Ruanpc/pi compress

README.md

@@ -64,9 +64,9 @@ cargo run -p zk-commit-cli -- balance -a ${zkpay_addr}
 
 7. generate the mobile claim proof
 ```
-addr="0x1234560000000000000000000000000000000000"
+recipient_addr="0x0102030000000000000000000000000000000000"
 mkdir tmp/
-cargo run -p zk-commit-cli -- gen-claim-proof --address ${addr} --amount 1 --secret 0 --commit-hash ${tree_root} --siblings ${sibling}
+cargo run -p zk-commit-cli -- gen-claim-proof --address ${recipient_addr} --amount 1 --secret 0 --commit-hash ${tree_root} --siblings ${sibling}
 
 # note that tmp/test.bin has been generated
 ```
@@ -102,4 +102,6 @@ cargo run -p zk-commit-cli -- withdraw -c ${call_data} -n ${name}
 ```
 zkpay_addr=0x9fe46736679d2d9a65f0992f2272de9f3c7fa6e0
 cargo run -p zk-commit-cli -- balance -a ${zkpay_addr}
+
+cargo run -p zk-commit-cli -- balance -a ${recipient_addr}
 ```

crates/zk-commit-circom/circuits/src/plonky2.circom

@@ -36,6 +36,13 @@ template VerifyPlonky2Proof() {
   signal input fri_pow_witness;
   signal input public_inputs[NUM_PUBLIC_INPUTS()];
 
+  var num_compressed_inputs = NUM_COMPRESSED_INPUTS(NUM_PUBLIC_INPUTS());
+  signal output compressed_inputs[num_compressed_inputs];
+
+  component input_compressor = compress_inputs();
+  input_compressor.public_inputs <== public_inputs;
+  compressed_inputs <== input_compressor.compressed_inputs;
+
   component public_input_hasher = HashNoPad_GL(NUM_PUBLIC_INPUTS(), 4);
 
   public_input_hasher.in <== public_inputs;
@@ -122,4 +129,4 @@ template VerifyPlonky2Proof() {
   verify_fri_proof.fri_query_indices <== get_challenges.fri_query_indices;
 }
 
-component main {public [public_inputs]} = VerifyPlonky2Proof();
+component main = VerifyPlonky2Proof();

