chore(ci): add arkzkey feature to nightly assets (#244)

* Add Submodule

* Add arkzkey

* make arkzkey support as feature

* update submodule url

* add abstract around feature

* new bench file

* update ci

.github/workflows/ci.yml

@@ -3,27 +3,20 @@ on:
     branches:
       - master
     paths-ignore:
-      - '**.md'
-      - '!.github/workflows/*.yml'
-      - '!multiplier/src/**'
-      - '!private-settlement/src/**'
-      - '!rln-wasm/**'
-      - '!rln/src/**'
-      - '!rln/resources/**'
-      - '!semaphore/src/**'
-      - '!utils/src/**'
+      - "**.md"
+      - "!.github/workflows/*.yml"
+      - "!rln-wasm/**"
+      - "!rln/src/**"
+      - "!rln/resources/**"
+      - "!utils/src/**"
   pull_request:
     paths-ignore:
-      - '**.md'
-      - '!.github/workflows/*.yml'
-      - '!multiplier/src/**'
-      - '!private-settlement/src/**'
-      - '!rln-wasm/**'
-      - '!rln/src/**'
-      - '!rln/resources/**'
-      - '!semaphore/src/**'
-      - '!utils/src/**'
-
+      - "**.md"
+      - "!.github/workflows/*.yml"
+      - "!rln-wasm/**"
+      - "!rln/src/**"
+      - "!rln/resources/**"
+      - "!utils/src/**"
 
 name: Tests
 
@@ -32,10 +25,10 @@ jobs:
     strategy:
       matrix:
         platform: [ubuntu-latest, macos-latest]
-        crate: [multiplier, semaphore, rln, utils]
+        crate: [rln, utils]
     runs-on: ${{ matrix.platform }}
     timeout-minutes: 60
-  
+
     name: test - ${{ matrix.crate }} - ${{ matrix.platform }}
     steps:
       - name: Checkout sources
@@ -51,16 +44,16 @@ jobs:
         run: make installdeps
       - name: cargo-make test
         run: |
-            cargo make test --release
+          cargo make test --release
         working-directory: ${{ matrix.crate }}
-  
+
   rln-wasm:
     strategy:
       matrix:
         platform: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.platform }}
     timeout-minutes: 60
-  
+
     name: test - rln-wasm - ${{ matrix.platform }}
     steps:
       - uses: actions/checkout@v3
@@ -85,11 +78,11 @@ jobs:
       matrix:
         # we run lint tests only on ubuntu
         platform: [ubuntu-latest]
-        crate: [multiplier, semaphore, rln, utils]
+        crate: [rln, utils]
     runs-on: ${{ matrix.platform }}
     timeout-minutes: 60
 
-    name: lint - ${{ matrix.crate }} - ${{ matrix.platform }}  
+    name: lint - ${{ matrix.crate }} - ${{ matrix.platform }}
     steps:
       - name: Checkout sources
         uses: actions/checkout@v3
@@ -110,7 +103,7 @@ jobs:
       - name: cargo clippy
         if: success() || failure()
         run: |
-            cargo clippy --release -- -D warnings
+          cargo clippy --release -- -D warnings
         working-directory: ${{ matrix.crate }}
         # We skip clippy on rln-wasm, since wasm target is managed by cargo make
         # Currently not treating warnings as error, too noisy
@@ -130,8 +123,10 @@ jobs:
     steps:
       - name: Checkout sources
         uses: actions/checkout@v3
+        with:
+          submodules: true
       - uses: Swatinem/rust-cache@v2
       - uses: boa-dev/criterion-compare-action@v3
         with:
           branchName: ${{ github.base_ref }}
-          cwd: ${{ matrix.crate }}
+          cwd: ${{ matrix.crate }}

.github/workflows/nightly-release.yml

@@ -8,7 +8,8 @@ jobs:
   linux:
     strategy:
       matrix:
-        target: 
+        feature: ["default", "arkzkey"]
+        target:
           - x86_64-unknown-linux-gnu
           - aarch64-unknown-linux-gnu
           - i686-unknown-linux-gnu
@@ -29,16 +30,16 @@ jobs:
         run: make installdeps
       - name: cross build
         run: |
-          cross build --release --target ${{ matrix.target }} --workspace --exclude rln-wasm
+          cross build --release --target ${{ matrix.target }} --features ${{ matrix.feature }} --workspace --exclude rln-wasm
           mkdir release
           cp target/${{ matrix.target }}/release/librln* release/
-          tar -czvf ${{ matrix.target }}-rln.tar.gz release/
+          tar -czvf ${{ matrix.target }}-${{ matrix.feature }}-rln.tar.gz release/
 
       - name: Upload archive artifact
         uses: actions/upload-artifact@v2
         with:
-          name: ${{ matrix.target }}-archive
-          path: ${{ matrix.target }}-rln.tar.gz
+          name: ${{ matrix.target }}-${{ matrix.feature }}-archive
+          path: ${{ matrix.target }}-${{ matrix.feature }}-rln.tar.gz
           retention-days: 2
 
   macos:
@@ -46,7 +47,8 @@ jobs:
     runs-on: macos-latest
     strategy:
       matrix:
-        target: 
+        feature: ["default", "arkzkey"]
+        target:
           - x86_64-apple-darwin
           - aarch64-apple-darwin
     steps:
@@ -64,18 +66,18 @@ jobs:
         run: make installdeps
       - name: cross build
         run: |
-          cross build --release --target ${{ matrix.target }} --workspace --exclude rln-wasm
+          cross build --release --target ${{ matrix.target }} --features ${{ matrix.feature }} --workspace --exclude rln-wasm
           mkdir release
           cp target/${{ matrix.target }}/release/librln* release/
-          tar -czvf ${{ matrix.target }}-rln.tar.gz release/
+          tar -czvf ${{ matrix.target }}-${{ matrix.feature }}-rln.tar.gz release/
 
       - name: Upload archive artifact
         uses: actions/upload-artifact@v2
         with:
-          name: ${{ matrix.target }}-archive
-          path: ${{ matrix.target }}-rln.tar.gz
+          name: ${{ matrix.target }}-${{ matrix.feature }}-archive
+          path: ${{ matrix.target }}-${{ matrix.feature }}-rln.tar.gz
           retention-days: 2
-  
+
   browser-rln-wasm:
     name: Browser build (RLN WASM)
     runs-on: ubuntu-latest
@@ -108,7 +110,6 @@ jobs:
           path: rln-wasm/browser-rln-wasm.tar.gz
           retention-days: 2
 
-
   prepare-prerelease:
     name: Prepare pre-release
     needs: [linux, macos, browser-rln-wasm]
@@ -120,7 +121,7 @@ jobs:
           ref: master
       - name: Download artifacts
         uses: actions/download-artifact@v2
-          
+
       - name: Delete tag
         uses: dev-drprasad/delete-tag-and-release@v0.2.1
         with:

.gitmodules

@@ -1,8 +1,3 @@
-[submodule "rln/vendor/rln"]
-	path = rln/vendor/rln
-	ignore = dirty
-	url = https://github.com/Rate-Limiting-Nullifier/rln_circuits.git
-[submodule "semaphore/vendor/semaphore"]
-	path = semaphore/vendor/semaphore
-	ignore = dirty
-	url = https://github.com/appliedzkp/semaphore.git
+[submodule "mopro"]
+	path = mopro
+	url = https://github.com/zkmopro/mopro.git

Cargo.toml

@@ -1,13 +1,6 @@
 [workspace]
-members = [
-  "multiplier",
-  "private-settlement",
-  "semaphore",
-  "rln",
-  "rln-cli",
-  "rln-wasm",
-  "utils",
-]
+members = ["rln", "rln-cli", "rln-wasm", "utils"]
+default-members = ["rln", "rln-cli", "utils"]
 resolver = "2"
 
 # Compilation profile for any non-workspace member.
@@ -19,6 +12,3 @@ opt-level = 3
 [profile.release.package."rln-wasm"]
 # Tell `rustc` to optimize for small code size.
 opt-level = "s"
-
-[profile.release.package."semaphore"]
-codegen-units = 1

Cross.toml

@@ -29,4 +29,7 @@ image = "ghcr.io/cross-rs/mips64-unknown-linux-gnuabi64:latest"
 image = "ghcr.io/cross-rs/mips64el-unknown-linux-gnuabi64:latest"
 
 [target.mipsel-unknown-linux-gnu]
-image = "ghcr.io/cross-rs/mipsel-unknown-linux-gnu:latest"
+image = "ghcr.io/cross-rs/mipsel-unknown-linux-gnu:latest"
+
+[target.aarch64-linux-android]
+image = "ghcr.io/cross-rs/aarch64-linux-android:edge"

Makefile

@@ -13,15 +13,19 @@ endif
 
 installdeps: .pre-build
 ifeq ($(shell uname),Darwin)
-# commented due to https://github.com/orgs/Homebrew/discussions/4612	
-# @brew update 
+# commented due to https://github.com/orgs/Homebrew/discussions/4612
+# @brew update
 	@brew install cmake ninja
 else ifeq ($(shell uname),Linux)
 	@sudo apt-get update
 	@sudo apt-get install -y cmake ninja-build
 endif
-	@git clone --recursive https://github.com/WebAssembly/wabt.git
-	@cd wabt && mkdir build && cd build && cmake .. -GNinja && ninja && sudo ninja install
+	@git -C "wabt" pull || git clone --recursive https://github.com/WebAssembly/wabt.git "wabt"
+	@cd wabt && mkdir -p build && cd build && cmake .. -GNinja && ninja && sudo ninja install
+	@which wasm-pack || cargo install wasm-pack
+	# nvm already checks if it's installed, and no-ops if it is
+	@curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
+	@. ${HOME}/.nvm/nvm.sh && nvm install 18.20.2 && nvm use 18.20.2;
 
 build: .pre-build
 	@cargo make build

README.md

@@ -18,13 +18,23 @@ in Rust.
 
 - [semaphore-rs](https://github.com/worldcoin/semaphore-rs) written in Rust based on ark-circom.
 
+## Users
+
+Zerokit is used by -
+
+- [nwaku](https://github.com/waku-org/nwaku)
+- [js-rln](https://github.com/waku-org/js-rln)
+
 ## Build and Test
 
