Flexible Input/Output circuits #843
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
RogerTaule suggested changes Aug 2, 2022
nightfall-deployer/circuits/common/generic_circuit/Verifiers/verify_commitments.zok Outdated Show resolved Hide resolved
nightfall-deployer/circuits/common/generic_circuit/Verifiers/verify_nullifiers.zok Outdated Show resolved Hide resolved
nightfall-deployer/circuits/common/generic_circuit/Verifiers/verify_nullifiers.zok Outdated Show resolved Hide resolved
RogerTaule previously requested changes Aug 3, 2022
| assert(pathValidity) | ||
| //Set the changeZkpPublicKeys if i = 0. Otherwise just set the same value | ||
| firstInputZkpPublicKeys = i == 0 ? zkpPublicKeys : firstInputZkpPublicKeys |
There was a problem hiding this comment.
Why the firstInputZkpPublicKeys inicialization was removed?
| @@ -11,7 +11,7 @@ def main(\ | |||
| PublicTransaction tx,\ | |||
| field[2] roots,\ | |||
| private Nullifiers<2> nullifiers,\ | |||
| private Commitments<2> commitments\ | |||
| private Commitments<1> commitments\ | |||
There was a problem hiding this comment.
If we set Commitments<1> in the withdraw.zok, withdraw_stub.zok needs to also be updated
8f29a5d to ca9558b Compare 2a1df12 to cc72de3 Compare Merged
druiz0992 approved these changes Aug 8, 2022
Sign up for free to join this conversation on . Already have an account? Sign in to comment
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
This PR closes #818 and closes #262 and removes the need for specific circuits based on the commitments and nullifiers. Instead we have 3 circuits (deposit, transfer, withdraw) that can support variable number of commitment/nullifiers. There are considerable changes to the way the circuits and commitment selection works in this PR.
Circuits
verifyfunctions (e.g.verify_nullifier,verify_commitmentandverify_structure).Note: There is no longer a specific
single_transfercircuit as the transfer circuit handles all scenarios (hence the constraint is as large as possible to also handle double_transfer). Similarly, withdraw must be able to accommodate the most complex scenario of 2 inputs with a single output, which increases the constraints significantly.Commitment Selection
We now have the flexibility to better select the type of transaction that will be performed based on the current user's UTXO (notes). Previously, commitment selection was based on:
Note: A double transfer would fail if the sum of inputs were equal to the required output (i.e. it had to be strictly greater than). Withdraw's needed to be of exact value.
With the new flexible circuits we perform the following checks
This is still subject to change, especially in the prioritising of (3) and (4). Note that a withdraw now attempts to do (1) to (3) instead of being restricted to an exactly matching input.
Testing
This can be tested by running
npm run test-circuitswhile nightfall is running