@waku/rln 0.1.5-76f86de.0 → 0.1.5-cad3e7a.0

package/src/contract/test-utils.ts

@@ -130,7 +130,7 @@ export function createRegisterStub(
             event: "MembershipRegistered",
             args: {
               idCommitment: formatIdCommitment(identity.IDCommitmentBigInt),
-              rateLimit: DEFAULT_RATE_LIMIT,
+              membershipRateLimit: ethers.BigNumber.from(DEFAULT_RATE_LIMIT),
               index: ethers.BigNumber.from(1)
             }
           }

package/src/identity.ts

@@ -28,4 +28,14 @@ export class IdentityCredential {
       idCommitmentBigInt
     );
   }
+
+  public toJSON(): [number[], number[], number[], number[], string] {
+    return [
+      Array.from(this.IDTrapdoor),
+      Array.from(this.IDNullifier),
+      Array.from(this.IDSecretHash),
+      Array.from(this.IDCommitment),
+      this.IDCommitmentBigInt.toString()
+    ];
+  }
 }

package/src/index.ts

@@ -1,15 +1,19 @@
 import { RLNDecoder, RLNEncoder } from "./codec.js";
 import { RLN_ABI } from "./contract/abi.js";
 import { LINEA_CONTRACT, RLNContract } from "./contract/index.js";
+import { RLNLightContract } from "./contract/rln_light_contract.js";
 import { createRLN } from "./create.js";
 import { IdentityCredential } from "./identity.js";
 import { Keystore } from "./keystore/index.js";
 import { Proof } from "./proof.js";
 import { RLNInstance } from "./rln.js";
+import { RLNLightInstance } from "./rln_light.js";
 import { MerkleRootTracker } from "./root_tracker.js";
 import { extractMetaMaskSigner } from "./utils/index.js";
 
 export {
+  RLNLightInstance,
+  RLNLightContract,
   createRLN,
   Keystore,
   RLNInstance,

package/src/keystore/keystore.ts

@@ -14,6 +14,7 @@ import {
 import _ from "lodash";
 import { v4 as uuidV4 } from "uuid";
 
+import { IdentityCredential } from "../identity.js";
 import { buildBigIntFromUint8Array } from "../utils/bytes.js";
 
 import { decryptEipKeystore, keccak256Checksum } from "./cipher.js";
@@ -250,27 +251,27 @@ export class Keystore {
       const str = bytesToUtf8(bytes);
       const obj = JSON.parse(str);
 
-      // TODO: add runtime validation of nwaku credentials
+      // Get identity arrays
+      const [idTrapdoor, idNullifier, idSecretHash, idCommitment] = _.get(
+        obj,
+        "identityCredential",
+        []
+      );
+
+      const idTrapdoorArray = new Uint8Array(idTrapdoor || []);
+      const idNullifierArray = new Uint8Array(idNullifier || []);
+      const idSecretHashArray = new Uint8Array(idSecretHash || []);
+      const idCommitmentArray = new Uint8Array(idCommitment || []);
+      const idCommitmentBigInt = buildBigIntFromUint8Array(idCommitmentArray);
+
       return {
-        identity: {
-          IDCommitment: Keystore.fromArraylikeToBytes(
-            _.get(obj, "identityCredential.idCommitment", [])
-          ),
-          IDTrapdoor: Keystore.fromArraylikeToBytes(
-            _.get(obj, "identityCredential.idTrapdoor", [])
-          ),
-          IDNullifier: Keystore.fromArraylikeToBytes(
-            _.get(obj, "identityCredential.idNullifier", [])
-          ),
-          IDCommitmentBigInt: buildBigIntFromUint8Array(
-            Keystore.fromArraylikeToBytes(
-              _.get(obj, "identityCredential.idCommitment", [])
-            )
-          ),
-          IDSecretHash: Keystore.fromArraylikeToBytes(
-            _.get(obj, "identityCredential.idSecretHash", [])
-          )
-        },
+        identity: new IdentityCredential(
+          idTrapdoorArray,
+          idNullifierArray,
+          idSecretHashArray,
+          idCommitmentArray,
+          idCommitmentBigInt
+        ),
         membership: {
           treeIndex: _.get(obj, "treeIndex"),
           chainId: _.get(obj, "membershipContract.chainId"),
@@ -284,23 +285,6 @@ export class Keystore {
     }
   }
 
