iden3 · OBrezhniev · Sep 27, 2023 · Sep 28, 2023 · Sep 29, 2023 · Sep 29, 2023
diff --git a/circuits/auth/authV2.circom b/circuits/auth/authV2.circom
@@ -48,10 +48,21 @@ template AuthV2(IdOwnershipLevels, onChainLevels) {
     // unless nonce == 0, in which case userID will be assigned with userGenesisID
     signal output userID;
 
+    /////////////////////////////////////////////////////////////////
+    // FIXME: `===` without multiplications gives 0 constraints!!!
+    // because compiler removes all linear constraints during optimization pass
+    // ForceEqualIfEnabled(1, [x, y]) gives 0 too, so we need to do a workaround:
+    // calculate signal with value 1 and pass it to ForceEqualIfEnabled as an enabled signal
+    /////////////////////////////////////////////////////////////////
+    signal tmp <== IsZero()(genesisID);
+    signal tmp2 <== NOT()(tmp);
+    signal zero <== IsEqual()([tmp, tmp2]);
+    signal one <== IsZero()(zero);
+    zero * one === 0;
+
     checkAuthV2(IdOwnershipLevels, onChainLevels)(
-        1,
+        one,
         genesisID,
-        profileNonce,
         state,
         claimsTreeRoot,
         revTreeRoot,
@@ -81,9 +92,6 @@ template checkAuthV2(IdOwnershipLevels, onChainLevels) {
     signal input enabled;
 
     signal input genesisID;
-    // random number, which should be stored by user
-    // if there is a need to generate the same userID (ProfileID) output for different proofs
-    signal input profileNonce;
 
     // user state
     signal input state;

diff --git a/circuits/credentialAtomicQueryV3.circom b/circuits/credentialAtomicQueryV3.circom
@@ -3,11 +3,10 @@ pragma circom 2.1.1;
 include "offchain/credentialAtomicQueryV3OffChain.circom";
 
 /*
- public signals:
+ public output signals:
  userID - user profile id
  merklized - `1` if claim is merklized
- issuerAuthState // for sig
- issuerClaimIdenState // for mtp
+ issuerState - equals to issuerAuthState for sig, and to issuerClaimIdenState for mtp
 */
 component main{public [requestID,
                        issuerID,
@@ -20,7 +19,6 @@ component main{public [requestID,
                        value,
                        timestamp, 
                        isRevocationChecked,
-                       issuerClaimIdenState, // MTP specific
                        proofType,
                        verifierID
                        ]} = credentialAtomicQueryV3OffChain(40, 32, 64);
diff --git a/circuits/credentialAtomicQueryV3OnChain.circom b/circuits/credentialAtomicQueryV3OnChain.circom
@@ -2,9 +2,14 @@ pragma circom 2.1.1;
 
 include "./onchain/credentialAtomicQueryV3OnChain.circom";
 
+/*
+ public output signals:
+ userID - user profile id
+ merklized - `1` if claim is merklized
+ issuerState - equals to issuerAuthState for sig, and to issuerClaimIdenState for mtp
+*/
 component main{public [requestID,
                        issuerID,
-                       issuerClaimIdenState,
                        issuerClaimNonRevState,
                        timestamp,
                        isRevocationChecked,

diff --git a/circuits/lib/idOwnership.circom b/circuits/lib/idOwnership.circom
@@ -49,5 +49,5 @@ template IdOwnership(nLevels) {
         challengeSignatureS
     );
 
-    checkIdenStateMatchesRoots()(1, userClaimsTreeRoot, userRevTreeRoot, userRootsTreeRoot, userState);
+    checkIdenStateMatchesRoots()(enabled, userClaimsTreeRoot, userRevTreeRoot, userRootsTreeRoot, userState);
 }
diff --git a/circuits/lib/linked/linkId.circom b/circuits/lib/linked/linkId.circom
@@ -1,20 +1,17 @@
 pragma circom 2.1.5;
 
 include "../../../node_modules/circomlib/circuits/poseidon.circom";
-include "../utils/claimUtils.circom";
+include "../../../node_modules/circomlib/circuits/comparators.circom";
 
 template LinkID() {
-    signal input claim[8];
+    signal input claimHash;
     signal input linkNonce;
 
     signal output out;
 
     signal isNonceZero <== IsZero()(linkNonce);
 
