electron-labs / ed25519-circom Goto Github PK

Thanks for the repo, and it is very cool!
I wanted to try out batch verify but the tests failed. Does it work? Do you have benchmarks of the batch verify circuit?

I get this error in the circom-tester:

1. ED25519 verifcation test
   When testing against the RFC test vector
   should verify correctly:
   LinkError: WebAssembly.instantiate(): Import #1 module="runtime" function="printErrorMessage" error: function import requires a callable
   at builder (node_modules/circom_tester/wasm/witness_calculator.js:19:40)
   at async wasm_tester (node_modules/circom_tester/wasm/tester.js:60:16)
   at async Context. (test/ed25519verfication.test.js:11:19)

is this known / is there a fix?

Wouldn't it be easier to use Bls12-381 to get a high enough prime number to compute Ed25519?

Last bit only gets the carry value, and the last bits of the inputs are never added.

https://github.com/Electron-Labs/circom-binary-ops/blob/5e435b35792707de2dfcc7d8bb6239f97edbf7f7/binary_adder.circom#L84

Are the inputs intended to be 1 bit bigger than the number that we're adding (to keep track if there's an overflow)? If yes, there should a constraint for that. If not, maybe we can make the output 1 bit bigger to keep track of the overflow.

Alternatively, we can ignore overflow and the user who's instantiating the template can provide inputs with an extra bit

I'd like the project structure to be refactored to a standard format. Iden3 usually follows this

-- Root Folder
-- circuits (main circuits)
-- tests
-- circuits (contains main component definitions for tests)
x.js ( where x should be the name of the circuit being tested)

Input signals are usually in and output signals are out. If multiple signals of same dimensions are used, it would be better off to create a single multidimensional input array. See https://github.com/iden3/circomlib/blob/master/circuits/binsum.circom for reference

I analyzed the number of constraints each component presented. One that stuck out was ScalarMul. Is it always going to be heavy operation? or are there optimizations to make it simpler and less taxing on the full circuit at the end? If so, are these under active dev?

binadd1.circom:         non-linear constraints: 16
binadd2.circom:         non-linear constraints: 512
binaddirr.circom:       non-linear constraints: 112
binmul1.circom:         non-linear constraints: 15680
binmulfast1.circom:     non-linear constraints: 885
binmulfast51.circom:    non-linear constraints: 32
binmulfast51_1.circom:  non-linear constraints: 32
binmulfast51_2.circom:  non-linear constraints: 14
binmullessthan51.circom: non-linear constraints: 1
binsub1.circom:         non-linear constraints: 804
chunkedadd.circom:      non-linear constraints: 10
chunkedadd1.circom:     non-linear constraints: 10
chunkedmodulus.circom:  non-linear constraints: 651
chunkify1.circom:       non-linear constraints: 0
inversemodulo1.circom: error[T2046]: Typing error found
modinv.circom:          non-linear constraints: 193
modulus0.circom:        non-linear constraints: 1279
modulus1.circom:        non-linear constraints: 0
modulus2.circom:        non-linear constraints: 3170
modulusagainst2p.circom: non-linear constraints: 25
modulusq1.circom:       non-linear constraints: 0
modulusq2.circom:       non-linear constraints: 3641
point-addition51.circom: non-linear constraints: 3419
pointcompress.circom:   non-linear constraints: 866
scalarmul.circom:       non-linear constraints: 1745401
verify.circom:          non-linear constraints: 3600667

A tracker for all circuits that need to be generalized by passing in base and calculating constants during compile time

• batchverify.circom
• modinv.circom
• modulus.circom

As title

Will this code be licensed in such a way that other teams will be able to also use this library? Circuits for ed25519 may be interesting for applications which use eddsa keys (ssh, gpg/pgp, etc.), and it would be great to avoid duplicated efforts!

hi, i try to execute 'npm run test-scalarmul', but come across the following error. Can anyone help it ? Thank you.

@electron-labs/[email protected] test-scalarmul
mocha --colors --max-old-space-size=4000 --timeout 300000 test/scalarmul.test.js

Scalar multiplication for ed25519
when performing scalar multiplication on curve
1) should multiply them correctly

0 passing (1m)
1 failing

1. Scalar multiplication for ed25519
   when performing scalar multiplication on curve
   should multiply them correctly:
   LinkError: WebAssembly.instantiate(): Import #1 module="runtime" function="printErrorMessage" error: function import requires a callable
   at builder (node_modules/circom_tester/wasm/witness_calculator.js:19:40)
   at async wasm_tester (node_modules/circom_tester/wasm/tester.js:60:16)
   at async Context. (test/scalarmul.test.js:9:19)

As title

Hi all:),

First of: Really cool repo and thank you

I'm a beginner in zero-knowledge field, and i'm exploring different signature verification circuits in circom.

Maybe this is a stupid question but i have a hard time fitting vars' names with their definition,

• msg = the message that was signed
• R8 and S = both parts of a edd25519 signature

but what are A, PointA and PointR ?

in my mind there was msg, signature, and pubKey so i'm guessing A, PointA and PointR have something to do with pubkeys.

Proposed fix: adding one-lined comments above signal inputs in verify.circom to help readers map var names to actual definition of concepts

How do I have to format the input Values for circom to accept them from the input.json file for the verify circuit?
I'm asking for msg, A, S, R8, PointA and PointR.
Thanks in advance!