Merge pull request #58 from rarimo/dev

Light proofs merge

.gitignore

@@ -42,4 +42,6 @@ test/inputs/*
 test/registerIdentityTest.ts
 test/circuits/*
 !test/passports/readme.txt
-circuits/scripts/*
+circuits/scripts/*
+tests/tests/circuits/identityManagement/*
+tests/tests/circuits/passportVerification/*

circuits/identityManagement/circuits/registerIdentityLight.circom

@@ -0,0 +1,95 @@
+pragma circom  2.1.6;
+
+include "../../hasher/passportHash.circom";
+include "circomlib/circuits/poseidon.circom";
+include "circomlib/circuits/bitify.circom";
+include "circomlib/circuits/babyjub.circom";
+
+// HASH_TYPE: 
+//   - 160: SHA1 (160 bits)
+//   - 224: SHA2-224 (224 bits)
+//   - 256: SHA2-256 (256 bits)
+//   - 384: SHA2-384 (384 bits)
+//   - 512: SHA2-512 (512 bits)
+
+template RegisterIdentityLight (DG_HASH_TYPE, DOCUMENT_TYPE) { // 1 || 3// 160, 224, 256, 384, 512 (list above)^^^
+    assert (DOCUMENT_TYPE == 1 || DOCUMENT_TYPE == 3);
+
+    signal output dg1Hash;
+    signal output dg1Commitment;
+    signal dg1HashBits[DG_HASH_TYPE];
+
+    // Poseidon2(PubKey.X, PubKey.Y)
+    signal output pkIdentityHash;
+
+    // INPUT SIGNALS:
+    signal input dg1[1024];
+    signal input skIdentity;
+
+
+    var HASH_BLOCK_SIZE = 512;
+    var HASH_BLOCK_NUMBER = 2;
+    if (DG_HASH_TYPE > 256){
+        HASH_BLOCK_SIZE = 1024;
+        HASH_BLOCK_NUMBER = 1;
+    }
+
+    // DG1 hash 744 bits => 4 * 186 || 760 bits = 190 * 4
+    component dg1Chunking[4];
+    component dg1Hasher = Poseidon(5);
+    var DG1_CHUNK_SIZE = 186;
+    if (DOCUMENT_TYPE == 1){
+        DG1_CHUNK_SIZE = 190;
+    }
+
+    for (var i = 0; i < 4; i++) {
+        dg1Chunking[i] = Bits2Num(DG1_CHUNK_SIZE);
+        for (var j = 0; j < DG1_CHUNK_SIZE; j++) {
+            dg1Chunking[i].in[j] <== dg1[i * DG1_CHUNK_SIZE + j];
+        }
+        dg1Hasher.inputs[i] <== dg1Chunking[i].out;
+    }
+
+    component skIndentityHasher = Poseidon(1);
+    skIndentityHasher.inputs[0] <== skIdentity;
+    dg1Hasher.inputs[4] <== skIndentityHasher.out;
+
+    dg1Commitment <== dg1Hasher.out;
+
+    component pkIdentityCalc = BabyPbk();
+    pkIdentityCalc.in <== skIdentity;
+
+    component pkIdentityHasher = Poseidon(2);
+    pkIdentityHasher.inputs[0] <== pkIdentityCalc.Ax;
+    pkIdentityHasher.inputs[1] <== pkIdentityCalc.Ay;
+
+    pkIdentityHash <== pkIdentityHasher.out;
+
+    component dg1ShaHasher = PassportHash(HASH_BLOCK_SIZE, HASH_BLOCK_NUMBER, DG_HASH_TYPE);
+    dg1ShaHasher.in <== dg1;
+    dg1HashBits <== dg1ShaHasher.out;
+
+    component b2n = Bits2Num(248);
+
+    var HASH_DIFF = 0;
+    if (DG_HASH_TYPE < 248){
+        HASH_DIFF = 248 - DG_HASH_TYPE;
+    }
+
+    for (var i = 0; i < 248 - HASH_DIFF; i++){
+        b2n.in[i] <== dg1HashBits[DG_HASH_TYPE - 1 - i];
+    }
+    for (var i = 248 - HASH_DIFF; i < 248; i++){
+        b2n.in[i] <== 0;
+    }
+
+    dg1Hash <== b2n.out;
+
+    log(dg1Hash);
+    log(pkIdentityHash);
+    log(dg1Commitment);
+}
+
+
+
+

