@waku/rln 0.1.1 → 0.1.2-6454446

package/src/rln.ts

@@ -1,44 +1,32 @@
-import type { IRateLimitProof } from "@waku/interfaces";
-import init, * as zerokitRLN from "@waku/zerokit-rln-wasm";
-
-import { writeUIntLE } from "./byte_utils.js";
-import { dateToEpoch, epochIntToBytes } from "./epoch.js";
+import { createDecoder, createEncoder } from "@waku/core";
+import type {
+  ContentTopic,
+  IDecodedMessage,
+  EncoderOptions as WakuEncoderOptions
+} from "@waku/interfaces";
+import init from "@waku/zerokit-rln-wasm";
+import * as zerokitRLN from "@waku/zerokit-rln-wasm";
+import { ethers } from "ethers";
+
+import {
+  createRLNDecoder,
+  createRLNEncoder,
+  type RLNDecoder,
+  type RLNEncoder
+} from "./codec.js";
+import { RLNContract, SEPOLIA_CONTRACT } from "./contract/index.js";
+import { IdentityCredential } from "./identity.js";
+import { Keystore } from "./keystore/index.js";
+import type {
+  DecryptedCredentials,
+  EncryptedCredentials
+} from "./keystore/index.js";
+import { KeystoreEntity, Password } from "./keystore/types.js";
 import verificationKey from "./resources/verification_key.js";
-import * as wc from "./witness_calculator.js";
-import { WitnessCalculator } from "./witness_calculator.js";
-
-/**
- * Concatenate Uint8Arrays
- * @param input
- * @returns concatenation of all Uint8Array received as input
- */
-function concatenate(...input: Uint8Array[]): Uint8Array {
-  let totalLength = 0;
-  for (const arr of input) {
-    totalLength += arr.length;
-  }
-  const result = new Uint8Array(totalLength);
-  let offset = 0;
-  for (const arr of input) {
-    result.set(arr, offset);
-    offset += arr.length;
-  }
-  return result;
-}
-
-/**
- * Transforms Uint8Array into BigInt
- * @param array: Uint8Array
- * @returns BigInt
- */
-function buildBigIntFromUint8Array(array: Uint8Array): bigint {
-  const dataView = new DataView(array.buffer);
-  return dataView.getBigUint64(0, true);
-}
-
-const stringEncoder = new TextEncoder();
-
-const DEPTH = 20;
+import * as wc from "./resources/witness_calculator.js";
+import { WitnessCalculator } from "./resources/witness_calculator.js";
+import { extractMetaMaskSigner } from "./utils/index.js";
+import { Zerokit } from "./zerokit.js";
 
 async function loadWitnessCalculator(): Promise<WitnessCalculator> {
   const url = new URL("./resources/rln.wasm", import.meta.url);
@@ -57,280 +45,242 @@ async function loadZkey(): Promise<Uint8Array> {
  * @returns RLNInstance
  */
 export async function create(): Promise<RLNInstance> {
-  await init();
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  await (init as any)?.();
   zerokitRLN.init_panic_hook();
+
   const witnessCalculator = await loadWitnessCalculator();
   const zkey = await loadZkey();
+
+  const stringEncoder = new TextEncoder();
   const vkey = stringEncoder.encode(JSON.stringify(verificationKey));
+
+  const DEPTH = 20;
   const zkRLN = zerokitRLN.newRLN(DEPTH, zkey, vkey);
-  return new RLNInstance(zkRLN, witnessCalculator);
-}
+  const zerokit = new Zerokit(zkRLN, witnessCalculator);
 
