npm - @maci-protocol/circuits - Versions diffs - 0.0.0-ci.d0dddbc → 0.0.0-ci.d231815 - Mend

@maci-protocol/circuits 0.0.0-ci.d0dddbc → 0.0.0-ci.d231815

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/circom/utils/EdDSAPoseidonVerifier.circom CHANGED Viewed

@@ -9,6 +9,7 @@ include "./escalarmulany.circom";
 include "./escalarmulfix.circom";
 // local imports
 include "./PoseidonHasher.circom";
+include "./IsOnCurve.circom";
 /**
  * Variant of the EdDSAPoseidonVerifier template from circomlib
@@ -37,9 +38,13 @@ template EdDSAPoseidonVerifier() {
     // Output signal for the validity of the signature.
     signal output isValid;
+    // Verify the public key and signature point are on the BabyJubJub curve.
+    var computedIsPkOnCurve = IsOnCurve()(publicKeyX, publicKeyY);
+    var computedIsSpOnCurve = IsOnCurve()(signaturePointX, signaturePointY);
     // Ensure signatureScalar<Subgroup Order.
     // convert the signature scalar signatureScalar into its binary representation.
-    var computedNum2Bits[254] = Num2Bits(254)(signatureScalar);
+    var computedNum2Bits[254] = Num2Bits_strict()(signatureScalar);
     var computedCompConstantIn[254] = computedNum2Bits;
     computedCompConstantIn[253] = 0;
@@ -82,10 +87,10 @@ template EdDSAPoseidonVerifier() {
     // Components to handle edge cases and ensure that all conditions
     // for a valid signature are met, including the
     // public key not being zero and other integrity checks.
-    var computedIsAxZero = IsZero()(publicKeyX);
+    var computedIsAxZero = IsZero()(computedDouble3XOut);
     var computedIsAxEqual = IsEqual()([computedIsAxZero, 0]);
     var computedIsCcZero = IsZero()(computedCompConstant);
-    var computedIsValid = IsEqual()([computedIsLeftRightValid + computedIsAxEqual + computedIsCcZero, 3]);
+    var computedIsValid = IsEqual()([computedIsLeftRightValid + computedIsAxEqual + computedIsCcZero + computedIsPkOnCurve + computedIsSpOnCurve, 5]);
     isValid <== computedIsValid;
 }

package/circom/utils/IsOnCurve.circom ADDED Viewed

@@ -0,0 +1,40 @@
+pragma circom 2.0.0;
+// zk-kit imports
+include "./comparators.circom";
+/**
+ * Returns 0 or 1 depending on if the point is on the BabyJubJub curve or not. The point is on the
+ * BabyJubJub curve if the following equation is true: a*x^2 + y^2 == 1 + d*x^2*y^2
+ * This template is identical to the BabyCheck template from circomlib, but it returns 0 or 1
+ * instead of having a hard constraint.
+ * Based on: https://github.com/iden3/circomlib/blob/master/circuits/babyjub.circom
+ */
+template IsOnCurve() {
+    // x coordinate of the point on the BabyJubJub curve.
+    signal input x;
+    // y coordinate of the point on the BabyJubJub curve.
+    signal input y;
+    // True when the point (x, y) satisfies the BabyJubJub curve equation.
+    signal output isValid;
+    // x^2 and y^2 intermediate values.
+    signal x2;
+    signal y2;
+    // x^2 * y^2 intermediate value.
+    signal x2y2;
+    // BabyJubJub curve parameters.
+    var a = 168700;
+    var d = 168696;
+    // Compute x^2 and y^2.
+    x2 <== x * x;
+    y2 <== y * y;
+    // Compute x^2 * y^2.
+    x2y2 <== x2 * y2;
+    // Check if a*x^2 + y^2 == 1 + d*x^2*y^2.
+    isValid <== IsEqual()([a * x2 + y2, 1 + d * x2y2]);
+}

package/circom/utils/full/StateLeafAndBallotTransformer.circom CHANGED Viewed

@@ -119,4 +119,9 @@ template StateLeafAndBallotTransformerFull() {
     isValid <== computedIsValid;
     isStateLeafIndexValid <== computedIsStateLeafIndexValid;
     isVoteOptionIndexValid <== computedIsVoteOptionIndexValid;
+    // Constrain commandPollId and commandSalt using dummy squares.
+    // This binds the proof to a specific poll and salt.
+    signal commandPollIdSquare <== commandPollId * commandPollId;
+    signal commandSaltSquared <== commandSalt * commandSalt;
 }

