@fatsolutions/privacy-pools-core-starknet-sdk 0.0.42 → 0.0.43

package/src/auditor.ts

@@ -1,223 +0,0 @@
-import { xchacha20poly1305 } from "@noble/ciphers/chacha.js";
-import { hkdf } from "@noble/hashes/hkdf.js";
-import { sha3_256 as sha256 } from "@noble/hashes/sha3.js";
-import { bytesToNumberBE, numberToBytesBE } from "@noble/ciphers/utils.js";
-import { Secret, getCommitment, AccountCommitment, Hash, PoolInfo } from "@0xbow/privacy-pools-core-sdk";
-import { CairoOption, CairoOptionVariant } from "starknet";
-import { poseidonHashMany } from "@scure/starknet";
-import { StarknetDataService } from "./data.service.js";
-import { base64 } from "@scure/base";
-import { mnemonicToEntropy } from "@scure/bip39";
-import { wordlist } from '@scure/bip39/wordlists/english';
-
-export interface AuditEvent {
-  tag: Hash;
-  ciphertext: string;
-  prevNullifierHash: Hash;
-  newCommitment: Hash;
-  blockNumber: bigint;
-  transactionHash: string;
-}
-
-//TODO: The first time you will need to generate a viewing key is in the first withdraw
-// of a deposited note. At that point you allready have a label. I suggest for the viewKey to be derivable
-// from the account secret + deposit label. There is no need to store another secret for each deposit.
-// viewKey =~ Hash(AccountSecret, Label);
-export function deriveKey(secret: Uint8Array, label: bigint): Uint8Array {
-  const info = new TextEncoder().encode("xchacha-key");
-  const salt = new TextEncoder().encode(String(label));
-  const viewKey = hkdf(sha256, secret, salt, info, 32);
-  return viewKey;
-}
-
-export function deriveKeyFromMnemonic(mnemonic: string, label: bigint): Uint8Array {
-  const secret = mnemonicToEntropy(mnemonic, wordlist);
-  return deriveKey(secret, label);
-}
-
-export function encrypt(plaintext: Uint8Array, viewKey: Uint8Array) {
-  const nonce = crypto.getRandomValues(new Uint8Array(24));
-
-  const chacha = xchacha20poly1305(viewKey, nonce);
-  const ciphertext = chacha.encrypt(plaintext);
-
-  // Prepend the nonce
-  const output = new Uint8Array(24 + ciphertext.length);
-  output.set(nonce, 0);
-  output.set(ciphertext, 24);
-
-  return output;
-}
-
-export function decrypt(input: Uint8Array, viewKey: Uint8Array): Uint8Array {
-  const nonce = input.slice(0, 24);
-  const chacha = xchacha20poly1305(viewKey, nonce);
-
-  const ciphertext = input.slice(24);
-  //TODO: What happens if AE fails?
-  const decrypted = chacha.decrypt(ciphertext);
-
-  return decrypted;
-}
-
-export function packAuditorData({
-  label: declaredLabel,
-  value: declaredValue,
-  nullifier: declaredNullifier,
-  secret: declaredSecret
-}: Pick<AccountCommitment, 'label' | 'value' | 'nullifier' | 'secret'>,
-): Uint8Array {
-
-  //TODO: Add assertions about lenght of bigint
-  const output = new Uint8Array(128);
-  output.set(numberToBytesBE(declaredLabel, 32), 0);
-  output.set(numberToBytesBE(declaredValue, 32), 32);
-  output.set(numberToBytesBE(declaredNullifier, 32), 64);
-  output.set(numberToBytesBE(declaredSecret, 32), 96);
-
-  return output;
-}
-
-export function unpackAuditorData(packedData: Uint8Array)
-  : {
-    declaredLabel: bigint,
-    declaredValue: bigint,
-    declaredNullifier: bigint,
-    declaredSecret: bigint;
-  } {
-  const declaredLabel = bytesToNumberBE(packedData.slice(0, 32));
-  const declaredValue = bytesToNumberBE(packedData.slice(32, 64));
-  const declaredNullifier = bytesToNumberBE(packedData.slice(64, 96));
-  const declaredSecret = bytesToNumberBE(packedData.slice(96, 128));
-
-  return { declaredLabel, declaredValue, declaredNullifier, declaredSecret };
-}
-
-
-export function reconstructAccountCommitment(event: AuditEvent, viewKey: Uint8Array): AccountCommitment {
