From fc310a2a398566c2f6128560dcf8915d5a3a1414 Mon Sep 17 00:00:00 2001 From: Mark Spanbroek Date: Mon, 12 Feb 2024 12:10:28 +0100 Subject: [PATCH] circuit: fix comments endianness only applies to byte order, not to bit order --- circuit/binary_compare.circom | 3 ++- circuit/extract_bits.circom | 4 ++-- circuit/merkle.circom | 6 +++--- circuit/misc.circom | 2 +- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/circuit/binary_compare.circom b/circuit/binary_compare.circom index 3796d8c..5d1c7e1 100644 --- a/circuit/binary_compare.circom +++ b/circuit/binary_compare.circom @@ -3,7 +3,8 @@ pragma circom 2.0.0; //------------------------------------------------------------------------------ // -// given two numbers in `n`-bit binary decomposition (little-endian), we compute +// given two numbers in `n`-bit binary decomposition +// (least significant bit first), we compute // // / -1 if A < B // out := { 0 if A == B diff --git a/circuit/extract_bits.circom b/circuit/extract_bits.circom index 41d14bf..248ff35 100644 --- a/circuit/extract_bits.circom +++ b/circuit/extract_bits.circom @@ -23,7 +23,7 @@ template ExtractLowerBits(n) { component tb = ToBits(254); // note: 2^253 < r < 2^254 tb.inp <== inp; - // bits of field prime `r` in little-endian order + // bits of field prime `r`, least significant bit first var primeBits[254] = [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,0,0,0,0,1,0,1,0,0,0,1,0,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,1,0,1,1,0,0,1,1,1,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,1,1,1,1,1,0,0,1,1,0,0,0,0,0,1,0,1,0,0,1,0,1,1,1,0,1,0,0,0,0,1,1,0,1,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,1,1,0,1,1,0,1,1,0,1,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,1,0,1,1,0,0,0,1,1,0,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,1,0,0,1,1,1,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,1,1]; // enforce that the binary representation is < r @@ -56,7 +56,7 @@ template ExtractLowerBits_testfield65537(n) { component tb = ToBits(18); // note: 2^16 < r < 2^18 tb.inp <== inp; - // bits of field prime `r` in little-endian order + // bits of field prime `r`, least significant bit first var primeBits[18] = [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0]; // enforce that the binary representation is < r diff --git a/circuit/merkle.circom b/circuit/merkle.circom index a13e316..b1f564c 100644 --- a/circuit/merkle.circom +++ b/circuit/merkle.circom @@ -14,7 +14,7 @@ include "misc.circom"; // // inputs and outputs: // - leaf: the leaf hash -// - pathBits: the linear index of the leaf, in binary decomposition (little-endian) +// - pathBits: the linear index of the leaf, in binary decomposition (least significant bit first) // - lastBits: the index of the last leaf (= nLeaves-1), in binary decomposition // - maskBits: the bits of the the mask `2^ceilingLog2(size) - 1` // - merklePath: the Merkle inclusion proof (required hashes, starting from the leaf and ending near the root) @@ -37,8 +37,8 @@ template RootFromMerklePath( maxDepth ) { signal aux[ maxDepth+1 ]; aux[0] <== leaf; - // compute which prefixes (in big-endian) of the index is - // the same as the corresponding prefix of the last index + // compute which binary postfixes of the index is the same as the + // corresponding postfix of the last index component eq[ maxDepth ]; signal isLast[ maxDepth+1 ]; isLast[ maxDepth ] <== 1; diff --git a/circuit/misc.circom b/circuit/misc.circom index 3feb175..c9065bc 100644 --- a/circuit/misc.circom +++ b/circuit/misc.circom @@ -1,7 +1,7 @@ pragma circom 2.0.0; //------------------------------------------------------------------------------ -// decompose an n-bit number into bits +// decompose an n-bit number into bits (least significant bit first) template ToBits(n) { signal input inp;