out[1];
- mux.c[0][6] <== adr7.out[0];
- mux.c[1][6] <== adr7.out[1];
-
-// in[7] -> 8*BASE
- adr8.in1[0] <== base[0];
- adr8.in1[1] <== base[1];
- adr8.in2[0] <== adr7.out[0];
- adr8.in2[1] <== adr7.out[1];
- mux.c[0][7] <== adr8.out[0];
- mux.c[1][7] <== adr8.out[1];
-
- out8[0] <== adr8.out[0];
- out8[1] <== adr8.out[1];
-
- out[0] <== mux.out[0];
- out[1] <== mux.out[1];
-}
-
-
-/*
- This component does a multiplication of a escalar times a fix base
- Signals:
- e: The scalar in bits
- base: the base point in edwards format
- out: The result
- dbl: Point in Edwards to be linked to the next segment.
- */
-
-template SegmentMulFix(nWindows) {
- signal input e[nWindows*3];
- signal input base[2];
- signal output out[2];
- signal output dbl[2];
-
- var i;
- var j;
-
- // Convert the base to montgomery
-
- component e2m = Edwards2Montgomery();
- e2m.in[0] <== base[0];
- e2m.in[1] <== base[1];
-
- component windows[nWindows];
- component adders[nWindows];
- component cadders[nWindows];
-
- // In the last step we add an extra doubler so that numbers do not match.
- component dblLast = MontgomeryDouble();
-
- for (i=0; i<nWindows; i++) {
- windows[i] = WindowMulFix();
- cadders[i] = MontgomeryAdd();
- if (i==0) {
- windows[i].base[0] <== e2m.out[0];
- windows[i].base[1] <== e2m.out[1];
- cadders[i].in1[0] <== e2m.out[0];
- cadders[i].in1[1] <== e2m.out[1];
- } else {
- windows[i].base[0] <== windows[i-1].out8[0];
- windows[i].base[1] <== windows[i-1].out8[1];
- cadders[i].in1[0] <== cadders[i-1].out[0];
- cadders[i].in1[1] <== cadders[i-1].out[1];
- }
- for (j=0; j<3; j++) {
- windows[i].in[j] <== e[3*i+j];
- }
- if (i<nWindows-1) {
- cadders[i].in2[0] <== windows[i].out8[0];
- cadders[i].in2[1] <== windows[i].out8[1];
- } else {
- dblLast.in[0] <== windows[i].out8[0];
- dblLast.in[1] <== windows[i].out8[1];
- cadders[i].in2[0] <== dblLast.out[0];
- cadders[i].in2[1] <== dblLast.out[1];
- }
- }
-
- for (i=0; i<nWindows; i++) {
- adders[i] = MontgomeryAdd();
- if (i==0) {
- adders[i].in1[0] <== dblLast.out[0];
- adders[i].in1[1] <== dblLast.out[1];
- } else {
- adders[i].in1[0] <== adders[i-1].out[0];
- adders[i].in1[1] <== adders[i-1].out[1];
- }
- adders[i].in2[0] <== windows[i].out[0];
- adders[i].in2[1] <== windows[i].out[1];
- }
-
- component m2e = Montgomery2Edwards();
- component cm2e = Montgomery2Edwards();
-
- m2e.in[0] <== adders[nWindows-1].out[0];
- m2e.in[1] <== adders[nWindows-1].out[1];
- cm2e.in[0] <== cadders[nWindows-1].out[0];
- cm2e.in[1] <== cadders[nWindows-1].out[1];
-
- component cAdd = BabyAdd();
- cAdd.x1 <== m2e.out[0];
- cAdd.y1 <== m2e.out[1];
- cAdd.x2 <== -cm2e.out[0];
- cAdd.y2 <== cm2e.out[1];
-
- cAdd.xout ==> out[0];
- cAdd.yout ==> out[1];
-
- windows[nWindows-1].out8[0] ==> dbl[0];
- windows[nWindows-1].out8[1] ==> dbl[1];
-}
-
-
-/*
-This component multiplies a escalar times a fixed point BASE (twisted edwards format)
- Signals
- e: The escalar in binary format
- out: The output point in twisted edwards
- */
-template EscalarMulFix(n, BASE) {
- signal input e[n]; // Input in binary format
- signal output out[2]; // Point (Twisted format)
-
- var nsegments = (n-1)\246 +1; // 249 probably would work. But I'm not sure and for security I keep 246
- var nlastsegment = n - (nsegments-1)*249;
-
- component segments[nsegments];
-
- component m2e[nsegments-1];
- component adders[nsegments-1];
-
- var s;
- var i;
- var nseg;
- var nWindows;
-
- for (s=0; s<nsegments; s++) {
-
- nseg = (s < nsegments-1) ? 249 : nlastsegment;
- nWindows = ((nseg - 1)\3)+1;
-
- segments[s] = SegmentMulFix(nWindows);
-
- for (i=0; i<nseg; i++) {
- segments[s].e[i] <== e[s*249+i];
- }
-
- for (i = nseg; i<nWindows*3; i++) {
- segments[s].e[i] <== 0;
- }
-
- if (s==0) {
- segments[s].base[0] <== BASE[0];
- segments[s].base[1] <== BASE[1];
- } else {
- m2e[s-1] = Montgomery2Edwards();
- adders[s-1] = BabyAdd();
-
- segments[s-1].dbl[0] ==> m2e[s-1].in[0];
- segments[s-1].dbl[1] ==> m2e[s-1].in[1];
-
- m2e[s-1].out[0] ==> segments[s].base[0];
- m2e[s-1].out[1] ==> segments[s].base[1];
-
- if (s==1) {
- segments[s-1].out[0] ==> adders[s-1].x1;
- segments[s-1].out[1] ==> adders[s-1].y1;
- } else {
- adders[s-2].xout ==> adders[s-1].x1;
- adders[s-2].yout ==> adders[s-1].y1;
- }
- segments[s].out[0] ==> adders[s-1].x2;
- segments[s].out[1] ==> adders[s-1].y2;
- }
- }
-
- if (nsegments == 1) {
- segments[0].out[0] ==> out[0];
- segments[0].out[1] ==> out[1];
- } else {
- adders[nsegments-2].xout ==> out[0];
- adders[nsegments-2].yout ==> out[1];
- }
-}
diff --git a/circuits/escalarmulw4table.circom b/circuits/escalarmulw4table.circom
deleted file mode 100644
index 83498fb5..00000000
--- a/circuits/escalarmulw4table.circom
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-function pointAdd(x1,y1,x2,y2) {
- var a = 168700;
- var d = 168696;
-
- var res[2];
- res[0] = (x1*y2 + y1*x2) / (1 + d*x1*x2*y1*y2);
- res[1] = (y1*y2 - a*x1*x2) / (1 - d*x1*x2*y1*y2);
- return res;
-}
-
-function EscalarMulW4Table(base, k) {
- var out[16][2];
-
- var i;
- var p[2];
-
- var dbl[2] = base;
-
- for (i=0; i<k*4; i++) {
- dbl = pointAdd(dbl[0], dbl[1], dbl[0], dbl[1]);
- }
-
- out[0][0] = 0;
- out[0][1] = 1;
- for (i=1; i<16; i++) {
- p = pointAdd(out[i-1][0], out[i-1][1], dbl[0], dbl[1]);
- out[i][0] = p[0];
- out[i][1] = p[1];
- }
-
- return out;
-}
diff --git a/circuits/gates.circom b/circuits/gates.circom
deleted file mode 100644
index b01d3346..00000000
--- a/circuits/gates.circom
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-template XOR() {
- signal input a;
- signal input b;
- signal output out;
-
- out <== a + b - 2*a*b;
-}
-
-template AND() {
- signal input a;
- signal input b;
- signal output out;
-
- out <== a*b;
-}
-
-template OR() {
- signal input a;
- signal input b;
- signal output out;
-
- out <== a + b - a*b;
-}
-
-template NOT() {
- signal input in;
- signal output out;
-
- out <== 1 + in - 2*in;
-}
-
-template NAND() {
- signal input a;
- signal input b;
- signal output out;
-
- out <== 1 - a*b;
-}
-
-template NOR() {
- signal input a;
- signal input b;
- signal output out;
-
- out <== a*b + 1 - a - b;
-}
-
-template MultiAND(n) {
- signal input in[n];
- signal output out;
- var i;
- if (n==1) {
- out <== in[0];
- } else if (n==2) {
- component and1 = AND();
- and1.a <== in[0];
- and1.b <== in[1];
- out <== and1.out;
- } else {
- component and2 = AND();
- component ands[2];
- var n1 = n\2;
- var n2 = n-n\2;
- ands[0] = MultiAND(n1);
- ands[1] = MultiAND(n2);
- for (i=0; i<n1; i++) ands[0].in[i] <== in[i];
- for (i=0; i<n2; i++) ands[1].in[i] <== in[n1+i];
- and2.a <== ands[0].out;
- and2.b <== ands[1].out;
- out <== and2.out;
- }
-}
-
-
diff --git a/circuits/mimc.circom b/circuits/mimc.circom
deleted file mode 100644
index 99fa1857..00000000
--- a/circuits/mimc.circom
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-template MiMC7(nrounds) {
- signal input x_in;
- signal input k;
- signal output out;
-
- var c[91] = [
- 0,
- 20888961410941983456478427210666206549300505294776164667214940546594746570981,
- 15265126113435022738560151911929040668591755459209400716467504685752745317193,
- 8334177627492981984476504167502758309043212251641796197711684499645635709656,
- 1374324219480165500871639364801692115397519265181803854177629327624133579404,
- 11442588683664344394633565859260176446561886575962616332903193988751292992472,
- 2558901189096558760448896669327086721003508630712968559048179091037845349145,
- 11189978595292752354820141775598510151189959177917284797737745690127318076389,
- 3262966573163560839685415914157855077211340576201936620532175028036746741754,
- 17029914891543225301403832095880481731551830725367286980611178737703889171730,
- 4614037031668406927330683909387957156531244689520944789503628527855167665518,
- 19647356996769918391113967168615123299113119185942498194367262335168397100658,
- 5040699236106090655289931820723926657076483236860546282406111821875672148900,
- 2632385916954580941368956176626336146806721642583847728103570779270161510514,
- 17691411851977575435597871505860208507285462834710151833948561098560743654671,
- 11482807709115676646560379017491661435505951727793345550942389701970904563183,
- 8360838254132998143349158726141014535383109403565779450210746881879715734773,
- 12663821244032248511491386323242575231591777785787269938928497649288048289525,
- 3067001377342968891237590775929219083706800062321980129409398033259904188058,
- 8536471869378957766675292398190944925664113548202769136103887479787957959589,
- 19825444354178182240559170937204690272111734703605805530888940813160705385792,
- 16703465144013840124940690347975638755097486902749048533167980887413919317592,
- 13061236261277650370863439564453267964462486225679643020432589226741411380501,
- 10864774797625152707517901967943775867717907803542223029967000416969007792571,
- 10035653564014594269791753415727486340557376923045841607746250017541686319774,
- 3446968588058668564420958894889124905706353937375068998436129414772610003289,
- 4653317306466493184743870159523234588955994456998076243468148492375236846006,
- 8486711143589723036499933521576871883500223198263343024003617825616410932026,
- 250710584458582618659378487568129931785810765264752039738223488321597070280,
- 2104159799604932521291371026105311735948154964200596636974609406977292675173,
- 16313562605837709339799839901240652934758303521543693857533755376563489378839,
- 6032365105133504724925793806318578936233045029919447519826248813478479197288,
- 14025118133847866722315446277964222215118620050302054655768867040006542798474,
- 7400123822125662712777833064081316757896757785777291653271747396958201309118,
- 1744432620323851751204287974553233986555641872755053103823939564833813704825,
- 8316378125659383262515151597439205374263247719876250938893842106722210729522,
- 6739722627047123650704294650168547689199576889424317598327664349670094847386,
- 21211457866117465531949733809706514799713333930924902519246949506964470524162,
- 13718112532745211817410303291774369209520657938741992779396229864894885156527,
- 5264534817993325015357427094323255342713527811596856940387954546330728068658,
- 18884137497114307927425084003812022333609937761793387700010402412840002189451,
- 5148596049900083984813839872929010525572543381981952060869301611018636120248,
- 19799686398774806587970184652860783461860993790013219899147141137827718662674,
- 19240878651604412704364448729659032944342952609050243268894572835672205984837,
- 10546185249390392695582524554167530669949955276893453512788278945742408153192,
- 5507959600969845538113649209272736011390582494851145043668969080335346810411,
- 18177751737739153338153217698774510185696788019377850245260475034576050820091,
- 19603444733183990109492724100282114612026332366576932662794133334264283907557,
- 10548274686824425401349248282213580046351514091431715597441736281987273193140,
- 1823201861560942974198127384034483127920205835821334101215923769688644479957,
- 11867589662193422187545516240823411225342068709600734253659804646934346124945,
- 18718569356736340558616379408444812528964066420519677106145092918482774343613,
- 10530777752259630125564678480897857853807637120039176813174150229243735996839,
- 20486583726592018813337145844457018474256372770211860618687961310422228379031,
- 12690713110714036569415168795200156516217175005650145422920562694422306200486,
- 17386427286863519095301372413760745749282643730629659997153085139065756667205,
- 2216432659854733047132347621569505613620980842043977268828076165669557467682,
- 6309765381643925252238633914530877025934201680691496500372265330505506717193,
- 20806323192073945401862788605803131761175139076694468214027227878952047793390,
- 4037040458505567977365391535756875199663510397600316887746139396052445718861,
- 19948974083684238245321361840704327952464170097132407924861169241740046562673,
- 845322671528508199439318170916419179535949348988022948153107378280175750024,
- 16222384601744433420585982239113457177459602187868460608565289920306145389382,
- 10232118865851112229330353999139005145127746617219324244541194256766741433339,
- 6699067738555349409504843460654299019000594109597429103342076743347235369120,
- 6220784880752427143725783746407285094967584864656399181815603544365010379208,
- 6129250029437675212264306655559561251995722990149771051304736001195288083309,
- 10773245783118750721454994239248013870822765715268323522295722350908043393604,
- 4490242021765793917495398271905043433053432245571325177153467194570741607167,
- 19596995117319480189066041930051006586888908165330319666010398892494684778526,
- 837850695495734270707668553360118467905109360511302468085569220634750561083,
- 11803922811376367215191737026157445294481406304781326649717082177394185903907,
- 10201298324909697255105265958780781450978049256931478989759448189112393506592,
- 13564695482314888817576351063608519127702411536552857463682060761575100923924,
- 9262808208636973454201420823766139682381973240743541030659775288508921362724,
- 173271062536305557219323722062711383294158572562695717740068656098441040230,
- 18120430890549410286417591505529104700901943324772175772035648111937818237369,
- 20484495168135072493552514219686101965206843697794133766912991150184337935627,
- 19155651295705203459475805213866664350848604323501251939850063308319753686505,
- 11971299749478202793661982361798418342615500543489781306376058267926437157297,
- 18285310723116790056148596536349375622245669010373674803854111592441823052978,
- 7069216248902547653615508023941692395371990416048967468982099270925308100727,
- 6465151453746412132599596984628739550147379072443683076388208843341824127379,
- 16143532858389170960690347742477978826830511669766530042104134302796355145785,
- 19362583304414853660976404410208489566967618125972377176980367224623492419647,
- 1702213613534733786921602839210290505213503664731919006932367875629005980493,
- 10781825404476535814285389902565833897646945212027592373510689209734812292327,
- 4212716923652881254737947578600828255798948993302968210248673545442808456151,
- 7594017890037021425366623750593200398174488805473151513558919864633711506220,
- 18979889247746272055963929241596362599320706910852082477600815822482192194401,
- 13602139229813231349386885113156901793661719180900395818909719758150455500533
- ];
-
- var t;
- signal t2[nrounds];
- signal t4[nrounds];
- signal t6[nrounds];
- signal t7[nrounds-1];
-
- for (var i=0; i<nrounds; i++) {
- t = (i==0) ? k+x_in : k + t7[i-1] + c[i];
- t2[i] <== t*t;
- t4[i] <== t2[i]*t2[i];
- t6[i] <== t4[i]*t2[i];
- if (i<nrounds-1) {
- t7[i] <== t6[i]*t;
- } else {
- out <== t6[i]*t + k;
- }
- }
-}
-
-template MultiMiMC7(nInputs, nRounds) {
- signal input in[nInputs];
- signal input k;
- signal output out;
- signal r[nInputs +1];
-
- component mims[nInputs];
-
- r[0] <== k;
- for (var i=0; i<nInputs; i++) {
- mims[i] = MiMC7(nRounds);
- mims[i].x_in <== in[i];
- mims[i].k <== r[i];
- r[i+1] <== r[i] + in[i] + mims[i].out;
- }
-
- out <== r[nInputs];
-}
diff --git a/circuits/mimcsponge.circom b/circuits/mimcsponge.circom
deleted file mode 100644
index 14ba3996..00000000
--- a/circuits/mimcsponge.circom
+++ /dev/null
@@ -1,290 +0,0 @@
-// implements MiMC-2n/n as hash using a sponge construction.
-// log_5(21888242871839275222246405745257275088548364400416034343698204186575808495617) ~= 110
-// => nRounds should be 220
-template MiMCSponge(nInputs, nRounds, nOutputs) {
- signal input ins[nInputs];
- signal input k;
- signal output outs[nOutputs];
-
- var i;
-
- // S = R||C
- component S[nInputs + nOutputs - 1];
-
- for (i = 0; i < nInputs; i++) {
- S[i] = MiMCFeistel(nRounds);
- S[i].k <== k;
- if (i == 0) {
- S[i].xL_in <== ins[0];
- S[i].xR_in <== 0;
- } else {
- S[i].xL_in <== S[i-1].xL_out + ins[i];
- S[i].xR_in <== S[i-1].xR_out;
- }
- }
-
- outs[0] <== S[nInputs - 1].xL_out;
-
- for (i = 0; i < nOutputs - 1; i++) {
- S[nInputs + i] = MiMCFeistel(nRounds);
- S[nInputs + i].k <== k;
- S[nInputs + i].xL_in <== S[nInputs + i - 1].xL_out;
- S[nInputs + i].xR_in <== S[nInputs + i - 1].xR_out;
- outs[i + 1] <== S[nInputs + i].xL_out;
- }
-}
-
-template MiMCFeistel(nrounds) {
- signal input xL_in;
- signal input xR_in;
- signal input k;
- signal output xL_out;
- signal output xR_out;
-
- // doesn't contain the first and last round constants, which are always zero
- var c_partial[218] = [
- 7120861356467848435263064379192047478074060781135320967663101236819528304084,
- 5024705281721889198577876690145313457398658950011302225525409148828000436681,
- 17980351014018068290387269214713820287804403312720763401943303895585469787384,
- 19886576439381707240399940949310933992335779767309383709787331470398675714258,
- 1213715278223786725806155661738676903520350859678319590331207960381534602599,
- 18162138253399958831050545255414688239130588254891200470934232514682584734511,
- 7667462281466170157858259197976388676420847047604921256361474169980037581876,
- 7207551498477838452286210989212982851118089401128156132319807392460388436957,
- 9864183311657946807255900203841777810810224615118629957816193727554621093838,
- 4798196928559910300796064665904583125427459076060519468052008159779219347957,
- 17387238494588145257484818061490088963673275521250153686214197573695921400950,
- 10005334761930299057035055370088813230849810566234116771751925093634136574742,
- 11897542014760736209670863723231849628230383119798486487899539017466261308762,
- 16771780563523793011283273687253985566177232886900511371656074413362142152543,
- 749264854018824809464168489785113337925400687349357088413132714480582918506,
- 3683645737503705042628598550438395339383572464204988015434959428676652575331,
- 7556750851783822914673316211129907782679509728346361368978891584375551186255,
- 20391289379084797414557439284689954098721219201171527383291525676334308303023,
- 18146517657445423462330854383025300323335289319277199154920964274562014376193,
- 8080173465267536232534446836148661251987053305394647905212781979099916615292,
- 10796443006899450245502071131975731672911747129805343722228413358507805531141,
- 5404287610364961067658660283245291234008692303120470305032076412056764726509,
- 4623894483395123520243967718315330178025957095502546813929290333264120223168,
- 16845753148201777192406958674202574751725237939980634861948953189320362207797,
- 4622170486584704769521001011395820886029808520586507873417553166762370293671,
- 16688277490485052681847773549197928630624828392248424077804829676011512392564,
- 11878652861183667748838188993669912629573713271883125458838494308957689090959,
- 2436445725746972287496138382764643208791713986676129260589667864467010129482,
- 1888098689545151571063267806606510032698677328923740058080630641742325067877,
- 148924106504065664829055598316821983869409581623245780505601526786791681102,
- 18875020877782404439294079398043479420415331640996249745272087358069018086569,
- 15189693413320228845990326214136820307649565437237093707846682797649429515840,
- 19669450123472657781282985229369348220906547335081730205028099210442632534079,
- 5521922218264623411380547905210139511350706092570900075727555783240701821773,
- 4144769320246558352780591737261172907511489963810975650573703217887429086546,
- 10097732913112662248360143041019433907849917041759137293018029019134392559350,
- 1720059427972723034107765345743336447947522473310069975142483982753181038321,
- 6302388219880227251325608388535181451187131054211388356563634768253301290116,
- 6745410632962119604799318394592010194450845483518862700079921360015766217097,
- 10858157235265583624235850660462324469799552996870780238992046963007491306222,
- 20241898894740093733047052816576694435372877719072347814065227797906130857593,
- 10165780782761211520836029617746977303303335603838343292431760011576528327409,
- 2832093654883670345969792724123161241696170611611744759675180839473215203706,
- 153011722355526826233082383360057587249818749719433916258246100068258954737,
- 20196970640587451358539129330170636295243141659030208529338914906436009086943,
- 3180973917010545328313139835982464870638521890385603025657430208141494469656,
- 17198004293191777441573635123110935015228014028618868252989374962722329283022,
- 7642160509228669138628515458941659189680509753651629476399516332224325757132,
- 19346204940546791021518535594447257347218878114049998691060016493806845179755,
- 11501810868606870391127866188394535330696206817602260610801897042898616817272,
- 3113973447392053821824427670386252797811804954746053461397972968381571297505,
- 6545064306297957002139416752334741502722251869537551068239642131448768236585,
- 5203908808704813498389265425172875593837960384349653691918590736979872578408,
- 2246692432011290582160062129070762007374502637007107318105405626910313810224,
- 11760570435432189127645691249600821064883781677693087773459065574359292849137,
- 5543749482491340532547407723464609328207990784853381797689466144924198391839,
- 8837549193990558762776520822018694066937602576881497343584903902880277769302,
- 12855514863299373699594410385788943772765811961581749194183533625311486462501,
- 5363660674689121676875069134269386492382220935599781121306637800261912519729,
- 13162342403579303950549728848130828093497701266240457479693991108217307949435,
- 916941639326869583414469202910306428966657806899788970948781207501251816730,
- 15618589556584434434009868216186115416835494805174158488636000580759692174228,
- 8959562060028569701043973060670353733575345393653685776974948916988033453971,
- 16390754464333401712265575949874369157699293840516802426621216808905079127650,
- 168282396747788514908709091757591226095443902501365500003618183905496160435,
- 8327443473179334761744301768309008451162322941906921742120510244986704677004,
- 17213012626801210615058753489149961717422101711567228037597150941152495100640,
- 10394369641533736715250242399198097296122982486516256408681925424076248952280,
- 17784386835392322654196171115293700800825771210400152504776806618892170162248,
- 16533189939837087893364000390641148516479148564190420358849587959161226782982,
- 18725396114211370207078434315900726338547621160475533496863298091023511945076,
- 7132325028834551397904855671244375895110341505383911719294705267624034122405,
- 148317947440800089795933930720822493695520852448386394775371401743494965187,
- 19001050671757720352890779127693793630251266879994702723636759889378387053056,
- 18824274411769830274877839365728651108434404855803844568234862945613766611460,
- 12771414330193951156383998390424063470766226667986423961689712557338777174205,
- 11332046574800279729678603488745295198038913503395629790213378101166488244657,
- 9607550223176946388146938069307456967842408600269548190739947540821716354749,
- 8756385288462344550200229174435953103162307705310807828651304665320046782583,
- 176061952957067086877570020242717222844908281373122372938833890096257042779,
- 12200212977482648306758992405065921724409841940671166017620928947866825250857,
- 10868453624107875516866146499877130701929063632959660262366632833504750028858,
- 2016095394399807253596787752134573207202567875457560571095586743878953450738,
- 21815578223768330433802113452339488275704145896544481092014911825656390567514,
- 4923772847693564777744725640710197015181591950368494148029046443433103381621,
- 1813584943682214789802230765734821149202472893379265320098816901270224589984,
- 10810123816265612772922113403831964815724109728287572256602010709288980656498,
- 1153669123397255702524721206511185557982017410156956216465120456256288427021,
- 5007518659266430200134478928344522649876467369278722765097865662497773767152,
- 2511432546938591792036639990606464315121646668029252285288323664350666551637,
- 32883284540320451295484135704808083452381176816565850047310272290579727564,
- 10484856914279112612610993418405543310546746652738541161791501150994088679557,
- 2026733759645519472558796412979210009170379159866522399881566309631434814953,
- 14731806221235869882801331463708736361296174006732553130708107037190460654379,
- 14740327483193277147065845135561988641238516852487657117813536909482068950652,
- 18787428285295558781869865751953016580493190547148386433580291216673009884554,
- 3804047064713122820157099453648459188816376755739202017447862327783289895072,
- 16709604795697901641948603019242067672006293290826991671766611326262532802914,
- 11061717085931490100602849654034280576915102867237101935487893025907907250695,
- 2821730726367472966906149684046356272806484545281639696873240305052362149654,
- 17467794879902895769410571945152708684493991588672014763135370927880883292655,
- 1571520786233540988201616650622796363168031165456869481368085474420849243232,
- 10041051776251223165849354194892664881051125330236567356945669006147134614302,
- 3981753758468103976812813304477670033098707002886030847251581853700311567551,
- 4365864398105436789177703571412645548020537580493599380018290523813331678900,
- 2391801327305361293476178683853802679507598622000359948432171562543560193350,
- 214219368547551689972421167733597094823289857206402800635962137077096090722,
- 18192064100315141084242006659317257023098826945893371479835220462302399655674,
- 15487549757142039139328911515400805508248576685795694919457041092150651939253,
- 10142447197759703415402259672441315777933858467700579946665223821199077641122,
- 11246573086260753259993971254725613211193686683988426513880826148090811891866,
- 6574066859860991369704567902211886840188702386542112593710271426704432301235,
- 11311085442652291634822798307831431035776248927202286895207125867542470350078,
- 20977948360215259915441258687649465618185769343138135384346964466965010873779,
- 792781492853909872425531014397300057232399608769451037135936617996830018501,
- 5027602491523497423798779154966735896562099398367163998686335127580757861872,
- 14595204575654316237672764823862241845410365278802914304953002937313300553572,
- 13973538843621261113924259058427434053808430378163734641175100160836376897004,
- 16395063164993626722686882727042150241125309409717445381854913964674649318585,
- 8465768840047024550750516678171433288207841931251654898809033371655109266663,
- 21345603324471810861925019445720576814602636473739003852898308205213912255830,
- 21171984405852590343970239018692870799717057961108910523876770029017785940991,
- 10761027113757988230637066281488532903174559953630210849190212601991063767647,
- 6678298831065390834922566306988418588227382406175769592902974103663687992230,
- 4993662582188632374202316265508850988596880036291765531885657575099537176757,
- 18364168158495573675698600238443218434246806358811328083953887470513967121206,
- 3506345610354615013737144848471391553141006285964325596214723571988011984829,
- 248732676202643792226973868626360612151424823368345645514532870586234380100,
- 10090204501612803176317709245679152331057882187411777688746797044706063410969,
- 21297149835078365363970699581821844234354988617890041296044775371855432973500,
- 16729368143229828574342820060716366330476985824952922184463387490091156065099,
- 4467191506765339364971058668792642195242197133011672559453028147641428433293,
- 8677548159358013363291014307402600830078662555833653517843708051504582990832,
- 1022951765127126818581466247360193856197472064872288389992480993218645055345,
- 1888195070251580606973417065636430294417895423429240431595054184472931224452,
- 4221265384902749246920810956363310125115516771964522748896154428740238579824,
- 2825393571154632139467378429077438870179957021959813965940638905853993971879,
- 19171031072692942278056619599721228021635671304612437350119663236604712493093,
- 10780807212297131186617505517708903709488273075252405602261683478333331220733,
- 18230936781133176044598070768084230333433368654744509969087239465125979720995,
- 16901065971871379877929280081392692752968612240624985552337779093292740763381,
- 146494141603558321291767829522948454429758543710648402457451799015963102253,
- 2492729278659146790410698334997955258248120870028541691998279257260289595548,
- 2204224910006646535594933495262085193210692406133533679934843341237521233504,
- 16062117410185840274616925297332331018523844434907012275592638570193234893570,
- 5894928453677122829055071981254202951712129328678534592916926069506935491729,
- 4947482739415078212217504789923078546034438919537985740403824517728200332286,
- 16143265650645676880461646123844627780378251900510645261875867423498913438066,
- 397690828254561723549349897112473766901585444153303054845160673059519614409,
- 11272653598912269895509621181205395118899451234151664604248382803490621227687,
- 15566927854306879444693061574322104423426072650522411176731130806720753591030,
- 14222898219492484180162096141564251903058269177856173968147960855133048449557,
- 16690275395485630428127725067513114066329712673106153451801968992299636791385,
- 3667030990325966886479548860429670833692690972701471494757671819017808678584,
- 21280039024501430842616328642522421302481259067470872421086939673482530783142,
- 15895485136902450169492923978042129726601461603404514670348703312850236146328,
- 7733050956302327984762132317027414325566202380840692458138724610131603812560,
- 438123800976401478772659663183448617575635636575786782566035096946820525816,
- 814913922521637742587885320797606426167962526342166512693085292151314976633,
- 12368712287081330853637674140264759478736012797026621876924395982504369598764,
- 2494806857395134874309386694756263421445039103814920780777601708371037591569,
- 16101132301514338989512946061786320637179843435886825102406248183507106312877,
- 6252650284989960032925831409804233477770646333900692286731621844532438095656,
- 9277135875276787021836189566799935097400042171346561246305113339462708861695,
- 10493603554686607050979497281838644324893776154179810893893660722522945589063,
- 8673089750662709235894359384294076697329948991010184356091130382437645649279,
- 9558393272910366944245875920138649617479779893610128634419086981339060613250,
- 19012287860122586147374214541764572282814469237161122489573881644994964647218,
- 9783723818270121678386992630754842961728702994964214799008457449989291229500,
- 15550788416669474113213749561488122552422887538676036667630838378023479382689,
- 15016165746156232864069722572047169071786333815661109750860165034341572904221,
- 6506225705710197163670556961299945987488979904603689017479840649664564978574,
- 10796631184889302076168355684722130903785890709107732067446714470783437829037,
- 19871836214837460419845806980869387567383718044439891735114283113359312279540,
- 20871081766843466343749609089986071784031203517506781251203251608363835140622,
- 5100105771517691442278432864090229416166996183792075307747582375962855820797,
- 8777887112076272395250620301071581171386440850451972412060638225741125310886,
- 5300440870136391278944213332144327695659161151625757537632832724102670898756,
- 1205448543652932944633962232545707633928124666868453915721030884663332604536,
- 5542499997310181530432302492142574333860449305424174466698068685590909336771,
- 11028094245762332275225364962905938096659249161369092798505554939952525894293,
- 19187314764836593118404597958543112407224947638377479622725713735224279297009,
- 17047263688548829001253658727764731047114098556534482052135734487985276987385,
- 19914849528178967155534624144358541535306360577227460456855821557421213606310,
- 2929658084700714257515872921366736697080475676508114973627124569375444665664,
- 15092262360719700162343163278648422751610766427236295023221516498310468956361,
- 21578580340755653236050830649990190843552802306886938815497471545814130084980,
- 1258781501221760320019859066036073675029057285507345332959539295621677296991,
- 3819598418157732134449049289585680301176983019643974929528867686268702720163,
- 8653175945487997845203439345797943132543211416447757110963967501177317426221,
- 6614652990340435611114076169697104582524566019034036680161902142028967568142,
- 19212515502973904821995111796203064175854996071497099383090983975618035391558,
- 18664315914479294273286016871365663486061896605232511201418576829062292269769,
- 11498264615058604317482574216318586415670903094838791165247179252175768794889,
- 10814026414212439999107945133852431304483604215416531759535467355316227331774,
- 17566185590731088197064706533119299946752127014428399631467913813769853431107,
- 14016139747289624978792446847000951708158212463304817001882956166752906714332,
- 8242601581342441750402731523736202888792436665415852106196418942315563860366,
- 9244680976345080074252591214216060854998619670381671198295645618515047080988,
- 12216779172735125538689875667307129262237123728082657485828359100719208190116,
- 10702811721859145441471328511968332847175733707711670171718794132331147396634,
- 6479667912792222539919362076122453947926362746906450079329453150607427372979,
- 15117544653571553820496948522381772148324367479772362833334593000535648316185,
- 6842203153996907264167856337497139692895299874139131328642472698663046726780,
- 12732823292801537626009139514048596316076834307941224506504666470961250728055,
- 6936272626871035740815028148058841877090860312517423346335878088297448888663,
- 17297554111853491139852678417579991271009602631577069694853813331124433680030,
- 16641596134749940573104316021365063031319260205559553673368334842484345864859,
- 7400481189785154329569470986896455371037813715804007747228648863919991399081,
- 2273205422216987330510475127669563545720586464429614439716564154166712854048,
- 15162538063742142685306302282127534305212832649282186184583465569986719234456,
- 5628039096440332922248578319648483863204530861778160259559031331287721255522,
- 16085392195894691829567913404182676871326863890140775376809129785155092531260,
- 14227467863135365427954093998621993651369686288941275436795622973781503444257,
- 18224457394066545825553407391290108485121649197258948320896164404518684305122,
- 274945154732293792784580363548970818611304339008964723447672490026510689427,
- 11050822248291117548220126630860474473945266276626263036056336623671308219529,
- 2119542016932434047340813757208803962484943912710204325088879681995922344971
- ];
-
- var t;
- signal t2[nrounds];
- signal t4[nrounds];
- signal xL[nrounds-1];
- signal xR[nrounds-1];
-
- var c;
- for (var i=0; i<nrounds; i++) {
- if ((i == 0) || (i == nrounds - 1)) {
- c = 0;
- } else {
- c = c_partial[i - 1];
- }
- t = (i==0) ? k+xL_in : k + xL[i-1] + c;
- t2[i] <== t*t;
- t4[i] <== t2[i]*t2[i];
- if (i<nrounds-1) {
- xL[i] <== ((i==0) ? xR_in : xR[i-1]) + t4[i]*t;
- xR[i] <== (i==0) ? xL_in : xL[i-1];
- } else {
- xR_out <== xR[i-1] + t4[i]*t;
- xL_out <== xL[i-1];
- }
- }
-}
diff --git a/circuits/montgomery.circom b/circuits/montgomery.circom
deleted file mode 100644
index 90813079..00000000
--- a/circuits/montgomery.circom
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/*
- Source: https://en.wikipedia.org/wiki/Montgomery_curve
-
- 1 + y 1 + y
- [u, v] = [ ------- , ---------- ]
- 1 - y (1 - y)x
-
- */
-
-template Edwards2Montgomery() {
- signal input in[2];
- signal output out[2];
-
- out[0] <-- (1 + in[1]) / (1 - in[1]);
- out[1] <-- out[0] / in[0];
-
-
- out[0] * (1-in[1]) === (1 + in[1]);
- out[1] * in[0] === out[0];
-}
-
-/*
-
- u u - 1
- [x, y] = [ ---, ------- ]
- v u + 1
-
- */
-template Montgomery2Edwards() {
- signal input in[2];
- signal output out[2];
-
- out[0] <-- in[0] / in[1];
- out[1] <-- (in[0] - 1) / (in[0] + 1);
-
- out[0] * in[1] === in[0];
- out[1] * (in[0] + 1) === in[0] - 1;
-}
-
-
-/*
- x2 - x1
- lamda = ---------
- y2 - y1
-
- x3 + A + x1 + x2
- x3 = B * lamda^2 - A - x1 -x2 => lamda^2 = ------------------
- B
-
- y3 = (2*x1 + x2 + A)*lamda - B*lamda^3 - y1 =>
-
-
- => y3 = lamda * ( 2*x1 + x2 + A - x3 - A - x1 - x2) - y1 =>
-
- => y3 = lamda * ( x1 - x3 ) - y1
-
-----------
-
- y2 - y1
- lamda = ---------
- x2 - x1
-
- x3 = B * lamda^2 - A - x1 -x2
-
- y3 = lamda * ( x1 - x3 ) - y1
-
- */
-
-template MontgomeryAdd() {
- signal input in1[2];
- signal input in2[2];
- signal output out[2];
-
- var a = 168700;
- var d = 168696;
-
- var A = (2 * (a + d)) / (a - d);
- var B = 4 / (a - d);
-
- signal lamda;
-
- lamda <-- (in2[1] - in1[1]) / (in2[0] - in1[0]);
- lamda * (in2[0] - in1[0]) === (in2[1] - in1[1]);
-
- out[0] <== B*lamda*lamda - A - in1[0] -in2[0];
- out[1] <== lamda * (in1[0] - out[0]) - in1[1];
-}
-
-/*
-
- x1_2 = x1*x1
-
- 3*x1_2 + 2*A*x1 + 1
- lamda = ---------------------
- 2*B*y1
-
- x3 = B * lamda^2 - A - x1 -x1
-
- y3 = lamda * ( x1 - x3 ) - y1
-
- */
-template MontgomeryDouble() {
- signal input in[2];
- signal output out[2];
-
- var a = 168700;
- var d = 168696;
-
- var A = (2 * (a + d)) / (a - d);
- var B = 4 / (a - d);
-
- signal lamda;
- signal x1_2;
-
- x1_2 <== in[0] * in[0];
-
- lamda <-- (3*x1_2 + 2*A*in[0] + 1 ) / (2*B*in[1]);
- lamda * (2*B*in[1]) === (3*x1_2 + 2*A*in[0] + 1 );
-
- out[0] <== B*lamda*lamda - A - 2*in[0];
- out[1] <== lamda * (in[0] - out[0]) - in[1];
-}
diff --git a/circuits/multiplexer.circom b/circuits/multiplexer.circom
deleted file mode 100644
index 091bd2be..00000000
--- a/circuits/multiplexer.circom
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-// --> Assignation without constraint
-// <-- Assignation without constraint
-// === Constraint
-// <== Assignation with constraint
-// ==> Assignation with constraint
-// All variables are members of the field F[p]
-// https://github.com/zcash-hackworks/sapling-crypto
-// https://github.com/ebfull/bellman
-
-/*
-function log2(a) {
- if (a==0) {
- return 0;
- }
- let n = 1;
- let r = 1;
- while (n<a) {
- r++;
- n *= 2;
- }
- return r;
-}
-*/
-
-template EscalarProduct(w) {
- signal input in1[w];
- signal input in2[w];
- signal output out;
- signal aux[w];
- var lc = 0;
- for (var i=0; i<w; i++) {
- aux[i] <== in1[i]*in2[i];
- lc = lc + aux[i];
- }
- out <== lc;
-}
-
-template Decoder(w) {
- signal input inp;
- signal output out[w];
- signal output success;
- var lc=0;
-
- for (var i=0; i<w; i++) {
- out[i] <-- (inp == i) ? 1 : 0;
- out[i] * (inp-i) === 0;
- lc = lc + out[i];
- }
-
- lc ==> success;
- success * (success -1) === 0;
-}
-
-
-template Multiplexer(wIn, nIn) {
- signal input inp[nIn][wIn];
- signal input sel;
- signal output out[wIn];
- component dec = Decoder(nIn);
- component ep[wIn];
-
- for (var k=0; k<wIn; k++) {
- ep[k] = EscalarProduct(nIn);
- }
-
- sel ==> dec.inp;
- for (var j=0; j<wIn; j++) {
- for (var k=0; k<nIn; k++) {
- inp[k][j] ==> ep[j].in1[k];
- dec.out[k] ==> ep[j].in2[k];
- }
- ep[j].out ==> out[j];
- }
- dec.success === 1;
-}
diff --git a/circuits/mux1.circom b/circuits/mux1.circom
deleted file mode 100644
index 3473c6cf..00000000
--- a/circuits/mux1.circom
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-template MultiMux1(n) {
- signal input c[n][2]; // Constants
- signal input s; // Selector
- signal output out[n];
-
- for (var i=0; i<n; i++) {
-
- out[i] <== (c[i][1] - c[i][0])*s + c[i][0];
-
- }
-}
-
-template Mux1() {
- var i;
- signal input c[2]; // Constants
- signal input s; // Selector
- signal output out;
-
- component mux = MultiMux1(1);
-
- for (i=0; i<2; i++) {
- mux.c[0][i] <== c[i];
- }
-
- s ==> mux.s;
-
- mux.out[0] ==> out;
-}
diff --git a/circuits/mux2.circom b/circuits/mux2.circom
deleted file mode 100644
index 1e71cf7e..00000000
--- a/circuits/mux2.circom
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-template MultiMux2(n) {
- signal input c[n][4]; // Constants
- signal input s[2]; // Selector
- signal output out[n];
-
- signal a10[n];
- signal a1[n];
- signal a0[n];
- signal a[n];
-
- signal s10;
- s10 <== s[1] * s[0];
-
- for (var i=0; i<n; i++) {
-
- a10[i] <== ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s10;
- a1[i] <== ( c[i][ 2]-c[i][ 0] ) * s[1];
- a0[i] <== ( c[i][ 1]-c[i][ 0] ) * s[0];
- a[i] <== ( c[i][ 0] )
-
- out[i] <== ( a10[i] + a1[i] + a0[i] + a[i] );
-
- }
-}
-
-template Mux2() {
- var i;
- signal input c[4]; // Constants
- signal input s[2]; // Selector
- signal output out;
-
- component mux = MultiMux2(1);
-
- for (i=0; i<4; i++) {
- mux.c[0][i] <== c[i];
- }
-
- for (i=0; i<2; i++) {
- s[i] ==> mux.s[i];
- }
-
- mux.out[0] ==> out;
-}
diff --git a/circuits/mux3.circom b/circuits/mux3.circom
deleted file mode 100644
index 277ead2e..00000000
--- a/circuits/mux3.circom
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-template MultiMux3(n) {
- signal input c[n][8]; // Constants
- signal input s[3]; // Selector
- signal output out[n];
-
- signal a210[n];
- signal a21[n];
- signal a20[n];
- signal a2[n];
-
- signal a10[n];
- signal a1[n];
- signal a0[n];
- signal a[n];
-
- // 4 constrains for the intermediary variables
- signal s10;
- s10 <== s[1] * s[0];
-
- for (var i=0; i<n; i++) {
-
- a210[i] <== ( c[i][ 7]-c[i][ 6]-c[i][ 5]+c[i][ 4] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) * s10;
- a21[i] <== ( c[i][ 6]-c[i][ 4]-c[i][ 2]+c[i][ 0] ) * s[1];
- a20[i] <== ( c[i][ 5]-c[i][ 4]-c[i][ 1]+c[i][ 0] ) * s[0];
- a2[i] <== ( c[i][ 4]-c[i][ 0] );
-
- a10[i] <== ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s10;
- a1[i] <== ( c[i][ 2]-c[i][ 0] ) * s[1];
- a0[i] <== ( c[i][ 1]-c[i][ 0] ) * s[0];
- a[i] <== ( c[i][ 0] )
-
- out[i] <== ( a210[i] + a21[i] + a20[i] + a2[i] ) * s[2] +
- ( a10[i] + a1[i] + a0[i] + a[i] );
-
- }
-}
-
-template Mux3() {
- var i;
- signal input c[8]; // Constants
- signal input s[3]; // Selector
- signal output out;
-
- component mux = MultiMux3(1);
-
- for (i=0; i<8; i++) {
- mux.c[0][i] <== c[i];
- }
-
- for (i=0; i<3; i++) {
- s[i] ==> mux.s[i];
- }
-
- mux.out[0] ==> out;
-}
diff --git a/circuits/mux4.circom b/circuits/mux4.circom
deleted file mode 100644
index c30bb94f..00000000
--- a/circuits/mux4.circom
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-template MultiMux4(n) {
- signal input c[n][16]; // Constants
- signal input s[4]; // Selector
- signal output out[n];
-
- signal a3210[n];
- signal a321[n];
- signal a320[n];
- signal a310[n];
- signal a32[n];
- signal a31[n];
- signal a30[n];
- signal a3[n];
-
- signal a210[n];
- signal a21[n];
- signal a20[n];
- signal a10[n];
- signal a2[n];
- signal a1[n];
- signal a0[n];
- signal a[n];
-
- // 4 constrains for the intermediary variables
- signal s10;
- s10 <== s[1] * s[0];
- signal s20;
- s20 <== s[2] * s[0];
- signal s21;
- s21 <== s[2] * s[1];
- signal s210;
- s210 <== s21 * s[0];
-
-
- for (var i=0; i<n; i++) {
-
- a3210[i] <== ( c[i][15]-c[i][14]-c[i][13]+c[i][12] - c[i][11]+c[i][10]+c[i][ 9]-c[i][ 8]
- -c[i][ 7]+c[i][ 6]+c[i][ 5]-c[i][ 4] + c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s210;
- a321[i] <== ( c[i][14]-c[i][12]-c[i][10]+c[i][ 8] - c[i][ 6]+c[i][ 4]+c[i][ 2]-c[i][ 0] ) * s21;
- a320[i] <== ( c[i][13]-c[i][12]-c[i][ 9]+c[i][ 8] - c[i][ 5]+c[i][ 4]+c[i][ 1]-c[i][ 0] ) * s20;
- a310[i] <== ( c[i][11]-c[i][10]-c[i][ 9]+c[i][ 8] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) * s10;
- a32[i] <== ( c[i][12]-c[i][ 8]-c[i][ 4]+c[i][ 0] ) * s[2];
- a31[i] <== ( c[i][10]-c[i][ 8]-c[i][ 2]+c[i][ 0] ) * s[1];
- a30[i] <== ( c[i][ 9]-c[i][ 8]-c[i][ 1]+c[i][ 0] ) * s[0];
- a3[i] <== ( c[i][ 8]-c[i][ 0] );
-
- a210[i] <== ( c[i][ 7]-c[i][ 6]-c[i][ 5]+c[i][ 4] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) * s210;
- a21[i] <== ( c[i][ 6]-c[i][ 4]-c[i][ 2]+c[i][ 0] ) * s21;
- a20[i] <== ( c[i][ 5]-c[i][ 4]-c[i][ 1]+c[i][ 0] ) * s20;
- a10[i] <== ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s10;
- a2[i] <== ( c[i][ 4]-c[i][ 0] ) * s[2];
- a1[i] <== ( c[i][ 2]-c[i][ 0] ) * s[1];
- a0[i] <== ( c[i][ 1]-c[i][ 0] ) * s[0];
- a[i] <== ( c[i][ 0] )
-
- out[i] <== ( a3210[i] + a321[i] + a320[i] + a310[i] + a32[i] + a31[i] + a30[i] + a3[i] ) * s[3] +
- ( a210[i] + a21[i] + a20[i] + a10[i] + a2[i] + a1[i] + a0[i] + a[i] );
-
-/*
- out[i] <== ( s210 * ( c[i][15]-c[i][14]-c[i][13]+c[i][12] - c[i][11]+c[i][10]+c[i][ 9]-c[i][ 8]
- -c[i][ 7]+c[i][ 6]+c[i][ 5]-c[i][ 4] + c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) +
- s21 * ( c[i][14]-c[i][12]-c[i][10]+c[i][ 8] - c[i][ 6]+c[i][ 4]+c[i][ 2]-c[i][ 0] ) +
- s20 * ( c[i][13]-c[i][12]-c[i][ 9]+c[i][ 8] - c[i][ 5]+c[i][ 4]+c[i][ 1]-c[i][ 0] ) +
- s10 * ( c[i][11]-c[i][10]-c[i][ 9]+c[i][ 8] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) +
- s[2] * ( c[i][12]-c[i][ 8]-c[i][ 4]+c[i][ 0] ) +
- s[1] * ( c[i][10]-c[i][ 8]-c[i][ 2]+c[i][ 0] ) +
- s[0] * ( c[i][ 9]-c[i][ 8]-c[i][ 1]+c[i][ 0] ) +
- ( c[i][ 8]-c[i][ 0] ) ) * s[3] +
- ( s210 * ( c[i][ 7]-c[i][ 6]-c[i][ 5]+c[i][ 4] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) +
- s21 * ( c[i][ 6]-c[i][ 4]-c[i][ 2]+c[i][ 0] ) +
- s20 * ( c[i][ 5]-c[i][ 4]-c[i][ 1]+c[i][ 0] ) +
- s10 * ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) +
- s[2] * ( c[i][ 4]-c[i][ 0] ) +
- s[1] * ( c[i][ 2]-c[i][ 0] ) +
- s[0] * ( c[i][ 1]-c[i][ 0] ) +
- ( c[i][ 0] ));
-
-*/
- }
-}
-
-template Mux4() {
- var i;
- signal input c[16]; // Constants
- signal input s[4]; // Selector
- signal output out;
-
- component mux = MultiMux4(1);
-
- for (i=0; i<16; i++) {
- mux.c[0][i] <== c[i];
- }
-
- for (i=0; i<4; i++) {
- s[i] ==> mux.s[i];
- }
-
- mux.out[0] ==> out;
-}
diff --git a/circuits/pedersen.circom b/circuits/pedersen.circom
deleted file mode 100644
index 245d5d8b..00000000
--- a/circuits/pedersen.circom
+++ /dev/null
@@ -1,255 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "montgomery.circom";
-include "mux3.circom";
-include "babyjub.circom";
-
-template Window4() {
- signal input in[4];
- signal input base[2];
- signal output out[2];
- signal output out8[2]; // Returns 8*Base (To be linked)
-
- component mux = MultiMux3(2);
-
- mux.s[0] <== in[0];
- mux.s[1] <== in[1];
- mux.s[2] <== in[2];
-
- component dbl2 = MontgomeryDouble();
- component adr3 = MontgomeryAdd();
- component adr4 = MontgomeryAdd();
- component adr5 = MontgomeryAdd();
- component adr6 = MontgomeryAdd();
- component adr7 = MontgomeryAdd();
- component adr8 = MontgomeryAdd();
-
-// in[0] -> 1*BASE
-
- mux.c[0][0] <== base[0];
- mux.c[1][0] <== base[1];
-
-// in[1] -> 2*BASE
- dbl2.in[0] <== base[0];
- dbl2.in[1] <== base[1];
- mux.c[0][1] <== dbl2.out[0];
- mux.c[1][1] <== dbl2.out[1];
-
-// in[2] -> 3*BASE
- adr3.in1[0] <== base[0];
- adr3.in1[1] <== base[1];
- adr3.in2[0] <== dbl2.out[0];
- adr3.in2[1] <== dbl2.out[1];
- mux.c[0][2] <== adr3.out[0];
- mux.c[1][2] <== adr3.out[1];
-
-// in[3] -> 4*BASE
- adr4.in1[0] <== base[0];
- adr4.in1[1] <== base[1];
- adr4.in2[0] <== adr3.out[0];
- adr4.in2[1] <== adr3.out[1];
- mux.c[0][3] <== adr4.out[0];
- mux.c[1][3] <== adr4.out[1];
-
-// in[4] -> 5*BASE
- adr5.in1[0] <== base[0];
- adr5.in1[1] <== base[1];
- adr5.in2[0] <== adr4.out[0];
- adr5.in2[1] <== adr4.out[1];
- mux.c[0][4] <== adr5.out[0];
- mux.c[1][4] <== adr5.out[1];
-
-// in[5] -> 6*BASE
- adr6.in1[0] <== base[0];
- adr6.in1[1] <== base[1];
- adr6.in2[0] <== adr5.out[0];
- adr6.in2[1] <== adr5.out[1];
- mux.c[0][5] <== adr6.out[0];
- mux.c[1][5] <== adr6.out[1];
-
-// in[6] -> 7*BASE
- adr7.in1[0] <== base[0];
- adr7.in1[1] <== base[1];
- adr7.in2[0] <== adr6.out[0];
- adr7.in2[1] <== adr6.out[1];
- mux.c[0][6] <== adr7.out[0];
- mux.c[1][6] <== adr7.out[1];
-
-// in[7] -> 8*BASE
- adr8.in1[0] <== base[0];
- adr8.in1[1] <== base[1];
- adr8.in2[0] <== adr7.out[0];
- adr8.in2[1] <== adr7.out[1];
- mux.c[0][7] <== adr8.out[0];
- mux.c[1][7] <== adr8.out[1];
-
- out8[0] <== adr8.out[0];
- out8[1] <== adr8.out[1];
-
- out[0] <== mux.out[0];
- out[1] <== - mux.out[1]*2*in[3] + mux.out[1]; // Negate y if in[3] is one
-}
-
-
-template Segment(nWindows) {
- signal input in[nWindows*4];
- signal input base[2];
- signal output out[2];
-
- var i;
- var j;
-
- // Convert the base to montgomery
-
- component e2m = Edwards2Montgomery();
- e2m.in[0] <== base[0];
- e2m.in[1] <== base[1];
-
- component windows[nWindows];
- component doublers1[nWindows-1];
- component doublers2[nWindows-1];
- component adders[nWindows-1];
- for (i=0; i<nWindows; i++) {
- windows[i] = Window4();
- for (j=0; j<4; j++) {
- windows[i].in[j] <== in[4*i+j];
- }
- if (i==0) {
- windows[i].base[0] <== e2m.out[0];
- windows[i].base[1] <== e2m.out[1];
- } else {
- doublers1[i-1] = MontgomeryDouble();
- doublers2[i-1] = MontgomeryDouble();
- doublers1[i-1].in[0] <== windows[i-1].out8[0];
- doublers1[i-1].in[1] <== windows[i-1].out8[1];
- doublers2[i-1].in[0] <== doublers1[i-1].out[0];
- doublers2[i-1].in[1] <== doublers1[i-1].out[1];
-
- windows[i].base[0] <== doublers2[i-1].out[0];
- windows[i].base[1] <== doublers2[i-1].out[1];
-
- adders[i-1] = MontgomeryAdd();
- if (i==1) {
- adders[i-1].in1[0] <== windows[0].out[0];
- adders[i-1].in1[1] <== windows[0].out[1];
- } else {
- adders[i-1].in1[0] <== adders[i-2].out[0];
- adders[i-1].in1[1] <== adders[i-2].out[1];
- }
- adders[i-1].in2[0] <== windows[i].out[0];
- adders[i-1].in2[1] <== windows[i].out[1];
- }
- }
-
- component m2e = Montgomery2Edwards();
-
- if (nWindows > 1) {
- m2e.in[0] <== adders[nWindows-2].out[0];
- m2e.in[1] <== adders[nWindows-2].out[1];
- } else {
- m2e.in[0] <== windows[0].out[0];
- m2e.in[1] <== windows[0].out[1];
- }
-
- out[0] <== m2e.out[0];
- out[1] <== m2e.out[1];
-}
-
-template Pedersen(n) {
- signal input in[n];
- signal output out[2];
-
- var BASE[10][2] = [
- [10457101036533406547632367118273992217979173478358440826365724437999023779287,19824078218392094440610104313265183977899662750282163392862422243483260492317],
- [2671756056509184035029146175565761955751135805354291559563293617232983272177,2663205510731142763556352975002641716101654201788071096152948830924149045094],
- [5802099305472655231388284418920769829666717045250560929368476121199858275951,5980429700218124965372158798884772646841287887664001482443826541541529227896],
- [7107336197374528537877327281242680114152313102022415488494307685842428166594,2857869773864086953506483169737724679646433914307247183624878062391496185654],
- [20265828622013100949498132415626198973119240347465898028410217039057588424236,1160461593266035632937973507065134938065359936056410650153315956301179689506],
- [1487999857809287756929114517587739322941449154962237464737694709326309567994,14017256862867289575056460215526364897734808720610101650676790868051368668003],
- [14618644331049802168996997831720384953259095788558646464435263343433563860015,13115243279999696210147231297848654998887864576952244320558158620692603342236],
- [6814338563135591367010655964669793483652536871717891893032616415581401894627,13660303521961041205824633772157003587453809761793065294055279768121314853695],
- [3571615583211663069428808372184817973703476260057504149923239576077102575715,11981351099832644138306422070127357074117642951423551606012551622164230222506],
- [18597552580465440374022635246985743886550544261632147935254624835147509493269,6753322320275422086923032033899357299485124665258735666995435957890214041481]
- ]
-
- var nSegments = ((n-1)\200)+1;
-
- component segments[nSegments];
-
- var i;
- var j;
- var nBits;
- var nWindows;
- for (i=0; i<nSegments; i++) {
- nBits = (i == (nSegments-1)) ? n - (nSegments-1)*200 : 200;
- nWindows = ((nBits - 1)\4)+1;
- segments[i] = Segment(nWindows);
- segments[i].base[0] <== BASE[i][0];
- segments[i].base[1] <== BASE[i][1];
- for (j = 0; j<nBits; j++) {
- segments[i].in[j] <== in[i*200+j];
- }
- // Fill padding bits
- for (j = nBits; j < nWindows*4; j++) {
- segments[i].in[j] <== 0;
- }
- }
-
- component adders[nSegments-1];
-
- for (i=0; i<nSegments-1; i++) {
- adders[i] = BabyAdd();
- if (i==0) {
- adders[i].x1 <== segments[0].out[0];
- adders[i].y1 <== segments[0].out[1];
- adders[i].x2 <== segments[1].out[0];
- adders[i].y2 <== segments[1].out[1];
- } else {
- adders[i].x1 <== adders[i-1].xout;
- adders[i].y1 <== adders[i-1].yout;
- adders[i].x2 <== segments[i+1].out[0];
- adders[i].y2 <== segments[i+1].out[1];
- }
- }
-
-/*
- coponent packPoint = PackPoint();
-
- if (nSegments>1) {
- packPoint.in[0] <== adders[nSegments-2].xout;
- packPoint.in[1] <== adders[nSegments-2].yout;
- } else {
- packPoint.in[0] <== segments[0].out[0];
- packPoint.in[1] <== segments[0].out[1];
- }
-
- out[0] <== packPoint.out[0];
- out[1] <== packPoint.out[1];
-*/
-
- if (nSegments>1) {
- out[0] <== adders[nSegments-2].xout;
- out[1] <== adders[nSegments-2].yout;
- } else {
- out[0] <== segments[0].out[0];
- out[1] <== segments[0].out[1];
- }
-}
-
diff --git a/circuits/pedersen_old.circom b/circuits/pedersen_old.circom
deleted file mode 100644
index 9ddc387d..00000000
--- a/circuits/pedersen_old.circom
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "escalarmul.circom";
-
-template Pedersen(n) {
- signal input in[n];
- signal output out[2];
-
- var nexps = ((n-1) \ 250) + 1;
- var nlastbits = n - (nexps-1)*250;
-
- component escalarMuls[nexps];
-
- var PBASE[10][2] = [
- [10457101036533406547632367118273992217979173478358440826365724437999023779287,19824078218392094440610104313265183977899662750282163392862422243483260492317],
- [2671756056509184035029146175565761955751135805354291559563293617232983272177,2663205510731142763556352975002641716101654201788071096152948830924149045094],
- [5802099305472655231388284418920769829666717045250560929368476121199858275951,5980429700218124965372158798884772646841287887664001482443826541541529227896],
- [7107336197374528537877327281242680114152313102022415488494307685842428166594,2857869773864086953506483169737724679646433914307247183624878062391496185654],
- [20265828622013100949498132415626198973119240347465898028410217039057588424236,1160461593266035632937973507065134938065359936056410650153315956301179689506],
- [1487999857809287756929114517587739322941449154962237464737694709326309567994,14017256862867289575056460215526364897734808720610101650676790868051368668003],
- [14618644331049802168996997831720384953259095788558646464435263343433563860015,13115243279999696210147231297848654998887864576952244320558158620692603342236],
- [6814338563135591367010655964669793483652536871717891893032616415581401894627,13660303521961041205824633772157003587453809761793065294055279768121314853695],
- [3571615583211663069428808372184817973703476260057504149923239576077102575715,11981351099832644138306422070127357074117642951423551606012551622164230222506],
- [18597552580465440374022635246985743886550544261632147935254624835147509493269,6753322320275422086923032033899357299485124665258735666995435957890214041481]
- ];
-
- var i;
- var j;
- var nexpbits;
- for (i=0; i<nexps; i++) {
- nexpbits = (i == nexps-1) ? nlastbits : 250;
- escalarMuls[i] = EscalarMul(nexpbits, PBASE[i]);
-
- for (j=0; j<nexpbits; j++) {
- escalarMuls[i].in[j] <== in[250*i + j];
- }
-
- if (i==0) {
- escalarMuls[i].inp[0] <== 0;
- escalarMuls[i].inp[1] <== 1;
- } else {
- escalarMuls[i].inp[0] <== escalarMuls[i-1].out[0];
- escalarMuls[i].inp[1] <== escalarMuls[i-1].out[1];
- }
- }
-
- escalarMuls[nexps-1].out[0] ==> out[0];
- escalarMuls[nexps-1].out[1] ==> out[1];
-}
diff --git a/circuits/pointbits.circom b/circuits/pointbits.circom
deleted file mode 100644
index 9084a8ec..00000000
--- a/circuits/pointbits.circom
+++ /dev/null
@@ -1,163 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "bitify.circom";
-include "aliascheck.circom";
-include "compconstant.circom";
-include "babyjub.circom";
-
-
-function sqrt(n) {
-
- if (n == 0) {
- return 0;
- }
-
- // Test that have solution
- var res = n ** ((-1) >> 1);
-// if (res!=1) assert(false, "SQRT does not exists");
- if (res!=1) return 0;
-
- var m = 28;
- var c = 19103219067921713944291392827692070036145651957329286315305642004821462161904;
- var t = n ** 81540058820840996586704275553141814055101440848469862132140264610111;
- var r = n ** ((81540058820840996586704275553141814055101440848469862132140264610111+1)>>1);
- var sq;
- var i;
- var b;
- var j;
-
- while ((r != 0)&&(t != 1)) {
- sq = t*t;
- i = 1;
- while (sq!=1) {
- i++;
- sq = sq*sq;
- }
-
- // b = c ^ m-i-1
- b = c;
- for (j=0; j< m-i-1; j ++) b = b*b;
-
- m = i;
- c = b*b;
- t = t*c;
- r = r*b;
- }
-
- if (r < 0 ) {
- r = -r;
- }
-
- return r;
-}
-
-
-template Bits2Point() {
- signal input in[256];
- signal output out[2];
-}
-
-template Bits2Point_Strict() {
- signal input in[256];
- signal output out[2];
-
- var i;
-
- // Check aliasing
- component aliasCheckY = AliasCheck();
- for (i=0; i<254; i++) {
- aliasCheckY.in[i] <== in[i];
- }
- in[254] === 0;
-
- component b2nY = Bits2Num(254);
- for (i=0; i<254; i++) {
- b2nY.in[i] <== in[i];
- }
-
- out[1] <== b2nY.out;
-
- var a = 168700;
- var d = 168696;
-
- var y2 = out[1] * out[1];
-
- var x = sqrt( (1-y2)/(a - d*y2) );
-
- if (in[255] == 1) x = -x;
-
- out[0] <-- x;
-
- component babyCheck = BabyCheck();
- babyCheck.x <== out[0];
- babyCheck.y <== out[1];
-
- component n2bX = Num2Bits(254);
- n2bX.in <== out[0];
- component aliasCheckX = AliasCheck();
- for (i=0; i<254; i++) {
- aliasCheckX.in[i] <== n2bX.out[i];
- }
-
- component signCalc = CompConstant(10944121435919637611123202872628637544274182200208017171849102093287904247808);
- for (i=0; i<254; i++) {
- signCalc.in[i] <== n2bX.out[i];
- }
-
- signCalc.out === in[255];
-}
-
-
-template Point2Bits() {
- signal input in[2];
- signal output out[256];
-
-
-}
-
-template Point2Bits_Strict() {
- signal input in[2];
- signal output out[256];
-
- var i;
-
- component n2bX = Num2Bits(254);
- n2bX.in <== in[0];
- component n2bY = Num2Bits(254);
- n2bY.in <== in[1];
-
- component aliasCheckX = AliasCheck();
- component aliasCheckY = AliasCheck();
- for (i=0; i<254; i++) {
- aliasCheckX.in[i] <== n2bX.out[i];
- aliasCheckY.in[i] <== n2bY.out[i];
- }
-
- component signCalc = CompConstant(10944121435919637611123202872628637544274182200208017171849102093287904247808);
- for (i=0; i<254; i++) {
- signCalc.in[i] <== n2bX.out[i];
- }
-
- for (i=0; i<254; i++) {
- out[i] <== n2bY.out[i];
- }
- out[254] <== 0;
- out[255] <== signCalc.out;
-}
diff --git a/circuits/poseidon.circom b/circuits/poseidon.circom
deleted file mode 100644
index aac8d036..00000000
--- a/circuits/poseidon.circom
+++ /dev/null
@@ -1,208 +0,0 @@
-
-template Sigma() {
- signal input in;
- signal output out;
-
- signal in2;
- signal in4;
-
- in2 <== in*in;
- in4 <== in2*in2;
-
- out <== in4*in;
-}
-
-template Ark(t, C) {
- signal input in[t];
- signal output out[t];
- for (var i=0; i<t; i++) {
- out[i] <== in[i] + C;
- }
-}
-
-template Mix(t, M) {
- signal input in[t];
- signal output out[t];
- var lc;
-
- var i;
- var j;
-
- for (i=0; i<t; i++) {
- lc = 0;
- for (j=0; j<t; j++) {
- lc = lc + M[i][j]*in[j];
- }
- out[i] <== lc;
- }
-}
-
-// var nRoundsF = 8;
-// var nRoundsP = 57;
-// var t = 6;
-
-template Poseidon(nInputs, t, nRoundsF, nRoundsP) {
-
- var C[65] = [
- 14397397413755236225575615486459253198602422701513067526754101844196324375522,
- 10405129301473404666785234951972711717481302463898292859783056520670200613128,
- 5179144822360023508491245509308555580251733042407187134628755730783052214509,
- 9132640374240188374542843306219594180154739721841249568925550236430986592615,
- 20360807315276763881209958738450444293273549928693737723235350358403012458514,
- 17933600965499023212689924809448543050840131883187652471064418452962948061619,
- 3636213416533737411392076250708419981662897009810345015164671602334517041153,
- 2008540005368330234524962342006691994500273283000229509835662097352946198608,
- 16018407964853379535338740313053768402596521780991140819786560130595652651567,
- 20653139667070586705378398435856186172195806027708437373983929336015162186471,
- 17887713874711369695406927657694993484804203950786446055999405564652412116765,
- 4852706232225925756777361208698488277369799648067343227630786518486608711772,
- 8969172011633935669771678412400911310465619639756845342775631896478908389850,
- 20570199545627577691240476121888846460936245025392381957866134167601058684375,
- 16442329894745639881165035015179028112772410105963688121820543219662832524136,
- 20060625627350485876280451423010593928172611031611836167979515653463693899374,
- 16637282689940520290130302519163090147511023430395200895953984829546679599107,
- 15599196921909732993082127725908821049411366914683565306060493533569088698214,
- 16894591341213863947423904025624185991098788054337051624251730868231322135455,
- 1197934381747032348421303489683932612752526046745577259575778515005162320212,
- 6172482022646932735745595886795230725225293469762393889050804649558459236626,
- 21004037394166516054140386756510609698837211370585899203851827276330669555417,
- 15262034989144652068456967541137853724140836132717012646544737680069032573006,
- 15017690682054366744270630371095785995296470601172793770224691982518041139766,
- 15159744167842240513848638419303545693472533086570469712794583342699782519832,
- 11178069035565459212220861899558526502477231302924961773582350246646450941231,
- 21154888769130549957415912997229564077486639529994598560737238811887296922114,
- 20162517328110570500010831422938033120419484532231241180224283481905744633719,
- 2777362604871784250419758188173029886707024739806641263170345377816177052018,
- 15732290486829619144634131656503993123618032247178179298922551820261215487562,
- 6024433414579583476444635447152826813568595303270846875177844482142230009826,
- 17677827682004946431939402157761289497221048154630238117709539216286149983245,
- 10716307389353583413755237303156291454109852751296156900963208377067748518748,
- 14925386988604173087143546225719076187055229908444910452781922028996524347508,
- 8940878636401797005293482068100797531020505636124892198091491586778667442523,
- 18911747154199663060505302806894425160044925686870165583944475880789706164410,
- 8821532432394939099312235292271438180996556457308429936910969094255825456935,
- 20632576502437623790366878538516326728436616723089049415538037018093616927643,
- 71447649211767888770311304010816315780740050029903404046389165015534756512,
- 2781996465394730190470582631099299305677291329609718650018200531245670229393,
- 12441376330954323535872906380510501637773629931719508864016287320488688345525,
- 2558302139544901035700544058046419714227464650146159803703499681139469546006,
- 10087036781939179132584550273563255199577525914374285705149349445480649057058,
- 4267692623754666261749551533667592242661271409704769363166965280715887854739,
- 4945579503584457514844595640661884835097077318604083061152997449742124905548,
- 17742335354489274412669987990603079185096280484072783973732137326144230832311,
- 6266270088302506215402996795500854910256503071464802875821837403486057988208,
- 2716062168542520412498610856550519519760063668165561277991771577403400784706,
- 19118392018538203167410421493487769944462015419023083813301166096764262134232,
- 9386595745626044000666050847309903206827901310677406022353307960932745699524,
- 9121640807890366356465620448383131419933298563527245687958865317869840082266,
- 3078975275808111706229899605611544294904276390490742680006005661017864583210,
- 7157404299437167354719786626667769956233708887934477609633504801472827442743,
- 14056248655941725362944552761799461694550787028230120190862133165195793034373,
- 14124396743304355958915937804966111851843703158171757752158388556919187839849,
- 11851254356749068692552943732920045260402277343008629727465773766468466181076,
- 9799099446406796696742256539758943483211846559715874347178722060519817626047,
- 10156146186214948683880719664738535455146137901666656566575307300522957959544,
- 19908645952733301583346063785055921934459499091029406575311417879963332475861,
- 11766105336238068471342414351862472329437473380853789942065610694000443387471,
- 11002137593249972174092192767251572171769044073555430468487809799220351297047,
- 284136377911685911941431040940403846843630064858778505937392780738953624163,
- 19448733709802908339787967270452055364068697565906862913410983275341804035680,
- 14423660424692802524250720264041003098290275890428483723270346403986712981505,
- 10635360132728137321700090133109897687122647659471659996419791842933639708516
- ];
-
- var M[6][6] = [
- [
- 19167410339349846567561662441069598364702008768579734801591448511131028229281,
- 14183033936038168803360723133013092560869148726790180682363054735190196956789,
- 9067734253445064890734144122526450279189023719890032859456830213166173619761,
- 16378664841697311562845443097199265623838619398287411428110917414833007677155,
- 12968540216479938138647596899147650021419273189336843725176422194136033835172,
- 3636162562566338420490575570584278737093584021456168183289112789616069756675
- ],[
- 17034139127218860091985397764514160131253018178110701196935786874261236172431,
- 2799255644797227968811798608332314218966179365168250111693473252876996230317,
- 2482058150180648511543788012634934806465808146786082148795902594096349483974,
- 16563522740626180338295201738437974404892092704059676533096069531044355099628,
- 10468644849657689537028565510142839489302836569811003546969773105463051947124,
- 3328913364598498171733622353010907641674136720305714432354138807013088636408
- ],[
- 18985203040268814769637347880759846911264240088034262814847924884273017355969,
- 8652975463545710606098548415650457376967119951977109072274595329619335974180,
- 970943815872417895015626519859542525373809485973005165410533315057253476903,
- 19406667490568134101658669326517700199745817783746545889094238643063688871948,
- 17049854690034965250221386317058877242629221002521630573756355118745574274967,
- 4964394613021008685803675656098849539153699842663541444414978877928878266244
- ],[
- 19025623051770008118343718096455821045904242602531062247152770448380880817517,
- 9077319817220936628089890431129759976815127354480867310384708941479362824016,
- 4770370314098695913091200576539533727214143013236894216582648993741910829490,
- 4298564056297802123194408918029088169104276109138370115401819933600955259473,
- 6905514380186323693285869145872115273350947784558995755916362330070690839131,
- 4783343257810358393326889022942241108539824540285247795235499223017138301952
- ],[
- 16205238342129310687768799056463408647672389183328001070715567975181364448609,
- 8303849270045876854140023508764676765932043944545416856530551331270859502246,
- 20218246699596954048529384569730026273241102596326201163062133863539137060414,
- 1712845821388089905746651754894206522004527237615042226559791118162382909269,
- 13001155522144542028910638547179410124467185319212645031214919884423841839406,
- 16037892369576300958623292723740289861626299352695838577330319504984091062115
- ],[
- 15162889384227198851506890526431746552868519326873025085114621698588781611738,
- 13272957914179340594010910867091459756043436017766464331915862093201960540910,
- 9416416589114508529880440146952102328470363729880726115521103179442988482948,
- 8035240799672199706102747147502951589635001418759394863664434079699838251138,
- 21642389080762222565487157652540372010968704000567605990102641816691459811717,
- 20261355950827657195644012399234591122288573679402601053407151083849785332516
- ]
- ];
-
-
- signal input inputs[nInputs];
- signal output out;
-
- component ark[nRoundsF + nRoundsP];
- component sigmaF[nRoundsF][t];
- component sigmaP[nRoundsP];
- component mix[nRoundsF + nRoundsP];
-
- var i;
- var j;
- var k;
-
- for (i=0; i<(nRoundsF + nRoundsP); i++) {
- ark[i] = Ark(t, C[i]);
- mix[i] = Mix(t, M);
-
- for (j=0; j<t; j++) {
- if (i==0) {
- if (j<nInputs) {
- ark[i].in[j] <== inputs[j];
- } else {
- ark[i].in[j] <== 0;
- }
- } else {
- ark[i].in[j] <== mix[i-1].out[j];
- }
- }
-
- if ((i<(nRoundsF/2)) || (i>= (nRoundsP + nRoundsF/2))) {
- k= i<nRoundsF/2 ? i : (i-nRoundsP);
- for (j=0; j<t; j++) {
- sigmaF[k][j] = Sigma();
- sigmaF[k][j].in <== ark[i].out[j];
- mix[i].in[j] <== sigmaF[k][j].out;
- }
- } else {
- k= i-nRoundsF/2;
- sigmaP[k] = Sigma();
- sigmaP[k].in <== ark[i].out[0];
- mix[i].in[0] <== sigmaP[k].out;
- for (j=1; j<t; j++) {
- mix[i].in[j] <== ark[i].out[j];
- }
- }
- }
-
- out <== mix[nRoundsF + nRoundsP -1].out[0];
-}
diff --git a/circuits/sha256/ch.circom b/circuits/sha256/ch.circom
deleted file mode 100644
index 5804ae8c..00000000
--- a/circuits/sha256/ch.circom
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/* Ch
-
-000 0
-001 1
-010 0
-011 1
-100 0
-101 0
-110 1
-111 1
-
-out = a&b ^ (!a)&c =>
-
-out = a*(b-c) + c
-
-*/
-
-template Ch(n) {
- signal input a[n];
- signal input b[n];
- signal input c[n];
- signal output out[n];
-
- for (var k=0; k<n; k++) {
- out[k] <== a[k] * (b[k]-c[k]) + c[k];
- }
-}
diff --git a/circuits/sha256/constants.circom b/circuits/sha256/constants.circom
deleted file mode 100644
index 7b375d53..00000000
--- a/circuits/sha256/constants.circom
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-template H(x) {
- signal output out[32];
- var c[8] = [0x6a09e667,
- 0xbb67ae85,
- 0x3c6ef372,
- 0xa54ff53a,
- 0x510e527f,
- 0x9b05688c,
- 0x1f83d9ab,
- 0x5be0cd19];
-
- for (var i=0; i<32; i++) {
- out[i] <== (c[x] >> i) & 1;
- }
-}
-
-template K(x) {
- signal output out[32];
- var c[64] = [
- 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
- 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
- 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
- 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
- 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
- ];
-
- for (var i=0; i<32; i++) {
- out[i] <== (c[x] >> i) & 1;
- }
-}
diff --git a/circuits/sha256/main.circom b/circuits/sha256/main.circom
deleted file mode 100644
index fbf24348..00000000
--- a/circuits/sha256/main.circom
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "sha256_2.jaz";
-
-template Main() {
- signal private input a;
- signal private input b;
- signal output out;
-
- component sha256_2 = SHA256_2();
-
- sha256_2.a <== a;
- sha256_2.b <== a;
- out <== sha256_2.out;
-}
-
-component main = Main();
diff --git a/circuits/sha256/maj.circom b/circuits/sha256/maj.circom
deleted file mode 100644
index ee536874..00000000
--- a/circuits/sha256/maj.circom
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/* Maj function for sha256
-
-out = a&b ^ a&c ^ b&c =>
-
-out = a*b + a*c + b*c - 2*a*b*c =>
-
-out = a*( b + c - 2*b*c ) + b*c =>
-
-mid = b*c
-out = a*( b + c - 2*mid ) + mid
-
-*/
-
-template Maj(n) {
- signal input a[n];
- signal input b[n];
- signal input c[n];
- signal output out[n];
- signal mid[n];
-
- for (var k=0; k<n; k++) {
- mid[k] <== b[k]*c[k];
- out[k] <== a[k] * (b[k]+c[k]-2*mid[k]) + mid[k];
- }
-}
diff --git a/circuits/sha256/rotate.circom b/circuits/sha256/rotate.circom
deleted file mode 100644
index b05df40a..00000000
--- a/circuits/sha256/rotate.circom
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-template RotR(n, r) {
- signal input in[n];
- signal output out[n];
-
- for (var i=0; i<n; i++) {
- out[i] <== in[ (i+r)%n ];
- }
-}
diff --git a/circuits/sha256/sha256.circom b/circuits/sha256/sha256.circom
deleted file mode 100644
index c2af805e..00000000
--- a/circuits/sha256/sha256.circom
+++ /dev/null
@@ -1,81 +0,0 @@
-
-
-include "constants.circom";
-include "sha256compression.circom";
-
-template Sha256(nBits) {
- signal input in[nBits];
- signal output out[256];
-
- var i;
- var k;
- var nBlocks;
- var bitsLastBlock;
-
-
- nBlocks = ((nBits + 64)\512)+1;
-
- signal paddedIn[nBlocks*512];
-
- for (k=0; k<nBits; k++) {
- paddedIn[k] <== in[k];
- }
- paddedIn[nBits] <== 1;
-
- for (k=nBits+1; k<nBlocks*512-64; k++) {
- paddedIn[k] <== 0;
- }
-
- for (k = 0; k< 64; k++) {
- paddedIn[nBlocks*512 - k -1] <== (nBits >> k)&1;
- }
-
- component ha0 = H(0);
- component hb0 = H(1);
- component hc0 = H(2);
- component hd0 = H(3);
- component he0 = H(4);
- component hf0 = H(5);
- component hg0 = H(6);
- component hh0 = H(7);
-
- component sha256compression[nBlocks];
-
- for (i=0; i<nBlocks; i++) {
-
- sha256compression[i] = Sha256compression() ;
-
- if (i==0) {
- for (k=0; k<32; k++ ) {
- sha256compression[i].hin[0*32+k] <== ha0.out[k];
- sha256compression[i].hin[1*32+k] <== hb0.out[k];
- sha256compression[i].hin[2*32+k] <== hc0.out[k];
- sha256compression[i].hin[3*32+k] <== hd0.out[k];
- sha256compression[i].hin[4*32+k] <== he0.out[k];
- sha256compression[i].hin[5*32+k] <== hf0.out[k];
- sha256compression[i].hin[6*32+k] <== hg0.out[k];
- sha256compression[i].hin[7*32+k] <== hh0.out[k];
- }
- } else {
- for (k=0; k<32; k++ ) {
- sha256compression[i].hin[32*0+k] <== sha256compression[i-1].out[32*0+31-k];
- sha256compression[i].hin[32*1+k] <== sha256compression[i-1].out[32*1+31-k];
- sha256compression[i].hin[32*2+k] <== sha256compression[i-1].out[32*2+31-k];
- sha256compression[i].hin[32*3+k] <== sha256compression[i-1].out[32*3+31-k];
- sha256compression[i].hin[32*4+k] <== sha256compression[i-1].out[32*4+31-k];
- sha256compression[i].hin[32*5+k] <== sha256compression[i-1].out[32*5+31-k];
- sha256compression[i].hin[32*6+k] <== sha256compression[i-1].out[32*6+31-k];
- sha256compression[i].hin[32*7+k] <== sha256compression[i-1].out[32*7+31-k];
- }
- }
-
- for (k=0; k<512; k++) {
- sha256compression[i].inp[k] <== paddedIn[i*512+k];
- }
- }
-
- for (k=0; k<256; k++) {
- out[k] <== sha256compression[nBlocks-1].out[k];
- }
-
-}
diff --git a/circuits/sha256/sha256_2.circom b/circuits/sha256/sha256_2.circom
deleted file mode 100644
index 91537633..00000000
--- a/circuits/sha256/sha256_2.circom
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "constants.circom";
-include "sha256compression.circom";
-include "../bitify.circom"
-
-template Sha256_2() {
- signal input a;
- signal input b;
- signal output out;
-
- var i;
- var k;
-
- component bits2num = Bits2Num(216);
- component num2bits[2];
-
- num2bits[0] = Num2Bits(216);
- num2bits[1] = Num2Bits(216);
-
- num2bits[0].in <== a;
- num2bits[1].in <== b;
-
-
- component sha256compression = Sha256compression() ;
-
- component ha0 = H(0);
- component hb0 = H(1);
- component hc0 = H(2);
- component hd0 = H(3);
- component he0 = H(4);
- component hf0 = H(5);
- component hg0 = H(6);
- component hh0 = H(7);
-
- for (k=0; k<32; k++ ) {
- sha256compression.hin[0*32+k] <== ha0.out[k];
- sha256compression.hin[1*32+k] <== hb0.out[k];
- sha256compression.hin[2*32+k] <== hc0.out[k];
- sha256compression.hin[3*32+k] <== hd0.out[k];
- sha256compression.hin[4*32+k] <== he0.out[k];
- sha256compression.hin[5*32+k] <== hf0.out[k];
- sha256compression.hin[6*32+k] <== hg0.out[k];
- sha256compression.hin[7*32+k] <== hh0.out[k];
- }
-
- for (i=0; i<216; i++) {
- sha256compression.inp[i] <== num2bits[0].out[215-i];
- sha256compression.inp[i+216] <== num2bits[1].out[215-i];
- }
-
- sha256compression.inp[432] <== 1;
-
- for (i=433; i<503; i++) {
- sha256compression.inp[i] <== 0;
- }
-
- sha256compression.inp[503] <== 1;
- sha256compression.inp[504] <== 1;
- sha256compression.inp[505] <== 0;
- sha256compression.inp[506] <== 1;
- sha256compression.inp[507] <== 1;
- sha256compression.inp[508] <== 0;
- sha256compression.inp[509] <== 0;
- sha256compression.inp[510] <== 0;
- sha256compression.inp[511] <== 0;
-
- for (i=0; i<216; i++) {
- bits2num.in[i] <== sha256compression.out[255-i];
- }
-
- out <== bits2num.out;
-}
diff --git a/circuits/sha256/sha256compression.circom b/circuits/sha256/sha256compression.circom
deleted file mode 100644
index e8ac441c..00000000
--- a/circuits/sha256/sha256compression.circom
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "constants.circom";
-include "t1.circom";
-include "t2.circom";
-include "../binsum.circom";
-include "sigmaplus.circom";
-
-template Sha256compression() {
- signal input hin[256];
- signal input inp[512];
- signal output out[256];
- signal a[65][32];
- signal b[65][32];
- signal c[65][32];
- signal d[65][32];
- signal e[65][32];
- signal f[65][32];
- signal g[65][32];
- signal h[65][32];
- signal w[64][32];
-
- var i;
-
- component sigmaPlus[48];
- for (i=0; i<48; i++) sigmaPlus[i] = SigmaPlus();
-
- component ct_k[64];
- for (i=0; i<64; i++) ct_k[i] = K(i);
-
- component t1[64];
- for (i=0; i<64; i++) t1[i] = T1();
-
- component t2[64];
- for (i=0; i<64; i++) t2[i] = T2();
-
- component suma[64];
- for (i=0; i<64; i++) suma[i] = BinSum(32, 2);
-
- component sume[64];
- for (i=0; i<64; i++) sume[i] = BinSum(32, 2);
-
- component fsum[8];
- for (i=0; i<8; i++) fsum[i] = BinSum(32, 2);
-
- var k;
- var t;
-
- for (t=0; t<64; t++) {
- if (t<16) {
- for (k=0; k<32; k++) {
- w[t][k] <== inp[t*32+31-k];
- }
- } else {
- for (k=0; k<32; k++) {
- sigmaPlus[t-16].in2[k] <== w[t-2][k];
- sigmaPlus[t-16].in7[k] <== w[t-7][k];
- sigmaPlus[t-16].in15[k] <== w[t-15][k];
- sigmaPlus[t-16].in16[k] <== w[t-16][k];
- }
-
- for (k=0; k<32; k++) {
- w[t][k] <== sigmaPlus[t-16].out[k];
- }
- }
- }
-
- for (k=0; k<32; k++ ) {
- a[0][k] <== hin[k];
- b[0][k] <== hin[32*1 + k];
- c[0][k] <== hin[32*2 + k];
- d[0][k] <== hin[32*3 + k];
- e[0][k] <== hin[32*4 + k];
- f[0][k] <== hin[32*5 + k];
- g[0][k] <== hin[32*6 + k];
- h[0][k] <== hin[32*7 + k];
- }
-
- for (t = 0; t<64; t++) {
- for (k=0; k<32; k++) {
- t1[t].h[k] <== h[t][k];
- t1[t].e[k] <== e[t][k];
- t1[t].f[k] <== f[t][k];
- t1[t].g[k] <== g[t][k];
- t1[t].k[k] <== ct_k[t].out[k];
- t1[t].w[k] <== w[t][k];
-
- t2[t].a[k] <== a[t][k];
- t2[t].b[k] <== b[t][k];
- t2[t].c[k] <== c[t][k];
- }
-
- for (k=0; k<32; k++) {
- sume[t].in[0][k] <== d[t][k];
- sume[t].in[1][k] <== t1[t].out[k];
-
- suma[t].in[0][k] <== t1[t].out[k];
- suma[t].in[1][k] <== t2[t].out[k];
- }
-
- for (k=0; k<32; k++) {
- h[t+1][k] <== g[t][k];
- g[t+1][k] <== f[t][k];
- f[t+1][k] <== e[t][k];
- e[t+1][k] <== sume[t].out[k];
- d[t+1][k] <== c[t][k];
- c[t+1][k] <== b[t][k];
- b[t+1][k] <== a[t][k];
- a[t+1][k] <== suma[t].out[k];
- }
- }
-
- for (k=0; k<32; k++) {
- fsum[0].in[0][k] <== hin[32*0+k];
- fsum[0].in[1][k] <== a[64][k];
- fsum[1].in[0][k] <== hin[32*1+k];
- fsum[1].in[1][k] <== b[64][k];
- fsum[2].in[0][k] <== hin[32*2+k];
- fsum[2].in[1][k] <== c[64][k];
- fsum[3].in[0][k] <== hin[32*3+k];
- fsum[3].in[1][k] <== d[64][k];
- fsum[4].in[0][k] <== hin[32*4+k];
- fsum[4].in[1][k] <== e[64][k];
- fsum[5].in[0][k] <== hin[32*5+k];
- fsum[5].in[1][k] <== f[64][k];
- fsum[6].in[0][k] <== hin[32*6+k];
- fsum[6].in[1][k] <== g[64][k];
- fsum[7].in[0][k] <== hin[32*7+k];
- fsum[7].in[1][k] <== h[64][k];
- }
-
- for (k=0; k<32; k++) {
- out[31-k] <== fsum[0].out[k];
- out[32+31-k] <== fsum[1].out[k];
- out[64+31-k] <== fsum[2].out[k];
- out[96+31-k] <== fsum[3].out[k];
- out[128+31-k] <== fsum[4].out[k];
- out[160+31-k] <== fsum[5].out[k];
- out[192+31-k] <== fsum[6].out[k];
- out[224+31-k] <== fsum[7].out[k];
- }
-}
diff --git a/circuits/sha256/shift.circom b/circuits/sha256/shift.circom
deleted file mode 100644
index bdff3fde..00000000
--- a/circuits/sha256/shift.circom
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-template ShR(n, r) {
- signal input in[n];
- signal output out[n];
-
- for (var i=0; i<n; i++) {
- if (i+r >= n) {
- out[i] <== 0;
- } else {
- out[i] <== in[ i+r ];
- }
- }
-}
-
diff --git a/circuits/sha256/sigma.circom b/circuits/sha256/sigma.circom
deleted file mode 100644
index 0661e532..00000000
--- a/circuits/sha256/sigma.circom
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "xor3.circom";
-include "rotate.circom";
-include "shift.circom";
-
-template SmallSigma(ra, rb, rc) {
- signal input in[32];
- signal output out[32];
- var k;
-
- component rota = RotR(32, ra);
- component rotb = RotR(32, rb);
- component shrc = ShR(32, rc);
-
- for (k=0; k<32; k++) {
- rota.in[k] <== in[k];
- rotb.in[k] <== in[k];
- shrc.in[k] <== in[k];
- }
-
- component xor3 = Xor3(32);
- for (k=0; k<32; k++) {
- xor3.a[k] <== rota.out[k];
- xor3.b[k] <== rotb.out[k];
- xor3.c[k] <== shrc.out[k];
- }
-
- for (k=0; k<32; k++) {
- out[k] <== xor3.out[k];
- }
-}
-
-template BigSigma(ra, rb, rc) {
- signal input in[32];
- signal output out[32];
- var k;
-
- component rota = RotR(32, ra);
- component rotb = RotR(32, rb);
- component rotc = RotR(32, rc);
- for (k=0; k<32; k++) {
- rota.in[k] <== in[k];
- rotb.in[k] <== in[k];
- rotc.in[k] <== in[k];
- }
-
- component xor3 = Xor3(32);
-
- for (k=0; k<32; k++) {
- xor3.a[k] <== rota.out[k];
- xor3.b[k] <== rotb.out[k];
- xor3.c[k] <== rotc.out[k];
- }
-
- for (k=0; k<32; k++) {
- out[k] <== xor3.out[k];
- }
-}
diff --git a/circuits/sha256/sigmaplus.circom b/circuits/sha256/sigmaplus.circom
deleted file mode 100644
index 49637e40..00000000
--- a/circuits/sha256/sigmaplus.circom
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "../binsum.circom"
-include "sigma.circom"
-
-template SigmaPlus() {
- signal input in2[32];
- signal input in7[32];
- signal input in15[32];
- signal input in16[32];
- signal output out[32];
- var k;
-
- component sigma1 = SmallSigma(17,19,10);
- component sigma0 = SmallSigma(7, 18, 3);
- for (k=0; k<32; k++) {
- sigma1.in[k] <== in2[k];
- sigma0.in[k] <== in15[k];
- }
-
- component sum = BinSum(32, 4);
- for (k=0; k<32; k++) {
- sum.in[0][k] <== sigma1.out[k];
- sum.in[1][k] <== in7[k];
- sum.in[2][k] <== sigma0.out[k];
- sum.in[3][k] <== in16[k];
- }
-
- for (k=0; k<32; k++) {
- out[k] <== sum.out[k];
- }
-}
diff --git a/circuits/sha256/t1.circom b/circuits/sha256/t1.circom
deleted file mode 100644
index 369b4655..00000000
--- a/circuits/sha256/t1.circom
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "../binsum.circom";
-include "sigma.circom";
-include "ch.circom";
-
-template T1() {
- signal input h[32];
- signal input e[32];
- signal input f[32];
- signal input g[32];
- signal input k[32];
- signal input w[32];
- signal output out[32];
-
- var ki;
-
- component ch = Ch(32);
- component bigsigma1 = BigSigma(6, 11, 25);
-
- for (ki=0; ki<32; ki++) {
- bigsigma1.in[ki] <== e[ki];
- ch.a[ki] <== e[ki];
- ch.b[ki] <== f[ki];
- ch.c[ki] <== g[ki];
- }
-
- component sum = BinSum(32, 5);
- for (ki=0; ki<32; ki++) {
- sum.in[0][ki] <== h[ki];
- sum.in[1][ki] <== bigsigma1.out[ki];
- sum.in[2][ki] <== ch.out[ki];
- sum.in[3][ki] <== k[ki];
- sum.in[4][ki] <== w[ki];
- }
-
- for (ki=0; ki<32; ki++) {
- out[ki] <== sum.out[ki];
- }
-}
diff --git a/circuits/sha256/t2.circom b/circuits/sha256/t2.circom
deleted file mode 100644
index 5a55728e..00000000
--- a/circuits/sha256/t2.circom
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "../binsum.circom";
-include "sigma.circom";
-include "maj.circom"
-
-template T2() {
- signal input a[32];
- signal input b[32];
- signal input c[32];
- signal output out[32];
- var k;
-
- component bigsigma0 = BigSigma(2, 13, 22);
- component maj = Maj(32);
- for (k=0; k<32; k++) {
- bigsigma0.in[k] <== a[k];
- maj.a[k] <== a[k];
- maj.b[k] <== b[k];
- maj.c[k] <== c[k];
- }
-
- component sum = BinSum(32, 2);
-
- for (k=0; k<32; k++) {
- sum.in[0][k] <== bigsigma0.out[k];
- sum.in[1][k] <== maj.out[k];
- }
-
- for (k=0; k<32; k++) {
- out[k] <== sum.out[k];
- }
-}
diff --git a/circuits/sha256/xor3.circom b/circuits/sha256/xor3.circom
deleted file mode 100644
index 9bbe76ce..00000000
--- a/circuits/sha256/xor3.circom
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/* Xor3 function for sha256
-
-out = a ^ b ^ c =>
-
-out = a+b+c - 2*a*b - 2*a*c - 2*b*c + 4*a*b*c =>
-
-out = a*( 1 - 2*b - 2*c + 4*b*c ) + b + c - 2*b*c =>
-
-mid = b*c
-out = a*( 1 - 2*b -2*c + 4*mid ) + b + c - 2 * mid
-
-*/
-
-template Xor3(n) {
- signal input a[n];
- signal input b[n];
- signal input c[n];
- signal output out[n];
- signal mid[n];
-
- for (var k=0; k<n; k++) {
- mid[k] <== b[k]*c[k];
- out[k] <== a[k] * (1 -2*b[k] -2*c[k] +4*mid[k]) + b[k] + c[k] -2*mid[k];
- }
-}
diff --git a/circuits/sign.circom b/circuits/sign.circom
deleted file mode 100644
index 57ebcc8f..00000000
--- a/circuits/sign.circom
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "compconstant.circom";
-
-template Sign() {
- signal input in[254];
- signal output sign;
-
- component comp = CompConstant(10944121435919637611123202872628637544274182200208017171849102093287904247808);
-
- var i;
-
- for (i=0; i<254; i++) {
- comp.in[i] <== in[i];
- }
-
- sign <== comp.out;
-}
diff --git a/circuits/smt/smthash_mimc.circom b/circuits/smt/smthash_mimc.circom
deleted file mode 100644
index bad5290a..00000000
--- a/circuits/smt/smthash_mimc.circom
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "../mimc.circom";
-
-
-/*
- Hash1 = H(1 | key | value)
- */
-
-template SMTHash1() {
- signal input key;
- signal input value;
- signal output out;
-
- component h = MultiMiMC7(2, 91); // Constant
- h.in[0] <== key;
- h.in[1] <== value;
- h.k <== 1;
-
- out <== h.out;
-}
-
-/*
- This component is used to create the 2 nodes.
-
- Hash2 = H(Hl | Hr)
- */
-
-template SMTHash2() {
- signal input L;
- signal input R;
- signal output out;
-
- component h = MultiMiMC7(2, 91); // Constant
- h.in[0] <== L;
- h.in[1] <== R;
- h.k <== 0;
-
- out <== h.out;
-}
diff --git a/circuits/smt/smthash_poseidon.circom b/circuits/smt/smthash_poseidon.circom
deleted file mode 100644
index 5a9feb78..00000000
--- a/circuits/smt/smthash_poseidon.circom
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "../poseidon.circom";
-
-
-/*
- Hash1 = H(1 | key | value)
- */
-
-template SMTHash1() {
- signal input key;
- signal input value;
- signal output out;
-
- component h = Poseidon(3, 6, 8, 57); // Constant
- h.inputs[0] <== key;
- h.inputs[1] <== value;
- h.inputs[2] <== 1;
-
- out <== h.out;
-}
-
-/*
- This component is used to create the 2 nodes.
-
- Hash2 = H(Hl | Hr)
- */
-
-template SMTHash2() {
- signal input L;
- signal input R;
- signal output out;
-
- component h = Poseidon(2, 6, 8, 57); // Constant
- h.inputs[0] <== L;
- h.inputs[1] <== R;
-
- out <== h.out;
-}
diff --git a/circuits/smt/smtlevins.circom b/circuits/smt/smtlevins.circom
deleted file mode 100644
index 82f05132..00000000
--- a/circuits/smt/smtlevins.circom
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/*
-
-This component finds the level where the oldInsert is done.
-The rules are:
-
-levIns[i] == 1 if its level and all the child levels have a sibling of 0 and
-the parent level has a sibling != 0. Considere that the root level always has
-a parent with a sibling != 0.
-
-
- ┌──────────────┐
- │ │
- │ │───▶ levIns[0] <== (1-done[i])
- │ │
- └──────────────┘
- ▲
- │
- │
- done[0]
-
-
-
- done[i-1] <== levIns[i] + done[i]
- ▲
- │
- │
- ┌───────────┐ ┌──────────────┐
- │ │ │ │
- sibling[i-1]───▶│IsZero[i-1]│─▶│ │───▶ levIns[i] <== (1-done[i])*(1-isZero[i-1].out)
- │ │ │ │
- └───────────┘ └──────────────┘
- ▲
- │
- │
- done[i]
-
-
-
- done[n-2] <== levIns[n-1]
- ▲
- │
- │
- ┌───────────┐ ┌──────────────┐
- │ │ │ │
- sibling[n-2]───▶│IsZero[n-2]│─▶│ │────▶ levIns[n-1] <== (1-isZero[n-2].out)
- │ │ │ │
- └───────────┘ └──────────────┘
-
- ┌───────────┐
- │ │
- sibling[n-1]───▶│IsZero[n-1]│────▶ === 0
- │ │
- └───────────┘
-
- */
-
-template SMTLevIns(nLevels) {
- signal input enabled;
- signal input siblings[nLevels];
- signal output levIns[nLevels];
- signal done[nLevels-1]; // Indicates if the insLevel has aready been detected.
-
- var i;
-
- component isZero[nLevels];
-
- for (i=0; i<nLevels; i++) {
- isZero[i] = IsZero();
- isZero[i].in <== siblings[i];
- }
-
- // The last level must always have a sibling of 0. If not, then it cannot be inserted.
- (isZero[nLevels-1].out - 1) * enabled === 0;
-
- levIns[nLevels-1] <== (1-isZero[nLevels-2].out);
- done[nLevels-2] <== levIns[nLevels-1];
- for (i=nLevels-2; i>0; i--) {
- levIns[i] <== (1-done[i])*(1-isZero[i-1].out)
- done[i-1] <== levIns[i] + done[i];
- }
-
- levIns[0] <== (1-done[0]);
-}
diff --git a/circuits/smt/smtprocessor.circom b/circuits/smt/smtprocessor.circom
deleted file mode 100644
index 61f8bed8..00000000
--- a/circuits/smt/smtprocessor.circom
+++ /dev/null
@@ -1,260 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/***************************************************************************************************
-
-SMTProcessor: Sparse Merkle Tree processor is a component to verify an insert/update/delete elements
-into the Sparse Merkle tree.
-
-
-Insert to an empty leaf
-=======================
-
- STATE OLD STATE NEW STATE
- ===== ========= =========
-
- oldRoot newRoot
- ▲ ▲
- │ │
- ┌───────┐ ┏━━━┻━━━┓ ┌───────┐ ┏━━━┻━━━┓
- top │Sibling├────▶┃ Hash ┃◀─┐ │Sibling├────▶┃ Hash ┃◀─┐
- └───────┘ ┗━━━━━━━┛ │ └───────┘ ┗━━━━━━━┛ │
- │ │
- │ │
- ┏━━━┻━━━┓ ┌───────┐ ┏━━━┻━━━┓ ┌───────┐
- top ┌─────▶┃ Hash ┃◀──┤Sibling│ ┌─────▶┃ Hash ┃◀──┤Sibling│
- │ ┗━━━━━━━┛ └───────┘ │ ┗━━━━━━━┛ └───────┘
- │ │
- │ │
- ┌───────┐ ┏━━━┻━━━┓ ┌───────┐ ┏━━━┻━━━┓
- top │Sibling├──▶┃ Hash ┃◀─────┐ │Sibling├──▶┃ Hash ┃◀─────┐
- └───────┘ ┗━━━━━━━┛ │ └───────┘ ┗━━━━━━━┛ │
- │ │
- │ │
- ┌────┴────┐ ┌────┴────┐
- old0 │ 0 │ │New1Leaf │
- └─────────┘ └─────────┘
-
-
- ┏━━━━━━━┓ ┏━━━━━━━┓
- na ┃ Hash ┃ ┃ Hash ┃
- ┗━━━━━━━┛ ┗━━━━━━━┛
-
-
- ┏━━━━━━━┓ ┏━━━━━━━┓
- na ┃ Hash ┃ ┃ Hash ┃
- ┗━━━━━━━┛ ┗━━━━━━━┛
-
-
-
-Insert to a used leaf.
-=====================
-
- STATE OLD STATE NEW STATE
- ===== ========= =========
-
-
- oldRoot newRoot
- ▲ ▲
- │ │
- ┌───────┐ ┏━━━┻━━━┓ ┌───────┐ ┏━━━┻━━━┓
- top │Sibling├────▶┃ Hash ┃◀─┐ │Sibling├────▶┃ Hash ┃◀─┐
- └───────┘ ┗━━━━━━━┛ │ └───────┘ ┗━━━━━━━┛ │
- │ │
- │ │
- ┏━━━┻━━━┓ ┌───────┐ ┏━━━┻━━━┓ ┌───────┐
- top ┌─────▶┃ Hash ┃◀──┤Sibling│ ┌─────▶┃ Hash ┃◀──┤Sibling│
- │ ┗━━━━━━━┛ └───────┘ │ ┗━━━━━━━┛ └───────┘
- │ │
- │ │
- ┌───────┐ ┏━━━┻━━━┓ ┌───────┐ ┏━━━┻━━━┓
- top │Sibling├──▶┃ Hash ┃◀─────┐ │Sibling├──▶┃ Hash ┃◀─────┐
- └───────┘ ┗━━━━━━━┛ │ └───────┘ ┗━━━━━━━┛ │
- │ │
- │ │
- ┌────┴────┐ ┏━━━┻━━━┓ ┌───────┐
- bot │Old1Leaf │ ┌─────▶┃ Hash ┃◀──┼─ 0 │
- └─────────┘ │ ┗━━━━━━━┛ └───────┘
- │
- │
- ┏━━━━━━━┓ ┌───────┐ ┏━━━┻━━━┓
- bot ┃ Hash ┃ │ 0 ─┼──▶┃ Hash ┃◀─────┐
- ┗━━━━━━━┛ └───────┘ ┗━━━━━━━┛ │
- │
- │
- ┏━━━━━━━┓ ┏━━━┻━━━┓ ┌───────┐
- bot ┃ Hash ┃ ┌─────▶┃ Hash ┃◀──│ 0 │
- ┗━━━━━━━┛ │ ┗━━━━━━━┛ └───────┘
- │
- │
- ┏━━━━━━━┓ ┌─────────┐ ┏━━━┻━━━┓ ┌─────────┐
- new1 ┃ Hash ┃ │Old1Leaf ├──▶┃ Hash ┃◀──│New1Leaf │
- ┗━━━━━━━┛ └─────────┘ ┗━━━━━━━┛ └─────────┘
-
-
- ┏━━━━━━━┓ ┏━━━━━━━┓
- na ┃ Hash ┃ ┃ Hash ┃
- ┗━━━━━━━┛ ┗━━━━━━━┛
-
-
- ┏━━━━━━━┓ ┏━━━━━━━┓
- na ┃ Hash ┃ ┃ Hash ┃
- ┗━━━━━━━┛ ┗━━━━━━━┛
-
-
-Fnction
-fnc[0] fnc[1]
-0 0 NOP
-0 1 UPDATE
-1 0 INSERT
-1 1 DELETE
-
-
-***************************************************************************************************/
-
-include "../gates.circom";
-include "../bitify.circom";
-include "../comparators.circom";
-include "../switcher.circom";
-include "smtlevins.circom";
-include "smtprocessorlevel.circom";
-include "smtprocessorsm.circom";
-include "smthash_poseidon.circom";
-
-template SMTProcessor(nLevels) {
- signal input oldRoot;
- signal output newRoot;
- signal input siblings[nLevels];
- signal input oldKey;
- signal input oldValue;
- signal input isOld0;
- signal input newKey;
- signal input newValue;
- signal input fnc[2];
-
- signal enabled;
-
- var i;
-
- enabled <== fnc[0] + fnc[1] - fnc[0]*fnc[1]
-
- component hash1Old = SMTHash1();
- hash1Old.key <== oldKey;
- hash1Old.value <== oldValue;
-
- component hash1New = SMTHash1();
- hash1New.key <== newKey;
- hash1New.value <== newValue;
-
- component n2bOld = Num2Bits_strict();
- component n2bNew = Num2Bits_strict();
-
- n2bOld.in <== oldKey;
- n2bNew.in <== newKey;
-
- component smtLevIns = SMTLevIns(nLevels);
- for (i=0; i<nLevels; i++) smtLevIns.siblings[i] <== siblings[i];
- smtLevIns.enabled <== enabled;
-
- component xors[nLevels];
- for (i=0; i<nLevels; i++) {
- xors[i] = XOR();
- xors[i].a <== n2bOld.out[i];
- xors[i].b <== n2bNew.out[i];
- }
-
- component sm[nLevels];
- for (i=0; i<nLevels; i++) {
- sm[i] = SMTProcessorSM();
- if (i==0) {
- sm[i].prev_top <== enabled;
- sm[i].prev_old0 <== 0;
- sm[i].prev_bot <== 0;
- sm[i].prev_new1 <== 0;
- sm[i].prev_na <== 1-enabled;
- sm[i].prev_upd <== 0;
- } else {
- sm[i].prev_top <== sm[i-1].st_top;
- sm[i].prev_old0 <== sm[i-1].st_old0;
- sm[i].prev_bot <== sm[i-1].st_bot;
- sm[i].prev_new1 <== sm[i-1].st_new1;
- sm[i].prev_na <== sm[i-1].st_na;
- sm[i].prev_upd <== sm[i-1].st_upd;
- }
- sm[i].is0 <== isOld0;
- sm[i].xor <== xors[i].out;
- sm[i].fnc[0] <== fnc[0];
- sm[i].fnc[1] <== fnc[1];
- sm[i].levIns <== smtLevIns.levIns[i];
- }
- sm[nLevels-1].st_na + sm[nLevels-1].st_new1 + sm[nLevels-1].st_old0 +sm[nLevels-1].st_upd === 1;
-
- component levels[nLevels];
- for (i=nLevels-1; i != -1; i--) {
- levels[i] = SMTProcessorLevel();
-
- levels[i].st_top <== sm[i].st_top;
- levels[i].st_old0 <== sm[i].st_old0;
- levels[i].st_bot <== sm[i].st_bot;
- levels[i].st_new1 <== sm[i].st_new1;
- levels[i].st_na <== sm[i].st_na;
- levels[i].st_upd <== sm[i].st_upd;
-
- levels[i].sibling <== siblings[i];
- levels[i].old1leaf <== hash1Old.out;
- levels[i].new1leaf <== hash1New.out;
-
- levels[i].newlrbit <== n2bNew.out[i];
- if (i==nLevels-1) {
- levels[i].oldChild <== 0;
- levels[i].newChild <== 0;
- } else {
- levels[i].oldChild <== levels[i+1].oldRoot;
- levels[i].newChild <== levels[i+1].newRoot;
- }
- }
-
- component topSwitcher = Switcher();
-
- topSwitcher.sel <== fnc[0]*fnc[1];
- topSwitcher.L <== levels[0].oldRoot;
- topSwitcher.R <== levels[0].newRoot;
-
- component checkOldInput = ForceEqualIfEnabled();
- checkOldInput.enabled <== enabled;
- checkOldInput.in[0] <== oldRoot;
- checkOldInput.in[1] <== topSwitcher.outL;
-
- newRoot <== enabled * (topSwitcher.outR - oldRoot) + oldRoot;
-
-// topSwitcher.outL === oldRoot*enabled;
-// topSwitcher.outR === newRoot*enabled;
-
- // Ckeck keys are equal if updating
- component areKeyEquals = IsEqual();
- areKeyEquals.in[0] <== oldKey;
- areKeyEquals.in[1] <== newKey;
-
- component keysOk = MultiAND(3);
- keysOk.in[0] <== 1-fnc[0];
- keysOk.in[1] <== fnc[1];
- keysOk.in[2] <== 1-areKeyEquals.out;
-
- keysOk.out === 0;
-}
diff --git a/circuits/smt/smtprocessorlevel.circom b/circuits/smt/smtprocessorlevel.circom
deleted file mode 100644
index 117671e8..00000000
--- a/circuits/smt/smtprocessorlevel.circom
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/******
-
-SMTProcessorLevel
-
-This circuit has 2 hash
-
-Outputs according to the state.
-
-State oldRoot newRoot
-===== ======= =======
-top H'(oldChild, sibling) H'(newChild, sibling)
-old0 0 new1leaf
-bot old1leaf H'(newChild, 0)
-new1 old1leaf H'(new1leaf, old1leaf)
-na 0 0
-
-upd old1leaf new1leaf
-
-H' is the Hash function with the inputs shifted acordingly.
-
-*****/
-
-
-template SMTProcessorLevel() {
- signal input st_top;
- signal input st_old0;
- signal input st_bot;
- signal input st_new1;
- signal input st_na;
- signal input st_upd;
-
- signal output oldRoot;
- signal output newRoot;
- signal input sibling;
- signal input old1leaf;
- signal input new1leaf;
- signal input newlrbit;
- signal input oldChild;
- signal input newChild;
-
- signal aux[4];
-
- component oldProofHash = SMTHash2();
- component newProofHash = SMTHash2();
-
- component oldSwitcher = Switcher();
- component newSwitcher = Switcher();
-
- // Old side
-
- oldSwitcher.L <== oldChild;
- oldSwitcher.R <== sibling;
-
- oldSwitcher.sel <== newlrbit;
- oldProofHash.L <== oldSwitcher.outL;
- oldProofHash.R <== oldSwitcher.outR;
-
- aux[0] <== old1leaf * (st_bot + st_new1 + st_upd);
- oldRoot <== aux[0] + oldProofHash.out * st_top;
-
- // New side
-
- aux[1] <== newChild * ( st_top + st_bot);
- newSwitcher.L <== aux[1] + new1leaf*st_new1;
-
- aux[2] <== sibling*st_top;
- newSwitcher.R <== aux[2] + old1leaf*st_new1;
-
- newSwitcher.sel <== newlrbit;
- newProofHash.L <== newSwitcher.outL;
- newProofHash.R <== newSwitcher.outR;
-
- aux[3] <== newProofHash.out * (st_top + st_bot + st_new1);
- newRoot <== aux[3] + new1leaf * (st_old0 + st_upd);
-}
diff --git a/circuits/smt/smtprocessorsm.circom b/circuits/smt/smtprocessorsm.circom
deleted file mode 100644
index fac95b0d..00000000
--- a/circuits/smt/smtprocessorsm.circom
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/***************************************************************************************************
-Each level on a SMTProcessor has a state.
-
-The state of the level depends on the state of te botom level and on `xor` and
-`is0` signals.
-
-`isOldLev` 1 when is the level where oldLeaf is.
-
-`xor` signal is 0 if the index bit at the current level is the same in the old
-and the new index, and 1 if it is different.
-
-`is0` signal, is 1 if we are inserting/deleting in an empty leaf and 0 if we
-are inserting/deleting in a leaf that contains an element.
-
-The states are:
-
-top: While the index bits of the old and new insex in the top level is the same, whe are in the top state.
-old0: When the we reach insert level, we go to old0 state
-if `is0`=1.
-btn: Once in insert level and `is0` =0 we go to btn or new1 level if xor=1
-new1: This level is reached when xor=1. Here is where we insert/delete the hash of the
-old and the new trees with just one element.
-na: Not appliable. After processing it, we go to the na level.
-
-
-Fnction
-fnc[0] fnc[1]
-0 0 NOP
-0 1 UPDATE
-1 0 INSERT
-1 1 DELETE
-
-
- ###########
- # #
- ┌────────────────────────────▶# upd #─────────────────────┐
- │ ## ## │
- │ ######### │
- levIns=1 │ │
- fnc[0]=0 │ │ any
- │ │
- │ │
- │ │
- │ ########### │
- │ levIns=1 # # │
- levIns=0 │ is0=1 ┌────────────▶# old0 #────────┐ │ any
- ┌─────┐ │ fnc[0]=1│ ## ## │ │ ┌──────┐
- │ │ │ │ ######### │ any │ │ │
- │ ▼ │ │ │ ▼ ▼ │
- │ ########### │ │ ########### │
- │ # # ────────────┘ └────────▶# #│
- └──# top # # na #
- ## ## ───────────────────┐ levIns=1 ┌──▶## ##
- ######### │ is0=0 │ #########
- │ │ fnc[0]=1 │
- │ │ xor=1 ########### │ any
- │ └──────────────────▶# # │
- │ # new1 #──┘
- │ ## ##
- └────────────────────────────────┐ #########
- levIns=1 │ ▲
- is0=0 │ ┌─────┘
- fnc[0]=1 │ ###########│ xor=1
- xor=0 │ # #
- ▼# btn #
- ## ##
- #########◀───────┐
- │ │
- │ │
- └────────────┘
- xor=0
-
-***************************************************************************************************/
-
-template SMTProcessorSM() {
- signal input xor;
- signal input is0;
- signal input levIns;
- signal input fnc[2];
-
- signal input prev_top;
- signal input prev_old0;
- signal input prev_bot;
- signal input prev_new1;
- signal input prev_na;
- signal input prev_upd;
-
- signal output st_top;
- signal output st_old0;
- signal output st_bot;
- signal output st_new1;
- signal output st_na;
- signal output st_upd;
-
- signal aux1;
- signal aux2;
-
- aux1 <== prev_top * levIns;
- aux2 <== aux1*fnc[0]; // prev_top * levIns * fnc[0]
-
- // st_top = prev_top*(1-levIns)
- // = + prev_top
- // - prev_top * levIns = aux1
-
- st_top <== prev_top - aux1;
-
- // st_old0 = prev_top * levIns * is0 * fnc[0]
- // = + prev_top * levIns * is0 * fnc[0] = aux2 * is0
-
- st_old0 <== aux2 * is0; // prev_top * levIns * is0 * fnc[0]
-
- // st_new1 = prev_top * levIns * (1-is0)*fnc[0] * xor + prev_bot*xor =
- // = + prev_top * levIns * fnc[0] * xor = aux2 * xor
- // - prev_top * levIns * is0 * fnc[0] * xor = st_old0 * xor
- // + prev_bot * xor = prev_bot * xor
-
- st_new1 <== (aux2 - st_old0 + prev_bot)*xor;
-
-
- // st_bot = prev_top * levIns * (1-is0)*fnc[0] * (1-xor) + prev_bot*(1-xor);
- // = + prev_top * levIns * fnc[0]
- // - prev_top * levIns * is0 * fnc[0]
- // - prev_top * levIns * fnc[0] * xor
- // + prev_top * levIns * is0 * fnc[0] * xor
- // + prev_bot
- // - prev_bot * xor
-
- st_bot <== (1-xor) * (aux2 - st_old0 + prev_bot)
-
-
- // st_upd = prev_top * (1-fnc[0]) *levIns;
- // = + prev_top * levIns
- // - prev_top * levIns * fnc[0]
-
- st_upd <== aux1 - aux2
-
- // st_na = prev_new1 + prev_old0 + prev_na + prev_upd;
- // = + prev_new1
- // + prev_old0
- // + prev_na
- // + prev_upd
-
- st_na <== prev_new1 + prev_old0 + prev_na + prev_upd;
-
-}
diff --git a/circuits/smt/smtverifier.circom b/circuits/smt/smtverifier.circom
deleted file mode 100644
index 23cfc150..00000000
--- a/circuits/smt/smtverifier.circom
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/*
-
-SMTVerifier is a component to verify inclusion/exclusion of an element in the tree
-
-
-fnc: 0 -> VERIFY INCLUSION
- 1 -> VERIFY NOT INCLUSION
-
- */
-
-
-include "../gates.circom";
-include "../bitify.circom";
-include "../comparators.circom";
-include "../switcher.circom";
-include "smtlevins.circom";
-include "smtverifierlevel.circom";
-include "smtverifiersm.circom";
-include "smthash_poseidon.circom";
-
-template SMTVerifier(nLevels) {
- signal input enabled;
- signal input root;
- signal input siblings[nLevels];
- signal input oldKey;
- signal input oldValue;
- signal input isOld0;
- signal input key;
- signal input value;
- signal input fnc;
-
- var i;
-
- component hash1Old = SMTHash1();
- hash1Old.key <== oldKey;
- hash1Old.value <== oldValue;
-
- component hash1New = SMTHash1();
- hash1New.key <== key;
- hash1New.value <== value;
-
- component n2bOld = Num2Bits_strict();
- component n2bNew = Num2Bits_strict();
-
- n2bOld.in <== oldKey;
- n2bNew.in <== key;
-
- component smtLevIns = SMTLevIns(nLevels);
- for (i=0; i<nLevels; i++) smtLevIns.siblings[i] <== siblings[i];
- smtLevIns.enabled <== enabled;
-
- component sm[nLevels];
- for (i=0; i<nLevels; i++) {
- sm[i] = SMTVerifierSM();
- if (i==0) {
- sm[i].prev_top <== enabled;
- sm[i].prev_i0 <== 0;
- sm[i].prev_inew <== 0;
- sm[i].prev_iold <== 0;
- sm[i].prev_na <== 1-enabled;
- } else {
- sm[i].prev_top <== sm[i-1].st_top;
- sm[i].prev_i0 <== sm[i-1].st_i0;
- sm[i].prev_inew <== sm[i-1].st_inew;
- sm[i].prev_iold <== sm[i-1].st_iold;
- sm[i].prev_na <== sm[i-1].st_na;
- }
- sm[i].is0 <== isOld0;
- sm[i].fnc <== fnc;
- sm[i].levIns <== smtLevIns.levIns[i];
- }
- sm[nLevels-1].st_na + sm[nLevels-1].st_iold + sm[nLevels-1].st_inew + sm[nLevels-1].st_i0 === 1;
-
- component levels[nLevels];
- for (i=nLevels-1; i != -1; i--) {
- levels[i] = SMTVerifierLevel();
-
- levels[i].st_top <== sm[i].st_top;
- levels[i].st_i0 <== sm[i].st_i0;
- levels[i].st_inew <== sm[i].st_inew;
- levels[i].st_iold <== sm[i].st_iold;
- levels[i].st_na <== sm[i].st_na;
-
- levels[i].sibling <== siblings[i];
- levels[i].old1leaf <== hash1Old.out;
- levels[i].new1leaf <== hash1New.out;
-
- levels[i].lrbit <== n2bNew.out[i];
- if (i==nLevels-1) {
- levels[i].child <== 0;
- } else {
- levels[i].child <== levels[i+1].root;
- }
- }
-
-
- // Check that if checking for non inclussuin and isOld0==0 then key!=old
- component areKeyEquals = IsEqual();
- areKeyEquals.in[0] <== oldKey;
- areKeyEquals.in[1] <== key;
-
- component keysOk = MultiAND(4);
- keysOk.in[0] <== fnc;
- keysOk.in[1] <== 1-isOld0;
- keysOk.in[2] <== areKeyEquals.out;
- keysOk.in[3] <== enabled;
-
- keysOk.out === 0;
-
- // Check the root
- component checkRoot = ForceEqualIfEnabled();
- checkRoot.enabled <== enabled;
- checkRoot.in[0] <== levels[0].root;
- checkRoot.in[1] <== root;
-
- // levels[0].root === root;
-
-}
diff --git a/circuits/smt/smtverifierlevel.circom b/circuits/smt/smtverifierlevel.circom
deleted file mode 100644
index a866dae8..00000000
--- a/circuits/smt/smtverifierlevel.circom
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/******
-
-SMTVerifierLevel
-
-This circuit has 1 hash
-
-Outputs according to the state.
-
-State root
-===== =======
-top H'(child, sibling)
-i0 0
-iold old1leaf
-inew new1leaf
-na 0
-
-H' is the Hash function with the inputs shifted acordingly.
-
-*****/
-
-
-template SMTVerifierLevel() {
- signal input st_top;
- signal input st_i0;
- signal input st_iold;
- signal input st_inew;
- signal input st_na;
-
- signal output root;
- signal input sibling;
- signal input old1leaf;
- signal input new1leaf;
- signal input lrbit;
- signal input child;
-
- signal aux[2];
-
- component proofHash = SMTHash2();
- component switcher = Switcher();
-
- switcher.L <== child;
- switcher.R <== sibling;
-
- switcher.sel <== lrbit;
- proofHash.L <== switcher.outL;
- proofHash.R <== switcher.outR;
-
- aux[0] <== proofHash.out * st_top;
- aux[1] <== old1leaf*st_iold;
-
- root <== aux[0] + aux[1] + new1leaf*st_inew;
-}
diff --git a/circuits/smt/smtverifiersm.circom b/circuits/smt/smtverifiersm.circom
deleted file mode 100644
index f5196530..00000000
--- a/circuits/smt/smtverifiersm.circom
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/*
-Each level in the SMTVerifier has a state.
-
-This is the state machine.
-
-The signals are
-
-levIns: 1 if we are in the level where the insertion should happen
-xor: 1 if the bitKey of the old and new keys are different in this level
-is0: Input that indicates that the oldKey is 0
-fnc: 0 -> VERIFY INCLUSION
- 1 -> VERIFY NOT INCLUSION
-
-err state is not a state itself. It's a lack of state.
-
-The end of the last level will have to be `na`
-
- levIns=0 any
- ┌────┐ ┌────┐
- │ │ │ │
- │ ▼ levIns=1 ▼ │
- │ ########### is0=1 ########### ########### │
- │ # # fnc=1 # # any # # │
- └──# top # ─────────────────────▶# i0 #───────────────▶# na #──┘
- ## ## ──────────┐ ## ## ┌───────▶## ##
- ########─────────────┐│ ######### │┌────────▶#########
- ││ levIns=1 ││
- ││ is0=0 ########### ││
- ││ fnc=1 # # any│
- │└──────────▶ # iold #────────┘│
- │ ## ## │
- │ ######### │
- │ │
- │ levIns=1 ########### │
- │ fnc=0 # # any
- └────────────▶# inew #─────────┘
- ## ##
- #########
-
- */
-
-
-template SMTVerifierSM() {
- signal input is0;
- signal input levIns;
- signal input fnc;
-
- signal input prev_top;
- signal input prev_i0;
- signal input prev_iold;
- signal input prev_inew;
- signal input prev_na;
-
- signal output st_top;
- signal output st_i0;
- signal output st_iold;
- signal output st_inew;
- signal output st_na;
-
- signal prev_top_lev_ins;
- signal prev_top_lev_ins_fnc;
-
- prev_top_lev_ins <== prev_top * levIns;
- prev_top_lev_ins_fnc <== prev_top_lev_ins*fnc; // prev_top * levIns * fnc
-
- // st_top = prev_top * (1-levIns)
- // = + prev_top
- // - prev_top * levIns
- st_top <== prev_top - prev_top_lev_ins;
-
- // st_inew = prev_top * levIns * (1-fnc)
- // = + prev_top * levIns
- // - prev_top * levIns * fnc
- st_inew <== prev_top_lev_ins - prev_top_lev_ins_fnc;
-
- // st_iold = prev_top * levIns * (1-is0)*fnc
- // = + prev_top * levIns * fnc
- // - prev_top * levIns * fnc * is0
- st_iold <== prev_top_lev_ins_fnc * (1 - is0);
-
- // st_i0 = prev_top * levIns * is0
- // = + prev_top * levIns * is0
- st_i0 <== prev_top_lev_ins * is0;
-
- st_na <== prev_na + prev_inew + prev_iold + prev_i0;
-}
diff --git a/circuits/switcher.circom b/circuits/switcher.circom
deleted file mode 100644
index 4d8b1147..00000000
--- a/circuits/switcher.circom
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/*
- Assume sel is binary.
-
- If sel == 0 then outL = L and outR=R
- If sel == 1 then outL = R and outR=L
-
- */
-
-template Switcher() {
- signal input sel;
- signal input L;
- signal input R;
- signal output outL;
- signal output outR;
-
- signal aux;
-
- aux <== (R-L)*sel; // We create aux in order to have only one multiplication
- outL <== aux + L;
- outR <== -aux + R;
-}
diff --git a/test/circuits/aliascheck_test.circom b/test/circuits/aliascheck_test.circom
deleted file mode 100644
index dc2252d2..00000000
--- a/test/circuits/aliascheck_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/aliascheck.circom";
-
-component main = AliasCheck()
diff --git a/test/circuits/babyadd_tester.circom b/test/circuits/babyadd_tester.circom
deleted file mode 100644
index 129acfac..00000000
--- a/test/circuits/babyadd_tester.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/babyjub.circom";
-
-component main = BabyAdd();
diff --git a/test/circuits/binsub_test.circom b/test/circuits/binsub_test.circom
deleted file mode 100644
index 254b6f39..00000000
--- a/test/circuits/binsub_test.circom
+++ /dev/null
@@ -1,31 +0,0 @@
-include "../../circuits/bitify.circom"
-include "../../circuits/binsub.circom"
-
-template A() {
- signal private input a;
- signal input b;
- signal output out;
-
- var i;
-
- component n2ba = Num2Bits(16);
- component n2bb = Num2Bits(16);
- component sub = BinSub(16);
- component b2n = Bits2Num(16);
-
- n2ba.in <== a;
- n2bb.in <== b;
-
- for (i=0; i<16; i++) {
- sub.in[0][i] <== n2ba.out[i];
- sub.in[1][i] <== n2bb.out[i];
- }
-
- for (i=0; i<16; i++) {
- b2n.in[i] <== sub.out[i];
- }
-
- out <== b2n.out;
-}
-
-component main = A();
diff --git a/test/circuits/greatereqthan.circom b/test/circuits/greatereqthan.circom
deleted file mode 100644
index 3428ac27..00000000
--- a/test/circuits/greatereqthan.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../../circuits/comparators.circom";
-
-component main = GreaterEqThan(32);
diff --git a/test/circuits/greaterthan.circom b/test/circuits/greaterthan.circom
deleted file mode 100644
index b890ba81..00000000
--- a/test/circuits/greaterthan.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../../circuits/comparators.circom";
-
-component main = GreaterThan(32);
diff --git a/test/circuits/isequal.circom b/test/circuits/isequal.circom
deleted file mode 100644
index c14d506f..00000000
--- a/test/circuits/isequal.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../../circuits/comparators.circom";
-
-component main = IsEqual();
diff --git a/test/circuits/iszero.circom b/test/circuits/iszero.circom
deleted file mode 100644
index 0ca0589f..00000000
--- a/test/circuits/iszero.circom
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-include "../../circuits/comparators.circom";
-
-component main = IsZero();
diff --git a/test/circuits/lesseqthan.circom b/test/circuits/lesseqthan.circom
deleted file mode 100644
index db2eda47..00000000
--- a/test/circuits/lesseqthan.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../../circuits/comparators.circom";
-
-component main = LessEqThan(32);
diff --git a/test/circuits/lessthan.circom b/test/circuits/lessthan.circom
deleted file mode 100644
index 63944f2e..00000000
--- a/test/circuits/lessthan.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../../circuits/comparators.circom";
-
-component main = LessThan(32);
From 8ffdabd946a5d7e58510cf67193e39a50dbaada3 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 1 Apr 2020 09:55:15 +0200
Subject: [PATCH 03/27] Worked on basics folder
---
README_templates/README_folder.md | 9 +
README_templates/README_spec.md | 19 ++
circuits/basics/README.md | 48 +++
circuits/basics/aliascheck/README.md | 41 +++
circuits/basics/aliascheck/aliascheck.circom | 32 ++
circuits/basics/aliascheck/aliascheck.test.js | 73 +++++
.../basics/aliascheck/aliascheck_test.circom | 3 +
circuits/basics/binary_arithmetic/README.md | 10 +
.../basics/binary_arithmetic/binsub/README.md | 41 +++
.../binary_arithmetic/binsub/binsub.circom | 73 +++++
.../binary_arithmetic/binsub/binsub.test.js | 51 +++
.../binsub/binsub_test.circom | 31 ++
.../basics/binary_arithmetic/binsum/README.md | 29 ++
.../binary_arithmetic/binsum/binsum.circom | 100 ++++++
.../binary_arithmetic/binsum/binsum.test.js | 37 +++
circuits/basics/bitify/README.md | 13 +
circuits/basics/bitify/bits2num/README.md | 35 ++
.../basics/bitify/bits2num/bits2num.circom | 32 ++
.../basics/bitify/bits2num_strict/README.md | 35 ++
.../bits2num_strict/bits2num_strict.circom | 36 +++
circuits/basics/bitify/num2bits/README.md | 38 +++
.../basics/bitify/num2bits/num2bits.circom | 34 ++
.../basics/bitify/num2bits_strict/README.md | 38 +++
.../num2bits_strict/num2bits_strict.circom | 35 ++
circuits/basics/bitify/num2bitsneg/README.md | 38 +++
.../bitify/num2bitsneg/num2bitsneg.circom | 44 +++
circuits/basics/comparators/README.md | 15 +
.../basics/comparators/comparators.circom | 139 ++++++++
.../basics/comparators/comparators.test.js | 184 +++++++++++
.../comparators/forceequalifenabled/README.md | 19 ++
.../forceequalifenabled.circom | 31 ++
.../comparators/greatereqthan/README.md | 19 ++
.../greatereqthan/greatereqthan.circom | 34 ++
.../greatereqthan/greatereqthan.test.circom | 4 +
.../basics/comparators/greaterthan/README.md | 19 ++
.../greaterthan/greaterthan.circom | 33 ++
.../greaterthan/greaterthan.test.circom | 4 +
circuits/basics/comparators/isequal/README.md | 19 ++
.../basics/comparators/isequal/isequal.circom | 31 ++
.../comparators/isequal/isequal.test.circom | 4 +
circuits/basics/comparators/iszero/README.md | 19 ++
.../basics/comparators/iszero/iszero.circom | 30 ++
.../comparators/iszero/iszero.test.circom | 5 +
.../basics/comparators/lesseqthan/README.md | 19 ++
.../comparators/lesseqthan/lesseqthan.circom | 33 ++
.../lesseqthan/lesseqthan.test.circom | 4 +
.../basics/comparators/lessthan/README.md | 19 ++
.../comparators/lessthan/lessthan.circom | 31 ++
.../comparators/lessthan/lessthan.test.circom | 4 +
circuits/basics/compconstant/README.md | 21 ++
.../basics/compconstant/compconstant.circom | 73 +++++
circuits/basics/logic_gates/README.md | 15 +
circuits/basics/logic_gates/and/README.md | 19 ++
circuits/basics/logic_gates/and/and.circom | 26 ++
.../basics/logic_gates/multiand/README.md | 19 ++
.../logic_gates/multiand/multiand.circom | 49 +++
circuits/basics/logic_gates/nand/README.md | 19 ++
circuits/basics/logic_gates/nand/nand.circom | 26 ++
circuits/basics/logic_gates/nor/README.md | 19 ++
circuits/basics/logic_gates/nor/nor.circom | 28 ++
circuits/basics/logic_gates/not/README.md | 19 ++
circuits/basics/logic_gates/not/not.circom | 25 ++
circuits/basics/logic_gates/or/README.md | 19 ++
circuits/basics/logic_gates/or/or.circom | 26 ++
circuits/basics/logic_gates/xor/README.md | 19 ++
circuits/basics/logic_gates/xor/xor.circom | 26 ++
circuits/basics/multiplexer/README.md | 11 +
circuits/basics/multiplexer/decoder/README.md | 19 ++
.../basics/multiplexer/decoder/decoder.circom | 34 ++
.../basics/multiplexer/multiplexer/README.md | 19 ++
.../multiplexer/multiplexer.circom | 43 +++
.../multiplexer/scalarproduct/README.md | 19 ++
.../scalarproduct/scalarproduct.circom | 31 ++
circuits/basics/mux/README.md | 0
circuits/basics/mux/multimux1/README.md | 19 ++
circuits/basics/mux/multimux2/README.md | 19 ++
circuits/basics/mux/multimux3/README.md | 19 ++
circuits/basics/mux/multimux4/README.md | 19 ++
circuits/basics/mux/mux1/README.md | 19 ++
circuits/basics/mux/mux1/mux1.circom | 47 +++
circuits/basics/mux/mux1/mux1_1.circom | 31 ++
circuits/basics/mux/mux2/README.md | 19 ++
circuits/basics/mux/mux2/mux2.circom | 62 ++++
circuits/basics/mux/mux2/mux2_1.circom | 35 ++
circuits/basics/mux/mux3/README.md | 19 ++
circuits/basics/mux/mux3/mux3.circom | 74 +++++
circuits/basics/mux/mux3/mux3_1.circom | 39 +++
circuits/basics/mux/mux4/README.md | 19 ++
circuits/basics/mux/mux4/mux4.circom | 118 +++++++
circuits/basics/mux/mux4/mux4_1.circom | 54 ++++
circuits/basics/old_README.md | 29 ++
circuits/basics/sign/README.md | 19 ++
circuits/basics/sign/sign.circom | 35 ++
circuits/basics/switcher/README.md | 19 ++
circuits/basics/switcher/switcher.circom | 40 +++
circuits/cryptography/README.md | 21 ++
.../cryptography/elliptic_curves/README.md | 25 ++
.../elliptic_curves/baby_jubjub/README.md | 24 ++
.../baby_jubjub/babyjub.circom | 106 +++++++
.../baby_jubjub/babyjub.test.js | 112 +++++++
.../baby_jubjub/babyjub_js.test.js | 164 ++++++++++
.../baby_jubjub/edwards/README.md | 0
.../baby_jubjub/edwards/babyadd/README.md | 53 ++++
.../edwards/babyadd/babyadd_test.circom | 3 +
.../baby_jubjub/edwards/babycheck/README.md | 21 ++
.../edwards/babycheck/babycheck_test.circom | 3 +
.../baby_jubjub/edwards/babydbl/README.md | 21 ++
.../baby_jubjub/edwards/babypbk/README.md | 21 ++
.../edwards/babypbk/babypbk_test.circom | 3 +
.../baby_jubjub/edwards/scalar_mul/README.md | 0
.../edwards/scalar_mul/scalarmul/README.md | 19 ++
.../edwards/scalar_mul/scalarmulany/README.md | 19 ++
.../edwards/scalar_mul/scalarmulfix/README.md | 19 ++
.../scalar_mul/scalarmulwtable/README.md | 19 ++
.../baby_jubjub/edwards2montgomery/README.md | 19 ++
.../baby_jubjub/escalarmul.circom | 165 ++++++++++
.../baby_jubjub/escalarmulany.circom | 196 ++++++++++++
.../baby_jubjub/escalarmulfix.circom | 298 ++++++++++++++++++
.../baby_jubjub/escalarmulw4table.circom | 51 +++
.../baby_jubjub/montgomery.circom | 141 +++++++++
.../baby_jubjub/montgomery/README.md | 24 ++
.../montgomery/montgomeryadd/README.md | 19 ++
.../montgomery/montgomerydouble/README.md | 19 ++
.../baby_jubjub/montgomery2edwards/README.md | 19 ++
.../baby_jubjub/point2bits/README.md | 19 ++
.../baby_jubjub/point2bits/pointbits.circom | 163 ++++++++++
.../cryptography/hash_functions/README.md | 20 ++
.../hash_functions/mimc/README.md | 0
.../hash_functions/mimc/mimc7/README.md | 19 ++
.../hash_functions/mimc/mimc7/mimc.circom | 155 +++++++++
.../mimc/mimc7/mimc_test.circom | 3 +
.../mimc/mimc7/mimccircuit.test.js | 25 ++
.../mimc/mimc7/mimccontract.test.js | 48 +++
.../hash_functions/mimc/mimcfeistel/README.md | 19 ++
.../hash_functions/mimc/mimcsponge/README.md | 19 ++
.../mimcsponge/mimc_sponge_hash_test.circom | 3 +
.../mimc/mimcsponge/mimc_sponge_test.circom | 3 +
.../mimc/mimcsponge/mimcsponge.circom | 290 +++++++++++++++++
.../mimc/mimcsponge/mimcspongecircuit.test.js | 37 +++
.../mimcsponge/mimcspongecontract.test.js | 43 +++
.../hash_functions/mimc/multimimc7/README.md | 19 ++
.../hash_functions/pedersen/README.md | 19 ++
.../hash_functions/pedersen/pedersen.test.js | 77 +++++
.../pedersen/pedersen/pedersen.circom | 255 +++++++++++++++
.../hash_functions/pedersen/pedersen2.test.js | 49 +++
.../pedersen/pedersen2_test.circom | 32 ++
.../pedersen/pedersen_old/pedersen_old.circom | 66 ++++
.../pedersen/pedersen_test.circom | 29 ++
.../hash_functions/poseidon/README.md | 19 ++
.../hash_functions/poseidon/poseidon.circom | 208 ++++++++++++
.../poseidon/poseidon3_test.circom | 3 +
.../poseidon/poseidon6_test.circom | 3 +
.../poseidon/poseidoncircuit.test.js | 76 +++++
.../poseidon/poseidoncontract.test.js | 69 ++++
.../hash_functions/sha256/README.md | 19 ++
.../hash_functions/sha256/ch.circom | 46 +++
.../hash_functions/sha256/constants.circom | 52 +++
.../sha256/constants_test.circom | 18 ++
.../hash_functions/sha256/main.circom | 34 ++
.../hash_functions/sha256/maj.circom | 44 +++
.../hash_functions/sha256/rotate.circom | 27 ++
.../hash_functions/sha256/sha256.circom | 81 +++++
.../hash_functions/sha256/sha256_2.circom | 90 ++++++
.../sha256/sha256compression.circom | 159 ++++++++++
.../hash_functions/sha256/shift.circom | 32 ++
.../hash_functions/sha256/sigma.circom | 76 +++++
.../hash_functions/sha256/sigmaplus.circom | 49 +++
.../hash_functions/sha256/t1.circom | 57 ++++
.../hash_functions/sha256/t2.circom | 50 +++
.../hash_functions/sha256/xor3.circom | 44 +++
circuits/cryptography/signatures/README.md | 9 +
.../cryptography/signatures/eddsa/README.md | 19 ++
.../signatures/eddsa/eddsa/eddsa.circom | 138 ++++++++
.../signatures/eddsa/eddsa/eddsa.test.js | 67 ++++
.../signatures/eddsa/eddsa/eddsa_js.test.js | 82 +++++
.../signatures/eddsa/eddsa/eddsa_test.circom | 3 +
.../eddsa/eddsamimc/eddsamimc.circom | 123 ++++++++
.../eddsa/eddsamimc/eddsamimc.test.js | 96 ++++++
.../eddsa/eddsamimc/eddsamimc_test.circom | 3 +
.../eddsamimcsponge/eddsamimcsponge.circom | 123 ++++++++
.../eddsa/eddsaposeidon/eddsaposeidon.circom | 122 +++++++
.../eddsa/eddsaposeidon/eddsaposeidon.test.js | 99 ++++++
.../eddsaposeidon/eddsaposeidon_test.circom | 3 +
circuits/cryptography/smt/README.md | 19 ++
circuits/cryptography/smt/smthash_mimc.circom | 57 ++++
.../cryptography/smt/smthash_poseidon.circom | 56 ++++
circuits/cryptography/smt/smtjs.test.js | 181 +++++++++++
circuits/cryptography/smt/smtlevins.circom | 102 ++++++
circuits/cryptography/smt/smtprocessor.circom | 260 +++++++++++++++
.../cryptography/smt/smtprocessor.test.js | 208 ++++++++++++
.../smt/smtprocessor10_test.circom | 3 +
.../cryptography/smt/smtprocessorlevel.circom | 94 ++++++
.../cryptography/smt/smtprocessorsm.circom | 164 ++++++++++
circuits/cryptography/smt/smtverifier.circom | 137 ++++++++
circuits/cryptography/smt/smtverifier.test.js | 136 ++++++++
.../smt/smtverifier10_test.circom | 3 +
.../cryptography/smt/smtverifierlevel.circom | 71 +++++
.../cryptography/smt/smtverifiersm.circom | 105 ++++++
gen_index.py | 19 ++
test/circuits/babyadd_test.circom | 3 +
test/edwards2montgomery.circom | 3 +
test/escalarmul.test.js | 114 +++++++
test/escalarmul_min_test.circom | 26 ++
test/escalarmul_test.circom | 31 ++
test/escalarmul_test_min.circom | 26 ++
test/escalarmulany.test.js | 46 +++
test/escalarmulany_test.circom | 28 ++
test/escalarmulfix.test.js | 90 ++++++
test/escalarmulfix_test.circom | 29 ++
test/escalarmulw4table.circom | 6 +
test/escalarmulw4table_test.circom | 17 +
test/escalarmulw4table_test3.circom | 17 +
test/in.json | 258 +++++++++++++++
test/montgomery.test.js | 91 ++++++
test/montgomery2edwards.circom | 3 +
test/montgomeryadd.circom | 3 +
test/montgomerydouble.circom | 3 +
test/multiplexer.test.js | 98 ++++++
test/point2bits.test.js | 23 ++
test/pointbits_loopback.circom | 23 ++
test/sha256.test.js | 115 +++++++
test/sha256_2_test.circom | 15 +
test/sha256_test448.circom | 3 +
test/sha256_test512.circom | 3 +
test/sign.test.js | 79 +++++
test/sign_test.circom | 3 +
test/sum_test.circom | 31 ++
227 files changed, 11033 insertions(+)
create mode 100644 README_templates/README_folder.md
create mode 100644 README_templates/README_spec.md
create mode 100644 circuits/basics/README.md
create mode 100644 circuits/basics/aliascheck/README.md
create mode 100644 circuits/basics/aliascheck/aliascheck.circom
create mode 100644 circuits/basics/aliascheck/aliascheck.test.js
create mode 100644 circuits/basics/aliascheck/aliascheck_test.circom
create mode 100644 circuits/basics/binary_arithmetic/README.md
create mode 100644 circuits/basics/binary_arithmetic/binsub/README.md
create mode 100644 circuits/basics/binary_arithmetic/binsub/binsub.circom
create mode 100644 circuits/basics/binary_arithmetic/binsub/binsub.test.js
create mode 100644 circuits/basics/binary_arithmetic/binsub/binsub_test.circom
create mode 100644 circuits/basics/binary_arithmetic/binsum/README.md
create mode 100644 circuits/basics/binary_arithmetic/binsum/binsum.circom
create mode 100644 circuits/basics/binary_arithmetic/binsum/binsum.test.js
create mode 100644 circuits/basics/bitify/README.md
create mode 100644 circuits/basics/bitify/bits2num/README.md
create mode 100644 circuits/basics/bitify/bits2num/bits2num.circom
create mode 100644 circuits/basics/bitify/bits2num_strict/README.md
create mode 100644 circuits/basics/bitify/bits2num_strict/bits2num_strict.circom
create mode 100644 circuits/basics/bitify/num2bits/README.md
create mode 100644 circuits/basics/bitify/num2bits/num2bits.circom
create mode 100644 circuits/basics/bitify/num2bits_strict/README.md
create mode 100644 circuits/basics/bitify/num2bits_strict/num2bits_strict.circom
create mode 100644 circuits/basics/bitify/num2bitsneg/README.md
create mode 100644 circuits/basics/bitify/num2bitsneg/num2bitsneg.circom
create mode 100644 circuits/basics/comparators/README.md
create mode 100644 circuits/basics/comparators/comparators.circom
create mode 100644 circuits/basics/comparators/comparators.test.js
create mode 100644 circuits/basics/comparators/forceequalifenabled/README.md
create mode 100644 circuits/basics/comparators/forceequalifenabled/forceequalifenabled.circom
create mode 100644 circuits/basics/comparators/greatereqthan/README.md
create mode 100644 circuits/basics/comparators/greatereqthan/greatereqthan.circom
create mode 100644 circuits/basics/comparators/greatereqthan/greatereqthan.test.circom
create mode 100644 circuits/basics/comparators/greaterthan/README.md
create mode 100644 circuits/basics/comparators/greaterthan/greaterthan.circom
create mode 100644 circuits/basics/comparators/greaterthan/greaterthan.test.circom
create mode 100644 circuits/basics/comparators/isequal/README.md
create mode 100644 circuits/basics/comparators/isequal/isequal.circom
create mode 100644 circuits/basics/comparators/isequal/isequal.test.circom
create mode 100644 circuits/basics/comparators/iszero/README.md
create mode 100644 circuits/basics/comparators/iszero/iszero.circom
create mode 100644 circuits/basics/comparators/iszero/iszero.test.circom
create mode 100644 circuits/basics/comparators/lesseqthan/README.md
create mode 100644 circuits/basics/comparators/lesseqthan/lesseqthan.circom
create mode 100644 circuits/basics/comparators/lesseqthan/lesseqthan.test.circom
create mode 100644 circuits/basics/comparators/lessthan/README.md
create mode 100644 circuits/basics/comparators/lessthan/lessthan.circom
create mode 100644 circuits/basics/comparators/lessthan/lessthan.test.circom
create mode 100644 circuits/basics/compconstant/README.md
create mode 100644 circuits/basics/compconstant/compconstant.circom
create mode 100644 circuits/basics/logic_gates/README.md
create mode 100644 circuits/basics/logic_gates/and/README.md
create mode 100644 circuits/basics/logic_gates/and/and.circom
create mode 100644 circuits/basics/logic_gates/multiand/README.md
create mode 100644 circuits/basics/logic_gates/multiand/multiand.circom
create mode 100644 circuits/basics/logic_gates/nand/README.md
create mode 100644 circuits/basics/logic_gates/nand/nand.circom
create mode 100644 circuits/basics/logic_gates/nor/README.md
create mode 100644 circuits/basics/logic_gates/nor/nor.circom
create mode 100644 circuits/basics/logic_gates/not/README.md
create mode 100644 circuits/basics/logic_gates/not/not.circom
create mode 100644 circuits/basics/logic_gates/or/README.md
create mode 100644 circuits/basics/logic_gates/or/or.circom
create mode 100644 circuits/basics/logic_gates/xor/README.md
create mode 100644 circuits/basics/logic_gates/xor/xor.circom
create mode 100644 circuits/basics/multiplexer/README.md
create mode 100644 circuits/basics/multiplexer/decoder/README.md
create mode 100644 circuits/basics/multiplexer/decoder/decoder.circom
create mode 100644 circuits/basics/multiplexer/multiplexer/README.md
create mode 100644 circuits/basics/multiplexer/multiplexer/multiplexer.circom
create mode 100644 circuits/basics/multiplexer/scalarproduct/README.md
create mode 100644 circuits/basics/multiplexer/scalarproduct/scalarproduct.circom
create mode 100644 circuits/basics/mux/README.md
create mode 100644 circuits/basics/mux/multimux1/README.md
create mode 100644 circuits/basics/mux/multimux2/README.md
create mode 100644 circuits/basics/mux/multimux3/README.md
create mode 100644 circuits/basics/mux/multimux4/README.md
create mode 100644 circuits/basics/mux/mux1/README.md
create mode 100644 circuits/basics/mux/mux1/mux1.circom
create mode 100644 circuits/basics/mux/mux1/mux1_1.circom
create mode 100644 circuits/basics/mux/mux2/README.md
create mode 100644 circuits/basics/mux/mux2/mux2.circom
create mode 100644 circuits/basics/mux/mux2/mux2_1.circom
create mode 100644 circuits/basics/mux/mux3/README.md
create mode 100644 circuits/basics/mux/mux3/mux3.circom
create mode 100644 circuits/basics/mux/mux3/mux3_1.circom
create mode 100644 circuits/basics/mux/mux4/README.md
create mode 100644 circuits/basics/mux/mux4/mux4.circom
create mode 100644 circuits/basics/mux/mux4/mux4_1.circom
create mode 100644 circuits/basics/old_README.md
create mode 100644 circuits/basics/sign/README.md
create mode 100644 circuits/basics/sign/sign.circom
create mode 100644 circuits/basics/switcher/README.md
create mode 100644 circuits/basics/switcher/switcher.circom
create mode 100644 circuits/cryptography/README.md
create mode 100644 circuits/cryptography/elliptic_curves/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/babyjub.circom
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/babyjub.test.js
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/babyjub_js.test.js
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk_test.circom
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards2montgomery/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/escalarmul.circom
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulany.circom
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulfix.circom
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulw4table.circom
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/montgomery.circom
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/montgomery2edwards/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/point2bits/README.md
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/point2bits/pointbits.circom
create mode 100644 circuits/cryptography/hash_functions/README.md
create mode 100644 circuits/cryptography/hash_functions/mimc/README.md
create mode 100644 circuits/cryptography/hash_functions/mimc/mimc7/README.md
create mode 100644 circuits/cryptography/hash_functions/mimc/mimc7/mimc.circom
create mode 100644 circuits/cryptography/hash_functions/mimc/mimc7/mimc_test.circom
create mode 100644 circuits/cryptography/hash_functions/mimc/mimc7/mimccircuit.test.js
create mode 100644 circuits/cryptography/hash_functions/mimc/mimc7/mimccontract.test.js
create mode 100644 circuits/cryptography/hash_functions/mimc/mimcfeistel/README.md
create mode 100644 circuits/cryptography/hash_functions/mimc/mimcsponge/README.md
create mode 100644 circuits/cryptography/hash_functions/mimc/mimcsponge/mimc_sponge_hash_test.circom
create mode 100644 circuits/cryptography/hash_functions/mimc/mimcsponge/mimc_sponge_test.circom
create mode 100644 circuits/cryptography/hash_functions/mimc/mimcsponge/mimcsponge.circom
create mode 100644 circuits/cryptography/hash_functions/mimc/mimcsponge/mimcspongecircuit.test.js
create mode 100644 circuits/cryptography/hash_functions/mimc/mimcsponge/mimcspongecontract.test.js
create mode 100644 circuits/cryptography/hash_functions/mimc/multimimc7/README.md
create mode 100644 circuits/cryptography/hash_functions/pedersen/README.md
create mode 100644 circuits/cryptography/hash_functions/pedersen/pedersen.test.js
create mode 100644 circuits/cryptography/hash_functions/pedersen/pedersen/pedersen.circom
create mode 100644 circuits/cryptography/hash_functions/pedersen/pedersen2.test.js
create mode 100644 circuits/cryptography/hash_functions/pedersen/pedersen2_test.circom
create mode 100644 circuits/cryptography/hash_functions/pedersen/pedersen_old/pedersen_old.circom
create mode 100644 circuits/cryptography/hash_functions/pedersen/pedersen_test.circom
create mode 100644 circuits/cryptography/hash_functions/poseidon/README.md
create mode 100644 circuits/cryptography/hash_functions/poseidon/poseidon.circom
create mode 100644 circuits/cryptography/hash_functions/poseidon/poseidon3_test.circom
create mode 100644 circuits/cryptography/hash_functions/poseidon/poseidon6_test.circom
create mode 100644 circuits/cryptography/hash_functions/poseidon/poseidoncircuit.test.js
create mode 100644 circuits/cryptography/hash_functions/poseidon/poseidoncontract.test.js
create mode 100644 circuits/cryptography/hash_functions/sha256/README.md
create mode 100644 circuits/cryptography/hash_functions/sha256/ch.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/constants.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/constants_test.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/main.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/maj.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/rotate.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/sha256.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/sha256_2.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/sha256compression.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/shift.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/sigma.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/sigmaplus.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/t1.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/t2.circom
create mode 100644 circuits/cryptography/hash_functions/sha256/xor3.circom
create mode 100644 circuits/cryptography/signatures/README.md
create mode 100644 circuits/cryptography/signatures/eddsa/README.md
create mode 100644 circuits/cryptography/signatures/eddsa/eddsa/eddsa.circom
create mode 100644 circuits/cryptography/signatures/eddsa/eddsa/eddsa.test.js
create mode 100644 circuits/cryptography/signatures/eddsa/eddsa/eddsa_js.test.js
create mode 100644 circuits/cryptography/signatures/eddsa/eddsa/eddsa_test.circom
create mode 100644 circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc.circom
create mode 100644 circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc.test.js
create mode 100644 circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc_test.circom
create mode 100644 circuits/cryptography/signatures/eddsa/eddsamimcsponge/eddsamimcsponge.circom
create mode 100644 circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon.circom
create mode 100644 circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon.test.js
create mode 100644 circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon_test.circom
create mode 100644 circuits/cryptography/smt/README.md
create mode 100644 circuits/cryptography/smt/smthash_mimc.circom
create mode 100644 circuits/cryptography/smt/smthash_poseidon.circom
create mode 100644 circuits/cryptography/smt/smtjs.test.js
create mode 100644 circuits/cryptography/smt/smtlevins.circom
create mode 100644 circuits/cryptography/smt/smtprocessor.circom
create mode 100644 circuits/cryptography/smt/smtprocessor.test.js
create mode 100644 circuits/cryptography/smt/smtprocessor10_test.circom
create mode 100644 circuits/cryptography/smt/smtprocessorlevel.circom
create mode 100644 circuits/cryptography/smt/smtprocessorsm.circom
create mode 100644 circuits/cryptography/smt/smtverifier.circom
create mode 100644 circuits/cryptography/smt/smtverifier.test.js
create mode 100644 circuits/cryptography/smt/smtverifier10_test.circom
create mode 100644 circuits/cryptography/smt/smtverifierlevel.circom
create mode 100644 circuits/cryptography/smt/smtverifiersm.circom
create mode 100755 gen_index.py
create mode 100644 test/circuits/babyadd_test.circom
create mode 100644 test/edwards2montgomery.circom
create mode 100644 test/escalarmul.test.js
create mode 100644 test/escalarmul_min_test.circom
create mode 100644 test/escalarmul_test.circom
create mode 100644 test/escalarmul_test_min.circom
create mode 100644 test/escalarmulany.test.js
create mode 100644 test/escalarmulany_test.circom
create mode 100644 test/escalarmulfix.test.js
create mode 100644 test/escalarmulfix_test.circom
create mode 100644 test/escalarmulw4table.circom
create mode 100644 test/escalarmulw4table_test.circom
create mode 100644 test/escalarmulw4table_test3.circom
create mode 100644 test/in.json
create mode 100644 test/montgomery.test.js
create mode 100644 test/montgomery2edwards.circom
create mode 100644 test/montgomeryadd.circom
create mode 100644 test/montgomerydouble.circom
create mode 100644 test/multiplexer.test.js
create mode 100644 test/point2bits.test.js
create mode 100644 test/pointbits_loopback.circom
create mode 100644 test/sha256.test.js
create mode 100644 test/sha256_2_test.circom
create mode 100644 test/sha256_test448.circom
create mode 100644 test/sha256_test512.circom
create mode 100644 test/sign.test.js
create mode 100644 test/sign_test.circom
create mode 100644 test/sum_test.circom
diff --git a/README_templates/README_folder.md b/README_templates/README_folder.md
new file mode 100644
index 00000000..15526200
--- /dev/null
+++ b/README_templates/README_folder.md
@@ -0,0 +1,9 @@
+# `folder name`
+
+This folder contains the templates ... ".
+
+## Structure of the Folder
+
+TOC
+
+## Background on ... (if necessary)
\ No newline at end of file
diff --git a/README_templates/README_spec.md b/README_templates/README_spec.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/README_templates/README_spec.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/README.md b/circuits/basics/README.md
new file mode 100644
index 00000000..04548b07
--- /dev/null
+++ b/circuits/basics/README.md
@@ -0,0 +1,48 @@
+# `basics`
+
+This folder contains the templates to do basic arithmetic operations.
+
+## Structure of the Folder
+
+- [`aliascheck`](circuits/basics/aliascheck)
+- [`binary_arithmetic`](circuits/basics/binary_arithmetic)
+ - [`binsub`](circuits/basics/binary_arithmetic/binsub)
+ - [`binsum`](circuits/basics/binary_arithmetic/binsum)
+- [`bitify`](circuits/basics/bitify)
+ - [`bits2num`](circuits/basics/bitify/bits2num)
+ - [`bits2num_strict`](circuits/basics/bitify/bits2num_strict)
+ - [`num2bits`](circuits/basics/bitify/num2bits)
+ - [`num2bits_strict`](circuits/basics/bitify/num2bits_strict)
+ - [`num2bitsneg`](circuits/basics/bitify/num2bitsneg)
+- [`comparators`](circuits/basics/comparators)
+ - [`forceequalifenabled`](circuits/basics/comparators/forceequalifenabled)
+ - [`greatereqthan`](circuits/basics/comparators/greatereqthan)
+ - [`greaterthan`](circuits/basics/comparators/greaterthan)
+ - [`isequal`](circuits/basics/comparators/isequal)
+ - [`iszero`](circuits/basics/comparators/iszero)
+ - [`lesseqthan`](circuits/basics/comparators/lesseqthan)
+ - [`lessthan`](circuits/basics/comparators/lessthan)
+- [`compconstant`](circuits/basics/compconstant)
+- [`logic_gates`](circuits/basics/logic_gates)
+ - [`and`](circuits/basics/logic_gates/and)
+ - [`multiand`](circuits/basics/logic_gates/multiand)
+ - [`nand`](circuits/basics/logic_gates/nand)
+ - [`nor`](circuits/basics/logic_gates/nor)
+ - [`not`](circuits/basics/logic_gates/not)
+ - [`or`](circuits/basics/logic_gates/or)
+ - [`xor`](circuits/basics/logic_gates/xor)
+- [`multiplexer`](circuits/basics/multiplexer)
+ - [`decoder`](circuits/basics/multiplexer/decoder)
+ - [`multiplexer`](circuits/basics/multiplexer/multiplexer)
+ - [`scalarproduct`](circuits/basics/multiplexer/scalarproduct)
+- [`mux`](circuits/basics/mux)
+ - [`multimux1`](circuits/basics/mux/multimux1)
+ - [`multimux2`](circuits/basics/mux/multimux2)
+ - [`multimux3`](circuits/basics/mux/multimux3)
+ - [`multimux4`](circuits/basics/mux/multimux4)
+ - [`mux1`](circuits/basics/mux/mux1)
+ - [`mux2`](circuits/basics/mux/mux2)
+ - [`mux3`](circuits/basics/mux/mux3)
+ - [`mux4`](circuits/basics/mux/mux4)
+- [`sign`](circuits/basics/sign)
+- [`switcher`](circuits/basics/switcher)
\ No newline at end of file
diff --git a/circuits/basics/aliascheck/README.md b/circuits/basics/aliascheck/README.md
new file mode 100644
index 00000000..2c05f8a1
--- /dev/null
+++ b/circuits/basics/aliascheck/README.md
@@ -0,0 +1,41 @@
+# `AliasCheck()`
+
+Link to template:
+https://github.com/iden3/circomlib/tree/master/circuits/basics/aliascheck/aliascheck.circom
+
+**TODO / Comments**
+1. There is **no output**!