-export class IdentityCredential {
-  constructor(
-    public readonly IDTrapdoor: Uint8Array,
-    public readonly IDNullifier: Uint8Array,
-    public readonly IDSecretHash: Uint8Array,
-    public readonly IDCommitment: Uint8Array,
-    public readonly IDCommitmentBigInt: bigint
-  ) {}
-
-  static fromBytes(memKeys: Uint8Array): IdentityCredential {
-    const idTrapdoor = memKeys.subarray(0, 32);
-    const idNullifier = memKeys.subarray(32, 64);
-    const idSecretHash = memKeys.subarray(64, 96);
-    const idCommitment = memKeys.subarray(96);
-    const idCommitmentBigInt = buildBigIntFromUint8Array(idCommitment);
-
-    return new IdentityCredential(
-      idTrapdoor,
-      idNullifier,
-      idSecretHash,
-      idCommitment,
-      idCommitmentBigInt
-    );
-  }
+  return new RLNInstance(zerokit);
 }
 
-const proofOffset = 128;
-const rootOffset = proofOffset + 32;
-const epochOffset = rootOffset + 32;
-const shareXOffset = epochOffset + 32;
-const shareYOffset = shareXOffset + 32;
-const nullifierOffset = shareYOffset + 32;
-const rlnIdentifierOffset = nullifierOffset + 32;
-
-export class ProofMetadata {
-  constructor(
-    public readonly nullifier: Uint8Array,
-    public readonly shareX: Uint8Array,
-    public readonly shareY: Uint8Array,
-    public readonly externalNullifier: Uint8Array
-  ) {}
-}
-export class Proof implements IRateLimitProof {
-  readonly proof: Uint8Array;
-  readonly merkleRoot: Uint8Array;
-  readonly epoch: Uint8Array;
-  readonly shareX: Uint8Array;
-  readonly shareY: Uint8Array;
-  readonly nullifier: Uint8Array;
-  readonly rlnIdentifier: Uint8Array;
-
-  constructor(proofBytes: Uint8Array) {
-    if (proofBytes.length < rlnIdentifierOffset) throw "invalid proof";
-    // parse the proof as proof<128> | share_y<32> | nullifier<32> | root<32> | epoch<32> | share_x<32> | rln_identifier<32>
-    this.proof = proofBytes.subarray(0, proofOffset);
-    this.merkleRoot = proofBytes.subarray(proofOffset, rootOffset);
-    this.epoch = proofBytes.subarray(rootOffset, epochOffset);
-    this.shareX = proofBytes.subarray(epochOffset, shareXOffset);
-    this.shareY = proofBytes.subarray(shareXOffset, shareYOffset);
-    this.nullifier = proofBytes.subarray(shareYOffset, nullifierOffset);
-    this.rlnIdentifier = proofBytes.subarray(
-      nullifierOffset,
-      rlnIdentifierOffset
-    );
-  }
+type StartRLNOptions = {
+  /**
+   * If not set - will extract MetaMask account and get signer from it.
+   */
+  signer?: ethers.Signer;
+  /**
+   * If not set - will use default SEPOLIA_CONTRACT address.
+   */
+  registryAddress?: string;
+  /**
+   * Credentials to use for generating proofs and connecting to the contract and network.
+   * If provided used for validating the network chainId and connecting to registry contract.
+   */
+  credentials?: EncryptedCredentials | DecryptedCredentials;
+};
+
+type RegisterMembershipOptions =
+  | { signature: string }
+  | { identity: IdentityCredential };
+
+type WakuRLNEncoderOptions = WakuEncoderOptions & {
+  credentials: EncryptedCredentials | DecryptedCredentials;
+};
 
-  extractMetadata(): ProofMetadata {
-    const externalNullifier = poseidonHash(this.epoch, this.rlnIdentifier);
-    return new ProofMetadata(
-      this.nullifier,
-      this.shareX,
-      this.shareY,
-      externalNullifier
-    );
-  }
-}
+export class RLNInstance {
+  private started = false;
+  private starting = false;
 
-export function proofToBytes(p: IRateLimitProof): Uint8Array {
-  return concatenate(
-    p.proof,
-    p.merkleRoot,
-    p.epoch,
-    p.shareX,
-    p.shareY,
-    p.nullifier,
-    p.rlnIdentifier
-  );
-}
+  private _contract: undefined | RLNContract;
+  private _signer: undefined | ethers.Signer;
 
