Add fixed key leaf by contract

4 years ago · 00b52a1a53
9 changed files with 84 additions and 59 deletions
--- a/README.md
+++ b/README.md
@ -7,6 +7,8 @@

 **Warning:** This repository is in a very early stage.

 WebApp to use miksi-core can be found at https://github.com/arnaucube/miksi-app

 ## Circuits tests
 ```
 npm run test-circuits
--- a/circuits/deposit.circom
+++ b/circuits/deposit.circom
@ -36,17 +36,19 @@ template Deposit(nLevels) {
 	signal private input secret;
 	signal private input nullifier;
 	signal private input oldKey;
 	signal private input oldValue;
 	signal private input siblingsOld[nLevels];
 	signal private input siblingsNew[nLevels];
 	signal input rootOld;
 	signal input rootNew;
 	signal input commitment;
 	signal input key;

 	component hash = Poseidon(4, 6, 8, 57);
 	hash.inputs[0] <== coinCode;
 	hash.inputs[1] <== amount;
 	hash.inputs[2] <== secret;
 	hash.inputs[3] <== nullifier;
 	hash.inputs[3] <== nullifier; // nullifier

 	component comCheck = IsEqual();
 	comCheck.in[0] <== hash.out;
@ -64,10 +66,10 @@ template Deposit(nLevels) {
 	}
 	/* smtOld.oldKey <== 1; */
 	smtOld.oldKey <== oldKey;
 	smtOld.oldValue <== 0;
 	smtOld.oldValue <== oldValue;
 	smtOld.isOld0 <== 0;
 	smtOld.key <== hash.out;
 	smtOld.value <== 0;
 	smtOld.key <== key;
 	smtOld.value <== hash.out;

 	component smtNew = SMTVerifier(nLevels);
 	smtNew.enabled <== 1;
@ -79,8 +81,8 @@ template Deposit(nLevels) {
 	smtNew.oldKey <== 0;
 	smtNew.oldValue <== 0;
 	smtNew.isOld0 <== 0;
 	smtNew.key <== hash.out;
 	smtNew.value <== 0;
 	smtNew.key <== key;
 	smtNew.value <== hash.out;
 }

 component main = Deposit(5);
--- a/circuits/withdraw.circom
+++ b/circuits/withdraw.circom
@ -36,6 +36,7 @@ template Withdraw(nLevels) {
 	signal private input siblings[nLevels];
 	signal input root;
 	signal input address;
 	signal private input key;

 	component hash = Poseidon(4, 6, 8, 57);
 	hash.inputs[0] <== coinCode;
@ -57,8 +58,8 @@ template Withdraw(nLevels) {
 	smtV.oldKey <== 0;
 	smtV.oldValue <== 0;
 	smtV.isOld0 <== 0;
 	smtV.key <== hash.out;
 	smtV.value <== 0;
 	smtV.key <== key;
 	smtV.value <== hash.out;
 }

 component main = Withdraw(5);
--- a/contracts/Miksi.sol
+++ b/contracts/Miksi.sol
@ -7,6 +7,7 @@ contract Miksi {
  DepositVerifier    dVerifier;
  WithdrawVerifier    wVerifier;

  uint256 key = 0;
  uint256 amount = uint256(1000000000000000000);
  uint256 root ;
  uint256[] commitments;
@ -15,7 +16,7 @@ contract Miksi {
  constructor( address _depositVerifierContractAddr, address _withdrawVerifierContractAddr) public {
    dVerifier = DepositVerifier(_depositVerifierContractAddr);
    wVerifier = WithdrawVerifier(_withdrawVerifierContractAddr);
    root = uint256(11499909227292257605992378629333104385616480982267969744564817844870636870870);
    root = uint256(7191590165524151132621032034309259185021876706372059338263145339926209741311);
  }

  function deposit(
@ -26,22 +27,24 @@ contract Miksi {
            uint[2] memory c
  ) public payable {
    // check root state transition update with zkp
    uint256[5] memory input = [
    uint256[6] memory input = [
      0,
      msg.value,
      root, // rootOld
      _root, // rootNew
      _commitment
      _commitment,
      key+1
    ];
    require(dVerifier.verifyProof(a, b, c, input), "zkProof deposit could not be verified");

    require(msg.value==amount, "value should be 1 ETH"); // this can be flexible with a wrapper with preset fixed amounts
    commitments.push(_commitment);
    root = _root;
    key += 1;
  }

  function getCommitments() public view returns (uint256[] memory, uint256) {
    return (commitments, root);
  function getCommitments() public view returns (uint256[] memory, uint256, uint256) {
    return (commitments, root, key+1);
  }

  function withdraw(
--- a/contracts/deposit-verifier.sol
+++ b/contracts/deposit-verifier.sol
@ -174,17 +174,18 @@ contract DepositVerifier {
        DepositPairing.G1Point C;
    }
    function verifyingKey() internal pure returns (VerifyingKey memory vk) {
        vk.alfa1 = DepositPairing.G1Point(4690052268710270598869542532809702456418003799694536273077130369652196429884,9145902013599810527210227446448286424172036724970647907168421870847502009945);
