@waku/rln 0.1.5-f39d215.0 → 0.1.5-f6b9809.0

package/src/contract/types.ts

@@ -0,0 +1,53 @@
+import { ethers } from "ethers";
+
+export interface CustomQueryOptions extends FetchMembersOptions {
+  membersFilter: ethers.EventFilter;
+}
+
+export type Member = {
+  idCommitment: string;
+  index: ethers.BigNumber;
+};
+
+export interface RLNContractOptions {
+  signer: ethers.Signer;
+  address: string;
+  rateLimit?: number;
+}
+
+export interface RLNContractInitOptions extends RLNContractOptions {
+  contract?: ethers.Contract;
+}
+
+export interface MembershipRegisteredEvent {
+  idCommitment: string;
+  membershipRateLimit: ethers.BigNumber;
+  index: ethers.BigNumber;
+}
+
+export type FetchMembersOptions = {
+  fromBlock?: number;
+  fetchRange?: number;
+  fetchChunks?: number;
+};
+
+export interface MembershipInfo {
+  index: ethers.BigNumber;
+  idCommitment: string;
+  rateLimit: number;
+  startBlock: number;
+  endBlock: number;
+  state: MembershipState;
+  depositAmount: ethers.BigNumber;
+  activeDuration: number;
+  gracePeriodDuration: number;
+  holder: string;
+  token: string;
+}
+
+export enum MembershipState {
+  Active = "Active",
+  GracePeriod = "GracePeriod",
+  Expired = "Expired",
+  ErasedAwaitsWithdrawal = "ErasedAwaitsWithdrawal"
+}

package/src/create.ts

@@ -5,5 +5,5 @@ export async function createRLN(): Promise<RLNInstance> {
   // asynchronously. This file does the single async import, so
   // that no one else needs to worry about it again.
   const rlnModule = await import("./rln.js");
-  return rlnModule.create();
+  return rlnModule.RLNInstance.create();
 }

