Add circuit siblings check

4 years ago · da7cac076e
5 changed files with 51 additions and 27 deletions
--- a/circuits/deposit.circom
+++ b/circuits/deposit.circom
@ -57,6 +57,24 @@ template Deposit(nLevels) {

 	// TODO instead of 2 siblings input, get siblingsOld from siblingsNew[len-1]

 	// check that nLevels-1 siblings match from siblingsOld & siblingsNew
 	component siblEq[nLevels];
 	signal count[nLevels];
 	for (var i=0; i<nLevels; i++) {
 		siblEq[i] = IsEqual();
 		siblEq[i].in[0] <== siblingsOld[i];
 		siblEq[i].in[1] <== siblingsNew[i];
 		if (i==0) {
 			count[0] <== siblEq[i].out;
 		} else {
 			count[i] <== siblEq[i].out + count[i-1];
 		}
 	}
 	component countCheck = IsEqual();
 	countCheck.in[0] <== count[nLevels-1];
 	countCheck.in[1] <== nLevels-1;
 	countCheck.out === 1;
 	
 	component smtOld = SMTVerifier(nLevels);
 	smtOld.enabled <== 1;
 	smtOld.fnc <== 1;
@ -64,13 +82,13 @@ template Deposit(nLevels) {
 	for (var i=0; i<nLevels; i++) {
 		smtOld.siblings[i] <== siblingsOld[i];
 	}
 	/* smtOld.oldKey <== 1; */
 	/* smtOld.oldKey <== 1;  */
 	smtOld.oldKey <== oldKey;
 	smtOld.oldValue <== oldValue;
 	smtOld.isOld0 <== 0;
 	smtOld.key <== key;
 	smtOld.value <== hash.out;

