refactor(rln): update APIs after circuit update (#84)

* refactor(rln): update APIs based on updated rln circuit design

* chore(rln): update rln vendor submodule

* fix(ci): update ci to not ignore rln resources changes

.github/workflows/ci.yml

@@ -9,6 +9,7 @@ on:
       - '!private-settlement/src/**'
       - '!rln-wasm/**'
       - '!rln/src/**'
+      - '!rln/resources/**'
       - '!semaphore/src/**'
       - '!utils/src/**'
   pull_request:
@@ -19,6 +20,7 @@ on:
       - '!private-settlement/src/**'
       - '!rln-wasm/**'
       - '!rln/src/**'
+      - '!rln/resources/**'
       - '!semaphore/src/**'
       - '!utils/src/**'
 

.gitmodules

@@ -1,7 +1,7 @@
 [submodule "rln/vendor/rln"]
 	path = rln/vendor/rln
 	ignore = dirty
-	url = https://github.com/Rate-Limiting-Nullifier/rln_circuits
+	url = https://github.com/Rate-Limiting-Nullifier/rln_circuits.git
 [submodule "semaphore/vendor/semaphore"]
 	path = semaphore/vendor/semaphore
 	ignore = dirty

rln/resources/tree_height_15/verification_key.json

@@ -0,0 +1,119 @@
+{
+ "protocol": "groth16",
+ "curve": "bn128",
+ "nPublic": 6,
+ "vk_alpha_1": [
+  "20124996762962216725442980738609010303800849578410091356605067053491763969391",
+  "9118593021526896828671519912099489027245924097793322973632351264852174143923",
+  "1"
+ ],
+ "vk_beta_2": [
+  [
+   "4693952934005375501364248788849686435240706020501681709396105298107971354382",
+   "14346958885444710485362620645446987998958218205939139994511461437152241966681"
+  ],
+  [
+   "16851772916911573982706166384196538392731905827088356034885868448550849804972",
+   "823612331030938060799959717749043047845343400798220427319188951998582076532"
+  ],
+  [
+   "1",
+   "0"
+  ]
+ ],
+ "vk_gamma_2": [
+  [
+   "10857046999023057135944570762232829481370756359578518086990519993285655852781",
+   "11559732032986387107991004021392285783925812861821192530917403151452391805634"
+  ],
+  [
+   "8495653923123431417604973247489272438418190587263600148770280649306958101930",
+   "4082367875863433681332203403145435568316851327593401208105741076214120093531"
+  ],
+  [
+   "1",
+   "0"
+  ]
+ ],
+ "vk_delta_2": [
+  [
+   "1361919643088555407518565462732544232965454074504004321739078395285189557133",
+   "20823246840633598579879223919854294301857184404415306521912631074982696570306"
+  ],
+  [
+   "7088590198103342249937795923142619828109070290720888704402714617857746884833",
+   "8191367139632195506244169264298620546181137131063303219908889318280111188437"
+  ],
+  [
+   "1",
+   "0"
+  ]
+ ],
+ "vk_alphabeta_12": [
+  [
+   [
+    "12608968655665301215455851857466367636344427685631271961542642719683786103711",
+    "9849575605876329747382930567422916152871921500826003490242628251047652318086"
+   ],
+   [
+    "6322029441245076030714726551623552073612922718416871603535535085523083939021",
+    "8700115492541474338049149013125102281865518624059015445617546140629435818912"
+   ],
+   [
+    "10674973475340072635573101639867487770811074181475255667220644196793546640210",
+    "2926286967251299230490668407790788696102889214647256022788211245826267484824"
+   ]
+  ],
+  [
+   [
+    "9660441540778523475944706619139394922744328902833875392144658911530830074820",
+    "19548113127774514328631808547691096362144426239827206966690021428110281506546"
+   ],
+   [
+    "1870837942477655969123169532603615788122896469891695773961478956740992497097",
+    "12536105729661705698805725105036536744930776470051238187456307227425796690780"
+   ],
+   [
+    "21811903352654147452884857281720047789720483752548991551595462057142824037334",
+    "19021616763967199151052893283384285352200445499680068407023236283004353578353"
+   ]
+  ]
+ ],
+ "IC": [
+  [
+   "17643142412395322664866141827318671249236739056291610144830020671604112279111",
+   "13273439661778801509295280274403992505521239023074387826870538372514206268318",
+   "1"
+  ],
+  [
+   "12325966053136615826793633393742326952102053533176311103856731330114882211366",
+   "6439956820140153832120005353467272867287237423425778281905068783317736451260",
+   "1"
+  ],
+  [
+   "20405310272367450124741832665322768131899487413829191383721623069139009993137",
+   "21336772016824870564600007750206596010566056069977718959140462128560786193566",
+   "1"
+  ],
+  [
+   "4007669092231576644992949839487535590075070172447826102934640178940614212519",
+   "7597503385395289202372182678960254605827199004598882158153019657732525465207",
+   "1"
+  ],
+  [
+   "4545695279389338758267531646940033299700127241196839077811942492841603458462",
+   "6635771967009274882904456432128877995932122611166121203658485990305433499873",
+   "1"
+  ],
+  [
+   "7876954805169515500747828488548350352651069599547377092970620945851311591012",
+   "7571431725691513008054581132582771105743462534789373657638701712901679323321",
+   "1"
+  ],
+  [
+   "5563973122249220346301217166900152021860462617567141574881706390202619333219",
+   "5147729144109676590873823097632042430451708874867871369293332620382492068692",
+   "1"
+  ]
+ ]
+}

