single argument proof

This commit is contained in:
poma 2019-10-04 18:20:20 +03:00
parent 6035255a49
commit 55b3644fd7
6 changed files with 66 additions and 67 deletions

12
cli.js
View File

@ -111,12 +111,12 @@ async function withdrawErc20(note, receiver, relayer) {
console.log('Generating SNARK proof') console.log('Generating SNARK proof')
console.time('Proof time') console.time('Proof time')
const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) const proofData = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
const { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof) const { proof, publicSignals } = websnarkUtils.toSolidityInput(proofData)
console.timeEnd('Proof time') console.timeEnd('Proof time')
console.log('Submitting withdraw transaction') console.log('Submitting withdraw transaction')
await erc20mixer.methods.withdraw(pi_a, pi_b, pi_c, publicSignals).send({ from: (await web3.eth.getAccounts())[0], gas: 1e6 }) await erc20mixer.methods.withdraw(proof, publicSignals).send({ from: (await web3.eth.getAccounts())[0], gas: 1e6 })
console.log('Done') console.log('Done')
} }
@ -185,12 +185,12 @@ async function withdraw(note, receiver) {
console.log('Generating SNARK proof') console.log('Generating SNARK proof')
console.time('Proof time') console.time('Proof time')
const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) const proofData = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
const { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof) const { proof, publicSignals } = websnarkUtils.toSolidityInput(proofData)
console.timeEnd('Proof time') console.timeEnd('Proof time')
console.log('Submitting withdraw transaction') console.log('Submitting withdraw transaction')
await mixer.methods.withdraw(pi_a, pi_b, pi_c, publicSignals).send({ from: (await web3.eth.getAccounts())[0], gas: 1e6 }) await mixer.methods.withdraw(proof, publicSignals).send({ from: (await web3.eth.getAccounts())[0], gas: 1e6 })
console.log('Done') console.log('Done')
} }

View File

@ -14,7 +14,7 @@ pragma solidity ^0.5.8;
import "./MerkleTreeWithHistory.sol"; import "./MerkleTreeWithHistory.sol";
contract IVerifier { contract IVerifier {
function verifyProof(uint256[2] memory a, uint256[2][2] memory b, uint256[2] memory c, uint256[5] memory input) public returns(bool); function verifyProof(uint256[8] memory proof, uint256[5] memory input) public returns(bool);
} }
contract Mixer is MerkleTreeWithHistory { contract Mixer is MerkleTreeWithHistory {
@ -83,7 +83,7 @@ contract Mixer is MerkleTreeWithHistory {
- the receiver of funds - the receiver of funds
- optional fee that goes to the transaction sender (usually a relay) - optional fee that goes to the transaction sender (usually a relay)
*/ */
function withdraw(uint256[2] memory a, uint256[2][2] memory b, uint256[2] memory c, uint256[5] memory input) public { function withdraw(uint256[8] memory proof, uint256[5] memory input) public {
uint256 root = input[0]; uint256 root = input[0];
uint256 nullifierHash = input[1]; uint256 nullifierHash = input[1];
address payable receiver = address(input[2]); address payable receiver = address(input[2]);
@ -93,7 +93,7 @@ contract Mixer is MerkleTreeWithHistory {
require(!nullifierHashes[nullifierHash], "The note has been already spent"); require(!nullifierHashes[nullifierHash], "The note has been already spent");
require(isKnownRoot(root), "Cannot find your merkle root"); // Make sure to use a recent one require(isKnownRoot(root), "Cannot find your merkle root"); // Make sure to use a recent one
require(verifier.verifyProof(a, b, c, input), "Invalid withdraw proof"); require(verifier.verifyProof(proof, input), "Invalid withdraw proof");
nullifierHashes[nullifierHash] = true; nullifierHashes[nullifierHash] = true;
_processWithdraw(receiver, relayer, fee); _processWithdraw(receiver, relayer, fee);
emit Withdraw(receiver, nullifierHash, relayer, fee); emit Withdraw(receiver, nullifierHash, relayer, fee);