+2. Adds an equality constraint on the output signal of a component template.
+3. Since does not return anythig has === without assignment.
+4. Needs an assert to say input signals are binary?
+
+## Description
+
+The template checks if an input expanded to binary array `in` overflowed its 254 bits (<= -1).
+
+## Schema
+
+```
+ ________________
+ | |
+input in[254] ---->| AliasCheck() |
+ |________________|
+```
+
+## Dependencies
+
+```
+include "../compconstant/compconstant.circom";
+```
+
+## Inputs
+
+A binary array of 254 bits.
+
+## Outputs
+
+**There is no output!**
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/aliascheck/aliascheck.circom b/circuits/basics/aliascheck/aliascheck.circom
new file mode 100644
index 00000000..c4dfad57
--- /dev/null
+++ b/circuits/basics/aliascheck/aliascheck.circom
@@ -0,0 +1,32 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "compconstant.circom";
+
+
+template AliasCheck() {
+
+ signal input in[254];
+
+ component compConstant = CompConstant(-1);
+
+ for (var i=0; i<254; i++) in[i] ==> compConstant.in[i];
+
+ compConstant.out === 0;
+}
diff --git a/circuits/basics/aliascheck/aliascheck.test.js b/circuits/basics/aliascheck/aliascheck.test.js
new file mode 100644
index 00000000..2ec8700a
--- /dev/null
+++ b/circuits/basics/aliascheck/aliascheck.test.js
@@ -0,0 +1,73 @@
+const chai = require("chai");
+const path = require("path");
+
+const assert = chai.assert;
+
+const bigInt = require("big-integer");
+
+const tester = require("circom").tester;
+
+function print(circuit, w, s) {
+ console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+function getBits(v, n) {
+ const res = [];
+ for (let i=0; i<n; i++) {
+ if (v.shiftRight(i).isOdd()) {
+ res.push(bigInt.one);
+ } else {
+ res.push(bigInt.zero);
+ }
+ }
+ return res;
+}
+
+const q = bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617");
+
+describe("Aliascheck test", function () {
+ this.timeout(100000);
+
+ let cir;
+ before( async() => {
+
+ cir = await tester(path.join(__dirname, "circuits", "aliascheck_test.circom"));
+ });
+
+ it("Satisfy the aliastest 0", async () => {
+ const inp = getBits(bigInt.zero, 254);
+ await cir.calculateWitness({in: inp}, true);
+ });
+
+ it("Satisfy the aliastest 3", async () => {
+ const inp = getBits(bigInt(3), 254);
+ await cir.calculateWitness({in: inp}, true);
+ });
+
+ it("Satisfy the aliastest q-1", async () => {
+ const inp = getBits(q.minus(bigInt.one), 254);
+ await cir.calculateWitness({in: inp}, true);
+ });
+
+ it("Should not satisfy an input of q", async () => {
+ const inp = getBits(q, 254);
+ try {
+ await cir.calculateWitness({in: inp}, true);
+ assert(false);
+ } catch(err) {
+ assert(/Constraint\sdoesn't\smatch(.*)1\s!=\s0/.test(err.message) );
+ }
+ });
+
+ it("Should not satisfy all ones", async () => {
+
+ const inp = getBits(bigInt(1).shiftLeft(254).minus(bigInt.one), 254);
+ try {
+ await cir.calculateWitness({in: inp}, true);
+ assert(false);
+ } catch(err) {
+ assert(/Constraint\sdoesn't\smatch(.*)1\s!=\s0/.test(err.message) );
+ }
+ });
+
+});
diff --git a/circuits/basics/aliascheck/aliascheck_test.circom b/circuits/basics/aliascheck/aliascheck_test.circom
new file mode 100644
index 00000000..dc2252d2
--- /dev/null
+++ b/circuits/basics/aliascheck/aliascheck_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/aliascheck.circom";
+
+component main = AliasCheck()
diff --git a/circuits/basics/binary_arithmetic/README.md b/circuits/basics/binary_arithmetic/README.md
new file mode 100644
index 00000000..00d01e67
--- /dev/null
+++ b/circuits/basics/binary_arithmetic/README.md
@@ -0,0 +1,10 @@
+# `binary_arithmetic`
+
+## Description
+
+This folder contains the templates to perform sums (`binsum.circom`) and substractions (`binsub.circom`) of binary numbers. Each folder contains a test and README file specifying the template details.
+
+## Structure
+
+- [`binsub`](circuits/basics/binary_arithmetic/binsub)
+- [`binsum`](circuits/basics/binary_arithmetic/binsum)
\ No newline at end of file
diff --git a/circuits/basics/binary_arithmetic/binsub/README.md b/circuits/basics/binary_arithmetic/binsub/README.md
new file mode 100644
index 00000000..977e1a36
--- /dev/null
+++ b/circuits/basics/binary_arithmetic/binsub/README.md
@@ -0,0 +1,41 @@
+# `BinSub(n)`
+
+Link to template:
+https://github.com/iden3/circomlib/tree/master/circuits/basics/binary_arithmetic/binsub/binsub.circom
+
+**TODO / Comments**
+
+Similar to binsum: something wired with aux: text spec =/= constraints and computation (check!).
+
+## Description
+
+It performs a binary substraction of two arbitrary binary numbers of size `n`.
+
+## Schema
+
+```
+ _______________________
+ | |
+in[2][n] ----> | BinSub(n) | ----> out[n]
+ |_______________________|
+```
+
+## Dependencies
+
+None.
+
+## Inputs
+
+Two binary `n`-arrays: `in[2][n]`.
+
+## Outputs
+
+A binary `n`-array: `out[n]`.
+
+## Benchmarks
+
+## Constraints
+
+TODO: Look at the circuit and add it here?
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/binary_arithmetic/binsub/binsub.circom b/circuits/basics/binary_arithmetic/binsub/binsub.circom
new file mode 100644
index 00000000..67214427
--- /dev/null
+++ b/circuits/basics/binary_arithmetic/binsub/binsub.circom
@@ -0,0 +1,73 @@
+ /*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/*
+This component creates a binary substraction.
+
+
+Main Constraint:
+ (in[0][0] * 2^0 + in[0][1] * 2^1 + ..... + in[0][n-1] * 2^(n-1)) +
+ + 2^n
+ - (in[1][0] * 2^0 + in[1][1] * 2^1 + ..... + in[1][n-1] * 2^(n-1))
+ ===
+ out[0] * 2^0 + out[1] * 2^1 + + out[n-1] *2^(n-1) + aux
+
+
+ out[0] * (out[0] - 1) === 0
+ out[1] * (out[0] - 1) === 0
+ .
+ .
+ .
+ out[n-1] * (out[n-1] - 1) === 0
+ aux * (aux-1) == 0
+
+*/
+
+template BinSub(n) {
+ signal input in[2][n];
+ signal output out[n];
+
+ signal aux;
+
+ var lin = 2**n;
+ var lout = 0;
+
+ var i;
+
+ for (i=0; i<n; i++) {
+ lin = lin + in[0][i]*(2**i);
+ lin = lin - in[1][i]*(2**i);
+ }
+
+ for (i=0; i<n; i++) {
+ out[i] <-- (lin >> i) & 1;
+
+ // Ensure out is binary
+ out[i] * (out[i] - 1) === 0;
+
+ lout = lout + out[i]*(2**i);
+ }
+
+ aux <-- (lin >> n) & 1;
+ aux*(aux-1) === 0;
+ lout = lout + aux*(2**n);
+
+ // Ensure the sum;
+ lin === lout;
+}
diff --git a/circuits/basics/binary_arithmetic/binsub/binsub.test.js b/circuits/basics/binary_arithmetic/binsub/binsub.test.js
new file mode 100644
index 00000000..972f1dbe
--- /dev/null
+++ b/circuits/basics/binary_arithmetic/binsub/binsub.test.js
@@ -0,0 +1,51 @@
+const path = require("path");
+
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+function print(circuit, w, s) {
+ console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+async function checkSub(_a,_b, circuit) {
+ let a=bigInt(_a);
+ let b=bigInt(_b);
+ if (a.lesser(bigInt.zero)) a = a.add(bigInt.one.shiftLeft(16));
+ if (b.lesser(bigInt.zero)) b = b.add(bigInt.one.shiftLeft(16));
+ const w = await circuit.calculateWitness({a: a, b: b}, true);
+
+ let res = a.minus(b);
+ if (res.lesser(bigInt.zero)) res = res.add(bigInt.one.shiftLeft(16));
+ await circuit.assertOut(w, {out: bigInt(res)});
+}
+
+describe("BinSub test", function () {
+
+ this.timeout(100000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "circuits", "binsub_test.circom"));
+ });
+
+ it("Should check variuos ege cases", async () => {
+ await checkSub(0,0, circuit);
+ await checkSub(1,0, circuit);
+ await checkSub(-1,0, circuit);
+ await checkSub(2,1, circuit);
+ await checkSub(2,2, circuit);
+ await checkSub(2,3, circuit);
+ await checkSub(2,-1, circuit);
+ await checkSub(2,-2, circuit);
+ await checkSub(2,-3, circuit);
+ await checkSub(-2,-3, circuit);
+ await checkSub(-2,-2, circuit);
+ await checkSub(-2,-1, circuit);
+ await checkSub(-2,0, circuit);
+ await checkSub(-2,1, circuit);
+ await checkSub(-2,2, circuit);
+ await checkSub(-2,3, circuit);
+ });
+
+
+});
diff --git a/circuits/basics/binary_arithmetic/binsub/binsub_test.circom b/circuits/basics/binary_arithmetic/binsub/binsub_test.circom
new file mode 100644
index 00000000..254b6f39
--- /dev/null
+++ b/circuits/basics/binary_arithmetic/binsub/binsub_test.circom
@@ -0,0 +1,31 @@
+include "../../circuits/bitify.circom"
+include "../../circuits/binsub.circom"
+
+template A() {
+ signal private input a;
+ signal input b;
+ signal output out;
+
+ var i;
+
+ component n2ba = Num2Bits(16);
+ component n2bb = Num2Bits(16);
+ component sub = BinSub(16);
+ component b2n = Bits2Num(16);
+
+ n2ba.in <== a;
+ n2bb.in <== b;
+
+ for (i=0; i<16; i++) {
+ sub.in[0][i] <== n2ba.out[i];
+ sub.in[1][i] <== n2bb.out[i];
+ }
+
+ for (i=0; i<16; i++) {
+ b2n.in[i] <== sub.out[i];
+ }
+
+ out <== b2n.out;
+}
+
+component main = A();
diff --git a/circuits/basics/binary_arithmetic/binsum/README.md b/circuits/basics/binary_arithmetic/binsum/README.md
new file mode 100644
index 00000000..6b0045ca
--- /dev/null
+++ b/circuits/basics/binary_arithmetic/binsum/README.md
@@ -0,0 +1,29 @@
+# `BinSum(n, ops)`
+
+Link to template:
+https://github.com/iden3/circomlib/tree/master/circuits/basics/binary_arithmetic/binsum/binsum.circom
+
+## Background
+
+## Description
+
+This component creates a binary sum.
+
+## Structure
+
+There is the template `BinSum(n, ops)` and the function `nbits`.
+The function calculates the number of extra bits int he output to do the full sum.
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Function
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/binary_arithmetic/binsum/binsum.circom b/circuits/basics/binary_arithmetic/binsum/binsum.circom
new file mode 100644
index 00000000..6fd79adc
--- /dev/null
+++ b/circuits/basics/binary_arithmetic/binsum/binsum.circom
@@ -0,0 +1,100 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/*
+
+Binary Sum
+==========
+
+This component creates a binary sum componet of ops operands and n bits each operand.
+
+e is Number of carries: Depends on the number of operands in the input.
+
+Main Constraint:
+ in[0][0] * 2^0 + in[0][1] * 2^1 + ..... + in[0][n-1] * 2^(n-1) +
+ + in[1][0] * 2^0 + in[1][1] * 2^1 + ..... + in[1][n-1] * 2^(n-1) +
+ + ..
+ + in[ops-1][0] * 2^0 + in[ops-1][1] * 2^1 + ..... + in[ops-1][n-1] * 2^(n-1) +
+ ===
+ out[0] * 2^0 + out[1] * 2^1 + + out[n+e-1] *2(n+e-1)
+
+To waranty binary outputs:
+
+ out[0] * (out[0] - 1) === 0
+ out[1] * (out[0] - 1) === 0
+ .
+ .
+ .
+ out[n+e-1] * (out[n+e-1] - 1) == 0
+
+ */
+
+
+/*
+ This function calculates the number of extra bits in the output to do the full sum.
+ */
+
+function nbits(a) {
+ var n = 1;
+ var r = 0;
+ while (n-1<a) {
+ r++;
+ n *= 2;
+ }
+ return r;
+}
+
+
+template BinSum(n, ops) {
+ var nout = nbits((2**n -1)*ops);
+ signal input in[ops][n];
+ signal output out[nout];
+
+ var lin = 0;
+ var lout = 0;
+
+ var k;
+ var j;
+
+ var e2;
+
+ e2 = 1;
+ for (k=0; k<n; k++) {
+ for (j=0; j<ops; j++) {
+ lin += in[j][k] * e2;
+ }
+ e2 = e2 + e2;
+ }
+
+ e2 = 1;
+ for (k=0; k<nout; k++) {
+ out[k] <-- (lin >> k) & 1;
+
+ // Ensure out is binary
+ out[k] * (out[k] - 1) === 0;
+
+ lout += out[k] * e2;
+
+ e2 = e2+e2;
+ }
+
+ // Ensure the sum;
+
+ lin === lout;
+}
diff --git a/circuits/basics/binary_arithmetic/binsum/binsum.test.js b/circuits/basics/binary_arithmetic/binsum/binsum.test.js
new file mode 100644
index 00000000..54d75000
--- /dev/null
+++ b/circuits/basics/binary_arithmetic/binsum/binsum.test.js
@@ -0,0 +1,37 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("Binary sum test", function () {
+
+ this.timeout(100000000);
+
+ it("Should create a constant circuit", async () => {
+ const circuit = await tester(path.join(__dirname, "circuits", "constants_test.circom"));
+ await circuit.loadConstraints();
+
+ assert.equal(circuit.nVars, 2);
+ assert.equal(circuit.constraints.length, 1);
+
+ const witness = await circuit.calculateWitness({ "in": bigInt("d807aa98", 16)}, true);
+
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt("d807aa98", 16)));
+ });
+ it("Should create a sum circuit", async () => {
+ const circuit = await tester(path.join(__dirname, "circuits", "sum_test.circom"));
+ await circuit.loadConstraints();
+
+ assert.equal(circuit.constraints.length, 97); // 32 (in1) + 32(in2) + 32(out) + 1 (carry)
+
+ const witness = await circuit.calculateWitness({ "a": "111", "b": "222" }, true);
+
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt("333")));
+ });
+});
diff --git a/circuits/basics/bitify/README.md b/circuits/basics/bitify/README.md
new file mode 100644
index 00000000..6982fba2
--- /dev/null
+++ b/circuits/basics/bitify/README.md
@@ -0,0 +1,13 @@
+# `bitify`
+
+## Description
+
+This folder contains the templates to perform conversions of numbers to binary and the other way round. Each folder contains a test and README file specifying the template details.
+
+## Structure
+
+- [`bits2num`](circuits/basics/bitify/bits2num)
+- [`bits2num_strict`](circuits/basics/bitify/bits2num_strict)
+- [`num2bits`](circuits/basics/bitify/num2bits)
+- [`num2bits_strict`](circuits/basics/bitify/num2bits_strict)
+- [`num2bitsneg`](circuits/basics/bitify/num2bitsneg)
\ No newline at end of file
diff --git a/circuits/basics/bitify/bits2num/README.md b/circuits/basics/bitify/bits2num/README.md
new file mode 100644
index 00000000..8963f971
--- /dev/null
+++ b/circuits/basics/bitify/bits2num/README.md
@@ -0,0 +1,35 @@
+# `Bits2Num(n)`
+
+## Description
+
+This template converts a binary number `in[n]` of `n` bits to its
+integer representation by performing
+```
+out = sum_{k=0}^{n-1} (in[k] * 2^k).
+```
+
+## Schema
+
+```
+ ______________________
+ | |
+in[n] ----> | Bits2Num(n) | ----> out
+ |______________________|
+```
+
+
+## Dependencies
+
+None.
+
+## Inputs
+
+The input `in[n]` is an array of `n` binary numbers.
+
+## Outputs
+
+The output `out` is an integer TODO: (a field element?).
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/bitify/bits2num/bits2num.circom b/circuits/basics/bitify/bits2num/bits2num.circom
new file mode 100644
index 00000000..4f3bcf58
--- /dev/null
+++ b/circuits/basics/bitify/bits2num/bits2num.circom
@@ -0,0 +1,32 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template Bits2Num(n) {
+ signal input in[n];
+ signal output out;
+ var lc1=0;
+
+ var e2 = 1;
+ for (var i = 0; i<n; i++) {
+ lc1 += in[i] * e2;
+ e2 = e2 + e2;
+ }
+
+ lc1 ==> out;
+}
\ No newline at end of file
diff --git a/circuits/basics/bitify/bits2num_strict/README.md b/circuits/basics/bitify/bits2num_strict/README.md
new file mode 100644
index 00000000..1922a1d0
--- /dev/null
+++ b/circuits/basics/bitify/bits2num_strict/README.md
@@ -0,0 +1,35 @@
+# `Bits2Num_strict()`
+
+## Description
+
+This template converts a binary number `in[n]` of `n` bits to its
+integer representation STRICT
+
+## Schema
+
+```
+ _____________________
+ | |
+in[n] ----> | Bits2Num_strict() | ----> out
+ |_____________________|
+```
+
+
+## Dependencies
+
+```
+include "../../aliascheck/aliascheck.circom";
+include "../bits2num/bits2num.circom";
+```
+
+## Inputs
+
+The input `in[n]` is an array of `n` binary numbers.
+
+## Outputs
+
+The output `out` is an integer TODO: (a field element?).
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/bitify/bits2num_strict/bits2num_strict.circom b/circuits/basics/bitify/bits2num_strict/bits2num_strict.circom
new file mode 100644
index 00000000..a7472bb4
--- /dev/null
+++ b/circuits/basics/bitify/bits2num_strict/bits2num_strict.circom
@@ -0,0 +1,36 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../aliascheck/aliascheck.circom";
+include "../bits2num/bits2num.circom"
+
+template Bits2Num_strict() {
+ signal input in[n];
+ signal output out;
+
+ component aliasCheck = AliasCheck();
+ component b2n = Bits2Num(254);
+
+ for (var i=0; i<254; i++) {
+ in[i] ==> b2n.in[i];
+ in[i] ==> aliasCheck.in[i];
+ }
+
+ b2n.out ==> out;
+}
\ No newline at end of file
diff --git a/circuits/basics/bitify/num2bits/README.md b/circuits/basics/bitify/num2bits/README.md
new file mode 100644
index 00000000..352e547c
--- /dev/null
+++ b/circuits/basics/bitify/num2bits/README.md
@@ -0,0 +1,38 @@
+# `Num2Bits(n)`
+
+## Description
+
+This template converts a binary number `in[n]` of `n` bits to its
+integer representation STRICT
+
+## Schema
+
+```
+ _____________________
+ | |
+in[n] ----> | Num2Bits(n) | ----> out
+ |_____________________|
+```
+
+
+## Dependencies
+
+```
+include "../../aliascheck/aliascheck.circom";
+include "../bits2num/bits2num.circom";
+```
+
+## Inputs
+
+ signal input in;
+ signal output out[n];
+
+The input `in` is a .
+
+## Outputs
+
+The output `out` is an integer TODO: (a field element?).
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/bitify/num2bits/num2bits.circom b/circuits/basics/bitify/num2bits/num2bits.circom
new file mode 100644
index 00000000..85897525
--- /dev/null
+++ b/circuits/basics/bitify/num2bits/num2bits.circom
@@ -0,0 +1,34 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template Num2Bits(n) {
+ signal input in;
+ signal output out[n];
+ var lc1=0;
+
+ var e2=1;
+ for (var i = 0; i<n; i++) {
+ out[i] <-- (in >> i) & 1;
+ out[i] * (out[i] -1 ) === 0;
+ lc1 += out[i] * e2;
+ e2 = e2+e2;
+ }
+
+ lc1 === in;
+}
\ No newline at end of file
diff --git a/circuits/basics/bitify/num2bits_strict/README.md b/circuits/basics/bitify/num2bits_strict/README.md
new file mode 100644
index 00000000..b73857a9
--- /dev/null
+++ b/circuits/basics/bitify/num2bits_strict/README.md
@@ -0,0 +1,38 @@
+# `Num2Bits_strict()`
+
+## Description
+
+This template converts a binary number `in[n]` of `n` bits to its
+integer representation STRICT
+
+## Schema
+
+```
+ _____________________
+ | |
+in[n] ----> | Num2Bits(n) | ----> out
+ |_____________________|
+```
+
+
+## Dependencies
+
+```
+include "../../aliascheck/aliascheck.circom";
+include "../bits2num/bits2num.circom";
+```
+
+## Inputs
+
+ signal input in;
+ signal output out[n];
+
+The input `in` is a .
+
+## Outputs
+
+The output `out` is an integer TODO: (a field element?).
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/bitify/num2bits_strict/num2bits_strict.circom b/circuits/basics/bitify/num2bits_strict/num2bits_strict.circom
new file mode 100644
index 00000000..51f2f569
--- /dev/null
+++ b/circuits/basics/bitify/num2bits_strict/num2bits_strict.circom
@@ -0,0 +1,35 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../aliascheck/aliascheck.circom";
+include "../num2bits/num2bits.circom"
+
+template Num2Bits_strict() {
+ signal input in;
+ signal output out[254];
+
+ component aliasCheck = AliasCheck();
+ component n2b = Num2Bits(254);
+ in ==> n2b.in;
+
+ for (var i=0; i<254; i++) {
+ n2b.out[i] ==> out[i];
+ n2b.out[i] ==> aliasCheck.in[i];
+ }
+}
\ No newline at end of file
diff --git a/circuits/basics/bitify/num2bitsneg/README.md b/circuits/basics/bitify/num2bitsneg/README.md
new file mode 100644
index 00000000..28e5c506
--- /dev/null
+++ b/circuits/basics/bitify/num2bitsneg/README.md
@@ -0,0 +1,38 @@
+# `Num2BitsNeg(n)`
+
+## Description
+
+This template converts a binary number `in[n]` of `n` bits to its
+integer representation STRICT
+
+## Schema
+
+```
+ _____________________
+ | |
+in[n] ----> | Num2Bits(n) | ----> out
+ |_____________________|
+```
+
+
+## Dependencies
+
+```
+include "../../aliascheck/aliascheck.circom";
+include "../bits2num/bits2num.circom";
+```
+
+## Inputs
+
+ signal input in;
+ signal output out[n];
+
+The input `in` is a .
+
+## Outputs
+
+The output `out` is an integer TODO: (a field element?).
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/bitify/num2bitsneg/num2bitsneg.circom b/circuits/basics/bitify/num2bitsneg/num2bitsneg.circom
new file mode 100644
index 00000000..447ba8ec
--- /dev/null
+++ b/circuits/basics/bitify/num2bitsneg/num2bitsneg.circom
@@ -0,0 +1,44 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../comparators/iszero/iszero.circom";
+
+template Num2BitsNeg(n) {
+ signal input in;
+ signal output out[n];
+ var lc1=0;
+
+ component isZero;
+
+ isZero = IsZero();
+
+ var neg = n == 0 ? 0 : 2**n - in;
+
+ for (var i = 0; i<n; i++) {
+ out[i] <-- (neg >> i) & 1;
+ out[i] * (out[i] -1 ) === 0;
+ lc1 += out[i] * 2**i;
+ }
+
+ in ==> isZero.in;
+
+
+
+ lc1 + isZero.out * 2**n === 2**n - in;
+}
diff --git a/circuits/basics/comparators/README.md b/circuits/basics/comparators/README.md
new file mode 100644
index 00000000..f689fe71
--- /dev/null
+++ b/circuits/basics/comparators/README.md
@@ -0,0 +1,15 @@
+# `comparators`
+
+## Description
+
+This folder contains the templates to perform comparations of numbers. Each folder contains a test and README file specifying the template details.
+
+## Structure
+
+- [`forceequalifenabled`](circuits/basics/comparators/forceequalifenabled)
+- [`greatereqthan`](circuits/basics/comparators/greatereqthan)
+- [`greaterthan`](circuits/basics/comparators/greaterthan)
+- [`isequal`](circuits/basics/comparators/isequal)
+- [`iszero`](circuits/basics/comparators/iszero)
+- [`lesseqthan`](circuits/basics/comparators/lesseqthan)
+- [`lessthan`](circuits/basics/comparators/lessthan)
\ No newline at end of file
diff --git a/circuits/basics/comparators/comparators.circom b/circuits/basics/comparators/comparators.circom
new file mode 100644
index 00000000..3eaa3d8d
--- /dev/null
+++ b/circuits/basics/comparators/comparators.circom
@@ -0,0 +1,139 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "bitify.circom";
+include "binsum.circom";
+
+template IsZero() {
+ signal input in;
+ signal output out;
+
+ signal inv;
+
+ inv <-- in!=0 ? 1/in : 0;
+
+ out <== -in*inv +1;
+ in*out === 0;
+}
+
+
+template IsEqual() {
+ signal input in[2];
+ signal output out;
+
+ component isz = IsZero();
+
+ in[1] - in[0] ==> isz.in;
+
+ isz.out ==> out;
+}
+
+template ForceEqualIfEnabled() {
+ signal input enabled;
+ signal input in[2];
+
+ component isz = IsZero();
+
+ in[1] - in[0] ==> isz.in;
+
+ (1 - isz.out)*enabled === 0;
+}
+
+/*
+// N is the number of bits the input have.
+// The MSF is the sign bit.
+template LessThan(n) {
+ signal input in[2];
+ signal output out;
+
+ component num2Bits0;
+ component num2Bits1;
+
+ component adder;
+
+ adder = BinSum(n, 2);
+
+ num2Bits0 = Num2Bits(n);
+ num2Bits1 = Num2BitsNeg(n);
+
+ in[0] ==> num2Bits0.in;
+ in[1] ==> num2Bits1.in;
+
+ var i;
+ for (i=0;i<n;i++) {
+ num2Bits0.out[i] ==> adder.in[0][i];
+ num2Bits1.out[i] ==> adder.in[1][i];
+ }
+
+ adder.out[n-1] ==> out;
+}
+*/
+
+template LessThan(n) {
+ signal input in[2];
+ signal output out;
+
+ component n2b = Num2Bits(n*2+1);
+
+ n2b.in <== in[0]+ (1<<n) - in[1];
+
+ out <== 1-n2b.out[n];
+}
+
+
+
+// N is the number of bits the input have.
+// The MSF is the sign bit.
+template LessEqThan(n) {
+ signal input in[2];
+ signal output out;
+
+ component lt = LessThan(n);
+
+ lt.in[0] <== in[0];
+ lt.in[1] <== in[1]+1;
+ lt.out ==> out;
+}
+
+// N is the number of bits the input have.
+// The MSF is the sign bit.
+template GreaterThan(n) {
+ signal input in[2];
+ signal output out;
+
+ component lt = LessThan(n);
+
+ lt.in[0] <== in[1];
+ lt.in[1] <== in[0];
+ lt.out ==> out;
+}
+
+// N is the number of bits the input have.
+// The MSF is the sign bit.
+template GreaterEqThan(n) {
+ signal input in[2];
+ signal output out;
+
+ component lt = LessThan(n);
+
+ lt.in[0] <== in[1];
+ lt.in[1] <== in[0]+1;
+ lt.out ==> out;
+}
+
diff --git a/circuits/basics/comparators/comparators.test.js b/circuits/basics/comparators/comparators.test.js
new file mode 100644
index 00000000..ea263e06
--- /dev/null
+++ b/circuits/basics/comparators/comparators.test.js
@@ -0,0 +1,184 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("Comparators test", function () {
+
+ this.timeout(100000);
+
+ it("Should create a iszero circuit", async() => {
+ const circuit = await tester(path.join(__dirname, "circuits", "iszero.circom"));
+
+ let witness;
+ witness = await circuit.calculateWitness({ "in": 111}, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": 0 }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+ });
+ it("Should create a isequal circuit", async() => {
+ const circuit = await tester(path.join(__dirname, "circuits", "isequal.circom"));
+
+ let witness;
+ witness = await circuit.calculateWitness({ "in": [111,222] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [444,444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+ });
+ it("Should create a comparison lessthan", async() => {
+ const circuit = await tester(path.join(__dirname, "circuits", "lessthan.circom"));
+
+ let witness;
+ witness = await circuit.calculateWitness({ "in": [333,444] }), true;
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in":[1,1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+ });
+ it("Should create a comparison lesseqthan", async() => {
+
+ const circuit = await tester(path.join(__dirname, "circuits", "lesseqthan.circom"));
+
+ let witness;
+ witness = await circuit.calculateWitness({ "in": [333,444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in":[1,1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+ });
+ it("Should create a comparison greaterthan", async() => {
+
+ const circuit = await tester(path.join(__dirname, "circuits", "greaterthan.circom"));
+
+ let witness;
+ witness = await circuit.calculateWitness({ "in": [333,444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in":[1,1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+ });
+ it("Should create a comparison greatereqthan", async() => {
+ const circuit = await tester(path.join(__dirname, "circuits", "greatereqthan.circom"));
+
+ let witness;
+ witness = await circuit.calculateWitness({ "in": [333,444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in":[1,1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+ });
+});
diff --git a/circuits/basics/comparators/forceequalifenabled/README.md b/circuits/basics/comparators/forceequalifenabled/README.md
new file mode 100644
index 00000000..0141215b
--- /dev/null
+++ b/circuits/basics/comparators/forceequalifenabled/README.md
@@ -0,0 +1,19 @@
+# `ForceEqualIfEnabled()`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/forceequalifenabled/forceequalifenabled.circom b/circuits/basics/comparators/forceequalifenabled/forceequalifenabled.circom
new file mode 100644
index 00000000..73ef8010
--- /dev/null
+++ b/circuits/basics/comparators/forceequalifenabled/forceequalifenabled.circom
@@ -0,0 +1,31 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../iszero/iszero.circom";
+
+template ForceEqualIfEnabled() {
+ signal input enabled;
+ signal input in[2];
+
+ component isz = IsZero();
+
+ in[1] - in[0] ==> isz.in;
+
+ (1 - isz.out)*enabled === 0;
+}
\ No newline at end of file
diff --git a/circuits/basics/comparators/greatereqthan/README.md b/circuits/basics/comparators/greatereqthan/README.md
new file mode 100644
index 00000000..958d99f2
--- /dev/null
+++ b/circuits/basics/comparators/greatereqthan/README.md
@@ -0,0 +1,19 @@
+# `GreaterEqThan(n)`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/greatereqthan/greatereqthan.circom b/circuits/basics/comparators/greatereqthan/greatereqthan.circom
new file mode 100644
index 00000000..ff178e6e
--- /dev/null
+++ b/circuits/basics/comparators/greatereqthan/greatereqthan.circom
@@ -0,0 +1,34 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../lessthan/lessthan.circom";
+
+// N is the number of bits the input have.
+// The MSF is the sign bit.
+template GreaterEqThan(n) {
+ signal input in[2];
+ signal output out;
+
+ component lt = LessThan(n);
+
+ lt.in[0] <== in[1];
+ lt.in[1] <== in[0]+1;
+ lt.out ==> out;
+}
+
diff --git a/circuits/basics/comparators/greatereqthan/greatereqthan.test.circom b/circuits/basics/comparators/greatereqthan/greatereqthan.test.circom
new file mode 100644
index 00000000..3428ac27
--- /dev/null
+++ b/circuits/basics/comparators/greatereqthan/greatereqthan.test.circom
@@ -0,0 +1,4 @@
+
+include "../../circuits/comparators.circom";
+
+component main = GreaterEqThan(32);
diff --git a/circuits/basics/comparators/greaterthan/README.md b/circuits/basics/comparators/greaterthan/README.md
new file mode 100644
index 00000000..04c783c5
--- /dev/null
+++ b/circuits/basics/comparators/greaterthan/README.md
@@ -0,0 +1,19 @@
+# `GreaterThan(n)`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/greaterthan/greaterthan.circom b/circuits/basics/comparators/greaterthan/greaterthan.circom
new file mode 100644
index 00000000..5316d2a2
--- /dev/null
+++ b/circuits/basics/comparators/greaterthan/greaterthan.circom
@@ -0,0 +1,33 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../lessthan/lessthan.circom";
+
+// N is the number of bits the input have.
+// The MSF is the sign bit.
+template GreaterThan(n) {
+ signal input in[2];
+ signal output out;
+
+ component lt = LessThan(n);
+
+ lt.in[0] <== in[1];
+ lt.in[1] <== in[0];
+ lt.out ==> out;
+}
\ No newline at end of file
diff --git a/circuits/basics/comparators/greaterthan/greaterthan.test.circom b/circuits/basics/comparators/greaterthan/greaterthan.test.circom
new file mode 100644
index 00000000..b890ba81
--- /dev/null
+++ b/circuits/basics/comparators/greaterthan/greaterthan.test.circom
@@ -0,0 +1,4 @@
+
+include "../../circuits/comparators.circom";
+
+component main = GreaterThan(32);
diff --git a/circuits/basics/comparators/isequal/README.md b/circuits/basics/comparators/isequal/README.md
new file mode 100644
index 00000000..eb4a31e2
--- /dev/null
+++ b/circuits/basics/comparators/isequal/README.md
@@ -0,0 +1,19 @@
+# `IsEqual()`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/isequal/isequal.circom b/circuits/basics/comparators/isequal/isequal.circom
new file mode 100644
index 00000000..c24ebb95
--- /dev/null
+++ b/circuits/basics/comparators/isequal/isequal.circom
@@ -0,0 +1,31 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../iszero/iszero.circom";
+
+template IsEqual() {
+ signal input in[2];
+ signal output out;
+
+ component isz = IsZero();
+
+ in[1] - in[0] ==> isz.in;
+
+ isz.out ==> out;
+}
\ No newline at end of file
diff --git a/circuits/basics/comparators/isequal/isequal.test.circom b/circuits/basics/comparators/isequal/isequal.test.circom
new file mode 100644
index 00000000..c14d506f
--- /dev/null
+++ b/circuits/basics/comparators/isequal/isequal.test.circom
@@ -0,0 +1,4 @@
+
+include "../../circuits/comparators.circom";
+
+component main = IsEqual();
diff --git a/circuits/basics/comparators/iszero/README.md b/circuits/basics/comparators/iszero/README.md
new file mode 100644
index 00000000..f7856c57
--- /dev/null
+++ b/circuits/basics/comparators/iszero/README.md
@@ -0,0 +1,19 @@
+# `IsZero()`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/iszero/iszero.circom b/circuits/basics/comparators/iszero/iszero.circom
new file mode 100644
index 00000000..db59038f
--- /dev/null
+++ b/circuits/basics/comparators/iszero/iszero.circom
@@ -0,0 +1,30 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template IsZero() {
+ signal input in;
+ signal output out;
+
+ signal inv;
+
+ inv <-- in!=0 ? 1/in : 0;
+
+ out <== -in*inv +1;
+ in*out === 0;
+}
\ No newline at end of file
diff --git a/circuits/basics/comparators/iszero/iszero.test.circom b/circuits/basics/comparators/iszero/iszero.test.circom
new file mode 100644
index 00000000..0ca0589f
--- /dev/null
+++ b/circuits/basics/comparators/iszero/iszero.test.circom
@@ -0,0 +1,5 @@
+
+
+include "../../circuits/comparators.circom";
+
+component main = IsZero();
diff --git a/circuits/basics/comparators/lesseqthan/README.md b/circuits/basics/comparators/lesseqthan/README.md
new file mode 100644
index 00000000..b7eb438a
--- /dev/null
+++ b/circuits/basics/comparators/lesseqthan/README.md
@@ -0,0 +1,19 @@
+# `LessEqThan(n)`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/lesseqthan/lesseqthan.circom b/circuits/basics/comparators/lesseqthan/lesseqthan.circom
new file mode 100644
index 00000000..b7240eea
--- /dev/null
+++ b/circuits/basics/comparators/lesseqthan/lesseqthan.circom
@@ -0,0 +1,33 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../lessthan/lessthan.circom";
+
+// N is the number of bits the input have.
+// The MSF is the sign bit.
+template LessEqThan(n) {
+ signal input in[2];
+ signal output out;
+
+ component lt = LessThan(n);
+
+ lt.in[0] <== in[0];
+ lt.in[1] <== in[1]+1;
+ lt.out ==> out;
+}
diff --git a/circuits/basics/comparators/lesseqthan/lesseqthan.test.circom b/circuits/basics/comparators/lesseqthan/lesseqthan.test.circom
new file mode 100644
index 00000000..db2eda47
--- /dev/null
+++ b/circuits/basics/comparators/lesseqthan/lesseqthan.test.circom
@@ -0,0 +1,4 @@
+
+include "../../circuits/comparators.circom";
+
+component main = LessEqThan(32);
diff --git a/circuits/basics/comparators/lessthan/README.md b/circuits/basics/comparators/lessthan/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/basics/comparators/lessthan/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/lessthan/lessthan.circom b/circuits/basics/comparators/lessthan/lessthan.circom
new file mode 100644
index 00000000..4c1f39fa
--- /dev/null
+++ b/circuits/basics/comparators/lessthan/lessthan.circom
@@ -0,0 +1,31 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../bitify/num2bits/num2bits.circom";
+
+template LessThan(n) {
+ signal input in[2];
+ signal output out;
+
+ component n2b = Num2Bits(n*2+1);
+
+ n2b.in <== in[0]+ (1<<n) - in[1];
+
+ out <== 1-n2b.out[n];
+}
\ No newline at end of file
diff --git a/circuits/basics/comparators/lessthan/lessthan.test.circom b/circuits/basics/comparators/lessthan/lessthan.test.circom
new file mode 100644
index 00000000..63944f2e
--- /dev/null
+++ b/circuits/basics/comparators/lessthan/lessthan.test.circom
@@ -0,0 +1,4 @@
+
+include "../../circuits/comparators.circom";
+
+component main = LessThan(32);
diff --git a/circuits/basics/compconstant/README.md b/circuits/basics/compconstant/README.md
new file mode 100644
index 00000000..d0bfb006
--- /dev/null
+++ b/circuits/basics/compconstant/README.md
@@ -0,0 +1,21 @@
+# `CompConstant(ct)`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+This template returns 1 if the input `in` (in binary) > ct.
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/compconstant/compconstant.circom b/circuits/basics/compconstant/compconstant.circom
new file mode 100644
index 00000000..c71d0634
--- /dev/null
+++ b/circuits/basics/compconstant/compconstant.circom
@@ -0,0 +1,73 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../bitify/num2bits/num2bits.circom";
+
+// Returns 1 if in (in binary) > ct
+
+template CompConstant(ct) {
+ signal input in[254];
+ signal output out;
+
+ signal parts[127];
+ signal sout;
+
+ var clsb;
+ var cmsb;
+ var slsb;
+ var smsb;
+
+ var sum=0;
+
+ var b = (1 << 128) -1;
+ var a = 1;
+ var e = 1;
+ var i;
+
+ for (i=0;i<127; i++) {
+ clsb = (ct >> (i*2)) & 1;
+ cmsb = (ct >> (i*2+1)) & 1;
+ slsb = in[i*2];
+ smsb = in[i*2+1];
+
+ if ((cmsb==0)&&(clsb==0)) {
+ parts[i] <== -b*smsb*slsb + b*smsb + b*slsb;
+ } else if ((cmsb==0)&&(clsb==1)) {
+ parts[i] <== a*smsb*slsb - a*slsb + b*smsb - a*smsb + a;
+ } else if ((cmsb==1)&&(clsb==0)) {
+ parts[i] <== b*smsb*slsb - a*smsb + a;
+ } else {
+ parts[i] <== -a*smsb*slsb + a;
+ }
+
+ sum = sum + parts[i];
+
+ b = b -e;
+ a = a +e;
+ e = e*2;
+ }
+
+ sout <== sum;
+
+ component num2bits = Num2Bits(135);
+
+ num2bits.in <== sout;
+
+ out <== num2bits.out[127];
+}
diff --git a/circuits/basics/logic_gates/README.md b/circuits/basics/logic_gates/README.md
new file mode 100644
index 00000000..2725eba0
--- /dev/null
+++ b/circuits/basics/logic_gates/README.md
@@ -0,0 +1,15 @@
+# `logic_gates`
+
+## Description
+
+This folder contains the templates to perform logic gates operations. Each folder contains a test and README file specifying the template details.
+
+## Structure
+
+- [`and`](circuits/basics/logic_gates/and)
+- [`multiand`](circuits/basics/logic_gates/multiand)
+- [`nand`](circuits/basics/logic_gates/nand)
+- [`nor`](circuits/basics/logic_gates/nor)
+- [`not`](circuits/basics/logic_gates/not)
+- [`or`](circuits/basics/logic_gates/or)
+- [`xor`](circuits/basics/logic_gates/xor)
\ No newline at end of file
diff --git a/circuits/basics/logic_gates/and/README.md b/circuits/basics/logic_gates/and/README.md
new file mode 100644
index 00000000..210f1580
--- /dev/null
+++ b/circuits/basics/logic_gates/and/README.md
@@ -0,0 +1,19 @@
+# `AND()`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/logic_gates/and/and.circom b/circuits/basics/logic_gates/and/and.circom
new file mode 100644
index 00000000..29439938
--- /dev/null
+++ b/circuits/basics/logic_gates/and/and.circom
@@ -0,0 +1,26 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template AND() {
+ signal input a;
+ signal input b;
+ signal output out;
+
+ out <== a*b;
+}
\ No newline at end of file
diff --git a/circuits/basics/logic_gates/multiand/README.md b/circuits/basics/logic_gates/multiand/README.md
new file mode 100644
index 00000000..b7f1da63
--- /dev/null
+++ b/circuits/basics/logic_gates/multiand/README.md
@@ -0,0 +1,19 @@
+# `MultiAND(n)`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/logic_gates/multiand/multiand.circom b/circuits/basics/logic_gates/multiand/multiand.circom
new file mode 100644
index 00000000..cba3e1ef
--- /dev/null
+++ b/circuits/basics/logic_gates/multiand/multiand.circom
@@ -0,0 +1,49 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../and/and.circom";
+
+//TODO: Simplify this function!
+template MultiAND(n) {
+ signal input in[n];
+ signal output out;
+ var i;
+ if (n==1) {
+ out <== in[0];
+ } else if (n==2) {
+ component and1 = AND();
+ and1.a <== in[0];
+ and1.b <== in[1];
+ out <== and1.out;
+ } else {
+ component and2 = AND();
+ component ands[2];
+ var n1 = n\2;
+ var n2 = n-n\2;
+ ands[0] = MultiAND(n1);
+ ands[1] = MultiAND(n2);
+ for (i=0; i<n1; i++) ands[0].in[i] <== in[i];
+ for (i=0; i<n2; i++) ands[1].in[i] <== in[n1+i];
+ and2.a <== ands[0].out;
+ and2.b <== ands[1].out;
+ out <== and2.out;
+ }
+}
+
+
diff --git a/circuits/basics/logic_gates/nand/README.md b/circuits/basics/logic_gates/nand/README.md
new file mode 100644
index 00000000..0fce42a2
--- /dev/null
+++ b/circuits/basics/logic_gates/nand/README.md
@@ -0,0 +1,19 @@
+# `NAND()`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/logic_gates/nand/nand.circom b/circuits/basics/logic_gates/nand/nand.circom
new file mode 100644
index 00000000..3c0fa7aa
--- /dev/null
+++ b/circuits/basics/logic_gates/nand/nand.circom
@@ -0,0 +1,26 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template NAND() {
+ signal input a;
+ signal input b;
+ signal output out;
+
+ out <== 1 - a*b;
+}
\ No newline at end of file
diff --git a/circuits/basics/logic_gates/nor/README.md b/circuits/basics/logic_gates/nor/README.md
new file mode 100644
index 00000000..a4b974ee
--- /dev/null
+++ b/circuits/basics/logic_gates/nor/README.md
@@ -0,0 +1,19 @@
+# `NOR()`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/logic_gates/nor/nor.circom b/circuits/basics/logic_gates/nor/nor.circom
new file mode 100644
index 00000000..02298313
--- /dev/null
+++ b/circuits/basics/logic_gates/nor/nor.circom
@@ -0,0 +1,28 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template NOR() {
+ signal input a;
+ signal input b;
+ signal output out;
+
+ out <== a*b + 1 - a - b;
+}
+
+
diff --git a/circuits/basics/logic_gates/not/README.md b/circuits/basics/logic_gates/not/README.md
new file mode 100644
index 00000000..5fe566e1
--- /dev/null
+++ b/circuits/basics/logic_gates/not/README.md
@@ -0,0 +1,19 @@
+# `NOT()`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/logic_gates/not/not.circom b/circuits/basics/logic_gates/not/not.circom
new file mode 100644
index 00000000..fa0cb0a4
--- /dev/null
+++ b/circuits/basics/logic_gates/not/not.circom
@@ -0,0 +1,25 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template NOT() {
+ signal input in;
+ signal output out;
+
+ out <== 1 + in - 2*in;
+}
diff --git a/circuits/basics/logic_gates/or/README.md b/circuits/basics/logic_gates/or/README.md
new file mode 100644
index 00000000..65442b00
--- /dev/null
+++ b/circuits/basics/logic_gates/or/README.md
@@ -0,0 +1,19 @@
+# `OR()`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/logic_gates/or/or.circom b/circuits/basics/logic_gates/or/or.circom
new file mode 100644
index 00000000..8c547a73
--- /dev/null
+++ b/circuits/basics/logic_gates/or/or.circom
@@ -0,0 +1,26 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template OR() {
+ signal input a;
+ signal input b;
+ signal output out;
+
+ out <== a + b - a*b;
+}
diff --git a/circuits/basics/logic_gates/xor/README.md b/circuits/basics/logic_gates/xor/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/basics/logic_gates/xor/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/logic_gates/xor/xor.circom b/circuits/basics/logic_gates/xor/xor.circom
new file mode 100644
index 00000000..ae8d051f
--- /dev/null
+++ b/circuits/basics/logic_gates/xor/xor.circom
@@ -0,0 +1,26 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template XOR() {
+ signal input a;
+ signal input b;
+ signal output out;
+
+ out <== a + b - 2*a*b;
+}
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/README.md b/circuits/basics/multiplexer/README.md
new file mode 100644
index 00000000..f3abb5f1
--- /dev/null
+++ b/circuits/basics/multiplexer/README.md
@@ -0,0 +1,11 @@
+# `multiplexer`
+
+## Description
+
+This folder contains the templates to talkdfjlasjdf. Each folder contains a test and README file specifying the template details.
+
+## Structure
+
+- [`decoder`](circuits/basics/multiplexer/decoder)
+- [`multiplexer`](circuits/basics/multiplexer/multiplexer)
+- [`scalarproduct`](circuits/basics/multiplexer/scalarproduct)
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/decoder/README.md b/circuits/basics/multiplexer/decoder/README.md
new file mode 100644
index 00000000..5266cfb9
--- /dev/null
+++ b/circuits/basics/multiplexer/decoder/README.md
@@ -0,0 +1,19 @@
+# `Decoder(w)`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/decoder/decoder.circom b/circuits/basics/multiplexer/decoder/decoder.circom
new file mode 100644
index 00000000..7462d9ca
--- /dev/null
+++ b/circuits/basics/multiplexer/decoder/decoder.circom
@@ -0,0 +1,34 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template Decoder(w) {
+ signal input inp;
+ signal output out[w];
+ signal output success;
+ var lc=0;
+
+ for (var i=0; i<w; i++) {
+ out[i] <-- (inp == i) ? 1 : 0;
+ out[i] * (inp-i) === 0;
+ lc = lc + out[i];
+ }
+
+ lc ==> success;
+ success * (success -1) === 0;
+}
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/multiplexer/README.md b/circuits/basics/multiplexer/multiplexer/README.md
new file mode 100644
index 00000000..ec365735
--- /dev/null
+++ b/circuits/basics/multiplexer/multiplexer/README.md
@@ -0,0 +1,19 @@
+# `Multiplexer(wIn, nIn)`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/multiplexer/multiplexer.circom b/circuits/basics/multiplexer/multiplexer/multiplexer.circom
new file mode 100644
index 00000000..a955a0f5
--- /dev/null
+++ b/circuits/basics/multiplexer/multiplexer/multiplexer.circom
@@ -0,0 +1,43 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../decoder/decoder.circom";
+include "../scalarproduct/scalarproduct.circom";
+
+template Multiplexer(wIn, nIn) {
+ signal input inp[nIn][wIn];
+ signal input sel;
+ signal output out[wIn];
+ component dec = Decoder(nIn);
+ component ep[wIn];
+
+ for (var k=0; k<wIn; k++) {
+ ep[k] = ScalarProduct(nIn);
+ }
+
+ sel ==> dec.inp;
+ for (var j=0; j<wIn; j++) {
+ for (var k=0; k<nIn; k++) {
+ inp[k][j] ==> ep[j].in1[k];
+ dec.out[k] ==> ep[j].in2[k];
+ }
+ ep[j].out ==> out[j];
+ }
+ dec.success === 1;
+}
diff --git a/circuits/basics/multiplexer/scalarproduct/README.md b/circuits/basics/multiplexer/scalarproduct/README.md
new file mode 100644
index 00000000..5bf52839
--- /dev/null
+++ b/circuits/basics/multiplexer/scalarproduct/README.md
@@ -0,0 +1,19 @@
+# `ScalarProduct(w)`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/scalarproduct/scalarproduct.circom b/circuits/basics/multiplexer/scalarproduct/scalarproduct.circom
new file mode 100644
index 00000000..36fddde2
--- /dev/null
+++ b/circuits/basics/multiplexer/scalarproduct/scalarproduct.circom
@@ -0,0 +1,31 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template ScalarProduct(w) {
+ signal input in1[w];
+ signal input in2[w];
+ signal output out;
+ signal aux[w];
+ var lc = 0;
+ for (var i=0; i<w; i++) {
+ aux[i] <== in1[i]*in2[i];
+ lc = lc + aux[i];
+ }
+ out <== lc;
+}
\ No newline at end of file
diff --git a/circuits/basics/mux/README.md b/circuits/basics/mux/README.md
new file mode 100644
index 00000000..e69de29b
diff --git a/circuits/basics/mux/multimux1/README.md b/circuits/basics/mux/multimux1/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/basics/mux/multimux1/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/mux/multimux2/README.md b/circuits/basics/mux/multimux2/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/basics/mux/multimux2/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/mux/multimux3/README.md b/circuits/basics/mux/multimux3/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/basics/mux/multimux3/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/mux/multimux4/README.md b/circuits/basics/mux/multimux4/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/basics/mux/multimux4/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/mux/mux1/README.md b/circuits/basics/mux/mux1/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/basics/mux/mux1/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/mux/mux1/mux1.circom b/circuits/basics/mux/mux1/mux1.circom
new file mode 100644
index 00000000..3473c6cf
--- /dev/null
+++ b/circuits/basics/mux/mux1/mux1.circom
@@ -0,0 +1,47 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template MultiMux1(n) {
+ signal input c[n][2]; // Constants
+ signal input s; // Selector
+ signal output out[n];
+
+ for (var i=0; i<n; i++) {
+
+ out[i] <== (c[i][1] - c[i][0])*s + c[i][0];
+
+ }
+}
+
+template Mux1() {
+ var i;
+ signal input c[2]; // Constants
+ signal input s; // Selector
+ signal output out;
+
+ component mux = MultiMux1(1);
+
+ for (i=0; i<2; i++) {
+ mux.c[0][i] <== c[i];
+ }
+
+ s ==> mux.s;
+
+ mux.out[0] ==> out;
+}
diff --git a/circuits/basics/mux/mux1/mux1_1.circom b/circuits/basics/mux/mux1/mux1_1.circom
new file mode 100644
index 00000000..5a3afee3
--- /dev/null
+++ b/circuits/basics/mux/mux1/mux1_1.circom
@@ -0,0 +1,31 @@
+include "../../circuits/mux1.circom";
+include "../../circuits/bitify.circom";
+
+
+template Constants() {
+ var i;
+ signal output out[2];
+
+ out[0] <== 37;
+ out[1] <== 47;
+}
+
+template Main() {
+ var i;
+ signal private input selector;
+ signal output out;
+
+ component mux = Mux1();
+ component n2b = Num2Bits(1);
+ component cst = Constants();
+
+ selector ==> n2b.in;
+ n2b.out[0] ==> mux.s;
+ for (i=0; i<2; i++) {
+ cst.out[i] ==> mux.c[i];
+ }
+
+ mux.out ==> out;
+}
+
+component main = Main();
diff --git a/circuits/basics/mux/mux2/README.md b/circuits/basics/mux/mux2/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/basics/mux/mux2/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/mux/mux2/mux2.circom b/circuits/basics/mux/mux2/mux2.circom
new file mode 100644
index 00000000..1e71cf7e
--- /dev/null
+++ b/circuits/basics/mux/mux2/mux2.circom
@@ -0,0 +1,62 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template MultiMux2(n) {
+ signal input c[n][4]; // Constants
+ signal input s[2]; // Selector
+ signal output out[n];
+
+ signal a10[n];
+ signal a1[n];
+ signal a0[n];
+ signal a[n];
+
+ signal s10;
+ s10 <== s[1] * s[0];
+
+ for (var i=0; i<n; i++) {
+
+ a10[i] <== ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s10;
+ a1[i] <== ( c[i][ 2]-c[i][ 0] ) * s[1];
+ a0[i] <== ( c[i][ 1]-c[i][ 0] ) * s[0];
+ a[i] <== ( c[i][ 0] )
+
+ out[i] <== ( a10[i] + a1[i] + a0[i] + a[i] );
+
+ }
+}
+
+template Mux2() {
+ var i;
+ signal input c[4]; // Constants
+ signal input s[2]; // Selector
+ signal output out;
+
+ component mux = MultiMux2(1);
+
+ for (i=0; i<4; i++) {
+ mux.c[0][i] <== c[i];
+ }
+
+ for (i=0; i<2; i++) {
+ s[i] ==> mux.s[i];
+ }
+
+ mux.out[0] ==> out;
+}
diff --git a/circuits/basics/mux/mux2/mux2_1.circom b/circuits/basics/mux/mux2/mux2_1.circom
new file mode 100644
index 00000000..4bb62477
--- /dev/null
+++ b/circuits/basics/mux/mux2/mux2_1.circom
@@ -0,0 +1,35 @@
+include "../../circuits/mux2.circom";
+include "../../circuits/bitify.circom";
+
+
+template Constants() {
+ var i;
+ signal output out[4];
+
+ out[0] <== 37;
+ out[1] <== 47;
+ out[2] <== 53;
+ out[3] <== 71;
+}
+
+template Main() {
+ var i;
+ signal private input selector;
+ signal output out;
+
+ component mux = Mux2();
+ component n2b = Num2Bits(2);
+ component cst = Constants();
+
+ selector ==> n2b.in;
+ for (i=0; i<2; i++) {
+ n2b.out[i] ==> mux.s[i];
+ }
+ for (i=0; i<4; i++) {
+ cst.out[i] ==> mux.c[i];
+ }
+
+ mux.out ==> out;
+}
+
+component main = Main();
diff --git a/circuits/basics/mux/mux3/README.md b/circuits/basics/mux/mux3/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/basics/mux/mux3/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/mux/mux3/mux3.circom b/circuits/basics/mux/mux3/mux3.circom
new file mode 100644
index 00000000..277ead2e
--- /dev/null
+++ b/circuits/basics/mux/mux3/mux3.circom
@@ -0,0 +1,74 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template MultiMux3(n) {
+ signal input c[n][8]; // Constants
+ signal input s[3]; // Selector
+ signal output out[n];
+
+ signal a210[n];
+ signal a21[n];
+ signal a20[n];
+ signal a2[n];
+
+ signal a10[n];
+ signal a1[n];
+ signal a0[n];
+ signal a[n];
+
+ // 4 constrains for the intermediary variables
+ signal s10;
+ s10 <== s[1] * s[0];
+
+ for (var i=0; i<n; i++) {
+
+ a210[i] <== ( c[i][ 7]-c[i][ 6]-c[i][ 5]+c[i][ 4] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) * s10;
+ a21[i] <== ( c[i][ 6]-c[i][ 4]-c[i][ 2]+c[i][ 0] ) * s[1];
+ a20[i] <== ( c[i][ 5]-c[i][ 4]-c[i][ 1]+c[i][ 0] ) * s[0];
+ a2[i] <== ( c[i][ 4]-c[i][ 0] );
+
+ a10[i] <== ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s10;
+ a1[i] <== ( c[i][ 2]-c[i][ 0] ) * s[1];
+ a0[i] <== ( c[i][ 1]-c[i][ 0] ) * s[0];
+ a[i] <== ( c[i][ 0] )
+
+ out[i] <== ( a210[i] + a21[i] + a20[i] + a2[i] ) * s[2] +
+ ( a10[i] + a1[i] + a0[i] + a[i] );
+
+ }
+}
+
+template Mux3() {
+ var i;
+ signal input c[8]; // Constants
+ signal input s[3]; // Selector
+ signal output out;
+
+ component mux = MultiMux3(1);
+
+ for (i=0; i<8; i++) {
+ mux.c[0][i] <== c[i];
+ }
+
+ for (i=0; i<3; i++) {
+ s[i] ==> mux.s[i];
+ }
+
+ mux.out[0] ==> out;
+}
diff --git a/circuits/basics/mux/mux3/mux3_1.circom b/circuits/basics/mux/mux3/mux3_1.circom
new file mode 100644
index 00000000..69f98f25
--- /dev/null
+++ b/circuits/basics/mux/mux3/mux3_1.circom
@@ -0,0 +1,39 @@
+include "../../circuits/mux3.circom";
+include "../../circuits/bitify.circom";
+
+
+template Constants() {
+ var i;
+ signal output out[8];
+
+ out[0] <== 37;
+ out[1] <== 47;
+ out[2] <== 53;
+ out[3] <== 71;
+ out[4] <== 89;
+ out[5] <== 107;
+ out[6] <== 163;
+ out[7] <== 191;
+}
+
+template Main() {
+ var i;
+ signal private input selector;
+ signal output out;
+
+ component mux = Mux3();
+ component n2b = Num2Bits(3);
+ component cst = Constants();
+
+ selector ==> n2b.in;
+ for (i=0; i<3; i++) {
+ n2b.out[i] ==> mux.s[i];
+ }
+ for (i=0; i<8; i++) {
+ cst.out[i] ==> mux.c[i];
+ }
+
+ mux.out ==> out;
+}
+
+component main = Main();
diff --git a/circuits/basics/mux/mux4/README.md b/circuits/basics/mux/mux4/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/basics/mux/mux4/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/mux/mux4/mux4.circom b/circuits/basics/mux/mux4/mux4.circom
new file mode 100644
index 00000000..c30bb94f
--- /dev/null
+++ b/circuits/basics/mux/mux4/mux4.circom
@@ -0,0 +1,118 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template MultiMux4(n) {
+ signal input c[n][16]; // Constants
+ signal input s[4]; // Selector
+ signal output out[n];
+
+ signal a3210[n];
+ signal a321[n];
+ signal a320[n];
+ signal a310[n];
+ signal a32[n];
+ signal a31[n];
+ signal a30[n];
+ signal a3[n];
+
+ signal a210[n];
+ signal a21[n];
+ signal a20[n];
+ signal a10[n];
+ signal a2[n];
+ signal a1[n];
+ signal a0[n];
+ signal a[n];
+
+ // 4 constrains for the intermediary variables
+ signal s10;
+ s10 <== s[1] * s[0];
+ signal s20;
+ s20 <== s[2] * s[0];
+ signal s21;
+ s21 <== s[2] * s[1];
+ signal s210;
+ s210 <== s21 * s[0];
+
+
+ for (var i=0; i<n; i++) {
+
+ a3210[i] <== ( c[i][15]-c[i][14]-c[i][13]+c[i][12] - c[i][11]+c[i][10]+c[i][ 9]-c[i][ 8]
+ -c[i][ 7]+c[i][ 6]+c[i][ 5]-c[i][ 4] + c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s210;
+ a321[i] <== ( c[i][14]-c[i][12]-c[i][10]+c[i][ 8] - c[i][ 6]+c[i][ 4]+c[i][ 2]-c[i][ 0] ) * s21;
+ a320[i] <== ( c[i][13]-c[i][12]-c[i][ 9]+c[i][ 8] - c[i][ 5]+c[i][ 4]+c[i][ 1]-c[i][ 0] ) * s20;
+ a310[i] <== ( c[i][11]-c[i][10]-c[i][ 9]+c[i][ 8] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) * s10;
+ a32[i] <== ( c[i][12]-c[i][ 8]-c[i][ 4]+c[i][ 0] ) * s[2];
+ a31[i] <== ( c[i][10]-c[i][ 8]-c[i][ 2]+c[i][ 0] ) * s[1];
+ a30[i] <== ( c[i][ 9]-c[i][ 8]-c[i][ 1]+c[i][ 0] ) * s[0];
+ a3[i] <== ( c[i][ 8]-c[i][ 0] );
+
+ a210[i] <== ( c[i][ 7]-c[i][ 6]-c[i][ 5]+c[i][ 4] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) * s210;
+ a21[i] <== ( c[i][ 6]-c[i][ 4]-c[i][ 2]+c[i][ 0] ) * s21;
+ a20[i] <== ( c[i][ 5]-c[i][ 4]-c[i][ 1]+c[i][ 0] ) * s20;
+ a10[i] <== ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s10;
+ a2[i] <== ( c[i][ 4]-c[i][ 0] ) * s[2];
+ a1[i] <== ( c[i][ 2]-c[i][ 0] ) * s[1];
+ a0[i] <== ( c[i][ 1]-c[i][ 0] ) * s[0];
+ a[i] <== ( c[i][ 0] )
+
+ out[i] <== ( a3210[i] + a321[i] + a320[i] + a310[i] + a32[i] + a31[i] + a30[i] + a3[i] ) * s[3] +
+ ( a210[i] + a21[i] + a20[i] + a10[i] + a2[i] + a1[i] + a0[i] + a[i] );
+
+/*
+ out[i] <== ( s210 * ( c[i][15]-c[i][14]-c[i][13]+c[i][12] - c[i][11]+c[i][10]+c[i][ 9]-c[i][ 8]
+ -c[i][ 7]+c[i][ 6]+c[i][ 5]-c[i][ 4] + c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) +
+ s21 * ( c[i][14]-c[i][12]-c[i][10]+c[i][ 8] - c[i][ 6]+c[i][ 4]+c[i][ 2]-c[i][ 0] ) +
+ s20 * ( c[i][13]-c[i][12]-c[i][ 9]+c[i][ 8] - c[i][ 5]+c[i][ 4]+c[i][ 1]-c[i][ 0] ) +
+ s10 * ( c[i][11]-c[i][10]-c[i][ 9]+c[i][ 8] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) +
+ s[2] * ( c[i][12]-c[i][ 8]-c[i][ 4]+c[i][ 0] ) +
+ s[1] * ( c[i][10]-c[i][ 8]-c[i][ 2]+c[i][ 0] ) +
+ s[0] * ( c[i][ 9]-c[i][ 8]-c[i][ 1]+c[i][ 0] ) +
+ ( c[i][ 8]-c[i][ 0] ) ) * s[3] +
+ ( s210 * ( c[i][ 7]-c[i][ 6]-c[i][ 5]+c[i][ 4] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) +
+ s21 * ( c[i][ 6]-c[i][ 4]-c[i][ 2]+c[i][ 0] ) +
+ s20 * ( c[i][ 5]-c[i][ 4]-c[i][ 1]+c[i][ 0] ) +
+ s10 * ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) +
+ s[2] * ( c[i][ 4]-c[i][ 0] ) +
+ s[1] * ( c[i][ 2]-c[i][ 0] ) +
+ s[0] * ( c[i][ 1]-c[i][ 0] ) +
+ ( c[i][ 0] ));
+
+*/
+ }
+}
+
+template Mux4() {
+ var i;
+ signal input c[16]; // Constants
+ signal input s[4]; // Selector
+ signal output out;
+
+ component mux = MultiMux4(1);
+
+ for (i=0; i<16; i++) {
+ mux.c[0][i] <== c[i];
+ }
+
+ for (i=0; i<4; i++) {
+ s[i] ==> mux.s[i];
+ }
+
+ mux.out[0] ==> out;
+}
diff --git a/circuits/basics/mux/mux4/mux4_1.circom b/circuits/basics/mux/mux4/mux4_1.circom
new file mode 100644
index 00000000..d63e4661
--- /dev/null
+++ b/circuits/basics/mux/mux4/mux4_1.circom
@@ -0,0 +1,54 @@
+include "../../circuits/mux4.circom";
+include "../../circuits/bitify.circom";
+
+
+template Constants() {
+ var i;
+ signal output out[16];
+
+ out[0] <== 123;
+ out[1] <== 456;
+ out[2] <== 789;
+ out[3] <== 012;
+ out[4] <== 111;
+ out[5] <== 222;
+ out[6] <== 333;
+ out[7] <== 4546;
+ out[8] <== 134523;
+ out[9] <== 44356;
+ out[10] <== 15623;
+ out[11] <== 4566;
+ out[12] <== 1223;
+ out[13] <== 4546;
+ out[14] <== 4256;
+ out[15] <== 4456;
+
+/*
+ for (i=0;i<16; i++) {
+ out[i] <== i*2+100;
+ }
+*/
+
+}
+
+template Main() {
+ var i;
+ signal private input selector;
+ signal output out;
+
+ component mux = Mux4();
+ component n2b = Num2Bits(4);
+ component cst = Constants();
+
+ selector ==> n2b.in;
+ for (i=0; i<4; i++) {
+ n2b.out[i] ==> mux.s[i];
+ }
+ for (i=0; i<16; i++) {
+ cst.out[i] ==> mux.c[i];
+ }
+
+ mux.out ==> out;
+}
+
+component main = Main();
diff --git a/circuits/basics/old_README.md b/circuits/basics/old_README.md
new file mode 100644
index 00000000..5a00ae1a
--- /dev/null
+++ b/circuits/basics/old_README.md
@@ -0,0 +1,29 @@
+# CircomLib/Circuits
+
+## Description
+
+- This folder contains circuit templates for standard operations and many cryptographic primitives.
+- Below you can find specifications of each function. In the representation of elements, there are three tyes:
+ - Binary
+ - String
+ - Field element (the field is specified in each case. We consider 2 possible fields: Fp and Fr, where p... and r... .)
+
+## Jordi
+
+* compconstant - Returns 1 if `in` (expanded to binary array) > `ct`
+* aliascheck - check if `in` (expanded to binary array) oveflowed its 254 bits (<= -1)
+* babyjub - twisted Edwards curve 168700.x^2 + y^2 = 1 + 168696.x^2.y^2
+ * BabyAdd - (`xout`,`yout`) = (`x1`,`y1`) + (`x2`,`y2`)
+ * BabyDbl - (`xout`,`yout`) = 2*(`x`,`y`)
+ * BabyCheck - check that (`x`,`y`) is on the curve
+* binsub - binary subtraction
+* gates - logical gates
+* mimc - SNARK-friendly hash Minimal Multiplicative Complexity.
+ * https://eprint.iacr.org/2016/492.pdf
+ * zcash/zcash#2233
+* smt - Sparse Merkle Tree
+ * https://ethresear.ch/t/optimizing-sparse-merkle-trees/3751
+* montgomery https://en.wikipedia.org/wiki/Montgomery_curve
+
+## Table of Contents
+
diff --git a/circuits/basics/sign/README.md b/circuits/basics/sign/README.md
new file mode 100644
index 00000000..d2d63492
--- /dev/null
+++ b/circuits/basics/sign/README.md
@@ -0,0 +1,19 @@
+# `Sign()`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/sign/sign.circom b/circuits/basics/sign/sign.circom
new file mode 100644
index 00000000..98df47dd
--- /dev/null
+++ b/circuits/basics/sign/sign.circom
@@ -0,0 +1,35 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../compconstant/compconstant.circom";
+
+template Sign() {
+ signal input in[254];
+ signal output sign;
+
+ component comp = CompConstant(10944121435919637611123202872628637544274182200208017171849102093287904247808);
+
+ var i;
+
+ for (i=0; i<254; i++) {
+ comp.in[i] <== in[i];
+ }
+
+ sign <== comp.out;
+}
diff --git a/circuits/basics/switcher/README.md b/circuits/basics/switcher/README.md
new file mode 100644
index 00000000..250fa88c
--- /dev/null
+++ b/circuits/basics/switcher/README.md
@@ -0,0 +1,19 @@
+# `Switcher()`
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basics/switcher/switcher.circom b/circuits/basics/switcher/switcher.circom
new file mode 100644
index 00000000..4d8b1147
--- /dev/null
+++ b/circuits/basics/switcher/switcher.circom
@@ -0,0 +1,40 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/*
+ Assume sel is binary.
+
+ If sel == 0 then outL = L and outR=R
+ If sel == 1 then outL = R and outR=L
+
+ */
+
+template Switcher() {
+ signal input sel;
+ signal input L;
+ signal input R;
+ signal output outL;
+ signal output outR;
+
+ signal aux;
+
+ aux <== (R-L)*sel; // We create aux in order to have only one multiplication
+ outL <== aux + L;
+ outR <== -aux + R;
+}
diff --git a/circuits/cryptography/README.md b/circuits/cryptography/README.md
new file mode 100644
index 00000000..c798537c
--- /dev/null
+++ b/circuits/cryptography/README.md
@@ -0,0 +1,21 @@
+# `cryptography`
+
+This folder contains the templates to compute cryptographic functions, such as hash functions and signatures.
+
+## Structure of the folder
+
+- [`hash_functions`](doc/cryptography/hash_functions)
+ - [`mimc`](doc/cryptography/hash_functions/mimc)
+ - [`mimc7`](doc/cryptography/hash_functions/mimc/mimc7)
+ - [`mimcfeistel`](doc/cryptography/hash_functions/mimc/mimcfeistel)
+ - [`mimcsponge`](doc/cryptography/hash_functions/mimc/mimcsponge)
+ - [`multimimc7`](doc/cryptography/hash_functions/mimc/multimimc7)
+ - [`pedersen`](doc/cryptography/hash_functions/pedersen)
+ - [`segment`](doc/cryptography/hash_functions/pedersen/segment)
+ - [`window3`](doc/cryptography/hash_functions/pedersen/window3)
+ - [`window4`](doc/cryptography/hash_functions/pedersen/window4)
+ - [`poseidon`](doc/cryptography/hash_functions/poseidon)
+ - [`sha256`](doc/cryptography/hash_functions/sha256)
+- [`signatures`](doc/cryptography/signatures)
+ - [`eddsa`](doc/cryptography/signatures/eddsa)
+- [`smt`](doc/cryptography/smt)
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/README.md b/circuits/cryptography/elliptic_curves/README.md
new file mode 100644
index 00000000..6a3b0e7c
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/README.md
@@ -0,0 +1,25 @@
+# `elliptic_curves`
+
+This folder contains the templates to do operations on different elliptic curves.
+
+## Structure of the Folder
+
+- [`baby_jubjub`](doc/elliptic_curves/baby_jubjub)
+ - [`edwards`](doc/elliptic_curves/baby_jubjub/edwards)
+ - [`babyadd`](doc/elliptic_curves/baby_jubjub/edwards/babyadd)
+ - [`babycheck`](doc/elliptic_curves/baby_jubjub/edwards/babycheck)
+ - [`babydbl`](doc/elliptic_curves/baby_jubjub/edwards/babydbl)
+ - [`babypbk`](doc/elliptic_curves/baby_jubjub/edwards/babypbk)
+ - [`scalar_mul`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul)
+ - [`scalarmul`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul)
+ - [`scalarmulany`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany)
+ - [`scalarmulfix`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix)
+ - [`scalarmulwtable`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable)
+ - [`edwards2montgomery`](doc/elliptic_curves/baby_jubjub/edwards2montgomery)
+ - [`montgomery`](doc/elliptic_curves/baby_jubjub/montgomery)
+ - [`montgomeryadd`](doc/elliptic_curves/baby_jubjub/montgomery/montgomeryadd)
+ - [`montgomerydouble`](doc/elliptic_curves/baby_jubjub/montgomery/montgomerydouble)
+ - [`montgomery2edwards`](doc/elliptic_curves/baby_jubjub/montgomery2edwards)
+ - [`point2bits`](doc/elliptic_curves/baby_jubjub/point2bits)
+
+## Background on Elliptic Curves
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/README.md
new file mode 100644
index 00000000..e8680c01
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/README.md
@@ -0,0 +1,24 @@
+# `baby_jubjub`
+
+This folder contains the templates to do operations on [Baby Jubjub](https://github.com/ethereum/EIPs/pull/2494) elliptic curve.
+
+## Structure of the folder
+
+- [`edwards`](doc/elliptic_curves/baby_jubjub/edwards)
+ - [`babyadd`](doc/elliptic_curves/baby_jubjub/edwards/babyadd)
+ - [`babycheck`](doc/elliptic_curves/baby_jubjub/edwards/babycheck)
+ - [`babydbl`](doc/elliptic_curves/baby_jubjub/edwards/babydbl)
+ - [`babypbk`](doc/elliptic_curves/baby_jubjub/edwards/babypbk)
+ - [`scalar_mul`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul)
+ - [`scalarmul`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul)
+ - [`scalarmulany`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany)
+ - [`scalarmulfix`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix)
+ - [`scalarmulwtable`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable)
+- [`edwards2montgomery`](doc/elliptic_curves/baby_jubjub/edwards2montgomery)
+- [`montgomery`](doc/elliptic_curves/baby_jubjub/montgomery)
+ - [`montgomeryadd`](doc/elliptic_curves/baby_jubjub/montgomery/montgomeryadd)
+ - [`montgomerydouble`](doc/elliptic_curves/baby_jubjub/montgomery/montgomerydouble)
+- [`montgomery2edwards`](doc/elliptic_curves/baby_jubjub/montgomery2edwards)
+- [`point2bits`](doc/elliptic_curves/baby_jubjub/point2bits)
+
+## Background on Baby Jubjub
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/babyjub.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/babyjub.circom
new file mode 100644
index 00000000..537b1a0d
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/babyjub.circom
@@ -0,0 +1,106 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "bitify.circom";
+include "escalarmulfix.circom";
+
+template BabyAdd() {
+ signal input x1;
+ signal input y1;
+ signal input x2;
+ signal input y2;
+ signal output xout;
+ signal output yout;
+
+ signal beta;
+ signal gamma;
+ signal delta;
+ signal tau;
+
+ var a = 168700;
+ var d = 168696;
+
+ beta <== x1*y2;
+ gamma <== y1*x2;
+ delta <== (-a*x1+y1)*(x2 + y2);
+ tau <== beta * gamma;
+
+ xout <-- (beta + gamma) / (1+ d*tau);
+ (1+ d*tau) * xout === (beta + gamma);
+
+ yout <-- (delta + a*beta - gamma) / (1-d*tau);
+ (1-d*tau)*yout === (delta + a*beta - gamma);
+}
+
+template BabyDbl() {
+ signal input x;
+ signal input y;
+ signal output xout;
+ signal output yout;
+
+ component adder = BabyAdd();
+ adder.x1 <== x;
+ adder.y1 <== y;
+ adder.x2 <== x;
+ adder.y2 <== y;
+
+ adder.xout ==> xout;
+ adder.yout ==> yout;
+}
+
+
+template BabyCheck() {
+ signal input x;
+ signal input y;
+
+ signal x2;
+ signal y2;
+
+ var a = 168700;
+ var d = 168696;
+
+ x2 <== x*x;
+ y2 <== y*y;
+
+ a*x2 + y2 === 1 + d*x2*y2;
+}
+
+// Extracts the public key from private key
+template BabyPbk() {
+ signal private input in;
+ signal output Ax;
+ signal output Ay;
+
+ var BASE8[2] = [
+ 5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203
+ ];
+
+ component pvkBits = Num2Bits(253);
+ pvkBits.in <== in;
+
+ component mulFix = EscalarMulFix(253, BASE8);
+
+ var i;
+ for (i=0; i<253; i++) {
+ mulFix.e[i] <== pvkBits.out[i];
+ }
+ Ax <== mulFix.out[0];
+ Ay <== mulFix.out[1];
+}
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/babyjub.test.js b/circuits/cryptography/elliptic_curves/baby_jubjub/babyjub.test.js
new file mode 100644
index 00000000..4a89cc83
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/babyjub.test.js
@@ -0,0 +1,112 @@
+const chai = require("chai");
+const path = require("path");
+
+const createBlakeHash = require("blake-hash");
+const eddsa = require("../src/eddsa.js");
+
+const assert = chai.assert;
+
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+const utils = require("../src/utils.js");
+
+describe("Baby Jub test", function () {
+ let circuitAdd;
+ let circuitTest;
+ let circuitPbk;
+
+ this.timeout(100000);
+
+ before( async() => {
+ circuitAdd = await tester(path.join(__dirname, "circuits", "babyadd_tester.circom"));
+
+ circuitTest = await tester(path.join(__dirname, "circuits", "babycheck_test.circom"));
+
+ circuitPbk = await tester(path.join(__dirname, "circuits", "babypbk_test.circom"));
+ });
+
+ it("Should add point (0,1) and (0,1)", async () => {
+
+ const input={
+ x1: bigInt(0),
+ y1: bigInt(1),
+ x2: bigInt(0),
+ y2: bigInt(1)
+ };
+
+ const w = await circuitAdd.calculateWitness(input, true);
+
+ await circuitAdd.assertOut(w, {xout: bigInt(0), yout: bigInt(1)});
+ });
+
+ it("Should add 2 same numbers", async () => {
+
+ const input={
+ x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ y1: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+ x2: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ y2: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")
+ };
+
+ const w = await circuitAdd.calculateWitness(input, true);
+
+ await circuitAdd.assertOut(w, {
+ xout: bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
+ yout: bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889")
+ });
+
+ });
+
+ it("Should add 2 different numbers", async () => {
+
+ const input={
+ x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ y1: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+ x2: bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
+ y2: bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311")
+ };
+
+ const w = await circuitAdd.calculateWitness(input, true);
+
+ await circuitAdd.assertOut(w, {
+ xout: bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937"),
+ yout: bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499")
+ });
+
+ });
+
+ it("Should check (0,1) is a valid point", async() => {
+ const w = await circuitTest.calculateWitness({x: 0, y:1}, true);
+
+ await circuitTest.checkConstraints(w);
+ });
+
+ it("Should check (1,0) is an invalid point", async() => {
+ try {
+ await circuitTest.calculateWitness({x: 1, y: 0}, true);
+ assert(false, "Should be a valid point");
+ } catch(err) {
+ assert(/Constraint\sdoesn't\smatch(.*)168700\s!=\s1/.test(err.message) );
+ }
+ });
+
+ it("Should extract the public key from the private one", async () => {
+
+ const rawpvk = Buffer.from("0001020304050607080900010203040506070809000102030405060708090021", "hex");
+ const pvk = eddsa.pruneBuffer(createBlakeHash("blake512").update(rawpvk).digest().slice(0,32));
+ const S = utils.leBuff2int(pvk).shiftRight(3);
+
+ const A = eddsa.prv2pub(rawpvk);
+
+ const input = {
+ in : S
+ };
+
+ const w = await circuitPbk.calculateWitness(input, true);
+
+ await circuitPbk.assertOut(w, {Ax : A[0], Ay: A[1]});
+
+ await circuitPbk.checkConstraints(w);
+ });
+
+});
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/babyjub_js.test.js b/circuits/cryptography/elliptic_curves/baby_jubjub/babyjub_js.test.js
new file mode 100644
index 00000000..b65d71c6
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/babyjub_js.test.js
@@ -0,0 +1,164 @@
+const chai = require("chai");
+const bigInt = require("big-integer");
+const babyjub = require("../src/babyjub.js");
+
+const assert = chai.assert;
+
+// const bigInt = require("big-integer");
+
+
+describe("Baby Jub js test", function () {
+
+ this.timeout(100000);
+
+ it("Should add point (0,1) and (0,1)", () => {
+
+ const p1 = [
+ bigInt(0),
+ bigInt(1)];
+ const p2 = [
+ bigInt(0),
+ bigInt(1)
+ ];
+
+ const out = babyjub.addPoint(p1, p2);
+ assert(out[0].equals(0));
+ assert(out[1].equals(1));
+ });
+
+ it("Should base be 8*generator", () => {
+ let res;
+ res = babyjub.addPoint(babyjub.Generator, babyjub.Generator);
+ res = babyjub.addPoint(res, res);
+ res = babyjub.addPoint(res, res);
+
+ assert(res[0].equals(babyjub.Base8[0]));
+ assert(res[1].equals(babyjub.Base8[1]));
+ });
+
+ it("Should add 2 same numbers", () => {
+
+ const p1 = [
+ bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+ ];
+ const p2 = [
+ bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+ ];
+
+ const out = babyjub.addPoint(p1, p2);
+ assert(out[0].equals(bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365")));
+ assert(out[1].equals(bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889")));
+ });
+
+ it("Should add 2 different numbers", () => {
+
+ const p1 = [
+ bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+ ];
+ const p2 = [
+ bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
+ bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311"),
+ ];
+
+ const out = babyjub.addPoint(p1, p2);
+
+ assert(out[0].equals(bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937")));
+ assert(out[1].equals(bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499")));
+ });
+
+ it("should mulPointEscalar 0", () => {
+ const p = [
+ bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+ ];
+
+ const r = babyjub.mulPointEscalar(p, bigInt("3"));
+ let r2 = babyjub.addPoint(p, p);
+ r2 = babyjub.addPoint(r2, p);
+ assert.equal(r2[0].toString(), r[0].toString());
+ assert.equal(r2[1].toString(), r[1].toString());
+ assert.equal(r[0].toString(), "19372461775513343691590086534037741906533799473648040012278229434133483800898");
+ assert.equal(r[1].toString(), "9458658722007214007257525444427903161243386465067105737478306991484593958249");
+ });
+
+ it("should mulPointEscalar 1", () => {
+ const p = [
+ bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+ ];
+
+ const r = babyjub.mulPointEscalar(p, bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499"));
+ assert.equal(r[0].toString(), "17070357974431721403481313912716834497662307308519659060910483826664480189605");
+ assert.equal(r[1].toString(), "4014745322800118607127020275658861516666525056516280575712425373174125159339");
+ });
+
+ it("should mulPointEscalar 2", () => {
+ const p = [
+ bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
+ bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
+ ];
+
+ const r = babyjub.mulPointEscalar(p, bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311"));
+ assert.equal(r[0].toString(), "13563888653650925984868671744672725781658357821216877865297235725727006259983");
+ assert.equal(r[1].toString(), "8442587202676550862664528699803615547505326611544120184665036919364004251662");
+ });
+
+ it("should inCurve 1", () => {
+ const p = [
+ bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+ ];
+ assert(babyjub.inCurve(p));
+ });
+
+ it("should inCurve 2", () => {
+ const p = [
+ bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
+ bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
+ ];
+ assert(babyjub.inCurve(p));
+ });
+
+ it("should inSubgroup 1", () => {
+ const p = [
+ bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+ ];
+ assert(babyjub.inSubgroup(p));
+ });
+
+ it("should inSubgroup 2", () => {
+ const p = [
+ bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
+ bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
+ ];
+ assert(babyjub.inSubgroup(p));
+ });
+
+ it("should packPoint - unpackPoint 1", () => {
+ const p = [
+ bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+ ];
+ const buf = babyjub.packPoint(p);
+ assert.equal(buf.toString("hex"), "53b81ed5bffe9545b54016234682e7b2f699bd42a5e9eae27ff4051bc698ce85");
+ const p2 = babyjub.unpackPoint(buf);
+ assert.equal(p2[0].toString(), "17777552123799933955779906779655732241715742912184938656739573121738514868268");
+ assert.equal(p2[1].toString(), "2626589144620713026669568689430873010625803728049924121243784502389097019475");
+ });
+
+ it("should packPoint - unpackPoint 2", () => {
+ const p = [
+ bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
+ bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
+ ];
+ const buf = babyjub.packPoint(p);
+ assert.equal(buf.toString("hex"), "e114eb17eddf794f063a68fecac515e3620e131976108555735c8b0773929709");
+ const p2 = babyjub.unpackPoint(buf);
+ assert.equal(p2[0].toString(), "6890855772600357754907169075114257697580319025794532037257385534741338397365");
+ assert.equal(p2[1].toString(), "4338620300185947561074059802482547481416142213883829469920100239455078257889");
+ });
+});
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/README.md
new file mode 100644
index 00000000..e69de29b
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
new file mode 100644
index 00000000..96b08528
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
@@ -0,0 +1,53 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby_jubjub) in twisted Edwards form.
+(TODO: Expose here the characteristics of the curve?)
+
+## Description
+
+It adds two points on the Baby Jubjub curve in twisted Edwards form. More specifically, given two points P1 = (`x1`, `y1`) and P2 = (`x2`, `y2`) it returns a point P3 = (`xout`, `yout`) such that
+
+(`xout`, `yout`) = (`x1`,`y1`) + (`x2`,`y2`)
+ = ((`x1y2`+`y1x2`)/(1+`dx1x2y1y2`)),(`y1y2`-`ax1x2`)/(1-`dx1x2y1y2`))
+
+## Schema
+
+```
+ var a var d
+ | |
+ | |
+ ______v_________v_______
+ input x1 ----> | |
+ input y1 ----> | BabyAdd() | ----> output xout
+ input x2 ----> | | ----> output yout
+ input y2 ----> |________________________|
+```
+
+## Dependencies
+
+## Inputs
+
+| Input | Representation | Description | |
+| ------------- | ------------- | ------------- | ------------- |
+| `x1` | Bigint | Field element of Fp | First coordinate of a point (x1, y1) on E. |
+| `y1` | Bigint | Field element of Fp | Second coordinate of a point (x1, y1) on E. |
+| `x2` | Bigint | Field element of Fp | First coordinate of a point (x2, y2) on E. |
+| `y2` | Bigint | Field element of Fp | Second coordinate of a point (x2, y2) on E. |
+
+Requirement: at least `x1`!=`x2` or `y1`!=`y2`.
+
+## Outputs
+
+| Output | Representation | Description | |
+| ------------- | ------------- | ------------- | ------------- |
+| `xout` | Bigint | Field element of Fp | First coordinate of the addition point (xout, yout) = (x1, y1) + (x2, y2). |
+| `yout` | Bigint | Field element of Fp | Second coordinate of the addition point (xout, yout) = (x1, y1) + (x2, y2). |
+
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
new file mode 100644
index 00000000..129acfac
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/babyjub.circom";
+
+component main = BabyAdd();
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/README.md
new file mode 100644
index 00000000..be982f17
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/README.md
@@ -0,0 +1,21 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+checks if a given point is in the curve.
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
new file mode 100644
index 00000000..925de65e
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/babyjub.circom";
+
+component main = BabyCheck();
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/README.md
new file mode 100644
index 00000000..693a9bcc
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/README.md
@@ -0,0 +1,21 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+doubles a point (`xout`,`yout`) = 2*(`x`,`y`).
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/README.md
new file mode 100644
index 00000000..3f09136c
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/README.md
@@ -0,0 +1,21 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+given a private key, it returns the associated public key.
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk_test.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk_test.circom
new file mode 100644
index 00000000..2583bb95
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/babyjub.circom";
+
+component main = BabyPbk();
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/README.md
new file mode 100644
index 00000000..e69de29b
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards2montgomery/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards2montgomery/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards2montgomery/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmul.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmul.circom
new file mode 100644
index 00000000..9cd13f7c
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmul.circom
@@ -0,0 +1,165 @@
+ /*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/*
+
+ ┏━━━━━━━━━━━┓
+ ┃ ┃
+ ┃ ┃
+ (inx, iny) ══════════════════════════════════════════▶┃ EC Point ┃
+ ┃ ╠═▶ (outx, outy)
+ ╔══▶┃ Adder ┃
+ ║ ┃ ┃
+ ║ ┃ ┃
+ ║ ┃ ┃
+ ┏━━━━━━━━━━━┓ ┏━━━━━━━━━━━━┓ ║ ┗━━━━━━━━━━━┛
+ ┃ ┃ ┃ ┃ ║
+ ┃ ┃ ┃ ┃ ║
+ ┃ ╠═══(p0x,p0y)═══▶┃ ┃ ║
+ ┃ ╠═══(p1x,p1y)═══▶┃ ┃ ║
+ ┃ ╠═══(p2x,p2y)═══▶┃ ┃ ║
+ ┃ ╠═══(p3x,p3y)═══▶┃ ┃ ║
+ ┃ ╠═══(p4x,p4y)═══▶┃ ┃ ║
+ ┃ ╠═══(p5x,p5y)═══▶┃ ┃ ║
+ ┃ ╠═══(p6x,p6y)═══▶┃ ┃ ║
+ ┃ Constant ╠═══(p7x,p7y)═══▶┃ ┃ ║
+ ┃ Points ┃ ┃ Mux4 ╠══╝
+ ┃ ╠═══(p8x,p8y)═══▶┃ ┃
+ ┃ ╠═══(p9x,p9y)═══▶┃ ┃
+ ┃ ╠══(p10x,p10y)══▶┃ ┃
+ ┃ ╠══(p11x,p11y)══▶┃ ┃
+ ┃ ╠══(p12x,p12y)══▶┃ ┃
+ ┃ ╠══(p13x,p13y)══▶┃ ┃
+ ┃ ╠══(p14x,p14y)══▶┃ ┃
+ ┃ ╠══(p15x,p15y)══▶┃ ┃
+ ┃ ┃ ┃ ┃
+ ┃ ┃ ┃ ┃
+ ┗━━━━━━━━━━━┛ ┗━━━━━━━━━━━━┛
+ ▲ ▲ ▲ ▲
+ │ │ │ │
+ s0 ─────────────────────────────────┘ │ │ │
+ s1 ────────────────────────────────────┘ │ │
+ s2 ───────────────────────────────────────┘ │
+ s3 ──────────────────────────────────────────┘
+
+
+ */
+
+include "mux4.circom";
+include "escalarmulw4table.circom";
+include "babyjub.circom";
+
+template EscalarMulWindow(base, k) {
+
+ signal input in[2];
+ signal input sel[4];
+ signal output out[2];
+
+ var table[16][2];
+ component mux;
+ component adder;
+
+ var i;
+
+ table = EscalarMulW4Table(base, k);
+ mux = MultiMux4(2);
+ adder = BabyAdd();
+
+ for (i=0; i<4; i++) {
+ sel[i] ==> mux.s[i];
+ }
+
+ for (i=0; i<16; i++) {
+ mux.c[0][i] <== table[i][0];
+ mux.c[1][i] <== table[i][1];
+ }
+
+ in[0] ==> adder.x1;
+ in[1] ==> adder.y1;
+
+ mux.out[0] ==> adder.x2;
+ mux.out[1] ==> adder.y2;
+
+ adder.xout ==> out[0];
+ adder.yout ==> out[1];
+}
+
+/*
+
+
+ ┏━━━━━━━━━┓ ┏━━━━━━━━━┓ ┏━━━━━━━━━━━━━━━━━━━┓
+ ┃ ┃ ┃ ┃ ┃ ┃
+ inp ════▶┃Window(0)┃═════▶┃Window(1)┃════════ . . . . ═════════▶┃ Window(nBlocks-1) ┃═════▶ out
+ ┃ ┃ ┃ ┃ ┃ ┃
+ ┗━━━━━━━━━┛ ┗━━━━━━━━━┛ ┗━━━━━━━━━━━━━━━━━━━┛
+ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲
+ in[0]─────────┘ │ │ │ │ │ │ │ │ │ │ │
+ in[1]───────────┘ │ │ │ │ │ │ │ │ │ │
+ in[2]─────────────┘ │ │ │ │ │ │ │ 0 0
+ in[3]───────────────┘ │ │ │ │ │ │
+ in[4]──────────────────────────┘ │ │ │ │ │
+ in[5]────────────────────────────┘ │ │ │ │
+ in[6]──────────────────────────────┘ │ │ │
+ in[7]────────────────────────────────┘ │ │
+ . │ │
+ . │ │
+ in[n-2]─────────────────────────────────────────────────────────────────────┘ │
+ in[n-1]───────────────────────────────────────────────────────────────────────┘
+
+ */
+
+template EscalarMul(n, base) {
+ signal input in[n];
+ signal input inp[2]; // Point input to be added
+ signal output out[2];
+
+ var nBlocks = ((n-1)>>2)+1;
+ var i;
+ var j;
+
+ component windows[nBlocks];
+
+ // Construct the windows
+ for (i=0; i<nBlocks; i++) {
+ windows[i] = EscalarMulWindow(base, i);
+ }
+
+ // Connect the selectors
+ for (i=0; i<nBlocks; i++) {
+ for (j=0; j<4; j++) {
+ if (i*4+j >= n) {
+ windows[i].sel[j] <== 0;
+ } else {
+ windows[i].sel[j] <== in[i*4+j];
+ }
+ }
+ }
+
+ // Start with generator
+ windows[0].in[0] <== inp[0];
+ windows[0].in[1] <== inp[1];
+
+ for(i=0; i<nBlocks-1; i++) {
+ windows[i].out[0] ==> windows[i+1].in[0];
+ windows[i].out[1] ==> windows[i+1].in[1];
+ }
+
+ windows[nBlocks-1].out[0] ==> out[0];
+ windows[nBlocks-1].out[1] ==> out[1];
+}
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulany.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulany.circom
new file mode 100644
index 00000000..3f6aec4d
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulany.circom
@@ -0,0 +1,196 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "montgomery.circom";
+include "babyjub.circom";
+include "comparators.circom";
+
+template Multiplexor2() {
+ signal input sel;
+ signal input in[2][2];
+ signal output out[2];
+
+ out[0] <== (in[1][0] - in[0][0])*sel + in[0][0];
+ out[1] <== (in[1][1] - in[0][1])*sel + in[0][1];
+}
+
+template BitElementMulAny() {
+ signal input sel;
+ signal input dblIn[2];
+ signal input addIn[2];
+ signal output dblOut[2];
+ signal output addOut[2];
+
+ component doubler = MontgomeryDouble();
+ component adder = MontgomeryAdd();
+ component selector = Multiplexor2();
+
+
+ sel ==> selector.sel;
+
+ dblIn[0] ==> doubler.in[0];
+ dblIn[1] ==> doubler.in[1];
+ doubler.out[0] ==> adder.in1[0];
+ doubler.out[1] ==> adder.in1[1];
+ addIn[0] ==> adder.in2[0];
+ addIn[1] ==> adder.in2[1];
+ addIn[0] ==> selector.in[0][0];
+ addIn[1] ==> selector.in[0][1];
+ adder.out[0] ==> selector.in[1][0];
+ adder.out[1] ==> selector.in[1][1];
+
+ doubler.out[0] ==> dblOut[0];
+ doubler.out[1] ==> dblOut[1];
+ selector.out[0] ==> addOut[0];
+ selector.out[1] ==> addOut[1];
+}
+
+// p is montgomery point
+// n must be <= 248
+// returns out in twisted edwards
+// Double is in montgomery to be linked;
+
+template SegmentMulAny(n) {
+ signal input e[n];
+ signal input p[2];
+ signal output out[2];
+ signal output dbl[2];
+
+ component bits[n-1];
+
+ component e2m = Edwards2Montgomery();
+
+ p[0] ==> e2m.in[0];
+ p[1] ==> e2m.in[1];
+
+ var i;
+
+ bits[0] = BitElementMulAny();
+ e2m.out[0] ==> bits[0].dblIn[0]
+ e2m.out[1] ==> bits[0].dblIn[1]
+ e2m.out[0] ==> bits[0].addIn[0]
+ e2m.out[1] ==> bits[0].addIn[1]
+ e[1] ==> bits[0].sel;
+
+ for (i=1; i<n-1; i++) {
+ bits[i] = BitElementMulAny();
+
+ bits[i-1].dblOut[0] ==> bits[i].dblIn[0]
+ bits[i-1].dblOut[1] ==> bits[i].dblIn[1]
+ bits[i-1].addOut[0] ==> bits[i].addIn[0]
+ bits[i-1].addOut[1] ==> bits[i].addIn[1]
+ e[i+1] ==> bits[i].sel;
+ }
+
+ bits[n-2].dblOut[0] ==> dbl[0];
+ bits[n-2].dblOut[1] ==> dbl[1];
+
+ component m2e = Montgomery2Edwards();
+
+ bits[n-2].addOut[0] ==> m2e.in[0];
+ bits[n-2].addOut[1] ==> m2e.in[1];
+
+ component eadder = BabyAdd();
+
+ m2e.out[0] ==> eadder.x1;
+ m2e.out[1] ==> eadder.y1;
+ -p[0] ==> eadder.x2;
+ p[1] ==> eadder.y2;
+
+ component lastSel = Multiplexor2();
+
+ e[0] ==> lastSel.sel;
+ eadder.xout ==> lastSel.in[0][0];
+ eadder.yout ==> lastSel.in[0][1];
+ m2e.out[0] ==> lastSel.in[1][0];
+ m2e.out[1] ==> lastSel.in[1][1];
+
+ lastSel.out[0] ==> out[0];
+ lastSel.out[1] ==> out[1];
+}
+
+// This function assumes that p is in the subgroup and it is different to 0
+
+template EscalarMulAny(n) {
+ signal input e[n]; // Input in binary format
+ signal input p[2]; // Point (Twisted format)
+ signal output out[2]; // Point (Twisted format)
+
+ var nsegments = (n-1)\148 +1;
+ var nlastsegment = n - (nsegments-1)*148;
+
+ component segments[nsegments];
+ component doublers[nsegments-1];
+ component m2e[nsegments-1];
+ component adders[nsegments-1];
+ component zeropoint = IsZero();
+ zeropoint.in <== p[0];
+
+ var s;
+ var i;
+ var nseg;
+
+ for (s=0; s<nsegments; s++) {
+
+ nseg = (s < nsegments-1) ? 148 : nlastsegment;
+
+ segments[s] = SegmentMulAny(nseg);
+
+ for (i=0; i<nseg; i++) {
+ e[s*148+i] ==> segments[s].e[i];
+ }
+
+ if (s==0) {
+ // force G8 point if input point is zero
+ segments[s].p[0] <== p[0] + (5299619240641551281634865583518297030282874472190772894086521144482721001553 - p[0])*zeropoint.out;
+ segments[s].p[1] <== p[1] + (16950150798460657717958625567821834550301663161624707787222815936182638968203 - p[1])*zeropoint.out;
+ } else {
+ doublers[s-1] = MontgomeryDouble();
+ m2e[s-1] = Montgomery2Edwards();
+ adders[s-1] = BabyAdd();
+
+ segments[s-1].dbl[0] ==> doublers[s-1].in[0];
+ segments[s-1].dbl[1] ==> doublers[s-1].in[1];
+
+ doublers[s-1].out[0] ==> m2e[s-1].in[0];
+ doublers[s-1].out[1] ==> m2e[s-1].in[1];
+
+ m2e[s-1].out[0] ==> segments[s].p[0];
+ m2e[s-1].out[1] ==> segments[s].p[1];
+
+ if (s==1) {
+ segments[s-1].out[0] ==> adders[s-1].x1;
+ segments[s-1].out[1] ==> adders[s-1].y1;
+ } else {
+ adders[s-2].xout ==> adders[s-1].x1;
+ adders[s-2].yout ==> adders[s-1].y1;
+ }
+ segments[s].out[0] ==> adders[s-1].x2;
+ segments[s].out[1] ==> adders[s-1].y2;
+ }
+ }
+
+ if (nsegments == 1) {
+ segments[0].out[0]*(1-zeropoint.out) ==> out[0];
+ segments[0].out[1]+(1-segments[0].out[1])*zeropoint.out ==> out[1];
+ } else {
+ adders[nsegments-2].xout*(1-zeropoint.out) ==> out[0];
+ adders[nsegments-2].yout+(1-adders[nsegments-2].yout)*zeropoint.out ==> out[1];
+ }
+}
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulfix.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulfix.circom
new file mode 100644
index 00000000..e2c0998b
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulfix.circom
@@ -0,0 +1,298 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "mux3.circom";
+include "montgomery.circom";
+include "babyjub.circom";
+
+/*
+ Window of 3 elements, it calculates
+ out = base + base*in[0] + 2*base*in[1] + 4*base*in[2]
+ out4 = 4*base
+
+ The result should be compensated.
+ */
+
+/*
+
+ The scalar is s = a0 + a1*2^3 + a2*2^6 + ...... + a81*2^243
+ First We calculate Q = B + 2^3*B + 2^6*B + ......... + 2^246*B
+
+ Then we calculate S1 = 2*2^246*B + (1 + a0)*B + (2^3 + a1)*B + .....+ (2^243 + a81)*B
+
+ And Finaly we compute the result: RES = SQ - Q
+
+ As you can see the input of the adders cannot be equal nor zero, except for the last
+ substraction that it's done in montgomery.
+
+ A good way to see it is that the accumulator input of the adder >= 2^247*B and the other input
+ is the output of the windows that it's going to be <= 2^246*B
+ */
+template WindowMulFix() {
+ signal input in[3];
+ signal input base[2];
+ signal output out[2];
+ signal output out8[2]; // Returns 8*Base (To be linked)
+
+ component mux = MultiMux3(2);
+
+ mux.s[0] <== in[0];
+ mux.s[1] <== in[1];
+ mux.s[2] <== in[2];
+
+ component dbl2 = MontgomeryDouble();
+ component adr3 = MontgomeryAdd();
+ component adr4 = MontgomeryAdd();
+ component adr5 = MontgomeryAdd();
+ component adr6 = MontgomeryAdd();
+ component adr7 = MontgomeryAdd();
+ component adr8 = MontgomeryAdd();
+
+// in[0] -> 1*BASE
+
+ mux.c[0][0] <== base[0];
+ mux.c[1][0] <== base[1];
+
+// in[1] -> 2*BASE
+ dbl2.in[0] <== base[0];
+ dbl2.in[1] <== base[1];
+ mux.c[0][1] <== dbl2.out[0];
+ mux.c[1][1] <== dbl2.out[1];
+
+// in[2] -> 3*BASE
+ adr3.in1[0] <== base[0];
+ adr3.in1[1] <== base[1];
+ adr3.in2[0] <== dbl2.out[0];
+ adr3.in2[1] <== dbl2.out[1];
+ mux.c[0][2] <== adr3.out[0];
+ mux.c[1][2] <== adr3.out[1];
+
+// in[3] -> 4*BASE
+ adr4.in1[0] <== base[0];
+ adr4.in1[1] <== base[1];
+ adr4.in2[0] <== adr3.out[0];
+ adr4.in2[1] <== adr3.out[1];
+ mux.c[0][3] <== adr4.out[0];
+ mux.c[1][3] <== adr4.out[1];
+
+// in[4] -> 5*BASE
+ adr5.in1[0] <== base[0];
+ adr5.in1[1] <== base[1];
+ adr5.in2[0] <== adr4.out[0];
+ adr5.in2[1] <== adr4.out[1];
+ mux.c[0][4] <== adr5.out[0];
+ mux.c[1][4] <== adr5.out[1];
+
+// in[5] -> 6*BASE
+ adr6.in1[0] <== base[0];
+ adr6.in1[1] <== base[1];
+ adr6.in2[0] <== adr5.out[0];
+ adr6.in2[1] <== adr5.out[1];
+ mux.c[0][5] <== adr6.out[0];
+ mux.c[1][5] <== adr6.out[1];
+
+// in[6] -> 7*BASE
+ adr7.in1[0] <== base[0];
+ adr7.in1[1] <== base[1];
+ adr7.in2[0] <== adr6.out[0];
+ adr7.in2[1] <== adr6.out[1];
+ mux.c[0][6] <== adr7.out[0];
+ mux.c[1][6] <== adr7.out[1];
+
+// in[7] -> 8*BASE
+ adr8.in1[0] <== base[0];
+ adr8.in1[1] <== base[1];
+ adr8.in2[0] <== adr7.out[0];
+ adr8.in2[1] <== adr7.out[1];
+ mux.c[0][7] <== adr8.out[0];
+ mux.c[1][7] <== adr8.out[1];
+
+ out8[0] <== adr8.out[0];
+ out8[1] <== adr8.out[1];
+
+ out[0] <== mux.out[0];
+ out[1] <== mux.out[1];
+}
+
+
+/*
+ This component does a multiplication of a escalar times a fix base
+ Signals:
+ e: The scalar in bits
+ base: the base point in edwards format
+ out: The result
+ dbl: Point in Edwards to be linked to the next segment.
+ */
+
+template SegmentMulFix(nWindows) {
+ signal input e[nWindows*3];
+ signal input base[2];
+ signal output out[2];
+ signal output dbl[2];
+
+ var i;
+ var j;
+
+ // Convert the base to montgomery
+
+ component e2m = Edwards2Montgomery();
+ e2m.in[0] <== base[0];
+ e2m.in[1] <== base[1];
+
+ component windows[nWindows];
+ component adders[nWindows];
+ component cadders[nWindows];
+
+ // In the last step we add an extra doubler so that numbers do not match.
+ component dblLast = MontgomeryDouble();
+
+ for (i=0; i<nWindows; i++) {
+ windows[i] = WindowMulFix();
+ cadders[i] = MontgomeryAdd();
+ if (i==0) {
+ windows[i].base[0] <== e2m.out[0];
+ windows[i].base[1] <== e2m.out[1];
+ cadders[i].in1[0] <== e2m.out[0];
+ cadders[i].in1[1] <== e2m.out[1];
+ } else {
+ windows[i].base[0] <== windows[i-1].out8[0];
+ windows[i].base[1] <== windows[i-1].out8[1];
+ cadders[i].in1[0] <== cadders[i-1].out[0];
+ cadders[i].in1[1] <== cadders[i-1].out[1];
+ }
+ for (j=0; j<3; j++) {
+ windows[i].in[j] <== e[3*i+j];
+ }
+ if (i<nWindows-1) {
+ cadders[i].in2[0] <== windows[i].out8[0];
+ cadders[i].in2[1] <== windows[i].out8[1];
+ } else {
+ dblLast.in[0] <== windows[i].out8[0];
+ dblLast.in[1] <== windows[i].out8[1];
+ cadders[i].in2[0] <== dblLast.out[0];
+ cadders[i].in2[1] <== dblLast.out[1];
+ }
+ }
+
+ for (i=0; i<nWindows; i++) {
+ adders[i] = MontgomeryAdd();
+ if (i==0) {
+ adders[i].in1[0] <== dblLast.out[0];
+ adders[i].in1[1] <== dblLast.out[1];
+ } else {
+ adders[i].in1[0] <== adders[i-1].out[0];
+ adders[i].in1[1] <== adders[i-1].out[1];
+ }
+ adders[i].in2[0] <== windows[i].out[0];
+ adders[i].in2[1] <== windows[i].out[1];
+ }
+
+ component m2e = Montgomery2Edwards();
+ component cm2e = Montgomery2Edwards();
+
+ m2e.in[0] <== adders[nWindows-1].out[0];
+ m2e.in[1] <== adders[nWindows-1].out[1];
+ cm2e.in[0] <== cadders[nWindows-1].out[0];
+ cm2e.in[1] <== cadders[nWindows-1].out[1];
+
+ component cAdd = BabyAdd();
+ cAdd.x1 <== m2e.out[0];
+ cAdd.y1 <== m2e.out[1];
+ cAdd.x2 <== -cm2e.out[0];
+ cAdd.y2 <== cm2e.out[1];
+
+ cAdd.xout ==> out[0];
+ cAdd.yout ==> out[1];
+
+ windows[nWindows-1].out8[0] ==> dbl[0];
+ windows[nWindows-1].out8[1] ==> dbl[1];
+}
+
+
+/*
+This component multiplies a escalar times a fixed point BASE (twisted edwards format)
+ Signals
+ e: The escalar in binary format
+ out: The output point in twisted edwards
+ */
+template EscalarMulFix(n, BASE) {
+ signal input e[n]; // Input in binary format
+ signal output out[2]; // Point (Twisted format)
+
+ var nsegments = (n-1)\246 +1; // 249 probably would work. But I'm not sure and for security I keep 246
+ var nlastsegment = n - (nsegments-1)*249;
+
+ component segments[nsegments];
+
+ component m2e[nsegments-1];
+ component adders[nsegments-1];
+
+ var s;
+ var i;
+ var nseg;
+ var nWindows;
+
+ for (s=0; s<nsegments; s++) {
+
+ nseg = (s < nsegments-1) ? 249 : nlastsegment;
+ nWindows = ((nseg - 1)\3)+1;
+
+ segments[s] = SegmentMulFix(nWindows);
+
+ for (i=0; i<nseg; i++) {
+ segments[s].e[i] <== e[s*249+i];
+ }
+
+ for (i = nseg; i<nWindows*3; i++) {
+ segments[s].e[i] <== 0;
+ }
+
+ if (s==0) {
+ segments[s].base[0] <== BASE[0];
+ segments[s].base[1] <== BASE[1];
+ } else {
+ m2e[s-1] = Montgomery2Edwards();
+ adders[s-1] = BabyAdd();
+
+ segments[s-1].dbl[0] ==> m2e[s-1].in[0];
+ segments[s-1].dbl[1] ==> m2e[s-1].in[1];
+
+ m2e[s-1].out[0] ==> segments[s].base[0];
+ m2e[s-1].out[1] ==> segments[s].base[1];
+
+ if (s==1) {
+ segments[s-1].out[0] ==> adders[s-1].x1;
+ segments[s-1].out[1] ==> adders[s-1].y1;
+ } else {
+ adders[s-2].xout ==> adders[s-1].x1;
+ adders[s-2].yout ==> adders[s-1].y1;
+ }
+ segments[s].out[0] ==> adders[s-1].x2;
+ segments[s].out[1] ==> adders[s-1].y2;
+ }
+ }
+
+ if (nsegments == 1) {
+ segments[0].out[0] ==> out[0];
+ segments[0].out[1] ==> out[1];
+ } else {
+ adders[nsegments-2].xout ==> out[0];
+ adders[nsegments-2].yout ==> out[1];
+ }
+}
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulw4table.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulw4table.circom
new file mode 100644
index 00000000..83498fb5
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulw4table.circom
@@ -0,0 +1,51 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+function pointAdd(x1,y1,x2,y2) {
+ var a = 168700;
+ var d = 168696;
+
+ var res[2];
+ res[0] = (x1*y2 + y1*x2) / (1 + d*x1*x2*y1*y2);
+ res[1] = (y1*y2 - a*x1*x2) / (1 - d*x1*x2*y1*y2);
+ return res;
+}
+
+function EscalarMulW4Table(base, k) {
+ var out[16][2];
+
+ var i;
+ var p[2];
+
+ var dbl[2] = base;
+
+ for (i=0; i<k*4; i++) {
+ dbl = pointAdd(dbl[0], dbl[1], dbl[0], dbl[1]);
+ }
+
+ out[0][0] = 0;
+ out[0][1] = 1;
+ for (i=1; i<16; i++) {
+ p = pointAdd(out[i-1][0], out[i-1][1], dbl[0], dbl[1]);
+ out[i][0] = p[0];
+ out[i][1] = p[1];
+ }
+
+ return out;
+}
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery.circom
new file mode 100644
index 00000000..90813079
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery.circom
@@ -0,0 +1,141 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/*
+ Source: https://en.wikipedia.org/wiki/Montgomery_curve
+
+ 1 + y 1 + y
+ [u, v] = [ ------- , ---------- ]
+ 1 - y (1 - y)x
+
+ */
+
+template Edwards2Montgomery() {
+ signal input in[2];
+ signal output out[2];
+
+ out[0] <-- (1 + in[1]) / (1 - in[1]);
+ out[1] <-- out[0] / in[0];
+
+
+ out[0] * (1-in[1]) === (1 + in[1]);
+ out[1] * in[0] === out[0];
+}
+
+/*
+
+ u u - 1
+ [x, y] = [ ---, ------- ]
+ v u + 1
+
+ */
+template Montgomery2Edwards() {
+ signal input in[2];
+ signal output out[2];
+
+ out[0] <-- in[0] / in[1];
+ out[1] <-- (in[0] - 1) / (in[0] + 1);
+
+ out[0] * in[1] === in[0];
+ out[1] * (in[0] + 1) === in[0] - 1;
+}
+
+
+/*
+ x2 - x1
+ lamda = ---------
+ y2 - y1
+
+ x3 + A + x1 + x2
+ x3 = B * lamda^2 - A - x1 -x2 => lamda^2 = ------------------
+ B
+
+ y3 = (2*x1 + x2 + A)*lamda - B*lamda^3 - y1 =>
+
+
+ => y3 = lamda * ( 2*x1 + x2 + A - x3 - A - x1 - x2) - y1 =>
+
+ => y3 = lamda * ( x1 - x3 ) - y1
+
+----------
+
+ y2 - y1
+ lamda = ---------
+ x2 - x1
+
+ x3 = B * lamda^2 - A - x1 -x2
+
+ y3 = lamda * ( x1 - x3 ) - y1
+
+ */
+
+template MontgomeryAdd() {
+ signal input in1[2];
+ signal input in2[2];
+ signal output out[2];
+
+ var a = 168700;
+ var d = 168696;
+
+ var A = (2 * (a + d)) / (a - d);
+ var B = 4 / (a - d);
+
+ signal lamda;
+
+ lamda <-- (in2[1] - in1[1]) / (in2[0] - in1[0]);
+ lamda * (in2[0] - in1[0]) === (in2[1] - in1[1]);
+
+ out[0] <== B*lamda*lamda - A - in1[0] -in2[0];
+ out[1] <== lamda * (in1[0] - out[0]) - in1[1];
+}
+
+/*
+
+ x1_2 = x1*x1
+
+ 3*x1_2 + 2*A*x1 + 1
+ lamda = ---------------------
+ 2*B*y1
+
+ x3 = B * lamda^2 - A - x1 -x1
+
+ y3 = lamda * ( x1 - x3 ) - y1
+
+ */
+template MontgomeryDouble() {
+ signal input in[2];
+ signal output out[2];
+
+ var a = 168700;
+ var d = 168696;
+
+ var A = (2 * (a + d)) / (a - d);
+ var B = 4 / (a - d);
+
+ signal lamda;
+ signal x1_2;
+
+ x1_2 <== in[0] * in[0];
+
+ lamda <-- (3*x1_2 + 2*A*in[0] + 1 ) / (2*B*in[1]);
+ lamda * (2*B*in[1]) === (3*x1_2 + 2*A*in[0] + 1 );
+
+ out[0] <== B*lamda*lamda - A - 2*in[0];
+ out[1] <== lamda * (in[0] - out[0]) - in[1];
+}
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/README.md
new file mode 100644
index 00000000..e8680c01
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/README.md
@@ -0,0 +1,24 @@
+# `baby_jubjub`
+
+This folder contains the templates to do operations on [Baby Jubjub](https://github.com/ethereum/EIPs/pull/2494) elliptic curve.
+
+## Structure of the folder
+
+- [`edwards`](doc/elliptic_curves/baby_jubjub/edwards)
+ - [`babyadd`](doc/elliptic_curves/baby_jubjub/edwards/babyadd)
+ - [`babycheck`](doc/elliptic_curves/baby_jubjub/edwards/babycheck)
+ - [`babydbl`](doc/elliptic_curves/baby_jubjub/edwards/babydbl)
+ - [`babypbk`](doc/elliptic_curves/baby_jubjub/edwards/babypbk)
+ - [`scalar_mul`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul)
+ - [`scalarmul`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul)
+ - [`scalarmulany`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany)
+ - [`scalarmulfix`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix)
+ - [`scalarmulwtable`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable)
+- [`edwards2montgomery`](doc/elliptic_curves/baby_jubjub/edwards2montgomery)
+- [`montgomery`](doc/elliptic_curves/baby_jubjub/montgomery)
+ - [`montgomeryadd`](doc/elliptic_curves/baby_jubjub/montgomery/montgomeryadd)
+ - [`montgomerydouble`](doc/elliptic_curves/baby_jubjub/montgomery/montgomerydouble)
+- [`montgomery2edwards`](doc/elliptic_curves/baby_jubjub/montgomery2edwards)
+- [`point2bits`](doc/elliptic_curves/baby_jubjub/point2bits)
+
+## Background on Baby Jubjub
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery2edwards/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery2edwards/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery2edwards/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/point2bits/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/point2bits/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/point2bits/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/point2bits/pointbits.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/point2bits/pointbits.circom
new file mode 100644
index 00000000..9084a8ec
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/point2bits/pointbits.circom
@@ -0,0 +1,163 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "bitify.circom";
+include "aliascheck.circom";
+include "compconstant.circom";
+include "babyjub.circom";
+
+
+function sqrt(n) {
+
+ if (n == 0) {
+ return 0;
+ }
+
+ // Test that have solution
+ var res = n ** ((-1) >> 1);
+// if (res!=1) assert(false, "SQRT does not exists");
+ if (res!=1) return 0;
+
+ var m = 28;
+ var c = 19103219067921713944291392827692070036145651957329286315305642004821462161904;
+ var t = n ** 81540058820840996586704275553141814055101440848469862132140264610111;
+ var r = n ** ((81540058820840996586704275553141814055101440848469862132140264610111+1)>>1);
+ var sq;
+ var i;
+ var b;
+ var j;
+
+ while ((r != 0)&&(t != 1)) {
+ sq = t*t;
+ i = 1;
+ while (sq!=1) {
+ i++;
+ sq = sq*sq;
+ }
+
+ // b = c ^ m-i-1
+ b = c;
+ for (j=0; j< m-i-1; j ++) b = b*b;
+
+ m = i;
+ c = b*b;
+ t = t*c;
+ r = r*b;
+ }
+
+ if (r < 0 ) {
+ r = -r;
+ }
+
+ return r;
+}
+
+
+template Bits2Point() {
+ signal input in[256];
+ signal output out[2];
+}
+
+template Bits2Point_Strict() {
+ signal input in[256];
+ signal output out[2];
+
+ var i;
+
+ // Check aliasing
+ component aliasCheckY = AliasCheck();
+ for (i=0; i<254; i++) {
+ aliasCheckY.in[i] <== in[i];
+ }
+ in[254] === 0;
+
+ component b2nY = Bits2Num(254);
+ for (i=0; i<254; i++) {
+ b2nY.in[i] <== in[i];
+ }
+
+ out[1] <== b2nY.out;
+
+ var a = 168700;
+ var d = 168696;
+
+ var y2 = out[1] * out[1];
+
+ var x = sqrt( (1-y2)/(a - d*y2) );
+
+ if (in[255] == 1) x = -x;
+
+ out[0] <-- x;
+
+ component babyCheck = BabyCheck();
+ babyCheck.x <== out[0];
+ babyCheck.y <== out[1];
+
+ component n2bX = Num2Bits(254);
+ n2bX.in <== out[0];
+ component aliasCheckX = AliasCheck();
+ for (i=0; i<254; i++) {
+ aliasCheckX.in[i] <== n2bX.out[i];
+ }
+
+ component signCalc = CompConstant(10944121435919637611123202872628637544274182200208017171849102093287904247808);
+ for (i=0; i<254; i++) {
+ signCalc.in[i] <== n2bX.out[i];
+ }
+
+ signCalc.out === in[255];
+}
+
+
+template Point2Bits() {
+ signal input in[2];
+ signal output out[256];
+
+
+}
+
+template Point2Bits_Strict() {
+ signal input in[2];
+ signal output out[256];
+
+ var i;
+
+ component n2bX = Num2Bits(254);
+ n2bX.in <== in[0];
+ component n2bY = Num2Bits(254);
+ n2bY.in <== in[1];
+
+ component aliasCheckX = AliasCheck();
+ component aliasCheckY = AliasCheck();
+ for (i=0; i<254; i++) {
+ aliasCheckX.in[i] <== n2bX.out[i];
+ aliasCheckY.in[i] <== n2bY.out[i];
+ }
+
+ component signCalc = CompConstant(10944121435919637611123202872628637544274182200208017171849102093287904247808);
+ for (i=0; i<254; i++) {
+ signCalc.in[i] <== n2bX.out[i];
+ }
+
+ for (i=0; i<254; i++) {
+ out[i] <== n2bY.out[i];
+ }
+ out[254] <== 0;
+ out[255] <== signCalc.out;
+}
diff --git a/circuits/cryptography/hash_functions/README.md b/circuits/cryptography/hash_functions/README.md
new file mode 100644
index 00000000..65d40657
--- /dev/null
+++ b/circuits/cryptography/hash_functions/README.md
@@ -0,0 +1,20 @@
+# `hash_functions`
+
+This folder contains templates to compute hash functions in a circtom circuit.
+
+## Structure of the Folder
+
+- [`mimc`](doc/cryptography/hash_functions/mimc)
+ - [`mimc7`](doc/cryptography/hash_functions/mimc/mimc7)
+ - [`mimcfeistel`](doc/cryptography/hash_functions/mimc/mimcfeistel)
+ - [`mimcsponge`](doc/cryptography/hash_functions/mimc/mimcsponge)
+ - [`multimimc7`](doc/cryptography/hash_functions/mimc/multimimc7)
+- [`pedersen`](doc/cryptography/hash_functions/pedersen)
+ - [`segment`](doc/cryptography/hash_functions/pedersen/segment)
+ - [`window3`](doc/cryptography/hash_functions/pedersen/window3)
+ - [`window4`](doc/cryptography/hash_functions/pedersen/window4)
+- [`poseidon`](doc/cryptography/hash_functions/poseidon)
+- [`sha256`](doc/cryptography/hash_functions/sha256)
+
+## Background on Hash Functions
+
diff --git a/circuits/cryptography/hash_functions/mimc/README.md b/circuits/cryptography/hash_functions/mimc/README.md
new file mode 100644
index 00000000..e69de29b
diff --git a/circuits/cryptography/hash_functions/mimc/mimc7/README.md b/circuits/cryptography/hash_functions/mimc/mimc7/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/hash_functions/mimc/mimc7/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/hash_functions/mimc/mimc7/mimc.circom b/circuits/cryptography/hash_functions/mimc/mimc7/mimc.circom
new file mode 100644
index 00000000..99fa1857
--- /dev/null
+++ b/circuits/cryptography/hash_functions/mimc/mimc7/mimc.circom
@@ -0,0 +1,155 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template MiMC7(nrounds) {
+ signal input x_in;
+ signal input k;
+ signal output out;
+
+ var c[91] = [
+ 0,
+ 20888961410941983456478427210666206549300505294776164667214940546594746570981,
+ 15265126113435022738560151911929040668591755459209400716467504685752745317193,
+ 8334177627492981984476504167502758309043212251641796197711684499645635709656,
+ 1374324219480165500871639364801692115397519265181803854177629327624133579404,
+ 11442588683664344394633565859260176446561886575962616332903193988751292992472,
+ 2558901189096558760448896669327086721003508630712968559048179091037845349145,
+ 11189978595292752354820141775598510151189959177917284797737745690127318076389,
+ 3262966573163560839685415914157855077211340576201936620532175028036746741754,
+ 17029914891543225301403832095880481731551830725367286980611178737703889171730,
+ 4614037031668406927330683909387957156531244689520944789503628527855167665518,
+ 19647356996769918391113967168615123299113119185942498194367262335168397100658,
+ 5040699236106090655289931820723926657076483236860546282406111821875672148900,
+ 2632385916954580941368956176626336146806721642583847728103570779270161510514,
+ 17691411851977575435597871505860208507285462834710151833948561098560743654671,
+ 11482807709115676646560379017491661435505951727793345550942389701970904563183,
+ 8360838254132998143349158726141014535383109403565779450210746881879715734773,
+ 12663821244032248511491386323242575231591777785787269938928497649288048289525,
+ 3067001377342968891237590775929219083706800062321980129409398033259904188058,
+ 8536471869378957766675292398190944925664113548202769136103887479787957959589,
+ 19825444354178182240559170937204690272111734703605805530888940813160705385792,
+ 16703465144013840124940690347975638755097486902749048533167980887413919317592,
+ 13061236261277650370863439564453267964462486225679643020432589226741411380501,
+ 10864774797625152707517901967943775867717907803542223029967000416969007792571,
+ 10035653564014594269791753415727486340557376923045841607746250017541686319774,
+ 3446968588058668564420958894889124905706353937375068998436129414772610003289,
+ 4653317306466493184743870159523234588955994456998076243468148492375236846006,
+ 8486711143589723036499933521576871883500223198263343024003617825616410932026,
+ 250710584458582618659378487568129931785810765264752039738223488321597070280,
+ 2104159799604932521291371026105311735948154964200596636974609406977292675173,
+ 16313562605837709339799839901240652934758303521543693857533755376563489378839,
+ 6032365105133504724925793806318578936233045029919447519826248813478479197288,
+ 14025118133847866722315446277964222215118620050302054655768867040006542798474,
+ 7400123822125662712777833064081316757896757785777291653271747396958201309118,
+ 1744432620323851751204287974553233986555641872755053103823939564833813704825,
+ 8316378125659383262515151597439205374263247719876250938893842106722210729522,
+ 6739722627047123650704294650168547689199576889424317598327664349670094847386,
+ 21211457866117465531949733809706514799713333930924902519246949506964470524162,
+ 13718112532745211817410303291774369209520657938741992779396229864894885156527,
+ 5264534817993325015357427094323255342713527811596856940387954546330728068658,
+ 18884137497114307927425084003812022333609937761793387700010402412840002189451,
+ 5148596049900083984813839872929010525572543381981952060869301611018636120248,
+ 19799686398774806587970184652860783461860993790013219899147141137827718662674,
+ 19240878651604412704364448729659032944342952609050243268894572835672205984837,
+ 10546185249390392695582524554167530669949955276893453512788278945742408153192,
+ 5507959600969845538113649209272736011390582494851145043668969080335346810411,
+ 18177751737739153338153217698774510185696788019377850245260475034576050820091,
+ 19603444733183990109492724100282114612026332366576932662794133334264283907557,
+ 10548274686824425401349248282213580046351514091431715597441736281987273193140,
+ 1823201861560942974198127384034483127920205835821334101215923769688644479957,
+ 11867589662193422187545516240823411225342068709600734253659804646934346124945,
+ 18718569356736340558616379408444812528964066420519677106145092918482774343613,
+ 10530777752259630125564678480897857853807637120039176813174150229243735996839,
+ 20486583726592018813337145844457018474256372770211860618687961310422228379031,
+ 12690713110714036569415168795200156516217175005650145422920562694422306200486,
+ 17386427286863519095301372413760745749282643730629659997153085139065756667205,
+ 2216432659854733047132347621569505613620980842043977268828076165669557467682,
+ 6309765381643925252238633914530877025934201680691496500372265330505506717193,
+ 20806323192073945401862788605803131761175139076694468214027227878952047793390,
+ 4037040458505567977365391535756875199663510397600316887746139396052445718861,
+ 19948974083684238245321361840704327952464170097132407924861169241740046562673,
+ 845322671528508199439318170916419179535949348988022948153107378280175750024,
+ 16222384601744433420585982239113457177459602187868460608565289920306145389382,
+ 10232118865851112229330353999139005145127746617219324244541194256766741433339,
+ 6699067738555349409504843460654299019000594109597429103342076743347235369120,
+ 6220784880752427143725783746407285094967584864656399181815603544365010379208,
+ 6129250029437675212264306655559561251995722990149771051304736001195288083309,
+ 10773245783118750721454994239248013870822765715268323522295722350908043393604,
+ 4490242021765793917495398271905043433053432245571325177153467194570741607167,
+ 19596995117319480189066041930051006586888908165330319666010398892494684778526,
+ 837850695495734270707668553360118467905109360511302468085569220634750561083,
+ 11803922811376367215191737026157445294481406304781326649717082177394185903907,
+ 10201298324909697255105265958780781450978049256931478989759448189112393506592,
+ 13564695482314888817576351063608519127702411536552857463682060761575100923924,
+ 9262808208636973454201420823766139682381973240743541030659775288508921362724,
+ 173271062536305557219323722062711383294158572562695717740068656098441040230,
+ 18120430890549410286417591505529104700901943324772175772035648111937818237369,
+ 20484495168135072493552514219686101965206843697794133766912991150184337935627,
+ 19155651295705203459475805213866664350848604323501251939850063308319753686505,
+ 11971299749478202793661982361798418342615500543489781306376058267926437157297,
+ 18285310723116790056148596536349375622245669010373674803854111592441823052978,
+ 7069216248902547653615508023941692395371990416048967468982099270925308100727,
+ 6465151453746412132599596984628739550147379072443683076388208843341824127379,
+ 16143532858389170960690347742477978826830511669766530042104134302796355145785,
+ 19362583304414853660976404410208489566967618125972377176980367224623492419647,
+ 1702213613534733786921602839210290505213503664731919006932367875629005980493,
+ 10781825404476535814285389902565833897646945212027592373510689209734812292327,
+ 4212716923652881254737947578600828255798948993302968210248673545442808456151,
+ 7594017890037021425366623750593200398174488805473151513558919864633711506220,
+ 18979889247746272055963929241596362599320706910852082477600815822482192194401,
+ 13602139229813231349386885113156901793661719180900395818909719758150455500533
+ ];
+
+ var t;
+ signal t2[nrounds];
+ signal t4[nrounds];
+ signal t6[nrounds];
+ signal t7[nrounds-1];
+
+ for (var i=0; i<nrounds; i++) {
+ t = (i==0) ? k+x_in : k + t7[i-1] + c[i];
+ t2[i] <== t*t;
+ t4[i] <== t2[i]*t2[i];
+ t6[i] <== t4[i]*t2[i];
+ if (i<nrounds-1) {
+ t7[i] <== t6[i]*t;
+ } else {
+ out <== t6[i]*t + k;
+ }
+ }
+}
+
+template MultiMiMC7(nInputs, nRounds) {
+ signal input in[nInputs];
+ signal input k;
+ signal output out;
+ signal r[nInputs +1];
+
+ component mims[nInputs];
+
+ r[0] <== k;
+ for (var i=0; i<nInputs; i++) {
+ mims[i] = MiMC7(nRounds);
+ mims[i].x_in <== in[i];
+ mims[i].k <== r[i];
+ r[i+1] <== r[i] + in[i] + mims[i].out;
+ }
+
+ out <== r[nInputs];
+}
diff --git a/circuits/cryptography/hash_functions/mimc/mimc7/mimc_test.circom b/circuits/cryptography/hash_functions/mimc/mimc7/mimc_test.circom
new file mode 100644
index 00000000..26b0b017
--- /dev/null
+++ b/circuits/cryptography/hash_functions/mimc/mimc7/mimc_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/mimc.circom"
+
+component main = MiMC7(91);
diff --git a/circuits/cryptography/hash_functions/mimc/mimc7/mimccircuit.test.js b/circuits/cryptography/hash_functions/mimc/mimc7/mimccircuit.test.js
new file mode 100644
index 00000000..5601811b
--- /dev/null
+++ b/circuits/cryptography/hash_functions/mimc/mimc7/mimccircuit.test.js
@@ -0,0 +1,25 @@
+const chai = require("chai");
+const path = require("path");
+const tester = require("circom").tester;
+
+const mimcjs = require("../src/mimc7.js");
+
+describe("MiMC Circuit test", function () {
+ let circuit;
+
+ this.timeout(100000);
+
+ before( async () => {
+ circuit = await tester(path.join(__dirname, "circuits", "mimc_test.circom"));
+ });
+
+ it("Should check constrain", async () => {
+ const w = await circuit.calculateWitness({x_in: 1, k: 2}, true);
+
+ const res2 = mimcjs.hash(1,2,91);
+
+ await circuit.assertOut(w, {out: res2});
+
+ await circuit.checkConstraints(w);
+ });
+});
diff --git a/circuits/cryptography/hash_functions/mimc/mimc7/mimccontract.test.js b/circuits/cryptography/hash_functions/mimc/mimc7/mimccontract.test.js
new file mode 100644
index 00000000..9c135d5b
--- /dev/null
+++ b/circuits/cryptography/hash_functions/mimc/mimc7/mimccontract.test.js
@@ -0,0 +1,48 @@
+const ganache = require("ganache-cli");
+const Web3 = require("web3");
+const chai = require("chai");
+const mimcGenContract = require("../src/mimc_gencontract.js");
+const mimcjs = require("../src/mimc7.js");
+
+
+const assert = chai.assert;
+const log = (msg) => { if (process.env.MOCHA_VERBOSE) console.log(msg); };
+
+const SEED = "mimc";
+
+describe("MiMC Smart contract test", function () {
+ let testrpc;
+ let web3;
+ let mimc;
+ let accounts;
+
+ this.timeout(100000);
+
+ before(async () => {
+ web3 = new Web3(ganache.provider(), null, { transactionConfirmationBlocks: 1 });
+ accounts = await web3.eth.getAccounts();
+ });
+
+ it("Should deploy the contract", async () => {
+ const C = new web3.eth.Contract(mimcGenContract.abi);
+
+ mimc = await C.deploy({
+ data: mimcGenContract.createCode(SEED, 91),
+ arguments: []
+ }).send({
+ gas: 1500000,
+ gasPrice: '30000000000000',
+ from: accounts[0]
+ }).on("error", (error) => {
+ console.log("ERROR: "+error);
+ });
+ });
+
+ it("Shold calculate the mimic correctly", async () => {
+ const res = await mimc.methods.MiMCpe7(1,2).call();
+ const res2 = await mimcjs.hash(1,2,91);
+
+ assert.equal(res.toString(), res2.toString());
+ });
+});
+
diff --git a/circuits/cryptography/hash_functions/mimc/mimcfeistel/README.md b/circuits/cryptography/hash_functions/mimc/mimcfeistel/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/hash_functions/mimc/mimcfeistel/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/hash_functions/mimc/mimcsponge/README.md b/circuits/cryptography/hash_functions/mimc/mimcsponge/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/hash_functions/mimc/mimcsponge/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/hash_functions/mimc/mimcsponge/mimc_sponge_hash_test.circom b/circuits/cryptography/hash_functions/mimc/mimcsponge/mimc_sponge_hash_test.circom
new file mode 100644
index 00000000..f6be5026
--- /dev/null
+++ b/circuits/cryptography/hash_functions/mimc/mimcsponge/mimc_sponge_hash_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/mimcsponge.circom"
+
+component main = MiMCSponge(2, 220, 3);
diff --git a/circuits/cryptography/hash_functions/mimc/mimcsponge/mimc_sponge_test.circom b/circuits/cryptography/hash_functions/mimc/mimcsponge/mimc_sponge_test.circom
new file mode 100644
index 00000000..92e9df28
--- /dev/null
+++ b/circuits/cryptography/hash_functions/mimc/mimcsponge/mimc_sponge_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/mimcsponge.circom"
+
+component main = MiMCFeistel(220);
diff --git a/circuits/cryptography/hash_functions/mimc/mimcsponge/mimcsponge.circom b/circuits/cryptography/hash_functions/mimc/mimcsponge/mimcsponge.circom
new file mode 100644
index 00000000..14ba3996
--- /dev/null
+++ b/circuits/cryptography/hash_functions/mimc/mimcsponge/mimcsponge.circom
@@ -0,0 +1,290 @@
+// implements MiMC-2n/n as hash using a sponge construction.