rln/resources/tree_height_19/verification_key.json

@@ -3,18 +3,18 @@
  "curve": "bn128",
  "nPublic": 6,
  "vk_alpha_1": [
-  "1805378556360488226980822394597799963030511477964155500103132920745199284516",
-  "11990395240534218699464972016456017378439762088320057798320175886595281336136",
+  "20124996762962216725442980738609010303800849578410091356605067053491763969391",
+  "9118593021526896828671519912099489027245924097793322973632351264852174143923",
   "1"
  ],
  "vk_beta_2": [
   [
-   "11031529986141021025408838211017932346992429731488270384177563837022796743627",
-   "16042159910707312759082561183373181639420894978640710177581040523252926273854"
+   "4693952934005375501364248788849686435240706020501681709396105298107971354382",
+   "14346958885444710485362620645446987998958218205939139994511461437152241966681"
   ],
   [
-   "20112698439519222240302944148895052359035104222313380895334495118294612255131",
-   "19441583024670359810872018179190533814486480928824742448673677460151702019379"
+   "16851772916911573982706166384196538392731905827088356034885868448550849804972",
+   "823612331030938060799959717749043047845343400798220427319188951998582076532"
   ],
   [
    "1",
@@ -37,12 +37,12 @@
  ],
  "vk_delta_2": [
   [
-   "1342791402398183550129987853701397066695422166542200371137242980909975744720",
-   "19885954793721639146517398722913034453263197732511169431324269951156805454588"
+   "16125279975606773676640811113051624654121459921695914044301154938920321009721",
+   "14844345250267029614093295465313288254479124604567709177260777529651293576873"
   ],
   [
-   "16612518449808520746616592899100682320852224744311197908486719118388461103870",
-   "13039435290897389787786546960964558630619663289413586834851804020863949546009"
+   "20349277326920398483890518242229158117668855310237215044647746783223259766294",
+   "19338776107510040969200058390413661029003750817172740054990168933780935479540"
   ],
   [
    "1",
@@ -52,67 +52,67 @@
  "vk_alphabeta_12": [
   [
    [
-    "5151991366823434428398919091000210787450832786814248297320989361921939794156",
-    "15735191313289001022885148627913534790382722933676436876510746491415970766821"
+    "12608968655665301215455851857466367636344427685631271961542642719683786103711",
+    "9849575605876329747382930567422916152871921500826003490242628251047652318086"
    ],
    [
-    "3387907257437913904447588318761906430938415556102110876587455322225272831272",
-    "1998779853452712881084781956683721603875246565720647583735935725110674288056"
+    "6322029441245076030714726551623552073612922718416871603535535085523083939021",
+    "8700115492541474338049149013125102281865518624059015445617546140629435818912"
    ],
    [
-    "14280074182991498185075387990446437410077692353432005297922275464876153151820",
-    "17092408446352310039633488224969232803092763095456307462247653153107223117633"
+    "10674973475340072635573101639867487770811074181475255667220644196793546640210",
+    "2926286967251299230490668407790788696102889214647256022788211245826267484824"
    ]
   ],
   [
    [
-    "4359046709531668109201634396816565829237358165496082832279660960675584351266",
-    "4511888308846208349307186938266411423935335853916317436093178288331845821336"
+    "9660441540778523475944706619139394922744328902833875392144658911530830074820",
