@waku/rln 0.1.6-b4748fd.0 → 0.1.6-b58de3a.0

package/package.json

@@ -1 +1 @@
-{"name":"@waku/rln","version":"0.1.6-b4748fd.0","description":"RLN (Rate Limiting Nullifier) implementation for Waku","types":"./dist/index.d.ts","module":"./dist/index.js","exports":{".":{"types":"./dist/index.d.ts","import":"./dist/index.js"}},"type":"module","homepage":"https://github.com/waku-org/js-waku/tree/master/packages/rln#readme","repository":{"type":"git","url":"https://github.com/waku-org/js-waku.git"},"bugs":{"url":"https://github.com/waku-org/js-waku/issues"},"license":"MIT OR Apache-2.0","keywords":["waku","rln","rate-limiting","privacy","web3"],"scripts":{"build":"run-s build:**","build:copy":"mkdir -p dist/resources && cp -r src/resources/* dist/resources/","build:esm":"tsc","build:bundle":"rollup --config rollup.config.js","fix":"run-s fix:*","fix:lint":"eslint src *.js --fix","check":"run-s check:*","check:tsc":"tsc -p tsconfig.dev.json","check:lint":"eslint \"src/!(resources)/**/*.{ts,js}\" *.js","check:spelling":"cspell \"{README.md,src/**/*.ts}\"","test":"NODE_ENV=test run-s test:*","test:browser":"karma start karma.conf.cjs","watch:build":"tsc -p tsconfig.json -w","watch:test":"mocha --watch","prepublish":"npm run build","reset-hard":"git clean -dfx -e .idea && git reset --hard && npm i && npm run build"},"engines":{"node":">=20"},"devDependencies":{"@rollup/plugin-commonjs":"^25.0.7","@rollup/plugin-json":"^6.0.0","@rollup/plugin-node-resolve":"^15.2.3","@types/chai":"^5.0.1","@types/chai-spies":"^1.0.6","@waku/interfaces":"0.0.31-b4748fd.0","@types/deep-equal-in-any-order":"^1.0.4","@types/lodash":"^4.17.15","@types/sinon":"^17.0.3","@waku/build-utils":"^1.0.0","@waku/message-encryption":"0.0.34-b4748fd.0","deep-equal-in-any-order":"^2.0.6","fast-check":"^3.23.2","rollup-plugin-copy":"^3.5.0"},"files":["dist","bundle","src/**/*.ts","!**/*.spec.*","!**/*.json","CHANGELOG.md","LICENSE","README.md"],"dependencies":{"@chainsafe/bls-keystore":"3.0.0","@waku/core":"0.0.36-b4748fd.0","@waku/utils":"0.0.24-b4748fd.0","@noble/hashes":"^1.2.0","@waku/zerokit-rln-wasm":"^0.0.13","ethereum-cryptography":"^3.1.0","ethers":"^5.7.2","lodash":"^4.17.21","uuid":"^11.0.5","chai":"^5.1.2","chai-as-promised":"^8.0.1","chai-spies":"^1.1.0","chai-subset":"^1.6.0","sinon":"^19.0.2"}}
+{"name":"@waku/rln","version":"0.1.6-b58de3a.0","description":"RLN (Rate Limiting Nullifier) implementation for Waku","types":"./dist/index.d.ts","module":"./dist/index.js","exports":{".":{"types":"./dist/index.d.ts","import":"./dist/index.js"}},"type":"module","homepage":"https://github.com/waku-org/js-waku/tree/master/packages/rln#readme","repository":{"type":"git","url":"https://github.com/waku-org/js-waku.git"},"bugs":{"url":"https://github.com/waku-org/js-waku/issues"},"license":"MIT OR Apache-2.0","keywords":["waku","rln","rate-limiting","privacy","web3"],"scripts":{"build":"run-s build:**","build:copy":"mkdir -p dist/resources && cp -r src/resources/* dist/resources/","build:esm":"tsc","build:bundle":"rollup --config rollup.config.js","fix":"run-s fix:*","fix:lint":"eslint src *.js --fix","check":"run-s check:*","check:tsc":"tsc -p tsconfig.dev.json","check:lint":"eslint \"src/!(resources)/**/*.{ts,js}\" *.js","check:spelling":"cspell \"{README.md,src/**/*.ts}\"","test":"NODE_ENV=test run-s test:*","test:browser":"karma start karma.conf.cjs","watch:build":"tsc -p tsconfig.json -w","watch:test":"mocha --watch","prepublish":"npm run build","reset-hard":"git clean -dfx -e .idea && git reset --hard && npm i && npm run build"},"engines":{"node":">=20"},"devDependencies":{"@rollup/plugin-commonjs":"^25.0.7","@rollup/plugin-json":"^6.0.0","@rollup/plugin-node-resolve":"^15.2.3","@types/chai":"^5.0.1","@types/chai-spies":"^1.0.6","@waku/interfaces":"0.0.31-b58de3a.0","@types/deep-equal-in-any-order":"^1.0.4","@types/lodash":"^4.17.15","@types/sinon":"^17.0.3","@waku/build-utils":"^1.0.0","@waku/message-encryption":"0.0.34-b58de3a.0","deep-equal-in-any-order":"^2.0.6","fast-check":"^3.23.2","rollup-plugin-copy":"^3.5.0"},"files":["dist","bundle","src/**/*.ts","!**/*.spec.*","!**/*.json","CHANGELOG.md","LICENSE","README.md"],"dependencies":{"@chainsafe/bls-keystore":"3.0.0","@waku/core":"0.0.36-b58de3a.0","@waku/utils":"0.0.24-b58de3a.0","@noble/hashes":"^1.2.0","@waku/zerokit-rln-wasm":"^0.0.13","ethereum-cryptography":"^3.1.0","ethers":"^5.7.2","lodash":"^4.17.21","uuid":"^11.0.5","chai":"^5.1.2","chai-as-promised":"^8.0.1","chai-spies":"^1.1.0","chai-subset":"^1.6.0","sinon":"^19.0.2"}}

