@waku/rln 0.1.8-e224c05.0 → 0.1.8-e800af3.0

package/src/rln.ts

@@ -1,14 +1,37 @@
+import { createDecoder, createEncoder } from "@waku/core";
+import type {
+  ContentTopic,
+  IDecodedMessage,
+  IRoutingInfo,
+  EncoderOptions as WakuEncoderOptions
+} from "@waku/interfaces";
 import { Logger } from "@waku/utils";
-import init, * as zerokitRLN from "@waku/zerokit-rln-wasm";
+import init from "@waku/zerokit-rln-wasm";
+import * as zerokitRLN from "@waku/zerokit-rln-wasm";
 
+import {
+  createRLNDecoder,
+  createRLNEncoder,
+  type RLNDecoder,
+  type RLNEncoder
+} from "./codec.js";
 import { DEFAULT_RATE_LIMIT } from "./contract/constants.js";
 import { RLNCredentialsManager } from "./credentials_manager.js";
+import type {
+  DecryptedCredentials,
+  EncryptedCredentials
+} from "./keystore/index.js";
+import verificationKey from "./resources/verification_key";
 import * as wc from "./resources/witness_calculator";
 import { WitnessCalculator } from "./resources/witness_calculator";
 import { Zerokit } from "./zerokit.js";
 
 const log = new Logger("waku:rln");
 
+type WakuRLNEncoderOptions = WakuEncoderOptions & {
+  credentials: EncryptedCredentials | DecryptedCredentials;
+};
+
 export class RLNInstance extends RLNCredentialsManager {
   /**
    * Create an instance of RLN
@@ -16,14 +39,18 @@ export class RLNInstance extends RLNCredentialsManager {
    */
   public static async create(): Promise<RLNInstance> {
     try {
-      await init();
-
-      zerokitRLN.initPanicHook();
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      await (init as any)?.();
+      zerokitRLN.init_panic_hook();
 
       const witnessCalculator = await RLNInstance.loadWitnessCalculator();
       const zkey = await RLNInstance.loadZkey();
 
-      const zkRLN = zerokitRLN.newRLN(zkey);
+      const stringEncoder = new TextEncoder();
+      const vkey = stringEncoder.encode(JSON.stringify(verificationKey));
+
+      const DEPTH = 20;
+      const zkRLN = zerokitRLN.newRLN(DEPTH, zkey, vkey);
       const zerokit = new Zerokit(zkRLN, witnessCalculator, DEFAULT_RATE_LIMIT);
 
       return new RLNInstance(zerokit);
@@ -37,6 +64,39 @@ export class RLNInstance extends RLNCredentialsManager {
     super(zerokit);
   }
 
+  public async createEncoder(
+    options: WakuRLNEncoderOptions
+  ): Promise<RLNEncoder> {
+    const { credentials: decryptedCredentials } =
+      await RLNInstance.decryptCredentialsIfNeeded(options.credentials);
+    const credentials = decryptedCredentials || this.credentials;
+
+    if (!credentials) {
+      throw Error(
+        "Failed to create Encoder: missing RLN credentials. Use createRLNEncoder directly."
+      );
+    }
+
+    await this.verifyCredentialsAgainstContract(credentials);
+
+    return createRLNEncoder({
+      encoder: createEncoder(options),
+      rlnInstance: this,
+      index: credentials.membership.treeIndex,
+      credential: credentials.identity
+    });
+  }
+
+  public createDecoder(
+    contentTopic: ContentTopic,
+    routingInfo: IRoutingInfo
+  ): RLNDecoder<IDecodedMessage> {
+    return createRLNDecoder({
+      rlnInstance: this,
+      decoder: createDecoder(contentTopic, routingInfo)
+    });
+  }
+
   public static async loadWitnessCalculator(): Promise<WitnessCalculator> {
     try {
       const url = new URL("./resources/rln.wasm", import.meta.url);

