Move old circuits to archive

archive_circuits_V2/README.md

@@ -0,0 +1,9 @@
+## Temporary archive of Circuits V2
+
+Original circuits which are in production are in `circuits` directory.
+
+Refactored ones are in `circuits_after_refactoring`.
+
+Tests use `circuits` directory, so to run tests on refactored ones you need 
+to rename `circuits` to something else, and then `circuits_after_refactoring` 
+to `circuits`.

archive_circuits_V2/circuits/auth.circom

@@ -0,0 +1,5 @@
+pragma circom 2.0.0;
+
+include "auth/auth.circom";
+
+component main {public [userID,challenge,userState]} = Auth(32);

archive_circuits_V2/circuits/auth/auth.circom

@@ -0,0 +1,49 @@
+pragma circom 2.0.0;
+
+include "../lib/idOwnership.circom";
+
+template Auth(IdOwnershipLevels) {
+
+    signal input userClaimsTreeRoot;
+    signal input userAuthClaimMtp[IdOwnershipLevels];
+    signal input userAuthClaim[8];
+
+    signal input userRevTreeRoot;
+    signal input userAuthClaimNonRevMtp[IdOwnershipLevels];
+    signal input userAuthClaimNonRevMtpNoAux;
+    signal input userAuthClaimNonRevMtpAuxHv;
+    signal input userAuthClaimNonRevMtpAuxHi;
+
+    signal input userRootsTreeRoot;
+
+    signal input challenge;
+    signal input challengeSignatureR8x;
+    signal input challengeSignatureR8y;
+    signal input challengeSignatureS;
+
+    signal input userState;
+    // we have no constraints for "userID" in this circuit, however we introduce "userID" input here
+    // as it serves as public input which should be the same for prover and verifier
+    signal input userID;
+
+    component checkIdOwnership = IdOwnership(IdOwnershipLevels);
+
+    checkIdOwnership.userClaimsTreeRoot <== userClaimsTreeRoot;
+    for (var i=0; i<IdOwnershipLevels; i++) { checkIdOwnership.userAuthClaimMtp[i] <== userAuthClaimMtp[i]; }
+    for (var i=0; i<8; i++) { checkIdOwnership.userAuthClaim[i] <== userAuthClaim[i]; }
+
+    checkIdOwnership.userRevTreeRoot <== userRevTreeRoot;
+    for (var i=0; i<IdOwnershipLevels; i++) { checkIdOwnership.userAuthClaimNonRevMtp[i] <== userAuthClaimNonRevMtp[i]; }
+    checkIdOwnership.userAuthClaimNonRevMtpNoAux <== userAuthClaimNonRevMtpNoAux;
+    checkIdOwnership.userAuthClaimNonRevMtpAuxHv <== userAuthClaimNonRevMtpAuxHv;
+    checkIdOwnership.userAuthClaimNonRevMtpAuxHi <== userAuthClaimNonRevMtpAuxHi;
+
+    checkIdOwnership.userRootsTreeRoot <== userRootsTreeRoot;
+
+    checkIdOwnership.challenge <== challenge;
+    checkIdOwnership.challengeSignatureR8x <== challengeSignatureR8x;
+    checkIdOwnership.challengeSignatureR8y <== challengeSignatureR8y;
+    checkIdOwnership.challengeSignatureS <== challengeSignatureS;
+
+    checkIdOwnership.userState <== userState;
+}

