diff --git a/mopro-core/build.rs b/mopro-core/build.rs index ea80e6fe..82a6cc05 100644 --- a/mopro-core/build.rs +++ b/mopro-core/build.rs @@ -82,7 +82,7 @@ fn main() -> Result<()> { // let dir = "examples/circom/keccak256"; // let circuit = "keccak256_256_test"; let dir = "examples/circom/anonAadhaar"; - let circuit = "qr_verify"; + let circuit = "aadhaar-verifier"; // XXX: Use RSA // let dir = "examples/circom/rsa"; diff --git a/mopro-core/examples/circom/anonAadhaar/README.md b/mopro-core/examples/circom/anonAadhaar/README.md index ae36126c..76daed1d 100644 --- a/mopro-core/examples/circom/anonAadhaar/README.md +++ b/mopro-core/examples/circom/anonAadhaar/README.md @@ -1,3 +1,3 @@ # Notes -This version of the AA is the one with just Sha256 + RSA and no nullifiers with 917,344 contraints. +This is the latest version of the AA circuits with in total 1,767,153 contraints. diff --git a/mopro-core/examples/circom/anonAadhaar/aadhaar-verifier.circom b/mopro-core/examples/circom/anonAadhaar/aadhaar-verifier.circom new file mode 100644 index 00000000..2bb47b06 --- /dev/null +++ b/mopro-core/examples/circom/anonAadhaar/aadhaar-verifier.circom @@ -0,0 +1,111 @@ +pragma circom 2.1.6; + +include "./helpers/rsa.circom"; +include "./helpers/sha.circom"; +include "./helpers/timestamp.circom"; +include "./extractor.circom"; + +// Circuit to verify Aadhaar signature +// n: RSA pubic key size per chunk +// k: Number of chunks the RSA public key is split into +// maxDataLength: Maximum length of the data +template AadhaarVerifier(n, k, maxDataLength) { + signal input aadhaarData[maxDataLength]; // Aadhaar data padded (the data that is SHA hashed and signed) + signal input aadhaarDataLength; // length of the padded data + signal input signature[k]; // RSA signature + signal input pubKey[k]; // RSA public key (of the government) + signal input signalHash; + + signal output identityNullifier; // Hash of last 4 digits of Aadhaar number, name, DOB, gender and pin code + signal output userNullifier; // Hash of last 4 digits of Aadhaar number and photo + signal output timestamp; // Timestamp of when the data was signed - extracted and converted to Unix timestamp + signal output pubkeyHash; // Poseidon hash of the RSA public key + + + component shaHasher = Sha256Bytes(maxDataLength); + shaHasher.in_padded <== aadhaarData; + shaHasher.in_len_padded_bytes <== aadhaarDataLength; + signal sha[256]; + sha <== shaHasher.out; + + + component rsa = RSAVerify65537(n, k); + var rsaMsgLength = (256 + n) \ n; + component rsaBaseMsg[rsaMsgLength]; + for (var i = 0; i < rsaMsgLength; i++) { + rsaBaseMsg[i] = Bits2Num(n); + } + for (var i = 0; i < 256; i++) { + rsaBaseMsg[i \ n].in[i % n] <== sha[255 - i]; + } + for (var i = 256; i < n * rsaMsgLength; i++) { + rsaBaseMsg[i \ n].in[i % n] <== 0; + } + + for (var i = 0; i < rsaMsgLength; i++) { + rsa.base_message[i] <== rsaBaseMsg[i].out; + } + for (var i = rsaMsgLength; i < k; i++) { + rsa.base_message[i] <== 0; + } + + for (var i = 0; i < k; i++) { + rsa.modulus[i] <== pubKey[i]; + rsa.signature[i] <== signature[i]; + } + + + component extractor = Extractor(maxDataLength); + extractor.dataLen <== aadhaarDataLength; + extractor.data <== aadhaarData; + + signal last4Digits[4] <== extractor.last4Digits; + signal photoHash <== extractor.photoHash; + signal basicIdentityHash <== extractor.basicIdentityHash; + + component