@hula-privacy/mixer 0.1.0

package/src/transaction.ts

@@ -0,0 +1,464 @@
+/**
+ * Transaction building for Hula Privacy Protocol
+ * 
+ * Builds privacy transactions with ZK proofs
+ */
+
+import { PublicKey, SystemProgram, type TransactionInstruction } from "@solana/web3.js";
+import {
+  getAssociatedTokenAddressSync,
+  createAssociatedTokenAccountIdempotentInstruction,
+} from "@solana/spl-token";
+import { BN } from "@coral-xyz/anchor";
+
+import {
+  PROGRAM_ID,
+  TOKEN_2022_PROGRAM_ID,
+  NUM_INPUT_UTXOS,
+  NUM_OUTPUT_UTXOS,
+  MERKLE_TREE_DEPTH,
+  getPoolPDA,
+  getMerkleTreePDA,
+  getVaultPDA,
+  getNullifierPDA,
+} from "./constants";
+import {
+  bigIntToBytes32,
+  pubkeyToBigInt,
+  encryptNote,
+  serializeEncryptedNote,
+} from "./crypto";
+import { computeMerklePathFromLeaves, fetchMerkleRoot, getCurrentTreeIndex, getNextLeafIndex } from "./merkle";
+import { computeCommitment, computeNullifier, createUTXO, createDummyUTXO } from "./utxo";
+import { generateProof } from "./proof";
+import { getRelayerClient } from "./api";
+import type {
+  UTXO,
+  WalletKeys,
+  TransactionRequest,
+  BuiltTransaction,
+  CircuitInputs,
+  OutputSpec,
+} from "./types";
+
+// ============================================================================
+// Transaction Builder
+// ============================================================================
+
+/**
+ * Build a privacy transaction
+ * 
+ * This handles all transaction types: deposits, transfers, and withdrawals.
+ */
+export async function buildTransaction(
+  request: TransactionRequest,
+  walletKeys: WalletKeys,
+  relayerUrl?: string
+): Promise<BuiltTransaction> {
+  const client = getRelayerClient(relayerUrl);
+
+  // Get current pool state
+  const pool = await client.getPool();
+  const currentTreeIndex = pool.currentTreeIndex;
+
+  // Validate inputs
+  const depositAmount = request.depositAmount ?? 0n;
+  const withdrawAmount = request.withdrawAmount ?? 0n;
+  const fee = request.fee ?? 0n;
+  const inputUtxos = request.inputUtxos ?? [];
+  const outputs = request.outputs ?? [];
+
+  if (depositAmount === 0n && inputUtxos.length === 0) {
+    throw new Error("Either depositAmount or inputUtxos is required");
+  }
+
+  if (withdrawAmount > 0n && !request.recipient) {
+    throw new Error("recipient is required when withdrawing");
+  }
+
+  // Determine input tree (all inputs must be from same tree)
+  let inputTreeIndex = currentTreeIndex;
+  if (inputUtxos.length > 0) {
+    inputTreeIndex = inputUtxos[0].treeIndex;
+    for (const utxo of inputUtxos) {
+      if (utxo.treeIndex !== inputTreeIndex) {
+        throw new Error("All input UTXOs must be from the same tree");
+      }
+    }
+  }
+
+  // Fetch leaves from input tree for merkle path computation
+  const leaves = await client.getCommitmentsForTree(inputTreeIndex);
+  
+  // Get merkle root from input tree
+  let merkleRoot: bigint;
+  if (inputUtxos.length > 0) {
+    merkleRoot = await fetchMerkleRoot(inputTreeIndex, relayerUrl);
+  } else {
+    // Pure deposit - use current tree root
+    merkleRoot = await fetchMerkleRoot(currentTreeIndex, relayerUrl);
+  }
+
+  // Get next leaf index for output tree
+  const nextLeafIndex = await getNextLeafIndex(currentTreeIndex, relayerUrl);
+
+  // Calculate totals
+  const totalInputValue = inputUtxos.reduce((sum, u) => sum + u.value, 0n);