 To install missing dependencies, run the following commands from the root folder
+
 ```bash
 make installdeps
 ```
+
 To build and test all crates, run the following commands from the root folder
+
 ```bash
 make build
 make test
@@ -32,4 +42,4 @@ make test
 
 ## Release assets
 
-We use [`cross-rs`](https://github.com/cross-rs/cross) to cross-compile and generate release assets for rln. 
+We use [`cross-rs`](https://github.com/cross-rs/cross) to cross-compile and generate release assets for rln.

multiplier/Cargo.toml

@@ -1,32 +0,0 @@
-[package]
-name = "multiplier"
-version = "0.3.0"
-edition = "2018"
-license = "MIT OR Apache-2.0"
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
-[dependencies]
-
-# WASM operations
-# wasmer = { version = "2.0" }
-# fnv = { version = "1.0.3", default-features = false }
-# num = { version = "0.4.0" }
-# num-traits = { version = "0.2.0", default-features = false }
-
-# ZKP Generation
-# ark-ff = { version = "0.3.0", default-features = false, features = ["parallel", "asm"] }
-ark-std = { version = "0.3.0", default-features = false, features = ["parallel"] }
-ark-bn254 = { version = "0.3.0" }
-ark-groth16 = { git = "https://github.com/arkworks-rs/groth16", rev = "765817f", features = ["parallel"] }
-# ark-poly = { version = "^0.3.0", default-features = false, features = ["parallel"] }
-ark-serialize = { version = "0.3.0", default-features = false }
-
-ark-circom = { git = "https://github.com/gakonst/ark-circom", features = ["circom-2"], rev = "35ce5a9" }
-
-# error handling
-color-eyre = "0.6.1"
-
-# decoding of data
-# hex = "0.4.3"
-# byteorder = "1.4.3"

multiplier/Makefile.toml

@@ -1,7 +0,0 @@
-[tasks.build]
-command = "cargo"
-args = ["build", "--release"]
-
-[tasks.test]
-command = "cargo"
-args = ["test", "--release"]

multiplier/README.md

@@ -1,21 +0,0 @@
-# Multiplier example
-
-Example wrapper around a basic Circom circuit to test Circom 2 integration
-through ark-circom and FFI.
-
-## Build and Test
-
-To build and test, run the following commands within the module folder
-```bash
-cargo make build
-cargo make test
-```
-
-## FFI
-
-To generate C or Nim bindings from Rust FFI, use `cbindgen` or `nbindgen`:
-
-```
-cbindgen . -o target/multiplier.h
-nbindgen . -o target/multiplier.nim
-```

multiplier/src/ffi.rs

@@ -1,77 +0,0 @@
-use crate::public::Multiplier;
-use std::slice;
-
-/// Buffer struct is taken from
-/// https://github.com/celo-org/celo-threshold-bls-rs/blob/master/crates/threshold-bls-ffi/src/ffi.rs
-///
-/// Also heavily inspired by https://github.com/kilic/rln/blob/master/src/ffi.rs
-
-#[repr(C)]
-#[derive(Clone, Debug, PartialEq)]
-pub struct Buffer {
-    pub ptr: *const u8,
-    pub len: usize,
-}
-
-impl From<&[u8]> for Buffer {
-    fn from(src: &[u8]) -> Self {
-        Self {
-            ptr: &src[0] as *const u8,
-            len: src.len(),
-        }
-    }
-}
-
-impl<'a> From<&Buffer> for &'a [u8] {
-    fn from(src: &Buffer) -> &'a [u8] {
-        unsafe { slice::from_raw_parts(src.ptr, src.len) }
-    }
-}
-
-#[allow(clippy::not_unsafe_ptr_arg_deref)]
-#[no_mangle]
-pub extern "C" fn new_circuit(ctx: *mut *mut Multiplier) -> bool {
-    if let Ok(mul) = Multiplier::new() {
-        unsafe { *ctx = Box::into_raw(Box::new(mul)) };
-        true
-    } else {
-        false
-    }
-}
-
-#[allow(clippy::not_unsafe_ptr_arg_deref)]
-#[no_mangle]
-pub extern "C" fn prove(ctx: *const Multiplier, output_buffer: *mut Buffer) -> bool {
-    println!("multiplier ffi: prove");
-    let mul = unsafe { &*ctx };
-    let mut output_data: Vec<u8> = Vec::new();
-
-    match mul.prove(&mut output_data) {
-        Ok(proof_data) => proof_data,
-        Err(_) => return false,
-    };
-    unsafe { *output_buffer = Buffer::from(&output_data[..]) };
-    std::mem::forget(output_data);
-    true
-}
-
-#[allow(clippy::not_unsafe_ptr_arg_deref)]
-#[no_mangle]
-pub extern "C" fn verify(
-    ctx: *const Multiplier,
-    proof_buffer: *const Buffer,
-    result_ptr: *mut u32,
-) -> bool {
-    println!("multiplier ffi: verify");
-    let mul = unsafe { &*ctx };
-    let proof_data = <&[u8]>::from(unsafe { &*proof_buffer });
-    if match mul.verify(proof_data) {
-        Ok(verified) => verified,
-        Err(_) => return false,
-    } {
-        unsafe { *result_ptr = 0 };
-    } else {
-        unsafe { *result_ptr = 1 };
-    };
-    true
-}

multiplier/src/lib.rs

@@ -1,2 +0,0 @@
-pub mod ffi;
-pub mod public;

multiplier/src/main.rs

@@ -1,49 +0,0 @@
-use ark_circom::{CircomBuilder, CircomConfig};
-use ark_std::rand::thread_rng;
-use color_eyre::{Report, Result};
-
-use ark_bn254::Bn254;
-use ark_groth16::{
-    create_random_proof as prove, generate_random_parameters, prepare_verifying_key, verify_proof,
-};
-
-fn groth16_proof_example() -> Result<()> {
-    let cfg = CircomConfig::<Bn254>::new(
-        "./resources/circom2_multiplier2.wasm",
-        "./resources/circom2_multiplier2.r1cs",
-    )?;
-
-    let mut builder = CircomBuilder::new(cfg);
-    builder.push_input("a", 3);
-    builder.push_input("b", 11);
-
-    // create an empty instance for setting it up
-    let circom = builder.setup();
-
-    let mut rng = thread_rng();
-    let params = generate_random_parameters::<Bn254, _, _>(circom, &mut rng)?;
-
-    let circom = builder.build()?;
-
-    let inputs = circom
-        .get_public_inputs()
-        .ok_or(Report::msg("no public inputs"))?;
-
-    let proof = prove(circom, &params, &mut rng)?;
-
-    let pvk = prepare_verifying_key(&params.vk);
-
-    match verify_proof(&pvk, &proof, &inputs) {
-        Ok(_) => Ok(()),
-        Err(_) => Err(Report::msg("not verified")),
-    }
-}
-
-fn main() {
-    println!("Hello, world!");
-
-    match groth16_proof_example() {
-        Ok(_) => println!("Success"),
-        Err(_) => println!("Error"),
-    }
-}

multiplier/src/public.rs

@@ -1,79 +0,0 @@
-use ark_circom::{CircomBuilder, CircomCircuit, CircomConfig};
-use ark_std::rand::thread_rng;
-
-use ark_bn254::Bn254;
-use ark_groth16::{
-    create_random_proof as prove, generate_random_parameters, prepare_verifying_key, verify_proof,
-    Proof, ProvingKey,
-};
-use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
-use color_eyre::{Report, Result};
-use std::io::{Read, Write};
-
-pub struct Multiplier {
-    circom: CircomCircuit<Bn254>,
-    params: ProvingKey<Bn254>,
-}
-
-impl Multiplier {
-    // TODO Break this apart here
-    pub fn new() -> Result<Multiplier> {
-        let cfg = CircomConfig::<Bn254>::new(
-            "./resources/circom2_multiplier2.wasm",
-            "./resources/circom2_multiplier2.r1cs",
-        )?;
-
-        let mut builder = CircomBuilder::new(cfg);
-        builder.push_input("a", 3);
-        builder.push_input("b", 11);
-
-        // create an empty instance for setting it up
-        let circom = builder.setup();
-
-        let mut rng = thread_rng();
-
-        let params = generate_random_parameters::<Bn254, _, _>(circom, &mut rng)?;
-
-        let circom = builder.build()?;
-
-        Ok(Multiplier { circom, params })
-    }
-
-    // TODO Input Read
-    pub fn prove<W: Write>(&self, result_data: W) -> Result<()> {
-        let mut rng = thread_rng();
-
-        // XXX: There's probably a better way to do this
-        let circom = self.circom.clone();
-        let params = self.params.clone();
-
-        let proof = prove(circom, &params, &mut rng)?;
-
-        // XXX: Unclear if this is different from other serialization(s)
-        proof.serialize(result_data)?;
-
-        Ok(())
-    }
-
-    pub fn verify<R: Read>(&self, input_data: R) -> Result<bool> {
-        let proof = Proof::deserialize(input_data)?;
-
-        let pvk = prepare_verifying_key(&self.params.vk);
-
-        // XXX Part of input data?
-        let inputs = self
-            .circom
-            .get_public_inputs()
-            .ok_or(Report::msg("no public inputs"))?;
-
-        let verified = verify_proof(&pvk, &proof, &inputs)?;
-
-        Ok(verified)
-    }
-}
-
-impl Default for Multiplier {
-    fn default() -> Self {
-        Self::new().unwrap()
-    }
-}

multiplier/tests/public.rs

@@ -1,21 +0,0 @@
-#[cfg(test)]
-mod tests {
-    use multiplier::public::Multiplier;
-
-    #[test]
-    fn multiplier_proof() {
-        let mul = Multiplier::new().unwrap();
-
-        let mut output_data: Vec<u8> = Vec::new();
-        let _ = mul.prove(&mut output_data);
-
-        let proof_data = &output_data[..];
-
-        // XXX Pass as arg?
-        //let pvk = prepare_verifying_key(&mul.params.vk);
-
-        let verified = mul.verify(proof_data).unwrap();
-
-        assert!(verified);
-    }
-}

private-settlement/Cargo.toml

@@ -1,9 +0,0 @@
-[package]
-name = "private-settlement"
-version = "0.3.0"
-edition = "2021"
-license = "MIT OR Apache-2.0"
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
-[dependencies]

private-settlement/Makefile.toml

@@ -1,7 +0,0 @@
-[tasks.build]
-command = "cargo"
-args = ["build", "--release"]
-
-[tasks.test]
-command = "cargo"
-args = ["test", "--release"]

private-settlement/README.md

@@ -1,11 +0,0 @@
-# Private Settlement  Module
-
-This module is to provide APIs to manage, compute and verify [Private Settlement](https://rfc.vac.dev/spec/44/) zkSNARK proofs and primitives.
-
-## Build and Test
-
-To build and test, run the following commands within the module folder
-```bash
-cargo make build
-cargo make test
-```

private-settlement/src/lib.rs

@@ -1 +0,0 @@
-

private-settlement/tests/private-settlement.rs

@@ -1,11 +0,0 @@
-#[cfg(test)]
-mod tests {
-    #[cfg(test)]
-    mod tests {
-        #[test]
-        fn it_works() {
-            let result = 2 + 2;
-            assert_eq!(result, 4);
-        }
-    }
-}

rln-cli/src/main.rs

@@ -37,7 +37,11 @@ fn main() -> Result<()> {
             tree_config_input,
         }) => {
             let mut resources: Vec<Vec<u8>> = Vec::new();
-            for filename in ["rln.wasm", "rln_final.zkey", "verification_key.json"] {
+            #[cfg(feature = "arkzkey")]
+            let filenames = ["rln.wasm", "rln_final.arkzkey", "verification_key.json"];
+            #[cfg(not(feature = "arkzkey"))]
+            let filenames = ["rln.wasm", "rln_final.zkey", "verification_key.json"];
+            for filename in filenames {
                 let fullpath = config.join(Path::new(filename));
                 let mut file = File::open(&fullpath)?;
                 let metadata = std::fs::metadata(&fullpath)?;

rln-wasm/Cargo.toml

@@ -1,8 +1,11 @@
 [package]
 name = "rln-wasm"
-version = "0.0.9"
+version = "0.0.13"
 edition = "2021"
 license = "MIT or Apache2"
+autobenches = false
+autotests = false
+autobins = false
 
 [lib]
 crate-type = ["cdylib", "rlib"]
@@ -30,4 +33,3 @@ console_error_panic_hook = { version = "0.1.7", optional = true }
 [dev-dependencies]
 wasm-bindgen-test = "0.3.13"
 wasm-bindgen-futures = "0.4.33"
-

rln-wasm/Makefile.toml

@@ -29,3 +29,7 @@ args = ["login"]
 [tasks.publish]
 command = "wasm-pack"
 args = ["publish", "--access", "public", "--target", "web"]
+
+[tasks.bench]
+command = "echo"
+args = ["'No benchmarks available for this project'"]

rln-wasm/tests/rln-wasm.rs

@@ -3,8 +3,9 @@
 #[cfg(test)]
 mod tests {
     use js_sys::{BigInt as JsBigInt, Object, Uint8Array};
-    use rln::circuit::TEST_TREE_HEIGHT;
-    use rln::utils::normalize_usize;
+    use rln::circuit::{Fr, TEST_TREE_HEIGHT};
+    use rln::hashers::{hash_to_field, poseidon_hash};
+    use rln::utils::{bytes_le_to_fr, fr_to_bytes_le, normalize_usize};
     use rln_wasm::*;
     use wasm_bindgen::{prelude::*, JsValue};
     use wasm_bindgen_test::wasm_bindgen_test;
@@ -33,26 +34,40 @@ mod tests {
 
         // Creating membership key
         let mem_keys = wasm_key_gen(rln_instance).unwrap();
-        let idkey = mem_keys.subarray(0, 32);
-        let idcommitment = mem_keys.subarray(32, 64);
-
-        // Insert PK
-        wasm_set_next_leaf(rln_instance, idcommitment).unwrap();
+        let id_key = mem_keys.subarray(0, 32);
+        let id_commitment = mem_keys.subarray(32, 64);
 
         // Prepare the message
-        let signal = "Hello World".as_bytes();
-
-        // Setting up the epoch (With 0s for the test)
-        let epoch = Uint8Array::new_with_length(32);
-        epoch.fill(0, 0, 32);
+        let signal = b"Hello World";
 
         let identity_index: usize = 0;
+        // Setting up the epoch and rln_identifier
+        let epoch = hash_to_field(b"test-epoch");
+        let rln_identifier = hash_to_field(b"test-rln-identifier");
+
+        let external_nullifier = poseidon_hash(&[epoch, rln_identifier]);
+        let external_nullifier = fr_to_bytes_le(&external_nullifier);
+
+        let user_message_limit = Fr::from(100);
+        let message_id = fr_to_bytes_le(&Fr::from(0));
+
+        let (id_commitment_fr, _) = bytes_le_to_fr(&id_commitment.to_vec()[..]);
+        let rate_commitment = poseidon_hash(&[id_commitment_fr, user_message_limit]);
+
+        // Insert PK
+        wasm_set_next_leaf(
+            rln_instance,
+            Uint8Array::from(fr_to_bytes_le(&rate_commitment).as_slice()),
+        )
+        .unwrap();
 
         // Serializing the message
         let mut serialized_vec: Vec<u8> = Vec::new();
-        serialized_vec.append(&mut idkey.to_vec());
+        serialized_vec.append(&mut id_key.to_vec());
         serialized_vec.append(&mut normalize_usize(identity_index));
-        serialized_vec.append(&mut epoch.to_vec());
+        serialized_vec.append(&mut fr_to_bytes_le(&user_message_limit).to_vec());
+        serialized_vec.append(&mut message_id.to_vec());
+        serialized_vec.append(&mut external_nullifier.to_vec());
         serialized_vec.append(&mut normalize_usize(signal.len()));
         serialized_vec.append(&mut signal.to_vec());
         let serialized_message = Uint8Array::from(&serialized_vec[..]);
@@ -112,7 +127,6 @@ mod tests {
     #[wasm_bindgen_test]
     fn test_metadata() {
         let tree_height = TEST_TREE_HEIGHT;
-        let circom_path = format!("../rln/resources/tree_height_{TEST_TREE_HEIGHT}/rln.wasm");
         let zkey_path = format!("../rln/resources/tree_height_{TEST_TREE_HEIGHT}/rln_final.zkey");
         let vk_path =
             format!("../rln/resources/tree_height_{TEST_TREE_HEIGHT}/verification_key.json");
@@ -122,7 +136,6 @@ mod tests {
         // Creating an instance of RLN
         let rln_instance = wasm_new(tree_height, zkey, vk).unwrap();
 
-
         let test_metadata = Uint8Array::new(&JsValue::from_str("test"));
         // Inserting random metadata
         wasm_set_metadata(rln_instance, test_metadata.clone()).unwrap();

rln/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rln"
-version = "0.3.4"
+version = "0.4.3"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 description = "APIs to manage, compute and verify zkSNARK proofs and RLN primitives"
@@ -19,13 +19,20 @@ doctest = false
 [dependencies]
 # ZKP Generation
 ark-ec = { version = "=0.4.1", default-features = false }
-ark-ff = { version = "=0.4.1", default-features = false, features = [ "asm"] }
+ark-ff = { version = "=0.4.1", default-features = false, features = ["asm"] }
 ark-std = { version = "=0.4.0", default-features = false }
 ark-bn254 = { version = "=0.4.0" }
-ark-groth16 = { version = "=0.4.0", features = ["parallel"], default-features = false }
-ark-relations = { version = "=0.4.0", default-features = false, features = [ "std" ] }
+ark-groth16 = { version = "=0.4.0", features = [
+    "parallel",
+], default-features = false }
+ark-relations = { version = "=0.4.0", default-features = false, features = [
+    "std",
+] }
 ark-serialize = { version = "=0.4.1", default-features = false }
-ark-circom = { version = "=0.1.0", default-features = false, features = ["circom-2"] }
+ark-circom = { version = "=0.1.0", default-features = false, features = [
+    "circom-2",
+] }
+ark-zkey = { path = "../mopro/ark-zkey", optional = true, default-features = false }
 
 # WASM
 wasmer = { version = "=2.3.0", default-features = false }
@@ -36,13 +43,16 @@ thiserror = "=1.0.39"
 
 # utilities
 cfg-if = "=1.0"
-num-bigint = { version = "=0.4.3", default-features = false, features = ["rand"] }
+num-bigint = { version = "=0.4.3", default-features = false, features = [
+    "rand",
+] }
 num-traits = "=0.2.15"
 once_cell = "=1.17.1"
 rand = "=0.8.5"
 rand_chacha = "=0.3.1"
 tiny-keccak = { version = "=2.0.2", features = ["keccak"] }
-utils = { package = "zerokit_utils", version = "=0.3.2", path = "../utils/", default-features = false }
+utils = { package = "zerokit_utils", version = "=0.4.3", path = "../utils/", default-features = false }
+
 
 # serialization
 serde_json = "=1.0.96"
@@ -56,9 +66,16 @@ criterion = { version = "=0.4.0", features = ["html_reports"] }
 
 [features]
 default = ["parallel", "wasmer/sys-default", "pmtree-ft"]
-parallel = ["ark-ec/parallel", "ark-ff/parallel", "ark-std/parallel", "ark-groth16/parallel", "utils/parallel"]
+parallel = [
+    "ark-ec/parallel",
+    "ark-ff/parallel",
+    "ark-std/parallel",
+    "ark-groth16/parallel",
+    "utils/parallel",
+]
 wasm = ["wasmer/js", "wasmer/std"]
 fullmerkletree = ["default"]
+arkzkey = ["ark-zkey"]
 
 # Note: pmtree feature is still experimental
 pmtree-ft = ["utils/pmtree-ft"]
@@ -66,3 +83,7 @@ pmtree-ft = ["utils/pmtree-ft"]
 [[bench]]
 name = "pmtree_benchmark"
 harness = false
+
+[[bench]]
+name = "circuit_loading_benchmark"
+harness = false

rln/README.md

@@ -56,7 +56,7 @@ However, if `N` is too big, this might require a bigger Powers of Tau ceremony t
 In such case we refer to the official [Circom documentation](https://docs.circom.io/getting-started/proving-circuits/#powers-of-tau) for instructions on how to run an appropriate Powers of Tau ceremony and Phase 2 in order to compile the desired circuit.
 
 
-Currently, the `rln` module comes with three [pre-compiled](https://github.com/vacp2p/zerokit/tree/master/rln/resources) RLN circuits having Merkle tree of height `15`, `19` and `20`, respectively.
+Currently, the `rln` module comes with 2 [pre-compiled](https://github.com/vacp2p/zerokit/tree/master/rln/resources) RLN circuits having Merkle tree of height `20` and `32`, respectively.
 
 ## Getting started
 
@@ -102,18 +102,20 @@ let mut buffer = Cursor::new(Vec::<u8>::new());
 rln.key_gen(&mut buffer).unwrap();
 
 // We deserialize the keygen output to obtain
-// the identiy_secret and id_commitment
+// the identity_secret and id_commitment
 let (identity_secret_hash, id_commitment) = deserialize_identity_pair(buffer.into_inner());
 ```
 
-### Add ID commitment to the RLN Merkle tree
+### Add Rate commitment to the RLN Merkle tree
 
 ```rust
 // We define the tree index where id_commitment will be added
 let id_index = 10;
+let user_message_limit = 10;
 
 // We serialize id_commitment and pass it to set_leaf
-let mut buffer = Cursor::new(serialize_field_element(id_commitment));
+let rate_commitment = poseidon_hash(&[id_commitment, user_message_limit]);
+let mut buffer = Cursor::new(serialize_field_element(rate_commitment));
 rln.set_leaf(id_index, &mut buffer).unwrap();
 ```
 
@@ -141,11 +143,11 @@ let signal = b"RLN is awesome";
 
 We prepare the input to the proof generation routine. 
 
-Input buffer is serialized as `[ identity_key | id_index | epoch | signal_len | signal ]`.
+Input buffer is serialized as `[ identity_key | id_index | epoch | rln_identifier | user_message_limit | message_id | signal_len | signal ]`.
 
 ```rust
 // We prepare input to the proof generation routine
-let proof_input = prepare_prove_input(identity_secret_hash, id_index, epoch, signal);
+let proof_input = prepare_prove_input(identity_secret_hash, id_index, epoch, rln_identifier, user_message_limit, message_id, signal);
 ```
 
 We are now ready to generate a RLN ZK proof along with the _public outputs_ of the ZK circuit evaluation.

rln/benches/circuit_loading_benchmark.rs

@@ -0,0 +1,15 @@
+use criterion::{criterion_group, criterion_main, Criterion};
+use rln::circuit::TEST_RESOURCES_FOLDER;
+
+// Depending on the key type (enabled by the `--features arkzkey` flag)
+// the upload speed from the `rln_final.zkey` or `rln_final.arkzkey` file is calculated
+pub fn key_load_benchmark(c: &mut Criterion) {
+    c.bench_function("zkey::upload_from_folder", |b| {
+        b.iter(|| {
+            let _ = rln::circuit::zkey_from_folder(TEST_RESOURCES_FOLDER);
+        })
+    });
+}
+
+criterion_group!(benches, key_load_benchmark);
+criterion_main!(benches);

rln/benches/pmtree_benchmark.rs

@@ -1,7 +1,6 @@
 use criterion::{criterion_group, criterion_main, Criterion};
-use utils::ZerokitMerkleTree;
-
 use rln::{circuit::Fr, pm_tree_adapter::PmTree};
+use utils::ZerokitMerkleTree;
 
 pub fn pmtree_benchmark(c: &mut Criterion) {
     let mut tree = PmTree::default(2).unwrap();

rln/resources/tree_height_15/verification_key.json

@@ -1,119 +0,0 @@
-{
- "protocol": "groth16",
- "curve": "bn128",
- "nPublic": 6,
- "vk_alpha_1": [
-  "20124996762962216725442980738609010303800849578410091356605067053491763969391",
-  "9118593021526896828671519912099489027245924097793322973632351264852174143923",
-  "1"
- ],
- "vk_beta_2": [
-  [
-   "4693952934005375501364248788849686435240706020501681709396105298107971354382",
-   "14346958885444710485362620645446987998958218205939139994511461437152241966681"
-  ],
-  [
-   "16851772916911573982706166384196538392731905827088356034885868448550849804972",
-   "823612331030938060799959717749043047845343400798220427319188951998582076532"
-  ],
-  [
-   "1",
-   "0"
-  ]
- ],
- "vk_gamma_2": [
-  [
-   "10857046999023057135944570762232829481370756359578518086990519993285655852781",
-   "11559732032986387107991004021392285783925812861821192530917403151452391805634"
-  ],
-  [
-   "8495653923123431417604973247489272438418190587263600148770280649306958101930",
-   "4082367875863433681332203403145435568316851327593401208105741076214120093531"
-  ],
-  [
-   "1",
-   "0"
-  ]
- ],
- "vk_delta_2": [
-  [
-   "1361919643088555407518565462732544232965454074504004321739078395285189557133",
-   "20823246840633598579879223919854294301857184404415306521912631074982696570306"
-  ],
-  [
-   "7088590198103342249937795923142619828109070290720888704402714617857746884833",
-   "8191367139632195506244169264298620546181137131063303219908889318280111188437"
-  ],
-  [
-   "1",
-   "0"
-  ]
- ],
- "vk_alphabeta_12": [
-  [
-   [
-    "12608968655665301215455851857466367636344427685631271961542642719683786103711",
-    "9849575605876329747382930567422916152871921500826003490242628251047652318086"
-   ],
-   [
-    "6322029441245076030714726551623552073612922718416871603535535085523083939021",
-    "8700115492541474338049149013125102281865518624059015445617546140629435818912"
-   ],
-   [
-    "10674973475340072635573101639867487770811074181475255667220644196793546640210",
-    "2926286967251299230490668407790788696102889214647256022788211245826267484824"
-   ]
-  ],
-  [
-   [
-    "9660441540778523475944706619139394922744328902833875392144658911530830074820",
-    "19548113127774514328631808547691096362144426239827206966690021428110281506546"
-   ],
-   [
-    "1870837942477655969123169532603615788122896469891695773961478956740992497097",
-    "12536105729661705698805725105036536744930776470051238187456307227425796690780"
-   ],
-   [
-    "21811903352654147452884857281720047789720483752548991551595462057142824037334",
-    "19021616763967199151052893283384285352200445499680068407023236283004353578353"
-   ]
-  ]
- ],
- "IC": [
-  [
-   "17643142412395322664866141827318671249236739056291610144830020671604112279111",
-   "13273439661778801509295280274403992505521239023074387826870538372514206268318",
-   "1"
-  ],
-  [
-   "12325966053136615826793633393742326952102053533176311103856731330114882211366",
-   "6439956820140153832120005353467272867287237423425778281905068783317736451260",
-   "1"
-  ],
-  [
-   "20405310272367450124741832665322768131899487413829191383721623069139009993137",
-   "21336772016824870564600007750206596010566056069977718959140462128560786193566",
-   "1"
-  ],
-  [
-   "4007669092231576644992949839487535590075070172447826102934640178940614212519",
-   "7597503385395289202372182678960254605827199004598882158153019657732525465207",
-   "1"
-  ],
-  [
-   "4545695279389338758267531646940033299700127241196839077811942492841603458462",
-   "6635771967009274882904456432128877995932122611166121203658485990305433499873",
-   "1"
-  ],
-  [
-   "7876954805169515500747828488548350352651069599547377092970620945851311591012",
-   "7571431725691513008054581132582771105743462534789373657638701712901679323321",
-   "1"
-  ],
-  [
-   "5563973122249220346301217166900152021860462617567141574881706390202619333219",
-   "5147729144109676590873823097632042430451708874867871369293332620382492068692",
-   "1"
-  ]
- ]
-}