9
package-lock.json generated
View File

@ -7774,9 +7774,8 @@
} }
}, },
"snarkjs": { "snarkjs": {
"version": "0.1.16", "version": "git+https://github.com/peppersec/snarkjs.git#0e2f8ab28092ee6d922dc4d3ac7afc8ef5a25154",
"resolved": "https://registry.npmjs.org/snarkjs/-/snarkjs-0.1.16.tgz", "from": "git+https://github.com/peppersec/snarkjs.git#0e2f8ab28092ee6d922dc4d3ac7afc8ef5a25154",
"integrity": "sha512-BMWWNlPe5YtDHVjR3Yl7YuEQ44BtkuPUNtoCJaSQFKaoXOubhwVWGTYpdA2eQUaHg7eFivCSnEj2NI4u5C68ug==",
"requires": { "requires": {
"big-integer": "^1.6.43", "big-integer": "^1.6.43",
"chai": "^4.2.0", "chai": "^4.2.0",
@ -10873,8 +10872,8 @@
} }
}, },
"websnark": { "websnark": {
"version": "git+https://github.com/peppersec/websnark.git#ed6a4d8a6fb081a62af26820980046bbb602d559", "version": "git+https://github.com/peppersec/websnark.git#966eafc47df639195c98374d3c366c32acd6f231",
"from": "git+https://github.com/peppersec/websnark.git#ed6a4d8a6fb081a62af26820980046bbb602d559", "from": "git+https://github.com/peppersec/websnark.git#966eafc47df639195c98374d3c366c32acd6f231",
"requires": { "requires": {
"big-integer": "^1.6.42" "big-integer": "^1.6.42"
} }

View File

@ -35,14 +35,14 @@
"dotenv": "^8.0.0", "dotenv": "^8.0.0",
"eslint": "^6.2.2", "eslint": "^6.2.2",
"ganache-cli": "^6.4.5", "ganache-cli": "^6.4.5",
"snarkjs": "^0.1.16", "snarkjs": "git+https://github.com/peppersec/snarkjs.git#0e2f8ab28092ee6d922dc4d3ac7afc8ef5a25154",
"truffle": "^5.0.27", "truffle": "^5.0.27",
"truffle-artifactor": "^4.0.23", "truffle-artifactor": "^4.0.23",
"truffle-contract": "^4.0.24", "truffle-contract": "^4.0.24",
"truffle-hdwallet-provider": "^1.0.14", "truffle-hdwallet-provider": "^1.0.14",
"web3": "^1.0.0-beta.55", "web3": "^1.0.0-beta.55",
"web3-utils": "^1.0.0-beta.55", "web3-utils": "^1.0.0-beta.55",
"websnark": "git+https://github.com/peppersec/websnark.git#ed6a4d8a6fb081a62af26820980046bbb602d559" "websnark": "git+https://github.com/peppersec/websnark.git#966eafc47df639195c98374d3c366c32acd6f231"
}, },
"devDependencies": { "devDependencies": {
"truffle-flattener": "^1.4.0" "truffle-flattener": "^1.4.0"

