fixing comments

pyClient/zethTestScenario.py

@@ -61,9 +61,6 @@ def bob_deposit(test_grpc_endpoint, mixer_instance, mk_root, bob_eth_address, ke
 
     # Hash the pk_sender and cipher-texts
     ciphers = eph_pk_sender_bytes + ciphertext1 + ciphertext2
-
-    # Hash the cipher-texts TODO TO REMOVE
-    ciphers = ciphertext1 + ciphertext2
     hash_ciphers = sha256(ciphers).hexdigest()
 
     # Hash the proof

src/CMakeLists.txt

@@ -137,8 +137,8 @@ endfunction(zeth_test)
 zeth_test(test_simple test/simple_test.cpp TRUE)
 zeth_test(test_addition test/packed_addition_test.cpp TRUE)
 zeth_test(test_hex_to_field test/hex_to_field_test.cpp TRUE)
-zeth_test(test_sha256 test/sha256_test.cpp)
-zeth_test(test_blake2s test/blake2s_test.cpp)
+zeth_test(test_sha256 test/sha256_test.cpp TRUE)
+zeth_test(test_blake2s test/blake2s_test.cpp TRUE)
 zeth_test(test_round test/round_test.cpp TRUE)
 zeth_test(test_mimc test/mimc_test.cpp TRUE)
 zeth_test(test_mimc_mp test/mimc_mp_test.cpp TRUE)

src/circuits/commitments/commitments.hpp

@@ -5,7 +5,6 @@
 // Content Taken and adapted from Zcash
 // https://github.com/zcash/zcash/blob/master/src/zcash/circuit/commitment.tcc
 
-#include "circuits/sha256/sha256_ethereum.hpp"
 
 #include <libsnark/gadgetlib1/gadget.hpp>
 #include <libsnark/gadgetlib1/gadgets/hashes/hash_io.hpp>
@@ -27,7 +26,7 @@ class COMM_gadget : libsnark::gadget<FieldT>
         libsnark::pb_variable_array<FieldT> x,
         libsnark::pb_variable_array<FieldT> y,
         std::shared_ptr<libsnark::digest_variable<FieldT>>
-            result, // sha256(x || y)
+            result, // blake2s(x || y)
         const std::string &annotation_prefix = "COMM_gadget");
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
@@ -48,8 +47,8 @@ libsnark::pb_variable_array<FieldT> getRightSideCMCOMM(
 // the value of the commitment_k without needing 2 distinct gadgets for this.
 //
 // See Zerocash extended paper, page 22
-// The commitment k is computed as k = sha256(r || [sha256(a_pk || rho)]_128)
-// where we define the left part: inner_k = sha256(a_pk || rho)
+// The commitment k is computed as k = blake2s(r || [blake2s(a_pk || rho)]_128)
+// where we define the left part: inner_k = blake2s(a_pk || rho)
 // as being the inner commitment of k
 template<typename FieldT, typename HashT>
 class COMM_inner_k_gadget : public COMM_gadget<FieldT, HashT>
@@ -61,13 +60,13 @@ class COMM_inner_k_gadget : public COMM_gadget<FieldT, HashT>
             &a_pk, // public address key, 256 bits
         libsnark::pb_variable_array<FieldT> &rho, // 256 bits
         std::shared_ptr<libsnark::digest_variable<FieldT>>
-            result, // sha256(a_pk || rho)
+            result, // blake2s(a_pk || rho)
         const std::string &annotation_prefix = "COMM_inner_k_gadget");
 };
 
 // See Zerocash extended paper, page 22
-// The commitment k is computed as k = sha256(r || [sha256(a_pk || rho)]_128)
-// where we define: outer_k = sha256(r || [inner_commitment]_128)
+// The commitment k is computed as k = blake2s(r || [blake2s(a_pk || rho)]_128)
+// where we define: outer_k = blake2s(r || [inner_commitment]_128)
 // as being the outer commitment of k
 // We denote by trap_r the trapdoor r
 template<typename FieldT, typename HashT>
@@ -80,11 +79,11 @@ class COMM_outer_k_gadget : public COMM_gadget<FieldT, HashT>
         libsnark::pb_variable_array<FieldT>
             &inner_k, // 256 bits, but we only keep 128 bits out of it
         std::shared_ptr<libsnark::digest_variable<FieldT>>
-            result, // sha256(trap_r || [inner_k]_128)
+            result, // blake2s(trap_r || [inner_k]_128)
         const std::string &annotation_prefix = "COMM_outer_k_gadget");
 };
 
