nwaku/tests/v2/test_waku_rln_relay.nim

895 lines
32 KiB
Nim
Raw Normal View History

{.used.}
import
std/options, sequtils,
testutils/unittests, chronos, chronicles, stint, web3,
stew/byteutils, stew/shims/net as stewNet,
libp2p/crypto/crypto,
../../waku/v2/protocol/waku_rln_relay/[rln, waku_rln_relay_utils, waku_rln_relay_types],
../../waku/v2/node/wakunode2,
../test_helpers,
./test_utils
const RLNRELAY_PUBSUB_TOPIC = "waku/2/rlnrelay/proto"
# POSEIDON_HASHER_CODE holds the bytecode of Poseidon hasher solidity smart contract:
# https://github.com/kilic/rlnapp/blob/master/packages/contracts/contracts/crypto/PoseidonHasher.sol
# the solidity contract is compiled separately and the resultant bytecode is copied here
const POSEIDON_HASHER_CODE = readFile("tests/v2/poseidonHasher.txt")
# MEMBERSHIP_CONTRACT_CODE contains the bytecode of the membership solidity smart contract:
# https://github.com/kilic/rlnapp/blob/master/packages/contracts/contracts/RLN.sol
# the solidity contract is compiled separately and the resultant bytecode is copied here
const MEMBERSHIP_CONTRACT_CODE = readFile("tests/v2/membershipContract.txt")
# the membership contract code in solidity
# uint256 public immutable MEMBERSHIP_DEPOSIT;
# uint256 public immutable DEPTH;
# uint256 public immutable SET_SIZE;
# uint256 public pubkeyIndex = 0;
# mapping(uint256 => uint256) public members;
# IPoseidonHasher public poseidonHasher;
# event MemberRegistered(uint256 indexed pubkey, uint256 indexed index);
# event MemberWithdrawn(uint256 indexed pubkey, uint256 indexed index);
# constructor(
# uint256 membershipDeposit,
# uint256 depth,
# address _poseidonHasher
# ) public {
# MEMBERSHIP_DEPOSIT = membershipDeposit;
# DEPTH = depth;
# SET_SIZE = 1 << depth;
# poseidonHasher = IPoseidonHasher(_poseidonHasher);
# }
# function register(uint256 pubkey) external payable {
# require(pubkeyIndex < SET_SIZE, "RLN, register: set is full");
# require(msg.value == MEMBERSHIP_DEPOSIT, "RLN, register: membership deposit is not satisfied");
# _register(pubkey);
# }
# function registerBatch(uint256[] calldata pubkeys) external payable {
# require(pubkeyIndex + pubkeys.length <= SET_SIZE, "RLN, registerBatch: set is full");
# require(msg.value == MEMBERSHIP_DEPOSIT * pubkeys.length, "RLN, registerBatch: membership deposit is not satisfied");
# for (uint256 i = 0; i < pubkeys.length; i++) {
# _register(pubkeys[i]);
# }
# }
# function withdrawBatch(
# uint256[] calldata secrets,
# uint256[] calldata pubkeyIndexes,
# address payable[] calldata receivers
# ) external {
# uint256 batchSize = secrets.length;
# require(batchSize != 0, "RLN, withdrawBatch: batch size zero");
# require(batchSize == pubkeyIndexes.length, "RLN, withdrawBatch: batch size mismatch pubkey indexes");
# require(batchSize == receivers.length, "RLN, withdrawBatch: batch size mismatch receivers");
# for (uint256 i = 0; i < batchSize; i++) {
# _withdraw(secrets[i], pubkeyIndexes[i], receivers[i]);
# }
# }
# function withdraw(
# uint256 secret,
# uint256 _pubkeyIndex,
# address payable receiver
# ) external {
# _withdraw(secret, _pubkeyIndex, receiver);
# }
contract(MembershipContract):
proc register(pubkey: Uint256) # external payable
# proc registerBatch(pubkeys: seq[Uint256]) # external payable
# TODO will add withdraw function after integrating the keyGeneration function (required to compute public keys from secret keys)
# proc withdraw(secret: Uint256, pubkeyIndex: Uint256, receiver: Address)
# proc withdrawBatch( secrets: seq[Uint256], pubkeyIndex: seq[Uint256], receiver: seq[Address])
proc uploadContract(ethClientAddress: string): Future[Address] {.async.} =
