diff --git a/circuits/deposit.circom b/circuits/deposit.circom index 4f5c6ad..ce414e5 100644 --- a/circuits/deposit.circom +++ b/circuits/deposit.circom @@ -2,22 +2,29 @@ # deposit.circom - +----------+ +----------+ -PUB_nullifier+------>+ | | | - | | | SMT | -PUB_coinCode+------->+ | | Poseidon +<------+PUB_rootOld - | Poseidon +-+----------->+ Verifier | -PUB_amount+--------->+ | | | Non | - | | | | Existance+<------+PRI_siblings -PRI_secret+--------->+ | | | | + - +----------+ | +----------+ | - | | - | | - | +----------+ | - | | | | - | | | | - +----+ | | SMT +<---------+ -PUB_commitment+----> == +<--------+----------->+ Poseidon | + +----------+ + | | +PRI_secret+--------->+ Poseidon +<----+PUB_key + | | | + + | +----------+ | + | nullifier | + | + | + | | | +----------+ + | v | | | + | +----+-----+ +---->+ SMT | + +--------->+ | | Poseidon +<------+PUB_rootOld + | +-----+------->+ Verifier | +PUB_coinCode+------->+ Poseidon | | | Non | + | | | | Existance+<------+PRI_siblings +PUB_amount+--------->+ | | | | + + +----------+ | +----------+ | + | | + | | + | +----------+ | + | | | | + | | | | + +----+ | | SMT +<---------+ +PUB_commitment+----> == +<------------+------->+ Poseidon | +----+ | Verifier | | +<------+PUB_rootNew | | @@ -34,7 +41,6 @@ template Deposit(nLevels) { signal input coinCode; signal input amount; signal private input secret; - signal private input nullifier; signal private input oldKey; signal private input oldValue; signal private input siblingsOld[nLevels]; @@ -44,11 +50,15 @@ template Deposit(nLevels) { signal input commitment; signal input key; + component nullifierCmp = Poseidon(2, 6, 8, 57); + nullifierCmp.inputs[0] <== key; + nullifierCmp.inputs[1] <== secret; + component hash = Poseidon(4, 6, 8, 57); hash.inputs[0] <== coinCode; hash.inputs[1] <== amount; hash.inputs[2] <== secret; - hash.inputs[3] <== nullifier; // nullifier + hash.inputs[3] <== nullifierCmp.out; // nullifier component comCheck = IsEqual(); comCheck.in[0] <== hash.out; @@ -106,5 +116,3 @@ template Deposit(nLevels) { smtNew.key <== key; smtNew.value <== hash.out; } - -/* component main = Deposit(17); // 16 real levels (due circom leaf protection) */ diff --git a/circuits/withdraw.circom b/circuits/withdraw.circom index 73cc57a..d079fc1 100644 --- a/circuits/withdraw.circom +++ b/circuits/withdraw.circom @@ -4,21 +4,27 @@ WARNING: WIP, very initial version of the miksi circuit - - -----------+ +----------+ -PUB_nullifier+------>+ | | | - | | | | -PUB_coinCode+------->+ | | SMT +<------+PRI_siblings - | Poseidon +------------->+ Poseidon | -PUB_amount+--------->+ | | Verifier | - | | | +<------+PUB_root -PRI_secret+--------->+ | | | + - +----------+ +----------+ | - | - | - +----+ +----+ | - PUB_address+--->+ != +<-------+0+------>+ != +<-------+ - +----+ +----+ + +----------+ + | | +PRI_secret+--------->+ Poseidon +<------+PRI_key+---------+ + | | | | + | +----------+ +----+ | + | nullifier+----->+ != +<-----+0 | + | + +----+ v + | | +--+-------+ + | v | | + | +-----+----+ | | + +--------->+ | | SMT +<------+PRI_siblings + | +--------------------->+ Poseidon | +PUB_coinCode+------->+ Poseidon | | Verifier | + | | | +<------+PUB_root +PUB_amount+--------->+ | | | + + +----------+ +----------+ | + | + | + +----+ +----+ | + PUB_address+--->+ != +<-------+0+-------------->+ != +<-------+ + +----+ +----+ @@ -38,11 +44,20 @@ template Withdraw(nLevels) { signal input address; signal private input key; + component nullifierCmp = Poseidon(2, 6, 8, 57); + nullifierCmp.inputs[0] <== key; + nullifierCmp.inputs[1] <== secret; + + component nullifierCheck = IsEqual(); + nullifierCheck.in[0] <== nullifierCmp.out; + nullifierCheck.in[1] <== nullifier; + nullifierCheck.out === 1; + component hash = Poseidon(4, 6, 8, 57); hash.inputs[0] <== coinCode; hash.inputs[1] <== amount; hash.inputs[2] <== secret; - hash.inputs[3] <== nullifier; + hash.inputs[3] <== nullifierCmp.out; component z = IsZero(); z.in <== address; @@ -61,5 +76,3 @@ template Withdraw(nLevels) { smtV.key <== key; smtV.value <== hash.out; } - -/* component main = Withdraw(17); // 16 real levels (due circom leaf protection) */ diff --git a/contracts/deposit-verifier.sol b/contracts/deposit-verifier.sol index 3e681cf..b5e4e19 100644 --- a/contracts/deposit-verifier.sol +++ b/contracts/deposit-verifier.sol @@ -174,18 +174,18 @@ contract DepositVerifier { DepositPairing.G1Point C; } function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alfa1 = DepositPairing.G1Point(6252279943948821612875254485822400771880244748647402468559313390659426369211,14613992641366395519215313033197052494675205790791681942712524672663717445198); - vk.beta2 = DepositPairing.G2Point([8815707221276583891078115500662413295646422001003116635595393183791263464666,2419345326742699182992664780905159492965802671871300884928909939820530848387], [13802188444049362002223101887345226877142883308911663519491915021252904802728,8432022027118506252472861389475505702286644933376629310815925957781079388244]); - vk.gamma2 = DepositPairing.G2Point([406780534454176465129277539913777571896656479994247886563898597395429608191,8553686745430855428347818111461857703407929988498137065162278041029533501400], [10853405844969955843420851706686864381784815223125536658953775544597422525149,16970177376889915166884914612008041178398555620271753364587667807183773056978]); - vk.delta2 = DepositPairing.G2Point([17774593393920734301044375457515456063884202391938358455667100316292620932619,652992445536380252856758894184970383216921565250275732529612554514615486705], [8565671556084260686055251361834646248751758478811415108547802639098436142689,13627472961242110255971086079899697279073175536722168875617347642947908794476]); + vk.alfa1 = DepositPairing.G1Point(1258740466619721561764848263868948885256868728083361044431705704250200328469,21429540617461013763355995827369015728574005711708554964620455716559845665960); + vk.beta2 = DepositPairing.G2Point([1970073964470939152021048511578236383128106002002646214631675246653310717957,12712064789215987207311676617832240483534887569403229725706661660234806079568], [6870389010384618580426191051449467588139581765956292544372582938359353782255,6848532171529839105686210172312789080165730008667873614736656943070291514440]); + vk.gamma2 = DepositPairing.G2Point([13025863801027866036957367957812995765980137647543971093801580955580158571874,20814717907036542939719692573804299830237034748270287956482979656634810999797], [16865748738430061541889111484860607300264882791091260395585977539280926944744,6582452541423888885538277642620939176084115646218892470412691713075803269496]); + vk.delta2 = DepositPairing.G2Point([2706422800377368885835489037908110628648159507031013921848827952225418230859,10128511868105727233071317029928430873590267714292386130186788090735888000654], [9307796408359964981598578123726621566221091904060802593884747535035317267698,10229229177642547369193569171638060693529620333185044332089881198521466285102]); vk.IC = new