-  private static fromArraylikeToBytes(obj: {
-    [key: number]: number;
-  }): Uint8Array {
-    const bytes = [];
-
-    let index = 0;
-    let lastElement = obj[index];
-
-    while (lastElement !== undefined) {
-      bytes.push(lastElement);
-      index += 1;
-      lastElement = obj[index];
-    }
-
-    return new Uint8Array(bytes);
-  }
-
   // follows nwaku implementation
   // https://github.com/waku-org/nwaku/blob/f05528d4be3d3c876a8b07f9bb7dfaae8aa8ec6e/waku/waku_keystore/protocol_types.nim#L111
   private static computeMembershipHash(info: MembershipInfo): MembershipHash {
@@ -315,12 +299,12 @@ export class Keystore {
     return utf8ToBytes(
       JSON.stringify({
         treeIndex: options.membership.treeIndex,
-        identityCredential: {
-          idCommitment: options.identity.IDCommitment,
-          idNullifier: options.identity.IDNullifier,
-          idSecretHash: options.identity.IDSecretHash,
-          idTrapdoor: options.identity.IDTrapdoor
-        },
+        identityCredential: [
+          Array.from(options.identity.IDTrapdoor),
+          Array.from(options.identity.IDNullifier),
+          Array.from(options.identity.IDSecretHash),
+          Array.from(options.identity.IDCommitment)
+        ],
         membershipContract: {
           chainId: options.membership.chainId,
           address: options.membership.address

package/src/keystore/types.ts

@@ -8,9 +8,9 @@ export type Password = string | Uint8Array;
 // see reference
 // https://github.com/waku-org/nwaku/blob/f05528d4be3d3c876a8b07f9bb7dfaae8aa8ec6e/waku/waku_keystore/protocol_types.nim#L111
 export type MembershipInfo = {
-  chainId: number;
+  chainId: string;
   address: string;
-  treeIndex: number;
+  treeIndex: `0x${string}`; // hexadecimal string
   rateLimit: number;
 };
 

package/src/rln.ts

@@ -160,7 +160,7 @@ export class RLNInstance {
     try {
       const { credentials, keystore } =
         await RLNInstance.decryptCredentialsIfNeeded(options.credentials);
-      const { signer, address } = await this.determineStartOptions(
+      const { signer, address, rateLimit } = await this.determineStartOptions(
         options,
         credentials
       );
@@ -174,7 +174,7 @@ export class RLNInstance {
       this._contract = await RLNContract.init(this, {
         address: address!,
         signer: signer!,
-        rateLimit: options.rateLimit ?? this.zerokit.getRateLimit
+        rateLimit: rateLimit ?? this.zerokit.getRateLimit
       });
       this.started = true;
     } finally {
@@ -197,7 +197,7 @@ export class RLNInstance {
     }
 
     const signer = options.signer || (await extractMetaMaskSigner());
-    const currentChainId = await signer.getChainId();
+    const currentChainId = (await signer.getChainId()).toString();
 
     if (chainId && chainId !== currentChainId) {
       throw Error(
@@ -288,7 +288,7 @@ export class RLNInstance {
     return createRLNEncoder({
       encoder: createEncoder(options),
       rlnInstance: this,
-      index: credentials.membership.treeIndex,
+      index: parseInt(credentials.membership.treeIndex),
       credential: credentials.identity
     });
   }
@@ -312,7 +312,7 @@ export class RLNInstance {
 
     const chainId = credentials.membership.chainId;
     const network = await this._contract.provider.getNetwork();
-    const currentChainId = network.chainId;
+    const currentChainId = network.chainId.toString();
     if (chainId !== currentChainId) {
       throw Error(
         `Failed to verify chain coordinates: credentials chainID=${chainId} is not equal to registryContract chainID=${currentChainId}`