+    "19548113127774514328631808547691096362144426239827206966690021428110281506546"
    ],
    [
-    "11429499807090785857812316277335883295048773373068683863667725283965356423273",
-    "16232274853200678548795010078253506586114563833318973594428907292096178657392"
+    "1870837942477655969123169532603615788122896469891695773961478956740992497097",
+    "12536105729661705698805725105036536744930776470051238187456307227425796690780"
    ],
    [
-    "18068999605870933925311275504102553573815570223888590384919752303726860800970",
-    "17309569111965782732372130116757295842160193489132771344011460471298173784984"
+    "21811903352654147452884857281720047789720483752548991551595462057142824037334",
+    "19021616763967199151052893283384285352200445499680068407023236283004353578353"
    ]
   ]
  ],
  "IC": [
   [
-   "15907620619058468322652190166474219459106695372760190199814463422116003944385",
-   "15752765921940703867480319151728055971288798043197983667046402260506178676501",
+   "5645604624116784480262312750033349186912223090668673154853165165224747369512",
+   "5656337658385597582701340925622307146226708710361427687425735166776477641124",
    "1"
   ],
   [
-   "12004081423498474638814710157503496372594892372197913146719480190853290407272",
-   "17759993271504587923309435837545182941635937261719294500288793819648071033469",
+   "8216930132302312821663833393171053651364962198587857550991047765311607638330",
+   "19934865864074163318938688021560358348660709566570123384268356491416384822148",
    "1"
   ],
   [
-   "878120019311612655450010384994897394984265086410869146105626241891073100410",
-   "17631186298933191134732246976686754514124819009836710500647157641262968661294",
+   "11046959016591768534564223076484566731774575511709349452804727872479525392631",
+   "9401797690410912638766111919371607085248054251975419812613989999345815833269",
    "1"
   ],
   [
-   "14710016919630225372037989028011020715054625029990218653012745498368446893907",
-   "2581293501049347486538806758240731445964309309490885835380825245889909387041",
+   "13216594148914395028254776738842380005944817065680915990743659996725367876414",
+   "11541283802841111343960351782994043892623551381569479006737253908665900144087",
    "1"
   ],
   [
-   "766327921864693063481261933507417084013182964450768912480746815296334678928",
-   "18104222034822903557262264275808261481286672296559910954337205847153944954509",
+   "6957074593219251760608960101283708711892008557897337713430173510328411964571",
+   "21673833055087220750009279957462375662312260098732685145862504142183400549467",
    "1"
   ],
   [
-   "8877686447180479408315100041907552504213694351585462004774320248566787828012",
-   "15836202093850379814510995758762098170932781831518064786308541653541698178373",
+   "20795071270535109448604057031148356571036039566776607847840379441839742201050",
+   "21654952744643117202636583766828639581880877547772465264383291983528268115687",
    "1"
   ],
   [
-   "19567388833538990982537236781224917793757180861915757860561618079730704818311",
-   "3535132838196675082818592669173684593624477421910576112671761297886253127546",
+   "19143058772755719660075704757531991493801758701561469885274062297246796623789",
+   "3996020163280925980543600106196205910576345230982361007978823537163123181007",
    "1"
   ]
  ]

