@crisp-e3/contracts 0.5.11 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/contracts/CRISPProgram.sol +17 -11
- package/contracts/CRISPVerifier.sol +2163 -2164
- package/package.json +4 -4
|
@@ -41,6 +41,8 @@ contract CRISPProgram is IE3Program, Ownable {
|
|
|
41
41
|
uint8 public constant TREE_DEPTH = 20;
|
|
42
42
|
/// @notice Maximum number of bits allocated for vote counts in the plaintext output per option.
|
|
43
43
|
uint256 constant MAX_VOTE_BITS = 50;
|
|
44
|
+
/// @notice The zero-knowledge verification key hash for the CRISP program.
|
|
45
|
+
bytes32 public constant ZK_VK_HASH = 0xfbb1352f018828a2e0989e3010af055b6217b60462066ae0ce06209e22ffa8c2;
|
|
44
46
|
|
|
45
47
|
// State variables
|
|
46
48
|
IEnclave public enclave;
|
|
@@ -171,22 +173,26 @@ contract CRISPProgram is IE3Program, Ownable {
|
|
|
171
173
|
|
|
172
174
|
if (data.length == 0) revert EmptyInputData();
|
|
173
175
|
|
|
174
|
-
(bytes memory noirProof, address slotAddress, bytes32 encryptedVoteCommitment, bytes memory encryptedVote) = abi
|
|
175
|
-
data,
|
|
176
|
-
|
|
177
|
-
);
|
|
176
|
+
(bytes memory noirProof, address slotAddress, bytes32 encryptedVoteCommitment, bytes32 zkKeyHash, bytes memory encryptedVote) = abi
|
|
177
|
+
.decode(data, (bytes, address, bytes32, bytes32, bytes));
|
|
178
|
+
|
|
179
|
+
if (zkKeyHash != ZK_VK_HASH) revert InvalidNoirProof();
|
|
178
180
|
|
|
179
181
|
(uint40 voteIndex, bytes32 previousEncryptedVoteCommitment) = _processVote(e3Id, slotAddress, encryptedVoteCommitment);
|
|
180
182
|
|
|
181
183
|
// Set the public inputs for the proof. Order must match Noir circuit.
|
|
182
|
-
bytes32[] memory noirPublicInputs = new bytes32[](
|
|
184
|
+
bytes32[] memory noirPublicInputs = new bytes32[](39);
|
|
183
185
|
noirPublicInputs[0] = previousEncryptedVoteCommitment;
|
|
184
|
-
noirPublicInputs[1] =
|
|
185
|
-
noirPublicInputs[2] = bytes32(
|
|
186
|
-
noirPublicInputs[3] = bytes32(uint256(
|
|
187
|
-
noirPublicInputs[4] = bytes32(
|
|
188
|
-
noirPublicInputs[5] =
|
|
189
|
-
noirPublicInputs[6] =
|
|
186
|
+
noirPublicInputs[1] = bytes32(e3Data[e3Id].merkleRoot);
|
|
187
|
+
noirPublicInputs[2] = bytes32(uint256(uint160(slotAddress)));
|
|
188
|
+
noirPublicInputs[3] = bytes32(uint256(previousEncryptedVoteCommitment == bytes32(0) ? 1 : 0));
|
|
189
|
+
noirPublicInputs[4] = bytes32(e3Data[e3Id].numOptions);
|
|
190
|
+
noirPublicInputs[5] = encryptedVoteCommitment;
|
|
191
|
+
noirPublicInputs[6] = e3.committeePublicKey;
|
|
192
|
+
// Insert ZK_VK_HASH as 32 separate bytes (each as bytes32), matching proof format
|
|
193
|
+
for (uint256 i = 0; i < 32; i++) {
|
|
194
|
+
noirPublicInputs[7 + i] = bytes32(uint256(uint8(zkKeyHash[i])));
|
|
195
|
+
}
|
|
190
196
|
|
|
191
197
|
// Check if the ciphertext was encrypted correctly
|
|
192
198
|
if (!honkVerifier.verify(noirProof, noirPublicInputs)) {
|