Longfellow ZK 0290cb32
Loading...
Searching...
No Matches
mac_reference.h
1// Copyright 2025 Google LLC.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15#ifndef PRIVACY_PROOFS_ZK_LIB_CIRCUITS_MAC_MAC_REFERENCE_H_
16#define PRIVACY_PROOFS_ZK_LIB_CIRCUITS_MAC_MAC_REFERENCE_H_
17
18#include <cstddef>
19#include <cstdint>
20#include <vector>
21
22#include "arrays/dense.h"
23#include "random/random.h"
24#include "util/panic.h"
25
26namespace proofs {
27
28template <class GF>
29class MACReference {
30 using gf2k = typename GF::Elt;
31
32 public:
33 void sample(gf2k ap[], size_t n, RandomEngine* rng) {
34 check(n > 0, "n must be positive");
35 std::vector<uint8_t> buf(n * GF::kBytes);
36 rng->bytes(buf.data(), n * GF::kBytes);
37 for (size_t i = 0; i < n; ++i) {
38 ap[i] = gf_.of_bytes_field(&buf[i * GF::kBytes]).value();
39 }
40 }
41
42 // Computes the mac of a 32-byte message.
43 void compute(gf2k mac[/*2*/], const gf2k& av, const gf2k ap[/*2*/],
44 uint8_t msg[/*32*/]) const {
45 uint8_t tmp[GF::kBytes] = {0};
46 for (size_t i = 0; i < 2; ++i) {
47 memcpy(tmp, &msg[i * GF::kBytes], GF::kBytes);
48 gf2k m = gf_.of_bytes_field(tmp).value();
49 mac[i] = gf_.mulf(gf_.addf(av, ap[i]), m);
50 }
51 }
52
53 void to_bytes(gf2k mac[/*2*/], uint8_t buf[/* 32 */]) {
54 gf_.to_bytes(mac[0], buf);
55 gf_.to_bytes(mac[1], buf + GF::kBytes);
56 }
57
58 private:
59 GF gf_;
60};
61
62template <typename GF, typename Field>
63void fill_gf2k(const typename GF::Elt& m, DenseFiller<Field>& df,
64 const Field& f) {
65 for (size_t i = 0; i < GF::kBits; ++i) {
66 df.push_back(m[i] ? f.one() : f.zero());
67 }
68}
69
70} // namespace proofs
71
72#endif // PRIVACY_PROOFS_ZK_LIB_CIRCUITS_MAC_MAC_REFERENCE_H_
proofs::DenseFiller
Definition dense.h:153
proofs::MACReference
Definition mac_reference.h:29
proofs::RandomEngine
Definition random.h:32
Generated by doxygen 1.15.0