npm - @maci-protocol/circuits - Versions diffs - 0.0.0-ci.9840a0f → 0.0.0-ci.991fa14 - Mend

@maci-protocol/circuits 0.0.0-ci.9840a0f → 0.0.0-ci.991fa14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/circom/coordinator/full/MessageProcessor.circom CHANGED Viewed

@@ -33,14 +33,6 @@ include "./SingleMessageProcessor.circom";
     var PACKED_COMMAND_LENGTH = 4;
     var STATE_LEAF_LENGTH = 3;
     var BALLOT_LENGTH = 2;
-    var BALLOT_NONCE_INDEX = 0;
-    var BALLOT_VOTE_OPTION_ROOT_INDEX = 1;
-    var STATE_LEAF_PUBLIC_X_INDEX = 0;
-    var STATE_LEAF_PUBLIC_Y_INDEX = 1;
-    var STATE_LEAF_VOICE_CREDIT_BALANCE_INDEX = 2;
-    var MESSAGE_TREE_ZERO_VALUE = 8370432830353022751713833565135785980866757267633941821328460903436894336785;
-    // Number of options for this poll.
-    var maxVoteOptions = VOTE_OPTION_TREE_ARITY ** voteOptionTreeDepth;
     // Number of users that have completed the sign up.
     signal input totalSignups;
@@ -57,7 +49,7 @@ include "./SingleMessageProcessor.circom";
     // The current state root (before the processing).
     signal input currentStateRoot;
     // The actual tree depth (might be <= stateTreeDepth).
-    // @note it is a public input to ensure fair processing from
+    // @note it is a public input to ensure fair processing from
     // the coordinator (no censoring)
     signal input actualStateTreeDepth;
     // The coordinator public key hash
@@ -97,7 +89,7 @@ include "./SingleMessageProcessor.circom";
     // The index of the first message in the batch, inclusive.
     signal input index;
     // The index of the last message in the batch to process, exclusive.
     // This value may be less than index + batchSize if this batch is
     // the last batch and the total number of messages is not a multiple of the batch size.
@@ -112,7 +104,7 @@ include "./SingleMessageProcessor.circom";
     var computedCurrentSbCommitment = PoseidonHasher(3)([currentStateRoot, currentBallotRoot, currentSbSalt]);
     computedCurrentSbCommitment === currentSbCommitment;
-    //  -----------------------------------------------------------------------
+    //  -----------------------------------------------------------------------
     // 0. Ensure that the maximum vote options signal is valid and if
     // the maximum users signal is valid
     var voteOptionsValid = LessEqThan(32)([voteOptions, VOTE_OPTION_TREE_ARITY ** voteOptionTreeDepth]);
@@ -162,7 +154,7 @@ include "./SingleMessageProcessor.circom";
     // Decrypt each Message into a Command.
     // The command i-th is composed by the following fields.
-    // e.g., command 0 is made of commandsStateIndex[0],
+    // e.g., command 0 is made of commandsStateIndex[0],
     // commandsNewPublicKey[0], ..., commandsPackedCommandOut[0]
     var computedCommandsStateIndex[batchSize];
     var computedCommandsNewPublicKey[batchSize][2];
@@ -205,7 +197,7 @@ include "./SingleMessageProcessor.circom";
         var computedCurrentStateLeavesPathElements[stateTreeDepth][STATE_TREE_ARITY - 1];
         var computedCurrentBallotPathElements[stateTreeDepth][STATE_TREE_ARITY - 1];
         var computedCurrentVoteWeightsPathElements[voteOptionTreeDepth][VOTE_OPTION_TREE_ARITY - 1];
         for (var j = 0; j < stateTreeDepth; j++) {
             for (var k = 0; k < STATE_TREE_ARITY - 1; k++) {
                 computedCurrentStateLeavesPathElements[j][k] = currentStateLeavesPathElements[i][j][k];