let web3 = await newWeb3(ethClientAddress)
debug "web3 connected to", ethClientAddress
# fetch the list of registered accounts
let accounts = await web3.provider.eth_accounts()
web3.defaultAccount = accounts[1]
let add =web3.defaultAccount
debug "contract deployer account address ", add
var balance = await web3.provider.eth_getBalance(web3.defaultAccount , "latest")
debug "Initial account balance: ", balance
# deploy the poseidon hash first
let
hasherReceipt = await web3.deployContract(POSEIDON_HASHER_CODE)
hasherAddress = hasherReceipt.contractAddress.get
debug "hasher address: ", hasherAddress
# encode membership contract inputs to 32 bytes zero-padded
let
membershipFeeEncoded = encode(MembershipFee).data
depthEncoded = encode(MERKLE_TREE_DEPTH.u256).data
hasherAddressEncoded = encode(hasherAddress).data
# this is the contract constructor input
contractInput = membershipFeeEncoded & depthEncoded & hasherAddressEncoded
debug "encoded membership fee: ", membershipFeeEncoded
debug "encoded depth: ", depthEncoded
debug "encoded hasher address: ", hasherAddressEncoded
debug "encoded contract input:" , contractInput
# deploy membership contract with its constructor inputs
let receipt = await web3.deployContract(MEMBERSHIP_CONTRACT_CODE, contractInput = contractInput)
var contractAddress = receipt.contractAddress.get
debug "Address of the deployed membership contract: ", contractAddress
# balance = await web3.provider.eth_getBalance(web3.defaultAccount , "latest")
# debug "Account balance after the contract deployment: ", balance
await web3.close()
debug "disconnected from ", ethClientAddress
return contractAddress
procSuite "Waku rln relay":
asyncTest "contract membership":
let contractAddress = await uploadContract(EthClient)
# connect to the eth client
let web3 = await newWeb3(EthClient)
debug "web3 connected to", EthClient
# fetch the list of registered accounts
let accounts = await web3.provider.eth_accounts()
web3.defaultAccount = accounts[1]
let add = web3.defaultAccount
debug "contract deployer account address ", add
# prepare a contract sender to interact with it
var sender = web3.contractSender(MembershipContract, contractAddress) # creates a Sender object with a web3 field and contract address of type Address
# send takes three parameters, c: ContractCallBase, value = 0.u256, gas = 3000000'u64 gasPrice = 0
# should use send proc for the contract functions that update the state of the contract
let tx = await sender.register(20.u256).send(value = MembershipFee)
debug "The hash of registration tx: ", tx # value is the membership fee
# var members: array[2, uint256] = [20.u256, 21.u256]
# debug "This is the batch registration result ", await sender.registerBatch(members).send(value = (members.len * membershipFee)) # value is the membership fee
# balance = await web3.provider.eth_getBalance(web3.defaultAccount , "latest")
# debug "Balance after registration: ", balance
await web3.close()
debug "disconnected from", EthClient
asyncTest "registration procedure":
# deploy the contract
let contractAddress = await uploadContract(EthClient)
# prepare rln-relay peer inputs
let
web3 = await newWeb3(EthClient)
accounts = await web3.provider.eth_accounts()
# choose one of the existing accounts for the rln-relay peer
ethAccountAddress = accounts[9]
await web3.close()
# create an RLN instance
var rlnInstance = createRLNInstance()
check: rlnInstance.isOk == true
# generate the membership keys
let membershipKeyPair = membershipKeyGen(rlnInstance.value)
