diff --git a/.github/workflows/cancel-round.yml b/.github/workflows/cancel-round.yml index 0c37001aa..5091547fe 100644 --- a/.github/workflows/cancel-round.yml +++ b/.github/workflows/cancel-round.yml @@ -1,12 +1,23 @@ name: Cancel current round -on: workflow_dispatch +on: + workflow_dispatch: + inputs: + clrfund: + description: 'Clrfund contract address' + required: true + default: '0x87790498127ff044f43b9230506833ca89113757' + network: + description: 'Network' + required: true + default: 'arbitrum-sepolia' + jsonrpc_url: + description: jsonrpc url to node + required: false env: NODE_VERSION: 20.x - SUBGRPAH_URL: "https://api.thegraph.com/subgraphs/name/clrfund/clrfund-testnet" WALLET_PRIVATE_KEY: ${{ secrets.ARBITRUM_GOERLI_COORDINATOR_WALLET_PRIVATE_KEY }} - NETWORK: "arbitrum-sepolia" jobs: cancel-round: @@ -26,6 +37,6 @@ jobs: - name: Run the cancel round script run: | cd contracts - export CLRFUND=$(curl -X POST -d '{"query":"{clrFunds {id}}"}' $SUBGRPAH_URL) - export CLRFUND_ADDRESS=$(node -e 'console.log(JSON.parse(process.env.CLRFUND).data.clrFunds[0].id)') - yarn hardhat cancel-round --clrfund "${CLRFUND_ADDRESS}" --network ${NETWORK} + yarn hardhat cancel-round \ + --clrfund ${{ github.event.inputs.clrfund }} \ + --network ${{ github.event.inputs.network }} diff --git a/.github/workflows/create-version.yml b/.github/workflows/create-version.yml index b9a3841e2..9cccd61a7 100644 --- a/.github/workflows/create-version.yml +++ b/.github/workflows/create-version.yml @@ -12,8 +12,8 @@ on: - major env: - NODE_VERSION: 18.x - VITE_CLRFUND_FACTORY_ADDRESS: "0x5FC8d32690cc91D4c39d9d3abcBD16989F875707" + NODE_VERSION: 20.x + VITE_CLRFUND_ADDRESS: "0x5FC8d32690cc91D4c39d9d3abcBD16989F875707" VITE_ETHEREUM_API_CHAINID: 1 VITE_ETHEREUM_API_URL: "dummy" VITE_IPFS_PINNING_JWT: "dummy" diff --git a/.github/workflows/mantle_cancel_round.yml b/.github/workflows/mantle_cancel_round.yml deleted file mode 100644 index 80254827a..000000000 --- a/.github/workflows/mantle_cancel_round.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Mantle testnet - Cancel current round - -on: - workflow_dispatch: - inputs: - branch_name: - description: 'Clrfund branch name' - required: true - default: 'cohort/EthSingapore' - factory: - description: 'Clrfund factory address' - required: true - default: '0x006f39E6a6D15323334Be1db34C73088550BB20a' - network: - description: 'Network' - required: true - default: 'mantle-testnet' - - -env: - NODE_VERSION: 16.x - WALLET_PRIVATE_KEY: ${{ secrets.MANTLE_TESTNET_COORDINATOR_WALLET_PRIVATE_KEY }} - -jobs: - cancel-round: - runs-on: ubuntu-22.04 - steps: - - name: Use Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - name: Checkout source code - uses: actions/checkout@v3 - - name: Build CLR - run: | - yarn && yarn build - - name: Run the cancel round script - run: | - cd contracts - yarn hardhat cancel-round --factory "${{ github.event.inputs.factory }}" --network "${{ github.event.inputs.network }}" diff --git a/.github/workflows/mantle_create_new_round.yml b/.github/workflows/mantle_create_new_round.yml deleted file mode 100644 index 40de9dac0..000000000 --- a/.github/workflows/mantle_create_new_round.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Mantle testnet - Create new round - -on: - workflow_dispatch: - inputs: - branch_name: - description: 'Clrfund branch name' - required: true - default: 'cohort/EthSingapore' - factory: - description: 'Clrfund factory address' - required: true - default: '0x006f39E6a6D15323334Be1db34C73088550BB20a' - network: - description: 'Network' - required: true - default: 'mantle-testnet' - -env: - NODE_VERSION: 16.x - WALLET_PRIVATE_KEY: ${{ secrets.MANTLE_TESTNET_COORDINATOR_WALLET_PRIVATE_KEY }} - -jobs: - create-new-round: - runs-on: ubuntu-22.04 - steps: - - name: Use Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - name: Checkout source code - uses: actions/checkout@v3 - - name: Build CLR - run: | - yarn && yarn build - - name: Run create new round script - run: | - cd contracts - export FACTORY_ADDRESS="${{ github.event.inputs.factory }}" - yarn hardhat run scripts/newRound.ts --network "${{ github.event.inputs.network }}" diff --git a/.github/workflows/mantle_finalize_round.yml b/.github/workflows/mantle_finalize_round.yml deleted file mode 