package/circom/coordinator/non-qv/MessageProcessor.circom CHANGED Viewed

@@ -33,14 +33,6 @@ include "./SingleMessageProcessor.circom";
     var PACKED_COMMAND_LENGTH = 4;
     var STATE_LEAF_LENGTH = 3;
     var BALLOT_LENGTH = 2;
-    var BALLOT_NONCE_INDEX = 0;
-    var BALLOT_VOTE_OPTION_ROOT_INDEX = 1;
-    var STATE_LEAF_PUBLIC_X_INDEX = 0;
-    var STATE_LEAF_PUBLIC_Y_INDEX = 1;
-    var STATE_LEAF_VOICE_CREDIT_BALANCE_INDEX = 2;
-    var MESSAGE_TREE_ZERO_VALUE = 8370432830353022751713833565135785980866757267633941821328460903436894336785;
-    // Number of options for this poll.
-    var maxVoteOptions = VOTE_OPTION_TREE_ARITY ** voteOptionTreeDepth;
     // Number of users that have completed the sign up.
     signal input totalSignups;
@@ -57,7 +49,7 @@ include "./SingleMessageProcessor.circom";
     // The current state root (before the processing).
     signal input currentStateRoot;
     // The actual tree depth (might be <= stateTreeDepth).
-    // @note it is a public input to ensure fair processing from
+    // @note it is a public input to ensure fair processing from
     // the coordinator (no censoring)
     signal input actualStateTreeDepth;
     // The coordinator public key hash
@@ -97,7 +89,7 @@ include "./SingleMessageProcessor.circom";
     // The index of the first message in the batch, inclusive.
     signal input index;
     // The index of the last message in the batch to process, exclusive.
     // This value may be less than index + batchSize if this batch is
     // the last batch and the total number of messages is not a multiple of the batch size.
@@ -112,7 +104,7 @@ include "./SingleMessageProcessor.circom";
     var computedCurrentSbCommitment = PoseidonHasher(3)([currentStateRoot, currentBallotRoot, currentSbSalt]);
     computedCurrentSbCommitment === currentSbCommitment;
-    //  -----------------------------------------------------------------------
+    //  -----------------------------------------------------------------------
     // 0. Ensure that the maximum vote options signal is valid and if
     // the maximum users signal is valid
     var voteOptionsValid = LessEqThan(32)([voteOptions, VOTE_OPTION_TREE_ARITY ** voteOptionTreeDepth]);
@@ -162,7 +154,7 @@ include "./SingleMessageProcessor.circom";
     // Decrypt each Message into a Command.
     // The command i-th is composed by the following fields.
-    // e.g., command 0 is made of commandsStateIndex[0],
+    // e.g., command 0 is made of commandsStateIndex[0],
     // commandsNewPublicKey[0], ..., commandsPackedCommandOut[0]
     var computedCommandsStateIndex[batchSize];
     var computedCommandsNewPublicKey[batchSize][2];
@@ -205,7 +197,7 @@ include "./SingleMessageProcessor.circom";
         var computedCurrentStateLeavesPathElements[stateTreeDepth][STATE_TREE_ARITY - 1];
         var computedCurrentBallotPathElements[stateTreeDepth][STATE_TREE_ARITY - 1];
         var computedCurrentVoteWeightsPathElements[voteOptionTreeDepth][VOTE_OPTION_TREE_ARITY - 1];
         for (var j = 0; j < stateTreeDepth; j++) {
             for (var k = 0; k < STATE_TREE_ARITY - 1; k++) {
                 computedCurrentStateLeavesPathElements[j][k] = currentStateLeavesPathElements[i][j][k];