circuits/identityManagement/registerIdentityLight160.circom

@@ -0,0 +1,5 @@
+pragma circom 2.1.6;
+
+include "./circuits/registerIdentityLight.circom";
+
+component main = RegisterIdentityLight(160, 3);

circuits/identityManagement/registerIdentityLight224.circom

@@ -0,0 +1,5 @@
+pragma circom 2.1.6;
+
+include "./circuits/registerIdentityLight.circom";
+
+component main = RegisterIdentityLight(224, 3);

circuits/identityManagement/registerIdentityLight256.circom

@@ -0,0 +1,5 @@
+pragma circom 2.1.6;
+
+include "./circuits/registerIdentityLight.circom";
+
+component main = RegisterIdentityLight(256, 3);

circuits/identityManagement/registerIdentityLight384.circom

@@ -0,0 +1,5 @@
+pragma circom 2.1.6;
+
+include "./circuits/registerIdentityLight.circom";
+
+component main = RegisterIdentityLight(384, 3);

circuits/identityManagement/registerIdentityLight512.circom

@@ -0,0 +1,5 @@
+pragma circom 2.1.6;
+
+include "./circuits/registerIdentityLight.circom";
+
+component main = RegisterIdentityLight(512, 3);

circuits/rsa/powMod.circom

@@ -4,6 +4,7 @@ include "../bigInt/bigInt.circom";
 
 // CHUNK_NUMBER is the length of the base and modulus
 // calculates (base^exp) % modulus, exp = 2^(E_BITS - 1) + 1 = 2^16 + 1
+// Deprecated
 template PowerMod(CHUNK_SIZE, CHUNK_NUMBER, E_BITS) {
     assert(E_BITS >= 2);
 
@@ -149,8 +150,11 @@ template PowerModAnyExp(CHUNK_SIZE, CHUNK_NUMBER, EXP) {
             resultMuls[i].b <== muls[exp_process[i + 3] - 1].out;
         }
     }
-
-    out <== resultMuls[exp_process[1] - 2].out;
+    if (exp_process[1] == 1){
+        out <== muls[exp_process[0] - 1].out;
+    } else {
+        out <== resultMuls[exp_process[1] - 2].out;
+    }
 }
 
 

circuits/rsa/rsa.circom

@@ -4,14 +4,14 @@ include "./powMod.circom";
 include "circomlib/circuits/bitify.circom";
 
 // Pkcs1v15 + Sha256, e = 65537
-template RsaVerifyPkcs1v15(CHUNK_SIZE, CHUNK_NUMBER, E_BITS, HASH_TYPE) {
+template RsaVerifyPkcs1v15(CHUNK_SIZE, CHUNK_NUMBER, EXP, HASH_TYPE) {
     signal input signature[CHUNK_NUMBER];
     signal input pubkey[CHUNK_NUMBER]; //aka modulus
 
     signal input hashed[HASH_TYPE];
 
     // signature ** exp mod modulus
-    component pm = PowerMod(CHUNK_SIZE, CHUNK_NUMBER, E_BITS);
+    component pm = PowerModAnyExp(CHUNK_SIZE, CHUNK_NUMBER, EXP);
     for (var i  = 0; i < CHUNK_NUMBER; i++) {
         pm.base[i] <== signature[i];
         pm.modulus[i] <== pubkey[i];
@@ -30,7 +30,6 @@ template RsaVerifyPkcs1v15(CHUNK_SIZE, CHUNK_NUMBER, E_BITS, HASH_TYPE) {
 
     // 1. Check hashed data
     for (var i = 0; i < 4; i++) {
-        log(hashed_chunks[i]);
         hashed_chunks[i] === pm.out[i];
     }
 
@@ -57,14 +56,14 @@ template RsaVerifyPkcs1v15(CHUNK_SIZE, CHUNK_NUMBER, E_BITS, HASH_TYPE) {
 }
 
