@aztec/pxe 0.8.6

package/src/database/memory_db.ts

@@ -0,0 +1,147 @@
+import { CompleteAddress, HistoricBlockData } from '@aztec/circuits.js';
+import { AztecAddress } from '@aztec/foundation/aztec-address';
+import { Fr } from '@aztec/foundation/fields';
+import { createDebugLogger } from '@aztec/foundation/log';
+import { MerkleTreeId, PublicKey } from '@aztec/types';
+
+import { MemoryContractDatabase } from '../contract_database/index.js';
+import { Database } from './database.js';
+import { NoteSpendingInfoDao } from './note_spending_info_dao.js';
+
+/**
+ * The MemoryDB class provides an in-memory implementation of a database to manage transactions and auxiliary data.
+ * It extends the MemoryContractDatabase, allowing it to store contract-related data as well.
+ * The class offers methods to add, fetch, and remove transaction records and auxiliary data based on various filters such as transaction hash, address, and storage slot.
+ * As an in-memory database, the stored data will not persist beyond the life of the application instance.
+ */
+export class MemoryDB extends MemoryContractDatabase implements Database {
+  private noteSpendingInfoTable: NoteSpendingInfoDao[] = [];
+  private treeRoots: Record<MerkleTreeId, Fr> | undefined;
+  private globalVariablesHash: Fr | undefined;
+  private addresses: CompleteAddress[] = [];
+  private authWitnesses: Record<string, Fr[]> = {};
+
+  constructor(logSuffix?: string) {
+    super(createDebugLogger(logSuffix ? 'aztec:memory_db_' + logSuffix : 'aztec:memory_db'));
+  }
+
+  /**
+   * Add a auth witness to the database.
+   * @param messageHash - The message hash.
+   * @param witness - An array of field elements representing the auth witness.
+   */
+  public addAuthWitness(messageHash: Fr, witness: Fr[]): Promise<void> {
+    this.authWitnesses[messageHash.toString()] = witness;
+    return Promise.resolve();
+  }
+
+  /**
+   * Fetching the auth witness for a given message hash.
+   * @param messageHash - The message hash.
+   * @returns A Promise that resolves to an array of field elements representing the auth witness.
+   */
+  public getAuthWitness(messageHash: Fr): Promise<Fr[]> {
+    return Promise.resolve(this.authWitnesses[messageHash.toString()]);
+  }
+
+  public addNoteSpendingInfo(noteSpendingInfoDao: NoteSpendingInfoDao) {
+    this.noteSpendingInfoTable.push(noteSpendingInfoDao);
+    return Promise.resolve();
+  }
+
+  public addNoteSpendingInfoBatch(noteSpendingInfoDaos: NoteSpendingInfoDao[]) {
+    this.noteSpendingInfoTable.push(...noteSpendingInfoDaos);
+    return Promise.resolve();
+  }
+
+  public getNoteSpendingInfo(contract: AztecAddress, storageSlot: Fr) {
+    const res = this.noteSpendingInfoTable.filter(
+      noteSpendingInfo =>
+        noteSpendingInfo.contractAddress.equals(contract) &&
+        noteSpendingInfo.storageSlot.toBuffer().equals(storageSlot.toBuffer()),
+    );
+    return Promise.resolve(res);
+  }
+
+  public removeNullifiedNoteSpendingInfo(nullifiers: Fr[], account: PublicKey) {
+    const nullifierSet = new Set(nullifiers.map(nullifier => nullifier.toString()));
+    const [remaining, removed] = this.noteSpendingInfoTable.reduce(
+      (acc: [NoteSpendingInfoDao[], NoteSpendingInfoDao[]], noteSpendingInfo) => {
+        const nullifier = noteSpendingInfo.siloedNullifier.toString();
+        if (noteSpendingInfo.publicKey.equals(account) && nullifierSet.has(nullifier)) {
+          acc[1].push(noteSpendingInfo);
+        } else {
+          acc[0].push(noteSpendingInfo);
+        }
+        return acc;
+      },
+      [[], []],
+    );
+
+    this.noteSpendingInfoTable = remaining;
+
+    return Promise.resolve(removed);
+  }
+
+  public getTreeRoots(): Record<MerkleTreeId, Fr> {
+    const roots = this.treeRoots;
+    if (!roots) throw new Error(`Tree roots not set in memory database`);
+    return roots;
+  }
+
+  public setTreeRoots(roots: Record<MerkleTreeId, Fr>) {
+    this.treeRoots = roots;
+    return Promise.resolve();
+  }
+
+  public getHistoricBlockData(): HistoricBlockData {
+    const roots = this.getTreeRoots();
+    if (!this.globalVariablesHash) throw new Error(`Global variables hash not set in memory database`);
+    return new HistoricBlockData(
+      roots[MerkleTreeId.PRIVATE_DATA_TREE],
+      roots[MerkleTreeId.NULLIFIER_TREE],
+      roots[MerkleTreeId.CONTRACT_TREE],
+      roots[MerkleTreeId.L1_TO_L2_MESSAGES_TREE],
+      roots[MerkleTreeId.BLOCKS_TREE],
+      Fr.ZERO, // todo: private kernel vk tree root
+      roots[MerkleTreeId.PUBLIC_DATA_TREE],
+      this.globalVariablesHash,
+    );
+  }
+
+  public async setHistoricBlockData(historicBlockData: HistoricBlockData): Promise<void> {
+    this.globalVariablesHash = historicBlockData.globalVariablesHash;
+    await this.setTreeRoots({
+      [MerkleTreeId.PRIVATE_DATA_TREE]: historicBlockData.privateDataTreeRoot,
+      [MerkleTreeId.NULLIFIER_TREE]: historicBlockData.nullifierTreeRoot,
+      [MerkleTreeId.CONTRACT_TREE]: historicBlockData.contractTreeRoot,
+      [MerkleTreeId.L1_TO_L2_MESSAGES_TREE]: historicBlockData.l1ToL2MessagesTreeRoot,
+      [MerkleTreeId.BLOCKS_TREE]: historicBlockData.blocksTreeRoot,
+      [MerkleTreeId.PUBLIC_DATA_TREE]: historicBlockData.publicDataTreeRoot,
+    });
+  }
+
+  public addCompleteAddress(completeAddress: CompleteAddress): Promise<boolean> {
+    const accountIndex = this.addresses.findIndex(r => r.address.equals(completeAddress.address));
+    if (accountIndex !== -1) {
+      if (this.addresses[accountIndex].equals(completeAddress)) {
+        return Promise.resolve(false);
+      }
+
+      throw new Error(
+        `Complete address with aztec address ${completeAddress.address.toString()} but different public key or partial key already exists in memory database`,
+      );
+    }
+    this.addresses.push(completeAddress);
+    return Promise.resolve(true);
+  }
+
+  public getCompleteAddress(address: AztecAddress): Promise<CompleteAddress | undefined> {
+    const recipient = this.addresses.find(r => r.address.equals(address));
+    return Promise.resolve(recipient);
+  }
+
+  public getCompleteAddresses(): Promise<CompleteAddress[]> {
+    return Promise.resolve(this.addresses);
+  }
+}