+  const totalAvailable = totalInputValue + depositAmount;
+
+  // Build output UTXOs
+  const mintBigInt = pubkeyToBigInt(request.mint);
+  const outputUtxos: UTXO[] = [];
+  let totalOutputValue = 0n;
+  let outputIndex = 0;
+
+  for (const output of outputs) {
+    const owner = output.owner === "self" ? walletKeys.owner : output.owner;
+    const utxo = createUTXO(
+      output.amount,
+      mintBigInt,
+      owner,
+      nextLeafIndex + outputIndex,
+      currentTreeIndex
+    );
+    outputUtxos.push(utxo);
+    totalOutputValue += output.amount;
+    outputIndex++;
+  }
+
+  // Calculate change
+  const totalOut = withdrawAmount + fee + totalOutputValue;
+  const changeAmount = totalAvailable - totalOut;
+
+  if (changeAmount < 0n) {
+    throw new Error(
+      `Insufficient value. Have ${totalAvailable} (inputs: ${totalInputValue}, deposit: ${depositAmount}), ` +
+      `need ${totalOut} (outputs: ${totalOutputValue}, withdraw: ${withdrawAmount}, fee: ${fee})`
+    );
+  }
+
+  // Add change output if needed
+  if (changeAmount > 0n) {
+    if (outputUtxos.length >= NUM_OUTPUT_UTXOS) {
+      throw new Error("No output slot available for change");
+    }
+    const changeUtxo = createUTXO(
+      changeAmount,
+      mintBigInt,
+      walletKeys.owner,
+      nextLeafIndex + outputIndex,
+      currentTreeIndex
+    );
+    outputUtxos.push(changeUtxo);
+    totalOutputValue += changeAmount;
+  }
+
+  // Pad outputs to NUM_OUTPUT_UTXOS
+  while (outputUtxos.length < NUM_OUTPUT_UTXOS) {
+    outputUtxos.push(createDummyUTXO());
+  }
+
+  // Build circuit inputs
+  const circuitInputs = buildCircuitInputs(
+    merkleRoot,
+    inputUtxos,
+    outputUtxos,
+    walletKeys,
+    leaves,
+    depositAmount,
+    withdrawAmount,
+    request.recipient ?? PublicKey.default,
+    request.mint,
+    fee
+  );
+
+  // Generate ZK proof
+  const { proof } = await generateProof(circuitInputs);
+
+  // Build public inputs for on-chain verifier
+  const nullifiers = circuitInputs.nullifiers.map(n => BigInt(n));
+  const publicInputs = {
+    merkleRoot: Array.from(bigIntToBytes32(merkleRoot)),
+    nullifiers: nullifiers.map(n => Array.from(bigIntToBytes32(n))),
+    outputCommitments: outputUtxos.map(u => Array.from(bigIntToBytes32(u.commitment))),
+    publicDeposit: depositAmount,
+    publicWithdraw: withdrawAmount,
+    recipient: request.recipient ?? PublicKey.default,
+    mintTokenAddress: request.mint,
+    fee,
+  };
+
+  // Create encrypted notes for outputs with encryption keys
+  const encryptedNotes: Buffer[] = [];
+  for (let i = 0; i < outputs.length; i++) {
+    const output = outputs[i];
+    const utxo = outputUtxos[i];
+
+    if (output.encryptionPubKey && utxo.value > 0n) {
+      const encrypted = encryptNote(
+        {
+          value: utxo.value,
+          mintTokenAddress: utxo.mintTokenAddress,
+          secret: utxo.secret,
+          leafIndex: utxo.leafIndex,
+        },
+        output.encryptionPubKey
+      );
+      encryptedNotes.push(Buffer.from(serializeEncryptedNote(encrypted)));
+    }
+  }
+
+  // Add encrypted note for change (to self)
+  if (changeAmount > 0n) {
+    const changeIndex = outputs.length;
+    const changeUtxo = outputUtxos[changeIndex];
+    const encrypted = encryptNote(
+      {