rln/resources/tree_height_20/verification_key.json

@@ -3,18 +3,18 @@
  "curve": "bn128",
  "nPublic": 6,
  "vk_alpha_1": [
-  "1805378556360488226980822394597799963030511477964155500103132920745199284516",
-  "11990395240534218699464972016456017378439762088320057798320175886595281336136",
+  "20124996762962216725442980738609010303800849578410091356605067053491763969391",
+  "9118593021526896828671519912099489027245924097793322973632351264852174143923",
   "1"
  ],
  "vk_beta_2": [
   [
-   "11031529986141021025408838211017932346992429731488270384177563837022796743627",
-   "16042159910707312759082561183373181639420894978640710177581040523252926273854"
+   "4693952934005375501364248788849686435240706020501681709396105298107971354382",
+   "14346958885444710485362620645446987998958218205939139994511461437152241966681"
   ],
   [
-   "20112698439519222240302944148895052359035104222313380895334495118294612255131",
-   "19441583024670359810872018179190533814486480928824742448673677460151702019379"
+   "16851772916911573982706166384196538392731905827088356034885868448550849804972",
+   "823612331030938060799959717749043047845343400798220427319188951998582076532"
   ],
   [
    "1",
@@ -37,12 +37,12 @@
  ],
  "vk_delta_2": [
   [
-   "1948496782571164085469528023647105317580208688174386157591917599801657832035",
-   "20445814069256658101339037520922621162739470138213615104905368409238414511981"
+   "8353516066399360694538747105302262515182301251524941126222712285088022964076",
+   "9329524012539638256356482961742014315122377605267454801030953882967973561832"
   ],
   [
-   "10024680869920840984813249386422727863826862577760330492647062850849851925340",
-   "10512156247842686783409460795717734694774542185222602679117887145206209285142"
+   "16805391589556134376869247619848130874761233086443465978238468412168162326401",
+   "10111259694977636294287802909665108497237922060047080343914303287629927847739"
   ],
   [
    "1",
@@ -52,67 +52,67 @@
  "vk_alphabeta_12": [
   [
    [
-    "5151991366823434428398919091000210787450832786814248297320989361921939794156",
-    "15735191313289001022885148627913534790382722933676436876510746491415970766821"
+    "12608968655665301215455851857466367636344427685631271961542642719683786103711",
+    "9849575605876329747382930567422916152871921500826003490242628251047652318086"
    ],
    [
-    "3387907257437913904447588318761906430938415556102110876587455322225272831272",
-    "1998779853452712881084781956683721603875246565720647583735935725110674288056"
+    "6322029441245076030714726551623552073612922718416871603535535085523083939021",
+    "8700115492541474338049149013125102281865518624059015445617546140629435818912"
    ],
    [
-    "14280074182991498185075387990446437410077692353432005297922275464876153151820",
-    "17092408446352310039633488224969232803092763095456307462247653153107223117633"
+    "10674973475340072635573101639867487770811074181475255667220644196793546640210",
+    "2926286967251299230490668407790788696102889214647256022788211245826267484824"
    ]
   ],
   [
    [
-    "4359046709531668109201634396816565829237358165496082832279660960675584351266",
-    "4511888308846208349307186938266411423935335853916317436093178288331845821336"
+    "9660441540778523475944706619139394922744328902833875392144658911530830074820",