package/src/database/note_spending_info_dao.ts

@@ -0,0 +1,64 @@
+import { AztecAddress, Fr, PublicKey } from '@aztec/circuits.js';
+import { Point } from '@aztec/foundation/fields';
+import { NotePreimage } from '@aztec/types';
+
+/**
+ * Represents the data access object for auxiliary transaction data.
+ * Contains properties from the decrypted note, computed properties, and information about
+ * the public key used for encryption, as well as the location of the data in the tree.
+ */
+export interface NoteSpendingInfoDao {
+  /**
+   * The contract address this note is created in.
+   */
+  contractAddress: AztecAddress;
+  /**
+   * The nonce of the note.
+   */
+  nonce: Fr;
+  /**
+   * The specific storage location of the note on the contract.
+   */
+  storageSlot: Fr;
+  /**
+   * The preimage of the note, containing essential information about the note.
+   */
+  notePreimage: NotePreimage;
+  /**
+   * Inner note hash of the note. This is customisable by the app circuit.
+   * We can use this value to compute siloedNoteHash and uniqueSiloedNoteHash.
+   */
+  innerNoteHash: Fr;
+  /**
+   * The nullifier of the note (siloed by contract address).
+   */
+  siloedNullifier: Fr;
+  /**
+   * The location of the relevant note in the private data tree.
+   */
+  index: bigint;
+  /**
+   * The public key that was used to encrypt the data.
+   */
+  publicKey: PublicKey;
+}
+
+export const createRandomNoteSpendingInfoDao = ({
+  contractAddress = AztecAddress.random(),
+  nonce = Fr.random(),
+  storageSlot = Fr.random(),
+  notePreimage = NotePreimage.random(),
+  innerNoteHash = Fr.random(),
+  siloedNullifier = Fr.random(),
+  index = Fr.random().value,
+  publicKey = Point.random(),
+}: Partial<NoteSpendingInfoDao> = {}): NoteSpendingInfoDao => ({
+  contractAddress,
+  nonce,
+  storageSlot,
+  notePreimage,
+  innerNoteHash,
+  siloedNullifier,
+  index,
+  publicKey,
+});