 // Pkcs1v15 + Sha160, e = 65537
-template RsaVerifyPkcs1v15Sha1(CHUNK_SIZE, CHUNK_NUMBER, E_BITS, HASH_TYPE) {
+template RsaVerifyPkcs1v15Sha1(CHUNK_SIZE, CHUNK_NUMBER, EXP, HASH_TYPE) {
     signal input signature[CHUNK_NUMBER];
     signal input pubkey[CHUNK_NUMBER]; //aka modulus
 
     signal input hashed[HASH_TYPE];
 
     // signature ** exp mod modulus
-    component pm = PowerMod(CHUNK_SIZE, CHUNK_NUMBER, E_BITS);
+    component pm = PowerModAnyExp(CHUNK_SIZE, CHUNK_NUMBER, EXP);
     for (var i  = 0; i < CHUNK_NUMBER; i++) {
         pm.base[i] <== signature[i];
         pm.modulus[i] <== pubkey[i];
@@ -97,6 +96,7 @@ template RsaVerifyPkcs1v15Sha1(CHUNK_SIZE, CHUNK_NUMBER, E_BITS, HASH_TYPE) {
 
 // TODO: research this moment https://www.youtube.com/watch?v=XfELJU1mRMg, 
 // optimisation may be possible
+// Deprecated
 template RsaVerifyPkcs1v15Sha1E37817(CHUNK_SIZE, CHUNK_NUMBER, HASH_TYPE) {
     signal input signature[CHUNK_NUMBER];
     signal input pubkey[CHUNK_NUMBER]; //aka modulus

circuits/rsaPss/rsaPss.circom

@@ -5,7 +5,7 @@ include "./mgf1.circom";
 include "./xor2.circom";
 include "../hasher/passportHash.circom";
 
-template VerifyRsaSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, E_BITS, HASH_TYPE){
+template VerifyRsaSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HASH_TYPE){
 
     assert((HASH_TYPE == 384 && SALT_LEN == 48) || (HASH_TYPE == 256 && SALT_LEN == 64) || (HASH_TYPE == 256 && SALT_LEN == 32));
 
@@ -23,7 +23,7 @@ template VerifyRsaSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, E_BITS, HASH_TYPE){
     signal eMsgInBits[EM_LEN_BITS];
 
     //computing encoded message
-    component powmod = PowerMod(CHUNK_SIZE, CHUNK_NUMBER, E_BITS);
+    component powmod = PowerModAnyExp(CHUNK_SIZE, CHUNK_NUMBER, EXP);
     powmod.base <== signature;
     powmod.modulus <== pubkey;
 

circuits/signatureVerifier/signatureVerification.circom

@@ -18,7 +18,7 @@ template VerifySignature(SIG_ALGO){
     var PUBKEY_LEN;
     var SIGNATURE_LEN;
     var SALT_LEN = 32;
-    var E_BITS = 17;
+    var EXP = 65537;
 
     if (SIG_ALGO == 1){
         PUBKEY_LEN = CHUNK_NUMBER;
@@ -41,14 +41,15 @@ template VerifySignature(SIG_ALGO){
         PUBKEY_LEN = CHUNK_NUMBER;
         SIGNATURE_LEN = CHUNK_NUMBER;
         HASH_LEN = 160;
+        EXP = 37187;
     }
 
 
     if (SIG_ALGO == 10){
         PUBKEY_LEN = CHUNK_NUMBER;
         SIGNATURE_LEN = CHUNK_NUMBER;
         HASH_LEN = 256;
-        E_BITS = 2;
+        EXP = 3;
     }
     if (SIG_ALGO == 11){
         PUBKEY_LEN = CHUNK_NUMBER;
@@ -113,55 +114,55 @@ template VerifySignature(SIG_ALGO){
     signal input hashed[HASH_LEN];
 