+    "19548113127774514328631808547691096362144426239827206966690021428110281506546"
    ],
    [
-    "11429499807090785857812316277335883295048773373068683863667725283965356423273",
-    "16232274853200678548795010078253506586114563833318973594428907292096178657392"
+    "1870837942477655969123169532603615788122896469891695773961478956740992497097",
+    "12536105729661705698805725105036536744930776470051238187456307227425796690780"
    ],
    [
-    "18068999605870933925311275504102553573815570223888590384919752303726860800970",
-    "17309569111965782732372130116757295842160193489132771344011460471298173784984"
+    "21811903352654147452884857281720047789720483752548991551595462057142824037334",
+    "19021616763967199151052893283384285352200445499680068407023236283004353578353"
    ]
   ]
  ],
  "IC": [
   [
-   "18693301901828818437917730940595978397160482710354161265484535387752523310572",
-   "17985273354976640088538673802000794244421192643855111089693820179790551470769",
+   "11992897507809711711025355300535923222599547639134311050809253678876341466909",
+   "17181525095924075896332561978747020491074338784673526378866503154966799128110",
    "1"
   ],
   [
-   "21164641723988537620541455173278629777250883365474191521194244273980931825942",
-   "998385854410718613441067082771678946155853656328717326195057262123686425518",
+   "17018665030246167677911144513385572506766200776123272044534328594850561667818",
+   "18601114175490465275436712413925513066546725461375425769709566180981674884464",
    "1"
   ],
   [
-   "21666968581672145768705229094968410656430989593283335488162701230986314747515",
-   "17996457608540683483506630273632100555125353447506062045735279661096094677264",
+   "18799470100699658367834559797874857804183288553462108031963980039244731716542",
+   "13064227487174191981628537974951887429496059857753101852163607049188825592007",
    "1"
   ],
   [
-   "20137761979695192602424300886442379728165712610493092740175904438282083668117",
-   "19184814924890679891263780109959113289320127263583260218200636509492157834679",
+   "17432501889058124609368103715904104425610382063762621017593209214189134571156",
+   "13406815149699834788256141097399354592751313348962590382887503595131085938635",
    "1"
   ],
   [
-   "10943171273393803842589314082509655332154393332394322726077270895078286354146",
-   "10872472035685319847811233167729172672344935625121511932198535224727331126439",
+   "10320964835612716439094703312987075811498239445882526576970512041988148264481",
+   "9024164961646353611176283204118089412001502110138072989569118393359029324867",
    "1"
   ],
   [
-   "13049169779481227658517545034348883391527506091990880778783387628208561946597",
-   "10083689369261379027228809473568899816311684698866922944902456565434209079955",
+   "718355081067365548229685160476620267257521491773976402837645005858953849298",
+   "14635482993933988261008156660773180150752190597753512086153001683711587601974",
    "1"
   ],
   [
-   "19633516378466409167014413361365552102431118630694133723053441455184566611083",
-   "8059525100726933978719058611146131904598011633549012007359165766216730722269",
+   "11777720285956632126519898515392071627539405001940313098390150593689568177535",
+   "8483603647274280691250972408211651407952870456587066148445913156086740744515",
    "1"
   ]
  ]