package/src/index.ts

@@ -0,0 +1,11 @@
+export * from './pxe_service/index.js';
+export * from './pxe_http/index.js';
+export * from './config/index.js';
+
+export { Tx, TxHash } from '@aztec/types';
+
+export { TxRequest, CircuitsWasm, PartialAddress } from '@aztec/circuits.js';
+export * from '@aztec/foundation/fields';
+export * from '@aztec/foundation/eth-address';
+export * from '@aztec/foundation/aztec-address';
+export * from '@aztec/key-store';

package/src/kernel_oracle/index.ts

@@ -0,0 +1,39 @@
+import { AztecAddress, Fr, FunctionSelector, MembershipWitness, PRIVATE_DATA_TREE_HEIGHT } from '@aztec/circuits.js';
+import { Tuple } from '@aztec/foundation/serialize';
+import { AztecNode, MerkleTreeId } from '@aztec/types';
+
+import { ContractDataOracle } from '../contract_data_oracle/index.js';
+import { ProvingDataOracle } from './../kernel_prover/proving_data_oracle.js';
+
+/**
+ * A data oracle that provides information needed for simulating a transaction.
+ */
+export class KernelOracle implements ProvingDataOracle {
+  constructor(private contractDataOracle: ContractDataOracle, private node: AztecNode) {}
+
+  public async getContractMembershipWitness(contractAddress: AztecAddress) {
+    return await this.contractDataOracle.getContractMembershipWitness(contractAddress);
+  }
+
+  public async getFunctionMembershipWitness(contractAddress: AztecAddress, selector: FunctionSelector) {
+    return await this.contractDataOracle.getFunctionMembershipWitness(contractAddress, selector);
+  }
+
+  public async getVkMembershipWitness() {
+    return await this.contractDataOracle.getVkMembershipWitness();
+  }
+
+  async getNoteMembershipWitness(leafIndex: bigint): Promise<MembershipWitness<typeof PRIVATE_DATA_TREE_HEIGHT>> {
+    const path = await this.node.getDataTreePath(leafIndex);
+    return new MembershipWitness<typeof PRIVATE_DATA_TREE_HEIGHT>(
+      path.pathSize,
+      leafIndex,
+      path.toFieldArray() as Tuple<Fr, typeof PRIVATE_DATA_TREE_HEIGHT>,
+    );
+  }
+
+  async getPrivateDataRoot(): Promise<Fr> {
+    const roots = await this.node.getTreeRoots();
+    return roots[MerkleTreeId.PRIVATE_DATA_TREE];
+  }
+}

package/src/kernel_prover/index.ts

@@ -0,0 +1,2 @@
+export * from './kernel_prover.js';
+export * from './proving_data_oracle.js';