package/circom/coordinator/non-qv/SingleMessageProcessor.circom CHANGED Viewed

@@ -12,10 +12,10 @@ include "../../utils/non-qv/StateLeafAndBallotTransformer.circom";
 /**
- * Processes one message and updates the state accordingly.
- * This template involves complex interactions, including transformations based on message type,
- * validations against current states like voice credit balances or vote weights,
- * and updates to Merkle trees representing state and ballot information.
+ * Processes one message and updates the state accordingly.
+ * This template involves complex interactions, including transformations based on message type,
+ * validations against current states like voice credit balances or vote weights,
+ * and updates to Merkle trees representing state and ballot information.
  * This is a critical building block for ensuring the integrity and correctness of MACI state.
  * This template does not support Quadratic Voting (QV).
  */
@@ -23,7 +23,6 @@ template SingleMessageProcessorNonQv(stateTreeDepth, voteOptionTreeDepth) {
     // Constants defining the structure and size of state and ballots.
     var STATE_LEAF_LENGTH = 3;
     var BALLOT_LENGTH = 2;
-    var MESSAGE_LENGTH = 10;
     var PACKED_COMMAND_LENGTH = 4;
     var VOTE_OPTION_TREE_ARITY = 5;
     var STATE_TREE_ARITY = 2;
@@ -37,7 +36,6 @@ template SingleMessageProcessorNonQv(stateTreeDepth, voteOptionTreeDepth) {
     var STATE_LEAF_PUBLIC_Y_INDEX = 1;
     // Voice Credit balance.
     var STATE_LEAF_VOICE_CREDIT_BALANCE_INDEX = 2;
-    var NUMBER_BITS = 252;
     // Number of users that have completed the sign up.
     signal input totalSignups;
@@ -121,7 +119,7 @@ template SingleMessageProcessorNonQv(stateTreeDepth, voteOptionTreeDepth) {
     // 4. Verify that the original ballot exists in the given ballot root.
     var computedBallot = PoseidonHasher(2)([
-        ballot[BALLOT_NONCE_INDEX],
+        ballot[BALLOT_NONCE_INDEX],
         ballot[BALLOT_VOTE_OPTION_ROOT_INDEX]
     ]);
     var computedStateLeafPathIndices[stateTreeDepth] = Num2Bits(stateTreeDepth)(stateIndexMux);
@@ -186,8 +184,8 @@ template SingleMessageProcessorNonQv(stateTreeDepth, voteOptionTreeDepth) {
     );
     newStateRoot <== computedNewStateLeafQip;
-    // 7. Generate a new ballot root.
+    // 7. Generate a new ballot root.
     var computedNewBallot = PoseidonHasher(2)([computedNewBallotNonce, newBallotVoteOptionRoot]);
     var computedNewBallotQip = MerkleTreeInclusionProof(stateTreeDepth)(
         computedNewBallot,

package/circom/coordinator/qv/MessageProcessor.circom CHANGED Viewed

@@ -34,14 +34,6 @@ template MessageProcessorQv(
     var PACKED_COMMAND_LENGTH = 4;
     var STATE_LEAF_LENGTH = 3;
     var BALLOT_LENGTH = 2;
-    var BALLOT_NONCE_INDEX = 0;
-    var BALLOT_VOTE_OPTION_ROOT_INDEX = 1;
-    var STATE_LEAF_PUBLIC_X_INDEX = 0;
-    var STATE_LEAF_PUBLIC_Y_INDEX = 1;
-    var STATE_LEAF_VOICE_CREDIT_BALANCE_INDEX = 2;
-    var MESSAGE_TREE_ZERO_VALUE = 8370432830353022751713833565135785980866757267633941821328460903436894336785;
-    // Number of options for this poll.
-    var maxVoteOptions = VOTE_OPTION_TREE_ARITY ** voteOptionTreeDepth;
     // Number of users that have completed the sign up.
     signal input totalSignups;
@@ -58,7 +50,7 @@ template MessageProcessorQv(
     // The current state root (before the processing).
     signal input currentStateRoot;
     // The actual tree depth (might be <= stateTreeDepth).
-    // @note it is a public input to ensure fair processing from
+    // @note it is a public input to ensure fair processing from
     // the coordinator (no censoring)
     signal input actualStateTreeDepth;
     // The coordinator public key hash
@@ -98,7 +90,7 @@ template MessageProcessorQv(
     // The index of the first message in the batch, inclusive.
     signal input index;
     // The index of the last message in the batch to process, exclusive.
     // This value may be less than batchSize if this batch is
     // the last batch and the total number of messages is not a multiple of the batch size.
@@ -160,7 +152,7 @@ template MessageProcessorQv(
     // Decrypt each Message into a Command.
     // The command i-th is composed by the following fields.
-    // e.g., command 0 is made of commandsStateIndex[0],
+    // e.g., command 0 is made of commandsStateIndex[0],
     // commandsNewPublicKey[0], ..., commandsPackedCommandOut[0]
     var computedCommandsStateIndex[batchSize];
     var computedCommandsNewPublicKey[batchSize][2];
@@ -203,7 +195,7 @@ template MessageProcessorQv(
         var computedCurrentStateLeavesPathElements[stateTreeDepth][STATE_TREE_ARITY - 1];
         var computedCurrentBallotPathElements[stateTreeDepth][STATE_TREE_ARITY - 1];
         var computedCurrentVoteWeightsPathElements[voteOptionTreeDepth][VOTE_OPTION_TREE_ARITY - 1];
         for (var j = 0; j < stateTreeDepth; j++) {
             for (var k = 0; k < STATE_TREE_ARITY - 1; k++) {
                 computedCurrentStateLeavesPathElements[j][k] = currentStateLeavesPathElements[i][j][k];
@@ -216,7 +208,7 @@ template MessageProcessorQv(
                 computedCurrentVoteWeightsPathElements[j][k] = currentVoteWeightsPathElements[i][j][k];
             }
         }
         (computedNewVoteStateRoot[i], computedNewVoteBallotRoot[i]) = SingleMessageProcessorQv(stateTreeDepth, voteOptionTreeDepth)(
             totalSignups,
             stateRoots[i + 1],