-  const { ciphertext, blockNumber, transactionHash, prevNullifierHash } = event;
-
-  const auditorData = decrypt(base64.decode(ciphertext), viewKey);
-  const { declaredLabel, declaredValue, declaredNullifier, declaredSecret } = unpackAuditorData(auditorData);
-
-  const {
-    hash,
-    nullifierHash,
-    preimage: { value: _value, label, precommitment: _precommitment }
-  } = getCommitment(declaredValue, declaredLabel, declaredNullifier as Secret, declaredSecret as Secret);
-
-  if (nullifierHash != prevNullifierHash) {
-    throw new Error("Inconsistency in emitted nullifier hash");
-  }
-
-  return {
-    hash,
-    value: declaredValue,
-    label: label as Hash,
-    nullifier: declaredNullifier as Secret,
-    secret: declaredSecret as Secret,
-    blockNumber,
-    txHash: transactionHash as `0x{string}`,
-  };
-}
-
-export function computeTag(viewKey: Uint8Array, withdraw_number: number): bigint {
-  const viewKeyBigInt = bytesToNumberBE(viewKey);
-  const tag = poseidonHashMany([viewKeyBigInt, BigInt(withdraw_number)]);
-  return tag;
-};
-
-
-async function fetchAuditEventsForViewKey(
-  viewKey: Uint8Array,
-  serviceData: StarknetDataService,
-  pool: PoolInfo,
-): Promise<[AuditEvent, number][]> {
-  let out: [AuditEvent, number][] = [];
-  let withdraw_number = 0;
-  while (true) {
-    let tag = computeTag(viewKey, withdraw_number);
-    let events = await serviceData.getAuditEventForTag(tag, pool);
-    if (!events) { break; };
-
-    //It should be only ONE event with this tag. But it is not eforced. A troll could make a withdraw with 
-    //the tag of a previous withraw from another label.
-    events.forEach(event => out.push([event, withdraw_number]));
-    withdraw_number++;
-  }
-  return out;
-}
-
-export async function constructSequence(
-  viewKey: Uint8Array,
-  serviceData: StarknetDataService,
-  pool: PoolInfo
-): Promise<AccountCommitment[]> {
-  const commitments: AccountCommitment[] = [];
-  const events = await fetchAuditEventsForViewKey(viewKey, serviceData, pool);
-
-  const events_for_index = events.filter(([_, b]) => b === 0);
-  if (events_for_index.length === 0) {
-    throw new Error("No withdraws for this key");
-  }
-
-  let declaredCommitment: AccountCommitment | undefined;
-
-  for (const [event, _withdraw_number] of events_for_index) {
-    try {
-      declaredCommitment = reconstructAccountCommitment(event, viewKey);
-    } catch {
-      //What should we do here?
-    }
-  }
-
-  if (!declaredCommitment) {
-    throw new Error("No event could be decrypted");
-  }
-
-
-  let initialLabel = declaredCommitment.label;
-
-  let deposit = await serviceData.getDeposits(pool, pool.deploymentBlock, initialLabel);
-  if (deposit.length != 1) {
-    throw new Error("No deposit found for this label");
-  }
-
-  let initialCommitment = deposit[0]!.commitment;
-  if (initialCommitment != declaredCommitment.hash) {
-    throw new Error("mismatch");
-  }
-  commitments.push(declaredCommitment);
-
-  for (let i = 1; i < events.length; i++) {
-    let events_for_index = events.filter(([_, b]) => b === i);
-
-    for (const [event, _withdraw_number] of events_for_index) {
-      try {
-        declaredCommitment = reconstructAccountCommitment(event, viewKey);
-      } catch {
-        //What should we do here?
-      }
-    }
-
-    if (initialLabel != declaredCommitment.label) {
-      throw new Error("mismatch");
-    }
-
-    if (commitments[i - 1]!.hash != declaredCommitment.hash) {
-      throw new Error("mismatch");
-    }
-
-    commitments.push(declaredCommitment);
-  }
-
-  return commitments;
-}
-
-/**
- * Represents a AuditEvent event from a privacy pool
- */
-export interface AuditorData {
-  tag: bigint;
-  ciphertext: string;
-}