anonymity-mining/circuits/MerkleTree.circom

72 lines
1.9 KiB
Plaintext

include "../node_modules/@tornado/circomlib/circuits/poseidon.circom";
include "../node_modules/@tornado/circomlib/circuits/bitify.circom";
// Computes Poseidon([left, right])
template HashLeftRight() {
signal input left;
signal input right;
signal output hash;
component hasher = Poseidon(2);
hasher.inputs[0] <== left;
hasher.inputs[1] <== right;
hash <== hasher.out;
}
// if s == 0 returns [in[0], in[1]]
// if s == 1 returns [in[1], in[0]]
template DualMux() {
signal input in[2];
signal input s;
signal output out[2];
s * (1 - s) === 0;
out[0] <== (in[1] - in[0])*s + in[0];
out[1] <== (in[0] - in[1])*s + in[1];
}
// Verifies that merkle proof is correct for given merkle root and a leaf
// pathIndices input is an array of 0/1 selectors telling whether given pathElement is on the left or right side of merkle path
template RawMerkleTree(levels) {
signal input leaf;
signal input pathElements[levels];
signal input pathIndices[levels];
signal output root;
component selectors[levels];
component hashers[levels];
for (var i = 0; i < levels; i++) {
selectors[i] = DualMux();
selectors[i].in[0] <== i == 0 ? leaf : hashers[i - 1].hash;
selectors[i].in[1] <== pathElements[i];
selectors[i].s <== pathIndices[i];
hashers[i] = HashLeftRight();
hashers[i].left <== selectors[i].out[0];
hashers[i].right <== selectors[i].out[1];
}
root <== hashers[levels - 1].hash;
}
template MerkleTree(levels) {
signal input leaf;
signal input pathElements[levels];
signal input pathIndices;
signal output root;
component indexBits = Num2Bits(levels);
indexBits.in <== pathIndices;
component tree = RawMerkleTree(levels)
tree.leaf <== leaf;
for (var i = 0; i < levels; i++) {
tree.pathIndices[i] <== indexBits.out[i];
tree.pathElements[i] <== pathElements[i];
}
root <== tree.root
}