poseidonHasher[2]; + poseidonHasher[0] = Poseidon(5); + poseidonHasher[0].inputs <== [last4Digits[0], last4Digits[1], last4Digits[2], last4Digits[3], photoHash]; + + poseidonHasher[1] = Poseidon(5); + poseidonHasher[1].inputs <== [last4Digits[0], last4Digits[1], last4Digits[2], last4Digits[3], basicIdentityHash]; + + userNullifier <== poseidonHasher[0].out; + identityNullifier <== poseidonHasher[1].out; + + + // Output the timestamp rounded to nearest hour + component dateToUnixTime = DateStringToTimestamp(2030, 1, 0, 0); + for (var i = 0; i < 14; i++) { + dateToUnixTime.in[i] <== aadhaarData[i + 6]; + } + timestamp <== dateToUnixTime.out - 19800; // 19800 is the offset for IST + + + // Calculate Poseidon hash of the public key. + // Poseidon component can take only 16 inputs, so we convert k chunks to k/2 chunks. + // We are assuming k is > 16 and <= 32 (i.e we merge two consecutive item in array to bring down the size) + var poseidonInputSize = k \ 2; + if (k % 2 == 1) { + poseidonInputSize++; + } + assert(poseidonInputSize <= 16); + signal pubkeyHasherInput[poseidonInputSize]; + for (var i = 0; i < poseidonInputSize; i++) { + if (i == poseidonInputSize - 1 && poseidonInputSize % 2 == 1) { + pubkeyHasherInput[i] <== pubKey[i * 2]; + } else { + pubkeyHasherInput[i] <== pubKey[i * 2] + (1 << n) * pubKey[i * 2 + 1]; + } + } + component pubkeyHasher = Poseidon(poseidonInputSize); + pubkeyHasher.inputs <== pubkeyHasherInput; + pubkeyHash <== pubkeyHasher.out; + + + signal signalHashSquare; + signalHashSquare <== signalHash * signalHash; +} + + +component main { public [signalHash] } = AadhaarVerifier(64, 32, 512 * 3); \ No newline at end of file diff --git a/mopro-core/examples/circom/anonAadhaar/extractor.circom b/mopro-core/examples/circom/anonAadhaar/extractor.circom new file mode 100644 index 00000000..d0869445 --- /dev/null +++ b/mopro-core/examples/circom/anonAadhaar/extractor.circom @@ -0,0 +1,145 @@ +pragma circom 2.1.6; + +include "./node_modules/circomlib/circuits/comparators.circom"; +include "./node_modules/circomlib/circuits/poseidon.circom"; + + +/** + return 1 if left <= element <= right + else return 0; +**/ +template InRange(n) { + signal input left; + signal input right; + signal input element; + + signal output out; + + component l = GreaterEqThan(n); + component r = GreaterEqThan(n); + + l.in[0] <== element; + l.in[1] <== left; + + r.in[0] <== right; + r.in[1] <== element; + + out <== l.out * r.out; +} + + +template PhotoPositionComputation(MAX_NUMBER_BYTES) { + signal input dataLen; + signal input data[MAX_NUMBER_BYTES]; + signal input filter[MAX_NUMBER_BYTES]; + + signal output photoPosition[2]; + + signal numberElementLessThan16[MAX_NUMBER_BYTES]; + numberElementLessThan16[0] <== 0; + signal lessThan[MAX_NUMBER_BYTES - 1]; + for (var i = 1; i < MAX_NUMBER_BYTES; i++) { + lessThan[i - 1] <== LessThan(8)([filter[i], 16]); + numberElementLessThan16[i] <== numberElementLessThan16[i - 1] + lessThan[i -1 ]; + } + + signal totalBasicFieldsSize <== numberElementLessThan16[MAX_NUMBER_BYTES - 1]; + + photoPosition[0] <== totalBasicFieldsSize + 1; + + signal index[MAX_NUMBER_BYTES]; + signal equals[MAX_NUMBER_BYTES]; + signal acctualLen[MAX_NUMBER_BYTES]; + signal tmp[MAX_NUMBER_BYTES - 1]; + + index[0] <== 0; + acctualLen[0] <== 0; + equals[0] <== 0; + + for (var i = 1; i < MAX_NUMBER_BYTES; i++) { + index[i] <== index[i - 1] + 1; + equals[i] <== IsEqual()([index[i], dataLen - 