crates/zk-commit-circom/circuits/src/utils.circom

@@ -71,3 +71,111 @@ template RandomAccess2(N, M) {
   }
 }
 
+template ReverseEndian64() {
+  signal input in;
+  signal output out;
+
+  var mask = ((1<<8) -1);
+  var tmp = (in ) & mask;
+  tmp = tmp * (1<<8) + ((in >> (8*1) ) & mask);
+  tmp = tmp * (1<<8) + ((in >> (8*2) ) & mask);
+  tmp = tmp * (1<<8) + ((in >> (8*3) ) & mask);
+  tmp = tmp * (1<<8) + ((in >> (8*4) ) & mask);
+  tmp = tmp * (1<<8) + ((in >> (8*5) ) & mask);
+  tmp = tmp * (1<<8) + ((in >> (8*6) ) & mask);
+  tmp = tmp * (1<<8) + ((in >> (8*7) ) & mask);
+
+  out <--tmp;
+}
+
+// convert Bn128 Scalar in Big Endian to 3 gl numbers in Little Endian
+template BEBn128ToLEGl3() {
+    signal input in;
+    signal output low_le_gl;
+    signal output mid_le_gl;
+    signal output high_le_gl;
+
+    signal low_be_bn128;
+    signal mid_be_bn128;
+    signal high_be_bn128;
+
+    var acc=0;
+    var mask = (1<<64) -1;
+    low_be_bn128 <-- (in) & mask;
+    acc += low_be_bn128;
+
+    mid_be_bn128 <-- (in >> 64) & mask;
+    acc += mid_be_bn128 * (1 << 64);
+
+    high_be_bn128 <-- (in >> 128) & mask;
+    acc += high_be_bn128 * (1 << 128);
+
+    acc === in;
+    // log("in ", in);
+    // log("mask ", mask);
+    // log("low_be_128 ", low_be_bn128);
+    // log("mid_be_128 ", mid_be_bn128);
+    // log("high_be_128 ", high_be_bn128);
+
+    component reverse_endians[3];
+    for (var i = 0; i < 3; i++) {
+      reverse_endians[i] = ReverseEndian64();
+    } 
+
+    reverse_endians[0].in <== low_be_bn128;
+    high_le_gl <== reverse_endians[0].out;
+
+    reverse_endians[1].in <== mid_be_bn128;
+    mid_le_gl <== reverse_endians[1].out;
+
+    reverse_endians[2].in <== high_be_bn128;
+    low_le_gl <== reverse_endians[2].out;
+    // log("reverse_endians[2].out ", reverse_endians[2].out);
+}
+
+template compress_3gl() {
+  signal input low;
+  signal input mid;
+  signal input high;
+  signal output out;
+
+  var acc=0;
+  acc += low;
+  acc += mid * (1 << 64);
+  acc += high * (1 << 128);
+  out <== acc;
+}
+
+function NUM_COMPRESSED_INPUTS(num_input) { 
+  if (num_input % 3 == 0) {
+    return num_input \ 3;
+  } else {
+    return (num_input \ 3) + 1;
+  }
+}
+
+template compress_inputs() {
+  var num_inputs = NUM_PUBLIC_INPUTS();
+  signal input public_inputs[num_inputs];
+
+  var num_compressed_inputs = NUM_COMPRESSED_INPUTS(num_inputs);
+  signal output compressed_inputs[num_compressed_inputs];
+  signal pad0_public_inputs[num_compressed_inputs * 3];
+
+  for(var i = 0; i < num_inputs; i++){
+    pad0_public_inputs[i] <== public_inputs[i];
+  }
+  for(var i = num_inputs; i < num_compressed_inputs * 3; i++){
+    pad0_public_inputs[i] <== 0;
+  }
+
+  var y = 0;
+  component compressors[num_compressed_inputs];
+  for(var i = 0; i < num_compressed_inputs; i++){
+      compressors[i] = compress_3gl();
+      compressors[i].low <== pad0_public_inputs[3*i+0];
+      compressors[i].mid <== pad0_public_inputs[3*i+1];
+      compressors[i].high <== pad0_public_inputs[3*i+2];
+      compressed_inputs[i] <== compressors[i].out;
+  } 
+}

crates/zk-commit-circom/circuits/test/circuits/utils.test.circom

@@ -5,19 +5,26 @@ template UtilsTest() {
     signal input in;
     signal output out;
 
-    component sgl = Num128ToGl();
-    sgl.in <==    161360025679164738177229890718278319974;
+    // component sgl = Num128ToGl();
+    // sgl.in <==    161360025679164738177229890718278319974;
 
-    sgl.out[0] === 8747344519683359610;
-    sgl.out[1] === 15084727568693690214;
+    // sgl.out[0] === 8747344519683359610;
+    // sgl.out[1] === 15084727568693690214;
 
-    component re1 = ReverseEndian();
-    re1.in <== 8747344519683359610;
-    re1.out === 8846107364446659705;
+    // component re1 = ReverseEndian64();
+    // re1.in <== 8747344519683359610;
+    // re1.out === 8846107364446659705;
+
+    // component re2 = ReverseEndian64();
+    // re2.in <== 15084727568693690214;
+    // re2.out === 7385770527525656529;
+
+    component bn128_to_gl = BEBn128ToLEGl3();
+    bn128_to_gl.in <== 3501069101925201181638369191551340478849585137744129937254; // 0x8EC8DDF176DB3A52B1B101D9ADA4E5F72206D53254EDCF66
+    bn128_to_gl.low_le_gl === 5925289563669776526; // 0x523ADB76F1DDC88E
+    bn128_to_gl.mid_le_gl === 17862864563612004785; // 0xF7E5A4ADD90151B1
+    bn128_to_gl.high_le_gl === 7408400857933612578; // 0x66CFED5432D50622
 
-    component re2 = ReverseEndian();
-    re2.in <== 15084727568693690214;
-    re2.out === 7385770527525656529;
 
     // Dummy input/output
     in === 1;

crates/zk-commit-circom/package.json

@@ -7,7 +7,8 @@
       "test": "test"
     },
     "scripts": {
-      "test::circuits": "mocha --max-old-space-size=4000 circuits/test/plonk.test.js",
+      "test::circuits::plonk": "mocha --max-old-space-size=4000 circuits/test/plonk.test.js",
+      "test::circuits::util": "mocha --max-old-space-size=4000 circuits/test/utils.test.js",
       "verify": "ts-node scripts/verify"
     },
     "license": "UNLICENSED",