-// cm = sha256(outer_k || 0^192 || value_v)
+// cm = blake2s(outer_k || 0^192 || value_v)
 template<typename FieldT, typename HashT>
 class COMM_cm_gadget : public COMM_gadget<FieldT, HashT>
 {
@@ -95,7 +94,7 @@ class COMM_cm_gadget : public COMM_gadget<FieldT, HashT>
         libsnark::pb_variable_array<FieldT> &outer_k, // 256 bits
         libsnark::pb_variable_array<FieldT> &value_v, //  64 bits
         std::shared_ptr<libsnark::digest_variable<FieldT>>
-            result, // sha256(outer_k || 0^192 || value_v)
+            result, // blake2s(outer_k || 0^192 || value_v)
         const std::string &annotation_prefix = "COMM_cm_gadget");
 };
 

src/circuits/commitments/commitments.tcc

@@ -90,8 +90,8 @@ libsnark::pb_variable_array<FieldT> getRightSideCMCOMM(
 // commitment
 //
 // See Zerocash extended paper, page 22
-// The commitment k is computed as k = sha256(r || [sha256(a_pk || rho)]_128)
-// where we define the left part: inner_k = sha256(a_pk || rho)
+// The commitment k is computed as k = blake2s(r || [blake2s(a_pk || rho)]_128)
+// where we define the left part: inner_k = blake2s(a_pk || rho)
 // as being the inner commitment of k
 template<typename FieldT, typename HashT>
 COMM_inner_k_gadget<FieldT, HashT>::COMM_inner_k_gadget(
@@ -106,8 +106,8 @@ COMM_inner_k_gadget<FieldT, HashT>::COMM_inner_k_gadget(
 }
 
 // See Zerocash extended paper, page 22
-// The commitment k is computed as k = sha256(r || [sha256(a_pk || rho)]_128)
-// where we define: outer_k = sha256(r || [inner_commitment]_128)
+// The commitment k is computed as k = blake2s(r || [blake2s(a_pk || rho)]_128)
+// where we define: outer_k = blake2s(r || [inner_commitment]_128)
 // as being the outer commitment of k
 // We denote by trap_r the trapdoor r
 template<typename FieldT, typename HashT>
@@ -124,7 +124,7 @@ COMM_outer_k_gadget<FieldT, HashT>::COMM_outer_k_gadget(
     // Nothing
 }
 
-// cm = sha256(outer_k || 0^192 || value_v)
+// cm = blake2s(outer_k || 0^192 || value_v)
 template<typename FieldT, typename HashT>
 COMM_cm_gadget<FieldT, HashT>::COMM_cm_gadget(
     libsnark::protoboard<FieldT> &pb,

src/circuits/joinsplit.tcc

@@ -2,7 +2,6 @@
 #define __ZETH_JOINSPLIT_CIRCUIT_TCC__
 
 #include "circuits/notes/note.hpp" // Contains the circuits for the notes
-#include "circuits/sha256/sha256_ethereum.hpp"
 #include "libsnark_helpers/libsnark_helpers.hpp"
 #include "types/joinsplit.hpp"
 #include "zeth.h" // Contains the definitions of the constants we use

src/circuits/prfs/prfs.hpp

@@ -5,8 +5,6 @@
 // Content Taken and adapted from Zcash
 // https://github.com/zcash/zcash/blob/master/src/zcash/circuit/prfs.tcc
 
-#include "circuits/sha256/sha256_ethereum.hpp"
-
 #include <libsnark/gadgetlib1/gadget.hpp>
 
 namespace libzeth
@@ -26,15 +24,15 @@ class PRF_gadget : public libsnark::gadget<FieldT>
         libsnark::pb_variable_array<FieldT> x,
         libsnark::pb_variable_array<FieldT> y,
         std::shared_ptr<libsnark::digest_variable<FieldT>>
-            result, // sha256(x || y)
+            result, // blake2s(x || y)
         const std::string &annotation_prefix = "PRF_gadget");
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
 };
 