rln/resources/tree_height_19/verification_key.json

@@ -1,119 +0,0 @@
-{
- "protocol": "groth16",
- "curve": "bn128",
- "nPublic": 6,
- "vk_alpha_1": [
-  "20124996762962216725442980738609010303800849578410091356605067053491763969391",
-  "9118593021526896828671519912099489027245924097793322973632351264852174143923",
-  "1"
- ],
- "vk_beta_2": [
-  [
-   "4693952934005375501364248788849686435240706020501681709396105298107971354382",
-   "14346958885444710485362620645446987998958218205939139994511461437152241966681"
-  ],
-  [
-   "16851772916911573982706166384196538392731905827088356034885868448550849804972",
-   "823612331030938060799959717749043047845343400798220427319188951998582076532"
-  ],
-  [
-   "1",
-   "0"
-  ]
- ],
- "vk_gamma_2": [
-  [
-   "10857046999023057135944570762232829481370756359578518086990519993285655852781",
-   "11559732032986387107991004021392285783925812861821192530917403151452391805634"
-  ],
-  [
-   "8495653923123431417604973247489272438418190587263600148770280649306958101930",
-   "4082367875863433681332203403145435568316851327593401208105741076214120093531"
-  ],
-  [
-   "1",
-   "0"
-  ]
- ],
- "vk_delta_2": [
-  [
-   "16125279975606773676640811113051624654121459921695914044301154938920321009721",
-   "14844345250267029614093295465313288254479124604567709177260777529651293576873"
-  ],
-  [
-   "20349277326920398483890518242229158117668855310237215044647746783223259766294",
-   "19338776107510040969200058390413661029003750817172740054990168933780935479540"
-  ],
-  [
-   "1",
-   "0"
-  ]
- ],
- "vk_alphabeta_12": [
-  [
-   [
-    "12608968655665301215455851857466367636344427685631271961542642719683786103711",
-    "9849575605876329747382930567422916152871921500826003490242628251047652318086"
-   ],
-   [
-    "6322029441245076030714726551623552073612922718416871603535535085523083939021",
-    "8700115492541474338049149013125102281865518624059015445617546140629435818912"
-   ],
-   [
-    "10674973475340072635573101639867487770811074181475255667220644196793546640210",
-    "2926286967251299230490668407790788696102889214647256022788211245826267484824"
-   ]
-  ],
-  [
-   [
-    "9660441540778523475944706619139394922744328902833875392144658911530830074820",
-    "19548113127774514328631808547691096362144426239827206966690021428110281506546"
-   ],
-   [
-    "1870837942477655969123169532603615788122896469891695773961478956740992497097",
-    "12536105729661705698805725105036536744930776470051238187456307227425796690780"
-   ],
-   [
-    "21811903352654147452884857281720047789720483752548991551595462057142824037334",
-    "19021616763967199151052893283384285352200445499680068407023236283004353578353"
-   ]
-  ]
- ],
- "IC": [
-  [
-   "5645604624116784480262312750033349186912223090668673154853165165224747369512",
-   "5656337658385597582701340925622307146226708710361427687425735166776477641124",
-   "1"
-  ],
-  [
-   "8216930132302312821663833393171053651364962198587857550991047765311607638330",
-   "19934865864074163318938688021560358348660709566570123384268356491416384822148",
-   "1"
-  ],
-  [
-   "11046959016591768534564223076484566731774575511709349452804727872479525392631",
-   "9401797690410912638766111919371607085248054251975419812613989999345815833269",
-   "1"
-  ],
-  [
-   "13216594148914395028254776738842380005944817065680915990743659996725367876414",
-   "11541283802841111343960351782994043892623551381569479006737253908665900144087",
-   "1"
-  ],
-  [
-   "6957074593219251760608960101283708711892008557897337713430173510328411964571",
-   "21673833055087220750009279957462375662312260098732685145862504142183400549467",
-   "1"
-  ],
-  [
-   "20795071270535109448604057031148356571036039566776607847840379441839742201050",
-   "21654952744643117202636583766828639581880877547772465264383291983528268115687",
-   "1"
-  ],
-  [
-   "19143058772755719660075704757531991493801758701561469885274062297246796623789",
-   "3996020163280925980543600106196205910576345230982361007978823537163123181007",
-   "1"
-  ]
- ]
-}

rln/resources/tree_height_20/verification_key.json

@@ -1,20 +1,20 @@
 {
  "protocol": "groth16",
  "curve": "bn128",
- "nPublic": 6,
+ "nPublic": 5,
  "vk_alpha_1": [
-  "20124996762962216725442980738609010303800849578410091356605067053491763969391",
-  "9118593021526896828671519912099489027245924097793322973632351264852174143923",
+  "20491192805390485299153009773594534940189261866228447918068658471970481763042",
+  "9383485363053290200918347156157836566562967994039712273449902621266178545958",
   "1"
  ],
  "vk_beta_2": [
   [
-   "4693952934005375501364248788849686435240706020501681709396105298107971354382",
-   "14346958885444710485362620645446987998958218205939139994511461437152241966681"
+   "6375614351688725206403948262868962793625744043794305715222011528459656738731",
+   "4252822878758300859123897981450591353533073413197771768651442665752259397132"
   ],
   [
-   "16851772916911573982706166384196538392731905827088356034885868448550849804972",
-   "823612331030938060799959717749043047845343400798220427319188951998582076532"
+   "10505242626370262277552901082094356697409835680220590971873171140371331206856",
+   "21847035105528745403288232691147584728191162732299865338377159692350059136679"
   ],
   [
    "1",
@@ -37,12 +37,12 @@
  ],
  "vk_delta_2": [
   [
-   "8353516066399360694538747105302262515182301251524941126222712285088022964076",
-   "9329524012539638256356482961742014315122377605267454801030953882967973561832"
+   "17077735495685170943380938230836408503627170115414840315502244846025577589191",
+   "14030085636943255545683322474441991939484590437387381169642530788494152024614"
   ],
   [
-   "16805391589556134376869247619848130874761233086443465978238468412168162326401",
-   "10111259694977636294287802909665108497237922060047080343914303287629927847739"
+   "11568745146423307387256571230823432454624378106569286849514884592874522611163",
+   "1838524899938769516485895655063198583192139511330418290063560641219523306282"
   ],
   [
    "1",
@@ -52,67 +52,62 @@
  "vk_alphabeta_12": [
   [
    [
-    "12608968655665301215455851857466367636344427685631271961542642719683786103711",
-    "9849575605876329747382930567422916152871921500826003490242628251047652318086"
+    "2029413683389138792403550203267699914886160938906632433982220835551125967885",
+    "21072700047562757817161031222997517981543347628379360635925549008442030252106"
    ],
    [
-    "6322029441245076030714726551623552073612922718416871603535535085523083939021",
-    "8700115492541474338049149013125102281865518624059015445617546140629435818912"
+    "5940354580057074848093997050200682056184807770593307860589430076672439820312",
+    "12156638873931618554171829126792193045421052652279363021382169897324752428276"
    ],
    [
-    "10674973475340072635573101639867487770811074181475255667220644196793546640210",
-    "2926286967251299230490668407790788696102889214647256022788211245826267484824"
+    "7898200236362823042373859371574133993780991612861777490112507062703164551277",
+    "7074218545237549455313236346927434013100842096812539264420499035217050630853"
    ]
   ],
   [
    [
-    "9660441540778523475944706619139394922744328902833875392144658911530830074820",
-    "19548113127774514328631808547691096362144426239827206966690021428110281506546"
+    "7077479683546002997211712695946002074877511277312570035766170199895071832130",
+    "10093483419865920389913245021038182291233451549023025229112148274109565435465"
    ],
    [
-    "1870837942477655969123169532603615788122896469891695773961478956740992497097",
-    "12536105729661705698805725105036536744930776470051238187456307227425796690780"
+    "4595479056700221319381530156280926371456704509942304414423590385166031118820",
+    "19831328484489333784475432780421641293929726139240675179672856274388269393268"
    ],
    [
-    "21811903352654147452884857281720047789720483752548991551595462057142824037334",
-    "19021616763967199151052893283384285352200445499680068407023236283004353578353"
+    "11934129596455521040620786944827826205713621633706285934057045369193958244500",
+    "8037395052364110730298837004334506829870972346962140206007064471173334027475"
    ]
   ]
  ],
  "IC": [
   [
-   "11992897507809711711025355300535923222599547639134311050809253678876341466909",
-   "17181525095924075896332561978747020491074338784673526378866503154966799128110",
+   "4920513730204767532050733107749276406754520419375654722016092399980613788208",
+   "10950491564509418434657706642388934308456795265036074733953533582377584967294",
    "1"
   ],
   [
-   "17018665030246167677911144513385572506766200776123272044534328594850561667818",
-   "18601114175490465275436712413925513066546725461375425769709566180981674884464",
+   "6815064660695497986531118446154820702646540722664044216580897159556261271171",
+   "17838140936832571103329556013529166877877534025488014783346458943575275015438",
    "1"
   ],
   [
-   "18799470100699658367834559797874857804183288553462108031963980039244731716542",
-   "13064227487174191981628537974951887429496059857753101852163607049188825592007",
+   "16364982450206976302246609763791333525052810246590359380676749324389440643932",
+   "17092624338100676284548565502349491320314889021833923882585524649862570629227",
    "1"
   ],
   [
-   "17432501889058124609368103715904104425610382063762621017593209214189134571156",
-   "13406815149699834788256141097399354592751313348962590382887503595131085938635",
+   "3679639231485547795420532910726924727560917141402837495597760107842698404034",
+   "16213191511474848247596810551723578773353083440353745908057321946068926848382",
    "1"
   ],
   [
-   "10320964835612716439094703312987075811498239445882526576970512041988148264481",
-   "9024164961646353611176283204118089412001502110138072989569118393359029324867",
+   "9215428431027260354679105025212521481930206886203677270216204485256690813172",
+   "934602510541226149881779979217731465262250233587980565969044391353665291792",
    "1"
   ],
   [
-   "718355081067365548229685160476620267257521491773976402837645005858953849298",
-   "14635482993933988261008156660773180150752190597753512086153001683711587601974",
-   "1"
-  ],
-  [
-   "11777720285956632126519898515392071627539405001940313098390150593689568177535",
-   "8483603647274280691250972408211651407952870456587066148445913156086740744515",
+   "8935861545794299876685457331391349387048184820319250771243971382360441890897",
+   "4993459033694759724715904486381952906869986989682015547152342336961693234616",
    "1"
   ]
  ]

rln/src/circuit.rs

@@ -4,14 +4,12 @@ use ark_bn254::{
     Bn254, Fq as ArkFq, Fq2 as ArkFq2, Fr as ArkFr, G1Affine as ArkG1Affine,
     G1Projective as ArkG1Projective, G2Affine as ArkG2Affine, G2Projective as ArkG2Projective,
 };
-use ark_circom::read_zkey;
 use ark_groth16::{ProvingKey, VerifyingKey};
 use ark_relations::r1cs::ConstraintMatrices;
 use cfg_if::cfg_if;
 use color_eyre::{Report, Result};
 use num_bigint::BigUint;
 use serde_json::Value;
-use std::io::Cursor;
 use std::str::FromStr;
 
 cfg_if! {
@@ -25,17 +23,23 @@ cfg_if! {
     }
 }
 
+cfg_if! {
+    if #[cfg(feature = "arkzkey")] {
+        use ark_zkey::read_arkzkey_from_bytes;
+        const ARKZKEY_FILENAME: &str = "rln_final.arkzkey";
+
+    } else {
+        use std::io::Cursor;
+        use ark_circom::read_zkey;
+    }
+}
+
 const ZKEY_FILENAME: &str = "rln_final.zkey";
 const VK_FILENAME: &str = "verification_key.json";
 const WASM_FILENAME: &str = "rln.wasm";
 
-// These parameters are used for tests
-// Note that the circuit and keys in TEST_RESOURCES_FOLDER are compiled for Merkle trees of height 15, 19 and 20
-// Changing these parameters to other values than these defaults will cause zkSNARK proof verification to fail
-pub const TEST_PARAMETERS_INDEX: usize = 2;
-pub const TEST_TREE_HEIGHT: usize = [15, 19, 20][TEST_PARAMETERS_INDEX];
-pub const TEST_RESOURCES_FOLDER: &str =
-    ["tree_height_15", "tree_height_19", "tree_height_20"][TEST_PARAMETERS_INDEX];
+pub const TEST_TREE_HEIGHT: usize = 20;
+pub const TEST_RESOURCES_FOLDER: &str = "tree_height_20";
 
 #[cfg(not(target_arch = "wasm32"))]
 static RESOURCES_DIR: Dir<'_> = include_dir!("$CARGO_MANIFEST_DIR/resources");
@@ -54,8 +58,15 @@ pub type G2Projective = ArkG2Projective;
 // Loads the proving key using a bytes vector
 pub fn zkey_from_raw(zkey_data: &Vec<u8>) -> Result<(ProvingKey<Curve>, ConstraintMatrices<Fr>)> {
     if !zkey_data.is_empty() {
-        let mut c = Cursor::new(zkey_data);
-        let proving_key_and_matrices = read_zkey(&mut c)?;
+        let proving_key_and_matrices = match () {
+            #[cfg(feature = "arkzkey")]
+            () => read_arkzkey_from_bytes(zkey_data.as_slice())?,
+            #[cfg(not(feature = "arkzkey"))]
+            () => {
+                let mut c = Cursor::new(zkey_data);
+                read_zkey(&mut c)?
+            }
+        };
         Ok(proving_key_and_matrices)
     } else {
         Err(Report::msg("No proving key found!"))
@@ -67,10 +78,21 @@ pub fn zkey_from_raw(zkey_data: &Vec<u8>) -> Result<(ProvingKey<Curve>, Constrai
 pub fn zkey_from_folder(
     resources_folder: &str,
 ) -> Result<(ProvingKey<Curve>, ConstraintMatrices<Fr>)> {
+    #[cfg(feature = "arkzkey")]
+    let zkey = RESOURCES_DIR.get_file(Path::new(resources_folder).join(ARKZKEY_FILENAME));
+    #[cfg(not(feature = "arkzkey"))]
     let zkey = RESOURCES_DIR.get_file(Path::new(resources_folder).join(ZKEY_FILENAME));
+
     if let Some(zkey) = zkey {
-        let mut c = Cursor::new(zkey.contents());
-        let proving_key_and_matrices = read_zkey(&mut c)?;
+        let proving_key_and_matrices = match () {
+            #[cfg(feature = "arkzkey")]
+            () => read_arkzkey_from_bytes(zkey.contents())?,
+            #[cfg(not(feature = "arkzkey"))]
+            () => {
+                let mut c = Cursor::new(zkey.contents());
+                read_zkey(&mut c)?
+            }
+        };
         Ok(proving_key_and_matrices)
     } else {
         Err(Report::msg("No proving key found!"))
@@ -78,7 +100,7 @@ pub fn zkey_from_folder(
 }
 
 // Loads the verification key from a bytes vector
-pub fn vk_from_raw(vk_data: &Vec<u8>, zkey_data: &Vec<u8>) -> Result<VerifyingKey<Curve>> {
+pub fn vk_from_raw(vk_data: &[u8], zkey_data: &Vec<u8>) -> Result<VerifyingKey<Curve>> {
     let verifying_key: VerifyingKey<Curve>;
 
     if !vk_data.is_empty() {
@@ -146,7 +168,7 @@ pub fn circom_from_folder(resources_folder: &str) -> Result<&'static Mutex<Witne
 
 // Utilities to convert a json verification key in a groth16::VerificationKey
 fn fq_from_str(s: &str) -> Result<Fq> {
-    Ok(Fq::try_from(BigUint::from_str(s)?)?)
+    Ok(Fq::from(BigUint::from_str(s)?))
 }
 
 // Extracts the element in G1 corresponding to its JSON serialization

rln/src/lib.rs

@@ -7,6 +7,8 @@ pub mod pm_tree_adapter;
 pub mod poseidon_tree;
 pub mod protocol;
 pub mod public;
+#[cfg(test)]
+pub mod public_api_tests;
 pub mod utils;
 