check: membershipKeyPair.isSome
# initialize the WakuRLNRelay
var rlnPeer = WakuRLNRelay(membershipKeyPair: membershipKeyPair.get(),
membershipIndex: uint(0),
ethClientAddress: EthClient,
ethAccountAddress: ethAccountAddress,
membershipContractAddress: contractAddress)
# register the rln-relay peer to the membership contract
let is_successful = await rlnPeer.register()
check:
is_successful
asyncTest "mounting waku rln-relay":
let
nodeKey = crypto.PrivateKey.random(Secp256k1, rng[])[]
node = WakuNode.new(nodeKey, ValidIpAddress.init("0.0.0.0"),
Port(60000))
await node.start()
# deploy the contract
let membershipContractAddress = await uploadContract(EthClient)
# prepare rln-relay inputs
let
web3 = await newWeb3(EthClient)
accounts = await web3.provider.eth_accounts()
# choose one of the existing account for the rln-relay peer
ethAccountAddress = accounts[9]
await web3.close()
# create current peer's pk
var rlnInstance = createRLNInstance()
check rlnInstance.isOk == true
var rln = rlnInstance.value
# generate a key pair
var keypair = rln.membershipKeyGen()
doAssert(keypair.isSome())
# current peer index in the Merkle tree
let index = uint(5)
# Create a group of 10 members
var group = newSeq[IDCommitment]()
for i in 0..10:
var member_is_added: bool = false
if (uint(i) == index):
# insert the current peer's pk
group.add(keypair.get().idCommitment)
member_is_added = rln.insertMember(keypair.get().idCommitment)
doAssert(member_is_added)
debug "member key", key=keypair.get().idCommitment.toHex
else:
var memberKeypair = rln.membershipKeyGen()
doAssert(memberKeypair.isSome())
group.add(memberKeypair.get().idCommitment)
member_is_added = rln.insertMember(memberKeypair.get().idCommitment)
doAssert(member_is_added)
debug "member key", key=memberKeypair.get().idCommitment.toHex
let expectedRoot = rln.getMerkleRoot().value().toHex
debug "expected root ", expectedRoot
# start rln-relay
node.mountRelay(@[RLNRELAY_PUBSUB_TOPIC])
await node.mountRlnRelay(ethClientAddrOpt = some(EthClient), ethAccAddrOpt = some(ethAccountAddress), memContractAddOpt = some(membershipContractAddress), groupOpt = some(group), memKeyPairOpt = some(keypair.get()), memIndexOpt = some(index), pubsubTopic = RLNRELAY_PUBSUB_TOPIC)
let calculatedRoot = node.wakuRlnRelay.rlnInstance.getMerkleRoot().value().toHex
debug "calculated root ", calculatedRoot
check expectedRoot == calculatedRoot
await node.stop()
asyncTest "mount waku-rln-relay in the off-chain mode":
let
nodeKey = crypto.PrivateKey.random(Secp256k1, rng[])[]
node = WakuNode.new(nodeKey, ValidIpAddress.init("0.0.0.0"),
Port(60000))
await node.start()
# preparing inputs to mount rln-relay
# create a group of 100 membership keys
let
(groupKeys, root) = createMembershipList(100)
check groupKeys.len == 100
let
# convert the keys to MembershipKeyPair structs
groupKeyPairs = groupKeys.toMembershipKeyPairs()
# extract the id commitments
groupIDCommitments = groupKeyPairs.mapIt(it.idCommitment)
debug "groupKeyPairs", groupKeyPairs
debug "groupIDCommitments", groupIDCommitments
# index indicates the position of a membership key pair in the static list of group keys i.e., groupKeyPairs
# the corresponding key pair will be used to mount rlnRelay on the current node
# index also represents the index of the leaf in the Merkle tree that contains node's commitment key
let index = MembershipIndex(5)
# -------- mount rln-relay in the off-chain mode
node.mountRelay(@[RLNRELAY_PUBSUB_TOPIC])
await node.mountRlnRelay(groupOpt = some(groupIDCommitments), memKeyPairOpt = some(groupKeyPairs[index]), memIndexOpt = some(index), onchainMode = false, pubsubTopic = RLNRELAY_PUBSUB_TOPIC)
