diff --git a/proof_of_validator/circom/validator_anemoi.circom b/proof_of_validator/circom/validator_anemoi.circom index fed599d..24dfaa0 100644 --- a/proof_of_validator/circom/validator_anemoi.circom +++ b/proof_of_validator/circom/validator_anemoi.circom @@ -52,6 +52,39 @@ template commitment_computer(){ commitment <== hash.out; } +template nonce_updater(){ + signal input note_nonce; + signal input nullifier_secret_key; + signal output updated_nonce; + + component hash = hash_4_to_1(); + + //The b"coin-evolve" Tag converted in F_p element (from bits with big endian order) + hash.in[0] <== 120209783668687835891529317; + hash.in[1] <== note_nonce; + hash.in[2] <== nullifier_secret_key; + hash.in[3] <== 0; + + updated_nonce <== hash.out; +} + +template nullifier_computer(){ + signal input note_nonce; + signal input nullifier_secret_key; + signal input value; + signal output nullifier; + + component hash = hash_4_to_1(); + + //The b"coin-nullifier" Tag converted in F_p element (from bits with big endian order) + hash.in[0] <== 2016785505923014207119328528655730; + hash.in[1] <== note_nonce; + hash.in[2] <== nullifier_secret_key; + hash.in[3] <== value; + + nullifier <== hash.out; +} + template membership_checker(){ signal input leaf; //The note commitment signal input root; //The root of the Merkle Tree (of depth 32) @@ -91,6 +124,8 @@ template anemoi_proof_of_validator(max_notes, minimum_stake){ //TODO: put mini signal input nodes[max_notes][32]; //Merkle proof of the commitment signal output identity; + signal output nullifiers[max_notes]; + signal output updated_commiments[max_notes]; // Check that index inputs are indeed bits @@ -152,6 +187,38 @@ template anemoi_proof_of_validator(max_notes, minimum_stake){ //TODO: put mini isLess.in[1] <== sum[max_notes-2]; isLess.out === 1; + + // Compute the note nullifiers + component nullifier_computer[max_notes]; + for(var i=0; i