From 0b9c3eff5f1f65970e7de9bde93fd1ee9fd35697 Mon Sep 17 00:00:00 2001 From: zero Date: Tue, 6 Feb 2024 17:46:56 +0100 Subject: [PATCH] contracts: cosmetic cleaning up of proofs by prefixing attributes in bulla (kinda like is popular for postgres attributes in a table) --- .../dao/proof/auth-money-transfer-enc-coin.zk | 42 +++++----- src/contract/dao/proof/auth-money-transfer.zk | 4 +- src/contract/dao/proof/exec.zk | 4 +- src/contract/dao/proof/mint.zk | 4 +- src/contract/dao/proof/propose-input.zk | 43 +++++----- src/contract/dao/proof/propose-main.zk | 6 +- src/contract/dao/proof/vote-input.zk | 35 ++++---- src/contract/dao/proof/vote-main.zk | 6 +- src/contract/dao/src/client/propose.rs | 4 +- src/contract/dao/src/client/vote.rs | 4 +- src/contract/money/proof/burn_v1.zk | 80 ++++++++++--------- src/contract/money/proof/mint_v1.zk | 55 ++++++------- src/contract/money/proof/token_mint_v1.zk | 22 ++--- .../money/src/client/transfer_v1/proof.rs | 6 +- src/contract/test-harness/src/vks.rs | 4 +- 15 files changed, 165 insertions(+), 154 deletions(-) diff --git a/src/contract/dao/proof/auth-money-transfer-enc-coin.zk b/src/contract/dao/proof/auth-money-transfer-enc-coin.zk index 401afa6ca..5edd50482 100644 --- a/src/contract/dao/proof/auth-money-transfer-enc-coin.zk +++ b/src/contract/dao/proof/auth-money-transfer-enc-coin.zk @@ -9,11 +9,11 @@ constant "DaoAuthMoneyTransferEncCoin" { witness "DaoAuthMoneyTransferEncCoin" { # Coin attributes - EcNiPoint public_key, - Base value, - Base token_id, - Base spend_hook, - Base user_data, + EcNiPoint coin_public_key, + Base coin_value, + Base coin_token_id, + Base coin_spend_hook, + Base coin_user_data, Base coin_blind, # Epehemeral secret used for diffie-hellman shared secret derivation @@ -24,15 +24,15 @@ circuit "DaoAuthMoneyTransferEncCoin" { # cast to EcPoint # (otherwise zkas refuses to compile) ONE = witness_base(1); - pubkey = ec_mul_var_base(ONE, public_key); + pubkey = ec_mul_var_base(ONE, coin_public_key); coin = poseidon_hash( ec_get_x(pubkey), ec_get_y(pubkey), - value, - token_id, - spend_hook, - user_data, + coin_value, + coin_token_id, + coin_spend_hook, + coin_user_data, coin_blind, ); constrain_instance(coin); @@ -44,7 +44,7 @@ circuit "DaoAuthMoneyTransferEncCoin" { constrain_instance(ec_get_y(ephem_public)); # The shared_point C = eP = dE - shared_point = ec_mul_var_base(ephem_secret, public_key); + shared_point = ec_mul_var_base(ephem_secret, coin_public_key); shared_secret = poseidon_hash( ec_get_x(shared_point), ec_get_y(shared_point), @@ -58,26 +58,26 @@ circuit "DaoAuthMoneyTransferEncCoin" { const_4 = witness_base(4); const_5 = witness_base(5); - # Each blinding value must be used only once otherwise they + # Each blinding coin_value must be used only once otherwise they # could be calculated. - # We can skip the public_key since it's inferred by the receiver + # We can skip the coin_public_key since it's inferred by the receiver shared_secret_1 = poseidon_hash(shared_secret, const_1); - enc_value = base_add(value, shared_secret_1); - constrain_instance(enc_value); + enc_coin_value = base_add(coin_value, shared_secret_1); + constrain_instance(enc_coin_value); shared_secret_2 = poseidon_hash(shared_secret, const_2); - enc_token_id = base_add(token_id, shared_secret_2); - constrain_instance(enc_token_id); + enc_coin_token_id = base_add(coin_token_id, shared_secret_2); + constrain_instance(enc_coin_token_id); shared_secret_3 = poseidon_hash(shared_secret, const_3); - enc_spend_hook = base_add(spend_hook, shared_secret_3); - constrain_instance(enc_spend_hook); + enc_coin_spend_hook = base_add(coin_spend_hook, shared_secret_3); + constrain_instance(enc_coin_spend_hook); shared_secret_4 = poseidon_hash(shared_secret, const_4); - enc_user_data = base_add(user_data, shared_secret_4); - constrain_instance(enc_user_data); + enc_coin_user_data = base_add(coin_user_data, shared_secret_4); + constrain_instance(enc_coin_user_data); shared_secret_5 = poseidon_hash(shared_secret, const_5); enc_coin_blind = base_add(coin_blind, shared_secret_5); diff --git a/src/contract/dao/proof/auth-money-transfer.zk b/src/contract/dao/proof/auth-money-transfer.zk index 1899a4556..6c7836751 100644 --- a/src/contract/dao/proof/auth-money-transfer.zk +++ b/src/contract/dao/proof/auth-money-transfer.zk @@ -20,7 +20,7 @@ witness "DaoAuthMoneyTransfer" { Base dao_quorum, Base dao_approval_ratio_quot, Base dao_approval_ratio_base, - Base gov_token_id, + Base dao_gov_token_id, EcNiPoint dao_public_key, Base dao_bulla_blind, @@ -52,7 +52,7 @@ circuit "DaoAuthMoneyTransfer" { dao_quorum, dao_approval_ratio_quot, dao_approval_ratio_base, - gov_token_id, + dao_gov_token_id, dao_public_x, dao_public_y, dao_bulla_blind, diff --git a/src/contract/dao/proof/exec.zk b/src/contract/dao/proof/exec.zk index 2f83d74a8..b99415982 100644 --- a/src/contract/dao/proof/exec.zk +++ b/src/contract/dao/proof/exec.zk @@ -20,7 +20,7 @@ witness "DaoExec" { Base dao_quorum, Base dao_approval_ratio_quot, Base dao_approval_ratio_base, - Base gov_token_id, + Base dao_gov_token_id, Base dao_public_x, Base dao_public_y, Base dao_bulla_blind, @@ -41,7 +41,7 @@ circuit "DaoExec" { dao_quorum, dao_approval_ratio_quot, dao_approval_ratio_base, - gov_token_id, + dao_gov_token_id, dao_public_x, dao_public_y, dao_bulla_blind, diff --git a/src/contract/dao/proof/mint.zk b/src/contract/dao/proof/mint.zk index 7f8b6ee9c..1cdfc0894 100644 --- a/src/contract/dao/proof/mint.zk +++ b/src/contract/dao/proof/mint.zk @@ -11,7 +11,7 @@ witness "DaoMint" { Base dao_quorum, Base dao_approval_ratio_quot, Base dao_approval_ratio_base, - Base gov_token_id, + Base dao_gov_token_id, Base dao_secret, Base dao_bulla_blind, } @@ -30,7 +30,7 @@ circuit "DaoMint" { dao_quorum, dao_approval_ratio_quot, dao_approval_ratio_base, - gov_token_id, + dao_gov_token_id, dao_public_x, dao_public_y, dao_bulla_blind, diff --git a/src/contract/dao/proof/propose-input.zk b/src/contract/dao/proof/propose-input.zk index 5b3890380..fe03b47a3 100644 --- a/src/contract/dao/proof/propose-input.zk +++ b/src/contract/dao/proof/propose-input.zk @@ -8,50 +8,53 @@ constant "DaoProposeInput" { } witness "DaoProposeInput" { - Base secret, - Base spend_hook, - Base user_data, + Base coin_secret, + Base coin_value, + Base coin_token, + Base coin_spend_hook, + Base coin_user_data, Base coin_blind, - Base value, - Base token, + Scalar value_blind, - Base token_blind, + Base coin_token_blind, + Uint32 leaf_pos, MerklePath path, + Base signature_secret, } circuit "DaoProposeInput" { # Coin hash - pub = ec_mul_base(secret, NULLIFIER_K); + pub = ec_mul_base(coin_secret, NULLIFIER_K); pub_x = ec_get_x(pub); pub_y = ec_get_y(pub); coin = poseidon_hash( pub_x, pub_y, - value, - token, - spend_hook, - user_data, + coin_value, + coin_token, + coin_spend_hook, + coin_user_data, coin_blind, ); # We need this to detect whether the above coin was already spent. # To avoid leaking timing & other info, we can just make a # money::transfer() call within the same tx. - nullifier = poseidon_hash(secret, coin); + nullifier = poseidon_hash(coin_secret, coin); constrain_instance(nullifier); - # Pedersen commitment for coin's value - vcv = ec_mul_short(value, VALUE_COMMIT_VALUE); + # Pedersen commitment for coin's coin_value + vcv = ec_mul_short(coin_value, VALUE_COMMIT_VALUE); vcr = ec_mul(value_blind, VALUE_COMMIT_RANDOM); - value_commit = ec_add(vcv, vcr); - constrain_instance(ec_get_x(value_commit)); - constrain_instance(ec_get_y(value_commit)); + coin_value_commit = ec_add(vcv, vcr); + constrain_instance(ec_get_x(coin_value_commit)); + constrain_instance(ec_get_y(coin_value_commit)); - # Commitment for coin's token ID - token_commit = poseidon_hash(token, token_blind); - constrain_instance(token_commit); + # Commitment for coin's coin_token ID + coin_token_commit = poseidon_hash(coin_token, coin_token_blind); + constrain_instance(coin_token_commit); # Merkle root root = merkle_root(leaf_pos, path, coin); diff --git a/src/contract/dao/proof/propose-main.zk b/src/contract/dao/proof/propose-main.zk index 6e7827714..31aa582f0 100644 --- a/src/contract/dao/proof/propose-main.zk +++ b/src/contract/dao/proof/propose-main.zk @@ -26,7 +26,7 @@ witness "DaoProposeMain" { Base dao_quorum, Base dao_approval_ratio_quot, Base dao_approval_ratio_base, - Base gov_token_id, + Base dao_gov_token_id, Base dao_public_x, Base dao_public_y, Base dao_bulla_blind, @@ -36,7 +36,7 @@ witness "DaoProposeMain" { } circuit "DaoProposeMain" { - token_commit = poseidon_hash(gov_token_id, gov_token_blind); + token_commit = poseidon_hash(dao_gov_token_id, gov_token_blind); constrain_instance(token_commit); dao_bulla = poseidon_hash( @@ -44,7 +44,7 @@ circuit "DaoProposeMain" { dao_quorum, dao_approval_ratio_quot, dao_approval_ratio_base, - gov_token_id, + dao_gov_token_id, dao_public_x, dao_public_y, dao_bulla_blind, diff --git a/src/contract/dao/proof/vote-input.zk b/src/contract/dao/proof/vote-input.zk index 665867e11..a96aa976f 100644 --- a/src/contract/dao/proof/vote-input.zk +++ b/src/contract/dao/proof/vote-input.zk @@ -8,30 +8,33 @@ constant "DaoVoteInput" { } witness "DaoVoteInput" { - Base secret, - Base spend_hook, - Base user_data, + Base coin_secret, + Base coin_value, + Base coin_gov_token_id, + Base coin_spend_hook, + Base coin_user_data, Base coin_blind, - Base value, - Base gov_token_id, + Scalar value_blind, Base gov_token_blind, + Uint32 leaf_pos, MerklePath path, + Base signature_secret, } circuit "DaoVoteInput" { - pub = ec_mul_base(secret, NULLIFIER_K); + pub = ec_mul_base(coin_secret, NULLIFIER_K); pub_x = ec_get_x(pub); pub_y = ec_get_y(pub); coin = poseidon_hash( pub_x, pub_y, - value, - gov_token_id, - spend_hook, - user_data, + coin_value, + coin_gov_token_id, + coin_spend_hook, + coin_user_data, coin_blind, ); @@ -41,16 +44,16 @@ circuit "DaoVoteInput" { # limitation where votes across proposals are linked where this # coin is active. The best fix would be the set non-membership, # but that possibly has scaling issues. - nullifier = poseidon_hash(secret, coin); + nullifier = poseidon_hash(coin_secret, coin); constrain_instance(nullifier); - vcv = ec_mul_short(value, VALUE_COMMIT_VALUE); + vcv = ec_mul_short(coin_value, VALUE_COMMIT_VALUE); vcr = ec_mul(value_blind, VALUE_COMMIT_RANDOM); - value_commit = ec_add(vcv, vcr); - constrain_instance(ec_get_x(value_commit)); - constrain_instance(ec_get_y(value_commit)); + coin_value_commit = ec_add(vcv, vcr); + constrain_instance(ec_get_x(coin_value_commit)); + constrain_instance(ec_get_y(coin_value_commit)); - token_commit = poseidon_hash(gov_token_id, gov_token_blind); + token_commit = poseidon_hash(coin_gov_token_id, gov_token_blind); constrain_instance(token_commit); # Merkle root diff --git a/src/contract/dao/proof/vote-main.zk b/src/contract/dao/proof/vote-main.zk index a6449ad2b..908adfc80 100644 --- a/src/contract/dao/proof/vote-main.zk +++ b/src/contract/dao/proof/vote-main.zk @@ -21,7 +21,7 @@ witness "DaoVoteMain" { Base dao_quorum, Base dao_approval_ratio_quot, Base dao_approval_ratio_base, - Base gov_token_id, + Base dao_gov_token_id, EcNiPoint dao_public_key, Base dao_bulla_blind, @@ -43,7 +43,7 @@ witness "DaoVoteMain" { } circuit "DaoVoteMain" { - token_commit = poseidon_hash(gov_token_id, gov_token_blind); + token_commit = poseidon_hash(dao_gov_token_id, gov_token_blind); constrain_instance(token_commit); # cast to EcPoint @@ -58,7 +58,7 @@ circuit "DaoVoteMain" { dao_quorum, dao_approval_ratio_quot, dao_approval_ratio_base, - gov_token_id, + dao_gov_token_id, dao_public_x, dao_public_y, dao_bulla_blind, diff --git a/src/contract/dao/src/client/propose.rs b/src/contract/dao/src/client/propose.rs index 161f375c9..155ffbc14 100644 --- a/src/contract/dao/src/client/propose.rs +++ b/src/contract/dao/src/client/propose.rs @@ -82,11 +82,11 @@ impl DaoProposeCall { let prover_witnesses = vec![ Witness::Base(Value::known(input.secret.inner())), + Witness::Base(Value::known(pallas::Base::from(note.value))), + Witness::Base(Value::known(note.token_id.inner())), Witness::Base(Value::known(pallas::Base::ZERO)), Witness::Base(Value::known(pallas::Base::ZERO)), Witness::Base(Value::known(note.coin_blind)), - Witness::Base(Value::known(pallas::Base::from(note.value))), - Witness::Base(Value::known(note.token_id.inner())), Witness::Scalar(Value::known(funds_blind)), Witness::Base(Value::known(gov_token_blind)), Witness::Uint32(Value::known(leaf_pos.try_into().unwrap())), diff --git a/src/contract/dao/src/client/vote.rs b/src/contract/dao/src/client/vote.rs index 0f1b9b340..700857b6c 100644 --- a/src/contract/dao/src/client/vote.rs +++ b/src/contract/dao/src/client/vote.rs @@ -107,11 +107,11 @@ impl DaoVoteCall { let prover_witnesses = vec![ Witness::Base(Value::known(input.secret.inner())), + Witness::Base(Value::known(pallas::Base::from(note.value))), + Witness::Base(Value::known(note.token_id.inner())), Witness::Base(Value::known(pallas::Base::ZERO)), Witness::Base(Value::known(pallas::Base::ZERO)), Witness::Base(Value::known(note.coin_blind)), - Witness::Base(Value::known(pallas::Base::from(note.value))), - Witness::Base(Value::known(note.token_id.inner())), Witness::Scalar(Value::known(value_blind)), Witness::Base(Value::known(gov_token_blind)), Witness::Uint32(Value::known(leaf_pos.try_into().unwrap())), diff --git a/src/contract/money/proof/burn_v1.zk b/src/contract/money/proof/burn_v1.zk index 0c186c5bc..d56c2bfb9 100644 --- a/src/contract/money/proof/burn_v1.zk +++ b/src/contract/money/proof/burn_v1.zk @@ -9,30 +9,34 @@ constant "Burn_V1" { EcFixedPointBase NULLIFIER_K, } -# The witness values we define for our circuit +# The witness coin_values we define for our circuit witness "Burn_V1" { - # The value of this coin - Base value, - # The token ID - Base token, - # Random blinding factor for value commitment - Scalar value_blind, - # Random blinding factor for the token ID - Base token_blind, + # Secret key used to derive nullifier and coin's public key + Base coin_secret, + + # The coin_value of this coin + Base coin_value, + # The coin_token_id ID + Base coin_token_id, # Allows composing this ZK proof to invoke other contracts - Base spend_hook, + Base coin_spend_hook, # Data passed from this coin to the invoked contract - Base user_data, + Base coin_user_data, # Unique serial number corresponding to this coin Base coin_blind, - # Blinding factor for the encrypted user_data + + # Random blinding factor for coin_value commitment + Scalar value_blind, + # Random blinding factor for the coin_token_id ID + Base token_id_blind, + # Blinding factor for the encrypted coin_user_data Base user_data_blind, - # Secret key used to derive nullifier and coin's public key - Base secret, + # Leaf position of the coin in the Merkle tree of coins Uint32 leaf_pos, # Merkle path to the coin MerklePath path, + # Secret key used to derive public key for the tx signature Base signature_secret, } @@ -40,53 +44,53 @@ witness "Burn_V1" { # The definition of our circuit circuit "Burn_V1" { # Derive the public key used in the coin from its secret counterpart - pub = ec_mul_base(secret, NULLIFIER_K); + pub = ec_mul_base(coin_secret, NULLIFIER_K); # Coin hash coin = poseidon_hash( ec_get_x(pub), ec_get_y(pub), - value, - token, - spend_hook, - user_data, + coin_value, + coin_token_id, + coin_spend_hook, + coin_user_data, coin_blind, ); # Poseidon hash of the nullifier - nullifier = poseidon_hash(secret, coin); + nullifier = poseidon_hash(coin_secret, coin); constrain_instance(nullifier); - # Pedersen commitment for coin's value - vcv = ec_mul_short(value, VALUE_COMMIT_VALUE); + # Pedersen commitment for coin's coin_value + vcv = ec_mul_short(coin_value, VALUE_COMMIT_VALUE); vcr = ec_mul(value_blind, VALUE_COMMIT_RANDOM); - value_commit = ec_add(vcv, vcr); - # Since value_commit is a curve point, we fetch its coordinates + coin_value_commit = ec_add(vcv, vcr); + # Since coin_value_commit is a curve point, we fetch its coordinates # and constrain them: - constrain_instance(ec_get_x(value_commit)); - constrain_instance(ec_get_y(value_commit)); + constrain_instance(ec_get_x(coin_value_commit)); + constrain_instance(ec_get_y(coin_value_commit)); - # Commitment for coin's token ID. We do a poseidon hash since it's + # Commitment for coin's coin_token_id ID. We do a poseidon hash since it's # cheaper than EC operations and doesn't need the homomorphic prop. - token_commit = poseidon_hash(token, token_blind); - constrain_instance(token_commit); + coin_token_id_commit = poseidon_hash(coin_token_id, token_id_blind); + constrain_instance(coin_token_id_commit); - # With this, we can actually produce a fake coin of value 0 + # With this, we can actually produce a fake coin of coin_value 0 # above and use it as a dummy input. The inclusion merkle tree - # has a 0x00 leaf at position 0, so zero_cond will output value - # iff value is 0 - which is equivalent to 0x00 so that's the + # has a 0x00 leaf at position 0, so zero_cond will output coin_value + # iff coin_value is 0 - which is equivalent to 0x00 so that's the # trick we use to make the inclusion proof. - coin_incl = zero_cond(value, coin); + coin_incl = zero_cond(coin_value, coin); # Merkle root root = merkle_root(leaf_pos, path, coin_incl); constrain_instance(root); - # Export user_data - user_data_enc = poseidon_hash(user_data, user_data_blind); - constrain_instance(user_data_enc); + # Export coin_user_data + coin_user_data_enc = poseidon_hash(coin_user_data, user_data_blind); + constrain_instance(coin_user_data_enc); - # Reveal spend_hook - constrain_instance(spend_hook); + # Reveal coin_spend_hook + constrain_instance(coin_spend_hook); # Finally, we derive a public key for the signature and # constrain its coordinates: diff --git a/src/contract/money/proof/mint_v1.zk b/src/contract/money/proof/mint_v1.zk index 4fbafc4d3..b74f369dc 100644 --- a/src/contract/money/proof/mint_v1.zk +++ b/src/contract/money/proof/mint_v1.zk @@ -9,55 +9,56 @@ constant "Mint_V1" { EcFixedPointBase NULLIFIER_K, } -# The witness values we define for our circuit +# The witness coin_values we define for our circuit witness "Mint_V1" { # X coordinate for public key - Base pub_x, + Base coin_public_x, # Y coordinate for public key - Base pub_y, - # The value of this coin - Base value, - # The token ID - Base token, + Base coin_public_y, + # The coin_value of this coin + Base coin_value, + # The coin_token_id ID + Base coin_token_id, # Allows composing this ZK proof to invoke other contracts - Base spend_hook, + Base coin_spend_hook, # Data passed from this coin to the invoked contract - Base user_data, + Base coin_user_data, # Unique serial number corresponding to this coin Base coin_blind, - # Random blinding factor for the value commitment + + # Random blinding factor for the coin_value commitment Scalar value_blind, - # Random blinding factor for the token ID - Base token_blind, + # Random blinding factor for the coin_token_id ID + Base token_id_blind, } # The definition of our circuit circuit "Mint_V1" { # Poseidon hash of the coin C = poseidon_hash( - pub_x, - pub_y, - value, - token, - spend_hook, - user_data, + coin_public_x, + coin_public_y, + coin_value, + coin_token_id, + coin_spend_hook, + coin_user_data, coin_blind, ); constrain_instance(C); - # Pedersen commitment for coin's value - vcv = ec_mul_short(value, VALUE_COMMIT_VALUE); + # Pedersen commitment for coin's coin_value + vcv = ec_mul_short(coin_value, VALUE_COMMIT_VALUE); vcr = ec_mul(value_blind, VALUE_COMMIT_RANDOM); - value_commit = ec_add(vcv, vcr); - # Since the value commit is a curve point, we fetch its coordinates + coin_value_commit = ec_add(vcv, vcr); + # Since the coin_value commit is a curve point, we fetch its coordinates # and constrain them: - constrain_instance(ec_get_x(value_commit)); - constrain_instance(ec_get_y(value_commit)); + constrain_instance(ec_get_x(coin_value_commit)); + constrain_instance(ec_get_y(coin_value_commit)); - # Commitment for coin's token ID. We do a poseidon hash since it's + # Commitment for coin's coin_token_id ID. We do a poseidon hash since it's # cheaper than EC operations and doesn't need the homomorphic prop. - token_commit = poseidon_hash(token, token_blind); - constrain_instance(token_commit); + coin_token_id_commit = poseidon_hash(coin_token_id, token_id_blind); + constrain_instance(coin_token_id_commit); # At this point we've enforced all of our public inputs. } diff --git a/src/contract/money/proof/token_mint_v1.zk b/src/contract/money/proof/token_mint_v1.zk index c9013334f..048d398f4 100644 --- a/src/contract/money/proof/token_mint_v1.zk +++ b/src/contract/money/proof/token_mint_v1.zk @@ -10,16 +10,16 @@ constant "TokenMint_V1" { witness "TokenMint_V1" { # CoinAttributes { - Base public_x, - Base public_y, - Base value, - Base spend_hook, + Base coin_public_x, + Base coin_public_y, + Base coin_value, + Base coin_spend_hook, Base coin_user_data, Base coin_blind, # } # TokenAttributes { - Base auth_parent, + Base token_auth_parent, Base token_user_data, Base token_blind, # } @@ -27,16 +27,16 @@ witness "TokenMint_V1" { circuit "TokenMint_V1" { # Derive the token ID - token_id = poseidon_hash(auth_parent, token_user_data, token_blind); - constrain_instance(auth_parent); + token_id = poseidon_hash(token_auth_parent, token_user_data, token_blind); + constrain_instance(token_auth_parent); # Then show the coin contains the token ID coin = poseidon_hash( - public_x, - public_y, - value, + coin_public_x, + coin_public_y, + coin_value, token_id, - spend_hook, + coin_spend_hook, coin_user_data, coin_blind, ); diff --git a/src/contract/money/src/client/transfer_v1/proof.rs b/src/contract/money/src/client/transfer_v1/proof.rs index 563d86f3e..fb3bbd068 100644 --- a/src/contract/money/src/client/transfer_v1/proof.rs +++ b/src/contract/money/src/client/transfer_v1/proof.rs @@ -133,15 +133,15 @@ pub fn create_transfer_burn_proof( }; let prover_witnesses = vec![ + Witness::Base(Value::known(input.secret.inner())), Witness::Base(Value::known(pallas::Base::from(input.note.value))), Witness::Base(Value::known(input.note.token_id.inner())), - Witness::Scalar(Value::known(value_blind)), - Witness::Base(Value::known(token_blind)), Witness::Base(Value::known(input.note.spend_hook.inner())), Witness::Base(Value::known(input.note.user_data)), Witness::Base(Value::known(input.note.coin_blind)), + Witness::Scalar(Value::known(value_blind)), + Witness::Base(Value::known(token_blind)), Witness::Base(Value::known(input.user_data_blind)), - Witness::Base(Value::known(input.secret.inner())), Witness::Uint32(Value::known(u64::from(input.leaf_position).try_into().unwrap())), Witness::MerklePath(Value::known(input.merkle_path.clone().try_into().unwrap())), Witness::Base(Value::known(signature_secret.inner())), diff --git a/src/contract/test-harness/src/vks.rs b/src/contract/test-harness/src/vks.rs index 21ca451ec..85047ae93 100644 --- a/src/contract/test-harness/src/vks.rs +++ b/src/contract/test-harness/src/vks.rs @@ -47,8 +47,8 @@ use darkfi_serial::{deserialize, serialize}; use log::debug; /// Update this if any circuits are changed -const VKS_HASH: &str = "2f0fbe2efd2b513bd22bfbfde4ad3db0c5730706092aa3cd5d63cefee62a31a6"; -const PKS_HASH: &str = "cb81c8c7da7000bab623ab1d9fe548aba9e335199016c60339df198358f556d5"; +const VKS_HASH: &str = "665562975ac7634cc4a028c74f641d28c9e3aaeb27d27ec9474995f02d23cd6a"; +const PKS_HASH: &str = "47e0e4cea6127377da30f97b17c748e7b2204261f168401103fa346b9426ea60"; fn pks_path(typ: &str) -> Result { let output = Command::new("git").arg("rev-parse").arg("--show-toplevel").output()?.stdout;