package/src/credentials_manager.ts

@@ -0,0 +1,282 @@
+import { hmac } from "@noble/hashes/hmac";
+import { sha256 } from "@noble/hashes/sha256";
+import { Logger } from "@waku/utils";
+import { ethers } from "ethers";
+
+import { LINEA_CONTRACT } from "./contract/constants.js";
+import { RLNBaseContract } from "./contract/rln_base_contract.js";
+import { IdentityCredential } from "./identity.js";
+import { Keystore } from "./keystore/index.js";
+import type {
+  DecryptedCredentials,
+  EncryptedCredentials
+} from "./keystore/index.js";
+import { KeystoreEntity, Password } from "./keystore/types.js";
+import { RegisterMembershipOptions, StartRLNOptions } from "./types.js";
+import {
+  buildBigIntFromUint8Array,
+  extractMetaMaskSigner
+} from "./utils/index.js";
+import { Zerokit } from "./zerokit.js";
+
+const log = new Logger("waku:credentials");
+
+/**
+ * Manages credentials for RLN
+ * This is a lightweight implementation of the RLN contract that doesn't require Zerokit
+ * It is used to register membership and generate identity credentials
+ */
+export class RLNCredentialsManager {
+  protected started = false;
+  protected starting = false;
+
+  public contract: undefined | RLNBaseContract;
+  public signer: undefined | ethers.Signer;
+
+  protected keystore = Keystore.create();
+  public credentials: undefined | DecryptedCredentials;
+
+  public zerokit: undefined | Zerokit;
+
+  public constructor(zerokit?: Zerokit) {
+    log.info("RLNCredentialsManager initialized");
+    this.zerokit = zerokit;
+  }
+
+  public get provider(): undefined | ethers.providers.Provider {
+    return this.contract?.provider;
+  }
+
+  public async start(options: StartRLNOptions = {}): Promise<void> {
+    if (this.started || this.starting) {
+      log.info("RLNCredentialsManager already started or starting");
+      return;
+    }
+
+    log.info("Starting RLNCredentialsManager");
+    this.starting = true;
+
+    try {
+      const { credentials, keystore } =
+        await RLNCredentialsManager.decryptCredentialsIfNeeded(
+          options.credentials
+        );
+
+      if (credentials) {
+        log.info("Credentials successfully decrypted");
+      }
+
+      const { signer, address, rateLimit } = await this.determineStartOptions(
+        options,
+        credentials
+      );
+
+      log.info(`Using contract address: ${address}`);
+
+      if (keystore) {
+        this.keystore = keystore;
+        log.info("Using provided keystore");
+      }
+
+      this.credentials = credentials;
+      this.signer = signer!;
+      this.contract = new RLNBaseContract({
+        address: address!,
+        signer: signer!,
+        rateLimit: rateLimit ?? this.zerokit?.rateLimit
+      });
+
+      log.info("RLNCredentialsManager successfully started");
+      this.started = true;
+    } catch (error) {
+      log.error("Failed to start RLNCredentialsManager", error);
+      throw error;
+    } finally {
+      this.starting = false;
+    }
+  }
+
+  public async registerMembership(
+    options: RegisterMembershipOptions
+  ): Promise<undefined | DecryptedCredentials> {
+    if (!this.contract) {
+      log.error("RLN Contract is not initialized");
+      throw Error("RLN Contract is not initialized.");
+    }
+
+    log.info("Registering membership");
+    let identity = "identity" in options && options.identity;
+
+    if ("signature" in options) {
+      log.info("Generating identity from signature");
+      if (this.zerokit) {
+        log.info("Using Zerokit to generate identity");
+        identity = this.zerokit.generateSeededIdentityCredential(
+          options.signature
+        );
+      } else {
+        log.info("Using local implementation to generate identity");
+        identity = this.generateSeededIdentityCredential(options.signature);
+      }
+    }
+
+    if (!identity) {
+      log.error("Missing signature or identity to register membership");
+      throw Error("Missing signature or identity to register membership.");
+    }
+
+    log.info("Registering identity with contract");
+    return this.contract.registerWithIdentity(identity);
+  }
+
+  /**
+   * Changes credentials in use by relying on provided Keystore earlier in rln.start
+   * @param id: string, hash of credentials to select from Keystore
+   * @param password: string or bytes to use to decrypt credentials from Keystore
+   */
+  public async useCredentials(id: string, password: Password): Promise<void> {
+    log.info(`Attempting to use credentials with ID: ${id}`);
+    this.credentials = await this.keystore?.readCredential(id, password);
+    if (this.credentials) {
+      log.info("Successfully loaded credentials");
+    } else {
+      log.warn("Failed to load credentials");
+    }
+  }
+
+  protected async determineStartOptions(
+    options: StartRLNOptions,
+    credentials: KeystoreEntity | undefined
+  ): Promise<StartRLNOptions> {
+    let chainId = credentials?.membership.chainId;
+    const address =
+      credentials?.membership.address ||
+      options.address ||
+      LINEA_CONTRACT.address;
+
+    if (address === LINEA_CONTRACT.address) {
+      chainId = LINEA_CONTRACT.chainId.toString();
+      log.info(`Using Linea contract with chainId: ${chainId}`);
+    }
+
+    const signer = options.signer || (await extractMetaMaskSigner());
+    const currentChainId = await signer.getChainId();
+    log.info(`Current chain ID: ${currentChainId}`);
+
+    if (chainId && chainId !== currentChainId.toString()) {
+      log.error(
+        `Chain ID mismatch: contract=${chainId}, current=${currentChainId}`
+      );
+      throw Error(
+        `Failed to start RLN contract, chain ID of contract is different from current one: contract-${chainId}, current network-${currentChainId}`
+      );
+    }
+
+    return {
+      signer,
+      address
+    };
+  }
+
+  protected static async decryptCredentialsIfNeeded(
+    credentials?: EncryptedCredentials | DecryptedCredentials
+  ): Promise<{ credentials?: DecryptedCredentials; keystore?: Keystore }> {
+    if (!credentials) {
+      log.info("No credentials provided");
+      return {};
+    }
+
+    if ("identity" in credentials) {
+      log.info("Using already decrypted credentials");
+      return { credentials };
+    }
+
+    log.info("Attempting to decrypt credentials");
+    const keystore = Keystore.fromString(credentials.keystore);
+
+    if (!keystore) {
+      log.warn("Failed to create keystore from string");
+      return {};
+    }
+
+    try {
+      const decryptedCredentials = await keystore.readCredential(
+        credentials.id,
+        credentials.password
+      );
+      log.info(`Successfully decrypted credentials with ID: ${credentials.id}`);
+
+      return {
+        keystore,
+        credentials: decryptedCredentials
+      };
+    } catch (error) {
+      log.error("Failed to decrypt credentials", error);
+      throw error;
+    }
+  }
+
+  protected async verifyCredentialsAgainstContract(
+    credentials: KeystoreEntity
+  ): Promise<void> {
+    if (!this.contract) {
+      throw Error(
+        "Failed to verify chain coordinates: no contract initialized."
+      );
+    }
+
+    const registryAddress = credentials.membership.address;
+    const currentRegistryAddress = this.contract.address;
+    if (registryAddress !== currentRegistryAddress) {
+      throw Error(
+        `Failed to verify chain coordinates: credentials contract address=${registryAddress} is not equal to registryContract address=${currentRegistryAddress}`
+      );
+    }
+
+    const chainId = credentials.membership.chainId;
+    const network = await this.contract.provider.getNetwork();
+    const currentChainId = network.chainId;
+    if (chainId !== currentChainId.toString()) {
+      throw Error(
+        `Failed to verify chain coordinates: credentials chainID=${chainId} is not equal to registryContract chainID=${currentChainId}`
+      );
+    }
+  }
+
+  /**
+   * Generates an identity credential from a seed string
+   * This is a pure implementation that doesn't rely on Zerokit
+   * @param seed A string seed to generate the identity from
+   * @returns IdentityCredential
+   */
+  private generateSeededIdentityCredential(seed: string): IdentityCredential {
+    log.info("Generating seeded identity credential");
+    // Convert the seed to bytes
+    const encoder = new TextEncoder();
+    const seedBytes = encoder.encode(seed);
+
+    // Generate deterministic values using HMAC-SHA256
+    // We use different context strings for each component to ensure they're different
+    const idTrapdoor = hmac(sha256, seedBytes, encoder.encode("IDTrapdoor"));
+    const idNullifier = hmac(sha256, seedBytes, encoder.encode("IDNullifier"));
+
+    // Generate IDSecretHash as a hash of IDTrapdoor and IDNullifier
+    const combinedBytes = new Uint8Array([...idTrapdoor, ...idNullifier]);
+    const idSecretHash = sha256(combinedBytes);
+
+    // Generate IDCommitment as a hash of IDSecretHash
+    const idCommitment = sha256(idSecretHash);
+
+    // Convert IDCommitment to BigInt
+    const idCommitmentBigInt = buildBigIntFromUint8Array(idCommitment);
+
+    log.info("Successfully generated identity credential");
+    return new IdentityCredential(
+      idTrapdoor,
+      idNullifier,
+      idSecretHash,
+      idCommitment,
+      idCommitmentBigInt
+    );
+  }
+}

