Skip to content

Commit

Permalink
Initial implementation of SHA512
Browse files Browse the repository at this point in the history 
Signed-off-by: Jinank Jain <jinank94@gmail.com>
  • Loading branch information
@jinankjain
jinankjain committed Dec 28, 2022
0 parents commit d905211
Show file tree
Hide file tree
Showing 19 changed files with 4,229 additions and 0 deletions.
5 changes: 5 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
clean:
find . -name "*.r1cs" -type f -delete
find . -name "*.sym" -type f -delete
-find . -name "*_js" -type d | xargs rm -r
-find . -name "*_cpp" -type d | xargs rm -r
32 changes: 32 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# SHA512

A circuit to compute SHA512 hash written in [Circom](https://github.com/iden3/circom).

## Installation
```
npm install
```

## Tests
```
npm test
```

## Usage

```circom
include "sha512/sha512/sha512.circom";
include "circomlib/binsum.circom"; // make sure to include your copy of binsum.circom from circomblib
var INPUT_BITS = 1024; // number of bits of the input message
component sha512 = Sha512(INPUT_BITS);
for (var i = 0; i < INPUT_BITS; i++) {
sha512.in[i] <== nullifierBits[i];
}
for (var i = 0; i < 512; i++) {
out[i] <== sha512.out[i];
}
```

## Constraint guarantees
The circuit only uses `<==` and doesn't use `<--` thus ensuring that the circuit correctly generates all the constraints.
Binary file added circuits/.DS_Store
Binary file not shown.
47 changes: 47 additions & 0 deletions circuits/sha512/ch.circom
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
/*
Copyright 2018 0KIMS association.
This file is part of circom (Zero Knowledge Circuit Compiler).
circom is a free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
circom is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/

/* Ch
000 0
001 1
010 0
011 1
100 0
101 0
110 1
111 1
out = a&b ^ (!a)&c =>
out = a*(b-c) + c
*/
pragma circom 2.0.0;

template Ch_t512(n) {
signal input a[n];
signal input b[n];
signal input c[n];
signal output out[n];

for (var k=0; k<n; k++) {
out[k] <== a[k] * (b[k]-c[k]) + c[k];
}
}
57 changes: 57 additions & 0 deletions circuits/sha512/constants.circom
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
/*
Copyright 2018 0KIMS association.
This file is part of circom (Zero Knowledge Circuit Compiler).
circom is a free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
circom is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
pragma circom 2.0.0;

template H512(x) {
signal output out[64];
var c[8] = [
0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179
];

for (var i=0; i<64; i++) {
out[i] <== (c[x] >> i) & 1;
}
}

template K512(x) {
signal output out[64];
var c[80] = [
0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc, 0x3956c25bf348b538,
0x59f111f1b605d019, 0x923f82a4af194f9b, 0xab1c5ed5da6d8118, 0xd807aa98a3030242, 0x12835b0145706fbe,
0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2, 0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235,
0xc19bf174cf692694, 0xe49b69c19ef14ad2, 0xefbe4786384f25e3, 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,
0x2de92c6f592b0275, 0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5, 0x983e5152ee66dfab,
0xa831c66d2db43210, 0xb00327c898fb213f, 0xbf597fc7beef0ee4, 0xc6e00bf33da88fc2, 0xd5a79147930aa725,
0x06ca6351e003826f, 0x142929670a0e6e70, 0x27b70a8546d22ffc, 0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed,
0x53380d139d95b3df, 0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6, 0x92722c851482353b,
0xa2bfe8a14cf10364, 0xa81a664bbc423001, 0xc24b8b70d0f89791, 0xc76c51a30654be30, 0xd192e819d6ef5218,
0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8, 0x19a4c116b8d2d0c8, 0x1e376c085141ab53,
0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8, 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb, 0x5b9cca4f7763e373,
0x682e6ff3d6b2b8a3, 0x748f82ee5defb2fc, 0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec,
0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915, 0xc67178f2e372532b, 0xca273eceea26619c,
0xd186b8c721c0c207, 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178, 0x06f067aa72176fba, 0x0a637dc5a2c898a6,
0x113f9804bef90dae, 0x1b710b35131c471b, 0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc,
0x431d67c49c100d4c, 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a, 0x5fcb6fab3ad6faec, 0x6c44198c4a475817
];

for (var i=0; i<64; i++) {
out[i] <== (c[x] >> i) & 1;
}
}
45 changes: 45 additions & 0 deletions circuits/sha512/maj.circom
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
/*
Copyright 2018 0KIMS association.
This file is part of circom (Zero Knowledge Circuit Compiler).
circom is a free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
circom is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/