100644 index 0ccf766d7..000000000 --- a/.github/workflows/mantle_finalize_round.yml +++ /dev/null @@ -1,75 +0,0 @@ -name: Mantle testnet - Finalize round - -on: - workflow_dispatch: - inputs: - branch_name: - description: 'Clrfund branch name' - required: true - default: 'cohort/EthSingapore' - maci_start_block: - description: 'MACI contract creation block' - required: true - default: '1' - subgraph_url: - description: 'Clrfund subgraph url' - required: true - default: 'https://graph.testnet.mantle.xyz/subgraphs/name/clrfund-ethsingapore-test' - network: - description: 'Network' - required: true - default: 'mantle-testnet' - -env: - NODE_VERSION: 16.x - COORDINATOR_ETH_PK: ${{ secrets.MANTLE_TESTNET_COORDINATOR_WALLET_PRIVATE_KEY }} - COORDINATOR_PK: ${{ secrets.MANTLE_TESTNET_COORDINATOR_MACI_PRIVATE_KEY }} - -jobs: - finalize: - runs-on: ubuntu-22.04 - steps: - - name: Use Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - name: Install g++ library dependencies - run: | - sudo apt update - sudo apt-get install build-essential libgmp-dev libsodium-dev nlohmann-json3-dev nasm g++ curl - - name: Install rust toolchain - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - - name: Install zkutil - run: | - cargo install zkutil --version 0.3.2 - - name: Checkout source code - uses: actions/checkout@v3 - with: - ref: ${{ github.event.inputs.branch_name }} - - name: Download batch 64 params - run: | - ls -la $GITHUB_WORKSPACE - $GITHUB_WORKSPACE/.github/scripts/download-batch64-params.sh - - name: Build - run: | - yarn && yarn build - - name: Run finalize scripts - run: | - export SUBGRPAH_URL="${{ github.event.inputs.subgraph_url }}" - echo $SUBGRAPH_URL - export NODE_CONFIG=$(node -e "const snarkParamsPath=process.env.GITHUB_WORKSPACE + '/params'; console.log(JSON.stringify({ snarkParamsPath }));") - export ROUND=$(curl -X POST -d '{"query":"{fundingRoundFactories {id currentRound {id maci}}}"}' $SUBGRPAH_URL) - export FACTORY_ADDRESS=$(node -e 'console.log(JSON.parse(process.env.ROUND).data.fundingRoundFactories[0].id)') - export ROUND_ADDRESS=$(node -e 'console.log(JSON.parse(process.env.ROUND).data.fundingRoundFactories[0].currentRound.id)') - export MACI_ADDRESS=$(node -e 'console.log(JSON.parse(process.env.ROUND).data.fundingRoundFactories[0].currentRound.maci)') - export MACI_START_BLOCK="${{ github.event.inputs.maci_start_block }}" - echo "MACI_START_BLOCK:" $MACI_START_BLOCK - # tally and finalize - cd contracts - yarn hardhat tally --round-address "${ROUND_ADDRESS}" --network "${{ github.event.inputs.network }}" - curl --location --request POST 'https://api.pinata.cloud/pinning/pinFileToIPFS' \ - --header "Authorization: Bearer ${{ secrets.PINATA_JWT }}" \ - --form 'file=@"tally.json"' - yarn hardhat run --network "${{ github.event.inputs.network }}" scripts/finalize.ts diff --git a/.github/workflows/mantle_new_recipient_registry.yml b/.github/workflows/mantle_new_recipient_registry.yml deleted file mode 100644 index d2d65b8e9..000000000 --- a/.github/workflows/mantle_new_recipient_registry.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Mantle testnet - New Recipient Registry - -on: - workflow_dispatch: - inputs: - branch_name: - description: 'Clrfund branch name' - required: true - default: 'cohort/EthSingapore' - factory: - description: 'Clrfund factory address' - required: true - default: '0x006f39E6a6D15323334Be1db34C73088550BB20a' - network: - description: 'Network' - required: true - default: 'mantle-testnet' - -env: - NODE_VERSION: 16.x - WALLET_PRIVATE_KEY: ${{ secrets.MANTLE_TESTNET_COORDINATOR_WALLET_PRIVATE_KEY }} - -jobs: - new-recipient-registry: - runs-on: ubuntu-22.04 - steps: - - name: Use Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - name: Checkout source code - uses: actions/checkout@v3 - - name: Build CLR - run: | - yarn && yarn build - - name: Create new recipient registry - run: | - cd contracts - export FACTORY_ADDRESS="${{ github.event.inputs.factory }}" - yarn hardhat deploy-recipient-registry \ - --network "${{ github.event.inputs.network }}" \ - --factory "${{ github.event.inputs.factory }}" \ - --type "optimistic" diff --git a/.github/workflows/mantle_set_duration.yml b/.github/workflows/mantle_set_duration.yml deleted file mode 100644 index ccfa8cf5e..000000000 --- a/.github/workflows/mantle_set_duration.