Skip to content

Fix 'Can only multiply linear terms' error #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
vezenovm wants to merge 3 commits into from
Closed

Fix 'Can only multiply linear terms' error #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c2bcec8
switch arrs to use u2 rather than u1
vezenovm Nov 10, 2022
58f77ea
missing theta chunk from debugging, add it back
vezenovm Nov 10, 2022
44ce7ef
Merge branch 'mv/squeeze' into mv/fix-xor-ops
TomAFrench Nov 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion circuits/Prover.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
input = [1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
input = [1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
return = [1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0]
input_length = 1
2 changes: 1 addition & 1 deletion circuits/src/main.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@ use dep::keccak::constants;

// This is a simplified implementation of the Keccak256 hash function.
// In particular we assume that the `input_length` will be less than the size of the absorb step's block size.
fn main(input: [u1; constants::INPUT_SIZE], input_length: u64) -> pub [u1; constants::OUTPUT_SIZE] {
fn main(input: [u2; constants::INPUT_SIZE], input_length: u64) -> pub [u2; constants::OUTPUT_SIZE] {
keccak(input, input_length)
}
4 changes: 2 additions & 2 deletions lib/src/padding.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ use crate::constants;
// This is a simplified implementation of the pad10*1 algorithm.
// As we assume that the input length is smaller than the block size, we can ignore the potential for the padding
// sequence to be spread over multiple blocks.
fn pad(input: [u1; constants::INPUT_SIZE], input_length: u64) -> [u1; constants::BLOCK_SIZE] {
fn pad(input: [u2; constants::INPUT_SIZE], input_length: u64) -> [u2; constants::BLOCK_SIZE] {
// We require 2 bits of space after the message in order to include the padding bits.
// constrain input_length < BLOCK_SIZE - 2;

let mut padded_input: [u1; constants::BLOCK_SIZE] = [0 as u1; constants::BLOCK_SIZE];
let mut padded_input: [u2; constants::BLOCK_SIZE] = [0 as u2; constants::BLOCK_SIZE];
for i in 0..constants::INPUT_SIZE {
if (i as u64) < input_length {
// Copy input into padded array.
Expand Down
24 changes: 12 additions & 12 deletions lib/src/permutations.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ mod theta;

// This is a simplified implementation of the Keccak256 absorb function where we assume the input is smaller than the
// internal state size.
fn absorb(input: [u1; constants::BLOCK_SIZE]) -> [u1; constants::STATE_SIZE] {
let mut state: [u1; constants::STATE_SIZE] = [0 as u1; constants::STATE_SIZE];
fn absorb(input: [u2; constants::BLOCK_SIZE]) -> [u2; constants::STATE_SIZE] {
let mut state: [u2; constants::STATE_SIZE] = [0 as u2; constants::STATE_SIZE];

// We should in theory XOR the input with the internal state. However we know that X ^ 0 = X so we can just write
// the input into the state. We can do this as the input is guaranteed to be smaller than the state size.
Expand All @@ -22,17 +22,17 @@ fn absorb(input: [u1; constants::BLOCK_SIZE]) -> [u1; constants::STATE_SIZE] {
state
}

fn squeeze(input: [u1; constants::STATE_SIZE]) -> [u1; constants::OUTPUT_SIZE] {
fn squeeze(input: [u2; constants::STATE_SIZE]) -> [u2; constants::OUTPUT_SIZE] {

let mut result: [u1; constants::OUTPUT_SIZE] = [0 as u1; constants::OUTPUT_SIZE];
let mut result: [u2; constants::OUTPUT_SIZE] = [0 as u2; constants::OUTPUT_SIZE];

for i in 0..constants::OUTPUT_SIZE {
result[i] = input[i];
};
result
}

fn keccakfRound(state: [u1; constants::STATE_SIZE], round_number: comptime Field) -> [u1; constants::STATE_SIZE] {
fn keccakfRound(state: [u2; constants::STATE_SIZE], round_number: comptime Field) -> [u2; constants::STATE_SIZE] {

let state_after_theta = theta::theta(state);
let state_after_rhoPi = rhoPi::rhoPi(state_after_theta);
Expand All @@ -42,26 +42,26 @@ fn keccakfRound(state: [u1; constants::STATE_SIZE], round_number: comptime Field
new_state
}

