Skip to content

Commit c0c4537

Browse files
VeronicaGuptaVeronicaGupta
committed
feat: Added pedersen hashing
1 parent 13b4490 commit c0c4537

File tree

10 files changed

+264
-50
lines changed

10 files changed

+264
-50
lines changed

.gitmodules

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,3 @@
1010
[submodule "tinybn"]
1111
path = vendor/tinybn
1212
url = ../tiny-bignum-c
13-
branch = feat/starknet

apps/starknet_app/starknet_crypto.c

Lines changed: 55 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -86,15 +86,15 @@
8686
* GLOBAL VARIABLES
8787
*****************************************************************************/
8888
stark_curve stark256 = {
89-
.P = /* .prime */ {/*.val =*/{0x3ffffc2f,
90-
0x3ffffffb,
91-
0x3fffffff,
92-
0x3fffffff,
93-
0x3fffffff,
94-
0x3fffffff,
95-
0x3fffffff,
96-
0x3fffffff,
97-
0xffff}},
89+
.prime = /* .prime */ {/*.val =*/{0x3ffffc2f,
90+
0x3ffffffb,
91+
0x3fffffff,
92+
0x3fffffff,
93+
0x3fffffff,
94+
0x3fffffff,
95+
0x3fffffff,
96+
0x3fffffff,
97+
0xffff}},
9898

9999
// /* G */
100100
// {/*.x =*/{/*.val =*/{0x16f81798,
@@ -144,14 +144,16 @@ stark_curve stark256 = {
144144
// /* b */ {/*.val =*/{7}}
145145
};
146146

147+
stark_pedersen pedersen;
148+
147149
/*****************************************************************************
148150
* STATIC FUNCTIONS
149151
*****************************************************************************/
150152

151153
/*****************************************************************************
152154
* GLOBAL FUNCTIONS
153155
*****************************************************************************/
154-
void stark_curve_init() {
156+
void starknet_curve_init() {
155157
char str[65] = "";
156158

157159
/* stark_curve_params ref:
@@ -208,55 +210,74 @@ void stark_curve_init() {
208210
"06f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e89",
209211
STARK_BN_LEN);
210212

213+
print_stark_curve();
214+
}
215+
216+
void starknet_pedersen_init() {
217+
// Ref: https://docs.starkware.co/starkex/crypto/pedersen-hash-function.html
218+
char str[65] = "";
219+
211220
// Shift_point
212221
// x
213222
bignum_from_string(
214-
&stark256.S.x,
215-
"0234287dcbaffe7f969c748655fca9e58fa8120b6d56eb0c1080d17957ebe47b",
223+
&pedersen.P[0].x,
224+
"049ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804",
216225
STARK_BN_LEN);
217226
// y
218227
bignum_from_string(
219-
&stark256.S.y,
220-
"03b056f100f96fb21e889527d41f4e39940135dd7a6c94cc6ed0268ee89e5615",
228+
&pedersen.P[0].y,
229+
"3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a",
221230
STARK_BN_LEN);
222231

223232
// Perderen_point_1
224233
// x
225234
bignum_from_string(
226-
&stark256.P[0].x,
227-
"04fa56f376c83db33f9dab2656558f3399099ec1de5e3018b7a6932dba8aa378",
235+
&pedersen.P[1].x,
236+
"0234287dcbaffe7f969c748655fca9e58fa8120b6d56eb0c1080d17957ebe47b",
228237
STARK_BN_LEN);
229238
// y
230239
bignum_from_string(
231-
&stark256.P[0].y,
232-
"03fa0984c931c9e38113e0c0e47e4401562761f92a7a23b45168f4e80ff5b54d",
240+
&pedersen.P[1].y,
241+
"03b056f100f96fb21e889527d41f4e39940135dd7a6c94cc6ed0268ee89e5615",
233242
STARK_BN_LEN);
234243

235244
// Perderen_point_2
236245
// x
237246
bignum_from_string(
238-
&stark256.P[1].x,
247+
&pedersen.P[2].x,
239248
"04ba4cc166be8dec764910f75b45f74b40c690c74709e90f3aa372f0bd2d6997",
240249
STARK_BN_LEN);
241250
// y
242251
bignum_from_string(
243-
&stark256.P[1].y,
252+
&pedersen.P[2].y,
244253
"0040301cf5c1751f4b971e46c4ede85fcac5c59a5ce5ae7c48151f27b24b219c",
245254
STARK_BN_LEN);
246255

247256
// Perderen_point_3
248257
// x
249258
bignum_from_string(
250-
&stark256.P[2].x,
259+
&pedersen.P[3].x,
251260
"054302dcb0e6cc1c6e44cca8f61a63bb2ca65048d53fb325d36ff12c49a58202",
252261
STARK_BN_LEN);
253262
// y
254263
bignum_from_string(
255-
&stark256.P[2].y,
264+
&pedersen.P[3].y,
256265
"01b77b3e37d13504b348046268d8ae25ce98ad783c25561a879dcc77e99c2426",
257266
STARK_BN_LEN);
258267