package/src/root_tracker.ts

@@ -0,0 +1,92 @@
+class RootPerBlock {
+  public constructor(
+    public root: Uint8Array,
+    public blockNumber: number
+  ) {}
+}
+
+const maxBufferSize = 20;
+
+export class MerkleRootTracker {
+  private validMerkleRoots: Array<RootPerBlock> = new Array<RootPerBlock>();
+  private merkleRootBuffer: Array<RootPerBlock> = new Array<RootPerBlock>();
+
+  public constructor(
+    private acceptableRootWindowSize: number,
+    initialRoot: Uint8Array
+  ) {
+    this.pushRoot(0, initialRoot);
+  }
+
+  public backFill(fromBlockNumber: number): void {
+    if (this.validMerkleRoots.length == 0) return;
+
+    let numBlocks = 0;
+    for (let i = this.validMerkleRoots.length - 1; i >= 0; i--) {
+      if (this.validMerkleRoots[i].blockNumber >= fromBlockNumber) {
+        numBlocks++;
+      }
+    }
+
+    if (numBlocks == 0) return;
+
+    const olderBlock = fromBlockNumber < this.validMerkleRoots[0].blockNumber;
+
+    // Remove last roots
+    let rootsToPop = numBlocks;
+    if (this.validMerkleRoots.length < rootsToPop) {
+      rootsToPop = this.validMerkleRoots.length;
+    }
+
+    this.validMerkleRoots = this.validMerkleRoots.slice(
+      0,
+      this.validMerkleRoots.length - rootsToPop
+    );
+
+    if (this.merkleRootBuffer.length == 0) return;
+
+    if (olderBlock) {
+      const idx = this.merkleRootBuffer.findIndex(
+        (x) => x.blockNumber == fromBlockNumber
+      );
+      if (idx > -1) {
+        this.merkleRootBuffer = this.merkleRootBuffer.slice(0, idx);
+      }
+    }
+
+    // Backfill the tree's acceptable roots
+    let rootsToRestore =
+      this.acceptableRootWindowSize - this.validMerkleRoots.length;
+    if (this.merkleRootBuffer.length < rootsToRestore) {
+      rootsToRestore = this.merkleRootBuffer.length;
+    }
+
+    for (let i = 0; i < rootsToRestore; i++) {
+      const x = this.merkleRootBuffer.pop();
+      if (x) this.validMerkleRoots.unshift(x);
+    }
+  }
+
+  public pushRoot(blockNumber: number, root: Uint8Array): void {
+    this.validMerkleRoots.push(new RootPerBlock(root, blockNumber));
+
+    // Maintain valid merkle root window
+    if (this.validMerkleRoots.length > this.acceptableRootWindowSize) {
+      const x = this.validMerkleRoots.shift();
+      if (x) this.merkleRootBuffer.push(x);
+    }
+
+    // Maintain merkle root buffer
+    if (this.merkleRootBuffer.length > maxBufferSize) {
+      this.merkleRootBuffer.shift();
+    }
+  }
+
+  public roots(): Array<Uint8Array> {
+    return this.validMerkleRoots.map((x) => x.root);
+  }
+
+  public buffer(): Array<Uint8Array> {
+    return this.merkleRootBuffer.map((x) => x.root);
+  }
+}

package/src/utils/bytes.ts

@@ -1,52 +1,56 @@
 export class BytesUtils {
   /**
-   * Concatenate Uint8Arrays
-   * @param input
-   * @returns concatenation of all Uint8Array received as input
+   * Switches endianness of a byte array
    */
-  public static concatenate(...input: Uint8Array[]): Uint8Array {
-    let totalLength = 0;
-    for (const arr of input) {
-      totalLength += arr.length;
-    }
-    const result = new Uint8Array(totalLength);
-    let offset = 0;
-    for (const arr of input) {
-      result.set(arr, offset);
-      offset += arr.length;
+  public static switchEndianness(bytes: Uint8Array): Uint8Array {
+    return new Uint8Array([...bytes].reverse());
+  }
+
+  /**
+   * Builds a BigInt from a big-endian Uint8Array
+   * @param bytes The big-endian bytes to convert
+   * @returns The resulting BigInt in big-endian format
+   */
+  public static buildBigIntFromUint8ArrayBE(bytes: Uint8Array): bigint {
+    let result = 0n;
+    for (let i = 0; i < bytes.length; i++) {
+      result = (result << 8n) + BigInt(bytes[i]);
     }
     return result;
   }
 