archive_circuits_V2/circuits/auth/authV2.circom

@@ -0,0 +1,107 @@
+pragma circom 2.0.0;
+
+include "../lib/idOwnership.circom";
+include "../lib/utils/idUtils.circom";
+include "../../../node_modules/circomlib/circuits/mux1.circom";
+include "../../../node_modules/circomlib/circuits/comparators.circom";
+include "../../../node_modules/circomlib/circuits/eddsaposeidon.circom";
+
+template AuthV2(IdOwnershipLevels, onChainLevels) {
+
+    signal input genesisID;
+    // random number, which should be stored by user
+    // if there is a need to generate the same userID (ProfileID) output for different proofs
+    signal input profileNonce;
+
+    // user state
+    signal input state;
+    signal input claimsTreeRoot;
+    signal input revTreeRoot;
+    signal input rootsTreeRoot;
+
+    // Auth claim
+    signal input authClaim[8];
+
+    // auth claim. merkle tree proof of inclusion to claim tree
+    signal input authClaimIncMtp[IdOwnershipLevels];
+
+    // auth claim - rev nonce. merkle tree proof of non-inclusion to rev tree
+    signal input authClaimNonRevMtp[IdOwnershipLevels];
+    signal input authClaimNonRevMtpNoAux;
+    signal input authClaimNonRevMtpAuxHi;
+    signal input authClaimNonRevMtpAuxHv;
+
+    // challenge signature
+    signal input challenge;
+    signal input challengeSignatureR8x;
+    signal input challengeSignatureR8y;
+    signal input challengeSignatureS;
+
+    // global identity state tree on chain
+    signal input gistRoot;
+    // proof of inclusion or exclusion of the user in the global state
+    signal input gistMtp[onChainLevels];
+    signal input gistMtpAuxHi;
+    signal input gistMtpAuxHv;
+    signal input gistMtpNoAux;
+
+    // userID output signal will be assigned with user profile hash(UserID, nonce),
+    // unless nonce == 0, in which case userID will be assigned with userGenesisID
+    signal output userID;
+
+
+
+    /* id ownership check */
+    component checkIdOwnership = IdOwnership(IdOwnershipLevels);
+
+    checkIdOwnership.userClaimsTreeRoot <== claimsTreeRoot;
+    for (var i=0; i<IdOwnershipLevels; i++) { checkIdOwnership.userAuthClaimMtp[i] <== authClaimIncMtp[i]; }
+    for (var i=0; i<8; i++) { checkIdOwnership.userAuthClaim[i] <== authClaim[i]; }
+
+    checkIdOwnership.userRevTreeRoot <== revTreeRoot;
+    for (var i=0; i<IdOwnershipLevels; i++) { checkIdOwnership.userAuthClaimNonRevMtp[i] <== authClaimNonRevMtp[i]; }
+    checkIdOwnership.userAuthClaimNonRevMtpNoAux <== authClaimNonRevMtpNoAux;
+    checkIdOwnership.userAuthClaimNonRevMtpAuxHv <== authClaimNonRevMtpAuxHv;
+    checkIdOwnership.userAuthClaimNonRevMtpAuxHi <== authClaimNonRevMtpAuxHi;
+
+    checkIdOwnership.userRootsTreeRoot <== rootsTreeRoot;
+
+    checkIdOwnership.challenge <== challenge;
+    checkIdOwnership.challengeSignatureR8x <== challengeSignatureR8x;
+    checkIdOwnership.challengeSignatureR8y <== challengeSignatureR8y;
+    checkIdOwnership.challengeSignatureS <== challengeSignatureS;
+
+    checkIdOwnership.userState <== state;
+
+    /* Check on-chain SMT inclusion existence */
+    component cutId = cutId();
+    cutId.in <== genesisID;
+
+    component cutState = cutState();
+    cutState.in <== state;
+
+    component isStateGenesis = IsEqual();
+    isStateGenesis.in[0] <== cutId.out;
+    isStateGenesis.in[1] <== cutState.out;
+
+    component genesisIDhash = Poseidon(1);
+    genesisIDhash.inputs[0] <== genesisID;
+
+    component gistCheck = SMTVerifier(onChainLevels);
+    gistCheck.enabled <== 1;
+    gistCheck.fnc <== isStateGenesis.out; // non-inclusion in case if genesis state, otherwise inclusion
+    gistCheck.root <== gistRoot;
+    for (var i=0; i<onChainLevels; i++) { gistCheck.siblings[i] <== gistMtp[i]; }
+    gistCheck.oldKey <== gistMtpAuxHi;
+    gistCheck.oldValue <== gistMtpAuxHv;
+    gistCheck.isOld0 <== gistMtpNoAux;
+    gistCheck.key <== genesisIDhash.out;
+    gistCheck.value <== state;
+
+    /* ProfileID calculation */
+    component calcProfile = SelectProfile();
+    calcProfile.in <== genesisID;
+    calcProfile.nonce <== profileNonce;
+
+    userID <== calcProfile.out;
+}

archive_circuits_V2/circuits/authV2.circom

@@ -0,0 +1,16 @@
+pragma circom 2.0.0;
+
+include "auth/authV2.circom";
+
+/*
+* The identity authorization circuit.
+* User ownership of the identity verified by signed challenge.
+* Auth claim should be in the user state and not revoked.
+* User state should be genesis or added to the global state tree (available in the smart contract).
+* The state is verified out of circuits by a verifier.
+* public signals:
+    - userID
+    - challenge
+    - gistRoot
+*/
+component main {public [challenge, gistRoot]} = AuthV2(40, 64);