 	
 	component smtNew = SMTVerifier(nLevels);
 	smtNew.enabled <== 1;
 	smtNew.fnc <== 0;
--- a/contracts/deposit-verifier.sol
+++ b/contracts/deposit-verifier.sol
@ -174,18 +174,18 @@ contract DepositVerifier {
        DepositPairing.G1Point C;
    }
    function verifyingKey() internal pure returns (VerifyingKey memory vk) {
        vk.alfa1 = DepositPairing.G1Point(5430763209380891082112219774590965073812438071785553545512843412766074378589,8483294202769323983386844586172367254189941367220716956010972527412596130486);
        vk.beta2 = DepositPairing.G2Point([4461224104052879207048084476396712261168351663641098793015529057949505506609,9544040136419068455629331025948917346266663192627992632868522840394806969434], [16229298110477119094923221927578042298710597226211404598826305561649600112085,3174991076926426123044998896038938058491203360109109874700070586926990826975]);
        vk.gamma2 = DepositPairing.G2Point([1763786592992476076824494282837308182336334498741564210939328007472877590979,16095557635581589565592692999561395560887484535347243882788725384363056509081], [20099281874123119981340699313574751066255843720218059754888786799205480145816,4128178975141199585947537534509943631531896570605638201475406072073346159927]);
        vk.delta2 = DepositPairing.G2Point([1112445599982071272946700233620225941838681071449287021880935553274281891149,21852125798450609179424969354919823595751481354419855759397333465513526523951], [4650598210775335626309400977090729715816375400747238833715263844489768409735,9506265809207721234821155999410463212069459307612220343268944197887451805661]);
        vk.alfa1 = DepositPairing.G1Point(21506687545368058004343406580116567034147526000842816840128545276973742545184,6329182718686089171038341156980474851697706805700950494904106219620407014616);
        vk.beta2 = DepositPairing.G2Point([4879555627245165409149871538075733938105048434319249232400453218142465451413,21138288820909669606998883110984027323337220382339792251110701043897894551957], [5169549521058601698487664174209719268567349497614886596752309135835832995494,7084989950156422335683471222873313175020040191471459248919344470661092421274]);
        vk.gamma2 = DepositPairing.G2Point([987570836872361556778610365355843744529291372758555698218824999637155094052,12489208558759092424522966223520504564058471700691215920684299633681110938103], [8467175820494965874716563164629440451461359739737577595086242330541705449335,4885103742312078925552682301933241836611982659444780110903504720342522343037]);
        vk.delta2 = DepositPairing.G2Point([1857697941034599597747007249362130217164697733324024108343089531632013115631,10720701369897961653174284201368857135933412671924295535932129219862613390723], [3456560663695994496422971399272199473998827789414669302047065719981784522344,1622122815068542292622030743771214576916556859911974349852742741130896660940]);
        vk.IC = new DepositPairing.G1Point[](7);
        vk.IC[0] = DepositPairing.G1Point(10918150886880635497175603837243938291795608025578156706199987503133910943501,3820501207457478037242281915371943430490491637056890884843289615136736661276);
        vk.IC[1] = DepositPairing.G1Point(14765455611714785904910505920382976888742011688321426790246638636748913644575,1970327576944768331068346214501841357599829193384396384398512475234228192550);
        vk.IC[2] = DepositPairing.G1Point(4575326419654501917969297303051407724371861645581023746738038587958659360147,14512901306272734695398492530853628160305148151587715082363147054390984379306);
        vk.IC[3] = DepositPairing.G1Point(10149717886730624284680109616859329799115550276739239226023596802725094047583,16806116621949942919292056712799700002885850181824427798105720780153968785723);
        vk.IC[4] = DepositPairing.G1Point(9663169403303410535343713305536179107413370694230955213715276420971109292352,19907010787536566810941780928736434067835793051624423083300240671493191288122);
        vk.IC[5] = DepositPairing.G1Point(21069023849778352967265174506861061426513291386845863979546966635979962598349,12327162753516489818246989808695117002665024166967891733423875235072870943654);
        vk.IC[6] = DepositPairing.G1Point(21288113989150604365711743161787017824926800547410591057826128522328249297383,13847158925758944149197960029039819643318140529826181314997576920991438276946);
        vk.IC[0] = DepositPairing.G1Point(16782605380489280136898329894217631086273767090288708977044630687962383399712,19132176629326023148588718510027189847689206839350227494924742864011882964482);
        vk.IC[1] = DepositPairing.G1Point(3051091979340713905520740174087317073820219138899260014965710828520032438205,4332666002233816480303663354446417095506446455639166349896162400246016243480);
        vk.IC[2] = DepositPairing.G1Point(12656063712220015559994158114785100625064437916231441092291990522785048600025,15745941453121551808566905778505507754535684292109324766460425242566417993596);
        vk.IC[3] = DepositPairing.G1Point(5192851164182139068345289463860618976483494058569778412988156347204586590803,17230228592888907987066512201562762280889171374277031059677665774054871796127);
        vk.IC[4] = DepositPairing.G1Point(7773180646914901165561893028300805679120219758626526142234656359602783611229,8935008527712617619507470500760356832205500310299935052166857469092046352698);
        vk.IC[5] = DepositPairing.G1Point(7210880767140890921368045698924224491106328322805109472078454065459805978912,6053299184323673547596765506355707108280820282595136943043253651567389299444);
        vk.IC[6] = DepositPairing.G1Point(21754268299863456424252376593834862050583590653215284929555194788021295259186,12083666975153603989088504016147935022099865881580414349021892390012905182351);