 #[cfg(not(target_arch = "wasm32"))]

rln/src/pm_tree_adapter.rs

@@ -246,7 +246,8 @@ impl ZerokitMerkleTree for PmTree {
         let data = self.tree.db.get(METADATA_KEY)?;
 
         if data.is_none() {
-            return Err(Report::msg("metadata does not exist"));
+            // send empty Metadata
+            return Ok(Vec::new());
         }
         Ok(data.unwrap())
     }

rln/src/protocol.rs

@@ -32,11 +32,12 @@ use utils::{ZerokitMerkleProof, ZerokitMerkleTree};
 #[derive(Debug, PartialEq)]
 pub struct RLNWitnessInput {
     identity_secret: Fr,
+    user_message_limit: Fr,
+    message_id: Fr,
     path_elements: Vec<Fr>,
     identity_path_index: Vec<u8>,
     x: Fr,
-    epoch: Fr,
-    rln_identifier: Fr,
+    external_nullifier: Fr,
 }
 
 #[derive(Debug, PartialEq)]
@@ -47,8 +48,7 @@ pub struct RLNProofValues {
     pub root: Fr,
     // Public Inputs:
     pub x: Fr,
-    pub epoch: Fr,
-    pub rln_identifier: Fr,
+    pub external_nullifier: Fr,
 }
 
 pub fn serialize_field_element(element: Fr) -> Vec<u8> {
@@ -90,25 +90,46 @@ pub fn deserialize_identity_tuple(serialized: Vec<u8>) -> (Fr, Fr, Fr, Fr) {
     )
 }
 
+/// Serializes witness
+///
+/// # Errors
+///
+/// Returns an error if `rln_witness.message_id` is not within `rln_witness.user_message_limit`.
 pub fn serialize_witness(rln_witness: &RLNWitnessInput) -> Result<Vec<u8>> {
+    message_id_range_check(&rln_witness.message_id, &rln_witness.user_message_limit)?;
+
     let mut serialized: Vec<u8> = Vec::new();
 
     serialized.append(&mut fr_to_bytes_le(&rln_witness.identity_secret));
+    serialized.append(&mut fr_to_bytes_le(&rln_witness.user_message_limit));
+    serialized.append(&mut fr_to_bytes_le(&rln_witness.message_id));
     serialized.append(&mut vec_fr_to_bytes_le(&rln_witness.path_elements)?);
     serialized.append(&mut vec_u8_to_bytes_le(&rln_witness.identity_path_index)?);
     serialized.append(&mut fr_to_bytes_le(&rln_witness.x));
-    serialized.append(&mut fr_to_bytes_le(&rln_witness.epoch));
-    serialized.append(&mut fr_to_bytes_le(&rln_witness.rln_identifier));
+    serialized.append(&mut fr_to_bytes_le(&rln_witness.external_nullifier));
 
     Ok(serialized)
 }
 
+/// Deserializes witness
+///
+/// # Errors
+///
+/// Returns an error if `message_id` is not within `user_message_limit`.
 pub fn deserialize_witness(serialized: &[u8]) -> Result<(RLNWitnessInput, usize)> {
     let mut all_read: usize = 0;
 
     let (identity_secret, read) = bytes_le_to_fr(&serialized[all_read..]);
     all_read += read;
 
+    let (user_message_limit, read) = bytes_le_to_fr(&serialized[all_read..]);
+    all_read += read;
+
+    let (message_id, read) = bytes_le_to_fr(&serialized[all_read..]);
+    all_read += read;
+
+    message_id_range_check(&message_id, &user_message_limit)?;
+
     let (path_elements, read) = bytes_le_to_vec_fr(&serialized[all_read..])?;
     all_read += read;
 
@@ -118,13 +139,9 @@ pub fn deserialize_witness(serialized: &[u8]) -> Result<(RLNWitnessInput, usize)
     let (x, read) = bytes_le_to_fr(&serialized[all_read..]);
     all_read += read;
 
-    let (epoch, read) = bytes_le_to_fr(&serialized[all_read..]);
+    let (external_nullifier, read) = bytes_le_to_fr(&serialized[all_read..]);
     all_read += read;
 
-    let (rln_identifier, read) = bytes_le_to_fr(&serialized[all_read..]);
-    all_read += read;
-
-    // TODO: check rln_identifier against public::RLN_IDENTIFIER
     if serialized.len() != all_read {
         return Err(Report::msg("serialized length is not equal to all_read"));
     }
@@ -135,8 +152,9 @@ pub fn deserialize_witness(serialized: &[u8]) -> Result<(RLNWitnessInput, usize)
             path_elements,
             identity_path_index,
             x,
-            epoch,
-            rln_identifier,
+            external_nullifier,
+            user_message_limit,
+            message_id,
         },
         all_read,
     ))
@@ -144,7 +162,7 @@ pub fn deserialize_witness(serialized: &[u8]) -> Result<(RLNWitnessInput, usize)
 
 // This function deserializes input for kilic's rln generate_proof public API
 // https://github.com/kilic/rln/blob/7ac74183f8b69b399e3bc96c1ae8ab61c026dc43/src/public.rs#L148
-// input_data is [ identity_secret<32> | id_index<8> | epoch<32> | signal_len<8> | signal<var> ]
+// input_data is [ identity_secret<32> | id_index<8> | user_message_limit<32> | message_id<32> | signal_len<8> | signal<var> ]
 // return value is a rln witness populated according to this information
 pub fn proof_inputs_to_rln_witness(
     tree: &mut PoseidonTree,
@@ -160,7 +178,13 @@ pub fn proof_inputs_to_rln_witness(
     ))?;
     all_read += 8;
 
-    let (epoch, read) = bytes_le_to_fr(&serialized[all_read..]);
+    let (user_message_limit, read) = bytes_le_to_fr(&serialized[all_read..]);
+    all_read += read;
+
+    let (message_id, read) = bytes_le_to_fr(&serialized[all_read..]);
+    all_read += read;
+
+    let (external_nullifier, read) = bytes_le_to_fr(&serialized[all_read..]);
     all_read += read;
 
     let signal_len = usize::try_from(u64::from_le_bytes(
@@ -176,37 +200,47 @@ pub fn proof_inputs_to_rln_witness(
 
     let x = hash_to_field(&signal);
 
-    let rln_identifier = hash_to_field(RLN_IDENTIFIER);
-
     Ok((
         RLNWitnessInput {
             identity_secret,
             path_elements,
             identity_path_index,
+            user_message_limit,
+            message_id,
             x,
-            epoch,
-            rln_identifier,
+            external_nullifier,
         },
         all_read,
     ))
 }
 
+/// Returns `RLNWitnessInput` given a file with JSON serialized values.
+///
+/// # Errors
+///
+/// Returns an error if `message_id` is not within `user_message_limit`.
 pub fn rln_witness_from_json(input_json_str: &str) -> Result<RLNWitnessInput> {
     let input_json: serde_json::Value =
         serde_json::from_str(input_json_str).expect("JSON was not well-formatted");
 
-    let identity_secret = str_to_fr(&input_json["identity_secret"].to_string(), 10)?;
+    let user_message_limit = str_to_fr(&input_json["userMessageLimit"].to_string(), 10)?;
 
-    let path_elements = input_json["path_elements"]
+    let message_id = str_to_fr(&input_json["messageId"].to_string(), 10)?;
+
+    message_id_range_check(&message_id, &user_message_limit)?;
+
+    let identity_secret = str_to_fr(&input_json["identitySecret"].to_string(), 10)?;
+
+    let path_elements = input_json["pathElements"]
         .as_array()
         .ok_or(Report::msg("not an array"))?
         .iter()
         .map(|v| str_to_fr(&v.to_string(), 10))
         .collect::<Result<_>>()?;
 
-    let identity_path_index_array = input_json["identity_path_index"]
+    let identity_path_index_array = input_json["identityPathIndex"]
         .as_array()
-        .ok_or(Report::msg("not an arrray"))?;
+        .ok_or(Report::msg("not an array"))?;
 
     let mut identity_path_index: Vec<u8> = vec![];
 
@@ -216,41 +250,46 @@ pub fn rln_witness_from_json(input_json_str: &str) -> Result<RLNWitnessInput> {
 
     let x = str_to_fr(&input_json["x"].to_string(), 10)?;
 
-    let epoch = str_to_fr(&input_json["epoch"].to_string(), 16)?;
-
-    let rln_identifier = str_to_fr(&input_json["rln_identifier"].to_string(), 10)?;
-
-    // TODO: check rln_identifier against public::RLN_IDENTIFIER
+    let external_nullifier = str_to_fr(&input_json["externalNullifier"].to_string(), 10)?;
 
     Ok(RLNWitnessInput {
         identity_secret,
         path_elements,
         identity_path_index,
         x,
-        epoch,
-        rln_identifier,
+        external_nullifier,
+        user_message_limit,
+        message_id,
     })
 }
 
+/// Creates `RLNWitnessInput` from it's fields.
+///
+/// # Errors
+///
+/// Returns an error if `message_id` is not within `user_message_limit`.
 pub fn rln_witness_from_values(
     identity_secret: Fr,
     merkle_proof: &MerkleProof,
     x: Fr,
-    epoch: Fr,
-    //rln_identifier: Fr,
-) -> RLNWitnessInput {
+    external_nullifier: Fr,
+    user_message_limit: Fr,
+    message_id: Fr,
+) -> Result<RLNWitnessInput> {
+    message_id_range_check(&message_id, &user_message_limit)?;
+
     let path_elements = merkle_proof.get_path_elements();
     let identity_path_index = merkle_proof.get_path_index();
-    let rln_identifier = hash_to_field(RLN_IDENTIFIER);
 
-    RLNWitnessInput {
+    Ok(RLNWitnessInput {
         identity_secret,
         path_elements,
         identity_path_index,
         x,
-        epoch,
-        rln_identifier,
-    }
+        external_nullifier,
+        user_message_limit,
+        message_id,
+    })
 }
 
 pub fn random_rln_witness(tree_height: usize) -> RLNWitnessInput {
@@ -269,21 +308,26 @@ pub fn random_rln_witness(tree_height: usize) -> RLNWitnessInput {
         identity_path_index.push(rng.gen_range(0..2) as u8);
     }
 
+    let user_message_limit = Fr::from(100);
+    let message_id = Fr::from(1);
+
     RLNWitnessInput {
         identity_secret,
         path_elements,
         identity_path_index,
         x,
-        epoch,
-        rln_identifier,
+        external_nullifier: poseidon_hash(&[epoch, rln_identifier]),
+        user_message_limit,
+        message_id,
     }
 }
 
-pub fn proof_values_from_witness(rln_witness: &RLNWitnessInput) -> RLNProofValues {
+pub fn proof_values_from_witness(rln_witness: &RLNWitnessInput) -> Result<RLNProofValues> {
+    message_id_range_check(&rln_witness.message_id, &rln_witness.user_message_limit)?;
+
     // y share
-    let external_nullifier = poseidon_hash(&[rln_witness.epoch, rln_witness.rln_identifier]);
     let a_0 = rln_witness.identity_secret;
-    let a_1 = poseidon_hash(&[a_0, external_nullifier]);
+    let a_1 = poseidon_hash(&[a_0, rln_witness.external_nullifier, rln_witness.message_id]);
     let y = a_0 + rln_witness.x * a_1;
 
     // Nullifier
@@ -292,30 +336,28 @@ pub fn proof_values_from_witness(rln_witness: &RLNWitnessInput) -> RLNProofValue
     // Merkle tree root computations
     let root = compute_tree_root(
         &rln_witness.identity_secret,
+        &rln_witness.user_message_limit,
         &rln_witness.path_elements,
         &rln_witness.identity_path_index,
-        true,
     );
 
-    RLNProofValues {
+    Ok(RLNProofValues {
         y,
         nullifier,
         root,
         x: rln_witness.x,
-        epoch: rln_witness.epoch,
-        rln_identifier: rln_witness.rln_identifier,
-    }
+        external_nullifier: rln_witness.external_nullifier,
+    })
 }
 
 pub fn serialize_proof_values(rln_proof_values: &RLNProofValues) -> Vec<u8> {
     let mut serialized: Vec<u8> = Vec::new();
 
     serialized.append(&mut fr_to_bytes_le(&rln_proof_values.root));
-    serialized.append(&mut fr_to_bytes_le(&rln_proof_values.epoch));
+    serialized.append(&mut fr_to_bytes_le(&rln_proof_values.external_nullifier));
     serialized.append(&mut fr_to_bytes_le(&rln_proof_values.x));
     serialized.append(&mut fr_to_bytes_le(&rln_proof_values.y));
     serialized.append(&mut fr_to_bytes_le(&rln_proof_values.nullifier));
-    serialized.append(&mut fr_to_bytes_le(&rln_proof_values.rln_identifier));
 
     serialized
 }
@@ -328,7 +370,7 @@ pub fn deserialize_proof_values(serialized: &[u8]) -> (RLNProofValues, usize) {
     let (root, read) = bytes_le_to_fr(&serialized[all_read..]);
     all_read += read;
 
-    let (epoch, read) = bytes_le_to_fr(&serialized[all_read..]);
+    let (external_nullifier, read) = bytes_le_to_fr(&serialized[all_read..]);
     all_read += read;
 
     let (x, read) = bytes_le_to_fr(&serialized[all_read..]);
@@ -340,17 +382,13 @@ pub fn deserialize_proof_values(serialized: &[u8]) -> (RLNProofValues, usize) {
     let (nullifier, read) = bytes_le_to_fr(&serialized[all_read..]);
     all_read += read;
 
-    let (rln_identifier, read) = bytes_le_to_fr(&serialized[all_read..]);
-    all_read += read;
-
     (
         RLNProofValues {
             y,
             nullifier,
             root,
             x,
-            epoch,
-            rln_identifier,
+            external_nullifier,
         },
         all_read,
     )
@@ -359,14 +397,14 @@ pub fn deserialize_proof_values(serialized: &[u8]) -> (RLNProofValues, usize) {
 pub fn prepare_prove_input(
     identity_secret: Fr,
     id_index: usize,
-    epoch: Fr,
+    external_nullifier: Fr,
     signal: &[u8],
 ) -> Vec<u8> {
     let mut serialized: Vec<u8> = Vec::new();
 
     serialized.append(&mut fr_to_bytes_le(&identity_secret));
     serialized.append(&mut normalize_usize(id_index));
-    serialized.append(&mut fr_to_bytes_le(&epoch));
+    serialized.append(&mut fr_to_bytes_le(&external_nullifier));
     serialized.append(&mut normalize_usize(signal.len()));
     serialized.append(&mut signal.to_vec());
 
@@ -389,15 +427,13 @@ pub fn prepare_verify_input(proof_data: Vec<u8>, signal: &[u8]) -> Vec<u8> {
 ///////////////////////////////////////////////////////
 
 pub fn compute_tree_root(
-    leaf: &Fr,
+    identity_secret: &Fr,
+    user_message_limit: &Fr,
     path_elements: &[Fr],
     identity_path_index: &[u8],
-    hash_leaf: bool,
 ) -> Fr {
-    let mut root = *leaf;
-    if hash_leaf {
-        root = poseidon_hash(&[root]);
-    }
+    let id_commitment = poseidon_hash(&[*identity_secret]);
+    let mut root = poseidon_hash(&[id_commitment, *user_message_limit]);
 
     for i in 0..identity_path_index.len() {
         if identity_path_index[i] == 0 {
@@ -488,11 +524,7 @@ pub fn extended_seeded_keygen(signal: &[u8]) -> (Fr, Fr, Fr, Fr) {
     )
 }
 
-pub fn compute_id_secret(
-    share1: (Fr, Fr),
-    share2: (Fr, Fr),
-    external_nullifier: Fr,
-) -> Result<Fr, String> {
+pub fn compute_id_secret(share1: (Fr, Fr), share2: (Fr, Fr)) -> Result<Fr, String> {
     // Assuming a0 is the identity secret and a1 = poseidonHash([a0, external_nullifier]),
     // a (x,y) share satisfies the following relation
     // y = a_0 + x * a_1
@@ -506,14 +538,7 @@ pub fn compute_id_secret(
     let a_0 = y1 - x1 * a_1;
 
     // If shares come from the same polynomial, a0 is correctly recovered and a1 = poseidonHash([a0, external_nullifier])
-    let computed_a_1 = poseidon_hash(&[a_0, external_nullifier]);
-
-    if a_1 == computed_a_1 {
-        // We successfully recovered the identity secret
-        Ok(a_0)
-    } else {
-        Err("Cannot recover identity_secret_hash from provided shares".into())
-    }
+    Ok(a_0)
 }
 
 ///////////////////////////////////////////////////////
@@ -594,10 +619,17 @@ pub fn generate_proof_with_witness(
     Ok(proof)
 }
 
+/// Formats inputs for witness calculation
+///
+/// # Errors
+///
+/// Returns an error if `rln_witness.message_id` is not within `rln_witness.user_message_limit`.
 pub fn inputs_for_witness_calculation(
     rln_witness: &RLNWitnessInput,
-) -> Result<[(&str, Vec<BigInt>); 6]> {
-    // We confert the path indexes to field elements
+) -> Result<[(&str, Vec<BigInt>); 7]> {
+    message_id_range_check(&rln_witness.message_id, &rln_witness.user_message_limit)?;
+
+    // We convert the path indexes to field elements
     // TODO: check if necessary
     let mut path_elements = Vec::new();
 