package/src/identity.ts

@@ -28,14 +28,4 @@ export class IdentityCredential {
       idCommitmentBigInt
     );
   }
-
-  public toJSON(): Record<string, number[] | string> {
-    return {
-      idTrapdoor: Array.from(this.IDTrapdoor),
-      idNullifier: Array.from(this.IDNullifier),
-      idSecretHash: Array.from(this.IDSecretHash),
-      idCommitment: Array.from(this.IDCommitment),
-      idCommitmentBigInt: this.IDCommitmentBigInt.toString()
-    };
-  }
 }

package/src/index.ts

@@ -1,19 +1,19 @@
 import { RLNDecoder, RLNEncoder } from "./codec.js";
 import { RLN_ABI } from "./contract/abi.js";
 import { LINEA_CONTRACT, RLNContract } from "./contract/index.js";
-import { RLNLightContract } from "./contract/rln_light_contract.js";
+import { RLNBaseContract } from "./contract/rln_base_contract.js";
 import { createRLN } from "./create.js";
+import { RLNCredentialsManager } from "./credentials_manager.js";
 import { IdentityCredential } from "./identity.js";
 import { Keystore } from "./keystore/index.js";
 import { Proof } from "./proof.js";
 import { RLNInstance } from "./rln.js";
-import { RLNLightInstance } from "./rln_light.js";
 import { MerkleRootTracker } from "./root_tracker.js";
 import { extractMetaMaskSigner } from "./utils/index.js";
 
 export {
-  RLNLightInstance,
-  RLNLightContract,
+  RLNCredentialsManager,
+  RLNBaseContract,
   createRLN,
   Keystore,
   RLNInstance,

package/src/keystore/keystore.ts

@@ -14,7 +14,6 @@ import {
 import _ from "lodash";
 import { v4 as uuidV4 } from "uuid";
 