1]); + tmp[i - 1] <== data[i - 1] * 256 + data[i]; + acctualLen[i] <== (tmp[i - 1] - acctualLen[i - 1]) * equals[i] + acctualLen[i - 1]; + } + + photoPosition[1] <== acctualLen[MAX_NUMBER_BYTES - 1]/8 - 65; + +} + + +template Extractor(MAX_NUMBER_BYTES) { + signal input data[MAX_NUMBER_BYTES]; + signal input dataLen; + + signal output photoHash; + signal output basicIdentityHash; + signal output last4Digits[4]; + + signal sData[MAX_NUMBER_BYTES]; + + component isData255[MAX_NUMBER_BYTES - 1]; + + sData[0] <== 0; + + for (var i = 0; i < MAX_NUMBER_BYTES - 1; i++) { + isData255[i] = IsEqual(); + isData255[i].in[0] <== 255; + isData255[i].in[1] <== data[i + 1]; + sData[i + 1] <== sData[i] + isData255[i].out; + } + + + component photoPositionComputation = PhotoPositionComputation(MAX_NUMBER_BYTES); + photoPositionComputation.dataLen <== dataLen; + photoPositionComputation.filter <== sData; + photoPositionComputation.data <== data; + + signal photoPosition[2] <== photoPositionComputation.photoPosition; + + signal photoFlag[MAX_NUMBER_BYTES]; + for (var i = 0; i < MAX_NUMBER_BYTES; i++) { + photoFlag[i] <== InRange(12)(photoPosition[0], photoPosition[1], i); + } + + photoHash <== HashChain(MAX_NUMBER_BYTES)(photoFlag, data); + + signal basicIdentityFlag[MAX_NUMBER_BYTES]; + signal pincodeFlag[MAX_NUMBER_BYTES]; + signal identityFlag[MAX_NUMBER_BYTES]; + + for (var i = 0; i < MAX_NUMBER_BYTES; i++) { + basicIdentityFlag[i] <== InRange(12)(2, 4, sData[i]); + pincodeFlag[i] <== IsEqual()([10, sData[i]]); + identityFlag[i] <== basicIdentityFlag[i] + pincodeFlag[i] - basicIdentityFlag[i] * pincodeFlag[i]; + } + + basicIdentityHash <== HashChain(MAX_NUMBER_BYTES)(identityFlag, data); + + // extract last fordigit; + for (var i = 0; i < 4; i++) { + last4Digits[i] <== data[i + 2]; + } +} + +template HashChain(MAX_NUMBER_BYTES) { + signal input flag[MAX_NUMBER_BYTES]; + signal input data[MAX_NUMBER_BYTES]; + + signal output hash; + + signal hashChain[MAX_NUMBER_BYTES]; + + component hasher[MAX_NUMBER_BYTES - 1]; + // We always skip the first element, since email_or_phone unnessanary when compute nullifier; + hashChain[0] <== 0; + + for (var i = 0; i < MAX_NUMBER_BYTES - 1; i++) { + hasher[i] = Poseidon(2); + hasher[i].inputs[0] <== hashChain[i]; + hasher[i].inputs[1] <== data[i + 1]; + hashChain[i + 1] <== (hasher[i].out - hashChain[i]) * flag[i + 1] + hashChain[i]; + } + + hash <== hashChain[MAX_NUMBER_BYTES - 1]; +} diff --git a/mopro-core/examples/circom/anonAadhaar/bigint.circom b/mopro-core/examples/circom/anonAadhaar/helpers/bigint.circom similarity index 98% rename from mopro-core/examples/circom/anonAadhaar/bigint.circom rename to mopro-core/examples/circom/anonAadhaar/helpers/bigint.circom index 6f6611a3..9f6b1d02 100644 --- a/mopro-core/examples/circom/anonAadhaar/bigint.circom +++ b/mopro-core/examples/circom/anonAadhaar/helpers/bigint.circom @@ -1,8 +1,8 @@ pragma circom 2.1.5; -include "./node_modules/circomlib/circuits/comparators.circom"; -include "./node_modules/circomlib/circuits/bitify.circom"; -include "./node_modules/circomlib/circuits/gates.circom"; +include "../node_modules/circomlib/circuits/comparators.circom"; +include "../node_modules/circomlib/circuits/bitify.circom"; +include "../node_modules/circomlib/circuits/gates.circom"; include "bigint_func.circom"; diff --git a/mopro-core/examples/circom/anonAadhaar/bigint_func.circom