+// log_5(21888242871839275222246405745257275088548364400416034343698204186575808495617) ~= 110
+// => nRounds should be 220
+template MiMCSponge(nInputs, nRounds, nOutputs) {
+ signal input ins[nInputs];
+ signal input k;
+ signal output outs[nOutputs];
+
+ var i;
+
+ // S = R||C
+ component S[nInputs + nOutputs - 1];
+
+ for (i = 0; i < nInputs; i++) {
+ S[i] = MiMCFeistel(nRounds);
+ S[i].k <== k;
+ if (i == 0) {
+ S[i].xL_in <== ins[0];
+ S[i].xR_in <== 0;
+ } else {
+ S[i].xL_in <== S[i-1].xL_out + ins[i];
+ S[i].xR_in <== S[i-1].xR_out;
+ }
+ }
+
+ outs[0] <== S[nInputs - 1].xL_out;
+
+ for (i = 0; i < nOutputs - 1; i++) {
+ S[nInputs + i] = MiMCFeistel(nRounds);
+ S[nInputs + i].k <== k;
+ S[nInputs + i].xL_in <== S[nInputs + i - 1].xL_out;
+ S[nInputs + i].xR_in <== S[nInputs + i - 1].xR_out;
+ outs[i + 1] <== S[nInputs + i].xL_out;
+ }
+}
+
+template MiMCFeistel(nrounds) {
+ signal input xL_in;
+ signal input xR_in;
+ signal input k;
+ signal output xL_out;
+ signal output xR_out;
+
+ // doesn't contain the first and last round constants, which are always zero
+ var c_partial[218] = [
+ 7120861356467848435263064379192047478074060781135320967663101236819528304084,
+ 5024705281721889198577876690145313457398658950011302225525409148828000436681,
+ 17980351014018068290387269214713820287804403312720763401943303895585469787384,
+ 19886576439381707240399940949310933992335779767309383709787331470398675714258,
+ 1213715278223786725806155661738676903520350859678319590331207960381534602599,
+ 18162138253399958831050545255414688239130588254891200470934232514682584734511,
+ 7667462281466170157858259197976388676420847047604921256361474169980037581876,
+ 7207551498477838452286210989212982851118089401128156132319807392460388436957,
+ 9864183311657946807255900203841777810810224615118629957816193727554621093838,
+ 4798196928559910300796064665904583125427459076060519468052008159779219347957,
+ 17387238494588145257484818061490088963673275521250153686214197573695921400950,
+ 10005334761930299057035055370088813230849810566234116771751925093634136574742,
+ 11897542014760736209670863723231849628230383119798486487899539017466261308762,
+ 16771780563523793011283273687253985566177232886900511371656074413362142152543,
+ 749264854018824809464168489785113337925400687349357088413132714480582918506,
+ 3683645737503705042628598550438395339383572464204988015434959428676652575331,
+ 7556750851783822914673316211129907782679509728346361368978891584375551186255,
+ 20391289379084797414557439284689954098721219201171527383291525676334308303023,
+ 18146517657445423462330854383025300323335289319277199154920964274562014376193,
+ 8080173465267536232534446836148661251987053305394647905212781979099916615292,
+ 10796443006899450245502071131975731672911747129805343722228413358507805531141,
+ 5404287610364961067658660283245291234008692303120470305032076412056764726509,
+ 4623894483395123520243967718315330178025957095502546813929290333264120223168,
+ 16845753148201777192406958674202574751725237939980634861948953189320362207797,
+ 4622170486584704769521001011395820886029808520586507873417553166762370293671,
+ 16688277490485052681847773549197928630624828392248424077804829676011512392564,
+ 11878652861183667748838188993669912629573713271883125458838494308957689090959,
+ 2436445725746972287496138382764643208791713986676129260589667864467010129482,
+ 1888098689545151571063267806606510032698677328923740058080630641742325067877,
+ 148924106504065664829055598316821983869409581623245780505601526786791681102,
+ 18875020877782404439294079398043479420415331640996249745272087358069018086569,
+ 15189693413320228845990326214136820307649565437237093707846682797649429515840,
+ 19669450123472657781282985229369348220906547335081730205028099210442632534079,
+ 5521922218264623411380547905210139511350706092570900075727555783240701821773,
+ 4144769320246558352780591737261172907511489963810975650573703217887429086546,
+ 10097732913112662248360143041019433907849917041759137293018029019134392559350,
+ 1720059427972723034107765345743336447947522473310069975142483982753181038321,
+ 6302388219880227251325608388535181451187131054211388356563634768253301290116,
+ 6745410632962119604799318394592010194450845483518862700079921360015766217097,
+ 10858157235265583624235850660462324469799552996870780238992046963007491306222,
+ 20241898894740093733047052816576694435372877719072347814065227797906130857593,
+ 10165780782761211520836029617746977303303335603838343292431760011576528327409,
+ 2832093654883670345969792724123161241696170611611744759675180839473215203706,
+ 153011722355526826233082383360057587249818749719433916258246100068258954737,
+ 20196970640587451358539129330170636295243141659030208529338914906436009086943,
+ 3180973917010545328313139835982464870638521890385603025657430208141494469656,
+ 17198004293191777441573635123110935015228014028618868252989374962722329283022,
+ 7642160509228669138628515458941659189680509753651629476399516332224325757132,
+ 19346204940546791021518535594447257347218878114049998691060016493806845179755,
+ 11501810868606870391127866188394535330696206817602260610801897042898616817272,
+ 3113973447392053821824427670386252797811804954746053461397972968381571297505,
+ 6545064306297957002139416752334741502722251869537551068239642131448768236585,
+ 5203908808704813498389265425172875593837960384349653691918590736979872578408,
+ 2246692432011290582160062129070762007374502637007107318105405626910313810224,
+ 11760570435432189127645691249600821064883781677693087773459065574359292849137,
+ 5543749482491340532547407723464609328207990784853381797689466144924198391839,
+ 8837549193990558762776520822018694066937602576881497343584903902880277769302,
+ 12855514863299373699594410385788943772765811961581749194183533625311486462501,
+ 5363660674689121676875069134269386492382220935599781121306637800261912519729,
+ 13162342403579303950549728848130828093497701266240457479693991108217307949435,
+ 916941639326869583414469202910306428966657806899788970948781207501251816730,
+ 15618589556584434434009868216186115416835494805174158488636000580759692174228,
+ 8959562060028569701043973060670353733575345393653685776974948916988033453971,
+ 16390754464333401712265575949874369157699293840516802426621216808905079127650,
+ 168282396747788514908709091757591226095443902501365500003618183905496160435,
+ 8327443473179334761744301768309008451162322941906921742120510244986704677004,
+ 17213012626801210615058753489149961717422101711567228037597150941152495100640,
+ 10394369641533736715250242399198097296122982486516256408681925424076248952280,
+ 17784386835392322654196171115293700800825771210400152504776806618892170162248,
+ 16533189939837087893364000390641148516479148564190420358849587959161226782982,
+ 18725396114211370207078434315900726338547621160475533496863298091023511945076,
+ 7132325028834551397904855671244375895110341505383911719294705267624034122405,
+ 148317947440800089795933930720822493695520852448386394775371401743494965187,
+ 19001050671757720352890779127693793630251266879994702723636759889378387053056,
+ 18824274411769830274877839365728651108434404855803844568234862945613766611460,
+ 12771414330193951156383998390424063470766226667986423961689712557338777174205,
+ 11332046574800279729678603488745295198038913503395629790213378101166488244657,
+ 9607550223176946388146938069307456967842408600269548190739947540821716354749,
+ 8756385288462344550200229174435953103162307705310807828651304665320046782583,
+ 176061952957067086877570020242717222844908281373122372938833890096257042779,
+ 12200212977482648306758992405065921724409841940671166017620928947866825250857,
+ 10868453624107875516866146499877130701929063632959660262366632833504750028858,
+ 2016095394399807253596787752134573207202567875457560571095586743878953450738,
+ 21815578223768330433802113452339488275704145896544481092014911825656390567514,
+ 4923772847693564777744725640710197015181591950368494148029046443433103381621,
+ 1813584943682214789802230765734821149202472893379265320098816901270224589984,
+ 10810123816265612772922113403831964815724109728287572256602010709288980656498,
+ 1153669123397255702524721206511185557982017410156956216465120456256288427021,
+ 5007518659266430200134478928344522649876467369278722765097865662497773767152,
+ 2511432546938591792036639990606464315121646668029252285288323664350666551637,
+ 32883284540320451295484135704808083452381176816565850047310272290579727564,
+ 10484856914279112612610993418405543310546746652738541161791501150994088679557,
+ 2026733759645519472558796412979210009170379159866522399881566309631434814953,
+ 14731806221235869882801331463708736361296174006732553130708107037190460654379,
+ 14740327483193277147065845135561988641238516852487657117813536909482068950652,
+ 18787428285295558781869865751953016580493190547148386433580291216673009884554,
+ 3804047064713122820157099453648459188816376755739202017447862327783289895072,
+ 16709604795697901641948603019242067672006293290826991671766611326262532802914,
+ 11061717085931490100602849654034280576915102867237101935487893025907907250695,
+ 2821730726367472966906149684046356272806484545281639696873240305052362149654,
+ 17467794879902895769410571945152708684493991588672014763135370927880883292655,
+ 1571520786233540988201616650622796363168031165456869481368085474420849243232,
+ 10041051776251223165849354194892664881051125330236567356945669006147134614302,
+ 3981753758468103976812813304477670033098707002886030847251581853700311567551,
+ 4365864398105436789177703571412645548020537580493599380018290523813331678900,
+ 2391801327305361293476178683853802679507598622000359948432171562543560193350,
+ 214219368547551689972421167733597094823289857206402800635962137077096090722,
+ 18192064100315141084242006659317257023098826945893371479835220462302399655674,
+ 15487549757142039139328911515400805508248576685795694919457041092150651939253,
+ 10142447197759703415402259672441315777933858467700579946665223821199077641122,
+ 11246573086260753259993971254725613211193686683988426513880826148090811891866,
+ 6574066859860991369704567902211886840188702386542112593710271426704432301235,
+ 11311085442652291634822798307831431035776248927202286895207125867542470350078,
+ 20977948360215259915441258687649465618185769343138135384346964466965010873779,
+ 792781492853909872425531014397300057232399608769451037135936617996830018501,
+ 5027602491523497423798779154966735896562099398367163998686335127580757861872,
+ 14595204575654316237672764823862241845410365278802914304953002937313300553572,
+ 13973538843621261113924259058427434053808430378163734641175100160836376897004,
+ 16395063164993626722686882727042150241125309409717445381854913964674649318585,
+ 8465768840047024550750516678171433288207841931251654898809033371655109266663,
+ 21345603324471810861925019445720576814602636473739003852898308205213912255830,
+ 21171984405852590343970239018692870799717057961108910523876770029017785940991,
+ 10761027113757988230637066281488532903174559953630210849190212601991063767647,
+ 6678298831065390834922566306988418588227382406175769592902974103663687992230,
+ 4993662582188632374202316265508850988596880036291765531885657575099537176757,
+ 18364168158495573675698600238443218434246806358811328083953887470513967121206,
+ 3506345610354615013737144848471391553141006285964325596214723571988011984829,
+ 248732676202643792226973868626360612151424823368345645514532870586234380100,
+ 10090204501612803176317709245679152331057882187411777688746797044706063410969,
+ 21297149835078365363970699581821844234354988617890041296044775371855432973500,
+ 16729368143229828574342820060716366330476985824952922184463387490091156065099,
+ 4467191506765339364971058668792642195242197133011672559453028147641428433293,
+ 8677548159358013363291014307402600830078662555833653517843708051504582990832,
+ 1022951765127126818581466247360193856197472064872288389992480993218645055345,
+ 1888195070251580606973417065636430294417895423429240431595054184472931224452,
+ 4221265384902749246920810956363310125115516771964522748896154428740238579824,
+ 2825393571154632139467378429077438870179957021959813965940638905853993971879,
+ 19171031072692942278056619599721228021635671304612437350119663236604712493093,
+ 10780807212297131186617505517708903709488273075252405602261683478333331220733,
+ 18230936781133176044598070768084230333433368654744509969087239465125979720995,
+ 16901065971871379877929280081392692752968612240624985552337779093292740763381,
+ 146494141603558321291767829522948454429758543710648402457451799015963102253,
+ 2492729278659146790410698334997955258248120870028541691998279257260289595548,
+ 2204224910006646535594933495262085193210692406133533679934843341237521233504,
+ 16062117410185840274616925297332331018523844434907012275592638570193234893570,
+ 5894928453677122829055071981254202951712129328678534592916926069506935491729,
+ 4947482739415078212217504789923078546034438919537985740403824517728200332286,
+ 16143265650645676880461646123844627780378251900510645261875867423498913438066,
+ 397690828254561723549349897112473766901585444153303054845160673059519614409,
+ 11272653598912269895509621181205395118899451234151664604248382803490621227687,
+ 15566927854306879444693061574322104423426072650522411176731130806720753591030,
+ 14222898219492484180162096141564251903058269177856173968147960855133048449557,
+ 16690275395485630428127725067513114066329712673106153451801968992299636791385,
+ 3667030990325966886479548860429670833692690972701471494757671819017808678584,
+ 21280039024501430842616328642522421302481259067470872421086939673482530783142,
+ 15895485136902450169492923978042129726601461603404514670348703312850236146328,
+ 7733050956302327984762132317027414325566202380840692458138724610131603812560,
+ 438123800976401478772659663183448617575635636575786782566035096946820525816,
+ 814913922521637742587885320797606426167962526342166512693085292151314976633,
+ 12368712287081330853637674140264759478736012797026621876924395982504369598764,
+ 2494806857395134874309386694756263421445039103814920780777601708371037591569,
+ 16101132301514338989512946061786320637179843435886825102406248183507106312877,
+ 6252650284989960032925831409804233477770646333900692286731621844532438095656,
+ 9277135875276787021836189566799935097400042171346561246305113339462708861695,
+ 10493603554686607050979497281838644324893776154179810893893660722522945589063,
+ 8673089750662709235894359384294076697329948991010184356091130382437645649279,
+ 9558393272910366944245875920138649617479779893610128634419086981339060613250,
+ 19012287860122586147374214541764572282814469237161122489573881644994964647218,
+ 9783723818270121678386992630754842961728702994964214799008457449989291229500,
+ 15550788416669474113213749561488122552422887538676036667630838378023479382689,
+ 15016165746156232864069722572047169071786333815661109750860165034341572904221,
+ 6506225705710197163670556961299945987488979904603689017479840649664564978574,
+ 10796631184889302076168355684722130903785890709107732067446714470783437829037,
+ 19871836214837460419845806980869387567383718044439891735114283113359312279540,
+ 20871081766843466343749609089986071784031203517506781251203251608363835140622,
+ 5100105771517691442278432864090229416166996183792075307747582375962855820797,
+ 8777887112076272395250620301071581171386440850451972412060638225741125310886,
+ 5300440870136391278944213332144327695659161151625757537632832724102670898756,
+ 1205448543652932944633962232545707633928124666868453915721030884663332604536,
+ 5542499997310181530432302492142574333860449305424174466698068685590909336771,
+ 11028094245762332275225364962905938096659249161369092798505554939952525894293,
+ 19187314764836593118404597958543112407224947638377479622725713735224279297009,
+ 17047263688548829001253658727764731047114098556534482052135734487985276987385,
+ 19914849528178967155534624144358541535306360577227460456855821557421213606310,
+ 2929658084700714257515872921366736697080475676508114973627124569375444665664,
+ 15092262360719700162343163278648422751610766427236295023221516498310468956361,
+ 21578580340755653236050830649990190843552802306886938815497471545814130084980,
+ 1258781501221760320019859066036073675029057285507345332959539295621677296991,
+ 3819598418157732134449049289585680301176983019643974929528867686268702720163,
+ 8653175945487997845203439345797943132543211416447757110963967501177317426221,
+ 6614652990340435611114076169697104582524566019034036680161902142028967568142,
+ 19212515502973904821995111796203064175854996071497099383090983975618035391558,
+ 18664315914479294273286016871365663486061896605232511201418576829062292269769,
+ 11498264615058604317482574216318586415670903094838791165247179252175768794889,
+ 10814026414212439999107945133852431304483604215416531759535467355316227331774,
+ 17566185590731088197064706533119299946752127014428399631467913813769853431107,
+ 14016139747289624978792446847000951708158212463304817001882956166752906714332,
+ 8242601581342441750402731523736202888792436665415852106196418942315563860366,
+ 9244680976345080074252591214216060854998619670381671198295645618515047080988,
+ 12216779172735125538689875667307129262237123728082657485828359100719208190116,
+ 10702811721859145441471328511968332847175733707711670171718794132331147396634,
+ 6479667912792222539919362076122453947926362746906450079329453150607427372979,
+ 15117544653571553820496948522381772148324367479772362833334593000535648316185,
+ 6842203153996907264167856337497139692895299874139131328642472698663046726780,
+ 12732823292801537626009139514048596316076834307941224506504666470961250728055,
+ 6936272626871035740815028148058841877090860312517423346335878088297448888663,
+ 17297554111853491139852678417579991271009602631577069694853813331124433680030,
+ 16641596134749940573104316021365063031319260205559553673368334842484345864859,
+ 7400481189785154329569470986896455371037813715804007747228648863919991399081,
+ 2273205422216987330510475127669563545720586464429614439716564154166712854048,
+ 15162538063742142685306302282127534305212832649282186184583465569986719234456,
+ 5628039096440332922248578319648483863204530861778160259559031331287721255522,
+ 16085392195894691829567913404182676871326863890140775376809129785155092531260,
+ 14227467863135365427954093998621993651369686288941275436795622973781503444257,
+ 18224457394066545825553407391290108485121649197258948320896164404518684305122,
+ 274945154732293792784580363548970818611304339008964723447672490026510689427,
+ 11050822248291117548220126630860474473945266276626263036056336623671308219529,
+ 2119542016932434047340813757208803962484943912710204325088879681995922344971
+ ];
+
+ var t;
+ signal t2[nrounds];
+ signal t4[nrounds];
+ signal xL[nrounds-1];
+ signal xR[nrounds-1];
+
+ var c;
+ for (var i=0; i<nrounds; i++) {
+ if ((i == 0) || (i == nrounds - 1)) {
+ c = 0;
+ } else {
+ c = c_partial[i - 1];
+ }
+ t = (i==0) ? k+xL_in : k + xL[i-1] + c;
+ t2[i] <== t*t;
+ t4[i] <== t2[i]*t2[i];
+ if (i<nrounds-1) {
+ xL[i] <== ((i==0) ? xR_in : xR[i-1]) + t4[i]*t;
+ xR[i] <== (i==0) ? xL_in : xL[i-1];
+ } else {
+ xR_out <== xR[i-1] + t4[i]*t;
+ xL_out <== xL[i-1];
+ }
+ }
+}
diff --git a/circuits/cryptography/hash_functions/mimc/mimcsponge/mimcspongecircuit.test.js b/circuits/cryptography/hash_functions/mimc/mimcsponge/mimcspongecircuit.test.js
new file mode 100644
index 00000000..32055340
--- /dev/null
+++ b/circuits/cryptography/hash_functions/mimc/mimcsponge/mimcspongecircuit.test.js
@@ -0,0 +1,37 @@
+const path = require("path");
+const tester = require("circom").tester;
+
+const mimcjs = require("../src/mimcsponge.js");
+
+
+describe("MiMC Sponge Circuit test", function () {
+ let circuit;
+
+ this.timeout(100000);
+
+ it("Should check permutation", async () => {
+
+ circuit = await tester(path.join(__dirname, "circuits", "mimc_sponge_test.circom"));
+
+ const w = await circuit.calculateWitness({xL_in: 1, xR_in: 2, k: 3});
+
+ const out2 = mimcjs.hash(1,2,3);
+
+ await circuit.assertOut(w, {xL_out: out2.xL, xR_out: out2.xR});
+
+ await circuit.checkConstraints(w);
+
+ });
+
+ it("Should check hash", async () => {
+ circuit = await tester(path.join(__dirname, "circuits", "mimc_sponge_hash_test.circom"));
+
+ const w = await circuit.calculateWitness({ins: [1, 2], k: 0});
+
+ const out2 = mimcjs.multiHash([1,2], 0, 3);
+
+ await circuit.assertOut(w, {outs: out2});
+
+ await circuit.checkConstraints(w);
+ });
+});
diff --git a/circuits/cryptography/hash_functions/mimc/mimcsponge/mimcspongecontract.test.js b/circuits/cryptography/hash_functions/mimc/mimcsponge/mimcspongecontract.test.js
new file mode 100644
index 00000000..a2e7394c
--- /dev/null
+++ b/circuits/cryptography/hash_functions/mimc/mimcsponge/mimcspongecontract.test.js
@@ -0,0 +1,43 @@
+const ganache = require("ganache-cli");
+const Web3 = require("web3");
+const chai = require("chai");
+const mimcGenContract = require("../src/mimcsponge_gencontract.js");
+const mimcjs = require("../src/mimcsponge.js");
+
+
+const assert = chai.assert;
+const log = (msg) => { if (process.env.MOCHA_VERBOSE) console.log(msg); };
+
+const SEED = "mimcsponge";
+
+describe("MiMC Sponge Smart contract test", () => {
+ let testrpc;
+ let web3;
+ let mimc;
+ let accounts;
+
+ before(async () => {
+ web3 = new Web3(ganache.provider(), null, { transactionConfirmationBlocks: 1 });
+ accounts = await web3.eth.getAccounts();
+ });
+
+ it("Should deploy the contract", async () => {
+ const C = new web3.eth.Contract(mimcGenContract.abi);
+
+ mimc = await C.deploy({
+ data: mimcGenContract.createCode(SEED, 220)
+ }).send({
+ gas: 3500000,
+ from: accounts[0]
+ });
+ });
+
+ it("Shold calculate the mimc correctly", async () => {
+ const res = await mimc.methods.MiMCSponge(1,2,3).call();
+ const res2 = await mimcjs.hash(1,2,3);
+
+ assert.equal(res.xL.toString(), res2.xL.toString());
+ assert.equal(res.xR.toString(), res2.xR.toString());
+ });
+});
+
diff --git a/circuits/cryptography/hash_functions/mimc/multimimc7/README.md b/circuits/cryptography/hash_functions/mimc/multimimc7/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/hash_functions/mimc/multimimc7/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/hash_functions/pedersen/README.md b/circuits/cryptography/hash_functions/pedersen/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/hash_functions/pedersen/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/hash_functions/pedersen/pedersen.test.js b/circuits/cryptography/hash_functions/pedersen/pedersen.test.js
new file mode 100644
index 00000000..5de92769
--- /dev/null
+++ b/circuits/cryptography/hash_functions/pedersen/pedersen.test.js
@@ -0,0 +1,77 @@
+const chai = require("chai");
+const path = require("path");
+
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+const babyJub = require("../src/babyjub.js");
+
+const PBASE =
+ [
+ [bigInt("10457101036533406547632367118273992217979173478358440826365724437999023779287"),bigInt("19824078218392094440610104313265183977899662750282163392862422243483260492317")],
+ [bigInt("2671756056509184035029146175565761955751135805354291559563293617232983272177"),bigInt("2663205510731142763556352975002641716101654201788071096152948830924149045094")],
+ [bigInt("5802099305472655231388284418920769829666717045250560929368476121199858275951"),bigInt("5980429700218124965372158798884772646841287887664001482443826541541529227896")],
+ [bigInt("7107336197374528537877327281242680114152313102022415488494307685842428166594"),bigInt("2857869773864086953506483169737724679646433914307247183624878062391496185654")],
+ [bigInt("20265828622013100949498132415626198973119240347465898028410217039057588424236"),bigInt("1160461593266035632937973507065134938065359936056410650153315956301179689506")]
+ ];
+
+describe("Double Pedersen test", function() {
+ let circuit;
+ this.timeout(100000);
+ before( async() => {
+
+ circuit = await tester(path.join(__dirname, "circuits", "pedersen_test.circom"));
+
+ });
+ it("Should pedersen at zero", async () => {
+
+ let w;
+
+ w = await circuit.calculateWitness({ in: ["0", "0"]}, true);
+
+ await circuit.assertOut(w, {out: [0,1]});
+
+ });
+ it("Should pedersen at one first generator", async () => {
+ let w;
+
+ w = await circuit.calculateWitness({ in: ["1", "0"]}, true);
+
+ await circuit.assertOut(w, {out: PBASE[0]});
+
+ });
+ it("Should pedersen at one second generator", async () => {
+ let w;
+
+ w = await circuit.calculateWitness({ in: ["0", "1"]}, true);
+
+ await circuit.assertOut(w, {out: PBASE[1]});
+
+ });
+ it("Should pedersen at mixed generators", async () => {
+ let w;
+ w = await circuit.calculateWitness({ in: ["3", "7"]}, true);
+
+ const r = babyJub.addPoint(
+ babyJub.mulPointEscalar(PBASE[0], 3),
+ babyJub.mulPointEscalar(PBASE[1], 7)
+ );
+
+ await circuit.assertOut(w, {out: r});
+
+ });
+ it("Should pedersen all ones", async () => {
+ let w;
+
+ const allOnes = bigInt("1").shiftLeft(250).minus(bigInt("1"));
+ w = await circuit.calculateWitness({ in: [allOnes, allOnes]}, true);
+
+
+ const r2 = babyJub.addPoint(
+ babyJub.mulPointEscalar(PBASE[0], allOnes),
+ babyJub.mulPointEscalar(PBASE[1], allOnes)
+ );
+
+ await circuit.assertOut(w, {out: r2});
+ });
+});
diff --git a/circuits/cryptography/hash_functions/pedersen/pedersen/pedersen.circom b/circuits/cryptography/hash_functions/pedersen/pedersen/pedersen.circom
new file mode 100644
index 00000000..245d5d8b
--- /dev/null
+++ b/circuits/cryptography/hash_functions/pedersen/pedersen/pedersen.circom
@@ -0,0 +1,255 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "montgomery.circom";
+include "mux3.circom";
+include "babyjub.circom";
+
+template Window4() {
+ signal input in[4];
+ signal input base[2];
+ signal output out[2];
+ signal output out8[2]; // Returns 8*Base (To be linked)
+
+ component mux = MultiMux3(2);
+
+ mux.s[0] <== in[0];
+ mux.s[1] <== in[1];
+ mux.s[2] <== in[2];
+
+ component dbl2 = MontgomeryDouble();
+ component adr3 = MontgomeryAdd();
+ component adr4 = MontgomeryAdd();
+ component adr5 = MontgomeryAdd();
+ component adr6 = MontgomeryAdd();
+ component adr7 = MontgomeryAdd();
+ component adr8 = MontgomeryAdd();
+
+// in[0] -> 1*BASE
+
+ mux.c[0][0] <== base[0];
+ mux.c[1][0] <== base[1];
+
+// in[1] -> 2*BASE
+ dbl2.in[0] <== base[0];
+ dbl2.in[1] <== base[1];
+ mux.c[0][1] <== dbl2.out[0];
+ mux.c[1][1] <== dbl2.out[1];
+
+// in[2] -> 3*BASE
+ adr3.in1[0] <== base[0];
+ adr3.in1[1] <== base[1];
+ adr3.in2[0] <== dbl2.out[0];
+ adr3.in2[1] <== dbl2.out[1];
+ mux.c[0][2] <== adr3.out[0];
+ mux.c[1][2] <== adr3.out[1];
+
+// in[3] -> 4*BASE
+ adr4.in1[0] <== base[0];
+ adr4.in1[1] <== base[1];
+ adr4.in2[0] <== adr3.out[0];
+ adr4.in2[1] <== adr3.out[1];
+ mux.c[0][3] <== adr4.out[0];
+ mux.c[1][3] <== adr4.out[1];
+
+// in[4] -> 5*BASE
+ adr5.in1[0] <== base[0];
+ adr5.in1[1] <== base[1];
+ adr5.in2[0] <== adr4.out[0];
+ adr5.in2[1] <== adr4.out[1];
+ mux.c[0][4] <== adr5.out[0];
+ mux.c[1][4] <== adr5.out[1];
+
+// in[5] -> 6*BASE
+ adr6.in1[0] <== base[0];
+ adr6.in1[1] <== base[1];
+ adr6.in2[0] <== adr5.out[0];
+ adr6.in2[1] <== adr5.out[1];
+ mux.c[0][5] <== adr6.out[0];
+ mux.c[1][5] <== adr6.out[1];
+
+// in[6] -> 7*BASE
+ adr7.in1[0] <== base[0];
+ adr7.in1[1] <== base[1];
+ adr7.in2[0] <== adr6.out[0];
+ adr7.in2[1] <== adr6.out[1];
+ mux.c[0][6] <== adr7.out[0];
+ mux.c[1][6] <== adr7.out[1];
+
+// in[7] -> 8*BASE
+ adr8.in1[0] <== base[0];
+ adr8.in1[1] <== base[1];
+ adr8.in2[0] <== adr7.out[0];
+ adr8.in2[1] <== adr7.out[1];
+ mux.c[0][7] <== adr8.out[0];
+ mux.c[1][7] <== adr8.out[1];
+
+ out8[0] <== adr8.out[0];
+ out8[1] <== adr8.out[1];
+
+ out[0] <== mux.out[0];
+ out[1] <== - mux.out[1]*2*in[3] + mux.out[1]; // Negate y if in[3] is one
+}
+
+
+template Segment(nWindows) {
+ signal input in[nWindows*4];
+ signal input base[2];
+ signal output out[2];
+
+ var i;
+ var j;
+
+ // Convert the base to montgomery
+
+ component e2m = Edwards2Montgomery();
+ e2m.in[0] <== base[0];
+ e2m.in[1] <== base[1];
+
+ component windows[nWindows];
+ component doublers1[nWindows-1];
+ component doublers2[nWindows-1];
+ component adders[nWindows-1];
+ for (i=0; i<nWindows; i++) {
+ windows[i] = Window4();
+ for (j=0; j<4; j++) {
+ windows[i].in[j] <== in[4*i+j];
+ }
+ if (i==0) {
+ windows[i].base[0] <== e2m.out[0];
+ windows[i].base[1] <== e2m.out[1];
+ } else {
+ doublers1[i-1] = MontgomeryDouble();
+ doublers2[i-1] = MontgomeryDouble();
+ doublers1[i-1].in[0] <== windows[i-1].out8[0];
+ doublers1[i-1].in[1] <== windows[i-1].out8[1];
+ doublers2[i-1].in[0] <== doublers1[i-1].out[0];
+ doublers2[i-1].in[1] <== doublers1[i-1].out[1];
+
+ windows[i].base[0] <== doublers2[i-1].out[0];
+ windows[i].base[1] <== doublers2[i-1].out[1];
+
+ adders[i-1] = MontgomeryAdd();
+ if (i==1) {
+ adders[i-1].in1[0] <== windows[0].out[0];
+ adders[i-1].in1[1] <== windows[0].out[1];
+ } else {
+ adders[i-1].in1[0] <== adders[i-2].out[0];
+ adders[i-1].in1[1] <== adders[i-2].out[1];
+ }
+ adders[i-1].in2[0] <== windows[i].out[0];
+ adders[i-1].in2[1] <== windows[i].out[1];
+ }
+ }
+
+ component m2e = Montgomery2Edwards();
+
+ if (nWindows > 1) {
+ m2e.in[0] <== adders[nWindows-2].out[0];
+ m2e.in[1] <== adders[nWindows-2].out[1];
+ } else {
+ m2e.in[0] <== windows[0].out[0];
+ m2e.in[1] <== windows[0].out[1];
+ }
+
+ out[0] <== m2e.out[0];
+ out[1] <== m2e.out[1];
+}
+
+template Pedersen(n) {
+ signal input in[n];
+ signal output out[2];
+
+ var BASE[10][2] = [
+ [10457101036533406547632367118273992217979173478358440826365724437999023779287,19824078218392094440610104313265183977899662750282163392862422243483260492317],
+ [2671756056509184035029146175565761955751135805354291559563293617232983272177,2663205510731142763556352975002641716101654201788071096152948830924149045094],
+ [5802099305472655231388284418920769829666717045250560929368476121199858275951,5980429700218124965372158798884772646841287887664001482443826541541529227896],
+ [7107336197374528537877327281242680114152313102022415488494307685842428166594,2857869773864086953506483169737724679646433914307247183624878062391496185654],
+ [20265828622013100949498132415626198973119240347465898028410217039057588424236,1160461593266035632937973507065134938065359936056410650153315956301179689506],
+ [1487999857809287756929114517587739322941449154962237464737694709326309567994,14017256862867289575056460215526364897734808720610101650676790868051368668003],
+ [14618644331049802168996997831720384953259095788558646464435263343433563860015,13115243279999696210147231297848654998887864576952244320558158620692603342236],
+ [6814338563135591367010655964669793483652536871717891893032616415581401894627,13660303521961041205824633772157003587453809761793065294055279768121314853695],
+ [3571615583211663069428808372184817973703476260057504149923239576077102575715,11981351099832644138306422070127357074117642951423551606012551622164230222506],
+ [18597552580465440374022635246985743886550544261632147935254624835147509493269,6753322320275422086923032033899357299485124665258735666995435957890214041481]
+ ]
+
+ var nSegments = ((n-1)\200)+1;
+
+ component segments[nSegments];
+
+ var i;
+ var j;
+ var nBits;
+ var nWindows;
+ for (i=0; i<nSegments; i++) {
+ nBits = (i == (nSegments-1)) ? n - (nSegments-1)*200 : 200;
+ nWindows = ((nBits - 1)\4)+1;
+ segments[i] = Segment(nWindows);
+ segments[i].base[0] <== BASE[i][0];
+ segments[i].base[1] <== BASE[i][1];
+ for (j = 0; j<nBits; j++) {
+ segments[i].in[j] <== in[i*200+j];
+ }
+ // Fill padding bits
+ for (j = nBits; j < nWindows*4; j++) {
+ segments[i].in[j] <== 0;
+ }
+ }
+
+ component adders[nSegments-1];
+
+ for (i=0; i<nSegments-1; i++) {
+ adders[i] = BabyAdd();
+ if (i==0) {
+ adders[i].x1 <== segments[0].out[0];
+ adders[i].y1 <== segments[0].out[1];
+ adders[i].x2 <== segments[1].out[0];
+ adders[i].y2 <== segments[1].out[1];
+ } else {
+ adders[i].x1 <== adders[i-1].xout;
+ adders[i].y1 <== adders[i-1].yout;
+ adders[i].x2 <== segments[i+1].out[0];
+ adders[i].y2 <== segments[i+1].out[1];
+ }
+ }
+
+/*
+ coponent packPoint = PackPoint();
+
+ if (nSegments>1) {
+ packPoint.in[0] <== adders[nSegments-2].xout;
+ packPoint.in[1] <== adders[nSegments-2].yout;
+ } else {
+ packPoint.in[0] <== segments[0].out[0];
+ packPoint.in[1] <== segments[0].out[1];
+ }
+
+ out[0] <== packPoint.out[0];
+ out[1] <== packPoint.out[1];
+*/
+
+ if (nSegments>1) {
+ out[0] <== adders[nSegments-2].xout;
+ out[1] <== adders[nSegments-2].yout;
+ } else {
+ out[0] <== segments[0].out[0];
+ out[1] <== segments[0].out[1];
+ }
+}
+
diff --git a/circuits/cryptography/hash_functions/pedersen/pedersen2.test.js b/circuits/cryptography/hash_functions/pedersen/pedersen2.test.js
new file mode 100644
index 00000000..9a9712d8
--- /dev/null
+++ b/circuits/cryptography/hash_functions/pedersen/pedersen2.test.js
@@ -0,0 +1,49 @@
+const path = require("path");
+
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+const babyJub = require("../src/babyjub.js");
+const pedersen = require("../src/pedersenHash.js");
+
+
+describe("Pedersen test", function() {
+ let circuit;
+ this.timeout(100000);
+ before( async() => {
+
+ circuit = await tester(path.join(__dirname, "circuits", "pedersen2_test.circom"));
+ });
+ it("Should pedersen at zero", async () => {
+
+ let w;
+
+ w = await circuit.calculateWitness({ in: 0}, true);
+
+ const b = Buffer.alloc(32);
+
+ const h = pedersen.hash(b);
+ const hP = babyJub.unpackPoint(h);
+
+ await circuit.assertOut(w, {out: hP});
+
+ });
+ it("Should pedersen with 253 ones", async () => {
+
+ let w;
+
+ const n = bigInt.one.shiftLeft(253).minus(bigInt.one);
+
+ w = await circuit.calculateWitness({ in: n}, true);
+
+ const b = Buffer.alloc(32);
+ for (let i=0; i<31; i++) b[i] = 0xFF;
+ b[31] = 0x1F;
+
+ const h = pedersen.hash(b);
+ const hP = babyJub.unpackPoint(h);
+
+ await circuit.assertOut(w, {out: hP});
+
+ });
+});
diff --git a/circuits/cryptography/hash_functions/pedersen/pedersen2_test.circom b/circuits/cryptography/hash_functions/pedersen/pedersen2_test.circom
new file mode 100644
index 00000000..e13e3530
--- /dev/null
+++ b/circuits/cryptography/hash_functions/pedersen/pedersen2_test.circom
@@ -0,0 +1,32 @@
+include "../../circuits/pedersen.circom";
+include "../../circuits/bitify.circom";
+
+
+template Main() {
+ signal input in;
+ signal output out[2];
+
+ component pedersen = Pedersen(256);
+
+ component n2b;
+ n2b = Num2Bits(253);
+
+ var i;
+
+ in ==> n2b.in;
+
+ for (i=0; i<253; i++) {
+ pedersen.in[i] <== n2b.out[i];
+ }
+
+ for (i=253; i<256; i++) {
+ pedersen.in[i] <== 0;
+ }
+
+ pedersen.out[0] ==> out[0];
+ pedersen.out[1] ==> out[1];
+}
+
+component main = Main();
+
+
diff --git a/circuits/cryptography/hash_functions/pedersen/pedersen_old/pedersen_old.circom b/circuits/cryptography/hash_functions/pedersen/pedersen_old/pedersen_old.circom
new file mode 100644
index 00000000..9ddc387d
--- /dev/null
+++ b/circuits/cryptography/hash_functions/pedersen/pedersen_old/pedersen_old.circom
@@ -0,0 +1,66 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "escalarmul.circom";
+
+template Pedersen(n) {
+ signal input in[n];
+ signal output out[2];
+
+ var nexps = ((n-1) \ 250) + 1;
+ var nlastbits = n - (nexps-1)*250;
+
+ component escalarMuls[nexps];
+
+ var PBASE[10][2] = [
+ [10457101036533406547632367118273992217979173478358440826365724437999023779287,19824078218392094440610104313265183977899662750282163392862422243483260492317],
+ [2671756056509184035029146175565761955751135805354291559563293617232983272177,2663205510731142763556352975002641716101654201788071096152948830924149045094],
+ [5802099305472655231388284418920769829666717045250560929368476121199858275951,5980429700218124965372158798884772646841287887664001482443826541541529227896],
+ [7107336197374528537877327281242680114152313102022415488494307685842428166594,2857869773864086953506483169737724679646433914307247183624878062391496185654],
+ [20265828622013100949498132415626198973119240347465898028410217039057588424236,1160461593266035632937973507065134938065359936056410650153315956301179689506],
+ [1487999857809287756929114517587739322941449154962237464737694709326309567994,14017256862867289575056460215526364897734808720610101650676790868051368668003],
+ [14618644331049802168996997831720384953259095788558646464435263343433563860015,13115243279999696210147231297848654998887864576952244320558158620692603342236],
+ [6814338563135591367010655964669793483652536871717891893032616415581401894627,13660303521961041205824633772157003587453809761793065294055279768121314853695],
+ [3571615583211663069428808372184817973703476260057504149923239576077102575715,11981351099832644138306422070127357074117642951423551606012551622164230222506],
+ [18597552580465440374022635246985743886550544261632147935254624835147509493269,6753322320275422086923032033899357299485124665258735666995435957890214041481]
+ ];
+
+ var i;
+ var j;
+ var nexpbits;
+ for (i=0; i<nexps; i++) {
+ nexpbits = (i == nexps-1) ? nlastbits : 250;
+ escalarMuls[i] = EscalarMul(nexpbits, PBASE[i]);
+
+ for (j=0; j<nexpbits; j++) {
+ escalarMuls[i].in[j] <== in[250*i + j];
+ }
+
+ if (i==0) {
+ escalarMuls[i].inp[0] <== 0;
+ escalarMuls[i].inp[1] <== 1;
+ } else {
+ escalarMuls[i].inp[0] <== escalarMuls[i-1].out[0];
+ escalarMuls[i].inp[1] <== escalarMuls[i-1].out[1];
+ }
+ }
+
+ escalarMuls[nexps-1].out[0] ==> out[0];
+ escalarMuls[nexps-1].out[1] ==> out[1];
+}
diff --git a/circuits/cryptography/hash_functions/pedersen/pedersen_test.circom b/circuits/cryptography/hash_functions/pedersen/pedersen_test.circom
new file mode 100644
index 00000000..accd484d
--- /dev/null
+++ b/circuits/cryptography/hash_functions/pedersen/pedersen_test.circom
@@ -0,0 +1,29 @@
+include "../../circuits/pedersen_old.circom";
+include "../../circuits/bitify.circom";
+
+
+template Main() {
+ signal input in[2];
+ signal output out[2];
+
+ component pedersen = Pedersen(250*2);
+
+ component n2b[2];
+ n2b[0] = Num2Bits(250);
+ n2b[1] = Num2Bits(250);
+
+ var i;
+
+ in[0] ==> n2b[0].in;
+ in[1] ==> n2b[1].in;
+
+ for (i=0; i<250; i++) {
+ n2b[0].out[i] ==> pedersen.in[i];
+ n2b[1].out[i] ==> pedersen.in[250+i];
+ }
+
+ pedersen.out[0] ==> out[0];
+ pedersen.out[1] ==> out[1];
+}
+
+component main = Main();
diff --git a/circuits/cryptography/hash_functions/poseidon/README.md b/circuits/cryptography/hash_functions/poseidon/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/hash_functions/poseidon/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/hash_functions/poseidon/poseidon.circom b/circuits/cryptography/hash_functions/poseidon/poseidon.circom
new file mode 100644
index 00000000..aac8d036
--- /dev/null
+++ b/circuits/cryptography/hash_functions/poseidon/poseidon.circom
@@ -0,0 +1,208 @@
+
+template Sigma() {
+ signal input in;
+ signal output out;
+
+ signal in2;
+ signal in4;
+
+ in2 <== in*in;
+ in4 <== in2*in2;
+
+ out <== in4*in;
+}
+
+template Ark(t, C) {
+ signal input in[t];
+ signal output out[t];
+ for (var i=0; i<t; i++) {
+ out[i] <== in[i] + C;
+ }
+}
+
+template Mix(t, M) {
+ signal input in[t];
+ signal output out[t];
+ var lc;
+
+ var i;
+ var j;
+
+ for (i=0; i<t; i++) {
+ lc = 0;
+ for (j=0; j<t; j++) {
+ lc = lc + M[i][j]*in[j];
+ }
+ out[i] <== lc;
+ }
+}
+
+// var nRoundsF = 8;
+// var nRoundsP = 57;
+// var t = 6;
+
+template Poseidon(nInputs, t, nRoundsF, nRoundsP) {
+
+ var C[65] = [
+ 14397397413755236225575615486459253198602422701513067526754101844196324375522,
+ 10405129301473404666785234951972711717481302463898292859783056520670200613128,
+ 5179144822360023508491245509308555580251733042407187134628755730783052214509,
+ 9132640374240188374542843306219594180154739721841249568925550236430986592615,
+ 20360807315276763881209958738450444293273549928693737723235350358403012458514,
+ 17933600965499023212689924809448543050840131883187652471064418452962948061619,
+ 3636213416533737411392076250708419981662897009810345015164671602334517041153,
+ 2008540005368330234524962342006691994500273283000229509835662097352946198608,
+ 16018407964853379535338740313053768402596521780991140819786560130595652651567,
+ 20653139667070586705378398435856186172195806027708437373983929336015162186471,
+ 17887713874711369695406927657694993484804203950786446055999405564652412116765,
+ 4852706232225925756777361208698488277369799648067343227630786518486608711772,
+ 8969172011633935669771678412400911310465619639756845342775631896478908389850,
+ 20570199545627577691240476121888846460936245025392381957866134167601058684375,
+ 16442329894745639881165035015179028112772410105963688121820543219662832524136,
+ 20060625627350485876280451423010593928172611031611836167979515653463693899374,
+ 16637282689940520290130302519163090147511023430395200895953984829546679599107,
+ 15599196921909732993082127725908821049411366914683565306060493533569088698214,
+ 16894591341213863947423904025624185991098788054337051624251730868231322135455,
+ 1197934381747032348421303489683932612752526046745577259575778515005162320212,
+ 6172482022646932735745595886795230725225293469762393889050804649558459236626,
+ 21004037394166516054140386756510609698837211370585899203851827276330669555417,
+ 15262034989144652068456967541137853724140836132717012646544737680069032573006,
+ 15017690682054366744270630371095785995296470601172793770224691982518041139766,
+ 15159744167842240513848638419303545693472533086570469712794583342699782519832,
+ 11178069035565459212220861899558526502477231302924961773582350246646450941231,
+ 21154888769130549957415912997229564077486639529994598560737238811887296922114,
+ 20162517328110570500010831422938033120419484532231241180224283481905744633719,
+ 2777362604871784250419758188173029886707024739806641263170345377816177052018,
+ 15732290486829619144634131656503993123618032247178179298922551820261215487562,
+ 6024433414579583476444635447152826813568595303270846875177844482142230009826,
+ 17677827682004946431939402157761289497221048154630238117709539216286149983245,
+ 10716307389353583413755237303156291454109852751296156900963208377067748518748,
+ 14925386988604173087143546225719076187055229908444910452781922028996524347508,
+ 8940878636401797005293482068100797531020505636124892198091491586778667442523,
+ 18911747154199663060505302806894425160044925686870165583944475880789706164410,
+ 8821532432394939099312235292271438180996556457308429936910969094255825456935,
+ 20632576502437623790366878538516326728436616723089049415538037018093616927643,
+ 71447649211767888770311304010816315780740050029903404046389165015534756512,
+ 2781996465394730190470582631099299305677291329609718650018200531245670229393,
+ 12441376330954323535872906380510501637773629931719508864016287320488688345525,
+ 2558302139544901035700544058046419714227464650146159803703499681139469546006,
+ 10087036781939179132584550273563255199577525914374285705149349445480649057058,
+ 4267692623754666261749551533667592242661271409704769363166965280715887854739,
+ 4945579503584457514844595640661884835097077318604083061152997449742124905548,
+ 17742335354489274412669987990603079185096280484072783973732137326144230832311,
+ 6266270088302506215402996795500854910256503071464802875821837403486057988208,
+ 2716062168542520412498610856550519519760063668165561277991771577403400784706,
+ 19118392018538203167410421493487769944462015419023083813301166096764262134232,
+ 9386595745626044000666050847309903206827901310677406022353307960932745699524,
+ 9121640807890366356465620448383131419933298563527245687958865317869840082266,
+ 3078975275808111706229899605611544294904276390490742680006005661017864583210,
+ 7157404299437167354719786626667769956233708887934477609633504801472827442743,
+ 14056248655941725362944552761799461694550787028230120190862133165195793034373,
+ 14124396743304355958915937804966111851843703158171757752158388556919187839849,
+ 11851254356749068692552943732920045260402277343008629727465773766468466181076,
+ 9799099446406796696742256539758943483211846559715874347178722060519817626047,
+ 10156146186214948683880719664738535455146137901666656566575307300522957959544,
+ 19908645952733301583346063785055921934459499091029406575311417879963332475861,
+ 11766105336238068471342414351862472329437473380853789942065610694000443387471,
+ 11002137593249972174092192767251572171769044073555430468487809799220351297047,
+ 284136377911685911941431040940403846843630064858778505937392780738953624163,
+ 19448733709802908339787967270452055364068697565906862913410983275341804035680,
+ 14423660424692802524250720264041003098290275890428483723270346403986712981505,
+ 10635360132728137321700090133109897687122647659471659996419791842933639708516
+ ];
+
+ var M[6][6] = [
+ [
+ 19167410339349846567561662441069598364702008768579734801591448511131028229281,
+ 14183033936038168803360723133013092560869148726790180682363054735190196956789,
+ 9067734253445064890734144122526450279189023719890032859456830213166173619761,
+ 16378664841697311562845443097199265623838619398287411428110917414833007677155,
+ 12968540216479938138647596899147650021419273189336843725176422194136033835172,
+ 3636162562566338420490575570584278737093584021456168183289112789616069756675
+ ],[
+ 17034139127218860091985397764514160131253018178110701196935786874261236172431,
+ 2799255644797227968811798608332314218966179365168250111693473252876996230317,
+ 2482058150180648511543788012634934806465808146786082148795902594096349483974,
+ 16563522740626180338295201738437974404892092704059676533096069531044355099628,
+ 10468644849657689537028565510142839489302836569811003546969773105463051947124,
+ 3328913364598498171733622353010907641674136720305714432354138807013088636408
+ ],[
+ 18985203040268814769637347880759846911264240088034262814847924884273017355969,
+ 8652975463545710606098548415650457376967119951977109072274595329619335974180,
+ 970943815872417895015626519859542525373809485973005165410533315057253476903,
+ 19406667490568134101658669326517700199745817783746545889094238643063688871948,
+ 17049854690034965250221386317058877242629221002521630573756355118745574274967,
+ 4964394613021008685803675656098849539153699842663541444414978877928878266244
+ ],[
+ 19025623051770008118343718096455821045904242602531062247152770448380880817517,
+ 9077319817220936628089890431129759976815127354480867310384708941479362824016,
+ 4770370314098695913091200576539533727214143013236894216582648993741910829490,
+ 4298564056297802123194408918029088169104276109138370115401819933600955259473,
+ 6905514380186323693285869145872115273350947784558995755916362330070690839131,
+ 4783343257810358393326889022942241108539824540285247795235499223017138301952
+ ],[
+ 16205238342129310687768799056463408647672389183328001070715567975181364448609,
+ 8303849270045876854140023508764676765932043944545416856530551331270859502246,
+ 20218246699596954048529384569730026273241102596326201163062133863539137060414,
+ 1712845821388089905746651754894206522004527237615042226559791118162382909269,
+ 13001155522144542028910638547179410124467185319212645031214919884423841839406,
+ 16037892369576300958623292723740289861626299352695838577330319504984091062115
+ ],[
+ 15162889384227198851506890526431746552868519326873025085114621698588781611738,
+ 13272957914179340594010910867091459756043436017766464331915862093201960540910,
+ 9416416589114508529880440146952102328470363729880726115521103179442988482948,
+ 8035240799672199706102747147502951589635001418759394863664434079699838251138,
+ 21642389080762222565487157652540372010968704000567605990102641816691459811717,
+ 20261355950827657195644012399234591122288573679402601053407151083849785332516
+ ]
+ ];
+
+
+ signal input inputs[nInputs];
+ signal output out;
+
+ component ark[nRoundsF + nRoundsP];
+ component sigmaF[nRoundsF][t];
+ component sigmaP[nRoundsP];
+ component mix[nRoundsF + nRoundsP];
+
+ var i;
+ var j;
+ var k;
+
+ for (i=0; i<(nRoundsF + nRoundsP); i++) {
+ ark[i] = Ark(t, C[i]);
+ mix[i] = Mix(t, M);
+
+ for (j=0; j<t; j++) {
+ if (i==0) {
+ if (j<nInputs) {
+ ark[i].in[j] <== inputs[j];
+ } else {
+ ark[i].in[j] <== 0;
+ }
+ } else {
+ ark[i].in[j] <== mix[i-1].out[j];
+ }
+ }
+
+ if ((i<(nRoundsF/2)) || (i>= (nRoundsP + nRoundsF/2))) {
+ k= i<nRoundsF/2 ? i : (i-nRoundsP);
+ for (j=0; j<t; j++) {
+ sigmaF[k][j] = Sigma();
+ sigmaF[k][j].in <== ark[i].out[j];
+ mix[i].in[j] <== sigmaF[k][j].out;
+ }
+ } else {
+ k= i-nRoundsF/2;
+ sigmaP[k] = Sigma();
+ sigmaP[k].in <== ark[i].out[0];
+ mix[i].in[0] <== sigmaP[k].out;
+ for (j=1; j<t; j++) {
+ mix[i].in[j] <== ark[i].out[j];
+ }
+ }
+ }
+
+ out <== mix[nRoundsF + nRoundsP -1].out[0];
+}
diff --git a/circuits/cryptography/hash_functions/poseidon/poseidon3_test.circom b/circuits/cryptography/hash_functions/poseidon/poseidon3_test.circom
new file mode 100644
index 00000000..03d69d45
--- /dev/null
+++ b/circuits/cryptography/hash_functions/poseidon/poseidon3_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/poseidon.circom"
+
+component main = Poseidon(2, 3, 8, 57);
diff --git a/circuits/cryptography/hash_functions/poseidon/poseidon6_test.circom b/circuits/cryptography/hash_functions/poseidon/poseidon6_test.circom
new file mode 100644
index 00000000..526bef12
--- /dev/null
+++ b/circuits/cryptography/hash_functions/poseidon/poseidon6_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/poseidon.circom"
+
+component main = Poseidon(2, 6, 8, 57);
diff --git a/circuits/cryptography/hash_functions/poseidon/poseidoncircuit.test.js b/circuits/cryptography/hash_functions/poseidon/poseidoncircuit.test.js
new file mode 100644
index 00000000..d5e2a9f0
--- /dev/null
+++ b/circuits/cryptography/hash_functions/poseidon/poseidoncircuit.test.js
@@ -0,0 +1,76 @@
+const chai = require("chai");
+const path = require("path");
+var blake2b = require("blake2b");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+const poseidon = require("../src/poseidon.js");
+
+const assert = chai.assert;
+
+describe("Blake2b version test", function() {
+ it("Should give the expected output for blake2b version", async () => {
+ var output = new Uint8Array(32);
+ var input = Buffer.from("poseidon_constants");
+ const h = blake2b(output.length).update(input).digest("hex");
+ assert.equal("e57ba154fb2c47811dc1a2369b27e25a44915b4e4ece4eb8ec74850cb78e01b1", h);
+ });
+});
+
+describe("Poseidon Circuit test", function () {
+ let circuit6;
+ let circuit3;
+
+ this.timeout(100000);
+
+ before( async () => {
+ circuit6 = await tester(path.join(__dirname, "circuits", "poseidon6_test.circom"));
+ circuit3 = await tester(path.join(__dirname, "circuits", "poseidon3_test.circom"));
+ });
+
+ it("Should check constrain of hash([1, 2]) t=6", async () => {
+ const w = await circuit6.calculateWitness({inputs: [1, 2]}, true);
+
+ const hash = poseidon.createHash(6, 8, 57);
+
+ const res2 = hash([1,2]);
+ assert.equal("12242166908188651009877250812424843524687801523336557272219921456462821518061", res2.toString());
+ await circuit6.assertOut(w, {out : res2});
+ await circuit6.checkConstraints(w);
+ });
+
+ it("Should check constrain of hash([3, 4]) t=6", async () => {
+ const w = await circuit6.calculateWitness({inputs: [3, 4]});
+
+ const hash = poseidon.createHash(6, 8, 57);
+
+ const res2 = hash([3, 4]);
+
+ assert.equal("17185195740979599334254027721507328033796809509313949281114643312710535000993", res2.toString());
+ await circuit6.assertOut(w, {out : res2});
+ await circuit6.checkConstraints(w);
+ });
+
+
+ it("Should check constrain of hash([1, 2]) t=3", async () => {
+ const w = await circuit3.calculateWitness({inputs: [1, 2]});
+
+ const hash = poseidon.createHash(3, 8, 57);
+
+ const res2 = hash([1,2]);
+ assert.equal("2104035019328376391822106787753454168168617545136592089411833517434990977743", res2.toString());
+ await circuit3.assertOut(w, {out : res2});
+ await circuit3.checkConstraints(w);
+ });
+
+ it("Should check constrain of hash([3, 4]) t=3", async () => {
+ const w = await circuit3.calculateWitness({inputs: [3, 4]});
+
+ const hash = poseidon.createHash(3, 8, 57);
+
+ const res2 = hash([3, 4]);
+ assert.equal("12456141564250880945411182508630957604732712316993112736876413121277158512223", res2.toString());
+ await circuit3.assertOut(w, {out : res2});
+ await circuit3.checkConstraints(w);
+ });
+});
diff --git a/circuits/cryptography/hash_functions/poseidon/poseidoncontract.test.js b/circuits/cryptography/hash_functions/poseidon/poseidoncontract.test.js
new file mode 100644
index 00000000..caad1cad
--- /dev/null
+++ b/circuits/cryptography/hash_functions/poseidon/poseidoncontract.test.js
@@ -0,0 +1,69 @@
+const ganache = require("ganache-cli");
+const Web3 = require("web3");
+const chai = require("chai");
+const poseidonGenContract = require("../src/poseidon_gencontract.js");
+const Poseidon = require("../src/poseidon.js");
+const bigInt = require("snarkjs").bigInt;
+
+const assert = chai.assert;
+const log = (msg) => { if (process.env.MOCHA_VERBOSE) console.log(msg); };
+
+describe("Poseidon Smart contract test", function () {
+ let testrpc;
+ let web3;
+ let poseidon6;
+ let poseidon3;
+ let accounts;
+ this.timeout(100000);
+
+ before(async () => {
+ web3 = new Web3(ganache.provider(), null, { transactionConfirmationBlocks: 1 });
+ accounts = await web3.eth.getAccounts();
+ });
+
+ it("Should deploy the contract", async () => {
+ const C = new web3.eth.Contract(poseidonGenContract.abi);
+
+ poseidon6 = await C.deploy({
+ data: poseidonGenContract.createCode(6)
+ }).send({
+ gas: 2500000,
+ from: accounts[0]
+ });
+ poseidon3 = await C.deploy({
+ data: poseidonGenContract.createCode(3)
+ }).send({
+ gas: 2500000,
+ from: accounts[0]
+ });
+ });
+
+ it("Shold calculate the poseidon correctly t=6", async () => {
+
+ const res = await poseidon6.methods.poseidon([1,2]).call();
+
+ // console.log("Cir: " + bigInt(res.toString(16)).toString(16));
+
+ const hash = Poseidon.createHash(6, 8, 57);
+
+ const res2 = hash([1,2]);
+ // console.log("Ref: " + bigInt(res2).toString(16));
+
+ assert.equal(res.toString(), res2.toString());
+ });
+ it("Shold calculate the poseidon correctly t=3", async () => {
+
+ const res = await poseidon3.methods.poseidon([1,2]).call();
+
+ // console.log("Cir: " + bigInt(res.toString(16)).toString(16));
+
+ const hash = Poseidon.createHash(3, 8, 57);
+
+ const res2 = hash([1,2]);
+ // console.log("Ref: " + bigInt(res2).toString(16));
+
+ assert.equal(res.toString(), res2.toString());
+ });
+
+});
+
diff --git a/circuits/cryptography/hash_functions/sha256/README.md b/circuits/cryptography/hash_functions/sha256/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/hash_functions/sha256/ch.circom b/circuits/cryptography/hash_functions/sha256/ch.circom
new file mode 100644
index 00000000..5804ae8c
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/ch.circom
@@ -0,0 +1,46 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/* Ch
+
+000 0
+001 1
+010 0
+011 1
+100 0
+101 0
+110 1
+111 1
+
+out = a&b ^ (!a)&c =>
+
+out = a*(b-c) + c
+
+*/
+
+template Ch(n) {
+ signal input a[n];
+ signal input b[n];
+ signal input c[n];
+ signal output out[n];
+
+ for (var k=0; k<n; k++) {
+ out[k] <== a[k] * (b[k]-c[k]) + c[k];
+ }
+}
diff --git a/circuits/cryptography/hash_functions/sha256/constants.circom b/circuits/cryptography/hash_functions/sha256/constants.circom
new file mode 100644
index 00000000..7b375d53
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/constants.circom
@@ -0,0 +1,52 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template H(x) {
+ signal output out[32];
+ var c[8] = [0x6a09e667,
+ 0xbb67ae85,
+ 0x3c6ef372,
+ 0xa54ff53a,
+ 0x510e527f,
+ 0x9b05688c,
+ 0x1f83d9ab,
+ 0x5be0cd19];
+
+ for (var i=0; i<32; i++) {
+ out[i] <== (c[x] >> i) & 1;
+ }
+}
+
+template K(x) {
+ signal output out[32];
+ var c[64] = [
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+ ];
+
+ for (var i=0; i<32; i++) {
+ out[i] <== (c[x] >> i) & 1;
+ }
+}
diff --git a/circuits/cryptography/hash_functions/sha256/constants_test.circom b/circuits/cryptography/hash_functions/sha256/constants_test.circom
new file mode 100644
index 00000000..61d392d2
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/constants_test.circom
@@ -0,0 +1,18 @@
+include "../../circuits/sha256/constants.circom"
+
+template A() {
+ signal input in;
+ component h0;
+ h0 = K(8);
+
+ var lc = 0;
+ var e = 1;
+ for (var i=0; i<32; i++) {
+ lc = lc + e*h0.out[i];
+ e *= 2;
+ }
+
+ lc === in;
+}
+
+component main = A();
diff --git a/circuits/cryptography/hash_functions/sha256/main.circom b/circuits/cryptography/hash_functions/sha256/main.circom
new file mode 100644
index 00000000..fbf24348
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/main.circom
@@ -0,0 +1,34 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "sha256_2.jaz";
+
+template Main() {
+ signal private input a;
+ signal private input b;
+ signal output out;
+
+ component sha256_2 = SHA256_2();
+
+ sha256_2.a <== a;
+ sha256_2.b <== a;
+ out <== sha256_2.out;
+}
+
+component main = Main();
diff --git a/circuits/cryptography/hash_functions/sha256/maj.circom b/circuits/cryptography/hash_functions/sha256/maj.circom
new file mode 100644
index 00000000..ee536874
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/maj.circom
@@ -0,0 +1,44 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/* Maj function for sha256
+
+out = a&b ^ a&c ^ b&c =>
+
+out = a*b + a*c + b*c - 2*a*b*c =>
+
+out = a*( b + c - 2*b*c ) + b*c =>
+
+mid = b*c
+out = a*( b + c - 2*mid ) + mid
+
+*/
+
+template Maj(n) {
+ signal input a[n];
+ signal input b[n];
+ signal input c[n];
+ signal output out[n];
+ signal mid[n];
+
+ for (var k=0; k<n; k++) {
+ mid[k] <== b[k]*c[k];
+ out[k] <== a[k] * (b[k]+c[k]-2*mid[k]) + mid[k];
+ }
+}
diff --git a/circuits/cryptography/hash_functions/sha256/rotate.circom b/circuits/cryptography/hash_functions/sha256/rotate.circom
new file mode 100644
index 00000000..b05df40a
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/rotate.circom
@@ -0,0 +1,27 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template RotR(n, r) {
+ signal input in[n];
+ signal output out[n];
+
+ for (var i=0; i<n; i++) {
+ out[i] <== in[ (i+r)%n ];
+ }
+}
diff --git a/circuits/cryptography/hash_functions/sha256/sha256.circom b/circuits/cryptography/hash_functions/sha256/sha256.circom
new file mode 100644
index 00000000..c2af805e
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/sha256.circom
@@ -0,0 +1,81 @@
+
+
+include "constants.circom";
+include "sha256compression.circom";
+
+template Sha256(nBits) {
+ signal input in[nBits];
+ signal output out[256];
+
+ var i;
+ var k;
+ var nBlocks;
+ var bitsLastBlock;
+
+
+ nBlocks = ((nBits + 64)\512)+1;
+
+ signal paddedIn[nBlocks*512];
+
+ for (k=0; k<nBits; k++) {
+ paddedIn[k] <== in[k];
+ }
+ paddedIn[nBits] <== 1;
+
+ for (k=nBits+1; k<nBlocks*512-64; k++) {
+ paddedIn[k] <== 0;
+ }
+
+ for (k = 0; k< 64; k++) {
+ paddedIn[nBlocks*512 - k -1] <== (nBits >> k)&1;
+ }
+
+ component ha0 = H(0);
+ component hb0 = H(1);
+ component hc0 = H(2);
+ component hd0 = H(3);
+ component he0 = H(4);
+ component hf0 = H(5);
+ component hg0 = H(6);
+ component hh0 = H(7);
+
+ component sha256compression[nBlocks];
+
+ for (i=0; i<nBlocks; i++) {
+
+ sha256compression[i] = Sha256compression() ;
+
+ if (i==0) {
+ for (k=0; k<32; k++ ) {
+ sha256compression[i].hin[0*32+k] <== ha0.out[k];
+ sha256compression[i].hin[1*32+k] <== hb0.out[k];
+ sha256compression[i].hin[2*32+k] <== hc0.out[k];
+ sha256compression[i].hin[3*32+k] <== hd0.out[k];
+ sha256compression[i].hin[4*32+k] <== he0.out[k];
+ sha256compression[i].hin[5*32+k] <== hf0.out[k];
+ sha256compression[i].hin[6*32+k] <== hg0.out[k];
+ sha256compression[i].hin[7*32+k] <== hh0.out[k];
+ }
+ } else {
+ for (k=0; k<32; k++ ) {
+ sha256compression[i].hin[32*0+k] <== sha256compression[i-1].out[32*0+31-k];
+ sha256compression[i].hin[32*1+k] <== sha256compression[i-1].out[32*1+31-k];
+ sha256compression[i].hin[32*2+k] <== sha256compression[i-1].out[32*2+31-k];
+ sha256compression[i].hin[32*3+k] <== sha256compression[i-1].out[32*3+31-k];
+ sha256compression[i].hin[32*4+k] <== sha256compression[i-1].out[32*4+31-k];
+ sha256compression[i].hin[32*5+k] <== sha256compression[i-1].out[32*5+31-k];
+ sha256compression[i].hin[32*6+k] <== sha256compression[i-1].out[32*6+31-k];
+ sha256compression[i].hin[32*7+k] <== sha256compression[i-1].out[32*7+31-k];
+ }
+ }
+
+ for (k=0; k<512; k++) {
+ sha256compression[i].inp[k] <== paddedIn[i*512+k];
+ }
+ }
+
+ for (k=0; k<256; k++) {
+ out[k] <== sha256compression[nBlocks-1].out[k];
+ }
+
+}
diff --git a/circuits/cryptography/hash_functions/sha256/sha256_2.circom b/circuits/cryptography/hash_functions/sha256/sha256_2.circom
new file mode 100644
index 00000000..91537633
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/sha256_2.circom
@@ -0,0 +1,90 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "constants.circom";
+include "sha256compression.circom";
+include "../bitify.circom"
+
+template Sha256_2() {
+ signal input a;
+ signal input b;
+ signal output out;
+
+ var i;
+ var k;
+
+ component bits2num = Bits2Num(216);
+ component num2bits[2];
+
+ num2bits[0] = Num2Bits(216);
+ num2bits[1] = Num2Bits(216);
+
+ num2bits[0].in <== a;
+ num2bits[1].in <== b;
+
+
+ component sha256compression = Sha256compression() ;
+
+ component ha0 = H(0);
+ component hb0 = H(1);
+ component hc0 = H(2);
+ component hd0 = H(3);
+ component he0 = H(4);
+ component hf0 = H(5);
+ component hg0 = H(6);
+ component hh0 = H(7);
+
+ for (k=0; k<32; k++ ) {
+ sha256compression.hin[0*32+k] <== ha0.out[k];
+ sha256compression.hin[1*32+k] <== hb0.out[k];
+ sha256compression.hin[2*32+k] <== hc0.out[k];
+ sha256compression.hin[3*32+k] <== hd0.out[k];
+ sha256compression.hin[4*32+k] <== he0.out[k];
+ sha256compression.hin[5*32+k] <== hf0.out[k];
+ sha256compression.hin[6*32+k] <== hg0.out[k];
+ sha256compression.hin[7*32+k] <== hh0.out[k];
+ }
+
+ for (i=0; i<216; i++) {
+ sha256compression.inp[i] <== num2bits[0].out[215-i];
+ sha256compression.inp[i+216] <== num2bits[1].out[215-i];
+ }
+
+ sha256compression.inp[432] <== 1;
+
+ for (i=433; i<503; i++) {
+ sha256compression.inp[i] <== 0;
+ }
+
+ sha256compression.inp[503] <== 1;
+ sha256compression.inp[504] <== 1;
+ sha256compression.inp[505] <== 0;
+ sha256compression.inp[506] <== 1;
+ sha256compression.inp[507] <== 1;
+ sha256compression.inp[508] <== 0;
+ sha256compression.inp[509] <== 0;
+ sha256compression.inp[510] <== 0;
+ sha256compression.inp[511] <== 0;
+
+ for (i=0; i<216; i++) {
+ bits2num.in[i] <== sha256compression.out[255-i];
+ }
+
+ out <== bits2num.out;
+}
diff --git a/circuits/cryptography/hash_functions/sha256/sha256compression.circom b/circuits/cryptography/hash_functions/sha256/sha256compression.circom
new file mode 100644
index 00000000..e8ac441c
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/sha256compression.circom
@@ -0,0 +1,159 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "constants.circom";
+include "t1.circom";
+include "t2.circom";
+include "../binsum.circom";
+include "sigmaplus.circom";
+
+template Sha256compression() {
+ signal input hin[256];
+ signal input inp[512];
+ signal output out[256];
+ signal a[65][32];
+ signal b[65][32];
+ signal c[65][32];
+ signal d[65][32];
+ signal e[65][32];
+ signal f[65][32];
+ signal g[65][32];
+ signal h[65][32];
+ signal w[64][32];
+
+ var i;
+
+ component sigmaPlus[48];
+ for (i=0; i<48; i++) sigmaPlus[i] = SigmaPlus();
+
+ component ct_k[64];
+ for (i=0; i<64; i++) ct_k[i] = K(i);
+
+ component t1[64];
+ for (i=0; i<64; i++) t1[i] = T1();
+
+ component t2[64];
+ for (i=0; i<64; i++) t2[i] = T2();
+
+ component suma[64];
+ for (i=0; i<64; i++) suma[i] = BinSum(32, 2);
+
+ component sume[64];
+ for (i=0; i<64; i++) sume[i] = BinSum(32, 2);
+
+ component fsum[8];
+ for (i=0; i<8; i++) fsum[i] = BinSum(32, 2);
+
+ var k;
+ var t;
+
+ for (t=0; t<64; t++) {
+ if (t<16) {
+ for (k=0; k<32; k++) {
+ w[t][k] <== inp[t*32+31-k];
+ }
+ } else {
+ for (k=0; k<32; k++) {
+ sigmaPlus[t-16].in2[k] <== w[t-2][k];
+ sigmaPlus[t-16].in7[k] <== w[t-7][k];
+ sigmaPlus[t-16].in15[k] <== w[t-15][k];
+ sigmaPlus[t-16].in16[k] <== w[t-16][k];
+ }
+
+ for (k=0; k<32; k++) {
+ w[t][k] <== sigmaPlus[t-16].out[k];
+ }
+ }
+ }
+
+ for (k=0; k<32; k++ ) {
+ a[0][k] <== hin[k];
+ b[0][k] <== hin[32*1 + k];
+ c[0][k] <== hin[32*2 + k];
+ d[0][k] <== hin[32*3 + k];
+ e[0][k] <== hin[32*4 + k];
+ f[0][k] <== hin[32*5 + k];
+ g[0][k] <== hin[32*6 + k];
+ h[0][k] <== hin[32*7 + k];
+ }
+
+ for (t = 0; t<64; t++) {
+ for (k=0; k<32; k++) {
+ t1[t].h[k] <== h[t][k];
+ t1[t].e[k] <== e[t][k];
+ t1[t].f[k] <== f[t][k];
+ t1[t].g[k] <== g[t][k];
+ t1[t].k[k] <== ct_k[t].out[k];
+ t1[t].w[k] <== w[t][k];
+
+ t2[t].a[k] <== a[t][k];
+ t2[t].b[k] <== b[t][k];
+ t2[t].c[k] <== c[t][k];
+ }
+
+ for (k=0; k<32; k++) {
+ sume[t].in[0][k] <== d[t][k];
+ sume[t].in[1][k] <== t1[t].out[k];
+
+ suma[t].in[0][k] <== t1[t].out[k];
+ suma[t].in[1][k] <== t2[t].out[k];
+ }
+
+ for (k=0; k<32; k++) {
+ h[t+1][k] <== g[t][k];
+ g[t+1][k] <== f[t][k];
+ f[t+1][k] <== e[t][k];
+ e[t+1][k] <== sume[t].out[k];
+ d[t+1][k] <== c[t][k];
+ c[t+1][k] <== b[t][k];
+ b[t+1][k] <== a[t][k];
+ a[t+1][k] <== suma[t].out[k];
+ }
+ }
+
+ for (k=0; k<32; k++) {
+ fsum[0].in[0][k] <== hin[32*0+k];
+ fsum[0].in[1][k] <== a[64][k];
+ fsum[1].in[0][k] <== hin[32*1+k];
+ fsum[1].in[1][k] <== b[64][k];
+ fsum[2].in[0][k] <== hin[32*2+k];
+ fsum[2].in[1][k] <== c[64][k];
+ fsum[3].in[0][k] <== hin[32*3+k];
+ fsum[3].in[1][k] <== d[64][k];
+ fsum[4].in[0][k] <== hin[32*4+k];
+ fsum[4].in[1][k] <== e[64][k];
+ fsum[5].in[0][k] <== hin[32*5+k];
+ fsum[5].in[1][k] <== f[64][k];
+ fsum[6].in[0][k] <== hin[32*6+k];
+ fsum[6].in[1][k] <== g[64][k];
+ fsum[7].in[0][k] <== hin[32*7+k];
+ fsum[7].in[1][k] <== h[64][k];
+ }
+
+ for (k=0; k<32; k++) {
+ out[31-k] <== fsum[0].out[k];
+ out[32+31-k] <== fsum[1].out[k];
+ out[64+31-k] <== fsum[2].out[k];
+ out[96+31-k] <== fsum[3].out[k];
+ out[128+31-k] <== fsum[4].out[k];
+ out[160+31-k] <== fsum[5].out[k];
+ out[192+31-k] <== fsum[6].out[k];
+ out[224+31-k] <== fsum[7].out[k];
+ }
+}
diff --git a/circuits/cryptography/hash_functions/sha256/shift.circom b/circuits/cryptography/hash_functions/sha256/shift.circom
new file mode 100644
index 00000000..bdff3fde
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/shift.circom
@@ -0,0 +1,32 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template ShR(n, r) {
+ signal input in[n];
+ signal output out[n];
+
+ for (var i=0; i<n; i++) {
+ if (i+r >= n) {
+ out[i] <== 0;
+ } else {
+ out[i] <== in[ i+r ];
+ }
+ }
+}
+
diff --git a/circuits/cryptography/hash_functions/sha256/sigma.circom b/circuits/cryptography/hash_functions/sha256/sigma.circom
new file mode 100644
index 00000000..0661e532
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/sigma.circom
@@ -0,0 +1,76 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "xor3.circom";
+include "rotate.circom";
+include "shift.circom";
+
+template SmallSigma(ra, rb, rc) {
+ signal input in[32];
+ signal output out[32];
+ var k;
+
+ component rota = RotR(32, ra);
+ component rotb = RotR(32, rb);
+ component shrc = ShR(32, rc);
+
+ for (k=0; k<32; k++) {
+ rota.in[k] <== in[k];
+ rotb.in[k] <== in[k];
+ shrc.in[k] <== in[k];
+ }
+
+ component xor3 = Xor3(32);
+ for (k=0; k<32; k++) {
+ xor3.a[k] <== rota.out[k];
+ xor3.b[k] <== rotb.out[k];
+ xor3.c[k] <== shrc.out[k];
+ }
+
+ for (k=0; k<32; k++) {
+ out[k] <== xor3.out[k];
+ }
+}
+
+template BigSigma(ra, rb, rc) {
+ signal input in[32];
+ signal output out[32];
+ var k;
+
+ component rota = RotR(32, ra);
+ component rotb = RotR(32, rb);
+ component rotc = RotR(32, rc);
+ for (k=0; k<32; k++) {
+ rota.in[k] <== in[k];
+ rotb.in[k] <== in[k];
+ rotc.in[k] <== in[k];
+ }
+
+ component xor3 = Xor3(32);
+
+ for (k=0; k<32; k++) {
+ xor3.a[k] <== rota.out[k];
+ xor3.b[k] <== rotb.out[k];
+ xor3.c[k] <== rotc.out[k];
+ }
+
+ for (k=0; k<32; k++) {
+ out[k] <== xor3.out[k];
+ }
+}
diff --git a/circuits/cryptography/hash_functions/sha256/sigmaplus.circom b/circuits/cryptography/hash_functions/sha256/sigmaplus.circom
new file mode 100644
index 00000000..49637e40
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/sigmaplus.circom
@@ -0,0 +1,49 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../binsum.circom"
+include "sigma.circom"
+
+template SigmaPlus() {
+ signal input in2[32];
+ signal input in7[32];
+ signal input in15[32];
+ signal input in16[32];
+ signal output out[32];
+ var k;
+
+ component sigma1 = SmallSigma(17,19,10);
+ component sigma0 = SmallSigma(7, 18, 3);
+ for (k=0; k<32; k++) {
+ sigma1.in[k] <== in2[k];
+ sigma0.in[k] <== in15[k];
+ }
+
+ component sum = BinSum(32, 4);
+ for (k=0; k<32; k++) {
+ sum.in[0][k] <== sigma1.out[k];
+ sum.in[1][k] <== in7[k];
+ sum.in[2][k] <== sigma0.out[k];
+ sum.in[3][k] <== in16[k];
+ }
+
+ for (k=0; k<32; k++) {
+ out[k] <== sum.out[k];
+ }
+}
diff --git a/circuits/cryptography/hash_functions/sha256/t1.circom b/circuits/cryptography/hash_functions/sha256/t1.circom
new file mode 100644
index 00000000..369b4655
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/t1.circom
@@ -0,0 +1,57 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../binsum.circom";
+include "sigma.circom";
+include "ch.circom";
+
+template T1() {
+ signal input h[32];
+ signal input e[32];
+ signal input f[32];
+ signal input g[32];
+ signal input k[32];
+ signal input w[32];
+ signal output out[32];
+
+ var ki;
+
+ component ch = Ch(32);
+ component bigsigma1 = BigSigma(6, 11, 25);
+
+ for (ki=0; ki<32; ki++) {
+ bigsigma1.in[ki] <== e[ki];
+ ch.a[ki] <== e[ki];
+ ch.b[ki] <== f[ki];
+ ch.c[ki] <== g[ki];
+ }
+
+ component sum = BinSum(32, 5);
+ for (ki=0; ki<32; ki++) {
+ sum.in[0][ki] <== h[ki];
+ sum.in[1][ki] <== bigsigma1.out[ki];
+ sum.in[2][ki] <== ch.out[ki];
+ sum.in[3][ki] <== k[ki];
+ sum.in[4][ki] <== w[ki];
+ }
+
+ for (ki=0; ki<32; ki++) {
+ out[ki] <== sum.out[ki];
+ }
+}
diff --git a/circuits/cryptography/hash_functions/sha256/t2.circom b/circuits/cryptography/hash_functions/sha256/t2.circom
new file mode 100644
index 00000000..5a55728e
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/t2.circom
@@ -0,0 +1,50 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../binsum.circom";
+include "sigma.circom";
+include "maj.circom"
+
+template T2() {
+ signal input a[32];
+ signal input b[32];
+ signal input c[32];
+ signal output out[32];
+ var k;
+
+ component bigsigma0 = BigSigma(2, 13, 22);
+ component maj = Maj(32);
+ for (k=0; k<32; k++) {
+ bigsigma0.in[k] <== a[k];
+ maj.a[k] <== a[k];
+ maj.b[k] <== b[k];
+ maj.c[k] <== c[k];
+ }
+
+ component sum = BinSum(32, 2);
+
+ for (k=0; k<32; k++) {
+ sum.in[0][k] <== bigsigma0.out[k];
+ sum.in[1][k] <== maj.out[k];
+ }
+
+ for (k=0; k<32; k++) {
+ out[k] <== sum.out[k];
+ }
+}
diff --git a/circuits/cryptography/hash_functions/sha256/xor3.circom b/circuits/cryptography/hash_functions/sha256/xor3.circom
new file mode 100644
index 00000000..9bbe76ce
--- /dev/null
+++ b/circuits/cryptography/hash_functions/sha256/xor3.circom
@@ -0,0 +1,44 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/* Xor3 function for sha256
+
+out = a ^ b ^ c =>
+
+out = a+b+c - 2*a*b - 2*a*c - 2*b*c + 4*a*b*c =>
+
+out = a*( 1 - 2*b - 2*c + 4*b*c ) + b + c - 2*b*c =>
+
+mid = b*c
+out = a*( 1 - 2*b -2*c + 4*mid ) + b + c - 2 * mid
+
+*/
+
+template Xor3(n) {
+ signal input a[n];
+ signal input b[n];
+ signal input c[n];
+ signal output out[n];
+ signal mid[n];
+
+ for (var k=0; k<n; k++) {
+ mid[k] <== b[k]*c[k];
+ out[k] <== a[k] * (1 -2*b[k] -2*c[k] +4*mid[k]) + b[k] + c[k] -2*mid[k];
+ }
+}
diff --git a/circuits/cryptography/signatures/README.md b/circuits/cryptography/signatures/README.md
new file mode 100644
index 00000000..64e6640d
--- /dev/null
+++ b/circuits/cryptography/signatures/README.md
@@ -0,0 +1,9 @@
+# `signatures`
+
+This folder contains the templates to generate signatures.
+
+## Structure of the Folder
+
+- [`eddsa`](doc/cryptography/signatures/eddsa)
+
+## Background on Signatures
\ No newline at end of file
diff --git a/circuits/cryptography/signatures/eddsa/README.md b/circuits/cryptography/signatures/eddsa/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/signatures/eddsa/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/signatures/eddsa/eddsa/eddsa.circom b/circuits/cryptography/signatures/eddsa/eddsa/eddsa.circom
new file mode 100644
index 00000000..bf126a78
--- /dev/null
+++ b/circuits/cryptography/signatures/eddsa/eddsa/eddsa.circom
@@ -0,0 +1,138 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "compconstant.circom";
+include "pointbits.circom";
+include "pedersen.circom";
+include "escalarmulany.circom";
+include "escalarmulfix.circom";
+
+template EdDSAVerifier(n) {
+ signal input msg[n];
+
+ signal input A[256];
+ signal input R8[256];
+ signal input S[256];
+
+ signal Ax;
+ signal Ay;
+
+ signal R8x;
+ signal R8y;
+
+ var i;
+
+// Ensure S<Subgroup Order
+
+ component compConstant = CompConstant(2736030358979909402780800718157159386076813972158567259200215660948447373040);
+
+ for (i=0; i<254; i++) {
+ S[i] ==> compConstant.in[i];
+ }
+ compConstant.out === 0;
+ S[254] === 0;
+ S[255] === 0;
+
+// Convert A to Field elements (And verify A)
+
+ component bits2pointA = Bits2Point_Strict();
+
+ for (i=0; i<256; i++) {
+ bits2pointA.in[i] <== A[i];
+ }
+ Ax <== bits2pointA.out[0];
+ Ay <== bits2pointA.out[1];
+
+// Convert R8 to Field elements (And verify R8)
+
+ component bits2pointR8 = Bits2Point_Strict();
+
+ for (i=0; i<256; i++) {
+ bits2pointR8.in[i] <== R8[i];
+ }
+ R8x <== bits2pointR8.out[0];
+ R8y <== bits2pointR8.out[1];
+
+// Calculate the h = H(R,A, msg)
+
+ component hash = Pedersen(512+n);
+
+ for (i=0; i<256; i++) {
+ hash.in[i] <== R8[i];
+ hash.in[256+i] <== A[i];
+ }
+ for (i=0; i<n; i++) {
+ hash.in[512+i] <== msg[i];
+ }
+
+ component point2bitsH = Point2Bits_Strict();
+ point2bitsH.in[0] <== hash.out[0];
+ point2bitsH.in[1] <== hash.out[1];
+
+// Calculate second part of the right side: right2 = h*8*A
+
+ // Multiply by 8 by adding it 3 times. This also ensure that the result is in
+ // the subgroup.
+ component dbl1 = BabyDbl();
+ dbl1.x <== Ax;
+ dbl1.y <== Ay;
+ component dbl2 = BabyDbl();
+ dbl2.x <== dbl1.xout;
+ dbl2.y <== dbl1.yout;
+ component dbl3 = BabyDbl();
+ dbl3.x <== dbl2.xout;
+ dbl3.y <== dbl2.yout;
+
+ // We check that A is not zero.
+ component isZero = IsZero();
+ isZero.in <== dbl3.x;
+ isZero.out === 0;
+
+ component mulAny = EscalarMulAny(256);
+ for (i=0; i<256; i++) {
+ mulAny.e[i] <== point2bitsH.out[i];
+ }
+ mulAny.p[0] <== dbl3.xout;
+ mulAny.p[1] <== dbl3.yout;
+
+
+// Compute the right side: right = R8 + right2
+
+ component addRight = BabyAdd();
+ addRight.x1 <== R8x;
+ addRight.y1 <== R8y;
+ addRight.x2 <== mulAny.out[0];
+ addRight.y2 <== mulAny.out[1];
+
+// Calculate left side of equation left = S*B8
+
+ var BASE8[2] = [
+ 5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203
+ ];
+ component mulFix = EscalarMulFix(256, BASE8);
+ for (i=0; i<256; i++) {
+ mulFix.e[i] <== S[i];
+ }
+
+// Do the comparation left == right
+
+ mulFix.out[0] === addRight.xout;
+ mulFix.out[1] === addRight.yout;
+}
diff --git a/circuits/cryptography/signatures/eddsa/eddsa/eddsa.test.js b/circuits/cryptography/signatures/eddsa/eddsa/eddsa.test.js
new file mode 100644
index 00000000..7d2e02f3
--- /dev/null
+++ b/circuits/cryptography/signatures/eddsa/eddsa/eddsa.test.js
@@ -0,0 +1,67 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+const bigInt = require("big-integer");
+
+const eddsa = require("../src/eddsa.js");
+const babyJub = require("../src/babyjub.js");
+
+const assert = chai.assert;
+
+function print(circuit, w, s) {
+ console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+function buffer2bits(buff) {
+ const res = [];
+ for (let i=0; i<buff.length; i++) {
+ for (let j=0; j<8; j++) {
+ if ((buff[i]>>j)&1) {
+ res.push(bigInt.one);
+ } else {
+ res.push(bigInt.zero);
+ }
+ }
+ }
+ return res;
+}
+
+
+describe("EdDSA test", function () {
+ let circuit;
+
+ this.timeout(100000);
+
+ before( async () => {
+ circuit = await tester(path.join(__dirname, "circuits", "eddsa_test.circom"));
+ });
+
+ it("Sign a single 10 bytes from 0 to 9", async () => {
+ const msg = Buffer.from("00010203040506070809", "hex");
+
+// const prvKey = crypto.randomBytes(32);
+
+ const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
+
+ const pubKey = eddsa.prv2pub(prvKey);
+
+ const pPubKey = babyJub.packPoint(pubKey);
+
+ const signature = eddsa.sign(prvKey, msg);
+
+ const pSignature = eddsa.packSignature(signature);
+ const uSignature = eddsa.unpackSignature(pSignature);
+
+ assert(eddsa.verify(msg, uSignature, pubKey));
+
+ const msgBits = buffer2bits(msg);
+ const r8Bits = buffer2bits(pSignature.slice(0, 32));
+ const sBits = buffer2bits(pSignature.slice(32, 64));
+ const aBits = buffer2bits(pPubKey);
+
+ const w = await circuit.calculateWitness({A: aBits, R8: r8Bits, S: sBits, msg: msgBits}, true);
+
+ await circuit.checkConstraints(w);
+ });
+});
diff --git a/circuits/cryptography/signatures/eddsa/eddsa/eddsa_js.test.js b/circuits/cryptography/signatures/eddsa/eddsa/eddsa_js.test.js
new file mode 100644
index 00000000..11996264
--- /dev/null
+++ b/circuits/cryptography/signatures/eddsa/eddsa/eddsa_js.test.js
@@ -0,0 +1,82 @@
+const chai = require("chai");
+
+const eddsa = require("../src/eddsa.js");
+const babyJub = require("../src/babyjub.js");
+
+const assert = chai.assert;
+
+const bigInt = require("big-integer");
+const utils = require("../src/utils.js");
+
+describe("EdDSA js test", function () {
+
+ this.timeout(100000);
+
+ it("Sign (using Mimc7) a single 10 bytes from 0 to 9", () => {
+ const msgBuf = Buffer.from("00010203040506070809", "hex");
+ const msg = utils.leBuff2int(msgBuf);
+
+ // const prvKey = crypto.randomBytes(32);
+
+ const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
+
+ const pubKey = eddsa.prv2pub(prvKey);
+
+ assert.equal(pubKey[0].toString(),
+ "13277427435165878497778222415993513565335242147425444199013288855685581939618");
+ assert.equal(pubKey[1].toString(),
+ "13622229784656158136036771217484571176836296686641868549125388198837476602820");
+
+ const pPubKey = babyJub.packPoint(pubKey);
+
+ const signature = eddsa.signMiMC(prvKey, msg);
+ assert.equal(signature.R8[0].toString(),
+ "11384336176656855268977457483345535180380036354188103142384839473266348197733");
+ assert.equal(signature.R8[1].toString(),
+ "15383486972088797283337779941324724402501462225528836549661220478783371668959");
+ assert.equal(signature.S.toString(),
+ "2523202440825208709475937830811065542425109372212752003460238913256192595070");
+
+ const pSignature = eddsa.packSignature(signature);
+ assert.equal(pSignature.toString("hex"), ""+
+ "dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
+ "7ed40dab29bf993c928e789d007387998901a24913d44fddb64b1f21fc149405");
+
+ const uSignature = eddsa.unpackSignature(pSignature);
+ assert(eddsa.verifyMiMC(msg, uSignature, pubKey));
+
+ });
+
+ it("Sign (using Poseidon) a single 10 bytes from 0 to 9", () => {
+ const msgBuf = Buffer.from("00010203040506070809", "hex");
+ const msg = utils.leBuff2int(msgBuf);
+
+ const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
+
+ const pubKey = eddsa.prv2pub(prvKey);
+
+ assert.equal(pubKey[0].toString(),
+ "13277427435165878497778222415993513565335242147425444199013288855685581939618");
+ assert.equal(pubKey[1].toString(),
+ "13622229784656158136036771217484571176836296686641868549125388198837476602820");
+
+ const pPubKey = babyJub.packPoint(pubKey);
+
+ const signature = eddsa.signPoseidon(prvKey, msg);
+ assert.equal(signature.R8[0].toString(),
+ "11384336176656855268977457483345535180380036354188103142384839473266348197733");
+ assert.equal(signature.R8[1].toString(),
+ "15383486972088797283337779941324724402501462225528836549661220478783371668959");
+ assert.equal(signature.S.toString(),
+ "248298168863866362217836334079793350221620631973732197668910946177382043688");
+
+ const pSignature = eddsa.packSignature(signature);
+ assert.equal(pSignature.toString("hex"), ""+
+ "dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
+ "28506bce274aa1b3f7e7c2fd7e4fe09bff8f9aa37a42def7994e98f322888c00");
+
+ const uSignature = eddsa.unpackSignature(pSignature);
+ assert(eddsa.verifyPoseidon(msg, uSignature, pubKey));
+
+ });
+});
diff --git a/circuits/cryptography/signatures/eddsa/eddsa/eddsa_test.circom b/circuits/cryptography/signatures/eddsa/eddsa/eddsa_test.circom
new file mode 100644
index 00000000..1ef054ec
--- /dev/null
+++ b/circuits/cryptography/signatures/eddsa/eddsa/eddsa_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/eddsa.circom";
+
+component main = EdDSAVerifier(80);
diff --git a/circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc.circom b/circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc.circom
new file mode 100644
index 00000000..5f0917ad
--- /dev/null
+++ b/circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc.circom
@@ -0,0 +1,123 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "compconstant.circom";
+include "pointbits.circom";
+include "mimc.circom";
+include "bitify.circom";
+include "escalarmulany.circom";
+include "escalarmulfix.circom";
+
+template EdDSAMiMCVerifier() {
+ signal input enabled;
+ signal input Ax;
+ signal input Ay;
+
+ signal input S;
+ signal input R8x;
+ signal input R8y;
+
+ signal input M;
+
+ var i;
+
+// Ensure S<Subgroup Order
+
+ component snum2bits = Num2Bits(253);
+ snum2bits.in <== S;
+
+ component compConstant = CompConstant(2736030358979909402780800718157159386076813972158567259200215660948447373040);
+
+ for (i=0; i<253; i++) {
+ snum2bits.out[i] ==> compConstant.in[i];
+ }
+ compConstant.in[253] <== 0;
+ compConstant.out === 0;
+
+// Calculate the h = H(R,A, msg)
+
+ component hash = MultiMiMC7(5, 91);
+ hash.in[0] <== R8x;
+ hash.in[1] <== R8y;
+ hash.in[2] <== Ax;
+ hash.in[3] <== Ay;
+ hash.in[4] <== M;
+ hash.k <== 0;
+
+ component h2bits = Num2Bits_strict();
+ h2bits.in <== hash.out;
+
+// Calculate second part of the right side: right2 = h*8*A
+
+ // Multiply by 8 by adding it 3 times. This also ensure that the result is in
+ // the subgroup.
+ component dbl1 = BabyDbl();
+ dbl1.x <== Ax;
+ dbl1.y <== Ay;
+ component dbl2 = BabyDbl();
+ dbl2.x <== dbl1.xout;
+ dbl2.y <== dbl1.yout;
+ component dbl3 = BabyDbl();
+ dbl3.x <== dbl2.xout;
+ dbl3.y <== dbl2.yout;
+
+ // We check that A is not zero.
+ component isZero = IsZero();
+ isZero.in <== dbl3.x;
+ isZero.out === 0;
+
+ component mulAny = EscalarMulAny(254);
+ for (i=0; i<254; i++) {
+ mulAny.e[i] <== h2bits.out[i];
+ }
+ mulAny.p[0] <== dbl3.xout;
+ mulAny.p[1] <== dbl3.yout;
+
+
+// Compute the right side: right = R8 + right2
+
+ component addRight = BabyAdd();
+ addRight.x1 <== R8x;
+ addRight.y1 <== R8y;
+ addRight.x2 <== mulAny.out[0];
+ addRight.y2 <== mulAny.out[1];
+
+// Calculate left side of equation left = S*B8
+
+ var BASE8[2] = [
+ 5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203
+ ];
+ component mulFix = EscalarMulFix(253, BASE8);
+ for (i=0; i<253; i++) {
+ mulFix.e[i] <== snum2bits.out[i];
+ }
+
+// Do the comparation left == right if enabled;
+
+ component eqCheckX = ForceEqualIfEnabled();
+ eqCheckX.enabled <== enabled;
+ eqCheckX.in[0] <== mulFix.out[0];
+ eqCheckX.in[1] <== addRight.xout;
+
+ component eqCheckY = ForceEqualIfEnabled();
+ eqCheckY.enabled <== enabled;
+ eqCheckY.in[0] <== mulFix.out[1];
+ eqCheckY.in[1] <== addRight.yout;
+}
diff --git a/circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc.test.js b/circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc.test.js
new file mode 100644
index 00000000..6e14fd6c
--- /dev/null
+++ b/circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc.test.js
@@ -0,0 +1,96 @@
+const chai = require("chai");
+const path = require("path");
+const tester = require("circom").tester;
+const bigInt = require("big-integer");
+
+const eddsa = require("../src/eddsa.js");
+
+const assert = chai.assert;
+
+describe("EdDSA MiMC test", function () {
+ let circuit;
+
+ this.timeout(100000);
+
+ before( async () => {
+
+ circuit = await tester(path.join(__dirname, "circuits", "eddsamimc_test.circom"));
+ });
+
+ it("Sign a single number", async () => {
+ const msg = bigInt(1234);
+
+ const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
+
+ const pubKey = eddsa.prv2pub(prvKey);
+
+ const signature = eddsa.signMiMC(prvKey, msg);
+
+ assert(eddsa.verifyMiMC(msg, signature, pubKey));
+
+ const w = await circuit.calculateWitness({
+ enabled: 1,
+ Ax: pubKey[0],
+ Ay: pubKey[1],
+ R8x: signature.R8[0],
+ R8y: signature.R8[1],
+ S: signature.S,
+ M: msg}, true);
+
+
+ await circuit.checkConstraints(w);
+
+ });
+
+ it("Detect Invalid signature", async () => {
+ const msg = bigInt(1234);
+
+ const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
+
+ const pubKey = eddsa.prv2pub(prvKey);
+
+
+ const signature = eddsa.signMiMC(prvKey, msg);
+
+ assert(eddsa.verifyMiMC(msg, signature, pubKey));
+ try {
+ const w = await circuit.calculateWitness({
+ enabled: 1,
+ Ax: pubKey[0],
+ Ay: pubKey[1],
+ R8x: signature.R8[0].add(bigInt(1)),
+ R8y: signature.R8[1],
+ S: signature.S,
+ M: msg}, true);
+ assert(false);
+ } catch(err) {
+ assert(/Constraint\sdoesn't\smatch(.*)1\s!=\s0/.test(err.message) );
+ }
+ });
+
+
+ it("Test a dissabled circuit with a bad signature", async () => {
+ const msg = bigInt(1234);
+
+ const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
+
+ const pubKey = eddsa.prv2pub(prvKey);
+
+
+ const signature = eddsa.signMiMC(prvKey, msg);
+
+ assert(eddsa.verifyMiMC(msg, signature, pubKey));
+
+ const w = await circuit.calculateWitness({
+ enabled: 0,
+ Ax: pubKey[0],
+ Ay: pubKey[1],
+ R8x: signature.R8[0].add(bigInt(1)),
+ R8y: signature.R8[1],
+ S: signature.S,
+ M: msg}, true);
+
+ await circuit.checkConstraints(w);
+
+ });
+});
diff --git a/circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc_test.circom b/circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc_test.circom
new file mode 100644
index 00000000..8ad48e63
--- /dev/null
+++ b/circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/eddsamimc.circom";
+
+component main = EdDSAMiMCVerifier();
diff --git a/circuits/cryptography/signatures/eddsa/eddsamimcsponge/eddsamimcsponge.circom b/circuits/cryptography/signatures/eddsa/eddsamimcsponge/eddsamimcsponge.circom
new file mode 100644
index 00000000..8b2577d4
--- /dev/null
+++ b/circuits/cryptography/signatures/eddsa/eddsamimcsponge/eddsamimcsponge.circom
@@ -0,0 +1,123 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "compconstant.circom";
+include "pointbits.circom";
+include "mimcsponge.circom";
+include "bitify.circom";
+include "escalarmulany.circom";
+include "escalarmulfix.circom";
+
+template EdDSAMiMCSpongeVerifier() {
+ signal input enabled;
+ signal input Ax;
+ signal input Ay;
+
+ signal input S;
+ signal input R8x;
+ signal input R8y;
+
+ signal input M;
+
+ var i;
+
+// Ensure S<Subgroup Order
+
+ component snum2bits = Num2Bits(253);
+ snum2bits.in <== S;
+
+ component compConstant = CompConstant(2736030358979909402780800718157159386076813972158567259200215660948447373040);
+
+ for (i=0; i<253; i++) {
+ snum2bits.out[i] ==> compConstant.in[i];
+ }
+ compConstant.in[253] <== 0;
+ compConstant.out === 0;
+
+// Calculate the h = H(R,A, msg)
+
+ component hash = MiMCSponge(5, 220, 1);
+ hash.ins[0] <== R8x;
+ hash.ins[1] <== R8y;
+ hash.ins[2] <== Ax;
+ hash.ins[3] <== Ay;
+ hash.ins[4] <== M;
+ hash.k <== 0;
+
+ component h2bits = Num2Bits_strict();
+ h2bits.in <== hash.outs[0];
+
+// Calculate second part of the right side: right2 = h*8*A
+
+ // Multiply by 8 by adding it 3 times. This also ensure that the result is in
+ // the subgroup.
+ component dbl1 = BabyDbl();
+ dbl1.x <== Ax;
+ dbl1.y <== Ay;
+ component dbl2 = BabyDbl();
+ dbl2.x <== dbl1.xout;
+ dbl2.y <== dbl1.yout;
+ component dbl3 = BabyDbl();
+ dbl3.x <== dbl2.xout;
+ dbl3.y <== dbl2.yout;
+
+ // We check that A is not zero.
+ component isZero = IsZero();
+ isZero.in <== dbl3.x;
+ isZero.out === 0;
+
+ component mulAny = EscalarMulAny(254);
+ for (i=0; i<254; i++) {
+ mulAny.e[i] <== h2bits.out[i];
+ }
+ mulAny.p[0] <== dbl3.xout;
+ mulAny.p[1] <== dbl3.yout;
+
+
+// Compute the right side: right = R8 + right2
+
+ component addRight = BabyAdd();
+ addRight.x1 <== R8x;
+ addRight.y1 <== R8y;
+ addRight.x2 <== mulAny.out[0];
+ addRight.y2 <== mulAny.out[1];
+
+// Calculate left side of equation left = S*B8
+
+ var BASE8[2] = [
+ 5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203
+ ];
+ component mulFix = EscalarMulFix(253, BASE8);
+ for (i=0; i<253; i++) {
+ mulFix.e[i] <== snum2bits.out[i];
+ }
+
+// Do the comparation left == right if enabled;
+
+ component eqCheckX = ForceEqualIfEnabled();
+ eqCheckX.enabled <== enabled;
+ eqCheckX.in[0] <== mulFix.out[0];
+ eqCheckX.in[1] <== addRight.xout;
+
+ component eqCheckY = ForceEqualIfEnabled();
+ eqCheckY.enabled <== enabled;
+ eqCheckY.in[0] <== mulFix.out[1];
+ eqCheckY.in[1] <== addRight.yout;
+}
diff --git a/circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon.circom b/circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon.circom
new file mode 100644
index 00000000..5ed63c92
--- /dev/null
+++ b/circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon.circom
@@ -0,0 +1,122 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "compconstant.circom";
+include "poseidon.circom";
+include "bitify.circom";
+include "escalarmulany.circom";
+include "escalarmulfix.circom";
+
+template EdDSAPoseidonVerifier() {
+ signal input enabled;
+ signal input Ax;
+ signal input Ay;
+
+ signal input S;
+ signal input R8x;
+ signal input R8y;
+
+ signal input M;
+
+ var i;
+
+// Ensure S<Subgroup Order
+
+ component snum2bits = Num2Bits(253);
+ snum2bits.in <== S;
+
+ component compConstant = CompConstant(2736030358979909402780800718157159386076813972158567259200215660948447373040);
+
+ for (i=0; i<253; i++) {
+ snum2bits.out[i] ==> compConstant.in[i];
+ }
+ compConstant.in[253] <== 0;
+ compConstant.out*enabled === 0;
+
+// Calculate the h = H(R,A, msg)
+
+ component hash = Poseidon(5, 6, 8, 57);
+
+ hash.inputs[0] <== R8x;
+ hash.inputs[1] <== R8y;
+ hash.inputs[2] <== Ax;
+ hash.inputs[3] <== Ay;
+ hash.inputs[4] <== M;
+
+ component h2bits = Num2Bits_strict();
+ h2bits.in <== hash.out;
+
+// Calculate second part of the right side: right2 = h*8*A
+
+ // Multiply by 8 by adding it 3 times. This also ensure that the result is in
+ // the subgroup.
+ component dbl1 = BabyDbl();
+ dbl1.x <== Ax;
+ dbl1.y <== Ay;
+ component dbl2 = BabyDbl();
+ dbl2.x <== dbl1.xout;
+ dbl2.y <== dbl1.yout;
+ component dbl3 = BabyDbl();
+ dbl3.x <== dbl2.xout;
+ dbl3.y <== dbl2.yout;
+
+ // We check that A is not zero.
+ component isZero = IsZero();
+ isZero.in <== dbl3.x;
+ isZero.out*enabled === 0;
+
+ component mulAny = EscalarMulAny(254);
+ for (i=0; i<254; i++) {
+ mulAny.e[i] <== h2bits.out[i];
+ }
+ mulAny.p[0] <== dbl3.xout;
+ mulAny.p[1] <== dbl3.yout;
+
+
+// Compute the right side: right = R8 + right2
+
+ component addRight = BabyAdd();
+ addRight.x1 <== R8x;
+ addRight.y1 <== R8y;
+ addRight.x2 <== mulAny.out[0];
+ addRight.y2 <== mulAny.out[1];
+
+// Calculate left side of equation left = S*B8
+
+ var BASE8[2] = [
+ 5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203
+ ];
+ component mulFix = EscalarMulFix(253, BASE8);
+ for (i=0; i<253; i++) {
+ mulFix.e[i] <== snum2bits.out[i];
+ }
+
+// Do the comparation left == right if enabled;
+
+ component eqCheckX = ForceEqualIfEnabled();
+ eqCheckX.enabled <== enabled;
+ eqCheckX.in[0] <== mulFix.out[0];
+ eqCheckX.in[1] <== addRight.xout;
+
+ component eqCheckY = ForceEqualIfEnabled();
+ eqCheckY.enabled <== enabled;
+ eqCheckY.in[0] <== mulFix.out[1];
+ eqCheckY.in[1] <== addRight.yout;
+}
diff --git a/circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon.test.js b/circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon.test.js
new file mode 100644
index 00000000..31fad9c8
--- /dev/null
+++ b/circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon.test.js
@@ -0,0 +1,99 @@
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+const eddsa = require("../src/eddsa.js");
+
+const assert = chai.assert;
+
+describe("EdDSA Poseidon test", function () {
+ let circuit;
+
+ this.timeout(100000);
+
+ before( async () => {
+
+ circuit = await tester(path.join(__dirname, "circuits", "eddsaposeidon_test.circom"));
+
+ });
+
+ it("Sign a single number", async () => {
+ const msg = bigInt(1234);
+
+ const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
+
+ const pubKey = eddsa.prv2pub(prvKey);
+
+ const signature = eddsa.signPoseidon(prvKey, msg);
+
+ assert(eddsa.verifyPoseidon(msg, signature, pubKey));
+
+ const input = {
+ enabled: 1,
+ Ax: pubKey[0],
+ Ay: pubKey[1],
+ R8x: signature.R8[0],
+ R8y: signature.R8[1],
+ S: signature.S,
+ M: msg
+ };
+
+ // console.log(JSON.stringify(utils.stringifyBigInts(input)));
+
+ const w = await circuit.calculateWitness(input, true);
+
+ await circuit.checkConstraints(w);
+ });
+
+ it("Detect Invalid signature", async () => {
+ const msg = bigInt(1234);
+
+ const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
+
+ const pubKey = eddsa.prv2pub(prvKey);
+
+
+ const signature = eddsa.signPoseidon(prvKey, msg);
+
+ assert(eddsa.verifyPoseidon(msg, signature, pubKey));
+ try {
+ await circuit.calculateWitness({
+ enabled: 1,
+ Ax: pubKey[0],
+ Ay: pubKey[1],
+ R8x: signature.R8[0].add(bigInt(1)),
+ R8y: signature.R8[1],
+ S: signature.S,
+ M: msg}, true);
+ assert(false);
+ } catch(err) {
+ assert(/Constraint\sdoesn't\smatch(.*)1\s!=\s0/.test(err.message) );
+ }
+ });
+
+
+ it("Test a dissabled circuit with a bad signature", async () => {
+ const msg = bigInt(1234);
+
+ const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
+
+ const pubKey = eddsa.prv2pub(prvKey);
+
+
+ const signature = eddsa.signPoseidon(prvKey, msg);
+
+ assert(eddsa.verifyPoseidon(msg, signature, pubKey));
+
+ const w = await circuit.calculateWitness({
+ enabled: 0,
+ Ax: pubKey[0],
+ Ay: pubKey[1],
+ R8x: signature.R8[0].add(bigInt(1)),
+ R8y: signature.R8[1],
+ S: signature.S,
+ M: msg}, true);
+
+ await circuit.checkConstraints(w);
+ });
+});
diff --git a/circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon_test.circom b/circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon_test.circom
new file mode 100644
index 00000000..98f96c7e
--- /dev/null
+++ b/circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/eddsaposeidon.circom";
+
+component main = EdDSAPoseidonVerifier();
diff --git a/circuits/cryptography/smt/README.md b/circuits/cryptography/smt/README.md
new file mode 100644
index 00000000..c5b13bcf
--- /dev/null
+++ b/circuits/cryptography/smt/README.md
@@ -0,0 +1,19 @@
+# Name of Template
+
+PATH HERE: ~/CircomLib/Circuits/...
+
+## Background
+
+## Description
+
+## Schema
+
+## Dependencies
+
+## Inputs
+
+## Outputs
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/cryptography/smt/smthash_mimc.circom b/circuits/cryptography/smt/smthash_mimc.circom
new file mode 100644
index 00000000..bad5290a
--- /dev/null
+++ b/circuits/cryptography/smt/smthash_mimc.circom
@@ -0,0 +1,57 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../mimc.circom";
+
+
+/*
+ Hash1 = H(1 | key | value)
+ */
+
+template SMTHash1() {
+ signal input key;
+ signal input value;
+ signal output out;
+
+ component h = MultiMiMC7(2, 91); // Constant
+ h.in[0] <== key;
+ h.in[1] <== value;
+ h.k <== 1;
+
+ out <== h.out;
+}
+
+/*
+ This component is used to create the 2 nodes.
+
+ Hash2 = H(Hl | Hr)
+ */
+
+template SMTHash2() {
+ signal input L;
+ signal input R;
+ signal output out;
+
+ component h = MultiMiMC7(2, 91); // Constant
+ h.in[0] <== L;
+ h.in[1] <== R;
+ h.k <== 0;
+
+ out <== h.out;
+}
diff --git a/circuits/cryptography/smt/smthash_poseidon.circom b/circuits/cryptography/smt/smthash_poseidon.circom
new file mode 100644
index 00000000..5a9feb78
--- /dev/null
+++ b/circuits/cryptography/smt/smthash_poseidon.circom
@@ -0,0 +1,56 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../poseidon.circom";
+
+
+/*
+ Hash1 = H(1 | key | value)
+ */
+
+template SMTHash1() {
+ signal input key;
+ signal input value;
+ signal output out;
+
+ component h = Poseidon(3, 6, 8, 57); // Constant
+ h.inputs[0] <== key;
+ h.inputs[1] <== value;
+ h.inputs[2] <== 1;
+
+ out <== h.out;
+}
+
+/*
+ This component is used to create the 2 nodes.
+
+ Hash2 = H(Hl | Hr)
+ */
+
+template SMTHash2() {
+ signal input L;
+ signal input R;
+ signal output out;
+
+ component h = Poseidon(2, 6, 8, 57); // Constant
+ h.inputs[0] <== L;
+ h.inputs[1] <== R;
+
+ out <== h.out;
+}
diff --git a/circuits/cryptography/smt/smtjs.test.js b/circuits/cryptography/smt/smtjs.test.js
new file mode 100644
index 00000000..732a3986
--- /dev/null
+++ b/circuits/cryptography/smt/smtjs.test.js
@@ -0,0 +1,181 @@
+const chai = require("chai");
+
+const bigInt = require("big-integer");
+
+const smt = require("../src/smt.js");
+
+const assert = chai.assert;
+
+
+function stringifyBigInts(o) {
+ if ((typeof(o) == "bigint") || (o instanceof bigInt)) {
+ return o.toString(10);
+ } else if (Array.isArray(o)) {
+ return o.map(stringifyBigInts);
+ } else if (typeof o == "object") {
+ const res = {};
+ for (let k in o) {
+ res[k] = stringifyBigInts(o[k]);
+ }
+ return res;
+ } else {
+ return o;
+ }
+}
+
+describe("SMT Javascript test", function () {
+ this.timeout(100000);
+ before( async () => {
+ });
+
+ it("Should insert 2 elements and empty them", async () => {
+ const tree = await smt.newMemEmptyTrie();
+ const key1 = bigInt(111);
+ const value1 = bigInt(222);
+ const key2 = bigInt(333);
+ const value2 = bigInt(444);
+
+ await tree.insert(key1,value1);
+ await tree.insert(key2,value2);
+ await tree.delete(key2);
+ await tree.delete(key1);
+
+ assert(tree.root.isZero());
+ });
+
+ it("Should insert 3 elements in dferent order and should be the same", async () => {
+ const keys = [bigInt(8), bigInt(9), bigInt(32)];
+ const values = [bigInt(88), bigInt(99), bigInt(3232)];
+ const tree1 = await smt.newMemEmptyTrie();
+ const tree2 = await smt.newMemEmptyTrie();
+ const tree3 = await smt.newMemEmptyTrie();
+ const tree4 = await smt.newMemEmptyTrie();
+ const tree5 = await smt.newMemEmptyTrie();
+ const tree6 = await smt.newMemEmptyTrie();
+
+ await tree1.insert(keys[0],values[0]);
+ await tree1.insert(keys[1],values[1]);
+ await tree1.insert(keys[2],values[2]);
+
+ await tree2.insert(keys[0],values[0]);
+ await tree2.insert(keys[2],values[2]);
+ await tree2.insert(keys[1],values[1]);
+
+ await tree3.insert(keys[1],values[1]);
+ await tree3.insert(keys[0],values[0]);
+ await tree3.insert(keys[2],values[2]);
+
+ await tree4.insert(keys[1],values[1]);
+ await tree4.insert(keys[2],values[2]);
+ await tree4.insert(keys[0],values[0]);
+
+ await tree5.insert(keys[2],values[2]);
+ await tree5.insert(keys[0],values[0]);
+ await tree5.insert(keys[1],values[1]);
+
+ await tree6.insert(keys[2],values[2]);
+ await tree6.insert(keys[1],values[1]);
+ await tree6.insert(keys[0],values[0]);
+
+ assert(tree1.root.equals(tree2.root));
+ assert(tree2.root.equals(tree3.root));
+ assert(tree3.root.equals(tree4.root));
+ assert(tree4.root.equals(tree5.root));
+ assert(tree5.root.equals(tree6.root));
+
+ assert.equal(Object.keys(tree1.db.nodes).length, Object.keys(tree2.db.nodes).length);
+ assert.equal(Object.keys(tree2.db.nodes).length, Object.keys(tree3.db.nodes).length);
+ assert.equal(Object.keys(tree3.db.nodes).length, Object.keys(tree4.db.nodes).length);
+ assert.equal(Object.keys(tree4.db.nodes).length, Object.keys(tree5.db.nodes).length);
+ assert.equal(Object.keys(tree5.db.nodes).length, Object.keys(tree6.db.nodes).length);
+
+ await tree1.delete(keys[0]);
+ await tree1.delete(keys[1]);
+ await tree2.delete(keys[1]);
+ await tree2.delete(keys[0]);
+ assert(tree1.root.equals(tree2.root));
+
+ await tree3.delete(keys[0]);
+ await tree3.delete(keys[2]);
+ await tree4.delete(keys[2]);
+ await tree4.delete(keys[0]);
+ assert(tree3.root.equals(tree4.root));
+
+ await tree5.delete(keys[1]);
+ await tree5.delete(keys[2]);
+ await tree6.delete(keys[2]);
+ await tree6.delete(keys[1]);
+ assert(tree5.root.equals(tree6.root));
+
+ await tree1.delete(keys[2]);
+ await tree2.delete(keys[2]);
+ await tree3.delete(keys[1]);
+ await tree4.delete(keys[1]);
+ await tree5.delete(keys[0]);
+ await tree6.delete(keys[0]);
+
+ assert(tree1.root.isZero());
+ assert(tree2.root.isZero());
+ assert(tree3.root.isZero());
+ assert(tree4.root.isZero());
+ assert(tree5.root.isZero());
+ assert(tree6.root.isZero());
+
+ assert.equal(Object.keys(tree1.db.nodes).length, 0);
+ assert.equal(Object.keys(tree2.db.nodes).length, 0);
+ assert.equal(Object.keys(tree3.db.nodes).length, 0);
+ assert.equal(Object.keys(tree4.db.nodes).length, 0);
+ assert.equal(Object.keys(tree5.db.nodes).length, 0);
+ assert.equal(Object.keys(tree6.db.nodes).length, 0);
+ });
+
+ it("Insert and remove 100 numbers randomly", async () => {
+ function perm(a) {
+ const arr = a.slice();
+ const rArr = [];
+ for (let i=0; i<arr.length; i++) {
+ let rIdx = Math.floor(Math.random() * (arr.length - i));
+ rArr.push(arr[rIdx]);
+ arr[rIdx] = arr[arr.length - i - 1];
+ }
+ return rArr;
+ }
+ const tree = await smt.newMemEmptyTrie();
+ const arr = [];
+ const N = 100;
+ for (let i=0; i<N; i++) {
+ arr.push(bigInt(i));
+ }
+ const insArr = perm(arr);
+ for (let i=0; i<N; i++) {
+ await tree.insert(insArr[i], i);
+ }
+ const delArr = perm(insArr);
+ for (let i=0; i<N; i++) {
+ await tree.delete(delArr[i]);
+ }
+
+ assert(tree.root.isZero());
+ assert.equal(Object.keys(tree.db.nodes).length, 0);
+ });
+
+ it("Should test update", async () => {
+ const tree1 = await smt.newMemEmptyTrie();
+ const tree2 = await smt.newMemEmptyTrie();
+
+ await tree1.insert(8,88);
+ await tree1.insert(9,99,);
+ await tree1.insert(32,3232);
+
+ await tree2.insert(8,888);
+ await tree2.insert(9,999);
+ await tree2.insert(32,323232);
+
+ await tree1.update(8, 888);
+ await tree1.update(9, 999);
+ await tree1.update(32, 323232);
+
+ assert(tree1.root.equals(tree2.root));
+ });
+
+});
diff --git a/circuits/cryptography/smt/smtlevins.circom b/circuits/cryptography/smt/smtlevins.circom
new file mode 100644
index 00000000..82f05132
--- /dev/null
+++ b/circuits/cryptography/smt/smtlevins.circom
@@ -0,0 +1,102 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/*
+
+This component finds the level where the oldInsert is done.
+The rules are:
+
+levIns[i] == 1 if its level and all the child levels have a sibling of 0 and
+the parent level has a sibling != 0. Considere that the root level always has
+a parent with a sibling != 0.
+
+
+ ┌──────────────┐
+ │ │
+ │ │───▶ levIns[0] <== (1-done[i])
+ │ │
+ └──────────────┘
+ ▲
+ │
+ │
+ done[0]
+
+
+
+ done[i-1] <== levIns[i] + done[i]
+ ▲
+ │
+ │
+ ┌───────────┐ ┌──────────────┐
+ │ │ │ │
+ sibling[i-1]───▶│IsZero[i-1]│─▶│ │───▶ levIns[i] <== (1-done[i])*(1-isZero[i-1].out)
+ │ │ │ │
+ └───────────┘ └──────────────┘
+ ▲
+ │
+ │
+ done[i]
+
+
+
+ done[n-2] <== levIns[n-1]
+ ▲
+ │
+ │
+ ┌───────────┐ ┌──────────────┐
+ │ │ │ │
+ sibling[n-2]───▶│IsZero[n-2]│─▶│ │────▶ levIns[n-1] <== (1-isZero[n-2].out)
+ │ │ │ │
+ └───────────┘ └──────────────┘
+
+ ┌───────────┐
+ │ │
+ sibling[n-1]───▶│IsZero[n-1]│────▶ === 0
+ │ │
+ └───────────┘
+
+ */
+
+template SMTLevIns(nLevels) {
+ signal input enabled;
+ signal input siblings[nLevels];
+ signal output levIns[nLevels];
+ signal done[nLevels-1]; // Indicates if the insLevel has aready been detected.
+
+ var i;
+
+ component isZero[nLevels];
+
+ for (i=0; i<nLevels; i++) {
+ isZero[i] = IsZero();
+ isZero[i].in <== siblings[i];
+ }
+
+ // The last level must always have a sibling of 0. If not, then it cannot be inserted.
+ (isZero[nLevels-1].out - 1) * enabled === 0;
+
+ levIns[nLevels-1] <== (1-isZero[nLevels-2].out);
+ done[nLevels-2] <== levIns[nLevels-1];
+ for (i=nLevels-2; i>0; i--) {
+ levIns[i] <== (1-done[i])*(1-isZero[i-1].out)
+ done[i-1] <== levIns[i] + done[i];
+ }
+
+ levIns[0] <== (1-done[0]);
+}
diff --git a/circuits/cryptography/smt/smtprocessor.circom b/circuits/cryptography/smt/smtprocessor.circom
new file mode 100644
index 00000000..61f8bed8
--- /dev/null
+++ b/circuits/cryptography/smt/smtprocessor.circom
@@ -0,0 +1,260 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/***************************************************************************************************
+
+SMTProcessor: Sparse Merkle Tree processor is a component to verify an insert/update/delete elements
+into the Sparse Merkle tree.
+
+
+Insert to an empty leaf
+=======================
+
+ STATE OLD STATE NEW STATE
+ ===== ========= =========
+
+ oldRoot newRoot
+ ▲ ▲
+ │ │
+ ┌───────┐ ┏━━━┻━━━┓ ┌───────┐ ┏━━━┻━━━┓
+ top │Sibling├────▶┃ Hash ┃◀─┐ │Sibling├────▶┃ Hash ┃◀─┐
+ └───────┘ ┗━━━━━━━┛ │ └───────┘ ┗━━━━━━━┛ │
+ │ │
+ │ │
+ ┏━━━┻━━━┓ ┌───────┐ ┏━━━┻━━━┓ ┌───────┐
+ top ┌─────▶┃ Hash ┃◀──┤Sibling│ ┌─────▶┃ Hash ┃◀──┤Sibling│
+ │ ┗━━━━━━━┛ └───────┘ │ ┗━━━━━━━┛ └───────┘
+ │ │
+ │ │
+ ┌───────┐ ┏━━━┻━━━┓ ┌───────┐ ┏━━━┻━━━┓
+ top │Sibling├──▶┃ Hash ┃◀─────┐ │Sibling├──▶┃ Hash ┃◀─────┐
+ └───────┘ ┗━━━━━━━┛ │ └───────┘ ┗━━━━━━━┛ │
+ │ │
+ │ │
+ ┌────┴────┐ ┌────┴────┐
+ old0 │ 0 │ │New1Leaf │
+ └─────────┘ └─────────┘
+
+
+ ┏━━━━━━━┓ ┏━━━━━━━┓
+ na ┃ Hash ┃ ┃ Hash ┃
+ ┗━━━━━━━┛ ┗━━━━━━━┛
+
+
+ ┏━━━━━━━┓ ┏━━━━━━━┓
+ na ┃ Hash ┃ ┃ Hash ┃
+ ┗━━━━━━━┛ ┗━━━━━━━┛
+
+
+
+Insert to a used leaf.
+=====================
+
+ STATE OLD STATE NEW STATE
+ ===== ========= =========
+
+
+ oldRoot newRoot
+ ▲ ▲
+ │ │
+ ┌───────┐ ┏━━━┻━━━┓ ┌───────┐ ┏━━━┻━━━┓
+ top │Sibling├────▶┃ Hash ┃◀─┐ │Sibling├────▶┃ Hash ┃◀─┐
+ └───────┘ ┗━━━━━━━┛ │ └───────┘ ┗━━━━━━━┛ │
+ │ │
+ │ │
+ ┏━━━┻━━━┓ ┌───────┐ ┏━━━┻━━━┓ ┌───────┐
+ top ┌─────▶┃ Hash ┃◀──┤Sibling│ ┌─────▶┃ Hash ┃◀──┤Sibling│
+ │ ┗━━━━━━━┛ └───────┘ │ ┗━━━━━━━┛ └───────┘
+ │ │
+ │ │
+ ┌───────┐ ┏━━━┻━━━┓ ┌───────┐ ┏━━━┻━━━┓
+ top │Sibling├──▶┃ Hash ┃◀─────┐ │Sibling├──▶┃ Hash ┃◀─────┐
+ └───────┘ ┗━━━━━━━┛ │ └───────┘ ┗━━━━━━━┛ │
+ │ │
+ │ │
+ ┌────┴────┐ ┏━━━┻━━━┓ ┌───────┐
+ bot │Old1Leaf │ ┌─────▶┃ Hash ┃◀──┼─ 0 │
+ └─────────┘ │ ┗━━━━━━━┛ └───────┘
+ │
+ │
+ ┏━━━━━━━┓ ┌───────┐ ┏━━━┻━━━┓
+ bot ┃ Hash ┃ │ 0 ─┼──▶┃ Hash ┃◀─────┐
+ ┗━━━━━━━┛ └───────┘ ┗━━━━━━━┛ │
+ │
+ │
+ ┏━━━━━━━┓ ┏━━━┻━━━┓ ┌───────┐
+ bot ┃ Hash ┃ ┌─────▶┃ Hash ┃◀──│ 0 │
+ ┗━━━━━━━┛ │ ┗━━━━━━━┛ └───────┘
+ │
+ │
+ ┏━━━━━━━┓ ┌─────────┐ ┏━━━┻━━━┓ ┌─────────┐
+ new1 ┃ Hash ┃ │Old1Leaf ├──▶┃ Hash ┃◀──│New1Leaf │
+ ┗━━━━━━━┛ └─────────┘ ┗━━━━━━━┛ └─────────┘
+
+
+ ┏━━━━━━━┓ ┏━━━━━━━┓
+ na ┃ Hash ┃ ┃ Hash ┃
+ ┗━━━━━━━┛ ┗━━━━━━━┛
+
+
+ ┏━━━━━━━┓ ┏━━━━━━━┓
+ na ┃ Hash ┃ ┃ Hash ┃
+ ┗━━━━━━━┛ ┗━━━━━━━┛
+
+
+Fnction
+fnc[0] fnc[1]
+0 0 NOP
+0 1 UPDATE
+1 0 INSERT
+1 1 DELETE
+
+
+***************************************************************************************************/
+
+include "../gates.circom";
+include "../bitify.circom";
+include "../comparators.circom";
+include "../switcher.circom";
+include "smtlevins.circom";
+include "smtprocessorlevel.circom";
+include "smtprocessorsm.circom";
+include "smthash_poseidon.circom";
+
+template SMTProcessor(nLevels) {
+ signal input oldRoot;
+ signal output newRoot;
+ signal input siblings[nLevels];
+ signal input oldKey;
+ signal input oldValue;
+ signal input isOld0;
+ signal input newKey;
+ signal input newValue;
+ signal input fnc[2];
+
+ signal enabled;
+
+ var i;
+
+ enabled <== fnc[0] + fnc[1] - fnc[0]*fnc[1]
+
+ component hash1Old = SMTHash1();
+ hash1Old.key <== oldKey;
+ hash1Old.value <== oldValue;
+
+ component hash1New = SMTHash1();
+ hash1New.key <== newKey;
+ hash1New.value <== newValue;
+
+ component n2bOld = Num2Bits_strict();
+ component n2bNew = Num2Bits_strict();
+
+ n2bOld.in <== oldKey;
+ n2bNew.in <== newKey;
+
+ component smtLevIns = SMTLevIns(nLevels);
+ for (i=0; i<nLevels; i++) smtLevIns.siblings[i] <== siblings[i];
+ smtLevIns.enabled <== enabled;
+
+ component xors[nLevels];
+ for (i=0; i<nLevels; i++) {
+ xors[i] = XOR();
+ xors[i].a <== n2bOld.out[i];
+ xors[i].b <== n2bNew.out[i];
+ }
+
+ component sm[nLevels];
+ for (i=0; i<nLevels; i++) {
+ sm[i] = SMTProcessorSM();
+ if (i==0) {
+ sm[i].prev_top <== enabled;
+ sm[i].prev_old0 <== 0;
+ sm[i].prev_bot <== 0;
+ sm[i].prev_new1 <== 0;
+ sm[i].prev_na <== 1-enabled;
+ sm[i].prev_upd <== 0;
+ } else {
+ sm[i].prev_top <== sm[i-1].st_top;
+ sm[i].prev_old0 <== sm[i-1].st_old0;
+ sm[i].prev_bot <== sm[i-1].st_bot;
+ sm[i].prev_new1 <== sm[i-1].st_new1;
+ sm[i].prev_na <== sm[i-1].st_na;
+ sm[i].prev_upd <== sm[i-1].st_upd;
+ }
+ sm[i].is0 <== isOld0;
+ sm[i].xor <== xors[i].out;
+ sm[i].fnc[0] <== fnc[0];
+ sm[i].fnc[1] <== fnc[1];
+ sm[i].levIns <== smtLevIns.levIns[i];
+ }
+ sm[nLevels-1].st_na + sm[nLevels-1].st_new1 + sm[nLevels-1].st_old0 +sm[nLevels-1].st_upd === 1;
+
+ component levels[nLevels];
+ for (i=nLevels-1; i != -1; i--) {
+ levels[i] = SMTProcessorLevel();
+
+ levels[i].st_top <== sm[i].st_top;
+ levels[i].st_old0 <== sm[i].st_old0;
+ levels[i].st_bot <== sm[i].st_bot;
+ levels[i].st_new1 <== sm[i].st_new1;
+ levels[i].st_na <== sm[i].st_na;
+ levels[i].st_upd <== sm[i].st_upd;
+
+ levels[i].sibling <== siblings[i];
+ levels[i].old1leaf <== hash1Old.out;
+ levels[i].new1leaf <== hash1New.out;
+
+ levels[i].newlrbit <== n2bNew.out[i];
+ if (i==nLevels-1) {
+ levels[i].oldChild <== 0;
+ levels[i].newChild <== 0;
+ } else {
+ levels[i].oldChild <== levels[i+1].oldRoot;
+ levels[i].newChild <== levels[i+1].newRoot;
+ }
+ }
+
+ component topSwitcher = Switcher();
+
+ topSwitcher.sel <== fnc[0]*fnc[1];
+ topSwitcher.L <== levels[0].oldRoot;
+ topSwitcher.R <== levels[0].newRoot;
+
+ component checkOldInput = ForceEqualIfEnabled();
+ checkOldInput.enabled <== enabled;
+ checkOldInput.in[0] <== oldRoot;
+ checkOldInput.in[1] <== topSwitcher.outL;
+
+ newRoot <== enabled * (topSwitcher.outR - oldRoot) + oldRoot;
+
+// topSwitcher.outL === oldRoot*enabled;
+// topSwitcher.outR === newRoot*enabled;
+
+ // Ckeck keys are equal if updating
+ component areKeyEquals = IsEqual();
+ areKeyEquals.in[0] <== oldKey;
+ areKeyEquals.in[1] <== newKey;
+
+ component keysOk = MultiAND(3);
+ keysOk.in[0] <== 1-fnc[0];
+ keysOk.in[1] <== fnc[1];
+ keysOk.in[2] <== 1-areKeyEquals.out;
+
+ keysOk.out === 0;
+}
diff --git a/circuits/cryptography/smt/smtprocessor.test.js b/circuits/cryptography/smt/smtprocessor.test.js
new file mode 100644
index 00000000..e2577071
--- /dev/null
+++ b/circuits/cryptography/smt/smtprocessor.test.js
@@ -0,0 +1,208 @@
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+const smt = require("../src/smt.js");
+
+const assert = chai.assert;
+
+function print(circuit, w, s) {
+ console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+async function testInsert(tree, key, value, circuit ) {
+
+ const res = await tree.insert(key,value);
+ let siblings = res.siblings;
+ while (siblings.length<10) siblings.push(bigInt(0));
+
+ const w = await circuit.calculateWitness({
+ fnc: [1,0],
+ oldRoot: res.oldRoot,
+ siblings: siblings,
+ oldKey: res.isOld0 ? 0 : res.oldKey,
+ oldValue: res.isOld0 ? 0 : res.oldValue,
+ isOld0: res.isOld0 ? 1 : 0,
+ newKey: key,
+ newValue: value
+ }, true);
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {newRoot: res.newRoot});
+
+}
+
+async function testDelete(tree, key, circuit) {
+ const res = await tree.delete(key);
+ let siblings = res.siblings;
+ while (siblings.length<10) siblings.push(bigInt(0));
+
+ const w = await circuit.calculateWitness({
+ fnc: [1,1],
+ oldRoot: res.oldRoot,
+ siblings: siblings,
+ oldKey: res.isOld0 ? 0 : res.oldKey,
+ oldValue: res.isOld0 ? 0 : res.oldValue,
+ isOld0: res.isOld0 ? 1 : 0,
+ newKey: res.delKey,
+ newValue: res.delValue
+ }, true);
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {newRoot: res.newRoot});
+}
+
+async function testUpdate(tree, key, newValue, circuit) {
+ const res = await tree.update(key, newValue);
+ let siblings = res.siblings;
+ while (siblings.length<10) siblings.push(bigInt(0));
+
+ const w = await circuit.calculateWitness({
+ fnc: [0,1],
+ oldRoot: res.oldRoot,
+ siblings: siblings,
+ oldKey: res.oldKey,
+ oldValue: res.oldValue,
+ isOld0: 0,
+ newKey: res.newKey,
+ newValue: res.newValue
+ });
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {newRoot: res.newRoot});
+}
+
+
+describe("SMT Processor test", function () {
+ let circuit;
+ let tree;
+
+ this.timeout(10000000);
+
+ before( async () => {
+ circuit = await tester(path.join(__dirname, "circuits", "smtprocessor10_test.circom"));
+ await circuit.loadSymbols();
+
+ tree = await smt.newMemEmptyTrie();
+ });
+
+ it("Should verify an insert to an empty tree", async () => {
+ const key = bigInt(111);
+ const value = bigInt(222);
+
+ await testInsert(tree, key, value, circuit);
+ });
+
+ it("It should add another element", async () => {
+ const key = bigInt(333);
+ const value = bigInt(444);
+
+ await testInsert(tree, key, value, circuit);
+ });
+
+ it("Should remove an element", async () => {
+ await testDelete(tree, 111, circuit);
+ await testDelete(tree, 333, circuit);
+ });
+
+ it("Should test convination of adding and removing 3 elements", async () => {
+ const keys = [bigInt(8), bigInt(9), bigInt(32)];
+ const values = [bigInt(88), bigInt(99), bigInt(3232)];
+ const tree1 = await smt.newMemEmptyTrie();
+ const tree2 = await smt.newMemEmptyTrie();
+ const tree3 = await smt.newMemEmptyTrie();
+ const tree4 = await smt.newMemEmptyTrie();
+ const tree5 = await smt.newMemEmptyTrie();
+ const tree6 = await smt.newMemEmptyTrie();
+
+ await testInsert(tree1,keys[0],values[0], circuit);
+ await testInsert(tree1,keys[1],values[1], circuit);
+ await testInsert(tree1,keys[2],values[2], circuit);
+
+ await testInsert(tree2,keys[0],values[0], circuit);
+ await testInsert(tree2,keys[2],values[2], circuit);
+ await testInsert(tree2,keys[1],values[1], circuit);
+
+ await testInsert(tree3,keys[1],values[1], circuit);
+ await testInsert(tree3,keys[0],values[0], circuit);
+ await testInsert(tree3,keys[2],values[2], circuit);
+
+ await testInsert(tree4,keys[1],values[1], circuit);
+ await testInsert(tree4,keys[2],values[2], circuit);
+ await testInsert(tree4,keys[0],values[0], circuit);
+
+ await testInsert(tree5,keys[2],values[2], circuit);
+ await testInsert(tree5,keys[0],values[0], circuit);
+ await testInsert(tree5,keys[1],values[1], circuit);
+
+ await testInsert(tree6,keys[2],values[2], circuit);
+ await testInsert(tree6,keys[1],values[1], circuit);
+ await testInsert(tree6,keys[0],values[0], circuit);
+
+
+ await testDelete(tree1, keys[0], circuit);
+ await testDelete(tree1, keys[1], circuit);
+ await testDelete(tree2, keys[1], circuit);
+ await testDelete(tree2, keys[0], circuit);
+
+ await testDelete(tree3, keys[0], circuit);
+ await testDelete(tree3, keys[2], circuit);
+ await testDelete(tree4, keys[2], circuit);
+ await testDelete(tree4, keys[0], circuit);
+
+
+ await testDelete(tree5, keys[1], circuit);
+ await testDelete(tree5, keys[2], circuit);
+ await testDelete(tree6, keys[2], circuit);
+ await testDelete(tree6, keys[1], circuit);
+
+ await testDelete(tree1, keys[2], circuit);
+ await testDelete(tree2, keys[2], circuit);
+ await testDelete(tree3, keys[1], circuit);
+ await testDelete(tree4, keys[1], circuit);
+ await testDelete(tree5, keys[0], circuit);
+ await testDelete(tree6, keys[0], circuit);
+ });
+
+ it("Should match a NOp with random vals", async () => {
+ let siblings = [];
+ while (siblings.length<10) siblings.push(bigInt(88));
+ const w = await circuit.calculateWitness({
+ fnc: [0,0],
+ oldRoot: 11,
+ siblings: siblings,
+ oldKey: 33,
+ oldValue: 44,
+ isOld0: 55,
+ newKey: 66,
+ newValue: 77
+ });
+
+ const root1 = w[circuit.symbols["main.oldRoot"].varIdx];
+ const root2 = w[circuit.symbols["main.newRoot"].varIdx];
+
+ await circuit.checkConstraints(w);
+
+ assert(root1.equals(root2));
+ });
+ it("Should update an element", async () => {
+ const tree1 = await smt.newMemEmptyTrie();
+ const tree2 = await smt.newMemEmptyTrie();
+
+ await testInsert(tree1,8,88, circuit);
+ await testInsert(tree1,9,99, circuit);
+ await testInsert(tree1,32,3232, circuit);
+
+ await testInsert(tree2,8,888, circuit);
+ await testInsert(tree2,9,999, circuit);
+ await testInsert(tree2,32,323232, circuit);
+
+ await testUpdate(tree1, 8, 888, circuit);
+ await testUpdate(tree1, 9, 999, circuit);
+ await testUpdate(tree1, 32, 323232, circuit);
+ });
+});
diff --git a/circuits/cryptography/smt/smtprocessor10_test.circom b/circuits/cryptography/smt/smtprocessor10_test.circom
new file mode 100644
index 00000000..ecf15d06
--- /dev/null
+++ b/circuits/cryptography/smt/smtprocessor10_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/smt/smtprocessor.circom";
+
+component main = SMTProcessor(10);
diff --git a/circuits/cryptography/smt/smtprocessorlevel.circom b/circuits/cryptography/smt/smtprocessorlevel.circom
new file mode 100644
index 00000000..117671e8
--- /dev/null
+++ b/circuits/cryptography/smt/smtprocessorlevel.circom
@@ -0,0 +1,94 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/******
+
+SMTProcessorLevel
+
+This circuit has 2 hash
+
+Outputs according to the state.
+
+State oldRoot newRoot
+===== ======= =======
+top H'(oldChild, sibling) H'(newChild, sibling)
+old0 0 new1leaf
+bot old1leaf H'(newChild, 0)
+new1 old1leaf H'(new1leaf, old1leaf)
+na 0 0
+
+upd old1leaf new1leaf
+
+H' is the Hash function with the inputs shifted acordingly.
+
+*****/
+
+
+template SMTProcessorLevel() {
+ signal input st_top;
+ signal input st_old0;
+ signal input st_bot;
+ signal input st_new1;
+ signal input st_na;
+ signal input st_upd;
+
+ signal output oldRoot;
+ signal output newRoot;
+ signal input sibling;
+ signal input old1leaf;
+ signal input new1leaf;
+ signal input newlrbit;
+ signal input oldChild;
+ signal input newChild;
+
+ signal aux[4];
+
+ component oldProofHash = SMTHash2();
+ component newProofHash = SMTHash2();
+
+ component oldSwitcher = Switcher();
+ component newSwitcher = Switcher();
+
+ // Old side
+
+ oldSwitcher.L <== oldChild;
+ oldSwitcher.R <== sibling;
+
+ oldSwitcher.sel <== newlrbit;
+ oldProofHash.L <== oldSwitcher.outL;
+ oldProofHash.R <== oldSwitcher.outR;
+
+ aux[0] <== old1leaf * (st_bot + st_new1 + st_upd);
+ oldRoot <== aux[0] + oldProofHash.out * st_top;
+
+ // New side
+
+ aux[1] <== newChild * ( st_top + st_bot);
+ newSwitcher.L <== aux[1] + new1leaf*st_new1;
+
+ aux[2] <== sibling*st_top;
+ newSwitcher.R <== aux[2] + old1leaf*st_new1;
+
+ newSwitcher.sel <== newlrbit;
+ newProofHash.L <== newSwitcher.outL;
+ newProofHash.R <== newSwitcher.outR;
+
+ aux[3] <== newProofHash.out * (st_top + st_bot + st_new1);
+ newRoot <== aux[3] + new1leaf * (st_old0 + st_upd);
+}
diff --git a/circuits/cryptography/smt/smtprocessorsm.circom b/circuits/cryptography/smt/smtprocessorsm.circom
new file mode 100644
index 00000000..fac95b0d
--- /dev/null
+++ b/circuits/cryptography/smt/smtprocessorsm.circom
@@ -0,0 +1,164 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/***************************************************************************************************
+Each level on a SMTProcessor has a state.
+
+The state of the level depends on the state of te botom level and on `xor` and
+`is0` signals.
+
+`isOldLev` 1 when is the level where oldLeaf is.
+
+`xor` signal is 0 if the index bit at the current level is the same in the old
+and the new index, and 1 if it is different.
+
+`is0` signal, is 1 if we are inserting/deleting in an empty leaf and 0 if we
+are inserting/deleting in a leaf that contains an element.
+
+The states are:
+
+top: While the index bits of the old and new insex in the top level is the same, whe are in the top state.
+old0: When the we reach insert level, we go to old0 state
+if `is0`=1.
+btn: Once in insert level and `is0` =0 we go to btn or new1 level if xor=1
+new1: This level is reached when xor=1. Here is where we insert/delete the hash of the
+old and the new trees with just one element.
+na: Not appliable. After processing it, we go to the na level.
+
+
+Fnction
+fnc[0] fnc[1]
+0 0 NOP
+0 1 UPDATE
+1 0 INSERT
+1 1 DELETE
+
+
+ ###########
+ # #
+ ┌────────────────────────────▶# upd #─────────────────────┐
+ │ ## ## │
+ │ ######### │
+ levIns=1 │ │
+ fnc[0]=0 │ │ any
+ │ │
+ │ │
+ │ │
+ │ ########### │
+ │ levIns=1 # # │
+ levIns=0 │ is0=1 ┌────────────▶# old0 #────────┐ │ any
+ ┌─────┐ │ fnc[0]=1│ ## ## │ │ ┌──────┐
+ │ │ │ │ ######### │ any │ │ │
+ │ ▼ │ │ │ ▼ ▼ │
+ │ ########### │ │ ########### │
+ │ # # ────────────┘ └────────▶# #│
+ └──# top # # na #
+ ## ## ───────────────────┐ levIns=1 ┌──▶## ##
+ ######### │ is0=0 │ #########
+ │ │ fnc[0]=1 │
+ │ │ xor=1 ########### │ any
+ │ └──────────────────▶# # │
+ │ # new1 #──┘
+ │ ## ##
+ └────────────────────────────────┐ #########
+ levIns=1 │ ▲
+ is0=0 │ ┌─────┘
+ fnc[0]=1 │ ###########│ xor=1
+ xor=0 │ # #
+ ▼# btn #
+ ## ##
+ #########◀───────┐
+ │ │
+ │ │
+ └────────────┘
+ xor=0
+
+***************************************************************************************************/
+
+template SMTProcessorSM() {
+ signal input xor;
+ signal input is0;
+ signal input levIns;
+ signal input fnc[2];
+
+ signal input prev_top;
+ signal input prev_old0;
+ signal input prev_bot;
+ signal input prev_new1;
+ signal input prev_na;
+ signal input prev_upd;
+
+ signal output st_top;
+ signal output st_old0;
+ signal output st_bot;
+ signal output st_new1;
+ signal output st_na;
+ signal output st_upd;
+
+ signal aux1;
+ signal aux2;
+
+ aux1 <== prev_top * levIns;
+ aux2 <== aux1*fnc[0]; // prev_top * levIns * fnc[0]
+
+ // st_top = prev_top*(1-levIns)
+ // = + prev_top
+ // - prev_top * levIns = aux1
+
+ st_top <== prev_top - aux1;
+
+ // st_old0 = prev_top * levIns * is0 * fnc[0]
+ // = + prev_top * levIns * is0 * fnc[0] = aux2 * is0
+
+ st_old0 <== aux2 * is0; // prev_top * levIns * is0 * fnc[0]
+
+ // st_new1 = prev_top * levIns * (1-is0)*fnc[0] * xor + prev_bot*xor =
+ // = + prev_top * levIns * fnc[0] * xor = aux2 * xor
+ // - prev_top * levIns * is0 * fnc[0] * xor = st_old0 * xor
+ // + prev_bot * xor = prev_bot * xor
+
+ st_new1 <== (aux2 - st_old0 + prev_bot)*xor;
+
+
+ // st_bot = prev_top * levIns * (1-is0)*fnc[0] * (1-xor) + prev_bot*(1-xor);
+ // = + prev_top * levIns * fnc[0]
+ // - prev_top * levIns * is0 * fnc[0]
+ // - prev_top * levIns * fnc[0] * xor
+ // + prev_top * levIns * is0 * fnc[0] * xor
+ // + prev_bot
+ // - prev_bot * xor
+
+ st_bot <== (1-xor) * (aux2 - st_old0 + prev_bot)
+
+
+ // st_upd = prev_top * (1-fnc[0]) *levIns;
+ // = + prev_top * levIns
+ // - prev_top * levIns * fnc[0]
+
+ st_upd <== aux1 - aux2
+
+ // st_na = prev_new1 + prev_old0 + prev_na + prev_upd;
+ // = + prev_new1
+ // + prev_old0
+ // + prev_na
+ // + prev_upd
+
+ st_na <== prev_new1 + prev_old0 + prev_na + prev_upd;
+
+}
diff --git a/circuits/cryptography/smt/smtverifier.circom b/circuits/cryptography/smt/smtverifier.circom
new file mode 100644
index 00000000..23cfc150
--- /dev/null
+++ b/circuits/cryptography/smt/smtverifier.circom
@@ -0,0 +1,137 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/*
+
+SMTVerifier is a component to verify inclusion/exclusion of an element in the tree
+
+
+fnc: 0 -> VERIFY INCLUSION
+ 1 -> VERIFY NOT INCLUSION
+
+ */
+
+
+include "../gates.circom";
+include "../bitify.circom";
+include "../comparators.circom";
+include "../switcher.circom";
+include "smtlevins.circom";
+include "smtverifierlevel.circom";
+include "smtverifiersm.circom";
+include "smthash_poseidon.circom";
+
+template SMTVerifier(nLevels) {
+ signal input enabled;
+ signal input root;
+ signal input siblings[nLevels];
+ signal input oldKey;
+ signal input oldValue;
+ signal input isOld0;
+ signal input key;
+ signal input value;
+ signal input fnc;
+
+ var i;
+
+ component hash1Old = SMTHash1();
+ hash1Old.key <== oldKey;
+ hash1Old.value <== oldValue;
+
+ component hash1New = SMTHash1();
+ hash1New.key <== key;
+ hash1New.value <== value;
+
+ component n2bOld = Num2Bits_strict();
+ component n2bNew = Num2Bits_strict();
+
+ n2bOld.in <== oldKey;
+ n2bNew.in <== key;
+
+ component smtLevIns = SMTLevIns(nLevels);
+ for (i=0; i<nLevels; i++) smtLevIns.siblings[i] <== siblings[i];
+ smtLevIns.enabled <== enabled;
+
+ component sm[nLevels];
+ for (i=0; i<nLevels; i++) {
+ sm[i] = SMTVerifierSM();
+ if (i==0) {
+ sm[i].prev_top <== enabled;
+ sm[i].prev_i0 <== 0;
+ sm[i].prev_inew <== 0;
+ sm[i].prev_iold <== 0;
+ sm[i].prev_na <== 1-enabled;
+ } else {
+ sm[i].prev_top <== sm[i-1].st_top;
+ sm[i].prev_i0 <== sm[i-1].st_i0;
+ sm[i].prev_inew <== sm[i-1].st_inew;
+ sm[i].prev_iold <== sm[i-1].st_iold;
+ sm[i].prev_na <== sm[i-1].st_na;
+ }
+ sm[i].is0 <== isOld0;
+ sm[i].fnc <== fnc;
+ sm[i].levIns <== smtLevIns.levIns[i];
+ }
+ sm[nLevels-1].st_na + sm[nLevels-1].st_iold + sm[nLevels-1].st_inew + sm[nLevels-1].st_i0 === 1;
+
+ component levels[nLevels];
+ for (i=nLevels-1; i != -1; i--) {
+ levels[i] = SMTVerifierLevel();
+
+ levels[i].st_top <== sm[i].st_top;
+ levels[i].st_i0 <== sm[i].st_i0;
+ levels[i].st_inew <== sm[i].st_inew;
+ levels[i].st_iold <== sm[i].st_iold;
+ levels[i].st_na <== sm[i].st_na;
+
+ levels[i].sibling <== siblings[i];
+ levels[i].old1leaf <== hash1Old.out;
+ levels[i].new1leaf <== hash1New.out;
+
+ levels[i].lrbit <== n2bNew.out[i];
+ if (i==nLevels-1) {
+ levels[i].child <== 0;
+ } else {
+ levels[i].child <== levels[i+1].root;
+ }
+ }
+
+
+ // Check that if checking for non inclussuin and isOld0==0 then key!=old
+ component areKeyEquals = IsEqual();
+ areKeyEquals.in[0] <== oldKey;
+ areKeyEquals.in[1] <== key;
+
+ component keysOk = MultiAND(4);
+ keysOk.in[0] <== fnc;
+ keysOk.in[1] <== 1-isOld0;
+ keysOk.in[2] <== areKeyEquals.out;
+ keysOk.in[3] <== enabled;
+
+ keysOk.out === 0;
+
+ // Check the root
+ component checkRoot = ForceEqualIfEnabled();
+ checkRoot.enabled <== enabled;
+ checkRoot.in[0] <== levels[0].root;
+ checkRoot.in[1] <== root;
+
+ // levels[0].root === root;
+
+}
diff --git a/circuits/cryptography/smt/smtverifier.test.js b/circuits/cryptography/smt/smtverifier.test.js
new file mode 100644
index 00000000..f5992ade
--- /dev/null
+++ b/circuits/cryptography/smt/smtverifier.test.js
@@ -0,0 +1,136 @@
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+const smt = require("../src/smt.js");
+
+const assert = chai.assert;
+
+function print(circuit, w, s) {
+ console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+async function testInclusion(tree, key, circuit) {
+
+ const res = await tree.find(key);
+
+ assert(res.found);
+ let siblings = res.siblings;
+ while (siblings.length<10) siblings.push(bigInt(0));
+
+ const w = await circuit.calculateWitness({
+ enabled: 1,
+ fnc: 0,
+ root: tree.root,
+ siblings: siblings,
+ oldKey: 0,
+ oldValue: 0,
+ isOld0: 0,
+ key: key,
+ value: res.foundValue
+ }, true);
+
+ await circuit.checkConstraints(w);
+
+}
+
+async function testExclusion(tree, key, circuit) {
+ const res = await tree.find(key);
+
+ assert(!res.found);
+ let siblings = res.siblings;
+ while (siblings.length<10) siblings.push(bigInt(0));
+
+ const w = await circuit.calculateWitness({
+ enabled: 1,
+ fnc: 1,
+ root: tree.root,
+ siblings: siblings,
+ oldKey: res.isOld0 ? 0 : res.notFoundKey,
+ oldValue: res.isOld0 ? 0 : res.notFoundValue,
+ isOld0: res.isOld0 ? 1 : 0,
+ key: key,
+ value: 0
+ });
+
+ await circuit.checkConstraints(w);
+
+}
+
+describe("SMT Verifier test", function () {
+ let circuit;
+ let tree;
+
+ this.timeout(100000);
+
+ before( async () => {
+ circuit = await tester(path.join(__dirname, "circuits", "smtverifier10_test.circom"));
+
+ tree = await smt.newMemEmptyTrie();
+ await tree.insert(7,77);
+ await tree.insert(8,88);
+ await tree.insert(32,3232);
+ });
+
+ it("Check inclussion in a tree of 3", async () => {
+ await testInclusion(tree, 7, circuit);
+ await testInclusion(tree, 8, circuit);
+ await testInclusion(tree, 32, circuit);
+ });
+
+ it("Check exclussion in a tree of 3", async () => {
+ await testExclusion(tree, 0, circuit);
+ await testExclusion(tree, 6, circuit);
+ await testExclusion(tree, 9, circuit);
+ await testExclusion(tree, 33, circuit);
+ await testExclusion(tree, 31, circuit);
+ await testExclusion(tree, 16, circuit);
+ await testExclusion(tree, 64, circuit);
+ });
+
+ it("Check not enabled accepts any thing", async () => {
+ let siblings = [];
+ for (let i=0; i<10; i++) siblings.push(i);
+
+ const w = await circuit.calculateWitness({
+ enabled: 0,
+ fnc: 0,
+ root: 1,
+ siblings: siblings,
+ oldKey: 22,
+ oldValue: 33,
+ isOld0: 0,
+ key: 44,
+ value: 0
+ });
+
+
+ await circuit.checkConstraints(w);
+ });
+
+ it("Check inclussion Adria case", async () => {
+ const e1_hi= bigInt("17124152697573569611556136390143205198134245887034837071647643529178599000839");
+ const e1_hv= bigInt("19650379996168153643111744440707177573540245771926102415571667548153444658179");
+
+ const e2ok_hi= bigInt("16498254692537945203721083102154618658340563351558973077349594629411025251262");
+ const e2ok_hv= bigInt("19650379996168153643111744440707177573540245771926102415571667548153444658179");
+
+ const e2fail_hi= bigInt("17195092312975762537892237130737365903429674363577646686847513978084990105579");
+ const e2fail_hv= bigInt("19650379996168153643111744440707177573540245771926102415571667548153444658179");
+
+ const tree1 = await smt.newMemEmptyTrie();
+ await tree1.insert(e1_hi,e1_hv);
+ await tree1.insert(e2ok_hi,e2ok_hv);
+
+ await testInclusion(tree1, e2ok_hi, circuit);
+
+ const tree2 = await smt.newMemEmptyTrie();
+ await tree2.insert(e1_hi,e1_hv);
+ await tree2.insert(e2fail_hi,e2fail_hv);
+
+ await testInclusion(tree2, e2fail_hi, circuit);
+ });
+
+
+});
diff --git a/circuits/cryptography/smt/smtverifier10_test.circom b/circuits/cryptography/smt/smtverifier10_test.circom
new file mode 100644
index 00000000..31a4dd78
--- /dev/null
+++ b/circuits/cryptography/smt/smtverifier10_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/smt/smtverifier.circom";
+
+component main = SMTVerifier(10);
diff --git a/circuits/cryptography/smt/smtverifierlevel.circom b/circuits/cryptography/smt/smtverifierlevel.circom
new file mode 100644
index 00000000..a866dae8
--- /dev/null
+++ b/circuits/cryptography/smt/smtverifierlevel.circom
@@ -0,0 +1,71 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/******
+
+SMTVerifierLevel
+
+This circuit has 1 hash
+
+Outputs according to the state.
+
+State root
+===== =======
+top H'(child, sibling)
+i0 0
+iold old1leaf
+inew new1leaf
+na 0
+
+H' is the Hash function with the inputs shifted acordingly.
+
+*****/
+
+
+template SMTVerifierLevel() {
+ signal input st_top;
+ signal input st_i0;
+ signal input st_iold;
+ signal input st_inew;
+ signal input st_na;
+
+ signal output root;
+ signal input sibling;
+ signal input old1leaf;
+ signal input new1leaf;
+ signal input lrbit;
+ signal input child;
+
+ signal aux[2];
+
+ component proofHash = SMTHash2();
+ component switcher = Switcher();
+
+ switcher.L <== child;
+ switcher.R <== sibling;
+
+ switcher.sel <== lrbit;
+ proofHash.L <== switcher.outL;
+ proofHash.R <== switcher.outR;
+
+ aux[0] <== proofHash.out * st_top;
+ aux[1] <== old1leaf*st_iold;
+
+ root <== aux[0] + aux[1] + new1leaf*st_inew;
+}
diff --git a/circuits/cryptography/smt/smtverifiersm.circom b/circuits/cryptography/smt/smtverifiersm.circom
new file mode 100644
index 00000000..f5196530
--- /dev/null
+++ b/circuits/cryptography/smt/smtverifiersm.circom
@@ -0,0 +1,105 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/*
+Each level in the SMTVerifier has a state.
+
+This is the state machine.
+
+The signals are
+
+levIns: 1 if we are in the level where the insertion should happen
+xor: 1 if the bitKey of the old and new keys are different in this level
+is0: Input that indicates that the oldKey is 0
+fnc: 0 -> VERIFY INCLUSION
+ 1 -> VERIFY NOT INCLUSION
+
+err state is not a state itself. It's a lack of state.
+
+The end of the last level will have to be `na`
+
+ levIns=0 any
+ ┌────┐ ┌────┐
+ │ │ │ │
+ │ ▼ levIns=1 ▼ │
+ │ ########### is0=1 ########### ########### │
+ │ # # fnc=1 # # any # # │
+ └──# top # ─────────────────────▶# i0 #───────────────▶# na #──┘
+ ## ## ──────────┐ ## ## ┌───────▶## ##
+ ########─────────────┐│ ######### │┌────────▶#########
+ ││ levIns=1 ││
+ ││ is0=0 ########### ││
+ ││ fnc=1 # # any│
+ │└──────────▶ # iold #────────┘│
+ │ ## ## │
+ │ ######### │
+ │ │
+ │ levIns=1 ########### │
+ │ fnc=0 # # any
+ └────────────▶# inew #─────────┘
+ ## ##
+ #########
+
+ */
+
+
+template SMTVerifierSM() {
+ signal input is0;
+ signal input levIns;
+ signal input fnc;
+
+ signal input prev_top;
+ signal input prev_i0;
+ signal input prev_iold;
+ signal input prev_inew;
+ signal input prev_na;
+
+ signal output st_top;
+ signal output st_i0;
+ signal output st_iold;
+ signal output st_inew;
+ signal output st_na;
+
+ signal prev_top_lev_ins;
+ signal prev_top_lev_ins_fnc;
+
+ prev_top_lev_ins <== prev_top * levIns;
+ prev_top_lev_ins_fnc <== prev_top_lev_ins*fnc; // prev_top * levIns * fnc
+
+ // st_top = prev_top * (1-levIns)
+ // = + prev_top
+ // - prev_top * levIns
+ st_top <== prev_top - prev_top_lev_ins;
+
+ // st_inew = prev_top * levIns * (1-fnc)
+ // = + prev_top * levIns
+ // - prev_top * levIns * fnc
+ st_inew <== prev_top_lev_ins - prev_top_lev_ins_fnc;
+
+ // st_iold = prev_top * levIns * (1-is0)*fnc
+ // = + prev_top * levIns * fnc
+ // - prev_top * levIns * fnc * is0
+ st_iold <== prev_top_lev_ins_fnc * (1 - is0);
+
+ // st_i0 = prev_top * levIns * is0
+ // = + prev_top * levIns * is0
+ st_i0 <== prev_top_lev_ins * is0;
+
+ st_na <== prev_na + prev_inew + prev_iold + prev_i0;
+}
diff --git a/gen_index.py b/gen_index.py
new file mode 100755
index 00000000..712caf91
--- /dev/null
+++ b/gen_index.py
@@ -0,0 +1,19 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+
+from os.path import join
+
+def walk(path, level):
+ ident = ' ' * 4 * level
+ dirs = [entry.name for entry in os.scandir(path) if entry.is_dir()]
+ for dir in sorted(dirs):
+ full_path = join(path, dir)
+ print(f'{ident}- [`{dir}`]({full_path})')
+ walk(full_path, level + 1)
+
+path = '.'
+if len(sys.argv) > 1:
+ path = sys.argv[1]
+walk(path, 0)
diff --git a/test/circuits/babyadd_test.circom b/test/circuits/babyadd_test.circom
new file mode 100644
index 00000000..129acfac
--- /dev/null
+++ b/test/circuits/babyadd_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/babyjub.circom";
+
+component main = BabyAdd();
diff --git a/test/edwards2montgomery.circom b/test/edwards2montgomery.circom
new file mode 100644
index 00000000..960e5941
--- /dev/null
+++ b/test/edwards2montgomery.circom
@@ -0,0 +1,3 @@
+include "../../circuits/montgomery.circom";
+
+component main = Edwards2Montgomery();
diff --git a/test/escalarmul.test.js b/test/escalarmul.test.js
new file mode 100644
index 00000000..ec605976
--- /dev/null
+++ b/test/escalarmul.test.js
@@ -0,0 +1,114 @@
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+const babyJub = require("../src/babyjub.js");
+
+const assert = chai.assert;
+
+function print(circuit, w, s) {
+ console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+describe("Exponentioation test", function () {
+
+ this.timeout(100000);
+
+ it("Should generate the Exponentiation table in k=0", async () => {
+
+ const circuit = await tester(path.join(__dirname, "circuits", "escalarmulw4table_test.circom"));
+
+ const w = await circuit.calculateWitness({in: 1});
+
+ await circuit.checkConstraints(w);
+
+ let g = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ let dbl= [bigInt("0"), bigInt("1")];
+
+ const expectedOut = [];
+
+ for (let i=0; i<16; i++) {
+
+ expectedOut.push(dbl);
+ dbl = babyJub.addPoint(dbl,g);
+ }
+
+ await circuit.assertOut(w, {out: expectedOut});
+
+ });
+
+ it("Should generate the Exponentiation table in k=3", async () => {
+
+ const circuit = await tester(path.join(__dirname, "circuits", "escalarmulw4table_test3.circom"));
+
+ const w = await circuit.calculateWitness({in: 1});
+
+ await circuit.checkConstraints(w);
+
+ let g = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ for (let i=0; i<12;i++) {
+ g = babyJub.addPoint(g,g);
+ }
+
+ let dbl= [bigInt("0"), bigInt("1")];
+
+ const expectedOut = [];
+
+ for (let i=0; i<16; i++) {
+ expectedOut.push(dbl);
+
+ dbl = babyJub.addPoint(dbl,g);
+ }
+
+ await circuit.assertOut(w, {out: expectedOut});
+
+ });
+
+ it("Should exponentiate g^31", async () => {
+
+ const circuit = await tester(path.join(__dirname, "circuits", "escalarmul_test.circom"));
+
+ const w = await circuit.calculateWitness({"in": 31});
+
+ await circuit.checkConstraints(w);
+
+ let g = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ let c = [bigInt(0), bigInt(1)];
+
+ for (let i=0; i<31;i++) {
+ c = babyJub.addPoint(c,g);
+ }
+
+ await circuit.assertOut(w, {out: c});
+
+ const w2 = await circuit.calculateWitness({"in": bigInt(1).shiftLeft(252).add(bigInt.one)});
+
+ c = [g[0], g[1]];
+ for (let i=0; i<252;i++) {
+ c = babyJub.addPoint(c,c);
+ }
+ c = babyJub.addPoint(c,g);
+
+ await circuit.assertOut(w2, {out: c});
+
+ }).timeout(10000000);
+
+ it("Number of constrains for 256 bits", async () => {
+
+ const circuit = await tester(path.join(__dirname, "circuits", "escalarmul_test_min.circom"));
+
+ }).timeout(10000000);
+
+});
diff --git a/test/escalarmul_min_test.circom b/test/escalarmul_min_test.circom
new file mode 100644
index 00000000..69737011
--- /dev/null
+++ b/test/escalarmul_min_test.circom
@@ -0,0 +1,26 @@
+include "../../circuits/escalarmul.circom";
+
+
+template Main() {
+ signal input in[256];
+ signal output out[2];
+
+ var i;
+
+ var base = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203];
+
+ component escalarMul = EscalarMul(256, base);
+
+ escalarMul.inp[0] <== 0;
+ escalarMul.inp[1] <== 1;
+
+ for (i=0; i<256; i++) {
+ in[i] ==> escalarMul.in[i];
+ }
+
+ escalarMul.out[0] ==> out[0];
+ escalarMul.out[1] ==> out[1];
+}
+
+component main = Main();
diff --git a/test/escalarmul_test.circom b/test/escalarmul_test.circom
new file mode 100644
index 00000000..1af53ace
--- /dev/null
+++ b/test/escalarmul_test.circom
@@ -0,0 +1,31 @@
+include "../../circuits/escalarmul.circom";
+include "../../circuits/bitify.circom";
+
+
+template Main() {
+ signal input in;
+ signal output out[2];
+
+ var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203];
+
+
+ component n2b = Num2Bits(253);
+ component escalarMul = EscalarMul(253, base);
+
+ escalarMul.inp[0] <== 0;
+ escalarMul.inp[1] <== 1;
+
+ var i;
+
+ in ==> n2b.in;
+
+ for (i=0; i<253; i++) {
+ n2b.out[i] ==> escalarMul.in[i];
+ }
+
+ escalarMul.out[0] ==> out[0];
+ escalarMul.out[1] ==> out[1];
+}
+
+component main = Main();
diff --git a/test/escalarmul_test_min.circom b/test/escalarmul_test_min.circom
new file mode 100644
index 00000000..2b8c7ba3
--- /dev/null
+++ b/test/escalarmul_test_min.circom
@@ -0,0 +1,26 @@
+include "../../circuits/escalarmul.circom";
+
+
+template Main() {
+ signal input in[256];
+ signal output out[2];
+
+ var i;
+
+ var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203];
+
+ component escalarMul = EscalarMul(256, base);
+
+ escalarMul.inp[0] <== 0;
+ escalarMul.inp[1] <== 1;
+
+ for (i=0; i<256; i++) {
+ in[i] ==> escalarMul.in[i];
+ }
+
+ escalarMul.out[0] ==> out[0];
+ escalarMul.out[1] ==> out[1];
+}
+
+component main = Main();
diff --git a/test/escalarmulany.test.js b/test/escalarmulany.test.js
new file mode 100644
index 00000000..3a831d09
--- /dev/null
+++ b/test/escalarmulany.test.js
@@ -0,0 +1,46 @@
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+function print(circuit, w, s) {
+ console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+describe("Escalarmul test", function () {
+ let circuitEMulAny;
+
+ this.timeout(100000);
+
+ let g = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ before( async() => {
+ circuitEMulAny = await tester(path.join(__dirname, "circuits", "escalarmulany_test.circom"));
+ });
+
+ it("Should generate Same escalar mul", async () => {
+
+ const w = await circuitEMulAny.calculateWitness({"e": 1, "p": g});
+
+ await circuitEMulAny.checkConstraints(w);
+
+ await circuitEMulAny.assertOut(w, {out: g}, true);
+
+ });
+
+ it("If multiply by order should return 0", async () => {
+
+ const r = bigInt("2736030358979909402780800718157159386076813972158567259200215660948447373041");
+ const w = await circuitEMulAny.calculateWitness({"e": r, "p": g});
+
+ await circuitEMulAny.checkConstraints(w);
+
+ await circuitEMulAny.assertOut(w, {out: [0,1]}, true);
+
+ });
+
+});
+
diff --git a/test/escalarmulany_test.circom b/test/escalarmulany_test.circom
new file mode 100644
index 00000000..c09918d6
--- /dev/null
+++ b/test/escalarmulany_test.circom
@@ -0,0 +1,28 @@
+include "../../circuits/escalarmulany.circom";
+include "../../circuits/bitify.circom";
+
+template Main() {
+ signal input e;
+ signal input p[2];
+ signal output out[2];
+
+ component n2b = Num2Bits(253);
+ component escalarMulAny = EscalarMulAny(253);
+
+ escalarMulAny.p[0] <== p[0];
+ escalarMulAny.p[1] <== p[1];
+
+ var i;
+
+ e ==> n2b.in;
+
+ for (i=0; i<253; i++) {
+ n2b.out[i] ==> escalarMulAny.e[i];
+ }
+
+ escalarMulAny.out[0] ==> out[0];
+ escalarMulAny.out[1] ==> out[1];
+}
+
+component main = Main();
+
diff --git a/test/escalarmulfix.test.js b/test/escalarmulfix.test.js
new file mode 100644
index 00000000..2486695f
--- /dev/null
+++ b/test/escalarmulfix.test.js
@@ -0,0 +1,90 @@
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+const babyjub = require("../src/babyjub");
+
+const assert = chai.assert;
+
+function print(circuit, w, s) {
+ console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+describe("Escalarmul test", function () {
+ let circuit;
+
+ this.timeout(100000);
+
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "circuits", "escalarmulfix_test.circom"));
+ });
+
+ it("Should generate Same escalar mul", async () => {
+
+ const w = await circuit.calculateWitness({"e": 0});
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {out: [0,1]}, true);
+
+ });
+
+ it("Should generate Same escalar mul", async () => {
+
+ const w = await circuit.calculateWitness({"e": 1}, true);
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {out: babyjub.Base8});
+
+ });
+
+ it("Should generate scalar mul of a specific constant", async () => {
+
+ const s = bigInt("2351960337287830298912035165133676222414898052661454064215017316447594616519");
+ const base8 = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ const w = await circuit.calculateWitness({"e": s}, true);
+
+ await circuit.checkConstraints(w);
+
+ const expectedRes = babyjub.mulPointEscalar(base8, s);
+
+ await circuit.assertOut(w, {out: expectedRes});
+
+ });
+
+ it("Should generate scalar mul of the firsts 50 elements", async () => {
+
+ const base8 = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ for (let i=0; i<50; i++) {
+ const s = bigInt(i);
+
+ const w = await circuit.calculateWitness({"e": s}, true);
+
+ await circuit.checkConstraints(w);
+
+ const expectedRes = babyjub.mulPointEscalar(base8, s);
+
+ await circuit.assertOut(w, {out: expectedRes});
+ }
+ });
+
+ it("If multiply by order should return 0", async () => {
+
+ const w = await circuit.calculateWitness({"e": babyjub.subOrder }, true);
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {out: [0,1]});
+ });
+
+});
+
diff --git a/test/escalarmulfix_test.circom b/test/escalarmulfix_test.circom
new file mode 100644
index 00000000..7d80b79e
--- /dev/null
+++ b/test/escalarmulfix_test.circom
@@ -0,0 +1,29 @@
+include "../../circuits/escalarmulfix.circom";
+include "../../circuits/bitify.circom";
+
+
+template Main() {
+ signal input e;
+ signal output out[2];
+
+ var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203]
+
+
+ component n2b = Num2Bits(253);
+ component escalarMul = EscalarMulFix(253, base);
+
+ var i;
+
+ e ==> n2b.in;
+
+ for (i=0; i<253; i++) {
+ n2b.out[i] ==> escalarMul.e[i];
+ }
+
+ escalarMul.out[0] ==> out[0];
+ escalarMul.out[1] ==> out[1];
+}
+
+component main = Main();
+
diff --git a/test/escalarmulw4table.circom b/test/escalarmulw4table.circom
new file mode 100644
index 00000000..43143b6a
--- /dev/null
+++ b/test/escalarmulw4table.circom
@@ -0,0 +1,6 @@
+include "../../circuits/escalarmulw4table.circom";
+
+var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203]
+
+component main = EscalarMulW4Table(base, 0);
diff --git a/test/escalarmulw4table_test.circom b/test/escalarmulw4table_test.circom
new file mode 100644
index 00000000..9f6777fd
--- /dev/null
+++ b/test/escalarmulw4table_test.circom
@@ -0,0 +1,17 @@
+include "../../circuits/escalarmulw4table.circom";
+
+
+template Main() {
+ signal input in;
+ signal output out[16][2];
+ var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203];
+
+ var escalarMul[16][2] = EscalarMulW4Table(base, 0);
+ for (var i=0; i<16; i++) {
+ out[i][0] <== escalarMul[i][0]*in;
+ out[i][1] <== escalarMul[i][1]*in;
+ }
+}
+
+component main = Main();
diff --git a/test/escalarmulw4table_test3.circom b/test/escalarmulw4table_test3.circom
new file mode 100644
index 00000000..d41d827e
--- /dev/null
+++ b/test/escalarmulw4table_test3.circom
@@ -0,0 +1,17 @@
+include "../../circuits/escalarmulw4table.circom";
+
+
+template Main() {
+ signal input in;
+ signal output out[16][2];
+ var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203];
+
+ var escalarMul[16][2] = EscalarMulW4Table(base, 3);
+ for (var i=0; i<16; i++) {
+ out[i][0] <== escalarMul[i][0]*in;
+ out[i][1] <== escalarMul[i][1]*in;
+ }
+}
+
+component main = Main();
diff --git a/test/in.json b/test/in.json
new file mode 100644
index 00000000..2ebe0d5c
--- /dev/null
+++ b/test/in.json
@@ -0,0 +1,258 @@
+{
+ "in": [
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1",
+ "1"
+ ]
+}
\ No newline at end of file
diff --git a/test/montgomery.test.js b/test/montgomery.test.js
new file mode 100644
index 00000000..d53fa5a3
--- /dev/null
+++ b/test/montgomery.test.js
@@ -0,0 +1,91 @@
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+const babyJub = require("../src/babyjub.js");
+
+const assert = chai.assert;
+
+describe("Montgomery test", function () {
+ let circuitE2M;
+ let circuitM2E;
+ let circuitMAdd;
+ let circuitMDouble;
+
+ let g = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ let mg, mg2, g2, g3, mg3;
+
+ this.timeout(100000);
+ before( async() => {
+ circuitE2M = await tester(path.join(__dirname, "circuits", "edwards2montgomery.circom"));
+ await circuitE2M.loadSymbols();
+ circuitM2E = await tester(path.join(__dirname, "circuits", "montgomery2edwards.circom"));
+ await circuitM2E.loadSymbols();
+ circuitMAdd = await tester(path.join(__dirname, "circuits", "montgomeryadd.circom"));
+ await circuitMAdd.loadSymbols();
+ circuitMDouble = await tester(path.join(__dirname, "circuits", "montgomerydouble.circom"));
+ await circuitMDouble.loadSymbols();
+ });
+ it("Convert Edwards to Montgomery and back again", async () => {
+ let w, xout, yout;
+
+ w = await circuitE2M.calculateWitness({ in: g}, true);
+
+ xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+ yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+ mg = [xout, yout];
+
+ w = await circuitM2E.calculateWitness({ in: [xout, yout]}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(g[0]));
+ assert(yout.equals(g[1]));
+ });
+ it("Should double a point", async () => {
+ let w, xout, yout;
+
+ g2 = babyJub.addPoint(g,g);
+
+ w = await circuitMDouble.calculateWitness({ in: mg}, true);
+
+ xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+ yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+ mg2 = [xout, yout];
+
+ w = await circuitM2E.calculateWitness({ in: mg2}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(g2[0]));
+ assert(yout.equals(g2[1]));
+ });
+ it("Should add a point", async () => {
+ let w, xout, yout;
+
+ g3 = babyJub.addPoint(g,g2);
+
+ w = await circuitMAdd.calculateWitness({ in1: mg, in2: mg2}, true);
+
+ xout = w[circuitMAdd.symbols["main.out[0]"].varIdx];
+ yout = w[circuitMAdd.symbols["main.out[1]"].varIdx];
+
+ mg3 = [xout, yout];
+
+ w = await circuitM2E.calculateWitness({ in: mg3}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(g3[0]));
+ assert(yout.equals(g3[1]));
+ });
+});
diff --git a/test/montgomery2edwards.circom b/test/montgomery2edwards.circom
new file mode 100644
index 00000000..39d05a64
--- /dev/null
+++ b/test/montgomery2edwards.circom
@@ -0,0 +1,3 @@
+include "../../circuits/montgomery.circom";
+
+component main = Montgomery2Edwards();
diff --git a/test/montgomeryadd.circom b/test/montgomeryadd.circom
new file mode 100644
index 00000000..8caea17d
--- /dev/null
+++ b/test/montgomeryadd.circom
@@ -0,0 +1,3 @@
+include "../../circuits/montgomery.circom";
+
+component main = MontgomeryAdd();
diff --git a/test/montgomerydouble.circom b/test/montgomerydouble.circom
new file mode 100644
index 00000000..70a3840e
--- /dev/null
+++ b/test/montgomerydouble.circom
@@ -0,0 +1,3 @@
+include "../../circuits/montgomery.circom";
+
+component main = MontgomeryDouble();
diff --git a/test/multiplexer.test.js b/test/multiplexer.test.js
new file mode 100644
index 00000000..01a83380
--- /dev/null
+++ b/test/multiplexer.test.js
@@ -0,0 +1,98 @@
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+describe("Mux4 test", function() {
+ this.timeout(100000);
+ it("Should create a constant multiplexer 4", async () => {
+
+ const circuit = await tester(path.join(__dirname, "circuits", "mux4_1.circom"));
+
+ const ct16 = [
+ bigInt("123"),
+ bigInt("456"),
+ bigInt("789"),
+ bigInt("012"),
+ bigInt("111"),
+ bigInt("222"),
+ bigInt("333"),
+ bigInt("4546"),
+ bigInt("134523"),
+ bigInt("44356"),
+ bigInt("15623"),
+ bigInt("4566"),
+ bigInt("1223"),
+ bigInt("4546"),
+ bigInt("4256"),
+ bigInt("4456")
+ ];
+
+ for (let i=0; i<16; i++) {
+ const w = await circuit.calculateWitness({ "selector": i }, true);
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {out: ct16[i]});
+ }
+ });
+
+ it("Should create a constant multiplexer 3", async () => {
+
+ const circuit = await tester(path.join(__dirname, "circuits", "mux3_1.circom"));
+
+ const ct8 = [
+ bigInt("37"),
+ bigInt("47"),
+ bigInt("53"),
+ bigInt("71"),
+ bigInt("89"),
+ bigInt("107"),
+ bigInt("163"),
+ bigInt("191")
+ ];
+
+ for (let i=0; i<8; i++) {
+ const w = await circuit.calculateWitness({ "selector": i }, true);
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {out: ct8[i]});
+ }
+ });
+ it("Should create a constant multiplexer 2", async () => {
+
+ const circuit = await tester(path.join(__dirname, "circuits", "mux2_1.circom"));
+
+ const ct4 = [
+ bigInt("37"),
+ bigInt("47"),
+ bigInt("53"),
+ bigInt("71"),
+ ];
+
+ for (let i=0; i<4; i++) {
+ const w = await circuit.calculateWitness({ "selector": i }, true);
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {out: ct4[i]});
+ }
+ });
+ it("Should create a constant multiplexer 1", async () => {
+
+ const circuit = await tester(path.join(__dirname, "circuits", "mux1_1.circom"));
+
+ const ct2 = [
+ bigInt("37"),
+ bigInt("47"),
+ ];
+
+ for (let i=0; i<2; i++) {
+ const w = await circuit.calculateWitness({ "selector": i }, true);
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {out: ct2[i]});
+ }
+ });
+});
diff --git a/test/point2bits.test.js b/test/point2bits.test.js
new file mode 100644
index 00000000..f0697a18
--- /dev/null
+++ b/test/point2bits.test.js
@@ -0,0 +1,23 @@
+const path = require("path");
+const tester = require("circom").tester;
+
+const babyJub = require("../src/babyjub.js");
+
+
+describe("Point 2 bits test", function() {
+ let circuit;
+ this.timeout(100000);
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "circuits", "pointbits_loopback.circom"));
+ });
+ it("Should do the both convertions for 8Base", async () => {
+ const w = await circuit.calculateWitness({ in: babyJub.Base8}, true);
+
+ await circuit.checkConstraints(w);
+ });
+ it("Should do the both convertions for Zero point", async () => {
+ const w = await circuit.calculateWitness({ in: [0, 1]}, true);
+
+ await circuit.checkConstraints(w);
+ });
+});
diff --git a/test/pointbits_loopback.circom b/test/pointbits_loopback.circom
new file mode 100644
index 00000000..39dacfbf
--- /dev/null
+++ b/test/pointbits_loopback.circom
@@ -0,0 +1,23 @@
+include "../../circuits/pointbits.circom";
+
+
+template Main() {
+ signal input in[2];
+
+ var i
+
+ component p2b = Point2Bits_Strict();
+ component b2p = Bits2Point_Strict();
+
+ p2b.in[0] <== in[0];
+ p2b.in[1] <== in[1];
+
+ for (i=0; i<256; i++) {
+ b2p.in[i] <== p2b.out[i];
+ }
+
+ b2p.out[0] === in[0];
+ b2p.out[1] === in[1];
+}
+
+component main = Main();
diff --git a/test/sha256.test.js b/test/sha256.test.js
new file mode 100644
index 00000000..e7344903
--- /dev/null
+++ b/test/sha256.test.js
@@ -0,0 +1,115 @@
+const chai = require("chai");
+const path = require("path");
+const snarkjs = require("snarkjs");
+const crypto = require("crypto");
+
+const assert = chai.assert;
+
+const sha256 = require("./helpers/sha256");
+
+const tester = require("circom").tester;
+
+// const printSignal = require("./helpers/printsignal");
+
+
+function buffer2bitArray(b) {
+ const res = [];
+ for (let i=0; i<b.length; i++) {
+ for (let j=0; j<8; j++) {
+ res.push((b[i] >> (7-j) &1));
+ }
+ }
+ return res;
+}
+
+function bitArray2buffer(a) {
+ const len = Math.floor((a.length -1 )/8)+1;
+ const b = new Buffer.alloc(len);
+
+ for (let i=0; i<a.length; i++) {
+ const p = Math.floor(i/8);
+ b[p] = b[p] | (Number(a[i]) << ( 7 - (i%8) ));
+ }
+ return b;
+}
+
+
+describe("SHA256 test", function () {
+ this.timeout(100000);
+
+
+ it("Should work bits to array and array to bits", async () => {
+ const b = new Buffer.alloc(64);
+ for (let i=0; i<64; i++) {
+ b[i] = i+1;
+ }
+ const a = buffer2bitArray(b);
+ const b2 = bitArray2buffer(a);
+
+ assert.equal(b.toString("hex"), b2.toString("hex"), true);
+ });
+
+ it("Should calculate a hash of 1 compressor", async () => {
+ const cir = await tester(path.join(__dirname, "circuits", "sha256_2_test.circom"));
+
+ const witness = await cir.calculateWitness({ "a": "1", "b": "2" }, true);
+
+ const b = new Buffer.alloc(54);
+ b[26] = 1;
+ b[53] = 2;
+
+ const hash = crypto.createHash("sha256")
+ .update(b)
+ .digest("hex");
+ const r = "0x" + hash.slice(10);
+
+ const hash2 = sha256.hash(b.toString("hex"), {msgFormat: "hex-bytes"});
+
+ assert.equal(hash, hash2);
+
+ assert(witness[1].equals(snarkjs.bigInt(r)));
+ }).timeout(1000000);
+
+ it("Should calculate a hash of 2 compressor", async () => {
+ const cir = await tester(path.join(__dirname, "circuits", "sha256_test512.circom"));
+
+ const b = new Buffer.alloc(64);
+ for (let i=0; i<64; i++) {
+ b[i] = i+1;
+ }
+
+ const hash = crypto.createHash("sha256")
+ .update(b)
+ .digest("hex");
+
+ const arrIn = buffer2bitArray(b);
+ const witness = await cir.calculateWitness({ "in": arrIn }, true);
+
+ const arrOut = witness.slice(1, 257);
+ const hash2 = bitArray2buffer(arrOut).toString("hex");
+
+ assert.equal(hash, hash2);
+
+ }).timeout(1000000);
+ it ("Should calculate a hash of 2 compressor", async () => {
+ const cir = await tester(path.join(__dirname, "circuits", "sha256_test448.circom"));
+
+ const testStr = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+
+ const b = Buffer.from(testStr, "utf8");
+
+ const hash = crypto.createHash("sha256")
+ .update(b)
+ .digest("hex");
+
+ const arrIn = buffer2bitArray(b);
+
+ const witness = await cir.calculateWitness({ "in": arrIn }, true);
+
+ const arrOut = witness.slice(1, 257);
+ const hash2 = bitArray2buffer(arrOut).toString("hex");
+
+ assert.equal(hash, hash2);
+ });
+
+});
diff --git a/test/sha256_2_test.circom b/test/sha256_2_test.circom
new file mode 100644
index 00000000..855423b3
--- /dev/null
+++ b/test/sha256_2_test.circom
@@ -0,0 +1,15 @@
+include "../../circuits/sha256/sha256_2.circom";
+
+template Main() {
+ signal private input a;
+ signal private input b;
+ signal output out;
+
+ component sha256_2 = Sha256_2();
+
+ sha256_2.a <== a;
+ sha256_2.b <== b;
+ out <== sha256_2.out;
+}
+
+component main = Main();
diff --git a/test/sha256_test448.circom b/test/sha256_test448.circom
new file mode 100644
index 00000000..9a5dbdc8
--- /dev/null
+++ b/test/sha256_test448.circom
@@ -0,0 +1,3 @@
+include "../../circuits/sha256/sha256.circom";
+
+component main = Sha256(448);
diff --git a/test/sha256_test512.circom b/test/sha256_test512.circom
new file mode 100644
index 00000000..dd8b11db
--- /dev/null
+++ b/test/sha256_test512.circom
@@ -0,0 +1,3 @@
+include "../../circuits/sha256/sha256.circom";
+
+component main = Sha256(512);
diff --git a/test/sign.test.js b/test/sign.test.js
new file mode 100644
index 00000000..b3e9452b
--- /dev/null
+++ b/test/sign.test.js
@@ -0,0 +1,79 @@
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+function print(circuit, w, s) {
+ console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+function getBits(v, n) {
+ const res = [];
+ for (let i=0; i<n; i++) {
+ if (v.shiftRight(i).isOdd()) {
+ res.push(bigInt.one);
+ } else {
+ res.push(bigInt.zero);
+ }
+ }
+ return res;
+}
+
+const q = bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617");
+
+describe("Sign test", function() {
+ let circuit;
+ this.timeout(100000);
+
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "circuits", "sign_test.circom"));
+ });
+
+ it("Sign of 0", async () => {
+ const inp = getBits(bigInt.zero, 254);
+ const w = await circuit.calculateWitness({in: inp}, true);
+
+ await circuit.assertOut(w, {sign: 0});
+ });
+
+ it("Sign of 3", async () => {
+ const inp = getBits(bigInt(3), 254);
+ const w = await circuit.calculateWitness({in: inp}, true);
+
+ await circuit.assertOut(w, {sign: 0});
+ });
+
+ it("Sign of q/2", async () => {
+ const inp = getBits(q.shiftRight(bigInt.one), 254);
+ const w = await circuit.calculateWitness({in: inp}, true);
+
+ await circuit.assertOut(w, {sign: 0});
+ });
+
+ it("Sign of q/2+1", async () => {
+ const inp = getBits(q.shiftRight(bigInt.one).add(bigInt.one), 254);
+ const w = await circuit.calculateWitness({in: inp}, true);
+
+ await circuit.assertOut(w, {sign: 1});
+ });
+
+ it("Sign of q-1", async () => {
+ const inp = getBits(q.minus(bigInt.one), 254);
+ const w = await circuit.calculateWitness({in: inp}, true);
+
+ await circuit.assertOut(w, {sign: 1});
+ });
+
+ it("Sign of q", async () => {
+ const inp = getBits(q, 254);
+ const w = await circuit.calculateWitness({in: inp}, true);
+
+ await circuit.assertOut(w, {sign: 1});
+ });
+
+ it("Sign of all ones", async () => {
+ const inp = getBits(bigInt(1).shiftLeft(254).minus(bigInt(1)), 254);
+ const w = await circuit.calculateWitness({in: inp}, true);
+
+ await circuit.assertOut(w, {sign: 1});
+ });
+});
diff --git a/test/sign_test.circom b/test/sign_test.circom
new file mode 100644
index 00000000..e6a6e3b6
--- /dev/null
+++ b/test/sign_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/sign.circom";
+
+component main = Sign();
diff --git a/test/sum_test.circom b/test/sum_test.circom
new file mode 100644
index 00000000..013d567e
--- /dev/null
+++ b/test/sum_test.circom
@@ -0,0 +1,31 @@
+include "../../circuits/bitify.circom"
+include "../../circuits/binsum.circom"
+
+template A() {
+ signal private input a;
+ signal input b;
+ signal output out;
+
+ var i;
+
+ component n2ba = Num2Bits(32);
+ component n2bb = Num2Bits(32);
+ component sum = BinSum(32,2);
+ component b2n = Bits2Num(32);
+
+ n2ba.in <== a;
+ n2bb.in <== b;
+
+ for (i=0; i<32; i++) {
+ sum.in[0][i] <== n2ba.out[i];
+ sum.in[1][i] <== n2bb.out[i];
+ }
+
+ for (i=0; i<32; i++) {
+ b2n.in[i] <== sum.out[i];
+ }
+
+ out <== b2n.out;
+}
+
+component main = A();
From 681e765a5b2f8a77fa8b95e2f2142901963bc087 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marta=20Bell=C3=A9s?=
<43028405+bellesmarta@users.noreply.github.com>
Date: Wed, 1 Apr 2020 10:02:40 +0200
Subject: [PATCH 04/27] Update README.md
---
circuits/basics/README.md | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/circuits/basics/README.md b/circuits/basics/README.md
index 04548b07..13a1e241 100644
--- a/circuits/basics/README.md
+++ b/circuits/basics/README.md
@@ -4,10 +4,10 @@ This folder contains the templates to do basic arithmetic operations.