        vk.beta2 = DepositPairing.G2Point([16623062689690044255750716956401317560821762623856422123246403067057225130588,14652078637219990978821431784894112719594629514313306953371073983618015546541], [676307836452309210538606902645077301940331422390550491696691282441239090551,10369757414475454684684292675796821047567632748417978318178776038061059658326]);
        vk.gamma2 = DepositPairing.G2Point([16528273881363574239250709218131920578661276173856341283262670072792844980215,6787263438752395682957935213403119833234411728635969992478064476167401704867], [5274450027585795927175443590954483941244906290165165924583130738506736130942,3392062216862930269651390569850019803754187174311810728530683507098775212357]);
        vk.delta2 = DepositPairing.G2Point([17494603128862092548460623189930936969297925345032047648552416238816792961152,10402239940545833330287339048137499178728329705094695706126321196019762386747], [6175570631583630130350739728971333086849468117273142369720724145166167909214,20067049654764111179832549405286061192607773249291087398308936796066289541314]);
        vk.IC = new DepositPairing.G1Point[](6);
        vk.IC[0] = DepositPairing.G1Point(12697195619443882847721561991615544069218791667870821589914853846794238615885,18011435976524410295453245674507929643029222984348817278231712383283229915782);
        vk.IC[1] = DepositPairing.G1Point(20324524778567704633470845008079551007952919835272398568401853167438653396525,8061504440558567975766943783054577602934521477527864647610640054521787242724);
        vk.IC[2] = DepositPairing.G1Point(13332163378649502560807390864020561151254011879905389699984218750502394665905,4286598055677625399864995783940420134575107187974587372574457085466044561759);
        vk.IC[3] = DepositPairing.G1Point(10175138903387311357088170792861518054422766016077544491949838159573444744976,16570515458939310802788756001103880353070070639900081360517205384175233432226);
        vk.IC[4] = DepositPairing.G1Point(3298627468931988714290186736998190106240510584555740172431361939625148350723,10415330389886845959598036431340102923398308416032482557275534081287380793067);
        vk.IC[5] = DepositPairing.G1Point(16030968253618323807449863533252146464206835591288004165377534537620304134907,6223567249648011787592835059978931866773091863735841649895374018321000148662);
        vk.alfa1 = DepositPairing.G1Point(18695173155707885922021631283033755535591418672197129614467100440698872763407,1626506100460323286733991395349100178389097370543005429942370444444167817065);
        vk.beta2 = DepositPairing.G2Point([7298930152319519678724671205658347486392659569051487272914904218878630422004,20278804400136230600016602729050494456082496665552956593575216136952301465879], [14400234736726653666673256209185515676662403987927981307851255786137918403808,202061819848056105351629960337366504214917264758439266970901420364923813257]);
        vk.gamma2 = DepositPairing.G2Point([88902560478033838314004667971746300540170455168011513957934457035035362077,10509682790371697523911222284395334237969554461187168055951064284438196928133], [262372519755819494139123390519431075073514105365767199648231997477378997038,9903995889180920976180540681258851480387134172307619545103102622070424881278]);
        vk.delta2 = DepositPairing.G2Point([19749667459894634917871046338432887676262288965549093528649050450724219163245,13756931459128709749559820929305092888983958863551084787825233693015050987062], [20576516057444847821805169435613033091289908065519785381540290141111162328929,15244981401483924012411101359641406633223142876027993598824472316124280834070]);
        vk.IC = new DepositPairing.G1Point[](7);
        vk.IC[0] = DepositPairing.G1Point(2000117758538561750953181437087792909020385452287399464015848728440127592389,275875173722294745606860506515174747141273674463415300932791922897441449811);
        vk.IC[1] = DepositPairing.G1Point(4176102879547484253346821261893297661469569413245667250587796973056187219608,1926060395020061418051275655183984440402034736270275535768335121260270447114);
        vk.IC[2] = DepositPairing.G1Point(8176255402316361002530601013228562072839156358144426319604813511766758290537,19255649988335327919495695859359269216762287298096174272638221716012315581350);
        vk.IC[3] = DepositPairing.G1Point(20944119614073443108911839024077113785116860484550901273175814017528952294710,15941356189224733186425469351312052553223296343229173777927394845664358416828);
        vk.IC[4] = DepositPairing.G1Point(16474742653420689694601265238954907093607463298284817604813422283427863653617,9311356062394012318240362122996250765056867942021818814568734196480690247200);