b/mopro-core/examples/circom/anonAadhaar/helpers/bigint_func.circom similarity index 100% rename from mopro-core/examples/circom/anonAadhaar/bigint_func.circom rename to mopro-core/examples/circom/anonAadhaar/helpers/bigint_func.circom diff --git a/mopro-core/examples/circom/anonAadhaar/fp.circom b/mopro-core/examples/circom/anonAadhaar/helpers/fp.circom similarity index 96% rename from mopro-core/examples/circom/anonAadhaar/fp.circom rename to mopro-core/examples/circom/anonAadhaar/helpers/fp.circom index 2653af85..cdbe09ea 100644 --- a/mopro-core/examples/circom/anonAadhaar/fp.circom +++ b/mopro-core/examples/circom/anonAadhaar/helpers/fp.circom @@ -1,8 +1,8 @@ pragma circom 2.1.5; -include "./node_modules/circomlib/circuits/bitify.circom"; -include "./node_modules/circomlib/circuits/comparators.circom"; -include "./node_modules/circomlib/circuits/sign.circom"; +include "../node_modules/circomlib/circuits/bitify.circom"; +include "../node_modules/circomlib/circuits/comparators.circom"; +include "../node_modules/circomlib/circuits/sign.circom"; include "./bigint.circom"; include "./bigint_func.circom"; diff --git a/mopro-core/examples/circom/anonAadhaar/rsa.circom b/mopro-core/examples/circom/anonAadhaar/helpers/rsa.circom similarity index 100% rename from mopro-core/examples/circom/anonAadhaar/rsa.circom rename to mopro-core/examples/circom/anonAadhaar/helpers/rsa.circom diff --git a/mopro-core/examples/circom/anonAadhaar/sha.circom b/mopro-core/examples/circom/anonAadhaar/helpers/sha.circom similarity index 98% rename from mopro-core/examples/circom/anonAadhaar/sha.circom rename to mopro-core/examples/circom/anonAadhaar/helpers/sha.circom index 73d94ded..cd1c8ce5 100644 --- a/mopro-core/examples/circom/anonAadhaar/sha.circom +++ b/mopro-core/examples/circom/anonAadhaar/helpers/sha.circom @@ -1,6 +1,6 @@ pragma circom 2.1.5; -include "./node_modules/circomlib/circuits/bitify.circom"; +include "../node_modules/circomlib/circuits/bitify.circom"; include "./sha256general.circom"; include "./sha256partial.circom"; diff --git a/mopro-core/examples/circom/anonAadhaar/sha256general.circom b/mopro-core/examples/circom/anonAadhaar/helpers/sha256general.circom similarity index 96% rename from mopro-core/examples/circom/anonAadhaar/sha256general.circom rename to mopro-core/examples/circom/anonAadhaar/helpers/sha256general.circom index 637d165c..13617751 100644 --- a/mopro-core/examples/circom/anonAadhaar/sha256general.circom +++ b/mopro-core/examples/circom/anonAadhaar/helpers/sha256general.circom @@ -1,8 +1,8 @@ pragma circom 2.1.5; -include "./node_modules/circomlib/circuits/sha256/constants.circom"; -include "./node_modules/circomlib/circuits/sha256/sha256compression.circom"; -include "./node_modules/circomlib/circuits/comparators.circom"; +include "../node_modules/circomlib/circuits/sha256/constants.circom"; +include "../node_modules/circomlib/circuits/sha256/sha256compression.circom"; +include "../node_modules/circomlib/circuits/comparators.circom"; include "./utils.circom"; // A modified version of the SHA256 circuit that allows specified length messages up to a max to all work via array indexing on the SHA256 compression circuit. diff --git a/mopro-core/examples/circom/anonAadhaar/sha256partial.circom b/mopro-core/examples/circom/anonAadhaar/helpers/sha256partial.circom similarity index 94% rename from mopro-core/examples/circom/anonAadhaar/sha256partial.circom rename to