darkfi/bin/daod/proof/dao-burn.zk

constant "DaoBurn" {
	EcFixedPointShort VALUE_COMMIT_VALUE,
	EcFixedPoint VALUE_COMMIT_RANDOM,
}

contract "DaoBurn" {
    Base treasury_value,
    Base authority_key_x,
    Base authority_key_y,
    Base governance_token_id,
    Base treasury_token_id,
    Scalar treasury_value_blind,
    Base authority_key_x_blind,
    Base authority_key_y_blind,
    Base governance_token_id_blind,
    Base treasury_token_id_blind,

    # BullaBurn subroutine
    Base serial,
    Base coin_blind,
	Uint32 leaf_pos,
	MerklePath path,
	Base signature_secret,
}

contract "DaoBurn" {
	# Pedersen commitment for coin's value
	vcv = ec_mul_short(treasury_value, VALUE_COMMIT_VALUE);
	vcr = ec_mul(treasury_value_blind, VALUE_COMMIT_RANDOM);
	value_commit = ec_add(vcv, vcr);
	# Since the value commit is a curve point, we fetch its coordinates
	# and constrain them:
	value_commit_x = ec_get_x(value_commit);
	value_commit_y = ec_get_y(value_commit);
	constrain_instance(value_commit_x);
	constrain_instance(value_commit_y);

    authority_x_commit = poseidon_hash(authority_key_x, authority_key_x_blind);
    constrain_instance(authority_x_commit);

    authority_y_commit = poseidon_hash(authority_key_y, authority_key_y_blind);
    constrain_instance(authority_y_commit);

    gov_token_id_commit = poseidon_hash(
        governance_token_id, governance_token_id_blind);
    constrain_instance(gov_token_id_commit);

    treasury_token_id_commit = poseidon_hash(
        treasury_token_id, treasury_token_id_blind);
    constrain_instance(treasury_token_id_commit);

    # BullaBurn subroutine

	# Poseidon hash of the nullifier
	nullifier = poseidon_hash(serial);
	constrain_instance(nullifier);

	B = poseidon_hash(
        treasury_value,
        authority_key_x,
        authority_key_y,
        governance_token_id,
        treasury_token_id,
        serial,
        coin_blind
    );

	# Merkle root
	root = calculate_merkle_root(leaf_pos, path, B);
	constrain_instance(root);

	# Finally, we derive a public key for the signature and
	# constrain its coordinates:
	signature_public = ec_mul_base(signature_secret, NULLIFIER_K);
	signature_x = ec_get_x(signature_public);
	signature_y = ec_get_y(signature_public);
	constrain_instance(signature_x);
	constrain_instance(signature_y);
}