Jubjub stdlib

zokrates_core_test/tests/tests/arrays/fun_spread.zok

@@ -1,6 +1,6 @@
 import "utils/pack/bool/nonStrictUnpack256.zok" as unpack256;
 
 def main(field[2] inputs) -> bool[512] {
-    bool[512] preimage512 = [...unpack256(inputs[0], 254), ...unpack256(inputs[1], 254)];
+    bool[512] preimage512 = [...unpack256(inputs[0]), ...unpack256(inputs[1])];
     return preimage512;
 }

zokrates_stdlib/stdlib/ecc/babyjubjub.zok

@@ -16,22 +16,21 @@ const field[2] G = [
     20819045374670962167435360035096875258406992893633759881276124905556507972311  // Gy
 ];
 
-const u32 bit_size = 254;
 
 def proofOfOwnership(field[2] pk, field sk) -> bool {
-    return edwardsProofOfOwnership(pk, sk, G, EDWARDS_A, EDWARDS_D, bit_size);
+    return edwardsProofOfOwnership(pk, sk, G, EDWARDS_A, EDWARDS_D);
 }
 
 def verifyEddsa(field[2] R, field S, field[2] A, u32[8] M0, u32[8] M1) -> bool {
-    return edwardsSignature(R, S, A, M0, M1, G, EDWARDS_A, EDWARDS_D, bit_size);
+    return edwardsSignature(R, S, A, M0, M1, G, EDWARDS_A, EDWARDS_D);
 }
 
 def compress(field[2] pt) -> bool[256] {
     field x = pt[0];
     field y = pt[1];
 
-    bool[256] xBits = unpack256(x, 254);
-    bool[256] mut yBits = unpack256(y, 254);
+    bool[256] xBits = unpack256(x);
+    bool[256] mut yBits = unpack256(y);
 
     bool sign = xBits[255];
     yBits[0] = sign;

zokrates_stdlib/stdlib/ecc/jubjub.zok

@@ -15,12 +15,11 @@ const field[2] G = [
     44412834903739585386157632289020980010620626017712148233229312325549216099227  // Gy
 ];
 
-const u32 bit_size = 255;
 
 def proofOfOwnership(field[2] pk, field sk) -> bool {
-    return edwardsProofOfOwnership(pk, sk, G, EDWARDS_A, EDWARDS_D, bit_size);
+    return edwardsProofOfOwnership(pk, sk, G, EDWARDS_A, EDWARDS_D);
 }
 
 def verifyEddsa(field[2] R, field S, field[2] A, u32[8] M0, u32[8] M1) -> bool {
-    return edwardsSignature(R, S, A, M0, M1, G, EDWARDS_A, EDWARDS_D, bit_size);
+    return edwardsSignature(R, S, A, M0, M1, G, EDWARDS_A, EDWARDS_D);
 }

zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok

@@ -14,11 +14,10 @@ from "ecc/edwards" import scalarMul;
 ///    G: Generator point
 ///    EDWARDS_A: Coefficient `a` of the twisted Edwards curve
 ///    EDWARDS_D: Coefficient `d` of the twisted Edwards curve
-///    bit_size: Bit size of the twisted Edwards curve
 ///
 /// Returns true for pk/sk being a valid keypair, false otherwise.
-def main(field[2] pk, field sk, field[2] G, field EDWARDS_A, field EDWARDS_D, u32 bit_size) -> bool {
-    bool[256] sk_bits = unpack256(sk, bit_size);
+def main(field[2] pk, field sk, field[2] G, field EDWARDS_A, field EDWARDS_D) -> bool {
+    bool[256] sk_bits = unpack256(sk);
     field[2] res = scalarMul(sk_bits, G, EDWARDS_A, EDWARDS_D);
     return (res[0] == pk[0] && res[1] == pk[1]);
 }

zokrates_stdlib/stdlib/ecc/verifyEddsa.zok

@@ -1,9 +1,10 @@
 import "hashes/sha256/1024bitPadded" as sha256;
-import "utils/pack/bool/nonStrictUnpack256" as unpack256bool;
 import "utils/pack/u32/nonStrictUnpack256" as unpack256u;
+import "utils/pack/bool/nonStrictUnpack256" as unpack256bool;
 from "utils/casts" import cast;
 from "ecc/edwards" import add, scalarMul, onCurve, orderCheck;
 