# get the root of Merkle tree which is constructed inside the mountRlnRelay proc
let calculatedRoot = node.wakuRlnRelay.rlnInstance.getMerkleRoot().value().toHex
debug "calculated root by mountRlnRelay", calculatedRoot
# this part checks whether the Merkle tree is constructed correctly inside the mountRlnRelay proc
# this check is done by comparing the tree root resulted from mountRlnRelay i.e., calculatedRoot
# against the root which is the expected root
check calculatedRoot == root
await node.stop()
suite "Waku rln relay":
test "key_gen Nim Wrappers":
var
merkleDepth: csize_t = 32
# parameters.key contains the parameters related to the Poseidon hasher
# to generate this file, clone this repo https://github.com/kilic/rln
# and run the following command in the root directory of the cloned project
# cargo run --example export_test_keys
# the file is generated separately and copied here
parameters = readFile("waku/v2/protocol/waku_rln_relay/parameters.key")
pbytes = parameters.toBytes()
len : csize_t = uint(pbytes.len)
parametersBuffer = Buffer(`ptr`: addr(pbytes[0]), len: len)
check:
# check the parameters.key is not empty
pbytes.len != 0
var
rlnInstance: RLN[Bn256]
let res = new_circuit_from_params(merkleDepth, addr parametersBuffer, addr rlnInstance)
check:
# check whether the circuit parameters are generated successfully
res == true
# keysBufferPtr will hold the generated key pairs i.e., secret and public keys
var
keysBuffer : Buffer
keysBufferPtr = addr(keysBuffer)
done = key_gen(rlnInstance, keysBufferPtr)
check:
# check whether the keys are generated successfully
done == true
if done:
var generatedKeys = cast[ptr array[64, byte]](keysBufferPtr.`ptr`)[]
check:
# the public and secret keys together are 64 bytes
generatedKeys.len == 64
debug "generated keys: ", generatedKeys
test "membership Key Gen":
# create an RLN instance
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
var key = membershipKeyGen(rlnInstance.value)
var empty : array[32,byte]
check:
key.isSome
key.get().idKey.len == 32
key.get().idCommitment.len == 32
key.get().idKey != empty
key.get().idCommitment != empty
debug "the generated membership key pair: ", key
test "get_root Nim binding":
# create an RLN instance which also includes an empty Merkle tree
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
# read the Merkle Tree root
var
root1 {.noinit.} : Buffer = Buffer()
rootPtr1 = addr(root1)
get_root_successful1 = get_root(rlnInstance.value, rootPtr1)
doAssert(get_root_successful1)
doAssert(root1.len == 32)
# read the Merkle Tree root
var
root2 {.noinit.} : Buffer = Buffer()
rootPtr2 = addr(root2)
get_root_successful2 = get_root(rlnInstance.value, rootPtr2)
doAssert(get_root_successful2)
doAssert(root2.len == 32)
var rootValue1 = cast[ptr array[32,byte]] (root1.`ptr`)
let rootHex1 = rootValue1[].toHex
var rootValue2 = cast[ptr array[32,byte]] (root2.`ptr`)
let rootHex2 = rootValue2[].toHex
# the two roots must be identical
doAssert(rootHex1 == rootHex2)
test "getMerkleRoot utils":
# create an RLN instance which also includes an empty Merkle tree
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
# read the Merkle Tree root
var root1 = getMerkleRoot(rlnInstance.value())
doAssert(root1.isOk)
let rootHex1 = root1.value().toHex
# read the Merkle Tree root
var root2 = getMerkleRoot(rlnInstance.value())
doAssert(root2.isOk)
let rootHex2 = root2.value().toHex
# the two roots must be identical
doAssert(rootHex1 == rootHex2)
