include "../node_modules/@tornado/circomlib/circuits/poseidon.circom"; include "../node_modules/@tornado/circomlib/circuits/bitify.circom"; // Computes Poseidon([left, right]) template HashLeftRight() { signal input left; signal input right; signal output hash; component hasher = Poseidon(2); hasher.inputs[0] <== left; hasher.inputs[1] <== right; hash <== hasher.out; } // if s == 0 returns [in[0], in[1]] // if s == 1 returns [in[1], in[0]] template DualMux() { signal input in[2]; signal input s; signal output out[2]; s * (1 - s) === 0; out[0] <== (in[1] - in[0])*s + in[0]; out[1] <== (in[0] - in[1])*s + in[1]; } // Verifies that merkle proof is correct for given merkle root and a leaf // pathIndices input is an array of 0/1 selectors telling whether given pathElement is on the left or right side of merkle path template RawMerkleTree(levels) { signal input leaf; signal input pathElements[levels]; signal input pathIndices[levels]; signal output root; component selectors[levels]; component hashers[levels]; for (var i = 0; i < levels; i++) { selectors[i] = DualMux(); selectors[i].in[0] <== i == 0 ? leaf : hashers[i - 1].hash; selectors[i].in[1] <== pathElements[i]; selectors[i].s <== pathIndices[i]; hashers[i] = HashLeftRight(); hashers[i].left <== selectors[i].out[0]; hashers[i].right <== selectors[i].out[1]; } root <== hashers[levels - 1].hash; } template MerkleTree(levels) { signal input leaf; signal input pathElements[levels]; signal input pathIndices; signal output root; component indexBits = Num2Bits(levels); indexBits.in <== pathIndices; component tree = RawMerkleTree(levels) tree.leaf <== leaf; for (var i = 0; i < levels; i++) { tree.pathIndices[i] <== indexBits.out[i]; tree.pathElements[i] <== pathElements[i]; } root <== tree.root }