rln/src/protocol.rs

@@ -251,12 +251,13 @@ pub fn random_rln_witness(tree_height: usize) -> RLNWitnessInput {
 
 pub fn proof_values_from_witness(rln_witness: &RLNWitnessInput) -> RLNProofValues {
     // y share
+    let external_nullifier = poseidon_hash(&[rln_witness.epoch, rln_witness.rln_identifier]);
     let a_0 = rln_witness.identity_secret;
-    let a_1 = poseidon_hash(&[a_0, rln_witness.epoch]);
+    let a_1 = poseidon_hash(&[a_0, external_nullifier]);
     let y = a_0 + rln_witness.x * a_1;
 
     // Nullifier
-    let nullifier = poseidon_hash(&[a_1, rln_witness.rln_identifier]);
+    let nullifier = poseidon_hash(&[a_1]);
 
     // Merkle tree root computations
     let root = compute_tree_root(
@@ -427,21 +428,25 @@ pub fn hash_to_field(signal: &[u8]) -> Fr {
     el
 }
 
-pub fn compute_id_secret(share1: (Fr, Fr), share2: (Fr, Fr), epoch: Fr) -> Result<Fr, String> {
-    // Assuming a0 is the identity secret and a1 = poseidonHash([a0, epoch]),
+pub fn compute_id_secret(
+    share1: (Fr, Fr),
+    share2: (Fr, Fr),
+    external_nullifier: Fr,
+) -> Result<Fr, String> {
+    // Assuming a0 is the identity secret and a1 = poseidonHash([a0, external_nullifier]),
     // a (x,y) share satisfies the following relation
     // y = a_0 + x * a_1
     let (x1, y1) = share1;
     let (x2, y2) = share2;
 
-    // If the two input shares were computed for the same epoch and identity secret, we can recover the latter
+    // If the two input shares were computed for the same external_nullifier and identity secret, we can recover the latter
     // y1 = a_0 + x1 * a_1
     // y2 = a_0 + x2 * a_1
     let a_1 = (y1 - y2) / (x1 - x2);
     let a_0 = y1 - x1 * a_1;
 
-    // If shares come from the same polynomial, a0 is correctly recovered and a1 = poseidonHash([a0, epoch])
-    let computed_a_1 = poseidon_hash(&[a_0, epoch]);
+    // If shares come from the same polynomial, a0 is correctly recovered and a1 = poseidonHash([a0, external_nullifier])
+    let computed_a_1 = poseidon_hash(&[a_0, external_nullifier]);
 
     if a_1 == computed_a_1 {
         // We successfully recovered the identity secret

rln/src/public.rs

@@ -1,4 +1,5 @@
 use crate::circuit::{vk_from_raw, zkey_from_raw, Curve, Fr};
+use crate::poseidon_hash::poseidon_hash;
 use crate::poseidon_tree::PoseidonTree;
 use crate::protocol::*;
 use crate::utils::*;
@@ -873,23 +874,27 @@ impl RLN<'_> {
         input_proof_data_1.read_to_end(&mut serialized)?;
         // We skip deserialization of the zk-proof at the beginning
         let (proof_values_1, _) = deserialize_proof_values(&serialized[128..].to_vec());
+        let external_nullifier_1 =
+            poseidon_hash(&[proof_values_1.epoch, proof_values_1.rln_identifier]);
 
         let mut serialized: Vec<u8> = Vec::new();
         input_proof_data_2.read_to_end(&mut serialized)?;
         // We skip deserialization of the zk-proof at the beginning
         let (proof_values_2, _) = deserialize_proof_values(&serialized[128..].to_vec());
+        let external_nullifier_2 =
+            poseidon_hash(&[proof_values_2.epoch, proof_values_2.rln_identifier]);
 
         // We continue only if the proof values are for the same epoch
         // The idea is that proof values that go as input to this function are verified first (with zk-proof verify), hence ensuring validity of epoch and other fields.
         // Only in case all fields are valid, an external_nullifier for the message will be stored (otherwise signal/proof will be simply discarded)
         // If the nullifier matches one already seen, we can recovery of identity secret.
-        if proof_values_1.epoch == proof_values_2.epoch {
+        if external_nullifier_1 == external_nullifier_2 {
             // We extract the two shares
             let share1 = (proof_values_1.x, proof_values_1.y);
             let share2 = (proof_values_2.x, proof_values_2.y);
 
             // We recover the secret
-            let recovered_id_secret = compute_id_secret(share1, share2, proof_values_1.epoch);
+            let recovered_id_secret = compute_id_secret(share1, share2, external_nullifier_1);
 
             // If an id secret is recovered, we write it to output_data, otherwise nothing will be written.
             if recovered_id_secret.is_ok() {

rln/vendor/rln

@@ -1 +1 @@
-Subproject commit 616ee9b0b085bdf14e7f39df884496b8e77ddc2f
+Subproject commit fc86ad156ac55b7f805b82ff98501e4eb567bcef