     if (SIG_ALGO == 1){
-        component rsa2048Sha256Verification = RsaVerifyPkcs1v15(CHUNK_SIZE, CHUNK_NUMBER, E_BITS, HASH_LEN);
+        component rsa2048Sha256Verification = RsaVerifyPkcs1v15(CHUNK_SIZE, CHUNK_NUMBER, EXP, HASH_LEN);
         rsa2048Sha256Verification.pubkey <== pubkey;
         rsa2048Sha256Verification.signature <== signature;
         rsa2048Sha256Verification.hashed <== hashed;
     }
     if (SIG_ALGO == 2){
-        component rsa4096Sha256Verification = RsaVerifyPkcs1v15(CHUNK_SIZE, CHUNK_NUMBER, E_BITS, HASH_LEN);
+        component rsa4096Sha256Verification = RsaVerifyPkcs1v15(CHUNK_SIZE, CHUNK_NUMBER, EXP, HASH_LEN);
         rsa4096Sha256Verification.pubkey <== pubkey;
         rsa4096Sha256Verification.signature <== signature;
         rsa4096Sha256Verification.hashed <== hashed;
     }
     if (SIG_ALGO == 3){
-        component rsa2048Sha160Verification = RsaVerifyPkcs1v15Sha1(CHUNK_SIZE, CHUNK_NUMBER, E_BITS, HASH_LEN);
+        component rsa2048Sha160Verification = RsaVerifyPkcs1v15Sha1(CHUNK_SIZE, CHUNK_NUMBER, EXP, HASH_LEN);
         rsa2048Sha160Verification.pubkey <== pubkey;
         rsa2048Sha160Verification.signature <== signature;
         rsa2048Sha160Verification.hashed <== hashed;
     }
     if (SIG_ALGO == 4){
-        component verifyRsa3072Sha1E37817 = RsaVerifyPkcs1v15Sha1E37817(CHUNK_SIZE, CHUNK_NUMBER, HASH_LEN);
+        component verifyRsa3072Sha1E37817 = RsaVerifyPkcs1v15Sha1(CHUNK_SIZE, CHUNK_NUMBER, EXP, HASH_LEN);
         verifyRsa3072Sha1E37817.pubkey <== pubkey;
         verifyRsa3072Sha1E37817.signature <== signature;
         verifyRsa3072Sha1E37817.hashed <== hashed;
     }
     if (SIG_ALGO == 10){
-        component rsa2048PssSha256Verification = VerifyRsaSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, E_BITS, HASH_LEN);
+        component rsa2048PssSha256Verification = VerifyRsaSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HASH_LEN);
         rsa2048PssSha256Verification.pubkey <== pubkey;
         rsa2048PssSha256Verification.signature <== signature;
         rsa2048PssSha256Verification.hashed <== hashed;
     }
     if (SIG_ALGO == 11){
-        component rsa4096PssSha256Verification = VerifyRsaSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, E_BITS, HASH_LEN);
+        component rsa4096PssSha256Verification = VerifyRsaSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HASH_LEN);
         rsa4096PssSha256Verification.pubkey <== pubkey;
         rsa4096PssSha256Verification.signature <== signature;
         rsa4096PssSha256Verification.hashed <== hashed;
     }
     if (SIG_ALGO == 12){
-        component rsaPssSha384Verification = VerifyRsaSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, E_BITS, HASH_LEN);
+        component rsaPssSha384Verification = VerifyRsaSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HASH_LEN);
         rsaPssSha384Verification.pubkey <== pubkey;
         rsaPssSha384Verification.signature <== signature;
         rsaPssSha384Verification.hashed <== hashed;
     }
     if (SIG_ALGO == 13){
-        component rsaPssSha384Verification = VerifyRsaSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, E_BITS, HASH_LEN);
+        component rsaPssSha384Verification = VerifyRsaSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HASH_LEN);
         rsaPssSha384Verification.pubkey <== pubkey;
         rsaPssSha384Verification.signature <== signature;
         rsaPssSha384Verification.hashed <== hashed;
     }
     if (SIG_ALGO == 14){
-        component rsaPssSha384Verification = VerifyRsaSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, E_BITS, HASH_LEN);
+        component rsaPssSha384Verification = VerifyRsaSig(CHUNK_SIZE, CHUNK_NUMBER, SALT_LEN, EXP, HASH_LEN);
         rsaPssSha384Verification.pubkey <== pubkey;
         rsaPssSha384Verification.signature <== signature;
         rsaPssSha384Verification.hashed <== hashed;