package/src/contract/rln_base_contract.ts

@@ -3,7 +3,6 @@ import { ethers } from "ethers";
 
 import { IdentityCredential } from "../identity.js";
 import { DecryptedCredentials } from "../keystore/types.js";
-import { buildBigIntFromUint8ArrayBE } from "../utils/bytes.js";
 
 import { RLN_ABI } from "./abi.js";
 import {
@@ -506,32 +505,6 @@ export class RLNBaseContract {
     }
   }
 
-  private getIdCommitmentBigInt(bytes: Uint8Array): bigint {
-    let idCommitmentBigIntBE = buildBigIntFromUint8ArrayBE(bytes);
-    log.info("1");
-
-    if (!this.contract) {
-      throw Error("RLN contract is not initialized");
-    }
-
-    const idCommitmentBigIntLimit = this.contract.idCommitmentBigIntLimit;
-
-    log.info("idCommitmentBigIntBE: ", idCommitmentBigIntBE);
-    log.info("idCommitmentBigIntLimit: ", idCommitmentBigIntLimit);
-    log.info(
-      "idCommitmentBigIntBE >= idCommitmentBigIntLimit: ",
-      idCommitmentBigIntBE >= idCommitmentBigIntLimit
-    );
-
-    if (idCommitmentBigIntBE >= idCommitmentBigIntLimit) {
-      log.warn(
-        `ID commitment is greater than Q, reducing it by Q(idCommitmentBigIntLimit): ${idCommitmentBigIntBE} % ${idCommitmentBigIntLimit}`
-      );
-      idCommitmentBigIntBE = idCommitmentBigIntBE % idCommitmentBigIntLimit;
-    }
-    return idCommitmentBigIntBE;
-  }
-
   public async registerWithIdentity(
     identity: IdentityCredential
   ): Promise<DecryptedCredentials | undefined> {
@@ -540,12 +513,10 @@ export class RLNBaseContract {
         `Registering identity with rate limit: ${this.rateLimit} messages/epoch`
       );
 