test "update_next_member Nim Wrapper":
# create an RLN instance which also includes an empty Merkle tree
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
# generate a key pair
var keypair = membershipKeyGen(rlnInstance.value)
doAssert(keypair.isSome())
var pkBuffer = Buffer(`ptr`: addr(keypair.get().idCommitment[0]), len: 32)
let pkBufferPtr = addr pkBuffer
# add the member to the tree
var member_is_added = update_next_member(rlnInstance.value, pkBufferPtr)
check:
member_is_added == true
test "delete_member Nim wrapper":
# create an RLN instance which also includes an empty Merkle tree
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
# delete the first member
var deleted_member_index = MembershipIndex(0)
let deletion_success = delete_member(rlnInstance.value, deleted_member_index)
doAssert(deletion_success)
test "insertMember rln utils":
# create an RLN instance which also includes an empty Merkle tree
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
var rln = rlnInstance.value
# generate a key pair
var keypair = rln.membershipKeyGen()
doAssert(keypair.isSome())
check:
rln.insertMember(keypair.get().idCommitment)
test "removeMember rln utils":
# create an RLN instance which also includes an empty Merkle tree
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
var rln = rlnInstance.value
check:
rln.removeMember(MembershipIndex(0))
test "Merkle tree consistency check between deletion and insertion":
# create an RLN instance
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
# read the Merkle Tree root
var
root1 {.noinit.} : Buffer = Buffer()
rootPtr1 = addr(root1)
get_root_successful1 = get_root(rlnInstance.value, rootPtr1)
doAssert(get_root_successful1)
doAssert(root1.len == 32)
# generate a key pair
var keypair = membershipKeyGen(rlnInstance.value)
doAssert(keypair.isSome())
var pkBuffer = Buffer(`ptr`: addr(keypair.get().idCommitment[0]), len: 32)
let pkBufferPtr = addr pkBuffer
# add the member to the tree
var member_is_added = update_next_member(rlnInstance.value, pkBufferPtr)
doAssert(member_is_added)
# read the Merkle Tree root after insertion
var
root2 {.noinit.} : Buffer = Buffer()
rootPtr2 = addr(root2)
get_root_successful2 = get_root(rlnInstance.value, rootPtr2)
doAssert(get_root_successful2)
doAssert(root2.len == 32)
# delete the first member
var deleted_member_index = MembershipIndex(0)
let deletion_success = delete_member(rlnInstance.value, deleted_member_index)
doAssert(deletion_success)
# read the Merkle Tree root after the deletion
var
root3 {.noinit.} : Buffer = Buffer()
rootPtr3 = addr(root3)
get_root_successful3 = get_root(rlnInstance.value, rootPtr3)
doAssert(get_root_successful3)
doAssert(root3.len == 32)
var rootValue1 = cast[ptr array[32,byte]] (root1.`ptr`)
let rootHex1 = rootValue1[].toHex
debug "The initial root", rootHex1
var rootValue2 = cast[ptr array[32,byte]] (root2.`ptr`)
let rootHex2 = rootValue2[].toHex
debug "The root after insertion", rootHex2
var rootValue3 = cast[ptr array[32,byte]] (root3.`ptr`)
let rootHex3 = rootValue3[].toHex
debug "The root after deletion", rootHex3
# the root must change after the insertion
doAssert(not(rootHex1 == rootHex2))
## The initial root of the tree (empty tree) must be identical to
## the root of the tree after one insertion followed by a deletion
doAssert(rootHex1 == rootHex3)
test "Merkle tree consistency check between deletion and insertion using rln utils":
# create an RLN instance
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
var rln = rlnInstance.value()
# read the Merkle Tree root
var root1 = rln.getMerkleRoot()