View File

@ -139,8 +139,8 @@ contract('ERC20Mixer', accounts => {
}) })
const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) const proofData = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
const { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof) const { proof, publicSignals } = websnarkUtils.toSolidityInput(proofData)
const balanceMixerBefore = await token.balanceOf(mixer.address) const balanceMixerBefore = await token.balanceOf(mixer.address)
const balanceRelayerBefore = await token.balanceOf(relayer) const balanceRelayerBefore = await token.balanceOf(relayer)
@ -150,9 +150,9 @@ contract('ERC20Mixer', accounts => {
let isSpent = await mixer.isSpent(input.nullifierHash.toString(16).padStart(66, '0x00000')) let isSpent = await mixer.isSpent(input.nullifierHash.toString(16).padStart(66, '0x00000'))
isSpent.should.be.equal(false) isSpent.should.be.equal(false)
// Uncomment to measure gas usage // Uncomment to measure gas usage
// gas = await mixer.withdraw.estimateGas(pi_a, pi_b, pi_c, publicSignals, { from: relayer, gasPrice: '0' }) // gas = await mixer.withdraw.estimateGas(proof, publicSignals, { from: relayer, gasPrice: '0' })
// console.log('withdraw gas:', gas) // console.log('withdraw gas:', gas)
const { logs } = await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer, gasPrice: '0' }) const { logs } = await mixer.withdraw(proof, publicSignals, { from: relayer, gasPrice: '0' })
const balanceMixerAfter = await token.balanceOf(mixer.address) const balanceMixerAfter = await token.balanceOf(mixer.address)
const balanceRelayerAfter = await token.balanceOf(relayer) const balanceRelayerAfter = await token.balanceOf(relayer)
@ -221,8 +221,8 @@ contract('ERC20Mixer', accounts => {
}) })
const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) const proofData = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
const { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof) const { proof, publicSignals } = websnarkUtils.toSolidityInput(proofData)
const balanceMixerBefore = await usdtToken.balanceOf(mixer.address) const balanceMixerBefore = await usdtToken.balanceOf(mixer.address)
const balanceRelayerBefore = await usdtToken.balanceOf(relayer) const balanceRelayerBefore = await usdtToken.balanceOf(relayer)
@ -233,9 +233,9 @@ contract('ERC20Mixer', accounts => {
isSpent.should.be.equal(false) isSpent.should.be.equal(false)
// Uncomment to measure gas usage // Uncomment to measure gas usage
// gas = await mixer.withdraw.estimateGas(pi_a, pi_b, pi_c, publicSignals, { from: relayer, gasPrice: '0' }) // gas = await mixer.withdraw.estimateGas(proof, publicSignals, { from: relayer, gasPrice: '0' })
// console.log('withdraw gas:', gas) // console.log('withdraw gas:', gas)
const { logs } = await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer, gasPrice: '0' }) const { logs } = await mixer.withdraw(proof, publicSignals, { from: relayer, gasPrice: '0' })
const balanceMixerAfter = await usdtToken.balanceOf(mixer.address) const balanceMixerAfter = await usdtToken.balanceOf(mixer.address)
const balanceRelayerAfter = await usdtToken.balanceOf(relayer) const balanceRelayerAfter = await usdtToken.balanceOf(relayer)
@ -301,8 +301,8 @@ contract('ERC20Mixer', accounts => {
}) })
const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) const proofData = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
const { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof) const { proof, publicSignals } = websnarkUtils.toSolidityInput(proofData)
const balanceMixerBefore = await token.balanceOf(mixer.address) const balanceMixerBefore = await token.balanceOf(mixer.address)
const balanceRelayerBefore = await token.balanceOf(relayer) const balanceRelayerBefore = await token.balanceOf(relayer)
@ -313,9 +313,9 @@ contract('ERC20Mixer', accounts => {
isSpent.should.be.equal(false) isSpent.should.be.equal(false)
// Uncomment to measure gas usage // Uncomment to measure gas usage
// gas = await mixer.withdraw.estimateGas(pi_a, pi_b, pi_c, publicSignals, { from: relayer, gasPrice: '0' }) // gas = await mixer.withdraw.estimateGas(proof, publicSignals, { from: relayer, gasPrice: '0' })
// console.log('withdraw gas:', gas) // console.log('withdraw gas:', gas)
const { logs } = await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer, gasPrice: '0' }) const { logs } = await mixer.withdraw(proof, publicSignals, { from: relayer, gasPrice: '0' })
console.log('withdraw done') console.log('withdraw done')
const balanceMixerAfter = await token.balanceOf(mixer.address) const balanceMixerAfter = await token.balanceOf(mixer.address)