package/src/rln_light.ts

@@ -0,0 +1,235 @@
+import { hmac } from "@noble/hashes/hmac";
+import { sha256 } from "@noble/hashes/sha256";
+import { Logger } from "@waku/utils";
+import { ethers } from "ethers";
+
+import { LINEA_CONTRACT } from "./contract/constants.js";
+import { RLNLightContract } from "./contract/rln_light_contract.js";
+import { IdentityCredential } from "./identity.js";
+import { Keystore } from "./keystore/index.js";
+import type {
+  DecryptedCredentials,
+  EncryptedCredentials
+} from "./keystore/index.js";
+import { KeystoreEntity, Password } from "./keystore/types.js";
+import {
+  buildBigIntFromUint8Array,
+  extractMetaMaskSigner
+} from "./utils/index.js";
+
+const log = new Logger("waku:rln");
+
+/**
+ * Create an instance of RLN
+ * @returns RLNInstance
+ */
+export async function create(): Promise<RLNLightInstance> {
+  try {
+    return new RLNLightInstance();
+  } catch (error) {
+    log.error("Failed to initialize RLN:", error);
+    throw error;
+  }
+}
+
+type StartRLNOptions = {
+  /**
+   * If not set - will extract MetaMask account and get signer from it.
+   */
+  signer?: ethers.Signer;
+  /**
+   * If not set - will use default SEPOLIA_CONTRACT address.
+   */
+  address?: string;
+  /**
+   * Credentials to use for generating proofs and connecting to the contract and network.
+   * If provided used for validating the network chainId and connecting to registry contract.
+   */
+  credentials?: EncryptedCredentials | DecryptedCredentials;
+  /**
+   * Rate limit for the member.
+   */
+  rateLimit?: number;
+};
+
+type RegisterMembershipOptions =
+  | { signature: string }
+  | { identity: IdentityCredential };
+
+export class RLNLightInstance {
+  private started = false;
+  private starting = false;
+
+  private _contract: undefined | RLNLightContract;
+  private _signer: undefined | ethers.Signer;
+
+  private keystore = Keystore.create();
+  private _credentials: undefined | DecryptedCredentials;
+
+  public constructor() {}
+
+  public get contract(): undefined | RLNLightContract {
+    return this._contract;
+  }
+
+  public get signer(): undefined | ethers.Signer {
+    return this._signer;
+  }
+
+  public async start(options: StartRLNOptions = {}): Promise<void> {
+    if (this.started || this.starting) {
+      return;
+    }
+
+    this.starting = true;
+
+    try {
+      const { credentials, keystore } =
+        await RLNLightInstance.decryptCredentialsIfNeeded(options.credentials);
+      const { signer, address, rateLimit } = await this.determineStartOptions(
+        options,
+        credentials
+      );
+
+      if (keystore) {
+        this.keystore = keystore;
+      }
+
+      this._credentials = credentials;
+      this._signer = signer!;
+      this._contract = await RLNLightContract.init({
+        address: address!,
+        signer: signer!,
+        rateLimit: rateLimit
+      });
+      this.started = true;
+    } finally {
+      this.starting = false;
+    }
+  }
+
+  public get credentials(): DecryptedCredentials | undefined {
+    return this._credentials;
+  }
+
+  private async determineStartOptions(
+    options: StartRLNOptions,
+    credentials: KeystoreEntity | undefined
+  ): Promise<StartRLNOptions> {
+    let chainId = credentials?.membership.chainId;
+    const address =
+      credentials?.membership.address ||
+      options.address ||
+      LINEA_CONTRACT.address;
+
+    if (address === LINEA_CONTRACT.address) {
+      chainId = LINEA_CONTRACT.chainId;
+    }
+
+    const signer = options.signer || (await extractMetaMaskSigner());
+    const currentChainId = (await signer.getChainId()).toString();
+
+    if (chainId && chainId !== currentChainId) {
+      throw Error(
+        `Failed to start RLN contract, chain ID of contract is different from current one: contract-${chainId}, current network-${currentChainId}`
+      );
+    }
+
+    return {
+      signer,
+      address
+    };
+  }
+
+  private static async decryptCredentialsIfNeeded(
+    credentials?: EncryptedCredentials | DecryptedCredentials
+  ): Promise<{ credentials?: DecryptedCredentials; keystore?: Keystore }> {
+    if (!credentials) {
+      return {};
+    }
+
+    if ("identity" in credentials) {
+      return { credentials };
+    }
+
+    const keystore = Keystore.fromString(credentials.keystore);
+
+    if (!keystore) {
+      return {};
+    }
+
+    const decryptedCredentials = await keystore.readCredential(
+      credentials.id,
+      credentials.password
+    );
+
+    return {
+      keystore,
+      credentials: decryptedCredentials
+    };
+  }
+
+  /**
+   * Generates an identity credential from a seed string
+   * This is a pure implementation that doesn't rely on Zerokit
+   * @param seed A string seed to generate the identity from
+   * @returns IdentityCredential
+   */
+  private generateSeededIdentityCredential(seed: string): IdentityCredential {
+    // Convert the seed to bytes
+    const encoder = new TextEncoder();
+    const seedBytes = encoder.encode(seed);
+
+    // Generate deterministic values using HMAC-SHA256
+    // We use different context strings for each component to ensure they're different
+    const idTrapdoor = hmac(sha256, seedBytes, encoder.encode("IDTrapdoor"));
+    const idNullifier = hmac(sha256, seedBytes, encoder.encode("IDNullifier"));
+
+    // Generate IDSecretHash as a hash of IDTrapdoor and IDNullifier
+    const combinedBytes = new Uint8Array([...idTrapdoor, ...idNullifier]);
+    const idSecretHash = sha256(combinedBytes);
+
+    // Generate IDCommitment as a hash of IDSecretHash
+    const idCommitment = sha256(idSecretHash);
+
+    // Convert IDCommitment to BigInt
+    const idCommitmentBigInt = buildBigIntFromUint8Array(idCommitment);
+
+    return new IdentityCredential(
+      idTrapdoor,
+      idNullifier,
+      idSecretHash,
+      idCommitment,
+      idCommitmentBigInt
+    );
+  }
+
+  public async registerMembership(
+    options: RegisterMembershipOptions
+  ): Promise<undefined | DecryptedCredentials> {
+    if (!this.contract) {
+      throw Error("RLN Contract is not initialized.");
+    }
+
+    let identity = "identity" in options && options.identity;
+
+    if ("signature" in options) {
+      identity = this.generateSeededIdentityCredential(options.signature);
+    }
+
+    if (!identity) {
+      throw Error("Missing signature or identity to register membership.");
+    }
+
+    return this.contract.registerWithIdentity(identity);
+  }
+
+  /**
+   * Changes credentials in use by relying on provided Keystore earlier in rln.start
+   * @param id: string, hash of credentials to select from Keystore
+   * @param password: string or bytes to use to decrypt credentials from Keystore
+   */
+  public async useCredentials(id: string, password: Password): Promise<void> {
+    this._credentials = await this.keystore?.readCredential(id, password);
+  }
+}