+
 /// Verifies an EdDSA Signature.
 ///
 /// Checks the correctness of a given EdDSA Signature (R,S) for the provided
@@ -23,22 +24,21 @@ from "ecc/edwards" import add, scalarMul, onCurve, orderCheck;
 ///    M1: 256bit array. Trailing 256bits of the message used to create S.
 ///    EDWARDS_A: Coefficient `a` of the twisted Edwards curve
 ///    EDWARDS_D: Coefficient `d` of the twisted Edwards curve
-///    bit_size: Bit size of the twisted Edwards curve
 ///
 /// Returns:
 ///     Return true for S being a valid EdDSA Signature, false otherwise.
-def main(field[2] R, field S, field[2] A, u32[8] M0, u32[8] M1, field[2] G, field EDWARDS_A, field EDWARDS_D, u32 bit_size) -> bool {
+def main(field[2] R, field S, field[2] A, u32[8] M0, u32[8] M1, field[2] G, field EDWARDS_A, field EDWARDS_D) -> bool {
     // Check if R is on curve and if it is not in a small subgroup. A is public input and can be checked offline
     assert(onCurve(R, EDWARDS_A, EDWARDS_D)); // throws if R is not on curve
     assert(orderCheck(R, EDWARDS_A, EDWARDS_D));
 
-    u32[8] Rx = unpack256u(R[0], bit_size);
-    u32[8] Ax = unpack256u(A[0], bit_size);
+    u32[8] Rx = unpack256u(R[0]);
+    u32[8] Ax = unpack256u(A[0]);
 
     u32[8] h = sha256(Rx, Ax, M0, M1);
     bool[256] hRAM = cast(h);
 
-    bool[256] sBits = unpack256bool(S, bit_size);
+    bool[256] sBits = unpack256bool(S);
     field[2] lhs = scalarMul(sBits, G, EDWARDS_A, EDWARDS_D);
 
     field[2] AhRAM = scalarMul(hRAM, A, EDWARDS_A, EDWARDS_D);

zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok

@@ -1,11 +1,14 @@
 import "./unpack_unchecked";
+from "field" import FIELD_SIZE_IN_BITS;
 
-// Unpack a field element as 256 big-endian bits
+// Unpack a field element as 256 big-endian bits.
+// Size of p differs among different fields. 
+// For example, for bn128 |p| is 254 bit , for bls12-381 |p| is 255.
 // Note: uniqueness of the output is not guaranteed
 // For example, `0` can map to `[0, 0, ..., 0]` or to `bits(p)`
-def main(field i, u32 bit_size) -> bool[256] {
-    assert(bit_size <= 256);
-    u32 padding_size = 256 - bit_size;
-    bool[bit_size] b = unpack_unchecked(i);
+def main(field i) -> bool[256] {
+    assert(FIELD_SIZE_IN_BITS <= 256);
+    u32 padding_size = 256 - FIELD_SIZE_IN_BITS;
+    bool[FIELD_SIZE_IN_BITS] b = unpack_unchecked(i);
     return [...[false; padding_size], ...b];
 }

zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok

@@ -4,6 +4,6 @@ import "../../casts/bool_256_to_u32_8" as from_bits;
 // Unpack a field element as a u32[8] (big-endian)
 // Note: uniqueness of the output is not guaranteed
 // For example, `0` can map to `[0, 0, ..., 0]` or to `bits(p)`
-def main(field i, u32 bit_size) -> u32[8] {
-    return from_bits(unpack(i, bit_size));
+def main(field i) -> u32[8] {
+    return from_bits(unpack(i));
 }

zokrates_stdlib/tests/tests/ecc/jubjub/verifyEddsa.zok

@@ -5,8 +5,6 @@ from "ecc/jubjub" import verifyEddsa;
 // https://github.com/Zokrates/pycrypto
 def main() {
 
-    // TODO: Jubjub currently work only for keys <=254 bit long
-    // With the following keys should also work:
     field[2] R = [32866767109220564315580607107081162920517672350707254238793964527466586251974, 31852087390335520207922973662676180854641055992940928475111512263314053365736];
     field S = 43627586196239283173178511316555190744314536456808505435494185841008559853678;
 

zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json

@@ -1,10 +1,11 @@
+
 {
   "entry_point": "./tests/tests/utils/pack/bool/nonStrictUnpack256.zok",
-  "curves": ["Bls12_381"],
+  "curves": ["Bn128"],
   "tests": [
     {
       "input": {
-        "values": []
+        "values": [[false, false, true, true, false, false, false, false, false, true, true, false, false, true, false, false, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, true, false, false, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, false, false, true, true, false, true, true, true, false, false, false, false, true, false, true, false, false, false, false, false, true, false, false, false, true, false, true, true, false, true, true, false, true, true, false, true, false, false, false, false, false, false, true, true, false, false, false, false, false, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, false, true, false, false, true, false, true, false, false, false, false, false, true, true, false, false, true, true, true, true, true, false, true, false, false, false, false, true, false, false, true, false, false, false, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, false, false, false, true, false, true, false, false, false, false, true, true, true, true, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, false, true, false, false, true, true, true, true, true, true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]]
       },
       "output": {
         "Ok": {
@@ -13,4 +14,4 @@
       }
     }
   ]
-}
+}