+        value: changeUtxo.value,
+        mintTokenAddress: changeUtxo.mintTokenAddress,
+        secret: changeUtxo.secret,
+        leafIndex: changeUtxo.leafIndex,
+      },
+      walletKeys.encryptionKeyPair.publicKey
+    );
+    encryptedNotes.push(Buffer.from(serializeEncryptedNote(encrypted)));
+  }
+
+  return {
+    proof,
+    publicInputs,
+    encryptedNotes,
+    outputUtxos: outputUtxos.filter(u => u.value > 0n),
+    nullifiers,
+    inputTreeIndex,
+    outputTreeIndex: currentTreeIndex,
+  };
+}
+
+/**
+ * Build circuit inputs from transaction data
+ */
+function buildCircuitInputs(
+  merkleRoot: bigint,
+  inputUtxos: UTXO[],
+  outputUtxos: UTXO[],
+  walletKeys: WalletKeys,
+  leaves: bigint[],
+  depositAmount: bigint,
+  withdrawAmount: bigint,
+  recipient: PublicKey,
+  mint: PublicKey,
+  fee: bigint
+): CircuitInputs {
+  const inputSpendingKeys: string[] = [];
+  const inputValues: string[] = [];
+  const inputSecrets: string[] = [];
+  const inputLeafIndices: string[] = [];
+  const inputPathElements: string[][] = [];
+  const inputPathIndices: number[][] = [];
+  const nullifiers: string[] = [];
+
+  for (let i = 0; i < NUM_INPUT_UTXOS; i++) {
+    if (i < inputUtxos.length) {
+      const utxo = inputUtxos[i];
+      inputSpendingKeys.push(walletKeys.spendingKey.toString());
+      inputValues.push(utxo.value.toString());
+      inputSecrets.push(utxo.secret.toString());
+      inputLeafIndices.push(utxo.leafIndex.toString());
+
+      // Compute merkle path
+      const { pathElements, pathIndices } = computeMerklePathFromLeaves(
+        utxo.leafIndex,
+        leaves
+      );
+      inputPathElements.push(pathElements.map(e => e.toString()));
+      inputPathIndices.push(pathIndices);
+
+      // Compute nullifier
+      const nullifier = computeNullifier(
+        walletKeys.spendingKey,
+        utxo.commitment,
+        utxo.leafIndex
+      );
+      nullifiers.push(nullifier.toString());
+    } else {
+      // Dummy input
+      inputSpendingKeys.push("0");
+      inputValues.push("0");
+      inputSecrets.push("0");
+      inputLeafIndices.push("0");
+      inputPathElements.push(Array(MERKLE_TREE_DEPTH).fill("0"));
+      inputPathIndices.push(Array(MERKLE_TREE_DEPTH).fill(0));
+      nullifiers.push("0");
+    }
+  }
+
+  return {
+    merkleRoot: merkleRoot.toString(),
+    nullifiers,
+    outputCommitments: outputUtxos.map(u => u.commitment.toString()),
+    publicDeposit: depositAmount.toString(),
+    publicWithdraw: withdrawAmount.toString(),
+    recipient: pubkeyToBigInt(recipient).toString(),
+    mintTokenAddress: pubkeyToBigInt(mint).toString(),
+    fee: fee.toString(),
+
+    inputSpendingKeys,
+    inputValues,
+    inputSecrets,
+    inputLeafIndices,
+    inputPathElements,
+    inputPathIndices,
+
+    outputValues: outputUtxos.map(u => u.value.toString()),
+    outputOwners: outputUtxos.map(u => u.owner.toString()),
+    outputSecrets: outputUtxos.map(u => u.secret.toString()),
+  };
+}
+
+// ============================================================================
+// Solana Instruction Building
+// ============================================================================
+
+/**
+ * Build Solana transaction accounts and instructions
+ * 
+ * This creates the account list and any pre-instructions needed for the transaction.