package/src/kernel_prover/kernel_prover.ts

@@ -0,0 +1,317 @@
+import { ExecutionResult, NewNoteData } from '@aztec/acir-simulator';
+import {
+  AztecAddress,
+  CONTRACT_TREE_HEIGHT,
+  EMPTY_NULLIFIED_COMMITMENT,
+  Fr,
+  MAX_NEW_COMMITMENTS_PER_TX,
+  MAX_NEW_NULLIFIERS_PER_TX,
+  MAX_PRIVATE_CALL_STACK_LENGTH_PER_CALL,
+  MAX_READ_REQUESTS_PER_CALL,
+  MAX_READ_REQUESTS_PER_TX,
+  MembershipWitness,
+  PreviousKernelData,
+  PrivateCallData,
+  PrivateCallStackItem,
+  PrivateKernelInputsInit,
+  PrivateKernelInputsInner,
+  PrivateKernelInputsOrdering,
+  PrivateKernelPublicInputs,
+  ReadRequestMembershipWitness,
+  TxRequest,
+  VK_TREE_HEIGHT,
+  VerificationKey,
+  makeEmptyProof,
+  makeTuple,
+} from '@aztec/circuits.js';
+import { Tuple, assertLength } from '@aztec/foundation/serialize';
+
+import { KernelProofCreator, ProofCreator, ProofOutput, ProofOutputFinal } from './proof_creator.js';
+import { ProvingDataOracle } from './proving_data_oracle.js';
+
+/**
+ * Represents an output note data object.
+ * Contains the contract address, new note data and commitment for the note,
+ * resulting from the execution of a transaction in the Aztec network.
+ */
+export interface OutputNoteData {
+  /**
+   * The address of the contract the note was created in.
+   */
+  contractAddress: AztecAddress;
+  /**
+   * The encrypted note data for an output note.
+   */
+  data: NewNoteData;
+  /**
+   * The unique value representing the note.
+   */
+  commitment: Fr;
+}
+
+/**
+ * Represents the output data of the Kernel Prover.
+ * Provides information about the newly created notes, along with the public inputs and proof.
+ */
+export interface KernelProverOutput extends ProofOutputFinal {
+  /**
+   * An array of output notes containing the contract address, note data, and commitment for each new note.
+   */
+  outputNotes: OutputNoteData[];
+}
+
+/**
+ * The KernelProver class is responsible for generating kernel proofs.
+ * It takes a transaction request, its signature, and the simulation result as inputs, and outputs a proof
+ * along with output notes. The class interacts with a ProvingDataOracle to fetch membership witnesses and
+ * constructs private call data based on the execution results.
+ */
+export class KernelProver {
+  constructor(private oracle: ProvingDataOracle, private proofCreator: ProofCreator = new KernelProofCreator()) {}
+
+  /**
+   * Generate a proof for a given transaction request and execution result.
+   * The function iterates through the nested executions in the execution result, creates private call data,
+   * and generates a proof using the provided ProofCreator instance. It also maintains an index of new notes
+   * created during the execution and returns them as a part of the KernelProverOutput.
+   *
+   * @param txRequest - The authenticated transaction request object.
+   * @param executionResult - The execution result object containing nested executions and preimages.
+   * @returns A Promise that resolves to a KernelProverOutput object containing proof, public inputs, and output notes.
+   */
+  async prove(txRequest: TxRequest, executionResult: ExecutionResult): Promise<KernelProverOutput> {
+    const executionStack = [executionResult];
+    const newNotes: { [commitmentStr: string]: OutputNoteData } = {};
+    let firstIteration = true;
+    let previousVerificationKey = VerificationKey.makeFake();
+
+    let output: ProofOutput = {
+      publicInputs: PrivateKernelPublicInputs.empty(),
+      proof: makeEmptyProof(),
+    };
+
+    while (executionStack.length) {
+      const currentExecution = executionStack.pop()!;
+      executionStack.push(...currentExecution.nestedExecutions);
+      const privateCallStackPreimages = currentExecution.nestedExecutions.map(result => result.callStackItem);
+      if (privateCallStackPreimages.length > MAX_PRIVATE_CALL_STACK_LENGTH_PER_CALL) {
+        throw new Error(
+          `Too many items in the call stack. Maximum amount is ${MAX_PRIVATE_CALL_STACK_LENGTH_PER_CALL}. Got ${privateCallStackPreimages.length}.`,
+        );
+      }
+      // Pad with empty items to reach max/const length expected by circuit.
+      privateCallStackPreimages.push(
+        ...Array(MAX_PRIVATE_CALL_STACK_LENGTH_PER_CALL - privateCallStackPreimages.length)
+          .fill(0)
+          .map(() => PrivateCallStackItem.empty()),
+      );
+
+      // Start with the partially filled in read request witnesses from the simulator
+      // and fill the non-transient ones in with sibling paths via oracle.