-      const idCommitmentBigInt = this.getIdCommitmentBigInt(
-        identity.IDCommitment
-      );
-
       // Check if the ID commitment is already registered
-      const existingIndex = await this.getMemberIndex(idCommitmentBigInt);
+      const existingIndex = await this.getMemberIndex(
+        identity.IDCommitmentBigInt
+      );
       if (existingIndex) {
         throw new Error(
           `ID commitment is already registered with index ${existingIndex}`
@@ -561,16 +532,19 @@ export class RLNBaseContract {
       }
 
       const estimatedGas = await this.contract.estimateGas.register(
-        idCommitmentBigInt,
+        identity.IDCommitmentBigInt,
         this.rateLimit,
         []
       );
       const gasLimit = estimatedGas.add(10000);
 
       const txRegisterResponse: ethers.ContractTransaction =
-        await this.contract.register(idCommitmentBigInt, this.rateLimit, [], {
-          gasLimit
-        });
+        await this.contract.register(
+          identity.IDCommitmentBigInt,
+          this.rateLimit,
+          [],
+          { gasLimit }
+        );
 
       const txRegisterReceipt = await txRegisterResponse.wait();
 
@@ -666,7 +640,7 @@ export class RLNBaseContract {
           permit.v,
           permit.r,
           permit.s,
-          this.getIdCommitmentBigInt(identity.IDCommitment),
+          identity.IDCommitmentBigInt,
           this.rateLimit,
           idCommitmentsToErase.map((id) => ethers.BigNumber.from(id))
         );