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Mantle testnet - Set voting duration - -on: - workflow_dispatch: - inputs: - voting_period: - description: 'Voting period in minutes' - required: true - default: '120' - reallocation_period: - description: 'Reallocation period in minutes' - required: true - default: '1' - factory: - description: 'Clrfund factory address' - required: true - default: '0x006f39E6a6D15323334Be1db34C73088550BB20a' - network: - description: 'Network' - required: true - default: 'mantle-testnet' - -env: - NODE_VERSION: 16.x - WALLET_PRIVATE_KEY: ${{ secrets.MANTLE_TESTNET_COORDINATOR_WALLET_PRIVATE_KEY }} - -jobs: - set-durations: - runs-on: ubuntu-22.04 - steps: - - name: Use Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - name: Checkout source code - uses: actions/checkout@v3 - - name: Build CLR - run: | - yarn && yarn build - - name: Run the set duration script - run: | - cd contracts - yarn hardhat set-durations --factory "${{ github.event.inputs.factory }}" --signup "${{ github.event.inputs.voting_period }}" --voting "${{ github.event.inputs.reallocation_period }}" --network "${{ github.event.inputs.network }}" diff --git a/.husky/pre-push b/.husky/pre-push index a08e236b1..c0bc1da1c 100755 --- a/.husky/pre-push +++ b/.husky/pre-push @@ -2,7 +2,7 @@ . "$(dirname "$0")/_/husky.sh" # set these params so git push will work without .env -export VITE_CLRFUND_FACTORY_ADDRESS=0x5FC8d32690cc91D4c39d9d3abcBD16989F875707 +export VITE_CLRFUND_ADDRESS=0x5FC8d32690cc91D4c39d9d3abcBD16989F875707 export VITE_ETHEREUM_API_CHAINID=1 export VITE_ETHEREUM_API_URL=x export VITE_IPFS_PINNING_JWT=x diff --git a/README.md b/README.md index b2bf0f7c7..470a4e1b7 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ In a future version, we plan to address this by routing ETH and token contributi ## Development -### Install Node v18 with nvm +### Install Node v20 with nvm ```sh nvm install 20 diff --git a/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifier.sol b/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifier.sol deleted file mode 100644 index f34141878..000000000 --- a/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifier.sol +++ /dev/null @@ -1,246 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Copyright 2017 Christian Reitwiessner -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to -// deal in the Software without restriction, including without limitation the -// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -// sell copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -// IN THE SOFTWARE. - -// 2019 OKIMS - -pragma solidity ^0.6.12; - -library Pairing { - - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct G1Point { - uint256 X; - uint256 Y; - } - - // Encoding of field elements is: X[0] * z + X[1] - struct G2Point { - uint256[2] X; - uint256[2] Y; - } - - /* - * @return The negation of p, i.e. p.plus(p.negate()) should be zero. - */ - function negate(G1Point memory p) internal pure returns (G1Point memory) { - - // The prime q in the base field F_q for G1 - if (p.X == 0 && p.Y == 0) { - return G1Point(0, 0); - } else { - return G1Point(p.X, PRIME_Q - (p.Y % PRIME_Q)); - } - } - - /* - * @return The sum of two points of G1 - */ - function plus( - G1Point memory p1, - G1Point memory p2 - ) internal view returns (G1Point memory r) { - - uint256[4] memory input; - input[0] = p1.X; - input[1] = p1.Y; - input[2] = p2.X; - input[3] = p2.Y; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-add-failed"); - } - - /* - * @return The product of a point on G1 and a scalar, i.e. - * p == p.scalar_mul(1) and p.plus(p) == p.scalar_mul(2) for all - * points p. - */ - function scalar_mul(G1Point memory p, uint256 s) internal view returns (G1Point memory r) { - - uint256[3] memory input; - input[0] = p.X; - input[1] = p.Y; - input[2] = s; - bool success; - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 7, input, 0x80, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - require (success,"pairing-mul-failed"); - } - - /* @return The result of computing the pairing check - * e(p1[0], p2[0]) * .... * e(p1[n], p2[n]) == 1 - * For example, - * pairing([P1(), P1().negate()], [P2(), P2()]) should return true. - */ - function