package/circom/utils/non-qv/StateLeafAndBallotTransformer.circom CHANGED Viewed

@@ -102,4 +102,9 @@ template StateLeafAndBallotTransformerNonQv() {
     isValid <== computedIsValid;
     isStateLeafIndexValid <== computedIsStateLeafIndexValid;
     isVoteOptionIndexValid <== computedIsVoteOptionIndexValid;
+    // Constrain commandPollId and commandSalt using dummy squares.
+    // This binds the proof to a specific poll and salt.
+    signal commandPollIdSquare <== commandPollId * commandPollId;
+    signal commandSaltSquared <== commandSalt * commandSalt;
 }

package/circom/utils/qv/StateLeafAndBallotTransformer.circom CHANGED Viewed

@@ -102,4 +102,9 @@ template StateLeafAndBallotTransformer() {
     isValid <== computedIsValid;
     isStateLeafIndexValid <== computedIsStateLeafIndexValid;
     isVoteOptionIndexValid <== computedIsVoteOptionIndexValid;
+    // Constrain commandPollId and commandSalt using dummy squares.
+    // This binds the proof to a specific poll and salt.
+    signal commandPollIdSquare <== commandPollId * commandPollId;
+    signal commandSaltSquared <== commandSalt * commandSalt;
 }

package/circom/utils/trees/BinaryMerkleRoot.circom CHANGED Viewed

@@ -25,14 +25,17 @@ template BinaryMerkleRoot(MAX_DEPTH) {
     signal input leaf;
     // The depth of the Merkle tree.
     signal input depth;
-    // The indices of the leaf node in the Merkle tree.
-    signal input indices[MAX_DEPTH];
+    // The index of the leaf node in the Merkle tree.
+    signal input index;
     // The sibling nodes of the leaf node in the Merkle tree.
     signal input siblings[MAX_DEPTH][1];
     // The output of the Merkle tree root.
     signal output out;
+    // The indices of the leaf node in the Merkle tree.
+    signal indices[MAX_DEPTH] <== Num2Bits(MAX_DEPTH)(index);
     signal nodes[MAX_DEPTH + 1];
     nodes[0] <== leaf;

package/circom/voter/PollJoined.circom CHANGED Viewed

@@ -19,8 +19,8 @@ template PollJoined(stateTreeDepth) {
     signal input voiceCreditsBalance;
     // Path elements
     signal input pathElements[stateTreeDepth][STATE_TREE_ARITY - 1];
-    // Path indices
-    signal input pathIndices[stateTreeDepth];
+    // Index
+    signal input index;
     // Poll State tree root which proves the user is joined
     signal input stateRoot;
     // The actual tree depth (might be <= stateTreeDepth) Used in BinaryMerkleRoot
@@ -35,7 +35,7 @@ template PollJoined(stateTreeDepth) {
     var calculatedRoot = BinaryMerkleRoot(stateTreeDepth)(
         stateLeaf,
         actualStateTreeDepth,
-        pathIndices,
+        index,
         pathElements
     );

package/circom/voter/PollJoining.circom CHANGED Viewed

@@ -18,8 +18,8 @@ template PollJoining(stateTreeDepth) {
     signal input pollPublicKey[2];
     // Siblings
     signal input siblings[stateTreeDepth][STATE_TREE_ARITY - 1];
-    // Indices
-    signal input indices[stateTreeDepth];
+    // Index
+    signal input index;
     // User's hashed private key
     signal input nullifier;
     // MACI State tree root which proves the user is signed up
@@ -46,7 +46,7 @@ template PollJoining(stateTreeDepth) {
     var calculatedRoot = BinaryMerkleRoot(stateTreeDepth)(
         publicKeyHash,
         actualStateTreeDepth,
-        indices,
+        index,
         siblings
     );