-export function poseidonHash(...input: Array<Uint8Array>): Uint8Array {
-  const inputLen = writeUIntLE(new Uint8Array(8), input.length, 0, 8);
-  const lenPrefixedData = concatenate(inputLen, ...input);
-  return zerokitRLN.poseidonHash(lenPrefixedData);
-}
+  private keystore = Keystore.create();
+  private _credentials: undefined | DecryptedCredentials;
 
-export function sha256(input: Uint8Array): Uint8Array {
-  const inputLen = writeUIntLE(new Uint8Array(8), input.length, 0, 8);
-  const lenPrefixedData = concatenate(inputLen, input);
-  return zerokitRLN.hash(lenPrefixedData);
-}
+  constructor(public zerokit: Zerokit) {}
 
-export class RLNInstance {
-  constructor(
-    private zkRLN: number,
-    private witnessCalculator: WitnessCalculator
-  ) {}
-
-  generateIdentityCredentials(): IdentityCredential {
-    const memKeys = zerokitRLN.generateExtendedMembershipKey(this.zkRLN); // TODO: rename this function in zerokit rln-wasm
-    return IdentityCredential.fromBytes(memKeys);
+  public get contract(): undefined | RLNContract {
+    return this._contract;
   }
 
-  generateSeededIdentityCredential(seed: string): IdentityCredential {
-    const seedBytes = stringEncoder.encode(seed);
-    // TODO: rename this function in zerokit rln-wasm
-    const memKeys = zerokitRLN.generateSeededExtendedMembershipKey(
-      this.zkRLN,
-      seedBytes
-    );
-    return IdentityCredential.fromBytes(memKeys);
-  }
-
-  insertMember(idCommitment: Uint8Array): void {
-    zerokitRLN.insertMember(this.zkRLN, idCommitment);
+  public get signer(): undefined | ethers.Signer {
+    return this._signer;
   }
 
-  insertMembers(index: number, ...idCommitments: Array<Uint8Array>): void {
-    // serializes a seq of IDCommitments to a byte seq
-    // the order of serialization is |id_commitment_len<8>|id_commitment<var>|
-    const idCommitmentLen = writeUIntLE(
-      new Uint8Array(8),
-      idCommitments.length,
-      0,
-      8
-    );
-    const idCommitmentBytes = concatenate(idCommitmentLen, ...idCommitments);
-    zerokitRLN.setLeavesFrom(this.zkRLN, index, idCommitmentBytes);
-  }
+  public async start(options: StartRLNOptions = {}): Promise<void> {
+    if (this.started || this.starting) {
+      return;
+    }
 
-  deleteMember(index: number): void {
-    zerokitRLN.deleteLeaf(this.zkRLN, index);
+    this.starting = true;
+
+    try {
+      const { credentials, keystore } =
+        await RLNInstance.decryptCredentialsIfNeeded(options.credentials);
+      const { signer, registryAddress } = await this.determineStartOptions(
+        options,
+        credentials
+      );
+
+      if (keystore) {
+        this.keystore = keystore;
+      }
+
+      this._credentials = credentials;
+      this._signer = signer!;
+      this._contract = await RLNContract.init(this, {
+        registryAddress: registryAddress!,
+        signer: signer!
+      });
+      this.started = true;
+    } finally {
+      this.starting = false;
+    }
   }
 
-  getMerkleRoot(): Uint8Array {
-    return zerokitRLN.getRoot(this.zkRLN);
-  }
+  private async determineStartOptions(
+    options: StartRLNOptions,
+    credentials: KeystoreEntity | undefined
+  ): Promise<StartRLNOptions> {
+    let chainId = credentials?.membership.chainId;
+    const registryAddress =
+      credentials?.membership.address ||
+      options.registryAddress ||
+      SEPOLIA_CONTRACT.address;
+
+    if (registryAddress === SEPOLIA_CONTRACT.address) {
+      chainId = SEPOLIA_CONTRACT.chainId;
+    }
 