@@ -613,16 +645,20 @@ pub fn inputs_for_witness_calculation(
 
     Ok([
         (
-            "identity_secret",
+            "identitySecret",
             vec![to_bigint(&rln_witness.identity_secret)?],
         ),
-        ("path_elements", path_elements),
-        ("identity_path_index", identity_path_index),
-        ("x", vec![to_bigint(&rln_witness.x)?]),
-        ("epoch", vec![to_bigint(&rln_witness.epoch)?]),
         (
-            "rln_identifier",
-            vec![to_bigint(&rln_witness.rln_identifier)?],
+            "userMessageLimit",
+            vec![to_bigint(&rln_witness.user_message_limit)?],
+        ),
+        ("messageId", vec![to_bigint(&rln_witness.message_id)?]),
+        ("pathElements", path_elements),
+        ("identityPathIndex", identity_path_index),
+        ("x", vec![to_bigint(&rln_witness.x)?]),
+        (
+            "externalNullifier",
+            vec![to_bigint(&rln_witness.external_nullifier)?],
         ),
     ])
 }
@@ -671,7 +707,6 @@ pub fn generate_proof(
     // If in debug mode, we measure and later print time take to compute proof
     #[cfg(debug_assertions)]
     let now = Instant::now();
-
     let proof = Groth16::<_, CircomReduction>::create_proof_with_reduction_and_matrices(
         &proving_key.0,
         r,
@@ -705,8 +740,7 @@ pub fn verify_proof(
         proof_values.root,
         proof_values.nullifier,
         proof_values.x,
-        proof_values.epoch,
-        proof_values.rln_identifier,
+        proof_values.external_nullifier,
     ];
 
     // Check that the proof is valid
@@ -729,7 +763,13 @@ pub fn verify_proof(
 ///
 /// Returns a JSON object containing the inputs necessary to calculate
 /// the witness with CIRCOM on javascript
+///
+/// # Errors
+///
+/// Returns an error if `rln_witness.message_id` is not within `rln_witness.user_message_limit`.
 pub fn get_json_inputs(rln_witness: &RLNWitnessInput) -> Result<serde_json::Value> {
+    message_id_range_check(&rln_witness.message_id, &rln_witness.user_message_limit)?;
+
     let mut path_elements = Vec::new();
 
     for v in rln_witness.path_elements.iter() {
@@ -743,13 +783,23 @@ pub fn get_json_inputs(rln_witness: &RLNWitnessInput) -> Result<serde_json::Valu
         .for_each(|v| identity_path_index.push(BigInt::from(*v).to_str_radix(10)));
 
     let inputs = serde_json::json!({
-        "identity_secret": to_bigint(&rln_witness.identity_secret)?.to_str_radix(10),
-        "path_elements": path_elements,
-        "identity_path_index": identity_path_index,
+        "identitySecret": to_bigint(&rln_witness.identity_secret)?.to_str_radix(10),
+        "userMessageLimit": to_bigint(&rln_witness.user_message_limit)?.to_str_radix(10),
+        "messageId": to_bigint(&rln_witness.message_id)?.to_str_radix(10),
+        "pathElements": path_elements,
+        "identityPathIndex": identity_path_index,
         "x": to_bigint(&rln_witness.x)?.to_str_radix(10),
-        "epoch":  format!("0x{:064x}", to_bigint(&rln_witness.epoch)?),
-        "rln_identifier": to_bigint(&rln_witness.rln_identifier)?.to_str_radix(10),
+        "externalNullifier":  to_bigint(&rln_witness.external_nullifier)?.to_str_radix(10),
     });
 
     Ok(inputs)
 }
+
+pub fn message_id_range_check(message_id: &Fr, user_message_limit: &Fr) -> Result<()> {
+    if message_id > user_message_limit {
+        return Err(color_eyre::Report::msg(
+            "message_id is not within user_message_limit",
+        ));
+    }
+    Ok(())
+}

rln/src/utils.rs

@@ -8,7 +8,7 @@ use num_traits::Num;
 use std::iter::Extend;
 
 pub fn to_bigint(el: &Fr) -> Result<BigInt> {
-    let res: BigUint = (*el).try_into()?;
+    let res: BigUint = (*el).into();
     Ok(res.into())
 }
 
@@ -28,10 +28,10 @@ pub fn str_to_fr(input: &str, radix: u32) -> Result<Fr> {
     input_clean = input_clean.trim().to_string();
 
     if radix == 10 {
-        Ok(BigUint::from_str_radix(&input_clean, radix)?.try_into()?)
+        Ok(BigUint::from_str_radix(&input_clean, radix)?.into())
     } else {
         input_clean = input_clean.replace("0x", "");
-        Ok(BigUint::from_str_radix(&input_clean, radix)?.try_into()?)
+        Ok(BigUint::from_str_radix(&input_clean, radix)?.into())
     }
 }
 

rln/tests/ffi.rs

@@ -37,7 +37,7 @@ mod test {
 
         // We first add leaves one by one specifying the index
         for (i, leaf) in leaves.iter().enumerate() {
-            // We prepare id_commitment and we set the leaf at provided index
+            // We prepare the rate_commitment and we set the leaf at provided index
             let leaf_ser = fr_to_bytes_le(&leaf);
             let input_buffer = &Buffer::from(leaf_ser.as_ref());
             let success = set_leaf(rln_pointer, i, input_buffer);
@@ -352,10 +352,12 @@ mod test {
 
         // generate identity
         let identity_secret_hash = hash_to_field(b"test-merkle-proof");
-        let id_commitment = utils_poseidon_hash(&vec![identity_secret_hash]);
+        let id_commitment = utils_poseidon_hash(&[identity_secret_hash]);
+        let user_message_limit = Fr::from(100);
+        let rate_commitment = utils_poseidon_hash(&[id_commitment, user_message_limit]);
 
         // We prepare id_commitment and we set the leaf at provided index
-        let leaf_ser = fr_to_bytes_le(&id_commitment);
+        let leaf_ser = fr_to_bytes_le(&rate_commitment);
         let input_buffer = &Buffer::from(leaf_ser.as_ref());
         let success = set_leaf(rln_pointer, leaf_index, input_buffer);
         assert!(success, "set leaf call failed");
@@ -368,6 +370,21 @@ mod test {
         let result_data = <&[u8]>::from(&output_buffer).to_vec();
         let (root, _) = bytes_le_to_fr(&result_data);
 
+        use ark_ff::BigInt;
+
+        if TEST_TREE_HEIGHT == 20 {
+            assert_eq!(
+                root,
+                BigInt([
+                    4939322235247991215,
+                    5110804094006647505,
+                    4427606543677101242,
+                    910933464535675827
+                ])
+                .into()
+            );
+        }
+
         // We obtain the Merkle tree root
         let mut output_buffer = MaybeUninit::<Buffer>::uninit();
         let success = get_proof(rln_pointer, leaf_index, output_buffer.as_mut_ptr());
@@ -460,8 +477,7 @@ mod test {
         let mut expected_identity_path_index: Vec<u8> =
             vec![1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
 
-        // We add the remaining elements for the case TEST_TREE_HEIGHT = 19
-        if TEST_TREE_HEIGHT == 19 || TEST_TREE_HEIGHT == 20 {
+        if TEST_TREE_HEIGHT == 20 {
             expected_path_elements.append(&mut vec![
                 str_to_fr(
                     "0x22f98aa9ce704152ac17354914ad73ed1167ae6596af510aa5b3649325e06c92",
@@ -500,8 +516,12 @@ mod test {
         assert_eq!(identity_path_index, expected_identity_path_index);
 
         // We double check that the proof computed from public API is correct
-        let root_from_proof =
-            compute_tree_root(&id_commitment, &path_elements, &identity_path_index, false);
+        let root_from_proof = compute_tree_root(
+            &identity_secret_hash,
+            &user_message_limit,
+            &path_elements,
+            &identity_path_index,
+        );
 
         assert_eq!(root, root_from_proof);
     }
@@ -529,7 +549,7 @@ mod test {
         for _ in 0..sample_size {
             // We generate random witness instances and relative proof values
             let rln_witness = random_rln_witness(tree_height);
-            let proof_values = proof_values_from_witness(&rln_witness);
+            let proof_values = proof_values_from_witness(&rln_witness).unwrap();
 
             // We prepare id_commitment and we set the leaf at provided index
             let rln_witness_ser = serialize_witness(&rln_witness).unwrap();
@@ -598,7 +618,9 @@ mod test {
         circom_file
             .read_exact(&mut circom_buffer)
             .expect("buffer overflow");
-
+        #[cfg(feature = "arkzkey")]
+        let zkey_path = format!("./resources/tree_height_{TEST_TREE_HEIGHT}/rln_final.arkzkey");
+        #[cfg(not(feature = "arkzkey"))]
         let zkey_path = format!("./resources/tree_height_{TEST_TREE_HEIGHT}/rln_final.zkey");
         let mut zkey_file = File::open(&zkey_path).expect("no file found");
         let metadata = std::fs::metadata(&zkey_path).expect("unable to read metadata");
@@ -650,12 +672,15 @@ mod test {
     fn test_rln_proof_ffi() {
         let tree_height = TEST_TREE_HEIGHT;
         let no_of_leaves = 256;
+        let user_message_limit = Fr::from(100);
 
         // We generate a vector of random leaves
         let mut leaves: Vec<Fr> = Vec::new();
         let mut rng = thread_rng();
         for _ in 0..no_of_leaves {
-            leaves.push(Fr::rand(&mut rng));
+            let id_commitment = Fr::rand(&mut rng);
+            let rate_commitment = utils_poseidon_hash(&[id_commitment, Fr::from(100)]);
+            leaves.push(rate_commitment);
         }
 
         // We create a RLN instance
@@ -681,12 +706,6 @@ mod test {
         let (identity_secret_hash, read) = bytes_le_to_fr(&result_data);
         let (id_commitment, _) = bytes_le_to_fr(&result_data[read..].to_vec());
 
-        // We set as leaf id_commitment, its index would be equal to no_of_leaves
-        let leaf_ser = fr_to_bytes_le(&id_commitment);
-        let input_buffer = &Buffer::from(leaf_ser.as_ref());
-        let success = set_next_leaf(rln_pointer, input_buffer);
-        assert!(success, "set next leaf call failed");
-
         let identity_index: usize = no_of_leaves;
 
         // We generate a random signal
@@ -695,13 +714,26 @@ mod test {
 
         // We generate a random epoch
         let epoch = hash_to_field(b"test-epoch");
+        let rln_identifier = hash_to_field(b"test-rln-identifier");
+        let external_nullifier = utils_poseidon_hash(&[epoch, rln_identifier]);
+
+        let message_id = Fr::from(0);
+        let rate_commitment = utils_poseidon_hash(&[id_commitment, user_message_limit]);
+
+        // We set as leaf rate_commitment, its index would be equal to no_of_leaves
+        let leaf_ser = fr_to_bytes_le(&rate_commitment);
+        let input_buffer = &Buffer::from(leaf_ser.as_ref());
+        let success = set_next_leaf(rln_pointer, input_buffer);
+        assert!(success, "set next leaf call failed");
 
         // We prepare input for generate_rln_proof API
-        // input_data is [ identity_secret<32> | id_index<8> | epoch<32> | signal_len<8> | signal<var> ]
+        // input_data is [ identity_secret<32> | id_index<8> | user_message_limit<32> | message_id<32> | external_nullifier<32> | signal_len<8> | signal<var> ]
         let mut serialized: Vec<u8> = Vec::new();
         serialized.append(&mut fr_to_bytes_le(&identity_secret_hash));
         serialized.append(&mut normalize_usize(identity_index));
-        serialized.append(&mut fr_to_bytes_le(&epoch));
+        serialized.append(&mut fr_to_bytes_le(&user_message_limit));
+        serialized.append(&mut fr_to_bytes_le(&message_id));
+        serialized.append(&mut fr_to_bytes_le(&external_nullifier));
         serialized.append(&mut normalize_usize(signal.len()));
         serialized.append(&mut signal.to_vec());
 
@@ -735,6 +767,7 @@ mod test {
         // First part similar to test_rln_proof_ffi
         let tree_height = TEST_TREE_HEIGHT;
         let no_of_leaves = 256;
+        let user_message_limit = Fr::from(100);
 
         // We generate a vector of random leaves
         let mut leaves: Vec<Fr> = Vec::new();
@@ -765,12 +798,7 @@ mod test {
         let result_data = <&[u8]>::from(&output_buffer).to_vec();
         let (identity_secret_hash, read) = bytes_le_to_fr(&result_data);
         let (id_commitment, _) = bytes_le_to_fr(&result_data[read..].to_vec());
-
-        // We set as leaf id_commitment, its index would be equal to no_of_leaves
-        let leaf_ser = fr_to_bytes_le(&id_commitment);
-        let input_buffer = &Buffer::from(leaf_ser.as_ref());
-        let success = set_next_leaf(rln_pointer, input_buffer);
-        assert!(success, "set next leaf call failed");
+        let rate_commitment = utils_poseidon_hash(&[id_commitment, user_message_limit]);
 
         let identity_index: usize = no_of_leaves;
 
@@ -780,13 +808,26 @@ mod test {
 
         // We generate a random epoch
         let epoch = hash_to_field(b"test-epoch");
+        let rln_identifier = hash_to_field(b"test-rln-identifier");
+        let external_nullifier = utils_poseidon_hash(&[epoch, rln_identifier]);
+
+        let user_message_limit = Fr::from(100);
+        let message_id = Fr::from(0);
+
+        // We set as leaf rate_commitment, its index would be equal to no_of_leaves
+        let leaf_ser = fr_to_bytes_le(&rate_commitment);
+        let input_buffer = &Buffer::from(leaf_ser.as_ref());
+        let success = set_next_leaf(rln_pointer, input_buffer);
+        assert!(success, "set next leaf call failed");
 
         // We prepare input for generate_rln_proof API
-        // input_data is [ identity_secret<32> | id_index<8> | epoch<32> | signal_len<8> | signal<var> ]
+        // input_data is [ identity_secret<32> | id_index<8> | user_message_limit<32> | message_id<32> | external_nullifier<32> | signal_len<8> | signal<var> ]
         let mut serialized: Vec<u8> = Vec::new();
         serialized.append(&mut fr_to_bytes_le(&identity_secret_hash));
         serialized.append(&mut normalize_usize(identity_index));
-        serialized.append(&mut fr_to_bytes_le(&epoch));
+        serialized.append(&mut fr_to_bytes_le(&user_message_limit));
+        serialized.append(&mut fr_to_bytes_le(&message_id));
+        serialized.append(&mut fr_to_bytes_le(&external_nullifier));
         serialized.append(&mut normalize_usize(signal.len()));
         serialized.append(&mut signal.to_vec());
 
@@ -879,8 +920,12 @@ mod test {
         let (identity_secret_hash, read) = bytes_le_to_fr(&result_data);
         let (id_commitment, _) = bytes_le_to_fr(&result_data[read..].to_vec());
 
-        // We set as leaf id_commitment, its index would be equal to 0 since tree is empty
-        let leaf_ser = fr_to_bytes_le(&id_commitment);
+        let user_message_limit = Fr::from(100);
+        let message_id = Fr::from(0);
+        let rate_commitment = utils_poseidon_hash(&[id_commitment, user_message_limit]);
+
+        // We set as leaf rate_commitment, its index would be equal to 0 since tree is empty
+        let leaf_ser = fr_to_bytes_le(&rate_commitment);
         let input_buffer = &Buffer::from(leaf_ser.as_ref());
         let success = set_next_leaf(rln_pointer, input_buffer);
         assert!(success, "set next leaf call failed");
@@ -898,13 +943,17 @@ mod test {
 
         // We generate a random epoch
         let epoch = hash_to_field(b"test-epoch");
+        let rln_identifier = hash_to_field(b"test-rln-identifier");
+        let external_nullifier = utils_poseidon_hash(&[epoch, rln_identifier]);
 
         // We prepare input for generate_rln_proof API
         // input_data is [ identity_secret<32> | id_index<8> | epoch<32> | signal_len<8> | signal<var> ]
         let mut serialized1: Vec<u8> = Vec::new();
         serialized1.append(&mut fr_to_bytes_le(&identity_secret_hash));
         serialized1.append(&mut normalize_usize(identity_index));
-        serialized1.append(&mut fr_to_bytes_le(&epoch));
+        serialized1.append(&mut fr_to_bytes_le(&user_message_limit));
+        serialized1.append(&mut fr_to_bytes_le(&message_id));
+        serialized1.append(&mut fr_to_bytes_le(&external_nullifier));
 
         // The first part is the same for both proof input, so we clone
         let mut serialized2 = serialized1.clone();
@@ -966,9 +1015,10 @@ mod test {
         let result_data = <&[u8]>::from(&output_buffer).to_vec();
         let (identity_secret_hash_new, read) = bytes_le_to_fr(&result_data);
         let (id_commitment_new, _) = bytes_le_to_fr(&result_data[read..].to_vec());
+        let rate_commitment_new = utils_poseidon_hash(&[id_commitment_new, user_message_limit]);
 
         // We set as leaf id_commitment, its index would be equal to 1 since at 0 there is id_commitment
-        let leaf_ser = fr_to_bytes_le(&id_commitment_new);
+        let leaf_ser = fr_to_bytes_le(&rate_commitment_new);
         let input_buffer = &Buffer::from(leaf_ser.as_ref());
         let success = set_next_leaf(rln_pointer, input_buffer);
         assert!(success, "set next leaf call failed");
@@ -984,7 +1034,9 @@ mod test {
         let mut serialized: Vec<u8> = Vec::new();
         serialized.append(&mut fr_to_bytes_le(&identity_secret_hash_new));
         serialized.append(&mut normalize_usize(identity_index_new));
-        serialized.append(&mut fr_to_bytes_le(&epoch));
+        serialized.append(&mut fr_to_bytes_le(&user_message_limit));
+        serialized.append(&mut fr_to_bytes_le(&message_id));
+        serialized.append(&mut fr_to_bytes_le(&external_nullifier));
         serialized.append(&mut normalize_usize(signal3.len()));
         serialized.append(&mut signal3.to_vec());
 
@@ -1011,10 +1063,12 @@ mod test {
         assert!(success, "recover id secret call failed");
         let output_buffer = unsafe { output_buffer.assume_init() };
         let serialized_identity_secret_hash = <&[u8]>::from(&output_buffer).to_vec();
+        let (recovered_identity_secret_hash_new, _) =
+            bytes_le_to_fr(&serialized_identity_secret_hash);
 
-        // We passed two shares for different secrets, so recovery should be not successful
-        // To check it, we ensure that recovered identity secret hash is empty
-        assert!(serialized_identity_secret_hash.is_empty());
+        // ensure that the recovered secret does not match with either of the
+        // used secrets in proof generation
+        assert_ne!(recovered_identity_secret_hash_new, identity_secret_hash_new);
     }
 
