From 397942f94db7f2affd7807832b620c659ce711df Mon Sep 17 00:00:00 2001 From: poma Date: Sat, 30 Oct 2021 20:14:47 +0100 Subject: [PATCH] reorder blinding, pubkey, amount --- circuits/transaction.circom | 22 +++++++++++----------- src/utxo.js | 8 ++++---- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/circuits/transaction.circom b/circuits/transaction.circom index 0887d50..856d361 100644 --- a/circuits/transaction.circom +++ b/circuits/transaction.circom @@ -6,12 +6,12 @@ include "./keypair.circom" Utxo structure: { amount, - blinding, // random number pubkey, + blinding, // random number } -commitment = hash(amount, blinding, pubKey) -nullifier = hash(commitment, privKey, merklePath) +commitment = hash(amount, pubKey, blinding) +nullifier = hash(commitment, merklePath, privKey) */ // Universal JoinSplit transaction with nIns inputs and 2 outputs @@ -26,16 +26,16 @@ template Transaction(levels, nIns, nOuts, zeroLeaf) { // data for transaction inputs signal input inputNullifier[nIns]; signal private input inAmount[nIns]; - signal private input inBlinding[nIns]; signal private input inPrivateKey[nIns]; + signal private input inBlinding[nIns]; signal private input inPathIndices[nIns]; signal private input inPathElements[nIns][levels]; // data for transaction outputs signal input outputCommitment[nOuts]; signal private input outAmount[nOuts]; - signal private input outBlinding[nOuts]; signal private input outPubkey[nOuts]; + signal private input outBlinding[nOuts]; component inKeypair[nIns]; component inUtxoHasher[nIns]; @@ -51,8 +51,8 @@ template Transaction(levels, nIns, nOuts, zeroLeaf) { inUtxoHasher[tx] = Poseidon(3); inUtxoHasher[tx].inputs[0] <== inAmount[tx]; - inUtxoHasher[tx].inputs[1] <== inBlinding[tx]; - inUtxoHasher[tx].inputs[2] <== inKeypair[tx].publicKey; + inUtxoHasher[tx].inputs[1] <== inKeypair[tx].publicKey; + inUtxoHasher[tx].inputs[2] <== inBlinding[tx]; nullifierHasher[tx] = Poseidon(3); nullifierHasher[tx].inputs[0] <== inUtxoHasher[tx].out; @@ -73,8 +73,8 @@ template Transaction(levels, nIns, nOuts, zeroLeaf) { checkRoot[tx].in[1] <== tree[tx].root; checkRoot[tx].enabled <== inAmount[tx]; - // We don't need to range check input amounts, since all inputs are valid UTXOs that - // were already checked as outputs in the previous transaction (or zero amount UTXOs that don't + // We don't need to range check input amounts, since all inputs are valid UTXOs that + // were already checked as outputs in the previous transaction (or zero amount UTXOs that don't // need to be checked either). sumIns += inAmount[tx]; @@ -88,8 +88,8 @@ template Transaction(levels, nIns, nOuts, zeroLeaf) { for (var tx = 0; tx < nOuts; tx++) { outUtxoHasher[tx] = Poseidon(3); outUtxoHasher[tx].inputs[0] <== outAmount[tx]; - outUtxoHasher[tx].inputs[1] <== outBlinding[tx]; - outUtxoHasher[tx].inputs[2] <== outPubkey[tx]; + outUtxoHasher[tx].inputs[1] <== outPubkey[tx]; + outUtxoHasher[tx].inputs[2] <== outBlinding[tx]; outUtxoHasher[tx].out === outputCommitment[tx]; // Check that amount fits into 248 bits to prevent overflow diff --git a/src/utxo.js b/src/utxo.js index 5a9b192..65dd420 100644 --- a/src/utxo.js +++ b/src/utxo.js @@ -25,7 +25,7 @@ class Utxo { */ getCommitment() { if (!this._commitment) { - this._commitment = poseidonHash([this.amount, this.blinding, this.keypair.pubkey]) + this._commitment = poseidonHash([this.amount, this.keypair.pubkey, this.blinding]) } return this._commitment } @@ -57,7 +57,7 @@ class Utxo { * @returns {string} `0x`-prefixed hex string with data */ encrypt() { - const bytes = Buffer.concat([toBuffer(this.blinding, 31), toBuffer(this.amount, 31)]) + const bytes = Buffer.concat([toBuffer(this.amount, 31), toBuffer(this.blinding, 31)]) return this.keypair.encrypt(bytes) } @@ -72,8 +72,8 @@ class Utxo { static decrypt(keypair, data, index) { const buf = keypair.decrypt(data) return new Utxo({ - blinding: BigNumber.from('0x' + buf.slice(0, 31).toString('hex')), - amount: BigNumber.from('0x' + buf.slice(31, 62).toString('hex')), + amount: BigNumber.from('0x' + buf.slice(0, 31).toString('hex')), + blinding: BigNumber.from('0x' + buf.slice(31, 62).toString('hex')), keypair, index, })