pairing( - G1Point memory a1, - G2Point memory a2, - G1Point memory b1, - G2Point memory b2, - G1Point memory c1, - G2Point memory c2, - G1Point memory d1, - G2Point memory d2 - ) internal view returns (bool) { - - G1Point[4] memory p1 = [a1, b1, c1, d1]; - G2Point[4] memory p2 = [a2, b2, c2, d2]; - - uint256 inputSize = 24; - uint256[] memory input = new uint256[](inputSize); - - for (uint256 i = 0; i < 4; i++) { - uint256 j = i * 6; - input[j + 0] = p1[i].X; - input[j + 1] = p1[i].Y; - input[j + 2] = p2[i].X[0]; - input[j + 3] = p2[i].X[1]; - input[j + 4] = p2[i].Y[0]; - input[j + 5] = p2[i].Y[1]; - } - - uint256[1] memory out; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 8, add(input, 0x20), mul(inputSize, 0x20), out, 0x20) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-opcode-failed"); - - return out[0] != 0; - } -} - -contract BatchUpdateStateTreeVerifier { - - using Pairing for *; - - uint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct VerifyingKey { - Pairing.G1Point alpha1; - Pairing.G2Point beta2; - Pairing.G2Point gamma2; - Pairing.G2Point delta2; - Pairing.G1Point[17] IC; - } - - struct Proof { - Pairing.G1Point A; - Pairing.G2Point B; - Pairing.G1Point C; - } - - function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alpha1 = Pairing.G1Point(uint256(8023132588245056084381987891043043826461059931552067709318264903932815879902),uint256(20072067851748979121302437451512078645507459299862790013260601133436067250465)); - vk.beta2 = Pairing.G2Point([uint256(8776596780152580357834840947065367090564266719231738843486831492239088702100),uint256(2098827568933174633712729957680147811785957638905260881625028047649430733771)], [uint256(1130324400703569007398482292422739226029714121302716930443655414806452244008),uint256(1554496725893928866280515501351891090468601616517791807104132296822506230517)]); - vk.gamma2 = Pairing.G2Point([uint256(21794722627530163121147384785101259127251796988635526940447761027019620560972),uint256(11669013075857287569223852428104990419865728508084310588647896924443753946529)], [uint256(15828404727526159041305269942916979015767199749419876382138938787379138353861),uint256(16921028011300782447540886372408595679184740957930030652147189744368546964176)]); - vk.delta2 = Pairing.G2Point([uint256(16646191542604346123327435753992512532664508997347585759523033467482490319366),uint256(6819165626942119296453703452126524750228221553152178520014430208549277713815)], [uint256(20312793436173935311163054260433832834896569638350210076984340502892459883640),uint256(9080934942556385525524491630289963306626673521237345563698519561297434531834)]); - vk.IC[0] = Pairing.G1Point(uint256(6609326620954095817109632797503036595250289984857450481377675131055944802600),uint256(15859067641801156980777534991665682656006004134138068528483628963811028416754)); - vk.IC[1] = Pairing.G1Point(uint256(3903320927682210738161083802535431772598063750158785961648242885790966139469),uint256(4429510984459177683020064460887315850131860884766699907715305368364626401635)); - vk.IC[2] = Pairing.G1Point(uint256(3307149862238849309914312752245920173095022640711582456468131961831613690776),uint256(8145223865063717565333216223585297645345943654657586031504888952424901781284)); - vk.IC[3] = Pairing.G1Point(uint256(19296072903728731042202145346428898058857592158609590440144311325860237323153),uint256(12977234920410315015814854235224756124501494692244524183110551515312999703489)); - vk.IC[4] = Pairing.G1Point(uint256(2299549407402768923578080434233820923944747549401550307146244096230024835670),uint256(11454697293315626493838496992744496466082696246432496722179154517672750769080)); - vk.IC[5] = Pairing.G1Point(uint256(21192730793045330155651857270767390717318825191928566003294021743259676417861),uint256(7093439151393904093289832341188263198948385224748550753184465907421274356034)); - vk.IC[6] = Pairing.G1Point(uint256(7322112701877331586155695931503722791895934394402888693228431947224746813450),uint256(17608636909643581023593273284330934738444803210282260020662372751950293467017)); - vk.IC[7] = Pairing.G1Point(uint256(8565761666468354108215670411297787212097194512901300330707993080786520064887),uint256(19326513294735896092860626310371491818475871321565576202102049804578162595238)); - vk.IC[8] = Pairing.G1Point(uint256(7