package/src/contract/test-utils.ts

@@ -0,0 +1,179 @@
+import { hexToBytes } from "@waku/utils/bytes";
+import { expect } from "chai";
+import * as ethers from "ethers";
+import sinon from "sinon";
+
+import type { IdentityCredential } from "../identity.js";
+
+import { DEFAULT_RATE_LIMIT, LINEA_CONTRACT } from "./constants.js";
+
+export const mockRateLimits = {
+  minRate: 20,
+  maxRate: 600,
+  maxTotalRate: 1200,
+  currentTotalRate: 500
+};
+
+type MockProvider = {
+  getLogs: () => never[];
+  getBlockNumber: () => Promise<number>;
+  getNetwork: () => Promise<{ chainId: number }>;
+};
+
+type MockFilters = {
+  MembershipRegistered: () => { address: string };
+  MembershipErased: () => { address: string };
+  MembershipExpired: () => { address: string };
+};
+
+export function createMockProvider(): MockProvider {
+  return {
+    getLogs: () => [],
+    getBlockNumber: () => Promise.resolve(1000),
+    getNetwork: () => Promise.resolve({ chainId: 11155111 })
+  };
+}
+
+export function createMockFilters(): MockFilters {
+  return {
+    MembershipRegistered: () => ({ address: LINEA_CONTRACT.address }),
+    MembershipErased: () => ({ address: LINEA_CONTRACT.address }),
+    MembershipExpired: () => ({ address: LINEA_CONTRACT.address })
+  };
+}
+
+type ContractOverrides = Partial<{
+  filters: Record<string, unknown>;
+  [key: string]: unknown;
+}>;
+
+export function createMockRegistryContract(
+  overrides: ContractOverrides = {}
+): ethers.Contract {
+  const filters = {
+    MembershipRegistered: () => ({ address: LINEA_CONTRACT.address }),
+    MembershipErased: () => ({ address: LINEA_CONTRACT.address }),
+    MembershipExpired: () => ({ address: LINEA_CONTRACT.address })
+  };
+
+  const baseContract = {
+    minMembershipRateLimit: () =>
+      Promise.resolve(ethers.BigNumber.from(mockRateLimits.minRate)),
+    maxMembershipRateLimit: () =>
+      Promise.resolve(ethers.BigNumber.from(mockRateLimits.maxRate)),
+    maxTotalRateLimit: () =>
+      Promise.resolve(ethers.BigNumber.from(mockRateLimits.maxTotalRate)),
+    currentTotalRateLimit: () =>
+      Promise.resolve(ethers.BigNumber.from(mockRateLimits.currentTotalRate)),
+    queryFilter: () => [],
+    provider: createMockProvider(),
+    filters,
+    on: () => ({}),
+    removeAllListeners: () => ({}),
+    register: () => ({
+      wait: () =>
+        Promise.resolve({
+          events: [mockRLNRegisteredEvent()]
+        })
+    }),
+    estimateGas: {
+      register: () => Promise.resolve(ethers.BigNumber.from(100000))
+    },
+    functions: {
+      register: () => Promise.resolve()
+    },
+    getMemberIndex: () => Promise.resolve(null),
+    interface: {
+      getEvent: (eventName: string) => ({
+        name: eventName,
+        format: () => {}
+      })
+    },
+    address: LINEA_CONTRACT.address
+  };
+
+  // Merge overrides while preserving filters
+  const merged = {
+    ...baseContract,
+    ...overrides,
+    filters: { ...filters, ...(overrides.filters || {}) }
+  };
+
+  return merged as unknown as ethers.Contract;
+}
+
+export function mockRLNRegisteredEvent(idCommitment?: string): ethers.Event {
+  return {
+    args: {
+      idCommitment:
+        idCommitment ||
+        "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
+      membershipRateLimit: ethers.BigNumber.from(DEFAULT_RATE_LIMIT),
+      index: ethers.BigNumber.from(1)
+    },
+    event: "MembershipRegistered"
+  } as unknown as ethers.Event;
+}
+
+export function formatIdCommitment(idCommitmentBigInt: bigint): string {
+  return "0x" + idCommitmentBigInt.toString(16).padStart(64, "0");
+}
+
+export function createRegisterStub(
+  identity: IdentityCredential
+): sinon.SinonStub {
+  return sinon.stub().callsFake(() => ({
+    wait: () =>
+      Promise.resolve({
+        events: [
+          {
+            event: "MembershipRegistered",
+            args: {
+              idCommitment: formatIdCommitment(identity.IDCommitmentBigInt),
+              membershipRateLimit: ethers.BigNumber.from(DEFAULT_RATE_LIMIT),
+              index: ethers.BigNumber.from(1)
+            }
+          }
+        ]
+      })
+  }));
+}
+
+export function verifyRegistration(
+  decryptedCredentials: any,
+  identity: IdentityCredential,
+  registerStub: sinon.SinonStub,
+  insertMemberSpy: sinon.SinonStub
+): void {
+  if (!decryptedCredentials) {
+    throw new Error("Decrypted credentials should not be undefined");
+  }
+
+  // Verify registration call
+  expect(
+    registerStub.calledWith(
+      sinon.match.same(identity.IDCommitmentBigInt),
+      sinon.match.same(DEFAULT_RATE_LIMIT),
+      sinon.match.array,
+      sinon.match.object
+    )
+  ).to.be.true;
+
+  // Verify credential properties
+  expect(decryptedCredentials).to.have.property("identity");
+  expect(decryptedCredentials).to.have.property("membership");
+  expect(decryptedCredentials.membership).to.include({
+    address: LINEA_CONTRACT.address,
+    treeIndex: 1
+  });
+
+  // Verify member insertion
+  const expectedIdCommitment = ethers.utils.zeroPad(
+    hexToBytes(formatIdCommitment(identity.IDCommitmentBigInt)),
+    32
+  );
+  expect(insertMemberSpy.callCount).to.equal(1);
+  expect(insertMemberSpy.getCall(0).args[0]).to.deep.equal(
+    expectedIdCommitment
+  );
+}

package/src/credentials_manager.ts

@@ -13,7 +13,10 @@ import type {
 } from "./keystore/index.js";
 import { KeystoreEntity, Password } from "./keystore/types.js";
 import { RegisterMembershipOptions, StartRLNOptions } from "./types.js";
-import { extractMetaMaskSigner, switchEndianness } from "./utils/index.js";
+import {
+  buildBigIntFromUint8ArrayLE,
+  extractMetaMaskSigner
+} from "./utils/index.js";
 import { Zerokit } from "./zerokit.js";
 
 const log = new Logger("waku:credentials");
@@ -258,31 +261,35 @@ export class RLNCredentialsManager {
 
     // Generate deterministic values using HMAC-SHA256
     // We use different context strings for each component to ensure they're different
-    const idTrapdoorBE = hmac(sha256, seedBytes, encoder.encode("IDTrapdoor"));
-    const idNullifierBE = hmac(
-      sha256,
-      seedBytes,
-      encoder.encode("IDNullifier")
-    );
+    const idTrapdoor = hmac(sha256, seedBytes, encoder.encode("IDTrapdoor"));
+    const idNullifier = hmac(sha256, seedBytes, encoder.encode("IDNullifier"));
+
+    const combinedBytes = new Uint8Array([...idTrapdoor, ...idNullifier]);
+    const idSecretHash = sha256(combinedBytes);
 