fn keccakf(input: [u1; constants::STATE_SIZE]) -> [u1; constants::STATE_SIZE] {
let mut state: [u1; constants::STATE_SIZE] = [0 as u1; constants::STATE_SIZE];
fn keccakf(input: [u2; constants::STATE_SIZE]) -> [u2; constants::STATE_SIZE] {
let mut state: [u2; constants::STATE_SIZE] = [0 as u2; constants::STATE_SIZE];
for j in 0..constants::STATE_SIZE {
state[j] = input[j];
};
for i in 0..constants::NUM_ROUNDS {
for i in 0..constants::NUM_ROUNDS {
state = keccakfRound(state, i);
};
state
}

fn keccakFinal(input: [u1; constants::INPUT_SIZE], input_length: u64) -> [u1; constants::STATE_SIZE] {
let padded_input: [u1; constants::BLOCK_SIZE] = crate::padding::pad(input, input_length);
fn keccakFinal(input: [u2; constants::INPUT_SIZE], input_length: u64) -> [u2; constants::STATE_SIZE] {
let padded_input: [u2; constants::BLOCK_SIZE] = crate::padding::pad(input, input_length);

let absorb_result: [u1; constants::STATE_SIZE] = absorb(padded_input);
let absorb_result: [u2; constants::STATE_SIZE] = absorb(padded_input);

absorb_result
}

fn keccak(input: [u1; constants::INPUT_SIZE], input_length: u64) -> [u1; constants::OUTPUT_SIZE] {
fn keccak(input: [u2; constants::INPUT_SIZE], input_length: u64) -> [u2; constants::OUTPUT_SIZE] {

let final_state = keccakFinal(input, input_length);

Expand Down
2 changes: 1 addition & 1 deletion lib/src/permutations/chi.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use crate::constants;

fn chi(state: [u1; constants::STATE_SIZE]) -> [u1; constants::STATE_SIZE] {
fn chi(state: [u2; constants::STATE_SIZE]) -> [u2; constants::STATE_SIZE] {
// The labelling convention for the state array is `state[x, y, z] = state[LANE_LENGTH * (5y + x) + z]`.
let mut new_state = state;
for z in 0..constants::LANE_LENGTH {
Expand Down
4 changes: 2 additions & 2 deletions lib/src/permutations/iota.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use crate::constants;

fn iota(state: [u1; constants::STATE_SIZE], round_number: comptime Field) -> [u1; constants::STATE_SIZE] {
fn iota(state: [u2; constants::STATE_SIZE], round_number: comptime Field) -> [u2; constants::STATE_SIZE] {
// Each element of RC is a bitmap for the mask to apply to the lane.
let RC: [u64; constants::NUM_ROUNDS] = [
0x0000000000000001, 0x0000000000008082, 0x800000000000808A,
Expand All @@ -18,7 +18,7 @@ fn iota(state: [u1; constants::STATE_SIZE], round_number: comptime Field) -> [u1
// In order to update Lane(0,0) we must only update the first `LANE_LENGTH` values of the state array.
let mut new_state = state;
for i in 0..constants::LANE_LENGTH {
new_state[i] = state[i] ^ (rc as u1);
new_state[i] = state[i] ^ (rc as u2);
// Equivalent to a bitshift right.
rc = rc / 2;
};
Expand Down
4 changes: 2 additions & 2 deletions lib/src/permutations/rhoPi.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ use crate::constants;
// We merge these two functions as rho consists of a rotation of the bits within each lane and pi is a remapping of
// the lane indices. We can then efficiently perform both of these steps simultaneously by writing the output of rho
// directly into the remapped lane specified by pi.
fn rhoPi(state: [u1; constants::STATE_SIZE]) -> [u1; constants::STATE_SIZE] {
fn rhoPi(state: [u2; constants::STATE_SIZE]) -> [u2; constants::STATE_SIZE] {
// These are precomputed pairs of indices within the state array which specify how to perform the pi mapping.
// Lanes are remapped such that the lane sitting at index READ_LANE_OFFSETS[i] is remapped to WRITE_LANE_OFFSETS[i].
let READ_LANE_OFFSETS: [comptime Field; 24] = [64, 640, 448, 704, 1088, 1152, 192, 320, 1024, 512, 1344, 1536, 256, 960, 1472, 1216, 832, 768, 128, 1280, 896, 1408, 576, 384];
Expand All @@ -17,7 +17,7 @@ fn rhoPi(state: [u1; constants::STATE_SIZE]) -> [u1; constants::STATE_SIZE] {
// This definition adds an additional modulo compared to the spec but makes it easier to calculate correct offsets.
let T: [comptime Field; 24] = [1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14, 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44];