        vk.IC[5] = DepositPairing.G1Point(12016269570988993052956789433371861013003194299504564318255744188658097042633,18130086499603245000319550360003638349858422145937471155520725380017515910661);
        vk.IC[6] = DepositPairing.G1Point(14992989709522098533999247134336293504761296073753622771564136461571770746835,8331491724814987424742621582227793410739471354578262538342699991611045759814);

    }
    function verify(uint[] memory input, Proof memory proof) internal view returns (uint) {
@ -210,7 +211,7 @@ contract DepositVerifier {
            uint[2] memory a,
            uint[2][2] memory b,
            uint[2] memory c,
            uint[5] memory input
            uint[6] memory input
        ) public view returns (bool r) {
        Proof memory proof;
        proof.A = DepositPairing.G1Point(a[0], a[1]);
--- a/contracts/withdraw-verifier.sol
+++ b/contracts/withdraw-verifier.sol
@ -174,17 +174,17 @@ contract WithdrawVerifier {
        WithdrawPairing.G1Point C;
    }
    function verifyingKey() internal pure returns (VerifyingKey memory vk) {
        vk.alfa1 = WithdrawPairing.G1Point(13125964035345732513320606972223597271702849498706862906431560515196316741541,2743237172859524479647981525721821119820168209195336069832075995585988365216);
        vk.beta2 = WithdrawPairing.G2Point([2669112095067980506727873345758867054347466312660021806636272987760660828849,14539491114301519973242319011485401150263667232078179655062833197913312500017], [11720061635178934637313951615051060311580364580444053837400914945552182061616,2177765169672031700082566520171740120321696910335776288543190901344722545410]);
        vk.gamma2 = WithdrawPairing.G2Point([10917104788485395001839994387809646569218736354722844653893803100190554724907,7478437791943783449531717383744438552168785436031321431732103220558102742468], [14238787877319603173234096439758621306673382329766962364233031837910870237536,10502637950741476389590969419560058151857179703312600335067455738743909083958]);
        vk.delta2 = WithdrawPairing.G2Point([11073954909083264728700321333863259614089048106992800121105800848198886470375,14812237089106501466576017780356417002388876842333510442550104527732748120622], [17635776349801663084503912927095921433092564181571541546104162053167176565421,27998176086381233961153068490868928492606872937787873022612510202839716507]);
        vk.alfa1 = WithdrawPairing.G1Point(10461708735553443176992732459814962577655306635753492245435095461770754609206,17170070190117362250052226704107651880175572987936980166979072370846071276566);
        vk.beta2 = WithdrawPairing.G2Point([11084164661947067228695984420449497565302107485274732922694018877422637260948,14768196651755007408254022498360029528155122429952581228808458847305698486036], [21804606851539124842853838093984466542476538467493989613050132455132951994121,1861720569920484390282049349437713344652903656767554167309156051148865987563]);
        vk.gamma2 = WithdrawPairing.G2Point([9706265884453026747036821224300582108519975058422630973848693287593728789837,5514760811545236654037526142877016941373586932537660711868264285004769174888], [14491809303075760609694333332967923981527717776009730567611199650481234125548,12129581260877191822815335682707682434919070096035795484939038493639252524617]);
        vk.delta2 = WithdrawPairing.G2Point([16890371933892859364017140187474707868747433731104663205146192533825447514505,21399578739239166683287431604946765321077367409391376717538684282829150225976], [8842639902446623294657089461047982654757172648192937200077646586006331774863,18487165336340965321051036729791768485990613323135528024606788207720211920031]);
        vk.IC = new WithdrawPairing.G1Point[](6);
        vk.IC[0] = WithdrawPairing.G1Point(7491469026033918642677753652819151318339809973344463260827293357803586754235,4395946869661103322863744384786121261968956085472500963739363200632751346458);
        vk.IC[1] = WithdrawPairing.G1Point(15792971708971548807702008065816978287582873199570212151763666852711881685748,20015547917924502689826594351540769795386333462562793050625401907390132405289);
        vk.IC[2] = WithdrawPairing.G1Point(793110436159598650905223468298132112327901373645402348921311553793588112899,14932167562920745456386464748315950361167693788066386103439968740538587455112);