-    const combinedBytes = new Uint8Array([...idTrapdoorBE, ...idNullifierBE]);
-    const idSecretHashBE = sha256(combinedBytes);
+    const idCommitment = sha256(idSecretHash);
 
-    const idCommitmentBE = sha256(idSecretHashBE);
+    let idCommitmentBigInt = buildBigIntFromUint8ArrayLE(idCommitment);
+    if (!this.contract) {
+      throw Error("RLN contract is not initialized");
+    }
 
-    // All hashing functions return big-endian bytes
-    // We need to switch to little-endian for the identity credential
-    const idTrapdoorLE = switchEndianness(idTrapdoorBE);
-    const idNullifierLE = switchEndianness(idNullifierBE);
-    const idSecretHashLE = switchEndianness(idSecretHashBE);
-    const idCommitmentLE = switchEndianness(idCommitmentBE);
+    const idCommitmentBigIntLimit = this.contract.idCommitmentBigIntLimit;
+
+    if (idCommitmentBigInt >= idCommitmentBigIntLimit) {
+      log.warn(
+        `ID commitment is greater than Q, reducing it by Q(idCommitmentBigIntLimit): ${idCommitmentBigInt} % ${idCommitmentBigIntLimit}`
+      );
+      idCommitmentBigInt = idCommitmentBigInt % idCommitmentBigIntLimit;
+    }
 
     log.info("Successfully generated identity credential");
     return new IdentityCredential(
-      idTrapdoorLE,
-      idNullifierLE,
-      idSecretHashLE,
-      idCommitmentLE
+      idTrapdoor,
+      idNullifier,
+      idSecretHash,
+      idCommitment,
+      idCommitmentBigInt
     );
   }
 }

package/src/identity.ts

@@ -1,12 +1,12 @@
+import { buildBigIntFromUint8ArrayLE } from "./utils/index.js";
+
 export class IdentityCredential {
-  /**
-   * All variables are in little-endian format
-   */
   public constructor(
     public readonly IDTrapdoor: Uint8Array,
     public readonly IDNullifier: Uint8Array,
     public readonly IDSecretHash: Uint8Array,
-    public readonly IDCommitment: Uint8Array
+    public readonly IDCommitment: Uint8Array,
+    public readonly IDCommitmentBigInt: bigint
   ) {}
 
   public static fromBytes(memKeys: Uint8Array): IdentityCredential {
@@ -18,12 +18,14 @@ export class IdentityCredential {
     const idNullifier = memKeys.subarray(32, 64);
     const idSecretHash = memKeys.subarray(64, 96);
     const idCommitment = memKeys.subarray(96, 128);
+    const idCommitmentBigInt = buildBigIntFromUint8ArrayLE(idCommitment);
 
     return new IdentityCredential(
       idTrapdoor,
       idNullifier,
       idSecretHash,
-      idCommitment
+      idCommitment,
+      idCommitmentBigInt
     );
   }
 }

package/src/keystore/keystore.ts

@@ -14,6 +14,8 @@ import {
 import _ from "lodash";
 import { v4 as uuidV4 } from "uuid";
 
+import { buildBigIntFromUint8ArrayLE } from "../utils/bytes.js";
+
 import { decryptEipKeystore, keccak256Checksum } from "./cipher.js";
 import { isCredentialValid, isKeystoreValid } from "./schema_validator.js";
 import type {
@@ -244,29 +246,43 @@ export class Keystore {
   private static fromBytesToIdentity(
     bytes: Uint8Array
   ): undefined | KeystoreEntity {
+    function fromLittleEndian(bytes: Uint8Array): Uint8Array {
+      return new Uint8Array(bytes).reverse();
+    }
     try {
       const str = bytesToUtf8(bytes);
       const obj = JSON.parse(str);
 