## Structure of the Folder
-- [`aliascheck`](circuits/basics/aliascheck)
-- [`binary_arithmetic`](circuits/basics/binary_arithmetic)
- - [`binsub`](circuits/basics/binary_arithmetic/binsub)
- - [`binsum`](circuits/basics/binary_arithmetic/binsum)
+- [`aliascheck`](aliascheck)
+- [`binary_arithmetic`](binary_arithmetic)
+ - [`binsub`](binary_arithmetic/binsub)
+ - [`binsum`](binary_arithmetic/binsum)
- [`bitify`](circuits/basics/bitify)
- [`bits2num`](circuits/basics/bitify/bits2num)
- [`bits2num_strict`](circuits/basics/bitify/bits2num_strict)
@@ -45,4 +45,4 @@ This folder contains the templates to do basic arithmetic operations.
- [`mux3`](circuits/basics/mux/mux3)
- [`mux4`](circuits/basics/mux/mux4)
- [`sign`](circuits/basics/sign)
-- [`switcher`](circuits/basics/switcher)
\ No newline at end of file
+- [`switcher`](circuits/basics/switcher)
From 8a9b885c0cf9f4b766a5ef0d79437eec67ac575d Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 1 Apr 2020 10:19:31 +0200
Subject: [PATCH 05/27] Changed README links
---
circuits/README.md | 9 ---
circuits/basics/README.md | 76 +++++++++----------
circuits/basics/aliascheck/aliascheck.circom | 3 +-
circuits/basics/binary_arithmetic/README.md | 4 +-
circuits/basics/bitify/README.md | 10 +--
circuits/basics/comparators/README.md | 14 ++--
circuits/basics/logic_gates/README.md | 14 ++--
circuits/basics/multiplexer/README.md | 6 +-
circuits/basics/mux/README.md | 16 ++++
circuits/cryptography/README.md | 30 ++++----
.../cryptography/elliptic_curves/README.md | 34 ++++-----
.../elliptic_curves/baby_jubjub/README.md | 32 ++++----
.../cryptography/hash_functions/README.md | 22 +++---
.../hash_functions/mimc/README.md | 12 +++
14 files changed, 150 insertions(+), 132 deletions(-)
delete mode 100644 circuits/README.md
diff --git a/circuits/README.md b/circuits/README.md
deleted file mode 100644
index 15526200..00000000
--- a/circuits/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
-# `folder name`
-
-This folder contains the templates ... ".
-
-## Structure of the Folder
-
-TOC
-
-## Background on ... (if necessary)
\ No newline at end of file
diff --git a/circuits/basics/README.md b/circuits/basics/README.md
index 13a1e241..c5649da0 100644
--- a/circuits/basics/README.md
+++ b/circuits/basics/README.md
@@ -8,41 +8,41 @@ This folder contains the templates to do basic arithmetic operations.
- [`binary_arithmetic`](binary_arithmetic)
- [`binsub`](binary_arithmetic/binsub)
- [`binsum`](binary_arithmetic/binsum)
-- [`bitify`](circuits/basics/bitify)
- - [`bits2num`](circuits/basics/bitify/bits2num)
- - [`bits2num_strict`](circuits/basics/bitify/bits2num_strict)
- - [`num2bits`](circuits/basics/bitify/num2bits)
- - [`num2bits_strict`](circuits/basics/bitify/num2bits_strict)
- - [`num2bitsneg`](circuits/basics/bitify/num2bitsneg)
-- [`comparators`](circuits/basics/comparators)
- - [`forceequalifenabled`](circuits/basics/comparators/forceequalifenabled)
- - [`greatereqthan`](circuits/basics/comparators/greatereqthan)
- - [`greaterthan`](circuits/basics/comparators/greaterthan)
- - [`isequal`](circuits/basics/comparators/isequal)
- - [`iszero`](circuits/basics/comparators/iszero)
- - [`lesseqthan`](circuits/basics/comparators/lesseqthan)
- - [`lessthan`](circuits/basics/comparators/lessthan)
-- [`compconstant`](circuits/basics/compconstant)
-- [`logic_gates`](circuits/basics/logic_gates)
- - [`and`](circuits/basics/logic_gates/and)
- - [`multiand`](circuits/basics/logic_gates/multiand)
- - [`nand`](circuits/basics/logic_gates/nand)
- - [`nor`](circuits/basics/logic_gates/nor)
- - [`not`](circuits/basics/logic_gates/not)
- - [`or`](circuits/basics/logic_gates/or)
- - [`xor`](circuits/basics/logic_gates/xor)
-- [`multiplexer`](circuits/basics/multiplexer)
- - [`decoder`](circuits/basics/multiplexer/decoder)
- - [`multiplexer`](circuits/basics/multiplexer/multiplexer)
- - [`scalarproduct`](circuits/basics/multiplexer/scalarproduct)
-- [`mux`](circuits/basics/mux)
- - [`multimux1`](circuits/basics/mux/multimux1)
- - [`multimux2`](circuits/basics/mux/multimux2)
- - [`multimux3`](circuits/basics/mux/multimux3)
- - [`multimux4`](circuits/basics/mux/multimux4)
- - [`mux1`](circuits/basics/mux/mux1)
- - [`mux2`](circuits/basics/mux/mux2)
- - [`mux3`](circuits/basics/mux/mux3)
- - [`mux4`](circuits/basics/mux/mux4)
-- [`sign`](circuits/basics/sign)
-- [`switcher`](circuits/basics/switcher)
+- [`bitify`](bitify)
+ - [`bits2num`](bitify/bits2num)
+ - [`bits2num_strict`](bitify/bits2num_strict)
+ - [`num2bits`](bitify/num2bits)
+ - [`num2bits_strict`](bitify/num2bits_strict)
+ - [`num2bitsneg`](bitify/num2bitsneg)
+- [`comparators`](comparators)
+ - [`forceequalifenabled`](comparators/forceequalifenabled)
+ - [`greatereqthan`](comparators/greatereqthan)
+ - [`greaterthan`](comparators/greaterthan)
+ - [`isequal`](comparators/isequal)
+ - [`iszero`](comparators/iszero)
+ - [`lesseqthan`](comparators/lesseqthan)
+ - [`lessthan`](comparators/lessthan)
+- [`compconstant`](compconstant)
+- [`logic_gates`](logic_gates)
+ - [`and`](logic_gates/and)
+ - [`multiand`](logic_gates/multiand)
+ - [`nand`](logic_gates/nand)
+ - [`nor`](logic_gates/nor)
+ - [`not`](logic_gates/not)
+ - [`or`](logic_gates/or)
+ - [`xor`](logic_gates/xor)
+- [`multiplexer`](multiplexer)
+ - [`decoder`](multiplexer/decoder)
+ - [`multiplexer`](multiplexer/multiplexer)
+ - [`scalarproduct`](multiplexer/scalarproduct)
+- [`mux`](mux)
+ - [`multimux1`](mux/multimux1)
+ - [`multimux2`](mux/multimux2)
+ - [`multimux3`](mux/multimux3)
+ - [`multimux4`](mux/multimux4)
+ - [`mux1`](mux/mux1)
+ - [`mux2`](mux/mux2)
+ - [`mux3`](mux/mux3)
+ - [`mux4`](mux/mux4)
+- [`sign`](sign)
+- [`switcher`](switcher)
diff --git a/circuits/basics/aliascheck/aliascheck.circom b/circuits/basics/aliascheck/aliascheck.circom
index c4dfad57..9833f2f5 100644
--- a/circuits/basics/aliascheck/aliascheck.circom
+++ b/circuits/basics/aliascheck/aliascheck.circom
@@ -17,8 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "compconstant.circom";
-
+include "../compconstant/compconstant.circom";
template AliasCheck() {
diff --git a/circuits/basics/binary_arithmetic/README.md b/circuits/basics/binary_arithmetic/README.md
index 00d01e67..6b536c6e 100644
--- a/circuits/basics/binary_arithmetic/README.md
+++ b/circuits/basics/binary_arithmetic/README.md
@@ -6,5 +6,5 @@ This folder contains the templates to perform sums (`binsum.circom`) and substra
## Structure
-- [`binsub`](circuits/basics/binary_arithmetic/binsub)
-- [`binsum`](circuits/basics/binary_arithmetic/binsum)
\ No newline at end of file
+- [`binsub`](binsub)
+- [`binsum`](binsum)
\ No newline at end of file
diff --git a/circuits/basics/bitify/README.md b/circuits/basics/bitify/README.md
index 6982fba2..b5fac560 100644
--- a/circuits/basics/bitify/README.md
+++ b/circuits/basics/bitify/README.md
@@ -6,8 +6,8 @@ This folder contains the templates to perform conversions of numbers to binary a
## Structure
-- [`bits2num`](circuits/basics/bitify/bits2num)
-- [`bits2num_strict`](circuits/basics/bitify/bits2num_strict)
-- [`num2bits`](circuits/basics/bitify/num2bits)
-- [`num2bits_strict`](circuits/basics/bitify/num2bits_strict)
-- [`num2bitsneg`](circuits/basics/bitify/num2bitsneg)
\ No newline at end of file
+- [`bits2num`](bits2num)
+- [`bits2num_strict`](bits2num_strict)
+- [`num2bits`](num2bits)
+- [`num2bits_strict`](num2bits_strict)
+- [`num2bitsneg`](num2bitsneg)
\ No newline at end of file
diff --git a/circuits/basics/comparators/README.md b/circuits/basics/comparators/README.md
index f689fe71..ab113f02 100644
--- a/circuits/basics/comparators/README.md
+++ b/circuits/basics/comparators/README.md
@@ -6,10 +6,10 @@ This folder contains the templates to perform comparations of numbers. Each fold
## Structure
-- [`forceequalifenabled`](circuits/basics/comparators/forceequalifenabled)
-- [`greatereqthan`](circuits/basics/comparators/greatereqthan)
-- [`greaterthan`](circuits/basics/comparators/greaterthan)
-- [`isequal`](circuits/basics/comparators/isequal)
-- [`iszero`](circuits/basics/comparators/iszero)
-- [`lesseqthan`](circuits/basics/comparators/lesseqthan)
-- [`lessthan`](circuits/basics/comparators/lessthan)
\ No newline at end of file
+- [`forceequalifenabled`](forceequalifenabled)
+- [`greatereqthan`](greatereqthan)
+- [`greaterthan`](greaterthan)
+- [`isequal`](isequal)
+- [`iszero`](iszero)
+- [`lesseqthan`](lesseqthan)
+- [`lessthan`](lessthan)
\ No newline at end of file
diff --git a/circuits/basics/logic_gates/README.md b/circuits/basics/logic_gates/README.md
index 2725eba0..fef57e1c 100644
--- a/circuits/basics/logic_gates/README.md
+++ b/circuits/basics/logic_gates/README.md
@@ -6,10 +6,10 @@ This folder contains the templates to perform logic gates operations. Each folde
## Structure
-- [`and`](circuits/basics/logic_gates/and)
-- [`multiand`](circuits/basics/logic_gates/multiand)
-- [`nand`](circuits/basics/logic_gates/nand)
-- [`nor`](circuits/basics/logic_gates/nor)
-- [`not`](circuits/basics/logic_gates/not)
-- [`or`](circuits/basics/logic_gates/or)
-- [`xor`](circuits/basics/logic_gates/xor)
\ No newline at end of file
+- [`and`](and)
+- [`multiand`](multiand)
+- [`nand`](nand)
+- [`nor`](nor)
+- [`not`](not)
+- [`or`](or)
+- [`xor`](xor)
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/README.md b/circuits/basics/multiplexer/README.md
index f3abb5f1..72237239 100644
--- a/circuits/basics/multiplexer/README.md
+++ b/circuits/basics/multiplexer/README.md
@@ -6,6 +6,6 @@ This folder contains the templates to talkdfjlasjdf. Each folder contains a test
## Structure
-- [`decoder`](circuits/basics/multiplexer/decoder)
-- [`multiplexer`](circuits/basics/multiplexer/multiplexer)
-- [`scalarproduct`](circuits/basics/multiplexer/scalarproduct)
\ No newline at end of file
+- [`decoder`](decoder)
+- [`multiplexer`](multiplexer)
+- [`scalarproduct`](scalarproduct)
\ No newline at end of file
diff --git a/circuits/basics/mux/README.md b/circuits/basics/mux/README.md
index e69de29b..6ab6bbe9 100644
--- a/circuits/basics/mux/README.md
+++ b/circuits/basics/mux/README.md
@@ -0,0 +1,16 @@
+# `mux`
+
+## Description
+
+This folder contains the templates to talkdfjlasjdf. Each folder contains a test and README file specifying the template details.
+
+## Structure
+
+- [`multimux1`](multimux1)
+- [`multimux2`](multimux2)
+- [`multimux3`](multimux3)
+- [`multimux4`](multimux4)
+- [`mux1`](mux1)
+- [`mux2`](mux2)
+- [`mux3`](mux3)
+- [`mux4`](mux4)
\ No newline at end of file
diff --git a/circuits/cryptography/README.md b/circuits/cryptography/README.md
index c798537c..1525c38b 100644
--- a/circuits/cryptography/README.md
+++ b/circuits/cryptography/README.md
@@ -4,18 +4,18 @@ This folder contains the templates to compute cryptographic functions, such as h
## Structure of the folder
-- [`hash_functions`](doc/cryptography/hash_functions)
- - [`mimc`](doc/cryptography/hash_functions/mimc)
- - [`mimc7`](doc/cryptography/hash_functions/mimc/mimc7)
- - [`mimcfeistel`](doc/cryptography/hash_functions/mimc/mimcfeistel)
- - [`mimcsponge`](doc/cryptography/hash_functions/mimc/mimcsponge)
- - [`multimimc7`](doc/cryptography/hash_functions/mimc/multimimc7)
- - [`pedersen`](doc/cryptography/hash_functions/pedersen)
- - [`segment`](doc/cryptography/hash_functions/pedersen/segment)
- - [`window3`](doc/cryptography/hash_functions/pedersen/window3)
- - [`window4`](doc/cryptography/hash_functions/pedersen/window4)
- - [`poseidon`](doc/cryptography/hash_functions/poseidon)
- - [`sha256`](doc/cryptography/hash_functions/sha256)
-- [`signatures`](doc/cryptography/signatures)
- - [`eddsa`](doc/cryptography/signatures/eddsa)
-- [`smt`](doc/cryptography/smt)
\ No newline at end of file
+- [`hash_functions`](hash_functions)
+ - [`mimc`](hash_functions/mimc)
+ - [`mimc7`](hash_functions/mimc/mimc7)
+ - [`mimcfeistel`](hash_functions/mimc/mimcfeistel)
+ - [`mimcsponge`](hash_functions/mimc/mimcsponge)
+ - [`multimimc7`](hash_functions/mimc/multimimc7)
+ - [`pedersen`](hash_functions/pedersen)
+ - [`segment`](hash_functions/pedersen/segment)
+ - [`window3`](hash_functions/pedersen/window3)
+ - [`window4`](hash_functions/pedersen/window4)
+ - [`poseidon`](hash_functions/poseidon)
+ - [`sha256`](hash_functions/sha256)
+- [`signatures`](signatures)
+ - [`eddsa`](signatures/eddsa)
+- [`smt`](smt)
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/README.md b/circuits/cryptography/elliptic_curves/README.md
index 6a3b0e7c..1cf2f0d5 100644
--- a/circuits/cryptography/elliptic_curves/README.md
+++ b/circuits/cryptography/elliptic_curves/README.md
@@ -4,22 +4,22 @@ This folder contains the templates to do operations on different elliptic curves
## Structure of the Folder
-- [`baby_jubjub`](doc/elliptic_curves/baby_jubjub)
- - [`edwards`](doc/elliptic_curves/baby_jubjub/edwards)
- - [`babyadd`](doc/elliptic_curves/baby_jubjub/edwards/babyadd)
- - [`babycheck`](doc/elliptic_curves/baby_jubjub/edwards/babycheck)
- - [`babydbl`](doc/elliptic_curves/baby_jubjub/edwards/babydbl)
- - [`babypbk`](doc/elliptic_curves/baby_jubjub/edwards/babypbk)
- - [`scalar_mul`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul)
- - [`scalarmul`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul)
- - [`scalarmulany`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany)
- - [`scalarmulfix`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix)
- - [`scalarmulwtable`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable)
- - [`edwards2montgomery`](doc/elliptic_curves/baby_jubjub/edwards2montgomery)
- - [`montgomery`](doc/elliptic_curves/baby_jubjub/montgomery)
- - [`montgomeryadd`](doc/elliptic_curves/baby_jubjub/montgomery/montgomeryadd)
- - [`montgomerydouble`](doc/elliptic_curves/baby_jubjub/montgomery/montgomerydouble)
- - [`montgomery2edwards`](doc/elliptic_curves/baby_jubjub/montgomery2edwards)
- - [`point2bits`](doc/elliptic_curves/baby_jubjub/point2bits)
+- [`baby_jubjub`](baby_jubjub)
+ - [`edwards`](baby_jubjub/edwards)
+ - [`babyadd`](baby_jubjub/edwards/babyadd)
+ - [`babycheck`](baby_jubjub/edwards/babycheck)
+ - [`babydbl`](baby_jubjub/edwards/babydbl)
+ - [`babypbk`](baby_jubjub/edwards/babypbk)
+ - [`scalar_mul`](baby_jubjub/edwards/scalar_mul)
+ - [`scalarmul`](baby_jubjub/edwards/scalar_mul/scalarmul)
+ - [`scalarmulany`](baby_jubjub/edwards/scalar_mul/scalarmulany)
+ - [`scalarmulfix`](baby_jubjub/edwards/scalar_mul/scalarmulfix)
+ - [`scalarmulwtable`](baby_jubjub/edwards/scalar_mul/scalarmulwtable)
+ - [`edwards2montgomery`](baby_jubjub/edwards2montgomery)
+ - [`montgomery`](baby_jubjub/montgomery)
+ - [`montgomeryadd`](baby_jubjub/montgomery/montgomeryadd)
+ - [`montgomerydouble`](baby_jubjub/montgomery/montgomerydouble)
+ - [`montgomery2edwards`](baby_jubjub/montgomery2edwards)
+ - [`point2bits`](baby_jubjub/point2bits)
## Background on Elliptic Curves
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/README.md
index e8680c01..da09c1a3 100644
--- a/circuits/cryptography/elliptic_curves/baby_jubjub/README.md
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/README.md
@@ -4,21 +4,21 @@ This folder contains the templates to do operations on [Baby Jubjub](https://git
## Structure of the folder
-- [`edwards`](doc/elliptic_curves/baby_jubjub/edwards)
- - [`babyadd`](doc/elliptic_curves/baby_jubjub/edwards/babyadd)
- - [`babycheck`](doc/elliptic_curves/baby_jubjub/edwards/babycheck)
- - [`babydbl`](doc/elliptic_curves/baby_jubjub/edwards/babydbl)
- - [`babypbk`](doc/elliptic_curves/baby_jubjub/edwards/babypbk)
- - [`scalar_mul`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul)
- - [`scalarmul`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul)
- - [`scalarmulany`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany)
- - [`scalarmulfix`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix)
- - [`scalarmulwtable`](doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable)
-- [`edwards2montgomery`](doc/elliptic_curves/baby_jubjub/edwards2montgomery)
-- [`montgomery`](doc/elliptic_curves/baby_jubjub/montgomery)
- - [`montgomeryadd`](doc/elliptic_curves/baby_jubjub/montgomery/montgomeryadd)
- - [`montgomerydouble`](doc/elliptic_curves/baby_jubjub/montgomery/montgomerydouble)
-- [`montgomery2edwards`](doc/elliptic_curves/baby_jubjub/montgomery2edwards)
-- [`point2bits`](doc/elliptic_curves/baby_jubjub/point2bits)
+- [`edwards`](edwards)
+ - [`babyadd`](edwards/babyadd)
+ - [`babycheck`](edwards/babycheck)
+ - [`babydbl`](edwards/babydbl)
+ - [`babypbk`](edwards/babypbk)
+ - [`scalar_mul`](edwards/scalar_mul)
+ - [`scalarmul`](edwards/scalar_mul/scalarmul)
+ - [`scalarmulany`](edwards/scalar_mul/scalarmulany)
+ - [`scalarmulfix`](edwards/scalar_mul/scalarmulfix)
+ - [`scalarmulwtable`](edwards/scalar_mul/scalarmulwtable)
+- [`edwards2montgomery`](edwards2montgomery)
+- [`montgomery`](montgomery)
+ - [`montgomeryadd`](montgomery/montgomeryadd)
+ - [`montgomerydouble`](montgomery/montgomerydouble)
+- [`montgomery2edwards`](montgomery2edwards)
+- [`point2bits`](point2bits)
## Background on Baby Jubjub
\ No newline at end of file
diff --git a/circuits/cryptography/hash_functions/README.md b/circuits/cryptography/hash_functions/README.md
index 65d40657..86923f2c 100644
--- a/circuits/cryptography/hash_functions/README.md
+++ b/circuits/cryptography/hash_functions/README.md
@@ -4,17 +4,17 @@ This folder contains templates to compute hash functions in a circtom circuit.
## Structure of the Folder
-- [`mimc`](doc/cryptography/hash_functions/mimc)
- - [`mimc7`](doc/cryptography/hash_functions/mimc/mimc7)
- - [`mimcfeistel`](doc/cryptography/hash_functions/mimc/mimcfeistel)
- - [`mimcsponge`](doc/cryptography/hash_functions/mimc/mimcsponge)
- - [`multimimc7`](doc/cryptography/hash_functions/mimc/multimimc7)
-- [`pedersen`](doc/cryptography/hash_functions/pedersen)
- - [`segment`](doc/cryptography/hash_functions/pedersen/segment)
- - [`window3`](doc/cryptography/hash_functions/pedersen/window3)
- - [`window4`](doc/cryptography/hash_functions/pedersen/window4)
-- [`poseidon`](doc/cryptography/hash_functions/poseidon)
-- [`sha256`](doc/cryptography/hash_functions/sha256)
+- [`mimc`](mimc)
+ - [`mimc7`](mimc/mimc7)
+ - [`mimcfeistel`](mimc/mimcfeistel)
+ - [`mimcsponge`](mimc/mimcsponge)
+ - [`multimimc7`](mimc/multimimc7)
+- [`pedersen`](pedersen)
+ - [`segment`](pedersen/segment)
+ - [`window3`](pedersen/window3)
+ - [`window4`](pedersen/window4)
+- [`poseidon`](poseidon)
+- [`sha256`](sha256)
## Background on Hash Functions
diff --git a/circuits/cryptography/hash_functions/mimc/README.md b/circuits/cryptography/hash_functions/mimc/README.md
index e69de29b..bbdaf32b 100644
--- a/circuits/cryptography/hash_functions/mimc/README.md
+++ b/circuits/cryptography/hash_functions/mimc/README.md
@@ -0,0 +1,12 @@
+# `mimc`
+
+This folder contains the templates to do operations on different elliptic curves.
+
+## Structure of the Folder
+
+- [`mimc7`](mimc7)
+- [`mimcfeistel`](mimcfeistel)
+- [`mimcsponge`](mimcsponge)
+- [`multimimc7`](multimimc7)
+
+## Background on Elliptic Curves
\ No newline at end of file
From 297afdca575fc374a72d2c7dac12bc2ced22d5a9 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 1 Apr 2020 10:24:26 +0200
Subject: [PATCH 06/27] Changed README links
---
README.md | 158 ++++++++++++++++++++++++++++--------------------------
1 file changed, 81 insertions(+), 77 deletions(-)
diff --git a/README.md b/README.md
index 1f5fba0f..c8458097 100644
--- a/README.md
+++ b/README.md
@@ -18,81 +18,85 @@ This respository contains 5 folders:
A description of the specific circuit templates for the `circuit` folder will be soon updated.
-## Structure of the Library
+## Structure of the Library (circuits)
-TODO: CHANGE IT!!!!!
-
-- [`basics`](circomlib-doc/basics)
- - [`aliascheck`](circomlib-doc/basics/aliascheck)
- - [`binary_arithmetic`](circomlib-doc/basics/binary_arithmetic)
- - [`binsub`](circomlib-doc/basics/binary_arithmetic/binsub)
- - [`binsum`](circomlib-doc/basics/binary_arithmetic/binsum)
- - [`bitify`](circomlib-doc/basics/bitify)
- - [`bits2num`](circomlib-doc/basics/bitify/bits2num)
- - [`bits2num_strict`](circomlib-doc/basics/bitify/bits2num_strict)
- - [`num2bits`](circomlib-doc/basics/bitify/num2bits)
- - [`num2bits_strict`](circomlib-doc/basics/bitify/num2bits_strict)
- - [`num2bitsneg`](circomlib-doc/basics/bitify/num2bitsneg)
- - [`comparators`](circomlib-doc/basics/comparators)
- - [`forceequalifenable`](circomlib-doc/basics/comparators/forceequalifenable)
- - [`greatereqthan`](circomlib-doc/basics/comparators/greatereqthan)
- - [`greaterthan`](circomlib-doc/basics/comparators/greaterthan)
- - [`isequal`](circomlib-doc/basics/comparators/isequal)
- - [`iszero`](circomlib-doc/basics/comparators/iszero)
- - [`lesseqthan`](circomlib-doc/basics/comparators/lesseqthan)
- - [`lessthan`](circomlib-doc/basics/comparators/lessthan)
- - [`compconstant`](circomlib-doc/basics/compconstant)
- - [`logic_gates`](circomlib-doc/basics/logic_gates)
- - [`AND`](circomlib-doc/basics/logic_gates/AND)
- - [`MultiAND`](circomlib-doc/basics/logic_gates/MultiAND)
- - [`NAND`](circomlib-doc/basics/logic_gates/NAND)
- - [`NOR`](circomlib-doc/basics/logic_gates/NOR)
- - [`NOT`](circomlib-doc/basics/logic_gates/NOT)
- - [`OR`](circomlib-doc/basics/logic_gates/OR)
- - [`XOR`](circomlib-doc/basics/logic_gates/XOR)
- - [`multiplexer`](circomlib-doc/basics/multiplexer)
- - [`mux`](circomlib-doc/basics/mux)
- - [`multimux1`](circomlib-doc/basics/mux/multimux1)
- - [`multimux2`](circomlib-doc/basics/mux/multimux2)
- - [`multimux3`](circomlib-doc/basics/mux/multimux3)
- - [`multimux4`](circomlib-doc/basics/mux/multimux4)
- - [`mux1`](circomlib-doc/basics/mux/mux1)
- - [`mux2`](circomlib-doc/basics/mux/mux2)
- - [`mux3`](circomlib-doc/basics/mux/mux3)
- - [`mux4`](circomlib-doc/basics/mux/mux4)
- - [`sign`](circomlib-doc/basics/sign)
- - [`switcher`](circomlib-doc/basics/switcher)
-- [`cryptography`](circomlib-doc/cryptography)
- - [`hash_functions`](circomlib-doc/cryptography/hash_functions)
- - [`mimc`](circomlib-doc/cryptography/hash_functions/mimc)
- - [`mimc7`](circomlib-doc/cryptography/hash_functions/mimc/mimc7)
- - [`mimcfeistel`](circomlib-doc/cryptography/hash_functions/mimc/mimcfeistel)
- - [`mimcsponge`](circomlib-doc/cryptography/hash_functions/mimc/mimcsponge)
- - [`multimimc7`](circomlib-doc/cryptography/hash_functions/mimc/multimimc7)
- - [`pedersen`](circomlib-doc/cryptography/hash_functions/pedersen)
- - [`segment`](circomlib-doc/cryptography/hash_functions/pedersen/segment)
- - [`window3`](circomlib-doc/cryptography/hash_functions/pedersen/window3)
- - [`window4`](circomlib-doc/cryptography/hash_functions/pedersen/window4)
- - [`poseidon`](circomlib-doc/cryptography/hash_functions/poseidon)
- - [`sha256`](circomlib-doc/cryptography/hash_functions/sha256)
- - [`signatures`](circomlib-doc/cryptography/signatures)
- - [`eddsa`](circomlib-doc/cryptography/signatures/eddsa)
- - [`smt`](circomlib-doc/cryptography/smt)
-- [`elliptic_curves`](circomlib-doc/elliptic_curves)
- - [`baby_jubjub`](circomlib-doc/elliptic_curves/baby_jubjub)
- - [`edwards`](circomlib-doc/elliptic_curves/baby_jubjub/edwards)
- - [`babyadd`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/babyadd)
- - [`babycheck`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/babycheck)
- - [`babydbl`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/babydbl)
- - [`babypbk`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/babypbk)
- - [`scalar_mul`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/scalar_mul)
- - [`scalarmul`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul)
- - [`scalarmulany`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany)
- - [`scalarmulfix`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix)
- - [`scalarmulwtable`](circomlib-doc/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable)
- - [`edwards2montgomery`](circomlib-doc/elliptic_curves/baby_jubjub/edwards2montgomery)
- - [`montgomery`](circomlib-doc/elliptic_curves/baby_jubjub/montgomery)
- - [`montgomeryadd`](circomlib-doc/elliptic_curves/baby_jubjub/montgomery/montgomeryadd)
- - [`montgomerydouble`](circomlib-doc/elliptic_curves/baby_jubjub/montgomery/montgomerydouble)
- - [`montgomery2edwards`](circomlib-doc/elliptic_curves/baby_jubjub/montgomery2edwards)
- - [`point2bits`](circomlib-doc/elliptic_curves/baby_jubjub/point2bits)
+- [`basics`](circuits/basics)
+ - [`aliascheck`](circuits/basics/aliascheck)
+ - [`binary_arithmetic`](circuits/basics/binary_arithmetic)
+ - [`binsub`](circuits/basics/binary_arithmetic/binsub)
+ - [`binsum`](circuits/basics/binary_arithmetic/binsum)
+ - [`bitify`](circuits/basics/bitify)
+ - [`bits2num`](circuits/basics/bitify/bits2num)
+ - [`bits2num_strict`](circuits/basics/bitify/bits2num_strict)
+ - [`num2bits`](circuits/basics/bitify/num2bits)
+ - [`num2bits_strict`](circuits/basics/bitify/num2bits_strict)
+ - [`num2bitsneg`](circuits/basics/bitify/num2bitsneg)
+ - [`comparators`](circuits/basics/comparators)
+ - [`forceequalifenabled`](circuits/basics/comparators/forceequalifenabled)
+ - [`greatereqthan`](circuits/basics/comparators/greatereqthan)
+ - [`greaterthan`](circuits/basics/comparators/greaterthan)
+ - [`isequal`](circuits/basics/comparators/isequal)
+ - [`iszero`](circuits/basics/comparators/iszero)
+ - [`lesseqthan`](circuits/basics/comparators/lesseqthan)
+ - [`lessthan`](circuits/basics/comparators/lessthan)
+ - [`compconstant`](circuits/basics/compconstant)
+ - [`logic_gates`](circuits/basics/logic_gates)
+ - [`and`](circuits/basics/logic_gates/and)
+ - [`multiand`](circuits/basics/logic_gates/multiand)
+ - [`nand`](circuits/basics/logic_gates/nand)
+ - [`nor`](circuits/basics/logic_gates/nor)
+ - [`not`](circuits/basics/logic_gates/not)
+ - [`or`](circuits/basics/logic_gates/or)
+ - [`xor`](circuits/basics/logic_gates/xor)
+ - [`multiplexer`](circuits/basics/multiplexer)
+ - [`decoder`](circuits/basics/multiplexer/decoder)
+ - [`multiplexer`](circuits/basics/multiplexer/multiplexer)
+ - [`scalarproduct`](circuits/basics/multiplexer/scalarproduct)
+ - [`mux`](circuits/basics/mux)
+ - [`multimux1`](circuits/basics/mux/multimux1)
+ - [`multimux2`](circuits/basics/mux/multimux2)
+ - [`multimux3`](circuits/basics/mux/multimux3)
+ - [`multimux4`](circuits/basics/mux/multimux4)
+ - [`mux1`](circuits/basics/mux/mux1)
+ - [`mux2`](circuits/basics/mux/mux2)
+ - [`mux3`](circuits/basics/mux/mux3)
+ - [`mux4`](circuits/basics/mux/mux4)
+ - [`sign`](circuits/basics/sign)
+ - [`switcher`](circuits/basics/switcher)
+- [`cryptography`](circuits/cryptography)
+ - [`elliptic_curves`](circuits/cryptography/elliptic_curves)
+ - [`baby_jubjub`](circuits/cryptography/elliptic_curves/baby_jubjub)
+ - [`edwards`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards)
+ - [`babyadd`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd)
+ - [`babycheck`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck)
+ - [`babydbl`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl)
+ - [`babypbk`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk)
+ - [`scalar_mul`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul)
+ - [`scalarmul`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul)
+ - [`scalarmulany`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany)
+ - [`scalarmulfix`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix)
+ - [`scalarmulwtable`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable)
+ - [`edwards2montgomery`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards2montgomery)
+ - [`montgomery`](circuits/cryptography/elliptic_curves/baby_jubjub/montgomery)
+ - [`montgomeryadd`](circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomeryadd)
+ - [`montgomerydouble`](circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomerydouble)
+ - [`montgomery2edwards`](circuits/cryptography/elliptic_curves/baby_jubjub/montgomery2edwards)
+ - [`point2bits`](circuits/cryptography/elliptic_curves/baby_jubjub/point2bits)
+ - [`hash_functions`](circuits/cryptography/hash_functions)
+ - [`mimc`](circuits/cryptography/hash_functions/mimc)
+ - [`mimc7`](circuits/cryptography/hash_functions/mimc/mimc7)
+ - [`mimcfeistel`](circuits/cryptography/hash_functions/mimc/mimcfeistel)
+ - [`mimcsponge`](circuits/cryptography/hash_functions/mimc/mimcsponge)
+ - [`multimimc7`](circuits/cryptography/hash_functions/mimc/multimimc7)
+ - [`pedersen`](circuits/cryptography/hash_functions/pedersen)
+ - [`pedersen`](circuits/cryptography/hash_functions/pedersen/pedersen)
+ - [`pedersen_old`](circuits/cryptography/hash_functions/pedersen/pedersen_old)
+ - [`poseidon`](circuits/cryptography/hash_functions/poseidon)
+ - [`sha256`](circuits/cryptography/hash_functions/sha256)
+ - [`signatures`](circuits/cryptography/signatures)
+ - [`eddsa`](circuits/cryptography/signatures/eddsa)
+ - [`eddsa`](circuits/cryptography/signatures/eddsa/eddsa)
+ - [`eddsamimc`](circuits/cryptography/signatures/eddsa/eddsamimc)
+ - [`eddsamimcsponge`](circuits/cryptography/signatures/eddsa/eddsamimcsponge)
+ - [`eddsaposeidon`](circuits/cryptography/signatures/eddsa/eddsaposeidon)
+ - [`smt`](circuits/cryptography/smt)
\ No newline at end of file
From 7b803241d8a60e24d2251c2c2ce8b52b7d2f9db7 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 1 Apr 2020 10:24:39 +0200
Subject: [PATCH 07/27] Changed README links
---
circuits/README.md | 86 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 86 insertions(+)
create mode 100644 circuits/README.md
diff --git a/circuits/README.md b/circuits/README.md
new file mode 100644
index 00000000..6f0da5f4
--- /dev/null
+++ b/circuits/README.md
@@ -0,0 +1,86 @@
+# `circuits`
+
+This is the library of templates of functions for [`circom`](https://github.com/iden3/circom), a circuit compiler for zero-knowledge circuits.
+
+## Structure of the folder
+
+- [`basics`](basics)
+ - [`aliascheck`](basics/aliascheck)
+ - [`binary_arithmetic`](basics/binary_arithmetic)
+ - [`binsub`](basics/binary_arithmetic/binsub)
+ - [`binsum`](basics/binary_arithmetic/binsum)
+ - [`bitify`](basics/bitify)
+ - [`bits2num`](basics/bitify/bits2num)
+ - [`bits2num_strict`](basics/bitify/bits2num_strict)
+ - [`num2bits`](basics/bitify/num2bits)
+ - [`num2bits_strict`](basics/bitify/num2bits_strict)
+ - [`num2bitsneg`](basics/bitify/num2bitsneg)
+ - [`comparators`](basics/comparators)
+ - [`forceequalifenabled`](basics/comparators/forceequalifenabled)
+ - [`greatereqthan`](basics/comparators/greatereqthan)
+ - [`greaterthan`](basics/comparators/greaterthan)
+ - [`isequal`](basics/comparators/isequal)
+ - [`iszero`](basics/comparators/iszero)
+ - [`lesseqthan`](basics/comparators/lesseqthan)
+ - [`lessthan`](basics/comparators/lessthan)
+ - [`compconstant`](basics/compconstant)
+ - [`logic_gates`](basics/logic_gates)
+ - [`and`](basics/logic_gates/and)
+ - [`multiand`](basics/logic_gates/multiand)
+ - [`nand`](basics/logic_gates/nand)
+ - [`nor`](basics/logic_gates/nor)
+ - [`not`](basics/logic_gates/not)
+ - [`or`](basics/logic_gates/or)
+ - [`xor`](basics/logic_gates/xor)
+ - [`multiplexer`](basics/multiplexer)
+ - [`decoder`](basics/multiplexer/decoder)
+ - [`multiplexer`](basics/multiplexer/multiplexer)
+ - [`scalarproduct`](basics/multiplexer/scalarproduct)
+ - [`mux`](basics/mux)
+ - [`multimux1`](basics/mux/multimux1)
+ - [`multimux2`](basics/mux/multimux2)
+ - [`multimux3`](basics/mux/multimux3)
+ - [`multimux4`](basics/mux/multimux4)
+ - [`mux1`](basics/mux/mux1)
+ - [`mux2`](basics/mux/mux2)
+ - [`mux3`](basics/mux/mux3)
+ - [`mux4`](basics/mux/mux4)
+ - [`sign`](basics/sign)
+ - [`switcher`](basics/switcher)
+- [`cryptography`](cryptography)
+ - [`elliptic_curves`](cryptography/elliptic_curves)
+ - [`baby_jubjub`](cryptography/elliptic_curves/baby_jubjub)
+ - [`edwards`](cryptography/elliptic_curves/baby_jubjub/edwards)
+ - [`babyadd`](cryptography/elliptic_curves/baby_jubjub/edwards/babyadd)
+ - [`babycheck`](cryptography/elliptic_curves/baby_jubjub/edwards/babycheck)
+ - [`babydbl`](cryptography/elliptic_curves/baby_jubjub/edwards/babydbl)
+ - [`babypbk`](cryptography/elliptic_curves/baby_jubjub/edwards/babypbk)
+ - [`scalar_mul`](cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul)
+ - [`scalarmul`](cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul)
+ - [`scalarmulany`](cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany)
+ - [`scalarmulfix`](cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix)
+ - [`scalarmulwtable`](cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable)
+ - [`edwards2montgomery`](cryptography/elliptic_curves/baby_jubjub/edwards2montgomery)
+ - [`montgomery`](cryptography/elliptic_curves/baby_jubjub/montgomery)
+ - [`montgomeryadd`](cryptography/elliptic_curves/baby_jubjub/montgomery/montgomeryadd)
+ - [`montgomerydouble`](cryptography/elliptic_curves/baby_jubjub/montgomery/montgomerydouble)
+ - [`montgomery2edwards`](cryptography/elliptic_curves/baby_jubjub/montgomery2edwards)
+ - [`point2bits`](cryptography/elliptic_curves/baby_jubjub/point2bits)
+ - [`hash_functions`](cryptography/hash_functions)
+ - [`mimc`](cryptography/hash_functions/mimc)
+ - [`mimc7`](cryptography/hash_functions/mimc/mimc7)
+ - [`mimcfeistel`](cryptography/hash_functions/mimc/mimcfeistel)
+ - [`mimcsponge`](cryptography/hash_functions/mimc/mimcsponge)
+ - [`multimimc7`](cryptography/hash_functions/mimc/multimimc7)
+ - [`pedersen`](cryptography/hash_functions/pedersen)
+ - [`pedersen`](cryptography/hash_functions/pedersen/pedersen)
+ - [`pedersen_old`](cryptography/hash_functions/pedersen/pedersen_old)
+ - [`poseidon`](cryptography/hash_functions/poseidon)
+ - [`sha256`](cryptography/hash_functions/sha256)
+ - [`signatures`](cryptography/signatures)
+ - [`eddsa`](cryptography/signatures/eddsa)
+ - [`eddsa`](cryptography/signatures/eddsa/eddsa)
+ - [`eddsamimc`](cryptography/signatures/eddsa/eddsamimc)
+ - [`eddsamimcsponge`](cryptography/signatures/eddsa/eddsamimcsponge)
+ - [`eddsaposeidon`](cryptography/signatures/eddsa/eddsaposeidon)
+ - [`smt`](cryptography/smt)
\ No newline at end of file
From 67ce95de0a74ea427060ebe64a16b47dac2180f1 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 1 Apr 2020 13:05:37 +0200
Subject: [PATCH 08/27] Worked on circuits description
---
.../basics/bitify/bits2num_strict/README.md | 7 ++--
circuits/basics/bitify/num2bits/README.md | 24 ++++++--------
.../basics/bitify/num2bits_strict/README.md | 19 +++++------
circuits/basics/bitify/num2bitsneg/README.md | 20 ++++--------
.../comparators/forceequalifenabled/README.md | 20 ++++++++++++
.../comparators/greatereqthan/README.md | 23 +++++++++++--
.../basics/comparators/greaterthan/README.md | 23 +++++++++++--
circuits/basics/comparators/isequal/README.md | 23 ++++++++++---
circuits/basics/comparators/iszero/README.md | 22 ++++++++++---
.../basics/comparators/lesseqthan/README.md | 19 +++++++++++
.../basics/comparators/lessthan/README.md | 26 ++++++++++++---
.../comparators/lessthan/lessthan.circom | 32 ++++++++++++++++++-
12 files changed, 200 insertions(+), 58 deletions(-)
diff --git a/circuits/basics/bitify/bits2num_strict/README.md b/circuits/basics/bitify/bits2num_strict/README.md
index 1922a1d0..1a9dbc83 100644
--- a/circuits/basics/bitify/bits2num_strict/README.md
+++ b/circuits/basics/bitify/bits2num_strict/README.md
@@ -3,7 +3,9 @@
## Description
This template converts a binary number `in[n]` of `n` bits to its
-integer representation STRICT
+integer representation STRICT
+
+<!--- TODO: Add strict description. -->
## Schema
@@ -28,7 +30,8 @@ The input `in[n]` is an array of `n` binary numbers.
## Outputs
-The output `out` is an integer TODO: (a field element?).
+The output `out` is an integer (a field element?).
+<!--- TODO: an integer as a field element? -->
## Benchmarks
diff --git a/circuits/basics/bitify/num2bits/README.md b/circuits/basics/bitify/num2bits/README.md
index 352e547c..86d04256 100644
--- a/circuits/basics/bitify/num2bits/README.md
+++ b/circuits/basics/bitify/num2bits/README.md
@@ -2,37 +2,33 @@
## Description
-This template converts a binary number `in[n]` of `n` bits to its
-integer representation STRICT
+This template converts a field element (i.e. is there a max of bits)? `in` to its binary representation `out[n]`.
## Schema
```
- _____________________
- | |
-in[n] ----> | Num2Bits(n) | ----> out
- |_____________________|
+ _____________________
+ | |
+in ----> | Num2Bits(n) | ----> out[n]
+ |_____________________|
```
-
## Dependencies
-```
-include "../../aliascheck/aliascheck.circom";
-include "../bits2num/bits2num.circom";
-```
+None.
## Inputs
signal input in;
signal output out[n];
-The input `in` is a .
+The input `in` is a (field element?) of ? bits.
+ signal output out[n];
## Outputs
-The output `out` is an integer TODO: (a field element?).
-
+The output `out[n]` is an array of `n` binary numbers representing a binary number.
+<!--- TODO: Add the order of the representation, i.e. out0] vs. out[n-1] -->
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/bitify/num2bits_strict/README.md b/circuits/basics/bitify/num2bits_strict/README.md
index b73857a9..571722b1 100644
--- a/circuits/basics/bitify/num2bits_strict/README.md
+++ b/circuits/basics/bitify/num2bits_strict/README.md
@@ -2,16 +2,16 @@
## Description
-This template converts a binary number `in[n]` of `n` bits to its
+This template converts a field element (i.e. is there a max of bits)? `in` to its binary representation `out[254]`.
integer representation STRICT
## Schema
```
- _____________________
- | |
-in[n] ----> | Num2Bits(n) | ----> out
- |_____________________|
+ _____________________
+ | |
+in ----> | Num2Bits_strict() | ----> out[254]
+ |_____________________|
```
@@ -19,19 +19,20 @@ in[n] ----> | Num2Bits(n) | ----> out
```
include "../../aliascheck/aliascheck.circom";
-include "../bits2num/bits2num.circom";
+include "../num2bits/num2bits.circom"```
```
## Inputs
- signal input in;
- signal output out[n];
+signal input in;
+signal output out[254];
The input `in` is a .
## Outputs
-The output `out` is an integer TODO: (a field element?).
+The output `out[254]` is an array of 254 binary numbers.
+<!--- TODO: Add the order of the representation, i.e. out[0] vs. out[253] -->
## Benchmarks
diff --git a/circuits/basics/bitify/num2bitsneg/README.md b/circuits/basics/bitify/num2bitsneg/README.md
index 28e5c506..1e830acc 100644
--- a/circuits/basics/bitify/num2bitsneg/README.md
+++ b/circuits/basics/bitify/num2bitsneg/README.md
@@ -2,32 +2,26 @@
## Description
-This template converts a binary number `in[n]` of `n` bits to its
-integer representation STRICT
+This template converts a ...
## Schema
```
- _____________________
- | |
-in[n] ----> | Num2Bits(n) | ----> out
- |_____________________|
+ ____________________
+ | |
+in ----> | Num2BitsNeg(n) | ----> out[n]
+ |____________________|
```
-
## Dependencies
```
-include "../../aliascheck/aliascheck.circom";
-include "../bits2num/bits2num.circom";
+include "../../comparators/iszero/iszero.circom";
```
## Inputs
- signal input in;
- signal output out[n];
-
-The input `in` is a .
+...
## Outputs
diff --git a/circuits/basics/comparators/forceequalifenabled/README.md b/circuits/basics/comparators/forceequalifenabled/README.md
index 0141215b..0070ce92 100644
--- a/circuits/basics/comparators/forceequalifenabled/README.md
+++ b/circuits/basics/comparators/forceequalifenabled/README.md
@@ -2,18 +2,38 @@
PATH HERE: ~/CircomLib/Circuits/...
+TODO:
+- Add signal input enabled;
+- Out?
+
## Background
## Description
## Schema
+```
+ _________________________
+ | |
+in[2] ----> | ForceEqualIfEnabled() | ----> out
+ |_________________________|
+```
+
## Dependencies
+```
+include "../iszero/iszero.circom";
+```
+
## Inputs
+- Add signal input enabled;
+- in[2]
+
## Outputs
+?
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/greatereqthan/README.md b/circuits/basics/comparators/greatereqthan/README.md
index 958d99f2..c5fdd8f4 100644
--- a/circuits/basics/comparators/greatereqthan/README.md
+++ b/circuits/basics/comparators/greatereqthan/README.md
@@ -1,19 +1,36 @@
# `GreaterEqThan(n)`
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+TODO: The MSF is the sign bit.
## Description
+This template compares two inputs (field elements?) and returns 0 if the first is greater or equal than the second and 1 otherwise.
+
## Schema
+```
+ ____________________
+ | |
+in[2] ----> | GreaterEqThan(n) | ----> out
+ |____________________|
+```
+
## Dependencies
+```
+include "../lessthan/lessthan.circom";
+```
+
## Inputs
+- `in[2]`: an array of 2 inputs? of `n` bits each.
+
## Outputs
+A boolean `out`:
+- `out = 0` if `in[0]` is greater or equal than `in[1]`.
+- `out = 1` if `in[0]` is less than `in[1]`.
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/greaterthan/README.md b/circuits/basics/comparators/greaterthan/README.md
index 04c783c5..26b47691 100644
--- a/circuits/basics/comparators/greaterthan/README.md
+++ b/circuits/basics/comparators/greaterthan/README.md
@@ -1,19 +1,36 @@
# `GreaterThan(n)`
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+TODO: The MSF is the sign bit.
## Description
+This template compares two inputs (field elements?) and returns 0 if the first is greater than the second and 1 otherwise.
+
## Schema
+```
+ __________________
+ | |
+in[2] ----> | GreaterThan(n) | ----> out
+ |__________________|
+```
+
## Dependencies
+```
+include "../lessthan/lessthan.circom";
+```
+
## Inputs
+- `in[2]`: an array of 2 inputs? of `n` bits each.
+
## Outputs
+A boolean `out`:
+- `out = 0` if `in[0]` is greater than `in[1]`.
+- `out = 1` if `in[0]` is less or equal than `in[1]`.
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/isequal/README.md b/circuits/basics/comparators/isequal/README.md
index eb4a31e2..11aa7fcf 100644
--- a/circuits/basics/comparators/isequal/README.md
+++ b/circuits/basics/comparators/isequal/README.md
@@ -1,19 +1,34 @@
# `IsEqual()`
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
## Description
+This template checks if two inputs (field elements?) are equal. (It substracts the inputs and checks if it is zero.)
+
## Schema
+```
+ _____________
+ | |
+in[2] ----> | IsEqual() | ----> out
+ |_____________|
+```
+
## Dependencies
+```
+include "../iszero/iszero.circom";
+```
+
## Inputs
+- `in[2]`: an array of 2 inputs? of `n` bits each (n is nowhere)??? field elements?
+
## Outputs
+A boolean `out`: (same logic as isZero)
+- `out = 0` if `in[0] != in[1]`.
+- `out = 1` if `in[0] = in[1]`.
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/iszero/README.md b/circuits/basics/comparators/iszero/README.md
index f7856c57..c72f7bbd 100644
--- a/circuits/basics/comparators/iszero/README.md
+++ b/circuits/basics/comparators/iszero/README.md
@@ -1,19 +1,33 @@
# `IsZero()`
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
## Description
+This template checks if the input `in` is zero.
+(it does by checking if the input has an inverse or not. As working in a field element, the only element with no inverse is the zero).
+
## Schema
+```
+ ____________
+ | |
+in ----> | IsZero() | ----> out
+ |____________|
+```
+
## Dependencies
+None.
+
## Inputs
+- `in`: a field element??.
+
## Outputs
+A boolean `out`:
+- `out = 0` if `in != 0`.
+- `out = 1` if `in = 0`.
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/lesseqthan/README.md b/circuits/basics/comparators/lesseqthan/README.md
index b7eb438a..e24c11f4 100644
--- a/circuits/basics/comparators/lesseqthan/README.md
+++ b/circuits/basics/comparators/lesseqthan/README.md
@@ -6,14 +6,33 @@ PATH HERE: ~/CircomLib/Circuits/...
## Description
+This template compares two inputs (field elements?) and returns 0 if the first is less or equal than the second and 1 otherwise.
+
## Schema
+```
+ _________________
+ | |
+in[2] ----> | LessEqThan(n) | ----> out
+ |_________________|
+```
+
## Dependencies
+```
+include "../lessthan/lessthan.circom";
+```
+
## Inputs
+- `in[2]`: an array of 2 inputs? of `n` bits each.
+
## Outputs
+A boolean `out`:
+- `out = 0` if `in[0]` is less or equal than `in[1]`.
+- `out = 1` if `in[0]` is greater than `in[1]`.
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/lessthan/README.md b/circuits/basics/comparators/lessthan/README.md
index c5b13bcf..d2462a57 100644
--- a/circuits/basics/comparators/lessthan/README.md
+++ b/circuits/basics/comparators/lessthan/README.md
@@ -1,19 +1,35 @@
-# Name of Template
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+# `LessThan(n)`
## Description
+This template compares two inputs (field elements?) and returns 0 if the first is less than the second and 1 otherwise.
+It converts the inputs to binary and compares the bits.
+
## Schema
+```
+ _______________
+ | |
+in[2] ----> | LessThan(n) | ----> out
+ |_______________|
+```
+
## Dependencies
+```
+include "../../bitify/num2bits/num2bits.circom";
+```
+
## Inputs
+- `in[2]`: an array of 2 inputs? of `n` bits each.
+
## Outputs
+A boolean `out`:
+- `out = 0` if `in[0]` is less or equal than `in[1]`.
+- `out = 1` if `in[0]` is greater than `in[1]`.
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/comparators/lessthan/lessthan.circom b/circuits/basics/comparators/lessthan/lessthan.circom
index 4c1f39fa..57b9f693 100644
--- a/circuits/basics/comparators/lessthan/lessthan.circom
+++ b/circuits/basics/comparators/lessthan/lessthan.circom
@@ -28,4 +28,34 @@ template LessThan(n) {
n2b.in <== in[0]+ (1<<n) - in[1];
out <== 1-n2b.out[n];
-}
\ No newline at end of file
+}
+
+/*
+// N is the number of bits the input have.
+// The MSF is the sign bit.
+template LessThan(n) {
+ signal input in[2];
+ signal output out;
+
+ component num2Bits0;
+ component num2Bits1;
+
+ component adder;
+
+ adder = BinSum(n, 2);
+
+ num2Bits0 = Num2Bits(n);
+ num2Bits1 = Num2BitsNeg(n);
+
+ in[0] ==> num2Bits0.in;
+ in[1] ==> num2Bits1.in;
+
+ var i;
+ for (i=0;i<n;i++) {
+ num2Bits0.out[i] ==> adder.in[0][i];
+ num2Bits1.out[i] ==> adder.in[1][i];
+ }
+
+ adder.out[n-1] ==> out;
+}
+*/
\ No newline at end of file
From b8af78d74173e4bee937034b29a409a1bed03544 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 1 Apr 2020 17:57:36 +0200
Subject: [PATCH 09/27] Worked on description of circuits
---
.../baby_jubjub/edwards/babyadd/README.md | 17 +++---
.../edwards/babyadd/babyadd.circom | 46 +++++++++++++++
.../baby_jubjub/edwards/babycheck/README.md | 27 +++++++--
.../edwards/babycheck/babycheck.circom | 58 +++++++++++++++++++
.../baby_jubjub/edwards/babydbl/README.md | 33 +++++++++--
.../edwards/babydbl/babydbl.circom | 36 ++++++++++++
.../baby_jubjub/edwards/babypbk/README.md | 51 ++++++++++++++--
.../edwards/babypbk/babypbk.circom | 47 +++++++++++++++
8 files changed, 293 insertions(+), 22 deletions(-)
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.circom
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/babydbl.circom
create mode 100644 circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
index 96b08528..5d16df2c 100644
--- a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
@@ -1,15 +1,14 @@
-# Name of Template
+# `BabyAdd()`
PATH HERE: ~/CircomLib/Circuits/...
## Background
-Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby_jubjub) in twisted Edwards form.
-(TODO: Expose here the characteristics of the curve?)
+The arithmetic performed here is based on this [article](https://eprint.iacr.org/2008/013.pdf).
## Description
-It adds two points on the Baby Jubjub curve in twisted Edwards form. More specifically, given two points P1 = (`x1`, `y1`) and P2 = (`x2`, `y2`) it returns a point P3 = (`xout`, `yout`) such that
+This templates adds two points on the [Baby Jubjub curve](https://github.com/barryWhiteHat/baby_jubjub) in twisted Edwards form. More specifically, given two points P1 = (`x1`, `y1`) and P2 = (`x2`, `y2`) it returns a point P3 = (`xout`, `yout`) such that
(`xout`, `yout`) = (`x1`,`y1`) + (`x2`,`y2`)
= ((`x1y2`+`y1x2`)/(1+`dx1x2y1y2`)),(`y1y2`-`ax1x2`)/(1-`dx1x2y1y2`))
@@ -18,17 +17,19 @@ It adds two points on the Baby Jubjub curve in twisted Edwards form. More specif
```
var a var d
- | |
- | |
- ______v_________v_______
+ | |
+ | |
+ ______v_________v_______
input x1 ----> | |
- input y1 ----> | BabyAdd() | ----> output xout
+ input y1 ----> | BabyAdd() | ----> output xout
input x2 ----> | | ----> output yout
input y2 ----> |________________________|
```
## Dependencies
+None.
+
## Inputs
| Input | Representation | Description | |
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom
new file mode 100644
index 00000000..3e89061d
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom
@@ -0,0 +1,46 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template BabyAdd() {
+ signal input x1;
+ signal input y1;
+ signal input x2;
+ signal input y2;
+ signal output xout;
+ signal output yout;
+
+ signal beta;
+ signal gamma;
+ signal delta;
+ signal tau;
+
+ var a = 168700;
+ var d = 168696;
+
+ beta <== x1*y2;
+ gamma <== y1*x2;
+ delta <== (-a*x1+y1)*(x2 + y2);
+ tau <== beta * gamma;
+
+ xout <-- (beta + gamma) / (1+ d*tau);
+ (1+ d*tau) * xout === (beta + gamma);
+
+ yout <-- (delta + a*beta - gamma) / (1-d*tau);
+ (1-d*tau)*yout === (delta + a*beta - gamma);
+}
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/README.md
index be982f17..ebcfbd7c 100644
--- a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/README.md
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/README.md
@@ -1,21 +1,40 @@
-# Name of Template
+# `BabyCheck()`
-PATH HERE: ~/CircomLib/Circuits/...
+## TODO:
-## Background
+- There is no output!
## Description
-checks if a given point is in the curve.
+This templates checks if two given coordinates `(x,y)` correspond to a point on the [Baby Jubjub curve](https://github.com/barryWhiteHat/baby_jubjub) in twisted Edwards form. More specifically, it checks if `x` and `y` satisfy the quadratic equation
+
+```
+168700 * x^2 + y^2 = 1 + 168696 * x^2 * y^2
+```
## Schema
+```
+
+ _______________
+input x ----> | |
+ | BabyCheck() |
+input y ----> |_______________|
+```
+
## Dependencies
+None.
+
## Inputs
+- `x` : bigint (field element of Fp)
+- `y` : bigint (field element of Fp)
+
## Outputs
+TODO: There is no output... (it should output 0 or 1)
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.circom
new file mode 100644
index 00000000..161f7ec2
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.circom
@@ -0,0 +1,58 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template BabyCheck() {
+ signal input x;
+ signal input y;
+
+ signal x2;
+ signal y2;
+
+ var a = 168700;
+ var d = 168696;
+
+ x2 <== x*x;
+ y2 <== y*y;
+
+ a*x2 + y2 === 1 + d*x2*y2;
+}
+
+// Extracts the public key from private key
+template BabyPbk() {
+ signal private input in;
+ signal output Ax;
+ signal output Ay;
+
+ var BASE8[2] = [
+ 5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203
+ ];
+
+ component pvkBits = Num2Bits(253);
+ pvkBits.in <== in;
+
+ component mulFix = EscalarMulFix(253, BASE8);
+
+ var i;
+ for (i=0; i<253; i++) {
+ mulFix.e[i] <== pvkBits.out[i];
+ }
+ Ax <== mulFix.out[0];
+ Ay <== mulFix.out[1];
+}
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/README.md
index 693a9bcc..8dde9a68 100644
--- a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/README.md
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/README.md
@@ -1,21 +1,42 @@
-# Name of Template
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+# `BabyDbl()`
## Description
-doubles a point (`xout`,`yout`) = 2*(`x`,`y`).
+This templates double a point on the [Baby Jubjub curve](https://github.com/barryWhiteHat/baby_jubjub) in twisted Edwards form. More specifically, given a point P = (`x`, `y`) it returns a point Q = (`xout`, `yout`) such that
+
+(`xout`, `yout`) = (`x`,`y`) + (`x`,`y`)
+ = ((2`x``y`)/(1+``d``x`^2`y`^2`)),(`y^2`-`ax^2`)/(1-`dx^2y^2`))
## Schema
+```
+ ________________________
+input x ----> | | ----> output xout
+ | BabyDbl() |
+input y ----> |________________________| ----> output yout
+```
+
## Dependencies
+```
+include "../babyadd/babyadd.circom";
+```
+
## Inputs
+| Input | Representation | Description | |
+| ------------- | ------------- | ------------- | ------------- |
+| `x` | Bigint | Field element of Fp | First coordinate of a point (x, y) on E on twisted Edwards form. |
+| `y` | Bigint | Field element of Fp | Second coordinate of a point (x, y) on E on twisted Edwards form. |
+
## Outputs
+| Output | Representation | Description | |
+| ------------- | ------------- | ------------- | ------------- |
+| `xout` | Bigint | Field element of Fp | First coordinate of the doubling point (xout, yout) = 2(x, y). |
+| `yout` | Bigint | Field element of Fp | Second coordinate of the doubling point (xout, yout) = 2(x, y). |
+
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/babydbl.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/babydbl.circom
new file mode 100644
index 00000000..08c358ae
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/babydbl.circom
@@ -0,0 +1,36 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../babyadd/babyadd.circom";
+
+template BabyDbl() {
+ signal input x;
+ signal input y;
+ signal output xout;
+ signal output yout;
+
+ component adder = BabyAdd();
+ adder.x1 <== x;
+ adder.y1 <== y;
+ adder.x2 <== x;
+ adder.y2 <== y;
+
+ adder.xout ==> xout;
+ adder.yout ==> yout;
+}
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/README.md b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/README.md
index 3f09136c..6c1c4678 100644
--- a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/README.md
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/README.md
@@ -1,21 +1,64 @@
-# Name of Template
+# `BabyDbl()`
-PATH HERE: ~/CircomLib/Circuits/...
+// Extracts the public key from private key
+template BabyPbk() {
+ signal private input in;
+ signal output Ax;
+ signal output Ay;
+
+ var BASE8[2] = [
+ 5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203
+ ];
+
+ component pvkBits = Num2Bits(253);
+ pvkBits.in <== in;
+
+ component mulFix = EscalarMulFix(253, BASE8);
+
+ var i;
+ for (i=0; i<253; i++) {
+ mulFix.e[i] <== pvkBits.out[i];
+ }
+ Ax <== mulFix.out[0];
+ Ay <== mulFix.out[1];
+}
-## Background
## Description
-given a private key, it returns the associated public key.
+This templates extracte from a private key a public key on [Baby Jubjub curve](https://github.com/barryWhiteHat/baby_jubjub). More specifically, given an input `in`, it returns the point (`Ax`, `Ay`) = `in`*BASE8, where BASE8 is a base point, generator of .... . in twisted Edwards form!
## Schema
+```
+ ________________________
+ | | ----> output Ax
+input in ---->| BabyPbk() |
+ |________________________| ----> output Ay
+```
+
## Dependencies
+```
+include "../babyadd/babyadd.circom";
+```
+
## Inputs
+| Input | Representation | Description | |
+| ------------- | ------------- | ------------- | ------------- |
+| `x` | Bigint | Field element of Fp | First coordinate of a point (x, y) on E on twisted Edwards form. |
+| `y` | Bigint | Field element of Fp | Second coordinate of a point (x, y) on E on twisted Edwards form. |
+
## Outputs
+| Output | Representation | Description | |
+| ------------- | ------------- | ------------- | ------------- |
+| `xout` | Bigint | Field element of Fp | First coordinate of the doubling point (xout, yout) = 2(x, y). |
+| `yout` | Bigint | Field element of Fp | Second coordinate of the doubling point (xout, yout) = 2(x, y). |
+
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom
new file mode 100644
index 00000000..462f6efe
--- /dev/null
+++ b/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom
@@ -0,0 +1,47 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "bitify.circom";
+include "escalarmulfix.circom";
+Num2Bits
+escalarmulfix
+
+// Extracts the public key from private key
+template BabyPbk() {
+ signal private input in;
+ signal output Ax;
+ signal output Ay;
+
+ var BASE8[2] = [
+ 5299619240641551281634865583518297030282874472190772894086521144482721001553,
+ 16950150798460657717958625567821834550301663161624707787222815936182638968203
+ ];
+
+ component pvkBits = Num2Bits(253);
+ pvkBits.in <== in;
+
+ component mulFix = EscalarMulFix(253, BASE8);
+
+ var i;
+ for (i=0; i<253; i++) {
+ mulFix.e[i] <== pvkBits.out[i];
+ }
+ Ax <== mulFix.out[0];
+ Ay <== mulFix.out[1];
+}
From 7c7f7f948a0f5f656158392b708d9b50fbb808c9 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Tue, 7 Apr 2020 10:42:06 +0200
Subject: [PATCH 10/27] Worked on unitary tests
---
circuits/README.md | 160 +++++++++---------
.../{basics => basic_templates}/README.md | 2 +-
.../aliascheck/README.md | 0
.../aliascheck/aliascheck.circom | 0
.../aliascheck/aliascheck.test.js | 2 +-
.../aliascheck/aliascheck_test.circom | 0
.../binary_arithmetic/README.md | 0
.../binary_arithmetic/binsub/README.md | 0
.../binary_arithmetic/binsub/binsub.circom | 0
.../binary_arithmetic/binsub/binsub.test.js | 0
.../binsub/binsub_test.circom | 0
.../binary_arithmetic/binsum/README.md | 0
.../binary_arithmetic/binsum/binsum.circom | 0
.../binary_arithmetic/binsum/binsum.test.js | 0
.../bitify/README.md | 0
.../bitify/bits2num/README.md | 0
.../bitify/bits2num/bits2num.circom | 0
.../bitify/bits2num_strict/README.md | 0
.../bits2num_strict/bits2num_strict.circom | 0
.../bitify/num2bits/README.md | 0
.../bitify/num2bits/num2bits.circom | 0
.../bitify/num2bits_strict/README.md | 0
.../num2bits_strict/num2bits_strict.circom | 0
.../bitify/num2bitsneg/README.md | 0
.../bitify/num2bitsneg/num2bitsneg.circom | 0
.../comparators/README.md | 0
.../comparators/comparators.circom | 0
.../comparators/comparators.test.js | 0
.../comparators}/compconstant/README.md | 0
.../compconstant/compconstant.circom | 0
.../comparators/forceequalifenabled/README.md | 0
.../forceequalifenabled.circom | 0
.../comparators/greatereqthan/README.md | 0
.../greatereqthan/greatereqthan.circom | 0
.../greatereqthan/greatereqthan.test.js | 50 ++++++
.../comparators/greaterthan/README.md | 0
.../greaterthan/greaterthan.circom | 0
.../comparators/isequal/README.md | 0
.../comparators/isequal/isequal.circom | 0
.../comparators/iszero/README.md | 0
.../comparators/iszero/iszero.circom | 0
.../comparators/lesseqthan/README.md | 0
.../comparators/lesseqthan/lesseqthan.circom | 0
.../lesseqthan/lesseqthan.test.circom | 0
.../comparators/lessthan/README.md | 0
.../comparators/lessthan/lessthan.circom | 0
.../compconstant}/README.md | 0
.../compconstant/compconstant.circom | 73 ++++++++
.../logic_gates/README.md | 0
.../logic_gates/and/README.md | 0
.../logic_gates/and/and.circom | 0
.../logic_gates/multiand/README.md | 0
.../logic_gates/multiand/multiand.circom | 0
.../logic_gates/nand/README.md | 0
.../logic_gates/nand/nand.circom | 0
.../logic_gates/nor/README.md | 0
.../logic_gates/nor/nor.circom | 0
.../logic_gates/not/README.md | 0
.../logic_gates/not/not.circom | 0
.../logic_gates/or/README.md | 0
.../logic_gates/or/or.circom | 0
.../logic_gates/xor/README.md | 0
.../logic_gates/xor/xor.circom | 0
.../multiplexer/README.md | 0
.../multiplexer/decoder/README.md | 0
.../multiplexer/decoder/decoder.circom | 0
.../multiplexer/multiplexer/README.md | 0
.../multiplexer/multiplexer.circom | 0
.../multiplexer/scalarproduct/README.md | 0
.../scalarproduct/scalarproduct.circom | 0
.../{basics => basic_templates}/mux/README.md | 0
.../mux/multimux1/README.md | 0
.../mux/multimux2/README.md | 0
.../mux/multimux3/README.md | 0
.../mux/multimux4/README.md | 0
.../mux/mux1/README.md | 0
.../mux/mux1/mux1.circom | 0
.../mux/mux1/mux1_1.circom | 0
.../mux/mux2/README.md | 0
.../mux/mux2/mux2.circom | 0
.../mux/mux2/mux2_1.circom | 0
.../mux/mux3/README.md | 0
.../mux/mux3/mux3.circom | 0
.../mux/mux3/mux3_1.circom | 0
.../mux/mux4/README.md | 0
.../mux/mux4/mux4.circom | 0
.../mux/mux4/mux4_1.circom | 0
.../{basics => basic_templates}/old_README.md | 0
.../sign/README.md | 0
.../sign/sign.circom | 0
.../switcher/README.md | 0
.../switcher/switcher.circom | 0
.../greatereqthan/greatereqthan.test.circom | 4 -
.../greaterthan/greaterthan.test.circom | 4 -
.../comparators/isequal/isequal.test.circom | 4 -
.../comparators/iszero/iszero.test.circom | 5 -
.../comparators/lessthan/lessthan.test.circom | 4 -
.../README.md | 2 +-
.../elliptic_curves/README.md | 0
.../elliptic_curves/baby_jubjub/README.md | 0
.../baby_jubjub/babyjub.circom | 0
.../baby_jubjub/babyjub.test.js | 0
.../baby_jubjub/babyjub_js.test.js | 0
.../baby_jubjub/edwards}/README.md | 0
.../baby_jubjub/edwards/babyadd/README.md | 0
.../edwards/babyadd/babyadd.circom | 0
.../edwards/babyadd/babyadd_test.circom | 0
.../baby_jubjub/edwards/babycheck/README.md | 0
.../edwards/babycheck/babycheck.circom | 0
.../edwards/babycheck/babycheck_test.circom | 0
.../baby_jubjub/edwards/babydbl/README.md | 0
.../edwards/babydbl/babydbl.circom | 0
.../baby_jubjub/edwards/babypbk/README.md | 0
.../edwards/babypbk/babypbk.circom | 0
.../edwards/babypbk/babypbk_test.circom | 0
.../baby_jubjub/edwards/scalar_mul/README.md | 0
.../edwards/scalar_mul/scalarmul/README.md | 0
.../edwards/scalar_mul/scalarmulany/README.md | 0
.../edwards/scalar_mul/scalarmulfix/README.md | 0
.../scalar_mul/scalarmulwtable/README.md | 0
.../baby_jubjub/edwards2montgomery/README.md | 0
.../baby_jubjub/escalarmul.circom | 0
.../baby_jubjub/escalarmulany.circom | 0
.../baby_jubjub/escalarmulfix.circom | 0
.../baby_jubjub/escalarmulw4table.circom | 0
.../baby_jubjub/montgomery.circom | 0
.../baby_jubjub/montgomery/README.md | 0
.../montgomery/montgomeryadd/README.md | 0
.../montgomery/montgomerydouble/README.md | 0
.../baby_jubjub/montgomery2edwards/README.md | 0
.../baby_jubjub/point2bits/README.md | 0
.../baby_jubjub/point2bits/pointbits.circom | 0
.../hash_functions/README.md | 0
.../hash_functions/mimc/README.md | 0
.../hash_functions/mimc/mimc7/README.md | 0
.../hash_functions/mimc/mimc7/mimc.circom | 0
.../mimc/mimc7/mimc_test.circom | 0
.../mimc/mimc7/mimccircuit.test.js | 0
.../mimc/mimc7/mimccontract.test.js | 0
.../hash_functions/mimc/mimcfeistel/README.md | 0
.../hash_functions/mimc/mimcsponge/README.md | 0
.../mimcsponge/mimc_sponge_hash_test.circom | 0
.../mimc/mimcsponge/mimc_sponge_test.circom | 0
.../mimc/mimcsponge/mimcsponge.circom | 0
.../mimc/mimcsponge/mimcspongecircuit.test.js | 0
.../mimcsponge/mimcspongecontract.test.js | 0
.../hash_functions/mimc/multimimc7/README.md | 0
.../hash_functions/pedersen/README.md | 0
.../hash_functions/pedersen/pedersen.test.js | 0
.../pedersen/pedersen/pedersen.circom | 0
.../hash_functions/pedersen/pedersen2.test.js | 0
.../pedersen/pedersen2_test.circom | 0
.../pedersen/pedersen_old/pedersen_old.circom | 0
.../pedersen/pedersen_test.circom | 0
.../hash_functions/poseidon/README.md | 0
.../hash_functions/poseidon/poseidon.circom | 0
.../poseidon/poseidon3_test.circom | 0
.../poseidon/poseidon6_test.circom | 0
.../poseidon/poseidoncircuit.test.js | 0
.../poseidon/poseidoncontract.test.js | 0
.../hash_functions/sha256/README.md | 0
.../hash_functions/sha256/ch.circom | 0
.../hash_functions/sha256/constants.circom | 0
.../sha256/constants_test.circom | 0
.../hash_functions/sha256/main.circom | 0
.../hash_functions/sha256/maj.circom | 0
.../hash_functions/sha256/rotate.circom | 0
.../hash_functions/sha256/sha256.circom | 0
.../hash_functions/sha256/sha256_2.circom | 0
.../sha256/sha256compression.circom | 0
.../hash_functions/sha256/shift.circom | 0
.../hash_functions/sha256/sigma.circom | 0
.../hash_functions/sha256/sigmaplus.circom | 0
.../hash_functions/sha256/t1.circom | 0
.../hash_functions/sha256/t2.circom | 0
.../hash_functions/sha256/xor3.circom | 0
.../signatures/README.md | 0
.../signatures/eddsa/README.md | 0
.../signatures/eddsa/eddsa/eddsa.circom | 0
.../signatures/eddsa/eddsa/eddsa.test.js | 0
.../signatures/eddsa/eddsa/eddsa_js.test.js | 0
.../signatures/eddsa/eddsa/eddsa_test.circom | 0
.../eddsa/eddsamimc/eddsamimc.circom | 0
.../eddsa/eddsamimc/eddsamimc.test.js | 0
.../eddsa/eddsamimc/eddsamimc_test.circom | 0
.../eddsamimcsponge/eddsamimcsponge.circom | 0
.../eddsa/eddsaposeidon/eddsaposeidon.circom | 0
.../eddsa/eddsaposeidon/eddsaposeidon.test.js | 0
.../eddsaposeidon/eddsaposeidon_test.circom | 0
.../smt/README.md | 0
.../smt/smthash_mimc.circom | 0
.../smt/smthash_poseidon.circom | 0
.../smt/smtjs.test.js | 0
.../smt/smtlevins.circom | 0
.../smt/smtprocessor.circom | 0
.../smt/smtprocessor.test.js | 0
.../smt/smtprocessor10_test.circom | 0
.../smt/smtprocessorlevel.circom | 0
.../smt/smtprocessorsm.circom | 0
.../smt/smtverifier.circom | 0
.../smt/smtverifier.test.js | 0
.../smt/smtverifier10_test.circom | 0
.../smt/smtverifierlevel.circom | 0
.../smt/smtverifiersm.circom | 0
package-lock.json | 50 ++++--
test/circuits/sign_test.circom | 3 -
test/sign.test.js | 2 +-
test/sign_test.circom | 2 +-
208 files changed, 244 insertions(+), 123 deletions(-)
rename circuits/{basics => basic_templates}/README.md (98%)
rename circuits/{basics => basic_templates}/aliascheck/README.md (100%)
rename circuits/{basics => basic_templates}/aliascheck/aliascheck.circom (100%)
rename circuits/{basics => basic_templates}/aliascheck/aliascheck.test.js (95%)
rename circuits/{basics => basic_templates}/aliascheck/aliascheck_test.circom (100%)
rename circuits/{basics => basic_templates}/binary_arithmetic/README.md (100%)
rename circuits/{basics => basic_templates}/binary_arithmetic/binsub/README.md (100%)
rename circuits/{basics => basic_templates}/binary_arithmetic/binsub/binsub.circom (100%)
rename circuits/{basics => basic_templates}/binary_arithmetic/binsub/binsub.test.js (100%)
rename circuits/{basics => basic_templates}/binary_arithmetic/binsub/binsub_test.circom (100%)
rename circuits/{basics => basic_templates}/binary_arithmetic/binsum/README.md (100%)
rename circuits/{basics => basic_templates}/binary_arithmetic/binsum/binsum.circom (100%)
rename circuits/{basics => basic_templates}/binary_arithmetic/binsum/binsum.test.js (100%)
rename circuits/{basics => basic_templates}/bitify/README.md (100%)
rename circuits/{basics => basic_templates}/bitify/bits2num/README.md (100%)
rename circuits/{basics => basic_templates}/bitify/bits2num/bits2num.circom (100%)
rename circuits/{basics => basic_templates}/bitify/bits2num_strict/README.md (100%)
rename circuits/{basics => basic_templates}/bitify/bits2num_strict/bits2num_strict.circom (100%)
rename circuits/{basics => basic_templates}/bitify/num2bits/README.md (100%)
rename circuits/{basics => basic_templates}/bitify/num2bits/num2bits.circom (100%)
rename circuits/{basics => basic_templates}/bitify/num2bits_strict/README.md (100%)
rename circuits/{basics => basic_templates}/bitify/num2bits_strict/num2bits_strict.circom (100%)
rename circuits/{basics => basic_templates}/bitify/num2bitsneg/README.md (100%)
rename circuits/{basics => basic_templates}/bitify/num2bitsneg/num2bitsneg.circom (100%)
rename circuits/{basics => basic_templates}/comparators/README.md (100%)
rename circuits/{basics => basic_templates}/comparators/comparators.circom (100%)
rename circuits/{basics => basic_templates}/comparators/comparators.test.js (100%)
rename circuits/{basics => basic_templates/comparators}/compconstant/README.md (100%)
rename circuits/{basics => basic_templates/comparators}/compconstant/compconstant.circom (100%)
rename circuits/{basics => basic_templates}/comparators/forceequalifenabled/README.md (100%)
rename circuits/{basics => basic_templates}/comparators/forceequalifenabled/forceequalifenabled.circom (100%)
rename circuits/{basics => basic_templates}/comparators/greatereqthan/README.md (100%)
rename circuits/{basics => basic_templates}/comparators/greatereqthan/greatereqthan.circom (100%)
create mode 100644 circuits/basic_templates/comparators/greatereqthan/greatereqthan.test.js
rename circuits/{basics => basic_templates}/comparators/greaterthan/README.md (100%)
rename circuits/{basics => basic_templates}/comparators/greaterthan/greaterthan.circom (100%)
rename circuits/{basics => basic_templates}/comparators/isequal/README.md (100%)
rename circuits/{basics => basic_templates}/comparators/isequal/isequal.circom (100%)
rename circuits/{basics => basic_templates}/comparators/iszero/README.md (100%)
rename circuits/{basics => basic_templates}/comparators/iszero/iszero.circom (100%)
rename circuits/{basics => basic_templates}/comparators/lesseqthan/README.md (100%)
rename circuits/{basics => basic_templates}/comparators/lesseqthan/lesseqthan.circom (100%)
rename circuits/{basics => basic_templates}/comparators/lesseqthan/lesseqthan.test.circom (100%)
rename circuits/{basics => basic_templates}/comparators/lessthan/README.md (100%)
rename circuits/{basics => basic_templates}/comparators/lessthan/lessthan.circom (100%)
rename circuits/{cryptography/elliptic_curves/baby_jubjub/edwards => basic_templates/compconstant}/README.md (100%)
create mode 100644 circuits/basic_templates/compconstant/compconstant.circom
rename circuits/{basics => basic_templates}/logic_gates/README.md (100%)
rename circuits/{basics => basic_templates}/logic_gates/and/README.md (100%)
rename circuits/{basics => basic_templates}/logic_gates/and/and.circom (100%)
rename circuits/{basics => basic_templates}/logic_gates/multiand/README.md (100%)
rename circuits/{basics => basic_templates}/logic_gates/multiand/multiand.circom (100%)
rename circuits/{basics => basic_templates}/logic_gates/nand/README.md (100%)
rename circuits/{basics => basic_templates}/logic_gates/nand/nand.circom (100%)
rename circuits/{basics => basic_templates}/logic_gates/nor/README.md (100%)
rename circuits/{basics => basic_templates}/logic_gates/nor/nor.circom (100%)
rename circuits/{basics => basic_templates}/logic_gates/not/README.md (100%)
rename circuits/{basics => basic_templates}/logic_gates/not/not.circom (100%)
rename circuits/{basics => basic_templates}/logic_gates/or/README.md (100%)
rename circuits/{basics => basic_templates}/logic_gates/or/or.circom (100%)
rename circuits/{basics => basic_templates}/logic_gates/xor/README.md (100%)
rename circuits/{basics => basic_templates}/logic_gates/xor/xor.circom (100%)
rename circuits/{basics => basic_templates}/multiplexer/README.md (100%)
rename circuits/{basics => basic_templates}/multiplexer/decoder/README.md (100%)
rename circuits/{basics => basic_templates}/multiplexer/decoder/decoder.circom (100%)
rename circuits/{basics => basic_templates}/multiplexer/multiplexer/README.md (100%)
rename circuits/{basics => basic_templates}/multiplexer/multiplexer/multiplexer.circom (100%)
rename circuits/{basics => basic_templates}/multiplexer/scalarproduct/README.md (100%)
rename circuits/{basics => basic_templates}/multiplexer/scalarproduct/scalarproduct.circom (100%)
rename circuits/{basics => basic_templates}/mux/README.md (100%)
rename circuits/{basics => basic_templates}/mux/multimux1/README.md (100%)
rename circuits/{basics => basic_templates}/mux/multimux2/README.md (100%)
rename circuits/{basics => basic_templates}/mux/multimux3/README.md (100%)
rename circuits/{basics => basic_templates}/mux/multimux4/README.md (100%)
rename circuits/{basics => basic_templates}/mux/mux1/README.md (100%)
rename circuits/{basics => basic_templates}/mux/mux1/mux1.circom (100%)
rename circuits/{basics => basic_templates}/mux/mux1/mux1_1.circom (100%)
rename circuits/{basics => basic_templates}/mux/mux2/README.md (100%)
rename circuits/{basics => basic_templates}/mux/mux2/mux2.circom (100%)
rename circuits/{basics => basic_templates}/mux/mux2/mux2_1.circom (100%)
rename circuits/{basics => basic_templates}/mux/mux3/README.md (100%)
rename circuits/{basics => basic_templates}/mux/mux3/mux3.circom (100%)
rename circuits/{basics => basic_templates}/mux/mux3/mux3_1.circom (100%)
rename circuits/{basics => basic_templates}/mux/mux4/README.md (100%)
rename circuits/{basics => basic_templates}/mux/mux4/mux4.circom (100%)
rename circuits/{basics => basic_templates}/mux/mux4/mux4_1.circom (100%)
rename circuits/{basics => basic_templates}/old_README.md (100%)
rename circuits/{basics => basic_templates}/sign/README.md (100%)
rename circuits/{basics => basic_templates}/sign/sign.circom (100%)
rename circuits/{basics => basic_templates}/switcher/README.md (100%)
rename circuits/{basics => basic_templates}/switcher/switcher.circom (100%)
delete mode 100644 circuits/basics/comparators/greatereqthan/greatereqthan.test.circom
delete mode 100644 circuits/basics/comparators/greaterthan/greaterthan.test.circom
delete mode 100644 circuits/basics/comparators/isequal/isequal.test.circom
delete mode 100644 circuits/basics/comparators/iszero/iszero.test.circom
delete mode 100644 circuits/basics/comparators/lessthan/lessthan.test.circom
rename circuits/{cryptography => crypto_templates}/README.md (97%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/babyjub.circom (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/babyjub.test.js (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/babyjub_js.test.js (100%)
rename circuits/{cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul => crypto_templates/elliptic_curves/baby_jubjub/edwards}/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/babyadd/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/babycheck/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.circom (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/babydbl/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/babydbl/babydbl.circom (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/babypbk/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk_test.circom (100%)
create mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/README.md
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/edwards2montgomery/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/escalarmul.circom (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/escalarmulany.circom (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/escalarmulfix.circom (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/escalarmulw4table.circom (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/montgomery.circom (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/montgomery/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/montgomery2edwards/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/point2bits/README.md (100%)
rename circuits/{cryptography => crypto_templates}/elliptic_curves/baby_jubjub/point2bits/pointbits.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/README.md (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/README.md (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/mimc7/README.md (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/mimc7/mimc.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/mimc7/mimc_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/mimc7/mimccircuit.test.js (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/mimc7/mimccontract.test.js (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/mimcfeistel/README.md (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/mimcsponge/README.md (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/mimcsponge/mimc_sponge_hash_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/mimcsponge/mimc_sponge_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/mimcsponge/mimcsponge.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/mimcsponge/mimcspongecircuit.test.js (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/mimcsponge/mimcspongecontract.test.js (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/mimc/multimimc7/README.md (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/pedersen/README.md (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/pedersen/pedersen.test.js (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/pedersen/pedersen/pedersen.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/pedersen/pedersen2.test.js (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/pedersen/pedersen2_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/pedersen/pedersen_old/pedersen_old.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/pedersen/pedersen_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/poseidon/README.md (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/poseidon/poseidon.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/poseidon/poseidon3_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/poseidon/poseidon6_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/poseidon/poseidoncircuit.test.js (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/poseidon/poseidoncontract.test.js (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/README.md (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/ch.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/constants.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/constants_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/main.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/maj.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/rotate.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/sha256.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/sha256_2.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/sha256compression.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/shift.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/sigma.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/sigmaplus.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/t1.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/t2.circom (100%)
rename circuits/{cryptography => crypto_templates}/hash_functions/sha256/xor3.circom (100%)
rename circuits/{cryptography => crypto_templates}/signatures/README.md (100%)
rename circuits/{cryptography => crypto_templates}/signatures/eddsa/README.md (100%)
rename circuits/{cryptography => crypto_templates}/signatures/eddsa/eddsa/eddsa.circom (100%)
rename circuits/{cryptography => crypto_templates}/signatures/eddsa/eddsa/eddsa.test.js (100%)
rename circuits/{cryptography => crypto_templates}/signatures/eddsa/eddsa/eddsa_js.test.js (100%)
rename circuits/{cryptography => crypto_templates}/signatures/eddsa/eddsa/eddsa_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/signatures/eddsa/eddsamimc/eddsamimc.circom (100%)
rename circuits/{cryptography => crypto_templates}/signatures/eddsa/eddsamimc/eddsamimc.test.js (100%)
rename circuits/{cryptography => crypto_templates}/signatures/eddsa/eddsamimc/eddsamimc_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/signatures/eddsa/eddsamimcsponge/eddsamimcsponge.circom (100%)
rename circuits/{cryptography => crypto_templates}/signatures/eddsa/eddsaposeidon/eddsaposeidon.circom (100%)
rename circuits/{cryptography => crypto_templates}/signatures/eddsa/eddsaposeidon/eddsaposeidon.test.js (100%)
rename circuits/{cryptography => crypto_templates}/signatures/eddsa/eddsaposeidon/eddsaposeidon_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/smt/README.md (100%)
rename circuits/{cryptography => crypto_templates}/smt/smthash_mimc.circom (100%)
rename circuits/{cryptography => crypto_templates}/smt/smthash_poseidon.circom (100%)
rename circuits/{cryptography => crypto_templates}/smt/smtjs.test.js (100%)
rename circuits/{cryptography => crypto_templates}/smt/smtlevins.circom (100%)
rename circuits/{cryptography => crypto_templates}/smt/smtprocessor.circom (100%)
rename circuits/{cryptography => crypto_templates}/smt/smtprocessor.test.js (100%)
rename circuits/{cryptography => crypto_templates}/smt/smtprocessor10_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/smt/smtprocessorlevel.circom (100%)
rename circuits/{cryptography => crypto_templates}/smt/smtprocessorsm.circom (100%)
rename circuits/{cryptography => crypto_templates}/smt/smtverifier.circom (100%)
rename circuits/{cryptography => crypto_templates}/smt/smtverifier.test.js (100%)
rename circuits/{cryptography => crypto_templates}/smt/smtverifier10_test.circom (100%)
rename circuits/{cryptography => crypto_templates}/smt/smtverifierlevel.circom (100%)
rename circuits/{cryptography => crypto_templates}/smt/smtverifiersm.circom (100%)
delete mode 100644 test/circuits/sign_test.circom
diff --git a/circuits/README.md b/circuits/README.md
index 6f0da5f4..7ad38fa0 100644
--- a/circuits/README.md
+++ b/circuits/README.md
@@ -4,83 +4,83 @@ This is the library of templates of functions for [`circom`](https://github.com/
## Structure of the folder
-- [`basics`](basics)
- - [`aliascheck`](basics/aliascheck)
- - [`binary_arithmetic`](basics/binary_arithmetic)
- - [`binsub`](basics/binary_arithmetic/binsub)
- - [`binsum`](basics/binary_arithmetic/binsum)
- - [`bitify`](basics/bitify)
- - [`bits2num`](basics/bitify/bits2num)
- - [`bits2num_strict`](basics/bitify/bits2num_strict)
- - [`num2bits`](basics/bitify/num2bits)
- - [`num2bits_strict`](basics/bitify/num2bits_strict)
- - [`num2bitsneg`](basics/bitify/num2bitsneg)
- - [`comparators`](basics/comparators)
- - [`forceequalifenabled`](basics/comparators/forceequalifenabled)
- - [`greatereqthan`](basics/comparators/greatereqthan)
- - [`greaterthan`](basics/comparators/greaterthan)
- - [`isequal`](basics/comparators/isequal)
- - [`iszero`](basics/comparators/iszero)
- - [`lesseqthan`](basics/comparators/lesseqthan)
- - [`lessthan`](basics/comparators/lessthan)
- - [`compconstant`](basics/compconstant)
- - [`logic_gates`](basics/logic_gates)
- - [`and`](basics/logic_gates/and)
- - [`multiand`](basics/logic_gates/multiand)
- - [`nand`](basics/logic_gates/nand)
- - [`nor`](basics/logic_gates/nor)
- - [`not`](basics/logic_gates/not)
- - [`or`](basics/logic_gates/or)
- - [`xor`](basics/logic_gates/xor)
- - [`multiplexer`](basics/multiplexer)
- - [`decoder`](basics/multiplexer/decoder)
- - [`multiplexer`](basics/multiplexer/multiplexer)
- - [`scalarproduct`](basics/multiplexer/scalarproduct)
- - [`mux`](basics/mux)
- - [`multimux1`](basics/mux/multimux1)
- - [`multimux2`](basics/mux/multimux2)
- - [`multimux3`](basics/mux/multimux3)
- - [`multimux4`](basics/mux/multimux4)
- - [`mux1`](basics/mux/mux1)
- - [`mux2`](basics/mux/mux2)
- - [`mux3`](basics/mux/mux3)
- - [`mux4`](basics/mux/mux4)
- - [`sign`](basics/sign)
- - [`switcher`](basics/switcher)
-- [`cryptography`](cryptography)
- - [`elliptic_curves`](cryptography/elliptic_curves)
- - [`baby_jubjub`](cryptography/elliptic_curves/baby_jubjub)
- - [`edwards`](cryptography/elliptic_curves/baby_jubjub/edwards)
- - [`babyadd`](cryptography/elliptic_curves/baby_jubjub/edwards/babyadd)
- - [`babycheck`](cryptography/elliptic_curves/baby_jubjub/edwards/babycheck)
- - [`babydbl`](cryptography/elliptic_curves/baby_jubjub/edwards/babydbl)
- - [`babypbk`](cryptography/elliptic_curves/baby_jubjub/edwards/babypbk)
- - [`scalar_mul`](cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul)
- - [`scalarmul`](cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul)
- - [`scalarmulany`](cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany)
- - [`scalarmulfix`](cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix)
- - [`scalarmulwtable`](cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable)
- - [`edwards2montgomery`](cryptography/elliptic_curves/baby_jubjub/edwards2montgomery)
- - [`montgomery`](cryptography/elliptic_curves/baby_jubjub/montgomery)
- - [`montgomeryadd`](cryptography/elliptic_curves/baby_jubjub/montgomery/montgomeryadd)
- - [`montgomerydouble`](cryptography/elliptic_curves/baby_jubjub/montgomery/montgomerydouble)
- - [`montgomery2edwards`](cryptography/elliptic_curves/baby_jubjub/montgomery2edwards)
- - [`point2bits`](cryptography/elliptic_curves/baby_jubjub/point2bits)
- - [`hash_functions`](cryptography/hash_functions)
- - [`mimc`](cryptography/hash_functions/mimc)
- - [`mimc7`](cryptography/hash_functions/mimc/mimc7)
- - [`mimcfeistel`](cryptography/hash_functions/mimc/mimcfeistel)
- - [`mimcsponge`](cryptography/hash_functions/mimc/mimcsponge)
- - [`multimimc7`](cryptography/hash_functions/mimc/multimimc7)
- - [`pedersen`](cryptography/hash_functions/pedersen)
- - [`pedersen`](cryptography/hash_functions/pedersen/pedersen)
- - [`pedersen_old`](cryptography/hash_functions/pedersen/pedersen_old)
- - [`poseidon`](cryptography/hash_functions/poseidon)
- - [`sha256`](cryptography/hash_functions/sha256)
- - [`signatures`](cryptography/signatures)
- - [`eddsa`](cryptography/signatures/eddsa)
- - [`eddsa`](cryptography/signatures/eddsa/eddsa)
- - [`eddsamimc`](cryptography/signatures/eddsa/eddsamimc)
- - [`eddsamimcsponge`](cryptography/signatures/eddsa/eddsamimcsponge)
- - [`eddsaposeidon`](cryptography/signatures/eddsa/eddsaposeidon)
- - [`smt`](cryptography/smt)
\ No newline at end of file
+- [`basic_templates`](basic_templates)
+ - [`aliascheck`](basic_templates/aliascheck)
+ - [`binary_arithmetic`](basic_templates/binary_arithmetic)
+ - [`binsub`](basic_templates/binary_arithmetic/binsub)
+ - [`binsum`](basic_templates/binary_arithmetic/binsum)
+ - [`bitify`](basic_templates/bitify)
+ - [`bits2num`](basic_templates/bitify/bits2num)
+ - [`bits2num_strict`](basic_templates/bitify/bits2num_strict)
+ - [`num2bits`](basic_templates/bitify/num2bits)
+ - [`num2bits_strict`](basic_templates/bitify/num2bits_strict)
+ - [`num2bitsneg`](basic_templates/bitify/num2bitsneg)
+ - [`comparators`](basic_templates/comparators)
+ - [`forceequalifenabled`](basic_templates/comparators/forceequalifenabled)
+ - [`greatereqthan`](basic_templates/comparators/greatereqthan)
+ - [`greaterthan`](basic_templates/comparators/greaterthan)
+ - [`isequal`](basic_templates/comparators/isequal)
+ - [`iszero`](basic_templates/comparators/iszero)
+ - [`lesseqthan`](basic_templates/comparators/lesseqthan)
+ - [`lessthan`](basic_templates/comparators/lessthan)
+ - [`compconstant`](basic_templates/compconstant)
+ - [`logic_gates`](basic_templates/logic_gates)
+ - [`and`](basic_templates/logic_gates/and)
+ - [`multiand`](basic_templates/logic_gates/multiand)
+ - [`nand`](basic_templates/logic_gates/nand)
+ - [`nor`](basic_templates/logic_gates/nor)
+ - [`not`](basic_templates/logic_gates/not)
+ - [`or`](basic_templates/logic_gates/or)
+ - [`xor`](basic_templates/logic_gates/xor)
+ - [`multiplexer`](basic_templates/multiplexer)
+ - [`decoder`](basic_templates/multiplexer/decoder)
+ - [`multiplexer`](basic_templates/multiplexer/multiplexer)
+ - [`scalarproduct`](basic_templates/multiplexer/scalarproduct)
+ - [`mux`](basic_templates/mux)
+ - [`multimux1`](basic_templates/mux/multimux1)
+ - [`multimux2`](basic_templates/mux/multimux2)
+ - [`multimux3`](basic_templates/mux/multimux3)
+ - [`multimux4`](basic_templates/mux/multimux4)
+ - [`mux1`](basic_templates/mux/mux1)
+ - [`mux2`](basic_templates/mux/mux2)
+ - [`mux3`](basic_templates/mux/mux3)
+ - [`mux4`](basic_templates/mux/mux4)
+ - [`sign`](basic_templates/sign)
+ - [`switcher`](basic_templates/switcher)
+- [`crypto_templates`](crypto_templates)
+ - [`elliptic_curves`](crypto_templates/elliptic_curves)
+ - [`baby_jubjub`](crypto_templates/elliptic_curves/baby_jubjub)
+ - [`edwards`](crypto_templates/elliptic_curves/baby_jubjub/edwards)
+ - [`babyadd`](crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd)
+ - [`babycheck`](crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck)
+ - [`babydbl`](crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl)
+ - [`babypbk`](crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk)
+ - [`scalar_mul`](crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul)
+ - [`scalarmul`](crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul)
+ - [`scalarmulany`](crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany)
+ - [`scalarmulfix`](crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix)
+ - [`scalarmulwtable`](crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable)
+ - [`edwards2montgomery`](crypto_templates/elliptic_curves/baby_jubjub/edwards2montgomery)
+ - [`montgomery`](crypto_templates/elliptic_curves/baby_jubjub/montgomery)
+ - [`montgomeryadd`](crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd)
+ - [`montgomerydouble`](crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomerydouble)
+ - [`montgomery2edwards`](crypto_templates/elliptic_curves/baby_jubjub/montgomery2edwards)
+ - [`point2bits`](crypto_templates/elliptic_curves/baby_jubjub/point2bits)
+ - [`hash_functions`](crypto_templates/hash_functions)
+ - [`mimc`](crypto_templates/hash_functions/mimc)
+ - [`mimc7`](crypto_templates/hash_functions/mimc/mimc7)
+ - [`mimcfeistel`](crypto_templates/hash_functions/mimc/mimcfeistel)
+ - [`mimcsponge`](crypto_templates/hash_functions/mimc/mimcsponge)
+ - [`multimimc7`](crypto_templates/hash_functions/mimc/multimimc7)
+ - [`pedersen`](crypto_templates/hash_functions/pedersen)
+ - [`pedersen`](crypto_templates/hash_functions/pedersen/pedersen)
+ - [`pedersen_old`](crypto_templates/hash_functions/pedersen/pedersen_old)
+ - [`poseidon`](crypto_templates/hash_functions/poseidon)
+ - [`sha256`](crypto_templates/hash_functions/sha256)
+ - [`signatures`](crypto_templates/signatures)
+ - [`eddsa`](crypto_templates/signatures/eddsa)
+ - [`eddsa`](crypto_templates/signatures/eddsa/eddsa)
+ - [`eddsamimc`](crypto_templates/signatures/eddsa/eddsamimc)
+ - [`eddsamimcsponge`](crypto_templates/signatures/eddsa/eddsamimcsponge)
+ - [`eddsaposeidon`](crypto_templates/signatures/eddsa/eddsaposeidon)
+ - [`smt`](crypto_templates/smt)
\ No newline at end of file
diff --git a/circuits/basics/README.md b/circuits/basic_templates/README.md
similarity index 98%
rename from circuits/basics/README.md
rename to circuits/basic_templates/README.md
index c5649da0..f20a6005 100644
--- a/circuits/basics/README.md
+++ b/circuits/basic_templates/README.md
@@ -1,4 +1,4 @@
-# `basics`
+# `basic_templates`
This folder contains the templates to do basic arithmetic operations.
diff --git a/circuits/basics/aliascheck/README.md b/circuits/basic_templates/aliascheck/README.md
similarity index 100%
rename from circuits/basics/aliascheck/README.md
rename to circuits/basic_templates/aliascheck/README.md
diff --git a/circuits/basics/aliascheck/aliascheck.circom b/circuits/basic_templates/aliascheck/aliascheck.circom
similarity index 100%
rename from circuits/basics/aliascheck/aliascheck.circom
rename to circuits/basic_templates/aliascheck/aliascheck.circom
diff --git a/circuits/basics/aliascheck/aliascheck.test.js b/circuits/basic_templates/aliascheck/aliascheck.test.js
similarity index 95%
rename from circuits/basics/aliascheck/aliascheck.test.js
rename to circuits/basic_templates/aliascheck/aliascheck.test.js
index 2ec8700a..27ee319f 100644
--- a/circuits/basics/aliascheck/aliascheck.test.js
+++ b/circuits/basic_templates/aliascheck/aliascheck.test.js
@@ -31,7 +31,7 @@ describe("Aliascheck test", function () {
let cir;
before( async() => {
- cir = await tester(path.join(__dirname, "circuits", "aliascheck_test.circom"));
+ cir = await tester(path.join(__dirname, "aliascheck_test.circom"));
});
it("Satisfy the aliastest 0", async () => {
diff --git a/circuits/basics/aliascheck/aliascheck_test.circom b/circuits/basic_templates/aliascheck/aliascheck_test.circom
similarity index 100%
rename from circuits/basics/aliascheck/aliascheck_test.circom
rename to circuits/basic_templates/aliascheck/aliascheck_test.circom
diff --git a/circuits/basics/binary_arithmetic/README.md b/circuits/basic_templates/binary_arithmetic/README.md
similarity index 100%
rename from circuits/basics/binary_arithmetic/README.md
rename to circuits/basic_templates/binary_arithmetic/README.md
diff --git a/circuits/basics/binary_arithmetic/binsub/README.md b/circuits/basic_templates/binary_arithmetic/binsub/README.md
similarity index 100%
rename from circuits/basics/binary_arithmetic/binsub/README.md
rename to circuits/basic_templates/binary_arithmetic/binsub/README.md
diff --git a/circuits/basics/binary_arithmetic/binsub/binsub.circom b/circuits/basic_templates/binary_arithmetic/binsub/binsub.circom
similarity index 100%
rename from circuits/basics/binary_arithmetic/binsub/binsub.circom
rename to circuits/basic_templates/binary_arithmetic/binsub/binsub.circom
diff --git a/circuits/basics/binary_arithmetic/binsub/binsub.test.js b/circuits/basic_templates/binary_arithmetic/binsub/binsub.test.js
similarity index 100%
rename from circuits/basics/binary_arithmetic/binsub/binsub.test.js
rename to circuits/basic_templates/binary_arithmetic/binsub/binsub.test.js
diff --git a/circuits/basics/binary_arithmetic/binsub/binsub_test.circom b/circuits/basic_templates/binary_arithmetic/binsub/binsub_test.circom
similarity index 100%
rename from circuits/basics/binary_arithmetic/binsub/binsub_test.circom
rename to circuits/basic_templates/binary_arithmetic/binsub/binsub_test.circom
diff --git a/circuits/basics/binary_arithmetic/binsum/README.md b/circuits/basic_templates/binary_arithmetic/binsum/README.md
similarity index 100%
rename from circuits/basics/binary_arithmetic/binsum/README.md
rename to circuits/basic_templates/binary_arithmetic/binsum/README.md
diff --git a/circuits/basics/binary_arithmetic/binsum/binsum.circom b/circuits/basic_templates/binary_arithmetic/binsum/binsum.circom
similarity index 100%
rename from circuits/basics/binary_arithmetic/binsum/binsum.circom
rename to circuits/basic_templates/binary_arithmetic/binsum/binsum.circom
diff --git a/circuits/basics/binary_arithmetic/binsum/binsum.test.js b/circuits/basic_templates/binary_arithmetic/binsum/binsum.test.js
similarity index 100%
rename from circuits/basics/binary_arithmetic/binsum/binsum.test.js
rename to circuits/basic_templates/binary_arithmetic/binsum/binsum.test.js
diff --git a/circuits/basics/bitify/README.md b/circuits/basic_templates/bitify/README.md
similarity index 100%
rename from circuits/basics/bitify/README.md
rename to circuits/basic_templates/bitify/README.md
diff --git a/circuits/basics/bitify/bits2num/README.md b/circuits/basic_templates/bitify/bits2num/README.md
similarity index 100%
rename from circuits/basics/bitify/bits2num/README.md
rename to circuits/basic_templates/bitify/bits2num/README.md
diff --git a/circuits/basics/bitify/bits2num/bits2num.circom b/circuits/basic_templates/bitify/bits2num/bits2num.circom
similarity index 100%
rename from circuits/basics/bitify/bits2num/bits2num.circom
rename to circuits/basic_templates/bitify/bits2num/bits2num.circom
diff --git a/circuits/basics/bitify/bits2num_strict/README.md b/circuits/basic_templates/bitify/bits2num_strict/README.md
similarity index 100%
rename from circuits/basics/bitify/bits2num_strict/README.md
rename to circuits/basic_templates/bitify/bits2num_strict/README.md
diff --git a/circuits/basics/bitify/bits2num_strict/bits2num_strict.circom b/circuits/basic_templates/bitify/bits2num_strict/bits2num_strict.circom
similarity index 100%
rename from circuits/basics/bitify/bits2num_strict/bits2num_strict.circom
rename to circuits/basic_templates/bitify/bits2num_strict/bits2num_strict.circom
diff --git a/circuits/basics/bitify/num2bits/README.md b/circuits/basic_templates/bitify/num2bits/README.md
similarity index 100%
rename from circuits/basics/bitify/num2bits/README.md
rename to circuits/basic_templates/bitify/num2bits/README.md
diff --git a/circuits/basics/bitify/num2bits/num2bits.circom b/circuits/basic_templates/bitify/num2bits/num2bits.circom
similarity index 100%
rename from circuits/basics/bitify/num2bits/num2bits.circom
rename to circuits/basic_templates/bitify/num2bits/num2bits.circom
diff --git a/circuits/basics/bitify/num2bits_strict/README.md b/circuits/basic_templates/bitify/num2bits_strict/README.md
similarity index 100%
rename from circuits/basics/bitify/num2bits_strict/README.md
rename to circuits/basic_templates/bitify/num2bits_strict/README.md
diff --git a/circuits/basics/bitify/num2bits_strict/num2bits_strict.circom b/circuits/basic_templates/bitify/num2bits_strict/num2bits_strict.circom
similarity index 100%
rename from circuits/basics/bitify/num2bits_strict/num2bits_strict.circom
rename to circuits/basic_templates/bitify/num2bits_strict/num2bits_strict.circom
diff --git a/circuits/basics/bitify/num2bitsneg/README.md b/circuits/basic_templates/bitify/num2bitsneg/README.md
similarity index 100%
rename from circuits/basics/bitify/num2bitsneg/README.md
rename to circuits/basic_templates/bitify/num2bitsneg/README.md
diff --git a/circuits/basics/bitify/num2bitsneg/num2bitsneg.circom b/circuits/basic_templates/bitify/num2bitsneg/num2bitsneg.circom
similarity index 100%
rename from circuits/basics/bitify/num2bitsneg/num2bitsneg.circom
rename to circuits/basic_templates/bitify/num2bitsneg/num2bitsneg.circom
diff --git a/circuits/basics/comparators/README.md b/circuits/basic_templates/comparators/README.md
similarity index 100%
rename from circuits/basics/comparators/README.md
rename to circuits/basic_templates/comparators/README.md
diff --git a/circuits/basics/comparators/comparators.circom b/circuits/basic_templates/comparators/comparators.circom
similarity index 100%
rename from circuits/basics/comparators/comparators.circom
rename to circuits/basic_templates/comparators/comparators.circom
diff --git a/circuits/basics/comparators/comparators.test.js b/circuits/basic_templates/comparators/comparators.test.js
similarity index 100%
rename from circuits/basics/comparators/comparators.test.js
rename to circuits/basic_templates/comparators/comparators.test.js
diff --git a/circuits/basics/compconstant/README.md b/circuits/basic_templates/comparators/compconstant/README.md
similarity index 100%
rename from circuits/basics/compconstant/README.md
rename to circuits/basic_templates/comparators/compconstant/README.md
diff --git a/circuits/basics/compconstant/compconstant.circom b/circuits/basic_templates/comparators/compconstant/compconstant.circom
similarity index 100%
rename from circuits/basics/compconstant/compconstant.circom
rename to circuits/basic_templates/comparators/compconstant/compconstant.circom
diff --git a/circuits/basics/comparators/forceequalifenabled/README.md b/circuits/basic_templates/comparators/forceequalifenabled/README.md
similarity index 100%
rename from circuits/basics/comparators/forceequalifenabled/README.md
rename to circuits/basic_templates/comparators/forceequalifenabled/README.md
diff --git a/circuits/basics/comparators/forceequalifenabled/forceequalifenabled.circom b/circuits/basic_templates/comparators/forceequalifenabled/forceequalifenabled.circom
similarity index 100%
rename from circuits/basics/comparators/forceequalifenabled/forceequalifenabled.circom
rename to circuits/basic_templates/comparators/forceequalifenabled/forceequalifenabled.circom
diff --git a/circuits/basics/comparators/greatereqthan/README.md b/circuits/basic_templates/comparators/greatereqthan/README.md
similarity index 100%
rename from circuits/basics/comparators/greatereqthan/README.md
rename to circuits/basic_templates/comparators/greatereqthan/README.md
diff --git a/circuits/basics/comparators/greatereqthan/greatereqthan.circom b/circuits/basic_templates/comparators/greatereqthan/greatereqthan.circom
similarity index 100%
rename from circuits/basics/comparators/greatereqthan/greatereqthan.circom
rename to circuits/basic_templates/comparators/greatereqthan/greatereqthan.circom
diff --git a/circuits/basic_templates/comparators/greatereqthan/greatereqthan.test.js b/circuits/basic_templates/comparators/greatereqthan/greatereqthan.test.js
new file mode 100644
index 00000000..4ec42f01
--- /dev/null
+++ b/circuits/basic_templates/comparators/greatereqthan/greatereqthan.test.js
@@ -0,0 +1,50 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("Comparators: -Greater or equal than- test", function () {
+
+ this.timeout(100000);passing
+
+ it("Should create a comparison greatereqthan", async() => {
+ const circuit = await tester(path.join(__dirname, "greatereqthan.circom"));
+ passing
+ let witness;
+ witness = await circuit.calculateWitness({ "in": [333,444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in":[1,1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+ });
+});
diff --git a/circuits/basics/comparators/greaterthan/README.md b/circuits/basic_templates/comparators/greaterthan/README.md
similarity index 100%
rename from circuits/basics/comparators/greaterthan/README.md
rename to circuits/basic_templates/comparators/greaterthan/README.md
diff --git a/circuits/basics/comparators/greaterthan/greaterthan.circom b/circuits/basic_templates/comparators/greaterthan/greaterthan.circom
similarity index 100%
rename from circuits/basics/comparators/greaterthan/greaterthan.circom
rename to circuits/basic_templates/comparators/greaterthan/greaterthan.circom
diff --git a/circuits/basics/comparators/isequal/README.md b/circuits/basic_templates/comparators/isequal/README.md
similarity index 100%
rename from circuits/basics/comparators/isequal/README.md
rename to circuits/basic_templates/comparators/isequal/README.md
diff --git a/circuits/basics/comparators/isequal/isequal.circom b/circuits/basic_templates/comparators/isequal/isequal.circom
similarity index 100%
rename from circuits/basics/comparators/isequal/isequal.circom
rename to circuits/basic_templates/comparators/isequal/isequal.circom
diff --git a/circuits/basics/comparators/iszero/README.md b/circuits/basic_templates/comparators/iszero/README.md
similarity index 100%
rename from circuits/basics/comparators/iszero/README.md
rename to circuits/basic_templates/comparators/iszero/README.md
diff --git a/circuits/basics/comparators/iszero/iszero.circom b/circuits/basic_templates/comparators/iszero/iszero.circom
similarity index 100%
rename from circuits/basics/comparators/iszero/iszero.circom
rename to circuits/basic_templates/comparators/iszero/iszero.circom
diff --git a/circuits/basics/comparators/lesseqthan/README.md b/circuits/basic_templates/comparators/lesseqthan/README.md
similarity index 100%
rename from circuits/basics/comparators/lesseqthan/README.md
rename to circuits/basic_templates/comparators/lesseqthan/README.md
diff --git a/circuits/basics/comparators/lesseqthan/lesseqthan.circom b/circuits/basic_templates/comparators/lesseqthan/lesseqthan.circom
similarity index 100%
rename from circuits/basics/comparators/lesseqthan/lesseqthan.circom
rename to circuits/basic_templates/comparators/lesseqthan/lesseqthan.circom
diff --git a/circuits/basics/comparators/lesseqthan/lesseqthan.test.circom b/circuits/basic_templates/comparators/lesseqthan/lesseqthan.test.circom
similarity index 100%
rename from circuits/basics/comparators/lesseqthan/lesseqthan.test.circom
rename to circuits/basic_templates/comparators/lesseqthan/lesseqthan.test.circom
diff --git a/circuits/basics/comparators/lessthan/README.md b/circuits/basic_templates/comparators/lessthan/README.md
similarity index 100%
rename from circuits/basics/comparators/lessthan/README.md
rename to circuits/basic_templates/comparators/lessthan/README.md
diff --git a/circuits/basics/comparators/lessthan/lessthan.circom b/circuits/basic_templates/comparators/lessthan/lessthan.circom
similarity index 100%
rename from circuits/basics/comparators/lessthan/lessthan.circom
rename to circuits/basic_templates/comparators/lessthan/lessthan.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/README.md b/circuits/basic_templates/compconstant/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/README.md
rename to circuits/basic_templates/compconstant/README.md
diff --git a/circuits/basic_templates/compconstant/compconstant.circom b/circuits/basic_templates/compconstant/compconstant.circom
new file mode 100644
index 00000000..aa03ffec
--- /dev/null
+++ b/circuits/basic_templates/compconstant/compconstant.circom
@@ -0,0 +1,73 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../bitify/num2bits/num2bits.circom";
+
+// Returns 1 if in (in binary) > ct
+
+template CompConstant(ct) {
+ signal input in[254];
+ signal output out;
+
+ signal parts[127];
+ signal sout;
+
+ var clsb;
+ var cmsb;
+ var slsb;
+ var smsb;
+
+ var sum=0;
+
+ var b = (1 << 128) -1;
+ var a = 1;
+ var e = 1;
+ var i;
+
+ for (i=0;i<127; i++) {
+ clsb = (ct >> (i*2)) & 1;
+ cmsb = (ct >> (i*2+1)) & 1;
+ slsb = in[i*2];
+ smsb = in[i*2+1];
+
+ if ((cmsb==0)&&(clsb==0)) {
+ parts[i] <== -b*smsb*slsb + b*smsb + b*slsb;
+ } else if ((cmsb==0)&&(clsb==1)) {
+ parts[i] <== a*smsb*slsb - a*slsb + b*smsb - a*smsb + a;
+ } else if ((cmsb==1)&&(clsb==0)) {
+ parts[i] <== b*smsb*slsb - a*smsb + a;
+ } else {
+ parts[i] <== -a*smsb*slsb + a;
+ }
+
+ sum = sum + parts[i];
+
+ b = b -e;
+ a = a +e;
+ e = e*2;
+ }
+
+ sout <== sum;
+
+ component num2bits = Num2Bits(135);
+
+ num2bits.in <== sout;
+
+ out <== num2bits.out[127];
+}
\ No newline at end of file
diff --git a/circuits/basics/logic_gates/README.md b/circuits/basic_templates/logic_gates/README.md
similarity index 100%
rename from circuits/basics/logic_gates/README.md
rename to circuits/basic_templates/logic_gates/README.md
diff --git a/circuits/basics/logic_gates/and/README.md b/circuits/basic_templates/logic_gates/and/README.md
similarity index 100%
rename from circuits/basics/logic_gates/and/README.md
rename to circuits/basic_templates/logic_gates/and/README.md
diff --git a/circuits/basics/logic_gates/and/and.circom b/circuits/basic_templates/logic_gates/and/and.circom
similarity index 100%
rename from circuits/basics/logic_gates/and/and.circom
rename to circuits/basic_templates/logic_gates/and/and.circom
diff --git a/circuits/basics/logic_gates/multiand/README.md b/circuits/basic_templates/logic_gates/multiand/README.md
similarity index 100%
rename from circuits/basics/logic_gates/multiand/README.md
rename to circuits/basic_templates/logic_gates/multiand/README.md
diff --git a/circuits/basics/logic_gates/multiand/multiand.circom b/circuits/basic_templates/logic_gates/multiand/multiand.circom
similarity index 100%
rename from circuits/basics/logic_gates/multiand/multiand.circom
rename to circuits/basic_templates/logic_gates/multiand/multiand.circom
diff --git a/circuits/basics/logic_gates/nand/README.md b/circuits/basic_templates/logic_gates/nand/README.md
similarity index 100%
rename from circuits/basics/logic_gates/nand/README.md
rename to circuits/basic_templates/logic_gates/nand/README.md
diff --git a/circuits/basics/logic_gates/nand/nand.circom b/circuits/basic_templates/logic_gates/nand/nand.circom
similarity index 100%
rename from circuits/basics/logic_gates/nand/nand.circom
rename to circuits/basic_templates/logic_gates/nand/nand.circom
diff --git a/circuits/basics/logic_gates/nor/README.md b/circuits/basic_templates/logic_gates/nor/README.md
similarity index 100%
rename from circuits/basics/logic_gates/nor/README.md
rename to circuits/basic_templates/logic_gates/nor/README.md
diff --git a/circuits/basics/logic_gates/nor/nor.circom b/circuits/basic_templates/logic_gates/nor/nor.circom
similarity index 100%
rename from circuits/basics/logic_gates/nor/nor.circom
rename to circuits/basic_templates/logic_gates/nor/nor.circom
diff --git a/circuits/basics/logic_gates/not/README.md b/circuits/basic_templates/logic_gates/not/README.md
similarity index 100%
rename from circuits/basics/logic_gates/not/README.md
rename to circuits/basic_templates/logic_gates/not/README.md
diff --git a/circuits/basics/logic_gates/not/not.circom b/circuits/basic_templates/logic_gates/not/not.circom
similarity index 100%
rename from circuits/basics/logic_gates/not/not.circom
rename to circuits/basic_templates/logic_gates/not/not.circom
diff --git a/circuits/basics/logic_gates/or/README.md b/circuits/basic_templates/logic_gates/or/README.md
similarity index 100%
rename from circuits/basics/logic_gates/or/README.md
rename to circuits/basic_templates/logic_gates/or/README.md
diff --git a/circuits/basics/logic_gates/or/or.circom b/circuits/basic_templates/logic_gates/or/or.circom
similarity index 100%
rename from circuits/basics/logic_gates/or/or.circom
rename to circuits/basic_templates/logic_gates/or/or.circom
diff --git a/circuits/basics/logic_gates/xor/README.md b/circuits/basic_templates/logic_gates/xor/README.md
similarity index 100%
rename from circuits/basics/logic_gates/xor/README.md
rename to circuits/basic_templates/logic_gates/xor/README.md
diff --git a/circuits/basics/logic_gates/xor/xor.circom b/circuits/basic_templates/logic_gates/xor/xor.circom
similarity index 100%
rename from circuits/basics/logic_gates/xor/xor.circom
rename to circuits/basic_templates/logic_gates/xor/xor.circom
diff --git a/circuits/basics/multiplexer/README.md b/circuits/basic_templates/multiplexer/README.md
similarity index 100%
rename from circuits/basics/multiplexer/README.md
rename to circuits/basic_templates/multiplexer/README.md
diff --git a/circuits/basics/multiplexer/decoder/README.md b/circuits/basic_templates/multiplexer/decoder/README.md
similarity index 100%
rename from circuits/basics/multiplexer/decoder/README.md
rename to circuits/basic_templates/multiplexer/decoder/README.md
diff --git a/circuits/basics/multiplexer/decoder/decoder.circom b/circuits/basic_templates/multiplexer/decoder/decoder.circom
similarity index 100%
rename from circuits/basics/multiplexer/decoder/decoder.circom
rename to circuits/basic_templates/multiplexer/decoder/decoder.circom
diff --git a/circuits/basics/multiplexer/multiplexer/README.md b/circuits/basic_templates/multiplexer/multiplexer/README.md
similarity index 100%
rename from circuits/basics/multiplexer/multiplexer/README.md
rename to circuits/basic_templates/multiplexer/multiplexer/README.md
diff --git a/circuits/basics/multiplexer/multiplexer/multiplexer.circom b/circuits/basic_templates/multiplexer/multiplexer/multiplexer.circom
similarity index 100%
rename from circuits/basics/multiplexer/multiplexer/multiplexer.circom
rename to circuits/basic_templates/multiplexer/multiplexer/multiplexer.circom
diff --git a/circuits/basics/multiplexer/scalarproduct/README.md b/circuits/basic_templates/multiplexer/scalarproduct/README.md
similarity index 100%
rename from circuits/basics/multiplexer/scalarproduct/README.md
rename to circuits/basic_templates/multiplexer/scalarproduct/README.md
diff --git a/circuits/basics/multiplexer/scalarproduct/scalarproduct.circom b/circuits/basic_templates/multiplexer/scalarproduct/scalarproduct.circom
similarity index 100%
rename from circuits/basics/multiplexer/scalarproduct/scalarproduct.circom
rename to circuits/basic_templates/multiplexer/scalarproduct/scalarproduct.circom
diff --git a/circuits/basics/mux/README.md b/circuits/basic_templates/mux/README.md
similarity index 100%
rename from circuits/basics/mux/README.md
rename to circuits/basic_templates/mux/README.md
diff --git a/circuits/basics/mux/multimux1/README.md b/circuits/basic_templates/mux/multimux1/README.md
similarity index 100%
rename from circuits/basics/mux/multimux1/README.md
rename to circuits/basic_templates/mux/multimux1/README.md
diff --git a/circuits/basics/mux/multimux2/README.md b/circuits/basic_templates/mux/multimux2/README.md
similarity index 100%
rename from circuits/basics/mux/multimux2/README.md
rename to circuits/basic_templates/mux/multimux2/README.md
diff --git a/circuits/basics/mux/multimux3/README.md b/circuits/basic_templates/mux/multimux3/README.md
similarity index 100%
rename from circuits/basics/mux/multimux3/README.md
rename to circuits/basic_templates/mux/multimux3/README.md
diff --git a/circuits/basics/mux/multimux4/README.md b/circuits/basic_templates/mux/multimux4/README.md
similarity index 100%
rename from circuits/basics/mux/multimux4/README.md
rename to circuits/basic_templates/mux/multimux4/README.md
diff --git a/circuits/basics/mux/mux1/README.md b/circuits/basic_templates/mux/mux1/README.md
similarity index 100%
rename from circuits/basics/mux/mux1/README.md
rename to circuits/basic_templates/mux/mux1/README.md
diff --git a/circuits/basics/mux/mux1/mux1.circom b/circuits/basic_templates/mux/mux1/mux1.circom
similarity index 100%
rename from circuits/basics/mux/mux1/mux1.circom
rename to circuits/basic_templates/mux/mux1/mux1.circom
diff --git a/circuits/basics/mux/mux1/mux1_1.circom b/circuits/basic_templates/mux/mux1/mux1_1.circom
similarity index 100%
rename from circuits/basics/mux/mux1/mux1_1.circom
rename to circuits/basic_templates/mux/mux1/mux1_1.circom
diff --git a/circuits/basics/mux/mux2/README.md b/circuits/basic_templates/mux/mux2/README.md
similarity index 100%
rename from circuits/basics/mux/mux2/README.md
rename to circuits/basic_templates/mux/mux2/README.md
diff --git a/circuits/basics/mux/mux2/mux2.circom b/circuits/basic_templates/mux/mux2/mux2.circom
similarity index 100%
rename from circuits/basics/mux/mux2/mux2.circom
rename to circuits/basic_templates/mux/mux2/mux2.circom
diff --git a/circuits/basics/mux/mux2/mux2_1.circom b/circuits/basic_templates/mux/mux2/mux2_1.circom
similarity index 100%
rename from circuits/basics/mux/mux2/mux2_1.circom
rename to circuits/basic_templates/mux/mux2/mux2_1.circom
diff --git a/circuits/basics/mux/mux3/README.md b/circuits/basic_templates/mux/mux3/README.md
similarity index 100%
rename from circuits/basics/mux/mux3/README.md
rename to circuits/basic_templates/mux/mux3/README.md
diff --git a/circuits/basics/mux/mux3/mux3.circom b/circuits/basic_templates/mux/mux3/mux3.circom
similarity index 100%
rename from circuits/basics/mux/mux3/mux3.circom
rename to circuits/basic_templates/mux/mux3/mux3.circom
diff --git a/circuits/basics/mux/mux3/mux3_1.circom b/circuits/basic_templates/mux/mux3/mux3_1.circom
similarity index 100%
rename from circuits/basics/mux/mux3/mux3_1.circom
rename to circuits/basic_templates/mux/mux3/mux3_1.circom
diff --git a/circuits/basics/mux/mux4/README.md b/circuits/basic_templates/mux/mux4/README.md
similarity index 100%
rename from circuits/basics/mux/mux4/README.md
rename to circuits/basic_templates/mux/mux4/README.md
diff --git a/circuits/basics/mux/mux4/mux4.circom b/circuits/basic_templates/mux/mux4/mux4.circom
similarity index 100%
rename from circuits/basics/mux/mux4/mux4.circom
rename to circuits/basic_templates/mux/mux4/mux4.circom
diff --git a/circuits/basics/mux/mux4/mux4_1.circom b/circuits/basic_templates/mux/mux4/mux4_1.circom
similarity index 100%
rename from circuits/basics/mux/mux4/mux4_1.circom
rename to circuits/basic_templates/mux/mux4/mux4_1.circom
diff --git a/circuits/basics/old_README.md b/circuits/basic_templates/old_README.md
similarity index 100%
rename from circuits/basics/old_README.md
rename to circuits/basic_templates/old_README.md
diff --git a/circuits/basics/sign/README.md b/circuits/basic_templates/sign/README.md
similarity index 100%
rename from circuits/basics/sign/README.md
rename to circuits/basic_templates/sign/README.md
diff --git a/circuits/basics/sign/sign.circom b/circuits/basic_templates/sign/sign.circom
similarity index 100%
rename from circuits/basics/sign/sign.circom
rename to circuits/basic_templates/sign/sign.circom
diff --git a/circuits/basics/switcher/README.md b/circuits/basic_templates/switcher/README.md
similarity index 100%
rename from circuits/basics/switcher/README.md
rename to circuits/basic_templates/switcher/README.md
diff --git a/circuits/basics/switcher/switcher.circom b/circuits/basic_templates/switcher/switcher.circom
similarity index 100%
rename from circuits/basics/switcher/switcher.circom
rename to circuits/basic_templates/switcher/switcher.circom
diff --git a/circuits/basics/comparators/greatereqthan/greatereqthan.test.circom b/circuits/basics/comparators/greatereqthan/greatereqthan.test.circom
deleted file mode 100644
index 3428ac27..00000000
--- a/circuits/basics/comparators/greatereqthan/greatereqthan.test.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../../circuits/comparators.circom";
-
-component main = GreaterEqThan(32);
diff --git a/circuits/basics/comparators/greaterthan/greaterthan.test.circom b/circuits/basics/comparators/greaterthan/greaterthan.test.circom
deleted file mode 100644
index b890ba81..00000000
--- a/circuits/basics/comparators/greaterthan/greaterthan.test.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../../circuits/comparators.circom";
-
-component main = GreaterThan(32);
diff --git a/circuits/basics/comparators/isequal/isequal.test.circom b/circuits/basics/comparators/isequal/isequal.test.circom
deleted file mode 100644
index c14d506f..00000000
--- a/circuits/basics/comparators/isequal/isequal.test.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../../circuits/comparators.circom";
-
-component main = IsEqual();
diff --git a/circuits/basics/comparators/iszero/iszero.test.circom b/circuits/basics/comparators/iszero/iszero.test.circom
deleted file mode 100644
index 0ca0589f..00000000
--- a/circuits/basics/comparators/iszero/iszero.test.circom
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-include "../../circuits/comparators.circom";
-
-component main = IsZero();
diff --git a/circuits/basics/comparators/lessthan/lessthan.test.circom b/circuits/basics/comparators/lessthan/lessthan.test.circom
deleted file mode 100644
index 63944f2e..00000000
--- a/circuits/basics/comparators/lessthan/lessthan.test.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../../circuits/comparators.circom";
-
-component main = LessThan(32);
diff --git a/circuits/cryptography/README.md b/circuits/crypto_templates/README.md
similarity index 97%
rename from circuits/cryptography/README.md
rename to circuits/crypto_templates/README.md
index 1525c38b..5df63f14 100644
--- a/circuits/cryptography/README.md
+++ b/circuits/crypto_templates/README.md
@@ -1,4 +1,4 @@
-# `cryptography`
+# `crypto_templates`
This folder contains the templates to compute cryptographic functions, such as hash functions and signatures.
diff --git a/circuits/cryptography/elliptic_curves/README.md b/circuits/crypto_templates/elliptic_curves/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/README.md
rename to circuits/crypto_templates/elliptic_curves/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/babyjub.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/babyjub.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/babyjub.test.js b/circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub.test.js
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/babyjub.test.js
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub.test.js
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/babyjub_js.test.js b/circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub_js.test.js
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/babyjub_js.test.js
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub_js.test.js
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/babydbl.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babydbl.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl/babydbl.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babydbl.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk_test.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk_test.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk_test.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk_test.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/README.md
new file mode 100644
index 00000000..e69de29b
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/edwards2montgomery/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards2montgomery/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/edwards2montgomery/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards2montgomery/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmul.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmul.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/escalarmul.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmul.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulany.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmulany.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulany.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmulany.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulfix.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmulfix.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulfix.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmulfix.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulw4table.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmulw4table.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/escalarmulw4table.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmulw4table.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/montgomery.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery.circom
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/montgomery2edwards/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery2edwards/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/montgomery2edwards/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery2edwards/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/point2bits/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/point2bits/README.md
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/point2bits/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/point2bits/README.md
diff --git a/circuits/cryptography/elliptic_curves/baby_jubjub/point2bits/pointbits.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/point2bits/pointbits.circom
similarity index 100%
rename from circuits/cryptography/elliptic_curves/baby_jubjub/point2bits/pointbits.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/point2bits/pointbits.circom
diff --git a/circuits/cryptography/hash_functions/README.md b/circuits/crypto_templates/hash_functions/README.md
similarity index 100%
rename from circuits/cryptography/hash_functions/README.md
rename to circuits/crypto_templates/hash_functions/README.md
diff --git a/circuits/cryptography/hash_functions/mimc/README.md b/circuits/crypto_templates/hash_functions/mimc/README.md
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/README.md
rename to circuits/crypto_templates/hash_functions/mimc/README.md
diff --git a/circuits/cryptography/hash_functions/mimc/mimc7/README.md b/circuits/crypto_templates/hash_functions/mimc/mimc7/README.md
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/mimc7/README.md
rename to circuits/crypto_templates/hash_functions/mimc/mimc7/README.md
diff --git a/circuits/cryptography/hash_functions/mimc/mimc7/mimc.circom b/circuits/crypto_templates/hash_functions/mimc/mimc7/mimc.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/mimc7/mimc.circom
rename to circuits/crypto_templates/hash_functions/mimc/mimc7/mimc.circom
diff --git a/circuits/cryptography/hash_functions/mimc/mimc7/mimc_test.circom b/circuits/crypto_templates/hash_functions/mimc/mimc7/mimc_test.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/mimc7/mimc_test.circom
rename to circuits/crypto_templates/hash_functions/mimc/mimc7/mimc_test.circom
diff --git a/circuits/cryptography/hash_functions/mimc/mimc7/mimccircuit.test.js b/circuits/crypto_templates/hash_functions/mimc/mimc7/mimccircuit.test.js
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/mimc7/mimccircuit.test.js
rename to circuits/crypto_templates/hash_functions/mimc/mimc7/mimccircuit.test.js
diff --git a/circuits/cryptography/hash_functions/mimc/mimc7/mimccontract.test.js b/circuits/crypto_templates/hash_functions/mimc/mimc7/mimccontract.test.js
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/mimc7/mimccontract.test.js
rename to circuits/crypto_templates/hash_functions/mimc/mimc7/mimccontract.test.js
diff --git a/circuits/cryptography/hash_functions/mimc/mimcfeistel/README.md b/circuits/crypto_templates/hash_functions/mimc/mimcfeistel/README.md
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/mimcfeistel/README.md
rename to circuits/crypto_templates/hash_functions/mimc/mimcfeistel/README.md
diff --git a/circuits/cryptography/hash_functions/mimc/mimcsponge/README.md b/circuits/crypto_templates/hash_functions/mimc/mimcsponge/README.md
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/mimcsponge/README.md
rename to circuits/crypto_templates/hash_functions/mimc/mimcsponge/README.md
diff --git a/circuits/cryptography/hash_functions/mimc/mimcsponge/mimc_sponge_hash_test.circom b/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimc_sponge_hash_test.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/mimcsponge/mimc_sponge_hash_test.circom
rename to circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimc_sponge_hash_test.circom
diff --git a/circuits/cryptography/hash_functions/mimc/mimcsponge/mimc_sponge_test.circom b/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimc_sponge_test.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/mimcsponge/mimc_sponge_test.circom
rename to circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimc_sponge_test.circom
diff --git a/circuits/cryptography/hash_functions/mimc/mimcsponge/mimcsponge.circom b/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcsponge.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/mimcsponge/mimcsponge.circom
rename to circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcsponge.circom
diff --git a/circuits/cryptography/hash_functions/mimc/mimcsponge/mimcspongecircuit.test.js b/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcspongecircuit.test.js
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/mimcsponge/mimcspongecircuit.test.js
rename to circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcspongecircuit.test.js
diff --git a/circuits/cryptography/hash_functions/mimc/mimcsponge/mimcspongecontract.test.js b/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcspongecontract.test.js
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/mimcsponge/mimcspongecontract.test.js
rename to circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcspongecontract.test.js
diff --git a/circuits/cryptography/hash_functions/mimc/multimimc7/README.md b/circuits/crypto_templates/hash_functions/mimc/multimimc7/README.md
similarity index 100%
rename from circuits/cryptography/hash_functions/mimc/multimimc7/README.md
rename to circuits/crypto_templates/hash_functions/mimc/multimimc7/README.md
diff --git a/circuits/cryptography/hash_functions/pedersen/README.md b/circuits/crypto_templates/hash_functions/pedersen/README.md
similarity index 100%
rename from circuits/cryptography/hash_functions/pedersen/README.md
rename to circuits/crypto_templates/hash_functions/pedersen/README.md
diff --git a/circuits/cryptography/hash_functions/pedersen/pedersen.test.js b/circuits/crypto_templates/hash_functions/pedersen/pedersen.test.js
similarity index 100%
rename from circuits/cryptography/hash_functions/pedersen/pedersen.test.js
rename to circuits/crypto_templates/hash_functions/pedersen/pedersen.test.js
diff --git a/circuits/cryptography/hash_functions/pedersen/pedersen/pedersen.circom b/circuits/crypto_templates/hash_functions/pedersen/pedersen/pedersen.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/pedersen/pedersen/pedersen.circom
rename to circuits/crypto_templates/hash_functions/pedersen/pedersen/pedersen.circom
diff --git a/circuits/cryptography/hash_functions/pedersen/pedersen2.test.js b/circuits/crypto_templates/hash_functions/pedersen/pedersen2.test.js
similarity index 100%
rename from circuits/cryptography/hash_functions/pedersen/pedersen2.test.js
rename to circuits/crypto_templates/hash_functions/pedersen/pedersen2.test.js
diff --git a/circuits/cryptography/hash_functions/pedersen/pedersen2_test.circom b/circuits/crypto_templates/hash_functions/pedersen/pedersen2_test.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/pedersen/pedersen2_test.circom
rename to circuits/crypto_templates/hash_functions/pedersen/pedersen2_test.circom
diff --git a/circuits/cryptography/hash_functions/pedersen/pedersen_old/pedersen_old.circom b/circuits/crypto_templates/hash_functions/pedersen/pedersen_old/pedersen_old.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/pedersen/pedersen_old/pedersen_old.circom
rename to circuits/crypto_templates/hash_functions/pedersen/pedersen_old/pedersen_old.circom
diff --git a/circuits/cryptography/hash_functions/pedersen/pedersen_test.circom b/circuits/crypto_templates/hash_functions/pedersen/pedersen_test.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/pedersen/pedersen_test.circom
rename to circuits/crypto_templates/hash_functions/pedersen/pedersen_test.circom
diff --git a/circuits/cryptography/hash_functions/poseidon/README.md b/circuits/crypto_templates/hash_functions/poseidon/README.md
similarity index 100%
rename from circuits/cryptography/hash_functions/poseidon/README.md
rename to circuits/crypto_templates/hash_functions/poseidon/README.md
diff --git a/circuits/cryptography/hash_functions/poseidon/poseidon.circom b/circuits/crypto_templates/hash_functions/poseidon/poseidon.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/poseidon/poseidon.circom
rename to circuits/crypto_templates/hash_functions/poseidon/poseidon.circom
diff --git a/circuits/cryptography/hash_functions/poseidon/poseidon3_test.circom b/circuits/crypto_templates/hash_functions/poseidon/poseidon3_test.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/poseidon/poseidon3_test.circom
rename to circuits/crypto_templates/hash_functions/poseidon/poseidon3_test.circom
diff --git a/circuits/cryptography/hash_functions/poseidon/poseidon6_test.circom b/circuits/crypto_templates/hash_functions/poseidon/poseidon6_test.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/poseidon/poseidon6_test.circom
rename to circuits/crypto_templates/hash_functions/poseidon/poseidon6_test.circom
diff --git a/circuits/cryptography/hash_functions/poseidon/poseidoncircuit.test.js b/circuits/crypto_templates/hash_functions/poseidon/poseidoncircuit.test.js
similarity index 100%
rename from circuits/cryptography/hash_functions/poseidon/poseidoncircuit.test.js
rename to circuits/crypto_templates/hash_functions/poseidon/poseidoncircuit.test.js
diff --git a/circuits/cryptography/hash_functions/poseidon/poseidoncontract.test.js b/circuits/crypto_templates/hash_functions/poseidon/poseidoncontract.test.js
similarity index 100%
rename from circuits/cryptography/hash_functions/poseidon/poseidoncontract.test.js
rename to circuits/crypto_templates/hash_functions/poseidon/poseidoncontract.test.js
diff --git a/circuits/cryptography/hash_functions/sha256/README.md b/circuits/crypto_templates/hash_functions/sha256/README.md
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/README.md
rename to circuits/crypto_templates/hash_functions/sha256/README.md
diff --git a/circuits/cryptography/hash_functions/sha256/ch.circom b/circuits/crypto_templates/hash_functions/sha256/ch.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/ch.circom
rename to circuits/crypto_templates/hash_functions/sha256/ch.circom
diff --git a/circuits/cryptography/hash_functions/sha256/constants.circom b/circuits/crypto_templates/hash_functions/sha256/constants.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/constants.circom
rename to circuits/crypto_templates/hash_functions/sha256/constants.circom
diff --git a/circuits/cryptography/hash_functions/sha256/constants_test.circom b/circuits/crypto_templates/hash_functions/sha256/constants_test.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/constants_test.circom
rename to circuits/crypto_templates/hash_functions/sha256/constants_test.circom
diff --git a/circuits/cryptography/hash_functions/sha256/main.circom b/circuits/crypto_templates/hash_functions/sha256/main.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/main.circom
rename to circuits/crypto_templates/hash_functions/sha256/main.circom
diff --git a/circuits/cryptography/hash_functions/sha256/maj.circom b/circuits/crypto_templates/hash_functions/sha256/maj.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/maj.circom
rename to circuits/crypto_templates/hash_functions/sha256/maj.circom
diff --git a/circuits/cryptography/hash_functions/sha256/rotate.circom b/circuits/crypto_templates/hash_functions/sha256/rotate.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/rotate.circom
rename to circuits/crypto_templates/hash_functions/sha256/rotate.circom
diff --git a/circuits/cryptography/hash_functions/sha256/sha256.circom b/circuits/crypto_templates/hash_functions/sha256/sha256.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/sha256.circom
rename to circuits/crypto_templates/hash_functions/sha256/sha256.circom
diff --git a/circuits/cryptography/hash_functions/sha256/sha256_2.circom b/circuits/crypto_templates/hash_functions/sha256/sha256_2.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/sha256_2.circom
rename to circuits/crypto_templates/hash_functions/sha256/sha256_2.circom
diff --git a/circuits/cryptography/hash_functions/sha256/sha256compression.circom b/circuits/crypto_templates/hash_functions/sha256/sha256compression.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/sha256compression.circom
rename to circuits/crypto_templates/hash_functions/sha256/sha256compression.circom
diff --git a/circuits/cryptography/hash_functions/sha256/shift.circom b/circuits/crypto_templates/hash_functions/sha256/shift.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/shift.circom
rename to circuits/crypto_templates/hash_functions/sha256/shift.circom
diff --git a/circuits/cryptography/hash_functions/sha256/sigma.circom b/circuits/crypto_templates/hash_functions/sha256/sigma.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/sigma.circom
rename to circuits/crypto_templates/hash_functions/sha256/sigma.circom
diff --git a/circuits/cryptography/hash_functions/sha256/sigmaplus.circom b/circuits/crypto_templates/hash_functions/sha256/sigmaplus.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/sigmaplus.circom
rename to circuits/crypto_templates/hash_functions/sha256/sigmaplus.circom
diff --git a/circuits/cryptography/hash_functions/sha256/t1.circom b/circuits/crypto_templates/hash_functions/sha256/t1.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/t1.circom
rename to circuits/crypto_templates/hash_functions/sha256/t1.circom
diff --git a/circuits/cryptography/hash_functions/sha256/t2.circom b/circuits/crypto_templates/hash_functions/sha256/t2.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/t2.circom
rename to circuits/crypto_templates/hash_functions/sha256/t2.circom
diff --git a/circuits/cryptography/hash_functions/sha256/xor3.circom b/circuits/crypto_templates/hash_functions/sha256/xor3.circom
similarity index 100%
rename from circuits/cryptography/hash_functions/sha256/xor3.circom
rename to circuits/crypto_templates/hash_functions/sha256/xor3.circom
diff --git a/circuits/cryptography/signatures/README.md b/circuits/crypto_templates/signatures/README.md
similarity index 100%
rename from circuits/cryptography/signatures/README.md
rename to circuits/crypto_templates/signatures/README.md
diff --git a/circuits/cryptography/signatures/eddsa/README.md b/circuits/crypto_templates/signatures/eddsa/README.md
similarity index 100%
rename from circuits/cryptography/signatures/eddsa/README.md
rename to circuits/crypto_templates/signatures/eddsa/README.md
diff --git a/circuits/cryptography/signatures/eddsa/eddsa/eddsa.circom b/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa.circom
similarity index 100%
rename from circuits/cryptography/signatures/eddsa/eddsa/eddsa.circom
rename to circuits/crypto_templates/signatures/eddsa/eddsa/eddsa.circom
diff --git a/circuits/cryptography/signatures/eddsa/eddsa/eddsa.test.js b/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa.test.js
similarity index 100%
rename from circuits/cryptography/signatures/eddsa/eddsa/eddsa.test.js
rename to circuits/crypto_templates/signatures/eddsa/eddsa/eddsa.test.js
diff --git a/circuits/cryptography/signatures/eddsa/eddsa/eddsa_js.test.js b/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa_js.test.js
similarity index 100%
rename from circuits/cryptography/signatures/eddsa/eddsa/eddsa_js.test.js
rename to circuits/crypto_templates/signatures/eddsa/eddsa/eddsa_js.test.js
diff --git a/circuits/cryptography/signatures/eddsa/eddsa/eddsa_test.circom b/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa_test.circom
similarity index 100%
rename from circuits/cryptography/signatures/eddsa/eddsa/eddsa_test.circom
rename to circuits/crypto_templates/signatures/eddsa/eddsa/eddsa_test.circom
diff --git a/circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc.circom b/circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc.circom
similarity index 100%
rename from circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc.circom
rename to circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc.circom
diff --git a/circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc.test.js b/circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc.test.js
similarity index 100%
rename from circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc.test.js
rename to circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc.test.js
diff --git a/circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc_test.circom b/circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc_test.circom
similarity index 100%
rename from circuits/cryptography/signatures/eddsa/eddsamimc/eddsamimc_test.circom
rename to circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc_test.circom
diff --git a/circuits/cryptography/signatures/eddsa/eddsamimcsponge/eddsamimcsponge.circom b/circuits/crypto_templates/signatures/eddsa/eddsamimcsponge/eddsamimcsponge.circom
similarity index 100%
rename from circuits/cryptography/signatures/eddsa/eddsamimcsponge/eddsamimcsponge.circom
rename to circuits/crypto_templates/signatures/eddsa/eddsamimcsponge/eddsamimcsponge.circom
diff --git a/circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon.circom b/circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon.circom
similarity index 100%
rename from circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon.circom
rename to circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon.circom
diff --git a/circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon.test.js b/circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon.test.js
similarity index 100%
rename from circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon.test.js
rename to circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon.test.js
diff --git a/circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon_test.circom b/circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon_test.circom
similarity index 100%
rename from circuits/cryptography/signatures/eddsa/eddsaposeidon/eddsaposeidon_test.circom
rename to circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon_test.circom
diff --git a/circuits/cryptography/smt/README.md b/circuits/crypto_templates/smt/README.md
similarity index 100%
rename from circuits/cryptography/smt/README.md
rename to circuits/crypto_templates/smt/README.md
diff --git a/circuits/cryptography/smt/smthash_mimc.circom b/circuits/crypto_templates/smt/smthash_mimc.circom
similarity index 100%
rename from circuits/cryptography/smt/smthash_mimc.circom
rename to circuits/crypto_templates/smt/smthash_mimc.circom
diff --git a/circuits/cryptography/smt/smthash_poseidon.circom b/circuits/crypto_templates/smt/smthash_poseidon.circom
similarity index 100%
rename from circuits/cryptography/smt/smthash_poseidon.circom
rename to circuits/crypto_templates/smt/smthash_poseidon.circom
diff --git a/circuits/cryptography/smt/smtjs.test.js b/circuits/crypto_templates/smt/smtjs.test.js
similarity index 100%
rename from circuits/cryptography/smt/smtjs.test.js
rename to circuits/crypto_templates/smt/smtjs.test.js
diff --git a/circuits/cryptography/smt/smtlevins.circom b/circuits/crypto_templates/smt/smtlevins.circom
similarity index 100%
rename from circuits/cryptography/smt/smtlevins.circom
rename to circuits/crypto_templates/smt/smtlevins.circom
diff --git a/circuits/cryptography/smt/smtprocessor.circom b/circuits/crypto_templates/smt/smtprocessor.circom
similarity index 100%
rename from circuits/cryptography/smt/smtprocessor.circom
rename to circuits/crypto_templates/smt/smtprocessor.circom
diff --git a/circuits/cryptography/smt/smtprocessor.test.js b/circuits/crypto_templates/smt/smtprocessor.test.js
similarity index 100%
rename from circuits/cryptography/smt/smtprocessor.test.js
rename to circuits/crypto_templates/smt/smtprocessor.test.js
diff --git a/circuits/cryptography/smt/smtprocessor10_test.circom b/circuits/crypto_templates/smt/smtprocessor10_test.circom
similarity index 100%
rename from circuits/cryptography/smt/smtprocessor10_test.circom
rename to circuits/crypto_templates/smt/smtprocessor10_test.circom
diff --git a/circuits/cryptography/smt/smtprocessorlevel.circom b/circuits/crypto_templates/smt/smtprocessorlevel.circom
similarity index 100%
rename from circuits/cryptography/smt/smtprocessorlevel.circom
rename to circuits/crypto_templates/smt/smtprocessorlevel.circom
diff --git a/circuits/cryptography/smt/smtprocessorsm.circom b/circuits/crypto_templates/smt/smtprocessorsm.circom
similarity index 100%
rename from circuits/cryptography/smt/smtprocessorsm.circom
rename to circuits/crypto_templates/smt/smtprocessorsm.circom
diff --git a/circuits/cryptography/smt/smtverifier.circom b/circuits/crypto_templates/smt/smtverifier.circom
similarity index 100%
rename from circuits/cryptography/smt/smtverifier.circom
rename to circuits/crypto_templates/smt/smtverifier.circom
diff --git a/circuits/cryptography/smt/smtverifier.test.js b/circuits/crypto_templates/smt/smtverifier.test.js
similarity index 100%
rename from circuits/cryptography/smt/smtverifier.test.js
rename to circuits/crypto_templates/smt/smtverifier.test.js
diff --git a/circuits/cryptography/smt/smtverifier10_test.circom b/circuits/crypto_templates/smt/smtverifier10_test.circom
similarity index 100%
rename from circuits/cryptography/smt/smtverifier10_test.circom
rename to circuits/crypto_templates/smt/smtverifier10_test.circom
diff --git a/circuits/cryptography/smt/smtverifierlevel.circom b/circuits/crypto_templates/smt/smtverifierlevel.circom
similarity index 100%
rename from circuits/cryptography/smt/smtverifierlevel.circom
rename to circuits/crypto_templates/smt/smtverifierlevel.circom
diff --git a/circuits/cryptography/smt/smtverifiersm.circom b/circuits/crypto_templates/smt/smtverifiersm.circom
similarity index 100%
rename from circuits/cryptography/smt/smtverifiersm.circom
rename to circuits/crypto_templates/smt/smtverifiersm.circom
diff --git a/package-lock.json b/package-lock.json
index e4ef8fd4..aef7ce5b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -870,9 +870,9 @@
"integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU="
},
"decompress": {
- "version": "4.2.0",
- "resolved": "https://registry.npmjs.org/decompress/-/decompress-4.2.0.tgz",
- "integrity": "sha1-eu3YVCflqS2s/lVnSnxQXpbQH50=",
+ "version": "4.2.1",
+ "resolved": "https://registry.npmjs.org/decompress/-/decompress-4.2.1.tgz",
+ "integrity": "sha512-e48kc2IjU+2Zw8cTb6VZcJQ3lgVbS4uuB1TfCHbiZIP/haNXm+SVyhu+87jts5/3ROpd82GSVCoNs/z8l4ZOaQ==",
"requires": {
"decompress-tar": "^4.0.0",
"decompress-tarbz2": "^4.0.0",
@@ -4639,24 +4639,46 @@
"strip-ansi": "^6.0.0"
}
},
+ "string.prototype.trimend": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.0.tgz",
+ "integrity": "sha512-EEJnGqa/xNfIg05SxiPSqRS7S9qwDhYts1TSLR1BQfYUfPe1stofgGKvwERK9+9yf+PpfBMlpBaCHucXGPQfUA==",
+ "dev": true,
+ "requires": {
+ "define-properties": "^1.1.3",
+ "es-abstract": "^1.17.5"
+ }
+ },
"string.prototype.trimleft": {
- "version": "2.1.1",
- "resolved": "https://registry.npmjs.org/string.prototype.trimleft/-/string.prototype.trimleft-2.1.1.tgz",
- "integrity": "sha512-iu2AGd3PuP5Rp7x2kEZCrB2Nf41ehzh+goo8TV7z8/XDBbsvc6HQIlUl9RjkZ4oyrW1XM5UwlGl1oVEaDjg6Ag==",
+ "version": "2.1.2",
+ "resolved": "https://registry.npmjs.org/string.prototype.trimleft/-/string.prototype.trimleft-2.1.2.tgz",
+ "integrity": "sha512-gCA0tza1JBvqr3bfAIFJGqfdRTyPae82+KTnm3coDXkZN9wnuW3HjGgN386D7hfv5CHQYCI022/rJPVlqXyHSw==",
"dev": true,
"requires": {
"define-properties": "^1.1.3",
- "function-bind": "^1.1.1"
+ "es-abstract": "^1.17.5",
+ "string.prototype.trimstart": "^1.0.0"
}
},
"string.prototype.trimright": {
- "version": "2.1.1",
- "resolved": "https://registry.npmjs.org/string.prototype.trimright/-/string.prototype.trimright-2.1.1.tgz",
- "integrity": "sha512-qFvWL3/+QIgZXVmJBfpHmxLB7xsUXz6HsUmP8+5dRaC3Q7oKUv9Vo6aMCRZC1smrtyECFsIT30PqBJ1gTjAs+g==",
+ "version": "2.1.2",
+ "resolved": "https://registry.npmjs.org/string.prototype.trimright/-/string.prototype.trimright-2.1.2.tgz",
+ "integrity": "sha512-ZNRQ7sY3KroTaYjRS6EbNiiHrOkjihL9aQE/8gfQ4DtAC/aEBRHFJa44OmoWxGGqXuJlfKkZW4WcXErGr+9ZFg==",
"dev": true,
"requires": {
"define-properties": "^1.1.3",
- "function-bind": "^1.1.1"
+ "es-abstract": "^1.17.5",
+ "string.prototype.trimend": "^1.0.0"
+ }
+ },
+ "string.prototype.trimstart": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.0.tgz",
+ "integrity": "sha512-iCP8g01NFYiiBOnwG1Xc3WZLyoo+RuBymwIlWncShXDDJYWN6DbnM3odslBJdgCdRlq94B5s63NWAZlcn2CS4w==",
+ "dev": true,
+ "requires": {
+ "define-properties": "^1.1.3",
+ "es-abstract": "^1.17.5"
}
},
"string_decoder": {
@@ -4995,9 +5017,9 @@
"integrity": "sha512-UIEXBNeYmKptWH6z8ZnqTeS8fV74zG0/eRU9VGkpzz+LIJNs8W/zM/L+7ctCkRrgbNnnR0xxw4bKOr0cW0N0Og=="
},
"unbzip2-stream": {
- "version": "1.3.3",
- "resolved": "https://registry.npmjs.org/unbzip2-stream/-/unbzip2-stream-1.3.3.tgz",
- "integrity": "sha512-fUlAF7U9Ah1Q6EieQ4x4zLNejrRvDWUYmxXUpN3uziFYCHapjWFaCAnreY9bGgxzaMCFAPPpYNng57CypwJVhg==",
+ "version": "1.4.0",
+ "resolved": "https://registry.npmjs.org/unbzip2-stream/-/unbzip2-stream-1.4.0.tgz",
+ "integrity": "sha512-kVx7CDAsdBSWVf404Mw7oI9i09w5/mTT/Ruk+RWa64PLYKvsAucLLFHvQtnvjeADM4ZizxrvG5SHnF4Te4T2Cg==",
"requires": {
"buffer": "^5.2.1",
"through": "^2.3.8"
diff --git a/test/circuits/sign_test.circom b/test/circuits/sign_test.circom
deleted file mode 100644
index e6a6e3b6..00000000
--- a/test/circuits/sign_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/sign.circom";
-
-component main = Sign();
diff --git a/test/sign.test.js b/test/sign.test.js
index b3e9452b..6fb9db2b 100644
--- a/test/sign.test.js
+++ b/test/sign.test.js
@@ -25,7 +25,7 @@ describe("Sign test", function() {
this.timeout(100000);
before( async() => {
- circuit = await tester(path.join(__dirname, "circuits", "sign_test.circom"));
+ circuit = await tester(path.join(__dirname, "sign_test.circom"));
});
it("Sign of 0", async () => {
diff --git a/test/sign_test.circom b/test/sign_test.circom
index e6a6e3b6..46991cbb 100644
--- a/test/sign_test.circom
+++ b/test/sign_test.circom
@@ -1,3 +1,3 @@
-include "../../circuits/sign.circom";
+include "../circuits/basic_templates/sign/sign.circom";
component main = Sign();
From 36b4d9aba96f728eb445a149fcadec13dd1f073b Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Tue, 7 Apr 2020 18:26:35 +0200
Subject: [PATCH 11/27] Worked on descriptions + unitary tests
---
README.md | 83 +------------------
circuits/basic_templates/README.md | 4 +
circuits/basic_templates/aliascheck/README.md | 14 ++--
.../aliascheck/aliascheck_test.circom | 3 -
.../binary_arithmetic/README.md | 2 +-
.../binary_arithmetic/binsub/README.md | 46 +++++++---
.../binary_arithmetic/binsub/binsub.circom | 22 -----
.../binary_arithmetic/binsum/README.md | 55 ++++++++++--
.../binary_arithmetic/binsum/binsum.circom | 36 +-------
.../binary_arithmetic/binsum/binsum.test.js | 37 ---------
circuits/basic_templates/bitify/README.md | 2 +-
.../basic_templates/bitify/bits2num/README.md | 19 +++--
.../aliascheck => test}/aliascheck.test.js | 0
test/aliascheck_test.circom | 3 +
.../binsub => test}/binsub.test.js | 2 +-
.../binsub => test}/binsub_test.circom | 5 +-
test/binsum.test.js | 25 ++++++
test/{sum_test.circom => binsum_test.circom} | 5 +-
test/constants.circom | 52 ++++++++++++
test/constants.test.js | 26 ++++++
test/{circuits => }/constants_test.circom | 2 +-
test/greatereqthan.test.js | 50 +++++++++++
test/greatereqthan_test.circom | 4 +
test/greaterthan.test.js | 51 ++++++++++++
test/greaterthan_test.circom | 4 +
test/isequal.test.js | 26 ++++++
test/isequal_test.circom | 3 +
test/iszero.test.js | 26 ++++++
test/iszero_test.circom | 3 +
test/lesseqthan.test.js | 51 ++++++++++++
test/lesseqthan_test.circom | 4 +
test/lessthan.test.js | 50 +++++++++++
test/lessthan_test.circom | 4 +
33 files changed, 499 insertions(+), 220 deletions(-)
delete mode 100644 circuits/basic_templates/aliascheck/aliascheck_test.circom
delete mode 100644 circuits/basic_templates/binary_arithmetic/binsum/binsum.test.js
rename {circuits/basic_templates/aliascheck => test}/aliascheck.test.js (100%)
create mode 100644 test/aliascheck_test.circom
rename {circuits/basic_templates/binary_arithmetic/binsub => test}/binsub.test.js (94%)
rename {circuits/basic_templates/binary_arithmetic/binsub => test}/binsub_test.circom (69%)
create mode 100644 test/binsum.test.js
rename test/{sum_test.circom => binsum_test.circom} (69%)
create mode 100644 test/constants.circom
create mode 100644 test/constants.test.js
rename test/{circuits => }/constants_test.circom (82%)
create mode 100644 test/greatereqthan.test.js
create mode 100644 test/greatereqthan_test.circom
create mode 100644 test/greaterthan.test.js
create mode 100644 test/greaterthan_test.circom
create mode 100644 test/isequal.test.js
create mode 100644 test/isequal_test.circom
create mode 100644 test/iszero.test.js
create mode 100644 test/iszero_test.circom
create mode 100644 test/lesseqthan.test.js
create mode 100644 test/lesseqthan_test.circom
create mode 100644 test/lessthan.test.js
create mode 100644 test/lessthan_test.circom
diff --git a/README.md b/README.md
index c8458097..ee3df97a 100644
--- a/README.md
+++ b/README.md
@@ -18,85 +18,4 @@ This respository contains 5 folders:
A description of the specific circuit templates for the `circuit` folder will be soon updated.