     #[test]
@@ -1209,7 +1263,7 @@ mod test {
     }
 
     #[test]
-    fn test_metadata() {
+    fn test_valid_metadata() {
         // We create a RLN instance
         let tree_height = TEST_TREE_HEIGHT;
 
@@ -1235,4 +1289,25 @@ mod test {
 
         assert_eq!(result_data, seed_bytes.to_vec());
     }
+
+    #[test]
+    fn test_empty_metadata() {
+        // We create a RLN instance
+        let tree_height = TEST_TREE_HEIGHT;
+
+        let mut rln_pointer = MaybeUninit::<*mut RLN>::uninit();
+        let input_config = json!({ "resources_folder": TEST_RESOURCES_FOLDER }).to_string();
+        let input_buffer = &Buffer::from(input_config.as_bytes());
+        let success = new(tree_height, input_buffer, rln_pointer.as_mut_ptr());
+        assert!(success, "RLN object creation failed");
+        let rln_pointer = unsafe { &mut *rln_pointer.assume_init() };
+
+        let mut output_buffer = MaybeUninit::<Buffer>::uninit();
+        let success = get_metadata(rln_pointer, output_buffer.as_mut_ptr());
+        assert!(success, "get_metadata call failed");
+
+        let output_buffer = unsafe { output_buffer.assume_init() };
+
+        assert_eq!(output_buffer.len, 0);
+    }
 }

rln/tests/protocol.rs

@@ -1,8 +1,9 @@
 #[cfg(test)]
 mod test {
+    use ark_ff::BigInt;
+    use rln::circuit::zkey_from_folder;
     use rln::circuit::{
-        circom_from_folder, vk_from_folder, zkey_from_folder, Fr, TEST_RESOURCES_FOLDER,
-        TEST_TREE_HEIGHT,
+        circom_from_folder, vk_from_folder, Fr, TEST_RESOURCES_FOLDER, TEST_TREE_HEIGHT,
     };
     use rln::hashers::{hash_to_field, poseidon_hash};
     use rln::poseidon_tree::PoseidonTree;
@@ -13,152 +14,57 @@ mod test {
     type ConfigOf<T> = <T as ZerokitMerkleTree>::Config;
 
     // Input generated with https://github.com/oskarth/zk-kit/commit/b6a872f7160c7c14e10a0ea40acab99cbb23c9a8
-    const WITNESS_JSON_15: &str = r#"
-            {
-              "identity_secret": "12825549237505733615964533204745049909430608936689388901883576945030025938736",
-              "path_elements": [
-                "18622655742232062119094611065896226799484910997537830749762961454045300666333",
-                "20590447254980891299813706518821659736846425329007960381537122689749540452732",
-                "7423237065226347324353380772367382631490014989348495481811164164159255474657",
-                "11286972368698509976183087595462810875513684078608517520839298933882497716792",
-                "3607627140608796879659380071776844901612302623152076817094415224584923813162",
-                "19712377064642672829441595136074946683621277828620209496774504837737984048981",
-                "20775607673010627194014556968476266066927294572720319469184847051418138353016",
-                "3396914609616007258851405644437304192397291162432396347162513310381425243293",
-                "21551820661461729022865262380882070649935529853313286572328683688269863701601",
-                "6573136701248752079028194407151022595060682063033565181951145966236778420039",
-                "12413880268183407374852357075976609371175688755676981206018884971008854919922",
-                "14271763308400718165336499097156975241954733520325982997864342600795471836726",
-                "20066985985293572387227381049700832219069292839614107140851619262827735677018",
-                "9394776414966240069580838672673694685292165040808226440647796406499139370960",
-                "11331146992410411304059858900317123658895005918277453009197229807340014528524"
-              ],
-              "identity_path_index": [
-                1,
-                1,
-                0,
-                0,
-                0,
-                0,
-                0,
-                0,
-                0,
-                0,
-                0,
-                0,
-                0,
-                0,
-                0
-              ],
-              "x": "8143228284048792769012135629627737459844825626241842423967352803501040982",
-              "epoch": "0x0000005b612540fc986b42322f8cb91c2273afad58ed006fdba0c97b4b16b12f",
-              "rln_identifier": "11412926387081627876309792396682864042420635853496105400039841573530884328439"
-            }
-        "#;
-
-    // Input generated with protocol::random_rln_witness
-    const WITNESS_JSON_19: &str = r#"
-            {
-              "identity_secret": "922538810348594125658702672067738675294669207539999802857585668079702330450",
-              "path_elements": [
-                  "16059714054680148404543504061485737353203416489071538960876865983954285286166",
-                  "3041470753871943901334053763207316028823782848445723460227667780327106380356",
-                  "2557297527793326315072058421057853700096944625924483912548759909801348042183",
-                  "6677578602456189582427063963562590713054668181987223110955234085327917303436",
-                  "2250827150965576973906150764756422151438812678308727218463995574869267980301",
-                  "1895457427602709606993445561553433669787657053834360973759981803464906070980",
-                  "11033689991077061346803816826729204895841441316315304395980565540264104346466",
-                  "18588752216879570844240300406954267039026327526134910835334500497981810174976",
-                  "19346480964028499661277403659363466542857230928032088490855656809181891953123",
-                  "21460193770370072688835316363068413651465631481105148051902686770759127189327",
-                  "20906347653364838502964722817589315918082261023317339146393355650507243340078",
-                  "13466599592974387800162739317046838825289754472645703919149409009404541432954",
-                  "9617165663598957201253074168824246164494443748556931540348223968573884172285",
-                  "6936463137584425684797785981770877165377386163416057257854261010817156666898",
-                  "369902028235468424790098825415813437044876310542601948037281422841675126849",
-                  "13510969869821080499683463562609720931680005714401083864659516045615497273644",
-                  "2567921390740781421487331055530491683313154421589525170472201828596388395736",
-                  "14360870889466292805403568662660511177232987619663547772298178013674025998478",
-                  "4735344599616284973799984501493858013178071155960162022656706545116168334293"
-              ],
-              "identity_path_index": [
-                  1,
-                  0,
-                  1,
-                  0,
-                  1,
-                  1,
-                  0,
-                  0,
-                  1,
-                  1,
-                  1,
-                  0,
-                  0,
-                  0,
-                  1,
-                  0,
-                  1,
-                  1,
-                  0
-              ],
-              "x": "6427050788896290028100534859169645070970780055911091444144195464808120686416",
-              "epoch": "0x2bd155d9f85c741044da6909d144f9cc5ce8e0d545a9ed4921b156e8b8569bab",
-              "rln_identifier": "2193983000213424579594329476781986065965849144986973472766961413131458022566"
-            }
-        "#;
-
     const WITNESS_JSON_20: &str = r#"
             {
-              "identity_secret": "13732353453861280511150022598793312186188599006979552959297495195757997428306",
-              "path_elements": [
-                  "20463525608687844300981085488128968694844212760055234622292326942405619575964",
-                  "8040856403709217901175408904825741112286158901303127670929462145501210871313",
-                  "3776499751255585163563840252112871568402966629435152937692711318702338789837",
-                  "19415813252626942110541463414404411443562242499365750694284604341271149125679",
-                  "19414720788761208006634240390286942738242262010168559813148115573784354129237",
-                  "17680594732844291740094158892269696200077963275550625226493856898849422516043",
-                  "16009199741350632715210088346611798597033333293348807000623441780059543674510",
-                  "18743496911007535170857676824393811326863602477260615792503039058813338644738",
-                  "1029572792321380246989475723806770724699749375691788486434716005338938722216",
-                  "21713138150151063186050010182615713685603650963220209951496401043119768920892",
-                  "6713732504049401389983008178456811894856018247924860823028704114266363984580",
-                  "2746686888799473963221285145390361693256731812094259845879519459924507786594",
-                  "18620748467731297359505500266677881218553438497271819903304075323783392031715",
-                  "2446201221122671119406471414204229600430018713181038717206670749886932158104",
-                  "12037171942017611311954851302868199608036334625783560875426350283156617524597",
-                  "21798743392351780927808323348278035105395367759688979232116905142049921734349",
-                  "17450230289417496971557215666910229260621413088991137405744457922069827319039",
-                  "20936854099128086256353520300046664152516566958630447858438908748907198510485",
-                  "13513344965831154386658059617477268600255664386844920822248038939666265737046",
-                  "15546319496880899251450021422131511560001766832580480193115646510655765306630"
-
-              ],
-              "identity_path_index": [
-                  0,
-                  1,
-                  0,
-                  0,
-                  1,
-                  1,
-                  0,
-                  0,
-                  1,
-                  1,
-                  0,
-                  0,
-                  0,
-                  1,
-                  0,
-                  1,
-                  1,
-                  0,
-                  0,
-                  0
-              ],
-              "x": "18073935665561339809445069958310044423750771681863480888589546877024349720547",
-              "epoch": "0x147e4c23a43a1ddca78d94bcd28147f62ca74b3dc7e56bb0a314a954b9f0e567",
-              "rln_identifier": "2193983000213424579594329476781986065965849144986973472766961413131458022566"
+                "externalNullifier": "21074405743803627666274838159589343934394162804826017440941339048886754734203",
+                "identityPathIndex": [
+                    1,
+                    1,
+                    1,
+                    0,
+                    1,
+                    0,
+                    1,
+                    0,
+                    1,
+                    0,
+                    1,
+                    0,
+                    0,
+                    0,
+                    0,
+                    0,
+                    1,
+                    1,
+                    1,
+                    0
+                ],
+                "identitySecret": "2301650865650889795878889082892690584512243988708213561328369865554257051708",
+                "messageId": "1",
+                "pathElements": [
+                    "14082964758224722211945379872337797638951236517417253447686770846170014042825",
+                    "6628418579821163687428454604867534487917867918886059133241840211975892987309",
+                    "12745863228198753394445659605634840709296716381893463421165313830643281758511",
+                    "56118267389743063830320351452083247040583061493621478539311100137113963555",
+                    "3648731943306935051357703221473866306053186513730785325303257057776816073765",
+                    "10548621390442503192989374711060717107954536293658152583621924810330521179016",
+                    "11741160669079729961275351458682156164905457324981803454515784688429276743441",
+                    "17165464309215350864730477596846156251863702878546777829650812432906796008534",
+                    "18947162586829418653666557598416458949428989734998924978331450666032720066913",
+                    "8809427088917589399897132358419395928548406347152047718919154153577297139202",
+                    "6261460226929242970747566981077801929281729646713842579109271945192964422300",
+                    "13871468675790284383809887052382100311103716176061564908030808887079542722597",
+                    "10413964486611723004584705484327518190402370933255450052832412709168190985805",
+                    "3978387560092078849178760154060822400741873818692524912249877867958842934383",
+                    "14014915591348694328771517896715085647041518432952027841088176673715002508448",
+                    "17680675606519345547327984724173632294904524423937145835611954334756161077843",
+                    "17107175244885276119916848057745382329169223109661217238296871427531065458152",
+                    "18326186549441826262593357123467931475982067066825042001499291800252145875109",
+                    "7043961192177345916232559778383741091053414803377017307095275172896944935996",
+                    "2807630271073553218355393059254209097448243975722083008310815929736065268921"
+                ],
+                "userMessageLimit": "100",
+                "x": "20645213238265527935869146898028115621427162613172918400241870500502509785943"
             }
         "#;
 
@@ -170,7 +76,8 @@ mod test {
 
         // generate identity
         let identity_secret_hash = hash_to_field(b"test-merkle-proof");
-        let id_commitment = poseidon_hash(&vec![identity_secret_hash]);
+        let id_commitment = poseidon_hash(&[identity_secret_hash]);
+        let rate_commitment = poseidon_hash(&[id_commitment, 100.into()]);
 
         // generate merkle tree
         let default_leaf = Fr::from(0);
@@ -180,37 +87,21 @@ mod test {
             ConfigOf::<PoseidonTree>::default(),
         )
         .unwrap();
-        tree.set(leaf_index, id_commitment.into()).unwrap();
+        tree.set(leaf_index, rate_commitment.into()).unwrap();
 
         // We check correct computation of the root
         let root = tree.root();
 
-        if TEST_TREE_HEIGHT == 15 {
+        if TEST_TREE_HEIGHT == 20 {
             assert_eq!(
                 root,
-                str_to_fr(
-                    "0x1984f2e01184aef5cb974640898a5f5c25556554e2b06d99d4841badb8b198cd",
-                    16
-                )
-                .unwrap()
-            );
-        } else if TEST_TREE_HEIGHT == 19 {
-            assert_eq!(
-                root,
-                str_to_fr(
-                    "0x219ceb53f2b1b7a6cf74e80d50d44d68ecb4a53c6cc65b25593c8d56343fb1fe",
-                    16
-                )
-                .unwrap()
-            );
-        } else if TEST_TREE_HEIGHT == 20 {
-            assert_eq!(
-                root,
-                str_to_fr(
-                    "0x21947ffd0bce0c385f876e7c97d6a42eec5b1fe935aab2f01c1f8a8cbcc356d2",
-                    16
-                )
-                .unwrap()
+                BigInt([
+                    4939322235247991215,
+                    5110804094006647505,
+                    4427606543677101242,
+                    910933464535675827
+                ])
+                .into()
             );
         }
 
@@ -302,7 +193,7 @@ mod test {
             vec![1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
 
         // We add the remaining elements for the case TEST_TREE_HEIGHT = 20
-        if TEST_TREE_HEIGHT == 19 || TEST_TREE_HEIGHT == 20 {
+        if TEST_TREE_HEIGHT == 20 {
             expected_path_elements.append(&mut vec![
                 str_to_fr(
                     "0x22f98aa9ce704152ac17354914ad73ed1167ae6596af510aa5b3649325e06c92",
@@ -341,7 +232,7 @@ mod test {
         assert_eq!(identity_path_index, expected_identity_path_index);
 
         // We check correct verification of the proof
-        assert!(tree.verify(&id_commitment, &merkle_proof).unwrap());
+        assert!(tree.verify(&rate_commitment, &merkle_proof).unwrap());
     }
 
     #[test]
@@ -353,24 +244,12 @@ mod test {
         let builder = circom_from_folder(TEST_RESOURCES_FOLDER).unwrap();
 
         // We compute witness from the json input example
-        let mut witness_json: &str = "";
-
-        if TEST_TREE_HEIGHT == 15 {
-            witness_json = WITNESS_JSON_15;
-        } else if TEST_TREE_HEIGHT == 19 {
-            witness_json = WITNESS_JSON_19;
-        } else if TEST_TREE_HEIGHT == 20 {
-            witness_json = WITNESS_JSON_20;
-        }
-
-        let rln_witness = rln_witness_from_json(witness_json);
-
-        let rln_witness_unwrapped = rln_witness.unwrap();
+        let witness_json = WITNESS_JSON_20;
+        let rln_witness = rln_witness_from_json(witness_json).unwrap();
 
         // Let's generate a zkSNARK proof
-        let proof = generate_proof(builder, &proving_key, &rln_witness_unwrapped).unwrap();
-
-        let proof_values = proof_values_from_witness(&rln_witness_unwrapped);
+        let proof = generate_proof(builder, &proving_key, &rln_witness).unwrap();
+        let proof_values = proof_values_from_witness(&rln_witness).unwrap();
 
         // Let's verify the proof
         let verified = verify_proof(&verification_key, &proof, &proof_values);
@@ -386,6 +265,8 @@ mod test {
 
         // Generate identity pair
         let (identity_secret_hash, id_commitment) = keygen();
+        let user_message_limit = Fr::from(100);
+        let rate_commitment = poseidon_hash(&[id_commitment, user_message_limit]);
 
         //// generate merkle tree
         let default_leaf = Fr::from(0);
@@ -395,7 +276,7 @@ mod test {
             ConfigOf::<PoseidonTree>::default(),
         )
         .unwrap();
-        tree.set(leaf_index, id_commitment.into()).unwrap();
+        tree.set(leaf_index, rate_commitment.into()).unwrap();
 
         let merkle_proof = tree.proof(leaf_index).expect("proof should exist");
 
@@ -404,14 +285,18 @@ mod test {
 
         // We set the remaining values to random ones
         let epoch = hash_to_field(b"test-epoch");
-        //let rln_identifier = hash_to_field(b"test-rln-identifier");
+        let rln_identifier = hash_to_field(b"test-rln-identifier");
+        let external_nullifier = poseidon_hash(&[epoch, rln_identifier]);
 
         let rln_witness: RLNWitnessInput = rln_witness_from_values(
             identity_secret_hash,
             &merkle_proof,
             x,
-            epoch, /*, rln_identifier*/
-        );
+            external_nullifier,
+            user_message_limit,
+            Fr::from(1),
+        )
+        .unwrap();
 
         // We generate all relevant keys
         let proving_key = zkey_from_folder(TEST_RESOURCES_FOLDER).unwrap();
@@ -421,7 +306,7 @@ mod test {
         // Let's generate a zkSNARK proof
         let proof = generate_proof(builder, &proving_key, &rln_witness).unwrap();
 
-        let proof_values = proof_values_from_witness(&rln_witness);
+        let proof_values = proof_values_from_witness(&rln_witness).unwrap();
 
         // Let's verify the proof
         let success = verify_proof(&verification_key, &proof, &proof_values).unwrap();
@@ -432,15 +317,7 @@ mod test {
     #[test]
     fn test_witness_serialization() {
         // We test witness serialization
-        let mut witness_json: &str = "";
-
-        if TEST_TREE_HEIGHT == 15 {
-            witness_json = WITNESS_JSON_15;
-        } else if TEST_TREE_HEIGHT == 19 {
-            witness_json = WITNESS_JSON_19;
-        } else if TEST_TREE_HEIGHT == 20 {
-            witness_json = WITNESS_JSON_20;
-        }
+        let witness_json: &str = WITNESS_JSON_20;
 
         let rln_witness = rln_witness_from_json(witness_json).unwrap();
 
@@ -449,7 +326,7 @@ mod test {
         assert_eq!(rln_witness, deser);
 