package/circom/coordinator/qv/SingleMessageProcessor.circom CHANGED Viewed

@@ -11,10 +11,10 @@ include "../../utils/trees/QuinaryGeneratePathIndices.circom";
 include "../../utils/qv/StateLeafAndBallotTransformer.circom";
 /**
- * Processes one message and updates the state accordingly.
- * This template involves complex interactions, including transformations based on message type,
- * validations against current states like voice credit balances or vote weights,
- * and updates to Merkle trees representing state and ballot information.
+ * Processes one message and updates the state accordingly.
+ * This template involves complex interactions, including transformations based on message type,
+ * validations against current states like voice credit balances or vote weights,
+ * and updates to Merkle trees representing state and ballot information.
  * This is a critical building block for ensuring the integrity and correctness of MACI state.
  * This template supports the Quadratic Voting (QV).
  */
@@ -22,7 +22,6 @@ template SingleMessageProcessorQv(stateTreeDepth, voteOptionTreeDepth) {
     // Constants defining the structure and size of state and ballots.
     var STATE_LEAF_LENGTH = 3;
     var BALLOT_LENGTH = 2;
-    var MESSAGE_LENGTH = 10;
     var PACKED_COMMAND_LENGTH = 4;
     var VOTE_OPTION_TREE_ARITY = 5;
     var STATE_TREE_ARITY = 2;
@@ -36,7 +35,6 @@ template SingleMessageProcessorQv(stateTreeDepth, voteOptionTreeDepth) {
     var STATE_LEAF_PUBLIC_Y_INDEX = 1;
     // Voice Credit balance.
     var STATE_LEAF_VOICE_CREDIT_BALANCE_INDEX = 2;
-    var NUMBER_BITS = 252;
     // Number of users that have completed the sign up.
     signal input totalSignups;
@@ -125,7 +123,7 @@ template SingleMessageProcessorQv(stateTreeDepth, voteOptionTreeDepth) {
     // 4. Verify that the original ballot exists in the given ballot root.
     var computedBallot = PoseidonHasher(2)([
-        ballot[BALLOT_NONCE_INDEX],
+        ballot[BALLOT_NONCE_INDEX],
         ballot[BALLOT_VOTE_OPTION_ROOT_INDEX]
     ]);
     var computedStateLeafPathIndices[stateTreeDepth] = Num2Bits(stateTreeDepth)(stateIndexMux);
@@ -193,8 +191,8 @@ template SingleMessageProcessorQv(stateTreeDepth, voteOptionTreeDepth) {
     );
     newStateRoot <== computedNewStateLeafQip;
-    // 7. Generate a new ballot root.
+    // 7. Generate a new ballot root.
     var computedNewBallot = PoseidonHasher(2)([computedNewBallotNonce, newBallotVoteOptionRoot]);
     var computedNewBallotQip = MerkleTreeInclusionProof(stateTreeDepth)(
         computedNewBallot,
@@ -204,4 +202,3 @@ template SingleMessageProcessorQv(stateTreeDepth, voteOptionTreeDepth) {
     newBallotRoot <== computedNewBallotQip;
 }

