Merge pull request #400 from EYBlockchain/julian@dsl-update

Zokrates DSL update

Author: jtcoolen

circuits/common/casts/u32_array_to_field.zok

@@ -1,12 +1,13 @@
-from "EMBED" import u32_to_bits
+from "EMBED" import u32_to_bits;
 
-def main<N>(u32[N] i) -> (field):
-    field res = 0
-    for u32 k in 0..N do
-        for u32 j in 0..32 do
-            bool[32] bits = u32_to_bits(i[k])
-            u32 exponent = (N - k - 1) * 32 + (32 - j - 1)
-            res = res + if bits[j] then 2 ** exponent else 0 fi
-        endfor
-    endfor
-    return res
+def main<N>(u32[N] i) -> field {
+    field mut res = 0;
+    for u32 k in 0..N {
+        for u32 j in 0..32 {
+            bool[32] bits = u32_to_bits(i[k]);
+            u32 exponent = (N - k - 1) * 32 + (32 - j - 1);
+            res = res + if bits[j] { 2 ** exponent } else { 0 };
+        }
+    }
+    return res;
+}

circuits/common/casts/u8_array_to_field.zok

@@ -1,12 +1,13 @@
-from "EMBED" import u8_to_bits
+from "EMBED" import u8_to_bits;
 
-def main<N>(u8[N] i) -> (field):
-    field res = 0
-    for u32 k in 0..N do
-        for u32 j in 0..8 do
-            bool[8] bits = u8_to_bits(i[k])
-            u32 exponent = (N - k - 1) * 8 + (8 - j - 1)
-            res = res + if bits[j] then 2 ** exponent else 0 fi
-        endfor
-    endfor
-    return res
+def main<N>(u8[N] i) -> field {
+    field res = 0;
+    for u32 k in 0..N {
+        for u32 j in 0..8 {
+            bool[8] bits = u8_to_bits(i[k]);
+            u32 exponent = (N - k - 1) * 8 + (8 - j - 1);
+            res = res + if bits[j] { 2 ** exponent } else { 0 };
+        }
+    }
+    return res;
+}

circuits/common/concatenate/order-left-right-1x1.zok

@@ -3,7 +3,8 @@
 // If order = 0: input1 is on the left.
 // If order = 1: input1 is on the right.
 
-def main(bool order, field input1, field input2) -> (field[2]):
-	field left = if order == false then input1 else input2 fi
-	field right = if order == false then input2 else input1 fi
-	return [left, right]
+def main(bool order, field input1, field input2) -> field[2] {
+	field left = if order == false { input1 } else { input2 };
+	field right = if order == false { input2 } else { input1 };
+	return [left, right];
+}

circuits/common/encryption/kem-dem.zok

@@ -1,40 +1,42 @@
-from "ecc/babyjubjubParams" import BabyJubJubParams
-from "ecc/babyjubjubParams" import main as curveParams
-from "ecc/edwardsScalarMult" import main as scalarMult
-from "utils/casts/u32_to_field" import main as u32_to_field
-from "hashes/poseidon/poseidon.zok" import main as poseidon
+from "ecc/babyjubjubParams" import BabyJubJubParams;
+from "ecc/babyjubjubParams" import main as curveParams;
+from "ecc/edwardsScalarMult" import main as scalarMult;
+from "utils/casts/u32_to_field" import main as u32_to_field;
+from "hashes/poseidon/poseidon.zok" import main as poseidon;
 
 struct EncryptedMsgs<N> {
-    field[N] cipherText
-    field[2] ephemeralPublicKey
+    field[N] cipherText;
+    field[2] ephemeralPublicKey;
 }
 
+const field DOMAIN_KEM = 10f;
 
-const field DOMAIN_KEM = 10f
+const field DOMAIN_DEM = 20f;
 
-const field DOMAIN_DEM = 20f
-
-def kem(bool[256] ephemeralKey, field[2] recipientPub) -> field:
-    BabyJubJubParams context = curveParams()
-	field[2] g = [context.Gu, context.Gv]
-    field[2] sharedSecret = scalarMult(ephemeralKey, recipientPub, context)
-    field encryptionKey = poseidon([sharedSecret[0], sharedSecret[1], DOMAIN_KEM])
-    return encryptionKey
+def kem(bool[256] mut ephemeralKey, field[2] recipientPub) -> field {
+    BabyJubJubParams mut context = curveParams();
+    field[2] mut g = [context.Gu, context.Gv];
+    field[2] mut sharedSecret = scalarMult(ephemeralKey, recipientPub, context);
+    field mut encryptionKey = poseidon([sharedSecret[0], sharedSecret[1], DOMAIN_KEM]);
+    return encryptionKey;
+}
 