    }
    function verify(uint[] memory input, Proof memory proof) internal view returns (uint) {
--- a/contracts/withdraw-verifier.sol
+++ b/contracts/withdraw-verifier.sol
@ -174,17 +174,17 @@ contract WithdrawVerifier {
        WithdrawPairing.G1Point C;
    }
    function verifyingKey() internal pure returns (VerifyingKey memory vk) {
        vk.alfa1 = WithdrawPairing.G1Point(9956296300690915517874573266154730823221717995215044773324446346162206338992,7255108893541773754529467661076065797486871459164430883084263625121383493568);
        vk.beta2 = WithdrawPairing.G2Point([11432672290143715760902579593554637607711856055492856995822332295041301405578,8218828277777042656004498085159220245107199937796005735369331662550836876806], [16363095385614596840077035938593366108864385030444089944032706894707469163509,13118923997328413164477778688868351714210478255695938220137775572511411988900]);
        vk.gamma2 = WithdrawPairing.G2Point([6236992641099484591564067220826955511131844106515721496050854402204141122429,19283952549567804533802144868866435128321985987157216867931054245310949679801], [14538630447155596022944429924084950422919358940152142055089384780170329449454,15234331517470019539689603986931890083667647220909628764851302053323116779217]);
        vk.delta2 = WithdrawPairing.G2Point([2436545700082826579202863736150815048319840191437072550486817097747625822904,17710485880976382338414619957893783940205882086507522693066355619700507711598], [14266467939815332557299268812959584466785737678641401251537458773418055441300,6807933200389968943957508589084714071952465255570240831171630497718395343844]);
        vk.alfa1 = WithdrawPairing.G1Point(874296415152454038750111518730470879864847245636249526293593300594438647581,15979235715490357992573109925613820121720532161887711772414315742162472693961);
        vk.beta2 = WithdrawPairing.G2Point([17043604282232946966399061941585971138345826736102379721717756958713107433897,15739027123271752611162178177135326511391151981940395160917465318719156805260], [3797971088163506422438134077758774338860443481081804739683404850553535832631,11560493991173197757389709527218456316687051272555605576254618799815814174226]);
        vk.gamma2 = WithdrawPairing.G2Point([17826994063187647086679376784040057161879626779038650092762231847780898531776,18092067198016441468600742390990617191442116024456978927775457907701935268807], [11771714389579485819532519820481239857850082055113064296833342938919982562234,15977659339405680483276286512116930515882070791767375618781057809414065924592]);
        vk.delta2 = WithdrawPairing.G2Point([8316967811382932519290972950815011964118763330443715990991973982358468530714,20282320703294371986168006296736850087894825561296648183335987810568951184038], [4390214017634715402404973653992226200446436790731904993045142032170903216442,20614105846821441247731050963033514068886285671236074407843861970591776791732]);
        vk.IC = new WithdrawPairing.G1Point[](6);
        vk.IC[0] = WithdrawPairing.G1Point(5727939748071835925233666161969432891183030973897843712182471731522640231419,9306839550225504077794511364643952078913298926154035864376514891516707221363);
        vk.IC[1] = WithdrawPairing.G1Point(14858203630304801060424827556832267363920729004328211724073257903263494204386,17053286709485422467987496430526114942449253247173021832415394085651252346538);
        vk.IC[2] = WithdrawPairing.G1Point(3630464855043668264120602964350694408193307187754886290043709066665836003106,17217015154710940324243151792697651355400365331608661363498939316583119794106);
        vk.IC[3] = WithdrawPairing.G1Point(21402637221507761926456097666003799621345236896038353478646641075093395950090,19974148642855666292937519561398036482565655993548932679150207292614120691822);
        vk.IC[4] = WithdrawPairing.G1Point(5396502263005748320802553347172416122012071478345448681456826263886252909209,18477840556213682338141497798999631662180749751931174226517158339379873350890);
        vk.IC[5] = WithdrawPairing.G1Point(12440750536174971437855964040998743226589802455604053790245538951692229112149,12605904038609683211076647326560338322715812726968936919863510351596025238862);
        vk.IC[0] = WithdrawPairing.G1Point(13777782598212752214101396110325452758793144049135952238731843149667577906327,4132216218051093008941097133571051570042249600748384515361794787456764239092);
        vk.IC[1] = WithdrawPairing.G1Point(17254199157693987913680620942799267824403099972298931061193408436988805067681,19057785517215912158374323893423053169340392654197182370251952786046987847963);
        vk.IC[2] = WithdrawPairing.G1Point(8032094434010017453782060852621148533457745849951676783550169997600897729098,15045016397922053432955997034980933218190966160759511753107700075264725510316);
        vk.IC[3] = WithdrawPairing.G1Point(3953079931945811174339813429753777379629051828184971373530491496432459946952,780250318777868518858794360887477045831517282538268598326752819631280248846);
        vk.IC[4] = WithdrawPairing.G1Point(20517190556962451782120140740433370379116788517421027435302993714333043326655,5773767396303058684703853462481882087599016685713319675046801468157326786448);
        vk.IC[5] = WithdrawPairing.G1Point(17849110086081855828525443762387620026554365314604676962267495442430735164166,15493148936562638050925319502669308466550647404470708924503648186012089148515);

