diff --git a/README.md b/README.md index f5ea805..574fad8 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,8 @@ **Warning:** This repository is in a very early stage. +WebApp to use miksi-core can be found at https://github.com/arnaucube/miksi-app + ## Circuits tests ``` npm run test-circuits diff --git a/circuits/deposit.circom b/circuits/deposit.circom index 696bb42..34fba98 100644 --- a/circuits/deposit.circom +++ b/circuits/deposit.circom @@ -36,17 +36,19 @@ template Deposit(nLevels) { signal private input secret; signal private input nullifier; signal private input oldKey; + signal private input oldValue; signal private input siblingsOld[nLevels]; signal private input siblingsNew[nLevels]; signal input rootOld; signal input rootNew; signal input commitment; + signal input key; component hash = Poseidon(4, 6, 8, 57); hash.inputs[0] <== coinCode; hash.inputs[1] <== amount; hash.inputs[2] <== secret; - hash.inputs[3] <== nullifier; + hash.inputs[3] <== nullifier; // nullifier component comCheck = IsEqual(); comCheck.in[0] <== hash.out; @@ -64,10 +66,10 @@ template Deposit(nLevels) { } /* smtOld.oldKey <== 1; */ smtOld.oldKey <== oldKey; - smtOld.oldValue <== 0; + smtOld.oldValue <== oldValue; smtOld.isOld0 <== 0; - smtOld.key <== hash.out; - smtOld.value <== 0; + smtOld.key <== key; + smtOld.value <== hash.out; component smtNew = SMTVerifier(nLevels); smtNew.enabled <== 1; @@ -79,8 +81,8 @@ template Deposit(nLevels) { smtNew.oldKey <== 0; smtNew.oldValue <== 0; smtNew.isOld0 <== 0; - smtNew.key <== hash.out; - smtNew.value <== 0; + smtNew.key <== key; + smtNew.value <== hash.out; } component main = Deposit(5); diff --git a/circuits/withdraw.circom b/circuits/withdraw.circom index 8d460bf..ed787cf 100644 --- a/circuits/withdraw.circom +++ b/circuits/withdraw.circom @@ -36,6 +36,7 @@ template Withdraw(nLevels) { signal private input siblings[nLevels]; signal input root; signal input address; + signal private input key; component hash = Poseidon(4, 6, 8, 57); hash.inputs[0] <== coinCode; @@ -57,8 +58,8 @@ template Withdraw(nLevels) { smtV.oldKey <== 0; smtV.oldValue <== 0; smtV.isOld0 <== 0; - smtV.key <== hash.out; - smtV.value <== 0; + smtV.key <== key; + smtV.value <== hash.out; } component main = Withdraw(5); diff --git a/contracts/Miksi.sol b/contracts/Miksi.sol index ff6727e..78eb249 100644 --- a/contracts/Miksi.sol +++ b/contracts/Miksi.sol @@ -7,6 +7,7 @@ contract Miksi { DepositVerifier dVerifier; WithdrawVerifier wVerifier; + uint256 key = 0; uint256 amount = uint256(1000000000000000000); uint256 root ; uint256[] commitments; @@ -15,7 +16,7 @@ contract Miksi { constructor( address _depositVerifierContractAddr, address _withdrawVerifierContractAddr) public { dVerifier = DepositVerifier(_depositVerifierContractAddr); wVerifier = WithdrawVerifier(_withdrawVerifierContractAddr); - root = uint256(11499909227292257605992378629333104385616480982267969744564817844870636870870); + root = uint256(7191590165524151132621032034309259185021876706372059338263145339926209741311); } function deposit( @@ -26,22 +27,24 @@ contract Miksi { uint[2] memory c ) public payable { // check root state transition update with zkp - uint256[5] memory input = [ + uint256[6] memory input = [ 0, msg.value, root, // rootOld _root, // rootNew - _commitment + _commitment, + key+1 ]; require(dVerifier.verifyProof(a, b, c, input), "zkProof deposit could not be verified"); require(msg.value==amount, "value should be 1 ETH"); // this can be flexible with a wrapper with preset fixed amounts commitments.push(_commitment); root = _root; + key += 1; } - function getCommitments() public view returns (uint256[] memory, uint256) { - return (commitments, root); + function getCommitments() public view returns (uint256[] memory, uint256, uint256) { + return (commitments, root, key+1); } function withdraw( diff --git a/contracts/deposit-verifier.sol b/contracts/deposit-verifier.sol index da04afb..17e2760 100644 --- a/contracts/deposit-verifier.sol +++ b/contracts/deposit-verifier.sol @@ -174,17 +174,18 @@ contract DepositVerifier { DepositPairing.G1Point C; } function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alfa1 = DepositPairing.G1Point(4690052268710270598869542532809702456418003799694536273077130369652196429884,9145902013599810527210227446448286424172036724970647907168421870847502009945); - vk.beta2 = DepositPairing.G2Point([16623062689690044255750716956401317560821762623856422123246403067057225130588,14652078637219990978821431784894112719594629514313306953371073983618015546541], [676307836452309210538606902645077301940331422390550491696691282441239090551,10369757414475454684684292675796821047567632748417978318178776038061059658326]); - vk.gamma2 = DepositPairing.G2Point([16528273881363574239250709218131920578661276173856341283262670072792844980215,6787263438752395682957935213403119833234411728635969992478064476167401704867], [5274450027585795927175443590954483941244906290165165924583130738506736130942,3392062216862930269651390569850019803754187174311810728530683507098775212357]); - vk.delta2 = DepositPairing.G2Point([17494603128862092548460623189930936969297925345032047648552416238816792961152,10402239940545833330287339048137499178728329705094695706126321196019762386747], [6175570631583630130350739728971333086849468117273142369720724145166167909214,20067049654764111179832549405286061192607773249291087398308936796066289541314]); - vk.IC = new DepositPairing.G1Point[](6); - vk.IC[0] = DepositPairing.G1Point(12697195619443882847721561991615544069218791667870821589914853846794238615885,18011435976524410295453245674507929643029222984348817278231712383283229915782); - vk.IC[1] = DepositPairing.G1Point(20324524778567704633470845008079551007952919835272398568401853167438653396525,8061504440558567975766943783054577602934521477527864647610640054521787242724); - vk.IC[2] = DepositPairing.G1Point(13332163378649502560807390864020561151254011879905389699984218750502394665905,4286598055677625399864995783940420134575107187974587372574457085466044561759); - vk.IC[3] = DepositPairing.G1Point(10175138903387311357088170792861518054422766016077544491949838159573444744976,16570515458939310802788756001103880353070070639900081360517205384175233432226); - vk.IC[4] = DepositPairing.G1Point(3298627468931988714290186736998190106240510584555740172431361939625148350723,10415330389886845959598036431340102923398308416032482557275534081287380793067); - vk.IC[5] = DepositPairing.G1Point(16030968253618323807449863533252146464206835591288004165377534537620304134907,6223567249648011787592835059978931866773091863735841649895374018321000148662); + vk.alfa1 = DepositPairing.G1Point(18695173155707885922021631283033755535591418672197129614467100440698872763407,1626506100460323286733991395349100178389097370543005429942370444444167817065); + vk.beta2 = DepositPairing.G2Point([7298930152319519678724671205658347486392659569051487272914904218878630422004,20278804400136230600016602729050494456082496665552956593575216136952301465879], [14400234736726653666673256209185515676662403987927981307851255786137918403808,202061819848056105351629960337366504214917264758439266970901420364923813257]); + vk.gamma2 = DepositPairing.G2Point([88902560478033838314004667971746300540170455168011513957934457035035362077,10509682790371697523911222284395334237969554461187168055951064284438196928133], [262372519755819494139123390519431075073514105365767199648231997477378997038,9903995889180920976180540681258851480387134172307619545103102622070424881278]); + vk.delta2 = DepositPairing.G2Point([19749667459894634917871046338432887676262288965549093528649050450724219163245,13756931459128709749559820929305092888983958863551084787825233693015050987062], [20576516057444847821805169435613033091289908065519785381540290141111162328929,15244981401483924012411101359641406633223142876027993598824472316124280834070]); + vk.IC = new