use merkle path inside the burn proof generation

src/bin/tx2.rs

@@ -663,7 +663,6 @@ impl Hashable for MerkleNode {
 */
 
 fn main() -> std::result::Result<(), failure::Error> {
-    use incrementalmerkletree::Hashable;
     use drk::{
         crypto::{
             merkle_node2::MerkleNode,
@@ -672,6 +671,7 @@ fn main() -> std::result::Result<(), failure::Error> {
         },
         types::{DrkCircuitField, DrkCoinBlind, DrkSerial},
     };
+    use incrementalmerkletree::Hashable;
 
     let cashier_secret = schnorr::SecretKey::random();
     let cashier_public = cashier_secret.public_key();
@@ -703,12 +703,27 @@ fn main() -> std::result::Result<(), failure::Error> {
 
     let tx = builder.build()?;
 
+    tx.verify(&state.mint_vk, &state.spend_vk)
+        .expect("tx verify");
+
     let mut tree = BridgeTree::<MerkleNode, 2>::new(100);
     let node = MerkleNode(tx.outputs[0].revealed.coin.clone());
     tree.append(&node);
     tree.witness();
     let (merkle_position, merkle_path) = tree.authentication_path(&node).unwrap();
 
+    let mut current = node;
+    let position: u64 = merkle_position.into();
+    for (level, sibling) in merkle_path.iter().enumerate() {
+        let level = level as u8;
+        current = if position & (1 << level) == 0 {
+            MerkleNode::combine(level.into(), &current, sibling)
+        } else {
+            MerkleNode::combine(level.into(), sibling, &current)
+        };
+    }
+    assert_eq!(current, tree.root());
+
     let note = tx.outputs[0].enc_note.decrypt(&secret)?;
 
     //let update = state_transition(&state, tx)?;

src/crypto/spend_proof.rs

@@ -9,6 +9,7 @@ use log::debug;
 use pasta_curves::{
     arithmetic::{CurveAffine, FieldExt},
     group::Curve,
+    pallas,
 };
 
 use super::{
@@ -18,6 +19,7 @@ use super::{
 };
 use crate::{
     circuit::spend_contract::SpendContract,
+    crypto::merkle_node2::MerkleNode,
     serial::{Decodable, Encodable},
     types::*,
     Result,
@@ -130,11 +132,13 @@ pub fn create_spend_proof(
     serial: DrkSerial,
     coin_blind: DrkCoinBlind,
     secret: DrkSecretKey,
-    merkle_path: Vec<DrkCoin>,
+    merkle_path: Vec<MerkleNode>,
     signature_secret: DrkSecretKey,
 ) -> Result<(Proof, SpendRevealedValues)> {
     const K: u32 = 11;
 
+    let merkle_path: Vec<pallas::Base> = merkle_path.iter().map(|node| node.0).collect();
+
     let revealed = SpendRevealedValues::compute(
         value,
         token_id,

src/tx/builder.rs

@@ -83,21 +83,11 @@ impl TransactionBuilder {
         let mut inputs = vec![];
         let mut input_blinds = vec![];
         let mut signature_secrets = vec![];
-        for input in &self.inputs {
+        for input in self.inputs {
             input_blinds.push(input.note.value_blind);
 
             let signature_secret = DrkSecretKey::random(&mut OsRng);
 
-            /*
-            // TODO: Some stupid glue code. Need to sort this out
-            let auth_path: Vec<(bls12_381::Scalar, bool)> = input
-                .merkle_path
-                .auth_path
-                .iter()
-                .map(|(node, b)| ((*node).into(), *b))
-                .collect();
-            */
-
             let (proof, revealed) = create_spend_proof(
                 input.note.value,
                 input.note.token_id,
@@ -106,7 +96,7 @@ impl TransactionBuilder {
                 input.note.serial,
                 input.note.coin_blind,
                 input.secret,
-                vec![],
+                input.merkle_path,
                 signature_secret,
             )?;