/* Maj function for sha256
out = a&b ^ a&c ^ b&c =>
out = a*b + a*c + b*c - 2*a*b*c =>
out = a*( b + c - 2*b*c ) + b*c =>
mid = b*c
out = a*( b + c - 2*mid ) + mid
*/
pragma circom 2.0.0;

template Maj_t512(n) {
signal input a[n];
signal input b[n];
signal input c[n];
signal output out[n];
signal mid[n];

for (var k=0; k<n; k++) {
mid[k] <== b[k]*c[k];
out[k] <== a[k] * (b[k]+c[k]-2*mid[k]) + mid[k];
}
}
28 changes: 28 additions & 0 deletions circuits/sha512/rotate.circom
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
/*
Copyright 2018 0KIMS association.
This file is part of circom (Zero Knowledge Circuit Compiler).
circom is a free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
circom is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License
along with circom. If not, see <https://www.gnu.org/licenses/>.
*/
pragma circom 2.0.0;

template RotR512(n, r) {
signal input in[n];
signal output out[n];

for (var i=0; i<n; i++) {
out[i] <== in[ (i+r)%n ];
}
}
81 changes: 81 additions & 0 deletions circuits/sha512/sha512.circom
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
pragma circom 2.0.0;

include "constants.circom";
include "sha512compression.circom";

template Sha512(nBits) {
signal input in[nBits];
signal output out[512];

var i;
var k;
var nBlocks;
var bitsLastBlock;


nBlocks = ((nBits + 128)\1024)+1;

signal paddedIn[nBlocks*1024];

for (k=0; k<nBits; k++) {
paddedIn[k] <== in[k];
}
paddedIn[nBits] <== 1;

for (k=nBits+1; k<nBlocks*1024-128; k++) {
paddedIn[k] <== 0;
}

for (k = 0; k< 128; k++) {
paddedIn[nBlocks*1024 - k -1] <== (nBits >> k)&1;
}

component ha0 = H512(0);
component hb0 = H512(1);
component hc0 = H512(2);
component hd0 = H512(3);
component he0 = H512(4);
component hf0 = H512(5);
component hg0 = H512(6);
component hh0 = H512(7);

component sha512compression[nBlocks];

for (i=0; i<nBlocks; i++) {

sha512compression[i] = Sha512compression() ;

if (i==0) {
for (k=0; k<64; k++ ) {
sha512compression[i].hin[0*64+k] <== ha0.out[k];
sha512compression[i].hin[1*64+k] <== hb0.out[k];
sha512compression[i].hin[2*64+k] <== hc0.out[k];
sha512compression[i].hin[3*64+k] <== hd0.out[k];
sha512compression[i].hin[4*64+k] <== he0.out[k];
sha512compression[i].hin[5*64+k] <== hf0.out[k];
sha512compression[i].hin[6*64+k] <== hg0.out[k];
sha512compression[i].hin[7*64+k] <== hh0.out[k];
}
} else {
for (k=0; k<64; k++ ) {
sha512compression[i].hin[64*0+k] <== sha512compression[i-1].out[64*0+63-k];
sha512compression[i].hin[64*1+k] <== sha512compression[i-1].out[64*1+63-k];
sha512compression[i].hin[64*2+k] <== sha512compression[i-1].out[64*2+63-k];
sha512compression[i].hin[64*3+k] <== sha512compression[i-1].out[64*3+63-k];
sha512compression[i].hin[64*4+k] <== sha512compression[i-1].out[64*4+63-k];
sha512compression[i].hin[64*5+k] <== sha512compression[i-1].out[64*5+63-k];
sha512compression[i].hin[64*6+k] <== sha512compression[i-1].out[64*6+63-k];
sha512compression[i].hin[64*7+k] <== sha512compression[i-1].out[64*7+63-k];
}
}

for (k=0; k<1024; k++) {
sha512compression[i].inp[k] <== paddedIn[i*1024+k];
}
}

for (k=0; k<512; k++) {
out[k] <== sha512compression[nBlocks-1].out[k];
}

}
Loading

0 comments on commit d905211

Please sign in to comment.