DepositPairing.G1Point[](7); + vk.IC[0] = DepositPairing.G1Point(2000117758538561750953181437087792909020385452287399464015848728440127592389,275875173722294745606860506515174747141273674463415300932791922897441449811); + vk.IC[1] = DepositPairing.G1Point(4176102879547484253346821261893297661469569413245667250587796973056187219608,1926060395020061418051275655183984440402034736270275535768335121260270447114); + vk.IC[2] = DepositPairing.G1Point(8176255402316361002530601013228562072839156358144426319604813511766758290537,19255649988335327919495695859359269216762287298096174272638221716012315581350); + vk.IC[3] = DepositPairing.G1Point(20944119614073443108911839024077113785116860484550901273175814017528952294710,15941356189224733186425469351312052553223296343229173777927394845664358416828); + vk.IC[4] = DepositPairing.G1Point(16474742653420689694601265238954907093607463298284817604813422283427863653617,9311356062394012318240362122996250765056867942021818814568734196480690247200); + vk.IC[5] = DepositPairing.G1Point(12016269570988993052956789433371861013003194299504564318255744188658097042633,18130086499603245000319550360003638349858422145937471155520725380017515910661); + vk.IC[6] = DepositPairing.G1Point(14992989709522098533999247134336293504761296073753622771564136461571770746835,8331491724814987424742621582227793410739471354578262538342699991611045759814); } function verify(uint[] memory input, Proof memory proof) internal view returns (uint) { @@ -210,7 +211,7 @@ contract DepositVerifier { uint[2] memory a, uint[2][2] memory b, uint[2] memory c, - uint[5] memory input + uint[6] memory input ) public view returns (bool r) { Proof memory proof; proof.A = DepositPairing.G1Point(a[0], a[1]); diff --git a/contracts/withdraw-verifier.sol b/contracts/withdraw-verifier.sol index c9208a4..98e1e04 100644 --- a/contracts/withdraw-verifier.sol +++ b/contracts/withdraw-verifier.sol @@ -174,17 +174,17 @@ contract WithdrawVerifier { WithdrawPairing.G1Point C; } function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alfa1 = WithdrawPairing.G1Point(13125964035345732513320606972223597271702849498706862906431560515196316741541,2743237172859524479647981525721821119820168209195336069832075995585988365216); - vk.beta2 = WithdrawPairing.G2Point([2669112095067980506727873345758867054347466312660021806636272987760660828849,14539491114301519973242319011485401150263667232078179655062833197913312500017], [11720061635178934637313951615051060311580364580444053837400914945552182061616,2177765169672031700082566520171740120321696910335776288543190901344722545410]); - vk.gamma2 = WithdrawPairing.G2Point([10917104788485395001839994387809646569218736354722844653893803100190554724907,7478437791943783449531717383744438552168785436031321431732103220558102742468], [14238787877319603173234096439758621306673382329766962364233031837910870237536,10502637950741476389590969419560058151857179703312600335067455738743909083958]); - vk.delta2 = WithdrawPairing.G2Point([11073954909083264728700321333863259614089048106992800121105800848198886470375,14812237089106501466576017780356417002388876842333510442550104527732748120622], [17635776349801663084503912927095921433092564181571541546104162053167176565421,27998176086381233961153068490868928492606872937787873022612510202839716507]); + vk.alfa1 = WithdrawPairing.G1Point(10461708735553443176992732459814962577655306635753492245435095461770754609206,17170070190117362250052226704107651880175572987936980166979072370846071276566); + vk.beta2 = WithdrawPairing.G2Point([11084164661947067228695984420449497565302107485274732922694018877422637260948,14768196651755007408254022498360029528155122429952581228808458847305698486036], [21804606851539124842853838093984466542476538467493989613050132455132951994121,1861720569920484390282049349437713344652903656767554167309156051148865987563]); + vk.gamma2 = WithdrawPairing.G2Point([9706265884453026747036821224300582108519975058422630973848693287593728789837,5514760811545236654037526142877016941373586932537660711868264285004769174888], [14491809303075760609694333332967923981527717776009730567611199650481234125548,12129581260877191822815335682707682434919070096035795484939038493639252524617]); + vk.delta2 = WithdrawPairing.G2Point([16890371933892859364017140187474707868747433731104663205146192533825447514505,21399578739239166683287431604946765321077367409391376717538684282829150225976], [8842639902446623294657089461047982654757172648192937200077646586006331774863,18487165336340965321051036729791768485990613323135528024606788207720211920031]); vk.IC = new