-    component claimHash = getClaimHash();
-    claimHash.claim <== claim;
-
-    signal linkID <== Poseidon(2)([claimHash.hash, linkNonce]);
+    signal linkID <== Poseidon(2)([claimHash, linkNonce]);
 
     out <== Mux1()(
         [linkID, 0],

diff --git a/circuits/lib/query/comparators.circom b/circuits/lib/query/comparators.circom
@@ -21,7 +21,7 @@ template IN (valueArraySize){
         }
 
         // Greater than
-        component gt = GreaterThan(252);
+        component gt = GreaterThan(16);
         gt.in[0] <== count[valueArraySize];
         gt.in[1] <== 0;
 
@@ -47,15 +47,12 @@ template LessThan254() {
         h1.in[i-252] <== n1b.out[i];
     }
 
-    component hiBitLt = LessThan(4);
+    component hiBitLt = LessThan(2);
     hiBitLt.in[0] <== h0.out;
     hiBitLt.in[1] <== h1.out;
     component hiBitEq = IsEqual();
     hiBitEq.in[0] <== h0.out;
     hiBitEq.in[1] <== h1.out;
-    component hiBitGt = GreaterThan(4);
-    hiBitGt.in[0] <== h0.out;
-    hiBitGt.in[1] <== h1.out;
 
     // number for lower 252 bits
     component n0  = Bits2Num(252);
@@ -69,7 +66,7 @@ template LessThan254() {
     lt.in[0] <== n0.out;
     lt.in[1] <== n1.out;
 
-    out <== (hiBitEq.out * lt.out) + (hiBitLt.out * 1) + (hiBitGt.out * 0);
+    out <== (hiBitEq.out * lt.out) + (hiBitLt.out * 1);
 }
 
 template GreaterThan254() {

diff --git a/circuits/lib/stateTransition.circom b/circuits/lib/stateTransition.circom
@@ -36,6 +36,10 @@ template StateTransition(IdOwnershipLevels) {
     signal input newRevTreeRoot;
     signal input newRootsTreeRoot;
 
+    signal zero <== IsZero()(userID); // comparing to zero something that can't be zero to get zero as an output
+    signal one <== 1 - zero;
+    zero * one === 0;
+
     signal cutId <== cutId()(userID);
 
     signal cutState <== cutState()(oldUserState);
@@ -48,17 +52,17 @@ template StateTransition(IdOwnershipLevels) {
 
     // check newUserState is not zero
     signal stateIsNotZero <== IsZero()(newUserState);
-    stateIsNotZero === 0;
+    ForceEqualIfEnabled()(one, [stateIsNotZero, 0]);
 
     // old & new state checks
     signal oldNewNotEqual <== IsEqual()([oldUserState, newUserState]);
-    oldNewNotEqual === 0;
+    ForceEqualIfEnabled()(one, [oldNewNotEqual, 0]);
 
     // check userID ownership by correct signature of a hash of old state and new state
     signal challenge <== Poseidon(2)([oldUserState, newUserState]);
 
     IdOwnership(IdOwnershipLevels)(
-        1,
+        one,
         oldUserState,
         claimsTreeRoot,
         authClaimMtp,
@@ -75,8 +79,11 @@ template StateTransition(IdOwnershipLevels) {
         signatureS
     );
 
+    signal authClaimHi, authClaimHv;
+	(authClaimHi, authClaimHv) <== getClaimHiHv()(authClaim);
+
     // check auth claim exists in newClaimsTreeRoot and newUserState
-    checkClaimExists(IdOwnershipLevels)(1, authClaim, newAuthClaimMtp, newClaimsTreeRoot);
+    checkClaimExists(IdOwnershipLevels)(one, authClaimHi, authClaimHv, newAuthClaimMtp, newClaimsTreeRoot);
 
-    checkIdenStateMatchesRoots()(1, newClaimsTreeRoot, newRevTreeRoot, newRootsTreeRoot, newUserState);
+    checkIdenStateMatchesRoots()(one, newClaimsTreeRoot, newRevTreeRoot, newRootsTreeRoot, newUserState);
 }