-  serializeMessage(
-    uint8Msg: Uint8Array,
-    memIndex: number,
-    epoch: Uint8Array,
-    idKey: Uint8Array
-  ): Uint8Array {
-    // calculate message length
-    const msgLen = writeUIntLE(new Uint8Array(8), uint8Msg.length, 0, 8);
+    const signer = options.signer || (await extractMetaMaskSigner());
+    const currentChainId = await signer.getChainId();
 
-    // Converting index to LE bytes
-    const memIndexBytes = writeUIntLE(new Uint8Array(8), memIndex, 0, 8);
+    if (chainId && chainId !== currentChainId) {
+      throw Error(
+        `Failed to start RLN contract, chain ID of contract is different from current one: contract-${chainId}, current network-${currentChainId}`
+      );
+    }
 
-    // [ id_key<32> | id_index<8> | epoch<32> | signal_len<8> | signal<var> ]
-    return concatenate(idKey, memIndexBytes, epoch, msgLen, uint8Msg);
+    return {
+      signer,
+      registryAddress
+    };
   }
 
-  async generateRLNProof(
-    msg: Uint8Array,
-    index: number,
-    epoch: Uint8Array | Date | undefined,
-    idSecretHash: Uint8Array
-  ): Promise<IRateLimitProof> {
-    if (epoch == undefined) {
-      epoch = epochIntToBytes(dateToEpoch(new Date()));
-    } else if (epoch instanceof Date) {
-      epoch = epochIntToBytes(dateToEpoch(epoch));
+  private static async decryptCredentialsIfNeeded(
+    credentials?: EncryptedCredentials | DecryptedCredentials
+  ): Promise<{ credentials?: DecryptedCredentials; keystore?: Keystore }> {
+    if (!credentials) {
+      return {};
     }
 
-    if (epoch.length != 32) throw "invalid epoch";
-    if (idSecretHash.length != 32) throw "invalid id secret hash";
-    if (index < 0) throw "index must be >= 0";
+    if ("identity" in credentials) {
+      return { credentials };
+    }
 
-    const serialized_msg = this.serializeMessage(
-      msg,
-      index,
-      epoch,
-      idSecretHash
-    );
-    const rlnWitness = zerokitRLN.getSerializedRLNWitness(
-      this.zkRLN,
-      serialized_msg
-    );
-    const inputs = zerokitRLN.RLNWitnessToJson(this.zkRLN, rlnWitness);
-    const calculatedWitness = await this.witnessCalculator.calculateWitness(
-      inputs,
-      false
-    ); // no sanity check being used in zerokit
-
-    const proofBytes = zerokitRLN.generate_rln_proof_with_witness(
-      this.zkRLN,
-      calculatedWitness,
-      rlnWitness
+    const keystore = Keystore.fromString(credentials.keystore);
+
+    if (!keystore) {
+      return {};
+    }
+
+    const decryptedCredentials = await keystore.readCredential(
+      credentials.id,
+      credentials.password
     );
 
-    return new Proof(proofBytes);
+    return {
+      keystore,
+      credentials: decryptedCredentials
+    };
   }
 
-  verifyRLNProof(
-    proof: IRateLimitProof | Uint8Array,
-    msg: Uint8Array
-  ): boolean {
-    let pBytes: Uint8Array;
-    if (proof instanceof Uint8Array) {
-      pBytes = proof;
-    } else {
-      pBytes = proofToBytes(proof);
+  public async registerMembership(
+    options: RegisterMembershipOptions
+  ): Promise<undefined | DecryptedCredentials> {
+    if (!this.contract) {
+      throw Error("RLN Contract is not initialized.");
     }
 
-    // calculate message length
-    const msgLen = writeUIntLE(new Uint8Array(8), msg.length, 0, 8);
+    let identity = "identity" in options && options.identity;
 