-def dem<N>(field encryptionKey, field[N] plainText) -> field[N]:
-    field[N] output = [0; N]
-    for u32 i in 0..N do
-        output[i] = poseidon([encryptionKey, DOMAIN_DEM, u32_to_field(i)]) + plainText[i]
-    endfor
-    return output
+def dem<N>(field mut encryptionKey, field[N] plainText) -> field[N] {
+    field[N] mut output = [0; N];
+    for u32 i in 0..N {
+        output[i] = poseidon([encryptionKey, DOMAIN_DEM, u32_to_field(i)]) + plainText[i];
+    }
+    return output;
+}
 
-def main<N>(bool[256] ephemeralKey,field[2] recipientPub,field[N] plainText) -> EncryptedMsgs<N>:
-    BabyJubJubParams context = curveParams()
-	field[2] g = [context.Gu, context.Gv]
-    field[2] ephemeralPub = scalarMult(ephemeralKey, g, context)
+def main<N>(bool[256] mut ephemeralKey, field[2] recipientPub, field[N] plainText) -> EncryptedMsgs<N> {
+    BabyJubJubParams mut context = curveParams();
+    field[2] mut g = [context.Gu, context.Gv];
+    field[2] mut ephemeralPub = scalarMult(ephemeralKey, g, context);
 
-    field encryptionKey = kem(ephemeralKey, recipientPub)
+    field mut encryptionKey = kem(ephemeralKey, recipientPub);
 
-    field[N] cipherText = dem(encryptionKey, plainText)
-    EncryptedMsgs<N> e = EncryptedMsgs { cipherText: cipherText, ephemeralPublicKey: ephemeralPub}
-    return e
+    field[N] mut cipherText = dem(encryptionKey, plainText);
+    EncryptedMsgs<N> mut e = EncryptedMsgs { cipherText: cipherText, ephemeralPublicKey: ephemeralPub };
+    return e;
+}

circuits/common/hashes/mimc/altbn254/mimc-constants.zok

@@ -1,4 +1,4 @@
-def main()->(field[91]):
+def main() -> field[91] {
   return [
   20888961410941983456478427210666206549300505294776164667214940546594746570981,
   15265126113435022738560151911929040668591755459209400716467504685752745317193,
@@ -91,4 +91,5 @@ def main()->(field[91]):
   18979889247746272055963929241596362599320706910852082477600815822482192194401,
   13602139229813231349386885113156901793661719180900395818909719758150455500533,
   13952667105157556595308191233585255581771936717523666104281454907150877850313
-]
+];
+}

circuits/common/hashes/mimc/altbn254/mimc.zok

@@ -2,12 +2,13 @@
 
 // we use an exponent of 7 and 91 rounds
 
-from "./mimc-constants.zok" import main as constants
+from "./mimc-constants.zok" import main as constants;
 
-def main(field x, field k)->(field):
-  field[91] c = constants()
-  for u32 i in 0..91 do
-    field t = x + c[i] + k
-    x = t**7 // t^7 because 7th power is bijective in this field
-  endfor
-  return x + k
+def main(field mut x, field mut k) -> field {
+  field[91] c = constants();
+  for u32 mut i in 0..91 {
+    field mut t = x + c[i] + k;
+    x = t**7; // t^7 because 7th power is bijective in this field
+  }
+  return x + k;
+}

circuits/common/hashes/mimc/altbn254/mimc2.zok

@@ -1,10 +1,11 @@
 // MiMC hashing function for five input fields
 
-from "./mimc.zok" import main as mimcpe7
+from "./mimc.zok" import main as mimcpe7;
 
-def main(field[2] a)->(field):
-  field r = 0
-  for u32 i in 0..2 do
-    r = r + a[i] + mimcpe7(a[i], r)
-  endfor
-  return r
+def main(field[2] a) -> field {
+  field mut r = 0;
+  for u32 i in 0..2 {
+    r = r + a[i] + mimcpe7(a[i], r);
+  }
+  return r;
+}

circuits/common/hashes/poseidon/constants.zok

@@ -10904,7 +10904,7 @@ const field[16][1292] POSEIDON_C = [
         15306300298273142257702357120212730128497075786589008381550108606914393296015,
         19116371381269652319147699604019975103087973589614811479290794650138683901396
     ]
-]
+];
 
 const field[16][17][17] POSEIDON_M = [
       [
@@ -13842,4 +13842,4 @@ const field[16][17][17] POSEIDON_M = [
           13228220894074693515947418568115512670466893414535562052872530653586084906533
         ]
       ]
-    ]
+    ];

circuits/common/hashes/poseidon/poseidon.zok

@@ -1,60 +1,62 @@
 // circuit code (with more inputs) with reference from zokrates core library 
 // https://github.com/Zokrates/ZoKrates/blob/develop/zokrates_stdlib/stdlib/hashes/poseidon/constants.zok
 
