k = 13;
field = "pallas";

constant "tx" {
         EcFixedPointShort VALUE_COMMIT_VALUE,
         EcFixedPoint VALUE_COMMIT_RANDOM,
         EcFixedPointBase NULLIFIER_K,
}

witness "tx" {
         # coin (1) witnesses
         Base root,
         Base c1_root_sk,
         Base c1_sk,
         MerklePath c1_sk_path,
         Uint32 c1_sk_pos,
         Base c1_rho,
         Scalar c1_opening,
         Base c1_value,
         MerklePath c1_cm_path,
         Uint32 c1_cm_pos,
         Base c1_sn,
         # coin (3) witnesses
         Base c3_pk,
         Base c3_rho,
         Scalar c3_opening,
         Base c3_value,
         # coin (4) witnesses
         Base c4_pk,
         Base c4_rho,
         Scalar c4_opening,
         Base c4_value,
}

circuit "tx" {
        ZERO = witness_base(0);
        ONE = witness_base(1);
        PREFIX_EVL = witness_base(2);
        PREFIX_SEED = witness_base(3);
        PREFIX_CM = witness_base(4);
        PREFIX_PK = witness_base(5);
        PREFIX_SN = witness_base(6);
        # coin (1) pk/public key
        c1_pk = poseidon_hash(PREFIX_PK, c1_root_sk);
        #constrain_instance(c1_pk);
        # coin (1) cm/commitment
        c1_cm_msg = poseidon_hash(PREFIX_CM, c1_pk, c1_value, c1_rho);
        c1_cm_v = ec_mul_base(c1_cm_msg, NULLIFIER_K);
        c1_cm_r = ec_mul(c1_opening, VALUE_COMMIT_RANDOM);
        c1_cm = ec_add(c1_cm_v, c1_cm_r);
        c1_cm_x = ec_get_x(c1_cm);
        c1_cm_y = ec_get_y(c1_cm);
        c1_cm_hash = poseidon_hash(c1_cm_x, c1_cm_y);
        constrain_instance(c1_cm_x);
        constrain_instance(c1_cm_y);
        # coin (3) cm/commitment
        c3_cm_msg = poseidon_hash(PREFIX_CM, c3_pk, c3_value, c3_rho);
        c3_cm_v = ec_mul_base(c3_cm_msg, NULLIFIER_K);
        c3_cm_r = ec_mul(c3_opening, VALUE_COMMIT_RANDOM);
        c3_cm = ec_add(c3_cm_v, c3_cm_r);
        c3_cm_x = ec_get_x(c3_cm);
        constrain_instance(c3_cm_x);
        c3_cm_y = ec_get_x(c3_cm);
        constrain_instance(c3_cm_y);
        # coin (4) cm/commitment
        c4_cm_msg = poseidon_hash(PREFIX_CM, c4_pk, c4_value, c4_rho);
        c4_cm_v = ec_mul_base(c4_cm_msg, NULLIFIER_K);
        c4_cm_r = ec_mul(c4_opening, VALUE_COMMIT_RANDOM);
        c4_cm = ec_add(c4_cm_v, c4_cm_r);
        c4_cm_x = ec_get_x(c4_cm);
        constrain_instance(c4_cm_x);
        c4_cm_y = ec_get_y(c4_cm);
        constrain_instance(c4_cm_y);
        outval = base_add(c3_value, c4_value);
        constrain_equal_base(c1_value, outval);
        # root of path to coin1 commitment at given position
        c1_root = merkle_root(c1_cm_pos, c1_cm_path, c1_cm_hash);
        constrain_instance(c1_root);
        # root of path to coin(1) sk at given position
        c1_sk_root = merkle_root(c1_sk_pos, c1_sk_path, c1_sk);
        constrain_instance(c1_sk_root);
        # coin (1) sn/nullifier
        c1_sn = poseidon_hash(PREFIX_SN, c1_root_sk, c1_rho, ZERO);
        constrain_instance(c1_sn);
}