259-
print_stark_curve();
268+
// Perderen_point_4
269+
// x
270+
bignum_from_string(
271+
&pedersen.P[4].x,
272+
"004FA56F376C83DB33F9DAB2656558F3399099EC1DE5E3018B7A6932DBA8AA378",
273+
STARK_BN_LEN);
274+
// y
275+
bignum_from_string(
276+
&pedersen.P[4].y,
277+
"003FA0984C931C9E38113E0C0E47E4401562761F92A7A23B45168F4E80FF5B54D",
278+
STARK_BN_LEN);
279+
280+
print_stark_perdersen();
260281
}
261282

262283
void print_stark_curve() {
@@ -281,17 +302,16 @@ void print_stark_curve() {
281302

282303
bignum_to_string(&stark256.b, str, STARK_BN_LEN);
283304
print_hex_array("Beta", str, STARK_BN_LEN / 2);
305+
}
284306

285-
bignum_to_string(&stark256.S.x, str, STARK_BN_LEN);
286-
print_hex_array("S (Shift Point) x", str, STARK_BN_LEN / 2);
287-
bignum_to_string(&stark256.S.y, str, STARK_BN_LEN);
288-
print_hex_array("S (Shift Point) y", str, STARK_BN_LEN / 2);
307+
void print_stark_perdersen() {
308+
char str[STARK_BN_LEN];
289309

290-
for (int i = 0; i < 3; i++) {
291-
bignum_to_string(&stark256.P[i].x, str, STARK_BN_LEN);
310+
for (int i = 0; i < 5; i++) {
311+
bignum_to_string(&pedersen.P[i].x, str, STARK_BN_LEN);
292312
print_hex_array("P (Pedersen Point) x", str, STARK_BN_LEN / 2);
293313

294-
bignum_to_string(&stark256.P[i].y, str, STARK_BN_LEN);
314+
bignum_to_string(&pedersen.P[i].y, str, STARK_BN_LEN);
295315
print_hex_array("P (Pedersen Point) y", str, STARK_BN_LEN / 2);
296316
}
297317
}
@@ -304,7 +324,8 @@ void stark_point_copy(const stark_point *cp1, stark_point *cp2) {
304324
// cp2 = cp1 + cp2
305325
void stark_point_add(const stark_curve *curve,
306326
const stark_point *cp1,
307-
stark_point *cp2) {
327+
stark_point *cp2,
328+
stark_point *res) {
308329
struct bn lambda = {0}, inv = {0}, xr = {0}, yr = {0};
309330

310331
if (stark_point_is_infinity(cp1)) {
@@ -341,6 +362,8 @@ void stark_point_add(const stark_curve *curve,
341362

342363
cp2->x = xr;
343364
cp2->y = yr;
365+
366+
stark_point_copy(cp2, res);
344367
}
345368

346369
// set point to internal representation of point at infinity
@@ -390,7 +413,7 @@ void private_to_public_key(const uint8_t *private, uint8_t *public_65) {
390413
int bit = 7 - (i % 8);
391414
if (private[offset] & (1 << bit)) {
392415
// bit is set; do add current doubled value to result
393-
stark_point_add(curve, &temp, &R);
416+
stark_point_add(curve, &temp, &R, &R);
394417
}
395418
// stark_point_double(curve, &temp);
396419
}

apps/starknet_app/starknet_crypto.h

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -36,24 +36,27 @@ typedef struct {
3636
struct bn order_half; // order of G divided by 2
3737
struct bn a; // coefficient 'a' of the elliptic curve
3838
struct bn b; // coefficient 'b' of the elliptic curve
39-
40-
stark_point S;
41-
stark_point P[3];
4239
} stark_curve;
4340

41+
typedef struct {
42+
stark_point P[5];
43+
} stark_pedersen;
44+
4445
/*****************************************************************************
4546
* EXPORTED VARIABLES
4647
*****************************************************************************/
4748

4849
extern stark_curve stark256;
50+
extern stark_pedersen pedersen;
4951

5052
/*****************************************************************************
5153
* GLOBAL FUNCTION PROTOTYPES
5254
*****************************************************************************/
5355
void stark_point_copy(const stark_point *cp1, stark_point *cp2);
5456
void stark_point_add(const stark_curve *curve,
5557
const stark_point *cp1,
56-
stark_point *cp2);
58+
stark_point *cp2,
59+
stark_point *res);
5760
void stark_point_double(const stark_curve *curve, stark_point *cp);
5861
void stark_point_multiply(const stark_curve *curve,
5962
const struct bn *k,
@@ -63,4 +66,7 @@ void stark_point_set_infinity(stark_point *p);
6366
int stark_point_is_infinity(const stark_point *p);
6467
int stark_point_is_equal(const stark_point *p, const stark_point *q);
6568