        vk.IC[3] = WithdrawPairing.G1Point(3599763262227997054360288324315679176821090066709181138105454315553755125997,4842799741086852072636969222133537228560778966327440675220863187433692844579);
        vk.IC[4] = WithdrawPairing.G1Point(1332654856961752997984248173858188249144320018346121854916888456163273080288,18357171701145993355281642916301559974565034917797021528848570764297806434641);
        vk.IC[5] = WithdrawPairing.G1Point(12178090359527457673534455683642890230743486788471599510120235645318440790942,14955354663406965918722091973717855430180824697349764743374253473894681342412);
        vk.IC[0] = WithdrawPairing.G1Point(10682120661229048274949364949968842843395989293050982446578990269399782749953,1990964813812662139462300927859607978511478023403957963432885533764658033890);
        vk.IC[1] = WithdrawPairing.G1Point(19858805194844516511519307221183024963657395449667106116942848839464106278308,14007050627405719561074645119613087016962000876415739087812187315207916912886);
        vk.IC[2] = WithdrawPairing.G1Point(21012689485487519157247991544697647278544236668403782222712353518350961502559,2452121773666466264963717054681755250351950870974950586177089269810623349820);
        vk.IC[3] = WithdrawPairing.G1Point(21777835995512453624376343196859713839817688740670494291073772535091042372431,14230131375167768135013466989061198415649711922017749764614481281052630561040);
        vk.IC[4] = WithdrawPairing.G1Point(18224309327975275226135927148877460666894066703361312842594398634528579211246,1805137703259464346304717616574612959020983663951806398290027184756994095101);
        vk.IC[5] = WithdrawPairing.G1Point(6680422453531132615016449106377746942927034063013504561878935989154670779439,21031511412360362734553233505420357520515690946654736114154923572533964087548);

    }
    function verify(uint[] memory input, Proof memory proof) internal view returns (uint) {
--- a/test/circuits/deposit.test.ts
+++ b/test/circuits/deposit.test.ts
@ -42,10 +42,10 @@ describe("deposit test", function () {
        };
        console.log("siblingsOld", siblingsOld);

        await tree.insert(commitment, 0);
        await tree.insert(2, commitment);
        let rootNew = tree.root;

        res = await tree.find(commitment);
        res = await tree.find(2);
        // console.log(res);
        assert(res.found);
        let siblingsNew = res.siblings;
@ -62,11 +62,13 @@ describe("deposit test", function () {
            "secret": secret,
            "nullifier": nullifier,
            "oldKey": "1",
            "oldValue": "0",
            "siblingsOld": siblingsOld,
            "siblingsNew": siblingsNew,
            "rootOld": rootOld,
            "rootNew": rootNew,
            "commitment": commitment
            "commitment": commitment,
            "key": 2
        });
        await circuit.checkConstraints(witness);
    });
--- a/test/circuits/withdraw.test.ts
+++ b/test/circuits/withdraw.test.ts
@ -29,11 +29,11 @@ describe("withdraw test", function () {

        // add commitment into SMT
        let tree = await smt.newMemEmptyTrie();
        await tree.insert(commitment, 0);
        await tree.insert(1, 0);
        await tree.insert(2, 0);
        await tree.insert(2, commitment);
        await tree.insert(3, 0);
        console.log("root", tree.root);
        const res = await tree.find(commitment);
        const res = await tree.find(2);
        assert(res.found);
        let siblings = res.siblings;
        while (siblings.length < nLevels) {
@ -50,7 +50,8 @@ describe("withdraw test", function () {
            "nullifier": nullifier,
            "siblings": siblings,
            "root": root,
            "address": "987654321"
            "address": "987654321",
            "key": 2
        });
        await circuit.checkConstraints(witness);
    });
--- a/test/contracts/miksi.test.ts
+++ b/test/contracts/miksi.test.ts
@ -26,6 +26,7 @@ const nullifier = ["567891234", "432198765", "321"];
 let commitment = [];
 let tree;
 let oldKey = [];
 let oldValue = [];
 let siblingsOld = [];
 let siblingsNew = [];
 let rootOld = [];
@ -34,6 +35,7 @@ let rootNew = [];
 let proof = [];
 let publicSignals = [];
 let commitmentsArray = [];
 let currKey=0;
 let u = 0;

 contract("miksi", (accounts) => {
@ -60,12 +62,12 @@ contract("miksi", (accounts) => {
    expect(balance_wei).to.be.equal('100000000000000000000');

    tree = await smt.newMemEmptyTrie();
    await tree.insert(1, 0);