 // This function is useful as the generation of a_pk is done via a_pk =
-// sha256(a_sk || 0^256) See Zerocash extended paper, page 22, paragraph
+// blake2s(a_sk || 0^256) See Zerocash extended paper, page 22, paragraph
 // "Instantiating the NP statement POUR"
 template<typename FieldT, typename HashT>
 libsnark::pb_variable_array<FieldT> gen_256_zeroes(
@@ -90,7 +88,7 @@ class PRF_nf_gadget : public PRF_gadget<FieldT, HashT>
         libsnark::pb_variable_array<FieldT> &a_sk,
         libsnark::pb_variable_array<FieldT> &rho,
         std::shared_ptr<libsnark::digest_variable<FieldT>>
-            result, // sha256(a_sk || 01 || [rho]_254)
+            result, // blake2s(a_sk || 01 || [rho]_254)
         const std::string &annotation_prefix = "PRF_nf_gadget");
 };
 

src/circuits/prfs/prfs.tcc

@@ -47,7 +47,7 @@ libsnark::pb_variable_array<FieldT> gen_256_zeroes(
     }
 
     // Check that we correctly built a 256-bit (half a block) string since we
-    // use sha256
+    // use blake2s 256
     assert(ret.size() == 256);
 
     return ret;

src/prover_server.cc

@@ -55,7 +55,7 @@ typedef libff::default_ec_pp
     ppT; // Instantiated from the curve specified in the CMakelists.txt
 typedef libff::Fr<ppT> FieldT;
 typedef MiMC_mp_gadget<FieldT> HashTreeT; // Hash used in the merkle tree
-typedef sha256_ethereum<FieldT> HashT; // Hash used for the commitments and PRFs
+typedef BLAKE2s_256_comp<FieldT> HashT; // Hash used for the commitments and PRFs
 
 class ProverImpl final : public Prover::Service
 {

src/test/commitments_test.cpp

@@ -6,8 +6,8 @@
 // Header to use the merkle tree data structure
 #include <libsnark/common/data_structures/merkle_tree.hpp>
 
-// Header to use the sha256_ethereum gadget
-#include "circuits/sha256/sha256_ethereum.hpp"
+// Header to use the blake2s gadget
+#include "circuits/blake2s/blake2s_comp.hpp"
 
 // Access the `from_bits` function and other utils
 #include "circuits/circuits-util.hpp"
@@ -21,7 +21,7 @@ using namespace libzeth;
 // Instantiation of the templates for the tests
 typedef libff::default_ec_pp ppT;
 typedef libff::Fr<ppT> FieldT; // Should be alt_bn128 in the CMakeLists.txt
-typedef sha256_ethereum<FieldT>
+typedef BLAKE2s_256_comp<FieldT>
     HashT; // We use our hash function to do the tests
 
 namespace

src/test/mimc_test.cpp

@@ -1,9 +1,13 @@
-#include "circuits/mimc/mimc.hpp"
-#include "snarks_alias.hpp"
-
 #include "gtest/gtest.h"
+
 #include <libff/common/default_types/ec_pp.hpp>
 
+#include "snarks_alias.hpp"
+#include "circuits/mimc/mimc.hpp"
+#include "circuits/mimc/mimc_mp.hpp"
+#include "circuits/mimc/round.hpp"
+
+
 using namespace libsnark;
 using namespace libzeth;
 
@@ -83,59 +87,106 @@ TEST(TestRound, TestFalseAddKToResult) {
     pb.val(in_x) = FieldT("15212");
     pb.val(in_k) = FieldT("98645");
 
-TEST(TestRound, TestTrue)
-{
+    MiMCe7_round_gadget<FieldT> round_gadget(pb, in_x, in_k, in_C, true, "round_gadget");
+    round_gadget.generate_r1cs_witness();
+    round_gadget.generate_r1cs_constraints();
+
+    FieldT expected_out = FieldT("42777806631355722518123");
+    ASSERT_FALSE(expected_out == pb.val(round_gadget.result()));
+}
+
+
+
+TEST(TestMiMCMp, TestTrue) {
+    libsnark::protoboard<FieldT> pb;
+
+    // Public input
+    libsnark::pb_variable<FieldT> y;
+    y.allocate(pb, "y");
+    pb.set_input_sizes(1);
+    pb.val(y) = FieldT("15683951496311901749339509118960676303290224812129752890706581988986633412003"); // sha3_256("mimc")
+
+    // Private inputs
+    libsnark::pb_variable<FieldT> x;
+    x.allocate(pb, "x");
+    pb.val(x) = FieldT("3703141493535563179657531719960160174296085208671919316200479060314459804651");
+
+    MiMC_mp_gadget<FieldT> mimc_mp_gadget(pb, x, y, "gadget");
+    mimc_mp_gadget.generate_r1cs_witness();
+    mimc_mp_gadget.generate_r1cs_constraints();
+
+    FieldT expected_out = FieldT("16797922449555994684063104214233396200599693715764605878168345782964540311877");
+    ASSERT_TRUE(expected_out == pb.val(mimc_mp_gadget.result()));
+}
+
+
+TEST(TestMiMCMp, TestFalse) {
+    libsnark::protoboard<FieldT> pb;
+
+    // Public input
+    libsnark::pb_variable<FieldT> y;
+    y.allocate(pb, "y");
+    pb.set_input_sizes(1);
+    pb.val(y) = FieldT("82724731331859054037315113496710413141112897654334566532528783843265082629790");
+
+    // Private inputs
+    libsnark::pb_variable<FieldT> x;
+    x.allocate(pb, "x");
+    pb.val(x) = FieldT("3703141493535563179657531719960160174296085208671919316200479060314459804651");
+
+    MiMC_mp_gadget<FieldT> mimc_mp_gadget(pb, x, y, "gadget");
+    mimc_mp_gadget.generate_r1cs_witness();
+    mimc_mp_gadget.generate_r1cs_constraints();
+
+    FieldT not_expected_out = FieldT("15683951496311901749339509118960676303290224812129752890706581988986633412003");
+    ASSERT_FALSE(not_expected_out == pb.val(mimc_mp_gadget.result()));
+}
+
+
+
+TEST(TestMiMC, TestTrue) {
     libsnark::protoboard<FieldT> pb;
 