archive_circuits_V2/circuits/credentialAtomicQueryMTPV2.circom

@@ -0,0 +1,20 @@
+pragma circom 2.0.0;
+
+include "offchain/credentialAtomicQueryMTPOffChain.circom";
+
+/*
+ public signals:
+ userID - user profile id
+ merklized - `1` if claim is merklized
+*/
+component main{public [requestID,
+                       issuerID,
+                       issuerClaimIdenState,
+                       issuerClaimNonRevState,
+                       claimSchema,
+                       slotIndex,
+                       claimPathKey,
+                       claimPathNotExists,
+                       operator,
+                       value,
+                       timestamp, isRevocationChecked]} = CredentialAtomicQueryMTPOffChain(40, 32, 64);

archive_circuits_V2/circuits/credentialAtomicQueryMTPV2OnChain.circom

@@ -0,0 +1,13 @@
+pragma circom 2.0.0;
+
+include "./onchain/credentialAtomicQueryMTPOnChain.circom";
+
+component main{public [requestID,
+                       issuerID,
+                       issuerClaimIdenState,
+                       issuerClaimNonRevState,
+                       timestamp,
+                       isRevocationChecked,
+                       challenge,
+                       gistRoot
+                       ]} = CredentialAtomicQueryMTPOnChain(40, 32, 64, 40, 64);

archive_circuits_V2/circuits/credentialAtomicQuerySigV2.circom

@@ -0,0 +1,20 @@
+pragma circom 2.0.0;
+
+include "offchain/credentialAtomicQuerySigOffChain.circom";
+
+/*
+ public signals:
+ userID - user profile id
+ merklized - `1` if claim is merklized
+ issuerAuthState
+*/
+component main{public [requestID,
+                       issuerID,
+                       issuerClaimNonRevState,
+                       claimSchema,
+                       slotIndex,
+                       claimPathKey,
+                       claimPathNotExists,
+                       operator,
+                       value,
+                       timestamp, isRevocationChecked]} = credentialAtomicQuerySigOffChain(40, 32, 64);

archive_circuits_V2/circuits/credentialAtomicQuerySigV2OnChain.circom

@@ -0,0 +1,11 @@
+pragma circom 2.0.0;
+
+include "./onchain/credentialAtomicQuerySigOnChain.circom";
+
+component main{public [requestID,
+                       issuerID,
+                       issuerClaimNonRevState,
+                       timestamp,
+                       isRevocationChecked,
+                       challenge,
+                       gistRoot]} = credentialAtomicQuerySigOnChain(40, 32, 64, 40, 64);

archive_circuits_V2/circuits/lib/idOwnership.circom

@@ -0,0 +1,55 @@
+/*
+# idOwnershipBySignature.circom
+
+Circuit to check that the prover is the owner of the identity
+- prover is owner of the private key
+- prover public key is in a ClaimKeyBBJJ that is inside its Identity State (in Claim tree)
+*/
+
+pragma circom 2.0.0;
+
+include "utils/claimUtils.circom";
+include "utils/treeUtils.circom";
+
+template IdOwnership(nLevels) {
+    signal input userState;
+
+	signal input userClaimsTreeRoot;
+	signal input userAuthClaimMtp[nLevels];
+	signal input userAuthClaim[8];
+
+	signal input userRevTreeRoot;
+    signal input userAuthClaimNonRevMtp[nLevels];
+    signal input userAuthClaimNonRevMtpNoAux;
+    signal input userAuthClaimNonRevMtpAuxHi;
+    signal input userAuthClaimNonRevMtpAuxHv;
+
+	signal input userRootsTreeRoot;
+
+	signal input challenge;
+	signal input challengeSignatureR8x;
+	signal input challengeSignatureR8y;
+	signal input challengeSignatureS;
+
+
+    component verifyAuthClaim = VerifyAuthClaimAndSignature(nLevels);
+    for (var i=0; i<8; i++) { verifyAuthClaim.authClaim[i] <== userAuthClaim[i]; }
+	for (var i=0; i<nLevels; i++) { verifyAuthClaim.authClaimMtp[i] <== userAuthClaimMtp[i]; }
+	verifyAuthClaim.claimsTreeRoot <== userClaimsTreeRoot;
+	verifyAuthClaim.revTreeRoot <== userRevTreeRoot;
+	for (var i=0; i<nLevels; i++) { verifyAuthClaim.authClaimNonRevMtp[i] <== userAuthClaimNonRevMtp[i]; }
+	verifyAuthClaim.authClaimNonRevMtpNoAux <== userAuthClaimNonRevMtpNoAux;
+	verifyAuthClaim.authClaimNonRevMtpAuxHv <== userAuthClaimNonRevMtpAuxHv;
+	verifyAuthClaim.authClaimNonRevMtpAuxHi <== userAuthClaimNonRevMtpAuxHi;
+
+    verifyAuthClaim.challengeSignatureS <== challengeSignatureS;
+    verifyAuthClaim.challengeSignatureR8x <== challengeSignatureR8x;
+    verifyAuthClaim.challengeSignatureR8y <== challengeSignatureR8y;
+    verifyAuthClaim.challenge <== challenge;
+
+    component checkUserState = checkIdenStateMatchesRoots();
+    checkUserState.claimsTreeRoot <== userClaimsTreeRoot;
+    checkUserState.revTreeRoot <== userRevTreeRoot;
+    checkUserState.rootsTreeRoot <== userRootsTreeRoot;
+    checkUserState.expectedState <== userState;
+}

