fixup: kats from zerokit

README.md

@@ -2,7 +2,11 @@
 
 gnark implementation of rln-v2. super hacky and unclean.
 
-Need to get kats from zerokit and replace the circuit assertions for y, root, nullifier.
+Need to get test vectors for other backends, but bn254 works with the kats from [zerokit](https://github.com/vacp2p/zerokit/blob/8614b2a33a295921aef30129b9fc3cf6d5710c9d/rln/tests/protocol.rs#L240)
+
+Poseidon implementation taken from [here](https://raw.githubusercontent.com/AlpinYukseloglu/poseidon-gnark/main/circuits/poseidon.go)
+
+Merkle tree Inclusion proof taken from [here](https://github.com/reilabs/gnark-lean-demo/blob/a3955946e0d5f63d8bdc4e5bb2a60d0ba613544c/go-circuit/semaphore.go#L31)
 
 ## Usage
 

main.go

@@ -91,6 +91,21 @@ func main() {
 		panic(ret)
 	}
 
+	y, ret := fr.Modulus().SetString("16401008481486069296141645075505218976370369489687327284155463920202585288271", 10)
+	if ret != true {
+		panic(ret)
+	}
+
+	nullifier, ret := fr.Modulus().SetString("9102791780887227194595604713537772536258726662792598131262022534710887343694", 10)
+	if ret != true {
+		panic(ret)
+	}
+
+	root, ret := fr.Modulus().SetString("8502402278351299594663821509741133196466235670407051417832304486953898514733", 10)
+	if ret != true {
+		panic(ret)
+	}
+
 	assignment := &rln.RlnCircuit{
 		X:                 frontend.Variable(x),
 		ExternalNullifier: frontend.Variable(external_nullifier),
@@ -99,9 +114,9 @@ func main() {
 		UserMessageLimit:  frontend.Variable(100),
 		PathElements:      pathElements,
 		IdentityPathIndex: identityPathIndex,
-		Y:                 frontend.Variable(0),
+		Y:                 frontend.Variable(y),
-		Root:              frontend.Variable(0),
+		Root:              frontend.Variable(root),
-		Nullifier:         frontend.Variable(0),
+		Nullifier:         frontend.Variable(nullifier),
 	}
 
 	witness, _ := frontend.NewWitness(assignment, ecc.BN254.ScalarField())
@@ -114,9 +129,9 @@ func main() {
 	raw := &rln.RlnCircuit{
 		X:                 frontend.Variable(x),
 		ExternalNullifier: frontend.Variable(external_nullifier),
-		Y:                 frontend.Variable(0),
+		Y:                 frontend.Variable(y),
-		Root:              frontend.Variable(0),
+		Root:              frontend.Variable(root),
-		Nullifier:         frontend.Variable(0),
+		Nullifier:         frontend.Variable(nullifier),
 	}
 	verifyWitness, err := frontend.NewWitness(raw, ecc.BN254.ScalarField(), frontend.PublicOnly())
 	if err != nil {

rln/rln.go

@@ -49,8 +49,8 @@ func (circuit RlnCircuit) Define(api frontend.API) error {
 		right_hash := Poseidon(api, right_hash_input[:])
 		hashes[i+1] = api.Select(circuit.IdentityPathIndex[i], right_hash, left_hash)
 	}
-	circuit.Root = hashes[levels]
+	root := hashes[levels]
-	api.AssertIsEqual(circuit.Root, circuit.Root)
+	api.AssertIsEqual(root, circuit.Root)
 
 	rangeChecker := rangecheck.New(api)
 	rangeChecker.Check(circuit.MessageId, 16)
@@ -61,13 +61,13 @@ func (circuit RlnCircuit) Define(api frontend.API) error {
 	a1_input[1] = circuit.ExternalNullifier
 	a1_input[2] = circuit.MessageId
 	a1 := Poseidon(api, a1_input[:])
-	circuit.Y = api.Mul(api.Add(circuit.IdentitySecret, a1), circuit.X)
+	y := api.Add(circuit.IdentitySecret, api.Mul(a1, circuit.X))
-	api.AssertIsEqual(circuit.Y, circuit.Y)
+	api.AssertIsEqual(y, circuit.Y)
 
 	var nullifier_input [1]frontend.Variable
 	nullifier_input[0] = a1
-	circuit.Nullifier = Poseidon(api, nullifier_input[:])
+	nullifier := Poseidon(api, nullifier_input[:])
-	api.AssertIsEqual(circuit.Nullifier, circuit.Nullifier)
+	api.AssertIsEqual(nullifier, circuit.Nullifier)
 
 	return nil
 }