WithdrawPairing.G1Point[](6); - vk.IC[0] = WithdrawPairing.G1Point(7491469026033918642677753652819151318339809973344463260827293357803586754235,4395946869661103322863744384786121261968956085472500963739363200632751346458); - vk.IC[1] = WithdrawPairing.G1Point(15792971708971548807702008065816978287582873199570212151763666852711881685748,20015547917924502689826594351540769795386333462562793050625401907390132405289); - vk.IC[2] = WithdrawPairing.G1Point(793110436159598650905223468298132112327901373645402348921311553793588112899,14932167562920745456386464748315950361167693788066386103439968740538587455112); - vk.IC[3] = WithdrawPairing.G1Point(3599763262227997054360288324315679176821090066709181138105454315553755125997,4842799741086852072636969222133537228560778966327440675220863187433692844579); - vk.IC[4] = WithdrawPairing.G1Point(1332654856961752997984248173858188249144320018346121854916888456163273080288,18357171701145993355281642916301559974565034917797021528848570764297806434641); - vk.IC[5] = WithdrawPairing.G1Point(12178090359527457673534455683642890230743486788471599510120235645318440790942,14955354663406965918722091973717855430180824697349764743374253473894681342412); + vk.IC[0] = WithdrawPairing.G1Point(10682120661229048274949364949968842843395989293050982446578990269399782749953,1990964813812662139462300927859607978511478023403957963432885533764658033890); + vk.IC[1] = WithdrawPairing.G1Point(19858805194844516511519307221183024963657395449667106116942848839464106278308,14007050627405719561074645119613087016962000876415739087812187315207916912886); + vk.IC[2] = WithdrawPairing.G1Point(21012689485487519157247991544697647278544236668403782222712353518350961502559,2452121773666466264963717054681755250351950870974950586177089269810623349820); + vk.IC[3] = WithdrawPairing.G1Point(21777835995512453624376343196859713839817688740670494291073772535091042372431,14230131375167768135013466989061198415649711922017749764614481281052630561040); + vk.IC[4] = WithdrawPairing.G1Point(18224309327975275226135927148877460666894066703361312842594398634528579211246,1805137703259464346304717616574612959020983663951806398290027184756994095101); + vk.IC[5] = WithdrawPairing.G1Point(6680422453531132615016449106377746942927034063013504561878935989154670779439,21031511412360362734553233505420357520515690946654736114154923572533964087548); } function verify(uint[] memory input, Proof memory proof) internal view returns (uint) { diff --git a/test/circuits/deposit.test.ts b/test/circuits/deposit.test.ts index 8c7a7d8..589f627 100644 --- a/test/circuits/deposit.test.ts +++ b/test/circuits/deposit.test.ts @@ -42,10 +42,10 @@ describe("deposit test", function () { }; console.log("siblingsOld", siblingsOld); - await tree.insert(commitment, 0); + await tree.insert(2, commitment); let rootNew = tree.root; - res = await tree.find(commitment); + res = await tree.find(2); // console.log(res); assert(res.found); let siblingsNew = res.siblings; @@ -62,11 +62,13 @@ describe("deposit test", function () { "secret": secret, "nullifier": nullifier, "oldKey": "1", + "oldValue": "0", "siblingsOld": siblingsOld, "siblingsNew": siblingsNew, "rootOld": rootOld, "rootNew": rootNew, - "commitment": commitment + "commitment": commitment, + "key": 2 }); await circuit.checkConstraints(witness); }); diff --git a/test/circuits/withdraw.test.ts b/test/circuits/withdraw.test.ts index 40c3939..d5a227d 100644 --- a/test/circuits/withdraw.test.ts +++ b/test/circuits/withdraw.test.ts @@ -29,11 +29,11 @@ describe("withdraw test", function () { // add commitment into SMT let tree = await smt.newMemEmptyTrie(); - await tree.insert(commitment, 0); await tree.insert(1, 0); - await tree.insert(2, 0); + await tree.insert(2, commitment); + await tree.insert(3, 0); console.log("root", tree.root); - const res = await tree.find(commitment); + const res = await tree.find(2); assert(res.found); let siblings = res.siblings; while (siblings.length < nLevels) { @@ -50,7 +50,8 @@ describe("withdraw test", function () { "nullifier": nullifier, "siblings": siblings, "root": root, - "address": "987654321" + "address": "987654321", + "key": 2 }); await circuit.checkConstraints(witness); }); diff --git a/test/contracts/miksi.test.ts b/test/contracts/miksi.test.ts index 1a5c0e7..5de21cd 100644 --- a/test/contracts/miksi.test.ts +++ b/test/contracts/miksi.test.ts @@ -26,6 +26,7 @@ const nullifier = ["567891234", "432198765", "321"]; let commitment = []; let tree; let oldKey = []; +let oldValue = []; let siblingsOld = []; let siblingsNew = []; let rootOld = []; @@ -34,6 +35,7 @@ let rootNew = []; let proof = []; let publicSignals = []; let commitmentsArray = []; +let currKey=0; let u = 0; contract("miksi", (accounts) => { @@ -60,12 +62,12 @@ contract("miksi", (accounts) => { expect(balance_wei).to.be.equal('100000000000000000000'); tree = await smt.newMemEmptyTrie(); - await tree.insert(1, 0); + await tree.insert(currKey, 0); await computeTree(0); - expect(rootOld[0].toString()).to.be.equal('11499909227292257605992378629333104385616480982267969744564817844870636870870'); - expect(rootNew[0].toString()).to.be.equal('9328869343897770565751281504295758914771207504252217956739346620422361279598'); + expect(rootOld[0].toString()).to.be.equal('7191590165524151132621032034309259185021876706372059338263145339926209741311'); + // expect(rootNew[0].toString()).to.be.equal('9328869343897770565751281504295758914771207504252217956739346620422361279598'); }); it("Make first deposit", async () => { @@ -90,21 +92,22 @@ contract("miksi", (accounts) => { // expect(res[1].toString()).to.be.equal('9328869343897770565751281504295758914771207504252217956739346620422361279598'); console.log(res[0]); commitmentsArray[0] = res[0]; + currKey = res[2]; }); it("Rebuild the tree from sc commitments", async () => { let treeTmp = await smt.newMemEmptyTrie(); - await treeTmp.insert(1, 0); + await treeTmp.insert(0, 0); for (let i=0; i { - await genZKProof(0, addr2); - await genZKProof(1, addr4); - await genZKProof(2, addr4); + await genZKProof(0, addr2, "1"); + await genZKProof(1, addr4, "2"); + await genZKProof(2, addr4, "3"); }); it("Try to use the zkProof with another address and get revert", async () => { @@ -157,24 +160,31 @@ async function computeTree(u) { // deposit // add commitment into SMT + // console.log("currKey", currKey); rootOld[u] = tree.root; - const resC = await tree.find(commitment[u]); + const resC = await tree.find(currKey+1); assert(!resC.found); - oldKey[u] = "1"; + oldKey[u] = "0"; + oldValue[u] = "0"; if (!resC.found) { oldKey[u] = resC.notFoundKey.toString(); + oldValue[u] = resC.notFoundValue.toString(); } + // console.log(oldValue[u]); + // console.log("FIND", resC); siblingsOld[u] = resC.siblings; while (siblingsOld[u].length < nLevels) { siblingsOld[u].push("0"); }; - await tree.insert(commitment[u], 0); + await tree.insert(currKey+1, commitment[u]); rootNew[u] = tree.root; + currKey += 1; + // console.log("currKey", currKey); } async function makeDeposit(u, addr) { - const resC = await tree.find(commitment[u]); + const resC = await tree.find(currKey); assert(resC.found); siblingsNew[u] = resC.siblings; while (siblingsNew[u].length < nLevels) { @@ -189,11 +199,13 @@ async function makeDeposit(u, addr) { "secret": secret[u], "nullifier": nullifier[u], "oldKey": oldKey[u], + "oldValue": oldValue[u], "siblingsOld": siblingsOld[u], "siblingsNew": siblingsNew[u], "rootOld": rootOld[u], "rootNew": rootNew[u], - "commitment": commitment[u] + "commitment": commitment[u], + "key": currKey }); const options = {}; // console.log("Calculate witness"); @@ -210,7 +222,7 @@ async function makeDeposit(u, addr) { publicSignals[u] = res.publicSignals; const verificationKey = unstringifyBigInts(JSON.parse(fs.readFileSync("./build/deposit-verification_key.json", "utf8"))); - let pubI = unstringifyBigInts([coinCode, amount, rootOld[u].toString(), rootNew[u].toString(), commitment[u]]); + let pubI = unstringifyBigInts([coinCode, amount, rootOld[u].toString(), rootNew[u].toString(), commitment[u], currKey]); let validCheck = groth.isValid(verificationKey, proof[u], pubI); assert(validCheck); await insMiksi.deposit( @@ -227,8 +239,8 @@ async function makeDeposit(u, addr) { } -async function genZKProof(u, addr) { - const resC = await tree.find(commitment[u]); +async function genZKProof(u, addr, k) { + const resC = await tree.find(k); assert(resC.found); let siblings = resC.siblings; while (siblings.length < nLevels) { @@ -245,7 +257,8 @@ async function genZKProof(u, addr) { "nullifier": nullifier[u], "siblings": siblings, "root": tree.root, - "address": addr + "address": addr, + "key": k }); const options = {}; // console.log("Calculate witness");