feat: foldable chacha20 #51
Conversation
This reverts commit 8aa8b08.
0xJepsen
requested review from
lonerapier and
Autoparallel
and removed request for
lonerapier
|
lol the name here |
| var tmp[4][32] = in; | ||
|
|
||
| // a += b | ||
| component add1 = AddBits(32); |
There was a problem hiding this comment.
Like surely we can do this 32 bit add more efficiently, right?
There was a problem hiding this comment.
Good question. I don't know, perhaps it's worth looking into if this circuits performance becomes a problem.
| // counter => 32-bit word to apply w nonce | ||
| signal input counter[32]; | ||
|
|
||
| // the below can be both ciphertext or plaintext depending on the direction |
There was a problem hiding this comment.
I don't quite get this. Is this to say that the encryption algorithm is exactly the same as decryption?
There was a problem hiding this comment.
yes thats exactly correct. this circuit is entirely symmetric.
| // Test case from RCF https://www.rfc-editor.org/rfc/rfc7539.html#section-2.4.2 | ||
| // the input encoding here is not the most intuitive. inputs are serialized as little endian. | ||
| // i.e. "e4e7f110" is serialized as "10 f1 e7 e4". So the way i am reading in inputs is | ||
| // to ensure that every 32 bit word is byte reversed before being turned into bits. |
| @@ -212,7 +206,7 @@ const json_key3_mask = [ | |||
| const json_key3_mask_hash = DataHasher(json_key3_mask); | |||
|
|
|||
| describe("NIVC_FULL", async () => { | |||
| let aesCircuit: WitnessTester<["key", "iv", "aad", "ctr", "plainText", "cipherText", "step_in"], ["step_out"]>; | |||
There was a problem hiding this comment.
I'm not a fan of deleting a whole test case. We may want to come back to AES. We don't know yet, but I don't want to remove this circuit and its test in this PR.
In general, PRs should do one thing -- this one adds fodlable ChaCha20. It should not remove AES-GCTR. This is the main reason this got reverted.
There was a problem hiding this comment.
So what should we use in the full test AES or ChaCha?
There was a problem hiding this comment.
I actually just put them both back in the full test for now which seems best.
| signal input in[BITS]; | ||
| signal output out[BITS]; | ||
| for (var i = 0; i < BITS; i++) { | ||
| out[i] <== in[(i + L) % BITS]; |
There was a problem hiding this comment.
modular arithmetic is the best thing
Reverts #50
This one is reopen so now you can review