   /**
-   * Convert a Uint8Array to a BigInt with configurable input endianness
-   * @param bytes - The byte array to convert
-   * @param inputEndianness - Endianness of the input bytes ('big' or 'little')
-   * @returns BigInt representation of the bytes
+   * Switches endianness of a bigint value
+   * @param value The bigint value to switch endianness for
+   * @returns The bigint value with reversed endianness
    */
-  public static toBigInt(
-    bytes: Uint8Array,
-    inputEndianness: "big" | "little" = "little"
-  ): bigint {
-    if (bytes.length === 0) {
-      return 0n;
+  public static switchEndiannessBigInt(value: bigint): bigint {
+    // Convert bigint to byte array
+    const bytes = [];
+    let tempValue = value;
+    while (tempValue > 0n) {
+      bytes.push(Number(tempValue & 0xffn));
+      tempValue >>= 8n;
     }
 
-    // Create a copy to avoid modifying the original array
-    const workingBytes = new Uint8Array(bytes);
-
-    // Reverse bytes if input is little-endian to work with big-endian internally
-    if (inputEndianness === "little") {
-      workingBytes.reverse();
-    }
+    // Reverse bytes and convert back to bigint
+    return bytes
+      .reverse()
+      .reduce((acc, byte) => (acc << 8n) + BigInt(byte), 0n);
+  }
 
-    // Convert to BigInt
-    let result = 0n;
-    for (let i = 0; i < workingBytes.length; i++) {
-      result = (result << 8n) | BigInt(workingBytes[i]);
+  /**
+   * Converts a big-endian bigint to a 32-byte big-endian Uint8Array
+   * @param value The big-endian bigint to convert
+   * @returns A 32-byte big-endian Uint8Array
+   */
+  public static bigIntToUint8Array32BE(value: bigint): Uint8Array {
+    const bytes = new Uint8Array(32);
+    for (let i = 31; i >= 0; i--) {
+      bytes[i] = Number(value & 0xffn);
+      value >>= 8n;
     }
-
-    return result;
+    return bytes;
   }
 
   /**
@@ -77,6 +81,20 @@ export class BytesUtils {
     return buf;
   }
 
+  /**
+   * Fills with zeros to set length
+   * @param array little endian Uint8Array
+   * @param length amount to pad
+   * @returns little endian Uint8Array padded with zeros to set length
+   */
+  public static zeroPadLE(array: Uint8Array, length: number): Uint8Array {
+    const result = new Uint8Array(length);
+    for (let i = 0; i < length; i++) {
+      result[i] = array[i] || 0;
+    }
+    return result;
+  }
+
   // Adapted from https://github.com/feross/buffer
   public static checkInt(
     buf: Uint8Array,
@@ -90,4 +108,23 @@ export class BytesUtils {
       throw new RangeError('"value" argument is out of bounds');
     if (offset + ext > buf.length) throw new RangeError("Index out of range");
   }
+
+  /**
+   * Concatenate Uint8Arrays
+   * @param input
+   * @returns concatenation of all Uint8Array received as input
+   */
+  public static concatenate(...input: Uint8Array[]): Uint8Array {
+    let totalLength = 0;
+    for (const arr of input) {
+      totalLength += arr.length;
+    }
+    const result = new Uint8Array(totalLength);
+    let offset = 0;
+    for (const arr of input) {
+      result.set(arr, offset);
+      offset += arr.length;
+    }
+    return result;
+  }
 }

package/src/zerokit.ts

@@ -1,8 +1,11 @@
+import type { IRateLimitProof } from "@waku/interfaces";
 import * as zerokitRLN from "@waku/zerokit-rln-wasm";
 
