diff --git a/README.md b/README.md index f34770d..1db30bf 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,11 @@ gnark implementation of rln-v2. super hacky and unclean. -Need to get kats from zerokit and replace the circuit assertions for y, root, nullifier. +Need to get test vectors for other backends, but bn254 works with the kats from [zerokit](https://github.com/vacp2p/zerokit/blob/8614b2a33a295921aef30129b9fc3cf6d5710c9d/rln/tests/protocol.rs#L240) + +Poseidon implementation taken from [here](https://raw.githubusercontent.com/AlpinYukseloglu/poseidon-gnark/main/circuits/poseidon.go) + +Merkle tree Inclusion proof taken from [here](https://github.com/reilabs/gnark-lean-demo/blob/a3955946e0d5f63d8bdc4e5bb2a60d0ba613544c/go-circuit/semaphore.go#L31) ## Usage diff --git a/main.go b/main.go index e451669..0bb316f 100644 --- a/main.go +++ b/main.go @@ -91,6 +91,21 @@ func main() { panic(ret) } + y, ret := fr.Modulus().SetString("16401008481486069296141645075505218976370369489687327284155463920202585288271", 10) + if ret != true { + panic(ret) + } + + nullifier, ret := fr.Modulus().SetString("9102791780887227194595604713537772536258726662792598131262022534710887343694", 10) + if ret != true { + panic(ret) + } + + root, ret := fr.Modulus().SetString("8502402278351299594663821509741133196466235670407051417832304486953898514733", 10) + if ret != true { + panic(ret) + } + assignment := &rln.RlnCircuit{ X: frontend.Variable(x), ExternalNullifier: frontend.Variable(external_nullifier), @@ -99,9 +114,9 @@ func main() { UserMessageLimit: frontend.Variable(100), PathElements: pathElements, IdentityPathIndex: identityPathIndex, - Y: frontend.Variable(0), - Root: frontend.Variable(0), - Nullifier: frontend.Variable(0), + Y: frontend.Variable(y), + Root: frontend.Variable(root), + Nullifier: frontend.Variable(nullifier), } witness, _ := frontend.NewWitness(assignment, ecc.BN254.ScalarField()) @@ -114,9 +129,9 @@ func main() { raw := &rln.RlnCircuit{ X: frontend.Variable(x), ExternalNullifier: frontend.Variable(external_nullifier), - Y: frontend.Variable(0), - Root: frontend.Variable(0), - Nullifier: frontend.Variable(0), + Y: frontend.Variable(y), + Root: frontend.Variable(root), + Nullifier: frontend.Variable(nullifier), } verifyWitness, err := frontend.NewWitness(raw, ecc.BN254.ScalarField(), frontend.PublicOnly()) if err != nil { diff --git a/rln/rln.go b/rln/rln.go index 136f46c..6f4a848 100644 --- a/rln/rln.go +++ b/rln/rln.go @@ -49,8 +49,8 @@ func (circuit RlnCircuit) Define(api frontend.API) error { right_hash := Poseidon(api, right_hash_input[:]) hashes[i+1] = api.Select(circuit.IdentityPathIndex[i], right_hash, left_hash) } - circuit.Root = hashes[levels] - api.AssertIsEqual(circuit.Root, circuit.Root) + root := hashes[levels] + api.AssertIsEqual(root, circuit.Root) rangeChecker := rangecheck.New(api) rangeChecker.Check(circuit.MessageId, 16) @@ -61,13 +61,13 @@ func (circuit RlnCircuit) Define(api frontend.API) error { a1_input[1] = circuit.ExternalNullifier a1_input[2] = circuit.MessageId a1 := Poseidon(api, a1_input[:]) - circuit.Y = api.Mul(api.Add(circuit.IdentitySecret, a1), circuit.X) - api.AssertIsEqual(circuit.Y, circuit.Y) + y := api.Add(circuit.IdentitySecret, api.Mul(a1, circuit.X)) + api.AssertIsEqual(y, circuit.Y) var nullifier_input [1]frontend.Variable nullifier_input[0] = a1 - circuit.Nullifier = Poseidon(api, nullifier_input[:]) - api.AssertIsEqual(circuit.Nullifier, circuit.Nullifier) + nullifier := Poseidon(api, nullifier_input[:]) + api.AssertIsEqual(nullifier, circuit.Nullifier) return nil }