rounds 13 -> 9, and some comments

0xJepsen · 0xJepsen · commit b6de7d9e2f7f · 2024-08-10T15:53:09.000-04:00
diff --git a/circuits/aes-gcm/aes_128_enc.circom b/circuits/aes-gcm/aes_128_enc.circom
@@ -6,10 +6,8 @@ include "aes_emulation.circom";
 include "helper_functions.circom";
 
 
-/// AES-256 Encrypt template
-/// We will need to change this to AES-128 Encrypt
-/// Which means we will need to change the key size to 128
-/// And the number of rounds to 10
+/// AES-128 Encrypt template
+/// AES-128 has 10 rounds, 9 partial rounds, and 1 final round
 
 // The number of full rounds for this key size (Not the last partial round)
 const ROUNDS = 10 - 1
@@ -28,21 +26,17 @@ template AES128Encrypt()
 
     var ks_index = 0;
     
-    /// TODO(WJ 2024-08-09): what are these?
-    /// 4 x 32 mattrix of field elements
+    /// STATE: 4 x 32 mattrix of field elements
     var s[4][32], t[4][32];
     
     var i,j,k,l,m;
     
     component xor_1[4][32];
-    /// state initialization, might have to do with key size being 240byte rather 256byte
     for(i=0; i<4; i++) // adding round key
     {
         for(j=0; j<32; j++)
         {
             xor_1[i][j] = XOR();
-            /// example sequece [[0..31],[33..64]
-            /// i see so they are 32 bit chunks
             /// Then XOR each chuck with parts of the keys 
             xor_1[i][j].a <== in[i*32+j]; // plaintext
             xor_1[i][j].b <== ks[(i+ks_index)*32+j]; // key schedule
@@ -52,26 +46,24 @@ template AES128Encrypt()
     }
     ks_index += 4;
 
-    component xor_2[13][4][3][32];
-    component bits2num_1[13][4][4];
-    component num2bits_1[13][4][4];
-    component xor_3[13][4][32];
+    component xor_2[ROUNDS][4][3][32];
+    component bits2num_1[ROUNDS][4][4];
+    component num2bits_1[ROUNDS][4][4];
+    component xor_3[ROUNDS][4][32];
 
 
     /// 14 rounds of encryption TODO(WJ 2024-08-09): Change this to 10 rounds to fit AES-128
-    for(i=0; i<13; i++) // 13 iterations maybe one extra at the end or happened to generate the key above?
+    for(i=0; i<ROUNDS; i++) // 9 iterations maybe one extra at the end or happened to generate the key above?
     {
-        /// 5 steps in each round
+        /// 3 steps in each round
         /// Step 1: SubBytes
         /// Step 2: ShiftRows:
         /// Step 3: MixColumns
-        /// Step 4: AddRoundKeys
-        /// 
         for(j=0; j<4; j++) // 4 iterations
         {
             for(k=0; k<4; k++) // 4 iterations // COLUMN MIXING ALGORITHM
             {
-                /// initialize trace space for 13x4x4 uses of bits2num and num2bit
+                /// initialize trace space for 9x4x4 uses of bits2num and num2bit
                 bits2num_1[i][j][k] = Bits2Num(8);
                 num2bits_1[i][j][k] = Num2Bits(32);
                 /// 0 - 3 based on sum of index j and k
@@ -106,7 +98,6 @@ template AES128Encrypt()
                         }
                     }
                 }
-                /// Thought 1: is  this maybe just copying  memory?
                 else
                 {
                     for(l=0; l<4; l++)
@@ -122,6 +113,7 @@ template AES128Encrypt()
                 }
             }
         }
+        /// AddRoundKey
         for(j=0; j<4; j++)
         {
             for(l=0; l<32; l++)
@@ -166,7 +158,7 @@ template AES128Encrypt()
 
     component xor_4[4][32];
 
-    for(i=0; i<4; i++) // final key XOR?
+    for(i=0; i<4; i++) // final key XOR
     {
         for(j=0; j<32; j++)
         {

