Skip to content

Verifiable Secret Sharing #137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pushpadevl wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Verifiable Secret Sharing #137

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
f85b400
comp
pushpadevl Jul 15, 2025
160acad
comp
pushpadevl Jul 15, 2025
e5806a4
cc
pushpadevl Jul 15, 2025
72e3357
aes kex
pushpadevl Jul 18, 2025
40b846b
bytesub
pushpadevl Jul 18, 2025
8374d3b
shamir secret sharing
pushpadevl Jul 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 22 additions & 12 deletions circuits/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@

Folder containing the implementation of sha256 hash circuit.

### Shamir Secret Sharing

Folder containng the implementation of shamir secret sharing.

### smt

Folder containing the circuit implementation of Sparse Merkle Trees.
Expand Down Expand Up @@ -207,19 +211,22 @@ Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby

- `IsZero() `

- DESCRIPTION
- DESCRIPTION :
Checks whether the argument is zero or not.
- SCHEMA
- INPUT
- OUTPUT
- INPUT:
- OUTPUT : Returns 1 if true, 0 otherwise
- BENCHMARKS
- EXAMPLE
- EXAMPLE

- `IsEqual()`

- DESCRIPTION
- DESCRIPTION :
Checks whether the two inputs (first element at in[0], second at in[1]) are equal or not
- SCHEMA
- INPUT
- OUTPUT
- OUTPUT :
Returns 1 if true, 0 otherwise
- BENCHMARKS
- EXAMPLE

Expand All @@ -234,28 +241,31 @@ Arithmetic on [Baby Jubjub elliptic curve](https://github.com/barryWhiteHat/baby

- `LessThan()`

- DESCRIPTION
- DESCRIPTION : Compares the input[0] < input[1]. Returns 1 if true, 0 otherwise
- SCHEMA
- INPUT
- OUTPUT
- OUTPUT :
Returns 1 if true, 0 otherwise
- BENCHMARKS
- EXAMPLE

- `GreaterThan()`

- DESCRIPTION
- DESCRIPTION : Compares the input[0] > input[1].
- SCHEMA
- INPUT
- OUTPUT
- OUTPUT :
Returns 1 if true, 0 otherwise
- BENCHMARKS
- EXAMPLE

- `GreaterEqThan()`

- DESCRIPTION
- DESCRIPTION : Compares the input[0] >= input[1]. Returns 1 if true, 0 otherwise
- SCHEMA
- INPUT
- OUTPUT
- OUTPUT :
Returns 1 if true, 0 otherwise
- BENCHMARKS
- EXAMPLE

Expand Down
55 changes: 55 additions & 0 deletions circuits/ShamirSecretSharing/validateshares.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
/* Shamir Secret Sharing
The purpose of shamir secret sharing is to share a secret message with n parties, and none of them know each others share value. On combining the shares using lagrange bases, we get the message back. Here we make lagrange basis polynomials and evaluate it at 0 (becoz constant term is our goal).

Example:
1. Suppose we have message = 14.
2. And we sample random values from the Field Fp and make a polynomial (deg = n-1, where n = #shares) with message=14 as the constant term.
Example equation P(x)= 7x^3 + 6x^2 + 4x + 14.
3. This program verifies that the evaluations of P(x) at points in x[], is correct. Suppose "x": [1,2,3,4], "shares":[31,102,269,574].
4. Then on combining the shares using the lagrange bases on x, we must get the message back.
*/
pragma circom 2.1.8;
include "../comparators.circom";

// Objective: Find the univariate lagrange basis polynomial evaluations at 0 using the distintct set of points in[]
template LagrangeBasis(n){
signal input in[n]; //evaluation points
signal output out[n]; // outs lagrange bases eval at point 0
signal stmp[n];
signal one<--1;
for (var i=0;i<n;i++){
var tmp = 1;
var j=0;
while(j<n){
if(i==j) {j++;}
else{
tmp *= (0-in[j])/(in[i]-in[j]); // a/b means a*INV(b) in circom
j++;
}
}
stmp[i] <-- tmp;
out[i] <== one*stmp[i];
}
}


//Objective: Check whether the given shares are valid and is equal to the shared message m.
template ValidateShares(n){ // n is the number of shares
signal input x[n]; // shares are eval at these points
signal input shares[n]; // shares values
signal input message; // shared message
signal output out; // Outs 1 if valid, 0 otherwise
var sum=0;

component bases = LagrangeBasis(n);
for( var i=0;i<n;i++) bases.in[i] <-- x[i];

for(var i=0;i<n;i++){
sum += bases.out[i] * shares[i];
}
signal ssum <-- sum;
component isE = IsEqual();
isE.in[0] <-- ssum;
isE.in[1] <-- message;
out <== isE.out;
}
2 changes: 1 addition & 1 deletion circuits/eddsa.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ template EdDSAVerifier(n) {
mulFix.e[i] <== S[i];
}

// Do the comparation left == right
// Do the comparison left == right

mulFix.out[0] === addRight.xout;
mulFix.out[1] === addRight.yout;
Expand Down