Plume

Build and Run

1. Install Noir by following these instructions.
2. Change MSG_LEN constant to the length of the message you want to pass to the program.
3. Run noir check command.
4. Pass the bytes of your message, c and s constants, nullifier and pk (public key) points in format [[x_bytes], [y_bytes]] to the Prover.toml file generated by the compiler.
5. Run noir prove command to get plume.proof file in proofs directory.

Constraints

For plume_v1 and msg of length 29:

ACIR Opcodes: 4556085
Backend Circuit Size: 17125141

For plume_v2 and msg of length 29:

ACIR Opcodes: 4555884
Backend Circuit Size: 17117111

secp256k1_XMD:SHA-256_SSWU_RO_ hash-to-curve in Noir

Quick overview

Implementation of the hash-to-curve algorithm based on this description.
Checked with the test described here.

The algorithm

hash_to_curve(msg)

Input: msg, an arbitrary-length byte string.
Output: P, a point in the secp256k1 curve.

Steps:
1. u = hash_to_field(msg)
2. Q0 = map_to_curve(u[0])
3. Q1 = map_to_curve(u[1])
4. P = iso_map(Q0) + iso_map(Q1)
5. return P

hash_to_field

Implemented in src/hash_to_field.nr.
Follows the algorithm described here.

map_to_curve

Implemented in src/map_to_curve.nr.
Follows the algorithm described here.

iso_map

Implemented in src/iso_map.nr.
Follows the algorithm described here.

point_add

Implemented in src/point_add.nr.
Follows the algorithm described here.

BigUint

Auxiliary library of large numbers implemented in src/hash_to_field.nr. Based on this code.

Constraints

For msg of length 3:

ACIR Opcodes: 1615724  
Backend Circuit Size: 3786276