Original file line number	Diff line number	Diff line change
`@@ -6,10 +6,8 @@ include "aes_emulation.circom";`
`6`	`6`	`include "helper_functions.circom";`
`7`	`7`
`8`	`8`
`9`		`-/// AES-256 Encrypt template`
`10`		`-/// We will need to change this to AES-128 Encrypt`
`11`		`-/// Which means we will need to change the key size to 128`
`12`		`-/// And the number of rounds to 10`
	`9`	`+/// AES-128 Encrypt template`
	`10`	`+/// AES-128 has 10 rounds, 9 partial rounds, and 1 final round`
`13`	`11`
`14`	`12`	`// The number of full rounds for this key size (Not the last partial round)`
`15`	`13`	`const ROUNDS = 10 - 1`
`@@ -28,21 +26,17 @@ template AES128Encrypt()`
`28`	`26`
`29`	`27`	`var ks_index = 0;`
`30`	`28`
`31`		`- /// TODO(WJ 2024-08-09): what are these?`
`32`		`- /// 4 x 32 mattrix of field elements`
	`29`	`+ /// STATE: 4 x 32 mattrix of field elements`
`33`	`30`	`var s[4][32], t[4][32];`
`34`	`31`
`35`	`32`	`var i,j,k,l,m;`
`36`	`33`
`37`	`34`	`component xor_1[4][32];`
`38`		`- /// state initialization, might have to do with key size being 240byte rather 256byte`
`39`	`35`	`for(i=0; i<4; i++) // adding round key`
`40`	`36`	`{`
`41`	`37`	`for(j=0; j<32; j++)`
`42`	`38`	`{`
`43`	`39`	`xor_1[i][j] = XOR();`
`44`		`- /// example sequece [[0..31],[33..64]`
`45`		`- /// i see so they are 32 bit chunks`
`46`	`40`	`/// Then XOR each chuck with parts of the keys`
`47`	`41`	`xor_1[i][j].a <== in[i*32+j]; // plaintext`
`48`	`42`	`xor_1[i][j].b <== ks[(i+ks_index)*32+j]; // key schedule`
`@@ -52,26 +46,24 @@ template AES128Encrypt()`
`52`	`46`	`}`
`53`	`47`	`ks_index += 4;`
`54`	`48`
`55`		`- component xor_2[13][4][3][32];`
`56`		`- component bits2num_1[13][4][4];`
`57`		`- component num2bits_1[13][4][4];`
`58`		`- component xor_3[13][4][32];`
	`49`	`+ component xor_2[ROUNDS][4][3][32];`
	`50`	`+ component bits2num_1[ROUNDS][4][4];`
	`51`	`+ component num2bits_1[ROUNDS][4][4];`
	`52`	`+ component xor_3[ROUNDS][4][32];`
`59`	`53`
`60`	`54`
`61`	`55`	`/// 14 rounds of encryption TODO(WJ 2024-08-09): Change this to 10 rounds to fit AES-128`
`62`		`- for(i=0; i<13; i++) // 13 iterations maybe one extra at the end or happened to generate the key above?`
	`56`	`+ for(i=0; i<ROUNDS; i++) // 9 iterations maybe one extra at the end or happened to generate the key above?`
`63`	`57`	`{`
`64`		`- /// 5 steps in each round`
	`58`	`+ /// 3 steps in each round`
`65`	`59`	`/// Step 1: SubBytes`
`66`	`60`	`/// Step 2: ShiftRows:`
`67`	`61`	`/// Step 3: MixColumns`
`68`		`- /// Step 4: AddRoundKeys`
`69`		`- ///`
`70`	`62`	`for(j=0; j<4; j++) // 4 iterations`
`71`	`63`	`{`
`72`	`64`	`for(k=0; k<4; k++) // 4 iterations // COLUMN MIXING ALGORITHM`
`73`	`65`	`{`
`74`		`- /// initialize trace space for 13x4x4 uses of bits2num and num2bit`
	`66`	`+ /// initialize trace space for 9x4x4 uses of bits2num and num2bit`
`75`	`67`	`bits2num_1[i][j][k] = Bits2Num(8);`
`76`	`68`	`num2bits_1[i][j][k] = Num2Bits(32);`
`77`	`69`	`/// 0 - 3 based on sum of index j and k`
`@@ -106,7 +98,6 @@ template AES128Encrypt()`
`106`	`98`	`}`
`107`	`99`	`}`
`108`	`100`	`}`
`109`		`- /// Thought 1: is this maybe just copying memory?`
`110`	`101`	`else`
`111`	`102`	`{`
`112`	`103`	`for(l=0; l<4; l++)`
`@@ -122,6 +113,7 @@ template AES128Encrypt()`
`122`	`113`	`}`
`123`	`114`	`}`
`124`	`115`	`}`
	`116`	`+ /// AddRoundKey`
`125`	`117`	`for(j=0; j<4; j++)`
`126`	`118`	`{`
`127`	`119`	`for(l=0; l<32; l++)`
`@@ -166,7 +158,7 @@ template AES128Encrypt()`
`166`	`158`
`167`	`159`	`component xor_4[4][32];`
`168`	`160`
`169`		`- for(i=0; i<4; i++) // final key XOR?`
	`161`	`+ for(i=0; i<4; i++) // final key XOR`
`170`	`162`	`{`
`171`	`163`	`for(j=0; j<32; j++)`
`172`	`164`	`{`