let mut new_state: [u1; constants::STATE_SIZE] = [0 as u1; constants::STATE_SIZE];
let mut new_state: [u2; constants::STATE_SIZE] = [0 as u2; constants::STATE_SIZE];
// The center lane is unaffected by the rho and pi functions so we write it directly into the new state.
for i in 0..constants::LANE_LENGTH {
new_state[i] = state[i];
Expand Down
34 changes: 18 additions & 16 deletions lib/src/permutations/theta.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1,30 @@
use crate::constants;

fn theta(state: [u1; constants::STATE_SIZE]) -> [u1; constants::STATE_SIZE] {
fn theta(state: [u2; constants::STATE_SIZE]) -> [u2; constants::STATE_SIZE] {
// The theta function works by calculating the parity of each of the columns in the state array. We store these
// in the C[x, z] arrays.
// C[x, z] = A[x, 0, z] ^ A[x, 1, z] ^ A[x, 2, z] ^ A[x, 3, z] ^ A[x, 4, z]
let mut c0: [u1; constants::LANE_LENGTH] = [0 as u1; constants::LANE_LENGTH];
let mut c1: [u1; constants::LANE_LENGTH] = [0 as u1; constants::LANE_LENGTH];
let mut c2: [u1; constants::LANE_LENGTH] = [0 as u1; constants::LANE_LENGTH];
let mut c3: [u1; constants::LANE_LENGTH] = [0 as u1; constants::LANE_LENGTH];
let mut c4: [u1; constants::LANE_LENGTH] = [0 as u1; constants::LANE_LENGTH];
let mut c0: [u2; constants::LANE_LENGTH] = [0 as u2; constants::LANE_LENGTH];
let mut c1: [u2; constants::LANE_LENGTH] = [0 as u2; constants::LANE_LENGTH];
let mut c2: [u2; constants::LANE_LENGTH] = [0 as u2; constants::LANE_LENGTH];
let mut c3: [u2; constants::LANE_LENGTH] = [0 as u2; constants::LANE_LENGTH];
let mut c4: [u2; constants::LANE_LENGTH] = [0 as u2; constants::LANE_LENGTH];
//let temp_state = state;
for i in 0..constants::LANE_LENGTH {
c0[i] = state[0 * constants::LANE_LENGTH + i] ^ state[5 * constants::LANE_LENGTH + i] ^ state[10 * constants::LANE_LENGTH + i] ^ state[15 * constants::LANE_LENGTH + i] ^ state[20 * constants::LANE_LENGTH + i];
c1[i] = state[1 * constants::LANE_LENGTH + i] ^ state[6 * constants::LANE_LENGTH + i] ^ state[11 * constants::LANE_LENGTH + i] ^ state[16 * constants::LANE_LENGTH + i] ^ state[21 * constants::LANE_LENGTH + i];
c2[i] = state[2 * constants::LANE_LENGTH + i] ^ state[7 * constants::LANE_LENGTH + i] ^ state[12 * constants::LANE_LENGTH + i] ^ state[17 * constants::LANE_LENGTH + i] ^ state[22 * constants::LANE_LENGTH + i];
c3[i] = state[3 * constants::LANE_LENGTH + i] ^ state[8 * constants::LANE_LENGTH + i] ^ state[13 * constants::LANE_LENGTH + i] ^ state[18 * constants::LANE_LENGTH + i] ^ state[23 * constants::LANE_LENGTH + i];
c4[i] = state[4 * constants::LANE_LENGTH + i] ^ state[9 * constants::LANE_LENGTH + i] ^ state[14 * constants::LANE_LENGTH + i] ^ state[19 * constants::LANE_LENGTH + i] ^ state[24 * constants::LANE_LENGTH + i];
c0[i] = state[0 * constants::LANE_LENGTH + i] ^ state[5 * constants::LANE_LENGTH + i];
//c0[i] = state[0 * constants::LANE_LENGTH + i] ^ state[5 * constants::LANE_LENGTH + i] ^ state[10 * constants::LANE_LENGTH + i] ^ state[15 * constants::LANE_LENGTH + i] ^ state[20 * constants::LANE_LENGTH + i];
//c1[i] = state[1 * constants::LANE_LENGTH + i] ^ state[6 * constants::LANE_LENGTH + i] ^ state[11 * constants::LANE_LENGTH + i] ^ state[16 * constants::LANE_LENGTH + i] ^ state[21 * constants::LANE_LENGTH + i];
//c2[i] = state[2 * constants::LANE_LENGTH + i] ^ state[7 * constants::LANE_LENGTH + i] ^ state[12 * constants::LANE_LENGTH + i] ^ state[17 * constants::LANE_LENGTH + i] ^ state[22 * constants::LANE_LENGTH + i];
//c3[i] = state[3 * constants::LANE_LENGTH + i] ^ state[8 * constants::LANE_LENGTH + i] ^ state[13 * constants::LANE_LENGTH + i] ^ state[18 * constants::LANE_LENGTH + i] ^ state[23 * constants::LANE_LENGTH + i];
//c4[i] = state[4 * constants::LANE_LENGTH + i] ^ state[9 * constants::LANE_LENGTH + i] ^ state[14 * constants::LANE_LENGTH + i] ^ state[19 * constants::LANE_LENGTH + i] ^ state[24 * constants::LANE_LENGTH + i];
};