-      const idCommitmentLE = Keystore.fromArraylikeToBytes(
-        _.get(obj, "identityCredential.idCommitment", [])
-      );
-      const idTrapdoorLE = Keystore.fromArraylikeToBytes(
-        _.get(obj, "identityCredential.idTrapdoor", [])
-      );
-      const idNullifierLE = Keystore.fromArraylikeToBytes(
-        _.get(obj, "identityCredential.idNullifier", [])
-      );
-      const idSecretHashLE = Keystore.fromArraylikeToBytes(
-        _.get(obj, "identityCredential.idSecretHash", [])
-      );
-
+      // TODO: add runtime validation of nwaku credentials
       return {
         identity: {
-          IDCommitment: idCommitmentLE,
-          IDTrapdoor: idTrapdoorLE,
-          IDNullifier: idNullifierLE,
-          IDSecretHash: idSecretHashLE
+          IDCommitment: fromLittleEndian(
+            Keystore.fromArraylikeToBytes(
+              _.get(obj, "identityCredential.idCommitment", [])
+            )
+          ),
+          IDTrapdoor: fromLittleEndian(
+            Keystore.fromArraylikeToBytes(
+              _.get(obj, "identityCredential.idTrapdoor", [])
+            )
+          ),
+          IDNullifier: fromLittleEndian(
+            Keystore.fromArraylikeToBytes(
+              _.get(obj, "identityCredential.idNullifier", [])
+            )
+          ),
+          IDCommitmentBigInt: buildBigIntFromUint8ArrayLE(
+            fromLittleEndian(
+              Keystore.fromArraylikeToBytes(
+                _.get(obj, "identityCredential.idCommitment", [])
+              )
+            )
+          ),
+          IDSecretHash: fromLittleEndian(
+            Keystore.fromArraylikeToBytes(
+              _.get(obj, "identityCredential.idSecretHash", [])
+            )
+          )
         },
         membership: {
           treeIndex: _.get(obj, "treeIndex"),

package/src/utils/bytes.ts

@@ -17,13 +17,18 @@ export function concatenate(...input: Uint8Array[]): Uint8Array {
   return result;
 }
 
-export function switchEndianness(bytes: Uint8Array): Uint8Array {
-  return new Uint8Array(bytes.reverse());
-}
-
-export function buildBigIntFromUint8ArrayBE(bytes: Uint8Array): bigint {
-  // Interpret bytes as big-endian
-  return bytes.reduce((acc, byte) => (acc << 8n) + BigInt(byte), 0n);
+// Adapted from https://github.com/feross/buffer
+function checkInt(
+  buf: Uint8Array,
+  value: number,
+  offset: number,
+  ext: number,
+  max: number,
+  min: number
+): void {
+  if (value > max || value < min)
+    throw new RangeError('"value" argument is out of bounds');
+  if (offset + ext > buf.length) throw new RangeError("Index out of range");
 }
 
 export function writeUIntLE(
@@ -51,6 +56,13 @@ export function writeUIntLE(
   return buf;
 }
 
+export function buildBigIntFromUint8ArrayLE(bytes: Uint8Array): bigint {
+  return bytes.reduce(
+    (acc, byte, i) => acc + BigInt(byte) * (1n << (8n * BigInt(i))),
+    0n
+  );
+}
+
 /**
  * Fills with zeros to set length
  * @param array little endian Uint8Array
@@ -64,17 +76,3 @@ export function zeroPadLE(array: Uint8Array, length: number): Uint8Array {
   }
   return result;
 }
-
-// Adapted from https://github.com/feross/buffer
-function checkInt(
-  buf: Uint8Array,
-  value: number,
-  offset: number,
-  ext: number,
-  max: number,
-  min: number
-): void {
-  if (value > max || value < min)
-    throw new RangeError('"value" argument is out of bounds');
-  if (offset + ext > buf.length) throw new RangeError("Index out of range");
-}

package/src/utils/index.ts

@@ -2,7 +2,7 @@ export { extractMetaMaskSigner } from "./metamask.js";
 export {
   concatenate,
   writeUIntLE,
-  switchEndianness,
+  buildBigIntFromUint8ArrayLE,
   zeroPadLE
 } from "./bytes.js";
 export { sha256, poseidonHash } from "./hash.js";