2023-08-15 13:23:35 +02:00
|
|
|
## Nim-Codex
|
2023-11-14 13:02:17 +01:00
|
|
|
## Copyright (c) 2023 Status Research & Development GmbH
|
2023-08-15 13:23:35 +02:00
|
|
|
## Licensed under either of
|
|
|
|
## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
|
|
|
|
## * MIT license ([LICENSE-MIT](LICENSE-MIT))
|
|
|
|
## at your option.
|
|
|
|
## This file may not be copied, modified, or distributed except according to
|
|
|
|
## those terms.
|
|
|
|
|
2023-12-21 00:41:43 -06:00
|
|
|
{.push raises: [].}
|
|
|
|
|
2023-08-15 13:23:35 +02:00
|
|
|
import std/bitops
|
|
|
|
|
|
|
|
import pkg/questionable/results
|
2023-11-14 13:02:17 +01:00
|
|
|
|
|
|
|
import ../errors
|
|
|
|
|
2023-08-15 13:23:35 +02:00
|
|
|
type
|
2023-12-21 00:41:43 -06:00
|
|
|
CompressFn*[H, K] = proc (x, y: H, key: K): ?!H {.noSideEffect, raises: [].}
|
|
|
|
|
|
|
|
MerkleTree*[H, K] = ref object of RootObj
|
|
|
|
layers* : seq[seq[H]]
|
|
|
|
compress*: CompressFn[H, K]
|
|
|
|
zero* : H
|
|
|
|
|
|
|
|
MerkleProof*[H, K] = ref object of RootObj
|
|
|
|
index* : int # linear index of the leaf, starting from 0
|
|
|
|
path* : seq[H] # order: from the bottom to the top
|
|
|
|
nleaves* : int # number of leaves in the tree (=size of input)
|
|
|
|
compress*: CompressFn[H, K] # compress function
|
|
|
|
zero* : H # zero value
|
|
|
|
|
|
|
|
func depth*[H, K](self: MerkleTree[H, K]): int =
|
|
|
|
return self.layers.len - 1
|
|
|
|
|
|
|
|
func leavesCount*[H, K](self: MerkleTree[H, K]): int =
|
|
|
|
return self.layers[0].len
|
|
|
|
|
|
|
|
func levels*[H, K](self: MerkleTree[H, K]): int =
|
|
|
|
return self.layers.len
|
|
|
|
|
|
|
|
func leaves*[H, K](self: MerkleTree[H, K]): seq[H] =
|
|
|
|
return self.layers[0]
|
|
|
|
|
|
|
|
iterator layers*[H, K](self: MerkleTree[H, K]): seq[H] =
|
|
|
|
for layer in self.layers:
|
|
|
|
yield layer
|
|
|
|
|
|
|
|
iterator nodes*[H, K](self: MerkleTree[H, K]): H =
|
|
|
|
for layer in self.layers:
|
|
|
|
for node in layer:
|
|
|
|
yield node
|
|
|
|
|
|
|
|
func root*[H, K](self: MerkleTree[H, K]): ?!H =
|
|
|
|
let last = self.layers[^1]
|
|
|
|
if last.len != 1:
|
|
|
|
return failure "invalid tree"
|
|
|
|
|
|
|
|
return success last[0]
|
|
|
|
|
|
|
|
func getProof*[H, K](
|
|
|
|
self: MerkleTree[H, K],
|
|
|
|
index: int,
|
|
|
|
proof: MerkleProof[H, K]): ?!void =
|
|
|
|
let depth = self.depth
|
|
|
|
let nleaves = self.leavesCount
|
|
|
|
|
|
|
|
if not (index >= 0 and index < nleaves):
|
|
|
|
return failure "index out of bounds"
|
|
|
|
|
|
|
|
var path : seq[H] = newSeq[H](depth)
|
|
|
|
var k = index
|
|
|
|
var m = nleaves
|
|
|
|
for i in 0..<depth:
|
|
|
|
let j = k xor 1
|
|
|
|
path[i] = if (j < m): self.layers[i][j] else: self.zero
|
|
|
|
k = k shr 1
|
|
|
|
m = (m + 1) shr 1
|
|
|
|
|
|
|
|
proof.index = index
|
|
|
|
proof.path = path
|
|
|
|
proof.nleaves = nleaves
|
|
|
|
proof.compress = self.compress
|
2023-11-14 13:02:17 +01:00
|
|
|
|
|
|
|
success()
|
|
|
|
|
2023-12-21 00:41:43 -06:00