-## Structure of the Library (circuits)
-
-- [`basics`](circuits/basics)
- - [`aliascheck`](circuits/basics/aliascheck)
- - [`binary_arithmetic`](circuits/basics/binary_arithmetic)
- - [`binsub`](circuits/basics/binary_arithmetic/binsub)
- - [`binsum`](circuits/basics/binary_arithmetic/binsum)
- - [`bitify`](circuits/basics/bitify)
- - [`bits2num`](circuits/basics/bitify/bits2num)
- - [`bits2num_strict`](circuits/basics/bitify/bits2num_strict)
- - [`num2bits`](circuits/basics/bitify/num2bits)
- - [`num2bits_strict`](circuits/basics/bitify/num2bits_strict)
- - [`num2bitsneg`](circuits/basics/bitify/num2bitsneg)
- - [`comparators`](circuits/basics/comparators)
- - [`forceequalifenabled`](circuits/basics/comparators/forceequalifenabled)
- - [`greatereqthan`](circuits/basics/comparators/greatereqthan)
- - [`greaterthan`](circuits/basics/comparators/greaterthan)
- - [`isequal`](circuits/basics/comparators/isequal)
- - [`iszero`](circuits/basics/comparators/iszero)
- - [`lesseqthan`](circuits/basics/comparators/lesseqthan)
- - [`lessthan`](circuits/basics/comparators/lessthan)
- - [`compconstant`](circuits/basics/compconstant)
- - [`logic_gates`](circuits/basics/logic_gates)
- - [`and`](circuits/basics/logic_gates/and)
- - [`multiand`](circuits/basics/logic_gates/multiand)
- - [`nand`](circuits/basics/logic_gates/nand)
- - [`nor`](circuits/basics/logic_gates/nor)
- - [`not`](circuits/basics/logic_gates/not)
- - [`or`](circuits/basics/logic_gates/or)
- - [`xor`](circuits/basics/logic_gates/xor)
- - [`multiplexer`](circuits/basics/multiplexer)
- - [`decoder`](circuits/basics/multiplexer/decoder)
- - [`multiplexer`](circuits/basics/multiplexer/multiplexer)
- - [`scalarproduct`](circuits/basics/multiplexer/scalarproduct)
- - [`mux`](circuits/basics/mux)
- - [`multimux1`](circuits/basics/mux/multimux1)
- - [`multimux2`](circuits/basics/mux/multimux2)
- - [`multimux3`](circuits/basics/mux/multimux3)
- - [`multimux4`](circuits/basics/mux/multimux4)
- - [`mux1`](circuits/basics/mux/mux1)
- - [`mux2`](circuits/basics/mux/mux2)
- - [`mux3`](circuits/basics/mux/mux3)
- - [`mux4`](circuits/basics/mux/mux4)
- - [`sign`](circuits/basics/sign)
- - [`switcher`](circuits/basics/switcher)
-- [`cryptography`](circuits/cryptography)
- - [`elliptic_curves`](circuits/cryptography/elliptic_curves)
- - [`baby_jubjub`](circuits/cryptography/elliptic_curves/baby_jubjub)
- - [`edwards`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards)
- - [`babyadd`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babyadd)
- - [`babycheck`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babycheck)
- - [`babydbl`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babydbl)
- - [`babypbk`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/babypbk)
- - [`scalar_mul`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul)
- - [`scalarmul`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul)
- - [`scalarmulany`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany)
- - [`scalarmulfix`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix)
- - [`scalarmulwtable`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable)
- - [`edwards2montgomery`](circuits/cryptography/elliptic_curves/baby_jubjub/edwards2montgomery)
- - [`montgomery`](circuits/cryptography/elliptic_curves/baby_jubjub/montgomery)
- - [`montgomeryadd`](circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomeryadd)
- - [`montgomerydouble`](circuits/cryptography/elliptic_curves/baby_jubjub/montgomery/montgomerydouble)
- - [`montgomery2edwards`](circuits/cryptography/elliptic_curves/baby_jubjub/montgomery2edwards)
- - [`point2bits`](circuits/cryptography/elliptic_curves/baby_jubjub/point2bits)
- - [`hash_functions`](circuits/cryptography/hash_functions)
- - [`mimc`](circuits/cryptography/hash_functions/mimc)
- - [`mimc7`](circuits/cryptography/hash_functions/mimc/mimc7)
- - [`mimcfeistel`](circuits/cryptography/hash_functions/mimc/mimcfeistel)
- - [`mimcsponge`](circuits/cryptography/hash_functions/mimc/mimcsponge)
- - [`multimimc7`](circuits/cryptography/hash_functions/mimc/multimimc7)
- - [`pedersen`](circuits/cryptography/hash_functions/pedersen)
- - [`pedersen`](circuits/cryptography/hash_functions/pedersen/pedersen)
- - [`pedersen_old`](circuits/cryptography/hash_functions/pedersen/pedersen_old)
- - [`poseidon`](circuits/cryptography/hash_functions/poseidon)
- - [`sha256`](circuits/cryptography/hash_functions/sha256)
- - [`signatures`](circuits/cryptography/signatures)
- - [`eddsa`](circuits/cryptography/signatures/eddsa)
- - [`eddsa`](circuits/cryptography/signatures/eddsa/eddsa)
- - [`eddsamimc`](circuits/cryptography/signatures/eddsa/eddsamimc)
- - [`eddsamimcsponge`](circuits/cryptography/signatures/eddsa/eddsamimcsponge)
- - [`eddsaposeidon`](circuits/cryptography/signatures/eddsa/eddsaposeidon)
- - [`smt`](circuits/cryptography/smt)
\ No newline at end of file
+## Structure of the Library
\ No newline at end of file
diff --git a/circuits/basic_templates/README.md b/circuits/basic_templates/README.md
index f20a6005..1c1e0514 100644
--- a/circuits/basic_templates/README.md
+++ b/circuits/basic_templates/README.md
@@ -2,6 +2,10 @@
This folder contains the templates to do basic arithmetic operations.
+## TODO
+
+https://docs.google.com/spreadsheets/d/1HBseSTTFRPF0rmDSY5RayzNtBZ9oCwjPUi5frpFl5Fs/edit?usp=sharing
+
## Structure of the Folder
- [`aliascheck`](aliascheck)
diff --git a/circuits/basic_templates/aliascheck/README.md b/circuits/basic_templates/aliascheck/README.md
index 2c05f8a1..0cf1ef29 100644
--- a/circuits/basic_templates/aliascheck/README.md
+++ b/circuits/basic_templates/aliascheck/README.md
@@ -1,17 +1,15 @@
# `AliasCheck()`
-Link to template:
-https://github.com/iden3/circomlib/tree/master/circuits/basics/aliascheck/aliascheck.circom
-
**TODO / Comments**
1. There is **no output**!
2. Adds an equality constraint on the output signal of a component template.
3. Since does not return anythig has === without assignment.
4. Needs an assert to say input signals are binary?
+5. Why do you consider overflow `in` <= -1 ?
## Description
-The template checks if an input expanded to binary array `in` overflowed its 254 bits (<= -1).
+The template checks if an input expanded to binary array overflowed its 254 bits (<= -1).
## Schema
@@ -30,11 +28,15 @@ include "../compconstant/compconstant.circom";
## Inputs
-A binary array of 254 bits.
+| Input | Type |
+| ------------- | ------------- |
+| `in[254]` | Binary array of 245 bits |
## Outputs
-**There is no output!**
+| Output | |
+| ------------- | ------------- |
+| ** There is no output!? ** | |
## Benchmarks
diff --git a/circuits/basic_templates/aliascheck/aliascheck_test.circom b/circuits/basic_templates/aliascheck/aliascheck_test.circom
deleted file mode 100644
index dc2252d2..00000000
--- a/circuits/basic_templates/aliascheck/aliascheck_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/aliascheck.circom";
-
-component main = AliasCheck()
diff --git a/circuits/basic_templates/binary_arithmetic/README.md b/circuits/basic_templates/binary_arithmetic/README.md
index 6b536c6e..5bad4dd6 100644
--- a/circuits/basic_templates/binary_arithmetic/README.md
+++ b/circuits/basic_templates/binary_arithmetic/README.md
@@ -2,7 +2,7 @@
## Description
-This folder contains the templates to perform sums (`binsum.circom`) and substractions (`binsub.circom`) of binary numbers. Each folder contains a test and README file specifying the template details.
+This folder contains the templates to perform additions (`binsum.circom`) and substractions (`binsub.circom`) of binary numbers. Each folder contains the template, a test and a README file specifying the template details.
## Structure
diff --git a/circuits/basic_templates/binary_arithmetic/binsub/README.md b/circuits/basic_templates/binary_arithmetic/binsub/README.md
index 977e1a36..849527ad 100644
--- a/circuits/basic_templates/binary_arithmetic/binsub/README.md
+++ b/circuits/basic_templates/binary_arithmetic/binsub/README.md
@@ -9,15 +9,37 @@ Similar to binsum: something wired with aux: text spec =/= constraints and compu
## Description
-It performs a binary substraction of two arbitrary binary numbers of size `n`.
+It performs a binary substraction of any two binary numbers of `n` bits.
+
+<!--
+
+This component creates a binary substraction.
+
+Main Constraint:
+ (in[0][0] * 2^0 + in[0][1] * 2^1 + ..... + in[0][n-1] * 2^(n-1)) +
+ + 2^n
+ - (in[1][0] * 2^0 + in[1][1] * 2^1 + ..... + in[1][n-1] * 2^(n-1))
+ ===
+ out[0] * 2^0 + out[1] * 2^1 + + out[n-1] *2^(n-1) + aux
+
+
+ out[0] * (out[0] - 1) === 0
+ out[1] * (out[0] - 1) === 0
+ .
+ .
+ .
+ out[n-1] * (out[n-1] - 1) === 0
+ aux * (aux-1) == 0
+
+-->
## Schema
```
- _______________________
- | |
-in[2][n] ----> | BinSub(n) | ----> out[n]
- |_______________________|
+ _____________
+ | |
+in[2][n] ----> | BinSub(n) | ----> out[n]
+ |_____________|
```
## Dependencies
@@ -26,16 +48,16 @@ None.
## Inputs
-Two binary `n`-arrays: `in[2][n]`.
+| Input | Type |
+| ------------- | ------------- |
+| `in[2][n]` | Two binary arrays of `n` bits |
-## Outputs
-A binary `n`-array: `out[n]`.
+## Outputs
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out[n]` | Binary array of `n` bits | Binary substraction of `in[0][n] - in[0][1]` |
## Benchmarks
-## Constraints
-
-TODO: Look at the circuit and add it here?
-
## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/binary_arithmetic/binsub/binsub.circom b/circuits/basic_templates/binary_arithmetic/binsub/binsub.circom
index 67214427..3f7baa0f 100644
--- a/circuits/basic_templates/binary_arithmetic/binsub/binsub.circom
+++ b/circuits/basic_templates/binary_arithmetic/binsub/binsub.circom
@@ -17,28 +17,6 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-/*
-This component creates a binary substraction.
-
-
-Main Constraint:
- (in[0][0] * 2^0 + in[0][1] * 2^1 + ..... + in[0][n-1] * 2^(n-1)) +
- + 2^n
- - (in[1][0] * 2^0 + in[1][1] * 2^1 + ..... + in[1][n-1] * 2^(n-1))
- ===
- out[0] * 2^0 + out[1] * 2^1 + + out[n-1] *2^(n-1) + aux
-
-
- out[0] * (out[0] - 1) === 0
- out[1] * (out[0] - 1) === 0
- .
- .
- .
- out[n-1] * (out[n-1] - 1) === 0
- aux * (aux-1) == 0
-
-*/
-
template BinSub(n) {
signal input in[2][n];
signal output out[n];
diff --git a/circuits/basic_templates/binary_arithmetic/binsum/README.md b/circuits/basic_templates/binary_arithmetic/binsum/README.md
index 6b0045ca..2ae7fc60 100644
--- a/circuits/basic_templates/binary_arithmetic/binsum/README.md
+++ b/circuits/basic_templates/binary_arithmetic/binsum/README.md
@@ -1,28 +1,67 @@
# `BinSum(n, ops)`
-Link to template:
-https://github.com/iden3/circomlib/tree/master/circuits/basics/binary_arithmetic/binsum/binsum.circom
+**TODO / Comments**
-## Background
+Similar to binsum: something wired with aux: text spec =/= constraints and computation (check!).
## Description
-This component creates a binary sum.
+This component performs a binary sum of any amount of binary numbers of `n` bits each.
+It consists of a function and a template:
+- The function `nbits(a)` calculates the number of extra bits that the output needs in order to do the full sum.
+- The template `BinSum(n, ops)` computes the binary sum.
-## Structure
+<!--
+Binary Sum
-There is the template `BinSum(n, ops)` and the function `nbits`.
-The function calculates the number of extra bits int he output to do the full sum.
+This component creates a binary sum componet of ops operands and n bits each operand.
+
+e is Number of carries: Depends on the number of operands in the input.
+
+Main Constraint:
+ in[0][0] * 2^0 + in[0][1] * 2^1 + ..... + in[0][n-1] * 2^(n-1) +
+ + in[1][0] * 2^0 + in[1][1] * 2^1 + ..... + in[1][n-1] * 2^(n-1) +
+ + ..
+ + in[ops-1][0] * 2^0 + in[ops-1][1] * 2^1 + ..... + in[ops-1][n-1] * 2^(n-1) +
+ ===
+ out[0] * 2^0 + out[1] * 2^1 + + out[n+e-1] *2(n+e-1)
+
+To waranty binary outputs:
+
+ out[0] * (out[0] - 1) === 0
+ out[1] * (out[0] - 1) === 0
+ .
+ .
+ .
+ out[n+e-1] * (out[n+e-1] - 1) == 0
+ -->
## Schema
+```
+ nout = nbits((2^n-1)*ops)
+ |
+ ________v_________
+ | |
+in[ops][n] ----> | BinSum(n, ops) | ----> out[nout]
+ |__________________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ------------- | ------------- |
+| `in[ops][n]` | An array of `ops` binary arrays of `n` bits each |
+
## Outputs
-## Function
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out[nout]` | Binary array of `nout` bits | Binary sum of all the `n`-bit operands in `in[ops]` |
## Benchmarks
diff --git a/circuits/basic_templates/binary_arithmetic/binsum/binsum.circom b/circuits/basic_templates/binary_arithmetic/binsum/binsum.circom
index 6fd79adc..03617647 100644
--- a/circuits/basic_templates/binary_arithmetic/binsum/binsum.circom
+++ b/circuits/basic_templates/binary_arithmetic/binsum/binsum.circom
@@ -17,39 +17,8 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-/*
-
-Binary Sum
-==========
-
-This component creates a binary sum componet of ops operands and n bits each operand.
-
-e is Number of carries: Depends on the number of operands in the input.
-
-Main Constraint:
- in[0][0] * 2^0 + in[0][1] * 2^1 + ..... + in[0][n-1] * 2^(n-1) +
- + in[1][0] * 2^0 + in[1][1] * 2^1 + ..... + in[1][n-1] * 2^(n-1) +
- + ..
- + in[ops-1][0] * 2^0 + in[ops-1][1] * 2^1 + ..... + in[ops-1][n-1] * 2^(n-1) +
- ===
- out[0] * 2^0 + out[1] * 2^1 + + out[n+e-1] *2(n+e-1)
-
-To waranty binary outputs:
-
- out[0] * (out[0] - 1) === 0
- out[1] * (out[0] - 1) === 0
- .
- .
- .
- out[n+e-1] * (out[n+e-1] - 1) == 0
-
- */
-
-
-/*
- This function calculates the number of extra bits in the output to do the full sum.
- */
+// This function calculates the number of extra bits in the output to do the full sum.
function nbits(a) {
var n = 1;
var r = 0;
@@ -94,7 +63,6 @@ template BinSum(n, ops) {
e2 = e2+e2;
}
- // Ensure the sum;
-
+ // Ensure the sum
lin === lout;
}
diff --git a/circuits/basic_templates/binary_arithmetic/binsum/binsum.test.js b/circuits/basic_templates/binary_arithmetic/binsum/binsum.test.js
deleted file mode 100644
index 54d75000..00000000
--- a/circuits/basic_templates/binary_arithmetic/binsum/binsum.test.js
+++ /dev/null
@@ -1,37 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const tester = require("circom").tester;
-
-const bigInt = require("big-integer");
-
-const assert = chai.assert;
-
-describe("Binary sum test", function () {
-
- this.timeout(100000000);
-
- it("Should create a constant circuit", async () => {
- const circuit = await tester(path.join(__dirname, "circuits", "constants_test.circom"));
- await circuit.loadConstraints();
-
- assert.equal(circuit.nVars, 2);
- assert.equal(circuit.constraints.length, 1);
-
- const witness = await circuit.calculateWitness({ "in": bigInt("d807aa98", 16)}, true);
-
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt("d807aa98", 16)));
- });
- it("Should create a sum circuit", async () => {
- const circuit = await tester(path.join(__dirname, "circuits", "sum_test.circom"));
- await circuit.loadConstraints();
-
- assert.equal(circuit.constraints.length, 97); // 32 (in1) + 32(in2) + 32(out) + 1 (carry)
-
- const witness = await circuit.calculateWitness({ "a": "111", "b": "222" }, true);
-
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt("333")));
- });
-});
diff --git a/circuits/basic_templates/bitify/README.md b/circuits/basic_templates/bitify/README.md
index b5fac560..237a13d6 100644
--- a/circuits/basic_templates/bitify/README.md
+++ b/circuits/basic_templates/bitify/README.md
@@ -2,7 +2,7 @@
## Description
-This folder contains the templates to perform conversions of numbers to binary and the other way round. Each folder contains a test and README file specifying the template details.
+This folder contains the templates to perform conversions of numbers to binary and the other way round. Each folder contains the particular template, a test and a README file specifying the template details.
## Structure
diff --git a/circuits/basic_templates/bitify/bits2num/README.md b/circuits/basic_templates/bitify/bits2num/README.md
index 8963f971..767be035 100644
--- a/circuits/basic_templates/bitify/bits2num/README.md
+++ b/circuits/basic_templates/bitify/bits2num/README.md
@@ -11,25 +11,28 @@ out = sum_{k=0}^{n-1} (in[k] * 2^k).
## Schema
```
- ______________________
- | |
-in[n] ----> | Bits2Num(n) | ----> out
- |______________________|
+ _______________
+ | |
+in[n] ----> | Bits2Num(n) | ----> out
+ |_______________|
```
-
## Dependencies
None.
## Inputs
-The input `in[n]` is an array of `n` binary numbers.
+| Input | Type |
+| ------------- | ------------- |
+| `in[n]` | Binary array of `n` bits |
## Outputs
-The output `out` is an integer TODO: (a field element?).
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out` | Field element | Field representation of the binary number `in[n]` |
## Benchmarks
-## Test
\ No newline at end of file
+## Test
diff --git a/circuits/basic_templates/aliascheck/aliascheck.test.js b/test/aliascheck.test.js
similarity index 100%
rename from circuits/basic_templates/aliascheck/aliascheck.test.js
rename to test/aliascheck.test.js
diff --git a/test/aliascheck_test.circom b/test/aliascheck_test.circom
new file mode 100644
index 00000000..9da0c098
--- /dev/null
+++ b/test/aliascheck_test.circom
@@ -0,0 +1,3 @@
+include "../circuits/basic_templates/aliascheck/aliascheck.circom";
+
+component main = AliasCheck()
diff --git a/circuits/basic_templates/binary_arithmetic/binsub/binsub.test.js b/test/binsub.test.js
similarity index 94%
rename from circuits/basic_templates/binary_arithmetic/binsub/binsub.test.js
rename to test/binsub.test.js
index 972f1dbe..a13bb032 100644
--- a/circuits/basic_templates/binary_arithmetic/binsub/binsub.test.js
+++ b/test/binsub.test.js
@@ -25,7 +25,7 @@ describe("BinSub test", function () {
let circuit;
before( async() => {
- circuit = await tester(path.join(__dirname, "circuits", "binsub_test.circom"));
+ circuit = await tester(path.join(__dirname, "binsub_test.circom"));
});
it("Should check variuos ege cases", async () => {
diff --git a/circuits/basic_templates/binary_arithmetic/binsub/binsub_test.circom b/test/binsub_test.circom
similarity index 69%
rename from circuits/basic_templates/binary_arithmetic/binsub/binsub_test.circom
rename to test/binsub_test.circom
index 254b6f39..386ebcb9 100644
--- a/circuits/basic_templates/binary_arithmetic/binsub/binsub_test.circom
+++ b/test/binsub_test.circom
@@ -1,5 +1,6 @@
-include "../../circuits/bitify.circom"
-include "../../circuits/binsub.circom"
+include "../circuits/basic_templates/bitify/num2bits/num2bits.circom"
+include "../circuits/basic_templates/bitify/bits2num/bits2num.circom"
+include "../circuits/basic_templates/binary_arithmetic/binsub/binsub.circom"
template A() {
signal private input a;
diff --git a/test/binsum.test.js b/test/binsum.test.js
new file mode 100644
index 00000000..3aa1d917
--- /dev/null
+++ b/test/binsum.test.js
@@ -0,0 +1,25 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("BinSum test", function () {
+
+ this.timeout(100000000);
+
+ it("Should create a binary sum circuit", async () => {
+ const circuit = await tester(path.join(__dirname, "binsum_test.circom"));
+ await circuit.loadConstraints();
+
+ assert.equal(circuit.constraints.length, 97); // 32 (in1) + 32(in2) + 32(out) + 1 (carry)
+
+ const witness = await circuit.calculateWitness({ "a": "111", "b": "222" }, true);
+
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt("333")));
+ });
+});
diff --git a/test/sum_test.circom b/test/binsum_test.circom
similarity index 69%
rename from test/sum_test.circom
rename to test/binsum_test.circom
index 013d567e..09fa163b 100644
--- a/test/sum_test.circom
+++ b/test/binsum_test.circom
@@ -1,5 +1,6 @@
-include "../../circuits/bitify.circom"
-include "../../circuits/binsum.circom"
+include "../circuits/basic_templates/bitify/num2bits/num2bits.circom"
+include "../circuits/basic_templates/bitify/bits2num/bits2num.circom"
+include "../circuits/basic_templates/binary_arithmetic/binsum/binsum.circom"
template A() {
signal private input a;
diff --git a/test/constants.circom b/test/constants.circom
new file mode 100644
index 00000000..7b375d53
--- /dev/null
+++ b/test/constants.circom
@@ -0,0 +1,52 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template H(x) {
+ signal output out[32];
+ var c[8] = [0x6a09e667,
+ 0xbb67ae85,
+ 0x3c6ef372,
+ 0xa54ff53a,
+ 0x510e527f,
+ 0x9b05688c,
+ 0x1f83d9ab,
+ 0x5be0cd19];
+
+ for (var i=0; i<32; i++) {
+ out[i] <== (c[x] >> i) & 1;
+ }
+}
+
+template K(x) {
+ signal output out[32];
+ var c[64] = [
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+ ];
+
+ for (var i=0; i<32; i++) {
+ out[i] <== (c[x] >> i) & 1;
+ }
+}
diff --git a/test/constants.test.js b/test/constants.test.js
new file mode 100644
index 00000000..26af949e
--- /dev/null
+++ b/test/constants.test.js
@@ -0,0 +1,26 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("Constants test", function () {
+
+ this.timeout(100000000);
+
+ it("Should create a constant circuit", async () => {
+ const circuit = await tester(path.join(__dirname, "constants_test.circom"));
+ await circuit.loadConstraints();
+
+ assert.equal(circuit.nVars, 2);
+ assert.equal(circuit.constraints.length, 1);
+
+ const witness = await circuit.calculateWitness({ "in": bigInt("d807aa98", 16)}, true);
+
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt("d807aa98", 16)));
+ });
+});
diff --git a/test/circuits/constants_test.circom b/test/constants_test.circom
similarity index 82%
rename from test/circuits/constants_test.circom
rename to test/constants_test.circom
index 61d392d2..04abe188 100644
--- a/test/circuits/constants_test.circom
+++ b/test/constants_test.circom
@@ -1,4 +1,4 @@
-include "../../circuits/sha256/constants.circom"
+include "constants.circom"
template A() {
signal input in;
diff --git a/test/greatereqthan.test.js b/test/greatereqthan.test.js
new file mode 100644
index 00000000..97092c71
--- /dev/null
+++ b/test/greatereqthan.test.js
@@ -0,0 +1,50 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("Greater or Equal Than test", function () {
+
+ this.timeout(100000);
+
+ it("Should create a comparison greatereqthan", async() => {
+ const circuit = await tester(path.join(__dirname, "greatereqthan_test.circom"));
+
+ let witness;
+ witness = await circuit.calculateWitness({ "in": [333,444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in":[1,1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+ });
+});
diff --git a/test/greatereqthan_test.circom b/test/greatereqthan_test.circom
new file mode 100644
index 00000000..b0eeff7f
--- /dev/null
+++ b/test/greatereqthan_test.circom
@@ -0,0 +1,4 @@
+
+include "../circuits/basic_templates/comparators/greatereqthan/greatereqthan.circom";
+
+component main = GreaterEqThan(32);
diff --git a/test/greaterthan.test.js b/test/greaterthan.test.js
new file mode 100644
index 00000000..be8ddea7
--- /dev/null
+++ b/test/greaterthan.test.js
@@ -0,0 +1,51 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("Greater Than test", function () {
+
+ this.timeout(100000);
+
+ it("Should create a comparison greaterthan", async() => {
+
+ const circuit = await tester(path.join(__dirname, "greaterthan_test.circom"));
+
+ let witness;
+ witness = await circuit.calculateWitness({ "in": [333,444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in":[1,1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+ });
+});
diff --git a/test/greaterthan_test.circom b/test/greaterthan_test.circom
new file mode 100644
index 00000000..54c573da
--- /dev/null
+++ b/test/greaterthan_test.circom
@@ -0,0 +1,4 @@
+
+include "../circuits/basic_templates/comparators/greaterthan/greaterthan.circom";
+
+component main = GreaterThan(32);
diff --git a/test/isequal.test.js b/test/isequal.test.js
new file mode 100644
index 00000000..56342667
--- /dev/null
+++ b/test/isequal.test.js
@@ -0,0 +1,26 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("Is Equal test", function () {
+
+ this.timeout(100000);
+
+ it("Should create a isequal circuit", async() => {
+ const circuit = await tester(path.join(__dirname, "isequal_test.circom"));
+
+ let witness;
+ witness = await circuit.calculateWitness({ "in": [111,222] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [444,444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+ });
+});
diff --git a/test/isequal_test.circom b/test/isequal_test.circom
new file mode 100644
index 00000000..8a005b10
--- /dev/null
+++ b/test/isequal_test.circom
@@ -0,0 +1,3 @@
+include "../circuits/basic_templates/comparators/isequal/isequal.circom";
+
+component main = IsEqual();
diff --git a/test/iszero.test.js b/test/iszero.test.js
new file mode 100644
index 00000000..ad61db7d
--- /dev/null
+++ b/test/iszero.test.js
@@ -0,0 +1,26 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("Is Zero test", function () {
+
+ this.timeout(100000);
+
+ it("Should create a iszero circuit", async() => {
+ const circuit = await tester(path.join(__dirname, "iszero_test.circom"));
+
+ let witness;
+ witness = await circuit.calculateWitness({ "in": 111}, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": 0 }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+ });
+});
diff --git a/test/iszero_test.circom b/test/iszero_test.circom
new file mode 100644
index 00000000..f44e8812
--- /dev/null
+++ b/test/iszero_test.circom
@@ -0,0 +1,3 @@
+include "../circuits/basic_templates/comparators/iszero/iszero.circom";
+
+component main = IsZero();
diff --git a/test/lesseqthan.test.js b/test/lesseqthan.test.js
new file mode 100644
index 00000000..3c97503c
--- /dev/null
+++ b/test/lesseqthan.test.js
@@ -0,0 +1,51 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("Less or Equal Than test", function () {
+
+ this.timeout(100000);
+
+ it("Should create a comparison lesseqthan", async() => {
+
+ const circuit = await tester(path.join(__dirname, "lesseqthan_test.circom"));
+
+ let witness;
+ witness = await circuit.calculateWitness({ "in": [333,444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in":[1,1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+ });
+});
diff --git a/test/lesseqthan_test.circom b/test/lesseqthan_test.circom
new file mode 100644
index 00000000..5b7d0498
--- /dev/null
+++ b/test/lesseqthan_test.circom
@@ -0,0 +1,4 @@
+
+include "../circuits/basic_templates/comparators/lesseqthan/lesseqthan.circom";
+
+component main = LessEqThan(32);
diff --git a/test/lessthan.test.js b/test/lessthan.test.js
new file mode 100644
index 00000000..becbbf07
--- /dev/null
+++ b/test/lessthan.test.js
@@ -0,0 +1,50 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("Less Than test", function () {
+
+ this.timeout(100000);
+
+ it("Should create a comparison lessthan", async() => {
+ const circuit = await tester(path.join(__dirname, "lessthan_test.circom"));
+
+ let witness;
+ witness = await circuit.calculateWitness({ "in": [333,444] }), true;
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in":[1,1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(1)));
+
+ witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+
+ witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
+ assert(witness[0].equals(bigInt(1)));
+ assert(witness[1].equals(bigInt(0)));
+ });
+});
diff --git a/test/lessthan_test.circom b/test/lessthan_test.circom
new file mode 100644
index 00000000..79301fc4
--- /dev/null
+++ b/test/lessthan_test.circom
@@ -0,0 +1,4 @@
+
+include "../circuits/basic_templates/comparators/lessthan/lessthan.circom";
+
+component main = LessThan(32);
From c5d194999759082c970f27c0fe0b76a017453a6a Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Tue, 7 Apr 2020 22:30:08 +0200
Subject: [PATCH 12/27] Fixed couple of typos in descriptions
---
.../binary_arithmetic/binsub/README.md | 6 ++----
circuits/basic_templates/bitify/bits2num/README.md | 2 +-
.../basic_templates/bitify/bits2num_strict/README.md | 12 +++++++++---
3 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/circuits/basic_templates/binary_arithmetic/binsub/README.md b/circuits/basic_templates/binary_arithmetic/binsub/README.md
index 849527ad..2486ef8f 100644
--- a/circuits/basic_templates/binary_arithmetic/binsub/README.md
+++ b/circuits/basic_templates/binary_arithmetic/binsub/README.md
@@ -1,8 +1,5 @@
# `BinSub(n)`
-Link to template:
-https://github.com/iden3/circomlib/tree/master/circuits/basics/binary_arithmetic/binsub/binsub.circom
-
**TODO / Comments**
Similar to binsum: something wired with aux: text spec =/= constraints and computation (check!).
@@ -57,7 +54,8 @@ None.
| Output | Type | Description |
| ------------- | ------------- | ---------- |
-| `out[n]` | Binary array of `n` bits | Binary substraction of `in[0][n] - in[0][1]` |
+| `out[n]` | Binary array of `n` bits | Binary substraction of the `n` bit arrays `in[0] - in[1]` |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/bitify/bits2num/README.md b/circuits/basic_templates/bitify/bits2num/README.md
index 767be035..0fe57625 100644
--- a/circuits/basic_templates/bitify/bits2num/README.md
+++ b/circuits/basic_templates/bitify/bits2num/README.md
@@ -29,7 +29,7 @@ None.
## Outputs
-| Output | Type | Description |
+| Output | Type | Description |
| ------------- | ------------- | ---------- |
| `out` | Field element | Field representation of the binary number `in[n]` |
diff --git a/circuits/basic_templates/bitify/bits2num_strict/README.md b/circuits/basic_templates/bitify/bits2num_strict/README.md
index 1a9dbc83..2a652f92 100644
--- a/circuits/basic_templates/bitify/bits2num_strict/README.md
+++ b/circuits/basic_templates/bitify/bits2num_strict/README.md
@@ -26,12 +26,18 @@ include "../bits2num/bits2num.circom";
## Inputs
-The input `in[n]` is an array of `n` binary numbers.
+
+## Inputs
+
+| Input | Type |
+| ------------- | ------------- |
+| `in[n]` | Binary array of `n` bits |
## Outputs
-The output `out` is an integer (a field element?).
-<!--- TODO: an integer as a field element? -->
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out` | Field element | Field representation of the binary number `in[n]` |
## Benchmarks
From 0d8d2d7a41a28bf42f66d821e58a492c7f0602a7 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 8 Apr 2020 14:18:57 +0200
Subject: [PATCH 13/27] Updated circuit descriptions
---
.../binary_arithmetic/binsub/README.md | 2 +-
.../binary_arithmetic/binsum/README.md | 4 +-
.../basic_templates/bitify/bits2num/README.md | 12 +-
.../bitify/bits2num_strict/README.md | 11 +-
.../basic_templates/bitify/num2bits/README.md | 15 +-
.../bitify/num2bits_strict/README.md | 13 +-
.../bitify/num2bitsneg/README.md | 13 +-
.../comparators/comparators.circom | 139 -------------
.../comparators/comparators.test.js | 184 ------------------
.../comparators/forceequalifenabled/README.md | 3 +
.../comparators/greatereqthan/README.md | 14 +-
.../greatereqthan/greatereqthan.circom | 5 +-
.../greatereqthan/greatereqthan.test.js | 50 -----
.../comparators/lesseqthan/README.md | 4 -
.../lesseqthan/lesseqthan.test.circom | 4 -
.../comparators => }/compconstant/README.md | 0
.../compconstant/compconstant.circom | 0
17 files changed, 55 insertions(+), 418 deletions(-)
delete mode 100644 circuits/basic_templates/comparators/comparators.circom
delete mode 100644 circuits/basic_templates/comparators/comparators.test.js
delete mode 100644 circuits/basic_templates/comparators/greatereqthan/greatereqthan.test.js
delete mode 100644 circuits/basic_templates/comparators/lesseqthan/lesseqthan.test.circom
rename circuits/{basic_templates/comparators => }/compconstant/README.md (100%)
rename circuits/{basic_templates/comparators => }/compconstant/compconstant.circom (100%)
diff --git a/circuits/basic_templates/binary_arithmetic/binsub/README.md b/circuits/basic_templates/binary_arithmetic/binsub/README.md
index 2486ef8f..d876d530 100644
--- a/circuits/basic_templates/binary_arithmetic/binsub/README.md
+++ b/circuits/basic_templates/binary_arithmetic/binsub/README.md
@@ -54,7 +54,7 @@ None.
| Output | Type | Description |
| ------------- | ------------- | ---------- |
-| `out[n]` | Binary array of `n` bits | Binary substraction of the `n` bit arrays `in[0] - in[1]` |
+| `out[n]` | Binary array of `n` bits | Binary substraction of the `n` bit arrays `in[0] - in[1]`. |
## Benchmarks
diff --git a/circuits/basic_templates/binary_arithmetic/binsum/README.md b/circuits/basic_templates/binary_arithmetic/binsum/README.md
index 2ae7fc60..61792243 100644
--- a/circuits/basic_templates/binary_arithmetic/binsum/README.md
+++ b/circuits/basic_templates/binary_arithmetic/binsum/README.md
@@ -55,13 +55,13 @@ None.
| Input | Type |
| ------------- | ------------- |
-| `in[ops][n]` | An array of `ops` binary arrays of `n` bits each |
+| `in[ops][n]` | An array of `ops` binary arrays of `n` bits each. |
## Outputs
| Output | Type | Description |
| ------------- | ------------- | ---------- |
-| `out[nout]` | Binary array of `nout` bits | Binary sum of all the `n`-bit operands in `in[ops]` |
+| `out[nout]` | Binary array of `nout` bits | Binary sum of all the `n`-bit operands in `in[ops]`. |
## Benchmarks
diff --git a/circuits/basic_templates/bitify/bits2num/README.md b/circuits/basic_templates/bitify/bits2num/README.md
index 0fe57625..aa73247c 100644
--- a/circuits/basic_templates/bitify/bits2num/README.md
+++ b/circuits/basic_templates/bitify/bits2num/README.md
@@ -1,5 +1,7 @@
# `Bits2Num(n)`
+TODO: Dir que no té en compte l'overflow, no?
+
## Description
This template converts a binary number `in[n]` of `n` bits to its
@@ -23,15 +25,15 @@ None.
## Inputs
-| Input | Type |
-| ------------- | ------------- |
-| `in[n]` | Binary array of `n` bits |
+| Input | Type | Representation |
+| ------------- | ------------- | ------------- |
+| `in[n]` | Binary array of `n` bits | The encoding is considered to be done following the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering). |
## Outputs
-| Output | Type | Description |
+| Output | Type | Description |
| ------------- | ------------- | ---------- |
-| `out` | Field element | Field representation of the binary number `in[n]` |
+| `out` | Field element | Integer representation of the binary number `in[n]`. |
## Benchmarks
diff --git a/circuits/basic_templates/bitify/bits2num_strict/README.md b/circuits/basic_templates/bitify/bits2num_strict/README.md
index 2a652f92..9757a86b 100644
--- a/circuits/basic_templates/bitify/bits2num_strict/README.md
+++ b/circuits/basic_templates/bitify/bits2num_strict/README.md
@@ -26,18 +26,15 @@ include "../bits2num/bits2num.circom";
## Inputs
-
-## Inputs
-
-| Input | Type |
-| ------------- | ------------- |
-| `in[n]` | Binary array of `n` bits |
+| Input | Type | Representation |
+| ------------- | ------------- | ------------- |
+| `in[n]` | Binary array of `n` bits | The encoding is considered to be done following the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering). |
## Outputs
| Output | Type | Description |
| ------------- | ------------- | ---------- |
-| `out` | Field element | Field representation of the binary number `in[n]` |
+| `out` | Field element | Integer representation of the binary number `in[n]`. |
## Benchmarks
diff --git a/circuits/basic_templates/bitify/num2bits/README.md b/circuits/basic_templates/bitify/num2bits/README.md
index 86d04256..22217e60 100644
--- a/circuits/basic_templates/bitify/num2bits/README.md
+++ b/circuits/basic_templates/bitify/num2bits/README.md
@@ -17,18 +17,19 @@ in ----> | Num2Bits(n) | ----> out[n]
None.
-## Inputs
- signal input in;
- signal output out[n];
+## Inputs
-The input `in` is a (field element?) of ? bits.
- signal output out[n];
+| Input | Type |
+| ------------- | ------------- |
+| `in` | Field element |
## Outputs
-The output `out[n]` is an array of `n` binary numbers representing a binary number.
-<!--- TODO: Add the order of the representation, i.e. out0] vs. out[n-1] -->
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out[n]` | Binary array of `n` bits | Binary representation of the field element `in`. The encoding is done using the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) scheme. |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/bitify/num2bits_strict/README.md b/circuits/basic_templates/bitify/num2bits_strict/README.md
index 571722b1..016f7471 100644
--- a/circuits/basic_templates/bitify/num2bits_strict/README.md
+++ b/circuits/basic_templates/bitify/num2bits_strict/README.md
@@ -22,17 +22,18 @@ include "../../aliascheck/aliascheck.circom";
include "../num2bits/num2bits.circom"```
```
-## Inputs
-signal input in;
-signal output out[254];
+## Inputs
-The input `in` is a .
+| Input | Type |
+| ------------- | ------------- |
+| `in` | Field element |
## Outputs
-The output `out[254]` is an array of 254 binary numbers.
-<!--- TODO: Add the order of the representation, i.e. out[0] vs. out[253] -->
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out[254]` | Binary array of `254` bits | Binary representation of the field element `in`. The encoding is done using the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) scheme. |
## Benchmarks
diff --git a/circuits/basic_templates/bitify/num2bitsneg/README.md b/circuits/basic_templates/bitify/num2bitsneg/README.md
index 1e830acc..fccf546f 100644
--- a/circuits/basic_templates/bitify/num2bitsneg/README.md
+++ b/circuits/basic_templates/bitify/num2bitsneg/README.md
@@ -2,7 +2,7 @@
## Description
-This template converts a ...
+TODO: This template converts a ...
## Schema
@@ -19,13 +19,20 @@ in ----> | Num2BitsNeg(n) | ----> out[n]
include "../../comparators/iszero/iszero.circom";
```
+ signal input in;
+ signal output out[n];
+
## Inputs
-...
+| Input | Type |
+| ------------- | ------------- |
+| `in` | Field element |
## Outputs
-The output `out` is an integer TODO: (a field element?).
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out[n]` | Binary array of `n` bits | Binary representation of the field element `in`. The encoding is done using the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) scheme. TODO: ADD THE NEG PART. |
## Benchmarks
diff --git a/circuits/basic_templates/comparators/comparators.circom b/circuits/basic_templates/comparators/comparators.circom
deleted file mode 100644
index 3eaa3d8d..00000000
--- a/circuits/basic_templates/comparators/comparators.circom
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "bitify.circom";
-include "binsum.circom";
-
-template IsZero() {
- signal input in;
- signal output out;
-
- signal inv;
-
- inv <-- in!=0 ? 1/in : 0;
-
- out <== -in*inv +1;
- in*out === 0;
-}
-
-
-template IsEqual() {
- signal input in[2];
- signal output out;
-
- component isz = IsZero();
-
- in[1] - in[0] ==> isz.in;
-
- isz.out ==> out;
-}
-
-template ForceEqualIfEnabled() {
- signal input enabled;
- signal input in[2];
-
- component isz = IsZero();
-
- in[1] - in[0] ==> isz.in;
-
- (1 - isz.out)*enabled === 0;
-}
-
-/*
-// N is the number of bits the input have.
-// The MSF is the sign bit.
-template LessThan(n) {
- signal input in[2];
- signal output out;
-
- component num2Bits0;
- component num2Bits1;
-
- component adder;
-
- adder = BinSum(n, 2);
-
- num2Bits0 = Num2Bits(n);
- num2Bits1 = Num2BitsNeg(n);
-
- in[0] ==> num2Bits0.in;
- in[1] ==> num2Bits1.in;
-
- var i;
- for (i=0;i<n;i++) {
- num2Bits0.out[i] ==> adder.in[0][i];
- num2Bits1.out[i] ==> adder.in[1][i];
- }
-
- adder.out[n-1] ==> out;
-}
-*/
-
-template LessThan(n) {
- signal input in[2];
- signal output out;
-
- component n2b = Num2Bits(n*2+1);
-
- n2b.in <== in[0]+ (1<<n) - in[1];
-
- out <== 1-n2b.out[n];
-}
-
-
-
-// N is the number of bits the input have.
-// The MSF is the sign bit.
-template LessEqThan(n) {
- signal input in[2];
- signal output out;
-
- component lt = LessThan(n);
-
- lt.in[0] <== in[0];
- lt.in[1] <== in[1]+1;
- lt.out ==> out;
-}
-
-// N is the number of bits the input have.
-// The MSF is the sign bit.
-template GreaterThan(n) {
- signal input in[2];
- signal output out;
-
- component lt = LessThan(n);
-
- lt.in[0] <== in[1];
- lt.in[1] <== in[0];
- lt.out ==> out;
-}
-
-// N is the number of bits the input have.
-// The MSF is the sign bit.
-template GreaterEqThan(n) {
- signal input in[2];
- signal output out;
-
- component lt = LessThan(n);
-
- lt.in[0] <== in[1];
- lt.in[1] <== in[0]+1;
- lt.out ==> out;
-}
-
diff --git a/circuits/basic_templates/comparators/comparators.test.js b/circuits/basic_templates/comparators/comparators.test.js
deleted file mode 100644
index ea263e06..00000000
--- a/circuits/basic_templates/comparators/comparators.test.js
+++ /dev/null
@@ -1,184 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const tester = require("circom").tester;
-
-const bigInt = require("big-integer");
-
-const assert = chai.assert;
-
-describe("Comparators test", function () {
-
- this.timeout(100000);
-
- it("Should create a iszero circuit", async() => {
- const circuit = await tester(path.join(__dirname, "circuits", "iszero.circom"));
-
- let witness;
- witness = await circuit.calculateWitness({ "in": 111}, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": 0 }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
- });
- it("Should create a isequal circuit", async() => {
- const circuit = await tester(path.join(__dirname, "circuits", "isequal.circom"));
-
- let witness;
- witness = await circuit.calculateWitness({ "in": [111,222] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [444,444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
- });
- it("Should create a comparison lessthan", async() => {
- const circuit = await tester(path.join(__dirname, "circuits", "lessthan.circom"));
-
- let witness;
- witness = await circuit.calculateWitness({ "in": [333,444] }), true;
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in":[1,1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
- });
- it("Should create a comparison lesseqthan", async() => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "lesseqthan.circom"));
-
- let witness;
- witness = await circuit.calculateWitness({ "in": [333,444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in":[1,1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
- });
- it("Should create a comparison greaterthan", async() => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "greaterthan.circom"));
-
- let witness;
- witness = await circuit.calculateWitness({ "in": [333,444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in":[1,1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
- });
- it("Should create a comparison greatereqthan", async() => {
- const circuit = await tester(path.join(__dirname, "circuits", "greatereqthan.circom"));
-
- let witness;
- witness = await circuit.calculateWitness({ "in": [333,444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in":[1,1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
- });
-});
diff --git a/circuits/basic_templates/comparators/forceequalifenabled/README.md b/circuits/basic_templates/comparators/forceequalifenabled/README.md
index 0070ce92..87242434 100644
--- a/circuits/basic_templates/comparators/forceequalifenabled/README.md
+++ b/circuits/basic_templates/comparators/forceequalifenabled/README.md
@@ -25,6 +25,9 @@ in[2] ----> | ForceEqualIfEnabled() | ----> out
include "../iszero/iszero.circom";
```
+ signal input enabled;
+ signal input in[2];
+
## Inputs
- Add signal input enabled;
diff --git a/circuits/basic_templates/comparators/greatereqthan/README.md b/circuits/basic_templates/comparators/greatereqthan/README.md
index c5fdd8f4..5dafc74c 100644
--- a/circuits/basic_templates/comparators/greatereqthan/README.md
+++ b/circuits/basic_templates/comparators/greatereqthan/README.md
@@ -21,15 +21,23 @@ in[2] ----> | GreaterEqThan(n) | ----> out
include "../lessthan/lessthan.circom";
```
+// n is the number of bits of the input.
+// The MSF is the sign bit.
+
## Inputs
- `in[2]`: an array of 2 inputs? of `n` bits each.
+| Input | Type |
+| ------------- | ------------- |
+| `in[2]` | Array of 2 field elements? |
+
+
## Outputs
-A boolean `out`:
-- `out = 0` if `in[0]` is greater or equal than `in[1]`.
-- `out = 1` if `in[0]` is less than `in[1]`.
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out` | Boolean | `out = 0` if `in[0]` is greater or equal than `in[1]` and `out = 1` otherwise.|
## Benchmarks
diff --git a/circuits/basic_templates/comparators/greatereqthan/greatereqthan.circom b/circuits/basic_templates/comparators/greatereqthan/greatereqthan.circom
index ff178e6e..42639668 100644
--- a/circuits/basic_templates/comparators/greatereqthan/greatereqthan.circom
+++ b/circuits/basic_templates/comparators/greatereqthan/greatereqthan.circom
@@ -19,7 +19,7 @@
include "../lessthan/lessthan.circom";
-// N is the number of bits the input have.
+// n is the number of bits of the input.
// The MSF is the sign bit.
template GreaterEqThan(n) {
signal input in[2];
@@ -30,5 +30,4 @@ template GreaterEqThan(n) {
lt.in[0] <== in[1];
lt.in[1] <== in[0]+1;
lt.out ==> out;
-}
-
+}
\ No newline at end of file
diff --git a/circuits/basic_templates/comparators/greatereqthan/greatereqthan.test.js b/circuits/basic_templates/comparators/greatereqthan/greatereqthan.test.js
deleted file mode 100644
index 4ec42f01..00000000
--- a/circuits/basic_templates/comparators/greatereqthan/greatereqthan.test.js
+++ /dev/null
@@ -1,50 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const tester = require("circom").tester;
-
-const bigInt = require("big-integer");
-
-const assert = chai.assert;
-
-describe("Comparators: -Greater or equal than- test", function () {
-
- this.timeout(100000);passing
-
- it("Should create a comparison greatereqthan", async() => {
- const circuit = await tester(path.join(__dirname, "greatereqthan.circom"));
- passing
- let witness;
- witness = await circuit.calculateWitness({ "in": [333,444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in":[1,1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [661, 660] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 1] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [0, 444] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(0)));
-
- witness = await circuit.calculateWitness({ "in": [1, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [555, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
-
- witness = await circuit.calculateWitness({ "in": [0, 0] }, true);
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt(1)));
- });
-});
diff --git a/circuits/basic_templates/comparators/lesseqthan/README.md b/circuits/basic_templates/comparators/lesseqthan/README.md
index e24c11f4..93e4dd0a 100644
--- a/circuits/basic_templates/comparators/lesseqthan/README.md
+++ b/circuits/basic_templates/comparators/lesseqthan/README.md
@@ -1,9 +1,5 @@
# `LessEqThan(n)`
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
## Description
This template compares two inputs (field elements?) and returns 0 if the first is less or equal than the second and 1 otherwise.
diff --git a/circuits/basic_templates/comparators/lesseqthan/lesseqthan.test.circom b/circuits/basic_templates/comparators/lesseqthan/lesseqthan.test.circom
deleted file mode 100644
index db2eda47..00000000
--- a/circuits/basic_templates/comparators/lesseqthan/lesseqthan.test.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../../circuits/comparators.circom";
-
-component main = LessEqThan(32);
diff --git a/circuits/basic_templates/comparators/compconstant/README.md b/circuits/compconstant/README.md
similarity index 100%
rename from circuits/basic_templates/comparators/compconstant/README.md
rename to circuits/compconstant/README.md
diff --git a/circuits/basic_templates/comparators/compconstant/compconstant.circom b/circuits/compconstant/compconstant.circom
similarity index 100%
rename from circuits/basic_templates/comparators/compconstant/compconstant.circom
rename to circuits/compconstant/compconstant.circom
From 1b810e2853fb85df7f8203b30d362cca344d30a5 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 8 Apr 2020 18:41:07 +0200
Subject: [PATCH 14/27] Worked on circuits description
---
circuits/basic_templates/README.md | 2 +
.../binary_arithmetic/binsub/README.md | 2 +-
.../basic_templates/bitify/bits2num/README.md | 2 +-
.../bitify/bits2num_strict/README.md | 2 +-
.../basic_templates/bitify/num2bits/README.md | 2 +-
.../bitify/num2bits_strict/README.md | 2 +-
.../bitify/num2bitsneg/README.md | 2 +-
.../basic_templates/compconstant/README.md | 41 +++++++++++
.../compconstant/compconstant.circom | 2 +-
.../basic_templates/logic_gates/README.md | 2 +
.../basic_templates/logic_gates/and/README.md | 25 ++++++-
.../logic_gates/multiand/README.md | 26 ++++++-
.../logic_gates/multiand/multiand.circom | 42 ++++++++++-
.../logic_gates/nand/README.md | 25 ++++++-
.../basic_templates/logic_gates/nor/README.md | 27 +++++--
.../basic_templates/logic_gates/not/README.md | 24 +++++-
.../basic_templates/logic_gates/or/README.md | 25 ++++++-
.../basic_templates/logic_gates/xor/README.md | 28 +++++--
circuits/basic_templates/sign/README.md | 32 +++++++-
circuits/basic_templates/sign/sign.circom | 1 +
circuits/basic_templates/switcher/README.md | 28 ++++++-
circuits/compconstant/README.md | 21 ------
circuits/compconstant/compconstant.circom | 73 -------------------
test/sign.test.js | 3 +-
24 files changed, 298 insertions(+), 141 deletions(-)
delete mode 100644 circuits/compconstant/README.md
delete mode 100644 circuits/compconstant/compconstant.circom
diff --git a/circuits/basic_templates/README.md b/circuits/basic_templates/README.md
index 1c1e0514..09dc77a4 100644
--- a/circuits/basic_templates/README.md
+++ b/circuits/basic_templates/README.md
@@ -30,6 +30,8 @@ https://docs.google.com/spreadsheets/d/1HBseSTTFRPF0rmDSY5RayzNtBZ9oCwjPUi5frpFl
- [`logic_gates`](logic_gates)
- [`and`](logic_gates/and)
- [`multiand`](logic_gates/multiand)
+ - [`multior`](logic_gates/multior)
+ - [`multixor`](logic_gates/multixor)
- [`nand`](logic_gates/nand)
- [`nor`](logic_gates/nor)
- [`not`](logic_gates/not)
diff --git a/circuits/basic_templates/binary_arithmetic/binsub/README.md b/circuits/basic_templates/binary_arithmetic/binsub/README.md
index d876d530..6a4e5d3a 100644
--- a/circuits/basic_templates/binary_arithmetic/binsub/README.md
+++ b/circuits/basic_templates/binary_arithmetic/binsub/README.md
@@ -54,7 +54,7 @@ None.
| Output | Type | Description |
| ------------- | ------------- | ---------- |
-| `out[n]` | Binary array of `n` bits | Binary substraction of the `n` bit arrays `in[0] - in[1]`. |
+| `out[n]` | Binary array of `n` bits | Binary substraction of the `n`-bit arrays `in[0] - in[1]`. |
## Benchmarks
diff --git a/circuits/basic_templates/bitify/bits2num/README.md b/circuits/basic_templates/bitify/bits2num/README.md
index aa73247c..80beb670 100644
--- a/circuits/basic_templates/bitify/bits2num/README.md
+++ b/circuits/basic_templates/bitify/bits2num/README.md
@@ -27,7 +27,7 @@ None.
| Input | Type | Representation |
| ------------- | ------------- | ------------- |
-| `in[n]` | Binary array of `n` bits | The encoding is considered to be done following the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering). |
+| `in[n]` | Binary array of `n` bits | The encoding is considered with the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering). |
## Outputs
diff --git a/circuits/basic_templates/bitify/bits2num_strict/README.md b/circuits/basic_templates/bitify/bits2num_strict/README.md
index 9757a86b..de718c0c 100644
--- a/circuits/basic_templates/bitify/bits2num_strict/README.md
+++ b/circuits/basic_templates/bitify/bits2num_strict/README.md
@@ -28,7 +28,7 @@ include "../bits2num/bits2num.circom";
| Input | Type | Representation |
| ------------- | ------------- | ------------- |
-| `in[n]` | Binary array of `n` bits | The encoding is considered to be done following the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering). |
+| `in[n]` | Binary array of `n` bits | The encoding is considered with the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering). |
## Outputs
diff --git a/circuits/basic_templates/bitify/num2bits/README.md b/circuits/basic_templates/bitify/num2bits/README.md
index 22217e60..4358c81c 100644
--- a/circuits/basic_templates/bitify/num2bits/README.md
+++ b/circuits/basic_templates/bitify/num2bits/README.md
@@ -28,7 +28,7 @@ None.
| Output | Type | Description |
| ------------- | ------------- | ---------- |
-| `out[n]` | Binary array of `n` bits | Binary representation of the field element `in`. The encoding is done using the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) scheme. |
+| `out[n]` | Binary array of `n` bits | Binary representation of the field element `in`. The encoding used is the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) scheme. |
## Benchmarks
diff --git a/circuits/basic_templates/bitify/num2bits_strict/README.md b/circuits/basic_templates/bitify/num2bits_strict/README.md
index 016f7471..ae694cf4 100644
--- a/circuits/basic_templates/bitify/num2bits_strict/README.md
+++ b/circuits/basic_templates/bitify/num2bits_strict/README.md
@@ -33,7 +33,7 @@ include "../num2bits/num2bits.circom"```
| Output | Type | Description |
| ------------- | ------------- | ---------- |
-| `out[254]` | Binary array of `254` bits | Binary representation of the field element `in`. The encoding is done using the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) scheme. |
+| `out[254]` | Binary array of `254` bits | Binary representation of the field element `in`. The encoding used is the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) scheme. |
## Benchmarks
diff --git a/circuits/basic_templates/bitify/num2bitsneg/README.md b/circuits/basic_templates/bitify/num2bitsneg/README.md
index fccf546f..4a6e1676 100644
--- a/circuits/basic_templates/bitify/num2bitsneg/README.md
+++ b/circuits/basic_templates/bitify/num2bitsneg/README.md
@@ -32,7 +32,7 @@ include "../../comparators/iszero/iszero.circom";
| Output | Type | Description |
| ------------- | ------------- | ---------- |
-| `out[n]` | Binary array of `n` bits | Binary representation of the field element `in`. The encoding is done using the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) scheme. TODO: ADD THE NEG PART. |
+| `out[n]` | Binary array of `n` bits | Binary representation of the field element `in`. The encoding used is the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) scheme. TODO: ADD THE NEG PART. |
## Benchmarks
diff --git a/circuits/basic_templates/compconstant/README.md b/circuits/basic_templates/compconstant/README.md
index e69de29b..ae1b8d7e 100644
--- a/circuits/basic_templates/compconstant/README.md
+++ b/circuits/basic_templates/compconstant/README.md
@@ -0,0 +1,41 @@
+# `CompConstant(ct)`
+
+## Description
+
+This template ... // Returns 1 if in (in binary) > ct
+
+## Schema
+
+```
+ ____________________
+ | |
+in[254] ----> | CompConstant(ct) | ----> out
+ |____________________|
+```
+
+## Dependencies
+
+```
+include "../bitify/num2bits/num2bits.circom";
+```
+
+## Inputs
+
+ signal input in[254];
+
+| Input | Type |
+| ------------- | ------------- |
+| `in[254]` | TODO:Fill |
+
+
+## Outputs
+
+ signal output out;
+
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out` | TODO: Fill | TODO: Fill |
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/compconstant/compconstant.circom b/circuits/basic_templates/compconstant/compconstant.circom
index aa03ffec..1ca7a2ba 100644
--- a/circuits/basic_templates/compconstant/compconstant.circom
+++ b/circuits/basic_templates/compconstant/compconstant.circom
@@ -59,7 +59,7 @@ template CompConstant(ct) {
sum = sum + parts[i];
b = b -e;
- a = a +e;
+ out a = a +e;
e = e*2;
}
diff --git a/circuits/basic_templates/logic_gates/README.md b/circuits/basic_templates/logic_gates/README.md
index fef57e1c..ba0d92c9 100644
--- a/circuits/basic_templates/logic_gates/README.md
+++ b/circuits/basic_templates/logic_gates/README.md
@@ -8,6 +8,8 @@ This folder contains the templates to perform logic gates operations. Each folde
- [`and`](and)
- [`multiand`](multiand)
+- [`multior`](multior)
+- [`multixor`](multixor)
- [`nand`](nand)
- [`nor`](nor)
- [`not`](not)
diff --git a/circuits/basic_templates/logic_gates/and/README.md b/circuits/basic_templates/logic_gates/and/README.md
index 210f1580..1d348e74 100644
--- a/circuits/basic_templates/logic_gates/and/README.md
+++ b/circuits/basic_templates/logic_gates/and/README.md
@@ -1,19 +1,36 @@
# `AND()`
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
## Description
+This template performs the [AND gate](https://en.wikipedia.org/wiki/AND_gate) (or logical conjunction).
+<!-- Out is true if and only if all of its operands are true -->
+
## Schema
+```
+ _________
+a ----> | |
+ | AND() | ----> out
+b ----> |_________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ----- | ----- |
+| `a` | Boolean |
+| `b` | Boolean |
+
## Outputs
+| Output | Type | Description |
+| ------ | ------ | ---------- |
+| `out` | Boolean | `out = a ∧ b`. |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/logic_gates/multiand/README.md b/circuits/basic_templates/logic_gates/multiand/README.md
index b7f1da63..297d7f34 100644
--- a/circuits/basic_templates/logic_gates/multiand/README.md
+++ b/circuits/basic_templates/logic_gates/multiand/README.md
@@ -1,19 +1,37 @@
# `MultiAND(n)`
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
## Description
+This template performs an `n`-input [AND gate](https://en.wikipedia.org/wiki/AND_gate).
+<!-- Out is true if and only if all of its operands are true -->
+
## Schema
+```
+ _______________
+ | |
+in[n] ----> | MultiAND(n) | ----> out
+ |_______________|
+```
+
## Dependencies
+```
+include "../and/and.circom";
+```
+
## Inputs
+| Input | Type |
+| ----- | ----- |
+| `in[n]` | Array of `n` booleans |
+
## Outputs
+| Output | Type | Description |
+| ------ | ------ | ---------- |
+| `out` | Boolean | `out = in[0] ∧ ... ∧ in[n-1]`. |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/logic_gates/multiand/multiand.circom b/circuits/basic_templates/logic_gates/multiand/multiand.circom
index cba3e1ef..08a4a660 100644
--- a/circuits/basic_templates/logic_gates/multiand/multiand.circom
+++ b/circuits/basic_templates/logic_gates/multiand/multiand.circom
@@ -19,7 +19,6 @@
include "../and/and.circom";
-//TODO: Simplify this function!
template MultiAND(n) {
signal input in[n];
signal output out;
@@ -46,4 +45,45 @@ template MultiAND(n) {
}
}
+/* TODO: Simplify this function!
+ De fet, només cal multiplicar-los tots.
+ Tot i que va millor així perquè es pot fer en
+ paral·lel, si és multiplicant és seqüencial.
+
+ L'actual tempalte té (n-1) constraints, però
+ hi ha una manera de fer-lo sempre amb únicament
+ 3 constraints -> Com fer-lo: sum(s_i)_{i=1}^{n} = n.
+
+*/
+
+/*
+ template MultiAND(n) {
+ signal input in[n];
+ signal output out;
+
+ var sum = 0;
+
+ for(var i=0; i<n; i++) {
+ sum = sum + in[i];
+ }
+
+ sum - n === 0; //iszero aquí!
+
+ // falta el tema out
+ }
+*/
+
+// Multior?? -> El mateix, però la suma ha de ser diferent de 0.
+
+/* Alternatively, it can be done like this (exemple de template
+ generada recursivament).
+ Deixar aquest com a exemple de multiand fet recursivament,
+ però implementar l'altre.
+*/
+
+/*
+ Implementar la MultiXOR(n) -> només un nombre parell
+ d'uns. Si hi ha un nombre parell -> 0, i si hi ha un
+ nombre senar -> 1.
+*/
\ No newline at end of file
diff --git a/circuits/basic_templates/logic_gates/nand/README.md b/circuits/basic_templates/logic_gates/nand/README.md
index 0fce42a2..0a4d6b29 100644
--- a/circuits/basic_templates/logic_gates/nand/README.md
+++ b/circuits/basic_templates/logic_gates/nand/README.md
@@ -1,19 +1,36 @@
# `NAND()`
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
## Description
+This template performs the [NAND gate](https://en.wikipedia.org/wiki/NAND_gate).
+<!-- Output which is false if and only if all its inputs are true -->
+
## Schema
+```
+ __________
+a ----> | |
+ | NAND() | ----> out
+b ----> |__________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ----- | ----- |
+| `a` | Boolean |
+| `b` | Boolean |
+
## Outputs
+| Output | Type | Description |
+| ------ | ------ | ---------- |
+| `out` | Boolean | `out = ¬(a ∧ b)`. |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/logic_gates/nor/README.md b/circuits/basic_templates/logic_gates/nor/README.md
index a4b974ee..4d2868d3 100644
--- a/circuits/basic_templates/logic_gates/nor/README.md
+++ b/circuits/basic_templates/logic_gates/nor/README.md
@@ -1,19 +1,36 @@
-# `NOR()`
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+# `NOR()`
## Description
+This template performs the [NOR gate](https://en.wikipedia.org/wiki/NOR_gate) (or logical nor).
+<!-- Output true if and only if both inputs are false -->
+
## Schema
+```
+ _________
+a ----> | |
+ | NOR() | ----> out
+b ----> |_________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ----- | ----- |
+| `a` | Boolean |
+| `b` | Boolean |
+
## Outputs
+| Output | Type | Description |
+| ------ | ------ | ---------- |
+| `out` | Boolean | `out = ¬(a v b)`. |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/logic_gates/not/README.md b/circuits/basic_templates/logic_gates/not/README.md
index 5fe566e1..9eabaeb4 100644
--- a/circuits/basic_templates/logic_gates/not/README.md
+++ b/circuits/basic_templates/logic_gates/not/README.md
@@ -1,19 +1,35 @@
# `NOT()`
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
## Description
+This template performs the [NOT gate](https://en.wikipedia.org/wiki/NOT_gate) (or logical negation).
+<!-- Output false if and only if the input is true -->
+
## Schema
+```
+ _________
+ | |
+in ----> | NOT() | ----> out
+ |_________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ----- | ----- |
+| `in` | Boolean |
+
## Outputs
+| Output | Type | Description |
+| ------ | ------ | ---------- |
+| `out` | Boolean | `out = ¬(in)`. |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/logic_gates/or/README.md b/circuits/basic_templates/logic_gates/or/README.md
index 65442b00..90610712 100644
--- a/circuits/basic_templates/logic_gates/or/README.md
+++ b/circuits/basic_templates/logic_gates/or/README.md
@@ -1,19 +1,36 @@
# `OR()`
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
## Description
+This template performs the [OR gate](https://en.wikipedia.org/wiki/OR_gate) (or logical disjunction).
+<!-- Out is true if and only if at least one of its operands is true -->
+
## Schema
+```
+ ________
+a ----> | |
+ | OR() | ----> out
+b ----> |________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ----- | ----- |
+| `a` | Boolean |
+| `b` | Boolean |
+
## Outputs
+| Output | Type | Description |
+| ------ | ------ | ---------- |
+| `out` | Boolean | `out = a v b`. |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/logic_gates/xor/README.md b/circuits/basic_templates/logic_gates/xor/README.md
index c5b13bcf..0f6e9abb 100644
--- a/circuits/basic_templates/logic_gates/xor/README.md
+++ b/circuits/basic_templates/logic_gates/xor/README.md
@@ -1,19 +1,37 @@
-# Name of Template
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+# `XOR()`
## Description
+This template performs the [NOR gate](https://en.wikipedia.org/wiki/XOR_gate) (or exclusive or).
+<!-- Output true if and only if an odd number of inputs are true -->
+<!-- Output true if and only if exactly one of the inputs is true -->
+
## Schema
+```
+ _________
+a ----> | |
+ | XOR() | ----> out
+b ----> |_________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ----- | ----- |
+| `a` | Boolean |
+| `b` | Boolean |
+
## Outputs
+| Output | Type | Description |
+| ------ | ------ | ---------- |
+| `out` | Boolean | `out = a ⊕ b`. |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/sign/README.md b/circuits/basic_templates/sign/README.md
index d2d63492..a57041d7 100644
--- a/circuits/basic_templates/sign/README.md
+++ b/circuits/basic_templates/sign/README.md
@@ -1,19 +1,43 @@
# `Sign()`
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
## Description
+This template returns the sign of an input.
+A number is considered to be positive if and only if it is TODO: less or equal? than `(q-1)/2` with
+```
+q = 21888242871839275222246405745257275088548364400416034343698204186575808495617
+```
+the prime order of altbn128, the curve used to verify zk-SNARK proofs in Ethereum.
+TODO: Add link to the curve and so on.
+
## Schema
+```
+ __________
+ | |
+in[254] ----> | Sign() | ----> sign
+ |__________|
+```
+
## Dependencies
+```
+include "../compconstant/compconstant.circom";
+```
+
## Inputs
+| Input | Type |
+| ------------- | ------------- |
+| `in[254]` | TODO:Fill |
+
+
## Outputs
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `sign` | Boolean | `sign = 0` if `in` is positive and `sign = 1` otherwise. |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/sign/sign.circom b/circuits/basic_templates/sign/sign.circom
index 98df47dd..63f597b5 100644
--- a/circuits/basic_templates/sign/sign.circom
+++ b/circuits/basic_templates/sign/sign.circom
@@ -23,6 +23,7 @@ template Sign() {
signal input in[254];
signal output sign;
+ // comp = (q-1)/2
component comp = CompConstant(10944121435919637611123202872628637544274182200208017171849102093287904247808);
var i;
diff --git a/circuits/basic_templates/switcher/README.md b/circuits/basic_templates/switcher/README.md
index 250fa88c..2e992f00 100644
--- a/circuits/basic_templates/switcher/README.md
+++ b/circuits/basic_templates/switcher/README.md
@@ -1,19 +1,39 @@
# `Switcher()`
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
## Description
+This template receives two inputs `L` and `R` and returns the two values switched according to a third boolean input `sel`.
+
## Schema
+```
+ ______________
+ L ----> | | ----> outL
+sel ----> | Switcher() |
+ R ----> |______________| ----> outR
+```
+
## Dependencies
+```
+include "../compconstant/compconstant.circom";
+```
+
## Inputs
+| Input | Type |
+| ------------- | ------------- |
+| `sel` | Boolean |
+| `R` | TODO: ? |
+| `L` | TODO: ? |
+
## Outputs
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `outR` | TODO: ? | `outR = R` if `sel == 0` and `outR = L` if `sel == 1`. |
+| `outL` | TODO: ? | `outL = L` if `sel == 0` and `outL = R` if `sel == 1`. |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/compconstant/README.md b/circuits/compconstant/README.md
deleted file mode 100644
index d0bfb006..00000000
--- a/circuits/compconstant/README.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# `CompConstant(ct)`
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
-## Description
-
-This template returns 1 if the input `in` (in binary) > ct.
-
-## Schema
-
-## Dependencies
-
-## Inputs
-
-## Outputs
-
-## Benchmarks
-
-## Test
\ No newline at end of file
diff --git a/circuits/compconstant/compconstant.circom b/circuits/compconstant/compconstant.circom
deleted file mode 100644
index c71d0634..00000000
--- a/circuits/compconstant/compconstant.circom
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "../bitify/num2bits/num2bits.circom";
-
-// Returns 1 if in (in binary) > ct
-
-template CompConstant(ct) {
- signal input in[254];
- signal output out;
-
- signal parts[127];
- signal sout;
-
- var clsb;
- var cmsb;
- var slsb;
- var smsb;
-
- var sum=0;
-
- var b = (1 << 128) -1;
- var a = 1;
- var e = 1;
- var i;
-
- for (i=0;i<127; i++) {
- clsb = (ct >> (i*2)) & 1;
- cmsb = (ct >> (i*2+1)) & 1;
- slsb = in[i*2];
- smsb = in[i*2+1];
-
- if ((cmsb==0)&&(clsb==0)) {
- parts[i] <== -b*smsb*slsb + b*smsb + b*slsb;
- } else if ((cmsb==0)&&(clsb==1)) {
- parts[i] <== a*smsb*slsb - a*slsb + b*smsb - a*smsb + a;
- } else if ((cmsb==1)&&(clsb==0)) {
- parts[i] <== b*smsb*slsb - a*smsb + a;
- } else {
- parts[i] <== -a*smsb*slsb + a;
- }
-
- sum = sum + parts[i];
-
- b = b -e;
- a = a +e;
- e = e*2;
- }
-
- sout <== sum;
-
- component num2bits = Num2Bits(135);
-
- num2bits.in <== sout;
-
- out <== num2bits.out[127];
-}
diff --git a/test/sign.test.js b/test/sign.test.js
index 6fb9db2b..b057afe8 100644
--- a/test/sign.test.js
+++ b/test/sign.test.js
@@ -44,11 +44,12 @@ describe("Sign test", function() {
it("Sign of q/2", async () => {
const inp = getBits(q.shiftRight(bigInt.one), 254);
+ // console.log(inp);
const w = await circuit.calculateWitness({in: inp}, true);
await circuit.assertOut(w, {sign: 0});
});
-
+
it("Sign of q/2+1", async () => {
const inp = getBits(q.shiftRight(bigInt.one).add(bigInt.one), 254);
const w = await circuit.calculateWitness({in: inp}, true);
From 04ba6b6551a01053a8e163266bc8de0fd9e41264 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 8 Apr 2020 21:40:01 +0200
Subject: [PATCH 15/27] Improved MultiAND, created MultiOR, created unitary
logic tests
---
.../basic_templates/logic_gates/README.md | 1 -
.../logic_gates/multiand/multiand.circom | 66 ++++-------
.../baby_jubjub/babyjub.test.js | 112 ------------------
.../edwards/babyadd/babyadd_test.circom | 3 -
.../edwards/babycheck/babycheck_test.circom | 3 -
.../edwards/babypbk/babypbk.circom | 8 +-
.../edwards/babypbk/babypbk_test.circom | 3 -
test/and.test.js | 39 ++++++
test/and_test.circom | 3 +
test/babyadd.test.js | 65 ++++++++++
test/babyadd_test.circom | 3 +
test/babycheck.test.js | 33 ++++++
test/babycheck_test.circom | 3 +
.../baby_jubjub => test}/babyjub_js.test.js | 0
test/babypbk.test.js | 41 +++++++
test/babypbk_test.circom | 3 +
test/multiand.test.js | 34 ++++++
test/multiand_test.circom | 3 +
test/multior.test.js | 34 ++++++
test/multior_test.circom | 3 +
test/not.test.js | 29 +++++
test/not_test.circom | 3 +
test/or.test.js | 39 ++++++
test/or_test.circom | 3 +
24 files changed, 367 insertions(+), 167 deletions(-)
delete mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub.test.js
delete mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
delete mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
delete mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk_test.circom
create mode 100644 test/and.test.js
create mode 100644 test/and_test.circom
create mode 100644 test/babyadd.test.js
create mode 100644 test/babyadd_test.circom
create mode 100644 test/babycheck.test.js
create mode 100644 test/babycheck_test.circom
rename {circuits/crypto_templates/elliptic_curves/baby_jubjub => test}/babyjub_js.test.js (100%)
create mode 100644 test/babypbk.test.js
create mode 100644 test/babypbk_test.circom
create mode 100644 test/multiand.test.js
create mode 100644 test/multiand_test.circom
create mode 100644 test/multior.test.js
create mode 100644 test/multior_test.circom
create mode 100644 test/not.test.js
create mode 100644 test/not_test.circom
create mode 100644 test/or.test.js
create mode 100644 test/or_test.circom
diff --git a/circuits/basic_templates/logic_gates/README.md b/circuits/basic_templates/logic_gates/README.md
index ba0d92c9..4beaa4fc 100644
--- a/circuits/basic_templates/logic_gates/README.md
+++ b/circuits/basic_templates/logic_gates/README.md
@@ -9,7 +9,6 @@ This folder contains the templates to perform logic gates operations. Each folde
- [`and`](and)
- [`multiand`](multiand)
- [`multior`](multior)
-- [`multixor`](multixor)
- [`nand`](nand)
- [`nor`](nor)
- [`not`](not)
diff --git a/circuits/basic_templates/logic_gates/multiand/multiand.circom b/circuits/basic_templates/logic_gates/multiand/multiand.circom
index 08a4a660..7d00f7cb 100644
--- a/circuits/basic_templates/logic_gates/multiand/multiand.circom
+++ b/circuits/basic_templates/logic_gates/multiand/multiand.circom
@@ -17,6 +17,31 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
+include "../../comparators/iszero/iszero.circom";
+
+template MultiAND(n) {
+ signal input in[n];
+ signal output out;
+ var sum = 0;
+
+ for(var i=0; i<n; i++) {
+ sum = sum + in[i];
+ }
+
+ component isz = IsZero();
+
+ sum - n ==> isz.in;
+
+ isz.out ==> out;
+}
+
+/*
+
+ALTERNATIVELY, MultiAND can be implemented recursively:
+(Although then it takes n-1 constraints)
+
+-----
+
include "../and/and.circom";
template MultiAND(n) {
@@ -45,45 +70,4 @@ template MultiAND(n) {
}
}
-/* TODO: Simplify this function!
-
- De fet, només cal multiplicar-los tots.
- Tot i que va millor així perquè es pot fer en
- paral·lel, si és multiplicant és seqüencial.
-
- L'actual tempalte té (n-1) constraints, però
- hi ha una manera de fer-lo sempre amb únicament
- 3 constraints -> Com fer-lo: sum(s_i)_{i=1}^{n} = n.
-
-*/
-
-/*
- template MultiAND(n) {
- signal input in[n];
- signal output out;
-
- var sum = 0;
-
- for(var i=0; i<n; i++) {
- sum = sum + in[i];
- }
-
- sum - n === 0; //iszero aquí!
-
- // falta el tema out
- }
-*/
-
-// Multior?? -> El mateix, però la suma ha de ser diferent de 0.
-
-/* Alternatively, it can be done like this (exemple de template
- generada recursivament).
- Deixar aquest com a exemple de multiand fet recursivament,
- però implementar l'altre.
-*/
-
-/*
- Implementar la MultiXOR(n) -> només un nombre parell
- d'uns. Si hi ha un nombre parell -> 0, i si hi ha un
- nombre senar -> 1.
*/
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub.test.js b/circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub.test.js
deleted file mode 100644
index 4a89cc83..00000000
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub.test.js
+++ /dev/null
@@ -1,112 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const createBlakeHash = require("blake-hash");
-const eddsa = require("../src/eddsa.js");
-
-const assert = chai.assert;
-
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-const utils = require("../src/utils.js");
-
-describe("Baby Jub test", function () {
- let circuitAdd;
- let circuitTest;
- let circuitPbk;
-
- this.timeout(100000);
-
- before( async() => {
- circuitAdd = await tester(path.join(__dirname, "circuits", "babyadd_tester.circom"));
-
- circuitTest = await tester(path.join(__dirname, "circuits", "babycheck_test.circom"));
-
- circuitPbk = await tester(path.join(__dirname, "circuits", "babypbk_test.circom"));
- });
-
- it("Should add point (0,1) and (0,1)", async () => {
-
- const input={
- x1: bigInt(0),
- y1: bigInt(1),
- x2: bigInt(0),
- y2: bigInt(1)
- };
-
- const w = await circuitAdd.calculateWitness(input, true);
-
- await circuitAdd.assertOut(w, {xout: bigInt(0), yout: bigInt(1)});
- });
-
- it("Should add 2 same numbers", async () => {
-
- const input={
- x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- y1: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- x2: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- y2: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")
- };
-
- const w = await circuitAdd.calculateWitness(input, true);
-
- await circuitAdd.assertOut(w, {
- xout: bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
- yout: bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889")
- });
-
- });
-
- it("Should add 2 different numbers", async () => {
-
- const input={
- x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- y1: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- x2: bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
- y2: bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311")
- };
-
- const w = await circuitAdd.calculateWitness(input, true);
-
- await circuitAdd.assertOut(w, {
- xout: bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937"),
- yout: bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499")
- });
-
- });
-
- it("Should check (0,1) is a valid point", async() => {
- const w = await circuitTest.calculateWitness({x: 0, y:1}, true);
-
- await circuitTest.checkConstraints(w);
- });
-
- it("Should check (1,0) is an invalid point", async() => {
- try {
- await circuitTest.calculateWitness({x: 1, y: 0}, true);
- assert(false, "Should be a valid point");
- } catch(err) {
- assert(/Constraint\sdoesn't\smatch(.*)168700\s!=\s1/.test(err.message) );
- }
- });
-
- it("Should extract the public key from the private one", async () => {
-
- const rawpvk = Buffer.from("0001020304050607080900010203040506070809000102030405060708090021", "hex");
- const pvk = eddsa.pruneBuffer(createBlakeHash("blake512").update(rawpvk).digest().slice(0,32));
- const S = utils.leBuff2int(pvk).shiftRight(3);
-
- const A = eddsa.prv2pub(rawpvk);
-
- const input = {
- in : S
- };
-
- const w = await circuitPbk.calculateWitness(input, true);
-
- await circuitPbk.assertOut(w, {Ax : A[0], Ay: A[1]});
-
- await circuitPbk.checkConstraints(w);
- });
-
-});
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
deleted file mode 100644
index 129acfac..00000000
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/babyjub.circom";
-
-component main = BabyAdd();
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
deleted file mode 100644
index 925de65e..00000000
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/babyjub.circom";
-
-component main = BabyCheck();
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom
index 462f6efe..f635bcec 100644
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom
+++ b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom
@@ -17,10 +17,10 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "bitify.circom";
-include "escalarmulfix.circom";
-Num2Bits
-escalarmulfix
+include "../../../../basic_templates/bitify/num2bits/num2bits.circom";
+//TODO: Change dependency path:
+include "escalarmulfix.circom";
+
// Extracts the public key from private key
template BabyPbk() {
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk_test.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk_test.circom
deleted file mode 100644
index 2583bb95..00000000
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/babyjub.circom";
-
-component main = BabyPbk();
\ No newline at end of file
diff --git a/test/and.test.js b/test/and.test.js
new file mode 100644
index 00000000..40d3383d
--- /dev/null
+++ b/test/and.test.js
@@ -0,0 +1,39 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("AND test", function () {
+
+ this.timeout(100000000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "and_test.circom"));
+ });
+
+ it("1 AND 1 = 1", async () => {
+ const witness = await circuit.calculateWitness({ "a": "1", "b": "1" }, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+ it("1 AND 0 = 0", async () => {
+ const witness = await circuit.calculateWitness({ "a": "1", "b": "0" }, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+ it("0 AND 1 = 1", async () => {
+ const witness = await circuit.calculateWitness({ "a": "0", "b": "1" }, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+ it("0 AND 0 = 0", async () => {
+ const witness = await circuit.calculateWitness({ "a": "0", "b": "0" }, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+});
diff --git a/test/and_test.circom b/test/and_test.circom
new file mode 100644
index 00000000..1a4a286e
--- /dev/null
+++ b/test/and_test.circom
@@ -0,0 +1,3 @@
+include "../circuits/basic_templates/logic_gates/and/and.circom";
+
+component main = AND()
diff --git a/test/babyadd.test.js b/test/babyadd.test.js
new file mode 100644
index 00000000..4fc7ae30
--- /dev/null
+++ b/test/babyadd.test.js
@@ -0,0 +1,65 @@
+const chai = require("chai");
+const path = require("path");
+
+const assert = chai.assert;
+
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+describe("Baby Jubjub twisted Edwards addition test", function () {
+
+ this.timeout(100000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "babyadd_test.circom"));
+ });
+
+ it("It should add the points (0,1) and (0,1)", async () => {
+
+ const input={
+ x1: bigInt(0),
+ y1: bigInt(1),
+ x2: bigInt(0),
+ y2: bigInt(1)
+ };
+
+ const w = await circuit.calculateWitness(input, true);
+
+ await circuit.assertOut(w, {xout: bigInt(0), yout: bigInt(1)});
+ });
+
+ it("It should add the 2 same points", async () => {
+
+ const input={
+ x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ y1: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+ x2: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ y2: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475")
+ };
+
+ const w = await circuit.calculateWitness(input, true);
+
+ await circuit.assertOut(w, {
+ xout: bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
+ yout: bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889")
+ });
+ });
+
+ it("It should add 2 different points", async () => {
+
+ const input={
+ x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
+ y1: bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
+ x2: bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
+ y2: bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311")
+ };
+
+ const w = await circuit.calculateWitness(input, true);
+
+ await circuit.assertOut(w, {
+ xout: bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937"),
+ yout: bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499")
+ });
+ });
+});
diff --git a/test/babyadd_test.circom b/test/babyadd_test.circom
new file mode 100644
index 00000000..5a4cc664
--- /dev/null
+++ b/test/babyadd_test.circom
@@ -0,0 +1,3 @@
+include "../circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom";
+
+component main = BabyAdd();
diff --git a/test/babycheck.test.js b/test/babycheck.test.js
new file mode 100644
index 00000000..0244d8d4
--- /dev/null
+++ b/test/babycheck.test.js
@@ -0,0 +1,33 @@
+const chai = require("chai");
+const path = require("path");
+
+const assert = chai.assert;
+
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+describe("Baby Jubjub twisted Edwards check test", function () {
+
+ this.timeout(100000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "babycheck_test.circom"));
+ });
+
+ it("It should check that (0,1) is a valid point", async() => {
+ const w = await circuit.calculateWitness({x: 0, y:1}, true);
+
+ await circuit.checkConstraints(w);
+ });
+
+ it("It should check that (1,0) is an invalid point", async() => {
+ try {
+ await circuit.calculateWitness({x: 1, y: 0}, true);
+ assert(false, "Should be a valid point");
+ } catch(err) {
+ assert(/Constraint\sdoesn't\smatch(.*)168700\s!=\s1/.test(err.message) );
+ }
+ });
+
+});
diff --git a/test/babycheck_test.circom b/test/babycheck_test.circom
new file mode 100644
index 00000000..9cfa487f
--- /dev/null
+++ b/test/babycheck_test.circom
@@ -0,0 +1,3 @@
+include "../circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.circom";
+
+component main = BabyCheck();
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub_js.test.js b/test/babyjub_js.test.js
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub_js.test.js
rename to test/babyjub_js.test.js
diff --git a/test/babypbk.test.js b/test/babypbk.test.js
new file mode 100644
index 00000000..64eabeb5
--- /dev/null
+++ b/test/babypbk.test.js
@@ -0,0 +1,41 @@
+const chai = require("chai");
+const path = require("path");
+
+const createBlakeHash = require("blake-hash");
+const eddsa = require("../src/eddsa.js");
+
+const assert = chai.assert;
+
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+const utils = require("../src/utils.js");
+
+describe("Baby Jubjub twisted Edwards public key extraction test", function () {
+
+ this.timeout(100000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "babypbk_test.circom"));
+ });
+
+ it("It should extract the public key from the private one", async () => {
+
+ const rawpvk = Buffer.from("0001020304050607080900010203040506070809000102030405060708090021", "hex");
+ const pvk = eddsa.pruneBuffer(createBlakeHash("blake512").update(rawpvk).digest().slice(0,32));
+ const S = utils.leBuff2int(pvk).shiftRight(3);
+
+ const A = eddsa.prv2pub(rawpvk);
+
+ const input = {
+ in : S
+ };
+
+ const w = await circuit.calculateWitness(input, true);
+
+ await circuit.assertOut(w, {Ax : A[0], Ay: A[1]});
+
+ await circuit.checkConstraints(w);
+ });
+
+});
diff --git a/test/babypbk_test.circom b/test/babypbk_test.circom
new file mode 100644
index 00000000..24850453
--- /dev/null
+++ b/test/babypbk_test.circom
@@ -0,0 +1,3 @@
+include "../circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom";
+
+component main = BabyPbk();
\ No newline at end of file
diff --git a/test/multiand.test.js b/test/multiand.test.js
new file mode 100644
index 00000000..a42e4143
--- /dev/null
+++ b/test/multiand.test.js
@@ -0,0 +1,34 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("MultiAND test", function () {
+
+ this.timeout(100000000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "multiand_test.circom"));
+ });
+
+ it("All 1 output 1", async () => {
+ const witness = await circuit.calculateWitness({"in": [1,1,1,1,1]}, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+ it("One 0 output 0", async () => {
+ const witness = await circuit.calculateWitness({"in": [1,0,1,1,1]}, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+ it("Some 0s output 0", async () => {
+ const witness = await circuit.calculateWitness({"in": [0,1,0,0,1]}, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+});
diff --git a/test/multiand_test.circom b/test/multiand_test.circom
new file mode 100644
index 00000000..07989616
--- /dev/null
+++ b/test/multiand_test.circom
@@ -0,0 +1,3 @@
+include "../circuits/basic_templates/logic_gates/multiand/multiand.circom";
+
+component main = MultiAND(5)
diff --git a/test/multior.test.js b/test/multior.test.js
new file mode 100644
index 00000000..33ccc4dc
--- /dev/null
+++ b/test/multior.test.js
@@ -0,0 +1,34 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("MultiOR test", function () {
+
+ this.timeout(100000000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "multior_test.circom"));
+ });
+
+ it("All 0 output 0", async () => {
+ const witness = await circuit.calculateWitness({"in": [0,0,0,0,0]}, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+ it("One 1 output 1", async () => {
+ const witness = await circuit.calculateWitness({"in": [0,1,0,0,0]}, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+ it("Some 1s output 1", async () => {
+ const witness = await circuit.calculateWitness({"in": [0,1,0,0,1]}, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+});
diff --git a/test/multior_test.circom b/test/multior_test.circom
new file mode 100644
index 00000000..1612d386
--- /dev/null
+++ b/test/multior_test.circom
@@ -0,0 +1,3 @@
+include "../circuits/basic_templates/logic_gates/multior/multior.circom";
+
+component main = MultiOR(5)
diff --git a/test/not.test.js b/test/not.test.js
new file mode 100644
index 00000000..65ddb289
--- /dev/null
+++ b/test/not.test.js
@@ -0,0 +1,29 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("NOT test", function () {
+
+ this.timeout(100000000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "not_test.circom"));
+ });
+
+ it("NOT 1 = 0", async () => {
+ const witness = await circuit.calculateWitness({ "in": "1"}, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+ it("NOT 0 = 1", async () => {
+ const witness = await circuit.calculateWitness({ "in": "0"}, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+});
diff --git a/test/not_test.circom b/test/not_test.circom
new file mode 100644
index 00000000..92195950
--- /dev/null
+++ b/test/not_test.circom
@@ -0,0 +1,3 @@
+include "../circuits/basic_templates/logic_gates/not/not.circom";
+
+component main = NOT()
diff --git a/test/or.test.js b/test/or.test.js
new file mode 100644
index 00000000..0780e91a
--- /dev/null
+++ b/test/or.test.js
@@ -0,0 +1,39 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("OR test", function () {
+
+ this.timeout(100000000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "or_test.circom"));
+ });
+
+ it("1 OR 1 = 1", async () => {
+ const witness = await circuit.calculateWitness({ "a": "1", "b": "1" }, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+ it("1 OR 0 = 0", async () => {
+ const witness = await circuit.calculateWitness({ "a": "1", "b": "0" }, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+ it("0 OR 1 = 1", async () => {
+ const witness = await circuit.calculateWitness({ "a": "0", "b": "1" }, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+ it("0 OR 0 = 0", async () => {
+ const witness = await circuit.calculateWitness({ "a": "0", "b": "0" }, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+});
diff --git a/test/or_test.circom b/test/or_test.circom
new file mode 100644
index 00000000..b18461a7
--- /dev/null
+++ b/test/or_test.circom
@@ -0,0 +1,3 @@
+include "../circuits/basic_templates/logic_gates/or/or.circom";
+
+component main = OR()
From bc92dad5ff7dadccc43353aaa8f17619de72d767 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 8 Apr 2020 21:40:46 +0200
Subject: [PATCH 16/27] added multior
---
.../logic_gates/multior/README.md | 37 +++++++++++++++++++
.../logic_gates/multior/multior.circom | 37 +++++++++++++++++++
2 files changed, 74 insertions(+)
create mode 100644 circuits/basic_templates/logic_gates/multior/README.md
create mode 100644 circuits/basic_templates/logic_gates/multior/multior.circom
diff --git a/circuits/basic_templates/logic_gates/multior/README.md b/circuits/basic_templates/logic_gates/multior/README.md
new file mode 100644
index 00000000..aface870
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/multior/README.md
@@ -0,0 +1,37 @@
+# `MultiOR(n)`
+
+## Description
+
+This template performs an `n`-input [OR gate](https://en.wikipedia.org/wiki/OR_gate).
+<!-- Out is true if and only if at least one of the operands is true -->
+
+## Schema
+
+```
+ ______________
+ | |
+in[n] ----> | MultiOR(n) | ----> out
+ |______________|
+```
+
+## Dependencies
+
+```
+include "../or/or.circom";
+```
+
+## Inputs
+
+| Input | Type |
+| ----- | ----- |
+| `in[n]` | Array of `n` booleans |
+
+## Outputs
+
+| Output | Type | Description |
+| ------ | ------ | ---------- |
+| `out` | Boolean | `out = in[0] v ... v in[n-1]`. |
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/logic_gates/multior/multior.circom b/circuits/basic_templates/logic_gates/multior/multior.circom
new file mode 100644
index 00000000..7aeb090d
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/multior/multior.circom
@@ -0,0 +1,37 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../comparators/iszero/iszero.circom";
+
+template MultiOR(n) {
+ signal input in[n];
+ signal output out;
+
+ var sum = 0;
+
+ for(var i=0; i<n; i++) {
+ sum = sum + in[i];
+ }
+
+ component isz = IsZero();
+
+ isz.in <== sum;
+
+ out <== 1- isz.out;
+}
\ No newline at end of file
From 9d72f8687207cf3098a886cdc4ec26c4965d4a9f Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Thu, 9 Apr 2020 02:11:26 +0200
Subject: [PATCH 17/27] Worked with tests. TODO: Need to fix ERROR: 5 Accessing
a not assigned signal 0 0 0 0 in aliascheck and sign
---
circuits/basic_templates/README.md | 5 -
.../binary_arithmetic/binsub}/binsub.test.js | 0
.../binsub}/binsub_test.circom | 6 +-
.../binary_arithmetic/binsum}/binsum.test.js | 0
.../binsum/binsum_test.circom | 5 +-
.../greatereqthan}/greatereqthan.test.js | 0
.../greatereqthan/greatereqthan_test.circom | 4 +
.../greaterthan}/greaterthan.test.js | 2 +-
.../greaterthan/greaterthan_test.circom | 4 +
.../comparators/isequal}/isequal.test.js | 0
.../comparators/isequal/isequal_test.circom | 3 +
.../comparators/iszero}/iszero.test.js | 0
.../comparators/iszero/iszero_test.circom | 3 +
.../lesseqthan}/lesseqthan.test.js | 0
.../lesseqthan/lesseqthan_test.circom | 3 +
.../comparators/lessthan}/lessthan.test.js | 0
.../comparators/lessthan/lessthan_test.circom | 3 +
.../logic_gates/and}/and.test.js | 0
.../logic_gates/and/and_test.circom | 3 +
.../logic_gates/multiand}/multiand.test.js | 0
.../logic_gates/multiand/multiand_test.circom | 3 +
.../logic_gates/multior}/multior.test.js | 0
.../logic_gates/multior/multior_test.circom | 3 +
.../logic_gates/nand/nand.test.js | 39 +++++
.../logic_gates/nand/nand_test.circom | 3 +
.../logic_gates/nor/nor.test.js | 39 +++++
.../logic_gates/nor/nor_test.circom | 3 +
.../logic_gates/not}/not.test.js | 0
.../logic_gates/not/not_test.circom | 3 +
.../logic_gates/or}/or.test.js | 0
.../logic_gates/or/or_test.circom | 3 +
.../logic_gates/xor/xor.test.js | 39 +++++
.../logic_gates/xor/xor_test.circom | 3 +
.../basic_templates/multiplexer/README.md | 2 +
.../{multiplexer => }/multiplexer.circom | 0
.../multiplexer/multiplexer/README.md | 19 ---
.../mux/multimux3/multimux3.circom | 55 ++++++
.../elliptic_curves/README.md | 4 +-
.../elliptic_curves/baby_jubjub/README.md | 4 +-
.../baby_jubjub/babyjub.circom | 106 ------------
.../baby_jubjub/edwards/README.md | 22 +++
.../edwards/babycheck}/babycheck.test.js | 0
.../edwards/babycheck}/babycheck_test.circom | 0
.../edwards/{ => babydbl}/babyadd/README.md | 0
.../{ => babydbl}/babyadd/babyadd.circom | 0
.../edwards/babydbl/babyadd}/babyadd.test.js | 0
.../babydbl/babyadd}/babyadd_test.circom | 0
.../scalar_mul/scalarmul/scalarmul.circom} | 35 ----
.../scalarmulwindow/scalarmulwindow.circom | 102 ++++++++++++
.../bitelementmulany/bitelementmulany.circom | 57 +++++++
.../multiplexor2/multiplexor2.circom | 27 +++
.../scalarmulany/scalarmulany.circom} | 0
.../segmentmulany/segmentmulany.circom | 91 ++++++++++
.../scalarmulfix}/escalarmulfix.circom | 0
.../scalarmulwtable}/escalarmulw4table.circom | 0
.../edwards2montgomery.circom | 39 +++++
.../montgomery/montgomeryadd/README.md | 43 ++++-
.../montgomeryadd/montgomeryadd.circom} | 77 +--------
.../montgomerydouble/montgomerydouble.circom | 53 ++++++
.../montgomery2edwards.circom | 36 ++++
.../pedersen/{pedersen => }/pedersen.circom | 157 +-----------------
.../hash_functions/pedersen/pedersen.test.js | 64 ++-----
.../hash_functions/pedersen/pedersen2.test.js | 49 ------
.../pedersen/pedersen2_test.circom | 32 ----
.../pedersen/pedersen_test.circom | 28 ++--
.../pedersen/segment/segment.circom | 87 ++++++++++
.../pedersen/window4/window4.circom | 109 ++++++++++++
.../pedersen_old/pedersen_old.circom | 0
.../pedersen_old/pedersen_old.test.js | 77 +++++++++
.../pedersen_old/pedersen_old_test.circom | 0
.../sha256/{ => constants}/constants.circom | 0
.../sha256/constants}/constants.test.js | 0
.../{ => constants}/constants_test.circom | 2 +-
test/aliascheck.test.js | 4 +-
test/and_test.circom | 3 -
test/binsum_test.circom | 32 ----
test/circuits/babyadd_test.circom | 3 -
test/circuits/babycheck_test.circom | 3 -
test/circuits/babypbk_test.circom | 3 -
test/circuits/pedersen2_test.circom | 32 ----
test/compconstant.js | 24 +++
test/compconstant_test.circom | 3 +
test/constants.circom | 52 ------
test/edwards2montgomery.circom | 3 -
test/escalarmul_min_test.circom | 26 ---
test/escalarmul_test.circom | 31 ----
test/escalarmul_test_min.circom | 26 ---
test/escalarmulany_test.circom | 28 ----
test/escalarmulfix_test.circom | 29 ----
test/escalarmulw4table.circom | 6 -
test/escalarmulw4table_test.circom | 17 --
test/escalarmulw4table_test3.circom | 17 --
test/greatereqthan_test.circom | 4 -
test/greaterthan_test.circom | 4 -
test/isequal_test.circom | 3 -
test/iszero_test.circom | 3 -
test/lesseqthan_test.circom | 4 -
test/lessthan_test.circom | 4 -
test/montgomery2edwards.circom | 3 -
test/montgomeryadd.circom | 3 -
test/montgomerydouble.circom | 3 -
test/multiand_test.circom | 3 -
test/multior_test.circom | 3 -
test/not_test.circom | 3 -
test/or_test.circom | 3 -
test/pointbits_loopback.circom | 23 ---
test/sha256_test448.circom | 3 -
test/sha256_test512.circom | 3 -
108 files changed, 1036 insertions(+), 934 deletions(-)
rename {test => circuits/basic_templates/binary_arithmetic/binsub}/binsub.test.js (100%)
rename {test => circuits/basic_templates/binary_arithmetic/binsub}/binsub_test.circom (69%)
rename {test => circuits/basic_templates/binary_arithmetic/binsum}/binsum.test.js (100%)
rename test/circuits/sum_test.circom => circuits/basic_templates/binary_arithmetic/binsum/binsum_test.circom (80%)
rename {test => circuits/basic_templates/comparators/greatereqthan}/greatereqthan.test.js (100%)
create mode 100644 circuits/basic_templates/comparators/greatereqthan/greatereqthan_test.circom
rename {test => circuits/basic_templates/comparators/greaterthan}/greaterthan.test.js (95%)
create mode 100644 circuits/basic_templates/comparators/greaterthan/greaterthan_test.circom
rename {test => circuits/basic_templates/comparators/isequal}/isequal.test.js (100%)
create mode 100644 circuits/basic_templates/comparators/isequal/isequal_test.circom
rename {test => circuits/basic_templates/comparators/iszero}/iszero.test.js (100%)
create mode 100644 circuits/basic_templates/comparators/iszero/iszero_test.circom
rename {test => circuits/basic_templates/comparators/lesseqthan}/lesseqthan.test.js (100%)
create mode 100644 circuits/basic_templates/comparators/lesseqthan/lesseqthan_test.circom
rename {test => circuits/basic_templates/comparators/lessthan}/lessthan.test.js (100%)
create mode 100644 circuits/basic_templates/comparators/lessthan/lessthan_test.circom
rename {test => circuits/basic_templates/logic_gates/and}/and.test.js (100%)
create mode 100644 circuits/basic_templates/logic_gates/and/and_test.circom
rename {test => circuits/basic_templates/logic_gates/multiand}/multiand.test.js (100%)
create mode 100644 circuits/basic_templates/logic_gates/multiand/multiand_test.circom
rename {test => circuits/basic_templates/logic_gates/multior}/multior.test.js (100%)
create mode 100644 circuits/basic_templates/logic_gates/multior/multior_test.circom
create mode 100644 circuits/basic_templates/logic_gates/nand/nand.test.js
create mode 100644 circuits/basic_templates/logic_gates/nand/nand_test.circom
create mode 100644 circuits/basic_templates/logic_gates/nor/nor.test.js
create mode 100644 circuits/basic_templates/logic_gates/nor/nor_test.circom
rename {test => circuits/basic_templates/logic_gates/not}/not.test.js (100%)
create mode 100644 circuits/basic_templates/logic_gates/not/not_test.circom
rename {test => circuits/basic_templates/logic_gates/or}/or.test.js (100%)
create mode 100644 circuits/basic_templates/logic_gates/or/or_test.circom
create mode 100644 circuits/basic_templates/logic_gates/xor/xor.test.js
create mode 100644 circuits/basic_templates/logic_gates/xor/xor_test.circom
rename circuits/basic_templates/multiplexer/{multiplexer => }/multiplexer.circom (100%)
delete mode 100644 circuits/basic_templates/multiplexer/multiplexer/README.md
create mode 100644 circuits/basic_templates/mux/multimux3/multimux3.circom
delete mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub.circom
rename {test => circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck}/babycheck.test.js (100%)
rename {test => circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck}/babycheck_test.circom (100%)
rename circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/{ => babydbl}/babyadd/README.md (100%)
rename circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/{ => babydbl}/babyadd/babyadd.circom (100%)
rename {test => circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd}/babyadd.test.js (100%)
rename {test => circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd}/babyadd_test.circom (100%)
rename circuits/crypto_templates/elliptic_curves/baby_jubjub/{escalarmul.circom => edwards/scalar_mul/scalarmul/scalarmul.circom} (92%)
create mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom
create mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom
create mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom
rename circuits/crypto_templates/elliptic_curves/baby_jubjub/{escalarmulany.circom => edwards/scalar_mul/scalarmulany/scalarmulany.circom} (100%)
create mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom
rename circuits/crypto_templates/elliptic_curves/baby_jubjub/{ => edwards/scalar_mul/scalarmulfix}/escalarmulfix.circom (100%)
rename circuits/crypto_templates/elliptic_curves/baby_jubjub/{ => edwards/scalar_mul/scalarmulwtable}/escalarmulw4table.circom (100%)
create mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards2montgomery/edwards2montgomery.circom
rename circuits/crypto_templates/elliptic_curves/baby_jubjub/{montgomery.circom => montgomery/montgomeryadd/montgomeryadd.circom} (56%)
create mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom
create mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery2edwards/montgomery2edwards.circom
rename circuits/crypto_templates/hash_functions/pedersen/{pedersen => }/pedersen.circom (50%)
delete mode 100644 circuits/crypto_templates/hash_functions/pedersen/pedersen2.test.js
delete mode 100644 circuits/crypto_templates/hash_functions/pedersen/pedersen2_test.circom
create mode 100644 circuits/crypto_templates/hash_functions/pedersen/segment/segment.circom
create mode 100644 circuits/crypto_templates/hash_functions/pedersen/window4/window4.circom
rename circuits/crypto_templates/hash_functions/{pedersen => }/pedersen_old/pedersen_old.circom (100%)
create mode 100644 circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old.test.js
rename test/circuits/pedersen_test.circom => circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old_test.circom (100%)
rename circuits/crypto_templates/hash_functions/sha256/{ => constants}/constants.circom (100%)
rename {test => circuits/crypto_templates/hash_functions/sha256/constants}/constants.test.js (100%)
rename circuits/crypto_templates/hash_functions/sha256/{ => constants}/constants_test.circom (82%)
delete mode 100644 test/and_test.circom
delete mode 100644 test/binsum_test.circom
delete mode 100644 test/circuits/babyadd_test.circom
delete mode 100644 test/circuits/babycheck_test.circom
delete mode 100644 test/circuits/babypbk_test.circom
delete mode 100644 test/circuits/pedersen2_test.circom
create mode 100644 test/compconstant.js
create mode 100644 test/compconstant_test.circom
delete mode 100644 test/constants.circom
delete mode 100644 test/edwards2montgomery.circom
delete mode 100644 test/escalarmul_min_test.circom
delete mode 100644 test/escalarmul_test.circom
delete mode 100644 test/escalarmul_test_min.circom
delete mode 100644 test/escalarmulany_test.circom
delete mode 100644 test/escalarmulfix_test.circom
delete mode 100644 test/escalarmulw4table.circom
delete mode 100644 test/escalarmulw4table_test.circom
delete mode 100644 test/escalarmulw4table_test3.circom
delete mode 100644 test/greatereqthan_test.circom
delete mode 100644 test/greaterthan_test.circom
delete mode 100644 test/isequal_test.circom
delete mode 100644 test/iszero_test.circom
delete mode 100644 test/lesseqthan_test.circom
delete mode 100644 test/lessthan_test.circom
delete mode 100644 test/montgomery2edwards.circom
delete mode 100644 test/montgomeryadd.circom
delete mode 100644 test/montgomerydouble.circom
delete mode 100644 test/multiand_test.circom
delete mode 100644 test/multior_test.circom
delete mode 100644 test/not_test.circom
delete mode 100644 test/or_test.circom
delete mode 100644 test/pointbits_loopback.circom
delete mode 100644 test/sha256_test448.circom
delete mode 100644 test/sha256_test512.circom
diff --git a/circuits/basic_templates/README.md b/circuits/basic_templates/README.md
index 09dc77a4..7ec0ce6c 100644
--- a/circuits/basic_templates/README.md
+++ b/circuits/basic_templates/README.md
@@ -2,10 +2,6 @@
This folder contains the templates to do basic arithmetic operations.
-## TODO
-
-https://docs.google.com/spreadsheets/d/1HBseSTTFRPF0rmDSY5RayzNtBZ9oCwjPUi5frpFl5Fs/edit?usp=sharing
-
## Structure of the Folder
- [`aliascheck`](aliascheck)
@@ -31,7 +27,6 @@ https://docs.google.com/spreadsheets/d/1HBseSTTFRPF0rmDSY5RayzNtBZ9oCwjPUi5frpFl
- [`and`](logic_gates/and)
- [`multiand`](logic_gates/multiand)
- [`multior`](logic_gates/multior)
- - [`multixor`](logic_gates/multixor)
- [`nand`](logic_gates/nand)
- [`nor`](logic_gates/nor)
- [`not`](logic_gates/not)
diff --git a/test/binsub.test.js b/circuits/basic_templates/binary_arithmetic/binsub/binsub.test.js
similarity index 100%
rename from test/binsub.test.js
rename to circuits/basic_templates/binary_arithmetic/binsub/binsub.test.js
diff --git a/test/binsub_test.circom b/circuits/basic_templates/binary_arithmetic/binsub/binsub_test.circom
similarity index 69%
rename from test/binsub_test.circom
rename to circuits/basic_templates/binary_arithmetic/binsub/binsub_test.circom
index 386ebcb9..a5dcd13b 100644
--- a/test/binsub_test.circom
+++ b/circuits/basic_templates/binary_arithmetic/binsub/binsub_test.circom
@@ -1,6 +1,6 @@
-include "../circuits/basic_templates/bitify/num2bits/num2bits.circom"
-include "../circuits/basic_templates/bitify/bits2num/bits2num.circom"
-include "../circuits/basic_templates/binary_arithmetic/binsub/binsub.circom"
+include "../../bitify/num2bits/num2bits.circom"
+include "../../bitify/bits2num/bits2num.circom"
+include "binsub.circom"
template A() {
signal private input a;
diff --git a/test/binsum.test.js b/circuits/basic_templates/binary_arithmetic/binsum/binsum.test.js
similarity index 100%
rename from test/binsum.test.js
rename to circuits/basic_templates/binary_arithmetic/binsum/binsum.test.js
diff --git a/test/circuits/sum_test.circom b/circuits/basic_templates/binary_arithmetic/binsum/binsum_test.circom
similarity index 80%
rename from test/circuits/sum_test.circom
rename to circuits/basic_templates/binary_arithmetic/binsum/binsum_test.circom
index 013d567e..0764103e 100644
--- a/test/circuits/sum_test.circom
+++ b/circuits/basic_templates/binary_arithmetic/binsum/binsum_test.circom
@@ -1,5 +1,6 @@
-include "../../circuits/bitify.circom"
-include "../../circuits/binsum.circom"
+include "../../bitify/num2bits/num2bits.circom"
+include "../../bitify/bits2num/bits2num.circom"
+include "binsum.circom"
template A() {
signal private input a;
diff --git a/test/greatereqthan.test.js b/circuits/basic_templates/comparators/greatereqthan/greatereqthan.test.js
similarity index 100%
rename from test/greatereqthan.test.js
rename to circuits/basic_templates/comparators/greatereqthan/greatereqthan.test.js
diff --git a/circuits/basic_templates/comparators/greatereqthan/greatereqthan_test.circom b/circuits/basic_templates/comparators/greatereqthan/greatereqthan_test.circom
new file mode 100644
index 00000000..ff9ba9a6
--- /dev/null
+++ b/circuits/basic_templates/comparators/greatereqthan/greatereqthan_test.circom
@@ -0,0 +1,4 @@
+
+include "greatereqthan.circom";
+
+component main = GreaterEqThan(32);
diff --git a/test/greaterthan.test.js b/circuits/basic_templates/comparators/greaterthan/greaterthan.test.js
similarity index 95%
rename from test/greaterthan.test.js
rename to circuits/basic_templates/comparators/greaterthan/greaterthan.test.js
index be8ddea7..22165c6e 100644
--- a/test/greaterthan.test.js
+++ b/circuits/basic_templates/comparators/greaterthan/greaterthan.test.js
@@ -20,7 +20,7 @@ describe("Greater Than test", function () {
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
- witness = await circuit.calculateWitness({ "in":[1,1] }, true);
+ witness = await circuit.calculateWitness({ "in": [1,1] }, true);
assert(witness[0].equals(bigInt(1)));
assert(witness[1].equals(bigInt(0)));
diff --git a/circuits/basic_templates/comparators/greaterthan/greaterthan_test.circom b/circuits/basic_templates/comparators/greaterthan/greaterthan_test.circom
new file mode 100644
index 00000000..c0ab3b28
--- /dev/null
+++ b/circuits/basic_templates/comparators/greaterthan/greaterthan_test.circom
@@ -0,0 +1,4 @@
+
+include "greaterthan.circom";
+
+component main = GreaterThan(32);
diff --git a/test/isequal.test.js b/circuits/basic_templates/comparators/isequal/isequal.test.js
similarity index 100%
rename from test/isequal.test.js
rename to circuits/basic_templates/comparators/isequal/isequal.test.js
diff --git a/circuits/basic_templates/comparators/isequal/isequal_test.circom b/circuits/basic_templates/comparators/isequal/isequal_test.circom
new file mode 100644
index 00000000..dd2cc1ff
--- /dev/null
+++ b/circuits/basic_templates/comparators/isequal/isequal_test.circom
@@ -0,0 +1,3 @@
+include "isequal.circom";
+
+component main = IsEqual();
diff --git a/test/iszero.test.js b/circuits/basic_templates/comparators/iszero/iszero.test.js
similarity index 100%
rename from test/iszero.test.js
rename to circuits/basic_templates/comparators/iszero/iszero.test.js
diff --git a/circuits/basic_templates/comparators/iszero/iszero_test.circom b/circuits/basic_templates/comparators/iszero/iszero_test.circom
new file mode 100644
index 00000000..7e57cacf
--- /dev/null
+++ b/circuits/basic_templates/comparators/iszero/iszero_test.circom
@@ -0,0 +1,3 @@
+include "iszero.circom";
+
+component main = IsZero();
diff --git a/test/lesseqthan.test.js b/circuits/basic_templates/comparators/lesseqthan/lesseqthan.test.js
similarity index 100%
rename from test/lesseqthan.test.js
rename to circuits/basic_templates/comparators/lesseqthan/lesseqthan.test.js
diff --git a/circuits/basic_templates/comparators/lesseqthan/lesseqthan_test.circom b/circuits/basic_templates/comparators/lesseqthan/lesseqthan_test.circom
new file mode 100644
index 00000000..376e6f23
--- /dev/null
+++ b/circuits/basic_templates/comparators/lesseqthan/lesseqthan_test.circom
@@ -0,0 +1,3 @@
+include "lesseqthan.circom";
+
+component main = LessEqThan(32);
diff --git a/test/lessthan.test.js b/circuits/basic_templates/comparators/lessthan/lessthan.test.js
similarity index 100%
rename from test/lessthan.test.js
rename to circuits/basic_templates/comparators/lessthan/lessthan.test.js
diff --git a/circuits/basic_templates/comparators/lessthan/lessthan_test.circom b/circuits/basic_templates/comparators/lessthan/lessthan_test.circom
new file mode 100644
index 00000000..a624ca4b
--- /dev/null
+++ b/circuits/basic_templates/comparators/lessthan/lessthan_test.circom
@@ -0,0 +1,3 @@
+include "lessthan.circom";
+
+component main = LessThan(32);
diff --git a/test/and.test.js b/circuits/basic_templates/logic_gates/and/and.test.js
similarity index 100%
rename from test/and.test.js
rename to circuits/basic_templates/logic_gates/and/and.test.js
diff --git a/circuits/basic_templates/logic_gates/and/and_test.circom b/circuits/basic_templates/logic_gates/and/and_test.circom
new file mode 100644
index 00000000..e7e0a4f6
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/and/and_test.circom
@@ -0,0 +1,3 @@
+include "and.circom";
+
+component main = AND()
diff --git a/test/multiand.test.js b/circuits/basic_templates/logic_gates/multiand/multiand.test.js
similarity index 100%
rename from test/multiand.test.js
rename to circuits/basic_templates/logic_gates/multiand/multiand.test.js
diff --git a/circuits/basic_templates/logic_gates/multiand/multiand_test.circom b/circuits/basic_templates/logic_gates/multiand/multiand_test.circom
new file mode 100644
index 00000000..58c06301
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/multiand/multiand_test.circom
@@ -0,0 +1,3 @@
+include "multiand.circom";
+
+component main = MultiAND(5)
diff --git a/test/multior.test.js b/circuits/basic_templates/logic_gates/multior/multior.test.js
similarity index 100%
rename from test/multior.test.js
rename to circuits/basic_templates/logic_gates/multior/multior.test.js
diff --git a/circuits/basic_templates/logic_gates/multior/multior_test.circom b/circuits/basic_templates/logic_gates/multior/multior_test.circom
new file mode 100644
index 00000000..e4afd588
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/multior/multior_test.circom
@@ -0,0 +1,3 @@
+include "multior.circom";
+
+component main = MultiOR(5)
diff --git a/circuits/basic_templates/logic_gates/nand/nand.test.js b/circuits/basic_templates/logic_gates/nand/nand.test.js
new file mode 100644
index 00000000..124e8ad0
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/nand/nand.test.js
@@ -0,0 +1,39 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("NAND test", function () {
+
+ this.timeout(100000000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "nand_test.circom"));
+ });
+
+ it("NOT(1 AND 1) = 0", async () => {
+ const witness = await circuit.calculateWitness({ "a": "1", "b": "1" }, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+ it("NOT(1 AND 0) = 1", async () => {
+ const witness = await circuit.calculateWitness({ "a": "1", "b": "0" }, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+ it("NOT(0 AND 1) = 0", async () => {
+ const witness = await circuit.calculateWitness({ "a": "0", "b": "1" }, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+ it("NOT(0 AND 0) = 1", async () => {
+ const witness = await circuit.calculateWitness({ "a": "0", "b": "0" }, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+});
diff --git a/circuits/basic_templates/logic_gates/nand/nand_test.circom b/circuits/basic_templates/logic_gates/nand/nand_test.circom
new file mode 100644
index 00000000..c991f21c
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/nand/nand_test.circom
@@ -0,0 +1,3 @@
+include "nand.circom";
+
+component main = NAND()
diff --git a/circuits/basic_templates/logic_gates/nor/nor.test.js b/circuits/basic_templates/logic_gates/nor/nor.test.js
new file mode 100644
index 00000000..ef9296f8
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/nor/nor.test.js
@@ -0,0 +1,39 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("NOR test", function () {
+
+ this.timeout(100000000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "nor_test.circom"));
+ });
+
+ it("NOT(1 OR 1) = 0", async () => {
+ const witness = await circuit.calculateWitness({ "a": "1", "b": "1" }, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+ it("NOT(1 OR 0) = 0", async () => {
+ const witness = await circuit.calculateWitness({ "a": "1", "b": "0" }, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+ it("NOT(0 AND 1) = 0", async () => {
+ const witness = await circuit.calculateWitness({ "a": "0", "b": "1" }, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+ it("NOT(0 AND 0) = 1", async () => {
+ const witness = await circuit.calculateWitness({ "a": "0", "b": "0" }, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+});
diff --git a/circuits/basic_templates/logic_gates/nor/nor_test.circom b/circuits/basic_templates/logic_gates/nor/nor_test.circom
new file mode 100644
index 00000000..1a5692b5
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/nor/nor_test.circom
@@ -0,0 +1,3 @@
+include "nor.circom";
+
+component main = NOR()
diff --git a/test/not.test.js b/circuits/basic_templates/logic_gates/not/not.test.js
similarity index 100%
rename from test/not.test.js
rename to circuits/basic_templates/logic_gates/not/not.test.js
diff --git a/circuits/basic_templates/logic_gates/not/not_test.circom b/circuits/basic_templates/logic_gates/not/not_test.circom
new file mode 100644
index 00000000..a1e6a8c0
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/not/not_test.circom
@@ -0,0 +1,3 @@
+include "not.circom";
+
+component main = NOT()
diff --git a/test/or.test.js b/circuits/basic_templates/logic_gates/or/or.test.js
similarity index 100%
rename from test/or.test.js
rename to circuits/basic_templates/logic_gates/or/or.test.js
diff --git a/circuits/basic_templates/logic_gates/or/or_test.circom b/circuits/basic_templates/logic_gates/or/or_test.circom
new file mode 100644
index 00000000..91396b17
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/or/or_test.circom
@@ -0,0 +1,3 @@
+include "or.circom";
+
+component main = OR()
diff --git a/circuits/basic_templates/logic_gates/xor/xor.test.js b/circuits/basic_templates/logic_gates/xor/xor.test.js
new file mode 100644
index 00000000..bb389067
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/xor/xor.test.js
@@ -0,0 +1,39 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("XOR test", function () {
+
+ this.timeout(100000000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "xor_test.circom"));
+ });
+
+ it("1 XOR 1 = 0", async () => {
+ const witness = await circuit.calculateWitness({ "a": "1", "b": "1" }, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+ it("1 XOR 0 = 1", async () => {
+ const witness = await circuit.calculateWitness({ "a": "1", "b": "0" }, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+ it("0 XOR 1 = 1", async () => {
+ const witness = await circuit.calculateWitness({ "a": "0", "b": "1" }, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+ it("0 XOR 0 = 0", async () => {
+ const witness = await circuit.calculateWitness({ "a": "0", "b": "0" }, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+});
diff --git a/circuits/basic_templates/logic_gates/xor/xor_test.circom b/circuits/basic_templates/logic_gates/xor/xor_test.circom
new file mode 100644
index 00000000..96735f7a
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/xor/xor_test.circom
@@ -0,0 +1,3 @@
+include "xor.circom";
+
+component main = XOR()
diff --git a/circuits/basic_templates/multiplexer/README.md b/circuits/basic_templates/multiplexer/README.md
index 72237239..afcfe5d8 100644
--- a/circuits/basic_templates/multiplexer/README.md
+++ b/circuits/basic_templates/multiplexer/README.md
@@ -1,5 +1,7 @@
# `multiplexer`
+# `Multiplexer(wIn, nIn)`
+
## Description
This folder contains the templates to talkdfjlasjdf. Each folder contains a test and README file specifying the template details.
diff --git a/circuits/basic_templates/multiplexer/multiplexer/multiplexer.circom b/circuits/basic_templates/multiplexer/multiplexer.circom
similarity index 100%
rename from circuits/basic_templates/multiplexer/multiplexer/multiplexer.circom
rename to circuits/basic_templates/multiplexer/multiplexer.circom
diff --git a/circuits/basic_templates/multiplexer/multiplexer/README.md b/circuits/basic_templates/multiplexer/multiplexer/README.md
deleted file mode 100644
index ec365735..00000000
--- a/circuits/basic_templates/multiplexer/multiplexer/README.md
+++ /dev/null
@@ -1,19 +0,0 @@
-# `Multiplexer(wIn, nIn)`
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
-## Description
-
-## Schema
-
-## Dependencies
-
-## Inputs
-
-## Outputs
-
-## Benchmarks
-
-## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/mux/multimux3/multimux3.circom b/circuits/basic_templates/mux/multimux3/multimux3.circom
new file mode 100644
index 00000000..3d16b8f8
--- /dev/null
+++ b/circuits/basic_templates/mux/multimux3/multimux3.circom
@@ -0,0 +1,55 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template MultiMux3(n) {
+ signal input c[n][8]; // Constants
+ signal input s[3]; // Selector
+ signal output out[n];
+
+ signal a210[n];
+ signal a21[n];
+ signal a20[n];
+ signal a2[n];
+
+ signal a10[n];
+ signal a1[n];
+ signal a0[n];
+ signal a[n];
+
+ // 4 constrains for the intermediary variables
+ signal s10;
+ s10 <== s[1] * s[0];
+
+ for (var i=0; i<n; i++) {
+
+ a210[i] <== ( c[i][ 7]-c[i][ 6]-c[i][ 5]+c[i][ 4] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) * s10;
+ a21[i] <== ( c[i][ 6]-c[i][ 4]-c[i][ 2]+c[i][ 0] ) * s[1];
+ a20[i] <== ( c[i][ 5]-c[i][ 4]-c[i][ 1]+c[i][ 0] ) * s[0];
+ a2[i] <== ( c[i][ 4]-c[i][ 0] );
+
+ a10[i] <== ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s10;
+ a1[i] <== ( c[i][ 2]-c[i][ 0] ) * s[1];
+ a0[i] <== ( c[i][ 1]-c[i][ 0] ) * s[0];
+ a[i] <== ( c[i][ 0] )
+
+ out[i] <== ( a210[i] + a21[i] + a20[i] + a2[i] ) * s[2] +
+ ( a10[i] + a1[i] + a0[i] + a[i] );
+
+ }
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/README.md b/circuits/crypto_templates/elliptic_curves/README.md
index 1cf2f0d5..1139f09a 100644
--- a/circuits/crypto_templates/elliptic_curves/README.md
+++ b/circuits/crypto_templates/elliptic_curves/README.md
@@ -20,6 +20,4 @@ This folder contains the templates to do operations on different elliptic curves
- [`montgomeryadd`](baby_jubjub/montgomery/montgomeryadd)
- [`montgomerydouble`](baby_jubjub/montgomery/montgomerydouble)
- [`montgomery2edwards`](baby_jubjub/montgomery2edwards)
- - [`point2bits`](baby_jubjub/point2bits)
-
-## Background on Elliptic Curves
\ No newline at end of file
+ - [`point2bits`](baby_jubjub/point2bits)
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/README.md
index da09c1a3..aa16c296 100644
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/README.md
+++ b/circuits/crypto_templates/elliptic_curves/baby_jubjub/README.md
@@ -19,6 +19,4 @@ This folder contains the templates to do operations on [Baby Jubjub](https://git
- [`montgomeryadd`](montgomery/montgomeryadd)
- [`montgomerydouble`](montgomery/montgomerydouble)
- [`montgomery2edwards`](montgomery2edwards)
-- [`point2bits`](point2bits)
-
-## Background on Baby Jubjub
\ No newline at end of file
+- [`point2bits`](point2bits)
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub.circom
deleted file mode 100644
index 537b1a0d..00000000
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/babyjub.circom
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "bitify.circom";
-include "escalarmulfix.circom";
-
-template BabyAdd() {
- signal input x1;
- signal input y1;
- signal input x2;
- signal input y2;
- signal output xout;
- signal output yout;
-
- signal beta;
- signal gamma;
- signal delta;
- signal tau;
-
- var a = 168700;
- var d = 168696;
-
- beta <== x1*y2;
- gamma <== y1*x2;
- delta <== (-a*x1+y1)*(x2 + y2);
- tau <== beta * gamma;
-
- xout <-- (beta + gamma) / (1+ d*tau);
- (1+ d*tau) * xout === (beta + gamma);
-
- yout <-- (delta + a*beta - gamma) / (1-d*tau);
- (1-d*tau)*yout === (delta + a*beta - gamma);
-}
-
-template BabyDbl() {
- signal input x;
- signal input y;
- signal output xout;
- signal output yout;
-
- component adder = BabyAdd();
- adder.x1 <== x;
- adder.y1 <== y;
- adder.x2 <== x;
- adder.y2 <== y;
-
- adder.xout ==> xout;
- adder.yout ==> yout;
-}
-
-
-template BabyCheck() {
- signal input x;
- signal input y;
-
- signal x2;
- signal y2;
-
- var a = 168700;
- var d = 168696;
-
- x2 <== x*x;
- y2 <== y*y;
-
- a*x2 + y2 === 1 + d*x2*y2;
-}
-
-// Extracts the public key from private key
-template BabyPbk() {
- signal private input in;
- signal output Ax;
- signal output Ay;
-
- var BASE8[2] = [
- 5299619240641551281634865583518297030282874472190772894086521144482721001553,
- 16950150798460657717958625567821834550301663161624707787222815936182638968203
- ];
-
- component pvkBits = Num2Bits(253);
- pvkBits.in <== in;
-
- component mulFix = EscalarMulFix(253, BASE8);
-
- var i;
- for (i=0; i<253; i++) {
- mulFix.e[i] <== pvkBits.out[i];
- }
- Ax <== mulFix.out[0];
- Ay <== mulFix.out[1];
-}
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/README.md
index e69de29b..9e7f3ba9 100644
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/README.md
+++ b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/README.md
@@ -0,0 +1,22 @@
+# `baby_jubjub`
+
+This folder contains the templates to do operations on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby_jubjub) in twisted Edwards form.
+
+## Structure of the Folder
+
+- [`edwards`](edwards)
+ - [`babyadd`](edwards/babyadd)
+ - [`babycheck`](edwards/babycheck)
+ - [`babydbl`](edwards/babydbl)
+ - [`babypbk`](edwards/babypbk)
+ - [`scalar_mul`](edwards/scalar_mul)
+ - [`scalarmul`](edwards/scalar_mul/scalarmul)
+ - [`scalarmulany`](edwards/scalar_mul/scalarmulany)
+ - [`scalarmulfix`](edwards/scalar_mul/scalarmulfix)
+ - [`scalarmulwtable`](edwards/scalar_mul/scalarmulwtable)
+- [`edwards2montgomery`](edwards2montgomery)
+- [`montgomery`](montgomery)
+ - [`montgomeryadd`](montgomery/montgomeryadd)
+ - [`montgomerydouble`](montgomery/montgomerydouble)
+- [`montgomery2edwards`](montgomery2edwards)
+- [`point2bits`](point2bits)
\ No newline at end of file
diff --git a/test/babycheck.test.js b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.test.js
similarity index 100%
rename from test/babycheck.test.js
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.test.js
diff --git a/test/babycheck_test.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
similarity index 100%
rename from test/babycheck_test.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/babyadd.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/babyadd.circom
diff --git a/test/babyadd.test.js b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/babyadd.test.js
similarity index 100%
rename from test/babyadd.test.js
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/babyadd.test.js
diff --git a/test/babyadd_test.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/babyadd_test.circom
similarity index 100%
rename from test/babyadd_test.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/babyadd_test.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmul.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
similarity index 92%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmul.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
index 9cd13f7c..8ac5c69f 100644
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmul.circom
+++ b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
@@ -65,41 +65,6 @@ include "mux4.circom";
include "escalarmulw4table.circom";
include "babyjub.circom";
-template EscalarMulWindow(base, k) {
-
- signal input in[2];
- signal input sel[4];
- signal output out[2];
-
- var table[16][2];
- component mux;
- component adder;
-
- var i;
-
- table = EscalarMulW4Table(base, k);
- mux = MultiMux4(2);
- adder = BabyAdd();
-
- for (i=0; i<4; i++) {
- sel[i] ==> mux.s[i];
- }
-
- for (i=0; i<16; i++) {
- mux.c[0][i] <== table[i][0];
- mux.c[1][i] <== table[i][1];
- }
-
- in[0] ==> adder.x1;
- in[1] ==> adder.y1;
-
- mux.out[0] ==> adder.x2;
- mux.out[1] ==> adder.y2;
-
- adder.xout ==> out[0];
- adder.yout ==> out[1];
-}
-
/*
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom
new file mode 100644
index 00000000..1f79ce70
--- /dev/null
+++ b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom
@@ -0,0 +1,102 @@
+ /*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/*
+
+ ┏━━━━━━━━━━━┓
+ ┃ ┃
+ ┃ ┃
+ (inx, iny) ══════════════════════════════════════════▶┃ EC Point ┃
+ ┃ ╠═▶ (outx, outy)
+ ╔══▶┃ Adder ┃
+ ║ ┃ ┃
+ ║ ┃ ┃
+ ║ ┃ ┃
+ ┏━━━━━━━━━━━┓ ┏━━━━━━━━━━━━┓ ║ ┗━━━━━━━━━━━┛
+ ┃ ┃ ┃ ┃ ║
+ ┃ ┃ ┃ ┃ ║
+ ┃ ╠═══(p0x,p0y)═══▶┃ ┃ ║
+ ┃ ╠═══(p1x,p1y)═══▶┃ ┃ ║
+ ┃ ╠═══(p2x,p2y)═══▶┃ ┃ ║
+ ┃ ╠═══(p3x,p3y)═══▶┃ ┃ ║
+ ┃ ╠═══(p4x,p4y)═══▶┃ ┃ ║
+ ┃ ╠═══(p5x,p5y)═══▶┃ ┃ ║
+ ┃ ╠═══(p6x,p6y)═══▶┃ ┃ ║
+ ┃ Constant ╠═══(p7x,p7y)═══▶┃ ┃ ║
+ ┃ Points ┃ ┃ Mux4 ╠══╝
+ ┃ ╠═══(p8x,p8y)═══▶┃ ┃
+ ┃ ╠═══(p9x,p9y)═══▶┃ ┃
+ ┃ ╠══(p10x,p10y)══▶┃ ┃
+ ┃ ╠══(p11x,p11y)══▶┃ ┃
+ ┃ ╠══(p12x,p12y)══▶┃ ┃
+ ┃ ╠══(p13x,p13y)══▶┃ ┃
+ ┃ ╠══(p14x,p14y)══▶┃ ┃
+ ┃ ╠══(p15x,p15y)══▶┃ ┃
+ ┃ ┃ ┃ ┃
+ ┃ ┃ ┃ ┃
+ ┗━━━━━━━━━━━┛ ┗━━━━━━━━━━━━┛
+ ▲ ▲ ▲ ▲
+ │ │ │ │
+ s0 ─────────────────────────────────┘ │ │ │
+ s1 ────────────────────────────────────┘ │ │
+ s2 ───────────────────────────────────────┘ │
+ s3 ──────────────────────────────────────────┘
+
+
+ */
+
+include "../../../../../../../basic_templates/mux/multimux4/multimux4.circom";
+include "../../../babyadd/babyadd.circom";
+
+include "escalarmulw4table.circom";
+
+template EscalarMulWindow(base, k) {
+
+ signal input in[2];
+ signal input sel[4];
+ signal output out[2];
+
+ var table[16][2];
+ component mux;
+ component adder;
+
+ var i;
+
+ table = EscalarMulW4Table(base, k);
+ mux = MultiMux4(2);
+ adder = BabyAdd();
+
+ for (i=0; i<4; i++) {
+ sel[i] ==> mux.s[i];
+ }
+
+ for (i=0; i<16; i++) {
+ mux.c[0][i] <== table[i][0];
+ mux.c[1][i] <== table[i][1];
+ }
+
+ in[0] ==> adder.x1;
+ in[1] ==> adder.y1;
+
+ mux.out[0] ==> adder.x2;
+ mux.out[1] ==> adder.y2;
+
+ adder.xout ==> out[0];
+ adder.yout ==> out[1];
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom
new file mode 100644
index 00000000..9bfb768f
--- /dev/null
+++ b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom
@@ -0,0 +1,57 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "montgomery.circom";
+include "babyjub.circom";
+include "comparators.circom";
+
+MontgomeryDouble();
+MontgomeryAdd();
+Multiplexor2();
+
+template BitElementMulAny() {
+ signal input sel;
+ signal input dblIn[2];
+ signal input addIn[2];
+ signal output dblOut[2];
+ signal output addOut[2];
+
+ component doubler = MontgomeryDouble();
+ component adder = MontgomeryAdd();
+ component selector = Multiplexor2();
+
+
+ sel ==> selector.sel;
+
+ dblIn[0] ==> doubler.in[0];
+ dblIn[1] ==> doubler.in[1];
+ doubler.out[0] ==> adder.in1[0];
+ doubler.out[1] ==> adder.in1[1];
+ addIn[0] ==> adder.in2[0];
+ addIn[1] ==> adder.in2[1];
+ addIn[0] ==> selector.in[0][0];
+ addIn[1] ==> selector.in[0][1];
+ adder.out[0] ==> selector.in[1][0];
+ adder.out[1] ==> selector.in[1][1];
+
+ doubler.out[0] ==> dblOut[0];
+ doubler.out[1] ==> dblOut[1];
+ selector.out[0] ==> addOut[0];
+ selector.out[1] ==> addOut[1];
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom
new file mode 100644
index 00000000..2fba7b0b
--- /dev/null
+++ b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom
@@ -0,0 +1,27 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template Multiplexor2() {
+ signal input sel;
+ signal input in[2][2];
+ signal output out[2];
+
+ out[0] <== (in[1][0] - in[0][0])*sel + in[0][0];
+ out[1] <== (in[1][1] - in[0][1])*sel + in[0][1];
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmulany.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmulany.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom
new file mode 100644
index 00000000..1c55bbf3
--- /dev/null
+++ b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom
@@ -0,0 +1,91 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "montgomery.circom";
+include "babyjub.circom";
+include "comparators.circom";
+Edwards2Montgomery
+BitElementMulAny
+Montgomery2Edwards
+BabyAdd
+Multiplexor2
+
+// p is montgomery point
+// n must be <= 248
+// returns out in twisted edwards
+// Double is in montgomery to be linked;
+
+template SegmentMulAny(n) {
+ signal input e[n];
+ signal input p[2];
+ signal output out[2];
+ signal output dbl[2];
+
+ component bits[n-1];
+
+ component e2m = Edwards2Montgomery();
+
+ p[0] ==> e2m.in[0];
+ p[1] ==> e2m.in[1];
+
+ var i;
+
+ bits[0] = BitElementMulAny();
+ e2m.out[0] ==> bits[0].dblIn[0]
+ e2m.out[1] ==> bits[0].dblIn[1]
+ e2m.out[0] ==> bits[0].addIn[0]
+ e2m.out[1] ==> bits[0].addIn[1]
+ e[1] ==> bits[0].sel;
+
+ for (i=1; i<n-1; i++) {
+ bits[i] = BitElementMulAny();
+
+ bits[i-1].dblOut[0] ==> bits[i].dblIn[0]
+ bits[i-1].dblOut[1] ==> bits[i].dblIn[1]
+ bits[i-1].addOut[0] ==> bits[i].addIn[0]
+ bits[i-1].addOut[1] ==> bits[i].addIn[1]
+ e[i+1] ==> bits[i].sel;
+ }
+
+ bits[n-2].dblOut[0] ==> dbl[0];
+ bits[n-2].dblOut[1] ==> dbl[1];
+
+ component m2e = Montgomery2Edwards();
+
+ bits[n-2].addOut[0] ==> m2e.in[0];
+ bits[n-2].addOut[1] ==> m2e.in[1];
+
+ component eadder = BabyAdd();
+
+ m2e.out[0] ==> eadder.x1;
+ m2e.out[1] ==> eadder.y1;
+ -p[0] ==> eadder.x2;
+ p[1] ==> eadder.y2;
+
+ component lastSel = Multiplexor2();
+
+ e[0] ==> lastSel.sel;
+ eadder.xout ==> lastSel.in[0][0];
+ eadder.yout ==> lastSel.in[0][1];
+ m2e.out[0] ==> lastSel.in[1][0];
+ m2e.out[1] ==> lastSel.in[1][1];
+
+ lastSel.out[0] ==> out[0];
+ lastSel.out[1] ==> out[1];
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmulfix.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/escalarmulfix.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmulfix.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/escalarmulfix.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmulw4table.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/escalarmulw4table.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/escalarmulw4table.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/escalarmulw4table.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards2montgomery/edwards2montgomery.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards2montgomery/edwards2montgomery.circom
new file mode 100644
index 00000000..6dac4150
--- /dev/null
+++ b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards2montgomery/edwards2montgomery.circom
@@ -0,0 +1,39 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/*
+ Source: https://en.wikipedia.org/wiki/Montgomery_curve
+
+ 1 + y 1 + y
+ [u, v] = [ ------- , ---------- ]
+ 1 - y (1 - y)x
+
+ */
+
+template Edwards2Montgomery() {
+ signal input in[2];
+ signal output out[2];
+
+ out[0] <-- (1 + in[1]) / (1 - in[1]);
+ out[1] <-- out[0] / in[0];
+
+
+ out[0] * (1-in[1]) === (1 + in[1]);
+ out[1] * in[0] === out[0];
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md
index c5b13bcf..e395c950 100644
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md
+++ b/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md
@@ -1,19 +1,60 @@
-# Name of Template
+# `MontgomeryAdd()`
PATH HERE: ~/CircomLib/Circuits/...
## Background
+The arithmetic performed here is based on wikipedia webpage on [Montgomery elliptic curves](https://en.wikipedia.org/wiki/Montgomery_curve).
+
+<!-- 1 + y 1 + y
+ [u, v] = [ ------- , ---------- ]
+ 1 - y (1 - y)x
+
+ -->
+
## Description
+This templates adds two points on the [Baby Jubjub curve](https://github.com/barryWhiteHat/baby_jubjub) in Montgomery form. More specifically, given two **different** points P1 = (`x1`, `y1`) and P2 = (`x2`, `y2`) it returns a point P3 = (`xout`, `yout`) such that (TODO: Change formula!)
+
+(`xout`, `yout`) = (`x1`,`y1`) + (`x2`,`y2`)
+ = ((`x1y2`+`y1x2`)/(1+`dx1x2y1y2`)),(`y1y2`-`ax1x2`)/(1-`dx1x2y1y2`))
+
## Schema
+```
+ var a var d
+ | |
+ | |
+ ______v_________v__
+ input x1 ----> | |
+ input y1 ----> | MontgomeryAdd() | ----> output xout
+ input x2 ----> | | ----> output yout
+ input y2 ----> |___________________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Representation | Description | |
+| ------------- | ------------- | ------------- | ------------- |
+| `x1` | Bigint | Field element of Fp | First coordinate of a point (x1, y1) on E. |
+| `y1` | Bigint | Field element of Fp | Second coordinate of a point (x1, y1) on E. |
+| `x2` | Bigint | Field element of Fp | First coordinate of a point (x2, y2) on E. |
+| `y2` | Bigint | Field element of Fp | Second coordinate of a point (x2, y2) on E. |
+
+Requirement: at least `x1`!=`x2` or `y1`!=`y2`.