doAssert(root1.isOk)
let rootHex1 = root1.value().toHex()
# generate a key pair
var keypair = rln.membershipKeyGen()
doAssert(keypair.isSome())
let member_inserted = rln.insertMember(keypair.get().idCommitment)
check member_inserted
# read the Merkle Tree root after insertion
var root2 = rln.getMerkleRoot()
doAssert(root2.isOk)
let rootHex2 = root2.value().toHex()
# delete the first member
var deleted_member_index = MembershipIndex(0)
let deletion_success = rln.removeMember(deleted_member_index)
doAssert(deletion_success)
# read the Merkle Tree root after the deletion
var root3 = rln.getMerkleRoot()
doAssert(root3.isOk)
let rootHex3 = root3.value().toHex()
debug "The initial root", rootHex1
debug "The root after insertion", rootHex2
debug "The root after deletion", rootHex3
# the root must change after the insertion
doAssert(not(rootHex1 == rootHex2))
## The initial root of the tree (empty tree) must be identical to
## the root of the tree after one insertion followed by a deletion
doAssert(rootHex1 == rootHex3)
test "hash Nim Wrappers":
# create an RLN instance
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
# prepare the input
var
hashInput : array[32, byte]
for x in hashInput.mitems: x= 1
var
hashInputHex = hashInput.toHex()
hashInputBuffer = Buffer(`ptr`: addr hashInput[0], len: 32 )
debug "sample_hash_input_bytes", hashInputHex
# prepare other inputs to the hash function
var
outputBuffer: Buffer
numOfInputs = 1.uint # the number of hash inputs that can be 1 or 2
let hashSuccess = hash(rlnInstance.value, addr hashInputBuffer, numOfInputs, addr outputBuffer)
doAssert(hashSuccess)
let outputArr = cast[ptr array[32,byte]](outputBuffer.`ptr`)[]
doAssert("53a6338cdbf02f0563cec1898e354d0d272c8f98b606c538945c6f41ef101828" == outputArr.toHex())
var
hashOutput = cast[ptr array[32,byte]] (outputBuffer.`ptr`)[]
hashOutputHex = hashOutput.toHex()
debug "hash output", hashOutputHex
test "hash utils":
# create an RLN instance
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
let rln = rlnInstance.value
# prepare the input
# TODO should add support for arbitrary messages, the following input is artificial
var hashInput : array[32, byte]
for x in hashInput.mitems: x = 1
debug "sample_hash_input_bytes", hashInputHex=hashInput.toHex()
let hash = rln.hash(hashInput)
doAssert("53a6338cdbf02f0563cec1898e354d0d272c8f98b606c538945c6f41ef101828" == hash.toHex())
test "generate_proof and verify Nim Wrappers":
# create an RLN instance
# check if the rln instance is created successfully
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
# create the membership key
var auth = membershipKeyGen(rlnInstance.value)
var skBuffer = Buffer(`ptr`: addr(auth.get().idKey[0]), len: 32)
# peer's index in the Merkle Tree
var index = 5
# prepare the authentication object with peer's index and sk
var authObj: Auth = Auth(secret_buffer: addr skBuffer, index: MembershipIndex(index))
# Create a Merkle tree with random members
for i in 0..10:
var member_is_added: bool = false
if (i == index):
# insert the current peer's pk
var pkBuffer = Buffer(`ptr`: addr(auth.get().idCommitment[0]), len: 32)
member_is_added = update_next_member(rlnInstance.value, addr pkBuffer)
else:
var memberKeys = membershipKeyGen(rlnInstance.value)
var pkBuffer = Buffer(`ptr`: addr(memberKeys.get().idCommitment[0]), len: 32)
member_is_added = update_next_member(rlnInstance.value, addr pkBuffer)
# check the member is added
doAssert(member_is_added)
# prepare the message
var messageBytes {.noinit.}: array[32, byte]
for x in messageBytes.mitems: x = 1
