Adds RateLimitProof protobuf message (#464)

* adds RateLimitProof protobuf message

* updates fields case

* more clarification

* minor

* fixes missing Relay in RLN-Relay

* addresses comments

* moves refs above the copyright notice

content/docs/rfcs/11/README.md

@@ -150,7 +150,7 @@ Spam protection is partly provided by GossipSub v1.1 through [scoring mechanism]
 At a high level, peers utilize a scoring function to locally score the behavior of their connections and remove peers with a low score.
 `11/WAKU2-RELAY` aims at enabling an advanced spam protection mechanism with economic disincentives by utilizing Rate Limiting Nullifiers.
 In a nutshell, peers must conform to a certain message publishing rate per a system-defined epoch, otherwise, they get financially penalized for exceeding the rate.
-More details on this new technique can be found in [`17/WAKU-RLN`](/spec/17). 
+More details on this new technique can be found in [`17/WAKU-RLN-RELAY`](/spec/17). 
   <!-- TODO havn't checked if all the measures in libp2p GossipSub v1.1 are taken in the nim-libp2p as well, may need to audit the code --> 
 
 - Providing **Unlinkability**, **Integrity** and  **Authenticity** simultaneously:

content/docs/rfcs/17/README.md

@@ -1,6 +1,6 @@
 ---
 slug: 17
-title: 17/WAKU-RLN
+title: 17/WAKU-RLN-RELAY
 name: Waku v2 RLN Relay
 status: raw
 tags: waku-core
@@ -128,17 +128,62 @@ Nodes MAY extend the  [14/WAKU2-MESSAGE](/spec/14) with a `proof` field to indic
 
 syntax = "proto3";
 
+message RateLimitProof {
+  bytes proof = 1;
+  bytes merkle_root = 2;
+  bytes epoch = 3;
+  bytes share_x = 4;
+  bytes share_y = 5;
+  bytes nullifier = 6;
+}
+
 message WakuMessage {
   bytes payload = 1;
   string contentTopic = 2;
   uint32 version = 3;
   double timestamp = 4;
-+ bytes proof = 21;
++ RateLimitProof rate_limit_proof = 21;
 }
 
 ```
+## WakuMessage
+
+`rate_limit_proof` holds the information required to prove that the message owner has not exceeded the message rate limit.
+ 
+## RateLimitProof
+
+The `proof` field is an array of 256 bytes and carries the zkSNARK proof as explained in the [Publishing process](##Publishing).
+The proof asserts that:
+1. The message publisher is the current member of the group i.e., her/his identity commitment key is part of the membership group Merkle tree with the root `merkleRoot`.
+2. `share_x` and `share_y`  are correctly computed.
+3. The `nullifier` is constructed correctly.
+
+Other fields of the `RateLimitProof` message are the public inputs to the rln circuit and used for the generation of the `proof`.
+
+The `merkleRoot` is an array of 32 bytes which holds the root of membership group Merkle tree at the time of publishing the message.
+
+The `epoch` is an array of 32 bytes that represents the epoch in which the message is published.
+<!-- TODO epoch is going to change to a different type -->
+
+`share_x` and `share_y` are shares of the user's identity key.
+These shares are created using [Shamir secret sharing scheme](##Publishing). 
+`share_x` is an array of 32 bytes and contains the hash of the `WakuMessage`'s `payload` concatenated with its `contentTopic`. 
+<!-- TODO hash other fields if necessary-->
+`share_y` is also an array of 32 bytes which is calculated using [Shamir secret sharing scheme](##Publishing).
+
+The `nullifier` is an internal nullifier which allows specifying whether two messages are published by the same publisher during the same `epoch`.
+It is an array of 32 bytes.
+
 <!-- TODO to reflect this change on WakuMessage spec once the PR gets mature -->
 
+# References
+
+1. [RLN documentation](https://hackmd.io/tMTLMYmTR5eynw2lwK9n1w?view)
+2. [Public inputs to the rln circuit](https://hackmd.io/tMTLMYmTR5eynw2lwK9n1w?view#Public-Inputs)
+3. [Shamir secret sharing scheme used in RLN](https://hackmd.io/tMTLMYmTR5eynw2lwK9n1w?view#Linear-Equation-amp-SSS)
+4. [RLN internal nullifier](https://hackmd.io/tMTLMYmTR5eynw2lwK9n1w?view#Nullifiers)
+
 # Copyright
 
 Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).
+