+
## Outputs
+| Output | Representation | Description | |
+| ------------- | ------------- | ------------- | ------------- |
+| `xout` | Bigint | Field element of Fp | First coordinate of the addition point (xout, yout) = (x1, y1) + (x2, y2). |
+| `yout` | Bigint | Field element of Fp | Second coordinate of the addition point (xout, yout) = (x1, y1) + (x2, y2). |
+
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom
similarity index 56%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom
index 90813079..fdf9a6f9 100644
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery.circom
+++ b/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom
@@ -17,46 +17,6 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-/*
- Source: https://en.wikipedia.org/wiki/Montgomery_curve
-
- 1 + y 1 + y
- [u, v] = [ ------- , ---------- ]
- 1 - y (1 - y)x
-
- */
-
-template Edwards2Montgomery() {
- signal input in[2];
- signal output out[2];
-
- out[0] <-- (1 + in[1]) / (1 - in[1]);
- out[1] <-- out[0] / in[0];
-
-
- out[0] * (1-in[1]) === (1 + in[1]);
- out[1] * in[0] === out[0];
-}
-
-/*
-
- u u - 1
- [x, y] = [ ---, ------- ]
- v u + 1
-
- */
-template Montgomery2Edwards() {
- signal input in[2];
- signal output out[2];
-
- out[0] <-- in[0] / in[1];
- out[1] <-- (in[0] - 1) / (in[0] + 1);
-
- out[0] * in[1] === in[0];
- out[1] * (in[0] + 1) === in[0] - 1;
-}
-
-
/*
x2 - x1
lamda = ---------
@@ -103,39 +63,4 @@ template MontgomeryAdd() {
out[0] <== B*lamda*lamda - A - in1[0] -in2[0];
out[1] <== lamda * (in1[0] - out[0]) - in1[1];
-}
-
-/*
-
- x1_2 = x1*x1
-
- 3*x1_2 + 2*A*x1 + 1
- lamda = ---------------------
- 2*B*y1
-
- x3 = B * lamda^2 - A - x1 -x1
-
- y3 = lamda * ( x1 - x3 ) - y1
-
- */
-template MontgomeryDouble() {
- signal input in[2];
- signal output out[2];
-
- var a = 168700;
- var d = 168696;
-
- var A = (2 * (a + d)) / (a - d);
- var B = 4 / (a - d);
-
- signal lamda;
- signal x1_2;
-
- x1_2 <== in[0] * in[0];
-
- lamda <-- (3*x1_2 + 2*A*in[0] + 1 ) / (2*B*in[1]);
- lamda * (2*B*in[1]) === (3*x1_2 + 2*A*in[0] + 1 );
-
- out[0] <== B*lamda*lamda - A - 2*in[0];
- out[1] <== lamda * (in[0] - out[0]) - in[1];
-}
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom
new file mode 100644
index 00000000..7a8f6fb4
--- /dev/null
+++ b/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom
@@ -0,0 +1,53 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/*
+
+ x1_2 = x1*x1
+
+ 3*x1_2 + 2*A*x1 + 1
+ lamda = ---------------------
+ 2*B*y1
+
+ x3 = B * lamda^2 - A - x1 -x1
+
+ y3 = lamda * ( x1 - x3 ) - y1
+
+ */
+template MontgomeryDouble() {
+ signal input in[2];
+ signal output out[2];
+
+ var a = 168700;
+ var d = 168696;
+
+ var A = (2 * (a + d)) / (a - d);
+ var B = 4 / (a - d);
+
+ signal lamda;
+ signal x1_2;
+
+ x1_2 <== in[0] * in[0];
+
+ lamda <-- (3*x1_2 + 2*A*in[0] + 1 ) / (2*B*in[1]);
+ lamda * (2*B*in[1]) === (3*x1_2 + 2*A*in[0] + 1 );
+
+ out[0] <== B*lamda*lamda - A - 2*in[0];
+ out[1] <== lamda * (in[0] - out[0]) - in[1];
+}
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery2edwards/montgomery2edwards.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery2edwards/montgomery2edwards.circom
new file mode 100644
index 00000000..d356f74e
--- /dev/null
+++ b/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery2edwards/montgomery2edwards.circom
@@ -0,0 +1,36 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+/*
+
+ u u - 1
+ [x, y] = [ ---, ------- ]
+ v u + 1
+
+ */
+template Montgomery2Edwards() {
+ signal input in[2];
+ signal output out[2];
+
+ out[0] <-- in[0] / in[1];
+ out[1] <-- (in[0] - 1) / (in[0] + 1);
+
+ out[0] * in[1] === in[0];
+ out[1] * (in[0] + 1) === in[0] - 1;
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/hash_functions/pedersen/pedersen/pedersen.circom b/circuits/crypto_templates/hash_functions/pedersen/pedersen.circom
similarity index 50%
rename from circuits/crypto_templates/hash_functions/pedersen/pedersen/pedersen.circom
rename to circuits/crypto_templates/hash_functions/pedersen/pedersen.circom
index 245d5d8b..10526ba2 100644
--- a/circuits/crypto_templates/hash_functions/pedersen/pedersen/pedersen.circom
+++ b/circuits/crypto_templates/hash_functions/pedersen/pedersen.circom
@@ -17,160 +17,9 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "montgomery.circom";
-include "mux3.circom";
-include "babyjub.circom";
-
-template Window4() {
- signal input in[4];
- signal input base[2];
- signal output out[2];
- signal output out8[2]; // Returns 8*Base (To be linked)
-
- component mux = MultiMux3(2);
-
- mux.s[0] <== in[0];
- mux.s[1] <== in[1];
- mux.s[2] <== in[2];
-
- component dbl2 = MontgomeryDouble();
- component adr3 = MontgomeryAdd();
- component adr4 = MontgomeryAdd();
- component adr5 = MontgomeryAdd();
- component adr6 = MontgomeryAdd();
- component adr7 = MontgomeryAdd();
- component adr8 = MontgomeryAdd();
-
-// in[0] -> 1*BASE
-
- mux.c[0][0] <== base[0];
- mux.c[1][0] <== base[1];
-
-// in[1] -> 2*BASE
- dbl2.in[0] <== base[0];
- dbl2.in[1] <== base[1];
- mux.c[0][1] <== dbl2.out[0];
- mux.c[1][1] <== dbl2.out[1];
-
-// in[2] -> 3*BASE
- adr3.in1[0] <== base[0];
- adr3.in1[1] <== base[1];
- adr3.in2[0] <== dbl2.out[0];
- adr3.in2[1] <== dbl2.out[1];
- mux.c[0][2] <== adr3.out[0];
- mux.c[1][2] <== adr3.out[1];
-
-// in[3] -> 4*BASE
- adr4.in1[0] <== base[0];
- adr4.in1[1] <== base[1];
- adr4.in2[0] <== adr3.out[0];
- adr4.in2[1] <== adr3.out[1];
- mux.c[0][3] <== adr4.out[0];
- mux.c[1][3] <== adr4.out[1];
-
-// in[4] -> 5*BASE
- adr5.in1[0] <== base[0];
- adr5.in1[1] <== base[1];
- adr5.in2[0] <== adr4.out[0];
- adr5.in2[1] <== adr4.out[1];
- mux.c[0][4] <== adr5.out[0];
- mux.c[1][4] <== adr5.out[1];
-
-// in[5] -> 6*BASE
- adr6.in1[0] <== base[0];
- adr6.in1[1] <== base[1];
- adr6.in2[0] <== adr5.out[0];
- adr6.in2[1] <== adr5.out[1];
- mux.c[0][5] <== adr6.out[0];
- mux.c[1][5] <== adr6.out[1];
-
-// in[6] -> 7*BASE
- adr7.in1[0] <== base[0];
- adr7.in1[1] <== base[1];
- adr7.in2[0] <== adr6.out[0];
- adr7.in2[1] <== adr6.out[1];
- mux.c[0][6] <== adr7.out[0];
- mux.c[1][6] <== adr7.out[1];
-
-// in[7] -> 8*BASE
- adr8.in1[0] <== base[0];
- adr8.in1[1] <== base[1];
- adr8.in2[0] <== adr7.out[0];
- adr8.in2[1] <== adr7.out[1];
- mux.c[0][7] <== adr8.out[0];
- mux.c[1][7] <== adr8.out[1];
-
- out8[0] <== adr8.out[0];
- out8[1] <== adr8.out[1];
-
- out[0] <== mux.out[0];
- out[1] <== - mux.out[1]*2*in[3] + mux.out[1]; // Negate y if in[3] is one
-}
-
-
-template Segment(nWindows) {
- signal input in[nWindows*4];
- signal input base[2];
- signal output out[2];
-
- var i;
- var j;
-
- // Convert the base to montgomery
-
- component e2m = Edwards2Montgomery();
- e2m.in[0] <== base[0];
- e2m.in[1] <== base[1];
-
- component windows[nWindows];
- component doublers1[nWindows-1];
- component doublers2[nWindows-1];
- component adders[nWindows-1];
- for (i=0; i<nWindows; i++) {
- windows[i] = Window4();
- for (j=0; j<4; j++) {
- windows[i].in[j] <== in[4*i+j];
- }
- if (i==0) {
- windows[i].base[0] <== e2m.out[0];
- windows[i].base[1] <== e2m.out[1];
- } else {
- doublers1[i-1] = MontgomeryDouble();
- doublers2[i-1] = MontgomeryDouble();
- doublers1[i-1].in[0] <== windows[i-1].out8[0];
- doublers1[i-1].in[1] <== windows[i-1].out8[1];
- doublers2[i-1].in[0] <== doublers1[i-1].out[0];
- doublers2[i-1].in[1] <== doublers1[i-1].out[1];
-
- windows[i].base[0] <== doublers2[i-1].out[0];
- windows[i].base[1] <== doublers2[i-1].out[1];
-
- adders[i-1] = MontgomeryAdd();
- if (i==1) {
- adders[i-1].in1[0] <== windows[0].out[0];
- adders[i-1].in1[1] <== windows[0].out[1];
- } else {
- adders[i-1].in1[0] <== adders[i-2].out[0];
- adders[i-1].in1[1] <== adders[i-2].out[1];
- }
- adders[i-1].in2[0] <== windows[i].out[0];
- adders[i-1].in2[1] <== windows[i].out[1];
- }
- }
-
- component m2e = Montgomery2Edwards();
-
- if (nWindows > 1) {
- m2e.in[0] <== adders[nWindows-2].out[0];
- m2e.in[1] <== adders[nWindows-2].out[1];
- } else {
- m2e.in[0] <== windows[0].out[0];
- m2e.in[1] <== windows[0].out[1];
- }
-
- out[0] <== m2e.out[0];
- out[1] <== m2e.out[1];
-}
+include "../../../elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom"
+include "segment/segment.circom";
+include "window4/window4.circom";
template Pedersen(n) {
signal input in[n];
diff --git a/circuits/crypto_templates/hash_functions/pedersen/pedersen.test.js b/circuits/crypto_templates/hash_functions/pedersen/pedersen.test.js
index 5de92769..b32575a3 100644
--- a/circuits/crypto_templates/hash_functions/pedersen/pedersen.test.js
+++ b/circuits/crypto_templates/hash_functions/pedersen/pedersen.test.js
@@ -1,77 +1,49 @@
-const chai = require("chai");
const path = require("path");
const bigInt = require("big-integer");
const tester = require("circom").tester;
-const babyJub = require("../src/babyjub.js");
+const babyJub = require("../../../../src/babyjub.js");
+const pedersen = require("../../../../src/pedersenHash.js");
-const PBASE =
- [
- [bigInt("10457101036533406547632367118273992217979173478358440826365724437999023779287"),bigInt("19824078218392094440610104313265183977899662750282163392862422243483260492317")],
- [bigInt("2671756056509184035029146175565761955751135805354291559563293617232983272177"),bigInt("2663205510731142763556352975002641716101654201788071096152948830924149045094")],
- [bigInt("5802099305472655231388284418920769829666717045250560929368476121199858275951"),bigInt("5980429700218124965372158798884772646841287887664001482443826541541529227896")],
- [bigInt("7107336197374528537877327281242680114152313102022415488494307685842428166594"),bigInt("2857869773864086953506483169737724679646433914307247183624878062391496185654")],
- [bigInt("20265828622013100949498132415626198973119240347465898028410217039057588424236"),bigInt("1160461593266035632937973507065134938065359936056410650153315956301179689506")]
- ];
-describe("Double Pedersen test", function() {
+describe("Pedersen test", function() {
let circuit;
this.timeout(100000);
before( async() => {
- circuit = await tester(path.join(__dirname, "circuits", "pedersen_test.circom"));
-
+ circuit = await tester(path.join(__dirname, "pedersen_test.circom"));
});
it("Should pedersen at zero", async () => {
let w;
- w = await circuit.calculateWitness({ in: ["0", "0"]}, true);
-
- await circuit.assertOut(w, {out: [0,1]});
+ w = await circuit.calculateWitness({ in: 0}, true);
- });
- it("Should pedersen at one first generator", async () => {
- let w;
+ const b = Buffer.alloc(32);
- w = await circuit.calculateWitness({ in: ["1", "0"]}, true);
+ const h = pedersen.hash(b);
+ const hP = babyJub.unpackPoint(h);
- await circuit.assertOut(w, {out: PBASE[0]});
+ await circuit.assertOut(w, {out: hP});
});
- it("Should pedersen at one second generator", async () => {
- let w;
-
- w = await circuit.calculateWitness({ in: ["0", "1"]}, true);
+ it("Should pedersen with 253 ones", async () => {
- await circuit.assertOut(w, {out: PBASE[1]});
-
- });
- it("Should pedersen at mixed generators", async () => {
let w;
- w = await circuit.calculateWitness({ in: ["3", "7"]}, true);
-
- const r = babyJub.addPoint(
- babyJub.mulPointEscalar(PBASE[0], 3),
- babyJub.mulPointEscalar(PBASE[1], 7)
- );
- await circuit.assertOut(w, {out: r});
+ const n = bigInt.one.shiftLeft(253).minus(bigInt.one);
- });
- it("Should pedersen all ones", async () => {
- let w;
+ w = await circuit.calculateWitness({ in: n}, true);
- const allOnes = bigInt("1").shiftLeft(250).minus(bigInt("1"));
- w = await circuit.calculateWitness({ in: [allOnes, allOnes]}, true);
+ const b = Buffer.alloc(32);
+ for (let i=0; i<31; i++) b[i] = 0xFF;
+ b[31] = 0x1F;
+ const h = pedersen.hash(b);
+ const hP = babyJub.unpackPoint(h);
- const r2 = babyJub.addPoint(
- babyJub.mulPointEscalar(PBASE[0], allOnes),
- babyJub.mulPointEscalar(PBASE[1], allOnes)
- );
+ await circuit.assertOut(w, {out: hP});
- await circuit.assertOut(w, {out: r2});
});
});
diff --git a/circuits/crypto_templates/hash_functions/pedersen/pedersen2.test.js b/circuits/crypto_templates/hash_functions/pedersen/pedersen2.test.js
deleted file mode 100644
index 9a9712d8..00000000
--- a/circuits/crypto_templates/hash_functions/pedersen/pedersen2.test.js
+++ /dev/null
@@ -1,49 +0,0 @@
-const path = require("path");
-
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-const babyJub = require("../src/babyjub.js");
-const pedersen = require("../src/pedersenHash.js");
-
-
-describe("Pedersen test", function() {
- let circuit;
- this.timeout(100000);
- before( async() => {
-
- circuit = await tester(path.join(__dirname, "circuits", "pedersen2_test.circom"));
- });
- it("Should pedersen at zero", async () => {
-
- let w;
-
- w = await circuit.calculateWitness({ in: 0}, true);
-
- const b = Buffer.alloc(32);
-
- const h = pedersen.hash(b);
- const hP = babyJub.unpackPoint(h);
-
- await circuit.assertOut(w, {out: hP});
-
- });
- it("Should pedersen with 253 ones", async () => {
-
- let w;
-
- const n = bigInt.one.shiftLeft(253).minus(bigInt.one);
-
- w = await circuit.calculateWitness({ in: n}, true);
-
- const b = Buffer.alloc(32);
- for (let i=0; i<31; i++) b[i] = 0xFF;
- b[31] = 0x1F;
-
- const h = pedersen.hash(b);
- const hP = babyJub.unpackPoint(h);
-
- await circuit.assertOut(w, {out: hP});
-
- });
-});
diff --git a/circuits/crypto_templates/hash_functions/pedersen/pedersen2_test.circom b/circuits/crypto_templates/hash_functions/pedersen/pedersen2_test.circom
deleted file mode 100644
index e13e3530..00000000
--- a/circuits/crypto_templates/hash_functions/pedersen/pedersen2_test.circom
+++ /dev/null
@@ -1,32 +0,0 @@
-include "../../circuits/pedersen.circom";
-include "../../circuits/bitify.circom";
-
-
-template Main() {
- signal input in;
- signal output out[2];
-
- component pedersen = Pedersen(256);
-
- component n2b;
- n2b = Num2Bits(253);
-
- var i;
-
- in ==> n2b.in;
-
- for (i=0; i<253; i++) {
- pedersen.in[i] <== n2b.out[i];
- }
-
- for (i=253; i<256; i++) {
- pedersen.in[i] <== 0;
- }
-
- pedersen.out[0] ==> out[0];
- pedersen.out[1] ==> out[1];
-}
-
-component main = Main();
-
-
diff --git a/circuits/crypto_templates/hash_functions/pedersen/pedersen_test.circom b/circuits/crypto_templates/hash_functions/pedersen/pedersen_test.circom
index accd484d..e3cc6e01 100644
--- a/circuits/crypto_templates/hash_functions/pedersen/pedersen_test.circom
+++ b/circuits/crypto_templates/hash_functions/pedersen/pedersen_test.circom
@@ -1,25 +1,25 @@
-include "../../circuits/pedersen_old.circom";
-include "../../circuits/bitify.circom";
-
+include "../pedersen/pedersen.circom";
+include "../basic_templates/bitify/num2bits/num2bits.circom";
template Main() {
- signal input in[2];
+ signal input in;
signal output out[2];
- component pedersen = Pedersen(250*2);
+ component pedersen = Pedersen(256);
- component n2b[2];
- n2b[0] = Num2Bits(250);
- n2b[1] = Num2Bits(250);
+ component n2b;
+ n2b = Num2Bits(253);
var i;
- in[0] ==> n2b[0].in;
- in[1] ==> n2b[1].in;
+ in ==> n2b.in;
+
+ for (i=0; i<253; i++) {
+ pedersen.in[i] <== n2b.out[i];
+ }
- for (i=0; i<250; i++) {
- n2b[0].out[i] ==> pedersen.in[i];
- n2b[1].out[i] ==> pedersen.in[250+i];
+ for (i=253; i<256; i++) {
+ pedersen.in[i] <== 0;
}
pedersen.out[0] ==> out[0];
@@ -27,3 +27,5 @@ template Main() {
}
component main = Main();
+
+
diff --git a/circuits/crypto_templates/hash_functions/pedersen/segment/segment.circom b/circuits/crypto_templates/hash_functions/pedersen/segment/segment.circom
new file mode 100644
index 00000000..ff7ae508
--- /dev/null
+++ b/circuits/crypto_templates/hash_functions/pedersen/segment/segment.circom
@@ -0,0 +1,87 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../../elliptic_curves/baby_jubjub/montgomery2edwards/montgomery2edwards.circom"
+include "../../../elliptic_curves/baby_jubjub/edwards2montgomery/edwards2montgomery.circom"
+include "../../../elliptic_curves/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom"
+include "../window4/window4.circom";
+
+template Segment(nWindows) {
+ signal input in[nWindows*4];
+ signal input base[2];
+ signal output out[2];
+
+ var i;
+ var j;
+
+ // Convert the base to montgomery
+
+ component e2m = Edwards2Montgomery();
+ e2m.in[0] <== base[0];
+ e2m.in[1] <== base[1];
+
+ component windows[nWindows];
+ component doublers1[nWindows-1];
+ component doublers2[nWindows-1];
+ component adders[nWindows-1];
+ for (i=0; i<nWindows; i++) {
+ windows[i] = Window4();
+ for (j=0; j<4; j++) {
+ windows[i].in[j] <== in[4*i+j];
+ }
+ if (i==0) {
+ windows[i].base[0] <== e2m.out[0];
+ windows[i].base[1] <== e2m.out[1];
+ } else {
+ doublers1[i-1] = MontgomeryDouble();
+ doublers2[i-1] = MontgomeryDouble();
+ doublers1[i-1].in[0] <== windows[i-1].out8[0];
+ doublers1[i-1].in[1] <== windows[i-1].out8[1];
+ doublers2[i-1].in[0] <== doublers1[i-1].out[0];
+ doublers2[i-1].in[1] <== doublers1[i-1].out[1];
+
+ windows[i].base[0] <== doublers2[i-1].out[0];
+ windows[i].base[1] <== doublers2[i-1].out[1];
+
+ adders[i-1] = MontgomeryAdd();
+ if (i==1) {
+ adders[i-1].in1[0] <== windows[0].out[0];
+ adders[i-1].in1[1] <== windows[0].out[1];
+ } else {
+ adders[i-1].in1[0] <== adders[i-2].out[0];
+ adders[i-1].in1[1] <== adders[i-2].out[1];
+ }
+ adders[i-1].in2[0] <== windows[i].out[0];
+ adders[i-1].in2[1] <== windows[i].out[1];
+ }
+ }
+
+ component m2e = Montgomery2Edwards();
+
+ if (nWindows > 1) {
+ m2e.in[0] <== adders[nWindows-2].out[0];
+ m2e.in[1] <== adders[nWindows-2].out[1];
+ } else {
+ m2e.in[0] <== windows[0].out[0];
+ m2e.in[1] <== windows[0].out[1];
+ }
+
+ out[0] <== m2e.out[0];
+ out[1] <== m2e.out[1];
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/hash_functions/pedersen/window4/window4.circom b/circuits/crypto_templates/hash_functions/pedersen/window4/window4.circom
new file mode 100644
index 00000000..880b7a6a
--- /dev/null
+++ b/circuits/crypto_templates/hash_functions/pedersen/window4/window4.circom
@@ -0,0 +1,109 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../../elliptic_curves/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom"
+include "../../../elliptic_curves/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom"
+include "../../../../basic_templates/mux/multimux3/multimux3.circom";
+
+
+template Window4() {
+ signal input in[4];
+ signal input base[2];
+ signal output out[2];
+ signal output out8[2]; // Returns 8*Base (To be linked)
+
+ component mux = MultiMux3(2);
+
+ mux.s[0] <== in[0];
+ mux.s[1] <== in[1];
+ mux.s[2] <== in[2];
+
+ component dbl2 = MontgomeryDouble();
+ component adr3 = MontgomeryAdd();
+ component adr4 = MontgomeryAdd();
+ component adr5 = MontgomeryAdd();
+ component adr6 = MontgomeryAdd();
+ component adr7 = MontgomeryAdd();
+ component adr8 = MontgomeryAdd();
+
+// in[0] -> 1*BASE
+
+ mux.c[0][0] <== base[0];
+ mux.c[1][0] <== base[1];
+
+// in[1] -> 2*BASE
+ dbl2.in[0] <== base[0];
+ dbl2.in[1] <== base[1];
+ mux.c[0][1] <== dbl2.out[0];
+ mux.c[1][1] <== dbl2.out[1];
+
+// in[2] -> 3*BASE
+ adr3.in1[0] <== base[0];
+ adr3.in1[1] <== base[1];
+ adr3.in2[0] <== dbl2.out[0];
+ adr3.in2[1] <== dbl2.out[1];
+ mux.c[0][2] <== adr3.out[0];
+ mux.c[1][2] <== adr3.out[1];
+
+// in[3] -> 4*BASE
+ adr4.in1[0] <== base[0];
+ adr4.in1[1] <== base[1];
+ adr4.in2[0] <== adr3.out[0];
+ adr4.in2[1] <== adr3.out[1];
+ mux.c[0][3] <== adr4.out[0];
+ mux.c[1][3] <== adr4.out[1];
+
+// in[4] -> 5*BASE
+ adr5.in1[0] <== base[0];
+ adr5.in1[1] <== base[1];
+ adr5.in2[0] <== adr4.out[0];
+ adr5.in2[1] <== adr4.out[1];
+ mux.c[0][4] <== adr5.out[0];
+ mux.c[1][4] <== adr5.out[1];
+
+// in[5] -> 6*BASE
+ adr6.in1[0] <== base[0];
+ adr6.in1[1] <== base[1];
+ adr6.in2[0] <== adr5.out[0];
+ adr6.in2[1] <== adr5.out[1];
+ mux.c[0][5] <== adr6.out[0];
+ mux.c[1][5] <== adr6.out[1];
+
+// in[6] -> 7*BASE
+ adr7.in1[0] <== base[0];
+ adr7.in1[1] <== base[1];
+ adr7.in2[0] <== adr6.out[0];
+ adr7.in2[1] <== adr6.out[1];
+ mux.c[0][6] <== adr7.out[0];
+ mux.c[1][6] <== adr7.out[1];
+
+// in[7] -> 8*BASE
+ adr8.in1[0] <== base[0];
+ adr8.in1[1] <== base[1];
+ adr8.in2[0] <== adr7.out[0];
+ adr8.in2[1] <== adr7.out[1];
+ mux.c[0][7] <== adr8.out[0];
+ mux.c[1][7] <== adr8.out[1];
+
+ out8[0] <== adr8.out[0];
+ out8[1] <== adr8.out[1];
+
+ out[0] <== mux.out[0];
+ out[1] <== - mux.out[1]*2*in[3] + mux.out[1]; // Negate it if in[3] is one
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/hash_functions/pedersen/pedersen_old/pedersen_old.circom b/circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen/pedersen_old/pedersen_old.circom
rename to circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old.circom
diff --git a/circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old.test.js b/circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old.test.js
new file mode 100644
index 00000000..5de92769
--- /dev/null
+++ b/circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old.test.js
@@ -0,0 +1,77 @@
+const chai = require("chai");
+const path = require("path");
+
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+const babyJub = require("../src/babyjub.js");
+
+const PBASE =
+ [
+ [bigInt("10457101036533406547632367118273992217979173478358440826365724437999023779287"),bigInt("19824078218392094440610104313265183977899662750282163392862422243483260492317")],
+ [bigInt("2671756056509184035029146175565761955751135805354291559563293617232983272177"),bigInt("2663205510731142763556352975002641716101654201788071096152948830924149045094")],
+ [bigInt("5802099305472655231388284418920769829666717045250560929368476121199858275951"),bigInt("5980429700218124965372158798884772646841287887664001482443826541541529227896")],
+ [bigInt("7107336197374528537877327281242680114152313102022415488494307685842428166594"),bigInt("2857869773864086953506483169737724679646433914307247183624878062391496185654")],
+ [bigInt("20265828622013100949498132415626198973119240347465898028410217039057588424236"),bigInt("1160461593266035632937973507065134938065359936056410650153315956301179689506")]
+ ];
+
+describe("Double Pedersen test", function() {
+ let circuit;
+ this.timeout(100000);
+ before( async() => {
+
+ circuit = await tester(path.join(__dirname, "circuits", "pedersen_test.circom"));
+
+ });
+ it("Should pedersen at zero", async () => {
+
+ let w;
+
+ w = await circuit.calculateWitness({ in: ["0", "0"]}, true);
+
+ await circuit.assertOut(w, {out: [0,1]});
+
+ });
+ it("Should pedersen at one first generator", async () => {
+ let w;
+
+ w = await circuit.calculateWitness({ in: ["1", "0"]}, true);
+
+ await circuit.assertOut(w, {out: PBASE[0]});
+
+ });
+ it("Should pedersen at one second generator", async () => {
+ let w;
+
+ w = await circuit.calculateWitness({ in: ["0", "1"]}, true);
+
+ await circuit.assertOut(w, {out: PBASE[1]});
+
+ });
+ it("Should pedersen at mixed generators", async () => {
+ let w;
+ w = await circuit.calculateWitness({ in: ["3", "7"]}, true);
+
+ const r = babyJub.addPoint(
+ babyJub.mulPointEscalar(PBASE[0], 3),
+ babyJub.mulPointEscalar(PBASE[1], 7)
+ );
+
+ await circuit.assertOut(w, {out: r});
+
+ });
+ it("Should pedersen all ones", async () => {
+ let w;
+
+ const allOnes = bigInt("1").shiftLeft(250).minus(bigInt("1"));
+ w = await circuit.calculateWitness({ in: [allOnes, allOnes]}, true);
+
+
+ const r2 = babyJub.addPoint(
+ babyJub.mulPointEscalar(PBASE[0], allOnes),
+ babyJub.mulPointEscalar(PBASE[1], allOnes)
+ );
+
+ await circuit.assertOut(w, {out: r2});
+ });
+});
diff --git a/test/circuits/pedersen_test.circom b/circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old_test.circom
similarity index 100%
rename from test/circuits/pedersen_test.circom
rename to circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old_test.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/constants.circom b/circuits/crypto_templates/hash_functions/sha256/constants/constants.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/constants.circom
rename to circuits/crypto_templates/hash_functions/sha256/constants/constants.circom
diff --git a/test/constants.test.js b/circuits/crypto_templates/hash_functions/sha256/constants/constants.test.js
similarity index 100%
rename from test/constants.test.js
rename to circuits/crypto_templates/hash_functions/sha256/constants/constants.test.js
diff --git a/circuits/crypto_templates/hash_functions/sha256/constants_test.circom b/circuits/crypto_templates/hash_functions/sha256/constants/constants_test.circom
similarity index 82%
rename from circuits/crypto_templates/hash_functions/sha256/constants_test.circom
rename to circuits/crypto_templates/hash_functions/sha256/constants/constants_test.circom
index 61d392d2..04abe188 100644
--- a/circuits/crypto_templates/hash_functions/sha256/constants_test.circom
+++ b/circuits/crypto_templates/hash_functions/sha256/constants/constants_test.circom
@@ -1,4 +1,4 @@
-include "../../circuits/sha256/constants.circom"
+include "constants.circom"
template A() {
signal input in;
diff --git a/test/aliascheck.test.js b/test/aliascheck.test.js
index 27ee319f..6c37588e 100644
--- a/test/aliascheck.test.js
+++ b/test/aliascheck.test.js
@@ -2,7 +2,6 @@ const chai = require("chai");
const path = require("path");
const assert = chai.assert;
-
const bigInt = require("big-integer");
const tester = require("circom").tester;
@@ -26,11 +25,11 @@ function getBits(v, n) {
const q = bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617");
describe("Aliascheck test", function () {
+
this.timeout(100000);
let cir;
before( async() => {
-
cir = await tester(path.join(__dirname, "aliascheck_test.circom"));
});
@@ -44,6 +43,7 @@ describe("Aliascheck test", function () {
await cir.calculateWitness({in: inp}, true);
});
+ //(q-1)/2?
it("Satisfy the aliastest q-1", async () => {
const inp = getBits(q.minus(bigInt.one), 254);
await cir.calculateWitness({in: inp}, true);
diff --git a/test/and_test.circom b/test/and_test.circom
deleted file mode 100644
index 1a4a286e..00000000
--- a/test/and_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../circuits/basic_templates/logic_gates/and/and.circom";
-
-component main = AND()
diff --git a/test/binsum_test.circom b/test/binsum_test.circom
deleted file mode 100644
index 09fa163b..00000000
--- a/test/binsum_test.circom
+++ /dev/null
@@ -1,32 +0,0 @@
-include "../circuits/basic_templates/bitify/num2bits/num2bits.circom"
-include "../circuits/basic_templates/bitify/bits2num/bits2num.circom"
-include "../circuits/basic_templates/binary_arithmetic/binsum/binsum.circom"
-
-template A() {
- signal private input a;
- signal input b;
- signal output out;
-
- var i;
-
- component n2ba = Num2Bits(32);
- component n2bb = Num2Bits(32);
- component sum = BinSum(32,2);
- component b2n = Bits2Num(32);
-
- n2ba.in <== a;
- n2bb.in <== b;
-
- for (i=0; i<32; i++) {
- sum.in[0][i] <== n2ba.out[i];
- sum.in[1][i] <== n2bb.out[i];
- }
-
- for (i=0; i<32; i++) {
- b2n.in[i] <== sum.out[i];
- }
-
- out <== b2n.out;
-}
-
-component main = A();
diff --git a/test/circuits/babyadd_test.circom b/test/circuits/babyadd_test.circom
deleted file mode 100644
index 129acfac..00000000
--- a/test/circuits/babyadd_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/babyjub.circom";
-
-component main = BabyAdd();
diff --git a/test/circuits/babycheck_test.circom b/test/circuits/babycheck_test.circom
deleted file mode 100644
index 925de65e..00000000
--- a/test/circuits/babycheck_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/babyjub.circom";
-
-component main = BabyCheck();
diff --git a/test/circuits/babypbk_test.circom b/test/circuits/babypbk_test.circom
deleted file mode 100644
index 2583bb95..00000000
--- a/test/circuits/babypbk_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/babyjub.circom";
-
-component main = BabyPbk();
\ No newline at end of file
diff --git a/test/circuits/pedersen2_test.circom b/test/circuits/pedersen2_test.circom
deleted file mode 100644
index e13e3530..00000000
--- a/test/circuits/pedersen2_test.circom
+++ /dev/null
@@ -1,32 +0,0 @@
-include "../../circuits/pedersen.circom";
-include "../../circuits/bitify.circom";
-
-
-template Main() {
- signal input in;
- signal output out[2];
-
- component pedersen = Pedersen(256);
-
- component n2b;
- n2b = Num2Bits(253);
-
- var i;
-
- in ==> n2b.in;
-
- for (i=0; i<253; i++) {
- pedersen.in[i] <== n2b.out[i];
- }
-
- for (i=253; i<256; i++) {
- pedersen.in[i] <== 0;
- }
-
- pedersen.out[0] ==> out[0];
- pedersen.out[1] ==> out[1];
-}
-
-component main = Main();
-
-
diff --git a/test/compconstant.js b/test/compconstant.js
new file mode 100644
index 00000000..e08966b9
--- /dev/null
+++ b/test/compconstant.js
@@ -0,0 +1,24 @@
+const chai = require("chai");
+const path = require("path");
+
+const assert = chai.assert;
+const bigInt = require("big-integer");
+
+const tester = require("circom").tester;
+
+describe("CompConstant test", function () {
+
+ this.timeout(100000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "compconstant_test.circom"));
+ });
+
+ it("Constant", async () => {
+ const inp = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
+ witness = await circuit.calculateWitness({"in": inp}, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+});
diff --git a/test/compconstant_test.circom b/test/compconstant_test.circom
new file mode 100644
index 00000000..81810f14
--- /dev/null
+++ b/test/compconstant_test.circom
@@ -0,0 +1,3 @@
+include "../circuits/basic_templates/compconstant/compconstant.circom";
+
+component main = CompConstant(25)
diff --git a/test/constants.circom b/test/constants.circom
deleted file mode 100644
index 7b375d53..00000000
--- a/test/constants.circom
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-template H(x) {
- signal output out[32];
- var c[8] = [0x6a09e667,
- 0xbb67ae85,
- 0x3c6ef372,
- 0xa54ff53a,
- 0x510e527f,
- 0x9b05688c,
- 0x1f83d9ab,
- 0x5be0cd19];
-
- for (var i=0; i<32; i++) {
- out[i] <== (c[x] >> i) & 1;
- }
-}
-
-template K(x) {
- signal output out[32];
- var c[64] = [
- 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
- 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
- 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
- 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
- 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
- ];
-
- for (var i=0; i<32; i++) {
- out[i] <== (c[x] >> i) & 1;
- }
-}
diff --git a/test/edwards2montgomery.circom b/test/edwards2montgomery.circom
deleted file mode 100644
index 960e5941..00000000
--- a/test/edwards2montgomery.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/montgomery.circom";
-
-component main = Edwards2Montgomery();
diff --git a/test/escalarmul_min_test.circom b/test/escalarmul_min_test.circom
deleted file mode 100644
index 69737011..00000000
--- a/test/escalarmul_min_test.circom
+++ /dev/null
@@ -1,26 +0,0 @@
-include "../../circuits/escalarmul.circom";
-
-
-template Main() {
- signal input in[256];
- signal output out[2];
-
- var i;
-
- var base = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
- 16950150798460657717958625567821834550301663161624707787222815936182638968203];
-
- component escalarMul = EscalarMul(256, base);
-
- escalarMul.inp[0] <== 0;
- escalarMul.inp[1] <== 1;
-
- for (i=0; i<256; i++) {
- in[i] ==> escalarMul.in[i];
- }
-
- escalarMul.out[0] ==> out[0];
- escalarMul.out[1] ==> out[1];
-}
-
-component main = Main();
diff --git a/test/escalarmul_test.circom b/test/escalarmul_test.circom
deleted file mode 100644
index 1af53ace..00000000
--- a/test/escalarmul_test.circom
+++ /dev/null
@@ -1,31 +0,0 @@
-include "../../circuits/escalarmul.circom";
-include "../../circuits/bitify.circom";
-
-
-template Main() {
- signal input in;
- signal output out[2];
-
- var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
- 16950150798460657717958625567821834550301663161624707787222815936182638968203];
-
-
- component n2b = Num2Bits(253);
- component escalarMul = EscalarMul(253, base);
-
- escalarMul.inp[0] <== 0;
- escalarMul.inp[1] <== 1;
-
- var i;
-
- in ==> n2b.in;
-
- for (i=0; i<253; i++) {
- n2b.out[i] ==> escalarMul.in[i];
- }
-
- escalarMul.out[0] ==> out[0];
- escalarMul.out[1] ==> out[1];
-}
-
-component main = Main();
diff --git a/test/escalarmul_test_min.circom b/test/escalarmul_test_min.circom
deleted file mode 100644
index 2b8c7ba3..00000000
--- a/test/escalarmul_test_min.circom
+++ /dev/null
@@ -1,26 +0,0 @@
-include "../../circuits/escalarmul.circom";
-
-
-template Main() {
- signal input in[256];
- signal output out[2];
-
- var i;
-
- var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
- 16950150798460657717958625567821834550301663161624707787222815936182638968203];
-
- component escalarMul = EscalarMul(256, base);
-
- escalarMul.inp[0] <== 0;
- escalarMul.inp[1] <== 1;
-
- for (i=0; i<256; i++) {
- in[i] ==> escalarMul.in[i];
- }
-
- escalarMul.out[0] ==> out[0];
- escalarMul.out[1] ==> out[1];
-}
-
-component main = Main();
diff --git a/test/escalarmulany_test.circom b/test/escalarmulany_test.circom
deleted file mode 100644
index c09918d6..00000000
--- a/test/escalarmulany_test.circom
+++ /dev/null
@@ -1,28 +0,0 @@
-include "../../circuits/escalarmulany.circom";
-include "../../circuits/bitify.circom";
-
-template Main() {
- signal input e;
- signal input p[2];
- signal output out[2];
-
- component n2b = Num2Bits(253);
- component escalarMulAny = EscalarMulAny(253);
-
- escalarMulAny.p[0] <== p[0];
- escalarMulAny.p[1] <== p[1];
-
- var i;
-
- e ==> n2b.in;
-
- for (i=0; i<253; i++) {
- n2b.out[i] ==> escalarMulAny.e[i];
- }
-
- escalarMulAny.out[0] ==> out[0];
- escalarMulAny.out[1] ==> out[1];
-}
-
-component main = Main();
-
diff --git a/test/escalarmulfix_test.circom b/test/escalarmulfix_test.circom
deleted file mode 100644
index 7d80b79e..00000000
--- a/test/escalarmulfix_test.circom
+++ /dev/null
@@ -1,29 +0,0 @@
-include "../../circuits/escalarmulfix.circom";
-include "../../circuits/bitify.circom";
-
-
-template Main() {
- signal input e;
- signal output out[2];
-
- var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
- 16950150798460657717958625567821834550301663161624707787222815936182638968203]
-
-
- component n2b = Num2Bits(253);
- component escalarMul = EscalarMulFix(253, base);
-
- var i;
-
- e ==> n2b.in;
-
- for (i=0; i<253; i++) {
- n2b.out[i] ==> escalarMul.e[i];
- }
-
- escalarMul.out[0] ==> out[0];
- escalarMul.out[1] ==> out[1];
-}
-
-component main = Main();
-
diff --git a/test/escalarmulw4table.circom b/test/escalarmulw4table.circom
deleted file mode 100644
index 43143b6a..00000000
--- a/test/escalarmulw4table.circom
+++ /dev/null
@@ -1,6 +0,0 @@
-include "../../circuits/escalarmulw4table.circom";
-
-var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
- 16950150798460657717958625567821834550301663161624707787222815936182638968203]
-
-component main = EscalarMulW4Table(base, 0);
diff --git a/test/escalarmulw4table_test.circom b/test/escalarmulw4table_test.circom
deleted file mode 100644
index 9f6777fd..00000000
--- a/test/escalarmulw4table_test.circom
+++ /dev/null
@@ -1,17 +0,0 @@
-include "../../circuits/escalarmulw4table.circom";
-
-
-template Main() {
- signal input in;
- signal output out[16][2];
- var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
- 16950150798460657717958625567821834550301663161624707787222815936182638968203];
-
- var escalarMul[16][2] = EscalarMulW4Table(base, 0);
- for (var i=0; i<16; i++) {
- out[i][0] <== escalarMul[i][0]*in;
- out[i][1] <== escalarMul[i][1]*in;
- }
-}
-
-component main = Main();
diff --git a/test/escalarmulw4table_test3.circom b/test/escalarmulw4table_test3.circom
deleted file mode 100644
index d41d827e..00000000
--- a/test/escalarmulw4table_test3.circom
+++ /dev/null
@@ -1,17 +0,0 @@
-include "../../circuits/escalarmulw4table.circom";
-
-
-template Main() {
- signal input in;
- signal output out[16][2];
- var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
- 16950150798460657717958625567821834550301663161624707787222815936182638968203];
-
- var escalarMul[16][2] = EscalarMulW4Table(base, 3);
- for (var i=0; i<16; i++) {
- out[i][0] <== escalarMul[i][0]*in;
- out[i][1] <== escalarMul[i][1]*in;
- }
-}
-
-component main = Main();
diff --git a/test/greatereqthan_test.circom b/test/greatereqthan_test.circom
deleted file mode 100644
index b0eeff7f..00000000
--- a/test/greatereqthan_test.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../circuits/basic_templates/comparators/greatereqthan/greatereqthan.circom";
-
-component main = GreaterEqThan(32);
diff --git a/test/greaterthan_test.circom b/test/greaterthan_test.circom
deleted file mode 100644
index 54c573da..00000000
--- a/test/greaterthan_test.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../circuits/basic_templates/comparators/greaterthan/greaterthan.circom";
-
-component main = GreaterThan(32);
diff --git a/test/isequal_test.circom b/test/isequal_test.circom
deleted file mode 100644
index 8a005b10..00000000
--- a/test/isequal_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../circuits/basic_templates/comparators/isequal/isequal.circom";
-
-component main = IsEqual();
diff --git a/test/iszero_test.circom b/test/iszero_test.circom
deleted file mode 100644
index f44e8812..00000000
--- a/test/iszero_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../circuits/basic_templates/comparators/iszero/iszero.circom";
-
-component main = IsZero();
diff --git a/test/lesseqthan_test.circom b/test/lesseqthan_test.circom
deleted file mode 100644
index 5b7d0498..00000000
--- a/test/lesseqthan_test.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../circuits/basic_templates/comparators/lesseqthan/lesseqthan.circom";
-
-component main = LessEqThan(32);
diff --git a/test/lessthan_test.circom b/test/lessthan_test.circom
deleted file mode 100644
index 79301fc4..00000000
--- a/test/lessthan_test.circom
+++ /dev/null
@@ -1,4 +0,0 @@
-
-include "../circuits/basic_templates/comparators/lessthan/lessthan.circom";
-
-component main = LessThan(32);
diff --git a/test/montgomery2edwards.circom b/test/montgomery2edwards.circom
deleted file mode 100644
index 39d05a64..00000000
--- a/test/montgomery2edwards.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/montgomery.circom";
-
-component main = Montgomery2Edwards();
diff --git a/test/montgomeryadd.circom b/test/montgomeryadd.circom
deleted file mode 100644
index 8caea17d..00000000
--- a/test/montgomeryadd.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/montgomery.circom";
-
-component main = MontgomeryAdd();
diff --git a/test/montgomerydouble.circom b/test/montgomerydouble.circom
deleted file mode 100644
index 70a3840e..00000000
--- a/test/montgomerydouble.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/montgomery.circom";
-
-component main = MontgomeryDouble();
diff --git a/test/multiand_test.circom b/test/multiand_test.circom
deleted file mode 100644
index 07989616..00000000
--- a/test/multiand_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../circuits/basic_templates/logic_gates/multiand/multiand.circom";
-
-component main = MultiAND(5)
diff --git a/test/multior_test.circom b/test/multior_test.circom
deleted file mode 100644
index 1612d386..00000000
--- a/test/multior_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../circuits/basic_templates/logic_gates/multior/multior.circom";
-
-component main = MultiOR(5)
diff --git a/test/not_test.circom b/test/not_test.circom
deleted file mode 100644
index 92195950..00000000
--- a/test/not_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../circuits/basic_templates/logic_gates/not/not.circom";
-
-component main = NOT()
diff --git a/test/or_test.circom b/test/or_test.circom
deleted file mode 100644
index b18461a7..00000000
--- a/test/or_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../circuits/basic_templates/logic_gates/or/or.circom";
-
-component main = OR()
diff --git a/test/pointbits_loopback.circom b/test/pointbits_loopback.circom
deleted file mode 100644
index 39dacfbf..00000000
--- a/test/pointbits_loopback.circom
+++ /dev/null
@@ -1,23 +0,0 @@
-include "../../circuits/pointbits.circom";
-
-
-template Main() {
- signal input in[2];
-
- var i
-
- component p2b = Point2Bits_Strict();
- component b2p = Bits2Point_Strict();
-
- p2b.in[0] <== in[0];
- p2b.in[1] <== in[1];
-
- for (i=0; i<256; i++) {
- b2p.in[i] <== p2b.out[i];
- }
-
- b2p.out[0] === in[0];
- b2p.out[1] === in[1];
-}
-
-component main = Main();
diff --git a/test/sha256_test448.circom b/test/sha256_test448.circom
deleted file mode 100644
index 9a5dbdc8..00000000
--- a/test/sha256_test448.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/sha256/sha256.circom";
-
-component main = Sha256(448);
diff --git a/test/sha256_test512.circom b/test/sha256_test512.circom
deleted file mode 100644
index dd8b11db..00000000
--- a/test/sha256_test512.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/sha256/sha256.circom";
-
-component main = Sha256(512);
From 902acc33c0d71060a5ff0973914b2cebd3ffa17d Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Thu, 9 Apr 2020 02:29:38 +0200
Subject: [PATCH 18/27] Fixed the test errorsgit add . And added compconstant
test.
---
.../aliascheck}/aliascheck.test.js | 0
.../aliascheck/aliascheck_test.circom | 3 ++
.../compconstant/compconstant.circom | 2 +-
.../basic_templates/sign}/sign.test.js | 0
.../basic_templates/sign/sign_test.circom | 3 ++
test/aliascheck_test.circom | 3 --
test/compconstant.js | 24 ---------
test/compconstant.test.js | 51 +++++++++++++++++++
test/compconstant_test.circom | 2 +-
test/sign_test.circom | 3 --
10 files changed, 59 insertions(+), 32 deletions(-)
rename {test => circuits/basic_templates/aliascheck}/aliascheck.test.js (100%)
create mode 100644 circuits/basic_templates/aliascheck/aliascheck_test.circom
rename {test => circuits/basic_templates/sign}/sign.test.js (100%)
create mode 100644 circuits/basic_templates/sign/sign_test.circom
delete mode 100644 test/aliascheck_test.circom
delete mode 100644 test/compconstant.js
create mode 100644 test/compconstant.test.js
delete mode 100644 test/sign_test.circom
diff --git a/test/aliascheck.test.js b/circuits/basic_templates/aliascheck/aliascheck.test.js
similarity index 100%
rename from test/aliascheck.test.js
rename to circuits/basic_templates/aliascheck/aliascheck.test.js
diff --git a/circuits/basic_templates/aliascheck/aliascheck_test.circom b/circuits/basic_templates/aliascheck/aliascheck_test.circom
new file mode 100644
index 00000000..3feeabbd
--- /dev/null
+++ b/circuits/basic_templates/aliascheck/aliascheck_test.circom
@@ -0,0 +1,3 @@
+include "aliascheck.circom";
+
+component main = AliasCheck()
diff --git a/circuits/basic_templates/compconstant/compconstant.circom b/circuits/basic_templates/compconstant/compconstant.circom
index 1ca7a2ba..aa03ffec 100644
--- a/circuits/basic_templates/compconstant/compconstant.circom
+++ b/circuits/basic_templates/compconstant/compconstant.circom
@@ -59,7 +59,7 @@ template CompConstant(ct) {
sum = sum + parts[i];
b = b -e;
- out a = a +e;
+ a = a +e;
e = e*2;
}
diff --git a/test/sign.test.js b/circuits/basic_templates/sign/sign.test.js
similarity index 100%
rename from test/sign.test.js
rename to circuits/basic_templates/sign/sign.test.js
diff --git a/circuits/basic_templates/sign/sign_test.circom b/circuits/basic_templates/sign/sign_test.circom
new file mode 100644
index 00000000..394e465f
--- /dev/null
+++ b/circuits/basic_templates/sign/sign_test.circom
@@ -0,0 +1,3 @@
+include "sign.circom";
+
+component main = Sign();
diff --git a/test/aliascheck_test.circom b/test/aliascheck_test.circom
deleted file mode 100644
index 9da0c098..00000000
--- a/test/aliascheck_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../circuits/basic_templates/aliascheck/aliascheck.circom";
-
-component main = AliasCheck()
diff --git a/test/compconstant.js b/test/compconstant.js
deleted file mode 100644
index e08966b9..00000000
--- a/test/compconstant.js
+++ /dev/null
@@ -1,24 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const assert = chai.assert;
-const bigInt = require("big-integer");
-
-const tester = require("circom").tester;
-
-describe("CompConstant test", function () {
-
- this.timeout(100000);
-
- let circuit;
- before( async() => {
- circuit = await tester(path.join(__dirname, "compconstant_test.circom"));
- });
-
- it("Constant", async () => {
- const inp = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
- witness = await circuit.calculateWitness({"in": inp}, true);
- await circuit.assertOut(witness, {out: 0});
- });
-
-});
diff --git a/test/compconstant.test.js b/test/compconstant.test.js
new file mode 100644
index 00000000..9588f92f
--- /dev/null
+++ b/test/compconstant.test.js
@@ -0,0 +1,51 @@
+const chai = require("chai");
+const path = require("path");
+
+const assert = chai.assert;
+const bigInt = require("big-integer");
+
+const tester = require("circom").tester;
+
+function getBits(v, n) {
+ const res = [];
+ for (let i=0; i<n; i++) {
+ if (v.shiftRight(i).isOdd()) {
+ res.push(bigInt.one);
+ } else {
+ res.push(bigInt.zero);
+ }
+ }
+ return res;
+}
+
+const ct = bigInt("12574899965841125748859665329478411236025236211254788521259648301247745896");
+const q = bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617");
+
+describe("CompConstant test", function () {
+
+ this.timeout(100000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "compconstant_test.circom"));
+ });
+
+ it("0 > ct is FALSE", async () => {
+ const inp = getBits(bigInt.zero, 254);
+ witness = await circuit.calculateWitness({"in": inp}, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+ it("(q-1) > ct is TRUE", async () => {
+ const inp = getBits(q.minus(bigInt.one), 254);
+ witness = await circuit.calculateWitness({"in": inp}, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+
+ it("ct > ct is FALSE", async () => {
+ const inp = getBits(ct, 254);
+ witness = await circuit.calculateWitness({"in": inp}, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+});
\ No newline at end of file
diff --git a/test/compconstant_test.circom b/test/compconstant_test.circom
index 81810f14..130dad32 100644
--- a/test/compconstant_test.circom
+++ b/test/compconstant_test.circom
@@ -1,3 +1,3 @@
include "../circuits/basic_templates/compconstant/compconstant.circom";
-component main = CompConstant(25)
+component main = CompConstant(12574899965841125748859665329478411236025236211254788521259648301247745896)
\ No newline at end of file
diff --git a/test/sign_test.circom b/test/sign_test.circom
deleted file mode 100644
index 46991cbb..00000000
--- a/test/sign_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../circuits/basic_templates/sign/sign.circom";
-
-component main = Sign();
From f0d52a456ca2e946c5d6b60946f53a63af09e3ee Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Thu, 9 Apr 2020 14:18:39 +0200
Subject: [PATCH 19/27] Worked on pedersen-3w
---
README.md | 8 +-
.../logic_gates/multiand/README.md | 2 +-
.../logic_gates/multior/README.md | 2 +-
.../logic_gates/multixor/README.md | 37 +++++++
.../logic_gates/multixor/multixor.circom | 39 +++++++
.../logic_gates/multixor/multixor.test.js | 28 +++++
.../logic_gates/multixor/multixor_test.circom | 3 +
.../mux/multimux2/multimux2.circom | 43 ++++++++
circuits/basic_templates/old_README.md | 29 -----
.../edwards/{babydbl => }/babyadd/README.md | 0
.../{babydbl => }/babyadd/babyadd.circom | 0
.../{babydbl => }/babyadd/babyadd.test.js | 0
.../{babydbl => }/babyadd/babyadd_test.circom | 0
.../hash_functions/pedersen/README.md | 19 ----
.../hash_functions/pedersen_w3/README.md | 40 +++++++
.../pedersen_w3.circom} | 2 +-
.../pedersen_w3.test.js} | 1 -
.../pedersen_w3_test.circom} | 7 +-
.../pedersen_w3/segment3/segment3.circom | 87 +++++++++++++++
.../pedersen_w3/window3/window3.circom | 71 ++++++++++++
.../hash_functions/pedersen_w4/README.md | 40 +++++++
.../pedersen_w4/pedersen_w4.circom | 104 ++++++++++++++++++
.../pedersen_w4/pedersen_w4.test.js | 48 ++++++++
.../pedersen_w4/pedersen_w4_test.circom | 34 ++++++
.../segment/segment.circom | 0
.../window4/window4.circom | 0
26 files changed, 589 insertions(+), 55 deletions(-)
create mode 100644 circuits/basic_templates/logic_gates/multixor/README.md
create mode 100644 circuits/basic_templates/logic_gates/multixor/multixor.circom
create mode 100644 circuits/basic_templates/logic_gates/multixor/multixor.test.js
create mode 100644 circuits/basic_templates/logic_gates/multixor/multixor_test.circom
create mode 100644 circuits/basic_templates/mux/multimux2/multimux2.circom
delete mode 100644 circuits/basic_templates/old_README.md
rename circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/{babydbl => }/babyadd/README.md (100%)
rename circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/{babydbl => }/babyadd/babyadd.circom (100%)
rename circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/{babydbl => }/babyadd/babyadd.test.js (100%)
rename circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/{babydbl => }/babyadd/babyadd_test.circom (100%)
delete mode 100644 circuits/crypto_templates/hash_functions/pedersen/README.md
create mode 100644 circuits/crypto_templates/hash_functions/pedersen_w3/README.md
rename circuits/crypto_templates/hash_functions/{pedersen/pedersen.circom => pedersen_w3/pedersen_w3.circom} (98%)
rename circuits/crypto_templates/hash_functions/{pedersen/pedersen.test.js => pedersen_w3/pedersen_w3.test.js} (99%)
rename circuits/crypto_templates/hash_functions/{pedersen/pedersen_test.circom => pedersen_w3/pedersen_w3_test.circom} (61%)
create mode 100644 circuits/crypto_templates/hash_functions/pedersen_w3/segment3/segment3.circom
create mode 100644 circuits/crypto_templates/hash_functions/pedersen_w3/window3/window3.circom
create mode 100644 circuits/crypto_templates/hash_functions/pedersen_w4/README.md
create mode 100644 circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.circom
create mode 100644 circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.test.js
create mode 100644 circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4_test.circom
rename circuits/crypto_templates/hash_functions/{pedersen => pedersen_w4}/segment/segment.circom (100%)
rename circuits/crypto_templates/hash_functions/{pedersen => pedersen_w4}/window4/window4.circom (100%)
diff --git a/README.md b/README.md
index ee3df97a..719b78e7 100644
--- a/README.md
+++ b/README.md
@@ -18,4 +18,10 @@ This respository contains 5 folders:
A description of the specific circuit templates for the `circuit` folder will be soon updated.
-## Structure of the Library
\ No newline at end of file
+## Structure of the Library
+
+* mimc - SNARK-friendly hash Minimal Multiplicative Complexity.
+ * https://eprint.iacr.org/2016/492.pdf
+ * zcash/zcash#2233
+* smt - Sparse Merkle Tree
+ * https://ethresear.ch/t/optimizing-sparse-merkle-trees/3751
\ No newline at end of file
diff --git a/circuits/basic_templates/logic_gates/multiand/README.md b/circuits/basic_templates/logic_gates/multiand/README.md
index 297d7f34..f1f9d1a9 100644
--- a/circuits/basic_templates/logic_gates/multiand/README.md
+++ b/circuits/basic_templates/logic_gates/multiand/README.md
@@ -17,7 +17,7 @@ in[n] ----> | MultiAND(n) | ----> out
## Dependencies
```
-include "../and/and.circom";
+include "../../comparators/iszero/iszero.circom";
```
## Inputs
diff --git a/circuits/basic_templates/logic_gates/multior/README.md b/circuits/basic_templates/logic_gates/multior/README.md
index aface870..0f0a23b4 100644
--- a/circuits/basic_templates/logic_gates/multior/README.md
+++ b/circuits/basic_templates/logic_gates/multior/README.md
@@ -17,7 +17,7 @@ in[n] ----> | MultiOR(n) | ----> out
## Dependencies
```
-include "../or/or.circom";
+include "../../comparators/iszero/iszero.circom";
```
## Inputs
diff --git a/circuits/basic_templates/logic_gates/multixor/README.md b/circuits/basic_templates/logic_gates/multixor/README.md
new file mode 100644
index 00000000..c1406818
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/multixor/README.md
@@ -0,0 +1,37 @@
+# `MultiXOR(n)`
+
+## Description
+
+This template performs an `n`-input [XOR gate](https://en.wikipedia.org/wiki/XOR_gate).
+<!-- Output true if and only if an odd number of inputs are true -->
+
+## Schema
+
+```
+ _______________
+ | |
+in[n] ----> | MultiXOR(n) | ----> out
+ |_______________|
+```
+
+## Dependencies
+
+```
+include "../../comparators/iszero/iszero.circom";
+```
+
+## Inputs
+
+| Input | Type |
+| ----- | ----- |
+| `in[n]` | Array of `n` booleans |
+
+## Outputs
+
+| Output | Type | Description |
+| ------ | ------ | ---------- |
+| `out` | Boolean | `out = in[0] v ... v in[n-1]`. |
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/basic_templates/logic_gates/multixor/multixor.circom b/circuits/basic_templates/logic_gates/multixor/multixor.circom
new file mode 100644
index 00000000..e2a2f64d
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/multixor/multixor.circom
@@ -0,0 +1,39 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../bitify/num2bits/num2bits.circom";
+
+// Output true if and only if an odd number of inputs are true
+
+template MultiXOR(n) {
+ signal input in[n];
+ signal output out;
+
+ var sum = 0;
+
+ for(var i=0; i<n; i++) {
+ sum = sum + in[i];
+ }
+
+ component n2b = Num2Bits(n); //This n is not n, it should be calculated...
+
+ n2b.in <== sum;
+
+ out <== n2b.out[0];
+}
\ No newline at end of file
diff --git a/circuits/basic_templates/logic_gates/multixor/multixor.test.js b/circuits/basic_templates/logic_gates/multixor/multixor.test.js
new file mode 100644
index 00000000..236a10f4
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/multixor/multixor.test.js
@@ -0,0 +1,28 @@
+const chai = require("chai");
+const path = require("path");
+
+const tester = require("circom").tester;
+
+const bigInt = require("big-integer");
+
+const assert = chai.assert;
+
+describe("MultiXOR test", function () {
+
+ this.timeout(100000000);
+
+ let circuit;
+ before( async() => {
+ circuit = await tester(path.join(__dirname, "multixor_test.circom"));
+ });
+
+ it("Even amount of 1s outputs FALSE", async () => {
+ const witness = await circuit.calculateWitness({"in": [1,1,0,0,0]}, true);
+ await circuit.assertOut(witness, {out: 0});
+ });
+
+ it("Odd amount of 1s outputs TRUE", async () => {
+ const witness = await circuit.calculateWitness({"in": [0,1,1,0,1]}, true);
+ await circuit.assertOut(witness, {out: 1});
+ });
+});
diff --git a/circuits/basic_templates/logic_gates/multixor/multixor_test.circom b/circuits/basic_templates/logic_gates/multixor/multixor_test.circom
new file mode 100644
index 00000000..46552b32
--- /dev/null
+++ b/circuits/basic_templates/logic_gates/multixor/multixor_test.circom
@@ -0,0 +1,3 @@
+include "multixor.circom";
+
+component main = MultiXOR(5)
diff --git a/circuits/basic_templates/mux/multimux2/multimux2.circom b/circuits/basic_templates/mux/multimux2/multimux2.circom
new file mode 100644
index 00000000..c7744eee
--- /dev/null
+++ b/circuits/basic_templates/mux/multimux2/multimux2.circom
@@ -0,0 +1,43 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template MultiMux2(n) {
+ signal input c[n][4]; // Constants
+ signal input s[2]; // Selector
+ signal output out[n];
+
+ signal a10[n];
+ signal a1[n];
+ signal a0[n];
+ signal a[n];
+
+ signal s10;
+ s10 <== s[1] * s[0];
+
+ for (var i=0; i<n; i++) {
+
+ a10[i] <== ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s10;
+ a1[i] <== ( c[i][ 2]-c[i][ 0] ) * s[1];
+ a0[i] <== ( c[i][ 1]-c[i][ 0] ) * s[0];
+ a[i] <== ( c[i][ 0] )
+
+ out[i] <== ( a10[i] + a1[i] + a0[i] + a[i] );
+
+ }
+}
\ No newline at end of file
diff --git a/circuits/basic_templates/old_README.md b/circuits/basic_templates/old_README.md
deleted file mode 100644
index 5a00ae1a..00000000
--- a/circuits/basic_templates/old_README.md
+++ /dev/null
@@ -1,29 +0,0 @@
-# CircomLib/Circuits
-
-## Description
-
-- This folder contains circuit templates for standard operations and many cryptographic primitives.
-- Below you can find specifications of each function. In the representation of elements, there are three tyes:
- - Binary
- - String
- - Field element (the field is specified in each case. We consider 2 possible fields: Fp and Fr, where p... and r... .)
-
-## Jordi
-
-* compconstant - Returns 1 if `in` (expanded to binary array) > `ct`
-* aliascheck - check if `in` (expanded to binary array) oveflowed its 254 bits (<= -1)
-* babyjub - twisted Edwards curve 168700.x^2 + y^2 = 1 + 168696.x^2.y^2
- * BabyAdd - (`xout`,`yout`) = (`x1`,`y1`) + (`x2`,`y2`)
- * BabyDbl - (`xout`,`yout`) = 2*(`x`,`y`)
- * BabyCheck - check that (`x`,`y`) is on the curve
-* binsub - binary subtraction
-* gates - logical gates
-* mimc - SNARK-friendly hash Minimal Multiplicative Complexity.
- * https://eprint.iacr.org/2016/492.pdf
- * zcash/zcash#2233
-* smt - Sparse Merkle Tree
- * https://ethresear.ch/t/optimizing-sparse-merkle-trees/3751
-* montgomery https://en.wikipedia.org/wiki/Montgomery_curve
-
-## Table of Contents
-
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/README.md b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/README.md
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/babyadd.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/babyadd.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/babyadd.test.js b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.test.js
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/babyadd.test.js
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.test.js
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/babyadd_test.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babyadd/babyadd_test.circom
rename to circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
diff --git a/circuits/crypto_templates/hash_functions/pedersen/README.md b/circuits/crypto_templates/hash_functions/pedersen/README.md
deleted file mode 100644
index c5b13bcf..00000000
--- a/circuits/crypto_templates/hash_functions/pedersen/README.md
+++ /dev/null
@@ -1,19 +0,0 @@
-# Name of Template
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
-## Description
-
-## Schema
-
-## Dependencies
-
-## Inputs
-
-## Outputs
-
-## Benchmarks
-
-## Test
\ No newline at end of file
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w3/README.md b/circuits/crypto_templates/hash_functions/pedersen_w3/README.md
new file mode 100644
index 00000000..5dff9cab
--- /dev/null
+++ b/circuits/crypto_templates/hash_functions/pedersen_w3/README.md
@@ -0,0 +1,40 @@
+# `Pedersen(n)`
+
+## Description
+
+This template returns the [Pedersen hash](https://github.com/iden3/research/blob/master/documentation/PedersenHash.md) of a given sequence of bits.
+
+## Schema
+
+```
+ ______________
+ | |
+in[n] ----> | Pedersen() | ----> out[2]
+ |______________|
+```
+
+## Dependencies
+
+```
+include "../../../elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom"
+include "segment/segment.circom";
+include "window4/window4.circom";
+```
+
+## Inputs
+
+| Input | Type |
+| ------------- | ------------- |
+| `in[n]` | Binary array of `n` bits |
+
+TODO: No és amb bits?? (Mirar el test!)
+
+## Outputs
+
+| Output | Type | Description |
+| ------------- | ------------- | ------------- |
+| `out[2]` | Array with two field elements | The output `out = H(in)` are the `x` and `y` coordinates of a point on the large prime subgroup of [Baby Jubjub](https://github.com/ethereum/EIPs/pull/2494) elliptic curve. More specifically, such point is `(x,y) = (out[0], out[1])`. |
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/crypto_templates/hash_functions/pedersen/pedersen.circom b/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.circom
similarity index 98%
rename from circuits/crypto_templates/hash_functions/pedersen/pedersen.circom
rename to circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.circom
index 10526ba2..66539cc4 100644
--- a/circuits/crypto_templates/hash_functions/pedersen/pedersen.circom
+++ b/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../../../elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom"
+include "../../elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom"
include "segment/segment.circom";
include "window4/window4.circom";
diff --git a/circuits/crypto_templates/hash_functions/pedersen/pedersen.test.js b/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.test.js
similarity index 99%
rename from circuits/crypto_templates/hash_functions/pedersen/pedersen.test.js
rename to circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.test.js
index b32575a3..78ffc58f 100644
--- a/circuits/crypto_templates/hash_functions/pedersen/pedersen.test.js
+++ b/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.test.js
@@ -19,7 +19,6 @@ describe("Pedersen test", function() {
let w;
w = await circuit.calculateWitness({ in: 0}, true);
-
const b = Buffer.alloc(32);
const h = pedersen.hash(b);
diff --git a/circuits/crypto_templates/hash_functions/pedersen/pedersen_test.circom b/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3_test.circom
similarity index 61%
rename from circuits/crypto_templates/hash_functions/pedersen/pedersen_test.circom
rename to circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3_test.circom
index e3cc6e01..e23c7d43 100644
--- a/circuits/crypto_templates/hash_functions/pedersen/pedersen_test.circom
+++ b/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3_test.circom
@@ -1,5 +1,8 @@
-include "../pedersen/pedersen.circom";
-include "../basic_templates/bitify/num2bits/num2bits.circom";
+// include "../circuits/crypto_templates/hash_functions/pedersen_w4/pedersen.circom";
+// include "../circuits/basic_templates/bitify/num2bits/num2bits.circom";
+
+include "pedersen_w4_.circom";
+include "../../../basic_templates/bitify/num2bits/num2bits.circom";
template Main() {
signal input in;
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w3/segment3/segment3.circom b/circuits/crypto_templates/hash_functions/pedersen_w3/segment3/segment3.circom
new file mode 100644
index 00000000..f1a78110
--- /dev/null
+++ b/circuits/crypto_templates/hash_functions/pedersen_w3/segment3/segment3.circom
@@ -0,0 +1,87 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../../elliptic_curves/baby_jubjub/montgomery2edwards/montgomery2edwards.circom"
+include "../../../elliptic_curves/baby_jubjub/edwards2montgomery/edwards2montgomery.circom"
+include "../../../elliptic_curves/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom"
+include "../window3/window3.circom";
+
+template Segment(nWindows) {
+ signal input in[nWindows*3];
+ signal input base[2];
+ signal output out[2];
+
+ var i;
+ var j;
+
+ // Convert the base to montgomery
+
+ component e2m = Edwards2Montgomery();
+ e2m.in[0] <== base[0];
+ e2m.in[1] <== base[1];
+
+ component windows[nWindows];
+ component doublers1[nWindows-1];
+ component doublers2[nWindows-1];
+ component adders[nWindows-1];
+ for (i=0; i<nWindows; i++) {
+ windows[i] = Window3();
+ for (j=0; j<3; j++) {
+ windows[i].in[j] <== in[4*i+j];
+ }
+ if (i==0) {
+ windows[i].base[0] <== e2m.out[0];
+ windows[i].base[1] <== e2m.out[1];
+ } else {
+ doublers1[i-1] = MontgomeryDouble();
+ doublers2[i-1] = MontgomeryDouble();
+ doublers1[i-1].in[0] <== windows[i-1].out8[0];
+ doublers1[i-1].in[1] <== windows[i-1].out8[1];
+ doublers2[i-1].in[0] <== doublers1[i-1].out[0];
+ doublers2[i-1].in[1] <== doublers1[i-1].out[1];
+
+ windows[i].base[0] <== doublers2[i-1].out[0];
+ windows[i].base[1] <== doublers2[i-1].out[1];
+
+ adders[i-1] = MontgomeryAdd();
+ if (i==1) {
+ adders[i-1].in1[0] <== windows[0].out[0];
+ adders[i-1].in1[1] <== windows[0].out[1];
+ } else {
+ adders[i-1].in1[0] <== adders[i-2].out[0];
+ adders[i-1].in1[1] <== adders[i-2].out[1];
+ }
+ adders[i-1].in2[0] <== windows[i].out[0];
+ adders[i-1].in2[1] <== windows[i].out[1];
+ }
+ }
+
+ component m2e = Montgomery2Edwards();
+
+ if (nWindows > 1) {
+ m2e.in[0] <== adders[nWindows-2].out[0];
+ m2e.in[1] <== adders[nWindows-2].out[1];
+ } else {
+ m2e.in[0] <== windows[0].out[0];
+ m2e.in[1] <== windows[0].out[1];
+ }
+
+ out[0] <== m2e.out[0];
+ out[1] <== m2e.out[1];
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w3/window3/window3.circom b/circuits/crypto_templates/hash_functions/pedersen_w3/window3/window3.circom
new file mode 100644
index 00000000..509c583c
--- /dev/null
+++ b/circuits/crypto_templates/hash_functions/pedersen_w3/window3/window3.circom
@@ -0,0 +1,71 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../../elliptic_curves/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom"
+include "../../../elliptic_curves/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom"
+include "../../../../basic_templates/mux/multimux2/multimux2.circom";
+
+template Window3() {
+ signal input in[3];
+ signal input base[2];
+ signal output out[2];
+ signal output out4[2]; // Returns 4*Base (To be linked)
+
+ component mux = MultiMux2(2);
+
+ mux.s[0] <== in[0];
+ mux.s[1] <== in[1];
+
+ component dbl2 = MontgomeryDouble();
+ component adr3 = MontgomeryAdd();
+ component adr4 = MontgomeryAdd();
+
+// in[0] -> 1*BASE
+
+ mux.c[0][0] <== base[0];
+ mux.c[1][0] <== base[1];
+
+// in[1] -> 2*BASE
+ dbl2.in[0] <== base[0];
+ dbl2.in[1] <== base[1];
+ mux.c[0][1] <== dbl2.out[0];
+ mux.c[1][1] <== dbl2.out[1];
+
+// in[2] -> 3*BASE
+ adr3.in1[0] <== base[0];
+ adr3.in1[1] <== base[1];
+ adr3.in2[0] <== dbl2.out[0];
+ adr3.in2[1] <== dbl2.out[1];
+ mux.c[0][2] <== adr3.out[0];
+ mux.c[1][2] <== adr3.out[1];
+
+// in[3] -> 4*BASE
+ adr4.in1[0] <== base[0];
+ adr4.in1[1] <== base[1];
+ adr4.in2[0] <== adr3.out[0];
+ adr4.in2[1] <== adr3.out[1];
+ mux.c[0][3] <== adr4.out[0];
+ mux.c[1][3] <== adr4.out[1];
+
+ out4[0] <== adr4.out[0];
+ out4[1] <== adr4.out[1];
+
+ out[0] <== mux.out[0];
+ out[1] <== - mux.out[1]*2*in[2] + mux.out[1]; // Negate it if in[2] is one
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/README.md b/circuits/crypto_templates/hash_functions/pedersen_w4/README.md
new file mode 100644
index 00000000..5dff9cab
--- /dev/null
+++ b/circuits/crypto_templates/hash_functions/pedersen_w4/README.md
@@ -0,0 +1,40 @@
+# `Pedersen(n)`
+
+## Description
+
+This template returns the [Pedersen hash](https://github.com/iden3/research/blob/master/documentation/PedersenHash.md) of a given sequence of bits.
+
+## Schema
+
+```
+ ______________
+ | |
+in[n] ----> | Pedersen() | ----> out[2]
+ |______________|
+```
+
+## Dependencies
+
+```
+include "../../../elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom"
+include "segment/segment.circom";
+include "window4/window4.circom";
+```
+
+## Inputs
+
+| Input | Type |
+| ------------- | ------------- |
+| `in[n]` | Binary array of `n` bits |
+
+TODO: No és amb bits?? (Mirar el test!)
+
+## Outputs
+
+| Output | Type | Description |
+| ------------- | ------------- | ------------- |
+| `out[2]` | Array with two field elements | The output `out = H(in)` are the `x` and `y` coordinates of a point on the large prime subgroup of [Baby Jubjub](https://github.com/ethereum/EIPs/pull/2494) elliptic curve. More specifically, such point is `(x,y) = (out[0], out[1])`. |
+
+## Benchmarks
+
+## Test
\ No newline at end of file
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.circom b/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.circom
new file mode 100644
index 00000000..66539cc4
--- /dev/null
+++ b/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.circom
@@ -0,0 +1,104 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom"
+include "segment/segment.circom";
+include "window4/window4.circom";
+
+template Pedersen(n) {
+ signal input in[n];
+ signal output out[2];
+
+ var BASE[10][2] = [
+ [10457101036533406547632367118273992217979173478358440826365724437999023779287,19824078218392094440610104313265183977899662750282163392862422243483260492317],
+ [2671756056509184035029146175565761955751135805354291559563293617232983272177,2663205510731142763556352975002641716101654201788071096152948830924149045094],
+ [5802099305472655231388284418920769829666717045250560929368476121199858275951,5980429700218124965372158798884772646841287887664001482443826541541529227896],
+ [7107336197374528537877327281242680114152313102022415488494307685842428166594,2857869773864086953506483169737724679646433914307247183624878062391496185654],
+ [20265828622013100949498132415626198973119240347465898028410217039057588424236,1160461593266035632937973507065134938065359936056410650153315956301179689506],
+ [1487999857809287756929114517587739322941449154962237464737694709326309567994,14017256862867289575056460215526364897734808720610101650676790868051368668003],
+ [14618644331049802168996997831720384953259095788558646464435263343433563860015,13115243279999696210147231297848654998887864576952244320558158620692603342236],
+ [6814338563135591367010655964669793483652536871717891893032616415581401894627,13660303521961041205824633772157003587453809761793065294055279768121314853695],
+ [3571615583211663069428808372184817973703476260057504149923239576077102575715,11981351099832644138306422070127357074117642951423551606012551622164230222506],
+ [18597552580465440374022635246985743886550544261632147935254624835147509493269,6753322320275422086923032033899357299485124665258735666995435957890214041481]
+ ]
+
+ var nSegments = ((n-1)\200)+1;
+
+ component segments[nSegments];
+
+ var i;
+ var j;
+ var nBits;
+ var nWindows;
+ for (i=0; i<nSegments; i++) {
+ nBits = (i == (nSegments-1)) ? n - (nSegments-1)*200 : 200;
+ nWindows = ((nBits - 1)\4)+1;
+ segments[i] = Segment(nWindows);
+ segments[i].base[0] <== BASE[i][0];
+ segments[i].base[1] <== BASE[i][1];
+ for (j = 0; j<nBits; j++) {
+ segments[i].in[j] <== in[i*200+j];
+ }
+ // Fill padding bits
+ for (j = nBits; j < nWindows*4; j++) {
+ segments[i].in[j] <== 0;
+ }
+ }
+
+ component adders[nSegments-1];
+
+ for (i=0; i<nSegments-1; i++) {
+ adders[i] = BabyAdd();
+ if (i==0) {
+ adders[i].x1 <== segments[0].out[0];
+ adders[i].y1 <== segments[0].out[1];
+ adders[i].x2 <== segments[1].out[0];
+ adders[i].y2 <== segments[1].out[1];
+ } else {
+ adders[i].x1 <== adders[i-1].xout;
+ adders[i].y1 <== adders[i-1].yout;
+ adders[i].x2 <== segments[i+1].out[0];
+ adders[i].y2 <== segments[i+1].out[1];
+ }
+ }
+
+/*
+ coponent packPoint = PackPoint();
+
+ if (nSegments>1) {
+ packPoint.in[0] <== adders[nSegments-2].xout;
+ packPoint.in[1] <== adders[nSegments-2].yout;
+ } else {
+ packPoint.in[0] <== segments[0].out[0];
+ packPoint.in[1] <== segments[0].out[1];
+ }
+
+ out[0] <== packPoint.out[0];
+ out[1] <== packPoint.out[1];
+*/
+
+ if (nSegments>1) {
+ out[0] <== adders[nSegments-2].xout;
+ out[1] <== adders[nSegments-2].yout;
+ } else {
+ out[0] <== segments[0].out[0];
+ out[1] <== segments[0].out[1];
+ }
+}
+
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.test.js b/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.test.js
new file mode 100644
index 00000000..78ffc58f
--- /dev/null
+++ b/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.test.js
@@ -0,0 +1,48 @@
+const path = require("path");
+
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+const babyJub = require("../../../../src/babyjub.js");
+const pedersen = require("../../../../src/pedersenHash.js");
+
+
+describe("Pedersen test", function() {
+ let circuit;
+ this.timeout(100000);
+ before( async() => {
+
+ circuit = await tester(path.join(__dirname, "pedersen_test.circom"));
+ });
+ it("Should pedersen at zero", async () => {
+
+ let w;
+
+ w = await circuit.calculateWitness({ in: 0}, true);
+ const b = Buffer.alloc(32);
+
+ const h = pedersen.hash(b);
+ const hP = babyJub.unpackPoint(h);
+
+ await circuit.assertOut(w, {out: hP});
+
+ });
+ it("Should pedersen with 253 ones", async () => {
+
+ let w;
+
+ const n = bigInt.one.shiftLeft(253).minus(bigInt.one);
+
+ w = await circuit.calculateWitness({ in: n}, true);
+
+ const b = Buffer.alloc(32);
+ for (let i=0; i<31; i++) b[i] = 0xFF;
+ b[31] = 0x1F;
+
+ const h = pedersen.hash(b);
+ const hP = babyJub.unpackPoint(h);
+
+ await circuit.assertOut(w, {out: hP});
+
+ });
+});
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4_test.circom b/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4_test.circom
new file mode 100644
index 00000000..e23c7d43
--- /dev/null
+++ b/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4_test.circom
@@ -0,0 +1,34 @@
+// include "../circuits/crypto_templates/hash_functions/pedersen_w4/pedersen.circom";
+// include "../circuits/basic_templates/bitify/num2bits/num2bits.circom";
+
+include "pedersen_w4_.circom";
+include "../../../basic_templates/bitify/num2bits/num2bits.circom";
+
+template Main() {
+ signal input in;
+ signal output out[2];
+
+ component pedersen = Pedersen(256);
+
+ component n2b;
+ n2b = Num2Bits(253);
+
+ var i;
+
+ in ==> n2b.in;
+
+ for (i=0; i<253; i++) {
+ pedersen.in[i] <== n2b.out[i];
+ }
+
+ for (i=253; i<256; i++) {
+ pedersen.in[i] <== 0;
+ }
+
+ pedersen.out[0] ==> out[0];
+ pedersen.out[1] ==> out[1];
+}
+
+component main = Main();
+
+
diff --git a/circuits/crypto_templates/hash_functions/pedersen/segment/segment.circom b/circuits/crypto_templates/hash_functions/pedersen_w4/segment/segment.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen/segment/segment.circom
rename to circuits/crypto_templates/hash_functions/pedersen_w4/segment/segment.circom
diff --git a/circuits/crypto_templates/hash_functions/pedersen/window4/window4.circom b/circuits/crypto_templates/hash_functions/pedersen_w4/window4/window4.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen/window4/window4.circom
rename to circuits/crypto_templates/hash_functions/pedersen_w4/window4/window4.circom
From 627c983202f9d2e64bfd1e97e0b6eee2bbd31cec Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Thu, 9 Apr 2020 18:03:18 +0200
Subject: [PATCH 20/27] Worked on Pedersen hash - 3 windows
---
.../hash_functions/pedersen_w3/pedersen_w3.circom | 4 ++--
.../hash_functions/pedersen_w3/segment3/segment3.circom | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.circom b/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.circom
index 66539cc4..acec4977 100644
--- a/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.circom
+++ b/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.circom
@@ -18,8 +18,8 @@
*/
include "../../elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom"
-include "segment/segment.circom";
-include "window4/window4.circom";
+include "segment3/segment3.circom";
+include "window3/window3.circom";
template Pedersen(n) {
signal input in[n];
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w3/segment3/segment3.circom b/circuits/crypto_templates/hash_functions/pedersen_w3/segment3/segment3.circom
index f1a78110..b7645c06 100644
--- a/circuits/crypto_templates/hash_functions/pedersen_w3/segment3/segment3.circom
+++ b/circuits/crypto_templates/hash_functions/pedersen_w3/segment3/segment3.circom
@@ -22,7 +22,7 @@ include "../../../elliptic_curves/baby_jubjub/edwards2montgomery/edwards2montgom
include "../../../elliptic_curves/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom"
include "../window3/window3.circom";
-template Segment(nWindows) {
+template Segment3(nWindows) {
signal input in[nWindows*3];
signal input base[2];
signal output out[2];
From 6ac12e7b40be24d8141da8c5675998548640a439 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Sat, 11 Apr 2020 14:30:29 +0200
Subject: [PATCH 21/27] Modified mocha script, worked on unitary tests. Still
some to be readded.
---
.../logic_gates/and/and.test.js | 2 -
circuits/crypto_templates/README.md | 40 ++-
.../baby_jubjub/README.md | 0
.../baby_jubjub/edwards/README.md | 0
.../baby_jubjub/edwards/babyadd/README.md | 2 -
.../edwards/babyadd/babyadd.circom | 0
.../edwards/babyadd/babyadd.test.js | 0
.../edwards/babyadd/babyadd_test.circom | 3 +
.../baby_jubjub/edwards/babycheck/README.md | 0
.../edwards/babycheck/babycheck.circom | 0
.../edwards/babycheck/babycheck.test.js | 0
.../edwards/babycheck/babycheck_test.circom | 3 +
.../baby_jubjub/edwards/babydbl/README.md | 0
.../edwards/babydbl/babydbl.circom | 0
.../baby_jubjub/edwards/babypbk/README.md | 0
.../edwards/babypbk/babypbk.circom | 0
.../baby_jubjub/edwards/scalar_mul/README.md | 0
.../edwards/scalar_mul/scalarmul/README.md | 0
.../scalar_mul/scalarmul/scalarmul.circom | 12 +-
.../scalar_mul/scalarmul/scalarmul.test.js | 3 +
.../scalarmul/scalarmul_min_test.circom | 0
.../scalarmul/scalarmul_test.circom | 0
.../scalarmul/scalarmul_test_min.circom | 0
.../scalarmul/scalarmulw4table}/README.md | 0
.../scalarmulw4table/scalarmulw4table.circom} | 2 +-
.../scalarmulw4table/scalarmulw4table.test.js | 76 +++++
.../scalarmulw4table_test.circom | 9 +-
.../scalarmulw4table_test2.circom | 4 +-
.../scalarmulw4table_test3.circom | 8 +-
.../scalarmulwindow/scalarmulwindow.circom | 57 ++++
.../scalar_mul/scalarmulany}/README.md | 0
.../bitelementmulany/bitelementmulany.circom | 10 +-
.../multiplexor2/multiplexor2.circom | 0
.../scalarmulany/scalarmulany.circom | 118 +------
.../scalarmulany/scalarmulany.test.js | 4 +-
.../scalarmulany/scalarmulany_test.circom | 28 ++
.../segmentmulany/segmentmulany.circom | 13 +-
.../scalar_mul/scalarmulfix}/README.md | 0
.../scalarmulfix/scalarmulfix.circom | 95 ++++++
.../scalarmulfix/scalarmulfix.test.js | 15 +-
.../scalarmulfix/scalarmulfix_test.circom | 13 +-
.../segmentmulfix/segmentmulfix.circom | 118 +++++++
.../windowmulfix/windowmulfix.circom | 131 ++++++++
.../baby_jubjub/edwards2montgomery/README.md | 0
.../edwards2montgomery.circom | 0
.../baby_jubjub/montgomery/README.md | 0
.../montgomery/montgomeryadd/README.md | 0
.../montgomeryadd/montgomeryadd.circom | 0
.../montgomery/montgomerydouble/README.md | 0
.../montgomerydouble/montgomerydouble.circom | 0
.../baby_jubjub/montgomery2edwards/README.md | 0
.../montgomery2edwards.circom | 0
.../baby_jubjub/point2bits/README.md | 0
.../baby_jubjub/point2bits/pointbits.circom | 0
.../elliptic_curves/README.md | 23 --
.../edwards/babyadd/babyadd_test.circom | 3 -
.../edwards/babycheck/babycheck_test.circom | 3 -
.../scalarmulwindow/scalarmulwindow.circom | 102 ------
.../scalarmulfix/escalarmulfix.circom | 298 ------------------
.../mimc/mimc7/mimc_test.circom | 3 -
.../mimc/mimc7/mimccircuit.test.js | 25 --
.../mimc/mimc7/mimccontract.test.js | 48 ---
.../mimcsponge/mimc_sponge_hash_test.circom | 3 -
.../mimc/mimcsponge/mimc_sponge_test.circom | 3 -
.../mimc/mimcsponge/mimcspongecircuit.test.js | 37 ---
.../mimcsponge/mimcspongecontract.test.js | 43 ---
.../pedersen_old/pedersen_old.test.js | 77 -----
.../pedersen_old/pedersen_old_test.circom | 29 --
.../pedersen_w3/pedersen_w3.test.js | 48 ---
.../pedersen_w3/pedersen_w3_test.circom | 34 --
.../pedersen_w4/pedersen_w4.circom | 2 +-
.../pedersen_w4/pedersen_w4.test.js | 3 +-
.../pedersen_w4/pedersen_w4_test.circom | 2 +-
.../pedersen_w4/segment/segment.circom | 6 +-
.../pedersen_w4/window4/window4.circom | 4 +-
.../poseidon/poseidon3_test.circom | 3 -
.../poseidon/poseidon6_test.circom | 3 -
.../poseidon/poseidoncircuit.test.js | 76 -----
.../poseidon/poseidoncontract.test.js | 69 ----
.../sha256/constants/constants.test.js | 26 --
.../sha256/constants/constants_test.circom | 18 --
.../signatures/eddsa/eddsa/eddsa.test.js | 67 ----
.../signatures/eddsa/eddsa/eddsa_js.test.js | 82 -----
.../signatures/eddsa/eddsa/eddsa_test.circom | 3 -
.../eddsa/eddsamimc/eddsamimc.test.js | 96 ------
.../eddsa/eddsamimc/eddsamimc_test.circom | 3 -
.../eddsa/eddsaposeidon/eddsaposeidon.test.js | 99 ------
.../eddsaposeidon/eddsaposeidon_test.circom | 3 -
circuits/crypto_templates/smt/smtjs.test.js | 181 -----------
.../crypto_templates/smt/smtprocessor.test.js | 208 ------------
.../smt/smtprocessor10_test.circom | 3 -
.../crypto_templates/smt/smtverifier.test.js | 136 --------
.../smt/smtverifier10_test.circom | 3 -
package.json | 5 +-
test/babyjub_js.test.js | 164 ----------
test/babypbk.test.js | 41 ---
test/babypbk_test.circom | 3 -
test/circuits/eddsa_test.circom | 3 -
test/circuits/eddsamimc_test.circom | 3 -
test/circuits/eddsaposeidon_test.circom | 3 -
test/circuits/edwards2montgomery.circom | 3 -
test/circuits/escalarmulany_test.circom | 28 --
test/circuits/in.json | 258 ---------------
test/circuits/mimc_sponge_hash_test.circom | 3 -
test/circuits/mimc_sponge_test.circom | 3 -
test/circuits/mimc_test.circom | 3 -
test/circuits/montgomery2edwards.circom | 3 -
test/circuits/montgomeryadd.circom | 3 -
test/circuits/montgomerydouble.circom | 3 -
test/circuits/mux1_1.circom | 31 --
test/circuits/mux2_1.circom | 35 --
test/circuits/mux3_1.circom | 39 ---
test/circuits/mux4_1.circom | 54 ----
test/circuits/pointbits_loopback.circom | 23 --
test/circuits/poseidon3_test.circom | 3 -
test/circuits/poseidon6_test.circom | 3 -
test/circuits/sha256_2_test.circom | 15 -
test/circuits/sha256_test448.circom | 3 -
test/circuits/sha256_test512.circom | 3 -
test/circuits/smtprocessor10_test.circom | 3 -
test/circuits/smtverifier10_test.circom | 3 -
test/compconstant.test.js | 51 ---
test/compconstant_test.circom | 3 -
test/constants_test.circom | 18 --
test/helpers/printsignal.js | 22 --
test/helpers/sha256.js | 178 -----------
test/in.json | 258 ---------------
test/montgomery.test.js | 91 ------
test/multiplexer.test.js | 98 ------
test/point2bits.test.js | 23 --
test/sha256.test.js | 115 -------
test/sha256_2_test.circom | 15 -
132 files changed, 605 insertions(+), 3652 deletions(-)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/babyadd/README.md (98%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/babyadd/babyadd.circom (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/babyadd/babyadd.test.js (100%)
create mode 100644 circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd_test.circom
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/babycheck/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/babycheck/babycheck.circom (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/babycheck/babycheck.test.js (100%)
create mode 100644 circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck_test.circom
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/babydbl/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/babydbl/babydbl.circom (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/babypbk/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/babypbk/babypbk.circom (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/scalar_mul/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/scalar_mul/scalarmul/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom (97%)
rename test/escalarmul.test.js => circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.test.js (99%)
rename test/circuits/escalarmul_min_test.circom => circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_min_test.circom (100%)
rename test/circuits/escalarmul_test.circom => circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test.circom (100%)
rename test/circuits/escalarmul_test_min.circom => circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test_min.circom (100%)
rename circuits/crypto_templates/{elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany => baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table}/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/escalarmulw4table.circom => baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.circom} (97%)
create mode 100644 circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.test.js
rename test/circuits/escalarmulw4table_test.circom => circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test.circom (62%)
rename test/circuits/escalarmulw4table.circom => circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test2.circom (65%)
rename test/circuits/escalarmulw4table_test3.circom => circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test3.circom (63%)
create mode 100644 circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom
rename circuits/crypto_templates/{elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix => baby_jubjub/edwards/scalar_mul/scalarmulany}/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom (89%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom (53%)
rename test/escalarmulany.test.js => circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.test.js (88%)
create mode 100644 circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany_test.circom
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom (88%)
rename circuits/crypto_templates/{elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable => baby_jubjub/edwards/scalar_mul/scalarmulfix}/README.md (100%)
create mode 100644 circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.circom
rename test/escalarmulfix.test.js => circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.test.js (85%)
rename test/circuits/escalarmulfix_test.circom => circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix_test.circom (60%)
create mode 100644 circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/segmentmulfix/segmentmulfix.circom
create mode 100644 circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/windowmulfix/windowmulfix.circom
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards2montgomery/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/edwards2montgomery/edwards2montgomery.circom (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/montgomery/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/montgomery/montgomeryadd/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/montgomery/montgomerydouble/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/montgomery2edwards/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/montgomery2edwards/montgomery2edwards.circom (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/point2bits/README.md (100%)
rename circuits/crypto_templates/{elliptic_curves => }/baby_jubjub/point2bits/pointbits.circom (100%)
delete mode 100644 circuits/crypto_templates/elliptic_curves/README.md
delete mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
delete mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
delete mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom
delete mode 100644 circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/escalarmulfix.circom
delete mode 100644 circuits/crypto_templates/hash_functions/mimc/mimc7/mimc_test.circom
delete mode 100644 circuits/crypto_templates/hash_functions/mimc/mimc7/mimccircuit.test.js
delete mode 100644 circuits/crypto_templates/hash_functions/mimc/mimc7/mimccontract.test.js
delete mode 100644 circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimc_sponge_hash_test.circom
delete mode 100644 circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimc_sponge_test.circom
delete mode 100644 circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcspongecircuit.test.js
delete mode 100644 circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcspongecontract.test.js
delete mode 100644 circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old.test.js
delete mode 100644 circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old_test.circom
delete mode 100644 circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.test.js
delete mode 100644 circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3_test.circom
delete mode 100644 circuits/crypto_templates/hash_functions/poseidon/poseidon3_test.circom
delete mode 100644 circuits/crypto_templates/hash_functions/poseidon/poseidon6_test.circom
delete mode 100644 circuits/crypto_templates/hash_functions/poseidon/poseidoncircuit.test.js
delete mode 100644 circuits/crypto_templates/hash_functions/poseidon/poseidoncontract.test.js
delete mode 100644 circuits/crypto_templates/hash_functions/sha256/constants/constants.test.js
delete mode 100644 circuits/crypto_templates/hash_functions/sha256/constants/constants_test.circom
delete mode 100644 circuits/crypto_templates/signatures/eddsa/eddsa/eddsa.test.js
delete mode 100644 circuits/crypto_templates/signatures/eddsa/eddsa/eddsa_js.test.js
delete mode 100644 circuits/crypto_templates/signatures/eddsa/eddsa/eddsa_test.circom
delete mode 100644 circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc.test.js
delete mode 100644 circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc_test.circom
delete mode 100644 circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon.test.js
delete mode 100644 circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon_test.circom
delete mode 100644 circuits/crypto_templates/smt/smtjs.test.js
delete mode 100644 circuits/crypto_templates/smt/smtprocessor.test.js
delete mode 100644 circuits/crypto_templates/smt/smtprocessor10_test.circom
delete mode 100644 circuits/crypto_templates/smt/smtverifier.test.js
delete mode 100644 circuits/crypto_templates/smt/smtverifier10_test.circom
delete mode 100644 test/babyjub_js.test.js
delete mode 100644 test/babypbk.test.js
delete mode 100644 test/babypbk_test.circom
delete mode 100644 test/circuits/eddsa_test.circom
delete mode 100644 test/circuits/eddsamimc_test.circom
delete mode 100644 test/circuits/eddsaposeidon_test.circom
delete mode 100644 test/circuits/edwards2montgomery.circom
delete mode 100644 test/circuits/escalarmulany_test.circom
delete mode 100644 test/circuits/in.json
delete mode 100644 test/circuits/mimc_sponge_hash_test.circom
delete mode 100644 test/circuits/mimc_sponge_test.circom
delete mode 100644 test/circuits/mimc_test.circom
delete mode 100644 test/circuits/montgomery2edwards.circom
delete mode 100644 test/circuits/montgomeryadd.circom
delete mode 100644 test/circuits/montgomerydouble.circom
delete mode 100644 test/circuits/mux1_1.circom
delete mode 100644 test/circuits/mux2_1.circom
delete mode 100644 test/circuits/mux3_1.circom
delete mode 100644 test/circuits/mux4_1.circom
delete mode 100644 test/circuits/pointbits_loopback.circom
delete mode 100644 test/circuits/poseidon3_test.circom
delete mode 100644 test/circuits/poseidon6_test.circom
delete mode 100644 test/circuits/sha256_2_test.circom
delete mode 100644 test/circuits/sha256_test448.circom
delete mode 100644 test/circuits/sha256_test512.circom
delete mode 100644 test/circuits/smtprocessor10_test.circom
delete mode 100644 test/circuits/smtverifier10_test.circom
delete mode 100644 test/compconstant.test.js
delete mode 100644 test/compconstant_test.circom
delete mode 100644 test/constants_test.circom
delete mode 100644 test/helpers/printsignal.js
delete mode 100644 test/helpers/sha256.js
delete mode 100644 test/in.json
delete mode 100644 test/montgomery.test.js
delete mode 100644 test/multiplexer.test.js
delete mode 100644 test/point2bits.test.js
delete mode 100644 test/sha256.test.js
delete mode 100644 test/sha256_2_test.circom
diff --git a/circuits/basic_templates/logic_gates/and/and.test.js b/circuits/basic_templates/logic_gates/and/and.test.js
index 40d3383d..42180e9a 100644
--- a/circuits/basic_templates/logic_gates/and/and.test.js
+++ b/circuits/basic_templates/logic_gates/and/and.test.js
@@ -3,8 +3,6 @@ const path = require("path");
const tester = require("circom").tester;
-const bigInt = require("big-integer");
-
const assert = chai.assert;
describe("AND test", function () {
diff --git a/circuits/crypto_templates/README.md b/circuits/crypto_templates/README.md
index 5df63f14..f9249e81 100644
--- a/circuits/crypto_templates/README.md
+++ b/circuits/crypto_templates/README.md
@@ -4,18 +4,48 @@ This folder contains the templates to compute cryptographic functions, such as h
## Structure of the folder
+- [`elliptic_curves`](elliptic_curves)
+ - [`baby_jubjub`](elliptic_curves/baby_jubjub)
+ - [`edwards`](elliptic_curves/baby_jubjub/edwards)
+ - [`babyadd`](elliptic_curves/baby_jubjub/edwards/babyadd)
+ - [`babycheck`](elliptic_curves/baby_jubjub/edwards/babycheck)
+ - [`babydbl`](elliptic_curves/baby_jubjub/edwards/babydbl)
+ - [`babypbk`](elliptic_curves/baby_jubjub/edwards/babypbk)
+ - [`scalar_mul`](elliptic_curves/baby_jubjub/edwards/scalar_mul)
+ - [`scalarmul`](elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul)
+ - [`scalarmulwindow`](elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow)
+ - [`scalarmulany`](elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany)
+ - [`bitelementmulany`](elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany)
+ - [`multiplexor2`](elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2)
+ - [`segmentmulany`](elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany)
+ - [`scalarmulfix`](elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix)
+ - [`scalarmulwtable`](elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable)
+ - [`edwards2montgomery`](elliptic_curves/baby_jubjub/edwards2montgomery)
+ - [`montgomery`](elliptic_curves/baby_jubjub/montgomery)
+ - [`montgomeryadd`](elliptic_curves/baby_jubjub/montgomery/montgomeryadd)
+ - [`montgomerydouble`](elliptic_curves/baby_jubjub/montgomery/montgomerydouble)
+ - [`montgomery2edwards`](elliptic_curves/baby_jubjub/montgomery2edwards)
+ - [`point2bits`](elliptic_curves/baby_jubjub/point2bits)
- [`hash_functions`](hash_functions)
- [`mimc`](hash_functions/mimc)
- [`mimc7`](hash_functions/mimc/mimc7)
- [`mimcfeistel`](hash_functions/mimc/mimcfeistel)
- [`mimcsponge`](hash_functions/mimc/mimcsponge)
- [`multimimc7`](hash_functions/mimc/multimimc7)
- - [`pedersen`](hash_functions/pedersen)
- - [`segment`](hash_functions/pedersen/segment)
- - [`window3`](hash_functions/pedersen/window3)
- - [`window4`](hash_functions/pedersen/window4)
+ - [`pedersen_old`](hash_functions/pedersen_old)
+ - [`pedersen_w3`](hash_functions/pedersen_w3)
+ - [`segment3`](hash_functions/pedersen_w3/segment3)
+ - [`window3`](hash_functions/pedersen_w3/window3)
+ - [`pedersen_w4`](hash_functions/pedersen_w4)
+ - [`segment`](hash_functions/pedersen_w4/segment)
+ - [`window4`](hash_functions/pedersen_w4/window4)
- [`poseidon`](hash_functions/poseidon)
- [`sha256`](hash_functions/sha256)
+ - [`constants`](hash_functions/sha256/constants)
- [`signatures`](signatures)
- [`eddsa`](signatures/eddsa)
-- [`smt`](smt)
\ No newline at end of file
+ - [`eddsa`](signatures/eddsa/eddsa)
+ - [`eddsamimc`](signatures/eddsa/eddsamimc)
+ - [`eddsamimcsponge`](signatures/eddsa/eddsamimcsponge)
+ - [`eddsaposeidon`](signatures/eddsa/eddsaposeidon)
+- [`smt`](smt)
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/README.md b/circuits/crypto_templates/baby_jubjub/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/README.md
rename to circuits/crypto_templates/baby_jubjub/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/README.md b/circuits/crypto_templates/baby_jubjub/edwards/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/README.md
rename to circuits/crypto_templates/baby_jubjub/edwards/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/README.md b/circuits/crypto_templates/baby_jubjub/edwards/babyadd/README.md
similarity index 98%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
rename to circuits/crypto_templates/baby_jubjub/edwards/babyadd/README.md
index 5d16df2c..50551c67 100644
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/README.md
+++ b/circuits/crypto_templates/baby_jubjub/edwards/babyadd/README.md
@@ -1,7 +1,5 @@
# `BabyAdd()`
-PATH HERE: ~/CircomLib/Circuits/...
-
## Background
The arithmetic performed here is based on this [article](https://eprint.iacr.org/2008/013.pdf).
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom b/circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.test.js b/circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd.test.js
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.test.js
rename to circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd.test.js
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd_test.circom b/circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd_test.circom
new file mode 100644
index 00000000..f1e10d3b
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd_test.circom
@@ -0,0 +1,3 @@
+include "babyadd.circom";
+
+component main = BabyAdd();
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/README.md b/circuits/crypto_templates/baby_jubjub/edwards/babycheck/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/README.md
rename to circuits/crypto_templates/baby_jubjub/edwards/babycheck/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.circom b/circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.test.js b/circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck.test.js
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.test.js
rename to circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck.test.js
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck_test.circom b/circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck_test.circom
new file mode 100644
index 00000000..fe92b5a7
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck_test.circom
@@ -0,0 +1,3 @@
+include "babycheck.circom";
+
+component main = BabyCheck();
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/README.md b/circuits/crypto_templates/baby_jubjub/edwards/babydbl/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/README.md
rename to circuits/crypto_templates/baby_jubjub/edwards/babydbl/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babydbl.circom b/circuits/crypto_templates/baby_jubjub/edwards/babydbl/babydbl.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babydbl/babydbl.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/babydbl/babydbl.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/README.md b/circuits/crypto_templates/baby_jubjub/edwards/babypbk/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/README.md
rename to circuits/crypto_templates/baby_jubjub/edwards/babypbk/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom b/circuits/crypto_templates/baby_jubjub/edwards/babypbk/babypbk.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/babypbk/babypbk.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/README.md b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/README.md
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/README.md b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/README.md
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
similarity index 97%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
index 8ac5c69f..d59a732b 100644
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
@@ -61,10 +61,6 @@
*/
-include "mux4.circom";
-include "escalarmulw4table.circom";
-include "babyjub.circom";
-
/*
@@ -89,7 +85,9 @@ include "babyjub.circom";
*/
-template EscalarMul(n, base) {
+include "scalarmulwindow/scalamulwindow.circom";
+
+template ScalarMul(n, base) {
signal input in[n];
signal input inp[2]; // Point input to be added
signal output out[2];
@@ -102,7 +100,7 @@ template EscalarMul(n, base) {
// Construct the windows
for (i=0; i<nBlocks; i++) {
- windows[i] = EscalarMulWindow(base, i);
+ windows[i] = ScalarMulWindow(base, i);
}
// Connect the selectors
@@ -127,4 +125,4 @@ template EscalarMul(n, base) {
windows[nBlocks-1].out[0] ==> out[0];
windows[nBlocks-1].out[1] ==> out[1];
-}
+}
\ No newline at end of file
diff --git a/test/escalarmul.test.js b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.test.js
similarity index 99%
rename from test/escalarmul.test.js
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.test.js
index ec605976..a5021666 100644
--- a/test/escalarmul.test.js
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.test.js
@@ -1,3 +1,4 @@
+/*
const chai = require("chai");
const path = require("path");
const bigInt = require("big-integer");
@@ -112,3 +113,5 @@ describe("Exponentioation test", function () {
}).timeout(10000000);
});
+
+*/
\ No newline at end of file
diff --git a/test/circuits/escalarmul_min_test.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_min_test.circom
similarity index 100%
rename from test/circuits/escalarmul_min_test.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_min_test.circom
diff --git a/test/circuits/escalarmul_test.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test.circom
similarity index 100%
rename from test/circuits/escalarmul_test.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test.circom
diff --git a/test/circuits/escalarmul_test_min.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test_min.circom
similarity index 100%
rename from test/circuits/escalarmul_test_min.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test_min.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/escalarmulw4table.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.circom
similarity index 97%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/escalarmulw4table.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.circom
index 83498fb5..157ae7d1 100644
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/escalarmulw4table.circom
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.circom
@@ -27,7 +27,7 @@ function pointAdd(x1,y1,x2,y2) {
return res;
}
-function EscalarMulW4Table(base, k) {
+function ScalarMulW4Table(base, k) {
var out[16][2];
var i;
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.test.js b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.test.js
new file mode 100644
index 00000000..f7d9c3df
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.test.js
@@ -0,0 +1,76 @@
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+const babyJub = require("../../../../../../../src/babyjub");
+
+const assert = chai.assert;
+
+function print(circuit, w, s) {
+ console.log(s + ": " + w[circuit.getSignalIdx(s)]);
+}
+
+describe("Scalarmulw4table (exponentiation) test", function () {
+
+ this.timeout(100000);
+
+ it("Should generate the Exponentiation table for k=0", async () => {
+
+ const circuit = await tester(path.join(__dirname, "scalarmulw4table_test.circom"));
+
+ const w = await circuit.calculateWitness({in: 1});
+
+ await circuit.checkConstraints(w);
+
+ let g = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ let dbl= [bigInt("0"), bigInt("1")];
+
+ const expectedOut = [];
+
+ for (let i=0; i<16; i++) {
+
+ expectedOut.push(dbl);
+ dbl = babyJub.addPoint(dbl,g);
+ }
+
+ await circuit.assertOut(w, {out: expectedOut});
+
+ });
+
+ it("Should generate the Exponentiation table for k=3", async () => {
+
+ const circuit = await tester(path.join(__dirname, "scalarmulw4table_test3.circom"));
+
+ const w = await circuit.calculateWitness({in: 1});
+
+ await circuit.checkConstraints(w);
+
+ let g = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ for (let i=0; i<12;i++) {
+ g = babyJub.addPoint(g,g);
+ }
+
+ let dbl= [bigInt("0"), bigInt("1")];
+
+ const expectedOut = [];
+
+ for (let i=0; i<16; i++) {
+ expectedOut.push(dbl);
+
+ dbl = babyJub.addPoint(dbl,g);
+ }
+
+ await circuit.assertOut(w, {out: expectedOut});
+
+ });
+
+// TODO: Add last test.
+});
diff --git a/test/circuits/escalarmulw4table_test.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test.circom
similarity index 62%
rename from test/circuits/escalarmulw4table_test.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test.circom
index 9f6777fd..34c5f3cc 100644
--- a/test/circuits/escalarmulw4table_test.circom
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test.circom
@@ -1,5 +1,4 @@
-include "../../circuits/escalarmulw4table.circom";
-
+include "scalarmulw4table.circom";
template Main() {
signal input in;
@@ -7,10 +6,10 @@ template Main() {
var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
16950150798460657717958625567821834550301663161624707787222815936182638968203];
- var escalarMul[16][2] = EscalarMulW4Table(base, 0);
+ var scalarMul[16][2] = ScalarMulW4Table(base, 0);
for (var i=0; i<16; i++) {
- out[i][0] <== escalarMul[i][0]*in;
- out[i][1] <== escalarMul[i][1]*in;
+ out[i][0] <== scalarMul[i][0]*in;
+ out[i][1] <== scalarMul[i][1]*in;
}
}
diff --git a/test/circuits/escalarmulw4table.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test2.circom
similarity index 65%
rename from test/circuits/escalarmulw4table.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test2.circom
index 43143b6a..070afa8f 100644
--- a/test/circuits/escalarmulw4table.circom
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test2.circom
@@ -1,6 +1,6 @@
-include "../../circuits/escalarmulw4table.circom";
+include "scalarmulw4table.circom";
var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
16950150798460657717958625567821834550301663161624707787222815936182638968203]
-component main = EscalarMulW4Table(base, 0);
+component main = ScalarMulW4Table(base, 0);
diff --git a/test/circuits/escalarmulw4table_test3.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test3.circom
similarity index 63%
rename from test/circuits/escalarmulw4table_test3.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test3.circom
index d41d827e..0b6dcf64 100644
--- a/test/circuits/escalarmulw4table_test3.circom
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test3.circom
@@ -1,4 +1,4 @@
-include "../../circuits/escalarmulw4table.circom";
+include "scalarmulw4table.circom";
template Main() {
@@ -7,10 +7,10 @@ template Main() {
var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
16950150798460657717958625567821834550301663161624707787222815936182638968203];
- var escalarMul[16][2] = EscalarMulW4Table(base, 3);
+ var scalarMul[16][2] = ScalarMulW4Table(base, 3);
for (var i=0; i<16; i++) {
- out[i][0] <== escalarMul[i][0]*in;
- out[i][1] <== escalarMul[i][1]*in;
+ out[i][0] <== scalarMul[i][0]*in;
+ out[i][1] <== scalarMul[i][1]*in;
}
}
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom
new file mode 100644
index 00000000..4b2d6f5b
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom
@@ -0,0 +1,57 @@
+ /*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../../../../../basic_templates/mux/multimux4/multimux4.circom";
+include "../../../babyadd/babyadd.circom";
+include "../scalarmulw4table/scalarmulw4table.circom";
+
+template ScalarMulWindow(base, k) {
+
+ signal input in[2];
+ signal input sel[4];
+ signal output out[2];
+
+ var table[16][2];
+ component mux;
+ component adder;
+
+ var i;
+
+ table = ScalarMulW4Table(base, k);
+ mux = MultiMux4(2);
+ adder = BabyAdd();
+
+ for (i=0; i<4; i++) {
+ sel[i] ==> mux.s[i];
+ }
+
+ for (i=0; i<16; i++) {
+ mux.c[0][i] <== table[i][0];
+ mux.c[1][i] <== table[i][1];
+ }
+
+ in[0] ==> adder.x1;
+ in[1] ==> adder.y1;
+
+ mux.out[0] ==> adder.x2;
+ mux.out[1] ==> adder.y2;
+
+ adder.xout ==> out[0];
+ adder.yout ==> out[1];
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom
similarity index 89%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom
index 9bfb768f..f1ed9a9f 100644
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom
@@ -17,13 +17,9 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "montgomery.circom";
-include "babyjub.circom";
-include "comparators.circom";
-
-MontgomeryDouble();
-MontgomeryAdd();
-Multiplexor2();
+include "../../../../montgomery/montgomeryadd/montgomeryadd.circom";
+include "../../../../montgomery/montgomerydouble/montgomerydouble.circom";
+include "../multiplexor2/multiplexor2.circom";
template BitElementMulAny() {
signal input sel;
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom
similarity index 53%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom
index 3f6aec4d..dd1944bb 100644
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom
@@ -17,117 +17,15 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "montgomery.circom";
-include "babyjub.circom";
-include "comparators.circom";
-
-template Multiplexor2() {
- signal input sel;
- signal input in[2][2];
- signal output out[2];
-
- out[0] <== (in[1][0] - in[0][0])*sel + in[0][0];
- out[1] <== (in[1][1] - in[0][1])*sel + in[0][1];
-}
-
-template BitElementMulAny() {
- signal input sel;
- signal input dblIn[2];
- signal input addIn[2];
- signal output dblOut[2];
- signal output addOut[2];
-
- component doubler = MontgomeryDouble();
- component adder = MontgomeryAdd();
- component selector = Multiplexor2();
-
-
- sel ==> selector.sel;
-
- dblIn[0] ==> doubler.in[0];
- dblIn[1] ==> doubler.in[1];
- doubler.out[0] ==> adder.in1[0];
- doubler.out[1] ==> adder.in1[1];
- addIn[0] ==> adder.in2[0];
- addIn[1] ==> adder.in2[1];
- addIn[0] ==> selector.in[0][0];
- addIn[1] ==> selector.in[0][1];
- adder.out[0] ==> selector.in[1][0];
- adder.out[1] ==> selector.in[1][1];
-
- doubler.out[0] ==> dblOut[0];
- doubler.out[1] ==> dblOut[1];
- selector.out[0] ==> addOut[0];
- selector.out[1] ==> addOut[1];
-}
-
-// p is montgomery point
-// n must be <= 248
-// returns out in twisted edwards
-// Double is in montgomery to be linked;
-
-template SegmentMulAny(n) {
- signal input e[n];
- signal input p[2];
- signal output out[2];
- signal output dbl[2];
-
- component bits[n-1];
-
- component e2m = Edwards2Montgomery();
-
- p[0] ==> e2m.in[0];
- p[1] ==> e2m.in[1];
+include "../../babyadd/babyadd.circom";
+include "../../../montgomery2edwards/montgomery2edwards.circom";
+include "../../../montgomery/montgomerydouble/montgomerydouble.circom";
+include "segmentmulany/segmentmulany.circom";
+include "../../../../../basic_templates/comparators/iszero/iszero.circom";
- var i;
-
- bits[0] = BitElementMulAny();
- e2m.out[0] ==> bits[0].dblIn[0]
- e2m.out[1] ==> bits[0].dblIn[1]
- e2m.out[0] ==> bits[0].addIn[0]
- e2m.out[1] ==> bits[0].addIn[1]
- e[1] ==> bits[0].sel;
-
- for (i=1; i<n-1; i++) {
- bits[i] = BitElementMulAny();
-
- bits[i-1].dblOut[0] ==> bits[i].dblIn[0]
- bits[i-1].dblOut[1] ==> bits[i].dblIn[1]
- bits[i-1].addOut[0] ==> bits[i].addIn[0]
- bits[i-1].addOut[1] ==> bits[i].addIn[1]
- e[i+1] ==> bits[i].sel;
- }
-
- bits[n-2].dblOut[0] ==> dbl[0];
- bits[n-2].dblOut[1] ==> dbl[1];
-
- component m2e = Montgomery2Edwards();
-
- bits[n-2].addOut[0] ==> m2e.in[0];
- bits[n-2].addOut[1] ==> m2e.in[1];
-
- component eadder = BabyAdd();
-
- m2e.out[0] ==> eadder.x1;
- m2e.out[1] ==> eadder.y1;
- -p[0] ==> eadder.x2;
- p[1] ==> eadder.y2;
-
- component lastSel = Multiplexor2();
-
- e[0] ==> lastSel.sel;
- eadder.xout ==> lastSel.in[0][0];
- eadder.yout ==> lastSel.in[0][1];
- m2e.out[0] ==> lastSel.in[1][0];
- m2e.out[1] ==> lastSel.in[1][1];
-
- lastSel.out[0] ==> out[0];
- lastSel.out[1] ==> out[1];
-}
-
-// This function assumes that p is in the subgroup and it is different to 0
+// This function assumes that p is in the subgroup and it is different to 0.
-template EscalarMulAny(n) {
+template ScalarMulAny(n) {
signal input e[n]; // Input in binary format
signal input p[2]; // Point (Twisted format)
signal output out[2]; // Point (Twisted format)
@@ -193,4 +91,4 @@ template EscalarMulAny(n) {
adders[nsegments-2].xout*(1-zeropoint.out) ==> out[0];
adders[nsegments-2].yout+(1-adders[nsegments-2].yout)*zeropoint.out ==> out[1];
}
-}
+}
\ No newline at end of file
diff --git a/test/escalarmulany.test.js b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.test.js
similarity index 88%
rename from test/escalarmulany.test.js
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.test.js
index 3a831d09..01d8284f 100644
--- a/test/escalarmulany.test.js
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.test.js
@@ -7,7 +7,7 @@ function print(circuit, w, s) {
console.log(s + ": " + w[circuit.getSignalIdx(s)]);
}
-describe("Escalarmul test", function () {
+describe("Scalarmulany test", function () {
let circuitEMulAny;
this.timeout(100000);
@@ -18,7 +18,7 @@ describe("Escalarmul test", function () {
];
before( async() => {
- circuitEMulAny = await tester(path.join(__dirname, "circuits", "escalarmulany_test.circom"));
+ circuitEMulAny = await tester(path.join(__dirname, "scalarmulany_test.circom"));
});
it("Should generate Same escalar mul", async () => {
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany_test.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany_test.circom
new file mode 100644
index 00000000..e85246eb
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany_test.circom
@@ -0,0 +1,28 @@
+include "scalarmulany.circom";
+include "../../../../../basic_templates/bitify/num2bits/num2bits.circom";
+
+template Main() {
+ signal input e;
+ signal input p[2];
+ signal output out[2];
+
+ component n2b = Num2Bits(253);
+ component scalarMulAny = ScalarMulAny(253);
+
+ scalarMulAny.p[0] <== p[0];
+ scalarMulAny.p[1] <== p[1];
+
+ var i;
+
+ e ==> n2b.in;
+
+ for (i=0; i<253; i++) {
+ n2b.out[i] ==> scalarMulAny.e[i];
+ }
+
+ scalarMulAny.out[0] ==> out[0];
+ scalarMulAny.out[1] ==> out[1];
+}
+
+component main = Main();
+
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom
similarity index 88%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom
index 1c55bbf3..7d588fe5 100644
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom
@@ -17,14 +17,11 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "montgomery.circom";
-include "babyjub.circom";
-include "comparators.circom";
-Edwards2Montgomery
-BitElementMulAny
-Montgomery2Edwards
-BabyAdd
-Multiplexor2
+include "../../../babyadd/babyadd.circom";
+include "../../../../edwards2montgomery/edwards2montgomery.circom";
+include "../../../../montgomery2edwards/montgomery2edwards.circom";
+include "../bitelementmulany/bitelementmulany.circom";
+include "../multiplexor2/multiplexor2.circom";
// p is montgomery point
// n must be <= 248
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/README.md b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulwtable/README.md
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.circom
new file mode 100644
index 00000000..c90f802d
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.circom
@@ -0,0 +1,95 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "segmentmulfix/segmentmulfix.circom";
+include "../../babyadd/babyadd.circom";
+include "../../../montgomery2edwards/montgomery2edwards.circom";
+
+/*
+This component multiplies a escalar times a fixed point BASE (twisted edwards format)
+ Signals
+ e: The escalar in binary format
+ out: The output point in twisted edwards
+ */
+
+template ScalarMulFix(n, BASE) {
+ signal input e[n]; // Input in binary format
+ signal output out[2]; // Point (Twisted format)
+
+ var nsegments = (n-1)\246 +1; // 249 probably would work. But I'm not sure and for security I keep 246.
+ var nlastsegment = n - (nsegments-1)*249;
+
+ component segments[nsegments];
+
+ component m2e[nsegments-1];
+ component adders[nsegments-1];
+
+ var s;
+ var i;
+ var nseg;
+ var nWindows;
+
+ for (s=0; s<nsegments; s++) {
+
+ nseg = (s < nsegments-1) ? 249 : nlastsegment;
+ nWindows = ((nseg - 1)\3)+1;
+
+ segments[s] = SegmentMulFix(nWindows);
+
+ for (i=0; i<nseg; i++) {
+ segments[s].e[i] <== e[s*249+i];
+ }
+
+ for (i = nseg; i<nWindows*3; i++) {
+ segments[s].e[i] <== 0;
+ }
+
+ if (s==0) {
+ segments[s].base[0] <== BASE[0];
+ segments[s].base[1] <== BASE[1];
+ } else {
+ m2e[s-1] = Montgomery2Edwards();
+ adders[s-1] = BabyAdd();
+
+ segments[s-1].dbl[0] ==> m2e[s-1].in[0];
+ segments[s-1].dbl[1] ==> m2e[s-1].in[1];
+
+ m2e[s-1].out[0] ==> segments[s].base[0];
+ m2e[s-1].out[1] ==> segments[s].base[1];
+
+ if (s==1) {
+ segments[s-1].out[0] ==> adders[s-1].x1;
+ segments[s-1].out[1] ==> adders[s-1].y1;
+ } else {
+ adders[s-2].xout ==> adders[s-1].x1;
+ adders[s-2].yout ==> adders[s-1].y1;
+ }
+ segments[s].out[0] ==> adders[s-1].x2;
+ segments[s].out[1] ==> adders[s-1].y2;
+ }
+ }
+
+ if (nsegments == 1) {
+ segments[0].out[0] ==> out[0];
+ segments[0].out[1] ==> out[1];
+ } else {
+ adders[nsegments-2].xout ==> out[0];
+ adders[nsegments-2].yout ==> out[1];
+ }
+}
\ No newline at end of file
diff --git a/test/escalarmulfix.test.js b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.test.js
similarity index 85%
rename from test/escalarmulfix.test.js
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.test.js
index 2486695f..019efd07 100644
--- a/test/escalarmulfix.test.js
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.test.js
@@ -2,7 +2,7 @@ const chai = require("chai");
const path = require("path");
const bigInt = require("big-integer");
const tester = require("circom").tester;
-const babyjub = require("../src/babyjub");
+const babyjub = require("../../../../../../src/babyjub");
const assert = chai.assert;
@@ -10,16 +10,16 @@ function print(circuit, w, s) {
console.log(s + ": " + w[circuit.getSignalIdx(s)]);
}
-describe("Escalarmul test", function () {
+describe("Scalarmulfix test", function () {
let circuit;
this.timeout(100000);
before( async() => {
- circuit = await tester(path.join(__dirname, "circuits", "escalarmulfix_test.circom"));
+ circuit = await tester(path.join(__dirname, "scalarmulfix_test.circom"));
});
- it("Should generate Same escalar mul", async () => {
+ it("Should generate same scalar mul", async () => {
const w = await circuit.calculateWitness({"e": 0});
@@ -29,7 +29,7 @@ describe("Escalarmul test", function () {
});
- it("Should generate Same escalar mul", async () => {
+ it("Should generate same scalar mul", async () => {
const w = await circuit.calculateWitness({"e": 1}, true);
@@ -57,7 +57,7 @@ describe("Escalarmul test", function () {
});
- it("Should generate scalar mul of the firsts 50 elements", async () => {
+ it("Should generate scalar mul of the first 50 elements", async () => {
const base8 = [
bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
@@ -86,5 +86,4 @@ describe("Escalarmul test", function () {
await circuit.assertOut(w, {out: [0,1]});
});
-});
-
+});
\ No newline at end of file
diff --git a/test/circuits/escalarmulfix_test.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix_test.circom
similarity index 60%
rename from test/circuits/escalarmulfix_test.circom
rename to circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix_test.circom
index 7d80b79e..e84e0471 100644
--- a/test/circuits/escalarmulfix_test.circom
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix_test.circom
@@ -1,6 +1,5 @@
-include "../../circuits/escalarmulfix.circom";
-include "../../circuits/bitify.circom";
-
+include "scalarmulfix.circom";
+include "../../../../../basic_templates/bitify/num2bits/num2bits.circom";
template Main() {
signal input e;
@@ -11,18 +10,18 @@ template Main() {
component n2b = Num2Bits(253);
- component escalarMul = EscalarMulFix(253, base);
+ component scalarMul = ScalarMulFix(253, base);
var i;
e ==> n2b.in;
for (i=0; i<253; i++) {
- n2b.out[i] ==> escalarMul.e[i];
+ n2b.out[i] ==> scalarMul.e[i];
}
- escalarMul.out[0] ==> out[0];
- escalarMul.out[1] ==> out[1];
+ scalarMul.out[0] ==> out[0];
+ scalarMul.out[1] ==> out[1];
}
component main = Main();
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/segmentmulfix/segmentmulfix.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/segmentmulfix/segmentmulfix.circom
new file mode 100644
index 00000000..1789eef4
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/segmentmulfix/segmentmulfix.circom
@@ -0,0 +1,118 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../../../montgomery/montgomeryadd/montgomeryadd.circom";
+include "../../../../montgomery/montgomerydouble/montgomerydouble.circom";
+include "../../../../edwards2montgomery/edwards2montgomery.circom";
+include "../../../../montgomery2edwards/montgomery2edwards.circom";
+include "../../../babyadd/babyadd.circom";
+include "../windowmulfix/windowmulfix.circom";
+
+/*
+ This component does a multiplication of a escalar times a fix base
+ Signals:
+ e: The scalar in bits
+ base: the base point in edwards format
+ out: The result
+ dbl: Point in Edwards to be linked to the next segment.
+ */
+
+template SegmentMulFix(nWindows) {
+ signal input e[nWindows*3];
+ signal input base[2];
+ signal output out[2];
+ signal output dbl[2];
+
+ var i;
+ var j;
+
+ // Convert the base to montgomery
+
+ component e2m = Edwards2Montgomery();
+ e2m.in[0] <== base[0];
+ e2m.in[1] <== base[1];
+
+ component windows[nWindows];
+ component adders[nWindows];
+ component cadders[nWindows];
+
+ // In the last step we add an extra doubler so that numbers do not match.
+ component dblLast = MontgomeryDouble();
+
+ for (i=0; i<nWindows; i++) {
+ windows[i] = WindowMulFix();
+ cadders[i] = MontgomeryAdd();
+ if (i==0) {
+ windows[i].base[0] <== e2m.out[0];
+ windows[i].base[1] <== e2m.out[1];
+ cadders[i].in1[0] <== e2m.out[0];
+ cadders[i].in1[1] <== e2m.out[1];
+ } else {
+ windows[i].base[0] <== windows[i-1].out8[0];
+ windows[i].base[1] <== windows[i-1].out8[1];
+ cadders[i].in1[0] <== cadders[i-1].out[0];
+ cadders[i].in1[1] <== cadders[i-1].out[1];
+ }
+ for (j=0; j<3; j++) {
+ windows[i].in[j] <== e[3*i+j];
+ }
+ if (i<nWindows-1) {
+ cadders[i].in2[0] <== windows[i].out8[0];
+ cadders[i].in2[1] <== windows[i].out8[1];
+ } else {
+ dblLast.in[0] <== windows[i].out8[0];
+ dblLast.in[1] <== windows[i].out8[1];
+ cadders[i].in2[0] <== dblLast.out[0];
+ cadders[i].in2[1] <== dblLast.out[1];
+ }
+ }
+
+ for (i=0; i<nWindows; i++) {
+ adders[i] = MontgomeryAdd();
+ if (i==0) {
+ adders[i].in1[0] <== dblLast.out[0];
+ adders[i].in1[1] <== dblLast.out[1];
+ } else {
+ adders[i].in1[0] <== adders[i-1].out[0];
+ adders[i].in1[1] <== adders[i-1].out[1];
+ }
+ adders[i].in2[0] <== windows[i].out[0];
+ adders[i].in2[1] <== windows[i].out[1];
+ }
+
+ component m2e = Montgomery2Edwards();
+ component cm2e = Montgomery2Edwards();
+
+ m2e.in[0] <== adders[nWindows-1].out[0];
+ m2e.in[1] <== adders[nWindows-1].out[1];
+ cm2e.in[0] <== cadders[nWindows-1].out[0];
+ cm2e.in[1] <== cadders[nWindows-1].out[1];
+
+ component cAdd = BabyAdd();
+ cAdd.x1 <== m2e.out[0];
+ cAdd.y1 <== m2e.out[1];
+ cAdd.x2 <== -cm2e.out[0];
+ cAdd.y2 <== cm2e.out[1];
+
+ cAdd.xout ==> out[0];
+ cAdd.yout ==> out[1];
+
+ windows[nWindows-1].out8[0] ==> dbl[0];
+ windows[nWindows-1].out8[1] ==> dbl[1];
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/windowmulfix/windowmulfix.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/windowmulfix/windowmulfix.circom
new file mode 100644
index 00000000..04da4130
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/windowmulfix/windowmulfix.circom
@@ -0,0 +1,131 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+include "../../../../montgomery/montgomeryadd/montgomeryadd.circom";
+include "../../../../montgomery/montgomerydouble/montgomerydouble.circom";
+include "../../../../../../basic_templates/mux/multimux3/multimux3.circom";
+
+/*
+ Window of 3 elements, it calculates
+ out = base + base*in[0] + 2*base*in[1] + 4*base*in[2]
+ out4 = 4*base
+
+ The result should be compensated.
+ */
+
+/*
+ The scalar is s = a0 + a1*2^3 + a2*2^6 + ...... + a81*2^243
+ First We calculate Q = B + 2^3*B + 2^6*B + ......... + 2^246*B
+
+ Then we calculate S1 = 2*2^246*B + (1 + a0)*B + (2^3 + a1)*B + .....+ (2^243 + a81)*B
+
+ And Finaly we compute the result: RES = SQ - Q
+
+ As you can see the input of the adders cannot be equal nor zero, except for the last
+ substraction that it's done in montgomery.
+
+ A good way to see it is that the accumulator input of the adder >= 2^247*B and the other input
+ is the output of the windows that it's going to be <= 2^246*B
+ */
+
+template WindowMulFix() {
+ signal input in[3];
+ signal input base[2];
+ signal output out[2];
+ signal output out8[2]; // Returns 8*Base (To be linked)
+
+ component mux = MultiMux3(2);
+
+ mux.s[0] <== in[0];
+ mux.s[1] <== in[1];
+ mux.s[2] <== in[2];
+
+ component dbl2 = MontgomeryDouble();
+ component adr3 = MontgomeryAdd();
+ component adr4 = MontgomeryAdd();
+ component adr5 = MontgomeryAdd();
+ component adr6 = MontgomeryAdd();
+ component adr7 = MontgomeryAdd();
+ component adr8 = MontgomeryAdd();
+
+// in[0] -> 1*BASE
+
+ mux.c[0][0] <== base[0];
+ mux.c[1][0] <== base[1];
+
+// in[1] -> 2*BASE
+ dbl2.in[0] <== base[0];
+ dbl2.in[1] <== base[1];
+ mux.c[0][1] <== dbl2.out[0];
+ mux.c[1][1] <== dbl2.out[1];
+
+// in[2] -> 3*BASE
+ adr3.in1[0] <== base[0];
+ adr3.in1[1] <== base[1];
+ adr3.in2[0] <== dbl2.out[0];
+ adr3.in2[1] <== dbl2.out[1];
+ mux.c[0][2] <== adr3.out[0];
+ mux.c[1][2] <== adr3.out[1];
+
+// in[3] -> 4*BASE
+ adr4.in1[0] <== base[0];
+ adr4.in1[1] <== base[1];
+ adr4.in2[0] <== adr3.out[0];
+ adr4.in2[1] <== adr3.out[1];
+ mux.c[0][3] <== adr4.out[0];
+ mux.c[1][3] <== adr4.out[1];
+
+// in[4] -> 5*BASE
+ adr5.in1[0] <== base[0];
+ adr5.in1[1] <== base[1];
+ adr5.in2[0] <== adr4.out[0];
+ adr5.in2[1] <== adr4.out[1];
+ mux.c[0][4] <== adr5.out[0];
+ mux.c[1][4] <== adr5.out[1];
+
+// in[5] -> 6*BASE
+ adr6.in1[0] <== base[0];
+ adr6.in1[1] <== base[1];
+ adr6.in2[0] <== adr5.out[0];
+ adr6.in2[1] <== adr5.out[1];
+ mux.c[0][5] <== adr6.out[0];
+ mux.c[1][5] <== adr6.out[1];
+
+// in[6] -> 7*BASE
+ adr7.in1[0] <== base[0];
+ adr7.in1[1] <== base[1];
+ adr7.in2[0] <== adr6.out[0];
+ adr7.in2[1] <== adr6.out[1];
+ mux.c[0][6] <== adr7.out[0];
+ mux.c[1][6] <== adr7.out[1];
+
+// in[7] -> 8*BASE
+ adr8.in1[0] <== base[0];
+ adr8.in1[1] <== base[1];
+ adr8.in2[0] <== adr7.out[0];
+ adr8.in2[1] <== adr7.out[1];
+ mux.c[0][7] <== adr8.out[0];
+ mux.c[1][7] <== adr8.out[1];
+
+ out8[0] <== adr8.out[0];
+ out8[1] <== adr8.out[1];
+
+ out[0] <== mux.out[0];
+ out[1] <== mux.out[1];
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards2montgomery/README.md b/circuits/crypto_templates/baby_jubjub/edwards2montgomery/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards2montgomery/README.md
rename to circuits/crypto_templates/baby_jubjub/edwards2montgomery/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards2montgomery/edwards2montgomery.circom b/circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards2montgomery/edwards2montgomery.circom
rename to circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/README.md b/circuits/crypto_templates/baby_jubjub/montgomery/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/README.md
rename to circuits/crypto_templates/baby_jubjub/montgomery/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md b/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/README.md
rename to circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom b/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom
rename to circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/README.md b/circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/README.md
rename to circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom b/circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom
rename to circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery2edwards/README.md b/circuits/crypto_templates/baby_jubjub/montgomery2edwards/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery2edwards/README.md
rename to circuits/crypto_templates/baby_jubjub/montgomery2edwards/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery2edwards/montgomery2edwards.circom b/circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/montgomery2edwards/montgomery2edwards.circom
rename to circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards.circom
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/point2bits/README.md b/circuits/crypto_templates/baby_jubjub/point2bits/README.md
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/point2bits/README.md
rename to circuits/crypto_templates/baby_jubjub/point2bits/README.md
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/point2bits/pointbits.circom b/circuits/crypto_templates/baby_jubjub/point2bits/pointbits.circom
similarity index 100%
rename from circuits/crypto_templates/elliptic_curves/baby_jubjub/point2bits/pointbits.circom
rename to circuits/crypto_templates/baby_jubjub/point2bits/pointbits.circom
diff --git a/circuits/crypto_templates/elliptic_curves/README.md b/circuits/crypto_templates/elliptic_curves/README.md
deleted file mode 100644
index 1139f09a..00000000
--- a/circuits/crypto_templates/elliptic_curves/README.md
+++ /dev/null
@@ -1,23 +0,0 @@
-# `elliptic_curves`
-
-This folder contains the templates to do operations on different elliptic curves.
-
-## Structure of the Folder
-
-- [`baby_jubjub`](baby_jubjub)
- - [`edwards`](baby_jubjub/edwards)
- - [`babyadd`](baby_jubjub/edwards/babyadd)
- - [`babycheck`](baby_jubjub/edwards/babycheck)
- - [`babydbl`](baby_jubjub/edwards/babydbl)
- - [`babypbk`](baby_jubjub/edwards/babypbk)
- - [`scalar_mul`](baby_jubjub/edwards/scalar_mul)
- - [`scalarmul`](baby_jubjub/edwards/scalar_mul/scalarmul)
- - [`scalarmulany`](baby_jubjub/edwards/scalar_mul/scalarmulany)
- - [`scalarmulfix`](baby_jubjub/edwards/scalar_mul/scalarmulfix)
- - [`scalarmulwtable`](baby_jubjub/edwards/scalar_mul/scalarmulwtable)
- - [`edwards2montgomery`](baby_jubjub/edwards2montgomery)
- - [`montgomery`](baby_jubjub/montgomery)
- - [`montgomeryadd`](baby_jubjub/montgomery/montgomeryadd)
- - [`montgomerydouble`](baby_jubjub/montgomery/montgomerydouble)
- - [`montgomery2edwards`](baby_jubjub/montgomery2edwards)
- - [`point2bits`](baby_jubjub/point2bits)
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
deleted file mode 100644
index 5a4cc664..00000000
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom";
-
-component main = BabyAdd();
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
deleted file mode 100644
index 9cfa487f..00000000
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babycheck/babycheck.circom";
-
-component main = BabyCheck();
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom
deleted file mode 100644
index 1f79ce70..00000000
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom
+++ /dev/null
@@ -1,102 +0,0 @@
- /*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-/*
-
- ┏━━━━━━━━━━━┓
- ┃ ┃
- ┃ ┃
- (inx, iny) ══════════════════════════════════════════▶┃ EC Point ┃
- ┃ ╠═▶ (outx, outy)
- ╔══▶┃ Adder ┃
- ║ ┃ ┃
- ║ ┃ ┃
- ║ ┃ ┃
- ┏━━━━━━━━━━━┓ ┏━━━━━━━━━━━━┓ ║ ┗━━━━━━━━━━━┛
- ┃ ┃ ┃ ┃ ║
- ┃ ┃ ┃ ┃ ║
- ┃ ╠═══(p0x,p0y)═══▶┃ ┃ ║
- ┃ ╠═══(p1x,p1y)═══▶┃ ┃ ║
- ┃ ╠═══(p2x,p2y)═══▶┃ ┃ ║
- ┃ ╠═══(p3x,p3y)═══▶┃ ┃ ║
- ┃ ╠═══(p4x,p4y)═══▶┃ ┃ ║
- ┃ ╠═══(p5x,p5y)═══▶┃ ┃ ║
- ┃ ╠═══(p6x,p6y)═══▶┃ ┃ ║
- ┃ Constant ╠═══(p7x,p7y)═══▶┃ ┃ ║
- ┃ Points ┃ ┃ Mux4 ╠══╝
- ┃ ╠═══(p8x,p8y)═══▶┃ ┃
- ┃ ╠═══(p9x,p9y)═══▶┃ ┃
- ┃ ╠══(p10x,p10y)══▶┃ ┃
- ┃ ╠══(p11x,p11y)══▶┃ ┃
- ┃ ╠══(p12x,p12y)══▶┃ ┃
- ┃ ╠══(p13x,p13y)══▶┃ ┃
- ┃ ╠══(p14x,p14y)══▶┃ ┃
- ┃ ╠══(p15x,p15y)══▶┃ ┃
- ┃ ┃ ┃ ┃
- ┃ ┃ ┃ ┃
- ┗━━━━━━━━━━━┛ ┗━━━━━━━━━━━━┛
- ▲ ▲ ▲ ▲
- │ │ │ │
- s0 ─────────────────────────────────┘ │ │ │
- s1 ────────────────────────────────────┘ │ │
- s2 ───────────────────────────────────────┘ │
- s3 ──────────────────────────────────────────┘
-
-
- */
-
-include "../../../../../../../basic_templates/mux/multimux4/multimux4.circom";
-include "../../../babyadd/babyadd.circom";
-
-include "escalarmulw4table.circom";
-
-template EscalarMulWindow(base, k) {
-
- signal input in[2];
- signal input sel[4];
- signal output out[2];
-
- var table[16][2];
- component mux;
- component adder;
-
- var i;
-
- table = EscalarMulW4Table(base, k);
- mux = MultiMux4(2);
- adder = BabyAdd();
-
- for (i=0; i<4; i++) {
- sel[i] ==> mux.s[i];
- }
-
- for (i=0; i<16; i++) {
- mux.c[0][i] <== table[i][0];
- mux.c[1][i] <== table[i][1];
- }
-
- in[0] ==> adder.x1;
- in[1] ==> adder.y1;
-
- mux.out[0] ==> adder.x2;
- mux.out[1] ==> adder.y2;
-
- adder.xout ==> out[0];
- adder.yout ==> out[1];
-}
\ No newline at end of file
diff --git a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/escalarmulfix.circom b/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/escalarmulfix.circom
deleted file mode 100644
index e2c0998b..00000000
--- a/circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/scalar_mul/scalarmulfix/escalarmulfix.circom
+++ /dev/null
@@ -1,298 +0,0 @@
-/*
- Copyright 2018 0KIMS association.
-
- This file is part of circom (Zero Knowledge Circuit Compiler).
-
- circom is a free software: you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- circom is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with circom. If not, see <https://www.gnu.org/licenses/>.
-*/
-
-include "mux3.circom";
-include "montgomery.circom";
-include "babyjub.circom";
-
-/*
- Window of 3 elements, it calculates
- out = base + base*in[0] + 2*base*in[1] + 4*base*in[2]
- out4 = 4*base
-
- The result should be compensated.
- */
-
-/*
-
- The scalar is s = a0 + a1*2^3 + a2*2^6 + ...... + a81*2^243
- First We calculate Q = B + 2^3*B + 2^6*B + ......... + 2^246*B
-
- Then we calculate S1 = 2*2^246*B + (1 + a0)*B + (2^3 + a1)*B + .....+ (2^243 + a81)*B
-
- And Finaly we compute the result: RES = SQ - Q
-
- As you can see the input of the adders cannot be equal nor zero, except for the last
- substraction that it's done in montgomery.
-
- A good way to see it is that the accumulator input of the adder >= 2^247*B and the other input
- is the output of the windows that it's going to be <= 2^246*B
- */
-template WindowMulFix() {
- signal input in[3];
- signal input base[2];
- signal output out[2];
- signal output out8[2]; // Returns 8*Base (To be linked)
-
- component mux = MultiMux3(2);
-
- mux.s[0] <== in[0];
- mux.s[1] <== in[1];
- mux.s[2] <== in[2];
-
- component dbl2 = MontgomeryDouble();
- component adr3 = MontgomeryAdd();
- component adr4 = MontgomeryAdd();
- component adr5 = MontgomeryAdd();
- component adr6 = MontgomeryAdd();
- component adr7 = MontgomeryAdd();
- component adr8 = MontgomeryAdd();
-
-// in[0] -> 1*BASE
-
- mux.c[0][0] <== base[0];
- mux.c[1][0] <== base[1];
-
-// in[1] -> 2*BASE
- dbl2.in[0] <== base[0];
- dbl2.in[1] <== base[1];
- mux.c[0][1] <== dbl2.out[0];
- mux.c[1][1] <== dbl2.out[1];
-
-// in[2] -> 3*BASE
- adr3.in1[0] <== base[0];
- adr3.in1[1] <== base[1];
- adr3.in2[0] <== dbl2.out[0];
- adr3.in2[1] <== dbl2.out[1];
- mux.c[0][2] <== adr3.out[0];
- mux.c[1][2] <== adr3.out[1];
-
-// in[3] -> 4*BASE
- adr4.in1[0] <== base[0];
- adr4.in1[1] <== base[1];
- adr4.in2[0] <== adr3.out[0];
- adr4.in2[1] <== adr3.out[1];
- mux.c[0][3] <== adr4.out[0];
- mux.c[1][3] <== adr4.out[1];
-
-// in[4] -> 5*BASE
- adr5.in1[0] <== base[0];
- adr5.in1[1] <== base[1];
- adr5.in2[0] <== adr4.out[0];
- adr5.in2[1] <== adr4.out[1];
- mux.c[0][4] <== adr5.out[0];
- mux.c[1][4] <== adr5.out[1];
-
-// in[5] -> 6*BASE
- adr6.in1[0] <== base[0];
- adr6.in1[1] <== base[1];
- adr6.in2[0] <== adr5.out[0];
- adr6.in2[1] <== adr5.out[1];
- mux.c[0][5] <== adr6.out[0];
- mux.c[1][5] <== adr6.out[1];
-
-// in[6] -> 7*BASE
- adr7.in1[0] <== base[0];
- adr7.in1[1] <== base[1];
- adr7.in2[0] <== adr6.out[0];
- adr7.in2[1] <== adr6.out[1];
- mux.c[0][6] <== adr7.out[0];
- mux.c[1][6] <== adr7.out[1];
-
-// in[7] -> 8*BASE
- adr8.in1[0] <== base[0];
- adr8.in1[1] <== base[1];
- adr8.in2[0] <== adr7.out[0];
- adr8.in2[1] <== adr7.out[1];
- mux.c[0][7] <== adr8.out[0];
- mux.c[1][7] <== adr8.out[1];
-
- out8[0] <== adr8.out[0];
- out8[1] <== adr8.out[1];
-
- out[0] <== mux.out[0];
- out[1] <== mux.out[1];
-}
-
-
-/*
- This component does a multiplication of a escalar times a fix base
- Signals:
- e: The scalar in bits
- base: the base point in edwards format
- out: The result
- dbl: Point in Edwards to be linked to the next segment.
- */
-
-template SegmentMulFix(nWindows) {
- signal input e[nWindows*3];
- signal input base[2];
- signal output out[2];
- signal output dbl[2];
-
- var i;
- var j;
-
- // Convert the base to montgomery
-
- component e2m = Edwards2Montgomery();
- e2m.in[0] <== base[0];
- e2m.in[1] <== base[1];
-
- component windows[nWindows];
- component adders[nWindows];
- component cadders[nWindows];
-
- // In the last step we add an extra doubler so that numbers do not match.