var messageHex = messageBytes.toHex()
debug "message", messageHex
# prepare the epoch
var epochBytes : array[32,byte]
for x in epochBytes.mitems : x = 0
var epochHex = epochBytes.toHex()
debug "epoch", epochHex
# serialize message and epoch
# TODO add a proc for serializing
var epochMessage = @epochBytes & @messageBytes
doAssert(epochMessage.len == 64)
var inputBytes{.noinit.}: array[64, byte] # holds epoch||Message
for (i, x) in inputBytes.mpairs: x = epochMessage[i]
var inputHex = inputBytes.toHex()
debug "serialized epoch and message ", inputHex
# put the serialized epoch||message into a buffer
var inputBuffer = Buffer(`ptr`: addr(inputBytes[0]), len: 64)
# generate the proof
var proof: Buffer
let proofIsSuccessful = generate_proof(rlnInstance.value, addr inputBuffer, addr authObj, addr proof)
# check whether the generate_proof call is done successfully
doAssert(proofIsSuccessful)
var proofValue = cast[ptr array[416,byte]] (proof.`ptr`)
let proofHex = proofValue[].toHex
debug "proof content", proofHex
# display the proof breakdown
var
zkSNARK = proofHex[0..511]
proofRoot = proofHex[512..575]
proofEpoch = proofHex[576..639]
shareX = proofHex[640..703]
shareY = proofHex[704..767]
nullifier = proofHex[768..831]
doAssert(zkSNARK.len == 512)
doAssert(proofRoot.len == 64)
doAssert(proofEpoch.len == 64)
doAssert(epochHex == proofEpoch)
doAssert(shareX.len == 64)
doAssert(shareY.len == 64)
doAssert(nullifier.len == 64)
debug "zkSNARK ", zkSNARK
debug "root ", proofRoot
debug "epoch ", proofEpoch
debug "shareX", shareX
debug "shareY", shareY
debug "nullifier", nullifier
var f = 0.uint32
let verifyIsSuccessful = verify(rlnInstance.value, addr proof, addr f)
doAssert(verifyIsSuccessful)
# f = 0 means the proof is verified
doAssert(f == 0)
# create and test a bad proof
# prepare a bad authentication object with a wrong peer's index
var badIndex = 8
var badAuthObj: Auth = Auth(secret_buffer: addr skBuffer, index: MembershipIndex(badIndex))
var badProof: Buffer
let badProofIsSuccessful = generate_proof(rlnInstance.value, addr inputBuffer, addr badAuthObj, addr badProof)
# check whether the generate_proof call is done successfully
doAssert(badProofIsSuccessful)
var badF = 0.uint32
let badVerifyIsSuccessful = verify(rlnInstance.value, addr badProof, addr badF)
doAssert(badVerifyIsSuccessful)
# badF=1 means the proof is not verified
# verification of the bad proof should fail
doAssert(badF == 1)
test "create a list of membership keys and construct a Merkle tree based on the list":
let
groupSize = 100
(list, root) = createMembershipList(groupSize)
debug "created membership key list", list
debug "the Merkle tree root", root
check:
list.len == groupSize # check the number of keys
root.len == HASH_HEX_SIZE # check the size of the calculated tree root
test "check correctness of toMembershipKeyPairs and calcMerkleRoot":
let groupKeys = STATIC_GROUP_KEYS
# create a set of MembershipKeyPair objects from groupKeys
let groupKeyPairs = groupKeys.toMembershipKeyPairs()
# extract the id commitments
let groupIDCommitments = groupKeyPairs.mapIt(it.idCommitment)
# calculate the Merkle tree root out of the extracted id commitments
let root = calcMerkleRoot(groupIDCommitments)
debug "groupKeyPairs", groupKeyPairs
debug "groupIDCommitments", groupIDCommitments
debug "root", root
check:
# check that the correct number of key pairs is created
groupKeyPairs.len == StaticGroupSize
# compare the calculated root against the correct root
root == STATIC_GROUP_MERKLE_ROOT
test "RateLimitProof Protobuf encode/init test":
var
proof: ZKSNARK
merkleRoot: MerkleNode