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@maci-protocol/circuits",
-  "version": "0.0.0-ci.d0dddbc",
+  "version": "0.0.0-ci.d231815",
   "private": false,
   "description": "zk-SNARK circuits for MACI",
   "main": "build/ts/index.js",
@@ -38,7 +38,8 @@
     "test:verifySignature": "pnpm run mocha-test ts/__tests__/VerifySignature.test.ts",
     "test:privateToPublicKey": "pnpm run mocha-test ts/__tests__/PrivateToPublicKey.test.ts",
     "test:calculateTotal": "pnpm run mocha-test ts/__tests__/CalculateTotal.test.ts",
-    "test:messageProcessor": "pnpm run mocha-test ts/__tests__/MessageProcessor.test.ts",
+    "test:messageProcessorFull": "pnpm run mocha-test ts/__tests__/MessageProcessorFull.test.ts",
+    "test:isOnCurve": "pnpm run mocha-test ts/__tests__/IsOnCurve.test.ts",
     "test:voteTally": "pnpm run mocha-test ts/__tests__/VoteTally.test.ts",
     "test:ceremonyParams": "pnpm run mocha-test ts/__tests__/CeremonyParams.test.ts",
     "test:incrementalQuinaryTree": "pnpm run mocha-test ts/__tests__/IncrementalQuinaryTree.test.ts",
@@ -46,29 +47,29 @@
     "test:pollJoined": "pnpm run mocha-test ts/__tests__/PollJoined.test.ts"
   },
   "dependencies": {
-    "@maci-protocol/core": "0.0.0-ci.d0dddbc",
-    "@maci-protocol/crypto": "0.0.0-ci.d0dddbc",
-    "@maci-protocol/domainobjs": "0.0.0-ci.d0dddbc",
-    "@maci-protocol/sdk": "0.0.0-ci.d0dddbc",
+    "@maci-protocol/core": "0.0.0-ci.d231815",
+    "@maci-protocol/crypto": "0.0.0-ci.d231815",
+    "@maci-protocol/domainobjs": "0.0.0-ci.d231815",
+    "@maci-protocol/sdk": "0.0.0-ci.d231815",
     "@zk-kit/circuits": "^0.4.0",
-    "circomkit": "^0.3.3",
+    "circomkit": "^0.3.4",
     "circomlib": "^2.0.5"
   },
   "devDependencies": {
     "@types/chai": "^4.3.11",
-    "@types/chai-as-promised": "^7.1.8",
+    "@types/chai-as-promised": "^8.0.2",
     "@types/mocha": "^10.0.10",
-    "@types/node": "^24.0.1",
+    "@types/node": "^24.11.0",
     "@types/snarkjs": "^0.7.9",
     "@zk-kit/baby-jubjub": "^1.0.3",
     "chai": "^4.3.10",
-    "chai-as-promised": "^7.1.2",
-    "fast-check": "^4.1.1",
-    "glob": "^11.0.3",
-    "mocha": "^11.6.0",
+    "chai-as-promised": "^8.0.1",
+    "fast-check": "^4.2.0",
+    "glob": "^12.0.0",
+    "mocha": "^11.7.2",
     "ts-mocha": "^11.1.0",
     "ts-node": "^10.9.1",
-    "typescript": "^5.8.3"
+    "typescript": "^5.9.2"
   },
-  "gitHead": "f41939d7f430a8b5c9b3729d6d12ca15d94cf181"
+  "gitHead": "271bc779ccbd8510ae0fcbc43063aacffe39d4d9"
 }

package/circom/utils/trees/MerklePathIndicesGenerator.circom DELETED Viewed

@@ -1,44 +0,0 @@
-pragma circom 2.0.0;
-// zk-kit imports
-include "./safe-comparators.circom";
-// local import
-include "../CalculateTotal.circom";
-/**
- * Calculates the path indices required for Merkle proof verifications.
- * Given a node index within an IMT and the total tree levels, it outputs the path indices leading to that node.
- * The template handles the modulo and division operations to break down the tree index into its constituent path indices.
- */
-template MerklePathIndicesGenerator(levels) {
-    // The base used for the modulo and division operations, set to 2 for binary trees.
-    var BASE = 2;
-    // The total sum of the path indices.
-    signal input indices;
-    // The generated path indices.
-    signal output out[levels];
-    var computedIndices = indices;
-    var computedResults[levels];
-    for (var i = 0; i < levels; i++) {
-        // circom's best practices suggests to avoid using <-- unless you
-        // are aware of what's going on. This is the only way to do modulo operation.
-        out[i] <-- computedIndices % BASE;
-        computedIndices = computedIndices \ BASE;
-        // Check that each output element is less than the base.
-        var computedIsOutputElementLessThanBase = SafeLessThan(3)([out[i], BASE]);
-        computedIsOutputElementLessThanBase === 1;
-        // Re-compute the total sum.
-        computedResults[i] = out[i] * (BASE ** i);
-    }
-    // Check that the total sum matches the index.
-    var computedCalculateTotal = CalculateTotal(levels)(computedResults);
-    computedCalculateTotal === indices;
-}