fix: hash inputs for external nullifier, remove length prefix for sha256

2026-01-02 14:03:06 +00:00 · 2025-12-09 18:52:42 -08:00 · 2025-12-09 18:52:42 -08:00 · 54b827ada8
commit 54b827ada8
parent 2477c4980f
2 changed files with 18 additions and 8 deletions
--- a/waku/waku_rln_relay/group_manager/on_chain/group_manager.nim
+++ b/waku/waku_rln_relay/group_manager/on_chain/group_manager.nim
@ -379,7 +379,11 @@ method generateProof*(

  let x = keccak.keccak256.digest(data)

-  let extNullifier = poseidon(@[@(epoch), @(rlnIdentifier)]).valueOr:
+  let epochHash = sha256(@(epoch)).valueOr:
+    return err("Failed to compute epoch hash: " & error)
+  let rlnIdentifierHash = sha256(@(rlnIdentifier)).valueOr:
+    return err("Failed to compute rln identifier hash: " & error)
+  let extNullifier = poseidon(@[@(epochHash), @(rlnIdentifierHash)]).valueOr:
    return err("Failed to compute external nullifier: " & error)

  let witness = RLNWitnessInput(
@ -457,10 +461,13 @@ method verifyProof*(

  var normalizedProof = proof

-  normalizedProof.externalNullifier = poseidon(
-    @[@(proof.epoch), @(proof.rlnIdentifier)]
-  ).valueOr:
+  let epochHash = sha256(@(proof.epoch)).valueOr:
+    return err("Failed to compute epoch hash: " & error)
+  let rlnIdentifierHash = sha256(@(proof.rlnIdentifier)).valueOr:
+    return err("Failed to compute rln identifier hash: " & error)
+  let externalNullifier = poseidon(@[@(epochHash), @(rlnIdentifierHash)]).valueOr:
    return err("Failed to compute external nullifier: " & error)
+  normalizedProof.externalNullifier = externalNullifier

  let proofBytes = serialize(normalizedProof, input)
  let proofBuffer = proofBytes.toBuffer()
--- a/waku/waku_rln_relay/rln/wrappers.nim
+++ b/waku/waku_rln_relay/rln/wrappers.nim
@ -121,9 +121,8 @@ proc createRLNInstance*(): RLNResult =

 proc sha256*(data: openArray[byte]): RlnRelayResult[MerkleNode] =
  ## a thin layer on top of the Nim wrapper of the sha256 hasher
-  var lenPrefData = encodeLengthPrefix(data)
  var
-    hashInputBuffer = lenPrefData.toBuffer()
+    hashInputBuffer = data.toBuffer()
    outputBuffer: Buffer # will holds the hash output

  trace "sha256 hash input buffer length", bufflen = hashInputBuffer.len
@ -181,8 +180,12 @@ proc toLeaves*(rateCommitments: seq[RateCommitment]): RlnRelayResult[seq[seq[byt
  return ok(leaves)

 proc extractMetadata*(proof: RateLimitProof): RlnRelayResult[ProofMetadata] =
-  let externalNullifier = poseidon(@[@(proof.epoch), @(proof.rlnIdentifier)]).valueOr:
-    return err("could not construct the external nullifier")
+  let epochHash = sha256(@(proof.epoch)).valueOr:
+    return err("Failed to compute epoch hash: " & error)
+  let rlnIdentifierHash = sha256(@(proof.rlnIdentifier)).valueOr:
+    return err("Failed to compute rln identifier hash: " & error)
+  let externalNullifier = poseidon(@[@(epochHash), @(rlnIdentifierHash)]).valueOr:
+    return err("Failed to compute external nullifier: " & error)
  return ok(
    ProofMetadata(
      nullifier: proof.nullifier,