CODEWITHSUNDEEP
hashcryptographyzk-snarkcircom
TIZ
TIZ

Reputation: 181

Circomlib assert fail on simple MimcSponge hash

I am playing around with circom and circomlib.

I am using a simple mimcsponge hashing circuit and seeing if I can create a correct input through javascript frontend.

The circuit I am running

    template sponge_test() {
    signal input l;
    signal input r;
    signal input o;

    // instantiate - 2 inputs 220 rounds of hashing and 1 output
    component hasher = MiMCSponge(2, 220, 1);

    // signals in hasher
    hasher.ins[0] <== l;
    hasher.ins[1] <== r;

    // addition constant
    hasher.k <== 0;

    o === hasher.outs[0];

}

component main = sponge_test();

In my javascript front end I am importing circomlib

    import { buildMimcSponge } from 'circomlibjs';
        
    function toHexString(byteArray) {
      return Array.from(byteArray, function(byte) {
        return ('0' + (byte & 0xFF).toString(16)).slice(-2);
      }).join('')
    }
    
    export async function getProof(message) {
      var hasher = await buildMimcSponge();
      var h = hasher.multiHash([BigInt("0x3"), BigInt("0x4")]);

      // returns byte array
      console.log(h);
      // back to hexstring
      console.log(toHexString(h));
    
    }

I then create an input.json that looks like this:

    {
        "l": "0x3",
        "r": "0x4",
        "o": "0x690f48aba976f2786371b7fa3e941df623e96329e0570dc610f59b7fcfa94723"
    }

Which includes the values I used for the input of the hashing and the output I got from printing the hex value, and then run the following script

    # Compile the circuit
    circom ${CIRCUIT}.circom --r1cs --wasm --sym --c
    
    # Generate the witness.wtns
    node ${CIRCUIT}_js/generate_witness.js ${CIRCUIT}_js/${CIRCUIT}.wasm input.json ${CIRCUIT}_js/witness.wtns

And I get the error that the assert (o===hasher.outs[0]) fails.

Now, I know that that mimcsponge circuit uses 220 rounds as well in the javascript implementation of circomlib by looking at the node lib, where else could I be reaching inconsistent results for the hashing?

Upvotes: 2

Views: 463

Answers (1)

TIZ
TIZ

Reputation: 181

So I found that reading the has is done using the following. I believe it is because it is specific to the elliptic curves being used.

hasher.F.toString(h, 16);

This produces the expected result which gets accepted by the circuit.

If anyone has further insights, I would be happy to understand it further.

Upvotes: 2

Related Questions