-    return zerokitRLN.verifyRLNProof(
-      this.zkRLN,
-      concatenate(pBytes, msgLen, msg)
-    );
+    if ("signature" in options) {
+      identity = this.zerokit.generateSeededIdentityCredential(
+        options.signature
+      );
+    }
+
+    if (!identity) {
+      throw Error("Missing signature or identity to register membership.");
+    }
+
+    return this.contract.registerWithIdentity(identity);
+  }
+
+  /**
+   * Changes credentials in use by relying on provided Keystore earlier in rln.start
+   * @param id: string, hash of credentials to select from Keystore
+   * @param password: string or bytes to use to decrypt credentials from Keystore
+   */
+  public async useCredentials(id: string, password: Password): Promise<void> {
+    this._credentials = await this.keystore?.readCredential(id, password);
   }
 
-  verifyWithRoots(
-    proof: IRateLimitProof | Uint8Array,
-    msg: Uint8Array,
-    ...roots: Array<Uint8Array>
-  ): boolean {
-    let pBytes: Uint8Array;
-    if (proof instanceof Uint8Array) {
-      pBytes = proof;
-    } else {
-      pBytes = proofToBytes(proof);
+  public async createEncoder(
+    options: WakuRLNEncoderOptions
+  ): Promise<RLNEncoder> {
+    const { credentials: decryptedCredentials } =
+      await RLNInstance.decryptCredentialsIfNeeded(options.credentials);
+    const credentials = decryptedCredentials || this._credentials;
+
+    if (!credentials) {
+      throw Error(
+        "Failed to create Encoder: missing RLN credentials. Use createRLNEncoder directly."
+      );
     }
-    // calculate message length
-    const msgLen = writeUIntLE(new Uint8Array(8), msg.length, 0, 8);
 
-    const rootsBytes = concatenate(...roots);
+    await this.verifyCredentialsAgainstContract(credentials);
 
-    return zerokitRLN.verifyWithRoots(
-      this.zkRLN,
-      concatenate(pBytes, msgLen, msg),
-      rootsBytes
-    );
+    return createRLNEncoder({
+      encoder: createEncoder(options),
+      rlnInstance: this,
+      index: credentials.membership.treeIndex,
+      credential: credentials.identity
+    });
   }
 
-  verifyWithNoRoot(
-    proof: IRateLimitProof | Uint8Array,
-    msg: Uint8Array
-  ): boolean {
-    let pBytes: Uint8Array;
-    if (proof instanceof Uint8Array) {
-      pBytes = proof;
-    } else {
-      pBytes = proofToBytes(proof);
+  private async verifyCredentialsAgainstContract(
+    credentials: KeystoreEntity
+  ): Promise<void> {
+    if (!this._contract) {
+      throw Error(
+        "Failed to verify chain coordinates: no contract initialized."
+      );
     }
 
-    // calculate message length
-    const msgLen = writeUIntLE(new Uint8Array(8), msg.length, 0, 8);
+    const registryAddress = credentials.membership.address;
+    const currentRegistryAddress = this._contract.registry.address;
+    if (registryAddress !== currentRegistryAddress) {
+      throw Error(
+        `Failed to verify chain coordinates: credentials contract address=${registryAddress} is not equal to registryContract address=${currentRegistryAddress}`
+      );
+    }
 
-    return zerokitRLN.verifyWithRoots(
-      this.zkRLN,
-      concatenate(pBytes, msgLen, msg),
-      new Uint8Array()
-    );
+    const chainId = credentials.membership.chainId;
+    const network = await this._contract.registry.provider.getNetwork();
+    const currentChainId = network.chainId;
+    if (chainId !== currentChainId) {
+      throw Error(
+        `Failed to verify chain coordinates: credentials chainID=${chainId} is not equal to registryContract chainID=${currentChainId}`
+      );
+    }
+  }
+
+  public createDecoder(
+    contentTopic: ContentTopic
+  ): RLNDecoder<IDecodedMessage> {
+    return createRLNDecoder({
+      rlnInstance: this,
+      decoder: createDecoder(contentTopic)
+    });
   }
 }

package/src/root_tracker.ts

@@ -1,5 +1,8 @@
 class RootPerBlock {
-  constructor(public root: Uint8Array, public blockNumber: number) {}
+  constructor(
+    public root: Uint8Array,
+    public blockNumber: number
+  ) {}
 }
 
 const maxBufferSize = 20;