mopro-core/examples/circom/anonAadhaar/helpers/sha256partial.circom index e865a7ff..b24ea235 100644 --- a/mopro-core/examples/circom/anonAadhaar/sha256partial.circom +++ b/mopro-core/examples/circom/anonAadhaar/helpers/sha256partial.circom @@ -1,8 +1,8 @@ pragma circom 2.1.5; -include "./node_modules/circomlib/circuits/sha256/constants.circom"; -include "./node_modules/circomlib/circuits/sha256/sha256compression.circom"; -include "./node_modules/circomlib/circuits/comparators.circom"; +include "../node_modules/circomlib/circuits/sha256/constants.circom"; +include "../node_modules/circomlib/circuits/sha256/sha256compression.circom"; +include "../node_modules/circomlib/circuits/comparators.circom"; include "./utils.circom"; // Completing the sha256 hash given a pre-computed state and additional data diff --git a/mopro-core/examples/circom/anonAadhaar/helpers/timestamp.circom b/mopro-core/examples/circom/anonAadhaar/helpers/timestamp.circom new file mode 100644 index 00000000..c3784a9c --- /dev/null +++ b/mopro-core/examples/circom/anonAadhaar/helpers/timestamp.circom @@ -0,0 +1,117 @@ +pragma circom 2.1.6; + +include "../node_modules/circomlib/circuits/comparators.circom"; + +template DigitsToNumber(length) { + signal input in[length]; + signal output out; + + signal sum[length + 1]; + sum[0] <== 0; + + for (var i = 1; i <= length; i++) { + sum[i] <== sum[i - 1] * 10 + (in[i - 1] - 48); + } + + out <== sum[length]; +} + +// Converts a date string of format YYYYMMDDHHMMSS to a unix time +// Assumes the input time is in UTC +// includeHours - 1 to include hours, 0 to round down to day +// includeMinutes - 1 to include minutes, 0 to round down to hour +// includeSeconds - 1 to include seconds, 0 to round down to minute +template DateStringToTimestamp(maxYears, includeHours, includeMinutes, includeSeconds) { + signal input in[14]; + signal output out; + + signal daysTillPreviousMonth[12] <== [0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334]; + + component yearNum = DigitsToNumber(4); + yearNum.in <== [in[0], in[1], in[2], in[3]]; + signal year <== yearNum.out; + + component monthNum = DigitsToNumber(2); + monthNum.in <== [in[4], in[5]]; + signal month <== monthNum.out; + + component dayNum = DigitsToNumber(2); + dayNum.in <== [in[6], in[7]]; + signal day <== dayNum.out; + + assert(year >= 1970); + assert(year <= maxYears); + + var maxLeapYears = (maxYears - 1972) \ 4; // 1972 is first leap year since epoch + var arrLength = 14 + maxLeapYears + maxLeapYears; + + signal daysPassed[arrLength]; + daysPassed[0] <== (year - 1970) * 365; + daysPassed[1] <== day - 1; + + component isCurrentMonth[12]; + for (var i = 0; i < 12; i++) { + isCurrentMonth[i] = IsEqual(); + isCurrentMonth[i].in[0] <== month - 1; + isCurrentMonth[i].in[1] <== i; + + daysPassed[i + 2] <== isCurrentMonth[i].out * daysTillPreviousMonth[i]; // Add days till previous month + } + + component isLeapYearCurrentYear[maxLeapYears]; // ith leap year is current year + component isLeapYearLessThanCurrentYear[maxLeapYears]; // ith leap after 1970 is below current year + component isCurrentMonthAfterFeb[maxLeapYears]; + + for (var i = 0; i < maxLeapYears; i++) { + isLeapYearLessThanCurrentYear[i] = GreaterThan(8); + isLeapYearLessThanCurrentYear[i].in[0] <== year - 1972; + isLeapYearLessThanCurrentYear[i].in[1] <== i * 4; + + isLeapYearCurrentYear[i] = IsEqual(); + isLeapYearCurrentYear[i].in[0] <== year - 