69+
void starknet_curve_init();
70+
void starknet_pedersen_init();
71+
6672
#endif // STARKNET_CRYPTO_H

apps/starknet_app/starknet_helpers.h

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,9 @@
2222
/*****************************************************************************
2323
* MACROS AND DEFINES
2424
*****************************************************************************/
25+
#define LOW_PART_BITS 248
26+
#define LOW_PART_BYTES (LOW_PART_BITS / 8)
27+
#define LOW_PART_MASK ((1ULL << LOW_PART_BITS) - 1)
2528

2629
/*****************************************************************************
2730
* TYPEDEFS
@@ -65,4 +68,6 @@ bool starknet_derive_key_from_seed(const uint8_t *seed,
6568
uint32_t path_length,
6669
uint8_t *private_key);
6770

71+
bool pederson_hash(uint8_t *x, uint8_t *y, uint8_t len, uint8_t *hash);
72+
6873
#endif // STARKNET_HELPERS_H

apps/starknet_app/starknet_padersen.h

Lines changed: 0 additions & 12 deletions
This file was deleted.

apps/starknet_app/starknet_padersen.c renamed to apps/starknet_app/starknet_pedersen.c

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,7 @@
6565
#include "coin_utils.h"
6666
#include "starknet_api.h"
6767
#include "starknet_context.h"
68+
#include "starknet_crypto.h"
6869
#include "starknet_helpers.h"
6970

7071
/*****************************************************************************
@@ -94,3 +95,66 @@
9495
/*****************************************************************************
9596
* STATIC FUNCTIONS
9697
*****************************************************************************/
98+
99+
bool pederson_hash(uint8_t *x, uint8_t *y, uint8_t size, uint8_t *hash) {
100+
ASSERT(NULL != x);
101+
ASSERT(NULL != y);
102+
ASSERT(0 < size);
103+
104+
const stark_curve *curve = &stark256;
105+
106+
// Convert to bn
107+
char hex[100] = {0};
108+
struct bn a, b, result;
109+
110+
byte_array_to_hex_string(x, size, hex, size * 2 + 1);
111+
bignum_from_string(&a, hex, size);
112+
byte_array_to_hex_string(x, size, hex, size * 2 + 1);
113+
bignum_from_string(&b, hex, size);
114+
115+
// Get shift point
116+
stark_point HASH_SHIFT_POINT, P_1, P_2, P_3, P_4;
117+
stark_point_copy(&HASH_SHIFT_POINT, &pedersen.P[0]);
118+
stark_point_copy(&P_1, &pedersen.P[1]);
119+
stark_point_copy(&P_2, &pedersen.P[2]);
120+
stark_point_copy(&P_3, &pedersen.P[3]);
121+
stark_point_copy(&P_4, &pedersen.P[4]);
122+
123+
// Compute the hash using the Starkware Pedersen hash definition
124+
stark_point x_part, y_part, hash_point;
125+
process_single_element(x, &P_1, &P_2, &x_part);
126+
process_single_element(y, &P_3, &P_4, &y_part);
127+
128+
stark_point_add(curve, &HASH_SHIFT_POINT, &x_part, &hash_point);
129+
stark_point_add(curve, &hash_point, &y_part, &hash_point);
130+
131+
memzero(hash, 32);
132+
memzero(hex, 100);
133+
bignum_to_string(&hash_point.x, hex, size * 2 + 1);
134+
hex_string_to_byte_array(hex, size * 2 + 1, hash);
135+
136+
return true;
137+
}
138+
139+
void process_single_element(const stark_curve *curve,
140+
struct bn *element,
141+
stark_point *p1,
142+
stark_point *p2,
143+
stark_point *result) {
144+
ASSERT(bignum_cmp(element, &stark256.prime) == SMALLER);
145+
146+
struct bn low_part, high_nibble;
147+
bignum_init(&low_part);
148+
bignum_init(&high_nibble);
149+
150+
// Extract the low 248 bits and high bits from the element
151+
bignum_and(&low_part, element, LOW_PART_MASK);
152+
bignum_rshift(&high_nibble, element, LOW_PART_BITS);
153+
154+
stark_point res1, res2;
155+
// point_multiply(stark256, p1, &low_part, &res1); // low_part * p1
156+
// point_multiply(stark256, p2, &high_nibble, &res2); // high_nibble * p2
157+
stark_point_add(curve, &res1, &res2, result); // Combine results
158+
159+
stark_point_copy(&res2, result);
160+
}

0 commit comments

Comments
 (0)