-import { DEFAULT_RATE_LIMIT } from "./contract/constants.js";
+import { DEFAULT_RATE_LIMIT, RATE_LIMIT_PARAMS } from "./contract/constants.js";
 import { IdentityCredential } from "./identity.js";
+import { Proof, proofToBytes } from "./proof.js";
 import { WitnessCalculator } from "./resources/witness_calculator";
+import { BytesUtils, dateToEpoch, epochIntToBytes } from "./utils/index.js";
 
 export class Zerokit {
   public constructor(
@@ -23,13 +26,226 @@ export class Zerokit {
     return this._rateLimit;
   }
 
+  public generateIdentityCredentials(): IdentityCredential {
+    const memKeys = zerokitRLN.generateExtendedMembershipKey(this.zkRLN); // TODO: rename this function in zerokit rln-wasm
+    return IdentityCredential.fromBytes(memKeys);
+  }
+
   public generateSeededIdentityCredential(seed: string): IdentityCredential {
     const stringEncoder = new TextEncoder();
     const seedBytes = stringEncoder.encode(seed);
+    // TODO: rename this function in zerokit rln-wasm
     const memKeys = zerokitRLN.generateSeededExtendedMembershipKey(
       this.zkRLN,
       seedBytes
     );
     return IdentityCredential.fromBytes(memKeys);
   }
+
+  public insertMember(idCommitment: Uint8Array): void {
+    zerokitRLN.insertMember(this.zkRLN, idCommitment);
+  }
+
+  public insertMembers(
+    index: number,
+    ...idCommitments: Array<Uint8Array>
+  ): void {
+    // serializes a seq of IDCommitments to a byte seq
+    // the order of serialization is |id_commitment_len<8>|id_commitment<var>|
+    const idCommitmentLen = BytesUtils.writeUIntLE(
+      new Uint8Array(8),
+      idCommitments.length,
+      0,
+      8
+    );
+    const idCommitmentBytes = BytesUtils.concatenate(
+      idCommitmentLen,
+      ...idCommitments
+    );
+    zerokitRLN.setLeavesFrom(this.zkRLN, index, idCommitmentBytes);
+  }
+
+  public deleteMember(index: number): void {
+    zerokitRLN.deleteLeaf(this.zkRLN, index);
+  }
+
+  public getMerkleRoot(): Uint8Array {
+    return zerokitRLN.getRoot(this.zkRLN);
+  }
+
+  public serializeMessage(
+    uint8Msg: Uint8Array,
+    memIndex: number,
+    epoch: Uint8Array,
+    idKey: Uint8Array,
+    rateLimit?: number
+  ): Uint8Array {
+    // calculate message length
+    const msgLen = BytesUtils.writeUIntLE(
+      new Uint8Array(8),
+      uint8Msg.length,
+      0,
+      8
+    );
+    const memIndexBytes = BytesUtils.writeUIntLE(
+      new Uint8Array(8),
+      memIndex,
+      0,
+      8
+    );
+    const rateLimitBytes = BytesUtils.writeUIntLE(
+      new Uint8Array(8),
+      rateLimit ?? this.rateLimit,
+      0,
+      8
+    );
+
+    // [ id_key<32> | id_index<8> | epoch<32> | signal_len<8> | signal<var> | rate_limit<8> ]
+    return BytesUtils.concatenate(
+      idKey,
+      memIndexBytes,
+      epoch,
+      msgLen,
+      uint8Msg,
+      rateLimitBytes
+    );
+  }
+
+  public async generateRLNProof(
+    msg: Uint8Array,
+    index: number,
+    epoch: Uint8Array | Date | undefined,
+    idSecretHash: Uint8Array,
+    rateLimit?: number
+  ): Promise<IRateLimitProof> {
+    if (epoch === undefined) {
+      epoch = epochIntToBytes(dateToEpoch(new Date()));
+    } else if (epoch instanceof Date) {
+      epoch = epochIntToBytes(dateToEpoch(epoch));
+    }
+
+    const effectiveRateLimit = rateLimit ?? this.rateLimit;