1972; + isLeapYearCurrentYear[i].in[1] <== i * 4; + + daysPassed[14 + i] <== isLeapYearLessThanCurrentYear[i].out; // Add 1 day for each leap year + + isCurrentMonthAfterFeb[i] = GreaterThan(4); + isCurrentMonthAfterFeb[i].in[0] <== month; + isCurrentMonthAfterFeb[i].in[1] <== 2; + daysPassed[14 + maxLeapYears + i] <== isLeapYearCurrentYear[i].out * isCurrentMonthAfterFeb[i].out; // Add 1 days if current year is leap and date is after Feb + } + + signal totalDaysPassed[arrLength]; + totalDaysPassed[0] <== daysPassed[0]; + for (var i = 1; i < arrLength; i++) { + totalDaysPassed[i] <== totalDaysPassed[i - 1] + daysPassed[i]; + } + + signal secondsPassed[4]; + secondsPassed[0] <== totalDaysPassed[arrLength -1] * 86400; + + if (includeHours == 1) { + component hoursNum = DigitsToNumber(2); + hoursNum.in <== [in[8], in[9]]; + secondsPassed[1] <== hoursNum.out * 3600; + } else { + secondsPassed[1] <== 0; + } + + if (includeMinutes == 1) { + component minutesNum = DigitsToNumber(2); + minutesNum.in <== [in[10], in[11]]; + secondsPassed[2] <== minutesNum.out * 60; + } else { + secondsPassed[2] <== 0; + } + + if (includeSeconds == 1) { + component secondsNum = DigitsToNumber(2); + secondsNum.in <== [in[12], in[13]]; + secondsPassed[3] <== secondsNum.out; + } else { + secondsPassed[3] <== 0; + } + + out <== secondsPassed[0] + secondsPassed[1] + secondsPassed[2] + secondsPassed[3]; +} + diff --git a/mopro-core/examples/circom/anonAadhaar/utils.circom b/mopro-core/examples/circom/anonAadhaar/helpers/utils.circom similarity index 95% rename from mopro-core/examples/circom/anonAadhaar/utils.circom rename to mopro-core/examples/circom/anonAadhaar/helpers/utils.circom index af477eed..3676d081 100644 --- a/mopro-core/examples/circom/anonAadhaar/utils.circom +++ b/mopro-core/examples/circom/anonAadhaar/helpers/utils.circom @@ -1,8 +1,8 @@ pragma circom 2.1.5; -include "./node_modules/circomlib/circuits/bitify.circom"; -include "./node_modules/circomlib/circuits/comparators.circom"; -include "./node_modules/circomlib/circuits/mimcsponge.circom"; +include "../node_modules/circomlib/circuits/bitify.circom"; +include "../node_modules/circomlib/circuits/comparators.circom"; +include "../node_modules/circomlib/circuits/mimcsponge.circom"; include "./fp.circom"; // returns ceil(log2(a+1)) diff --git a/mopro-core/examples/circom/anonAadhaar/input.json b/mopro-core/examples/circom/anonAadhaar/input.json index 0facb936..4ba49ca8 100644 --- a/mopro-core/examples/circom/anonAadhaar/input.json +++ b/mopro-core/examples/circom/anonAadhaar/input.json @@ -1,16 +1,25 @@ { - "padded_message": [ + "aadhaar_data": [ "72", "101", "108", "108", "111", "45", - "119", - "111", - "114", - "108", - "100", + "50", + "48", + "50", + "52", + "48", + "49", + "49", + "54", + "49", + "52", + "48", + "52", + "49", + "50", "128", "0", "0", @@ -54,16 +63,7 @@ "0", "0", "0", - "0", - "0", - "0", - "0", - "0", - "0", - "0", - "0", - "0", - "88", + "160", "0", "0", "0", @@ -1537,73 +1537,72 @@ "0", "0" ], - "message_len": 64, "signature": [ - "5596167187567483701", - "513526593043503854", - "5995057959432202096", - "1414356998237523077", - "794532761169275762", - "12842136201127994443", - "5101117095350758448", - "16556777346836481145", - "18211960573839212806", - "16672377737173512047", - "16109829926827718981", - "11586897668883521858", - "4527295425835347791", - "687657662970777542", - "18045194105095781668", - "7929275281935533164", - "3587474151890935746", - "4463268762373527539", - "17817110123877050272", - "10197700339358065465", - "7612565606738897302", - "6062048852047873843", - "7221324442813457344", - "6290366855656230152", - "17614008595782982477", - "2399360180674557919", - "17450286499289560502", - "14011941860173163341", - "10894020759410548782", - "683115458800528971", - "2833253476634668378", - "14356387821014970882" + "7960838307880713320", + "3945777141573955341", + "2932476618823247823", + "11847469484885680795", + "18217013901705690142", + "17290046459790168514", + "3092263040700576298", + "10906350268136822856", + "5861566009185068910", + "9841726919329107244", + "4226173898236316002", + "9278719063393398561", + "6731204345116280092", + "10859254522517557617", + "13083051375674932464", + "9637673805113264441", + "7899690023079693907", + "11877921194643370893", + "14295434901661167745", + "4962848501158173117", + "15491601994003863183", + "8957047068012188028", + "16116251758646727108", + "11222756580661251731", + "6657210080069134458", + "712569954809714595", + "13100884218433013757", + "10283232055506123353", + "2772405147851382348", + "4484112152033120581", + "13877802483553268856", + "6780991994298643777" ], - "modulus": [ - "2748755575296325817", - "6712742551966290655", - "1051781274257245427", - "7357783180875083004", - "11691884572642410379", - "14119541389779101138", - "7071777904659873189", - "3490500580467477062", - "10203519659926086796", - "17424774563955553547", - "10962377561100360925", - "17495876413667507686", - "3409080059059025061", - "367931309169507905", - "600837705334544621", - "8360352160901569122", - "16107859593309123578", - "4634329625682529006", - "11782424542258817668", - "10807652054986256584", - "16889965058411472092", - "16264323732917164057", - "11781020154256625241", - "10680159399383164680", - "11364346908512487831", - "16710115688254016040", - "9906054055642523234", - "2112189943628966574", - "5137114214114937361", - "13546323623067247872", - "2248742705118268159", - "14806506225332883466" + "pub_key": [ + "5547832694828736465", + "17707250398364180330", + "10291680147234043387", + "17948982159358708294", + "1253918219662865113", + "7405465986290342341", + "7880479044006709634", + "12464225867710332260", + "2970134710756635526", + "7408610470441190499", + "1556744803343728049", + "13396900514878387286", + "15508399855694890766", + "5336745082659032385", + "17673508691790113185", + "4975368997500535652", + "3679410659905223018", + "11478357451841275127", + "8286888522511297004", + "14322080480522507137", + "4840273159856470065", + "17008969634516931529", + "6348800985811776262", + "2996490959894222386", + "8182601030305129303", + "13575777032970431330", + "3330288232174960206", + "5364105895228820485", + "8379692266988689612", + "3387077644900613899", + "9589603136264531127", + "13090511411446716179" ] } diff --git a/mopro-core/examples/circom/anonAadhaar/qr_verify.circom b/mopro-core/examples/circom/anonAadhaar/qr_verify.circom deleted file mode 100644 index 5416bdeb..00000000 --- a/mopro-core/examples/circom/anonAadhaar/qr_verify.circom +++ /dev/null @@ -1,50 +0,0 @@ -pragma circom 2.1.6; - -include "./rsa.circom"; -include "./sha.circom"; - - -template QR_Verify(n, k, len) { - signal input padded_message[len]; // private - signal input message_len; // private - signal input signature[k]; //private - signal input