+      const readRequestMembershipWitnesses = currentExecution.readRequestPartialWitnesses;
+      for (let rr = 0; rr < readRequestMembershipWitnesses.length; rr++) {
+        if (currentExecution.callStackItem.publicInputs.readRequests[rr] == Fr.zero()) {
+          throw new Error(
+            'Number of read requests output from Noir circuit does not match number of read request commitment indices output from simulator.',
+          );
+        }
+        const rrWitness = readRequestMembershipWitnesses[rr];
+        if (!rrWitness.isTransient) {
+          // Non-transient reads must contain full membership witness with sibling path from commitment to root.
+          // Get regular membership witness to fill in sibling path in the read request witness.
+          const membershipWitness = await this.oracle.getNoteMembershipWitness(rrWitness.leafIndex.toBigInt());
+          rrWitness.siblingPath = membershipWitness.siblingPath;
+        }
+      }
+
+      // fill in witnesses for remaining/empty read requests
+      readRequestMembershipWitnesses.push(
+        ...Array(MAX_READ_REQUESTS_PER_CALL - readRequestMembershipWitnesses.length)
+          .fill(0)
+          .map(() => ReadRequestMembershipWitness.empty(BigInt(0))),
+      );
+
+      const privateCallData = await this.createPrivateCallData(
+        currentExecution,
+        readRequestMembershipWitnesses,
+        makeTuple(MAX_PRIVATE_CALL_STACK_LENGTH_PER_CALL, i => privateCallStackPreimages[i], 0),
+      );
+
+      if (firstIteration) {
+        output = await this.proofCreator.createProofInit(new PrivateKernelInputsInit(txRequest, privateCallData));
+      } else {
+        const previousVkMembershipWitness = await this.oracle.getVkMembershipWitness(previousVerificationKey);
+        const previousKernelData = new PreviousKernelData(
+          output.publicInputs,
+          output.proof,
+          previousVerificationKey,
+          Number(previousVkMembershipWitness.leafIndex),
+          assertLength<Fr, typeof VK_TREE_HEIGHT>(previousVkMembershipWitness.siblingPath, VK_TREE_HEIGHT),
+        );
+        output = await this.proofCreator.createProofInner(
+          new PrivateKernelInputsInner(previousKernelData, privateCallData),
+        );
+      }
+      (await this.getNewNotes(currentExecution)).forEach(n => {
+        newNotes[n.commitment.toString()] = n;
+      });
+      firstIteration = false;
+      previousVerificationKey = privateCallData.vk;
+    }
+
+    const previousVkMembershipWitness = await this.oracle.getVkMembershipWitness(previousVerificationKey);
+    const previousKernelData = new PreviousKernelData(
+      output.publicInputs,
+      output.proof,
+      previousVerificationKey,
+      Number(previousVkMembershipWitness.leafIndex),
+      assertLength<Fr, typeof VK_TREE_HEIGHT>(previousVkMembershipWitness.siblingPath, VK_TREE_HEIGHT),
+    );
+
+    const readCommitmentHints = this.getReadRequestHints(
+      output.publicInputs.end.readRequests,
+      output.publicInputs.end.newCommitments,
+    );
+
+    const nullifierCommitmentHints = this.getNullifierHints(
+      output.publicInputs.end.nullifiedCommitments,
+      output.publicInputs.end.newCommitments,
+    );
+
+    const privateInputs = new PrivateKernelInputsOrdering(
+      previousKernelData,
+      readCommitmentHints,
+      nullifierCommitmentHints,
+    );
+    const outputFinal = await this.proofCreator.createProofOrdering(privateInputs);
+
+    // Only return the notes whose commitment is in the commitments of the final proof.
+    const finalNewCommitments = outputFinal.publicInputs.end.newCommitments;
+    const outputNotes = finalNewCommitments.map(c => newNotes[c.toString()]).filter(c => !!c);
+
+    return { ...outputFinal, outputNotes };
+  }
+
+  private async createPrivateCallData(
+    { callStackItem, vk }: ExecutionResult,
+    readRequestMembershipWitnesses: ReadRequestMembershipWitness[],
+    privateCallStackPreimages: Tuple<PrivateCallStackItem, typeof MAX_PRIVATE_CALL_STACK_LENGTH_PER_CALL>,
+  ) {
+    const { contractAddress, functionData, publicInputs } = callStackItem;
+    const { portalContractAddress } = publicInputs.callContext;
+
+    const contractLeafMembershipWitness = functionData.isConstructor
+      ? MembershipWitness.random(CONTRACT_TREE_HEIGHT)
+      : await this.oracle.getContractMembershipWitness(contractAddress);
+
+    const functionLeafMembershipWitness = await this.oracle.getFunctionMembershipWitness(
+      contractAddress,
+      functionData.selector,
+    );
+
+    // TODO(#262): Use real acir hash