+
+    if (epoch.length !== 32) throw new Error("invalid epoch");
+    if (idSecretHash.length !== 32) throw new Error("invalid id secret hash");
+    if (index < 0) throw new Error("index must be >= 0");
+    if (
+      effectiveRateLimit < RATE_LIMIT_PARAMS.MIN_RATE ||
+      effectiveRateLimit > RATE_LIMIT_PARAMS.MAX_RATE
+    ) {
+      throw new Error(
+        `Rate limit must be between ${RATE_LIMIT_PARAMS.MIN_RATE} and ${RATE_LIMIT_PARAMS.MAX_RATE}`
+      );
+    }
+
+    const serialized_msg = this.serializeMessage(
+      msg,
+      index,
+      epoch,
+      idSecretHash,
+      effectiveRateLimit
+    );
+    const rlnWitness = zerokitRLN.getSerializedRLNWitness(
+      this.zkRLN,
+      serialized_msg
+    );
+    const inputs = zerokitRLN.RLNWitnessToJson(this.zkRLN, rlnWitness);
+    const calculatedWitness = await this.witnessCalculator.calculateWitness(
+      inputs,
+      false
+    );
+
+    const proofBytes = zerokitRLN.generate_rln_proof_with_witness(
+      this.zkRLN,
+      calculatedWitness,
+      rlnWitness
+    );
+
+    return new Proof(proofBytes);
+  }
+
+  public verifyRLNProof(
+    proof: IRateLimitProof | Uint8Array,
+    msg: Uint8Array,
+    rateLimit?: number
+  ): boolean {
+    let pBytes: Uint8Array;
+    if (proof instanceof Uint8Array) {
+      pBytes = proof;
+    } else {
+      pBytes = proofToBytes(proof);
+    }
+
+    // calculate message length
+    const msgLen = BytesUtils.writeUIntLE(new Uint8Array(8), msg.length, 0, 8);
+    const rateLimitBytes = BytesUtils.writeUIntLE(
+      new Uint8Array(8),
+      rateLimit ?? this.rateLimit,
+      0,
+      8
+    );
+
+    return zerokitRLN.verifyRLNProof(
+      this.zkRLN,
+      BytesUtils.concatenate(pBytes, msgLen, msg, rateLimitBytes)
+    );
+  }
+
+  public verifyWithRoots(
+    proof: IRateLimitProof | Uint8Array,
+    msg: Uint8Array,
+    roots: Array<Uint8Array>,
+    rateLimit?: number
+  ): boolean {
+    let pBytes: Uint8Array;
+    if (proof instanceof Uint8Array) {
+      pBytes = proof;
+    } else {
+      pBytes = proofToBytes(proof);
+    }
+    // calculate message length
+    const msgLen = BytesUtils.writeUIntLE(new Uint8Array(8), msg.length, 0, 8);
+    const rateLimitBytes = BytesUtils.writeUIntLE(
+      new Uint8Array(8),
+      rateLimit ?? this.rateLimit,
+      0,
+      8
+    );
+
+    const rootsBytes = BytesUtils.concatenate(...roots);
+
+    return zerokitRLN.verifyWithRoots(
+      this.zkRLN,
+      BytesUtils.concatenate(pBytes, msgLen, msg, rateLimitBytes),
+      rootsBytes
+    );
+  }
+
+  public verifyWithNoRoot(
+    proof: IRateLimitProof | Uint8Array,
+    msg: Uint8Array,
+    rateLimit?: number
+  ): boolean {
+    let pBytes: Uint8Array;
+    if (proof instanceof Uint8Array) {
+      pBytes = proof;
+    } else {
+      pBytes = proofToBytes(proof);
+    }
+
+    // calculate message length
+    const msgLen = BytesUtils.writeUIntLE(new Uint8Array(8), msg.length, 0, 8);
+    const rateLimitBytes = BytesUtils.writeUIntLE(
+      new Uint8Array(8),
+      rateLimit ?? this.rateLimit,
+      0,
+      8
+    );
+
+    return zerokitRLN.verifyWithRoots(
+      this.zkRLN,
+      BytesUtils.concatenate(pBytes, msgLen, msg, rateLimitBytes),
+      new Uint8Array()
+    );
+  }
 }