// D[x, z] = C[(x - 1) mod 5, z] ^ C[(x + 1) mod 5, (z - 1) mod LANE_LENGTH]
let mut d0: [u1; constants::LANE_LENGTH] = [0 as u1; constants::LANE_LENGTH]; // D[0, Z] = C[4, z] ^ C[1, (z-1) mod LANE_LENGTH]
let mut d1: [u1; constants::LANE_LENGTH] = [0 as u1; constants::LANE_LENGTH]; // D[1, Z] = C[0, z] ^ C[2, (z-1) mod LANE_LENGTH]
let mut d2: [u1; constants::LANE_LENGTH] = [0 as u1; constants::LANE_LENGTH]; // D[2, Z] = C[1, z] ^ C[3, (z-1) mod LANE_LENGTH]
let mut d3: [u1; constants::LANE_LENGTH] = [0 as u1; constants::LANE_LENGTH]; // D[3, Z] = C[2, z] ^ C[4, (z-1) mod LANE_LENGTH]
let mut d4: [u1; constants::LANE_LENGTH] = [0 as u1; constants::LANE_LENGTH]; // D[4, Z] = C[3, z] ^ C[0, (z-1) mod LANE_LENGTH]
let mut d0: [u2; constants::LANE_LENGTH] = [0 as u2; constants::LANE_LENGTH]; // D[0, Z] = C[4, z] ^ C[1, (z-1) mod LANE_LENGTH]
let mut d1: [u2; constants::LANE_LENGTH] = [0 as u2; constants::LANE_LENGTH]; // D[1, Z] = C[0, z] ^ C[2, (z-1) mod LANE_LENGTH]
let mut d2: [u2; constants::LANE_LENGTH] = [0 as u2; constants::LANE_LENGTH]; // D[2, Z] = C[1, z] ^ C[3, (z-1) mod LANE_LENGTH]
let mut d3: [u2; constants::LANE_LENGTH] = [0 as u2; constants::LANE_LENGTH]; // D[3, Z] = C[2, z] ^ C[4, (z-1) mod LANE_LENGTH]
let mut d4: [u2; constants::LANE_LENGTH] = [0 as u2; constants::LANE_LENGTH]; // D[4, Z] = C[3, z] ^ C[0, (z-1) mod LANE_LENGTH]
// The modulus only affects the first cell in the lane so we handle this outside of the for-loop.
d0[0] = c4[0] ^ c1[constants::LANE_LENGTH - 1];
d1[0] = c0[0] ^ c2[constants::LANE_LENGTH - 1];
Expand Down