archive_circuits_V2/circuits/lib/query/comparators.circom

@@ -0,0 +1,84 @@
+pragma circom 2.0.0;
+
+include "../../../../node_modules/circomlib/circuits/comparators.circom";
+
+// nElements - number of value elements
+// Example nElements = 3, '1' v ['12', '1231', '9999'], 1 not in array of values
+template IN (valueArraySize){
+
+        signal input in;
+        signal input value[valueArraySize];
+        signal output out;
+
+        component eq[valueArraySize];
+        signal count[valueArraySize+1];
+        count[0] <== 0;
+        for (var i=0; i<valueArraySize; i++) {
+            eq[i] = IsEqual();
+            eq[i].in[0] <== in;
+            eq[i].in[1] <== value[i];
+            count[i+1] <== count[i] + eq[i].out;
+        }
+
+        // Greater than
+        component gt = GreaterThan(252);
+        gt.in[0] <== count[valueArraySize];
+        gt.in[1] <== 0;
+
+        out <== gt.out; // 1 - if in signal in the list, 0 - if it is not
+}
+
+// As LessThan but for all possible numbers from field (not only 252-bit-max like LessThan)
+template LessThan254() {
+    signal input in[2];
+    signal output out;
+
+    component n0b = Num2Bits(254);
+    n0b.in <== in[0];
+
+    component n1b = Num2Bits(254);
+    n1b.in <== in[1];
+
+    // numbers for high 4 bits
+    component h0  = Bits2Num(2);
+    component h1  = Bits2Num(2);
+    for(var i = 252; i < 254; i++) {
+        h0.in[i-252] <== n0b.out[i];
+        h1.in[i-252] <== n1b.out[i];
+    }
+
+    component hiBitLt = LessThan(4);
+    hiBitLt.in[0] <== h0.out;
+    hiBitLt.in[1] <== h1.out;
+    component hiBitEq = IsEqual();
+    hiBitEq.in[0] <== h0.out;
+    hiBitEq.in[1] <== h1.out;
+    component hiBitGt = GreaterThan(4);
+    hiBitGt.in[0] <== h0.out;
+    hiBitGt.in[1] <== h1.out;
+
+    // number for lower 252 bits
+    component n0  = Bits2Num(252);
+    component n1  = Bits2Num(252);
+    for(var i = 0; i < 252; i++) {
+        n0.in[i] <== n0b.out[i];
+        n1.in[i] <== n1b.out[i];
+    }
+
+    component lt = LessThan(252);
+    lt.in[0] <== n0.out;
+    lt.in[1] <== n1.out;
+
+    out <== (hiBitEq.out * lt.out) + (hiBitLt.out * 1) + (hiBitGt.out * 0);
+}
+
+template GreaterThan254() {
+    signal input in[2];
+    signal output out;
+
+    component lt = LessThan254();
+
+    lt.in[0] <== in[1];
+    lt.in[1] <== in[0];
+    lt.out ==> out;
+}