         // We test Proof values serialization
-        let proof_values = proof_values_from_witness(&rln_witness);
+        let proof_values = proof_values_from_witness(&rln_witness).unwrap();
         let ser = serialize_proof_values(&proof_values);
         let (deser, _) = deserialize_proof_values(&ser);
         assert_eq!(proof_values, deser);

rln/tests/public.rs

@@ -1,5 +1,6 @@
 #[cfg(test)]
 mod test {
+    use ark_ff::BigInt;
     use ark_std::{rand::thread_rng, UniformRand};
     use rand::Rng;
     use rln::circuit::{Fr, TEST_RESOURCES_FOLDER, TEST_TREE_HEIGHT};
@@ -15,6 +16,7 @@ mod test {
     fn test_merkle_proof() {
         let tree_height = TEST_TREE_HEIGHT;
         let leaf_index = 3;
+        let user_message_limit = 1;
 
         let input_buffer =
             Cursor::new(json!({ "resources_folder": TEST_RESOURCES_FOLDER }).to_string());
@@ -23,9 +25,10 @@ mod test {
         // generate identity
         let identity_secret_hash = hash_to_field(b"test-merkle-proof");
         let id_commitment = utils_poseidon_hash(&vec![identity_secret_hash]);
+        let rate_commitment = utils_poseidon_hash(&[id_commitment, user_message_limit.into()]);
 
-        // We pass id_commitment as Read buffer to RLN's set_leaf
-        let mut buffer = Cursor::new(fr_to_bytes_le(&id_commitment));
+        // We pass rate_commitment as Read buffer to RLN's set_leaf
+        let mut buffer = Cursor::new(fr_to_bytes_le(&rate_commitment));
         rln.set_leaf(leaf_index, &mut buffer).unwrap();
 
         // We check correct computation of the root
@@ -33,32 +36,15 @@ mod test {
         rln.get_root(&mut buffer).unwrap();
         let (root, _) = bytes_le_to_fr(&buffer.into_inner());
 
-        if TEST_TREE_HEIGHT == 15 {
+        if TEST_TREE_HEIGHT == 20 {
             assert_eq!(
                 root,
-                str_to_fr(
-                    "0x1984f2e01184aef5cb974640898a5f5c25556554e2b06d99d4841badb8b198cd",
-                    16
-                )
-                .unwrap()
-            );
-        } else if TEST_TREE_HEIGHT == 19 {
-            assert_eq!(
-                root,
-                str_to_fr(
-                    "0x219ceb53f2b1b7a6cf74e80d50d44d68ecb4a53c6cc65b25593c8d56343fb1fe",
-                    16
-                )
-                .unwrap()
-            );
-        } else if TEST_TREE_HEIGHT == 20 {
-            assert_eq!(
-                root,
-                str_to_fr(
-                    "0x21947ffd0bce0c385f876e7c97d6a42eec5b1fe935aab2f01c1f8a8cbcc356d2",
-                    16
-                )
-                .unwrap()
+                Fr::from(BigInt([
+                    17110646155607829651,
+                    5040045984242729823,
+                    6965416728592533086,
+                    2328960363755461975
+                ]))
             );
         }
 
@@ -153,7 +139,7 @@ mod test {
             vec![1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
 
         // We add the remaining elements for the case TEST_TREE_HEIGHT = 20
-        if TEST_TREE_HEIGHT == 19 || TEST_TREE_HEIGHT == 20 {
+        if TEST_TREE_HEIGHT == 20 {
             expected_path_elements.append(&mut vec![
                 str_to_fr(
                     "0x22f98aa9ce704152ac17354914ad73ed1167ae6596af510aa5b3649325e06c92",
@@ -192,8 +178,12 @@ mod test {
         assert_eq!(identity_path_index, expected_identity_path_index);
 
         // We double check that the proof computed from public API is correct
-        let root_from_proof =
-            compute_tree_root(&id_commitment, &path_elements, &identity_path_index, false);
+        let root_from_proof = compute_tree_root(
+            &identity_secret_hash,
+            &user_message_limit.into(),
+            &path_elements,
+            &identity_path_index,
+        );
 
         assert_eq!(root, root_from_proof);
     }

semaphore/Cargo.toml

@@ -1,50 +0,0 @@
-[package]
-name = "semaphore-wrapper"
-version = "0.3.0"
-edition = "2021"
-license = "MIT OR Apache-2.0"
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
-[features]
-default = []
-dylib = [ "wasmer/dylib", "wasmer-engine-dylib", "wasmer-compiler-cranelift" ]
-
-[dependencies]
-ark-bn254 = { version = "0.3.0" }
-ark-circom = { git = "https://github.com/gakonst/ark-circom", features=["circom-2"], rev = "35ce5a9" }
-ark-ec = { version = "0.3.0", default-features = false, features = ["parallel"] }
-ark-groth16 = { git = "https://github.com/arkworks-rs/groth16", rev = "765817f", features = ["parallel"] }
-ark-relations = { version = "0.3.0", default-features = false }
-ark-std = { version = "0.3.0", default-features = false, features = ["parallel"] }
-color-eyre = "0.6.1"
-once_cell = "1.8"
-rand = "0.8.4"
-semaphore = { git = "https://github.com/worldcoin/semaphore-rs", rev = "ee658c2"}
-ethers-core = { version = "2.0.8", default-features = false }
-ruint = { version = "1.2.0", features = [ "serde", "num-bigint", "ark-ff" ] }
-serde = "1.0"
-thiserror = "1.0.0"
-wasmer = { version = "2.0" }
-
-[dev-dependencies]
-rand_chacha = "0.3.1"
-serde_json = "1.0.79"
-
-[build-dependencies]
-color-eyre = "0.6.1"
-wasmer = { version = "2.0" }
-wasmer-engine-dylib = { version = "2.2.1", optional = true }
-wasmer-compiler-cranelift = { version = "3.1.1", optional = true }
-
-[profile.release]
-codegen-units = 1
-lto = true
-panic = "abort"
-opt-level = 3
-
-# Compilation profile for any non-workspace member.
-# Dependencies are optimized, even in a dev build. This improves dev performance
-# while having neglible impact on incremental build times.
-[profile.dev.package."*"]
-opt-level = 3

semaphore/Makefile.toml

@@ -1,7 +0,0 @@
-[tasks.build]
-command = "cargo"
-args = ["build", "--release"]
-
-[tasks.test]
-command = "cargo"
-args = ["test", "--release"]

semaphore/README.md

@@ -1,18 +0,0 @@
-# Semaphore example package
-
-This is basically a wrapper around/copy of
-https://github.com/worldcoin/semaphore-rs to illustrate how e.g. RLN package
-can be structured like.
-
-Goal is also to provide a basic FFI around protocol.rs, which is currently not
-in scope for that project.
-
-See that project for more information.
-
-## Build and Test
-
-To build and test, run the following commands within the module folder
-```bash
-cargo make build
-cargo make test
-```

semaphore/build.rs

@@ -1,111 +0,0 @@
-// Adapted from semaphore-rs/build.rs
-use color_eyre::eyre::{eyre, Result};
-use std::{
-    path::{Component, Path, PathBuf},
-    process::Command,
-};
-
-const ZKEY_FILE: &str = "./vendor/semaphore/build/snark/semaphore_final.zkey";
-const WASM_FILE: &str = "./vendor/semaphore/build/snark/semaphore.wasm";
-
-// See <https://internals.rust-lang.org/t/path-to-lexical-absolute/14940>
-fn absolute(path: &str) -> Result<PathBuf> {
-    let path = Path::new(path);
-    let mut absolute = if path.is_absolute() {
-        PathBuf::new()
-    } else {
-        std::env::current_dir()?
-    };
-    for component in path.components() {
-        match component {
-            Component::CurDir => {}
-            Component::ParentDir => {
-                absolute.pop();
-            }
-            component => absolute.push(component.as_os_str()),
-        }
-    }
-    Ok(absolute)
-}
-
-fn build_circuit() -> Result<()> {
-    println!("cargo:rerun-if-changed=./vendor/semaphore");
-    let run = |cmd: &[&str]| -> Result<()> {
-        // TODO: Use ExitCode::exit_ok() when stable.
-        Command::new(cmd[0])
-            .args(cmd[1..].iter())
-            .current_dir("./vendor/semaphore")
-            .status()?
-            .success()
-            .then_some(())
-            .ok_or(eyre!("procees returned failure"))?;
-        Ok(())
-    };
-
-    // Compute absolute paths
-    let zkey_file = absolute(ZKEY_FILE)?;
-    let wasm_file = absolute(WASM_FILE)?;
-
-    // Build circuits if not exists
-    // TODO: This does not rebuild if the semaphore submodule is changed.
-    // NOTE: This requires npm / nodejs to be installed.
-    if !(zkey_file.exists() && wasm_file.exists()) {
-        run(&["npm", "install"])?;
-        run(&["npm", "exec", "ts-node", "./scripts/compile-circuits.ts"])?;
-    }
-    assert!(zkey_file.exists());
-    assert!(wasm_file.exists());
-
-    // Export generated paths
-    println!("cargo:rustc-env=BUILD_RS_ZKEY_FILE={}", zkey_file.display());
-    println!("cargo:rustc-env=BUILD_RS_WASM_FILE={}", wasm_file.display());
-
-    Ok(())
-}
-
-#[cfg(feature = "dylib")]
-fn build_dylib() -> Result<()> {
-    use enumset::enum_set;
-    use std::{env, str::FromStr};
-    use wasmer::{Module, Store, Target, Triple};
-    use wasmer_compiler_cranelift::Cranelift;
-    use wasmer_engine_dylib::Dylib;
-
-    let wasm_file = absolute(WASM_FILE)?;
-    assert!(wasm_file.exists());
-
-    let out_dir = env::var("OUT_DIR")?;
-    let out_dir = Path::new(&out_dir).to_path_buf();
-    let dylib_file = out_dir.join("semaphore.dylib");
-    println!(
-        "cargo:rustc-env=CIRCUIT_WASM_DYLIB={}",
-        dylib_file.display()
-    );
-
-    if dylib_file.exists() {
-        return Ok(());
-    }
-
-    // Create a WASM engine for the target that can compile
-    let triple = Triple::from_str(&env::var("TARGET")?).map_err(|e| eyre!(e))?;
-    let cpu_features = enum_set!();
-    let target = Target::new(triple, cpu_features);
-    let compiler_config = Cranelift::default();
-    let engine = Dylib::new(compiler_config).target(target).engine();
-
-    // Compile the WASM module
-    let store = Store::new(&engine);
-    let module = Module::from_file(&store, &wasm_file)?;
-    module.serialize_to_file(&dylib_file)?;
-    assert!(dylib_file.exists());
-    println!("cargo:warning=Circuit dylib is in {}", dylib_file.display());
-
-    Ok(())
-}
-
-fn main() -> Result<()> {
-    build_circuit()?;
-    #[cfg(feature = "dylib")]
-    build_dylib()?;
-    Ok(())
-}

semaphore/src/circuit.rs

@@ -1,79 +0,0 @@
-// Adapted from semaphore-rs/src/circuit.rs
-use ark_bn254::{Bn254, Fr};
-use ark_circom::{read_zkey, WitnessCalculator};
-use ark_groth16::ProvingKey;
-use ark_relations::r1cs::ConstraintMatrices;
-use core::include_bytes;
-use once_cell::sync::{Lazy, OnceCell};
-use std::{io::Cursor, sync::Mutex};
-use wasmer::{Module, Store};
-
-#[cfg(feature = "dylib")]
-use std::{env, path::Path};
-#[cfg(feature = "dylib")]
-use wasmer::Dylib;
-
-const ZKEY_BYTES: &[u8] = include_bytes!(env!("BUILD_RS_ZKEY_FILE"));
-
-#[cfg(not(feature = "dylib"))]
-const WASM: &[u8] = include_bytes!(env!("BUILD_RS_WASM_FILE"));
-
-static ZKEY: Lazy<(ProvingKey<Bn254>, ConstraintMatrices<Fr>)> = Lazy::new(|| {
-    let mut reader = Cursor::new(ZKEY_BYTES);
-    read_zkey(&mut reader).expect("zkey should be valid")
-});
-
-static WITNESS_CALCULATOR: OnceCell<Mutex<WitnessCalculator>> = OnceCell::new();
-
-/// Initialize the library.
-#[cfg(feature = "dylib")]
-pub fn initialize(dylib_path: &Path) {
-    WITNESS_CALCULATOR
-        .set(from_dylib(dylib_path))
-        .expect("Failed to initialize witness calculator");
-
-    // Force init of ZKEY
-    Lazy::force(&ZKEY);
-}
-
-#[cfg(feature = "dylib")]
-fn from_dylib(path: &Path) -> Mutex<WitnessCalculator> {
-    let store = Store::new(&Dylib::headless().engine());
-    // The module must be exported using [`Module::serialize`].
-    let module = unsafe {
-        Module::deserialize_from_file(&store, path).expect("Failed to load wasm dylib module")
-    };
-    let result =
-        WitnessCalculator::from_module(module).expect("Failed to create witness calculator");
-    Mutex::new(result)
-}
-
-#[must_use]
-pub fn zkey() -> &'static (ProvingKey<Bn254>, ConstraintMatrices<Fr>) {
-    &ZKEY
-}
-
-#[cfg(feature = "dylib")]
-#[must_use]
-pub fn witness_calculator() -> &'static Mutex<WitnessCalculator> {
-    WITNESS_CALCULATOR.get_or_init(|| {
-        let path = env::var("CIRCUIT_WASM_DYLIB").expect(
-            "Semaphore-rs is not initialized. The library needs to be initialized before use when \
-             build with the `cdylib` feature. You can initialize by calling `initialize` or \
-             seting the `CIRCUIT_WASM_DYLIB` environment variable.",
-        );
-        from_dylib(Path::new(&path))
-    })
-}
-
-#[cfg(not(feature = "dylib"))]
-#[must_use]
-pub fn witness_calculator() -> &'static Mutex<WitnessCalculator> {
-    WITNESS_CALCULATOR.get_or_init(|| {
-        let store = Store::default();
-        let module = Module::from_binary(&store, WASM).expect("wasm should be valid");
-        let result =
-            WitnessCalculator::from_module(module).expect("Failed to create witness calculator");
-        Mutex::new(result)
-    })
-}

semaphore/src/lib.rs

@@ -1,7 +0,0 @@
-#![allow(clippy::multiple_crate_versions)]
-
-pub mod circuit;
-pub mod protocol;
-
-#[cfg(feature = "dylib")]
-pub use circuit::initialize;