DepositPairing.G1Point[](7); - vk.IC[0] = DepositPairing.G1Point(10428563448506003955350846849697024823467951195979510170085385051366494122630,2001368486752884718033076277913854180721154412880313561543985388032034832578); - vk.IC[1] = DepositPairing.G1Point(4128122503032922060195529775123411053757718861576733396781404734329175129810,10674578892367272724467858279423956771312053469141701790449967683133025637132); - vk.IC[2] = DepositPairing.G1Point(19773281464520362843244450371118225183481659515807020952674214520191343536792,15379009728817649289524197508360737263801583612474597112384517352187225280313); - vk.IC[3] = DepositPairing.G1Point(14445852532044159873734129156753952133803550608446385223251919704854960384859,7077329911841232859880292933329532486425877098134111290548060164729473197615); - vk.IC[4] = DepositPairing.G1Point(21203069170036177324269770159791288324714871209409930031741364108474535151841,8265986849104087053031541158247678629561167271267822543600920475259735501627); - vk.IC[5] = DepositPairing.G1Point(7815738803719288008965544439519375118301374923131249465167234012095974108078,14621864468590078300113893865387457049678236814266039911309734278145027746551); - vk.IC[6] = DepositPairing.G1Point(8935039868766995891455796224784160256067346799724853938828138135035767086643,904657175184727805046626884361174202421281696337758135233214084380356026332); + vk.IC[0] = DepositPairing.G1Point(8397052292217400695143537066445367917145410240792913306851228502454937821366,12671160300014072845850036020940585445323243765280661661695708986287317615875); + vk.IC[1] = DepositPairing.G1Point(6596045848853057767878231551177724402312499873808498125139673743823045037250,7534954341042032271738328495861493195651777182379101357540540106554292796757); + vk.IC[2] = DepositPairing.G1Point(4901276071960695759302493242818574371230833857454046609753730934715589681877,13809211544158082674160387144353489098197497336900883805464212924786897695399); + vk.IC[3] = DepositPairing.G1Point(2284803743046947681824176654599433605185583055184533094933575326747068384159,2284200205123294415907017338355314014204105239362681972585077325269318233489); + vk.IC[4] = DepositPairing.G1Point(21716095221104104663235558033723097977851973293891360765306880852225906302195,18269386656024591769800450266310198804152899431728523144697352898486771309144); + vk.IC[5] = DepositPairing.G1Point(4423411107516450238605209094503652145439393246493785143531883737456094986038,12516994610092142480164396204315951248730163354266253105562761854742484119787); + vk.IC[6] = DepositPairing.G1Point(7796439859607328142065987214031690144742541126385291233968361100031127756853,21735884364940330079209527729232705812864156681957672956585478889553770695530); } function verify(uint[] memory input, Proof memory proof) internal view returns (uint) { diff --git a/contracts/withdraw-verifier.sol b/contracts/withdraw-verifier.sol index 974135a..c43deea 100644 --- a/contracts/withdraw-verifier.sol +++ b/contracts/withdraw-verifier.sol @@ -174,17 +174,17 @@ contract WithdrawVerifier { WithdrawPairing.G1Point C; } function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alfa1 = WithdrawPairing.G1Point(4297056733213219859343595902911474212531679066691174515518566289296862448444,4118210981440029225166132201111655761091977199270131833660894679466015902790); - vk.beta2 = WithdrawPairing.G2Point([8432401178610715017522187095017141452256968060720655001943681144704681203162,20225339942421781890739814367503015805021408029816534384568975989447323618511], [4834758580575986670881233088235906918937658419326998231175019058718340643738,18563021167708801438919497910470781384291873402945244720127030262991586019354]); - vk.gamma2 = WithdrawPairing.G2Point([12216917316860064359319225214672707506982145717785585352407055318045791852406,16166539837790779483464664514892121904759368139188876537264973277846536919241], [20490357584101774634267615913836176478875767727346317112419586614764063234950,16010134726469276935755880346958799379053190723590701758427883606793091122235]); - vk.delta2 = WithdrawPairing.G2Point([10474213958708183921155086977680302183767751804928195354437737122452000530775,9773108273173417325339709698942421365637766622753869523317186054233667618378], [16147854964572048164082375837809824945742203950104688071859656285754596010250,11100262415558015426093541731679959772584136240842322421838884270434696620945]); + vk.alfa1 = WithdrawPairing.G1Point(11409068853756798814936124347751329073714060701740446597478422218560206445758,16307887919185411074461162514565293539798560629762151895981933912918907095458); + vk.beta2 = WithdrawPairing.G2Point([7251220013464197846241844721359309776896763036272826930712901410316354650148,14916303478359187735015641670440403429698869473868729048212546922914077002474], [18211498819199508460251069486886384399731840516685342748931656167756056543712,8874050391988730461899098188033396090287848116848581254042468820295115019769]); + vk.gamma2 = WithdrawPairing.G2Point([18243312913217582213671285532303762373614349407613660426190623713836205041234,8002499263366987790694142114137942554246563360100993171567470892470253717715], [5101789453622522636051816103606254513585817263100408629732625784631019392110,11103980668176400594372381484148071708850113352167680748055027633945382594250]); + vk.delta2 = WithdrawPairing.G2Point([16098761043629001805465286169491044916675831324018099734204712260649588341703,19769730035350773990203390501439447961424668221404762178293701706197745545740], [8688701351437626790357916288760375351147435444896067675241357486671215251369,8455256066870861595443543932211829056699959252725383991522357896994317226602]); vk.IC = new WithdrawPairing.G1Point[](6); - vk.IC[0] = WithdrawPairing.G1Point(12549035287950018826389227128124648821309642448046081194740867551414746445936,16568684014919445974100333544046090587350141595344577637675040655062709518493); - vk.IC[1] = WithdrawPairing.G1Point(12115083684378263354532293492903135977611827458752142958704830075120237564442,20870100634266963726587012268331775772515090702290901068079447765002759133309); - vk.IC[2] = WithdrawPairing.G1Point(5812745461009917344575852755312885578454227891300545343869244275304038771554,20292323840549344370214519296853977558551052789143029493431728787305104927396); - vk.IC[3] = WithdrawPairing.G1Point(4547260115459198012764009325266310410529115043680958732580932197784570644367,10715056277994978617773043139980635251314875156509544440091005842529235092175); - vk.IC[4] = WithdrawPairing.G1Point(1917397956416751861666133718730009968886977460807568824355482458793905843210,3701368891299580862131264739399266552453491844311287913354184906669407062679); - vk.IC[5] = WithdrawPairing.G1Point(9794226343300072560298373762652188441793658526495383382310165666486106285885,13609131229374196873721534431966454573967113169445854598703174909986898964199); + vk.IC[0] = WithdrawPairing.G1Point(2196244256820986567690679996736462451552129559361830175635841659301698130240,165089131243676339464114487098255787822583319468395307669959484414351728542); + vk.IC[1] = WithdrawPairing.G1Point(17268765234743108265652438016645776441257441044491122918862662638109371886622,16271655515517205557815838795170378396691506771170200642570141877418298560999); + vk.IC[2] = WithdrawPairing.G1Point(2948780275473397242543570881784329151300936590175851800649409338551940794103,7459991620945381798521094109942977024582184419006796838077427417326367418494); + vk.IC[3] = WithdrawPairing.G1Point(14126068401014488583026867986497891029401323572850638120219902210320665079121,12837383067484111352928338327694584489849366255365568904250423854761877284524); + vk.IC[4] = WithdrawPairing.G1Point(4035053269905941448869990955467912804643642147479323759450659886610920901687,16351688143022086978492392339555394524864154460935065484258649758201836006417); + vk.IC[5] = WithdrawPairing.G1Point(18802458565488979046369094260543220868642937974211915451306988597267942099055,12108624098056255328526306317129377211653789160060445574749682563859873858540); } function