-import { IdentityCredential } from "../identity.js";
 import { buildBigIntFromUint8Array } from "../utils/bytes.js";
 
 import { decryptEipKeystore, keccak256Checksum } from "./cipher.js";
@@ -251,32 +250,32 @@ export class Keystore {
       const str = bytesToUtf8(bytes);
       const obj = JSON.parse(str);
 
-      // Get identity fields from named object
-      const { idTrapdoor, idNullifier, idSecretHash, idCommitment } = _.get(
-        obj,
-        "identityCredential",
-        {}
-      );
-
-      const idTrapdoorArray = new Uint8Array(idTrapdoor || []);
-      const idNullifierArray = new Uint8Array(idNullifier || []);
-      const idSecretHashArray = new Uint8Array(idSecretHash || []);
-      const idCommitmentArray = new Uint8Array(idCommitment || []);
-      const idCommitmentBigInt = buildBigIntFromUint8Array(idCommitmentArray);
-
+      // TODO: add runtime validation of nwaku credentials
       return {
-        identity: new IdentityCredential(
-          idTrapdoorArray,
-          idNullifierArray,
-          idSecretHashArray,
-          idCommitmentArray,
-          idCommitmentBigInt
-        ),
+        identity: {
+          IDCommitment: Keystore.fromArraylikeToBytes(
+            _.get(obj, "identityCredential.idCommitment", [])
+          ),
+          IDTrapdoor: Keystore.fromArraylikeToBytes(
+            _.get(obj, "identityCredential.idTrapdoor", [])
+          ),
+          IDNullifier: Keystore.fromArraylikeToBytes(
+            _.get(obj, "identityCredential.idNullifier", [])
+          ),
+          IDCommitmentBigInt: buildBigIntFromUint8Array(
+            Keystore.fromArraylikeToBytes(
+              _.get(obj, "identityCredential.idCommitment", [])
+            )
+          ),
+          IDSecretHash: Keystore.fromArraylikeToBytes(
+            _.get(obj, "identityCredential.idSecretHash", [])
+          )
+        },
         membership: {
           treeIndex: _.get(obj, "treeIndex"),
           chainId: _.get(obj, "membershipContract.chainId"),
           address: _.get(obj, "membershipContract.address"),
-          rateLimit: _.get(obj, "membershipContract.rateLimit")
+          rateLimit: _.get(obj, "userMessageLimit")
         }
       };
     } catch (err) {
@@ -285,6 +284,30 @@ export class Keystore {
     }
   }
 
+  private static fromArraylikeToBytes(
+    obj:
+      | number[]
+      | {
+          [key: number]: number;
+        }
+  ): Uint8Array {
+    if (Array.isArray(obj)) {
+      return new Uint8Array(obj);
+    }
+
+    const bytes = [];
+    let index = 0;
+    let lastElement = obj[index];
+
+    while (lastElement !== undefined) {
+      bytes.push(lastElement);
+      index += 1;
+      lastElement = obj[index];
+    }
+
+    return new Uint8Array(bytes);
+  }
+
   // follows nwaku implementation
   // https://github.com/waku-org/nwaku/blob/f05528d4be3d3c876a8b07f9bb7dfaae8aa8ec6e/waku/waku_keystore/protocol_types.nim#L111
   private static computeMembershipHash(info: MembershipInfo): MembershipHash {
@@ -300,15 +323,16 @@ export class Keystore {
       JSON.stringify({
         treeIndex: options.membership.treeIndex,
         identityCredential: {
-          idTrapdoor: Array.from(options.identity.IDTrapdoor),
+          idCommitment: Array.from(options.identity.IDCommitment),
           idNullifier: Array.from(options.identity.IDNullifier),
           idSecretHash: Array.from(options.identity.IDSecretHash),
-          idCommitment: Array.from(options.identity.IDCommitment)
+          idTrapdoor: Array.from(options.identity.IDTrapdoor)
         },
         membershipContract: {
           chainId: options.membership.chainId,
           address: options.membership.address
-        }
+        },
+        userMessageLimit: options.membership.rateLimit
       })
     );
   }