+    // const acirHash = keccak(Buffer.from(bytecode, 'hex'));
+    const acirHash = Fr.fromBuffer(Buffer.alloc(32, 0));
+
+    // TODO
+    const proof = makeEmptyProof();
+
+    return new PrivateCallData(
+      callStackItem,
+      privateCallStackPreimages,
+      proof,
+      VerificationKey.fromBuffer(vk),
+      functionLeafMembershipWitness,
+      contractLeafMembershipWitness,
+      makeTuple(MAX_READ_REQUESTS_PER_CALL, i => readRequestMembershipWitnesses[i], 0),
+      portalContractAddress.toField(),
+      acirHash,
+    );
+  }
+
+  /**
+   * Retrieves the new output notes for a given execution result.
+   * The function maps over the new note preimages and associates them with their corresponding
+   * commitments in the public inputs of the execution result. It also includes the contract address
+   * from the call context of the public inputs.
+   *
+   * @param executionResult - The execution result object containing note preimages and public inputs.
+   * @returns An array of OutputNoteData objects, each representing an output note with its associated data.
+   */
+  private async getNewNotes(executionResult: ExecutionResult): Promise<OutputNoteData[]> {
+    const {
+      callStackItem: { publicInputs },
+      newNotes,
+    } = executionResult;
+    const contractAddress = publicInputs.callContext.storageContractAddress;
+    // Assuming that for each new commitment there's an output note added to the execution result.
+    const newCommitments = await this.proofCreator.getSiloedCommitments(publicInputs);
+    return newNotes.map((data, i) => ({
+      contractAddress,
+      data,
+      commitment: newCommitments[i],
+    }));
+  }
+
+  /**
+   * Performs the matching between an array of read request and an array of commitments. This produces
+   * hints for the private kernel ordering circuit to efficiently match a read request with the corresponding
+   * commitment.
+   *
+   * @param readRequests - The array of read requests.
+   * @param commitments - The array of commitments.
+   * @returns An array of hints where each element is the index of the commitment in commitments array
+   *  corresponding to the read request. In other words we have readRequests[i] == commitments[hints[i]].
+   */
+  private getReadRequestHints(
+    readRequests: Tuple<Fr, typeof MAX_READ_REQUESTS_PER_TX>,
+    commitments: Tuple<Fr, typeof MAX_NEW_COMMITMENTS_PER_TX>,
+  ): Tuple<Fr, typeof MAX_READ_REQUESTS_PER_TX> {
+    const hints = makeTuple(MAX_READ_REQUESTS_PER_TX, Fr.zero);
+    for (let i = 0; i < MAX_READ_REQUESTS_PER_TX && !readRequests[i].isZero(); i++) {
+      const equalToRR = (cmt: Fr) => cmt.equals(readRequests[i]);
+      const result = commitments.findIndex(equalToRR);
+      if (result == -1) {
+        throw new Error(
+          `The read request at index ${i} with value ${readRequests[i].toString()} does not match to any commitment.`,
+        );
+      } else {
+        hints[i] = new Fr(result);
+      }
+    }
+    return hints;
+  }
+
+  /**
+   *  Performs the matching between an array of nullified commitments and an array of commitments. This produces
+   * hints for the private kernel ordering circuit to efficiently match a nullifier with the corresponding
+   * commitment.
+   *
+   * @param nullifiedCommitments - The array of nullified commitments.
+   * @param commitments - The array of commitments.
+   * @returns An array of hints where each element is the index of the commitment in commitments array
+   *  corresponding to the nullified commitments. In other words we have nullifiedCommitments[i] == commitments[hints[i]].
+   */
+  private getNullifierHints(
+    nullifiedCommitments: Tuple<Fr, typeof MAX_NEW_NULLIFIERS_PER_TX>,
+    commitments: Tuple<Fr, typeof MAX_NEW_COMMITMENTS_PER_TX>,
+  ): Tuple<Fr, typeof MAX_NEW_NULLIFIERS_PER_TX> {
+    const hints = makeTuple(MAX_NEW_NULLIFIERS_PER_TX, Fr.zero);
+    for (let i = 0; i < MAX_NEW_NULLIFIERS_PER_TX; i++) {
+      if (!nullifiedCommitments[i].isZero() && !nullifiedCommitments[i].equals(new Fr(EMPTY_NULLIFIED_COMMITMENT))) {
+        const equalToCommitment = (cmt: Fr) => cmt.equals(nullifiedCommitments[i]);
+        const result = commitments.findIndex(equalToCommitment);
+        if (result == -1) {
+          throw new Error(
+            `The nullified commitment at index ${i} with value ${nullifiedCommitments[
+              i
+            ].toString()} does not match to any commitment.`,
+          );
+        } else {
+          hints[i] = new Fr(result);
+        }
+      }
+    }
+    return hints;
+  }
+}