    await tree.insert(currKey, 0);

    await computeTree(0);

    expect(rootOld[0].toString()).to.be.equal('11499909227292257605992378629333104385616480982267969744564817844870636870870');
    expect(rootNew[0].toString()).to.be.equal('9328869343897770565751281504295758914771207504252217956739346620422361279598');
    expect(rootOld[0].toString()).to.be.equal('7191590165524151132621032034309259185021876706372059338263145339926209741311');
    // expect(rootNew[0].toString()).to.be.equal('9328869343897770565751281504295758914771207504252217956739346620422361279598');
  });

  it("Make first deposit", async () => {
@ -90,21 +92,22 @@ contract("miksi", (accounts) => {
    // expect(res[1].toString()).to.be.equal('9328869343897770565751281504295758914771207504252217956739346620422361279598');
    console.log(res[0]);
    commitmentsArray[0] = res[0];
    currKey = res[2];
  });
  
  it("Rebuild the tree from sc commitments", async () => {
    let treeTmp = await smt.newMemEmptyTrie();
    await treeTmp.insert(1, 0);
    await treeTmp.insert(0, 0);
    for (let i=0; i<commitmentsArray[0].length; i++) {
      await treeTmp.insert(commitmentsArray[0][i], 0);
      await treeTmp.insert(i+1, commitmentsArray[0][i]);
    }
    expect(treeTmp.root).to.be.equal(tree.root);
  });
  
  it("Calculate witness and generate the zkProof", async () => {
    await genZKProof(0, addr2);
    await genZKProof(1, addr4);
    await genZKProof(2, addr4);
    await genZKProof(0, addr2, "1");
    await genZKProof(1, addr4, "2");
    await genZKProof(2, addr4, "3");
  });
  
  it("Try to use the zkProof with another address and get revert", async () => {
@ -157,24 +160,31 @@ async function computeTree(u) {
    // deposit
    // add commitment into SMT

    // console.log("currKey", currKey);
    rootOld[u] = tree.root;
    const resC = await tree.find(commitment[u]);
    const resC = await tree.find(currKey+1);
    assert(!resC.found);
    oldKey[u] = "1";
    oldKey[u] = "0";
    oldValue[u] = "0";
    if (!resC.found) {
      oldKey[u] = resC.notFoundKey.toString();
      oldValue[u] = resC.notFoundValue.toString();
    }
    // console.log(oldValue[u]);
    // console.log("FIND", resC);
    siblingsOld[u] = resC.siblings;
    while (siblingsOld[u].length < nLevels) {
        siblingsOld[u].push("0");
    };

    await tree.insert(commitment[u], 0);
    await tree.insert(currKey+1, commitment[u]);
    rootNew[u] = tree.root;
    currKey += 1;
    // console.log("currKey", currKey);
 }

 async function makeDeposit(u, addr) {
    const resC = await tree.find(commitment[u]);
    const resC = await tree.find(currKey);
    assert(resC.found);
    siblingsNew[u] = resC.siblings;
    while (siblingsNew[u].length < nLevels) {
@ -189,11 +199,13 @@ async function makeDeposit(u, addr) {
      "secret": secret[u],
      "nullifier": nullifier[u],
      "oldKey": oldKey[u],
      "oldValue": oldValue[u],
      "siblingsOld": siblingsOld[u],
      "siblingsNew": siblingsNew[u],
      "rootOld": rootOld[u],
      "rootNew": rootNew[u],
      "commitment": commitment[u]
      "commitment": commitment[u],
      "key": currKey
    });
    const options = {};
    // console.log("Calculate witness");
@ -210,7 +222,7 @@ async function makeDeposit(u, addr) {
    publicSignals[u] = res.publicSignals;

    const verificationKey = unstringifyBigInts(JSON.parse(fs.readFileSync("./build/deposit-verification_key.json", "utf8")));
    let pubI = unstringifyBigInts([coinCode, amount, rootOld[u].toString(), rootNew[u].toString(), commitment[u]]);
    let pubI = unstringifyBigInts([coinCode, amount, rootOld[u].toString(), rootNew[u].toString(), commitment[u], currKey]);
    let validCheck = groth.isValid(verificationKey, proof[u], pubI);
    assert(validCheck);
    await insMiksi.deposit(
@ -227,8 +239,8 @@ async function makeDeposit(u, addr) {

 }

 async function genZKProof(u, addr) {
    const resC = await tree.find(commitment[u]);
 async function genZKProof(u, addr, k) {
    const resC = await tree.find(k);
    assert(resC.found);
    let siblings = resC.siblings;
    while (siblings.length < nLevels) {
@ -245,7 +257,8 @@ async function genZKProof(u, addr) {
      "nullifier": nullifier[u],
      "siblings": siblings,
      "root": tree.root,
      "address": addr
      "address": addr,
      "key": k
    });
    const options = {};
    // console.log("Calculate witness");