+ */
+export function buildTransactionAccounts(
+  builtTx: BuiltTransaction,
+  payer: PublicKey,
+  mint: PublicKey,
+  depositAmount: bigint,
+  withdrawAmount: bigint,
+  recipient?: PublicKey
+): {
+  accounts: {
+    payer: PublicKey;
+    mint: PublicKey;
+    pool: PublicKey;
+    inputTree: PublicKey;
+    merkleTree: PublicKey;
+    vault: PublicKey;
+    depositorTokenAccount: PublicKey | null;
+    depositor: PublicKey | null;
+    recipientTokenAccount: PublicKey | null;
+    feeRecipientTokenAccount: PublicKey | null;
+    nullifierAccount0: PublicKey | null;
+    nullifierAccount1: PublicKey | null;
+    tokenProgram: PublicKey;
+    systemProgram: PublicKey;
+  };
+  preInstructions: TransactionInstruction[];
+  inputTreeIndex: number | null;
+} {
+  const [poolPda] = getPoolPDA();
+  const [vaultPda] = getVaultPDA(mint);
+  const [inputTreePda] = getMerkleTreePDA(builtTx.inputTreeIndex);
+  const [outputTreePda] = getMerkleTreePDA(builtTx.outputTreeIndex);
+
+  const preInstructions: TransactionInstruction[] = [];
+
+  // Depositor token account
+  let depositorTokenAccount: PublicKey | null = null;
+  let depositor: PublicKey | null = null;
+  if (depositAmount > 0n) {
+    depositorTokenAccount = getAssociatedTokenAddressSync(
+      mint,
+      payer,
+      false,
+      TOKEN_2022_PROGRAM_ID
+    );
+    depositor = payer;
+  }
+
+  // Recipient token account
+  let recipientTokenAccount: PublicKey | null = null;
+  if (withdrawAmount > 0n && recipient) {
+    recipientTokenAccount = getAssociatedTokenAddressSync(
+      mint,
+      recipient,
+      false,
+      TOKEN_2022_PROGRAM_ID
+    );
+
+    // Create ATA if needed
+    const createAtaIx = createAssociatedTokenAccountIdempotentInstruction(
+      payer,
+      recipientTokenAccount,
+      recipient,
+      mint,
+      TOKEN_2022_PROGRAM_ID
+    );
+    preInstructions.push(createAtaIx);
+  }
+
+  // Nullifier PDAs
+  const nullifierPdas: (PublicKey | null)[] = [];
+  for (const nullifier of builtTx.nullifiers) {
+    if (nullifier === 0n) {
+      nullifierPdas.push(null);
+    } else {
+      const nullifierBytes = bigIntToBytes32(nullifier);
+      const [nullifierPda] = getNullifierPDA(nullifierBytes);
+      nullifierPdas.push(nullifierPda);
+    }
+  }
+
+  // Determine if we need to pass input tree index
+  const inputTreeIndex = builtTx.inputTreeIndex !== builtTx.outputTreeIndex
+    ? builtTx.inputTreeIndex
+    : null;
+
+  return {
+    accounts: {
+      payer,
+      mint,
+      pool: poolPda,
+      inputTree: inputTreePda,
+      merkleTree: outputTreePda,
+      vault: vaultPda,
+      depositorTokenAccount,
+      depositor,
+      recipientTokenAccount,
+      feeRecipientTokenAccount: null, // TODO: Add fee recipient support
+      nullifierAccount0: nullifierPdas[0] ?? null,
+      nullifierAccount1: nullifierPdas[1] ?? null,
+      tokenProgram: TOKEN_2022_PROGRAM_ID,
+      systemProgram: SystemProgram.programId,
+    },
+    preInstructions,
+    inputTreeIndex,
+  };
+}
+
+// ============================================================================
+// Helper Types for Anchor
+// ============================================================================
+
+/**
+ * Convert built transaction to Anchor-compatible format
+ */
+export function toAnchorPublicInputs(builtTx: BuiltTransaction): {
+  merkleRoot: number[];
+  nullifiers: number[][];
+  outputCommitments: number[][];
+  publicDeposit: BN;
+  publicWithdraw: BN;
+  recipient: PublicKey;
+  mintTokenAddress: PublicKey;
+  fee: BN;
+} {
+  return {
+    merkleRoot: builtTx.publicInputs.merkleRoot,
+    nullifiers: builtTx.publicInputs.nullifiers,
+    outputCommitments: builtTx.publicInputs.outputCommitments,
+    publicDeposit: new BN(builtTx.publicInputs.publicDeposit.toString()),
+    publicWithdraw: new BN(builtTx.publicInputs.publicWithdraw.toString()),
+    recipient: builtTx.publicInputs.recipient,
+    mintTokenAddress: builtTx.publicInputs.mintTokenAddress,
+    fee: new BN(builtTx.publicInputs.fee.toString()),
+  };
+}
+
+