View File

@ -52,7 +52,7 @@ function getRandomReceiver() {
} }
function snarkVerify(proof) { function snarkVerify(proof) {
proof = unstringifyBigInts2(websnarkUtils.fromSolidityInput(proof)) proof = unstringifyBigInts2(proof)
const verification_key = unstringifyBigInts2(require('../build/circuits/withdraw_verification_key.json')) const verification_key = unstringifyBigInts2(require('../build/circuits/withdraw_verification_key.json'))
return snarkjs['groth'].isValid(verification_key, proof, proof.publicSignals) return snarkjs['groth'].isValid(verification_key, proof, proof.publicSignals)
} }
@ -149,28 +149,28 @@ contract('ETHMixer', accounts => {
pathIndex: path_index, pathIndex: path_index,
}) })
let proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) let proofData = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
const originalProof = JSON.parse(JSON.stringify(proof)) const originalProof = JSON.parse(JSON.stringify(proofData))
let result = snarkVerify(proof) let result = snarkVerify(proofData)
result.should.be.equal(true) result.should.be.equal(true)
// nullifier // nullifier
proof.publicSignals[1] = '133792158246920651341275668520530514036799294649489851421007411546007850802' proofData.publicSignals[1] = '133792158246920651341275668520530514036799294649489851421007411546007850802'
result = snarkVerify(proof) result = snarkVerify(proofData)
result.should.be.equal(false) result.should.be.equal(false)
proof = originalProof proofData = originalProof
// try to cheat with recipient // try to cheat with recipient
proof.publicSignals[2] = '133738360804642228759657445999390850076318544422' proofData.publicSignals[2] = '133738360804642228759657445999390850076318544422'
result = snarkVerify(proof) result = snarkVerify(proofData)
result.should.be.equal(false) result.should.be.equal(false)
proof = originalProof proofData = originalProof
// fee // fee
proof.publicSignals[3] = '1337100000000000000000' proofData.publicSignals[3] = '1337100000000000000000'
result = snarkVerify(proof) result = snarkVerify(proofData)
result.should.be.equal(false) result.should.be.equal(false)
proof = originalProof proofData = originalProof
}) })
}) })
@ -209,8 +209,8 @@ contract('ETHMixer', accounts => {
}) })
const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) const proofData = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
const { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof) const { proof, publicSignals } = websnarkUtils.toSolidityInput(proofData)
const balanceMixerBefore = await web3.eth.getBalance(mixer.address) const balanceMixerBefore = await web3.eth.getBalance(mixer.address)
const balanceRelayerBefore = await web3.eth.getBalance(relayer) const balanceRelayerBefore = await web3.eth.getBalance(relayer)
@ -220,9 +220,9 @@ contract('ETHMixer', accounts => {
isSpent.should.be.equal(false) isSpent.should.be.equal(false)
// Uncomment to measure gas usage // Uncomment to measure gas usage
// gas = await mixer.withdraw.estimateGas(pi_a, pi_b, pi_c, publicSignals, { from: relayer, gasPrice: '0' }) // gas = await mixer.withdraw.estimateGas(proof, publicSignals, { from: relayer, gasPrice: '0' })
// console.log('withdraw gas:', gas) // console.log('withdraw gas:', gas)
const { logs } = await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer, gasPrice: '0' }) const { logs } = await mixer.withdraw(proof, publicSignals, { from: relayer, gasPrice: '0' })
const balanceMixerAfter = await web3.eth.getBalance(mixer.address) const balanceMixerAfter = await web3.eth.getBalance(mixer.address)
const balanceRelayerAfter = await web3.eth.getBalance(relayer) const balanceRelayerAfter = await web3.eth.getBalance(relayer)
@ -261,10 +261,10 @@ contract('ETHMixer', accounts => {
pathElements: path_elements, pathElements: path_elements,
pathIndex: path_index, pathIndex: path_index,
}) })
const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) const proofData = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
const { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof) const { proof, publicSignals } = websnarkUtils.toSolidityInput(proofData)
await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer }).should.be.fulfilled await mixer.withdraw(proof, publicSignals, { from: relayer }).should.be.fulfilled
const error = await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer }).should.be.rejected const error = await mixer.withdraw(proof, publicSignals, { from: relayer }).should.be.rejected
error.reason.should.be.equal('The note has been already spent') error.reason.should.be.equal('The note has been already spent')
}) })
@ -286,10 +286,10 @@ contract('ETHMixer', accounts => {
pathElements: path_elements, pathElements: path_elements,
pathIndex: path_index, pathIndex: path_index,
}) })
const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) const proofData = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
const { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof) const { proof, publicSignals } = websnarkUtils.toSolidityInput(proofData)