    }
    function verify(uint[] memory input, Proof memory proof) internal view returns (uint) {
--- a/dist/miksi-browser.js
+++ b/dist/miksi-browser.js
@ -76314,6 +76314,8 @@ exports.calcDepositWitness = async (wasm, secret, nullifier, commitments, key) =
 	const poseidon = circomlib.poseidon.createHash(6, 8, 57);
 	const commitment = poseidon([coinCode, amount, secret, nullifier]).toString();

 	console.log("PROVA", poseidon([key, commitment]).toString());

 	// rebuild the tree
 	let tree = await smt.newMemEmptyTrie();
 	await tree.insert(0, 0);
@ -76324,6 +76326,7 @@ exports.calcDepositWitness = async (wasm, secret, nullifier, commitments, key) =
 	// old root
 	const rootOld = tree.root;
 	const resOld = await tree.find(commitment);
 	console.log("FIND old", resOld);
 	let oldKey = "0";
 	let oldValue = "0";
 	if (!resOld.found) {
@ -76345,6 +76348,7 @@ exports.calcDepositWitness = async (wasm, secret, nullifier, commitments, key) =
 	// new root
 	const rootNew = tree.root;
 	const resNew = await tree.find(key);
 	console.log("FIND new", resNew);
 	if (!resNew.found) {
 		console.error("leaf with the new commitment expect to exist but not exists");
 	}
@ -76447,7 +76451,8 @@ exports.calcWithdrawWitness = async (wasm, secret, nullifier, commitments, addr,
 		for (let j=0; j<8; j++) {
 			const bi = witness[i];
 			const v = bigInt(bi).shiftRight(j*32).and(0xFFFFFFFF).toJSNumber();
 			wBuff.writeUInt32LE(v, i*32 + j*4, 4)
 			// wBuff.writeUInt32LE(v, i*32 + j*4, 4)
 			wBuff.writeUInt32LE(v, i*32 + j*4)
 		}
 	}

@ -76462,9 +76467,6 @@ exports.calcWithdrawWitness = async (wasm, secret, nullifier, commitments, addr,
 	};
 }




 }).call(this,require("buffer").Buffer)
 },{"big-integer":24,"buffer":70,"circom_runtime":76,"circomlib":95,"ffjavascript":209,"fs":69,"snarkjs":329,"web3":448}]},{},[461])(461)
 });
--- a/src/miksi.ts
+++ b/src/miksi.ts
@ -29,6 +29,8 @@ exports.calcDepositWitness = async (wasm, secret, nullifier, commitments, key) =
 	const poseidon = circomlib.poseidon.createHash(6, 8, 57);
 	const commitment = poseidon([coinCode, amount, secret, nullifier]).toString();

 	console.log("PROVA", poseidon([key, commitment]).toString());

 	// rebuild the tree
 	let tree = await smt.newMemEmptyTrie();
 	await tree.insert(0, 0);
@ -39,6 +41,7 @@ exports.calcDepositWitness = async (wasm, secret, nullifier, commitments, key) =
 	// old root
 	const rootOld = tree.root;
 	const resOld = await tree.find(commitment);
 	console.log("FIND old", resOld);
 	let oldKey = "0";
 	let oldValue = "0";
 	if (!resOld.found) {
@ -60,6 +63,7 @@ exports.calcDepositWitness = async (wasm, secret, nullifier, commitments, key) =
 	// new root
 	const rootNew = tree.root;
 	const resNew = await tree.find(key);
 	console.log("FIND new", resNew);
 	if (!resNew.found) {
 		console.error("leaf with the new commitment expect to exist but not exists");
 	}