semaphore/src/protocol.rs

@@ -1,215 +0,0 @@
-// Adapted from semaphore-rs/src/protocol.rs
-// For illustration purposes only as an example protocol
-
-// Private module
-use crate::circuit::{witness_calculator, zkey};
-
-use ark_bn254::{Bn254, Parameters};
-use ark_circom::CircomReduction;
-use ark_ec::bn::Bn;
-use ark_groth16::{
-    create_proof_with_reduction_and_matrices, prepare_verifying_key, Proof as ArkProof,
-};
-use ark_relations::r1cs::SynthesisError;
-use ark_std::UniformRand;
-use color_eyre::{Report, Result};
-use ethers_core::types::U256;
-use rand::{thread_rng, Rng};
-use semaphore::{
-    identity::Identity,
-    merkle_tree::{self, Branch},
-    poseidon,
-    poseidon_tree::PoseidonHash,
-    Field,
-};
-use serde::{Deserialize, Serialize};
-use std::time::Instant;
-use thiserror::Error;
-
-// Matches the private G1Tup type in ark-circom.
-pub type G1 = (U256, U256);
-
-// Matches the private G2Tup type in ark-circom.
-pub type G2 = ([U256; 2], [U256; 2]);
-
-/// Wrap a proof object so we have serde support
-#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize)]
-pub struct Proof(G1, G2, G1);
-
-impl From<ArkProof<Bn<Parameters>>> for Proof {
-    fn from(proof: ArkProof<Bn<Parameters>>) -> Self {
-        let proof = ark_circom::ethereum::Proof::from(proof);
-        let (a, b, c) = proof.as_tuple();
-        Self(a, b, c)
-    }
-}
-
-impl From<Proof> for ArkProof<Bn<Parameters>> {
-    fn from(proof: Proof) -> Self {
-        let eth_proof = ark_circom::ethereum::Proof {
-            a: ark_circom::ethereum::G1 {
-                x: proof.0 .0,
-                y: proof.0 .1,
-            },
-            #[rustfmt::skip] // Rustfmt inserts some confusing spaces
-            b: ark_circom::ethereum::G2 {
-                // The order of coefficients is flipped.
-                x: [proof.1.0[1], proof.1.0[0]],
-                y: [proof.1.1[1], proof.1.1[0]],
-            },
-            c: ark_circom::ethereum::G1 {
-                x: proof.2 .0,
-                y: proof.2 .1,
-            },
-        };
-        eth_proof.into()
-    }
-}
-
-/// Helper to merkle proof into a bigint vector
-/// TODO: we should create a From trait for this
-fn merkle_proof_to_vec(proof: &merkle_tree::Proof<PoseidonHash>) -> Vec<Field> {
-    proof
-        .0
-        .iter()
-        .map(|x| match x {
-            Branch::Left(value) | Branch::Right(value) => *value,
-        })
-        .collect()
-}
-
-/// Generates the nullifier hash
-#[must_use]
-pub fn generate_nullifier_hash(identity: &Identity, external_nullifier: Field) -> Field {
-    poseidon::hash2(external_nullifier, identity.nullifier)
-}
-
-#[derive(Error, Debug)]
-pub enum ProofError {
-    #[error("Error reading circuit key: {0}")]
-    CircuitKeyError(#[from] std::io::Error),
-    #[error("Error producing witness: {0}")]
-    WitnessError(Report),
-    #[error("Error producing proof: {0}")]
-    SynthesisError(#[from] SynthesisError),
-    #[error("Error converting public input: {0}")]
-    ToFieldError(#[from] ruint::ToFieldError),
-}
-
-/// Generates a semaphore proof
-///
-/// # Errors
-///
-/// Returns a [`ProofError`] if proving fails.
-pub fn generate_proof(
-    identity: &Identity,
-    merkle_proof: &merkle_tree::Proof<PoseidonHash>,
-    external_nullifier_hash: Field,
-    signal_hash: Field,
-) -> Result<Proof, ProofError> {
-    generate_proof_rng(
-        identity,
-        merkle_proof,
-        external_nullifier_hash,
-        signal_hash,
-        &mut thread_rng(),
-    )
-}
-
-/// Generates a semaphore proof from entropy
-///
-/// # Errors
-///
-/// Returns a [`ProofError`] if proving fails.
-pub fn generate_proof_rng(
-    identity: &Identity,
-    merkle_proof: &merkle_tree::Proof<PoseidonHash>,
-    external_nullifier_hash: Field,
-    signal_hash: Field,
-    rng: &mut impl Rng,
-) -> Result<Proof, ProofError> {
-    generate_proof_rs(
-        identity,
-        merkle_proof,
-        external_nullifier_hash,
-        signal_hash,
-        ark_bn254::Fr::rand(rng),
-        ark_bn254::Fr::rand(rng),
-    )
-}
-
-fn generate_proof_rs(
-    identity: &Identity,
-    merkle_proof: &merkle_tree::Proof<PoseidonHash>,
-    external_nullifier_hash: Field,
-    signal_hash: Field,
-    r: ark_bn254::Fr,
-    s: ark_bn254::Fr,
-) -> Result<Proof, ProofError> {
-    let inputs = [
-        ("identityNullifier", vec![identity.nullifier]),
-        ("identityTrapdoor", vec![identity.trapdoor]),
-        ("treePathIndices", merkle_proof.path_index()),
-        ("treeSiblings", merkle_proof_to_vec(merkle_proof)),
-        ("externalNullifier", vec![external_nullifier_hash]),
-        ("signalHash", vec![signal_hash]),
-    ];
-    let inputs = inputs.into_iter().map(|(name, values)| {
-        (
-            name.to_string(),
-            values.iter().copied().map(Into::into).collect::<Vec<_>>(),
-        )
-    });
-
-    let now = Instant::now();
-
-    let full_assignment = witness_calculator()
-        .lock()
-        .expect("witness_calculator mutex should not get poisoned")
-        .calculate_witness_element::<Bn254, _>(inputs, false)
-        .map_err(ProofError::WitnessError)?;
-
-    println!("witness generation took: {:.2?}", now.elapsed());
-
-    let now = Instant::now();
-    let zkey = zkey();
-    let ark_proof = create_proof_with_reduction_and_matrices::<_, CircomReduction>(
-        &zkey.0,
-        r,
-        s,
-        &zkey.1,
-        zkey.1.num_instance_variables,
-        zkey.1.num_constraints,
-        full_assignment.as_slice(),
-    )?;
-    let proof = ark_proof.into();
-    println!("proof generation took: {:.2?}", now.elapsed());
-
-    Ok(proof)
-}
-
-/// Verifies a given semaphore proof
-///
-/// # Errors
-///
-/// Returns a [`ProofError`] if verifying fails. Verification failure does not
-/// necessarily mean the proof is incorrect.
-pub fn verify_proof(
-    root: Field,
-    nullifier_hash: Field,
-    signal_hash: Field,
-    external_nullifier_hash: Field,
-    proof: &Proof,
-) -> Result<bool, ProofError> {
-    let zkey = zkey();
-    let pvk = prepare_verifying_key(&zkey.0.vk);
-
-    let public_inputs = [root, nullifier_hash, signal_hash, external_nullifier_hash]
-        .iter()
-        .map(ark_bn254::Fr::try_from)
-        .collect::<Result<Vec<_>, _>>()?;
-
-    let ark_proof = (*proof).into();
-    let result = ark_groth16::verify_proof(&pvk, &ark_proof, &public_inputs[..])?;
-    Ok(result)
-}

semaphore/tests/protocol.rs

@@ -1,115 +0,0 @@
-#[cfg(test)]
-mod tests {
-    use ark_bn254::Parameters;
-    use ark_ec::bn::Bn;
-    use ark_groth16::Proof as ArkProof;
-    use rand::{Rng, SeedableRng as _};
-    use rand_chacha::ChaChaRng;
-    use semaphore::{hash_to_field, identity::Identity, poseidon_tree::PoseidonTree, Field};
-    use semaphore_wrapper::protocol::{
-        generate_nullifier_hash, generate_proof, generate_proof_rng, verify_proof, Proof,
-    };
-    use serde_json::json;
-
-    #[test]
-    fn test_semaphore() {
-        // generate identity
-        let id = Identity::from_seed(b"secret");
-
-        // generate merkle tree
-        let leaf = Field::from(0);
-        let mut tree = PoseidonTree::new(21, leaf);
-        tree.set(0, id.commitment());
-
-        let merkle_proof = tree.proof(0).expect("proof should exist");
-        let root = tree.root().into();
-
-        // change signal and external_nullifier here
-        let signal_hash = hash_to_field(b"xxx");
-        let external_nullifier_hash = hash_to_field(b"appId");
-
-        let nullifier_hash = generate_nullifier_hash(&id, external_nullifier_hash);
-
-        let proof =
-            generate_proof(&id, &merkle_proof, external_nullifier_hash, signal_hash).unwrap();
-
-        let success = verify_proof(
-            root,
-            nullifier_hash,
-            signal_hash,
-            external_nullifier_hash,
-            &proof,
-        )
-        .unwrap();
-
-        assert!(success);
-    }
-
-    fn arb_proof(seed: u64) -> Proof {
-        // Deterministic randomness for testing
-        let mut rng = ChaChaRng::seed_from_u64(seed);
-
-        // generate identity
-        let seed: [u8; 16] = rng.gen();
-        let id = Identity::from_seed(&seed);
-
-        // generate merkle tree
-        let leaf = Field::from(0);
-        let mut tree = PoseidonTree::new(21, leaf);
-        tree.set(0, id.commitment());
-
-        let merkle_proof = tree.proof(0).expect("proof should exist");
-
-        let external_nullifier: [u8; 16] = rng.gen();
-        let external_nullifier_hash = hash_to_field(&external_nullifier);
-
-        let signal: [u8; 16] = rng.gen();
-        let signal_hash = hash_to_field(&signal);
-
-        generate_proof_rng(
-            &id,
-            &merkle_proof,
-            external_nullifier_hash,
-            signal_hash,
-            &mut rng,
-        )
-        .unwrap()
-    }
-
-    #[test]
-    fn test_proof_cast_roundtrip() {
-        let proof = arb_proof(123);
-        let ark_proof: ArkProof<Bn<Parameters>> = proof.into();
-        let result: Proof = ark_proof.into();
-        assert_eq!(proof, result);
-    }
-
-    #[test]
-    fn test_proof_serialize() {
-        let proof = arb_proof(456);
-        let json = serde_json::to_value(&proof).unwrap();
-        assert_eq!(
-            json,
-            json!([
-                [
-                    "0x249ae469686987ee9368da60dd177a8c42891c02f5760e955e590c79d55cfab2",
-                    "0xf22e25870f49388459d388afb24dcf6ec11bb2d4def1e2ec26d6e42f373aad8"
-                ],
-                [
-                    [
-                        "0x17bd25dbd7436c30ea5b8a3a47aadf11ed646c4b25cc14a84ff8cbe0252ff1f8",
-                        "0x1c140668c56688367416534d57b4a14e5a825efdd5e121a6a2099f6dc4cd277b"
-                    ],
-                    [
-                        "0x26a8524759d969ea0682a092cf7a551697d81962d6c998f543f81e52d83e05e1",
-                        "0x273eb3f796fd1807b9df9c6d769d983e3dabdc61677b75d48bb7691303b2c8dd"
-                    ]
-                ],
-                [
-                    "0x62715c53a0eb4c46dbb5f73f1fd7449b9c63d37c1ece65debc39b472065a90f",
-                    "0x114f7becc66f1cd7a8b01c89db8233622372fc0b6fc037c4313bca41e2377fd9"
-                ]
-            ])
-        );
-    }
-}

utils/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "zerokit_utils"
-version = "0.3.2"
+version = "0.4.3"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 description = "Various utilities for Zerokit"

utils/benches/merkle_tree_benchmark.rs

@@ -1,5 +1,6 @@
 use criterion::{criterion_group, criterion_main, Criterion};
 use hex_literal::hex;
+use std::{fmt::Display, str::FromStr};
 use tiny_keccak::{Hasher as _, Keccak};
 use zerokit_utils::{
     FullMerkleConfig, FullMerkleTree, Hasher, OptimalMerkleConfig, OptimalMerkleTree,
@@ -9,34 +10,53 @@ use zerokit_utils::{
 #[derive(Clone, Copy, Eq, PartialEq)]
 struct Keccak256;
 
+#[derive(Clone, Copy, Eq, PartialEq, Debug, Default)]
+struct TestFr([u8; 32]);
+
 impl Hasher for Keccak256 {
-    type Fr = [u8; 32];
+    type Fr = TestFr;
 
     fn default_leaf() -> Self::Fr {
-        [0; 32]
+        TestFr([0; 32])
     }
 
     fn hash(inputs: &[Self::Fr]) -> Self::Fr {
         let mut output = [0; 32];
         let mut hasher = Keccak::v256();
         for element in inputs {
-            hasher.update(element);
+            hasher.update(element.0.as_slice());
         }
         hasher.finalize(&mut output);
-        output
+        TestFr(output)
+    }
+}
+
+impl Display for TestFr {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", String::from_utf8_lossy(self.0.as_slice()))
+    }
+}
+
+impl FromStr for TestFr {
+    type Err = std::string::FromUtf8Error;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        Ok(TestFr(s.as_bytes().try_into().unwrap()))
     }
 }
 
 pub fn optimal_merkle_tree_benchmark(c: &mut Criterion) {
     let mut tree =
-        OptimalMerkleTree::<Keccak256>::new(2, [0; 32], OptimalMerkleConfig::default()).unwrap();
+        OptimalMerkleTree::<Keccak256>::new(2, TestFr([0; 32]), OptimalMerkleConfig::default())
+            .unwrap();
 
     let leaves = [
         hex!("0000000000000000000000000000000000000000000000000000000000000001"),
         hex!("0000000000000000000000000000000000000000000000000000000000000002"),
         hex!("0000000000000000000000000000000000000000000000000000000000000003"),
         hex!("0000000000000000000000000000000000000000000000000000000000000004"),
-    ];
+    ]
+    .map(|x| TestFr(x));
 
     c.bench_function("OptimalMerkleTree::set", |b| {
         b.iter(|| {
@@ -71,14 +91,15 @@ pub fn optimal_merkle_tree_benchmark(c: &mut Criterion) {
 
 pub fn full_merkle_tree_benchmark(c: &mut Criterion) {
     let mut tree =
-        FullMerkleTree::<Keccak256>::new(2, [0; 32], FullMerkleConfig::default()).unwrap();
+        FullMerkleTree::<Keccak256>::new(2, TestFr([0; 32]), FullMerkleConfig::default()).unwrap();
 
     let leaves = [
         hex!("0000000000000000000000000000000000000000000000000000000000000001"),
         hex!("0000000000000000000000000000000000000000000000000000000000000002"),
         hex!("0000000000000000000000000000000000000000000000000000000000000003"),
         hex!("0000000000000000000000000000000000000000000000000000000000000004"),
-    ];
+    ]
+    .map(|x| TestFr(x));
 
     c.bench_function("FullMerkleTree::set", |b| {
         b.iter(|| {

utils/src/merkle_tree/merkle_tree.rs

@@ -21,7 +21,7 @@ use color_eyre::Result;
 /// and the hash function used to initialize a Merkle Tree implementation
 pub trait Hasher {
     /// Type of the leaf and tree node
-    type Fr: Clone + Copy + Eq;
+    type Fr: Clone + Copy + Eq + Default + std::fmt::Debug + std::fmt::Display + FromStr;
 
     /// Returns the default tree leaf
     fn default_leaf() -> Self::Fr;

utils/tests/merkle_tree.rs

@@ -1,6 +1,8 @@
 // Tests adapted from https://github.com/worldcoin/semaphore-rs/blob/d462a4372f1fd9c27610f2acfe4841fab1d396aa/src/merkle_tree.rs
 #[cfg(test)]
-mod test {
+pub mod test {
+    use std::{fmt::Display, str::FromStr};
+
     use hex_literal::hex;
     use tiny_keccak::{Hasher as _, Keccak};
     use zerokit_utils::{
@@ -10,21 +12,38 @@ mod test {
     #[derive(Clone, Copy, Eq, PartialEq)]
     struct Keccak256;
 
+    #[derive(Clone, Copy, Eq, PartialEq, Debug, Default)]
+    struct TestFr([u8; 32]);
+
     impl Hasher for Keccak256 {
-        type Fr = [u8; 32];
+        type Fr = TestFr;
 
         fn default_leaf() -> Self::Fr {
-            [0; 32]
+            TestFr([0; 32])
         }
 
         fn hash(inputs: &[Self::Fr]) -> Self::Fr {
             let mut output = [0; 32];
             let mut hasher = Keccak::v256();
             for element in inputs {
-                hasher.update(element);
+                hasher.update(element.0.as_slice());
             }
             hasher.finalize(&mut output);
-            output
+            TestFr(output)
+        }
+    }
+
+    impl Display for TestFr {
+        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+            write!(f, "{}", String::from_utf8_lossy(self.0.as_slice()))
+        }
+    }
+
+    impl FromStr for TestFr {
+        type Err = std::string::FromUtf8Error;
+
+        fn from_str(s: &str) -> Result<Self, Self::Err> {
+            Ok(TestFr(s.as_bytes().try_into().unwrap()))
         }
     }
 
@@ -35,20 +54,24 @@ mod test {
             hex!("0000000000000000000000000000000000000000000000000000000000000002"),
             hex!("0000000000000000000000000000000000000000000000000000000000000003"),
             hex!("0000000000000000000000000000000000000000000000000000000000000004"),
-        ];
+        ]
+        .map(|x| TestFr(x));
 
-        let default_tree_root =
-            hex!("b4c11951957c6f8f642c4af61cd6b24640fec6dc7fc607ee8206a99e92410d30");
+        let default_tree_root = TestFr(hex!(
+            "b4c11951957c6f8f642c4af61cd6b24640fec6dc7fc607ee8206a99e92410d30"
+        ));
 
         let roots = [
             hex!("c1ba1812ff680ce84c1d5b4f1087eeb08147a4d510f3496b2849df3a73f5af95"),
             hex!("893760ec5b5bee236f29e85aef64f17139c3c1b7ff24ce64eb6315fca0f2485b"),
             hex!("222ff5e0b5877792c2bc1670e2ccd0c2c97cd7bb1672a57d598db05092d3d72c"),
             hex!("a9bb8c3f1f12e9aa903a50c47f314b57610a3ab32f2d463293f58836def38d36"),
-        ];
+        ]
+        .map(|x| TestFr(x));
 
         let mut tree =
-            FullMerkleTree::<Keccak256>::new(2, [0; 32], FullMerkleConfig::default()).unwrap();
+            FullMerkleTree::<Keccak256>::new(2, TestFr([0; 32]), FullMerkleConfig::default())
+                .unwrap();
         assert_eq!(tree.root(), default_tree_root);
         for i in 0..leaves.len() {
             tree.set(i, leaves[i]).unwrap();
@@ -56,7 +79,7 @@ mod test {
         }
 
         let mut tree =
-            OptimalMerkleTree::<Keccak256>::new(2, [0; 32], OptimalMerkleConfig::default())
+            OptimalMerkleTree::<Keccak256>::new(2, TestFr([0; 32]), OptimalMerkleConfig::default())
                 .unwrap();
         assert_eq!(tree.root(), default_tree_root);
         for i in 0..leaves.len() {
@@ -72,11 +95,13 @@ mod test {
             hex!("0000000000000000000000000000000000000000000000000000000000000002"),
             hex!("0000000000000000000000000000000000000000000000000000000000000003"),
             hex!("0000000000000000000000000000000000000000000000000000000000000004"),
-        ];
+        ]
+        .map(|x| TestFr(x));
 
         // We thest the FullMerkleTree implementation
         let mut tree =
-            FullMerkleTree::<Keccak256>::new(2, [0; 32], FullMerkleConfig::default()).unwrap();
+            FullMerkleTree::<Keccak256>::new(2, TestFr([0; 32]), FullMerkleConfig::default())
+                .unwrap();
         for i in 0..leaves.len() {
             // We set the leaves
             tree.set(i, leaves[i]).unwrap();
@@ -101,7 +126,7 @@ mod test {
 
         // We test the OptimalMerkleTree implementation
         let mut tree =
-            OptimalMerkleTree::<Keccak256>::new(2, [0; 32], OptimalMerkleConfig::default())
+            OptimalMerkleTree::<Keccak256>::new(2, TestFr([0; 32]), OptimalMerkleConfig::default())
                 .unwrap();
         for i in 0..leaves.len() {
             // We set the leaves
@@ -133,10 +158,11 @@ mod test {
             hex!("0000000000000000000000000000000000000000000000000000000000000002"),
             hex!("0000000000000000000000000000000000000000000000000000000000000003"),
             hex!("0000000000000000000000000000000000000000000000000000000000000004"),
-        ];
+        ]
+        .map(|x| TestFr(x));
 
         let mut tree =
-            OptimalMerkleTree::<Keccak256>::new(2, [0; 32], OptimalMerkleConfig::default())
+            OptimalMerkleTree::<Keccak256>::new(2, TestFr([0; 32]), OptimalMerkleConfig::default())
                 .unwrap();
 
         // We set the leaves
@@ -145,7 +171,8 @@ mod test {
         let new_leaves = [
             hex!("0000000000000000000000000000000000000000000000000000000000000005"),
             hex!("0000000000000000000000000000000000000000000000000000000000000006"),
-        ];
+        ]
+        .map(|x| TestFr(x));
 
         let to_delete_indices: [usize; 2] = [0, 1];