verify(uint[] memory input, Proof memory proof) internal view returns (uint) { diff --git a/dist/miksi-browser.js b/dist/miksi-browser.js index 785647b..c64dd7a 100644 --- a/dist/miksi-browser.js +++ b/dist/miksi-browser.js @@ -76304,14 +76304,16 @@ exports.randBigInt = () => { return Fr.random(); }; -exports.calcCommitment = (secret, nullifier) => { +exports.calcCommitment = (key, secret) => { const poseidon = circomlib.poseidon.createHash(6, 8, 57); + const nullifier = poseidon([key, secret]).toString(); const commitment = poseidon([coinCode, amount, secret, nullifier]).toString(); return commitment; }; -exports.calcDepositWitness = async (wasm, secret, nullifier, commitments, key) => { +exports.calcDepositWitness = async (wasm, key, secret, commitments) => { const poseidon = circomlib.poseidon.createHash(6, 8, 57); + const nullifier = poseidon([key, secret]).toString(); const commitment = poseidon([coinCode, amount, secret, nullifier]).toString(); console.log("PROVA", poseidon([key, commitment]).toString()); @@ -76403,8 +76405,9 @@ exports.calcDepositWitness = async (wasm, secret, nullifier, commitments, key) = }; } -exports.calcWithdrawWitness = async (wasm, secret, nullifier, commitments, addr, key) => { +exports.calcWithdrawWitness = async (wasm, key, secret, commitments, addr) => { const poseidon = circomlib.poseidon.createHash(6, 8, 57); + const nullifier = poseidon([key, secret]).toString(); const commitment = poseidon([coinCode, amount, secret, nullifier]).toString(); // rebuild the tree diff --git a/migrations/1_initial_migration.js b/migrations/1_initial_migration.js index 9629336..3835c6a 100644 --- a/migrations/1_initial_migration.js +++ b/migrations/1_initial_migration.js @@ -1,4 +1,4 @@ -var Migrations = artifacts.require("./contracts/helpers/Migrations.sol"); +var Migrations = artifacts.require("./test/build/helpers/Migrations.sol"); module.exports = function(deployer) { deployer.deploy(Migrations); diff --git a/src/miksi.ts b/src/miksi.ts index 6716044..baf629e 100644 --- a/src/miksi.ts +++ b/src/miksi.ts @@ -19,14 +19,16 @@ exports.randBigInt = () => { return Fr.random(); }; -exports.calcCommitment = (secret, nullifier) => { +exports.calcCommitment = (key, secret) => { const poseidon = circomlib.poseidon.createHash(6, 8, 57); + const nullifier = poseidon([key, secret]).toString(); const commitment = poseidon([coinCode, amount, secret, nullifier]).toString(); return commitment; }; -exports.calcDepositWitness = async (wasm, secret, nullifier, commitments, key) => { +exports.calcDepositWitness = async (wasm, key, secret, commitments) => { const poseidon = circomlib.poseidon.createHash(6, 8, 57); + const nullifier = poseidon([key, secret]).toString(); const commitment = poseidon([coinCode, amount, secret, nullifier]).toString(); console.log("PROVA", poseidon([key, commitment]).toString()); @@ -118,8 +120,9 @@ exports.calcDepositWitness = async (wasm, secret, nullifier, commitments, key) = }; } -exports.calcWithdrawWitness = async (wasm, secret, nullifier, commitments, addr, key) => { +exports.calcWithdrawWitness = async (wasm, key, secret, commitments, addr) => { const poseidon = circomlib.poseidon.createHash(6, 8, 57); + const nullifier = poseidon([key, secret]).toString(); const commitment = poseidon([coinCode, amount, secret, nullifier]).toString(); // rebuild the tree diff --git a/test/circuits/deposit.test.ts b/test/circuits/deposit.test.ts index ada97b2..173506d 100644 --- a/test/circuits/deposit.test.ts +++ b/test/circuits/deposit.test.ts @@ -22,9 +22,10 @@ describe("deposit test", function () { const coinCode = "0"; const amount = '1000000000000000000'; - const nullifier = "567891234"; + // const nullifier = "567891234"; const poseidon = circomlib.poseidon.createHash(6, 8, 57); + const nullifier = poseidon([2, secret]); const commitment = poseidon([coinCode, amount, secret, nullifier]).toString(); // add commitment into SMT @@ -33,7 +34,7 @@ describe("deposit test", function () { // await tree.insert(2, 0); let rootOld = tree.root; - let res = await tree.find(commitment); + let res = await tree.find(2); // console.log(res); assert(!res.found); let siblingsOld = res.siblings; @@ -60,7 +61,6 @@ describe("deposit test", function () { "coinCode": coinCode, "amount": amount, "secret": secret, - "nullifier": nullifier, "oldKey": "1", "oldValue": "0", "siblingsOld": siblingsOld, diff --git a/test/circuits/withdraw.test.ts b/test/circuits/withdraw.test.ts index 65c9adc..6e1d035 100644 --- a/test/circuits/withdraw.test.ts +++ b/test/circuits/withdraw.test.ts @@ -22,9 +22,10 @@ describe("withdraw test", function () { const coinCode = "0"; const amount = '1000000000000000000'; - const nullifier = "567891234"; + // const nullifier = "567891234"; const poseidon = circomlib.poseidon.createHash(6, 8, 57); + const nullifier = poseidon([2, secret]); const commitment = poseidon([coinCode, amount, secret, nullifier]).toString(); // add commitment into SMT diff --git a/test/contracts/miksi.test.ts b/test/contracts/miksi.test.ts index e379725..c146dec 100644 --- a/test/contracts/miksi.test.ts +++ b/test/contracts/miksi.test.ts @@ -22,7 +22,7 @@ const secret = ["1234567890", "987654321", "123"]; const coinCode = "0"; // refearing to ETH const ethAmount = '1'; const amount = web3.utils.toWei(ethAmount, 'ether'); -const nullifier = ["567891234", "432198765", "321"]; +const nullifier = ["0", "0", "0"]; let commitment = []; let tree; let oldKey = []; @@ -88,9 +88,7 @@ contract("miksi", (accounts) => { it("Get the commitments data", async () => { // getCommitments data let res = await insMiksi.getCommitments(); - expect(res[0][0].toString()).to.be.equal('189025084074544266465422070282645213792582195466360448472858620722286781863'); - // expect(res[1].toString()).to.be.equal('9328869343897770565751281504295758914771207504252217956739346620422361279598'); - console.log(res[0]); + expect(res[1].toString()).to.be.equal(tree.root.toString()); commitmentsArray[0] = res[0]; currKey = res[2]; }); @@ -155,6 +153,7 @@ contract("miksi", (accounts) => { async function computeTree(u) { const poseidon = circomlib.poseidon.createHash(6, 8, 57); + nullifier[u] = poseidon([currKey+1, secret[u]]).toString(); commitment[u] = poseidon([coinCode, amount, secret[u], nullifier[u]]).toString(); // deposit @@ -197,7 +196,6 @@ async function makeDeposit(u, addr) { "coinCode": coinCode, "amount": amount, "secret": secret[u], - "nullifier": nullifier[u], "oldKey": oldKey[u], "oldValue": oldValue[u], "siblingsOld": siblingsOld[u], diff --git a/test/miksi.test.ts b/test/miksi.test.ts index f2acb89..3352c93 100644 --- a/test/miksi.test.ts +++ b/test/miksi.test.ts @@ -9,13 +9,13 @@ describe("deposit test", function () { it("Test Deposit", async () => { const secret = "1234567890"; - const nullifier = "567891234"; + const key = 1; const commitments = []; const wasm = await fs.promises.readFile("./build/deposit.wasm"); console.log("w", wasm.length); - const witness = await miksi.calcDepositWitness(wasm, secret, nullifier, commitments, 1); + const witness = await miksi.calcDepositWitness(wasm, key, secret, commitments); // console.log("w", witness);