- component dblLast = MontgomeryDouble();
-
- for (i=0; i<nWindows; i++) {
- windows[i] = WindowMulFix();
- cadders[i] = MontgomeryAdd();
- if (i==0) {
- windows[i].base[0] <== e2m.out[0];
- windows[i].base[1] <== e2m.out[1];
- cadders[i].in1[0] <== e2m.out[0];
- cadders[i].in1[1] <== e2m.out[1];
- } else {
- windows[i].base[0] <== windows[i-1].out8[0];
- windows[i].base[1] <== windows[i-1].out8[1];
- cadders[i].in1[0] <== cadders[i-1].out[0];
- cadders[i].in1[1] <== cadders[i-1].out[1];
- }
- for (j=0; j<3; j++) {
- windows[i].in[j] <== e[3*i+j];
- }
- if (i<nWindows-1) {
- cadders[i].in2[0] <== windows[i].out8[0];
- cadders[i].in2[1] <== windows[i].out8[1];
- } else {
- dblLast.in[0] <== windows[i].out8[0];
- dblLast.in[1] <== windows[i].out8[1];
- cadders[i].in2[0] <== dblLast.out[0];
- cadders[i].in2[1] <== dblLast.out[1];
- }
- }
-
- for (i=0; i<nWindows; i++) {
- adders[i] = MontgomeryAdd();
- if (i==0) {
- adders[i].in1[0] <== dblLast.out[0];
- adders[i].in1[1] <== dblLast.out[1];
- } else {
- adders[i].in1[0] <== adders[i-1].out[0];
- adders[i].in1[1] <== adders[i-1].out[1];
- }
- adders[i].in2[0] <== windows[i].out[0];
- adders[i].in2[1] <== windows[i].out[1];
- }
-
- component m2e = Montgomery2Edwards();
- component cm2e = Montgomery2Edwards();
-
- m2e.in[0] <== adders[nWindows-1].out[0];
- m2e.in[1] <== adders[nWindows-1].out[1];
- cm2e.in[0] <== cadders[nWindows-1].out[0];
- cm2e.in[1] <== cadders[nWindows-1].out[1];
-
- component cAdd = BabyAdd();
- cAdd.x1 <== m2e.out[0];
- cAdd.y1 <== m2e.out[1];
- cAdd.x2 <== -cm2e.out[0];
- cAdd.y2 <== cm2e.out[1];
-
- cAdd.xout ==> out[0];
- cAdd.yout ==> out[1];
-
- windows[nWindows-1].out8[0] ==> dbl[0];
- windows[nWindows-1].out8[1] ==> dbl[1];
-}
-
-
-/*
-This component multiplies a escalar times a fixed point BASE (twisted edwards format)
- Signals
- e: The escalar in binary format
- out: The output point in twisted edwards
- */
-template EscalarMulFix(n, BASE) {
- signal input e[n]; // Input in binary format
- signal output out[2]; // Point (Twisted format)
-
- var nsegments = (n-1)\246 +1; // 249 probably would work. But I'm not sure and for security I keep 246
- var nlastsegment = n - (nsegments-1)*249;
-
- component segments[nsegments];
-
- component m2e[nsegments-1];
- component adders[nsegments-1];
-
- var s;
- var i;
- var nseg;
- var nWindows;
-
- for (s=0; s<nsegments; s++) {
-
- nseg = (s < nsegments-1) ? 249 : nlastsegment;
- nWindows = ((nseg - 1)\3)+1;
-
- segments[s] = SegmentMulFix(nWindows);
-
- for (i=0; i<nseg; i++) {
- segments[s].e[i] <== e[s*249+i];
- }
-
- for (i = nseg; i<nWindows*3; i++) {
- segments[s].e[i] <== 0;
- }
-
- if (s==0) {
- segments[s].base[0] <== BASE[0];
- segments[s].base[1] <== BASE[1];
- } else {
- m2e[s-1] = Montgomery2Edwards();
- adders[s-1] = BabyAdd();
-
- segments[s-1].dbl[0] ==> m2e[s-1].in[0];
- segments[s-1].dbl[1] ==> m2e[s-1].in[1];
-
- m2e[s-1].out[0] ==> segments[s].base[0];
- m2e[s-1].out[1] ==> segments[s].base[1];
-
- if (s==1) {
- segments[s-1].out[0] ==> adders[s-1].x1;
- segments[s-1].out[1] ==> adders[s-1].y1;
- } else {
- adders[s-2].xout ==> adders[s-1].x1;
- adders[s-2].yout ==> adders[s-1].y1;
- }
- segments[s].out[0] ==> adders[s-1].x2;
- segments[s].out[1] ==> adders[s-1].y2;
- }
- }
-
- if (nsegments == 1) {
- segments[0].out[0] ==> out[0];
- segments[0].out[1] ==> out[1];
- } else {
- adders[nsegments-2].xout ==> out[0];
- adders[nsegments-2].yout ==> out[1];
- }
-}
diff --git a/circuits/crypto_templates/hash_functions/mimc/mimc7/mimc_test.circom b/circuits/crypto_templates/hash_functions/mimc/mimc7/mimc_test.circom
deleted file mode 100644
index 26b0b017..00000000
--- a/circuits/crypto_templates/hash_functions/mimc/mimc7/mimc_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/mimc.circom"
-
-component main = MiMC7(91);
diff --git a/circuits/crypto_templates/hash_functions/mimc/mimc7/mimccircuit.test.js b/circuits/crypto_templates/hash_functions/mimc/mimc7/mimccircuit.test.js
deleted file mode 100644
index 5601811b..00000000
--- a/circuits/crypto_templates/hash_functions/mimc/mimc7/mimccircuit.test.js
+++ /dev/null
@@ -1,25 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const tester = require("circom").tester;
-
-const mimcjs = require("../src/mimc7.js");
-
-describe("MiMC Circuit test", function () {
- let circuit;
-
- this.timeout(100000);
-
- before( async () => {
- circuit = await tester(path.join(__dirname, "circuits", "mimc_test.circom"));
- });
-
- it("Should check constrain", async () => {
- const w = await circuit.calculateWitness({x_in: 1, k: 2}, true);
-
- const res2 = mimcjs.hash(1,2,91);
-
- await circuit.assertOut(w, {out: res2});
-
- await circuit.checkConstraints(w);
- });
-});
diff --git a/circuits/crypto_templates/hash_functions/mimc/mimc7/mimccontract.test.js b/circuits/crypto_templates/hash_functions/mimc/mimc7/mimccontract.test.js
deleted file mode 100644
index 9c135d5b..00000000
--- a/circuits/crypto_templates/hash_functions/mimc/mimc7/mimccontract.test.js
+++ /dev/null
@@ -1,48 +0,0 @@
-const ganache = require("ganache-cli");
-const Web3 = require("web3");
-const chai = require("chai");
-const mimcGenContract = require("../src/mimc_gencontract.js");
-const mimcjs = require("../src/mimc7.js");
-
-
-const assert = chai.assert;
-const log = (msg) => { if (process.env.MOCHA_VERBOSE) console.log(msg); };
-
-const SEED = "mimc";
-
-describe("MiMC Smart contract test", function () {
- let testrpc;
- let web3;
- let mimc;
- let accounts;
-
- this.timeout(100000);
-
- before(async () => {
- web3 = new Web3(ganache.provider(), null, { transactionConfirmationBlocks: 1 });
- accounts = await web3.eth.getAccounts();
- });
-
- it("Should deploy the contract", async () => {
- const C = new web3.eth.Contract(mimcGenContract.abi);
-
- mimc = await C.deploy({
- data: mimcGenContract.createCode(SEED, 91),
- arguments: []
- }).send({
- gas: 1500000,
- gasPrice: '30000000000000',
- from: accounts[0]
- }).on("error", (error) => {
- console.log("ERROR: "+error);
- });
- });
-
- it("Shold calculate the mimic correctly", async () => {
- const res = await mimc.methods.MiMCpe7(1,2).call();
- const res2 = await mimcjs.hash(1,2,91);
-
- assert.equal(res.toString(), res2.toString());
- });
-});
-
diff --git a/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimc_sponge_hash_test.circom b/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimc_sponge_hash_test.circom
deleted file mode 100644
index f6be5026..00000000
--- a/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimc_sponge_hash_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/mimcsponge.circom"
-
-component main = MiMCSponge(2, 220, 3);
diff --git a/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimc_sponge_test.circom b/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimc_sponge_test.circom
deleted file mode 100644
index 92e9df28..00000000
--- a/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimc_sponge_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/mimcsponge.circom"
-
-component main = MiMCFeistel(220);
diff --git a/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcspongecircuit.test.js b/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcspongecircuit.test.js
deleted file mode 100644
index 32055340..00000000
--- a/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcspongecircuit.test.js
+++ /dev/null
@@ -1,37 +0,0 @@
-const path = require("path");
-const tester = require("circom").tester;
-
-const mimcjs = require("../src/mimcsponge.js");
-
-
-describe("MiMC Sponge Circuit test", function () {
- let circuit;
-
- this.timeout(100000);
-
- it("Should check permutation", async () => {
-
- circuit = await tester(path.join(__dirname, "circuits", "mimc_sponge_test.circom"));
-
- const w = await circuit.calculateWitness({xL_in: 1, xR_in: 2, k: 3});
-
- const out2 = mimcjs.hash(1,2,3);
-
- await circuit.assertOut(w, {xL_out: out2.xL, xR_out: out2.xR});
-
- await circuit.checkConstraints(w);
-
- });
-
- it("Should check hash", async () => {
- circuit = await tester(path.join(__dirname, "circuits", "mimc_sponge_hash_test.circom"));
-
- const w = await circuit.calculateWitness({ins: [1, 2], k: 0});
-
- const out2 = mimcjs.multiHash([1,2], 0, 3);
-
- await circuit.assertOut(w, {outs: out2});
-
- await circuit.checkConstraints(w);
- });
-});
diff --git a/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcspongecontract.test.js b/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcspongecontract.test.js
deleted file mode 100644
index a2e7394c..00000000
--- a/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcspongecontract.test.js
+++ /dev/null
@@ -1,43 +0,0 @@
-const ganache = require("ganache-cli");
-const Web3 = require("web3");
-const chai = require("chai");
-const mimcGenContract = require("../src/mimcsponge_gencontract.js");
-const mimcjs = require("../src/mimcsponge.js");
-
-
-const assert = chai.assert;
-const log = (msg) => { if (process.env.MOCHA_VERBOSE) console.log(msg); };
-
-const SEED = "mimcsponge";
-
-describe("MiMC Sponge Smart contract test", () => {
- let testrpc;
- let web3;
- let mimc;
- let accounts;
-
- before(async () => {
- web3 = new Web3(ganache.provider(), null, { transactionConfirmationBlocks: 1 });
- accounts = await web3.eth.getAccounts();
- });
-
- it("Should deploy the contract", async () => {
- const C = new web3.eth.Contract(mimcGenContract.abi);
-
- mimc = await C.deploy({
- data: mimcGenContract.createCode(SEED, 220)
- }).send({
- gas: 3500000,
- from: accounts[0]
- });
- });
-
- it("Shold calculate the mimc correctly", async () => {
- const res = await mimc.methods.MiMCSponge(1,2,3).call();
- const res2 = await mimcjs.hash(1,2,3);
-
- assert.equal(res.xL.toString(), res2.xL.toString());
- assert.equal(res.xR.toString(), res2.xR.toString());
- });
-});
-
diff --git a/circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old.test.js b/circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old.test.js
deleted file mode 100644
index 5de92769..00000000
--- a/circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old.test.js
+++ /dev/null
@@ -1,77 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-const babyJub = require("../src/babyjub.js");
-
-const PBASE =
- [
- [bigInt("10457101036533406547632367118273992217979173478358440826365724437999023779287"),bigInt("19824078218392094440610104313265183977899662750282163392862422243483260492317")],
- [bigInt("2671756056509184035029146175565761955751135805354291559563293617232983272177"),bigInt("2663205510731142763556352975002641716101654201788071096152948830924149045094")],
- [bigInt("5802099305472655231388284418920769829666717045250560929368476121199858275951"),bigInt("5980429700218124965372158798884772646841287887664001482443826541541529227896")],
- [bigInt("7107336197374528537877327281242680114152313102022415488494307685842428166594"),bigInt("2857869773864086953506483169737724679646433914307247183624878062391496185654")],
- [bigInt("20265828622013100949498132415626198973119240347465898028410217039057588424236"),bigInt("1160461593266035632937973507065134938065359936056410650153315956301179689506")]
- ];
-
-describe("Double Pedersen test", function() {
- let circuit;
- this.timeout(100000);
- before( async() => {
-
- circuit = await tester(path.join(__dirname, "circuits", "pedersen_test.circom"));
-
- });
- it("Should pedersen at zero", async () => {
-
- let w;
-
- w = await circuit.calculateWitness({ in: ["0", "0"]}, true);
-
- await circuit.assertOut(w, {out: [0,1]});
-
- });
- it("Should pedersen at one first generator", async () => {
- let w;
-
- w = await circuit.calculateWitness({ in: ["1", "0"]}, true);
-
- await circuit.assertOut(w, {out: PBASE[0]});
-
- });
- it("Should pedersen at one second generator", async () => {
- let w;
-
- w = await circuit.calculateWitness({ in: ["0", "1"]}, true);
-
- await circuit.assertOut(w, {out: PBASE[1]});
-
- });
- it("Should pedersen at mixed generators", async () => {
- let w;
- w = await circuit.calculateWitness({ in: ["3", "7"]}, true);
-
- const r = babyJub.addPoint(
- babyJub.mulPointEscalar(PBASE[0], 3),
- babyJub.mulPointEscalar(PBASE[1], 7)
- );
-
- await circuit.assertOut(w, {out: r});
-
- });
- it("Should pedersen all ones", async () => {
- let w;
-
- const allOnes = bigInt("1").shiftLeft(250).minus(bigInt("1"));
- w = await circuit.calculateWitness({ in: [allOnes, allOnes]}, true);
-
-
- const r2 = babyJub.addPoint(
- babyJub.mulPointEscalar(PBASE[0], allOnes),
- babyJub.mulPointEscalar(PBASE[1], allOnes)
- );
-
- await circuit.assertOut(w, {out: r2});
- });
-});
diff --git a/circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old_test.circom b/circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old_test.circom
deleted file mode 100644
index accd484d..00000000
--- a/circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old_test.circom
+++ /dev/null
@@ -1,29 +0,0 @@
-include "../../circuits/pedersen_old.circom";
-include "../../circuits/bitify.circom";
-
-
-template Main() {
- signal input in[2];
- signal output out[2];
-
- component pedersen = Pedersen(250*2);
-
- component n2b[2];
- n2b[0] = Num2Bits(250);
- n2b[1] = Num2Bits(250);
-
- var i;
-
- in[0] ==> n2b[0].in;
- in[1] ==> n2b[1].in;
-
- for (i=0; i<250; i++) {
- n2b[0].out[i] ==> pedersen.in[i];
- n2b[1].out[i] ==> pedersen.in[250+i];
- }
-
- pedersen.out[0] ==> out[0];
- pedersen.out[1] ==> out[1];
-}
-
-component main = Main();
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.test.js b/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.test.js
deleted file mode 100644
index 78ffc58f..00000000
--- a/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.test.js
+++ /dev/null
@@ -1,48 +0,0 @@
-const path = require("path");
-
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-const babyJub = require("../../../../src/babyjub.js");
-const pedersen = require("../../../../src/pedersenHash.js");
-
-
-describe("Pedersen test", function() {
- let circuit;
- this.timeout(100000);
- before( async() => {
-
- circuit = await tester(path.join(__dirname, "pedersen_test.circom"));
- });
- it("Should pedersen at zero", async () => {
-
- let w;
-
- w = await circuit.calculateWitness({ in: 0}, true);
- const b = Buffer.alloc(32);
-
- const h = pedersen.hash(b);
- const hP = babyJub.unpackPoint(h);
-
- await circuit.assertOut(w, {out: hP});
-
- });
- it("Should pedersen with 253 ones", async () => {
-
- let w;
-
- const n = bigInt.one.shiftLeft(253).minus(bigInt.one);
-
- w = await circuit.calculateWitness({ in: n}, true);
-
- const b = Buffer.alloc(32);
- for (let i=0; i<31; i++) b[i] = 0xFF;
- b[31] = 0x1F;
-
- const h = pedersen.hash(b);
- const hP = babyJub.unpackPoint(h);
-
- await circuit.assertOut(w, {out: hP});
-
- });
-});
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3_test.circom b/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3_test.circom
deleted file mode 100644
index e23c7d43..00000000
--- a/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3_test.circom
+++ /dev/null
@@ -1,34 +0,0 @@
-// include "../circuits/crypto_templates/hash_functions/pedersen_w4/pedersen.circom";
-// include "../circuits/basic_templates/bitify/num2bits/num2bits.circom";
-
-include "pedersen_w4_.circom";
-include "../../../basic_templates/bitify/num2bits/num2bits.circom";
-
-template Main() {
- signal input in;
- signal output out[2];
-
- component pedersen = Pedersen(256);
-
- component n2b;
- n2b = Num2Bits(253);
-
- var i;
-
- in ==> n2b.in;
-
- for (i=0; i<253; i++) {
- pedersen.in[i] <== n2b.out[i];
- }
-
- for (i=253; i<256; i++) {
- pedersen.in[i] <== 0;
- }
-
- pedersen.out[0] ==> out[0];
- pedersen.out[1] ==> out[1];
-}
-
-component main = Main();
-
-
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.circom b/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.circom
index 66539cc4..8f73ee5a 100644
--- a/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.circom
+++ b/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../../elliptic_curves/baby_jubjub/edwards/babyadd/babyadd.circom"
+include "../../baby_jubjub/edwards/babyadd/babyadd.circom"
include "segment/segment.circom";
include "window4/window4.circom";
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.test.js b/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.test.js
index 78ffc58f..5b3bba06 100644
--- a/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.test.js
+++ b/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.test.js
@@ -6,13 +6,12 @@ const tester = require("circom").tester;
const babyJub = require("../../../../src/babyjub.js");
const pedersen = require("../../../../src/pedersenHash.js");
-
describe("Pedersen test", function() {
let circuit;
this.timeout(100000);
before( async() => {
- circuit = await tester(path.join(__dirname, "pedersen_test.circom"));
+ circuit = await tester(path.join(__dirname, "pedersen_w4_test.circom"));
});
it("Should pedersen at zero", async () => {
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4_test.circom b/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4_test.circom
index e23c7d43..5026631a 100644
--- a/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4_test.circom
+++ b/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4_test.circom
@@ -1,7 +1,7 @@
// include "../circuits/crypto_templates/hash_functions/pedersen_w4/pedersen.circom";
// include "../circuits/basic_templates/bitify/num2bits/num2bits.circom";
-include "pedersen_w4_.circom";
+include "pedersen_w4.circom";
include "../../../basic_templates/bitify/num2bits/num2bits.circom";
template Main() {
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/segment/segment.circom b/circuits/crypto_templates/hash_functions/pedersen_w4/segment/segment.circom
index ff7ae508..682cd686 100644
--- a/circuits/crypto_templates/hash_functions/pedersen_w4/segment/segment.circom
+++ b/circuits/crypto_templates/hash_functions/pedersen_w4/segment/segment.circom
@@ -17,9 +17,9 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../../../elliptic_curves/baby_jubjub/montgomery2edwards/montgomery2edwards.circom"
-include "../../../elliptic_curves/baby_jubjub/edwards2montgomery/edwards2montgomery.circom"
-include "../../../elliptic_curves/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom"
+include "../../../baby_jubjub/montgomery2edwards/montgomery2edwards.circom"
+include "../../../baby_jubjub/edwards2montgomery/edwards2montgomery.circom"
+include "../../../baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom"
include "../window4/window4.circom";
template Segment(nWindows) {
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/window4/window4.circom b/circuits/crypto_templates/hash_functions/pedersen_w4/window4/window4.circom
index 880b7a6a..338106ad 100644
--- a/circuits/crypto_templates/hash_functions/pedersen_w4/window4/window4.circom
+++ b/circuits/crypto_templates/hash_functions/pedersen_w4/window4/window4.circom
@@ -17,8 +17,8 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../../../elliptic_curves/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom"
-include "../../../elliptic_curves/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom"
+include "../../../baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom"
+include "../../../baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom"
include "../../../../basic_templates/mux/multimux3/multimux3.circom";
diff --git a/circuits/crypto_templates/hash_functions/poseidon/poseidon3_test.circom b/circuits/crypto_templates/hash_functions/poseidon/poseidon3_test.circom
deleted file mode 100644
index 03d69d45..00000000
--- a/circuits/crypto_templates/hash_functions/poseidon/poseidon3_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/poseidon.circom"
-
-component main = Poseidon(2, 3, 8, 57);
diff --git a/circuits/crypto_templates/hash_functions/poseidon/poseidon6_test.circom b/circuits/crypto_templates/hash_functions/poseidon/poseidon6_test.circom
deleted file mode 100644
index 526bef12..00000000
--- a/circuits/crypto_templates/hash_functions/poseidon/poseidon6_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/poseidon.circom"
-
-component main = Poseidon(2, 6, 8, 57);
diff --git a/circuits/crypto_templates/hash_functions/poseidon/poseidoncircuit.test.js b/circuits/crypto_templates/hash_functions/poseidon/poseidoncircuit.test.js
deleted file mode 100644
index d5e2a9f0..00000000
--- a/circuits/crypto_templates/hash_functions/poseidon/poseidoncircuit.test.js
+++ /dev/null
@@ -1,76 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-var blake2b = require("blake2b");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-const poseidon = require("../src/poseidon.js");
-
-const assert = chai.assert;
-
-describe("Blake2b version test", function() {
- it("Should give the expected output for blake2b version", async () => {
- var output = new Uint8Array(32);
- var input = Buffer.from("poseidon_constants");
- const h = blake2b(output.length).update(input).digest("hex");
- assert.equal("e57ba154fb2c47811dc1a2369b27e25a44915b4e4ece4eb8ec74850cb78e01b1", h);
- });
-});
-
-describe("Poseidon Circuit test", function () {
- let circuit6;
- let circuit3;
-
- this.timeout(100000);
-
- before( async () => {
- circuit6 = await tester(path.join(__dirname, "circuits", "poseidon6_test.circom"));
- circuit3 = await tester(path.join(__dirname, "circuits", "poseidon3_test.circom"));
- });
-
- it("Should check constrain of hash([1, 2]) t=6", async () => {
- const w = await circuit6.calculateWitness({inputs: [1, 2]}, true);
-
- const hash = poseidon.createHash(6, 8, 57);
-
- const res2 = hash([1,2]);
- assert.equal("12242166908188651009877250812424843524687801523336557272219921456462821518061", res2.toString());
- await circuit6.assertOut(w, {out : res2});
- await circuit6.checkConstraints(w);
- });
-
- it("Should check constrain of hash([3, 4]) t=6", async () => {
- const w = await circuit6.calculateWitness({inputs: [3, 4]});
-
- const hash = poseidon.createHash(6, 8, 57);
-
- const res2 = hash([3, 4]);
-
- assert.equal("17185195740979599334254027721507328033796809509313949281114643312710535000993", res2.toString());
- await circuit6.assertOut(w, {out : res2});
- await circuit6.checkConstraints(w);
- });
-
-
- it("Should check constrain of hash([1, 2]) t=3", async () => {
- const w = await circuit3.calculateWitness({inputs: [1, 2]});
-
- const hash = poseidon.createHash(3, 8, 57);
-
- const res2 = hash([1,2]);
- assert.equal("2104035019328376391822106787753454168168617545136592089411833517434990977743", res2.toString());
- await circuit3.assertOut(w, {out : res2});
- await circuit3.checkConstraints(w);
- });
-
- it("Should check constrain of hash([3, 4]) t=3", async () => {
- const w = await circuit3.calculateWitness({inputs: [3, 4]});
-
- const hash = poseidon.createHash(3, 8, 57);
-
- const res2 = hash([3, 4]);
- assert.equal("12456141564250880945411182508630957604732712316993112736876413121277158512223", res2.toString());
- await circuit3.assertOut(w, {out : res2});
- await circuit3.checkConstraints(w);
- });
-});
diff --git a/circuits/crypto_templates/hash_functions/poseidon/poseidoncontract.test.js b/circuits/crypto_templates/hash_functions/poseidon/poseidoncontract.test.js
deleted file mode 100644
index caad1cad..00000000
--- a/circuits/crypto_templates/hash_functions/poseidon/poseidoncontract.test.js
+++ /dev/null
@@ -1,69 +0,0 @@
-const ganache = require("ganache-cli");
-const Web3 = require("web3");
-const chai = require("chai");
-const poseidonGenContract = require("../src/poseidon_gencontract.js");
-const Poseidon = require("../src/poseidon.js");
-const bigInt = require("snarkjs").bigInt;
-
-const assert = chai.assert;
-const log = (msg) => { if (process.env.MOCHA_VERBOSE) console.log(msg); };
-
-describe("Poseidon Smart contract test", function () {
- let testrpc;
- let web3;
- let poseidon6;
- let poseidon3;
- let accounts;
- this.timeout(100000);
-
- before(async () => {
- web3 = new Web3(ganache.provider(), null, { transactionConfirmationBlocks: 1 });
- accounts = await web3.eth.getAccounts();
- });
-
- it("Should deploy the contract", async () => {
- const C = new web3.eth.Contract(poseidonGenContract.abi);
-
- poseidon6 = await C.deploy({
- data: poseidonGenContract.createCode(6)
- }).send({
- gas: 2500000,
- from: accounts[0]
- });
- poseidon3 = await C.deploy({
- data: poseidonGenContract.createCode(3)
- }).send({
- gas: 2500000,
- from: accounts[0]
- });
- });
-
- it("Shold calculate the poseidon correctly t=6", async () => {
-
- const res = await poseidon6.methods.poseidon([1,2]).call();
-
- // console.log("Cir: " + bigInt(res.toString(16)).toString(16));
-
- const hash = Poseidon.createHash(6, 8, 57);
-
- const res2 = hash([1,2]);
- // console.log("Ref: " + bigInt(res2).toString(16));
-
- assert.equal(res.toString(), res2.toString());
- });
- it("Shold calculate the poseidon correctly t=3", async () => {
-
- const res = await poseidon3.methods.poseidon([1,2]).call();
-
- // console.log("Cir: " + bigInt(res.toString(16)).toString(16));
-
- const hash = Poseidon.createHash(3, 8, 57);
-
- const res2 = hash([1,2]);
- // console.log("Ref: " + bigInt(res2).toString(16));
-
- assert.equal(res.toString(), res2.toString());
- });
-
-});
-
diff --git a/circuits/crypto_templates/hash_functions/sha256/constants/constants.test.js b/circuits/crypto_templates/hash_functions/sha256/constants/constants.test.js
deleted file mode 100644
index 26af949e..00000000
--- a/circuits/crypto_templates/hash_functions/sha256/constants/constants.test.js
+++ /dev/null
@@ -1,26 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const tester = require("circom").tester;
-
-const bigInt = require("big-integer");
-
-const assert = chai.assert;
-
-describe("Constants test", function () {
-
- this.timeout(100000000);
-
- it("Should create a constant circuit", async () => {
- const circuit = await tester(path.join(__dirname, "constants_test.circom"));
- await circuit.loadConstraints();
-
- assert.equal(circuit.nVars, 2);
- assert.equal(circuit.constraints.length, 1);
-
- const witness = await circuit.calculateWitness({ "in": bigInt("d807aa98", 16)}, true);
-
- assert(witness[0].equals(bigInt(1)));
- assert(witness[1].equals(bigInt("d807aa98", 16)));
- });
-});
diff --git a/circuits/crypto_templates/hash_functions/sha256/constants/constants_test.circom b/circuits/crypto_templates/hash_functions/sha256/constants/constants_test.circom
deleted file mode 100644
index 04abe188..00000000
--- a/circuits/crypto_templates/hash_functions/sha256/constants/constants_test.circom
+++ /dev/null
@@ -1,18 +0,0 @@
-include "constants.circom"
-
-template A() {
- signal input in;
- component h0;
- h0 = K(8);
-
- var lc = 0;
- var e = 1;
- for (var i=0; i<32; i++) {
- lc = lc + e*h0.out[i];
- e *= 2;
- }
-
- lc === in;
-}
-
-component main = A();
diff --git a/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa.test.js b/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa.test.js
deleted file mode 100644
index 7d2e02f3..00000000
--- a/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa.test.js
+++ /dev/null
@@ -1,67 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const tester = require("circom").tester;
-const bigInt = require("big-integer");
-
-const eddsa = require("../src/eddsa.js");
-const babyJub = require("../src/babyjub.js");
-
-const assert = chai.assert;
-
-function print(circuit, w, s) {
- console.log(s + ": " + w[circuit.getSignalIdx(s)]);
-}
-
-function buffer2bits(buff) {
- const res = [];
- for (let i=0; i<buff.length; i++) {
- for (let j=0; j<8; j++) {
- if ((buff[i]>>j)&1) {
- res.push(bigInt.one);
- } else {
- res.push(bigInt.zero);
- }
- }
- }
- return res;
-}
-
-
-describe("EdDSA test", function () {
- let circuit;
-
- this.timeout(100000);
-
- before( async () => {
- circuit = await tester(path.join(__dirname, "circuits", "eddsa_test.circom"));
- });
-
- it("Sign a single 10 bytes from 0 to 9", async () => {
- const msg = Buffer.from("00010203040506070809", "hex");
-
-// const prvKey = crypto.randomBytes(32);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
- const pPubKey = babyJub.packPoint(pubKey);
-
- const signature = eddsa.sign(prvKey, msg);
-
- const pSignature = eddsa.packSignature(signature);
- const uSignature = eddsa.unpackSignature(pSignature);
-
- assert(eddsa.verify(msg, uSignature, pubKey));
-
- const msgBits = buffer2bits(msg);
- const r8Bits = buffer2bits(pSignature.slice(0, 32));
- const sBits = buffer2bits(pSignature.slice(32, 64));
- const aBits = buffer2bits(pPubKey);
-
- const w = await circuit.calculateWitness({A: aBits, R8: r8Bits, S: sBits, msg: msgBits}, true);
-
- await circuit.checkConstraints(w);
- });
-});
diff --git a/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa_js.test.js b/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa_js.test.js
deleted file mode 100644
index 11996264..00000000
--- a/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa_js.test.js
+++ /dev/null
@@ -1,82 +0,0 @@
-const chai = require("chai");
-
-const eddsa = require("../src/eddsa.js");
-const babyJub = require("../src/babyjub.js");
-
-const assert = chai.assert;
-
-const bigInt = require("big-integer");
-const utils = require("../src/utils.js");
-
-describe("EdDSA js test", function () {
-
- this.timeout(100000);
-
- it("Sign (using Mimc7) a single 10 bytes from 0 to 9", () => {
- const msgBuf = Buffer.from("00010203040506070809", "hex");
- const msg = utils.leBuff2int(msgBuf);
-
- // const prvKey = crypto.randomBytes(32);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
- assert.equal(pubKey[0].toString(),
- "13277427435165878497778222415993513565335242147425444199013288855685581939618");
- assert.equal(pubKey[1].toString(),
- "13622229784656158136036771217484571176836296686641868549125388198837476602820");
-
- const pPubKey = babyJub.packPoint(pubKey);
-
- const signature = eddsa.signMiMC(prvKey, msg);
- assert.equal(signature.R8[0].toString(),
- "11384336176656855268977457483345535180380036354188103142384839473266348197733");
- assert.equal(signature.R8[1].toString(),
- "15383486972088797283337779941324724402501462225528836549661220478783371668959");
- assert.equal(signature.S.toString(),
- "2523202440825208709475937830811065542425109372212752003460238913256192595070");
-
- const pSignature = eddsa.packSignature(signature);
- assert.equal(pSignature.toString("hex"), ""+
- "dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
- "7ed40dab29bf993c928e789d007387998901a24913d44fddb64b1f21fc149405");
-
- const uSignature = eddsa.unpackSignature(pSignature);
- assert(eddsa.verifyMiMC(msg, uSignature, pubKey));
-
- });
-
- it("Sign (using Poseidon) a single 10 bytes from 0 to 9", () => {
- const msgBuf = Buffer.from("00010203040506070809", "hex");
- const msg = utils.leBuff2int(msgBuf);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
- assert.equal(pubKey[0].toString(),
- "13277427435165878497778222415993513565335242147425444199013288855685581939618");
- assert.equal(pubKey[1].toString(),
- "13622229784656158136036771217484571176836296686641868549125388198837476602820");
-
- const pPubKey = babyJub.packPoint(pubKey);
-
- const signature = eddsa.signPoseidon(prvKey, msg);
- assert.equal(signature.R8[0].toString(),
- "11384336176656855268977457483345535180380036354188103142384839473266348197733");
- assert.equal(signature.R8[1].toString(),
- "15383486972088797283337779941324724402501462225528836549661220478783371668959");
- assert.equal(signature.S.toString(),
- "248298168863866362217836334079793350221620631973732197668910946177382043688");
-
- const pSignature = eddsa.packSignature(signature);
- assert.equal(pSignature.toString("hex"), ""+
- "dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
- "28506bce274aa1b3f7e7c2fd7e4fe09bff8f9aa37a42def7994e98f322888c00");
-
- const uSignature = eddsa.unpackSignature(pSignature);
- assert(eddsa.verifyPoseidon(msg, uSignature, pubKey));
-
- });
-});
diff --git a/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa_test.circom b/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa_test.circom
deleted file mode 100644
index 1ef054ec..00000000
--- a/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/eddsa.circom";
-
-component main = EdDSAVerifier(80);
diff --git a/circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc.test.js b/circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc.test.js
deleted file mode 100644
index 6e14fd6c..00000000
--- a/circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc.test.js
+++ /dev/null
@@ -1,96 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const tester = require("circom").tester;
-const bigInt = require("big-integer");
-
-const eddsa = require("../src/eddsa.js");
-
-const assert = chai.assert;
-
-describe("EdDSA MiMC test", function () {
- let circuit;
-
- this.timeout(100000);
-
- before( async () => {
-
- circuit = await tester(path.join(__dirname, "circuits", "eddsamimc_test.circom"));
- });
-
- it("Sign a single number", async () => {
- const msg = bigInt(1234);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
- const signature = eddsa.signMiMC(prvKey, msg);
-
- assert(eddsa.verifyMiMC(msg, signature, pubKey));
-
- const w = await circuit.calculateWitness({
- enabled: 1,
- Ax: pubKey[0],
- Ay: pubKey[1],
- R8x: signature.R8[0],
- R8y: signature.R8[1],
- S: signature.S,
- M: msg}, true);
-
-
- await circuit.checkConstraints(w);
-
- });
-
- it("Detect Invalid signature", async () => {
- const msg = bigInt(1234);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
-
- const signature = eddsa.signMiMC(prvKey, msg);
-
- assert(eddsa.verifyMiMC(msg, signature, pubKey));
- try {
- const w = await circuit.calculateWitness({
- enabled: 1,
- Ax: pubKey[0],
- Ay: pubKey[1],
- R8x: signature.R8[0].add(bigInt(1)),
- R8y: signature.R8[1],
- S: signature.S,
- M: msg}, true);
- assert(false);
- } catch(err) {
- assert(/Constraint\sdoesn't\smatch(.*)1\s!=\s0/.test(err.message) );
- }
- });
-
-
- it("Test a dissabled circuit with a bad signature", async () => {
- const msg = bigInt(1234);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
-
- const signature = eddsa.signMiMC(prvKey, msg);
-
- assert(eddsa.verifyMiMC(msg, signature, pubKey));
-
- const w = await circuit.calculateWitness({
- enabled: 0,
- Ax: pubKey[0],
- Ay: pubKey[1],
- R8x: signature.R8[0].add(bigInt(1)),
- R8y: signature.R8[1],
- S: signature.S,
- M: msg}, true);
-
- await circuit.checkConstraints(w);
-
- });
-});
diff --git a/circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc_test.circom b/circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc_test.circom
deleted file mode 100644
index 8ad48e63..00000000
--- a/circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/eddsamimc.circom";
-
-component main = EdDSAMiMCVerifier();
diff --git a/circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon.test.js b/circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon.test.js
deleted file mode 100644
index 31fad9c8..00000000
--- a/circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon.test.js
+++ /dev/null
@@ -1,99 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-const eddsa = require("../src/eddsa.js");
-
-const assert = chai.assert;
-
-describe("EdDSA Poseidon test", function () {
- let circuit;
-
- this.timeout(100000);
-
- before( async () => {
-
- circuit = await tester(path.join(__dirname, "circuits", "eddsaposeidon_test.circom"));
-
- });
-
- it("Sign a single number", async () => {
- const msg = bigInt(1234);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
- const signature = eddsa.signPoseidon(prvKey, msg);
-
- assert(eddsa.verifyPoseidon(msg, signature, pubKey));
-
- const input = {
- enabled: 1,
- Ax: pubKey[0],
- Ay: pubKey[1],
- R8x: signature.R8[0],
- R8y: signature.R8[1],
- S: signature.S,
- M: msg
- };
-
- // console.log(JSON.stringify(utils.stringifyBigInts(input)));
-
- const w = await circuit.calculateWitness(input, true);
-
- await circuit.checkConstraints(w);
- });
-
- it("Detect Invalid signature", async () => {
- const msg = bigInt(1234);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
-
- const signature = eddsa.signPoseidon(prvKey, msg);
-
- assert(eddsa.verifyPoseidon(msg, signature, pubKey));
- try {
- await circuit.calculateWitness({
- enabled: 1,
- Ax: pubKey[0],
- Ay: pubKey[1],
- R8x: signature.R8[0].add(bigInt(1)),
- R8y: signature.R8[1],
- S: signature.S,
- M: msg}, true);
- assert(false);
- } catch(err) {
- assert(/Constraint\sdoesn't\smatch(.*)1\s!=\s0/.test(err.message) );
- }
- });
-
-
- it("Test a dissabled circuit with a bad signature", async () => {
- const msg = bigInt(1234);
-
- const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
-
- const pubKey = eddsa.prv2pub(prvKey);
-
-
- const signature = eddsa.signPoseidon(prvKey, msg);
-
- assert(eddsa.verifyPoseidon(msg, signature, pubKey));
-
- const w = await circuit.calculateWitness({
- enabled: 0,
- Ax: pubKey[0],
- Ay: pubKey[1],
- R8x: signature.R8[0].add(bigInt(1)),
- R8y: signature.R8[1],
- S: signature.S,
- M: msg}, true);
-
- await circuit.checkConstraints(w);
- });
-});
diff --git a/circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon_test.circom b/circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon_test.circom
deleted file mode 100644
index 98f96c7e..00000000
--- a/circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/eddsaposeidon.circom";
-
-component main = EdDSAPoseidonVerifier();
diff --git a/circuits/crypto_templates/smt/smtjs.test.js b/circuits/crypto_templates/smt/smtjs.test.js
deleted file mode 100644
index 732a3986..00000000
--- a/circuits/crypto_templates/smt/smtjs.test.js
+++ /dev/null
@@ -1,181 +0,0 @@
-const chai = require("chai");
-
-const bigInt = require("big-integer");
-
-const smt = require("../src/smt.js");
-
-const assert = chai.assert;
-
-
-function stringifyBigInts(o) {
- if ((typeof(o) == "bigint") || (o instanceof bigInt)) {
- return o.toString(10);
- } else if (Array.isArray(o)) {
- return o.map(stringifyBigInts);
- } else if (typeof o == "object") {
- const res = {};
- for (let k in o) {
- res[k] = stringifyBigInts(o[k]);
- }
- return res;
- } else {
- return o;
- }
-}
-
-describe("SMT Javascript test", function () {
- this.timeout(100000);
- before( async () => {
- });
-
- it("Should insert 2 elements and empty them", async () => {
- const tree = await smt.newMemEmptyTrie();
- const key1 = bigInt(111);
- const value1 = bigInt(222);
- const key2 = bigInt(333);
- const value2 = bigInt(444);
-
- await tree.insert(key1,value1);
- await tree.insert(key2,value2);
- await tree.delete(key2);
- await tree.delete(key1);
-
- assert(tree.root.isZero());
- });
-
- it("Should insert 3 elements in dferent order and should be the same", async () => {
- const keys = [bigInt(8), bigInt(9), bigInt(32)];
- const values = [bigInt(88), bigInt(99), bigInt(3232)];
- const tree1 = await smt.newMemEmptyTrie();
- const tree2 = await smt.newMemEmptyTrie();
- const tree3 = await smt.newMemEmptyTrie();
- const tree4 = await smt.newMemEmptyTrie();
- const tree5 = await smt.newMemEmptyTrie();
- const tree6 = await smt.newMemEmptyTrie();
-
- await tree1.insert(keys[0],values[0]);
- await tree1.insert(keys[1],values[1]);
- await tree1.insert(keys[2],values[2]);
-
- await tree2.insert(keys[0],values[0]);
- await tree2.insert(keys[2],values[2]);
- await tree2.insert(keys[1],values[1]);
-
- await tree3.insert(keys[1],values[1]);
- await tree3.insert(keys[0],values[0]);
- await tree3.insert(keys[2],values[2]);
-
- await tree4.insert(keys[1],values[1]);
- await tree4.insert(keys[2],values[2]);
- await tree4.insert(keys[0],values[0]);
-
- await tree5.insert(keys[2],values[2]);
- await tree5.insert(keys[0],values[0]);
- await tree5.insert(keys[1],values[1]);
-
- await tree6.insert(keys[2],values[2]);
- await tree6.insert(keys[1],values[1]);
- await tree6.insert(keys[0],values[0]);
-
- assert(tree1.root.equals(tree2.root));
- assert(tree2.root.equals(tree3.root));
- assert(tree3.root.equals(tree4.root));
- assert(tree4.root.equals(tree5.root));
- assert(tree5.root.equals(tree6.root));
-
- assert.equal(Object.keys(tree1.db.nodes).length, Object.keys(tree2.db.nodes).length);
- assert.equal(Object.keys(tree2.db.nodes).length, Object.keys(tree3.db.nodes).length);
- assert.equal(Object.keys(tree3.db.nodes).length, Object.keys(tree4.db.nodes).length);
- assert.equal(Object.keys(tree4.db.nodes).length, Object.keys(tree5.db.nodes).length);
- assert.equal(Object.keys(tree5.db.nodes).length, Object.keys(tree6.db.nodes).length);
-
- await tree1.delete(keys[0]);
- await tree1.delete(keys[1]);
- await tree2.delete(keys[1]);
- await tree2.delete(keys[0]);
- assert(tree1.root.equals(tree2.root));
-
- await tree3.delete(keys[0]);
- await tree3.delete(keys[2]);
- await tree4.delete(keys[2]);
- await tree4.delete(keys[0]);
- assert(tree3.root.equals(tree4.root));
-
- await tree5.delete(keys[1]);
- await tree5.delete(keys[2]);
- await tree6.delete(keys[2]);
- await tree6.delete(keys[1]);
- assert(tree5.root.equals(tree6.root));
-
- await tree1.delete(keys[2]);
- await tree2.delete(keys[2]);
- await tree3.delete(keys[1]);
- await tree4.delete(keys[1]);
- await tree5.delete(keys[0]);
- await tree6.delete(keys[0]);
-
- assert(tree1.root.isZero());
- assert(tree2.root.isZero());
- assert(tree3.root.isZero());
- assert(tree4.root.isZero());
- assert(tree5.root.isZero());
- assert(tree6.root.isZero());
-
- assert.equal(Object.keys(tree1.db.nodes).length, 0);
- assert.equal(Object.keys(tree2.db.nodes).length, 0);
- assert.equal(Object.keys(tree3.db.nodes).length, 0);
- assert.equal(Object.keys(tree4.db.nodes).length, 0);
- assert.equal(Object.keys(tree5.db.nodes).length, 0);
- assert.equal(Object.keys(tree6.db.nodes).length, 0);
- });
-
- it("Insert and remove 100 numbers randomly", async () => {
- function perm(a) {
- const arr = a.slice();
- const rArr = [];
- for (let i=0; i<arr.length; i++) {
- let rIdx = Math.floor(Math.random() * (arr.length - i));
- rArr.push(arr[rIdx]);
- arr[rIdx] = arr[arr.length - i - 1];
- }
- return rArr;
- }
- const tree = await smt.newMemEmptyTrie();
- const arr = [];
- const N = 100;
- for (let i=0; i<N; i++) {
- arr.push(bigInt(i));
- }
- const insArr = perm(arr);
- for (let i=0; i<N; i++) {
- await tree.insert(insArr[i], i);
- }
- const delArr = perm(insArr);
- for (let i=0; i<N; i++) {
- await tree.delete(delArr[i]);
- }
-
- assert(tree.root.isZero());
- assert.equal(Object.keys(tree.db.nodes).length, 0);
- });
-
- it("Should test update", async () => {
- const tree1 = await smt.newMemEmptyTrie();
- const tree2 = await smt.newMemEmptyTrie();
-
- await tree1.insert(8,88);
- await tree1.insert(9,99,);
- await tree1.insert(32,3232);
-
- await tree2.insert(8,888);
- await tree2.insert(9,999);
- await tree2.insert(32,323232);
-
- await tree1.update(8, 888);
- await tree1.update(9, 999);
- await tree1.update(32, 323232);
-
- assert(tree1.root.equals(tree2.root));
- });
-
-});
diff --git a/circuits/crypto_templates/smt/smtprocessor.test.js b/circuits/crypto_templates/smt/smtprocessor.test.js
deleted file mode 100644
index e2577071..00000000
--- a/circuits/crypto_templates/smt/smtprocessor.test.js
+++ /dev/null
@@ -1,208 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-const smt = require("../src/smt.js");
-
-const assert = chai.assert;
-
-function print(circuit, w, s) {
- console.log(s + ": " + w[circuit.getSignalIdx(s)]);
-}
-
-async function testInsert(tree, key, value, circuit ) {
-
- const res = await tree.insert(key,value);
- let siblings = res.siblings;
- while (siblings.length<10) siblings.push(bigInt(0));
-
- const w = await circuit.calculateWitness({
- fnc: [1,0],
- oldRoot: res.oldRoot,
- siblings: siblings,
- oldKey: res.isOld0 ? 0 : res.oldKey,
- oldValue: res.isOld0 ? 0 : res.oldValue,
- isOld0: res.isOld0 ? 1 : 0,
- newKey: key,
- newValue: value
- }, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {newRoot: res.newRoot});
-
-}
-
-async function testDelete(tree, key, circuit) {
- const res = await tree.delete(key);
- let siblings = res.siblings;
- while (siblings.length<10) siblings.push(bigInt(0));
-
- const w = await circuit.calculateWitness({
- fnc: [1,1],
- oldRoot: res.oldRoot,
- siblings: siblings,
- oldKey: res.isOld0 ? 0 : res.oldKey,
- oldValue: res.isOld0 ? 0 : res.oldValue,
- isOld0: res.isOld0 ? 1 : 0,
- newKey: res.delKey,
- newValue: res.delValue
- }, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {newRoot: res.newRoot});
-}
-
-async function testUpdate(tree, key, newValue, circuit) {
- const res = await tree.update(key, newValue);
- let siblings = res.siblings;
- while (siblings.length<10) siblings.push(bigInt(0));
-
- const w = await circuit.calculateWitness({
- fnc: [0,1],
- oldRoot: res.oldRoot,
- siblings: siblings,
- oldKey: res.oldKey,
- oldValue: res.oldValue,
- isOld0: 0,
- newKey: res.newKey,
- newValue: res.newValue
- });
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {newRoot: res.newRoot});
-}
-
-
-describe("SMT Processor test", function () {
- let circuit;
- let tree;
-
- this.timeout(10000000);
-
- before( async () => {
- circuit = await tester(path.join(__dirname, "circuits", "smtprocessor10_test.circom"));
- await circuit.loadSymbols();
-
- tree = await smt.newMemEmptyTrie();
- });
-
- it("Should verify an insert to an empty tree", async () => {
- const key = bigInt(111);
- const value = bigInt(222);
-
- await testInsert(tree, key, value, circuit);
- });
-
- it("It should add another element", async () => {
- const key = bigInt(333);
- const value = bigInt(444);
-
- await testInsert(tree, key, value, circuit);
- });
-
- it("Should remove an element", async () => {
- await testDelete(tree, 111, circuit);
- await testDelete(tree, 333, circuit);
- });
-
- it("Should test convination of adding and removing 3 elements", async () => {
- const keys = [bigInt(8), bigInt(9), bigInt(32)];
- const values = [bigInt(88), bigInt(99), bigInt(3232)];
- const tree1 = await smt.newMemEmptyTrie();
- const tree2 = await smt.newMemEmptyTrie();
- const tree3 = await smt.newMemEmptyTrie();
- const tree4 = await smt.newMemEmptyTrie();
- const tree5 = await smt.newMemEmptyTrie();
- const tree6 = await smt.newMemEmptyTrie();
-
- await testInsert(tree1,keys[0],values[0], circuit);
- await testInsert(tree1,keys[1],values[1], circuit);
- await testInsert(tree1,keys[2],values[2], circuit);
-
- await testInsert(tree2,keys[0],values[0], circuit);
- await testInsert(tree2,keys[2],values[2], circuit);
- await testInsert(tree2,keys[1],values[1], circuit);
-
- await testInsert(tree3,keys[1],values[1], circuit);
- await testInsert(tree3,keys[0],values[0], circuit);
- await testInsert(tree3,keys[2],values[2], circuit);
-
- await testInsert(tree4,keys[1],values[1], circuit);
- await testInsert(tree4,keys[2],values[2], circuit);
- await testInsert(tree4,keys[0],values[0], circuit);
-
- await testInsert(tree5,keys[2],values[2], circuit);
- await testInsert(tree5,keys[0],values[0], circuit);
- await testInsert(tree5,keys[1],values[1], circuit);
-
- await testInsert(tree6,keys[2],values[2], circuit);
- await testInsert(tree6,keys[1],values[1], circuit);
- await testInsert(tree6,keys[0],values[0], circuit);
-
-
- await testDelete(tree1, keys[0], circuit);
- await testDelete(tree1, keys[1], circuit);
- await testDelete(tree2, keys[1], circuit);
- await testDelete(tree2, keys[0], circuit);
-
- await testDelete(tree3, keys[0], circuit);
- await testDelete(tree3, keys[2], circuit);
- await testDelete(tree4, keys[2], circuit);
- await testDelete(tree4, keys[0], circuit);
-
-
- await testDelete(tree5, keys[1], circuit);
- await testDelete(tree5, keys[2], circuit);
- await testDelete(tree6, keys[2], circuit);
- await testDelete(tree6, keys[1], circuit);
-
- await testDelete(tree1, keys[2], circuit);
- await testDelete(tree2, keys[2], circuit);
- await testDelete(tree3, keys[1], circuit);
- await testDelete(tree4, keys[1], circuit);
- await testDelete(tree5, keys[0], circuit);
- await testDelete(tree6, keys[0], circuit);
- });
-
- it("Should match a NOp with random vals", async () => {
- let siblings = [];
- while (siblings.length<10) siblings.push(bigInt(88));
- const w = await circuit.calculateWitness({
- fnc: [0,0],
- oldRoot: 11,
- siblings: siblings,
- oldKey: 33,
- oldValue: 44,
- isOld0: 55,
- newKey: 66,
- newValue: 77
- });
-
- const root1 = w[circuit.symbols["main.oldRoot"].varIdx];
- const root2 = w[circuit.symbols["main.newRoot"].varIdx];
-
- await circuit.checkConstraints(w);
-
- assert(root1.equals(root2));
- });
- it("Should update an element", async () => {
- const tree1 = await smt.newMemEmptyTrie();
- const tree2 = await smt.newMemEmptyTrie();
-
- await testInsert(tree1,8,88, circuit);
- await testInsert(tree1,9,99, circuit);
- await testInsert(tree1,32,3232, circuit);
-
- await testInsert(tree2,8,888, circuit);
- await testInsert(tree2,9,999, circuit);
- await testInsert(tree2,32,323232, circuit);
-
- await testUpdate(tree1, 8, 888, circuit);
- await testUpdate(tree1, 9, 999, circuit);
- await testUpdate(tree1, 32, 323232, circuit);
- });
-});
diff --git a/circuits/crypto_templates/smt/smtprocessor10_test.circom b/circuits/crypto_templates/smt/smtprocessor10_test.circom
deleted file mode 100644
index ecf15d06..00000000
--- a/circuits/crypto_templates/smt/smtprocessor10_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/smt/smtprocessor.circom";
-
-component main = SMTProcessor(10);
diff --git a/circuits/crypto_templates/smt/smtverifier.test.js b/circuits/crypto_templates/smt/smtverifier.test.js
deleted file mode 100644
index f5992ade..00000000
--- a/circuits/crypto_templates/smt/smtverifier.test.js
+++ /dev/null
@@ -1,136 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-const smt = require("../src/smt.js");
-
-const assert = chai.assert;
-
-function print(circuit, w, s) {
- console.log(s + ": " + w[circuit.getSignalIdx(s)]);
-}
-
-async function testInclusion(tree, key, circuit) {
-
- const res = await tree.find(key);
-
- assert(res.found);
- let siblings = res.siblings;
- while (siblings.length<10) siblings.push(bigInt(0));
-
- const w = await circuit.calculateWitness({
- enabled: 1,
- fnc: 0,
- root: tree.root,
- siblings: siblings,
- oldKey: 0,
- oldValue: 0,
- isOld0: 0,
- key: key,
- value: res.foundValue
- }, true);
-
- await circuit.checkConstraints(w);
-
-}
-
-async function testExclusion(tree, key, circuit) {
- const res = await tree.find(key);
-
- assert(!res.found);
- let siblings = res.siblings;
- while (siblings.length<10) siblings.push(bigInt(0));
-
- const w = await circuit.calculateWitness({
- enabled: 1,
- fnc: 1,
- root: tree.root,
- siblings: siblings,
- oldKey: res.isOld0 ? 0 : res.notFoundKey,
- oldValue: res.isOld0 ? 0 : res.notFoundValue,
- isOld0: res.isOld0 ? 1 : 0,
- key: key,
- value: 0
- });
-
- await circuit.checkConstraints(w);
-
-}
-
-describe("SMT Verifier test", function () {
- let circuit;
- let tree;
-
- this.timeout(100000);
-
- before( async () => {
- circuit = await tester(path.join(__dirname, "circuits", "smtverifier10_test.circom"));
-
- tree = await smt.newMemEmptyTrie();
- await tree.insert(7,77);
- await tree.insert(8,88);
- await tree.insert(32,3232);
- });
-
- it("Check inclussion in a tree of 3", async () => {
- await testInclusion(tree, 7, circuit);
- await testInclusion(tree, 8, circuit);
- await testInclusion(tree, 32, circuit);
- });
-
- it("Check exclussion in a tree of 3", async () => {
- await testExclusion(tree, 0, circuit);
- await testExclusion(tree, 6, circuit);
- await testExclusion(tree, 9, circuit);
- await testExclusion(tree, 33, circuit);
- await testExclusion(tree, 31, circuit);
- await testExclusion(tree, 16, circuit);
- await testExclusion(tree, 64, circuit);
- });
-
- it("Check not enabled accepts any thing", async () => {
- let siblings = [];
- for (let i=0; i<10; i++) siblings.push(i);
-
- const w = await circuit.calculateWitness({
- enabled: 0,
- fnc: 0,
- root: 1,
- siblings: siblings,
- oldKey: 22,
- oldValue: 33,
- isOld0: 0,
- key: 44,
- value: 0
- });
-
-
- await circuit.checkConstraints(w);
- });
-
- it("Check inclussion Adria case", async () => {
- const e1_hi= bigInt("17124152697573569611556136390143205198134245887034837071647643529178599000839");
- const e1_hv= bigInt("19650379996168153643111744440707177573540245771926102415571667548153444658179");
-
- const e2ok_hi= bigInt("16498254692537945203721083102154618658340563351558973077349594629411025251262");
- const e2ok_hv= bigInt("19650379996168153643111744440707177573540245771926102415571667548153444658179");
-
- const e2fail_hi= bigInt("17195092312975762537892237130737365903429674363577646686847513978084990105579");
- const e2fail_hv= bigInt("19650379996168153643111744440707177573540245771926102415571667548153444658179");
-
- const tree1 = await smt.newMemEmptyTrie();
- await tree1.insert(e1_hi,e1_hv);
- await tree1.insert(e2ok_hi,e2ok_hv);
-
- await testInclusion(tree1, e2ok_hi, circuit);
-
- const tree2 = await smt.newMemEmptyTrie();
- await tree2.insert(e1_hi,e1_hv);
- await tree2.insert(e2fail_hi,e2fail_hv);
-
- await testInclusion(tree2, e2fail_hi, circuit);
- });
-
-
-});
diff --git a/circuits/crypto_templates/smt/smtverifier10_test.circom b/circuits/crypto_templates/smt/smtverifier10_test.circom
deleted file mode 100644
index 31a4dd78..00000000
--- a/circuits/crypto_templates/smt/smtverifier10_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/smt/smtverifier.circom";
-
-component main = SMTVerifier(10);
diff --git a/package.json b/package.json
index 3c0c274b..e4709d18 100644
--- a/package.json
+++ b/package.json
@@ -3,11 +3,8 @@
"version": "0.1.1",
"description": "Basic circuits library for Circom",
"main": "index.js",
- "directories": {
- "test": "test"
- },
"scripts": {
- "test": "mocha --max-old-space-size=4000"
+ "test": "npx --max-old-space-size=4000 mocha **/*.test.js"
},
"keywords": [
"pedersen",
diff --git a/test/babyjub_js.test.js b/test/babyjub_js.test.js
deleted file mode 100644
index b65d71c6..00000000
--- a/test/babyjub_js.test.js
+++ /dev/null
@@ -1,164 +0,0 @@
-const chai = require("chai");
-const bigInt = require("big-integer");
-const babyjub = require("../src/babyjub.js");
-
-const assert = chai.assert;
-
-// const bigInt = require("big-integer");
-
-
-describe("Baby Jub js test", function () {
-
- this.timeout(100000);
-
- it("Should add point (0,1) and (0,1)", () => {
-
- const p1 = [
- bigInt(0),
- bigInt(1)];
- const p2 = [
- bigInt(0),
- bigInt(1)
- ];
-
- const out = babyjub.addPoint(p1, p2);
- assert(out[0].equals(0));
- assert(out[1].equals(1));
- });
-
- it("Should base be 8*generator", () => {
- let res;
- res = babyjub.addPoint(babyjub.Generator, babyjub.Generator);
- res = babyjub.addPoint(res, res);
- res = babyjub.addPoint(res, res);
-
- assert(res[0].equals(babyjub.Base8[0]));
- assert(res[1].equals(babyjub.Base8[1]));
- });
-
- it("Should add 2 same numbers", () => {
-
- const p1 = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
- const p2 = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
-
- const out = babyjub.addPoint(p1, p2);
- assert(out[0].equals(bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365")));
- assert(out[1].equals(bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889")));
- });
-
- it("Should add 2 different numbers", () => {
-
- const p1 = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
- const p2 = [
- bigInt("16540640123574156134436876038791482806971768689494387082833631921987005038935"),
- bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311"),
- ];
-
- const out = babyjub.addPoint(p1, p2);
-
- assert(out[0].equals(bigInt("7916061937171219682591368294088513039687205273691143098332585753343424131937")));
- assert(out[1].equals(bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499")));
- });
-
- it("should mulPointEscalar 0", () => {
- const p = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
-
- const r = babyjub.mulPointEscalar(p, bigInt("3"));
- let r2 = babyjub.addPoint(p, p);
- r2 = babyjub.addPoint(r2, p);
- assert.equal(r2[0].toString(), r[0].toString());
- assert.equal(r2[1].toString(), r[1].toString());
- assert.equal(r[0].toString(), "19372461775513343691590086534037741906533799473648040012278229434133483800898");
- assert.equal(r[1].toString(), "9458658722007214007257525444427903161243386465067105737478306991484593958249");
- });
-
- it("should mulPointEscalar 1", () => {
- const p = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
-
- const r = babyjub.mulPointEscalar(p, bigInt("14035240266687799601661095864649209771790948434046947201833777492504781204499"));
- assert.equal(r[0].toString(), "17070357974431721403481313912716834497662307308519659060910483826664480189605");
- assert.equal(r[1].toString(), "4014745322800118607127020275658861516666525056516280575712425373174125159339");
- });
-
- it("should mulPointEscalar 2", () => {
- const p = [
- bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
- bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
- ];
-
- const r = babyjub.mulPointEscalar(p, bigInt("20819045374670962167435360035096875258406992893633759881276124905556507972311"));
- assert.equal(r[0].toString(), "13563888653650925984868671744672725781658357821216877865297235725727006259983");
- assert.equal(r[1].toString(), "8442587202676550862664528699803615547505326611544120184665036919364004251662");
- });
-
- it("should inCurve 1", () => {
- const p = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
- assert(babyjub.inCurve(p));
- });
-
- it("should inCurve 2", () => {
- const p = [
- bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
- bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
- ];
- assert(babyjub.inCurve(p));
- });
-
- it("should inSubgroup 1", () => {
- const p = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
- assert(babyjub.inSubgroup(p));
- });
-
- it("should inSubgroup 2", () => {
- const p = [
- bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
- bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
- ];
- assert(babyjub.inSubgroup(p));
- });
-
- it("should packPoint - unpackPoint 1", () => {
- const p = [
- bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
- bigInt("2626589144620713026669568689430873010625803728049924121243784502389097019475"),
- ];
- const buf = babyjub.packPoint(p);
- assert.equal(buf.toString("hex"), "53b81ed5bffe9545b54016234682e7b2f699bd42a5e9eae27ff4051bc698ce85");
- const p2 = babyjub.unpackPoint(buf);
- assert.equal(p2[0].toString(), "17777552123799933955779906779655732241715742912184938656739573121738514868268");
- assert.equal(p2[1].toString(), "2626589144620713026669568689430873010625803728049924121243784502389097019475");
- });
-
- it("should packPoint - unpackPoint 2", () => {
- const p = [
- bigInt("6890855772600357754907169075114257697580319025794532037257385534741338397365"),
- bigInt("4338620300185947561074059802482547481416142213883829469920100239455078257889"),
- ];
- const buf = babyjub.packPoint(p);
- assert.equal(buf.toString("hex"), "e114eb17eddf794f063a68fecac515e3620e131976108555735c8b0773929709");
- const p2 = babyjub.unpackPoint(buf);
- assert.equal(p2[0].toString(), "6890855772600357754907169075114257697580319025794532037257385534741338397365");
- assert.equal(p2[1].toString(), "4338620300185947561074059802482547481416142213883829469920100239455078257889");
- });
-});
diff --git a/test/babypbk.test.js b/test/babypbk.test.js
deleted file mode 100644
index 64eabeb5..00000000
--- a/test/babypbk.test.js
+++ /dev/null
@@ -1,41 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const createBlakeHash = require("blake-hash");
-const eddsa = require("../src/eddsa.js");
-
-const assert = chai.assert;
-
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-const utils = require("../src/utils.js");
-
-describe("Baby Jubjub twisted Edwards public key extraction test", function () {
-
- this.timeout(100000);
-
- let circuit;
- before( async() => {
- circuit = await tester(path.join(__dirname, "babypbk_test.circom"));
- });
-
- it("It should extract the public key from the private one", async () => {
-
- const rawpvk = Buffer.from("0001020304050607080900010203040506070809000102030405060708090021", "hex");
- const pvk = eddsa.pruneBuffer(createBlakeHash("blake512").update(rawpvk).digest().slice(0,32));
- const S = utils.leBuff2int(pvk).shiftRight(3);
-
- const A = eddsa.prv2pub(rawpvk);
-
- const input = {
- in : S
- };
-
- const w = await circuit.calculateWitness(input, true);
-
- await circuit.assertOut(w, {Ax : A[0], Ay: A[1]});
-
- await circuit.checkConstraints(w);
- });
-
-});
diff --git a/test/babypbk_test.circom b/test/babypbk_test.circom
deleted file mode 100644
index 24850453..00000000
--- a/test/babypbk_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../circuits/crypto_templates/elliptic_curves/baby_jubjub/edwards/babypbk/babypbk.circom";
-
-component main = BabyPbk();
\ No newline at end of file
diff --git a/test/circuits/eddsa_test.circom b/test/circuits/eddsa_test.circom
deleted file mode 100644
index 1ef054ec..00000000
--- a/test/circuits/eddsa_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/eddsa.circom";
-
-component main = EdDSAVerifier(80);
diff --git a/test/circuits/eddsamimc_test.circom b/test/circuits/eddsamimc_test.circom
deleted file mode 100644
index 8ad48e63..00000000
--- a/test/circuits/eddsamimc_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/eddsamimc.circom";
-
-component main = EdDSAMiMCVerifier();
diff --git a/test/circuits/eddsaposeidon_test.circom b/test/circuits/eddsaposeidon_test.circom
deleted file mode 100644
index 98f96c7e..00000000
--- a/test/circuits/eddsaposeidon_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/eddsaposeidon.circom";
-
-component main = EdDSAPoseidonVerifier();
diff --git a/test/circuits/edwards2montgomery.circom b/test/circuits/edwards2montgomery.circom
deleted file mode 100644
index 960e5941..00000000
--- a/test/circuits/edwards2montgomery.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/montgomery.circom";
-
-component main = Edwards2Montgomery();
diff --git a/test/circuits/escalarmulany_test.circom b/test/circuits/escalarmulany_test.circom
deleted file mode 100644
index c09918d6..00000000
--- a/test/circuits/escalarmulany_test.circom
+++ /dev/null
@@ -1,28 +0,0 @@
-include "../../circuits/escalarmulany.circom";
-include "../../circuits/bitify.circom";
-
-template Main() {
- signal input e;
- signal input p[2];
- signal output out[2];
-
- component n2b = Num2Bits(253);
- component escalarMulAny = EscalarMulAny(253);
-
- escalarMulAny.p[0] <== p[0];
- escalarMulAny.p[1] <== p[1];
-
- var i;
-
- e ==> n2b.in;
-
- for (i=0; i<253; i++) {
- n2b.out[i] ==> escalarMulAny.e[i];
- }
-
- escalarMulAny.out[0] ==> out[0];
- escalarMulAny.out[1] ==> out[1];
-}
-
-component main = Main();
-
diff --git a/test/circuits/in.json b/test/circuits/in.json
deleted file mode 100644
index 2ebe0d5c..00000000
--- a/test/circuits/in.json
+++ /dev/null
@@ -1,258 +0,0 @@
-{
- "in": [
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1"
- ]
-}
\ No newline at end of file
diff --git a/test/circuits/mimc_sponge_hash_test.circom b/test/circuits/mimc_sponge_hash_test.circom
deleted file mode 100644
index f6be5026..00000000
--- a/test/circuits/mimc_sponge_hash_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/mimcsponge.circom"
-
-component main = MiMCSponge(2, 220, 3);
diff --git a/test/circuits/mimc_sponge_test.circom b/test/circuits/mimc_sponge_test.circom
deleted file mode 100644
index 92e9df28..00000000
--- a/test/circuits/mimc_sponge_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/mimcsponge.circom"
-
-component main = MiMCFeistel(220);
diff --git a/test/circuits/mimc_test.circom b/test/circuits/mimc_test.circom
deleted file mode 100644
index 26b0b017..00000000
--- a/test/circuits/mimc_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/mimc.circom"
-
-component main = MiMC7(91);
diff --git a/test/circuits/montgomery2edwards.circom b/test/circuits/montgomery2edwards.circom
deleted file mode 100644
index 39d05a64..00000000
--- a/test/circuits/montgomery2edwards.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/montgomery.circom";
-
-component main = Montgomery2Edwards();
diff --git a/test/circuits/montgomeryadd.circom b/test/circuits/montgomeryadd.circom
deleted file mode 100644
index 8caea17d..00000000
--- a/test/circuits/montgomeryadd.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/montgomery.circom";
-
-component main = MontgomeryAdd();
diff --git a/test/circuits/montgomerydouble.circom b/test/circuits/montgomerydouble.circom
deleted file mode 100644
index 70a3840e..00000000
--- a/test/circuits/montgomerydouble.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/montgomery.circom";
-
-component main = MontgomeryDouble();
diff --git a/test/circuits/mux1_1.circom b/test/circuits/mux1_1.circom
deleted file mode 100644
index 5a3afee3..00000000
--- a/test/circuits/mux1_1.circom
+++ /dev/null
@@ -1,31 +0,0 @@
-include "../../circuits/mux1.circom";
-include "../../circuits/bitify.circom";
-
-
-template Constants() {
- var i;
- signal output out[2];
-
- out[0] <== 37;
- out[1] <== 47;
-}
-
-template Main() {
- var i;
- signal private input selector;
- signal output out;
-
- component mux = Mux1();
- component n2b = Num2Bits(1);
- component cst = Constants();
-
- selector ==> n2b.in;
- n2b.out[0] ==> mux.s;
- for (i=0; i<2; i++) {
- cst.out[i] ==> mux.c[i];
- }
-
- mux.out ==> out;
-}
-
-component main = Main();
diff --git a/test/circuits/mux2_1.circom b/test/circuits/mux2_1.circom
deleted file mode 100644
index 4bb62477..00000000
--- a/test/circuits/mux2_1.circom
+++ /dev/null
@@ -1,35 +0,0 @@
-include "../../circuits/mux2.circom";
-include "../../circuits/bitify.circom";
-
-
-template Constants() {
- var i;
- signal output out[4];
-
- out[0] <== 37;
- out[1] <== 47;
- out[2] <== 53;
- out[3] <== 71;
-}
-
-template Main() {
- var i;
- signal private input selector;
- signal output out;
-
- component mux = Mux2();
- component n2b = Num2Bits(2);
- component cst = Constants();
-
- selector ==> n2b.in;
- for (i=0; i<2; i++) {
- n2b.out[i] ==> mux.s[i];
- }
- for (i=0; i<4; i++) {
- cst.out[i] ==> mux.c[i];
- }
-
- mux.out ==> out;
-}
-
-component main = Main();
diff --git a/test/circuits/mux3_1.circom b/test/circuits/mux3_1.circom
deleted file mode 100644
index 69f98f25..00000000
--- a/test/circuits/mux3_1.circom
+++ /dev/null
@@ -1,39 +0,0 @@
-include "../../circuits/mux3.circom";
-include "../../circuits/bitify.circom";
-
-
-template Constants() {
- var i;
- signal output out[8];
-
- out[0] <== 37;
- out[1] <== 47;
- out[2] <== 53;
- out[3] <== 71;
- out[4] <== 89;
- out[5] <== 107;
- out[6] <== 163;
- out[7] <== 191;
-}
-
-template Main() {
- var i;
- signal private input selector;
- signal output out;
-
- component mux = Mux3();
- component n2b = Num2Bits(3);
- component cst = Constants();
-
- selector ==> n2b.in;
- for (i=0; i<3; i++) {
- n2b.out[i] ==> mux.s[i];
- }
- for (i=0; i<8; i++) {
- cst.out[i] ==> mux.c[i];
- }
-
- mux.out ==> out;
-}
-
-component main = Main();
diff --git a/test/circuits/mux4_1.circom b/test/circuits/mux4_1.circom
deleted file mode 100644
index d63e4661..00000000
--- a/test/circuits/mux4_1.circom
+++ /dev/null
@@ -1,54 +0,0 @@
-include "../../circuits/mux4.circom";
-include "../../circuits/bitify.circom";
-
-
-template Constants() {
- var i;
- signal output out[16];
-
- out[0] <== 123;
- out[1] <== 456;
- out[2] <== 789;
- out[3] <== 012;
- out[4] <== 111;
- out[5] <== 222;
- out[6] <== 333;
- out[7] <== 4546;
- out[8] <== 134523;
- out[9] <== 44356;
- out[10] <== 15623;
- out[11] <== 4566;
- out[12] <== 1223;
- out[13] <== 4546;
- out[14] <== 4256;
- out[15] <== 4456;
-
-/*
- for (i=0;i<16; i++) {
- out[i] <== i*2+100;
- }
-*/
-
-}
-
-template Main() {
- var i;
- signal private input selector;
- signal output out;
-
- component mux = Mux4();
- component n2b = Num2Bits(4);
- component cst = Constants();
-
- selector ==> n2b.in;
- for (i=0; i<4; i++) {
- n2b.out[i] ==> mux.s[i];
- }
- for (i=0; i<16; i++) {
- cst.out[i] ==> mux.c[i];
- }
-
- mux.out ==> out;
-}
-
-component main = Main();
diff --git a/test/circuits/pointbits_loopback.circom b/test/circuits/pointbits_loopback.circom
deleted file mode 100644
index 39dacfbf..00000000
--- a/test/circuits/pointbits_loopback.circom
+++ /dev/null
@@ -1,23 +0,0 @@
-include "../../circuits/pointbits.circom";
-
-
-template Main() {
- signal input in[2];
-
- var i
-
- component p2b = Point2Bits_Strict();
- component b2p = Bits2Point_Strict();
-
- p2b.in[0] <== in[0];
- p2b.in[1] <== in[1];
-
- for (i=0; i<256; i++) {
- b2p.in[i] <== p2b.out[i];
- }
-
- b2p.out[0] === in[0];
- b2p.out[1] === in[1];
-}
-
-component main = Main();
diff --git a/test/circuits/poseidon3_test.circom b/test/circuits/poseidon3_test.circom
deleted file mode 100644
index 03d69d45..00000000
--- a/test/circuits/poseidon3_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/poseidon.circom"
-
-component main = Poseidon(2, 3, 8, 57);
diff --git a/test/circuits/poseidon6_test.circom b/test/circuits/poseidon6_test.circom
deleted file mode 100644
index 526bef12..00000000
--- a/test/circuits/poseidon6_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/poseidon.circom"
-
-component main = Poseidon(2, 6, 8, 57);
diff --git a/test/circuits/sha256_2_test.circom b/test/circuits/sha256_2_test.circom
deleted file mode 100644
index 855423b3..00000000
--- a/test/circuits/sha256_2_test.circom
+++ /dev/null
@@ -1,15 +0,0 @@
-include "../../circuits/sha256/sha256_2.circom";
-
-template Main() {
- signal private input a;
- signal private input b;
- signal output out;
-
- component sha256_2 = Sha256_2();
-
- sha256_2.a <== a;
- sha256_2.b <== b;
- out <== sha256_2.out;
-}
-
-component main = Main();
diff --git a/test/circuits/sha256_test448.circom b/test/circuits/sha256_test448.circom
deleted file mode 100644
index 9a5dbdc8..00000000
--- a/test/circuits/sha256_test448.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/sha256/sha256.circom";
-
-component main = Sha256(448);
diff --git a/test/circuits/sha256_test512.circom b/test/circuits/sha256_test512.circom
deleted file mode 100644
index dd8b11db..00000000
--- a/test/circuits/sha256_test512.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/sha256/sha256.circom";
-
-component main = Sha256(512);
diff --git a/test/circuits/smtprocessor10_test.circom b/test/circuits/smtprocessor10_test.circom
deleted file mode 100644
index ecf15d06..00000000
--- a/test/circuits/smtprocessor10_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/smt/smtprocessor.circom";
-
-component main = SMTProcessor(10);
diff --git a/test/circuits/smtverifier10_test.circom b/test/circuits/smtverifier10_test.circom
deleted file mode 100644
index 31a4dd78..00000000
--- a/test/circuits/smtverifier10_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../../circuits/smt/smtverifier.circom";
-
-component main = SMTVerifier(10);
diff --git a/test/compconstant.test.js b/test/compconstant.test.js
deleted file mode 100644
index 9588f92f..00000000
--- a/test/compconstant.test.js
+++ /dev/null
@@ -1,51 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-
-const assert = chai.assert;
-const bigInt = require("big-integer");
-
-const tester = require("circom").tester;
-
-function getBits(v, n) {
- const res = [];
- for (let i=0; i<n; i++) {
- if (v.shiftRight(i).isOdd()) {
- res.push(bigInt.one);
- } else {
- res.push(bigInt.zero);
- }
- }
- return res;
-}
-
-const ct = bigInt("12574899965841125748859665329478411236025236211254788521259648301247745896");
-const q = bigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617");
-
-describe("CompConstant test", function () {
-
- this.timeout(100000);
-
- let circuit;
- before( async() => {
- circuit = await tester(path.join(__dirname, "compconstant_test.circom"));
- });
-
- it("0 > ct is FALSE", async () => {
- const inp = getBits(bigInt.zero, 254);
- witness = await circuit.calculateWitness({"in": inp}, true);
- await circuit.assertOut(witness, {out: 0});
- });
-
- it("(q-1) > ct is TRUE", async () => {
- const inp = getBits(q.minus(bigInt.one), 254);
- witness = await circuit.calculateWitness({"in": inp}, true);
- await circuit.assertOut(witness, {out: 1});
- });
-
- it("ct > ct is FALSE", async () => {
- const inp = getBits(ct, 254);
- witness = await circuit.calculateWitness({"in": inp}, true);
- await circuit.assertOut(witness, {out: 0});
- });
-
-});
\ No newline at end of file
diff --git a/test/compconstant_test.circom b/test/compconstant_test.circom
deleted file mode 100644
index 130dad32..00000000
--- a/test/compconstant_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "../circuits/basic_templates/compconstant/compconstant.circom";
-
-component main = CompConstant(12574899965841125748859665329478411236025236211254788521259648301247745896)
\ No newline at end of file
diff --git a/test/constants_test.circom b/test/constants_test.circom
deleted file mode 100644
index 04abe188..00000000
--- a/test/constants_test.circom
+++ /dev/null
@@ -1,18 +0,0 @@
-include "constants.circom"
-
-template A() {
- signal input in;
- component h0;
- h0 = K(8);
-
- var lc = 0;
- var e = 1;
- for (var i=0; i<32; i++) {
- lc = lc + e*h0.out[i];
- e *= 2;
- }
-
- lc === in;
-}
-
-component main = A();
diff --git a/test/helpers/printsignal.js b/test/helpers/printsignal.js
deleted file mode 100644
index 796274d7..00000000
--- a/test/helpers/printsignal.js
+++ /dev/null
@@ -1,22 +0,0 @@
-
-const snarkjs = require("snarkjs");
-
-const bigInt = snarkjs.bigInt;
-
-module.exports = function hexBits(cir, witness, sig, nBits) {
- let v = bigInt(0);
- for (let i=nBits-1; i>=0; i--) {
- v = v.shiftLeft(1);
- const name = sig+"["+i+"]";
- const idx = cir.getSignalIdx(name);
- const vbit = bigInt(witness[idx].toString());
- if (vbit.equals(bigInt(1))) {
- v = v.add(bigInt(1));
- } else if (vbit.equals(bigInt(0))) {
- v;
- } else {
- console.log("Not Binary: "+name);
- }
- }
- return v.toString(16);
-};
diff --git a/test/helpers/sha256.js b/test/helpers/sha256.js
deleted file mode 100644
index ec58ee1d..00000000
--- a/test/helpers/sha256.js
+++ /dev/null
@@ -1,178 +0,0 @@
-/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
-/* SHA-256 (FIPS 180-4) implementation in JavaScript (c) Chris Veness 2002-2017 */
-/* MIT Licence */
-/* www.movable-type.co.uk/scripts/sha256.html */
-/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
-
-'use strict';
-
-
-/**
- * SHA-256 hash function reference implementation.
- *
- * This is an annotated direct implementation of FIPS 180-4, without any optimisations. It is
- * intended to aid understanding of the algorithm rather than for production use.
- *
- * While it could be used where performance is not critical, I would recommend using the ‘Web
- * Cryptography API’ (developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest) for the browser,
- * or the ‘crypto’ library (nodejs.org/api/crypto.html#crypto_class_hash) in Node.js.
- *
- * See csrc.nist.gov/groups/ST/toolkit/secure_hashing.html
- * csrc.nist.gov/groups/ST/toolkit/examples.html
- */
-class Sha256 {
-
- /**
- * Generates SHA-256 hash of string.
- *
- * @param {string} msg - (Unicode) string to be hashed.
- * @param {Object} [options]
- * @param {string} [options.msgFormat=string] - Message format: 'string' for JavaScript string
- * (gets converted to UTF-8 for hashing); 'hex-bytes' for string of hex bytes ('616263' ≡ 'abc') .
- * @param {string} [options.outFormat=hex] - Output format: 'hex' for string of contiguous
- * hex bytes; 'hex-w' for grouping hex bytes into groups of (4 byte / 8 character) words.
- * @returns {string} Hash of msg as hex character string.
- */
- static hash(msg, options) {
- const defaults = { msgFormat: 'string', outFormat: 'hex' };
- const opt = Object.assign(defaults, options);
-
- // note use throughout this routine of 'n >>> 0' to coerce Number 'n' to unsigned 32-bit integer
-
- switch (opt.msgFormat) {
- default: // default is to convert string to UTF-8, as SHA only deals with byte-streams
- case 'string': msg = utf8Encode(msg); break;
- case 'hex-bytes':msg = hexBytesToString(msg); break; // mostly for running tests
- }
-
- // constants [§4.2.2]
- const K = [
- 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
- 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
- 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
- 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
- 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 ];
-
- // initial hash value [§5.3.3]
- const H = [
- 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 ];
-
- // PREPROCESSING [§6.2.1]
-
- msg += String.fromCharCode(0x80); // add trailing '1' bit (+ 0's padding) to string [§5.1.1]
-
- // convert string msg into 512-bit blocks (array of 16 32-bit integers) [§5.2.1]
- const l = msg.length/4 + 2; // length (in 32-bit integers) of msg + ‘1’ + appended length
- const N = Math.ceil(l/16); // number of 16-integer (512-bit) blocks required to hold 'l' ints
- const M = new Array(N); // message M is N×16 array of 32-bit integers
-
- for (let i=0; i<N; i++) {
- M[i] = new Array(16);
- for (let j=0; j<16; j++) { // encode 4 chars per integer (64 per block), big-endian encoding
- M[i][j] = (msg.charCodeAt(i*64+j*4+0)<<24) | (msg.charCodeAt(i*64+j*4+1)<<16)
- | (msg.charCodeAt(i*64+j*4+2)<< 8) | (msg.charCodeAt(i*64+j*4+3)<< 0);
- } // note running off the end of msg is ok 'cos bitwise ops on NaN return 0
- }
- // add length (in bits) into final pair of 32-bit integers (big-endian) [§5.1.1]
- // note: most significant word would be (len-1)*8 >>> 32, but since JS converts
- // bitwise-op args to 32 bits, we need to simulate this by arithmetic operators
- const lenHi = ((msg.length-1)*8) / Math.pow(2, 32);
- const lenLo = ((msg.length-1)*8) >>> 0;
- M[N-1][14] = Math.floor(lenHi);
- M[N-1][15] = lenLo;
-
- // HASH COMPUTATION [§6.2.2]
-
- for (let i=0; i<N; i++) {
- const W = new Array(64);
-
- // 1 - prepare message schedule 'W'
- for (let t=0; t<16; t++) W[t] = M[i][t];
- for (let t=16; t<64; t++) {
- W[t] = (Sha256.σ1(W[t-2]) + W[t-7] + Sha256.σ0(W[t-15]) + W[t-16]) >>> 0;
- }
-
- // 2 - initialise working variables a, b, c, d, e, f, g, h with previous hash value
- let a = H[0], b = H[1], c = H[2], d = H[3], e = H[4], f = H[5], g = H[6], h = H[7];
-
- // 3 - main loop (note '>>> 0' for 'addition modulo 2^32')
- for (let t=0; t<64; t++) {
- const T1 = h + Sha256.Σ1(e) + Sha256.Ch(e, f, g) + K[t] + W[t];
- const T2 = Sha256.Σ0(a) + Sha256.Maj(a, b, c);
- h = g;
- g = f;
- f = e;
- e = (d + T1) >>> 0;
- d = c;
- c = b;
- b = a;
- a = (T1 + T2) >>> 0;
- }
-
- // 4 - compute the new intermediate hash value (note '>>> 0' for 'addition modulo 2^32')
- H[0] = (H[0]+a) >>> 0;
- H[1] = (H[1]+b) >>> 0;
- H[2] = (H[2]+c) >>> 0;
- H[3] = (H[3]+d) >>> 0;
- H[4] = (H[4]+e) >>> 0;
- H[5] = (H[5]+f) >>> 0;
- H[6] = (H[6]+g) >>> 0;
- H[7] = (H[7]+h) >>> 0;
- }
-
- // convert H0..H7 to hex strings (with leading zeros)
- for (let h=0; h<H.length; h++) H[h] = ('00000000'+H[h].toString(16)).slice(-8);
-
- // concatenate H0..H7, with separator if required
- const separator = opt.outFormat=='hex-w' ? ' ' : '';
-
- return H.join(separator);
-
- /* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
-
- function utf8Encode(str) {
- try {
- return new TextEncoder().encode(str, 'utf-8').reduce((prev, curr) => prev + String.fromCharCode(curr), '');
- } catch (e) { // no TextEncoder available?
- return unescape(encodeURIComponent(str)); // monsur.hossa.in/2012/07/20/utf-8-in-javascript.html
- }
- }
-
- function hexBytesToString(hexStr) { // convert string of hex numbers to a string of chars (eg '616263' -> 'abc').
- const str = hexStr.replace(' ', ''); // allow space-separated groups
- return str=='' ? '' : str.match(/.{2}/g).map(byte => String.fromCharCode(parseInt(byte, 16))).join('');
- }
- }
-
-
-
- /**
- * Rotates right (circular right shift) value x by n positions [§3.2.4].
- * @private
- */
- static ROTR(n, x) {
- return (x >>> n) | (x << (32-n));
- }
-
-
- /**
- * Logical functions [§4.1.2].
- * @private
- */
- static Σ0(x) { return Sha256.ROTR(2, x) ^ Sha256.ROTR(13, x) ^ Sha256.ROTR(22, x); }
- static Σ1(x) { return Sha256.ROTR(6, x) ^ Sha256.ROTR(11, x) ^ Sha256.ROTR(25, x); }
- static σ0(x) { return Sha256.ROTR(7, x) ^ Sha256.ROTR(18, x) ^ (x>>>3); }
- static σ1(x) { return Sha256.ROTR(17, x) ^ Sha256.ROTR(19, x) ^ (x>>>10); }
- static Ch(x, y, z) { return (x & y) ^ (~x & z); } // 'choice'
- static Maj(x, y, z) { return (x & y) ^ (x & z) ^ (y & z); } // 'majority'
-
-}
-
-
-/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
-
-if (typeof module != 'undefined' && module.exports) module.exports = Sha256; // ≡ export default Sha256
-
diff --git a/test/in.json b/test/in.json
deleted file mode 100644
index 2ebe0d5c..00000000
--- a/test/in.json
+++ /dev/null
@@ -1,258 +0,0 @@
-{
- "in": [
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1",
- "1"
- ]
-}
\ No newline at end of file
diff --git a/test/montgomery.test.js b/test/montgomery.test.js
deleted file mode 100644
index d53fa5a3..00000000
--- a/test/montgomery.test.js
+++ /dev/null
@@ -1,91 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-const babyJub = require("../src/babyjub.js");
-
-const assert = chai.assert;
-
-describe("Montgomery test", function () {
- let circuitE2M;
- let circuitM2E;
- let circuitMAdd;
- let circuitMDouble;
-
- let g = [
- bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
- bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
- ];
-
- let mg, mg2, g2, g3, mg3;
-
- this.timeout(100000);
- before( async() => {
- circuitE2M = await tester(path.join(__dirname, "circuits", "edwards2montgomery.circom"));
- await circuitE2M.loadSymbols();
- circuitM2E = await tester(path.join(__dirname, "circuits", "montgomery2edwards.circom"));
- await circuitM2E.loadSymbols();
- circuitMAdd = await tester(path.join(__dirname, "circuits", "montgomeryadd.circom"));
- await circuitMAdd.loadSymbols();
- circuitMDouble = await tester(path.join(__dirname, "circuits", "montgomerydouble.circom"));
- await circuitMDouble.loadSymbols();
- });
- it("Convert Edwards to Montgomery and back again", async () => {
- let w, xout, yout;
-
- w = await circuitE2M.calculateWitness({ in: g}, true);
-
- xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
- yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
-
- mg = [xout, yout];
-
- w = await circuitM2E.calculateWitness({ in: [xout, yout]}, true);
-
- xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
- yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
-
- assert(xout.equals(g[0]));
- assert(yout.equals(g[1]));
- });
- it("Should double a point", async () => {
- let w, xout, yout;
-
- g2 = babyJub.addPoint(g,g);
-
- w = await circuitMDouble.calculateWitness({ in: mg}, true);
-
- xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
- yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
-
- mg2 = [xout, yout];
-
- w = await circuitM2E.calculateWitness({ in: mg2}, true);
-
- xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
- yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
-
- assert(xout.equals(g2[0]));
- assert(yout.equals(g2[1]));
- });
- it("Should add a point", async () => {
- let w, xout, yout;
-
- g3 = babyJub.addPoint(g,g2);
-
- w = await circuitMAdd.calculateWitness({ in1: mg, in2: mg2}, true);
-
- xout = w[circuitMAdd.symbols["main.out[0]"].varIdx];
- yout = w[circuitMAdd.symbols["main.out[1]"].varIdx];
-
- mg3 = [xout, yout];
-
- w = await circuitM2E.calculateWitness({ in: mg3}, true);
-
- xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
- yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
-
- assert(xout.equals(g3[0]));
- assert(yout.equals(g3[1]));
- });
-});
diff --git a/test/multiplexer.test.js b/test/multiplexer.test.js
deleted file mode 100644
index 01a83380..00000000
--- a/test/multiplexer.test.js
+++ /dev/null
@@ -1,98 +0,0 @@
-const path = require("path");
-const bigInt = require("big-integer");
-const tester = require("circom").tester;
-
-describe("Mux4 test", function() {
- this.timeout(100000);
- it("Should create a constant multiplexer 4", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "mux4_1.circom"));
-
- const ct16 = [
- bigInt("123"),
- bigInt("456"),
- bigInt("789"),
- bigInt("012"),
- bigInt("111"),
- bigInt("222"),
- bigInt("333"),
- bigInt("4546"),
- bigInt("134523"),
- bigInt("44356"),
- bigInt("15623"),
- bigInt("4566"),
- bigInt("1223"),
- bigInt("4546"),
- bigInt("4256"),
- bigInt("4456")
- ];
-
- for (let i=0; i<16; i++) {
- const w = await circuit.calculateWitness({ "selector": i }, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {out: ct16[i]});
- }
- });
-
- it("Should create a constant multiplexer 3", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "mux3_1.circom"));
-
- const ct8 = [
- bigInt("37"),
- bigInt("47"),
- bigInt("53"),
- bigInt("71"),
- bigInt("89"),
- bigInt("107"),
- bigInt("163"),
- bigInt("191")
- ];
-
- for (let i=0; i<8; i++) {
- const w = await circuit.calculateWitness({ "selector": i }, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {out: ct8[i]});
- }
- });
- it("Should create a constant multiplexer 2", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "mux2_1.circom"));
-
- const ct4 = [
- bigInt("37"),
- bigInt("47"),
- bigInt("53"),
- bigInt("71"),
- ];
-
- for (let i=0; i<4; i++) {
- const w = await circuit.calculateWitness({ "selector": i }, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {out: ct4[i]});
- }
- });
- it("Should create a constant multiplexer 1", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "mux1_1.circom"));
-
- const ct2 = [
- bigInt("37"),
- bigInt("47"),
- ];
-
- for (let i=0; i<2; i++) {
- const w = await circuit.calculateWitness({ "selector": i }, true);
-
- await circuit.checkConstraints(w);
-
- await circuit.assertOut(w, {out: ct2[i]});
- }
- });
-});
diff --git a/test/point2bits.test.js b/test/point2bits.test.js
deleted file mode 100644
index f0697a18..00000000
--- a/test/point2bits.test.js
+++ /dev/null
@@ -1,23 +0,0 @@
-const path = require("path");
-const tester = require("circom").tester;
-
-const babyJub = require("../src/babyjub.js");
-
-
-describe("Point 2 bits test", function() {
- let circuit;
- this.timeout(100000);
- before( async() => {
- circuit = await tester(path.join(__dirname, "circuits", "pointbits_loopback.circom"));
- });
- it("Should do the both convertions for 8Base", async () => {
- const w = await circuit.calculateWitness({ in: babyJub.Base8}, true);
-
- await circuit.checkConstraints(w);
- });
- it("Should do the both convertions for Zero point", async () => {
- const w = await circuit.calculateWitness({ in: [0, 1]}, true);
-
- await circuit.checkConstraints(w);
- });
-});
diff --git a/test/sha256.test.js b/test/sha256.test.js
deleted file mode 100644
index e7344903..00000000
--- a/test/sha256.test.js
+++ /dev/null
@@ -1,115 +0,0 @@
-const chai = require("chai");
-const path = require("path");
-const snarkjs = require("snarkjs");
-const crypto = require("crypto");
-
-const assert = chai.assert;
-
-const sha256 = require("./helpers/sha256");
-
-const tester = require("circom").tester;
-
-// const printSignal = require("./helpers/printsignal");
-
-
-function buffer2bitArray(b) {
- const res = [];
- for (let i=0; i<b.length; i++) {
- for (let j=0; j<8; j++) {
- res.push((b[i] >> (7-j) &1));
- }
- }
- return res;
-}
-
-function bitArray2buffer(a) {
- const len = Math.floor((a.length -1 )/8)+1;
- const b = new Buffer.alloc(len);
-
- for (let i=0; i<a.length; i++) {
- const p = Math.floor(i/8);
- b[p] = b[p] | (Number(a[i]) << ( 7 - (i%8) ));
- }
- return b;
-}
-
-
-describe("SHA256 test", function () {
- this.timeout(100000);
-
-
- it("Should work bits to array and array to bits", async () => {
- const b = new Buffer.alloc(64);
- for (let i=0; i<64; i++) {
- b[i] = i+1;
- }
- const a = buffer2bitArray(b);
- const b2 = bitArray2buffer(a);
-
- assert.equal(b.toString("hex"), b2.toString("hex"), true);
- });
-
- it("Should calculate a hash of 1 compressor", async () => {
- const cir = await tester(path.join(__dirname, "circuits", "sha256_2_test.circom"));
-
- const witness = await cir.calculateWitness({ "a": "1", "b": "2" }, true);
-
- const b = new Buffer.alloc(54);
- b[26] = 1;
- b[53] = 2;
-
- const hash = crypto.createHash("sha256")
- .update(b)
- .digest("hex");
- const r = "0x" + hash.slice(10);
-
- const hash2 = sha256.hash(b.toString("hex"), {msgFormat: "hex-bytes"});
-
- assert.equal(hash, hash2);
-
- assert(witness[1].equals(snarkjs.bigInt(r)));
- }).timeout(1000000);
-
- it("Should calculate a hash of 2 compressor", async () => {
- const cir = await tester(path.join(__dirname, "circuits", "sha256_test512.circom"));
-
- const b = new Buffer.alloc(64);
- for (let i=0; i<64; i++) {
- b[i] = i+1;
- }
-
- const hash = crypto.createHash("sha256")
- .update(b)
- .digest("hex");
-
- const arrIn = buffer2bitArray(b);
- const witness = await cir.calculateWitness({ "in": arrIn }, true);
-
- const arrOut = witness.slice(1, 257);
- const hash2 = bitArray2buffer(arrOut).toString("hex");
-
- assert.equal(hash, hash2);
-
- }).timeout(1000000);
- it ("Should calculate a hash of 2 compressor", async () => {
- const cir = await tester(path.join(__dirname, "circuits", "sha256_test448.circom"));
-
- const testStr = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-
- const b = Buffer.from(testStr, "utf8");
-
- const hash = crypto.createHash("sha256")
- .update(b)
- .digest("hex");
-
- const arrIn = buffer2bitArray(b);
-
- const witness = await cir.calculateWitness({ "in": arrIn }, true);
-
- const arrOut = witness.slice(1, 257);
- const hash2 = bitArray2buffer(arrOut).toString("hex");
-
- assert.equal(hash, hash2);
- });
-
-});
diff --git a/test/sha256_2_test.circom b/test/sha256_2_test.circom
deleted file mode 100644
index 855423b3..00000000
--- a/test/sha256_2_test.circom
+++ /dev/null
@@ -1,15 +0,0 @@
-include "../../circuits/sha256/sha256_2.circom";
-
-template Main() {
- signal private input a;
- signal private input b;
- signal output out;
-
- component sha256_2 = Sha256_2();
-
- sha256_2.a <== a;
- sha256_2.b <== b;
- out <== sha256_2.out;
-}
-
-component main = Main();
From bbc61ec411d48b2631f740e9730292df659ccda3 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Sat, 11 Apr 2020 20:18:36 +0200
Subject: [PATCH 22/27] Added scalarmul test
---
.../scalar_mul/scalarmul/scalarmul.circom | 2 +-
.../scalar_mul/scalarmul/scalarmul.test.js | 75 ++-----------------
.../scalarmul/scalarmul_min_test.circom | 19 ++---
.../scalarmul/scalarmul_test.circom | 17 ++---
.../scalarmul/scalarmul_test_min.circom | 15 ++--
5 files changed, 30 insertions(+), 98 deletions(-)
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
index d59a732b..f6bfd284 100644
--- a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
@@ -85,7 +85,7 @@
*/
-include "scalarmulwindow/scalamulwindow.circom";
+include "scalarmulwindow/scalarmulwindow.circom";
template ScalarMul(n, base) {
signal input in[n];
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.test.js b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.test.js
index a5021666..0cafecfc 100644
--- a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.test.js
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.test.js
@@ -1,9 +1,8 @@
-/*
const chai = require("chai");
const path = require("path");
const bigInt = require("big-integer");
const tester = require("circom").tester;
-const babyJub = require("../src/babyjub.js");
+const babyJub = require("../../../../../../src/babyjub");
const assert = chai.assert;
@@ -11,71 +10,11 @@ function print(circuit, w, s) {
console.log(s + ": " + w[circuit.getSignalIdx(s)]);
}
-describe("Exponentioation test", function () {
-
- this.timeout(100000);
-
- it("Should generate the Exponentiation table in k=0", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "escalarmulw4table_test.circom"));
-
- const w = await circuit.calculateWitness({in: 1});
-
- await circuit.checkConstraints(w);
-
- let g = [
- bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
- bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
- ];
-
- let dbl= [bigInt("0"), bigInt("1")];
-
- const expectedOut = [];
-
- for (let i=0; i<16; i++) {
-
- expectedOut.push(dbl);
- dbl = babyJub.addPoint(dbl,g);
- }
-
- await circuit.assertOut(w, {out: expectedOut});
-
- });
-
- it("Should generate the Exponentiation table in k=3", async () => {
-
- const circuit = await tester(path.join(__dirname, "circuits", "escalarmulw4table_test3.circom"));
-
- const w = await circuit.calculateWitness({in: 1});
-
- await circuit.checkConstraints(w);
-
- let g = [
- bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
- bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
- ];
-
- for (let i=0; i<12;i++) {
- g = babyJub.addPoint(g,g);
- }
-
- let dbl= [bigInt("0"), bigInt("1")];
-
- const expectedOut = [];
-
- for (let i=0; i<16; i++) {
- expectedOut.push(dbl);
-
- dbl = babyJub.addPoint(dbl,g);
- }
-
- await circuit.assertOut(w, {out: expectedOut});
-
- });
+describe("Scalarmul (exponentiation) test", function () {
it("Should exponentiate g^31", async () => {
- const circuit = await tester(path.join(__dirname, "circuits", "escalarmul_test.circom"));
+ const circuit = await tester(path.join(__dirname, "scalarmul_test.circom"));
const w = await circuit.calculateWitness({"in": 31});
@@ -106,12 +45,10 @@ describe("Exponentioation test", function () {
}).timeout(10000000);
- it("Number of constrains for 256 bits", async () => {
+ it("Number of constraints for 256 bits", async () => {
- const circuit = await tester(path.join(__dirname, "circuits", "escalarmul_test_min.circom"));
+ const circuit = await tester(path.join(__dirname, "scalarmul_test_min.circom"));
}).timeout(10000000);
-});
-
-*/
\ No newline at end of file
+});
\ No newline at end of file
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_min_test.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_min_test.circom
index 69737011..55b81e3e 100644
--- a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_min_test.circom
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_min_test.circom
@@ -1,5 +1,4 @@
-include "../../circuits/escalarmul.circom";
-
+include "scalarmul.circom";
template Main() {
signal input in[256];
@@ -10,17 +9,15 @@ template Main() {
var base = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
16950150798460657717958625567821834550301663161624707787222815936182638968203];
- component escalarMul = EscalarMul(256, base);
+ component scalarMul = EscalarMul(256, base);
- escalarMul.inp[0] <== 0;
- escalarMul.inp[1] <== 1;
+ scalarMul.inp[0] <== 0;
+ scalarMul.inp[1] <== 1;
for (i=0; i<256; i++) {
- in[i] ==> escalarMul.in[i];
+ in[i] ==> scalarMul.in[i];
}
- escalarMul.out[0] ==> out[0];
- escalarMul.out[1] ==> out[1];
-}
-
-component main = Main();
+ scalarMul.out[0] ==> out[0];
+ scalarMul.out[1] ==> out[1];
+}
\ No newline at end of file
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test.circom
index 1af53ace..a2ee3c36 100644
--- a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test.circom
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test.circom
@@ -1,6 +1,5 @@
-include "../../circuits/escalarmul.circom";
-include "../../circuits/bitify.circom";
-
+include "scalarmul.circom";
+include "../../../../../basic_templates/bitify/num2bits/num2bits.circom";
template Main() {
signal input in;
@@ -11,21 +10,21 @@ template Main() {
component n2b = Num2Bits(253);
- component escalarMul = EscalarMul(253, base);
+ component scalarMul = ScalarMul(253, base);
- escalarMul.inp[0] <== 0;
- escalarMul.inp[1] <== 1;
+ scalarMul.inp[0] <== 0;
+ scalarMul.inp[1] <== 1;
var i;
in ==> n2b.in;
for (i=0; i<253; i++) {
- n2b.out[i] ==> escalarMul.in[i];
+ n2b.out[i] ==> scalarMul.in[i];
}
- escalarMul.out[0] ==> out[0];
- escalarMul.out[1] ==> out[1];
+ scalarMul.out[0] ==> out[0];
+ scalarMul.out[1] ==> out[1];
}
component main = Main();
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test_min.circom b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test_min.circom
index 2b8c7ba3..ddc64e32 100644
--- a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test_min.circom
+++ b/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test_min.circom
@@ -1,5 +1,4 @@
-include "../../circuits/escalarmul.circom";
-
+include "scalarmul.circom";
template Main() {
signal input in[256];
@@ -10,17 +9,17 @@ template Main() {
var base[2] = [5299619240641551281634865583518297030282874472190772894086521144482721001553,
16950150798460657717958625567821834550301663161624707787222815936182638968203];
- component escalarMul = EscalarMul(256, base);
+ component scalarMul = ScalarMul(256, base);
- escalarMul.inp[0] <== 0;
- escalarMul.inp[1] <== 1;
+ scalarMul.inp[0] <== 0;
+ scalarMul.inp[1] <== 1;
for (i=0; i<256; i++) {
- in[i] ==> escalarMul.in[i];
+ in[i] ==> scalarMul.in[i];
}
- escalarMul.out[0] ==> out[0];
- escalarMul.out[1] ==> out[1];
+ scalarMul.out[0] ==> out[0];
+ scalarMul.out[1] ==> out[1];
}
component main = Main();
From 12e68e8042ae2c02fdcf94fd8a6af0218ba6021e Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 15 Apr 2020 14:48:00 +0200
Subject: [PATCH 23/27] Changing basics structure
---
circuits/basic_templates/README.md | 49 ------
.../binary_arithmetic/README.md | 10 --
.../basic_templates/logic_gates/README.md | 16 --
circuits/basics/README.md | 7 +
circuits/basics/binary_ops/README.md | 20 +++
.../binary_ops/bin_sub}/README.md | 0
.../binary_ops/bin_sub/bin_sub.circom} | 0
.../bin_sub/test/bin_sub.test.circom} | 0
.../binary_ops/bin_sub/test/bin_sub.test.js} | 2 +-
.../binary_ops/bin_sum}/README.md | 0
.../binary_ops/bin_sum/bin_sum.circom} | 0
.../bin_sum/test/bin_sum.test.circom} | 2 +-
.../binary_ops/bin_sum/test/bin_sum.test.js} | 2 +-
circuits/basics/binary_ops/gates/README.md | 17 ++
.../binary_ops/gates}/and/README.md | 0
.../binary_ops/gates}/and/and.circom | 0
.../gates/and/test/and.test.circom} | 0
.../binary_ops/gates/and/test}/and.test.js | 0
.../binary_ops/gates/multi_and}/README.md | 0
.../gates/multi_and/multi_and.circom} | 0
.../multi_and/test/multi_and.test.circom} | 0
.../gates/multi_and/test}/multiand.test.js | 0
.../binary_ops/gates/multi_or}/README.md | 0
.../gates/multi_or/multi_or.circom} | 0
.../gates/multi_or/test/multi_or.test.circom} | 0
.../gates/multi_or/test/multi_or.test.js} | 0
.../binary_ops/gates/multi_xor}/README.md | 4 +-
.../gates/multi_xor/multi_xor.circom} | 0
.../multi_xor/test/multi_xor.test.circom} | 0
.../gates/multi_xor/test/multi_xor.test.js} | 0
.../binary_ops/gates}/nand/README.md | 0
.../binary_ops/gates}/nand/nand.circom | 0
.../gates/nand/test/nand.test.circom} | 0
.../binary_ops/gates/nand/test}/nand.test.js | 0
.../binary_ops/gates}/nor/README.md | 0
.../binary_ops/gates}/nor/nor.circom | 0
.../gates/nor/test/nor.test.circom} | 0
.../binary_ops/gates/nor/test}/nor.test.js | 0
.../binary_ops/gates}/not/README.md | 0
.../binary_ops/gates}/not/not.circom | 0
.../gates/not/test/not.test.circom} | 0
.../binary_ops/gates/not/test}/not.test.js | 0
.../binary_ops/gates}/or/README.md | 0
.../binary_ops/gates}/or/or.circom | 0
.../binary_ops/gates/or/test/or.test.circom} | 0
.../binary_ops/gates/or/test}/or.test.js | 0
.../binary_ops/gates}/xor/README.md | 0
.../gates/xor/test/xor.test.circom} | 0
.../binary_ops/gates/xor/test}/xor.test.js | 0
.../binary_ops/gates}/xor/xor.circom | 0
.../bitify/README.md | 0
.../bitify/bits2num/README.md | 0
.../bitify/bits2num/bits2num.circom | 0
.../bitify/bits2num_strict/README.md | 0
.../bits2num_strict/bits2num_strict.circom | 0
.../bitify/num2bits/README.md | 0
.../bitify/num2bits/num2bits.circom | 0
.../bitify/num2bits_strict/README.md | 0
.../num2bits_strict/num2bits_strict.circom | 0
.../bitify/num2bitsneg/README.md | 0
.../bitify/num2bitsneg/num2bitsneg.circom | 0
.../comparators/README.md | 0
.../comparators}/aliascheck/README.md | 0
.../comparators}/aliascheck/aliascheck.circom | 0
.../aliascheck/aliascheck.test.js | 0
.../aliascheck/aliascheck_test.circom | 0
.../comparators}/compconstant/README.md | 0
.../compconstant/compconstant.circom | 0
.../comparators/forceequalifenabled/README.md | 0
.../forceequalifenabled.circom | 0
.../comparators/greatereqthan/README.md | 0
.../greatereqthan/greatereqthan.circom | 0
.../greatereqthan/greatereqthan.test.js | 0
.../greatereqthan/greatereqthan_test.circom | 0
.../comparators/greaterthan/README.md | 0
.../greaterthan/greaterthan.circom | 0
.../greaterthan/greaterthan.test.js | 0
.../greaterthan/greaterthan_test.circom | 0
.../comparators/isequal/README.md | 0
.../comparators/isequal/isequal.circom | 0
.../comparators/isequal/isequal.test.js | 0
.../comparators/isequal/isequal_test.circom | 0
.../comparators/iszero/README.md | 0
.../comparators/iszero/iszero.circom | 0
.../comparators/iszero/iszero.test.js | 0
.../comparators/iszero/iszero_test.circom | 0
.../comparators/lesseqthan/README.md | 0
.../comparators/lesseqthan/lesseqthan.circom | 0
.../comparators/lesseqthan/lesseqthan.test.js | 0
.../lesseqthan/lesseqthan_test.circom | 0
.../comparators/lessthan/README.md | 0
.../comparators/lessthan/lessthan.circom | 0
.../comparators/lessthan/lessthan.test.js | 0
.../comparators/lessthan/lessthan_test.circom | 0
.../comparators}/sign/README.md | 0
.../comparators}/sign/sign.circom | 0
.../comparators}/sign/sign.test.js | 0
.../comparators}/sign/sign_test.circom | 0
.../multiplexer/README.md | 0
.../multiplexer/decoder/README.md | 0
.../multiplexer/decoder/decoder.circom | 0
.../multiplexer/multiplexer.circom | 0
.../multiplexer}/mux/README.md | 0
.../multiplexer}/mux/multimux1/README.md | 0
.../multiplexer}/mux/multimux2/README.md | 0
.../mux/multimux2/multimux2.circom | 0
.../multiplexer}/mux/multimux3/README.md | 0
.../mux/multimux3/multimux3.circom | 0
.../multiplexer}/mux/multimux4/README.md | 0
.../mux/multimux4/multimux4.circom | 99 +++++++++++
.../multiplexer}/mux/mux1/README.md | 0
.../multiplexer}/mux/mux1/mux1.circom | 0
.../multiplexer}/mux/mux1/mux1_1.circom | 0
.../multiplexer}/mux/mux2/README.md | 0
.../multiplexer}/mux/mux2/mux2.circom | 0
.../multiplexer}/mux/mux2/mux2_1.circom | 0
.../multiplexer}/mux/mux3/README.md | 0
.../multiplexer}/mux/mux3/mux3.circom | 0
.../multiplexer}/mux/mux3/mux3_1.circom | 0
.../multiplexer}/mux/mux4/README.md | 0
.../multiplexer}/mux/mux4/mux4.circom | 0
.../multiplexer}/mux/mux4/mux4_1.circom | 0
.../multiplexer/scalarproduct/README.md | 0
.../scalarproduct/scalarproduct.circom | 0
.../multiplexer}/switcher/README.md | 0
.../multiplexer}/switcher/switcher.circom | 0
.../baby_jubjub/edwards/README.md | 2 +
.../edwards2montgomery.test.js | 65 +++++++
.../edwards2montgomery_test.circom | 3 +
.../edwards2montgomery_test.circom | 3 +
.../baby_jubjub/montgomery.test.js | 95 ++++++++++
.../montgomery/montgomeryadd/README.md | 4 +-
.../montgomeryadd/montgomeryadd.test.js | 52 ++++++
.../montgomeryadd/montgomeryadd_test.circom | 3 +
.../montgomerydouble/montgomerydouble.test.js | 93 ++++++++++
.../montgomerydouble_test.circom | 3 +
.../montgomery2edwards.test.js | 65 +++++++
.../montgomery2edwards_test.circom | 3 +
.../montgomery2edwards_test.circom | 3 +
.../baby_jubjub/montgomeryBIS.test.js | 162 ++++++++++++++++++
.../baby_jubjub/montgomeryadd_test.circom | 3 +
141 files changed, 704 insertions(+), 83 deletions(-)
delete mode 100644 circuits/basic_templates/README.md
delete mode 100644 circuits/basic_templates/binary_arithmetic/README.md
delete mode 100644 circuits/basic_templates/logic_gates/README.md
create mode 100644 circuits/basics/README.md
create mode 100644 circuits/basics/binary_ops/README.md
rename circuits/{basic_templates/binary_arithmetic/binsub => basics/binary_ops/bin_sub}/README.md (100%)
rename circuits/{basic_templates/binary_arithmetic/binsub/binsub.circom => basics/binary_ops/bin_sub/bin_sub.circom} (100%)
rename circuits/{basic_templates/binary_arithmetic/binsub/binsub_test.circom => basics/binary_ops/bin_sub/test/bin_sub.test.circom} (100%)
rename circuits/{basic_templates/binary_arithmetic/binsub/binsub.test.js => basics/binary_ops/bin_sub/test/bin_sub.test.js} (94%)
rename circuits/{basic_templates/binary_arithmetic/binsum => basics/binary_ops/bin_sum}/README.md (100%)
rename circuits/{basic_templates/binary_arithmetic/binsum/binsum.circom => basics/binary_ops/bin_sum/bin_sum.circom} (100%)
rename circuits/{basic_templates/binary_arithmetic/binsum/binsum_test.circom => basics/binary_ops/bin_sum/test/bin_sum.test.circom} (95%)
rename circuits/{basic_templates/binary_arithmetic/binsum/binsum.test.js => basics/binary_ops/bin_sum/test/bin_sum.test.js} (88%)
create mode 100644 circuits/basics/binary_ops/gates/README.md
rename circuits/{basic_templates/logic_gates => basics/binary_ops/gates}/and/README.md (100%)
rename circuits/{basic_templates/logic_gates => basics/binary_ops/gates}/and/and.circom (100%)
rename circuits/{basic_templates/logic_gates/and/and_test.circom => basics/binary_ops/gates/and/test/and.test.circom} (100%)
rename circuits/{basic_templates/logic_gates/and => basics/binary_ops/gates/and/test}/and.test.js (100%)
rename circuits/{basic_templates/logic_gates/multiand => basics/binary_ops/gates/multi_and}/README.md (100%)
rename circuits/{basic_templates/logic_gates/multiand/multiand.circom => basics/binary_ops/gates/multi_and/multi_and.circom} (100%)
rename circuits/{basic_templates/logic_gates/multiand/multiand_test.circom => basics/binary_ops/gates/multi_and/test/multi_and.test.circom} (100%)
rename circuits/{basic_templates/logic_gates/multiand => basics/binary_ops/gates/multi_and/test}/multiand.test.js (100%)
rename circuits/{basic_templates/logic_gates/multior => basics/binary_ops/gates/multi_or}/README.md (100%)
rename circuits/{basic_templates/logic_gates/multior/multior.circom => basics/binary_ops/gates/multi_or/multi_or.circom} (100%)
rename circuits/{basic_templates/logic_gates/multior/multior_test.circom => basics/binary_ops/gates/multi_or/test/multi_or.test.circom} (100%)
rename circuits/{basic_templates/logic_gates/multior/multior.test.js => basics/binary_ops/gates/multi_or/test/multi_or.test.js} (100%)
rename circuits/{basic_templates/logic_gates/multixor => basics/binary_ops/gates/multi_xor}/README.md (85%)
rename circuits/{basic_templates/logic_gates/multixor/multixor.circom => basics/binary_ops/gates/multi_xor/multi_xor.circom} (100%)
rename circuits/{basic_templates/logic_gates/multixor/multixor_test.circom => basics/binary_ops/gates/multi_xor/test/multi_xor.test.circom} (100%)
rename circuits/{basic_templates/logic_gates/multixor/multixor.test.js => basics/binary_ops/gates/multi_xor/test/multi_xor.test.js} (100%)
rename circuits/{basic_templates/logic_gates => basics/binary_ops/gates}/nand/README.md (100%)
rename circuits/{basic_templates/logic_gates => basics/binary_ops/gates}/nand/nand.circom (100%)
rename circuits/{basic_templates/logic_gates/nand/nand_test.circom => basics/binary_ops/gates/nand/test/nand.test.circom} (100%)
rename circuits/{basic_templates/logic_gates/nand => basics/binary_ops/gates/nand/test}/nand.test.js (100%)
rename circuits/{basic_templates/logic_gates => basics/binary_ops/gates}/nor/README.md (100%)
rename circuits/{basic_templates/logic_gates => basics/binary_ops/gates}/nor/nor.circom (100%)
rename circuits/{basic_templates/logic_gates/nor/nor_test.circom => basics/binary_ops/gates/nor/test/nor.test.circom} (100%)
rename circuits/{basic_templates/logic_gates/nor => basics/binary_ops/gates/nor/test}/nor.test.js (100%)
rename circuits/{basic_templates/logic_gates => basics/binary_ops/gates}/not/README.md (100%)
rename circuits/{basic_templates/logic_gates => basics/binary_ops/gates}/not/not.circom (100%)
rename circuits/{basic_templates/logic_gates/not/not_test.circom => basics/binary_ops/gates/not/test/not.test.circom} (100%)
rename circuits/{basic_templates/logic_gates/not => basics/binary_ops/gates/not/test}/not.test.js (100%)
rename circuits/{basic_templates/logic_gates => basics/binary_ops/gates}/or/README.md (100%)
rename circuits/{basic_templates/logic_gates => basics/binary_ops/gates}/or/or.circom (100%)
rename circuits/{basic_templates/logic_gates/or/or_test.circom => basics/binary_ops/gates/or/test/or.test.circom} (100%)
rename circuits/{basic_templates/logic_gates/or => basics/binary_ops/gates/or/test}/or.test.js (100%)
rename circuits/{basic_templates/logic_gates => basics/binary_ops/gates}/xor/README.md (100%)
rename circuits/{basic_templates/logic_gates/xor/xor_test.circom => basics/binary_ops/gates/xor/test/xor.test.circom} (100%)
rename circuits/{basic_templates/logic_gates/xor => basics/binary_ops/gates/xor/test}/xor.test.js (100%)
rename circuits/{basic_templates/logic_gates => basics/binary_ops/gates}/xor/xor.circom (100%)
rename circuits/{basic_templates => basics}/bitify/README.md (100%)
rename circuits/{basic_templates => basics}/bitify/bits2num/README.md (100%)
rename circuits/{basic_templates => basics}/bitify/bits2num/bits2num.circom (100%)
rename circuits/{basic_templates => basics}/bitify/bits2num_strict/README.md (100%)
rename circuits/{basic_templates => basics}/bitify/bits2num_strict/bits2num_strict.circom (100%)
rename circuits/{basic_templates => basics}/bitify/num2bits/README.md (100%)
rename circuits/{basic_templates => basics}/bitify/num2bits/num2bits.circom (100%)
rename circuits/{basic_templates => basics}/bitify/num2bits_strict/README.md (100%)
rename circuits/{basic_templates => basics}/bitify/num2bits_strict/num2bits_strict.circom (100%)
rename circuits/{basic_templates => basics}/bitify/num2bitsneg/README.md (100%)
rename circuits/{basic_templates => basics}/bitify/num2bitsneg/num2bitsneg.circom (100%)
rename circuits/{basic_templates => basics}/comparators/README.md (100%)
rename circuits/{basic_templates => basics/comparators}/aliascheck/README.md (100%)
rename circuits/{basic_templates => basics/comparators}/aliascheck/aliascheck.circom (100%)
rename circuits/{basic_templates => basics/comparators}/aliascheck/aliascheck.test.js (100%)
rename circuits/{basic_templates => basics/comparators}/aliascheck/aliascheck_test.circom (100%)
rename circuits/{basic_templates => basics/comparators}/compconstant/README.md (100%)
rename circuits/{basic_templates => basics/comparators}/compconstant/compconstant.circom (100%)
rename circuits/{basic_templates => basics}/comparators/forceequalifenabled/README.md (100%)
rename circuits/{basic_templates => basics}/comparators/forceequalifenabled/forceequalifenabled.circom (100%)
rename circuits/{basic_templates => basics}/comparators/greatereqthan/README.md (100%)
rename circuits/{basic_templates => basics}/comparators/greatereqthan/greatereqthan.circom (100%)
rename circuits/{basic_templates => basics}/comparators/greatereqthan/greatereqthan.test.js (100%)
rename circuits/{basic_templates => basics}/comparators/greatereqthan/greatereqthan_test.circom (100%)
rename circuits/{basic_templates => basics}/comparators/greaterthan/README.md (100%)
rename circuits/{basic_templates => basics}/comparators/greaterthan/greaterthan.circom (100%)
rename circuits/{basic_templates => basics}/comparators/greaterthan/greaterthan.test.js (100%)
rename circuits/{basic_templates => basics}/comparators/greaterthan/greaterthan_test.circom (100%)
rename circuits/{basic_templates => basics}/comparators/isequal/README.md (100%)
rename circuits/{basic_templates => basics}/comparators/isequal/isequal.circom (100%)
rename circuits/{basic_templates => basics}/comparators/isequal/isequal.test.js (100%)
rename circuits/{basic_templates => basics}/comparators/isequal/isequal_test.circom (100%)
rename circuits/{basic_templates => basics}/comparators/iszero/README.md (100%)
rename circuits/{basic_templates => basics}/comparators/iszero/iszero.circom (100%)
rename circuits/{basic_templates => basics}/comparators/iszero/iszero.test.js (100%)
rename circuits/{basic_templates => basics}/comparators/iszero/iszero_test.circom (100%)
rename circuits/{basic_templates => basics}/comparators/lesseqthan/README.md (100%)
rename circuits/{basic_templates => basics}/comparators/lesseqthan/lesseqthan.circom (100%)
rename circuits/{basic_templates => basics}/comparators/lesseqthan/lesseqthan.test.js (100%)
rename circuits/{basic_templates => basics}/comparators/lesseqthan/lesseqthan_test.circom (100%)
rename circuits/{basic_templates => basics}/comparators/lessthan/README.md (100%)
rename circuits/{basic_templates => basics}/comparators/lessthan/lessthan.circom (100%)
rename circuits/{basic_templates => basics}/comparators/lessthan/lessthan.test.js (100%)
rename circuits/{basic_templates => basics}/comparators/lessthan/lessthan_test.circom (100%)
rename circuits/{basic_templates => basics/comparators}/sign/README.md (100%)
rename circuits/{basic_templates => basics/comparators}/sign/sign.circom (100%)
rename circuits/{basic_templates => basics/comparators}/sign/sign.test.js (100%)
rename circuits/{basic_templates => basics/comparators}/sign/sign_test.circom (100%)
rename circuits/{basic_templates => basics}/multiplexer/README.md (100%)
rename circuits/{basic_templates => basics}/multiplexer/decoder/README.md (100%)
rename circuits/{basic_templates => basics}/multiplexer/decoder/decoder.circom (100%)
rename circuits/{basic_templates => basics}/multiplexer/multiplexer.circom (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/README.md (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/multimux1/README.md (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/multimux2/README.md (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/multimux2/multimux2.circom (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/multimux3/README.md (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/multimux3/multimux3.circom (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/multimux4/README.md (100%)
create mode 100644 circuits/basics/multiplexer/mux/multimux4/multimux4.circom
rename circuits/{basic_templates => basics/multiplexer}/mux/mux1/README.md (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/mux1/mux1.circom (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/mux1/mux1_1.circom (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/mux2/README.md (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/mux2/mux2.circom (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/mux2/mux2_1.circom (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/mux3/README.md (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/mux3/mux3.circom (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/mux3/mux3_1.circom (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/mux4/README.md (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/mux4/mux4.circom (100%)
rename circuits/{basic_templates => basics/multiplexer}/mux/mux4/mux4_1.circom (100%)
rename circuits/{basic_templates => basics}/multiplexer/scalarproduct/README.md (100%)
rename circuits/{basic_templates => basics}/multiplexer/scalarproduct/scalarproduct.circom (100%)
rename circuits/{basic_templates => basics/multiplexer}/switcher/README.md (100%)
rename circuits/{basic_templates => basics/multiplexer}/switcher/switcher.circom (100%)
create mode 100644 circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery.test.js
create mode 100644 circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery_test.circom
create mode 100644 circuits/crypto_templates/baby_jubjub/edwards2montgomery_test.circom
create mode 100644 circuits/crypto_templates/baby_jubjub/montgomery.test.js
create mode 100644 circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.test.js
create mode 100644 circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd_test.circom
create mode 100644 circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.test.js
create mode 100644 circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble_test.circom
create mode 100644 circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards.test.js
create mode 100644 circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards_test.circom
create mode 100644 circuits/crypto_templates/baby_jubjub/montgomery2edwards_test.circom
create mode 100644 circuits/crypto_templates/baby_jubjub/montgomeryBIS.test.js
create mode 100644 circuits/crypto_templates/baby_jubjub/montgomeryadd_test.circom
diff --git a/circuits/basic_templates/README.md b/circuits/basic_templates/README.md
deleted file mode 100644
index 7ec0ce6c..00000000
--- a/circuits/basic_templates/README.md
+++ /dev/null
@@ -1,49 +0,0 @@
-# `basic_templates`
-
-This folder contains the templates to do basic arithmetic operations.
-
-## Structure of the Folder
-
-- [`aliascheck`](aliascheck)
-- [`binary_arithmetic`](binary_arithmetic)
- - [`binsub`](binary_arithmetic/binsub)
- - [`binsum`](binary_arithmetic/binsum)
-- [`bitify`](bitify)
- - [`bits2num`](bitify/bits2num)
- - [`bits2num_strict`](bitify/bits2num_strict)
- - [`num2bits`](bitify/num2bits)
- - [`num2bits_strict`](bitify/num2bits_strict)
- - [`num2bitsneg`](bitify/num2bitsneg)
-- [`comparators`](comparators)
- - [`forceequalifenabled`](comparators/forceequalifenabled)
- - [`greatereqthan`](comparators/greatereqthan)
- - [`greaterthan`](comparators/greaterthan)
- - [`isequal`](comparators/isequal)
- - [`iszero`](comparators/iszero)
- - [`lesseqthan`](comparators/lesseqthan)
- - [`lessthan`](comparators/lessthan)
-- [`compconstant`](compconstant)
-- [`logic_gates`](logic_gates)
- - [`and`](logic_gates/and)
- - [`multiand`](logic_gates/multiand)
- - [`multior`](logic_gates/multior)
- - [`nand`](logic_gates/nand)
- - [`nor`](logic_gates/nor)
- - [`not`](logic_gates/not)
- - [`or`](logic_gates/or)
- - [`xor`](logic_gates/xor)
-- [`multiplexer`](multiplexer)
- - [`decoder`](multiplexer/decoder)
- - [`multiplexer`](multiplexer/multiplexer)
- - [`scalarproduct`](multiplexer/scalarproduct)
-- [`mux`](mux)
- - [`multimux1`](mux/multimux1)
- - [`multimux2`](mux/multimux2)
- - [`multimux3`](mux/multimux3)
- - [`multimux4`](mux/multimux4)
- - [`mux1`](mux/mux1)
- - [`mux2`](mux/mux2)
- - [`mux3`](mux/mux3)
- - [`mux4`](mux/mux4)
-- [`sign`](sign)
-- [`switcher`](switcher)
diff --git a/circuits/basic_templates/binary_arithmetic/README.md b/circuits/basic_templates/binary_arithmetic/README.md
deleted file mode 100644
index 5bad4dd6..00000000
--- a/circuits/basic_templates/binary_arithmetic/README.md
+++ /dev/null
@@ -1,10 +0,0 @@
-# `binary_arithmetic`
-
-## Description
-
-This folder contains the templates to perform additions (`binsum.circom`) and substractions (`binsub.circom`) of binary numbers. Each folder contains the template, a test and a README file specifying the template details.
-
-## Structure
-
-- [`binsub`](binsub)
-- [`binsum`](binsum)
\ No newline at end of file
diff --git a/circuits/basic_templates/logic_gates/README.md b/circuits/basic_templates/logic_gates/README.md
deleted file mode 100644
index 4beaa4fc..00000000
--- a/circuits/basic_templates/logic_gates/README.md
+++ /dev/null
@@ -1,16 +0,0 @@
-# `logic_gates`
-
-## Description
-
-This folder contains the templates to perform logic gates operations. Each folder contains a test and README file specifying the template details.
-
-## Structure
-
-- [`and`](and)
-- [`multiand`](multiand)
-- [`multior`](multior)
-- [`nand`](nand)
-- [`nor`](nor)
-- [`not`](not)
-- [`or`](or)
-- [`xor`](xor)
\ No newline at end of file
diff --git a/circuits/basics/README.md b/circuits/basics/README.md
new file mode 100644
index 00000000..d3de71e7
--- /dev/null
+++ b/circuits/basics/README.md
@@ -0,0 +1,7 @@
+# `basics`
+
+This folder contains the templates to do binary operations, conversions from field element representations to binary form and viceversa, a set of comparator functions and multiple multiplexor circuits.
+
+## Structure of the Folder
+
+TODO: Add
\ No newline at end of file
diff --git a/circuits/basics/binary_ops/README.md b/circuits/basics/binary_ops/README.md
new file mode 100644
index 00000000..f3602ebe
--- /dev/null
+++ b/circuits/basics/binary_ops/README.md
@@ -0,0 +1,20 @@
+# `binary_ops`
+
+## Description
+
+This folder contains the templates to perform binary artithmetic and logic operations of binary inputs.
+
+## Structure
+
+- [`binsub`](binsub)
+- [`binsum`](binsum)
+- [`gates`](gates)
+ - [`and`](gates/and)
+ - [`multiand`](gates/multiand)
+ - [`multior`](gates/multior)
+ - [`multixor`](gates/multixor)
+ - [`nand`](gates/nand)
+ - [`nor`](gates/nor)
+ - [`not`](gates/not)
+ - [`or`](gates/or)
+ - [`xor`](gates/xor)
\ No newline at end of file
diff --git a/circuits/basic_templates/binary_arithmetic/binsub/README.md b/circuits/basics/binary_ops/bin_sub/README.md
similarity index 100%
rename from circuits/basic_templates/binary_arithmetic/binsub/README.md
rename to circuits/basics/binary_ops/bin_sub/README.md
diff --git a/circuits/basic_templates/binary_arithmetic/binsub/binsub.circom b/circuits/basics/binary_ops/bin_sub/bin_sub.circom
similarity index 100%
rename from circuits/basic_templates/binary_arithmetic/binsub/binsub.circom
rename to circuits/basics/binary_ops/bin_sub/bin_sub.circom
diff --git a/circuits/basic_templates/binary_arithmetic/binsub/binsub_test.circom b/circuits/basics/binary_ops/bin_sub/test/bin_sub.test.circom
similarity index 100%
rename from circuits/basic_templates/binary_arithmetic/binsub/binsub_test.circom
rename to circuits/basics/binary_ops/bin_sub/test/bin_sub.test.circom
diff --git a/circuits/basic_templates/binary_arithmetic/binsub/binsub.test.js b/circuits/basics/binary_ops/bin_sub/test/bin_sub.test.js
similarity index 94%
rename from circuits/basic_templates/binary_arithmetic/binsub/binsub.test.js
rename to circuits/basics/binary_ops/bin_sub/test/bin_sub.test.js
index a13bb032..921c2c5f 100644
--- a/circuits/basic_templates/binary_arithmetic/binsub/binsub.test.js
+++ b/circuits/basics/binary_ops/bin_sub/test/bin_sub.test.js
@@ -25,7 +25,7 @@ describe("BinSub test", function () {
let circuit;
before( async() => {
- circuit = await tester(path.join(__dirname, "binsub_test.circom"));
+ circuit = await tester(path.join(__dirname, "bin_sub.test.circom"));
});
it("Should check variuos ege cases", async () => {
diff --git a/circuits/basic_templates/binary_arithmetic/binsum/README.md b/circuits/basics/binary_ops/bin_sum/README.md
similarity index 100%
rename from circuits/basic_templates/binary_arithmetic/binsum/README.md
rename to circuits/basics/binary_ops/bin_sum/README.md
diff --git a/circuits/basic_templates/binary_arithmetic/binsum/binsum.circom b/circuits/basics/binary_ops/bin_sum/bin_sum.circom
similarity index 100%
rename from circuits/basic_templates/binary_arithmetic/binsum/binsum.circom
rename to circuits/basics/binary_ops/bin_sum/bin_sum.circom
diff --git a/circuits/basic_templates/binary_arithmetic/binsum/binsum_test.circom b/circuits/basics/binary_ops/bin_sum/test/bin_sum.test.circom
similarity index 95%
rename from circuits/basic_templates/binary_arithmetic/binsum/binsum_test.circom
rename to circuits/basics/binary_ops/bin_sum/test/bin_sum.test.circom
index 0764103e..711df019 100644
--- a/circuits/basic_templates/binary_arithmetic/binsum/binsum_test.circom
+++ b/circuits/basics/binary_ops/bin_sum/test/bin_sum.test.circom
@@ -1,6 +1,6 @@
include "../../bitify/num2bits/num2bits.circom"
include "../../bitify/bits2num/bits2num.circom"
-include "binsum.circom"
+include "../bin_sum.circom"
template A() {
signal private input a;
diff --git a/circuits/basic_templates/binary_arithmetic/binsum/binsum.test.js b/circuits/basics/binary_ops/bin_sum/test/bin_sum.test.js
similarity index 88%
rename from circuits/basic_templates/binary_arithmetic/binsum/binsum.test.js
rename to circuits/basics/binary_ops/bin_sum/test/bin_sum.test.js
index 3aa1d917..228f340b 100644
--- a/circuits/basic_templates/binary_arithmetic/binsum/binsum.test.js
+++ b/circuits/basics/binary_ops/bin_sum/test/bin_sum.test.js
@@ -12,7 +12,7 @@ describe("BinSum test", function () {
this.timeout(100000000);
it("Should create a binary sum circuit", async () => {
- const circuit = await tester(path.join(__dirname, "binsum_test.circom"));
+ const circuit = await tester(path.join(__dirname, "bin_sum.test.circom"));
await circuit.loadConstraints();
assert.equal(circuit.constraints.length, 97); // 32 (in1) + 32(in2) + 32(out) + 1 (carry)
diff --git a/circuits/basics/binary_ops/gates/README.md b/circuits/basics/binary_ops/gates/README.md
new file mode 100644
index 00000000..de5d61c8
--- /dev/null
+++ b/circuits/basics/binary_ops/gates/README.md
@@ -0,0 +1,17 @@
+# `gates`
+
+## Description
+
+This folder contains the templates to perform logic gate operations.
+
+## Structure
+
+- [`and`](and)
+- [`multi_and`](multi_and)
+- [`multi_or`](multi_or)
+- [`multi_xor`](multi_xor)
+- [`nand`](nand)
+- [`nor`](nor)
+- [`not`](not)
+- [`or`](or)
+- [`xor`](xor)
\ No newline at end of file
diff --git a/circuits/basic_templates/logic_gates/and/README.md b/circuits/basics/binary_ops/gates/and/README.md
similarity index 100%
rename from circuits/basic_templates/logic_gates/and/README.md
rename to circuits/basics/binary_ops/gates/and/README.md
diff --git a/circuits/basic_templates/logic_gates/and/and.circom b/circuits/basics/binary_ops/gates/and/and.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/and/and.circom
rename to circuits/basics/binary_ops/gates/and/and.circom
diff --git a/circuits/basic_templates/logic_gates/and/and_test.circom b/circuits/basics/binary_ops/gates/and/test/and.test.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/and/and_test.circom
rename to circuits/basics/binary_ops/gates/and/test/and.test.circom
diff --git a/circuits/basic_templates/logic_gates/and/and.test.js b/circuits/basics/binary_ops/gates/and/test/and.test.js
similarity index 100%
rename from circuits/basic_templates/logic_gates/and/and.test.js
rename to circuits/basics/binary_ops/gates/and/test/and.test.js
diff --git a/circuits/basic_templates/logic_gates/multiand/README.md b/circuits/basics/binary_ops/gates/multi_and/README.md
similarity index 100%
rename from circuits/basic_templates/logic_gates/multiand/README.md
rename to circuits/basics/binary_ops/gates/multi_and/README.md
diff --git a/circuits/basic_templates/logic_gates/multiand/multiand.circom b/circuits/basics/binary_ops/gates/multi_and/multi_and.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/multiand/multiand.circom
rename to circuits/basics/binary_ops/gates/multi_and/multi_and.circom
diff --git a/circuits/basic_templates/logic_gates/multiand/multiand_test.circom b/circuits/basics/binary_ops/gates/multi_and/test/multi_and.test.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/multiand/multiand_test.circom
rename to circuits/basics/binary_ops/gates/multi_and/test/multi_and.test.circom
diff --git a/circuits/basic_templates/logic_gates/multiand/multiand.test.js b/circuits/basics/binary_ops/gates/multi_and/test/multiand.test.js
similarity index 100%
rename from circuits/basic_templates/logic_gates/multiand/multiand.test.js
rename to circuits/basics/binary_ops/gates/multi_and/test/multiand.test.js
diff --git a/circuits/basic_templates/logic_gates/multior/README.md b/circuits/basics/binary_ops/gates/multi_or/README.md
similarity index 100%
rename from circuits/basic_templates/logic_gates/multior/README.md
rename to circuits/basics/binary_ops/gates/multi_or/README.md
diff --git a/circuits/basic_templates/logic_gates/multior/multior.circom b/circuits/basics/binary_ops/gates/multi_or/multi_or.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/multior/multior.circom
rename to circuits/basics/binary_ops/gates/multi_or/multi_or.circom
diff --git a/circuits/basic_templates/logic_gates/multior/multior_test.circom b/circuits/basics/binary_ops/gates/multi_or/test/multi_or.test.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/multior/multior_test.circom
rename to circuits/basics/binary_ops/gates/multi_or/test/multi_or.test.circom
diff --git a/circuits/basic_templates/logic_gates/multior/multior.test.js b/circuits/basics/binary_ops/gates/multi_or/test/multi_or.test.js
similarity index 100%
rename from circuits/basic_templates/logic_gates/multior/multior.test.js
rename to circuits/basics/binary_ops/gates/multi_or/test/multi_or.test.js
diff --git a/circuits/basic_templates/logic_gates/multixor/README.md b/circuits/basics/binary_ops/gates/multi_xor/README.md
similarity index 85%
rename from circuits/basic_templates/logic_gates/multixor/README.md
rename to circuits/basics/binary_ops/gates/multi_xor/README.md
index c1406818..5a5cbd57 100644
--- a/circuits/basic_templates/logic_gates/multixor/README.md
+++ b/circuits/basics/binary_ops/gates/multi_xor/README.md
@@ -28,9 +28,9 @@ include "../../comparators/iszero/iszero.circom";
## Outputs
-| Output | Type | Description |
+| Output | Type | Description |
| ------ | ------ | ---------- |
-| `out` | Boolean | `out = in[0] v ... v in[n-1]`. |
+| `out` | Boolean | `out = in[0] ⊕ ... ⊕ in[n-1]`. |
## Benchmarks
diff --git a/circuits/basic_templates/logic_gates/multixor/multixor.circom b/circuits/basics/binary_ops/gates/multi_xor/multi_xor.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/multixor/multixor.circom
rename to circuits/basics/binary_ops/gates/multi_xor/multi_xor.circom
diff --git a/circuits/basic_templates/logic_gates/multixor/multixor_test.circom b/circuits/basics/binary_ops/gates/multi_xor/test/multi_xor.test.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/multixor/multixor_test.circom
rename to circuits/basics/binary_ops/gates/multi_xor/test/multi_xor.test.circom
diff --git a/circuits/basic_templates/logic_gates/multixor/multixor.test.js b/circuits/basics/binary_ops/gates/multi_xor/test/multi_xor.test.js
similarity index 100%
rename from circuits/basic_templates/logic_gates/multixor/multixor.test.js
rename to circuits/basics/binary_ops/gates/multi_xor/test/multi_xor.test.js
diff --git a/circuits/basic_templates/logic_gates/nand/README.md b/circuits/basics/binary_ops/gates/nand/README.md
similarity index 100%
rename from circuits/basic_templates/logic_gates/nand/README.md
rename to circuits/basics/binary_ops/gates/nand/README.md
diff --git a/circuits/basic_templates/logic_gates/nand/nand.circom b/circuits/basics/binary_ops/gates/nand/nand.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/nand/nand.circom
rename to circuits/basics/binary_ops/gates/nand/nand.circom
diff --git a/circuits/basic_templates/logic_gates/nand/nand_test.circom b/circuits/basics/binary_ops/gates/nand/test/nand.test.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/nand/nand_test.circom
rename to circuits/basics/binary_ops/gates/nand/test/nand.test.circom
diff --git a/circuits/basic_templates/logic_gates/nand/nand.test.js b/circuits/basics/binary_ops/gates/nand/test/nand.test.js
similarity index 100%
rename from circuits/basic_templates/logic_gates/nand/nand.test.js
rename to circuits/basics/binary_ops/gates/nand/test/nand.test.js
diff --git a/circuits/basic_templates/logic_gates/nor/README.md b/circuits/basics/binary_ops/gates/nor/README.md
similarity index 100%
rename from circuits/basic_templates/logic_gates/nor/README.md
rename to circuits/basics/binary_ops/gates/nor/README.md
diff --git a/circuits/basic_templates/logic_gates/nor/nor.circom b/circuits/basics/binary_ops/gates/nor/nor.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/nor/nor.circom
rename to circuits/basics/binary_ops/gates/nor/nor.circom
diff --git a/circuits/basic_templates/logic_gates/nor/nor_test.circom b/circuits/basics/binary_ops/gates/nor/test/nor.test.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/nor/nor_test.circom
rename to circuits/basics/binary_ops/gates/nor/test/nor.test.circom
diff --git a/circuits/basic_templates/logic_gates/nor/nor.test.js b/circuits/basics/binary_ops/gates/nor/test/nor.test.js
similarity index 100%
rename from circuits/basic_templates/logic_gates/nor/nor.test.js
rename to circuits/basics/binary_ops/gates/nor/test/nor.test.js
diff --git a/circuits/basic_templates/logic_gates/not/README.md b/circuits/basics/binary_ops/gates/not/README.md
similarity index 100%
rename from circuits/basic_templates/logic_gates/not/README.md
rename to circuits/basics/binary_ops/gates/not/README.md
diff --git a/circuits/basic_templates/logic_gates/not/not.circom b/circuits/basics/binary_ops/gates/not/not.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/not/not.circom
rename to circuits/basics/binary_ops/gates/not/not.circom
diff --git a/circuits/basic_templates/logic_gates/not/not_test.circom b/circuits/basics/binary_ops/gates/not/test/not.test.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/not/not_test.circom
rename to circuits/basics/binary_ops/gates/not/test/not.test.circom
diff --git a/circuits/basic_templates/logic_gates/not/not.test.js b/circuits/basics/binary_ops/gates/not/test/not.test.js
similarity index 100%
rename from circuits/basic_templates/logic_gates/not/not.test.js
rename to circuits/basics/binary_ops/gates/not/test/not.test.js
diff --git a/circuits/basic_templates/logic_gates/or/README.md b/circuits/basics/binary_ops/gates/or/README.md
similarity index 100%
rename from circuits/basic_templates/logic_gates/or/README.md
rename to circuits/basics/binary_ops/gates/or/README.md
diff --git a/circuits/basic_templates/logic_gates/or/or.circom b/circuits/basics/binary_ops/gates/or/or.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/or/or.circom
rename to circuits/basics/binary_ops/gates/or/or.circom
diff --git a/circuits/basic_templates/logic_gates/or/or_test.circom b/circuits/basics/binary_ops/gates/or/test/or.test.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/or/or_test.circom
rename to circuits/basics/binary_ops/gates/or/test/or.test.circom
diff --git a/circuits/basic_templates/logic_gates/or/or.test.js b/circuits/basics/binary_ops/gates/or/test/or.test.js
similarity index 100%
rename from circuits/basic_templates/logic_gates/or/or.test.js
rename to circuits/basics/binary_ops/gates/or/test/or.test.js
diff --git a/circuits/basic_templates/logic_gates/xor/README.md b/circuits/basics/binary_ops/gates/xor/README.md
similarity index 100%
rename from circuits/basic_templates/logic_gates/xor/README.md
rename to circuits/basics/binary_ops/gates/xor/README.md
diff --git a/circuits/basic_templates/logic_gates/xor/xor_test.circom b/circuits/basics/binary_ops/gates/xor/test/xor.test.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/xor/xor_test.circom
rename to circuits/basics/binary_ops/gates/xor/test/xor.test.circom
diff --git a/circuits/basic_templates/logic_gates/xor/xor.test.js b/circuits/basics/binary_ops/gates/xor/test/xor.test.js
similarity index 100%
rename from circuits/basic_templates/logic_gates/xor/xor.test.js
rename to circuits/basics/binary_ops/gates/xor/test/xor.test.js
diff --git a/circuits/basic_templates/logic_gates/xor/xor.circom b/circuits/basics/binary_ops/gates/xor/xor.circom
similarity index 100%
rename from circuits/basic_templates/logic_gates/xor/xor.circom
rename to circuits/basics/binary_ops/gates/xor/xor.circom
diff --git a/circuits/basic_templates/bitify/README.md b/circuits/basics/bitify/README.md
similarity index 100%
rename from circuits/basic_templates/bitify/README.md
rename to circuits/basics/bitify/README.md
diff --git a/circuits/basic_templates/bitify/bits2num/README.md b/circuits/basics/bitify/bits2num/README.md
similarity index 100%
rename from circuits/basic_templates/bitify/bits2num/README.md
rename to circuits/basics/bitify/bits2num/README.md
diff --git a/circuits/basic_templates/bitify/bits2num/bits2num.circom b/circuits/basics/bitify/bits2num/bits2num.circom
similarity index 100%
rename from circuits/basic_templates/bitify/bits2num/bits2num.circom
rename to circuits/basics/bitify/bits2num/bits2num.circom
diff --git a/circuits/basic_templates/bitify/bits2num_strict/README.md b/circuits/basics/bitify/bits2num_strict/README.md
similarity index 100%
rename from circuits/basic_templates/bitify/bits2num_strict/README.md
rename to circuits/basics/bitify/bits2num_strict/README.md
diff --git a/circuits/basic_templates/bitify/bits2num_strict/bits2num_strict.circom b/circuits/basics/bitify/bits2num_strict/bits2num_strict.circom
similarity index 100%
rename from circuits/basic_templates/bitify/bits2num_strict/bits2num_strict.circom
rename to circuits/basics/bitify/bits2num_strict/bits2num_strict.circom
diff --git a/circuits/basic_templates/bitify/num2bits/README.md b/circuits/basics/bitify/num2bits/README.md
similarity index 100%
rename from circuits/basic_templates/bitify/num2bits/README.md
rename to circuits/basics/bitify/num2bits/README.md
diff --git a/circuits/basic_templates/bitify/num2bits/num2bits.circom b/circuits/basics/bitify/num2bits/num2bits.circom
similarity index 100%
rename from circuits/basic_templates/bitify/num2bits/num2bits.circom
rename to circuits/basics/bitify/num2bits/num2bits.circom
diff --git a/circuits/basic_templates/bitify/num2bits_strict/README.md b/circuits/basics/bitify/num2bits_strict/README.md
similarity index 100%
rename from circuits/basic_templates/bitify/num2bits_strict/README.md
rename to circuits/basics/bitify/num2bits_strict/README.md
diff --git a/circuits/basic_templates/bitify/num2bits_strict/num2bits_strict.circom b/circuits/basics/bitify/num2bits_strict/num2bits_strict.circom
similarity index 100%
rename from circuits/basic_templates/bitify/num2bits_strict/num2bits_strict.circom
rename to circuits/basics/bitify/num2bits_strict/num2bits_strict.circom
diff --git a/circuits/basic_templates/bitify/num2bitsneg/README.md b/circuits/basics/bitify/num2bitsneg/README.md
similarity index 100%
rename from circuits/basic_templates/bitify/num2bitsneg/README.md
rename to circuits/basics/bitify/num2bitsneg/README.md
diff --git a/circuits/basic_templates/bitify/num2bitsneg/num2bitsneg.circom b/circuits/basics/bitify/num2bitsneg/num2bitsneg.circom
similarity index 100%
rename from circuits/basic_templates/bitify/num2bitsneg/num2bitsneg.circom
rename to circuits/basics/bitify/num2bitsneg/num2bitsneg.circom
diff --git a/circuits/basic_templates/comparators/README.md b/circuits/basics/comparators/README.md
similarity index 100%
rename from circuits/basic_templates/comparators/README.md
rename to circuits/basics/comparators/README.md
diff --git a/circuits/basic_templates/aliascheck/README.md b/circuits/basics/comparators/aliascheck/README.md
similarity index 100%
rename from circuits/basic_templates/aliascheck/README.md
rename to circuits/basics/comparators/aliascheck/README.md
diff --git a/circuits/basic_templates/aliascheck/aliascheck.circom b/circuits/basics/comparators/aliascheck/aliascheck.circom
similarity index 100%
rename from circuits/basic_templates/aliascheck/aliascheck.circom
rename to circuits/basics/comparators/aliascheck/aliascheck.circom
diff --git a/circuits/basic_templates/aliascheck/aliascheck.test.js b/circuits/basics/comparators/aliascheck/aliascheck.test.js
similarity index 100%
rename from circuits/basic_templates/aliascheck/aliascheck.test.js
rename to circuits/basics/comparators/aliascheck/aliascheck.test.js
diff --git a/circuits/basic_templates/aliascheck/aliascheck_test.circom b/circuits/basics/comparators/aliascheck/aliascheck_test.circom
similarity index 100%
rename from circuits/basic_templates/aliascheck/aliascheck_test.circom
rename to circuits/basics/comparators/aliascheck/aliascheck_test.circom
diff --git a/circuits/basic_templates/compconstant/README.md b/circuits/basics/comparators/compconstant/README.md
similarity index 100%
rename from circuits/basic_templates/compconstant/README.md
rename to circuits/basics/comparators/compconstant/README.md
diff --git a/circuits/basic_templates/compconstant/compconstant.circom b/circuits/basics/comparators/compconstant/compconstant.circom
similarity index 100%
rename from circuits/basic_templates/compconstant/compconstant.circom
rename to circuits/basics/comparators/compconstant/compconstant.circom
diff --git a/circuits/basic_templates/comparators/forceequalifenabled/README.md b/circuits/basics/comparators/forceequalifenabled/README.md
similarity index 100%
rename from circuits/basic_templates/comparators/forceequalifenabled/README.md
rename to circuits/basics/comparators/forceequalifenabled/README.md
diff --git a/circuits/basic_templates/comparators/forceequalifenabled/forceequalifenabled.circom b/circuits/basics/comparators/forceequalifenabled/forceequalifenabled.circom
similarity index 100%
rename from circuits/basic_templates/comparators/forceequalifenabled/forceequalifenabled.circom
rename to circuits/basics/comparators/forceequalifenabled/forceequalifenabled.circom
diff --git a/circuits/basic_templates/comparators/greatereqthan/README.md b/circuits/basics/comparators/greatereqthan/README.md
similarity index 100%
rename from circuits/basic_templates/comparators/greatereqthan/README.md
rename to circuits/basics/comparators/greatereqthan/README.md
diff --git a/circuits/basic_templates/comparators/greatereqthan/greatereqthan.circom b/circuits/basics/comparators/greatereqthan/greatereqthan.circom
similarity index 100%
rename from circuits/basic_templates/comparators/greatereqthan/greatereqthan.circom
rename to circuits/basics/comparators/greatereqthan/greatereqthan.circom
diff --git a/circuits/basic_templates/comparators/greatereqthan/greatereqthan.test.js b/circuits/basics/comparators/greatereqthan/greatereqthan.test.js
similarity index 100%
rename from circuits/basic_templates/comparators/greatereqthan/greatereqthan.test.js
rename to circuits/basics/comparators/greatereqthan/greatereqthan.test.js
diff --git a/circuits/basic_templates/comparators/greatereqthan/greatereqthan_test.circom b/circuits/basics/comparators/greatereqthan/greatereqthan_test.circom
similarity index 100%
rename from circuits/basic_templates/comparators/greatereqthan/greatereqthan_test.circom
rename to circuits/basics/comparators/greatereqthan/greatereqthan_test.circom
diff --git a/circuits/basic_templates/comparators/greaterthan/README.md b/circuits/basics/comparators/greaterthan/README.md
similarity index 100%
rename from circuits/basic_templates/comparators/greaterthan/README.md
rename to circuits/basics/comparators/greaterthan/README.md
diff --git a/circuits/basic_templates/comparators/greaterthan/greaterthan.circom b/circuits/basics/comparators/greaterthan/greaterthan.circom
similarity index 100%
rename from circuits/basic_templates/comparators/greaterthan/greaterthan.circom
rename to circuits/basics/comparators/greaterthan/greaterthan.circom
diff --git a/circuits/basic_templates/comparators/greaterthan/greaterthan.test.js b/circuits/basics/comparators/greaterthan/greaterthan.test.js
similarity index 100%
rename from circuits/basic_templates/comparators/greaterthan/greaterthan.test.js
rename to circuits/basics/comparators/greaterthan/greaterthan.test.js
diff --git a/circuits/basic_templates/comparators/greaterthan/greaterthan_test.circom b/circuits/basics/comparators/greaterthan/greaterthan_test.circom
similarity index 100%
rename from circuits/basic_templates/comparators/greaterthan/greaterthan_test.circom
rename to circuits/basics/comparators/greaterthan/greaterthan_test.circom
diff --git a/circuits/basic_templates/comparators/isequal/README.md b/circuits/basics/comparators/isequal/README.md
similarity index 100%
rename from circuits/basic_templates/comparators/isequal/README.md
rename to circuits/basics/comparators/isequal/README.md
diff --git a/circuits/basic_templates/comparators/isequal/isequal.circom b/circuits/basics/comparators/isequal/isequal.circom
similarity index 100%
rename from circuits/basic_templates/comparators/isequal/isequal.circom
rename to circuits/basics/comparators/isequal/isequal.circom
diff --git a/circuits/basic_templates/comparators/isequal/isequal.test.js b/circuits/basics/comparators/isequal/isequal.test.js
similarity index 100%
rename from circuits/basic_templates/comparators/isequal/isequal.test.js
rename to circuits/basics/comparators/isequal/isequal.test.js
diff --git a/circuits/basic_templates/comparators/isequal/isequal_test.circom b/circuits/basics/comparators/isequal/isequal_test.circom
similarity index 100%
rename from circuits/basic_templates/comparators/isequal/isequal_test.circom
rename to circuits/basics/comparators/isequal/isequal_test.circom
diff --git a/circuits/basic_templates/comparators/iszero/README.md b/circuits/basics/comparators/iszero/README.md
similarity index 100%
rename from circuits/basic_templates/comparators/iszero/README.md
rename to circuits/basics/comparators/iszero/README.md
diff --git a/circuits/basic_templates/comparators/iszero/iszero.circom b/circuits/basics/comparators/iszero/iszero.circom
similarity index 100%
rename from circuits/basic_templates/comparators/iszero/iszero.circom
rename to circuits/basics/comparators/iszero/iszero.circom
diff --git a/circuits/basic_templates/comparators/iszero/iszero.test.js b/circuits/basics/comparators/iszero/iszero.test.js
similarity index 100%
rename from circuits/basic_templates/comparators/iszero/iszero.test.js
rename to circuits/basics/comparators/iszero/iszero.test.js
diff --git a/circuits/basic_templates/comparators/iszero/iszero_test.circom b/circuits/basics/comparators/iszero/iszero_test.circom
similarity index 100%
rename from circuits/basic_templates/comparators/iszero/iszero_test.circom
rename to circuits/basics/comparators/iszero/iszero_test.circom
diff --git a/circuits/basic_templates/comparators/lesseqthan/README.md b/circuits/basics/comparators/lesseqthan/README.md
similarity index 100%
rename from circuits/basic_templates/comparators/lesseqthan/README.md
rename to circuits/basics/comparators/lesseqthan/README.md
diff --git a/circuits/basic_templates/comparators/lesseqthan/lesseqthan.circom b/circuits/basics/comparators/lesseqthan/lesseqthan.circom
similarity index 100%
rename from circuits/basic_templates/comparators/lesseqthan/lesseqthan.circom
rename to circuits/basics/comparators/lesseqthan/lesseqthan.circom
diff --git a/circuits/basic_templates/comparators/lesseqthan/lesseqthan.test.js b/circuits/basics/comparators/lesseqthan/lesseqthan.test.js
similarity index 100%
rename from circuits/basic_templates/comparators/lesseqthan/lesseqthan.test.js
rename to circuits/basics/comparators/lesseqthan/lesseqthan.test.js
diff --git a/circuits/basic_templates/comparators/lesseqthan/lesseqthan_test.circom b/circuits/basics/comparators/lesseqthan/lesseqthan_test.circom
similarity index 100%
rename from circuits/basic_templates/comparators/lesseqthan/lesseqthan_test.circom
rename to circuits/basics/comparators/lesseqthan/lesseqthan_test.circom
diff --git a/circuits/basic_templates/comparators/lessthan/README.md b/circuits/basics/comparators/lessthan/README.md
similarity index 100%
rename from circuits/basic_templates/comparators/lessthan/README.md
rename to circuits/basics/comparators/lessthan/README.md
diff --git a/circuits/basic_templates/comparators/lessthan/lessthan.circom b/circuits/basics/comparators/lessthan/lessthan.circom
similarity index 100%
rename from circuits/basic_templates/comparators/lessthan/lessthan.circom
rename to circuits/basics/comparators/lessthan/lessthan.circom
diff --git a/circuits/basic_templates/comparators/lessthan/lessthan.test.js b/circuits/basics/comparators/lessthan/lessthan.test.js
similarity index 100%
rename from circuits/basic_templates/comparators/lessthan/lessthan.test.js
rename to circuits/basics/comparators/lessthan/lessthan.test.js
diff --git a/circuits/basic_templates/comparators/lessthan/lessthan_test.circom b/circuits/basics/comparators/lessthan/lessthan_test.circom
similarity index 100%
rename from circuits/basic_templates/comparators/lessthan/lessthan_test.circom
rename to circuits/basics/comparators/lessthan/lessthan_test.circom
diff --git a/circuits/basic_templates/sign/README.md b/circuits/basics/comparators/sign/README.md
similarity index 100%
rename from circuits/basic_templates/sign/README.md
rename to circuits/basics/comparators/sign/README.md
diff --git a/circuits/basic_templates/sign/sign.circom b/circuits/basics/comparators/sign/sign.circom
similarity index 100%
rename from circuits/basic_templates/sign/sign.circom
rename to circuits/basics/comparators/sign/sign.circom
diff --git a/circuits/basic_templates/sign/sign.test.js b/circuits/basics/comparators/sign/sign.test.js
similarity index 100%
rename from circuits/basic_templates/sign/sign.test.js
rename to circuits/basics/comparators/sign/sign.test.js
diff --git a/circuits/basic_templates/sign/sign_test.circom b/circuits/basics/comparators/sign/sign_test.circom
similarity index 100%
rename from circuits/basic_templates/sign/sign_test.circom
rename to circuits/basics/comparators/sign/sign_test.circom
diff --git a/circuits/basic_templates/multiplexer/README.md b/circuits/basics/multiplexer/README.md
similarity index 100%
rename from circuits/basic_templates/multiplexer/README.md
rename to circuits/basics/multiplexer/README.md
diff --git a/circuits/basic_templates/multiplexer/decoder/README.md b/circuits/basics/multiplexer/decoder/README.md
similarity index 100%
rename from circuits/basic_templates/multiplexer/decoder/README.md
rename to circuits/basics/multiplexer/decoder/README.md
diff --git a/circuits/basic_templates/multiplexer/decoder/decoder.circom b/circuits/basics/multiplexer/decoder/decoder.circom
similarity index 100%
rename from circuits/basic_templates/multiplexer/decoder/decoder.circom
rename to circuits/basics/multiplexer/decoder/decoder.circom
diff --git a/circuits/basic_templates/multiplexer/multiplexer.circom b/circuits/basics/multiplexer/multiplexer.circom
similarity index 100%
rename from circuits/basic_templates/multiplexer/multiplexer.circom
rename to circuits/basics/multiplexer/multiplexer.circom
diff --git a/circuits/basic_templates/mux/README.md b/circuits/basics/multiplexer/mux/README.md
similarity index 100%
rename from circuits/basic_templates/mux/README.md
rename to circuits/basics/multiplexer/mux/README.md
diff --git a/circuits/basic_templates/mux/multimux1/README.md b/circuits/basics/multiplexer/mux/multimux1/README.md
similarity index 100%
rename from circuits/basic_templates/mux/multimux1/README.md
rename to circuits/basics/multiplexer/mux/multimux1/README.md
diff --git a/circuits/basic_templates/mux/multimux2/README.md b/circuits/basics/multiplexer/mux/multimux2/README.md
similarity index 100%
rename from circuits/basic_templates/mux/multimux2/README.md
rename to circuits/basics/multiplexer/mux/multimux2/README.md
diff --git a/circuits/basic_templates/mux/multimux2/multimux2.circom b/circuits/basics/multiplexer/mux/multimux2/multimux2.circom
similarity index 100%
rename from circuits/basic_templates/mux/multimux2/multimux2.circom
rename to circuits/basics/multiplexer/mux/multimux2/multimux2.circom
diff --git a/circuits/basic_templates/mux/multimux3/README.md b/circuits/basics/multiplexer/mux/multimux3/README.md
similarity index 100%
rename from circuits/basic_templates/mux/multimux3/README.md
rename to circuits/basics/multiplexer/mux/multimux3/README.md
diff --git a/circuits/basic_templates/mux/multimux3/multimux3.circom b/circuits/basics/multiplexer/mux/multimux3/multimux3.circom
similarity index 100%
rename from circuits/basic_templates/mux/multimux3/multimux3.circom
rename to circuits/basics/multiplexer/mux/multimux3/multimux3.circom
diff --git a/circuits/basic_templates/mux/multimux4/README.md b/circuits/basics/multiplexer/mux/multimux4/README.md
similarity index 100%
rename from circuits/basic_templates/mux/multimux4/README.md
rename to circuits/basics/multiplexer/mux/multimux4/README.md
diff --git a/circuits/basics/multiplexer/mux/multimux4/multimux4.circom b/circuits/basics/multiplexer/mux/multimux4/multimux4.circom
new file mode 100644
index 00000000..603e523e
--- /dev/null
+++ b/circuits/basics/multiplexer/mux/multimux4/multimux4.circom
@@ -0,0 +1,99 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template MultiMux4(n) {
+ signal input c[n][16]; // Constants
+ signal input s[4]; // Selector
+ signal output out[n];
+
+ signal a3210[n];
+ signal a321[n];
+ signal a320[n];
+ signal a310[n];
+ signal a32[n];
+ signal a31[n];
+ signal a30[n];
+ signal a3[n];
+
+ signal a210[n];
+ signal a21[n];
+ signal a20[n];
+ signal a10[n];
+ signal a2[n];
+ signal a1[n];
+ signal a0[n];
+ signal a[n];
+
+ // 4 constrains for the intermediary variables
+ signal s10;
+ s10 <== s[1] * s[0];
+ signal s20;
+ s20 <== s[2] * s[0];
+ signal s21;
+ s21 <== s[2] * s[1];
+ signal s210;
+ s210 <== s21 * s[0];
+
+
+ for (var i=0; i<n; i++) {
+
+ a3210[i] <== ( c[i][15]-c[i][14]-c[i][13]+c[i][12] - c[i][11]+c[i][10]+c[i][ 9]-c[i][ 8]
+ -c[i][ 7]+c[i][ 6]+c[i][ 5]-c[i][ 4] + c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s210;
+ a321[i] <== ( c[i][14]-c[i][12]-c[i][10]+c[i][ 8] - c[i][ 6]+c[i][ 4]+c[i][ 2]-c[i][ 0] ) * s21;
+ a320[i] <== ( c[i][13]-c[i][12]-c[i][ 9]+c[i][ 8] - c[i][ 5]+c[i][ 4]+c[i][ 1]-c[i][ 0] ) * s20;
+ a310[i] <== ( c[i][11]-c[i][10]-c[i][ 9]+c[i][ 8] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) * s10;
+ a32[i] <== ( c[i][12]-c[i][ 8]-c[i][ 4]+c[i][ 0] ) * s[2];
+ a31[i] <== ( c[i][10]-c[i][ 8]-c[i][ 2]+c[i][ 0] ) * s[1];
+ a30[i] <== ( c[i][ 9]-c[i][ 8]-c[i][ 1]+c[i][ 0] ) * s[0];
+ a3[i] <== ( c[i][ 8]-c[i][ 0] );
+
+ a210[i] <== ( c[i][ 7]-c[i][ 6]-c[i][ 5]+c[i][ 4] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) * s210;
+ a21[i] <== ( c[i][ 6]-c[i][ 4]-c[i][ 2]+c[i][ 0] ) * s21;
+ a20[i] <== ( c[i][ 5]-c[i][ 4]-c[i][ 1]+c[i][ 0] ) * s20;
+ a10[i] <== ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s10;
+ a2[i] <== ( c[i][ 4]-c[i][ 0] ) * s[2];
+ a1[i] <== ( c[i][ 2]-c[i][ 0] ) * s[1];
+ a0[i] <== ( c[i][ 1]-c[i][ 0] ) * s[0];
+ a[i] <== ( c[i][ 0] )
+
+ out[i] <== ( a3210[i] + a321[i] + a320[i] + a310[i] + a32[i] + a31[i] + a30[i] + a3[i] ) * s[3] +
+ ( a210[i] + a21[i] + a20[i] + a10[i] + a2[i] + a1[i] + a0[i] + a[i] );
+
+/*
+ out[i] <== ( s210 * ( c[i][15]-c[i][14]-c[i][13]+c[i][12] - c[i][11]+c[i][10]+c[i][ 9]-c[i][ 8]
+ -c[i][ 7]+c[i][ 6]+c[i][ 5]-c[i][ 4] + c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) +
+ s21 * ( c[i][14]-c[i][12]-c[i][10]+c[i][ 8] - c[i][ 6]+c[i][ 4]+c[i][ 2]-c[i][ 0] ) +
+ s20 * ( c[i][13]-c[i][12]-c[i][ 9]+c[i][ 8] - c[i][ 5]+c[i][ 4]+c[i][ 1]-c[i][ 0] ) +
+ s10 * ( c[i][11]-c[i][10]-c[i][ 9]+c[i][ 8] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) +
+ s[2] * ( c[i][12]-c[i][ 8]-c[i][ 4]+c[i][ 0] ) +
+ s[1] * ( c[i][10]-c[i][ 8]-c[i][ 2]+c[i][ 0] ) +
+ s[0] * ( c[i][ 9]-c[i][ 8]-c[i][ 1]+c[i][ 0] ) +
+ ( c[i][ 8]-c[i][ 0] ) ) * s[3] +
+ ( s210 * ( c[i][ 7]-c[i][ 6]-c[i][ 5]+c[i][ 4] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) +
+ s21 * ( c[i][ 6]-c[i][ 4]-c[i][ 2]+c[i][ 0] ) +
+ s20 * ( c[i][ 5]-c[i][ 4]-c[i][ 1]+c[i][ 0] ) +
+ s10 * ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) +
+ s[2] * ( c[i][ 4]-c[i][ 0] ) +
+ s[1] * ( c[i][ 2]-c[i][ 0] ) +
+ s[0] * ( c[i][ 1]-c[i][ 0] ) +
+ ( c[i][ 0] ));
+
+*/
+ }
+}
\ No newline at end of file
diff --git a/circuits/basic_templates/mux/mux1/README.md b/circuits/basics/multiplexer/mux/mux1/README.md
similarity index 100%
rename from circuits/basic_templates/mux/mux1/README.md
rename to circuits/basics/multiplexer/mux/mux1/README.md
diff --git a/circuits/basic_templates/mux/mux1/mux1.circom b/circuits/basics/multiplexer/mux/mux1/mux1.circom
similarity index 100%
rename from circuits/basic_templates/mux/mux1/mux1.circom
rename to circuits/basics/multiplexer/mux/mux1/mux1.circom
diff --git a/circuits/basic_templates/mux/mux1/mux1_1.circom b/circuits/basics/multiplexer/mux/mux1/mux1_1.circom
similarity index 100%
rename from circuits/basic_templates/mux/mux1/mux1_1.circom
rename to circuits/basics/multiplexer/mux/mux1/mux1_1.circom
diff --git a/circuits/basic_templates/mux/mux2/README.md b/circuits/basics/multiplexer/mux/mux2/README.md
similarity index 100%
rename from circuits/basic_templates/mux/mux2/README.md
rename to circuits/basics/multiplexer/mux/mux2/README.md
diff --git a/circuits/basic_templates/mux/mux2/mux2.circom b/circuits/basics/multiplexer/mux/mux2/mux2.circom
similarity index 100%
rename from circuits/basic_templates/mux/mux2/mux2.circom
rename to circuits/basics/multiplexer/mux/mux2/mux2.circom
diff --git a/circuits/basic_templates/mux/mux2/mux2_1.circom b/circuits/basics/multiplexer/mux/mux2/mux2_1.circom
similarity index 100%
rename from circuits/basic_templates/mux/mux2/mux2_1.circom
rename to circuits/basics/multiplexer/mux/mux2/mux2_1.circom
diff --git a/circuits/basic_templates/mux/mux3/README.md b/circuits/basics/multiplexer/mux/mux3/README.md
similarity index 100%
rename from circuits/basic_templates/mux/mux3/README.md
rename to circuits/basics/multiplexer/mux/mux3/README.md
diff --git a/circuits/basic_templates/mux/mux3/mux3.circom b/circuits/basics/multiplexer/mux/mux3/mux3.circom
similarity index 100%
rename from circuits/basic_templates/mux/mux3/mux3.circom
rename to circuits/basics/multiplexer/mux/mux3/mux3.circom
diff --git a/circuits/basic_templates/mux/mux3/mux3_1.circom b/circuits/basics/multiplexer/mux/mux3/mux3_1.circom
similarity index 100%
rename from circuits/basic_templates/mux/mux3/mux3_1.circom
rename to circuits/basics/multiplexer/mux/mux3/mux3_1.circom
diff --git a/circuits/basic_templates/mux/mux4/README.md b/circuits/basics/multiplexer/mux/mux4/README.md
similarity index 100%
rename from circuits/basic_templates/mux/mux4/README.md
rename to circuits/basics/multiplexer/mux/mux4/README.md
diff --git a/circuits/basic_templates/mux/mux4/mux4.circom b/circuits/basics/multiplexer/mux/mux4/mux4.circom
similarity index 100%
rename from circuits/basic_templates/mux/mux4/mux4.circom
rename to circuits/basics/multiplexer/mux/mux4/mux4.circom
diff --git a/circuits/basic_templates/mux/mux4/mux4_1.circom b/circuits/basics/multiplexer/mux/mux4/mux4_1.circom
similarity index 100%
rename from circuits/basic_templates/mux/mux4/mux4_1.circom
rename to circuits/basics/multiplexer/mux/mux4/mux4_1.circom
diff --git a/circuits/basic_templates/multiplexer/scalarproduct/README.md b/circuits/basics/multiplexer/scalarproduct/README.md
similarity index 100%
rename from circuits/basic_templates/multiplexer/scalarproduct/README.md
rename to circuits/basics/multiplexer/scalarproduct/README.md
diff --git a/circuits/basic_templates/multiplexer/scalarproduct/scalarproduct.circom b/circuits/basics/multiplexer/scalarproduct/scalarproduct.circom
similarity index 100%
rename from circuits/basic_templates/multiplexer/scalarproduct/scalarproduct.circom
rename to circuits/basics/multiplexer/scalarproduct/scalarproduct.circom
diff --git a/circuits/basic_templates/switcher/README.md b/circuits/basics/multiplexer/switcher/README.md
similarity index 100%
rename from circuits/basic_templates/switcher/README.md
rename to circuits/basics/multiplexer/switcher/README.md
diff --git a/circuits/basic_templates/switcher/switcher.circom b/circuits/basics/multiplexer/switcher/switcher.circom
similarity index 100%
rename from circuits/basic_templates/switcher/switcher.circom
rename to circuits/basics/multiplexer/switcher/switcher.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/README.md b/circuits/crypto_templates/baby_jubjub/edwards/README.md
index 9e7f3ba9..596eed40 100644
--- a/circuits/crypto_templates/baby_jubjub/edwards/README.md
+++ b/circuits/crypto_templates/baby_jubjub/edwards/README.md
@@ -2,6 +2,8 @@
This folder contains the templates to do operations on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby_jubjub) in twisted Edwards form.
+See: https://github.com/iden3/research/blob/master/documentation/Arithmetic.md
+
## Structure of the Folder
- [`edwards`](edwards)
diff --git a/circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery.test.js b/circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery.test.js
new file mode 100644
index 00000000..f7788471
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery.test.js
@@ -0,0 +1,65 @@
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+const assert = chai.assert;
+
+describe("Edwards to Montgomery test", function () {
+ let circuitE2M;
+
+ // Generator
+ let g = [
+ bigInt("995203441582195749578291179787384436505546430278305826713579947235728471134"),
+ bigInt("5472060717959818805561601436314318772137091100104008585924551046643952123905")
+ ];
+
+ let mg = [
+ bigInt("7"),
+ bigInt("4258727773875940690362607550498304598101071202821725296872974770776423442226")
+ ];
+
+ // Arbitrary point
+ let p = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ let mp = [
+ bigInt("7117928050407583618111176421555214756675765419608405867398403713213306743542"),
+ bigInt("14577268218881899420966779687690205425227431577728659819975198491127179315626")
+ ];
+
+ this.timeout(100000);
+ before( async() => {
+ circuitE2M = await tester(path.join(__dirname, "edwards2montgomery_test.circom"));
+ await circuitE2M.loadSymbols();
+
+ });
+
+ it("Convert the generator point of Edwards to Montgomery", async () => {
+ let w, xout, yout;
+
+ w = await circuitE2M.calculateWitness({ in: g}, true);
+
+ xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+ yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(mg[0]));
+ assert(yout.equals(mg[1]));
+ });
+
+ it("Convert an arbitrary point in Edwards to Montgomery", async () => {
+ let w, xout, yout;
+
+ w = await circuitE2M.calculateWitness({ in: p}, true);
+
+ xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+ yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(mp[0]));
+ assert(yout.equals(mp[1]));
+
+ });
+
+});
diff --git a/circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery_test.circom b/circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery_test.circom
new file mode 100644
index 00000000..dc3926d6
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery_test.circom
@@ -0,0 +1,3 @@
+include "edwards2montgomery.circom";
+
+component main = Edwards2Montgomery();
diff --git a/circuits/crypto_templates/baby_jubjub/edwards2montgomery_test.circom b/circuits/crypto_templates/baby_jubjub/edwards2montgomery_test.circom
new file mode 100644
index 00000000..960e5941
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/edwards2montgomery_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/montgomery.circom";
+
+component main = Edwards2Montgomery();
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery.test.js b/circuits/crypto_templates/baby_jubjub/montgomery.test.js
new file mode 100644
index 00000000..9cb025c1
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/montgomery.test.js
@@ -0,0 +1,95 @@
+/*
+
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+const babyJub = require("../src/babyjub.js");
+
+const assert = chai.assert;
+
+describe("Montgomery test", function () {
+ let circuitE2M;
+ let circuitM2E;
+ let circuitMAdd;
+ let circuitMDouble;
+
+ let g = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ let mg, mg2, g2, g3, mg3;
+
+ this.timeout(100000);
+ before( async() => {
+ circuitE2M = await tester(path.join(__dirname, "circuits", "edwards2montgomery.circom"));
+ await circuitE2M.loadSymbols();
+ circuitM2E = await tester(path.join(__dirname, "circuits", "montgomery2edwards.circom"));
+ await circuitM2E.loadSymbols();
+ circuitMAdd = await tester(path.join(__dirname, "circuits", "montgomeryadd.circom"));
+ await circuitMAdd.loadSymbols();
+ circuitMDouble = await tester(path.join(__dirname, "circuits", "montgomerydouble.circom"));
+ await circuitMDouble.loadSymbols();
+ });
+ it("Convert Edwards to Montgomery and back again", async () => {
+ let w, xout, yout;
+
+ w = await circuitE2M.calculateWitness({ in: g}, true);
+
+ xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+ yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+ mg = [xout, yout];
+
+ w = await circuitM2E.calculateWitness({ in: [xout, yout]}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(g[0]));
+ assert(yout.equals(g[1]));
+ });
+ it("Should double a point", async () => {
+ let w, xout, yout;
+
+ g2 = babyJub.addPoint(g,g);
+
+ w = await circuitMDouble.calculateWitness({ in: mg}, true);
+
+ xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+ yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+ mg2 = [xout, yout];
+
+ w = await circuitM2E.calculateWitness({ in: mg2}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(g2[0]));
+ assert(yout.equals(g2[1]));
+ });
+ it("Should add a point", async () => {
+ let w, xout, yout;
+
+ g3 = babyJub.addPoint(g,g2);
+
+ w = await circuitMAdd.calculateWitness({ in1: mg, in2: mg2}, true);
+
+ xout = w[circuitMAdd.symbols["main.out[0]"].varIdx];
+ yout = w[circuitMAdd.symbols["main.out[1]"].varIdx];
+
+ mg3 = [xout, yout];
+
+ w = await circuitM2E.calculateWitness({ in: mg3}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(g3[0]));
+ assert(yout.equals(g3[1]));
+ });
+});
+
+*/
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/README.md b/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/README.md
index e395c950..9c83dc68 100644
--- a/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/README.md
+++ b/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/README.md
@@ -1,10 +1,8 @@
# `MontgomeryAdd()`
-PATH HERE: ~/CircomLib/Circuits/...
-
## Background
-The arithmetic performed here is based on wikipedia webpage on [Montgomery elliptic curves](https://en.wikipedia.org/wiki/Montgomery_curve).
+The arithmetic performed here is based on wikipedia webpage on [Montgomery elliptic curves](https://en.wikipedia.org/wiki/Montgomery_curve). (TODO: Add link to arithmetic on research-notes).
<!-- 1 + y 1 + y
[u, v] = [ ------- , ---------- ]
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.test.js b/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.test.js
new file mode 100644
index 00000000..dc85050c
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.test.js
@@ -0,0 +1,52 @@
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+const assert = chai.assert;
+
+describe("Montgomery addition test", function () {
+ let circuitMAdd;
+
+ // Arbitrary point p
+ let p = [
+ bigInt("7117928050407583618111176421555214756675765419608405867398403713213306743542"),
+ bigInt("14577268218881899420966779687690205425227431577728659819975198491127179315626")
+ ];
+
+ // TODO:
+ // Arbitrary point q
+ let q = [
+ bigInt("0"),
+ bigInt("1")
+ ];
+
+ // TODO:
+ // Point q+q
+ let pq = [
+ bigInt("0"),
+ bigInt("1")
+ ];
+
+ this.timeout(100000);
+
+ before( async() => {
+ circuitMAdd = await tester(path.join(__dirname, "montgomeryadd_test.circom"));
+ await circuitMAdd.loadSymbols();
+ });
+
+ it("It should add two abitrary points", async () => {
+ let w, xout, yout;
+
+ w = await circuitMAdd.calculateWitness({ in1: p, in2: q}, true);
+
+ xout = w[circuitMAdd.symbols["main.out[0]"].varIdx];
+ yout = w[circuitMAdd.symbols["main.out[1]"].varIdx];
+
+// TODO:
+// assert(xout.equals(pq[0]));
+// assert(yout.equals(pq[1]));
+ });
+
+ // TODO: Test that fails when origin is an input?