publicSignals[1] ='0x' + toBN(publicSignals[1]).add(toBN('21888242871839275222246405745257275088548364400416034343698204186575808495617')).toString('hex') publicSignals[1] ='0x' + toBN(publicSignals[1]).add(toBN('21888242871839275222246405745257275088548364400416034343698204186575808495617')).toString('hex')
const error = await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer }).should.be.rejected const error = await mixer.withdraw(proof, publicSignals, { from: relayer }).should.be.rejected
error.reason.should.be.equal('verifier-gte-snark-scalar-field') error.reason.should.be.equal('verifier-gte-snark-scalar-field')
}) })
@ -312,9 +312,9 @@ contract('ETHMixer', accounts => {
pathIndex: path_index, pathIndex: path_index,
}) })
const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) const proofData = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
const { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof) const { proof, publicSignals } = websnarkUtils.toSolidityInput(proofData)
const error = await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer }).should.be.rejected const error = await mixer.withdraw(proof, publicSignals, { from: relayer }).should.be.rejected
error.reason.should.be.equal('Fee exceeds transfer value') error.reason.should.be.equal('Fee exceeds transfer value')
}) })
@ -338,11 +338,11 @@ contract('ETHMixer', accounts => {
}) })
const dummyRoot = randomHex(32) const dummyRoot = randomHex(32)
const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) const proofData = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
const { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof) const { proof, publicSignals } = websnarkUtils.toSolidityInput(proofData)
publicSignals[0] = dummyRoot publicSignals[0] = dummyRoot
const error = await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer }).should.be.rejected const error = await mixer.withdraw(proof, publicSignals, { from: relayer }).should.be.rejected
error.reason.should.be.equal('Cannot find your merkle root') error.reason.should.be.equal('Cannot find your merkle root')
}) })
@ -364,37 +364,37 @@ contract('ETHMixer', accounts => {
pathElements: path_elements, pathElements: path_elements,
pathIndex: path_index, pathIndex: path_index,
}) })
const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) const proofData = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
let { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof) let { proof, publicSignals } = websnarkUtils.toSolidityInput(proofData)
const originalPublicSignals = publicSignals.slice() const originalPublicSignals = publicSignals.slice()
const originalPi_a = pi_a.slice() const originalProof = proof.slice()
// receiver // receiver
publicSignals[2] = '0x0000000000000000000000007a1f9131357404ef86d7c38dbffed2da70321337' publicSignals[2] = '0x0000000000000000000000007a1f9131357404ef86d7c38dbffed2da70321337'
let error = await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer }).should.be.rejected let error = await mixer.withdraw(proof, publicSignals, { from: relayer }).should.be.rejected
error.reason.should.be.equal('Invalid withdraw proof') error.reason.should.be.equal('Invalid withdraw proof')
// fee // fee
publicSignals = originalPublicSignals.slice() publicSignals = originalPublicSignals.slice()
publicSignals[3] = '0x000000000000000000000000000000000000000000000000015345785d8a0000' publicSignals[3] = '0x000000000000000000000000000000000000000000000000015345785d8a0000'
error = await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer }).should.be.rejected error = await mixer.withdraw(proof, publicSignals, { from: relayer }).should.be.rejected
error.reason.should.be.equal('Invalid withdraw proof') error.reason.should.be.equal('Invalid withdraw proof')
// nullifier // nullifier
publicSignals = originalPublicSignals.slice() publicSignals = originalPublicSignals.slice()
publicSignals[1] = '0x00abdfc78211f8807b9c6504a6e537e71b8788b2f529a95f1399ce124a8642ad' publicSignals[1] = '0x00abdfc78211f8807b9c6504a6e537e71b8788b2f529a95f1399ce124a8642ad'
error = await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer }).should.be.rejected error = await mixer.withdraw(proof, publicSignals, { from: relayer }).should.be.rejected
error.reason.should.be.equal('Invalid withdraw proof') error.reason.should.be.equal('Invalid withdraw proof')
// proof itself // proof itself
pi_a[0] = '0x261d81d8203437f29b38a88c4263476d858e6d9645cf21740461684412b31337' proof[0] = '0x261d81d8203437f29b38a88c4263476d858e6d9645cf21740461684412b31337'
await mixer.withdraw(pi_a, pi_b, pi_c, originalPublicSignals, { from: relayer }).should.be.rejected await mixer.withdraw(proof, originalPublicSignals, { from: relayer }).should.be.rejected
// should work with original values // should work with original values
await mixer.withdraw(originalPi_a, pi_b, pi_c, originalPublicSignals, { from: relayer }).should.be.fulfilled await mixer.withdraw(originalProof, originalPublicSignals, { from: relayer }).should.be.fulfilled
}) })
}) })