package/circom/utils/EdDSAPoseidonVerifier.circom CHANGED Viewed

@@ -9,6 +9,7 @@ include "./escalarmulany.circom";
 include "./escalarmulfix.circom";
 // local imports
 include "./PoseidonHasher.circom";
+include "./IsOnCurve.circom";
 /**
  * Variant of the EdDSAPoseidonVerifier template from circomlib
@@ -37,9 +38,13 @@ template EdDSAPoseidonVerifier() {
     // Output signal for the validity of the signature.
     signal output isValid;
+    // Verify the public key and signature point are on the BabyJubJub curve.
+    var computedIsPkOnCurve = IsOnCurve()(publicKeyX, publicKeyY);
+    var computedIsSpOnCurve = IsOnCurve()(signaturePointX, signaturePointY);
     // Ensure signatureScalar<Subgroup Order.
     // convert the signature scalar signatureScalar into its binary representation.
-    var computedNum2Bits[254] = Num2Bits(254)(signatureScalar);
+    var computedNum2Bits[254] = Num2Bits_strict()(signatureScalar);
     var computedCompConstantIn[254] = computedNum2Bits;
     computedCompConstantIn[253] = 0;
@@ -82,10 +87,10 @@ template EdDSAPoseidonVerifier() {
     // Components to handle edge cases and ensure that all conditions
     // for a valid signature are met, including the
     // public key not being zero and other integrity checks.
-    var computedIsAxZero = IsZero()(publicKeyX);
+    var computedIsAxZero = IsZero()(computedDouble3XOut);
     var computedIsAxEqual = IsEqual()([computedIsAxZero, 0]);
     var computedIsCcZero = IsZero()(computedCompConstant);
-    var computedIsValid = IsEqual()([computedIsLeftRightValid + computedIsAxEqual + computedIsCcZero, 3]);
+    var computedIsValid = IsEqual()([computedIsLeftRightValid + computedIsAxEqual + computedIsCcZero + computedIsPkOnCurve + computedIsSpOnCurve, 5]);
     isValid <== computedIsValid;
 }

package/circom/utils/IsOnCurve.circom ADDED Viewed

@@ -0,0 +1,40 @@
+pragma circom 2.0.0;
+// zk-kit imports
+include "./comparators.circom";
+/**
+ * Returns 0 or 1 depending on if the point is on the BabyJubJub curve or not. The point is on the
+ * BabyJubJub curve if the following equation is true: a*x^2 + y^2 == 1 + d*x^2*y^2
+ * This template is identical to the BabyCheck template from circomlib, but it returns 0 or 1
+ * instead of having a hard constraint.
+ * Based on: https://github.com/iden3/circomlib/blob/master/circuits/babyjub.circom
+ */
+template IsOnCurve() {
+    // x coordinate of the point on the BabyJubJub curve.
+    signal input x;
+    // y coordinate of the point on the BabyJubJub curve.
+    signal input y;
+    // True when the point (x, y) satisfies the BabyJubJub curve equation.
+    signal output isValid;
+    // x^2 and y^2 intermediate values.
+    signal x2;
+    signal y2;
+    // x^2 * y^2 intermediate value.
+    signal x2y2;
+    // BabyJubJub curve parameters.
+    var a = 168700;
+    var d = 168696;
+    // Compute x^2 and y^2.
+    x2 <== x * x;
+    y2 <== y * y;
+    // Compute x^2 * y^2.
+    x2y2 <== x2 * y2;
+    // Check if a*x^2 + y^2 == 1 + d*x^2*y^2.
+    isValid <== IsEqual()([a * x2 + y2, 1 + d * x2y2]);
+}

package/circom/utils/full/StateLeafAndBallotTransformer.circom CHANGED Viewed

@@ -119,4 +119,9 @@ template StateLeafAndBallotTransformerFull() {
     isValid <== computedIsValid;
     isStateLeafIndexValid <== computedIsStateLeafIndexValid;
     isVoteOptionIndexValid <== computedIsVoteOptionIndexValid;
+    // Constrain commandPollId and commandSalt using dummy squares.
+    // This binds the proof to a specific poll and salt.
+    signal commandPollIdSquare <== commandPollId * commandPollId;
+    signal commandSaltSquared <== commandSalt * commandSalt;
 }