+});
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd_test.circom b/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd_test.circom
new file mode 100644
index 00000000..b12bbf23
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd_test.circom
@@ -0,0 +1,3 @@
+include "montgomeryadd.circom";
+
+component main = MontgomeryAdd();
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.test.js b/circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.test.js
new file mode 100644
index 00000000..e037f920
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.test.js
@@ -0,0 +1,93 @@
+/*
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+const babyJub = require("../src/babyjub.js");
+
+const assert = chai.assert;
+
+describe("Montgomery test", function () {
+ let circuitE2M;
+ let circuitM2E;
+ let circuitMAdd;
+ let circuitMDouble;
+
+ let g = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ let mg, mg2, g2, g3, mg3;
+
+ this.timeout(100000);
+ before( async() => {
+ circuitE2M = await tester(path.join(__dirname, "circuits", "edwards2montgomery.circom"));
+ await circuitE2M.loadSymbols();
+ circuitM2E = await tester(path.join(__dirname, "circuits", "montgomery2edwards.circom"));
+ await circuitM2E.loadSymbols();
+ circuitMAdd = await tester(path.join(__dirname, "circuits", "montgomeryadd.circom"));
+ await circuitMAdd.loadSymbols();
+ circuitMDouble = await tester(path.join(__dirname, "circuits", "montgomerydouble.circom"));
+ await circuitMDouble.loadSymbols();
+ });
+ it("Convert Edwards to Montgomery and back again", async () => {
+ let w, xout, yout;
+
+ w = await circuitE2M.calculateWitness({ in: g}, true);
+
+ xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+ yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+ mg = [xout, yout];
+
+ w = await circuitM2E.calculateWitness({ in: [xout, yout]}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(g[0]));
+ assert(yout.equals(g[1]));
+ });
+ it("Should double a point", async () => {
+ let w, xout, yout;
+
+ g2 = babyJub.addPoint(g,g);
+
+ w = await circuitMDouble.calculateWitness({ in: mg}, true);
+
+ xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+ yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+ mg2 = [xout, yout];
+
+ w = await circuitM2E.calculateWitness({ in: mg2}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(g2[0]));
+ assert(yout.equals(g2[1]));
+ });
+ it("Should add a point", async () => {
+ let w, xout, yout;
+
+ g3 = babyJub.addPoint(g,g2);
+
+ w = await circuitMAdd.calculateWitness({ in1: mg, in2: mg2}, true);
+
+ xout = w[circuitMAdd.symbols["main.out[0]"].varIdx];
+ yout = w[circuitMAdd.symbols["main.out[1]"].varIdx];
+
+ mg3 = [xout, yout];
+
+ w = await circuitM2E.calculateWitness({ in: mg3}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(g3[0]));
+ assert(yout.equals(g3[1]));
+ });
+});
+*/
\ No newline at end of file
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble_test.circom b/circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble_test.circom
new file mode 100644
index 00000000..70a3840e
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/montgomery.circom";
+
+component main = MontgomeryDouble();
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards.test.js b/circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards.test.js
new file mode 100644
index 00000000..4313c5d6
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards.test.js
@@ -0,0 +1,65 @@
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+const assert = chai.assert;
+
+describe("Montgomery to Edwards test", function () {
+
+ let circuitM2E;
+
+ // Generator
+ let g = [
+ bigInt("7"),
+ bigInt("4258727773875940690362607550498304598101071202821725296872974770776423442226")
+ ];
+
+ let eg = [
+ bigInt("995203441582195749578291179787384436505546430278305826713579947235728471134"),
+ bigInt("5472060717959818805561601436314318772137091100104008585924551046643952123905")
+ ];
+
+ // Arbitrary point
+ let p = [
+ bigInt("7117928050407583618111176421555214756675765419608405867398403713213306743542"),
+ bigInt("14577268218881899420966779687690205425227431577728659819975198491127179315626")
+ ];
+
+ let ep = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ this.timeout(100000);
+ before( async() => {
+ circuitM2E = await tester(path.join(__dirname, "montgomery2edwards_test.circom"));
+ await circuitM2E.loadSymbols();
+ });
+
+ it("Convert the generator point of Montgomery to Edwards", async () => {
+ let w, xout, yout;
+
+ w = await circuitM2E.calculateWitness({ in: g}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(eg[0]));
+ assert(yout.equals(eg[1]));
+
+ });
+
+ it("Convert an arbitrary point in Montgomery to Edwards", async () => {
+ let w, xout, yout;
+
+ w = await circuitM2E.calculateWitness({ in: p}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(ep[0]));
+ assert(yout.equals(ep[1]));
+ });
+
+});
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards_test.circom b/circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards_test.circom
new file mode 100644
index 00000000..d22ad839
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards_test.circom
@@ -0,0 +1,3 @@
+include "montgomery2edwards.circom";
+
+component main = Montgomery2Edwards();
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery2edwards_test.circom b/circuits/crypto_templates/baby_jubjub/montgomery2edwards_test.circom
new file mode 100644
index 00000000..39d05a64
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/montgomery2edwards_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/montgomery.circom";
+
+component main = Montgomery2Edwards();
diff --git a/circuits/crypto_templates/baby_jubjub/montgomeryBIS.test.js b/circuits/crypto_templates/baby_jubjub/montgomeryBIS.test.js
new file mode 100644
index 00000000..4e663351
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/montgomeryBIS.test.js
@@ -0,0 +1,162 @@
+/*
+const chai = require("chai");
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+const babyJub = require("../../../../src/babyjub.js");
+
+const assert = chai.assert;
+
+describe("Edwards to Montgomery test", function () {
+ let circuitE2M;
+/*
+ let circuitM2E;
+ let circuitMAdd;
+ let circuitMDouble;
+*/
+
+ // Generator
+/*
+ let g = [
+ bigInt("995203441582195749578291179787384436505546430278305826713579947235728471134"),
+ bigInt("5472060717959818805561601436314318772137091100104008585924551046643952123905")
+ ];
+
+ let mg = [
+ bigInt("7"),
+ bigInt("4258727773875940690362607550498304598101071202821725296872974770776423442226")
+ ];
+
+ // Arbitrary point
+ let p = [
+ bigInt("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+ bigInt("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+ ];
+
+ let mp = [
+ bigInt("7117928050407583618111176421555214756675765419608405867398403713213306743542"),
+ bigInt("14577268218881899420966779687690205425227431577728659819975198491127179315626")
+ ];
+
+// mg2, g2, g3, mg3;
+
+ this.timeout(100000);
+ before( async() => {
+ circuitE2M = await tester(path.join(__dirname, "edwards2montgomery_test.circom"));
+ await circuitE2M.loadSymbols();
+ /*
+ circuitM2E = await tester(path.join(__dirname, "circuits", "montgomery2edwards.circom"));
+ await circuitM2E.loadSymbols();
+ circuitMAdd = await tester(path.join(__dirname, "circuits", "montgomeryadd.circom"));
+ await circuitMAdd.loadSymbols();
+ circuitMDouble = await tester(path.join(__dirname, "circuits", "montgomerydouble.circom"));
+ await circuitMDouble.loadSymbols();
+ */
+/*
+ });
+
+ it("Convert the generator point of Edwards to Montgomery", async () => {
+ let w, xout, yout;
+
+ w = await circuitE2M.calculateWitness({ in: g}, true);
+
+ xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+ yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+// console.log("punto en Montgomery: ("+xout+","+yout+")");
+
+ assert(xout.equals(mg[0]));
+ assert(yout.equals(mg[1]));
+
+// w = await circuitM2E.calculateWitness({ in: [xout, yout]}, true);
+
+// xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+// yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+// assert(xout.equals(g[0]));
+// assert(yout.equals(g[1]));
+ });
+
+ it("Convert an arbitrary point in Edwards to Montgomery", async () => {
+ let w, xout, yout;
+
+ w = await circuitE2M.calculateWitness({ in: p}, true);
+
+ xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+ yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+// console.log("punto en Montgomery: ("+xout+","+yout+")");
+
+ assert(xout.equals(mp[0]));
+ assert(yout.equals(mp[1]));
+
+// w = await circuitM2E.calculateWitness({ in: [xout, yout]}, true);
+
+// xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+// yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+// assert(xout.equals(g[0]));
+// assert(yout.equals(g[1]));
+ });
+
+/*
+ it("Convert Edwards to Montgomery and back again", async () => {
+ let w, xout, yout;
+
+ w = await circuitE2M.calculateWitness({ in: g}, true);
+
+ xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+ yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+ mg = [xout, yout];
+
+ w = await circuitM2E.calculateWitness({ in: [xout, yout]}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(g[0]));
+ assert(yout.equals(g[1]));
+ });
+ it("Should double a point", async () => {
+ let w, xout, yout;
+
+ g2 = babyJub.addPoint(g,g);
+
+ w = await circuitMDouble.calculateWitness({ in: mg}, true);
+
+ xout = w[circuitE2M.symbols["main.out[0]"].varIdx];
+ yout = w[circuitE2M.symbols["main.out[1]"].varIdx];
+
+ mg2 = [xout, yout];
+
+ w = await circuitM2E.calculateWitness({ in: mg2}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(g2[0]));
+ assert(yout.equals(g2[1]));
+ });
+ it("Should add a point", async () => {
+ let w, xout, yout;
+
+ g3 = babyJub.addPoint(g,g2);
+
+ w = await circuitMAdd.calculateWitness({ in1: mg, in2: mg2}, true);
+
+ xout = w[circuitMAdd.symbols["main.out[0]"].varIdx];
+ yout = w[circuitMAdd.symbols["main.out[1]"].varIdx];
+
+ mg3 = [xout, yout];
+
+ w = await circuitM2E.calculateWitness({ in: mg3}, true);
+
+ xout = w[circuitM2E.symbols["main.out[0]"].varIdx];
+ yout = w[circuitM2E.symbols["main.out[1]"].varIdx];
+
+ assert(xout.equals(g3[0]));
+ assert(yout.equals(g3[1]));
+ });
+*/
+// });
diff --git a/circuits/crypto_templates/baby_jubjub/montgomeryadd_test.circom b/circuits/crypto_templates/baby_jubjub/montgomeryadd_test.circom
new file mode 100644
index 00000000..8caea17d
--- /dev/null
+++ b/circuits/crypto_templates/baby_jubjub/montgomeryadd_test.circom
@@ -0,0 +1,3 @@
+include "../../circuits/montgomery.circom";
+
+component main = MontgomeryAdd();
From ad3c6e5f0a83ceed434c8ca05d91955f12386983 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 22 Apr 2020 11:12:43 +0200
Subject: [PATCH 24/27] Worked on basics
---
circuits/basics/README.md | 44 ++++++++++++++++++-
circuits/basics/binary_ops/bin_sub/README.md | 13 +++---
.../bin_sub/test/bin_sub.test.circom | 6 +--
circuits/basics/binary_ops/bin_sum/README.md | 10 ++---
.../bin_sum/test/bin_sum.test.circom | 4 +-
.../basics/binary_ops/gates/and/README.md | 6 +--
.../binary_ops/gates/and/test/and.test.circom | 2 +-
.../binary_ops/gates/and/test/and.test.js | 10 ++---
.../binary_ops/gates/multi_and/README.md | 4 +-
.../gates/multi_and/multi_and.circom | 2 +-
.../multi_and/test/multi_and.test.circom | 2 +-
.../gates/multi_and/test/multiand.test.js | 8 ++--
.../binary_ops/gates/multi_or/README.md | 4 +-
.../binary_ops/gates/multi_or/multi_or.circom | 2 +-
.../gates/multi_or/test/multi_or.test.circom | 2 +-
.../gates/multi_or/test/multi_or.test.js | 8 ++--
.../binary_ops/gates/multi_xor/README.md | 4 +-
.../gates/multi_xor/multi_xor.circom | 4 +-
.../multi_xor/test/multi_xor.test.circom | 2 +-
.../gates/multi_xor/test/multi_xor.test.js | 6 +--
.../basics/binary_ops/gates/nand/README.md | 2 +-
.../gates/nand/test/nand.test.circom | 2 +-
.../binary_ops/gates/nand/test/nand.test.js | 10 ++---
.../basics/binary_ops/gates/nor/README.md | 2 +-
.../binary_ops/gates/nor/test/nor.test.circom | 2 +-
.../binary_ops/gates/nor/test/nor.test.js | 16 +++----
.../basics/binary_ops/gates/not/README.md | 2 +-
.../binary_ops/gates/not/test/not.test.circom | 2 +-
.../binary_ops/gates/not/test/not.test.js | 12 ++---
circuits/basics/binary_ops/gates/or/README.md | 2 +-
.../binary_ops/gates/or/test/or.test.circom | 2 +-
.../binary_ops/gates/or/test/or.test.js | 10 ++---
.../basics/binary_ops/gates/xor/README.md | 2 +-
.../binary_ops/gates/xor/test/xor.test.circom | 2 +-
.../binary_ops/gates/xor/test/xor.test.js | 10 ++---
circuits/basics/bitify/README.md | 2 +-
circuits/basics/bitify/bits2num/README.md | 4 +-
.../basics/bitify/bits2num_strict/README.md | 6 +--
.../bits2num_strict/bits2num_strict.circom | 2 +-
circuits/basics/bitify/num2bits/README.md | 4 +-
.../basics/bitify/num2bits_strict/README.md | 4 +-
.../num2bits_strict/num2bits_strict.circom | 2 +-
circuits/basics/bitify/num2bitsneg/README.md | 4 +-
.../bitify/num2bitsneg/num2bitsneg.circom | 2 +-
circuits/basics/comparators/README.md | 19 ++++----
.../{aliascheck => alias_check}/README.md | 0
.../alias_check.circom} | 2 +-
.../alias_check/test/alias_check.test.circom | 3 ++
.../test/alias_check.test.js} | 2 +-
.../aliascheck/aliascheck_test.circom | 3 --
.../{compconstant => comp_constant}/README.md | 2 +-
.../comp_constant.circom} | 2 +-
.../README.md | 2 +-
.../force_equal_if_enabled.circom} | 2 +-
.../README.md | 2 +-
.../greater_eq_than.circom} | 2 +-
.../test/greater_eq_than.test.circom} | 2 +-
.../test/greater_eq_than.test.js} | 2 +-
.../{greaterthan => greater_than}/README.md | 2 +-
.../greater_than.circom} | 2 +-
.../test/greater_than.test.circom} | 2 +-
.../test/greater_than.test.js} | 2 +-
.../{isequal => is_equal}/README.md | 2 +-
.../is_equal.circom} | 2 +-
.../is_equal/test/is_equal.test.circom | 3 ++
.../test/is_equal.test.js} | 2 +-
.../comparators/{iszero => is_zero}/README.md | 0
.../iszero.circom => is_zero/is_zero.circom} | 0
.../is_zero/test/is_zero.test.circom | 3 ++
.../test/is_zero.test.js} | 2 +-
.../comparators/isequal/isequal_test.circom | 3 --
.../comparators/iszero/iszero_test.circom | 3 --
.../{lesseqthan => less_eq_than}/README.md | 0
.../less_eq_than.circom} | 2 +-
.../test/less_eq_than.test.circom} | 2 +-
.../test/less_eq_than.test.js} | 2 +-
.../{lessthan => less_than}/README.md | 0
.../less_than.circom} | 0
.../test/less_than.test.circom} | 2 +-
.../test/less_than.test.js} | 2 +-
circuits/basics/comparators/sign/sign.circom | 2 +-
.../sign.test.circom} | 2 +-
.../comparators/sign/{ => test}/sign.test.js | 2 +-
circuits/basics/multiplexer/decoder/README.md | 19 --------
.../multiplexer/{mux => }/multimux1/README.md | 0
.../multiplexer/{mux => }/multimux2/README.md | 0
.../{mux => }/multimux2/multimux2.circom | 0
.../multiplexer/{mux => }/multimux3/README.md | 0
.../{mux => }/multimux3/multimux3.circom | 0
.../multiplexer/{mux => }/multimux4/README.md | 0
.../{mux => }/multimux4/multimux4.circom | 0
.../.src}/decoder.circom | 0
.../.src}/scalarproduct.circom | 0
.../multiplexer/{ => multiplexer}/README.md | 4 +-
.../{ => multiplexer}/multiplexer.circom | 4 +-
circuits/basics/multiplexer/mux/README.md | 16 -------
.../multiplexer/{mux => }/mux1/README.md | 0
.../multiplexer/{mux => }/mux1/mux1.circom | 0
.../multiplexer/{mux => }/mux1/mux1_1.circom | 0
.../multiplexer/{mux => }/mux2/README.md | 0
.../multiplexer/{mux => }/mux2/mux2.circom | 0
.../multiplexer/{mux => }/mux2/mux2_1.circom | 0
.../multiplexer/{mux => }/mux3/README.md | 0
.../multiplexer/{mux => }/mux3/mux3.circom | 0
.../multiplexer/{mux => }/mux3/mux3_1.circom | 0
.../multiplexer/{mux => }/mux4/README.md | 0
.../multiplexer/{mux => }/mux4/mux4.circom | 0
.../multiplexer/{mux => }/mux4/mux4_1.circom | 0
.../multiplexer/scalarproduct/README.md | 19 --------
.../{crypto_templates => crypto}/README.md | 0
.../baby_jubjub/README.md | 0
.../baby_jubjub/edwards/README.md | 0
.../baby_jubjub/edwards/babyadd/README.md | 0
.../edwards/babyadd/babyadd.circom | 0
.../edwards/babyadd/babyadd.test.js | 6 +--
.../edwards/babyadd/babyadd_test.circom | 0
.../baby_jubjub/edwards/babycheck/README.md | 0
.../edwards/babycheck/babycheck.circom | 0
.../edwards/babycheck/babycheck.test.js | 4 +-
.../edwards/babycheck/babycheck_test.circom | 0
.../baby_jubjub/edwards/babydbl/README.md | 0
.../edwards/babydbl/babydbl.circom | 0
.../baby_jubjub/edwards/babypbk/README.md | 0
.../edwards/babypbk/babypbk.circom | 0
.../baby_jubjub/edwards/scalar_mul/README.md | 0
.../edwards/scalar_mul/scalarmul/README.md | 0
.../scalar_mul/scalarmul/scalarmul.circom | 0
.../scalar_mul/scalarmul/scalarmul.test.js | 0
.../scalarmul/scalarmul_min_test.circom | 0
.../scalarmul/scalarmul_test.circom | 0
.../scalarmul/scalarmul_test_min.circom | 0
.../scalarmul/scalarmulw4table/README.md | 0
.../scalarmulw4table/scalarmulw4table.circom | 0
.../scalarmulw4table/scalarmulw4table.test.js | 0
.../scalarmulw4table_test.circom | 0
.../scalarmulw4table_test2.circom | 0
.../scalarmulw4table_test3.circom | 0
.../scalarmulwindow/scalarmulwindow.circom | 0
.../edwards/scalar_mul/scalarmulany/README.md | 0
.../bitelementmulany/bitelementmulany.circom | 0
.../multiplexor2/multiplexor2.circom | 0
.../scalarmulany/scalarmulany.circom | 0
.../scalarmulany/scalarmulany.test.js | 0
.../scalarmulany/scalarmulany_test.circom | 0
.../segmentmulany/segmentmulany.circom | 0
.../edwards/scalar_mul/scalarmulfix/README.md | 0
.../scalarmulfix/scalarmulfix.circom | 0
.../scalarmulfix/scalarmulfix.test.js | 0
.../scalarmulfix/scalarmulfix_test.circom | 0
.../segmentmulfix/segmentmulfix.circom | 0
.../windowmulfix/windowmulfix.circom | 0
.../baby_jubjub/edwards2montgomery/README.md | 0
.../edwards2montgomery.circom | 0
.../edwards2montgomery.test.js | 0
.../edwards2montgomery_test.circom | 0
.../edwards2montgomery_test.circom | 0
.../baby_jubjub/montgomery.test.js | 0
.../baby_jubjub/montgomery/README.md | 0
.../montgomery/montgomeryadd/README.md | 0
.../montgomeryadd/montgomeryadd.circom | 0
.../montgomeryadd/montgomeryadd.test.js | 2 +-
.../montgomeryadd/montgomeryadd_test.circom | 0
.../montgomery/montgomerydouble/README.md | 0
.../montgomerydouble/montgomerydouble.circom | 0
.../montgomerydouble/montgomerydouble.test.js | 0
.../montgomerydouble_test.circom | 0
.../baby_jubjub/montgomery2edwards/README.md | 0
.../montgomery2edwards.circom | 0
.../montgomery2edwards.test.js | 0
.../montgomery2edwards_test.circom | 0
.../montgomery2edwards_test.circom | 0
.../baby_jubjub/montgomeryBIS.test.js | 0
.../baby_jubjub/montgomeryadd_test.circom | 0
.../baby_jubjub/point2bits/README.md | 0
.../baby_jubjub/point2bits/pointbits.circom | 0
.../hash_functions/README.md | 0
.../hash_functions}/mimc7/README.md | 0
.../hash_functions}/mimc7/mimc.circom | 0
.../hash_functions}/mimcfeistel/README.md | 0
.../hash_functions}/mimcsponge/README.md | 0
.../mimcsponge/mimcsponge.circom | 0
.../hash_functions}/multimimc7/README.md | 0
.../pedersen_old/pedersen_old.circom | 0
.../hash_functions/pedersen_w3/README.md | 0
.../pedersen_w3/pedersen_w3.circom | 0
.../pedersen_w3/segment3/segment3.circom | 0
.../pedersen_w3/window3/window3.circom | 0
.../hash_functions/pedersen_w4/README.md | 0
.../pedersen_w4/pedersen_w4.circom | 0
.../pedersen_w4/pedersen_w4.test.js | 0
.../pedersen_w4/pedersen_w4_test.circom | 0
.../pedersen_w4/segment/segment.circom | 0
.../pedersen_w4/window4/window4.circom | 0
.../hash_functions/poseidon/README.md | 0
.../hash_functions/poseidon/poseidon.circom | 0
.../hash_functions/sha256/README.md | 0
.../hash_functions/sha256/ch.circom | 0
.../sha256/constants/constants.circom | 0
.../hash_functions/sha256/main.circom | 0
.../hash_functions/sha256/maj.circom | 0
.../hash_functions/sha256/rotate.circom | 0
.../hash_functions/sha256/sha256.circom | 0
.../hash_functions/sha256/sha256_2.circom | 0
.../sha256/sha256compression.circom | 0
.../hash_functions/sha256/shift.circom | 0
.../hash_functions/sha256/sigma.circom | 0
.../hash_functions/sha256/sigmaplus.circom | 0
.../hash_functions/sha256/t1.circom | 0
.../hash_functions/sha256/t2.circom | 0
.../hash_functions/sha256/xor3.circom | 0
.../signatures/README.md | 0
.../signatures/eddsa/README.md | 0
.../signatures}/eddsa/eddsa.circom | 0
.../signatures}/eddsamimc/eddsamimc.circom | 0
.../eddsamimcsponge/eddsamimcsponge.circom | 0
.../eddsaposeidon/eddsaposeidon.circom | 0
.../smt/README.md | 0
.../smt/smthash_mimc.circom | 0
.../smt/smthash_poseidon.circom | 0
.../smt/smtlevins.circom | 0
.../smt/smtprocessor.circom | 0
.../smt/smtprocessorlevel.circom | 0
.../smt/smtprocessorsm.circom | 0
.../smt/smtverifier.circom | 0
.../smt/smtverifierlevel.circom | 0
.../smt/smtverifiersm.circom | 0
.../hash_functions/mimc/README.md | 12 -----
227 files changed, 197 insertions(+), 229 deletions(-)
rename circuits/basics/comparators/{aliascheck => alias_check}/README.md (100%)
rename circuits/basics/comparators/{aliascheck/aliascheck.circom => alias_check/alias_check.circom} (95%)
create mode 100644 circuits/basics/comparators/alias_check/test/alias_check.test.circom
rename circuits/basics/comparators/{aliascheck/aliascheck.test.js => alias_check/test/alias_check.test.js} (96%)
delete mode 100644 circuits/basics/comparators/aliascheck/aliascheck_test.circom
rename circuits/basics/comparators/{compconstant => comp_constant}/README.md (93%)
rename circuits/basics/comparators/{compconstant/compconstant.circom => comp_constant/comp_constant.circom} (97%)
rename circuits/basics/comparators/{forceequalifenabled => force_equal_if_enabled}/README.md (93%)
rename circuits/basics/comparators/{forceequalifenabled/forceequalifenabled.circom => force_equal_if_enabled/force_equal_if_enabled.circom} (96%)
rename circuits/basics/comparators/{greatereqthan => greater_eq_than}/README.md (95%)
rename circuits/basics/comparators/{greatereqthan/greatereqthan.circom => greater_eq_than/greater_eq_than.circom} (96%)
rename circuits/basics/comparators/{greatereqthan/greatereqthan_test.circom => greater_eq_than/test/greater_eq_than.test.circom} (50%)
rename circuits/basics/comparators/{greatereqthan/greatereqthan.test.js => greater_eq_than/test/greater_eq_than.test.js} (98%)
rename circuits/basics/comparators/{greaterthan => greater_than}/README.md (93%)
rename circuits/basics/comparators/{greaterthan/greaterthan.circom => greater_than/greater_than.circom} (96%)
rename circuits/basics/comparators/{greaterthan/greaterthan_test.circom => greater_than/test/greater_than.test.circom} (51%)
rename circuits/basics/comparators/{greaterthan/greaterthan.test.js => greater_than/test/greater_than.test.js} (98%)
rename circuits/basics/comparators/{isequal => is_equal}/README.md (93%)
rename circuits/basics/comparators/{isequal/isequal.circom => is_equal/is_equal.circom} (96%)
create mode 100644 circuits/basics/comparators/is_equal/test/is_equal.test.circom
rename circuits/basics/comparators/{isequal/isequal.test.js => is_equal/test/is_equal.test.js} (88%)
rename circuits/basics/comparators/{iszero => is_zero}/README.md (100%)
rename circuits/basics/comparators/{iszero/iszero.circom => is_zero/is_zero.circom} (100%)
create mode 100644 circuits/basics/comparators/is_zero/test/is_zero.test.circom
rename circuits/basics/comparators/{iszero/iszero.test.js => is_zero/test/is_zero.test.js} (88%)
delete mode 100644 circuits/basics/comparators/isequal/isequal_test.circom
delete mode 100644 circuits/basics/comparators/iszero/iszero_test.circom
rename circuits/basics/comparators/{lesseqthan => less_eq_than}/README.md (100%)
rename circuits/basics/comparators/{lesseqthan/lesseqthan.circom => less_eq_than/less_eq_than.circom} (96%)
rename circuits/basics/comparators/{lesseqthan/lesseqthan_test.circom => less_eq_than/test/less_eq_than.test.circom} (50%)
rename circuits/basics/comparators/{lesseqthan/lesseqthan.test.js => less_eq_than/test/less_eq_than.test.js} (95%)
rename circuits/basics/comparators/{lessthan => less_than}/README.md (100%)
rename circuits/basics/comparators/{lessthan/lessthan.circom => less_than/less_than.circom} (100%)
rename circuits/basics/comparators/{lessthan/lessthan_test.circom => less_than/test/less_than.test.circom} (50%)
rename circuits/basics/comparators/{lessthan/lessthan.test.js => less_than/test/less_than.test.js} (95%)
rename circuits/basics/comparators/sign/{sign_test.circom => test/sign.test.circom} (50%)
rename circuits/basics/comparators/sign/{ => test}/sign.test.js (97%)
delete mode 100644 circuits/basics/multiplexer/decoder/README.md
rename circuits/basics/multiplexer/{mux => }/multimux1/README.md (100%)
rename circuits/basics/multiplexer/{mux => }/multimux2/README.md (100%)
rename circuits/basics/multiplexer/{mux => }/multimux2/multimux2.circom (100%)
rename circuits/basics/multiplexer/{mux => }/multimux3/README.md (100%)
rename circuits/basics/multiplexer/{mux => }/multimux3/multimux3.circom (100%)
rename circuits/basics/multiplexer/{mux => }/multimux4/README.md (100%)
rename circuits/basics/multiplexer/{mux => }/multimux4/multimux4.circom (100%)
rename circuits/basics/multiplexer/{decoder => multiplexer/.src}/decoder.circom (100%)
rename circuits/basics/multiplexer/{scalarproduct => multiplexer/.src}/scalarproduct.circom (100%)
rename circuits/basics/multiplexer/{ => multiplexer}/README.md (82%)
rename circuits/basics/multiplexer/{ => multiplexer}/multiplexer.circom (93%)
delete mode 100644 circuits/basics/multiplexer/mux/README.md
rename circuits/basics/multiplexer/{mux => }/mux1/README.md (100%)
rename circuits/basics/multiplexer/{mux => }/mux1/mux1.circom (100%)
rename circuits/basics/multiplexer/{mux => }/mux1/mux1_1.circom (100%)
rename circuits/basics/multiplexer/{mux => }/mux2/README.md (100%)
rename circuits/basics/multiplexer/{mux => }/mux2/mux2.circom (100%)
rename circuits/basics/multiplexer/{mux => }/mux2/mux2_1.circom (100%)
rename circuits/basics/multiplexer/{mux => }/mux3/README.md (100%)
rename circuits/basics/multiplexer/{mux => }/mux3/mux3.circom (100%)
rename circuits/basics/multiplexer/{mux => }/mux3/mux3_1.circom (100%)
rename circuits/basics/multiplexer/{mux => }/mux4/README.md (100%)
rename circuits/basics/multiplexer/{mux => }/mux4/mux4.circom (100%)
rename circuits/basics/multiplexer/{mux => }/mux4/mux4_1.circom (100%)
delete mode 100644 circuits/basics/multiplexer/scalarproduct/README.md
rename circuits/{crypto_templates => crypto}/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/babyadd/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/babyadd/babyadd.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/babyadd/babyadd.test.js (92%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/babyadd/babyadd_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/babycheck/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/babycheck/babycheck.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/babycheck/babycheck.test.js (85%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/babycheck/babycheck_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/babydbl/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/babydbl/babydbl.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/babypbk/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/babypbk/babypbk.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmul/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.test.js (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_min_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test_min.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.test.js (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test2.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test3.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.test.js (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.test.js (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmulfix/segmentmulfix/segmentmulfix.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards/scalar_mul/scalarmulfix/windowmulfix/windowmulfix.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards2montgomery/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards2montgomery/edwards2montgomery.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards2montgomery/edwards2montgomery.test.js (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards2montgomery/edwards2montgomery_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/edwards2montgomery_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery.test.js (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery/montgomeryadd/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.test.js (95%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery/montgomeryadd/montgomeryadd_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery/montgomerydouble/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.test.js (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery/montgomerydouble/montgomerydouble_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery2edwards/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery2edwards/montgomery2edwards.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery2edwards/montgomery2edwards.test.js (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery2edwards/montgomery2edwards_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomery2edwards_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomeryBIS.test.js (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/montgomeryadd_test.circom (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/point2bits/README.md (100%)
rename circuits/{crypto_templates => crypto}/baby_jubjub/point2bits/pointbits.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/README.md (100%)
rename circuits/{crypto_templates/hash_functions/mimc => crypto/hash_functions}/mimc7/README.md (100%)
rename circuits/{crypto_templates/hash_functions/mimc => crypto/hash_functions}/mimc7/mimc.circom (100%)
rename circuits/{crypto_templates/hash_functions/mimc => crypto/hash_functions}/mimcfeistel/README.md (100%)
rename circuits/{crypto_templates/hash_functions/mimc => crypto/hash_functions}/mimcsponge/README.md (100%)
rename circuits/{crypto_templates/hash_functions/mimc => crypto/hash_functions}/mimcsponge/mimcsponge.circom (100%)
rename circuits/{crypto_templates/hash_functions/mimc => crypto/hash_functions}/multimimc7/README.md (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/pedersen_old/pedersen_old.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/pedersen_w3/README.md (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/pedersen_w3/pedersen_w3.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/pedersen_w3/segment3/segment3.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/pedersen_w3/window3/window3.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/pedersen_w4/README.md (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/pedersen_w4/pedersen_w4.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/pedersen_w4/pedersen_w4.test.js (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/pedersen_w4/pedersen_w4_test.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/pedersen_w4/segment/segment.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/pedersen_w4/window4/window4.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/poseidon/README.md (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/poseidon/poseidon.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/README.md (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/ch.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/constants/constants.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/main.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/maj.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/rotate.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/sha256.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/sha256_2.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/sha256compression.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/shift.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/sigma.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/sigmaplus.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/t1.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/t2.circom (100%)
rename circuits/{crypto_templates => crypto}/hash_functions/sha256/xor3.circom (100%)
rename circuits/{crypto_templates => crypto}/signatures/README.md (100%)
rename circuits/{crypto_templates => crypto}/signatures/eddsa/README.md (100%)
rename circuits/{crypto_templates/signatures/eddsa => crypto/signatures}/eddsa/eddsa.circom (100%)
rename circuits/{crypto_templates/signatures/eddsa => crypto/signatures}/eddsamimc/eddsamimc.circom (100%)
rename circuits/{crypto_templates/signatures/eddsa => crypto/signatures}/eddsamimcsponge/eddsamimcsponge.circom (100%)
rename circuits/{crypto_templates/signatures/eddsa => crypto/signatures}/eddsaposeidon/eddsaposeidon.circom (100%)
rename circuits/{crypto_templates => crypto}/smt/README.md (100%)
rename circuits/{crypto_templates => crypto}/smt/smthash_mimc.circom (100%)
rename circuits/{crypto_templates => crypto}/smt/smthash_poseidon.circom (100%)
rename circuits/{crypto_templates => crypto}/smt/smtlevins.circom (100%)
rename circuits/{crypto_templates => crypto}/smt/smtprocessor.circom (100%)
rename circuits/{crypto_templates => crypto}/smt/smtprocessorlevel.circom (100%)
rename circuits/{crypto_templates => crypto}/smt/smtprocessorsm.circom (100%)
rename circuits/{crypto_templates => crypto}/smt/smtverifier.circom (100%)
rename circuits/{crypto_templates => crypto}/smt/smtverifierlevel.circom (100%)
rename circuits/{crypto_templates => crypto}/smt/smtverifiersm.circom (100%)
delete mode 100644 circuits/crypto_templates/hash_functions/mimc/README.md
diff --git a/circuits/basics/README.md b/circuits/basics/README.md
index d3de71e7..38b79684 100644
--- a/circuits/basics/README.md
+++ b/circuits/basics/README.md
@@ -1,7 +1,47 @@
# `basics`
-This folder contains the templates to do binary operations, conversions from field element representations to binary form and viceversa, a set of comparator functions and multiple multiplexor circuits.
+This folder contains various templates to do binary operations, conversions from field element representations to binary form and viceversa, a set of comparator functions and multiple multiplexer circuits.
## Structure of the Folder
-TODO: Add
\ No newline at end of file
+- [`binary_ops`](binary_ops)
+ - [`bin_sub`](binary_ops/bin_sub)
+ - [`bin_sum`](binary_ops/bin_sum)
+ - [`gates`](binary_ops/gates)
+ - [`and`](binary_ops/gates/and)
+ - [`multi_and`](binary_ops/gates/multi_and)
+ - [`multi_or`](binary_ops/gates/multi_or)
+ - [`multi_xor`](binary_ops/gates/multi_xor)
+ - [`nand`](binary_ops/gates/nand)
+ - [`nor`](binary_ops/gates/nor)
+ - [`not`](binary_ops/gates/not)
+ - [`or`](binary_ops/gates/or)
+ - [`xor`](binary_ops/gates/xor)
+- [`bitify`](bitify)
+ - [`bits2num`](bitify/bits2num)
+ - [`bits2num_strict`](bitify/bits2num_strict)
+ - [`num2bits`](bitify/num2bits)
+ - [`num2bits_strict`](bitify/num2bits_strict)
+ - [`num2bitsneg`](bitify/num2bitsneg)
+- [`comparators`](comparators)
+ - [`alias_check`](comparators/alias_check)
+ - [`comp_constant`](comparators/comp_constant)
+ - [`force_equal_if_enabled`](comparators/force_equal_if_enabled)
+ - [`greater_eq_than`](comparators/greater_eq_than)
+ - [`greater_than`](comparators/greater_than)
+ - [`is_equal`](comparators/is_equal)
+ - [`is_zero`](comparators/is_zero)
+ - [`less_eq_than`](comparators/less_eq_than)
+ - [`less_than`](comparators/less_than)
+ - [`sign`](comparators/sign)
+- [`multiplexer`](multiplexer)
+ - [`multimux1`](multiplexer/multimux1)
+ - [`multimux2`](multiplexer/multimux2)
+ - [`multimux3`](multiplexer/multimux3)
+ - [`multimux4`](multiplexer/multimux4)
+ - [`multiplexer`](multiplexer/multiplexer)
+ - [`mux1`](multiplexer/mux1)
+ - [`mux2`](multiplexer/mux2)
+ - [`mux3`](multiplexer/mux3)
+ - [`mux4`](multiplexer/mux4)
+ - [`switcher`](multiplexer/switcher)
diff --git a/circuits/basics/binary_ops/bin_sub/README.md b/circuits/basics/binary_ops/bin_sub/README.md
index 6a4e5d3a..f506e493 100644
--- a/circuits/basics/binary_ops/bin_sub/README.md
+++ b/circuits/basics/binary_ops/bin_sub/README.md
@@ -43,17 +43,16 @@ in[2][n] ----> | BinSub(n) | ----> out[n]
None.
-## Inputs
-
-| Input | Type |
-| ------------- | ------------- |
-| `in[2][n]` | Two binary arrays of `n` bits |
+## Expected Inputs
+| Input | Type |
+| ------------- | ------------- |
+| `in[2][n]` | Two binary arrays of `n` bits |
## Outputs
-| Output | Type | Description |
-| ------------- | ------------- | ---------- |
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
| `out[n]` | Binary array of `n` bits | Binary substraction of the `n`-bit arrays `in[0] - in[1]`. |
## Benchmarks
diff --git a/circuits/basics/binary_ops/bin_sub/test/bin_sub.test.circom b/circuits/basics/binary_ops/bin_sub/test/bin_sub.test.circom
index a5dcd13b..ae2020a2 100644
--- a/circuits/basics/binary_ops/bin_sub/test/bin_sub.test.circom
+++ b/circuits/basics/binary_ops/bin_sub/test/bin_sub.test.circom
@@ -1,6 +1,6 @@
-include "../../bitify/num2bits/num2bits.circom"
-include "../../bitify/bits2num/bits2num.circom"
-include "binsub.circom"
+include "../../../bitify/num2bits/num2bits.circom"
+include "../../../bitify/bits2num/bits2num.circom"
+include "../bin_sub.circom"
template A() {
signal private input a;
diff --git a/circuits/basics/binary_ops/bin_sum/README.md b/circuits/basics/binary_ops/bin_sum/README.md
index 61792243..49ceedf4 100644
--- a/circuits/basics/binary_ops/bin_sum/README.md
+++ b/circuits/basics/binary_ops/bin_sum/README.md
@@ -32,7 +32,7 @@ To waranty binary outputs:
out[1] * (out[0] - 1) === 0
.
.
- .
+ .../
out[n+e-1] * (out[n+e-1] - 1) == 0
-->
@@ -51,16 +51,16 @@ in[ops][n] ----> | BinSum(n, ops) | ----> out[nout]
None.
-## Inputs
+## Expected Inputs
| Input | Type |
-| ------------- | ------------- |
+| ------------- | ------------- |
| `in[ops][n]` | An array of `ops` binary arrays of `n` bits each. |
## Outputs
-| Output | Type | Description |
-| ------------- | ------------- | ---------- |
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
| `out[nout]` | Binary array of `nout` bits | Binary sum of all the `n`-bit operands in `in[ops]`. |
## Benchmarks
diff --git a/circuits/basics/binary_ops/bin_sum/test/bin_sum.test.circom b/circuits/basics/binary_ops/bin_sum/test/bin_sum.test.circom
index 711df019..b3630afc 100644
--- a/circuits/basics/binary_ops/bin_sum/test/bin_sum.test.circom
+++ b/circuits/basics/binary_ops/bin_sum/test/bin_sum.test.circom
@@ -1,5 +1,5 @@
-include "../../bitify/num2bits/num2bits.circom"
-include "../../bitify/bits2num/bits2num.circom"
+include "../../../bitify/num2bits/num2bits.circom"
+include "../../../bitify/bits2num/bits2num.circom"
include "../bin_sum.circom"
template A() {
diff --git a/circuits/basics/binary_ops/gates/and/README.md b/circuits/basics/binary_ops/gates/and/README.md
index 1d348e74..47c2a53b 100644
--- a/circuits/basics/binary_ops/gates/and/README.md
+++ b/circuits/basics/binary_ops/gates/and/README.md
@@ -18,7 +18,7 @@ b ----> |_________|
None.
-## Inputs
+## Expected Inputs
| Input | Type |
| ----- | ----- |
@@ -27,8 +27,8 @@ None.
## Outputs
-| Output | Type | Description |
-| ------ | ------ | ---------- |
+| Output | Type | Description |
+| ------ | ------ | ---------- |
| `out` | Boolean | `out = a ∧ b`. |
## Benchmarks
diff --git a/circuits/basics/binary_ops/gates/and/test/and.test.circom b/circuits/basics/binary_ops/gates/and/test/and.test.circom
index e7e0a4f6..070673ff 100644
--- a/circuits/basics/binary_ops/gates/and/test/and.test.circom
+++ b/circuits/basics/binary_ops/gates/and/test/and.test.circom
@@ -1,3 +1,3 @@
-include "and.circom";
+include "../and.circom";
component main = AND()
diff --git a/circuits/basics/binary_ops/gates/and/test/and.test.js b/circuits/basics/binary_ops/gates/and/test/and.test.js
index 42180e9a..27192c1c 100644
--- a/circuits/basics/binary_ops/gates/and/test/and.test.js
+++ b/circuits/basics/binary_ops/gates/and/test/and.test.js
@@ -11,25 +11,25 @@ describe("AND test", function () {
let circuit;
before( async() => {
- circuit = await tester(path.join(__dirname, "and_test.circom"));
+ circuit = await tester(path.join(__dirname, "and.test.circom"));
});
- it("1 AND 1 = 1", async () => {
+ it("Should 1 AND 1 = 1", async () => {
const witness = await circuit.calculateWitness({ "a": "1", "b": "1" }, true);
await circuit.assertOut(witness, {out: 1});
});
- it("1 AND 0 = 0", async () => {
+ it("Should 1 AND 0 = 0", async () => {
const witness = await circuit.calculateWitness({ "a": "1", "b": "0" }, true);
await circuit.assertOut(witness, {out: 0});
});
- it("0 AND 1 = 1", async () => {
+ it("Should 0 AND 1 = 1", async () => {
const witness = await circuit.calculateWitness({ "a": "0", "b": "1" }, true);
await circuit.assertOut(witness, {out: 0});
});
- it("0 AND 0 = 0", async () => {
+ it("Should 0 AND 0 = 0", async () => {
const witness = await circuit.calculateWitness({ "a": "0", "b": "0" }, true);
await circuit.assertOut(witness, {out: 0});
});
diff --git a/circuits/basics/binary_ops/gates/multi_and/README.md b/circuits/basics/binary_ops/gates/multi_and/README.md
index f1f9d1a9..e19fd8f1 100644
--- a/circuits/basics/binary_ops/gates/multi_and/README.md
+++ b/circuits/basics/binary_ops/gates/multi_and/README.md
@@ -17,10 +17,10 @@ in[n] ----> | MultiAND(n) | ----> out
## Dependencies
```
-include "../../comparators/iszero/iszero.circom";
+include "../../../comparators/is_zero/is_zero.circom";
```
-## Inputs
+## Expected Inputs
| Input | Type |
| ----- | ----- |
diff --git a/circuits/basics/binary_ops/gates/multi_and/multi_and.circom b/circuits/basics/binary_ops/gates/multi_and/multi_and.circom
index 7d00f7cb..9b929245 100644
--- a/circuits/basics/binary_ops/gates/multi_and/multi_and.circom
+++ b/circuits/basics/binary_ops/gates/multi_and/multi_and.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../../comparators/iszero/iszero.circom";
+include "../../../comparators/is_zero/is_zero.circom";
template MultiAND(n) {
signal input in[n];
diff --git a/circuits/basics/binary_ops/gates/multi_and/test/multi_and.test.circom b/circuits/basics/binary_ops/gates/multi_and/test/multi_and.test.circom
index 58c06301..82173e6c 100644
--- a/circuits/basics/binary_ops/gates/multi_and/test/multi_and.test.circom
+++ b/circuits/basics/binary_ops/gates/multi_and/test/multi_and.test.circom
@@ -1,3 +1,3 @@
-include "multiand.circom";
+include "../multi_and.circom";
component main = MultiAND(5)
diff --git a/circuits/basics/binary_ops/gates/multi_and/test/multiand.test.js b/circuits/basics/binary_ops/gates/multi_and/test/multiand.test.js
index a42e4143..ec0685a4 100644
--- a/circuits/basics/binary_ops/gates/multi_and/test/multiand.test.js
+++ b/circuits/basics/binary_ops/gates/multi_and/test/multiand.test.js
@@ -13,20 +13,20 @@ describe("MultiAND test", function () {
let circuit;
before( async() => {
- circuit = await tester(path.join(__dirname, "multiand_test.circom"));
+ circuit = await tester(path.join(__dirname, "multi_and.test.circom"));
});
- it("All 1 output 1", async () => {
+ it("Should all inputs 1 output 1", async () => {
const witness = await circuit.calculateWitness({"in": [1,1,1,1,1]}, true);
await circuit.assertOut(witness, {out: 1});
});
- it("One 0 output 0", async () => {
+ it("Should one input 0 output 0", async () => {
const witness = await circuit.calculateWitness({"in": [1,0,1,1,1]}, true);
await circuit.assertOut(witness, {out: 0});
});
- it("Some 0s output 0", async () => {
+ it("Should some input 0s output 0", async () => {
const witness = await circuit.calculateWitness({"in": [0,1,0,0,1]}, true);
await circuit.assertOut(witness, {out: 0});
});
diff --git a/circuits/basics/binary_ops/gates/multi_or/README.md b/circuits/basics/binary_ops/gates/multi_or/README.md
index 0f0a23b4..e4af5977 100644
--- a/circuits/basics/binary_ops/gates/multi_or/README.md
+++ b/circuits/basics/binary_ops/gates/multi_or/README.md
@@ -17,10 +17,10 @@ in[n] ----> | MultiOR(n) | ----> out
## Dependencies
```
-include "../../comparators/iszero/iszero.circom";
+include "../../../comparators/is_zero/is_zero.circom";
```
-## Inputs
+## Expected Inputs
| Input | Type |
| ----- | ----- |
diff --git a/circuits/basics/binary_ops/gates/multi_or/multi_or.circom b/circuits/basics/binary_ops/gates/multi_or/multi_or.circom
index 7aeb090d..396c9412 100644
--- a/circuits/basics/binary_ops/gates/multi_or/multi_or.circom
+++ b/circuits/basics/binary_ops/gates/multi_or/multi_or.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../../comparators/iszero/iszero.circom";
+include "../../../comparators/is_zero/is_zero.circom";
template MultiOR(n) {
signal input in[n];
diff --git a/circuits/basics/binary_ops/gates/multi_or/test/multi_or.test.circom b/circuits/basics/binary_ops/gates/multi_or/test/multi_or.test.circom
index e4afd588..2de7063f 100644
--- a/circuits/basics/binary_ops/gates/multi_or/test/multi_or.test.circom
+++ b/circuits/basics/binary_ops/gates/multi_or/test/multi_or.test.circom
@@ -1,3 +1,3 @@
-include "multior.circom";
+include "../multi_or.circom";
component main = MultiOR(5)
diff --git a/circuits/basics/binary_ops/gates/multi_or/test/multi_or.test.js b/circuits/basics/binary_ops/gates/multi_or/test/multi_or.test.js
index 33ccc4dc..3013d839 100644
--- a/circuits/basics/binary_ops/gates/multi_or/test/multi_or.test.js
+++ b/circuits/basics/binary_ops/gates/multi_or/test/multi_or.test.js
@@ -13,20 +13,20 @@ describe("MultiOR test", function () {
let circuit;
before( async() => {
- circuit = await tester(path.join(__dirname, "multior_test.circom"));
+ circuit = await tester(path.join(__dirname, "multi_or.test.circom"));
});
- it("All 0 output 0", async () => {
+ it("Should all input 0 output 0", async () => {
const witness = await circuit.calculateWitness({"in": [0,0,0,0,0]}, true);
await circuit.assertOut(witness, {out: 0});
});
- it("One 1 output 1", async () => {
+ it("Should one input 1 output 1", async () => {
const witness = await circuit.calculateWitness({"in": [0,1,0,0,0]}, true);
await circuit.assertOut(witness, {out: 1});
});
- it("Some 1s output 1", async () => {
+ it("Should some input 1s output 1", async () => {
const witness = await circuit.calculateWitness({"in": [0,1,0,0,1]}, true);
await circuit.assertOut(witness, {out: 1});
});
diff --git a/circuits/basics/binary_ops/gates/multi_xor/README.md b/circuits/basics/binary_ops/gates/multi_xor/README.md
index 5a5cbd57..5dcc3dce 100644
--- a/circuits/basics/binary_ops/gates/multi_xor/README.md
+++ b/circuits/basics/binary_ops/gates/multi_xor/README.md
@@ -17,10 +17,10 @@ in[n] ----> | MultiXOR(n) | ----> out
## Dependencies
```
-include "../../comparators/iszero/iszero.circom";
+include "../../../bitify/num2bits/num2bits.circom";
```
-## Inputs
+## Expected Inputs
| Input | Type |
| ----- | ----- |
diff --git a/circuits/basics/binary_ops/gates/multi_xor/multi_xor.circom b/circuits/basics/binary_ops/gates/multi_xor/multi_xor.circom
index e2a2f64d..ef6d56ea 100644
--- a/circuits/basics/binary_ops/gates/multi_xor/multi_xor.circom
+++ b/circuits/basics/binary_ops/gates/multi_xor/multi_xor.circom
@@ -17,10 +17,12 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../../bitify/num2bits/num2bits.circom";
+include "../../../bitify/num2bits/num2bits.circom";
// Output true if and only if an odd number of inputs are true
+// TODO: Add log function
+
template MultiXOR(n) {
signal input in[n];
signal output out;
diff --git a/circuits/basics/binary_ops/gates/multi_xor/test/multi_xor.test.circom b/circuits/basics/binary_ops/gates/multi_xor/test/multi_xor.test.circom
index 46552b32..58de2f62 100644
--- a/circuits/basics/binary_ops/gates/multi_xor/test/multi_xor.test.circom
+++ b/circuits/basics/binary_ops/gates/multi_xor/test/multi_xor.test.circom
@@ -1,3 +1,3 @@
-include "multixor.circom";
+include "../multi_xor.circom";
component main = MultiXOR(5)
diff --git a/circuits/basics/binary_ops/gates/multi_xor/test/multi_xor.test.js b/circuits/basics/binary_ops/gates/multi_xor/test/multi_xor.test.js
index 236a10f4..a756b9a9 100644
--- a/circuits/basics/binary_ops/gates/multi_xor/test/multi_xor.test.js
+++ b/circuits/basics/binary_ops/gates/multi_xor/test/multi_xor.test.js
@@ -13,15 +13,15 @@ describe("MultiXOR test", function () {
let circuit;
before( async() => {
- circuit = await tester(path.join(__dirname, "multixor_test.circom"));
+ circuit = await tester(path.join(__dirname, "multi_xor.test.circom"));
});
- it("Even amount of 1s outputs FALSE", async () => {
+ it("Should even amount of inputs 1 output FALSE", async () => {
const witness = await circuit.calculateWitness({"in": [1,1,0,0,0]}, true);
await circuit.assertOut(witness, {out: 0});
});
- it("Odd amount of 1s outputs TRUE", async () => {
+ it("Should odd amount of inputs 1 output TRUE", async () => {
const witness = await circuit.calculateWitness({"in": [0,1,1,0,1]}, true);
await circuit.assertOut(witness, {out: 1});
});
diff --git a/circuits/basics/binary_ops/gates/nand/README.md b/circuits/basics/binary_ops/gates/nand/README.md
index 0a4d6b29..a4f50af3 100644
--- a/circuits/basics/binary_ops/gates/nand/README.md
+++ b/circuits/basics/binary_ops/gates/nand/README.md
@@ -18,7 +18,7 @@ b ----> |__________|
None.
-## Inputs
+## Expected Inputs
| Input | Type |
| ----- | ----- |
diff --git a/circuits/basics/binary_ops/gates/nand/test/nand.test.circom b/circuits/basics/binary_ops/gates/nand/test/nand.test.circom
index c991f21c..6f22af51 100644
--- a/circuits/basics/binary_ops/gates/nand/test/nand.test.circom
+++ b/circuits/basics/binary_ops/gates/nand/test/nand.test.circom
@@ -1,3 +1,3 @@
-include "nand.circom";
+include "../nand.circom";
component main = NAND()
diff --git a/circuits/basics/binary_ops/gates/nand/test/nand.test.js b/circuits/basics/binary_ops/gates/nand/test/nand.test.js
index 124e8ad0..97908785 100644
--- a/circuits/basics/binary_ops/gates/nand/test/nand.test.js
+++ b/circuits/basics/binary_ops/gates/nand/test/nand.test.js
@@ -13,25 +13,25 @@ describe("NAND test", function () {
let circuit;
before( async() => {
- circuit = await tester(path.join(__dirname, "nand_test.circom"));
+ circuit = await tester(path.join(__dirname, "nand.test.circom"));
});
- it("NOT(1 AND 1) = 0", async () => {
+ it("Should NOT(1 AND 1) = 0", async () => {
const witness = await circuit.calculateWitness({ "a": "1", "b": "1" }, true);
await circuit.assertOut(witness, {out: 0});
});
- it("NOT(1 AND 0) = 1", async () => {
+ it("Should NOT(1 AND 0) = 1", async () => {
const witness = await circuit.calculateWitness({ "a": "1", "b": "0" }, true);
await circuit.assertOut(witness, {out: 1});
});
- it("NOT(0 AND 1) = 0", async () => {
+ it("Should NOT(0 AND 1) = 0", async () => {
const witness = await circuit.calculateWitness({ "a": "0", "b": "1" }, true);
await circuit.assertOut(witness, {out: 1});
});
- it("NOT(0 AND 0) = 1", async () => {
+ it("Shoudl NOT(0 AND 0) = 1", async () => {
const witness = await circuit.calculateWitness({ "a": "0", "b": "0" }, true);
await circuit.assertOut(witness, {out: 1});
});
diff --git a/circuits/basics/binary_ops/gates/nor/README.md b/circuits/basics/binary_ops/gates/nor/README.md
index 4d2868d3..d9127e77 100644
--- a/circuits/basics/binary_ops/gates/nor/README.md
+++ b/circuits/basics/binary_ops/gates/nor/README.md
@@ -18,7 +18,7 @@ b ----> |_________|
None.
-## Inputs
+## Expected Inputs
| Input | Type |
| ----- | ----- |
diff --git a/circuits/basics/binary_ops/gates/nor/test/nor.test.circom b/circuits/basics/binary_ops/gates/nor/test/nor.test.circom
index 1a5692b5..4c321ffe 100644
--- a/circuits/basics/binary_ops/gates/nor/test/nor.test.circom
+++ b/circuits/basics/binary_ops/gates/nor/test/nor.test.circom
@@ -1,3 +1,3 @@
-include "nor.circom";
+include "../nor.circom";
component main = NOR()
diff --git a/circuits/basics/binary_ops/gates/nor/test/nor.test.js b/circuits/basics/binary_ops/gates/nor/test/nor.test.js
index ef9296f8..8bc52a9f 100644
--- a/circuits/basics/binary_ops/gates/nor/test/nor.test.js
+++ b/circuits/basics/binary_ops/gates/nor/test/nor.test.js
@@ -1,37 +1,31 @@
-const chai = require("chai");
const path = require("path");
-
const tester = require("circom").tester;
-const bigInt = require("big-integer");
-
-const assert = chai.assert;
-
describe("NOR test", function () {
this.timeout(100000000);
let circuit;
before( async() => {
- circuit = await tester(path.join(__dirname, "nor_test.circom"));
+ circuit = await tester(path.join(__dirname, "nor.test.circom"));
});
- it("NOT(1 OR 1) = 0", async () => {
+ it("Should NOT(1 OR 1) = 0", async () => {
const witness = await circuit.calculateWitness({ "a": "1", "b": "1" }, true);
await circuit.assertOut(witness, {out: 0});
});
- it("NOT(1 OR 0) = 0", async () => {
+ it("Should NOT(1 OR 0) = 0", async () => {
const witness = await circuit.calculateWitness({ "a": "1", "b": "0" }, true);
await circuit.assertOut(witness, {out: 0});
});
- it("NOT(0 AND 1) = 0", async () => {
+ it("Should NOT(0 AND 1) = 0", async () => {
const witness = await circuit.calculateWitness({ "a": "0", "b": "1" }, true);
await circuit.assertOut(witness, {out: 0});
});
- it("NOT(0 AND 0) = 1", async () => {
+ it("Should NOT(0 AND 0) = 1", async () => {
const witness = await circuit.calculateWitness({ "a": "0", "b": "0" }, true);
await circuit.assertOut(witness, {out: 1});
});
diff --git a/circuits/basics/binary_ops/gates/not/README.md b/circuits/basics/binary_ops/gates/not/README.md
index 9eabaeb4..480202d9 100644
--- a/circuits/basics/binary_ops/gates/not/README.md
+++ b/circuits/basics/binary_ops/gates/not/README.md
@@ -18,7 +18,7 @@ in ----> | NOT() | ----> out
None.
-## Inputs
+## Expected Inputs
| Input | Type |
| ----- | ----- |
diff --git a/circuits/basics/binary_ops/gates/not/test/not.test.circom b/circuits/basics/binary_ops/gates/not/test/not.test.circom
index a1e6a8c0..e89eab3f 100644
--- a/circuits/basics/binary_ops/gates/not/test/not.test.circom
+++ b/circuits/basics/binary_ops/gates/not/test/not.test.circom
@@ -1,3 +1,3 @@
-include "not.circom";
+include "../not.circom";
component main = NOT()
diff --git a/circuits/basics/binary_ops/gates/not/test/not.test.js b/circuits/basics/binary_ops/gates/not/test/not.test.js
index 65ddb289..1797ea3a 100644
--- a/circuits/basics/binary_ops/gates/not/test/not.test.js
+++ b/circuits/basics/binary_ops/gates/not/test/not.test.js
@@ -1,27 +1,21 @@
-const chai = require("chai");
const path = require("path");
-
const tester = require("circom").tester;
-const bigInt = require("big-integer");
-
-const assert = chai.assert;
-
describe("NOT test", function () {
this.timeout(100000000);
let circuit;
before( async() => {
- circuit = await tester(path.join(__dirname, "not_test.circom"));
+ circuit = await tester(path.join(__dirname, "not.test.circom"));
});
- it("NOT 1 = 0", async () => {
+ it("Should NOT 1 = 0", async () => {
const witness = await circuit.calculateWitness({ "in": "1"}, true);
await circuit.assertOut(witness, {out: 0});
});
- it("NOT 0 = 1", async () => {
+ it("Should NOT 0 = 1", async () => {
const witness = await circuit.calculateWitness({ "in": "0"}, true);
await circuit.assertOut(witness, {out: 1});
});
diff --git a/circuits/basics/binary_ops/gates/or/README.md b/circuits/basics/binary_ops/gates/or/README.md
index 90610712..2c75c980 100644
--- a/circuits/basics/binary_ops/gates/or/README.md
+++ b/circuits/basics/binary_ops/gates/or/README.md
@@ -18,7 +18,7 @@ b ----> |________|
None.
-## Inputs
+## Expected Inputs
| Input | Type |
| ----- | ----- |
diff --git a/circuits/basics/binary_ops/gates/or/test/or.test.circom b/circuits/basics/binary_ops/gates/or/test/or.test.circom
index 91396b17..65aad9f6 100644
--- a/circuits/basics/binary_ops/gates/or/test/or.test.circom
+++ b/circuits/basics/binary_ops/gates/or/test/or.test.circom
@@ -1,3 +1,3 @@
-include "or.circom";
+include "../or.circom";
component main = OR()
diff --git a/circuits/basics/binary_ops/gates/or/test/or.test.js b/circuits/basics/binary_ops/gates/or/test/or.test.js
index 0780e91a..8f3f9b2f 100644
--- a/circuits/basics/binary_ops/gates/or/test/or.test.js
+++ b/circuits/basics/binary_ops/gates/or/test/or.test.js
@@ -13,25 +13,25 @@ describe("OR test", function () {
let circuit;
before( async() => {
- circuit = await tester(path.join(__dirname, "or_test.circom"));
+ circuit = await tester(path.join(__dirname, "or.test.circom"));
});
- it("1 OR 1 = 1", async () => {
+ it("Should 1 OR 1 = 1", async () => {
const witness = await circuit.calculateWitness({ "a": "1", "b": "1" }, true);
await circuit.assertOut(witness, {out: 1});
});
- it("1 OR 0 = 0", async () => {
+ it("Should 1 OR 0 = 0", async () => {
const witness = await circuit.calculateWitness({ "a": "1", "b": "0" }, true);
await circuit.assertOut(witness, {out: 1});
});
- it("0 OR 1 = 1", async () => {
+ it("Should 0 OR 1 = 1", async () => {
const witness = await circuit.calculateWitness({ "a": "0", "b": "1" }, true);
await circuit.assertOut(witness, {out: 1});
});
- it("0 OR 0 = 0", async () => {
+ it("Should 0 OR 0 = 0", async () => {
const witness = await circuit.calculateWitness({ "a": "0", "b": "0" }, true);
await circuit.assertOut(witness, {out: 0});
});
diff --git a/circuits/basics/binary_ops/gates/xor/README.md b/circuits/basics/binary_ops/gates/xor/README.md
index 0f6e9abb..cca1b953 100644
--- a/circuits/basics/binary_ops/gates/xor/README.md
+++ b/circuits/basics/binary_ops/gates/xor/README.md
@@ -19,7 +19,7 @@ b ----> |_________|
None.
-## Inputs
+## Expected Inputs
| Input | Type |
| ----- | ----- |
diff --git a/circuits/basics/binary_ops/gates/xor/test/xor.test.circom b/circuits/basics/binary_ops/gates/xor/test/xor.test.circom
index 96735f7a..15470bfe 100644
--- a/circuits/basics/binary_ops/gates/xor/test/xor.test.circom
+++ b/circuits/basics/binary_ops/gates/xor/test/xor.test.circom
@@ -1,3 +1,3 @@
-include "xor.circom";
+include "../xor.circom";
component main = XOR()
diff --git a/circuits/basics/binary_ops/gates/xor/test/xor.test.js b/circuits/basics/binary_ops/gates/xor/test/xor.test.js
index bb389067..1c952625 100644
--- a/circuits/basics/binary_ops/gates/xor/test/xor.test.js
+++ b/circuits/basics/binary_ops/gates/xor/test/xor.test.js
@@ -13,25 +13,25 @@ describe("XOR test", function () {
let circuit;
before( async() => {
- circuit = await tester(path.join(__dirname, "xor_test.circom"));
+ circuit = await tester(path.join(__dirname, "xor.test.circom"));
});
- it("1 XOR 1 = 0", async () => {
+ it("Should 1 XOR 1 = 0", async () => {
const witness = await circuit.calculateWitness({ "a": "1", "b": "1" }, true);
await circuit.assertOut(witness, {out: 0});
});
- it("1 XOR 0 = 1", async () => {
+ it("Should 1 XOR 0 = 1", async () => {
const witness = await circuit.calculateWitness({ "a": "1", "b": "0" }, true);
await circuit.assertOut(witness, {out: 1});
});
- it("0 XOR 1 = 1", async () => {
+ it("Should 0 XOR 1 = 1", async () => {
const witness = await circuit.calculateWitness({ "a": "0", "b": "1" }, true);
await circuit.assertOut(witness, {out: 1});
});
- it("0 XOR 0 = 0", async () => {
+ it("Should 0 XOR 0 = 0", async () => {
const witness = await circuit.calculateWitness({ "a": "0", "b": "0" }, true);
await circuit.assertOut(witness, {out: 0});
});
diff --git a/circuits/basics/bitify/README.md b/circuits/basics/bitify/README.md
index 237a13d6..6aecdb91 100644
--- a/circuits/basics/bitify/README.md
+++ b/circuits/basics/bitify/README.md
@@ -2,7 +2,7 @@
## Description
-This folder contains the templates to perform conversions of numbers to binary and the other way round. Each folder contains the particular template, a test and a README file specifying the template details.
+This folder contains the templates to perform conversions of field elements to its binary representation and viceversa.
## Structure
diff --git a/circuits/basics/bitify/bits2num/README.md b/circuits/basics/bitify/bits2num/README.md
index 80beb670..a898a475 100644
--- a/circuits/basics/bitify/bits2num/README.md
+++ b/circuits/basics/bitify/bits2num/README.md
@@ -23,11 +23,11 @@ in[n] ----> | Bits2Num(n) | ----> out
None.
-## Inputs
+## Expected Inputs
| Input | Type | Representation |
| ------------- | ------------- | ------------- |
-| `in[n]` | Binary array of `n` bits | The encoding is considered with the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering). |
+| `in[n]` | Binary array of `n` bits | The encoding is expected in the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering). |
## Outputs
diff --git a/circuits/basics/bitify/bits2num_strict/README.md b/circuits/basics/bitify/bits2num_strict/README.md
index de718c0c..da92c606 100644
--- a/circuits/basics/bitify/bits2num_strict/README.md
+++ b/circuits/basics/bitify/bits2num_strict/README.md
@@ -20,15 +20,15 @@ in[n] ----> | Bits2Num_strict() | ----> out
## Dependencies
```
-include "../../aliascheck/aliascheck.circom";
+include "../../comparators/alias_check/alias_check.circom";
include "../bits2num/bits2num.circom";
```
-## Inputs
+## Expected Inputs
| Input | Type | Representation |
| ------------- | ------------- | ------------- |
-| `in[n]` | Binary array of `n` bits | The encoding is considered with the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering). |
+| `in[n]` | Binary array of `n` bits | The encoding is expected in the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering). |
## Outputs
diff --git a/circuits/basics/bitify/bits2num_strict/bits2num_strict.circom b/circuits/basics/bitify/bits2num_strict/bits2num_strict.circom
index a7472bb4..f06f2d61 100644
--- a/circuits/basics/bitify/bits2num_strict/bits2num_strict.circom
+++ b/circuits/basics/bitify/bits2num_strict/bits2num_strict.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../../aliascheck/aliascheck.circom";
+include "../../comparators/alias_check/alias_check.circom";
include "../bits2num/bits2num.circom"
template Bits2Num_strict() {
diff --git a/circuits/basics/bitify/num2bits/README.md b/circuits/basics/bitify/num2bits/README.md
index 4358c81c..1a8944df 100644
--- a/circuits/basics/bitify/num2bits/README.md
+++ b/circuits/basics/bitify/num2bits/README.md
@@ -18,7 +18,7 @@ in ----> | Num2Bits(n) | ----> out[n]
None.
-## Inputs
+## Expected Inputs
| Input | Type |
| ------------- | ------------- |
@@ -28,7 +28,7 @@ None.
| Output | Type | Description |
| ------------- | ------------- | ---------- |
-| `out[n]` | Binary array of `n` bits | Binary representation of the field element `in`. The encoding used is the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) scheme. |
+| `out[n]` | Binary array of `n` bits | Binary representation of the field element `in` using the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) encoding. |
## Benchmarks
diff --git a/circuits/basics/bitify/num2bits_strict/README.md b/circuits/basics/bitify/num2bits_strict/README.md
index ae694cf4..da890cf7 100644
--- a/circuits/basics/bitify/num2bits_strict/README.md
+++ b/circuits/basics/bitify/num2bits_strict/README.md
@@ -23,7 +23,7 @@ include "../num2bits/num2bits.circom"```
```
-## Inputs
+## Expected Inputs
| Input | Type |
| ------------- | ------------- |
@@ -33,7 +33,7 @@ include "../num2bits/num2bits.circom"```
| Output | Type | Description |
| ------------- | ------------- | ---------- |
-| `out[254]` | Binary array of `254` bits | Binary representation of the field element `in`. The encoding used is the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) scheme. |
+| `out[254]` | Binary array of `254` bits | Binary representation of the field element `in` using the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) encoding. |
## Benchmarks
diff --git a/circuits/basics/bitify/num2bits_strict/num2bits_strict.circom b/circuits/basics/bitify/num2bits_strict/num2bits_strict.circom
index 51f2f569..c0e191e3 100644
--- a/circuits/basics/bitify/num2bits_strict/num2bits_strict.circom
+++ b/circuits/basics/bitify/num2bits_strict/num2bits_strict.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../../aliascheck/aliascheck.circom";
+include "../../comparators/alias_check/alias_check.circom";
include "../num2bits/num2bits.circom"
template Num2Bits_strict() {
diff --git a/circuits/basics/bitify/num2bitsneg/README.md b/circuits/basics/bitify/num2bitsneg/README.md
index 4a6e1676..0a1ca289 100644
--- a/circuits/basics/bitify/num2bitsneg/README.md
+++ b/circuits/basics/bitify/num2bitsneg/README.md
@@ -16,7 +16,7 @@ in ----> | Num2BitsNeg(n) | ----> out[n]
## Dependencies
```
-include "../../comparators/iszero/iszero.circom";
+include "../../comparators/is_zero/is_zero.circom";
```
signal input in;
@@ -32,7 +32,7 @@ include "../../comparators/iszero/iszero.circom";
| Output | Type | Description |
| ------------- | ------------- | ---------- |
-| `out[n]` | Binary array of `n` bits | Binary representation of the field element `in`. The encoding used is the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) scheme. TODO: ADD THE NEG PART. |
+| `out[n]` | Binary array of `n` bits | Binary representation of the field element `in` using the [LSB 0 bit numbering](https://en.wikipedia.org/wiki/Bit_numbering#LSB_0_bit_numbering) encoding. TODO: ADD THE NEG PART. |
## Benchmarks
diff --git a/circuits/basics/bitify/num2bitsneg/num2bitsneg.circom b/circuits/basics/bitify/num2bitsneg/num2bitsneg.circom
index 447ba8ec..ec8c91ca 100644
--- a/circuits/basics/bitify/num2bitsneg/num2bitsneg.circom
+++ b/circuits/basics/bitify/num2bitsneg/num2bitsneg.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../../comparators/iszero/iszero.circom";
+include "../../comparators/is_zero/is_zero.circom";
template Num2BitsNeg(n) {
signal input in;
diff --git a/circuits/basics/comparators/README.md b/circuits/basics/comparators/README.md
index ab113f02..ac0ad8e3 100644
--- a/circuits/basics/comparators/README.md
+++ b/circuits/basics/comparators/README.md
@@ -2,14 +2,17 @@
## Description
-This folder contains the templates to perform comparations of numbers. Each folder contains a test and README file specifying the template details.
+This folder contains the templates to perform comparations of binary numbers and field elements.
## Structure
-- [`forceequalifenabled`](forceequalifenabled)
-- [`greatereqthan`](greatereqthan)
-- [`greaterthan`](greaterthan)
-- [`isequal`](isequal)
-- [`iszero`](iszero)
-- [`lesseqthan`](lesseqthan)
-- [`lessthan`](lessthan)
\ No newline at end of file
+- [`alias_check`](alias_check)
+- [`comp_constant`](comp_constant)
+- [`force_equal_if_enabled`](force_equal_if_enabled)
+- [`greater_eq_than`](greater_eq_than)
+- [`greater_than`](greater_than)
+- [`is_equal`](is_equal)
+- [`is_zero`](is_zero)
+- [`less_eq_than`](less_eq_than)
+- [`less_than`](less_than)
+- [`sign`](sign)
\ No newline at end of file
diff --git a/circuits/basics/comparators/aliascheck/README.md b/circuits/basics/comparators/alias_check/README.md
similarity index 100%
rename from circuits/basics/comparators/aliascheck/README.md
rename to circuits/basics/comparators/alias_check/README.md
diff --git a/circuits/basics/comparators/aliascheck/aliascheck.circom b/circuits/basics/comparators/alias_check/alias_check.circom
similarity index 95%
rename from circuits/basics/comparators/aliascheck/aliascheck.circom
rename to circuits/basics/comparators/alias_check/alias_check.circom
index 9833f2f5..d5be3e2a 100644
--- a/circuits/basics/comparators/aliascheck/aliascheck.circom
+++ b/circuits/basics/comparators/alias_check/alias_check.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../compconstant/compconstant.circom";
+include "../comp_constant/comp_constant.circom";
template AliasCheck() {
diff --git a/circuits/basics/comparators/alias_check/test/alias_check.test.circom b/circuits/basics/comparators/alias_check/test/alias_check.test.circom
new file mode 100644
index 00000000..3705e522
--- /dev/null
+++ b/circuits/basics/comparators/alias_check/test/alias_check.test.circom
@@ -0,0 +1,3 @@
+include "../alias_check.circom";
+
+component main = AliasCheck()
diff --git a/circuits/basics/comparators/aliascheck/aliascheck.test.js b/circuits/basics/comparators/alias_check/test/alias_check.test.js
similarity index 96%
rename from circuits/basics/comparators/aliascheck/aliascheck.test.js
rename to circuits/basics/comparators/alias_check/test/alias_check.test.js
index 6c37588e..2929228c 100644
--- a/circuits/basics/comparators/aliascheck/aliascheck.test.js
+++ b/circuits/basics/comparators/alias_check/test/alias_check.test.js
@@ -30,7 +30,7 @@ describe("Aliascheck test", function () {
let cir;
before( async() => {
- cir = await tester(path.join(__dirname, "aliascheck_test.circom"));
+ cir = await tester(path.join(__dirname, "alias_check.test.circom"));
});
it("Satisfy the aliastest 0", async () => {
diff --git a/circuits/basics/comparators/aliascheck/aliascheck_test.circom b/circuits/basics/comparators/aliascheck/aliascheck_test.circom
deleted file mode 100644
index 3feeabbd..00000000
--- a/circuits/basics/comparators/aliascheck/aliascheck_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "aliascheck.circom";
-
-component main = AliasCheck()
diff --git a/circuits/basics/comparators/compconstant/README.md b/circuits/basics/comparators/comp_constant/README.md
similarity index 93%
rename from circuits/basics/comparators/compconstant/README.md
rename to circuits/basics/comparators/comp_constant/README.md
index ae1b8d7e..2607b0d7 100644
--- a/circuits/basics/comparators/compconstant/README.md
+++ b/circuits/basics/comparators/comp_constant/README.md
@@ -16,7 +16,7 @@ in[254] ----> | CompConstant(ct) | ----> out
## Dependencies
```
-include "../bitify/num2bits/num2bits.circom";
+include "../../bitify/num2bits/num2bits.circom";
```
## Inputs
diff --git a/circuits/basics/comparators/compconstant/compconstant.circom b/circuits/basics/comparators/comp_constant/comp_constant.circom
similarity index 97%
rename from circuits/basics/comparators/compconstant/compconstant.circom
rename to circuits/basics/comparators/comp_constant/comp_constant.circom
index aa03ffec..3a15f433 100644
--- a/circuits/basics/comparators/compconstant/compconstant.circom
+++ b/circuits/basics/comparators/comp_constant/comp_constant.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../bitify/num2bits/num2bits.circom";
+include "../../bitify/num2bits/num2bits.circom";
// Returns 1 if in (in binary) > ct
diff --git a/circuits/basics/comparators/forceequalifenabled/README.md b/circuits/basics/comparators/force_equal_if_enabled/README.md
similarity index 93%
rename from circuits/basics/comparators/forceequalifenabled/README.md
rename to circuits/basics/comparators/force_equal_if_enabled/README.md
index 87242434..6d26bdf2 100644
--- a/circuits/basics/comparators/forceequalifenabled/README.md
+++ b/circuits/basics/comparators/force_equal_if_enabled/README.md
@@ -22,7 +22,7 @@ in[2] ----> | ForceEqualIfEnabled() | ----> out
## Dependencies
```
-include "../iszero/iszero.circom";
+include "../is_zero/is_zero.circom";
```
signal input enabled;
diff --git a/circuits/basics/comparators/forceequalifenabled/forceequalifenabled.circom b/circuits/basics/comparators/force_equal_if_enabled/force_equal_if_enabled.circom
similarity index 96%
rename from circuits/basics/comparators/forceequalifenabled/forceequalifenabled.circom
rename to circuits/basics/comparators/force_equal_if_enabled/force_equal_if_enabled.circom
index 73ef8010..479eff84 100644
--- a/circuits/basics/comparators/forceequalifenabled/forceequalifenabled.circom
+++ b/circuits/basics/comparators/force_equal_if_enabled/force_equal_if_enabled.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../iszero/iszero.circom";
+include "../is_zero/is_zero.circom";
template ForceEqualIfEnabled() {
signal input enabled;
diff --git a/circuits/basics/comparators/greatereqthan/README.md b/circuits/basics/comparators/greater_eq_than/README.md
similarity index 95%
rename from circuits/basics/comparators/greatereqthan/README.md
rename to circuits/basics/comparators/greater_eq_than/README.md
index 5dafc74c..d101954e 100644
--- a/circuits/basics/comparators/greatereqthan/README.md
+++ b/circuits/basics/comparators/greater_eq_than/README.md
@@ -18,7 +18,7 @@ in[2] ----> | GreaterEqThan(n) | ----> out
## Dependencies
```
-include "../lessthan/lessthan.circom";
+include "../less_than/less_than.circom";
```
// n is the number of bits of the input.
diff --git a/circuits/basics/comparators/greatereqthan/greatereqthan.circom b/circuits/basics/comparators/greater_eq_than/greater_eq_than.circom
similarity index 96%
rename from circuits/basics/comparators/greatereqthan/greatereqthan.circom
rename to circuits/basics/comparators/greater_eq_than/greater_eq_than.circom
index 42639668..c8228fb2 100644
--- a/circuits/basics/comparators/greatereqthan/greatereqthan.circom
+++ b/circuits/basics/comparators/greater_eq_than/greater_eq_than.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../lessthan/lessthan.circom";
+include "../less_than/less_than.circom";
// n is the number of bits of the input.
// The MSF is the sign bit.
diff --git a/circuits/basics/comparators/greatereqthan/greatereqthan_test.circom b/circuits/basics/comparators/greater_eq_than/test/greater_eq_than.test.circom
similarity index 50%
rename from circuits/basics/comparators/greatereqthan/greatereqthan_test.circom
rename to circuits/basics/comparators/greater_eq_than/test/greater_eq_than.test.circom
index ff9ba9a6..9416b646 100644
--- a/circuits/basics/comparators/greatereqthan/greatereqthan_test.circom
+++ b/circuits/basics/comparators/greater_eq_than/test/greater_eq_than.test.circom
@@ -1,4 +1,4 @@
-include "greatereqthan.circom";
+include "../greater_eq_than.circom";
component main = GreaterEqThan(32);
diff --git a/circuits/basics/comparators/greatereqthan/greatereqthan.test.js b/circuits/basics/comparators/greater_eq_than/test/greater_eq_than.test.js
similarity index 98%
rename from circuits/basics/comparators/greatereqthan/greatereqthan.test.js
rename to circuits/basics/comparators/greater_eq_than/test/greater_eq_than.test.js
index 97092c71..51269217 100644
--- a/circuits/basics/comparators/greatereqthan/greatereqthan.test.js
+++ b/circuits/basics/comparators/greater_eq_than/test/greater_eq_than.test.js
@@ -12,7 +12,7 @@ describe("Greater or Equal Than test", function () {
this.timeout(100000);
it("Should create a comparison greatereqthan", async() => {
- const circuit = await tester(path.join(__dirname, "greatereqthan_test.circom"));
+ const circuit = await tester(path.join(__dirname, "greater_eq_than.test.circom"));
let witness;
witness = await circuit.calculateWitness({ "in": [333,444] }, true);
diff --git a/circuits/basics/comparators/greaterthan/README.md b/circuits/basics/comparators/greater_than/README.md
similarity index 93%
rename from circuits/basics/comparators/greaterthan/README.md
rename to circuits/basics/comparators/greater_than/README.md
index 26b47691..023215f7 100644
--- a/circuits/basics/comparators/greaterthan/README.md
+++ b/circuits/basics/comparators/greater_than/README.md
@@ -18,7 +18,7 @@ in[2] ----> | GreaterThan(n) | ----> out
## Dependencies
```
-include "../lessthan/lessthan.circom";
+include "../less_than/less_than.circom";
```
## Inputs
diff --git a/circuits/basics/comparators/greaterthan/greaterthan.circom b/circuits/basics/comparators/greater_than/greater_than.circom
similarity index 96%
rename from circuits/basics/comparators/greaterthan/greaterthan.circom
rename to circuits/basics/comparators/greater_than/greater_than.circom
index 5316d2a2..9ffed99b 100644
--- a/circuits/basics/comparators/greaterthan/greaterthan.circom
+++ b/circuits/basics/comparators/greater_than/greater_than.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../lessthan/lessthan.circom";
+include "../less_than/less_than.circom";
// N is the number of bits the input have.
// The MSF is the sign bit.
diff --git a/circuits/basics/comparators/greaterthan/greaterthan_test.circom b/circuits/basics/comparators/greater_than/test/greater_than.test.circom
similarity index 51%
rename from circuits/basics/comparators/greaterthan/greaterthan_test.circom
rename to circuits/basics/comparators/greater_than/test/greater_than.test.circom
index c0ab3b28..124b137c 100644
--- a/circuits/basics/comparators/greaterthan/greaterthan_test.circom
+++ b/circuits/basics/comparators/greater_than/test/greater_than.test.circom
@@ -1,4 +1,4 @@
-include "greaterthan.circom";
+include "../greater_than.circom";
component main = GreaterThan(32);
diff --git a/circuits/basics/comparators/greaterthan/greaterthan.test.js b/circuits/basics/comparators/greater_than/test/greater_than.test.js
similarity index 98%
rename from circuits/basics/comparators/greaterthan/greaterthan.test.js
rename to circuits/basics/comparators/greater_than/test/greater_than.test.js
index 22165c6e..132b97ed 100644
--- a/circuits/basics/comparators/greaterthan/greaterthan.test.js
+++ b/circuits/basics/comparators/greater_than/test/greater_than.test.js
@@ -13,7 +13,7 @@ describe("Greater Than test", function () {
it("Should create a comparison greaterthan", async() => {
- const circuit = await tester(path.join(__dirname, "greaterthan_test.circom"));
+ const circuit = await tester(path.join(__dirname, "greater_than.test.circom"));
let witness;
witness = await circuit.calculateWitness({ "in": [333,444] }, true);
diff --git a/circuits/basics/comparators/isequal/README.md b/circuits/basics/comparators/is_equal/README.md
similarity index 93%
rename from circuits/basics/comparators/isequal/README.md
rename to circuits/basics/comparators/is_equal/README.md
index 11aa7fcf..067ec340 100644
--- a/circuits/basics/comparators/isequal/README.md
+++ b/circuits/basics/comparators/is_equal/README.md
@@ -16,7 +16,7 @@ in[2] ----> | IsEqual() | ----> out
## Dependencies
```
-include "../iszero/iszero.circom";
+include "../is_zero/is_zero.circom";
```
## Inputs
diff --git a/circuits/basics/comparators/isequal/isequal.circom b/circuits/basics/comparators/is_equal/is_equal.circom
similarity index 96%
rename from circuits/basics/comparators/isequal/isequal.circom
rename to circuits/basics/comparators/is_equal/is_equal.circom
index c24ebb95..920ef3f6 100644
--- a/circuits/basics/comparators/isequal/isequal.circom
+++ b/circuits/basics/comparators/is_equal/is_equal.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../iszero/iszero.circom";
+include "../is_zero/is_zero.circom";
template IsEqual() {
signal input in[2];
diff --git a/circuits/basics/comparators/is_equal/test/is_equal.test.circom b/circuits/basics/comparators/is_equal/test/is_equal.test.circom
new file mode 100644
index 00000000..ffd55da2
--- /dev/null
+++ b/circuits/basics/comparators/is_equal/test/is_equal.test.circom
@@ -0,0 +1,3 @@
+include "../is_equal.circom";
+
+component main = IsEqual();
diff --git a/circuits/basics/comparators/isequal/isequal.test.js b/circuits/basics/comparators/is_equal/test/is_equal.test.js
similarity index 88%
rename from circuits/basics/comparators/isequal/isequal.test.js
rename to circuits/basics/comparators/is_equal/test/is_equal.test.js
index 56342667..9663c667 100644
--- a/circuits/basics/comparators/isequal/isequal.test.js
+++ b/circuits/basics/comparators/is_equal/test/is_equal.test.js
@@ -12,7 +12,7 @@ describe("Is Equal test", function () {
this.timeout(100000);
it("Should create a isequal circuit", async() => {
- const circuit = await tester(path.join(__dirname, "isequal_test.circom"));
+ const circuit = await tester(path.join(__dirname, "is_equal.test.circom"));
let witness;
witness = await circuit.calculateWitness({ "in": [111,222] }, true);
diff --git a/circuits/basics/comparators/iszero/README.md b/circuits/basics/comparators/is_zero/README.md
similarity index 100%
rename from circuits/basics/comparators/iszero/README.md
rename to circuits/basics/comparators/is_zero/README.md
diff --git a/circuits/basics/comparators/iszero/iszero.circom b/circuits/basics/comparators/is_zero/is_zero.circom
similarity index 100%
rename from circuits/basics/comparators/iszero/iszero.circom
rename to circuits/basics/comparators/is_zero/is_zero.circom
diff --git a/circuits/basics/comparators/is_zero/test/is_zero.test.circom b/circuits/basics/comparators/is_zero/test/is_zero.test.circom
new file mode 100644
index 00000000..b9b61cbd
--- /dev/null
+++ b/circuits/basics/comparators/is_zero/test/is_zero.test.circom
@@ -0,0 +1,3 @@
+include "../is_zero.circom";
+
+component main = IsZero();
diff --git a/circuits/basics/comparators/iszero/iszero.test.js b/circuits/basics/comparators/is_zero/test/is_zero.test.js
similarity index 88%
rename from circuits/basics/comparators/iszero/iszero.test.js
rename to circuits/basics/comparators/is_zero/test/is_zero.test.js
index ad61db7d..1d5ad60b 100644
--- a/circuits/basics/comparators/iszero/iszero.test.js
+++ b/circuits/basics/comparators/is_zero/test/is_zero.test.js
@@ -12,7 +12,7 @@ describe("Is Zero test", function () {
this.timeout(100000);
it("Should create a iszero circuit", async() => {
- const circuit = await tester(path.join(__dirname, "iszero_test.circom"));
+ const circuit = await tester(path.join(__dirname, "is_zero.test.circom"));
let witness;
witness = await circuit.calculateWitness({ "in": 111}, true);
diff --git a/circuits/basics/comparators/isequal/isequal_test.circom b/circuits/basics/comparators/isequal/isequal_test.circom
deleted file mode 100644
index dd2cc1ff..00000000
--- a/circuits/basics/comparators/isequal/isequal_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "isequal.circom";
-
-component main = IsEqual();
diff --git a/circuits/basics/comparators/iszero/iszero_test.circom b/circuits/basics/comparators/iszero/iszero_test.circom
deleted file mode 100644
index 7e57cacf..00000000
--- a/circuits/basics/comparators/iszero/iszero_test.circom
+++ /dev/null
@@ -1,3 +0,0 @@
-include "iszero.circom";
-
-component main = IsZero();
diff --git a/circuits/basics/comparators/lesseqthan/README.md b/circuits/basics/comparators/less_eq_than/README.md
similarity index 100%
rename from circuits/basics/comparators/lesseqthan/README.md
rename to circuits/basics/comparators/less_eq_than/README.md
diff --git a/circuits/basics/comparators/lesseqthan/lesseqthan.circom b/circuits/basics/comparators/less_eq_than/less_eq_than.circom
similarity index 96%
rename from circuits/basics/comparators/lesseqthan/lesseqthan.circom
rename to circuits/basics/comparators/less_eq_than/less_eq_than.circom
index b7240eea..577dee59 100644
--- a/circuits/basics/comparators/lesseqthan/lesseqthan.circom
+++ b/circuits/basics/comparators/less_eq_than/less_eq_than.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../lessthan/lessthan.circom";
+include "../less_than/less_than.circom";
// N is the number of bits the input have.
// The MSF is the sign bit.
diff --git a/circuits/basics/comparators/lesseqthan/lesseqthan_test.circom b/circuits/basics/comparators/less_eq_than/test/less_eq_than.test.circom
similarity index 50%
rename from circuits/basics/comparators/lesseqthan/lesseqthan_test.circom
rename to circuits/basics/comparators/less_eq_than/test/less_eq_than.test.circom
index 376e6f23..e478e281 100644
--- a/circuits/basics/comparators/lesseqthan/lesseqthan_test.circom
+++ b/circuits/basics/comparators/less_eq_than/test/less_eq_than.test.circom
@@ -1,3 +1,3 @@
-include "lesseqthan.circom";
+include "../less_eq_than.circom";
component main = LessEqThan(32);
diff --git a/circuits/basics/comparators/lesseqthan/lesseqthan.test.js b/circuits/basics/comparators/less_eq_than/test/less_eq_than.test.js
similarity index 95%
rename from circuits/basics/comparators/lesseqthan/lesseqthan.test.js
rename to circuits/basics/comparators/less_eq_than/test/less_eq_than.test.js
index 3c97503c..2b32ddc1 100644
--- a/circuits/basics/comparators/lesseqthan/lesseqthan.test.js
+++ b/circuits/basics/comparators/less_eq_than/test/less_eq_than.test.js
@@ -13,7 +13,7 @@ describe("Less or Equal Than test", function () {
it("Should create a comparison lesseqthan", async() => {
- const circuit = await tester(path.join(__dirname, "lesseqthan_test.circom"));
+ const circuit = await tester(path.join(__dirname, "less_eq_than.test.circom"));
let witness;
witness = await circuit.calculateWitness({ "in": [333,444] }, true);
diff --git a/circuits/basics/comparators/lessthan/README.md b/circuits/basics/comparators/less_than/README.md
similarity index 100%
rename from circuits/basics/comparators/lessthan/README.md
rename to circuits/basics/comparators/less_than/README.md
diff --git a/circuits/basics/comparators/lessthan/lessthan.circom b/circuits/basics/comparators/less_than/less_than.circom
similarity index 100%
rename from circuits/basics/comparators/lessthan/lessthan.circom
rename to circuits/basics/comparators/less_than/less_than.circom
diff --git a/circuits/basics/comparators/lessthan/lessthan_test.circom b/circuits/basics/comparators/less_than/test/less_than.test.circom
similarity index 50%
rename from circuits/basics/comparators/lessthan/lessthan_test.circom
rename to circuits/basics/comparators/less_than/test/less_than.test.circom
index a624ca4b..a3afbded 100644
--- a/circuits/basics/comparators/lessthan/lessthan_test.circom
+++ b/circuits/basics/comparators/less_than/test/less_than.test.circom
@@ -1,3 +1,3 @@
-include "lessthan.circom";
+include "../less_than.circom";
component main = LessThan(32);
diff --git a/circuits/basics/comparators/lessthan/lessthan.test.js b/circuits/basics/comparators/less_than/test/less_than.test.js
similarity index 95%
rename from circuits/basics/comparators/lessthan/lessthan.test.js
rename to circuits/basics/comparators/less_than/test/less_than.test.js
index becbbf07..d564da8c 100644
--- a/circuits/basics/comparators/lessthan/lessthan.test.js
+++ b/circuits/basics/comparators/less_than/test/less_than.test.js
@@ -12,7 +12,7 @@ describe("Less Than test", function () {
this.timeout(100000);
it("Should create a comparison lessthan", async() => {
- const circuit = await tester(path.join(__dirname, "lessthan_test.circom"));
+ const circuit = await tester(path.join(__dirname, "less_than.test.circom"));
let witness;
witness = await circuit.calculateWitness({ "in": [333,444] }), true;
diff --git a/circuits/basics/comparators/sign/sign.circom b/circuits/basics/comparators/sign/sign.circom
index 63f597b5..98a599d4 100644
--- a/circuits/basics/comparators/sign/sign.circom
+++ b/circuits/basics/comparators/sign/sign.circom
@@ -17,7 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../compconstant/compconstant.circom";
+include "../comp_constant/comp_constant.circom";
template Sign() {
signal input in[254];
diff --git a/circuits/basics/comparators/sign/sign_test.circom b/circuits/basics/comparators/sign/test/sign.test.circom
similarity index 50%
rename from circuits/basics/comparators/sign/sign_test.circom
rename to circuits/basics/comparators/sign/test/sign.test.circom
index 394e465f..14ceda17 100644
--- a/circuits/basics/comparators/sign/sign_test.circom
+++ b/circuits/basics/comparators/sign/test/sign.test.circom
@@ -1,3 +1,3 @@
-include "sign.circom";
+include "../sign.circom";
component main = Sign();
diff --git a/circuits/basics/comparators/sign/sign.test.js b/circuits/basics/comparators/sign/test/sign.test.js
similarity index 97%
rename from circuits/basics/comparators/sign/sign.test.js
rename to circuits/basics/comparators/sign/test/sign.test.js
index b057afe8..feb4b218 100644
--- a/circuits/basics/comparators/sign/sign.test.js
+++ b/circuits/basics/comparators/sign/test/sign.test.js
@@ -25,7 +25,7 @@ describe("Sign test", function() {
this.timeout(100000);
before( async() => {
- circuit = await tester(path.join(__dirname, "sign_test.circom"));
+ circuit = await tester(path.join(__dirname, "sign.test.circom"));
});
it("Sign of 0", async () => {
diff --git a/circuits/basics/multiplexer/decoder/README.md b/circuits/basics/multiplexer/decoder/README.md
deleted file mode 100644
index 5266cfb9..00000000
--- a/circuits/basics/multiplexer/decoder/README.md
+++ /dev/null
@@ -1,19 +0,0 @@
-# `Decoder(w)`
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
-## Description
-
-## Schema
-
-## Dependencies
-
-## Inputs
-
-## Outputs
-
-## Benchmarks
-
-## Test
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/mux/multimux1/README.md b/circuits/basics/multiplexer/multimux1/README.md
similarity index 100%
rename from circuits/basics/multiplexer/mux/multimux1/README.md
rename to circuits/basics/multiplexer/multimux1/README.md
diff --git a/circuits/basics/multiplexer/mux/multimux2/README.md b/circuits/basics/multiplexer/multimux2/README.md
similarity index 100%
rename from circuits/basics/multiplexer/mux/multimux2/README.md
rename to circuits/basics/multiplexer/multimux2/README.md
diff --git a/circuits/basics/multiplexer/mux/multimux2/multimux2.circom b/circuits/basics/multiplexer/multimux2/multimux2.circom
similarity index 100%
rename from circuits/basics/multiplexer/mux/multimux2/multimux2.circom
rename to circuits/basics/multiplexer/multimux2/multimux2.circom
diff --git a/circuits/basics/multiplexer/mux/multimux3/README.md b/circuits/basics/multiplexer/multimux3/README.md
similarity index 100%
rename from circuits/basics/multiplexer/mux/multimux3/README.md
rename to circuits/basics/multiplexer/multimux3/README.md
diff --git a/circuits/basics/multiplexer/mux/multimux3/multimux3.circom b/circuits/basics/multiplexer/multimux3/multimux3.circom
similarity index 100%
rename from circuits/basics/multiplexer/mux/multimux3/multimux3.circom
rename to circuits/basics/multiplexer/multimux3/multimux3.circom
diff --git a/circuits/basics/multiplexer/mux/multimux4/README.md b/circuits/basics/multiplexer/multimux4/README.md
similarity index 100%
rename from circuits/basics/multiplexer/mux/multimux4/README.md
rename to circuits/basics/multiplexer/multimux4/README.md
diff --git a/circuits/basics/multiplexer/mux/multimux4/multimux4.circom b/circuits/basics/multiplexer/multimux4/multimux4.circom
similarity index 100%
rename from circuits/basics/multiplexer/mux/multimux4/multimux4.circom
rename to circuits/basics/multiplexer/multimux4/multimux4.circom
diff --git a/circuits/basics/multiplexer/decoder/decoder.circom b/circuits/basics/multiplexer/multiplexer/.src/decoder.circom
similarity index 100%
rename from circuits/basics/multiplexer/decoder/decoder.circom
rename to circuits/basics/multiplexer/multiplexer/.src/decoder.circom
diff --git a/circuits/basics/multiplexer/scalarproduct/scalarproduct.circom b/circuits/basics/multiplexer/multiplexer/.src/scalarproduct.circom
similarity index 100%
rename from circuits/basics/multiplexer/scalarproduct/scalarproduct.circom
rename to circuits/basics/multiplexer/multiplexer/.src/scalarproduct.circom
diff --git a/circuits/basics/multiplexer/README.md b/circuits/basics/multiplexer/multiplexer/README.md
similarity index 82%
rename from circuits/basics/multiplexer/README.md
rename to circuits/basics/multiplexer/multiplexer/README.md
index afcfe5d8..e33018c6 100644
--- a/circuits/basics/multiplexer/README.md
+++ b/circuits/basics/multiplexer/multiplexer/README.md
@@ -1,12 +1,14 @@
# `multiplexer`
+TODO: Change it to Multiplexer description!
+
# `Multiplexer(wIn, nIn)`
## Description
This folder contains the templates to talkdfjlasjdf. Each folder contains a test and README file specifying the template details.
-## Structure
+It uses blabla
- [`decoder`](decoder)
- [`multiplexer`](multiplexer)
diff --git a/circuits/basics/multiplexer/multiplexer.circom b/circuits/basics/multiplexer/multiplexer/multiplexer.circom
similarity index 93%
rename from circuits/basics/multiplexer/multiplexer.circom
rename to circuits/basics/multiplexer/multiplexer/multiplexer.circom
index a955a0f5..056e7f37 100644
--- a/circuits/basics/multiplexer/multiplexer.circom
+++ b/circuits/basics/multiplexer/multiplexer/multiplexer.circom
@@ -17,8 +17,8 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include "../decoder/decoder.circom";
-include "../scalarproduct/scalarproduct.circom";
+include ".src/decoder.circom";
+include ".src/scalarproduct.circom";
template Multiplexer(wIn, nIn) {
signal input inp[nIn][wIn];
diff --git a/circuits/basics/multiplexer/mux/README.md b/circuits/basics/multiplexer/mux/README.md
deleted file mode 100644
index 6ab6bbe9..00000000
--- a/circuits/basics/multiplexer/mux/README.md
+++ /dev/null
@@ -1,16 +0,0 @@
-# `mux`
-
-## Description
-
-This folder contains the templates to talkdfjlasjdf. Each folder contains a test and README file specifying the template details.
-
-## Structure
-
-- [`multimux1`](multimux1)
-- [`multimux2`](multimux2)
-- [`multimux3`](multimux3)
-- [`multimux4`](multimux4)
-- [`mux1`](mux1)
-- [`mux2`](mux2)
-- [`mux3`](mux3)
-- [`mux4`](mux4)
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/mux/mux1/README.md b/circuits/basics/multiplexer/mux1/README.md
similarity index 100%
rename from circuits/basics/multiplexer/mux/mux1/README.md
rename to circuits/basics/multiplexer/mux1/README.md
diff --git a/circuits/basics/multiplexer/mux/mux1/mux1.circom b/circuits/basics/multiplexer/mux1/mux1.circom
similarity index 100%
rename from circuits/basics/multiplexer/mux/mux1/mux1.circom
rename to circuits/basics/multiplexer/mux1/mux1.circom
diff --git a/circuits/basics/multiplexer/mux/mux1/mux1_1.circom b/circuits/basics/multiplexer/mux1/mux1_1.circom
similarity index 100%
rename from circuits/basics/multiplexer/mux/mux1/mux1_1.circom
rename to circuits/basics/multiplexer/mux1/mux1_1.circom
diff --git a/circuits/basics/multiplexer/mux/mux2/README.md b/circuits/basics/multiplexer/mux2/README.md
similarity index 100%
rename from circuits/basics/multiplexer/mux/mux2/README.md
rename to circuits/basics/multiplexer/mux2/README.md
diff --git a/circuits/basics/multiplexer/mux/mux2/mux2.circom b/circuits/basics/multiplexer/mux2/mux2.circom
similarity index 100%
rename from circuits/basics/multiplexer/mux/mux2/mux2.circom
rename to circuits/basics/multiplexer/mux2/mux2.circom
diff --git a/circuits/basics/multiplexer/mux/mux2/mux2_1.circom b/circuits/basics/multiplexer/mux2/mux2_1.circom
similarity index 100%
rename from circuits/basics/multiplexer/mux/mux2/mux2_1.circom
rename to circuits/basics/multiplexer/mux2/mux2_1.circom
diff --git a/circuits/basics/multiplexer/mux/mux3/README.md b/circuits/basics/multiplexer/mux3/README.md
similarity index 100%
rename from circuits/basics/multiplexer/mux/mux3/README.md
rename to circuits/basics/multiplexer/mux3/README.md
diff --git a/circuits/basics/multiplexer/mux/mux3/mux3.circom b/circuits/basics/multiplexer/mux3/mux3.circom
similarity index 100%
rename from circuits/basics/multiplexer/mux/mux3/mux3.circom
rename to circuits/basics/multiplexer/mux3/mux3.circom
diff --git a/circuits/basics/multiplexer/mux/mux3/mux3_1.circom b/circuits/basics/multiplexer/mux3/mux3_1.circom
similarity index 100%
rename from circuits/basics/multiplexer/mux/mux3/mux3_1.circom
rename to circuits/basics/multiplexer/mux3/mux3_1.circom
diff --git a/circuits/basics/multiplexer/mux/mux4/README.md b/circuits/basics/multiplexer/mux4/README.md
similarity index 100%
rename from circuits/basics/multiplexer/mux/mux4/README.md
rename to circuits/basics/multiplexer/mux4/README.md
diff --git a/circuits/basics/multiplexer/mux/mux4/mux4.circom b/circuits/basics/multiplexer/mux4/mux4.circom
similarity index 100%
rename from circuits/basics/multiplexer/mux/mux4/mux4.circom
rename to circuits/basics/multiplexer/mux4/mux4.circom
diff --git a/circuits/basics/multiplexer/mux/mux4/mux4_1.circom b/circuits/basics/multiplexer/mux4/mux4_1.circom
similarity index 100%
rename from circuits/basics/multiplexer/mux/mux4/mux4_1.circom
rename to circuits/basics/multiplexer/mux4/mux4_1.circom
diff --git a/circuits/basics/multiplexer/scalarproduct/README.md b/circuits/basics/multiplexer/scalarproduct/README.md
deleted file mode 100644
index 5bf52839..00000000
--- a/circuits/basics/multiplexer/scalarproduct/README.md
+++ /dev/null
@@ -1,19 +0,0 @@
-# `ScalarProduct(w)`
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
-
-## Description
-
-## Schema
-
-## Dependencies
-
-## Inputs
-
-## Outputs
-
-## Benchmarks
-
-## Test
\ No newline at end of file
diff --git a/circuits/crypto_templates/README.md b/circuits/crypto/README.md
similarity index 100%
rename from circuits/crypto_templates/README.md
rename to circuits/crypto/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/README.md b/circuits/crypto/baby_jubjub/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/README.md
rename to circuits/crypto/baby_jubjub/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/README.md b/circuits/crypto/baby_jubjub/edwards/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/README.md
rename to circuits/crypto/baby_jubjub/edwards/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babyadd/README.md b/circuits/crypto/baby_jubjub/edwards/babyadd/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/babyadd/README.md
rename to circuits/crypto/baby_jubjub/edwards/babyadd/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd.circom b/circuits/crypto/baby_jubjub/edwards/babyadd/babyadd.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd.circom
rename to circuits/crypto/baby_jubjub/edwards/babyadd/babyadd.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd.test.js b/circuits/crypto/baby_jubjub/edwards/babyadd/babyadd.test.js
similarity index 92%
rename from circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd.test.js
rename to circuits/crypto/baby_jubjub/edwards/babyadd/babyadd.test.js
index 4fc7ae30..ff86835e 100644
--- a/circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd.test.js
+++ b/circuits/crypto/baby_jubjub/edwards/babyadd/babyadd.test.js
@@ -15,7 +15,7 @@ describe("Baby Jubjub twisted Edwards addition test", function () {
circuit = await tester(path.join(__dirname, "babyadd_test.circom"));
});
- it("It should add the points (0,1) and (0,1)", async () => {
+ it("Should add the points (0,1) and (0,1)", async () => {
const input={
x1: bigInt(0),
@@ -29,7 +29,7 @@ describe("Baby Jubjub twisted Edwards addition test", function () {
await circuit.assertOut(w, {xout: bigInt(0), yout: bigInt(1)});
});
- it("It should add the 2 same points", async () => {
+ it("Should add the 2 same points", async () => {
const input={
x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
@@ -46,7 +46,7 @@ describe("Baby Jubjub twisted Edwards addition test", function () {
});
});
- it("It should add 2 different points", async () => {
+ it("Should add 2 different points", async () => {
const input={
x1: bigInt("17777552123799933955779906779655732241715742912184938656739573121738514868268"),
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd_test.circom b/circuits/crypto/baby_jubjub/edwards/babyadd/babyadd_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/babyadd/babyadd_test.circom
rename to circuits/crypto/baby_jubjub/edwards/babyadd/babyadd_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babycheck/README.md b/circuits/crypto/baby_jubjub/edwards/babycheck/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/babycheck/README.md
rename to circuits/crypto/baby_jubjub/edwards/babycheck/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck.circom b/circuits/crypto/baby_jubjub/edwards/babycheck/babycheck.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck.circom
rename to circuits/crypto/baby_jubjub/edwards/babycheck/babycheck.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck.test.js b/circuits/crypto/baby_jubjub/edwards/babycheck/babycheck.test.js
similarity index 85%
rename from circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck.test.js
rename to circuits/crypto/baby_jubjub/edwards/babycheck/babycheck.test.js
index 0244d8d4..2cdc74a4 100644
--- a/circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck.test.js
+++ b/circuits/crypto/baby_jubjub/edwards/babycheck/babycheck.test.js
@@ -15,13 +15,13 @@ describe("Baby Jubjub twisted Edwards check test", function () {
circuit = await tester(path.join(__dirname, "babycheck_test.circom"));
});
- it("It should check that (0,1) is a valid point", async() => {
+ it("Should check that (0,1) is a valid point", async() => {
const w = await circuit.calculateWitness({x: 0, y:1}, true);
await circuit.checkConstraints(w);
});
- it("It should check that (1,0) is an invalid point", async() => {
+ it("Should check that (1,0) is an invalid point", async() => {
try {
await circuit.calculateWitness({x: 1, y: 0}, true);
assert(false, "Should be a valid point");
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck_test.circom b/circuits/crypto/baby_jubjub/edwards/babycheck/babycheck_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/babycheck/babycheck_test.circom
rename to circuits/crypto/baby_jubjub/edwards/babycheck/babycheck_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babydbl/README.md b/circuits/crypto/baby_jubjub/edwards/babydbl/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/babydbl/README.md
rename to circuits/crypto/baby_jubjub/edwards/babydbl/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babydbl/babydbl.circom b/circuits/crypto/baby_jubjub/edwards/babydbl/babydbl.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/babydbl/babydbl.circom
rename to circuits/crypto/baby_jubjub/edwards/babydbl/babydbl.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babypbk/README.md b/circuits/crypto/baby_jubjub/edwards/babypbk/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/babypbk/README.md
rename to circuits/crypto/baby_jubjub/edwards/babypbk/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/babypbk/babypbk.circom b/circuits/crypto/baby_jubjub/edwards/babypbk/babypbk.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/babypbk/babypbk.circom
rename to circuits/crypto/baby_jubjub/edwards/babypbk/babypbk.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/README.md b/circuits/crypto/baby_jubjub/edwards/scalar_mul/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/README.md
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/README.md b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/README.md
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.test.js b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.test.js
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.test.js
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul.test.js
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_min_test.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_min_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_min_test.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_min_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test_min.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test_min.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test_min.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmul_test_min.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/README.md b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/README.md
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.test.js b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.test.js
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.test.js
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table.test.js
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test2.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test2.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test2.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test2.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test3.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test3.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test3.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulw4table/scalarmulw4table_test3.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmul/scalarmulwindow/scalarmulwindow.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/bitelementmulany/bitelementmulany.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/multiplexor2/multiplexor2.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.test.js b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.test.js
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.test.js
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany.test.js
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany_test.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany_test.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/scalarmulany_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulany/segmentmulany/segmentmulany.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulfix/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.test.js b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.test.js
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.test.js
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix.test.js
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix_test.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix_test.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulfix/scalarmulfix_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/segmentmulfix/segmentmulfix.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulfix/segmentmulfix/segmentmulfix.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/segmentmulfix/segmentmulfix.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulfix/segmentmulfix/segmentmulfix.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/windowmulfix/windowmulfix.circom b/circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulfix/windowmulfix/windowmulfix.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards/scalar_mul/scalarmulfix/windowmulfix/windowmulfix.circom
rename to circuits/crypto/baby_jubjub/edwards/scalar_mul/scalarmulfix/windowmulfix/windowmulfix.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards2montgomery/README.md b/circuits/crypto/baby_jubjub/edwards2montgomery/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards2montgomery/README.md
rename to circuits/crypto/baby_jubjub/edwards2montgomery/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery.circom b/circuits/crypto/baby_jubjub/edwards2montgomery/edwards2montgomery.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery.circom
rename to circuits/crypto/baby_jubjub/edwards2montgomery/edwards2montgomery.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery.test.js b/circuits/crypto/baby_jubjub/edwards2montgomery/edwards2montgomery.test.js
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery.test.js
rename to circuits/crypto/baby_jubjub/edwards2montgomery/edwards2montgomery.test.js
diff --git a/circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery_test.circom b/circuits/crypto/baby_jubjub/edwards2montgomery/edwards2montgomery_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards2montgomery/edwards2montgomery_test.circom
rename to circuits/crypto/baby_jubjub/edwards2montgomery/edwards2montgomery_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/edwards2montgomery_test.circom b/circuits/crypto/baby_jubjub/edwards2montgomery_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/edwards2montgomery_test.circom
rename to circuits/crypto/baby_jubjub/edwards2montgomery_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery.test.js b/circuits/crypto/baby_jubjub/montgomery.test.js
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery.test.js
rename to circuits/crypto/baby_jubjub/montgomery.test.js
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/README.md b/circuits/crypto/baby_jubjub/montgomery/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery/README.md
rename to circuits/crypto/baby_jubjub/montgomery/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/README.md b/circuits/crypto/baby_jubjub/montgomery/montgomeryadd/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/README.md
rename to circuits/crypto/baby_jubjub/montgomery/montgomeryadd/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom b/circuits/crypto/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom
rename to circuits/crypto/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.circom
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.test.js b/circuits/crypto/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.test.js
similarity index 95%
rename from circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.test.js
rename to circuits/crypto/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.test.js
index dc85050c..90ac6364 100644
--- a/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.test.js
+++ b/circuits/crypto/baby_jubjub/montgomery/montgomeryadd/montgomeryadd.test.js
@@ -35,7 +35,7 @@ describe("Montgomery addition test", function () {
await circuitMAdd.loadSymbols();
});
- it("It should add two abitrary points", async () => {
+ it("Should add two abitrary points", async () => {
let w, xout, yout;
w = await circuitMAdd.calculateWitness({ in1: p, in2: q}, true);
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd_test.circom b/circuits/crypto/baby_jubjub/montgomery/montgomeryadd/montgomeryadd_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery/montgomeryadd/montgomeryadd_test.circom
rename to circuits/crypto/baby_jubjub/montgomery/montgomeryadd/montgomeryadd_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/README.md b/circuits/crypto/baby_jubjub/montgomery/montgomerydouble/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/README.md
rename to circuits/crypto/baby_jubjub/montgomery/montgomerydouble/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom b/circuits/crypto/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom
rename to circuits/crypto/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.circom
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.test.js b/circuits/crypto/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.test.js
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.test.js
rename to circuits/crypto/baby_jubjub/montgomery/montgomerydouble/montgomerydouble.test.js
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble_test.circom b/circuits/crypto/baby_jubjub/montgomery/montgomerydouble/montgomerydouble_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery/montgomerydouble/montgomerydouble_test.circom
rename to circuits/crypto/baby_jubjub/montgomery/montgomerydouble/montgomerydouble_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery2edwards/README.md b/circuits/crypto/baby_jubjub/montgomery2edwards/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery2edwards/README.md
rename to circuits/crypto/baby_jubjub/montgomery2edwards/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards.circom b/circuits/crypto/baby_jubjub/montgomery2edwards/montgomery2edwards.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards.circom
rename to circuits/crypto/baby_jubjub/montgomery2edwards/montgomery2edwards.circom
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards.test.js b/circuits/crypto/baby_jubjub/montgomery2edwards/montgomery2edwards.test.js
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards.test.js
rename to circuits/crypto/baby_jubjub/montgomery2edwards/montgomery2edwards.test.js
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards_test.circom b/circuits/crypto/baby_jubjub/montgomery2edwards/montgomery2edwards_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery2edwards/montgomery2edwards_test.circom
rename to circuits/crypto/baby_jubjub/montgomery2edwards/montgomery2edwards_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/montgomery2edwards_test.circom b/circuits/crypto/baby_jubjub/montgomery2edwards_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomery2edwards_test.circom
rename to circuits/crypto/baby_jubjub/montgomery2edwards_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/montgomeryBIS.test.js b/circuits/crypto/baby_jubjub/montgomeryBIS.test.js
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomeryBIS.test.js
rename to circuits/crypto/baby_jubjub/montgomeryBIS.test.js
diff --git a/circuits/crypto_templates/baby_jubjub/montgomeryadd_test.circom b/circuits/crypto/baby_jubjub/montgomeryadd_test.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/montgomeryadd_test.circom
rename to circuits/crypto/baby_jubjub/montgomeryadd_test.circom
diff --git a/circuits/crypto_templates/baby_jubjub/point2bits/README.md b/circuits/crypto/baby_jubjub/point2bits/README.md
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/point2bits/README.md
rename to circuits/crypto/baby_jubjub/point2bits/README.md
diff --git a/circuits/crypto_templates/baby_jubjub/point2bits/pointbits.circom b/circuits/crypto/baby_jubjub/point2bits/pointbits.circom
similarity index 100%
rename from circuits/crypto_templates/baby_jubjub/point2bits/pointbits.circom
rename to circuits/crypto/baby_jubjub/point2bits/pointbits.circom
diff --git a/circuits/crypto_templates/hash_functions/README.md b/circuits/crypto/hash_functions/README.md
similarity index 100%
rename from circuits/crypto_templates/hash_functions/README.md
rename to circuits/crypto/hash_functions/README.md
diff --git a/circuits/crypto_templates/hash_functions/mimc/mimc7/README.md b/circuits/crypto/hash_functions/mimc7/README.md
similarity index 100%
rename from circuits/crypto_templates/hash_functions/mimc/mimc7/README.md
rename to circuits/crypto/hash_functions/mimc7/README.md
diff --git a/circuits/crypto_templates/hash_functions/mimc/mimc7/mimc.circom b/circuits/crypto/hash_functions/mimc7/mimc.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/mimc/mimc7/mimc.circom
rename to circuits/crypto/hash_functions/mimc7/mimc.circom
diff --git a/circuits/crypto_templates/hash_functions/mimc/mimcfeistel/README.md b/circuits/crypto/hash_functions/mimcfeistel/README.md
similarity index 100%
rename from circuits/crypto_templates/hash_functions/mimc/mimcfeistel/README.md
rename to circuits/crypto/hash_functions/mimcfeistel/README.md
diff --git a/circuits/crypto_templates/hash_functions/mimc/mimcsponge/README.md b/circuits/crypto/hash_functions/mimcsponge/README.md
similarity index 100%
rename from circuits/crypto_templates/hash_functions/mimc/mimcsponge/README.md
rename to circuits/crypto/hash_functions/mimcsponge/README.md
diff --git a/circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcsponge.circom b/circuits/crypto/hash_functions/mimcsponge/mimcsponge.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/mimc/mimcsponge/mimcsponge.circom
rename to circuits/crypto/hash_functions/mimcsponge/mimcsponge.circom
diff --git a/circuits/crypto_templates/hash_functions/mimc/multimimc7/README.md b/circuits/crypto/hash_functions/multimimc7/README.md
similarity index 100%
rename from circuits/crypto_templates/hash_functions/mimc/multimimc7/README.md
rename to circuits/crypto/hash_functions/multimimc7/README.md
diff --git a/circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old.circom b/circuits/crypto/hash_functions/pedersen_old/pedersen_old.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen_old/pedersen_old.circom
rename to circuits/crypto/hash_functions/pedersen_old/pedersen_old.circom
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w3/README.md b/circuits/crypto/hash_functions/pedersen_w3/README.md
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen_w3/README.md
rename to circuits/crypto/hash_functions/pedersen_w3/README.md
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.circom b/circuits/crypto/hash_functions/pedersen_w3/pedersen_w3.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen_w3/pedersen_w3.circom
rename to circuits/crypto/hash_functions/pedersen_w3/pedersen_w3.circom
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w3/segment3/segment3.circom b/circuits/crypto/hash_functions/pedersen_w3/segment3/segment3.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen_w3/segment3/segment3.circom
rename to circuits/crypto/hash_functions/pedersen_w3/segment3/segment3.circom
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w3/window3/window3.circom b/circuits/crypto/hash_functions/pedersen_w3/window3/window3.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen_w3/window3/window3.circom
rename to circuits/crypto/hash_functions/pedersen_w3/window3/window3.circom
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/README.md b/circuits/crypto/hash_functions/pedersen_w4/README.md
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen_w4/README.md
rename to circuits/crypto/hash_functions/pedersen_w4/README.md
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.circom b/circuits/crypto/hash_functions/pedersen_w4/pedersen_w4.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.circom
rename to circuits/crypto/hash_functions/pedersen_w4/pedersen_w4.circom
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.test.js b/circuits/crypto/hash_functions/pedersen_w4/pedersen_w4.test.js
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4.test.js
rename to circuits/crypto/hash_functions/pedersen_w4/pedersen_w4.test.js
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4_test.circom b/circuits/crypto/hash_functions/pedersen_w4/pedersen_w4_test.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen_w4/pedersen_w4_test.circom
rename to circuits/crypto/hash_functions/pedersen_w4/pedersen_w4_test.circom
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/segment/segment.circom b/circuits/crypto/hash_functions/pedersen_w4/segment/segment.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen_w4/segment/segment.circom
rename to circuits/crypto/hash_functions/pedersen_w4/segment/segment.circom
diff --git a/circuits/crypto_templates/hash_functions/pedersen_w4/window4/window4.circom b/circuits/crypto/hash_functions/pedersen_w4/window4/window4.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/pedersen_w4/window4/window4.circom
rename to circuits/crypto/hash_functions/pedersen_w4/window4/window4.circom
diff --git a/circuits/crypto_templates/hash_functions/poseidon/README.md b/circuits/crypto/hash_functions/poseidon/README.md
similarity index 100%
rename from circuits/crypto_templates/hash_functions/poseidon/README.md
rename to circuits/crypto/hash_functions/poseidon/README.md
diff --git a/circuits/crypto_templates/hash_functions/poseidon/poseidon.circom b/circuits/crypto/hash_functions/poseidon/poseidon.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/poseidon/poseidon.circom
rename to circuits/crypto/hash_functions/poseidon/poseidon.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/README.md b/circuits/crypto/hash_functions/sha256/README.md
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/README.md
rename to circuits/crypto/hash_functions/sha256/README.md
diff --git a/circuits/crypto_templates/hash_functions/sha256/ch.circom b/circuits/crypto/hash_functions/sha256/ch.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/ch.circom
rename to circuits/crypto/hash_functions/sha256/ch.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/constants/constants.circom b/circuits/crypto/hash_functions/sha256/constants/constants.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/constants/constants.circom
rename to circuits/crypto/hash_functions/sha256/constants/constants.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/main.circom b/circuits/crypto/hash_functions/sha256/main.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/main.circom
rename to circuits/crypto/hash_functions/sha256/main.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/maj.circom b/circuits/crypto/hash_functions/sha256/maj.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/maj.circom
rename to circuits/crypto/hash_functions/sha256/maj.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/rotate.circom b/circuits/crypto/hash_functions/sha256/rotate.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/rotate.circom
rename to circuits/crypto/hash_functions/sha256/rotate.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/sha256.circom b/circuits/crypto/hash_functions/sha256/sha256.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/sha256.circom
rename to circuits/crypto/hash_functions/sha256/sha256.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/sha256_2.circom b/circuits/crypto/hash_functions/sha256/sha256_2.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/sha256_2.circom
rename to circuits/crypto/hash_functions/sha256/sha256_2.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/sha256compression.circom b/circuits/crypto/hash_functions/sha256/sha256compression.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/sha256compression.circom
rename to circuits/crypto/hash_functions/sha256/sha256compression.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/shift.circom b/circuits/crypto/hash_functions/sha256/shift.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/shift.circom
rename to circuits/crypto/hash_functions/sha256/shift.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/sigma.circom b/circuits/crypto/hash_functions/sha256/sigma.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/sigma.circom
rename to circuits/crypto/hash_functions/sha256/sigma.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/sigmaplus.circom b/circuits/crypto/hash_functions/sha256/sigmaplus.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/sigmaplus.circom
rename to circuits/crypto/hash_functions/sha256/sigmaplus.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/t1.circom b/circuits/crypto/hash_functions/sha256/t1.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/t1.circom
rename to circuits/crypto/hash_functions/sha256/t1.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/t2.circom b/circuits/crypto/hash_functions/sha256/t2.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/t2.circom
rename to circuits/crypto/hash_functions/sha256/t2.circom
diff --git a/circuits/crypto_templates/hash_functions/sha256/xor3.circom b/circuits/crypto/hash_functions/sha256/xor3.circom
similarity index 100%
rename from circuits/crypto_templates/hash_functions/sha256/xor3.circom
rename to circuits/crypto/hash_functions/sha256/xor3.circom
diff --git a/circuits/crypto_templates/signatures/README.md b/circuits/crypto/signatures/README.md
similarity index 100%
rename from circuits/crypto_templates/signatures/README.md
rename to circuits/crypto/signatures/README.md
diff --git a/circuits/crypto_templates/signatures/eddsa/README.md b/circuits/crypto/signatures/eddsa/README.md
similarity index 100%
rename from circuits/crypto_templates/signatures/eddsa/README.md
rename to circuits/crypto/signatures/eddsa/README.md
diff --git a/circuits/crypto_templates/signatures/eddsa/eddsa/eddsa.circom b/circuits/crypto/signatures/eddsa/eddsa.circom
similarity index 100%
rename from circuits/crypto_templates/signatures/eddsa/eddsa/eddsa.circom
rename to circuits/crypto/signatures/eddsa/eddsa.circom
diff --git a/circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc.circom b/circuits/crypto/signatures/eddsamimc/eddsamimc.circom
similarity index 100%
rename from circuits/crypto_templates/signatures/eddsa/eddsamimc/eddsamimc.circom
rename to circuits/crypto/signatures/eddsamimc/eddsamimc.circom
diff --git a/circuits/crypto_templates/signatures/eddsa/eddsamimcsponge/eddsamimcsponge.circom b/circuits/crypto/signatures/eddsamimcsponge/eddsamimcsponge.circom
similarity index 100%
rename from circuits/crypto_templates/signatures/eddsa/eddsamimcsponge/eddsamimcsponge.circom
rename to circuits/crypto/signatures/eddsamimcsponge/eddsamimcsponge.circom
diff --git a/circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon.circom b/circuits/crypto/signatures/eddsaposeidon/eddsaposeidon.circom
similarity index 100%
rename from circuits/crypto_templates/signatures/eddsa/eddsaposeidon/eddsaposeidon.circom
rename to circuits/crypto/signatures/eddsaposeidon/eddsaposeidon.circom
diff --git a/circuits/crypto_templates/smt/README.md b/circuits/crypto/smt/README.md
similarity index 100%
rename from circuits/crypto_templates/smt/README.md
rename to circuits/crypto/smt/README.md
diff --git a/circuits/crypto_templates/smt/smthash_mimc.circom b/circuits/crypto/smt/smthash_mimc.circom
similarity index 100%
rename from circuits/crypto_templates/smt/smthash_mimc.circom
rename to circuits/crypto/smt/smthash_mimc.circom
diff --git a/circuits/crypto_templates/smt/smthash_poseidon.circom b/circuits/crypto/smt/smthash_poseidon.circom
similarity index 100%
rename from circuits/crypto_templates/smt/smthash_poseidon.circom
rename to circuits/crypto/smt/smthash_poseidon.circom
diff --git a/circuits/crypto_templates/smt/smtlevins.circom b/circuits/crypto/smt/smtlevins.circom
similarity index 100%
rename from circuits/crypto_templates/smt/smtlevins.circom
rename to circuits/crypto/smt/smtlevins.circom
diff --git a/circuits/crypto_templates/smt/smtprocessor.circom b/circuits/crypto/smt/smtprocessor.circom
similarity index 100%
rename from circuits/crypto_templates/smt/smtprocessor.circom
rename to circuits/crypto/smt/smtprocessor.circom
diff --git a/circuits/crypto_templates/smt/smtprocessorlevel.circom b/circuits/crypto/smt/smtprocessorlevel.circom
similarity index 100%
rename from circuits/crypto_templates/smt/smtprocessorlevel.circom
rename to circuits/crypto/smt/smtprocessorlevel.circom
diff --git a/circuits/crypto_templates/smt/smtprocessorsm.circom b/circuits/crypto/smt/smtprocessorsm.circom
similarity index 100%
rename from circuits/crypto_templates/smt/smtprocessorsm.circom
rename to circuits/crypto/smt/smtprocessorsm.circom
diff --git a/circuits/crypto_templates/smt/smtverifier.circom b/circuits/crypto/smt/smtverifier.circom
similarity index 100%
rename from circuits/crypto_templates/smt/smtverifier.circom
rename to circuits/crypto/smt/smtverifier.circom
diff --git a/circuits/crypto_templates/smt/smtverifierlevel.circom b/circuits/crypto/smt/smtverifierlevel.circom
similarity index 100%
rename from circuits/crypto_templates/smt/smtverifierlevel.circom
rename to circuits/crypto/smt/smtverifierlevel.circom
diff --git a/circuits/crypto_templates/smt/smtverifiersm.circom b/circuits/crypto/smt/smtverifiersm.circom
similarity index 100%
rename from circuits/crypto_templates/smt/smtverifiersm.circom
rename to circuits/crypto/smt/smtverifiersm.circom
diff --git a/circuits/crypto_templates/hash_functions/mimc/README.md b/circuits/crypto_templates/hash_functions/mimc/README.md
deleted file mode 100644
index bbdaf32b..00000000
--- a/circuits/crypto_templates/hash_functions/mimc/README.md
+++ /dev/null
@@ -1,12 +0,0 @@
-# `mimc`
-
-This folder contains the templates to do operations on different elliptic curves.
-
-## Structure of the Folder
-
-- [`mimc7`](mimc7)
-- [`mimcfeistel`](mimcfeistel)
-- [`mimcsponge`](mimcsponge)
-- [`multimimc7`](multimimc7)
-
-## Background on Elliptic Curves
\ No newline at end of file
From 9968bbf4e3b52a9909e5b9509e5df5d30a8ca6ab Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 22 Apr 2020 16:17:55 +0200
Subject: [PATCH 25/27] fixed mux tests
---
circuits/basics/README.md | 8 +-
.../{multimux1 => multi_mux1}/README.md | 0
.../multiplexer/multi_mux1/multi_mux1.circom | 30 +++++++
.../{multimux2 => multi_mux2}/README.md | 0
.../multi_mux2.circom} | 0
.../{multimux3 => multi_mux3}/README.md | 0
.../multi_mux3.circom} | 0
.../{multimux4 => multi_mux4}/README.md | 0
.../multi_mux4.circom} | 0
.../{.src/decoder.circom => _decoder.circom} | 0
...rproduct.circom => _scalar_product.circom} | 0
.../multiplexer/multiplexer.circom | 4 +-
circuits/basics/multiplexer/mux1/mux1.circom | 12 +--
.../{mux1_1.circom => test/mux1.test.circom} | 5 +-
.../basics/multiplexer/mux1/test/mux1.test.js | 26 ++++++
circuits/basics/multiplexer/mux2/mux2.circom | 25 +-----
.../{mux2_1.circom => test/mux2.test.circom} | 4 +-
.../basics/multiplexer/mux2/test/mux2.test.js | 28 +++++++
circuits/basics/multiplexer/mux3/mux3.circom | 37 +--------
.../{mux3_1.circom => test/mux3.test.circom} | 4 +-
.../basics/multiplexer/mux3/test/mux3.test.js | 33 ++++++++
circuits/basics/multiplexer/mux4/mux4.circom | 81 +------------------
.../{mux4_1.circom => test/mux4.test.circom} | 4 +-
.../basics/multiplexer/mux4/test/mux4.test.js | 41 ++++++++++
24 files changed, 176 insertions(+), 166 deletions(-)
rename circuits/basics/multiplexer/{multimux1 => multi_mux1}/README.md (100%)
create mode 100644 circuits/basics/multiplexer/multi_mux1/multi_mux1.circom
rename circuits/basics/multiplexer/{multimux2 => multi_mux2}/README.md (100%)
rename circuits/basics/multiplexer/{multimux2/multimux2.circom => multi_mux2/multi_mux2.circom} (100%)
rename circuits/basics/multiplexer/{multimux3 => multi_mux3}/README.md (100%)
rename circuits/basics/multiplexer/{multimux3/multimux3.circom => multi_mux3/multi_mux3.circom} (100%)
rename circuits/basics/multiplexer/{multimux4 => multi_mux4}/README.md (100%)
rename circuits/basics/multiplexer/{multimux4/multimux4.circom => multi_mux4/multi_mux4.circom} (100%)
rename circuits/basics/multiplexer/multiplexer/{.src/decoder.circom => _decoder.circom} (100%)
rename circuits/basics/multiplexer/multiplexer/{.src/scalarproduct.circom => _scalar_product.circom} (100%)
rename circuits/basics/multiplexer/mux1/{mux1_1.circom => test/mux1.test.circom} (85%)
create mode 100644 circuits/basics/multiplexer/mux1/test/mux1.test.js
rename circuits/basics/multiplexer/mux2/{mux2_1.circom => test/mux2.test.circom} (87%)
create mode 100644 circuits/basics/multiplexer/mux2/test/mux2.test.js
rename circuits/basics/multiplexer/mux3/{mux3_1.circom => test/mux3.test.circom} (88%)
create mode 100644 circuits/basics/multiplexer/mux3/test/mux3.test.js
rename circuits/basics/multiplexer/mux4/{mux4_1.circom => test/mux4.test.circom} (91%)
create mode 100644 circuits/basics/multiplexer/mux4/test/mux4.test.js
diff --git a/circuits/basics/README.md b/circuits/basics/README.md
index 38b79684..9b6b10b7 100644
--- a/circuits/basics/README.md
+++ b/circuits/basics/README.md
@@ -35,10 +35,10 @@ This folder contains various templates to do binary operations, conversions from
- [`less_than`](comparators/less_than)
- [`sign`](comparators/sign)
- [`multiplexer`](multiplexer)
- - [`multimux1`](multiplexer/multimux1)
- - [`multimux2`](multiplexer/multimux2)
- - [`multimux3`](multiplexer/multimux3)
- - [`multimux4`](multiplexer/multimux4)
+ - [`multi_mux1`](multiplexer/multi_mux1)
+ - [`multi_mux2`](multiplexer/multi_mux2)
+ - [`multi_mux3`](multiplexer/multi_mux3)
+ - [`multi_mux4`](multiplexer/multi_mux4)
- [`multiplexer`](multiplexer/multiplexer)
- [`mux1`](multiplexer/mux1)
- [`mux2`](multiplexer/mux2)
diff --git a/circuits/basics/multiplexer/multimux1/README.md b/circuits/basics/multiplexer/multi_mux1/README.md
similarity index 100%
rename from circuits/basics/multiplexer/multimux1/README.md
rename to circuits/basics/multiplexer/multi_mux1/README.md
diff --git a/circuits/basics/multiplexer/multi_mux1/multi_mux1.circom b/circuits/basics/multiplexer/multi_mux1/multi_mux1.circom
new file mode 100644
index 00000000..44d450c8
--- /dev/null
+++ b/circuits/basics/multiplexer/multi_mux1/multi_mux1.circom
@@ -0,0 +1,30 @@
+/*
+ Copyright 2018 0KIMS association.
+
+ This file is part of circom (Zero Knowledge Circuit Compiler).
+
+ circom is a free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ circom is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with circom. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+template MultiMux1(n) {
+ signal input c[n][2]; // Constants
+ signal input s; // Selector
+ signal output out[n];
+
+ for (var i=0; i<n; i++) {
+
+ out[i] <== (c[i][1] - c[i][0])*s + c[i][0];
+
+ }
+}
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/multimux2/README.md b/circuits/basics/multiplexer/multi_mux2/README.md
similarity index 100%
rename from circuits/basics/multiplexer/multimux2/README.md
rename to circuits/basics/multiplexer/multi_mux2/README.md
diff --git a/circuits/basics/multiplexer/multimux2/multimux2.circom b/circuits/basics/multiplexer/multi_mux2/multi_mux2.circom
similarity index 100%
rename from circuits/basics/multiplexer/multimux2/multimux2.circom
rename to circuits/basics/multiplexer/multi_mux2/multi_mux2.circom
diff --git a/circuits/basics/multiplexer/multimux3/README.md b/circuits/basics/multiplexer/multi_mux3/README.md
similarity index 100%
rename from circuits/basics/multiplexer/multimux3/README.md
rename to circuits/basics/multiplexer/multi_mux3/README.md
diff --git a/circuits/basics/multiplexer/multimux3/multimux3.circom b/circuits/basics/multiplexer/multi_mux3/multi_mux3.circom
similarity index 100%
rename from circuits/basics/multiplexer/multimux3/multimux3.circom
rename to circuits/basics/multiplexer/multi_mux3/multi_mux3.circom
diff --git a/circuits/basics/multiplexer/multimux4/README.md b/circuits/basics/multiplexer/multi_mux4/README.md
similarity index 100%
rename from circuits/basics/multiplexer/multimux4/README.md
rename to circuits/basics/multiplexer/multi_mux4/README.md
diff --git a/circuits/basics/multiplexer/multimux4/multimux4.circom b/circuits/basics/multiplexer/multi_mux4/multi_mux4.circom
similarity index 100%
rename from circuits/basics/multiplexer/multimux4/multimux4.circom
rename to circuits/basics/multiplexer/multi_mux4/multi_mux4.circom
diff --git a/circuits/basics/multiplexer/multiplexer/.src/decoder.circom b/circuits/basics/multiplexer/multiplexer/_decoder.circom
similarity index 100%
rename from circuits/basics/multiplexer/multiplexer/.src/decoder.circom
rename to circuits/basics/multiplexer/multiplexer/_decoder.circom
diff --git a/circuits/basics/multiplexer/multiplexer/.src/scalarproduct.circom b/circuits/basics/multiplexer/multiplexer/_scalar_product.circom
similarity index 100%
rename from circuits/basics/multiplexer/multiplexer/.src/scalarproduct.circom
rename to circuits/basics/multiplexer/multiplexer/_scalar_product.circom
diff --git a/circuits/basics/multiplexer/multiplexer/multiplexer.circom b/circuits/basics/multiplexer/multiplexer/multiplexer.circom
index 056e7f37..66944234 100644
--- a/circuits/basics/multiplexer/multiplexer/multiplexer.circom
+++ b/circuits/basics/multiplexer/multiplexer/multiplexer.circom
@@ -17,8 +17,8 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-include ".src/decoder.circom";
-include ".src/scalarproduct.circom";
+include "_decoder.circom";
+include "_scalar_product.circom";
template Multiplexer(wIn, nIn) {
signal input inp[nIn][wIn];
diff --git a/circuits/basics/multiplexer/mux1/mux1.circom b/circuits/basics/multiplexer/mux1/mux1.circom
index 3473c6cf..3b9316f4 100644
--- a/circuits/basics/multiplexer/mux1/mux1.circom
+++ b/circuits/basics/multiplexer/mux1/mux1.circom
@@ -17,17 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-template MultiMux1(n) {
- signal input c[n][2]; // Constants
- signal input s; // Selector
- signal output out[n];
-
- for (var i=0; i<n; i++) {
-
- out[i] <== (c[i][1] - c[i][0])*s + c[i][0];
-
- }
-}
+include "../multi_mux1/multi_mux1.circom"
template Mux1() {
var i;
diff --git a/circuits/basics/multiplexer/mux1/mux1_1.circom b/circuits/basics/multiplexer/mux1/test/mux1.test.circom
similarity index 85%
rename from circuits/basics/multiplexer/mux1/mux1_1.circom
rename to circuits/basics/multiplexer/mux1/test/mux1.test.circom
index 5a3afee3..c430d447 100644
--- a/circuits/basics/multiplexer/mux1/mux1_1.circom
+++ b/circuits/basics/multiplexer/mux1/test/mux1.test.circom
@@ -1,6 +1,5 @@
-include "../../circuits/mux1.circom";
-include "../../circuits/bitify.circom";
-
+include "../mux1.circom";
+include "../../../bitify/num2bits/num2bits.circom";
template Constants() {
var i;
diff --git a/circuits/basics/multiplexer/mux1/test/mux1.test.js b/circuits/basics/multiplexer/mux1/test/mux1.test.js
new file mode 100644
index 00000000..d39fc170
--- /dev/null
+++ b/circuits/basics/multiplexer/mux1/test/mux1.test.js
@@ -0,0 +1,26 @@
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+describe("Mux1 test", function() {
+
+ this.timeout(100000);
+
+ it("Should create a constant multiplexer 1", async () => {
+
+ const circuit = await tester(path.join(__dirname, "mux1.test.circom"));
+
+ const ct2 = [
+ bigInt("37"),
+ bigInt("47"),
+ ];
+
+ for (let i=0; i<2; i++) {
+ const w = await circuit.calculateWitness({ "selector": i }, true);
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {out: ct2[i]});
+ }
+ });
+});
diff --git a/circuits/basics/multiplexer/mux2/mux2.circom b/circuits/basics/multiplexer/mux2/mux2.circom
index 1e71cf7e..0f10b772 100644
--- a/circuits/basics/multiplexer/mux2/mux2.circom
+++ b/circuits/basics/multiplexer/mux2/mux2.circom
@@ -17,30 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-template MultiMux2(n) {
- signal input c[n][4]; // Constants
- signal input s[2]; // Selector
- signal output out[n];
-
- signal a10[n];
- signal a1[n];
- signal a0[n];
- signal a[n];
-
- signal s10;
- s10 <== s[1] * s[0];
-
- for (var i=0; i<n; i++) {
-
- a10[i] <== ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s10;
- a1[i] <== ( c[i][ 2]-c[i][ 0] ) * s[1];
- a0[i] <== ( c[i][ 1]-c[i][ 0] ) * s[0];
- a[i] <== ( c[i][ 0] )
-
- out[i] <== ( a10[i] + a1[i] + a0[i] + a[i] );
-
- }
-}
+include "../multi_mux2/multi_mux2.circom"
template Mux2() {
var i;
diff --git a/circuits/basics/multiplexer/mux2/mux2_1.circom b/circuits/basics/multiplexer/mux2/test/mux2.test.circom
similarity index 87%
rename from circuits/basics/multiplexer/mux2/mux2_1.circom
rename to circuits/basics/multiplexer/mux2/test/mux2.test.circom
index 4bb62477..0fd7a54f 100644
--- a/circuits/basics/multiplexer/mux2/mux2_1.circom
+++ b/circuits/basics/multiplexer/mux2/test/mux2.test.circom
@@ -1,5 +1,5 @@
-include "../../circuits/mux2.circom";
-include "../../circuits/bitify.circom";
+include "../mux2.circom";
+include "../../../bitify/num2bits/num2bits.circom";
template Constants() {
diff --git a/circuits/basics/multiplexer/mux2/test/mux2.test.js b/circuits/basics/multiplexer/mux2/test/mux2.test.js
new file mode 100644
index 00000000..a355d2b8
--- /dev/null
+++ b/circuits/basics/multiplexer/mux2/test/mux2.test.js
@@ -0,0 +1,28 @@
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+describe("Mux2 test", function() {
+
+ this.timeout(100000);
+
+ it("Should create a constant multiplexer 2", async () => {
+
+ const circuit = await tester(path.join(__dirname, "mux2.test.circom"));
+
+ const ct4 = [
+ bigInt("37"),
+ bigInt("47"),
+ bigInt("53"),
+ bigInt("71"),
+ ];
+
+ for (let i=0; i<4; i++) {
+ const w = await circuit.calculateWitness({ "selector": i }, true);
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {out: ct4[i]});
+ }
+ });
+});
diff --git a/circuits/basics/multiplexer/mux3/mux3.circom b/circuits/basics/multiplexer/mux3/mux3.circom
index 277ead2e..a8d590e5 100644
--- a/circuits/basics/multiplexer/mux3/mux3.circom
+++ b/circuits/basics/multiplexer/mux3/mux3.circom
@@ -17,42 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-template MultiMux3(n) {
- signal input c[n][8]; // Constants
- signal input s[3]; // Selector
- signal output out[n];
-
- signal a210[n];
- signal a21[n];
- signal a20[n];
- signal a2[n];
-
- signal a10[n];
- signal a1[n];
- signal a0[n];
- signal a[n];
-
- // 4 constrains for the intermediary variables
- signal s10;
- s10 <== s[1] * s[0];
-
- for (var i=0; i<n; i++) {
-
- a210[i] <== ( c[i][ 7]-c[i][ 6]-c[i][ 5]+c[i][ 4] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) * s10;
- a21[i] <== ( c[i][ 6]-c[i][ 4]-c[i][ 2]+c[i][ 0] ) * s[1];
- a20[i] <== ( c[i][ 5]-c[i][ 4]-c[i][ 1]+c[i][ 0] ) * s[0];
- a2[i] <== ( c[i][ 4]-c[i][ 0] );
-
- a10[i] <== ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s10;
- a1[i] <== ( c[i][ 2]-c[i][ 0] ) * s[1];
- a0[i] <== ( c[i][ 1]-c[i][ 0] ) * s[0];
- a[i] <== ( c[i][ 0] )
-
- out[i] <== ( a210[i] + a21[i] + a20[i] + a2[i] ) * s[2] +
- ( a10[i] + a1[i] + a0[i] + a[i] );
-
- }
-}
+include "../multi_mux3/multi_mux3.circom"
template Mux3() {
var i;
diff --git a/circuits/basics/multiplexer/mux3/mux3_1.circom b/circuits/basics/multiplexer/mux3/test/mux3.test.circom
similarity index 88%
rename from circuits/basics/multiplexer/mux3/mux3_1.circom
rename to circuits/basics/multiplexer/mux3/test/mux3.test.circom
index 69f98f25..6fbe2f53 100644
--- a/circuits/basics/multiplexer/mux3/mux3_1.circom
+++ b/circuits/basics/multiplexer/mux3/test/mux3.test.circom
@@ -1,5 +1,5 @@
-include "../../circuits/mux3.circom";
-include "../../circuits/bitify.circom";
+include "../mux3.circom";
+include "../../../bitify/num2bits/num2bits.circom";
template Constants() {
diff --git a/circuits/basics/multiplexer/mux3/test/mux3.test.js b/circuits/basics/multiplexer/mux3/test/mux3.test.js
new file mode 100644
index 00000000..b9f3ea2e
--- /dev/null
+++ b/circuits/basics/multiplexer/mux3/test/mux3.test.js
@@ -0,0 +1,33 @@
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+describe("Mux3 test", function() {
+
+ this.timeout(100000);
+
+ it("Should create a constant multiplexer 3", async () => {
+
+ const circuit = await tester(path.join(__dirname, "mux3.test.circom"));
+
+ const ct8 = [
+ bigInt("37"),
+ bigInt("47"),
+ bigInt("53"),
+ bigInt("71"),
+ bigInt("89"),
+ bigInt("107"),
+ bigInt("163"),
+ bigInt("191")
+ ];
+
+ for (let i=0; i<8; i++) {
+ const w = await circuit.calculateWitness({ "selector": i }, true);
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {out: ct8[i]});
+ }
+ });
+
+});
diff --git a/circuits/basics/multiplexer/mux4/mux4.circom b/circuits/basics/multiplexer/mux4/mux4.circom
index c30bb94f..d082fca5 100644
--- a/circuits/basics/multiplexer/mux4/mux4.circom
+++ b/circuits/basics/multiplexer/mux4/mux4.circom
@@ -17,86 +17,7 @@
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
-template MultiMux4(n) {
- signal input c[n][16]; // Constants
- signal input s[4]; // Selector
- signal output out[n];
-
- signal a3210[n];
- signal a321[n];
- signal a320[n];
- signal a310[n];
- signal a32[n];
- signal a31[n];
- signal a30[n];
- signal a3[n];
-
- signal a210[n];
- signal a21[n];
- signal a20[n];
- signal a10[n];
- signal a2[n];
- signal a1[n];
- signal a0[n];
- signal a[n];
-
- // 4 constrains for the intermediary variables
- signal s10;
- s10 <== s[1] * s[0];
- signal s20;
- s20 <== s[2] * s[0];
- signal s21;
- s21 <== s[2] * s[1];
- signal s210;
- s210 <== s21 * s[0];
-
-
- for (var i=0; i<n; i++) {
-
- a3210[i] <== ( c[i][15]-c[i][14]-c[i][13]+c[i][12] - c[i][11]+c[i][10]+c[i][ 9]-c[i][ 8]
- -c[i][ 7]+c[i][ 6]+c[i][ 5]-c[i][ 4] + c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s210;
- a321[i] <== ( c[i][14]-c[i][12]-c[i][10]+c[i][ 8] - c[i][ 6]+c[i][ 4]+c[i][ 2]-c[i][ 0] ) * s21;
- a320[i] <== ( c[i][13]-c[i][12]-c[i][ 9]+c[i][ 8] - c[i][ 5]+c[i][ 4]+c[i][ 1]-c[i][ 0] ) * s20;
- a310[i] <== ( c[i][11]-c[i][10]-c[i][ 9]+c[i][ 8] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) * s10;
- a32[i] <== ( c[i][12]-c[i][ 8]-c[i][ 4]+c[i][ 0] ) * s[2];
- a31[i] <== ( c[i][10]-c[i][ 8]-c[i][ 2]+c[i][ 0] ) * s[1];
- a30[i] <== ( c[i][ 9]-c[i][ 8]-c[i][ 1]+c[i][ 0] ) * s[0];
- a3[i] <== ( c[i][ 8]-c[i][ 0] );
-
- a210[i] <== ( c[i][ 7]-c[i][ 6]-c[i][ 5]+c[i][ 4] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) * s210;
- a21[i] <== ( c[i][ 6]-c[i][ 4]-c[i][ 2]+c[i][ 0] ) * s21;
- a20[i] <== ( c[i][ 5]-c[i][ 4]-c[i][ 1]+c[i][ 0] ) * s20;
- a10[i] <== ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) * s10;
- a2[i] <== ( c[i][ 4]-c[i][ 0] ) * s[2];
- a1[i] <== ( c[i][ 2]-c[i][ 0] ) * s[1];
- a0[i] <== ( c[i][ 1]-c[i][ 0] ) * s[0];
- a[i] <== ( c[i][ 0] )
-
- out[i] <== ( a3210[i] + a321[i] + a320[i] + a310[i] + a32[i] + a31[i] + a30[i] + a3[i] ) * s[3] +
- ( a210[i] + a21[i] + a20[i] + a10[i] + a2[i] + a1[i] + a0[i] + a[i] );
-
-/*
- out[i] <== ( s210 * ( c[i][15]-c[i][14]-c[i][13]+c[i][12] - c[i][11]+c[i][10]+c[i][ 9]-c[i][ 8]
- -c[i][ 7]+c[i][ 6]+c[i][ 5]-c[i][ 4] + c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) +
- s21 * ( c[i][14]-c[i][12]-c[i][10]+c[i][ 8] - c[i][ 6]+c[i][ 4]+c[i][ 2]-c[i][ 0] ) +
- s20 * ( c[i][13]-c[i][12]-c[i][ 9]+c[i][ 8] - c[i][ 5]+c[i][ 4]+c[i][ 1]-c[i][ 0] ) +
- s10 * ( c[i][11]-c[i][10]-c[i][ 9]+c[i][ 8] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) +
- s[2] * ( c[i][12]-c[i][ 8]-c[i][ 4]+c[i][ 0] ) +
- s[1] * ( c[i][10]-c[i][ 8]-c[i][ 2]+c[i][ 0] ) +
- s[0] * ( c[i][ 9]-c[i][ 8]-c[i][ 1]+c[i][ 0] ) +
- ( c[i][ 8]-c[i][ 0] ) ) * s[3] +
- ( s210 * ( c[i][ 7]-c[i][ 6]-c[i][ 5]+c[i][ 4] - c[i][ 3]+c[i][ 2]+c[i][ 1]-c[i][ 0] ) +
- s21 * ( c[i][ 6]-c[i][ 4]-c[i][ 2]+c[i][ 0] ) +
- s20 * ( c[i][ 5]-c[i][ 4]-c[i][ 1]+c[i][ 0] ) +
- s10 * ( c[i][ 3]-c[i][ 2]-c[i][ 1]+c[i][ 0] ) +
- s[2] * ( c[i][ 4]-c[i][ 0] ) +
- s[1] * ( c[i][ 2]-c[i][ 0] ) +
- s[0] * ( c[i][ 1]-c[i][ 0] ) +
- ( c[i][ 0] ));
-
-*/
- }
-}
+include "../multi_mux4/multi_mux4.circom"
template Mux4() {
var i;
diff --git a/circuits/basics/multiplexer/mux4/mux4_1.circom b/circuits/basics/multiplexer/mux4/test/mux4.test.circom
similarity index 91%
rename from circuits/basics/multiplexer/mux4/mux4_1.circom
rename to circuits/basics/multiplexer/mux4/test/mux4.test.circom
index d63e4661..da7acabc 100644
--- a/circuits/basics/multiplexer/mux4/mux4_1.circom
+++ b/circuits/basics/multiplexer/mux4/test/mux4.test.circom
@@ -1,5 +1,5 @@
-include "../../circuits/mux4.circom";
-include "../../circuits/bitify.circom";
+include "../mux4.circom";
+include "../../../bitify/num2bits/num2bits.circom";
template Constants() {
diff --git a/circuits/basics/multiplexer/mux4/test/mux4.test.js b/circuits/basics/multiplexer/mux4/test/mux4.test.js
new file mode 100644
index 00000000..ffe77f93
--- /dev/null
+++ b/circuits/basics/multiplexer/mux4/test/mux4.test.js
@@ -0,0 +1,41 @@
+const path = require("path");
+const bigInt = require("big-integer");
+const tester = require("circom").tester;
+
+describe("Mux4 test", function() {
+
+ this.timeout(100000);
+
+ it("Should create a constant multiplexer 4", async () => {
+
+ const circuit = await tester(path.join(__dirname, "mux4.test.circom"));
+
+ const ct16 = [
+ bigInt("123"),
+ bigInt("456"),
+ bigInt("789"),
+ bigInt("012"),
+ bigInt("111"),
+ bigInt("222"),
+ bigInt("333"),
+ bigInt("4546"),
+ bigInt("134523"),
+ bigInt("44356"),
+ bigInt("15623"),
+ bigInt("4566"),
+ bigInt("1223"),
+ bigInt("4546"),
+ bigInt("4256"),
+ bigInt("4456")
+ ];
+
+ for (let i=0; i<16; i++) {
+ const w = await circuit.calculateWitness({ "selector": i }, true);
+
+ await circuit.checkConstraints(w);
+
+ await circuit.assertOut(w, {out: ct16[i]});
+ }
+ });
+
+});
From 60ebd2c8c1a1400a3cd5cfd7cf6e467569a7cf27 Mon Sep 17 00:00:00 2001
From: bellesmarta <belles.mm@gmail.com>
Date: Wed, 22 Apr 2020 16:34:55 +0200
Subject: [PATCH 26/27] Updated README of multiplexers
---
.../basics/multiplexer/multi_mux1/README.md | 26 ++++++++---
.../basics/multiplexer/multi_mux2/README.md | 27 +++++++++---
.../basics/multiplexer/multi_mux3/README.md | 27 +++++++++---
.../basics/multiplexer/multi_mux4/README.md | 27 +++++++++---
.../basics/multiplexer/multiplexer/README.md | 43 +++++++++++++++----
circuits/basics/multiplexer/mux1/README.md | 27 +++++++++---
circuits/basics/multiplexer/mux2/README.md | 27 +++++++++---
circuits/basics/multiplexer/mux3/README.md | 27 +++++++++---
circuits/basics/multiplexer/mux4/README.md | 27 +++++++++---
9 files changed, 209 insertions(+), 49 deletions(-)
diff --git a/circuits/basics/multiplexer/multi_mux1/README.md b/circuits/basics/multiplexer/multi_mux1/README.md
index c5b13bcf..4343c98e 100644
--- a/circuits/basics/multiplexer/multi_mux1/README.md
+++ b/circuits/basics/multiplexer/multi_mux1/README.md
@@ -1,19 +1,35 @@
-# Name of Template
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+# `MultiMux1(n)`
## Description
+This template ... .
+
## Schema
+```
+ ________________
+ s ----> | |
+ | MultiMux1(n) | ----> out[n]
+c[n][2] ----> |________________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ------------- | ------------- |
+| `s` | (Selector) |
+| `c[n][2]` | |
+
## Outputs
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out[n]` | | |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/multi_mux2/README.md b/circuits/basics/multiplexer/multi_mux2/README.md
index c5b13bcf..c4f44c07 100644
--- a/circuits/basics/multiplexer/multi_mux2/README.md
+++ b/circuits/basics/multiplexer/multi_mux2/README.md
@@ -1,19 +1,36 @@
-# Name of Template
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+# `MultiMux2(n)`
## Description
+This template ... .
+
## Schema
+```
+ ________________
+ s[2] ----> | |
+ | MultiMux2(n) | ----> out[n]
+c[n][4] ----> |________________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ------------- | ------------- |
+| `s[2]` | (Selector) |
+| `c[n][4]` | |
+
+
## Outputs
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out[n]` | | |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/multi_mux3/README.md b/circuits/basics/multiplexer/multi_mux3/README.md
index c5b13bcf..7ecae381 100644
--- a/circuits/basics/multiplexer/multi_mux3/README.md
+++ b/circuits/basics/multiplexer/multi_mux3/README.md
@@ -1,19 +1,36 @@
-# Name of Template
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+# `MultiMux3(n)`
## Description
+This template ... .
+
## Schema
+```
+ ________________
+ s[3] ----> | |
+ | MultiMux3(n) | ----> out[n]
+c[n][8] ----> |________________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ------------- | ------------- |
+| `s[3]` | (Selector) |
+| `c[n][8]` | |
+
+
## Outputs
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out[n]` | | |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/multi_mux4/README.md b/circuits/basics/multiplexer/multi_mux4/README.md
index c5b13bcf..523f5720 100644
--- a/circuits/basics/multiplexer/multi_mux4/README.md
+++ b/circuits/basics/multiplexer/multi_mux4/README.md
@@ -1,19 +1,36 @@
-# Name of Template
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+# `MultiMux4(n)`
## Description
+This template ... .
+
## Schema
+```
+ ________________
+ s[4] ----> | |
+ | MultiMux4(n) | ----> out[n]
+c[n][16] ----> |________________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ------------- | ------------- |
+| `s[4]` | (Selector) |
+| `c[n][16]` | |
+
+
## Outputs
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out[n]` | | |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/multiplexer/README.md b/circuits/basics/multiplexer/multiplexer/README.md
index e33018c6..c1a50b16 100644
--- a/circuits/basics/multiplexer/multiplexer/README.md
+++ b/circuits/basics/multiplexer/multiplexer/README.md
@@ -1,15 +1,40 @@
-# `multiplexer`
-
-TODO: Change it to Multiplexer description!
-
# `Multiplexer(wIn, nIn)`
## Description
-This folder contains the templates to talkdfjlasjdf. Each folder contains a test and README file specifying the template details.
+This template ... .
+
+It makes use of two (internal?) sub?templates/routines? :
+- [`_decoder`](decoder)
+- [`_scalarproduct`](scalarproduct)
+
+## Schema
+
+```
+ _________________________
+ sel ----> | |
+ | Multiplexer(wIn, nIn) | ----> out[wIn]
+inp[nIn][wIn] ----> |_________________________|
+```
+
+## Dependencies
+
+None.
+
+## Inputs
+
+| Input | Type |
+| ------------- | ------------- |
+| `sel` | (Selector) |
+| `inp[nIn][wIn]` | |
+
+
+## Outputs
+
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out[wIn]` | | |
-It uses blabla
+## Benchmarks
-- [`decoder`](decoder)
-- [`multiplexer`](multiplexer)
-- [`scalarproduct`](scalarproduct)
\ No newline at end of file
+## Test
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/mux1/README.md b/circuits/basics/multiplexer/mux1/README.md
index c5b13bcf..5a389d5c 100644
--- a/circuits/basics/multiplexer/mux1/README.md
+++ b/circuits/basics/multiplexer/mux1/README.md
@@ -1,19 +1,36 @@
-# Name of Template
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+# `Mux1()`
## Description
+This template ... .
+
## Schema
+```
+ __________
+ s ----> | |
+ | Mux1() | ----> out
+c[2] ----> |__________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ------------- | ------------- |
+| `s` | (Selector) |
+| `c[2]` | |
+
+
## Outputs
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out` | | |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/mux2/README.md b/circuits/basics/multiplexer/mux2/README.md
index c5b13bcf..4bec072a 100644
--- a/circuits/basics/multiplexer/mux2/README.md
+++ b/circuits/basics/multiplexer/mux2/README.md
@@ -1,19 +1,36 @@
-# Name of Template
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+# `Mux2()`
## Description
+This template ... .
+
## Schema
+```
+ __________
+s[2] ----> | |
+ | Mux2() | ----> out
+c[4] ----> |__________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ------------- | ------------- |
+| `s[2]` | (Selector) |
+| `c[4]` | |
+
+
## Outputs
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out` | | |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/mux3/README.md b/circuits/basics/multiplexer/mux3/README.md
index c5b13bcf..a8e1346d 100644
--- a/circuits/basics/multiplexer/mux3/README.md
+++ b/circuits/basics/multiplexer/mux3/README.md
@@ -1,19 +1,36 @@
-# Name of Template
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+# `Mux3()`
## Description
+This template ... .
+
## Schema
+```
+ __________
+s[3] ----> | |
+ | Mux3() | ----> out
+c[8] ----> |__________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ------------- | ------------- |
+| `s[3]` | (Selector) |
+| `c[8]` | |
+
+
## Outputs
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out` | | |
+
## Benchmarks
## Test
\ No newline at end of file
diff --git a/circuits/basics/multiplexer/mux4/README.md b/circuits/basics/multiplexer/mux4/README.md
index c5b13bcf..f8bffc7c 100644
--- a/circuits/basics/multiplexer/mux4/README.md
+++ b/circuits/basics/multiplexer/mux4/README.md
@@ -1,19 +1,36 @@
-# Name of Template
-
-PATH HERE: ~/CircomLib/Circuits/...
-
-## Background
+# `Mux4()`
## Description
+This template ... .
+
## Schema
+```
+ __________
+ s[4] ----> | |
+ | Mux4() | ----> out
+c[16] ----> |__________|
+```
+
## Dependencies
+None.
+
## Inputs
+| Input | Type |
+| ------------- | ------------- |
+| `s[4]` | (Selector) |
+| `c[16]` | |
+
+
## Outputs
+| Output | Type | Description |
+| ------------- | ------------- | ---------- |
+| `out` | | |
+
## Benchmarks
## Test
\ No newline at end of file
From 7a45bd5b89d77617b2bd6ca0feb9fd8560aac724 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marta=20Bell=C3=A9s?=
<43028405+bellesmarta@users.noreply.github.com>
Date: Wed, 22 Apr 2020 16:57:47 +0200
Subject: [PATCH 27/27] Create LICENSE
---
LICENSE | 674 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 674 insertions(+)
create mode 100644 LICENSE
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 00000000..f288702d
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,674 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ <program> Copyright (C) <year> <name of author>
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.