Merge branch 'main' into feat/tbox

crema-labs · Aug 3, 2024 · fba0639 · fba0639
2 parents ebf840d + ab8039c
commit fba0639
Show file tree

Hide file tree

Showing 5 changed files with 487 additions and 5 deletions.
diff --git a/circuits/cipher.circom b/circuits/cipher.circom
@@ -36,8 +36,8 @@ include "mix_columns.circom";
 template Cipher(nk){
         assert(nk == 4 || nk == 6 || nk == 8 );
         signal input block[4][4];
-        signal output cipher[4][4];
         signal input key[nk * 4];
+        signal output cipher[4][4];
 
         var nr = Rounds(nk);
 

diff --git a/circuits/ctr.circom b/circuits/ctr.circom
@@ -0,0 +1,144 @@
+pragma circom 2.1.8;
+
+include "cipher.circom";
+include "transformations.circom";
+
+template EncryptCTR(l,nk){
+        signal input plainText[l];
+        signal input iv[16];
+        signal input key[nk * 4];
+        signal output cipher[l];
+
+        var n = l\16;
+        if(l%16 > 0){
+                n = n + 1;
+        }
+
+        component toBlocks = ToBlocks(l);
+        toBlocks.stream <== plainText;
+
+        component aes[n];
+
+        signal cipherBlocks[n][4][4];
+        component AddCipher[n];
+
+        component generateCtrBlocks = GenerateCounterBlocks(n);
+        generateCtrBlocks.iv <== iv;
+
+        for(var i = 0 ; i < n; i++){
+                aes[i] = Cipher(nk);
+                aes[i].key <== key;
+                aes[i].block <== generateCtrBlocks.counterBlocks[i];
+
+                AddCipher[i] = AddCipher();
+                AddCipher[i].state <== toBlocks.blocks[i];
+                AddCipher[i].cipher <== aes[i].cipher;
+
+                cipherBlocks[i] <== AddCipher[i].newState;
+        }
+
+        component toStream = ToStream(n,l);
+        toStream.blocks <== cipherBlocks;
+
+        cipher <== toStream.stream;
+}
+
+
+//convert stream of plain text to blocks of 16 bytes
+template ToBlocks(l){
+        signal input stream[l];
+
+        var n = l\16;
+        if(l%16 > 0){
+                n = n + 1;
+        }
+        signal output blocks[n][4][4];
+
+        var i, j, k;
+
+        for (var idx = 0; idx < l; idx++) {
+                blocks[i][k][j] <== stream[idx];
+                k = k + 1;
+                if (k == 4){
+                        k = 0;
+                        j = j + 1;
+                        if (j == 4){
+                                j = 0;
+                                i = i + 1;
+                        }
+                }
+        }
+
+        if (l%16 > 0){
+               blocks[i][k][j] <== 1;
+               k = k + 1;
+        }
+}
+
+// convert blocks of 16 bytes to stream of bytes
+template ToStream(n,l){
+        signal input blocks[n][4][4];
+
+        signal output stream[l];
+
+        var i, j, k;
+
+        while(i*16 + j*4 + k < l){
+                stream[i*16 + j*4 + k] <== blocks[i][k][j];
+                k = k + 1;
+                if (k == 4){
+                        k = 0;
+                        j = j + 1;
+                        if (j == 4){
+                                j = 0;
+                                i = i + 1;
+                        }
+                }
+        }
+}
+
+template AddCipher(){
+    signal input state[4][4];
+    signal input cipher[4][4];
+    signal output newState[4][4];
+
+    component xorbyte[4][4];
+
+    for (var i = 0; i < 4; i++) {
+        for (var j = 0; j < 4; j++) {
+            xorbyte[i][j] = XorByte();
+            xorbyte[i][j].a <== state[i][j];
+            xorbyte[i][j].b <== cipher[i][j];
+            newState[i][j] <== xorbyte[i][j].out;
+        }
+    }
+}
+
+// converts iv to counter blocks
+// iv is 16 bytes
+template GenerateCounterBlocks(n){
+        assert(n < 0xffffffff);
+        signal input iv[16];
+        signal output counterBlocks[n][4][4];
+
+        var ivr[16] = iv;
+
+        component toBlocks[n];
+
+        for (var i = 0; i < n; i++) {
+                toBlocks[i] = ToBlocks(16);
+                toBlocks[i].stream <-- ivr;
+                counterBlocks[i] <== toBlocks[i].blocks[0];
+                ivr[15] = (ivr[15] + 1)%256;
+                if (ivr[15] == 0){
+                        ivr[14] = (ivr[14] + 1)%256;
+                        if (ivr[14] == 0){
+                                ivr[13] = (ivr[13] + 1)%256;
+                                if (ivr[13] == 0){
+                                        ivr[12] = (ivr[12] + 1)%256;
+                                }
+                        }
+                }
+
+        }
+}
diff --git a/tests/cipher.test.ts b/tests/cipher.test.ts
@@ -4,7 +4,7 @@ import { circomkit } from "./common";
 // todo: should debug cipher
 describe("Cipher", () => {
   let circuit: WitnessTester<["block", "key"], ["cipher"]>;
-  it("should perform Cipher", async () => {
+  it("should perform Cipher#1", async () => {
     circuit = await circomkit.WitnessTester(`Cipher`, {
       file: "cipher",
       template: "Cipher",
@@ -32,4 +32,36 @@ describe("Cipher", () => {
       }
     );
   });
+
+  // in  : f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+  // out : ec8cdf7398607cb0f2d21675ea9ea1e4
+  // key : 2b7e151628aed2a6abf7158809cf4f3c
+  it("should perform Cipher#2", async () => {
+    circuit = await circomkit.WitnessTester(`Cipher`, {
+      file: "cipher",
+      template: "Cipher",
+      params: [4],
+    });
+    console.log("@Cipher #constraints:", await circuit.getConstraintCount());
+
+    await circuit.expectPass(
+      {
+        block: [
+          [0xf0, 0xf4, 0xf8, 0xfc],
+          [0xf1, 0xf5, 0xf9, 0xfd],
+          [0xf2, 0xf6, 0xfa, 0xfe],
+          [0xf3, 0xf7, 0xfb, 0xff],
+        ],
+        key: [0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c],
+      },
+      {
+        cipher: [
+          [0xec, 0x98, 0xf2, 0xea],
+          [0x8c, 0x60, 0xd2, 0x9e],
+          [0xdf, 0x7c, 0x16, 0xa1],
+          [0x73, 0xb0, 0x75, 0xe4],
+        ],
+      }
+    );
+  });
 });