epoch: Epoch
shareX: MerkleNode
shareY: MerkleNode
nullifier: Nullifier
# populate fields with dummy values
for x in proof.mitems : x = 1
for x in merkleRoot.mitems : x = 2
for x in epoch.mitems : x = 3
for x in shareX.mitems : x = 4
for x in shareY.mitems : x = 5
for x in nullifier.mitems : x = 6
let
nsp = RateLimitProof(proof: proof,
merkleRoot: merkleRoot,
epoch: epoch,
shareX: shareX,
shareY: shareY,
nullifier: nullifier)
protobuf = nsp.encode()
decodednsp = RateLimitProof.init(protobuf.buffer)
check:
decodednsp.isErr == false
decodednsp.value == nsp
test "test proofVerify and proofGen for a valid proof":
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
var rln = rlnInstance.value
let
# create a membership key pair
memKeys = membershipKeyGen(rln).get()
# peer's index in the Merkle Tree
index = 5
# Create a Merkle tree with random members
for i in 0..10:
var member_is_added: bool = false
if (i == index):
# insert the current peer's pk
member_is_added = rln.insertMember(memKeys.idCommitment)
else:
# create a new key pair
let memberKeys = rln.membershipKeyGen()
member_is_added = rln.insertMember(memberKeys.get().idCommitment)
# check the member is added
doAssert(member_is_added)
# prepare the message
# TODO this message format is artificial (to bypass the Poseidon hasher issue)
# TODO in practice we should be able to pick messages of arbitrary size and format
var messageBytes {.noinit.}: array[32, byte]
for x in messageBytes.mitems: x = 1
debug "message", messageHex=messageBytes.toHex()
# prepare the epoch
var epoch : Epoch
for x in epoch.mitems : x = 0
debug "epoch", epochHex=epoch.toHex()
# hash the message
let msgHash = rln.hash(messageBytes)
debug "message hash", mh=byteutils.toHex(msgHash)
# generate proof
let proofRes = rln.proofGen(data = msgHash,
memKeys = memKeys,
memIndex = MembershipIndex(index),
epoch = epoch)
doAssert(proofRes.isOk())
let proof = proofRes.value
# verify the proof
let verified = rln.proofVerify(data = messageBytes,
proof = proof)
check verified == true
test "test proofVerify and proofGen for an invalid proof":
var rlnInstance = createRLNInstance()
check:
rlnInstance.isOk == true
var rln = rlnInstance.value
let
# create a membership key pair
memKeys = membershipKeyGen(rln).get()
# peer's index in the Merkle Tree
index = 5
# Create a Merkle tree with random members
for i in 0..10:
var member_is_added: bool = false
if (i == index):
# insert the current peer's pk
member_is_added = rln.insertMember(memKeys.idCommitment)
else:
# create a new key pair
let memberKeys = rln.membershipKeyGen()
member_is_added = rln.insertMember(memberKeys.get().idCommitment)
# check the member is added
doAssert(member_is_added)
# prepare the message
# TODO this message format is artificial (to bypass the Poseidon hasher issue)
# TODO in practice we should be able to pick messages of arbitrary size and format
var messageBytes {.noinit.}: array[32, byte]
for x in messageBytes.mitems: x = 1
debug "message", messageHex=messageBytes.toHex()
# prepare the epoch
var epoch : Epoch
for x in epoch.mitems : x = 0
debug "epoch in bytes", epochHex=epoch.toHex()
# hash the message
let msgHash = rln.hash(messageBytes)
debug "message hash", mh=byteutils.toHex(msgHash)
let badIndex = 4
# generate proof
let proofRes = rln.proofGen(data = msgHash,
memKeys = memKeys,
memIndex = MembershipIndex(badIndex),
epoch = epoch)
doAssert(proofRes.isOk())
let proof = proofRes.value
# verify the proof (should not be verified)
let verified = rln.proofVerify(data = messageBytes,
proof = proof)
check verified == false