package/circom/utils/non-qv/StateLeafAndBallotTransformer.circom CHANGED Viewed

@@ -102,4 +102,9 @@ template StateLeafAndBallotTransformerNonQv() {
     isValid <== computedIsValid;
     isStateLeafIndexValid <== computedIsStateLeafIndexValid;
     isVoteOptionIndexValid <== computedIsVoteOptionIndexValid;
+    // Constrain commandPollId and commandSalt using dummy squares.
+    // This binds the proof to a specific poll and salt.
+    signal commandPollIdSquare <== commandPollId * commandPollId;
+    signal commandSaltSquared <== commandSalt * commandSalt;
 }

package/circom/utils/qv/StateLeafAndBallotTransformer.circom CHANGED Viewed

@@ -102,4 +102,9 @@ template StateLeafAndBallotTransformer() {
     isValid <== computedIsValid;
     isStateLeafIndexValid <== computedIsStateLeafIndexValid;
     isVoteOptionIndexValid <== computedIsVoteOptionIndexValid;
+    // Constrain commandPollId and commandSalt using dummy squares.
+    // This binds the proof to a specific poll and salt.
+    signal commandPollIdSquare <== commandPollId * commandPollId;
+    signal commandSaltSquared <== commandSalt * commandSalt;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@maci-protocol/circuits",
-  "version": "0.0.0-ci.9840a0f",
+  "version": "0.0.0-ci.991fa14",
   "private": false,
   "description": "zk-SNARK circuits for MACI",
   "main": "build/ts/index.js",
@@ -38,7 +38,8 @@
     "test:verifySignature": "pnpm run mocha-test ts/__tests__/VerifySignature.test.ts",
     "test:privateToPublicKey": "pnpm run mocha-test ts/__tests__/PrivateToPublicKey.test.ts",
     "test:calculateTotal": "pnpm run mocha-test ts/__tests__/CalculateTotal.test.ts",
-    "test:messageProcessor": "pnpm run mocha-test ts/__tests__/MessageProcessor.test.ts",
+    "test:messageProcessorFull": "pnpm run mocha-test ts/__tests__/MessageProcessorFull.test.ts",
+    "test:isOnCurve": "pnpm run mocha-test ts/__tests__/IsOnCurve.test.ts",
     "test:voteTally": "pnpm run mocha-test ts/__tests__/VoteTally.test.ts",
     "test:ceremonyParams": "pnpm run mocha-test ts/__tests__/CeremonyParams.test.ts",
     "test:incrementalQuinaryTree": "pnpm run mocha-test ts/__tests__/IncrementalQuinaryTree.test.ts",
@@ -46,10 +47,10 @@
     "test:pollJoined": "pnpm run mocha-test ts/__tests__/PollJoined.test.ts"
   },
   "dependencies": {
-    "@maci-protocol/core": "0.0.0-ci.9840a0f",
-    "@maci-protocol/crypto": "0.0.0-ci.9840a0f",
-    "@maci-protocol/domainobjs": "0.0.0-ci.9840a0f",
-    "@maci-protocol/sdk": "0.0.0-ci.9840a0f",
+    "@maci-protocol/core": "0.0.0-ci.991fa14",
+    "@maci-protocol/crypto": "0.0.0-ci.991fa14",
+    "@maci-protocol/domainobjs": "0.0.0-ci.991fa14",
+    "@maci-protocol/sdk": "0.0.0-ci.991fa14",
     "@zk-kit/circuits": "^0.4.0",
     "circomkit": "^0.3.4",
     "circomlib": "^2.0.5"
@@ -65,10 +66,10 @@
     "chai-as-promised": "^8.0.1",
     "fast-check": "^4.2.0",
     "glob": "^11.0.3",
-    "mocha": "^11.7.1",
+    "mocha": "^11.7.2",
     "ts-mocha": "^11.1.0",
     "ts-node": "^10.9.1",
     "typescript": "^5.9.2"
   },
-  "gitHead": "605fe3e96e009f3dc276ce6aad21d32c773628c9"
+  "gitHead": "5e5511f3d75a046c4c270d4de4669061a65ba7eb"
 }