-from "./constants.zok" import POSEIDON_C, POSEIDON_M
-
-def ark<N>(field[N] state, field[1292] c, u32 it) -> field[N]:
-    for u32 i in 0..N do
-        state[i] = state[i] + c[it + i]
-    endfor
-    return state
-
-def sbox<N>(field[N] state, u32 f, u32 p, u32 r) -> field[N]:
-    state[0] = state[0]**5
-    for u32 i in 1..N do
-        state[i] = if ((r < f/2) || (r >= f/2 + p)) then state[i]**5 else state[i] fi
-    endfor
-    return state
-
-def mix<N>(field[N] state, field[17][17] m) -> field[N]:
-    field[N] out = [0; N]
-    for u32 i in 0..N do
-        field acc = 0
-        for u32 j in 0..N do 
-            acc = acc + (state[j] * m[i][j])
-        endfor
-        out[i] = acc
-    endfor
-    return out
-
-def main<N>(field[N] inputs) -> field:
-    assert(N > 0 && N <= 16) // max 16 inputs
-
-    u32 t = N + 1
-    u32[16] rounds_p = [56, 57, 56, 60, 60, 63, 64, 63, 60, 66, 60, 65, 70, 60, 64, 68]
-
-    u32 f = 8
-    u32 p = rounds_p[(t - 2)]
+from "./constants.zok" import POSEIDON_C, POSEIDON_M;
+
+def ark<N>(field[N] mut state, field[1292] c, u32 it) -> field[N] {
+    for u32 i in 0..N {
+        state[i] = state[i] + c[it + i];
+    }
+    return state;
+}
+
+def sbox<N>(field[N] mut state, u32 f, u32 p, u32 r) -> field[N] {
+    state[0] = state[0]**5;
+    for u32 i in 1..N {
+        state[i] = if ((r < f/2) || (r >= f/2 + p)) { state[i]**5 } else { state[i] };
+    }
+    return state;
+}
+
+def mix<N>(field[N] mut state, field[17][17] m) -> field[N] {
+    field[N] mut out = [0; N];
+    for u32 i in 0..N {
+        field mut acc = 0;
+        for u32 j in 0..N { 
+            acc = acc + (state[j] * m[i][j]);
+        }
+        out[i] = acc;
+    }
+    return out;
+}
+
+def main<N>(field[N] inputs) -> field {
+    assert(N > 0 && N <= 16); // max 16 inputs
+
+    u32 t = N + 1;
+    u32[16] rounds_p = [56, 57, 56, 60, 60, 63, 64, 63, 60, 66, 60, 65, 70, 60, 64, 68];
+
+    u32 f = 8;
+    u32 p = rounds_p[(t - 2)];
 
     // Constants are padded with zeroes to the maximum value calculated by
     // t * (f + p) = 497, where `t` (number of inputs + 1) is a max of 7.
     // This is done to keep the function generic, as resulting array size depends on `t`
     // and we do not want callers passing down constants.
     // This should be revisited once compiler limitations are gone.
-    field[1292]  c = POSEIDON_C[t - 2]
-    field[17][17] m = POSEIDON_M[t - 2]
-
-        field[t] state = [0; t]
-    for u32 i in 1..t do
-        state[i] = inputs[i - 1]
-    endfor
-
-        for u32 r in 0..f+p do
-        state = ark(state, c, r * t)
-        state = sbox(state, f, p, r)
-        state = mix(state, m)
-    endfor
-
-    return state[0]
-
-    
+    field[1292] c = POSEIDON_C[t - 2];
+    field[17][17] m = POSEIDON_M[t - 2];
+
+    field[t] mut state = [0; t];
+    for u32 i in 1..t {
+        state[i] = inputs[i - 1];
+    }
+
+    for u32 r in 0..f+p {
+        state = ark(state, c, r * t);
+        state = sbox(state, f, p, r);
+        state = mix(state, m);
+    }
+
+    return state[0];
+}

circuits/common/hashes/sha256/hash1024.zok

@@ -1,11 +1,12 @@
-from "hashes/sha256/embed/1024bit.zok" import main as sha256
-from "utils/casts/u32_8_to_bool_256.zok" import main as u32_8_to_bool_256
-from "utils/casts/bool_256_to_u32_8.zok" import main as bool_256_to_u32_8
+from "hashes/sha256/embed/1024bit.zok" import main as sha256;
+from "utils/casts/u32_8_to_bool_256.zok" import main as u32_8_to_bool_256;
+from "utils/casts/bool_256_to_u32_8.zok" import main as bool_256_to_u32_8;
 
-def main(u32[32] a) -> (u32[8]):
-    return bool_256_to_u32_8(sha256(\
-        u32_8_to_bool_256(a[0..8]),\
-        u32_8_to_bool_256(a[8..16]),\
-        u32_8_to_bool_256(a[16..24]),\
-        u32_8_to_bool_256(a[24..32])\
-    ))
+def main(u32[32] a) -> u32[8] {
+    return bool_256_to_u32_8(sha256(
+        u32_8_to_bool_256(a[0..8]),
+        u32_8_to_bool_256(a[8..16]),
+        u32_8_to_bool_256(a[16..24]),
+        u32_8_to_bool_256(a[24..32])
+    ));
+}