|
|
|
func getProof*[H, K](self: MerkleTree[H, K], index: int): ?!MerkleProof[H, K] =
|
2023-11-14 11:52:27 -06:00
|
|
|
var
|
2023-12-21 00:41:43 -06:00
|
|
|
proof = MerkleProof[H, K]()
|
2023-08-15 13:23:35 +02:00
|
|
|
|
2023-12-21 00:41:43 -06:00
|
|
|
? self.getProof(index, proof)
|
2023-08-15 13:23:35 +02:00
|
|
|
|
2023-12-21 00:41:43 -06:00
|
|
|
success proof
|
2023-08-15 13:23:35 +02:00
|
|
|
|
2023-12-21 00:41:43 -06:00
|
|
|
func reconstructRoot*[H, K](proof: MerkleProof[H, K], leaf: H): ?!H =
|
|
|
|
var
|
|
|
|
m = proof.nleaves
|
|
|
|
j = proof.index
|
|
|
|
h = leaf
|
|
|
|
bottomFlag = K.KeyBottomLayer
|
|
|
|
|
|
|
|
for p in proof.path:
|
|
|
|
let oddIndex : bool = (bitand(j,1) != 0)
|
|
|
|
if oddIndex:
|
|
|
|
# the index of the child is odd, so the node itself can't be odd (a bit counterintuitive, yeah :)
|
|
|
|
h = ? proof.compress( p, h, bottomFlag )
|
2023-11-14 13:02:17 +01:00
|
|
|
else:
|
2023-12-21 00:41:43 -06:00
|
|
|
if j == m - 1:
|
|
|
|
# single child => odd node
|
|
|
|
h = ? proof.compress( h, p, K(bottomFlag.ord + 2) )
|
|
|
|
else:
|
|
|
|
# even node
|
|
|
|
h = ? proof.compress( h , p, bottomFlag )
|
|
|
|
bottomFlag = K.KeyNone
|
|
|
|
j = j shr 1
|
|
|
|
m = (m+1) shr 1
|
2023-11-14 13:02:17 +01:00
|
|
|
|
2023-12-21 00:41:43 -06:00
|
|
|
return success h
|
2023-11-14 13:02:17 +01:00
|
|
|
|
2023-12-21 00:41:43 -06:00
|
|
|
func verify*[H, K](proof: MerkleProof[H, K], leaf: H, root: H): ?!void =
|
|
|
|
return if bool(root == ? proof.reconstructRoot(leaf)):
|
|
|
|
success()
|
2023-11-14 13:02:17 +01:00
|
|
|
else:
|
2023-12-21 00:41:43 -06:00
|
|
|
failure("invalid proof")
|
2023-11-14 13:02:17 +01:00
|
|
|
|
2023-12-21 00:41:43 -06:00
|
|
|
func merkleTreeWorker*[H, K](
|
|
|
|
self: MerkleTree[H, K],
|
|
|
|
xs: openArray[H],
|
|
|
|
isBottomLayer: static bool): ?!seq[seq[H]] =
|
2023-11-14 13:02:17 +01:00
|
|
|
|
2023-12-21 00:41:43 -06:00
|
|
|
let a = low(xs)
|
|
|
|
let b = high(xs)
|
|
|
|
let m = b - a + 1
|
2023-11-14 13:02:17 +01:00
|
|
|
|
2023-12-21 00:41:43 -06:00
|
|
|
when not isBottomLayer:
|
|
|
|
if m == 1:
|
|
|
|
return success @[ @xs ]
|
2023-11-14 13:02:17 +01:00
|
|
|
|
2023-12-21 00:41:43 -06:00
|
|
|
let halfn: int = m div 2
|
|
|
|
let n : int = 2 * halfn
|
|
|
|
let isOdd: bool = (n != m)
|
2023-11-14 13:02:17 +01:00
|
|
|
|
2023-12-21 00:41:43 -06:00
|
|
|
var ys: seq[H]
|
|
|
|
if not isOdd:
|
|
|
|
ys = newSeq[H](halfn)
|
2023-11-14 13:02:17 +01:00
|
|
|
else:
|
2023-12-21 00:41:43 -06:00
|
|
|
ys = newSeq[H](halfn + 1)
|
|
|
|
|
|
|
|
for i in 0..<halfn:
|
|
|
|
const key = when isBottomLayer: K.KeyBottomLayer else: K.KeyNone
|
|
|
|
ys[i] = ? self.compress( xs[a + 2 * i], xs[a + 2 * i + 1], key = key )
|
|
|
|
if isOdd:
|
|
|
|
const key = when isBottomLayer: K.KeyOddAndBottomLayer else: K.KeyOdd
|
|
|
|
ys[halfn] = ? self.compress( xs[n], self.zero, key = key )
|
|
|
|
|
|
|
|
success @[ @xs ] & ? self.merkleTreeWorker(ys, isBottomLayer = false)
|