     libsnark::pb_variable<FieldT> in_x;
     libsnark::pb_variable<FieldT> in_k;
     in_x.allocate(pb, "x");
     in_k.allocate(pb, "k");
 
-    pb.val(in_x) = FieldT("3703141493535563179657531719960160174296085208671919"
-                          "316200479060314459804651");
-    pb.val(in_k) = FieldT("1568395149631190174933950911896067630329022481212975"
-                          "2890706581988986633412003");
+    pb.val(in_x) = FieldT("3703141493535563179657531719960160174296085208671919316200479060314459804651");
+    pb.val(in_k) = FieldT("15683951496311901749339509118960676303290224812129752890706581988986633412003");
 
-    MiMCe7_permutation_gadget<FieldT> mimc_gadget(
-        pb, in_x, in_k, "mimc_gadget");
+    MiMCe7_permutation_gadget<FieldT> mimc_gadget(pb, in_x, in_k, "mimc_gadget");
     mimc_gadget.generate_r1cs_constraints();
     mimc_gadget.generate_r1cs_witness();
 
-    FieldT expected_out = FieldT("192990723315478049773124691205698348115617480"
-                                 "95378968014959488920239255590840");
+    FieldT expected_out = FieldT("19299072331547804977312469120569834811561748095378968014959488920239255590840");
     ASSERT_TRUE(expected_out == pb.val(mimc_gadget.result()));
 }
 
-TEST(TestRound, TestFalse)
-{
+
+    TEST(TestMiMC, TestFalse) {
     libsnark::protoboard<FieldT> pb;
 
     libsnark::pb_variable<FieldT> in_x;
     libsnark::pb_variable<FieldT> in_k;
     in_x.allocate(pb, "x");
     in_k.allocate(pb, "k");
 
-    pb.val(in_x) = FieldT("3703141493535563179657531719960160174296085208671919"
-                          "316200479060314459804651");
+    pb.val(in_x) = FieldT("3703141493535563179657531719960160174296085208671919316200479060314459804651");
     pb.val(in_k) = FieldT("13455131405143248756924738814405142");
 
-    MiMCe7_permutation_gadget<FieldT> mimc_gadget(
-        pb, in_x, in_k, "mimc_gadget");
+    MiMCe7_permutation_gadget<FieldT> mimc_gadget(pb, in_x, in_k, "mimc_gadget");
     mimc_gadget.generate_r1cs_witness();
     mimc_gadget.generate_r1cs_constraints();
-
-    FieldT expected_out = FieldT("114374678233937903873991372494419413137176864"
-                                 "41929791910070352316474327319704");
+
+    FieldT expected_out = FieldT("11437467823393790387399137249441941313717686441929791910070352316474327319704");
     ASSERT_FALSE(expected_out == pb.val(mimc_gadget.result()));
 }
 
 } // namespace
 
-int main(int argc, char **argv)
-{
-    ppT::init_public_params(); // /!\ WARNING: Do once for all tests. Do not
-                               // forget to do this !!!!
+int main(int argc, char **argv) {
+    ppT::init_public_params(); // /!\ WARNING: Do once for all tests. Do not forget to do this !!!!
     ::testing::InitGoogleTest(&argc, argv);
     return RUN_ALL_TESTS();
-}
+}