modulus[k]; //public - - component shaHasher = Sha256Bytes(len); - - shaHasher.in_padded <== padded_message; - shaHasher.in_len_padded_bytes <== message_len; - - signal sha[256]; - - sha <== shaHasher.out; - component rsa = RSAVerify65537(n, k); - - var msg_len = (256 + n) \ n; - - component base_msg[msg_len]; - for (var i = 0; i < msg_len; i++) { - base_msg[i] = Bits2Num(n); - } - for (var i = 0; i < 256; i++) { - base_msg[i \ n].in[i % n] <== sha[255 - i]; - } - for (var i = 256; i < n * msg_len; i++) { - base_msg[i \ n].in[i % n] <== 0; - } - - for (var i = 0; i < msg_len; i++) { - rsa.base_message[i] <== base_msg[i].out; - } - for (var i = msg_len; i < k; i++) { - rsa.base_message[i] <== 0; - } - - for (var i = 0; i < k; i++) { - rsa.modulus[i] <== modulus[i]; - rsa.signature[i] <== signature[i]; - } - -} - -component main{public [modulus]} = QR_Verify(64, 32, 512 * 3); \ No newline at end of file diff --git a/mopro-core/src/middleware/circom/mod.rs b/mopro-core/src/middleware/circom/mod.rs index cdf90385..6e39a618 100644 --- a/mopro-core/src/middleware/circom/mod.rs +++ b/mopro-core/src/middleware/circom/mod.rs @@ -378,7 +378,7 @@ pub fn bytes_to_circuit_inputs(bytes: &[u8]) -> CircuitInputs { pub fn strings_to_circuit_inputs(strings: Vec) -> Vec { strings - .into_iter() // Note: using into_iter() instead of iter() to consume the Vec + .into_iter() .map(|value| BigInt::parse_bytes(value.as_bytes(), 10).unwrap()) .collect() } @@ -570,7 +570,7 @@ mod tests { assert!(verify_res.unwrap()); // Verifying that the proof was indeed verified } - // #[ignore = "ignore for ci"] + #[ignore = "ignore for ci"] #[test] fn test_setup_prove_rsa() { let wasm_path = "./examples/circom/rsa/target/main_js/main.wasm"; @@ -626,10 +626,11 @@ mod tests { assert!(verify_res.unwrap()); // Verifying that the proof was indeed verified } + #[ignore = "ignore for ci"] #[test] fn test_setup_prove_anon_aadhaar() { - let wasm_path = "./examples/circom/anonAadhaar/target/qr_verify_js/qr_verify.wasm"; - let r1cs_path = "./examples/circom/anonAadhaar/target/qr_verify.r1cs"; + let wasm_path = "./examples/circom/anonAadhaar/target/aadhaar-verifier_js/aadhaar-verifier.wasm"; + let r1cs_path = "./examples/circom/anonAadhaar/target/aadhaar-verifier.r1cs"; // Instantiate CircomState let mut circom_state = CircomState::new(); @@ -643,9 +644,9 @@ mod tests { // Prepare inputs #[derive(serde::Deserialize)] struct InputData { - padded_message: Vec, + aadhaar_data: Vec, signature: Vec, - modulus: Vec, + pub_key: Vec, } let file_data = std::fs::read_to_string("./examples/circom/anonAadhaar/input.json").expect("Unable to read file"); @@ -653,19 +654,19 @@ mod tests { let mut inputs: CircuitInputs = HashMap::new(); inputs.insert( - "padded_message".to_string(), - strings_to_circuit_inputs(data.padded_message), + "aadhaarData".to_string(), + strings_to_circuit_inputs(data.aadhaar_data), ); - inputs.insert("message_len".to_string(), vec![BigInt::from(64)]); + inputs.insert("aadhaarDataLength".to_string(), vec![BigInt::from(64)]); inputs.insert( "signature".to_string(), strings_to_circuit_inputs(data.signature), ); inputs.insert( - "modulus".to_string(), - strings_to_circuit_inputs(data.modulus), + "pubKey".to_string(), + strings_to_circuit_inputs(data.pub_key), ); - + inputs.insert("signalHash".to_string(), vec![BigInt::from(1)]); // Proof generation let generate_proof_res = circom_state.generate_proof(inputs);