fix: makes mimcsponge act like the paper description

* last constant is 0
* no swap at the last round

circuits/mimcsponge.circom

@@ -259,7 +259,7 @@ template MiMCFeistel(nrounds) {
       274945154732293792784580363548970818611304339008964723447672490026510689427,
       11050822248291117548220126630860474473945266276626263036056336623671308219529,
       2119542016932434047340813757208803962484943912710204325088879681995922344971,
-      12785816057369026966653780180257549951796705239580629452502836335892168319323
+      0
     ];
 
     var t;
@@ -276,8 +276,8 @@ template MiMCFeistel(nrounds) {
           xL[i] <== ((i==0) ? xR_in : xR[i-1]) + t4[i]*t;
           xR[i] = (i==0) ? xL_in : xL[i-1];
         } else {
-          xL_out <== xR[i-1] + t4[i]*t;
-          xR_out <== xL[i-1];
+          xR_out <== xR[i-1] + t4[i]*t;
+          xL_out <== xL[i-1];
         }
     }
 }

src/mimcsponge.js

@@ -27,10 +27,11 @@ exports.getConstants = (seed, nRounds) => {
         cts[i] = bigInt(Web3Utils.toBN(c2).toString());
     }
     cts[0] = bigInt(0);
+    cts[cts.length - 1] = bigInt(0);
     return cts;
 };
 
-const cts = exports.getConstants(SEED, 220);
+const cts = exports.getConstants(SEED, NROUNDS);
 
 exports.hash = (_xL_in, _xR_in, _k) =>{
     let xL = bigInt(_xL_in);
@@ -40,8 +41,12 @@ exports.hash = (_xL_in, _xR_in, _k) =>{
         const c = cts[i];
         const t = (i==0) ? F.add(xL, k) : F.add(F.add(xL, k), c);
         const xR_tmp = bigInt(xR);
-        xR = xL;
-        xL = F.add(xR_tmp, F.exp(t, 5));
+        if (i < (NROUNDS - 1)) {
+          xR = xL;
+          xL = F.add(xR_tmp, F.exp(t, 5));
+        } else {
+          xR = F.add(xR_tmp, F.exp(t, 5));
+        }
     }
     return {
       xL: F.affine(xL),