009716517681001749502905632106645200200352405976728673849244044650802951044),uint256(12689923035544327591908917071809007904541929903630474075278588980657428353897)); - vk.IC[9] = Pairing.G1Point(uint256(3635203484529678196898445813259680685496623497256426121016430200381357762607),uint256(13660571790696161319245879172053049256833052258646825926537270127620946385943)); - vk.IC[10] = Pairing.G1Point(uint256(4167025165720389586384528203304296796499392386159326353029913764015033483912),uint256(6888529101598262407705659066244378839074671181134986592699568442015065332304)); - vk.IC[11] = Pairing.G1Point(uint256(8428357466052237489230030108794940178402799970448759180676563906944650125168),uint256(8554341726262538325447106648220228120946216259516589560322516767079031334825)); - vk.IC[12] = Pairing.G1Point(uint256(13615988994639247876470242912645583420712560408764847159007423005893922551963),uint256(10354477135650598617547179938476622334380578461807517777945621840307824887747)); - vk.IC[13] = Pairing.G1Point(uint256(11244887424743242134790362492888034102721010830375948210137064822934977326952),uint256(17684187313026489492597429802881293612871932656553906991947013304148278603540)); - vk.IC[14] = Pairing.G1Point(uint256(13392824161217052157628920383952851932198250600058517703105246603679131515622),uint256(13943914136051075406125306264869359397235472689493773270207541760515998856232)); - vk.IC[15] = Pairing.G1Point(uint256(18178226072249078502407888038847995091511471370429326449078455540186037496452),uint256(160690850339346681295704186048821942090651855750485321276656089035394429567)); - vk.IC[16] = Pairing.G1Point(uint256(14884616765097466375757598441061965217839403493063361590848540040873391299658),uint256(5453307143362355367485616386262822946337860281980306853111269260524673153786)); - - } - - /* - * @returns Whether the proof is valid given the hardcoded verifying key - * above and the public inputs - */ - function verifyProof( - uint256[2] memory a, - uint256[2][2] memory b, - uint256[2] memory c, - uint256[] memory input - ) public view returns (bool) { - - Proof memory proof; - proof.A = Pairing.G1Point(a[0], a[1]); - proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.C = Pairing.G1Point(c[0], c[1]); - - VerifyingKey memory vk = verifyingKey(); - - // Compute the linear combination vk_x - Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); - - // Make sure that proof.A, B, and C are each less than the prime q - require(proof.A.X < PRIME_Q, "verifier-aX-gte-prime-q"); - require(proof.A.Y < PRIME_Q, "verifier-aY-gte-prime-q"); - - require(proof.B.X[0] < PRIME_Q, "verifier-bX0-gte-prime-q"); - require(proof.B.Y[0] < PRIME_Q, "verifier-bY0-gte-prime-q"); - - require(proof.B.X[1] < PRIME_Q, "verifier-bX1-gte-prime-q"); - require(proof.B.Y[1] < PRIME_Q, "verifier-bY1-gte-prime-q"); - - require(proof.C.X < PRIME_Q, "verifier-cX-gte-prime-q"); - require(proof.C.Y < PRIME_Q, "verifier-cY-gte-prime-q"); - - // Make sure that every input is less than the snark scalar field - //for (uint256 i = 0; i < input.length; i++) { - for (uint256 i = 0; i < 16; i++) { - require(input[i] < SNARK_SCALAR_FIELD,"verifier-gte-snark-scalar-field"); - vk_x = Pairing.plus(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); - } - - vk_x = Pairing.plus(vk_x, vk.IC[0]); - - return Pairing.pairing( - Pairing.negate(proof.A), - proof.B, - vk.alpha1, - vk.beta2, - vk_x, - vk.gamma2, - proof.C, - vk.delta2 - ); - } -} diff --git a/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifier32.sol b/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifier32.sol deleted file mode 100644 index 5340f7cf4..000000000 --- a/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifier32.sol +++ /dev/null @@ -1,254 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Copyright 2017 Christian Reitwiessner -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to -// deal in the Software without restriction, including without limitation the -// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -// sell copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -// IN THE SOFTWARE. - -// 2019 OKIMS - -pragma solidity ^0.6.12; - -library Pairing { - - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct G1Point { - uint256 X; - uint256 Y; - } - - // Encoding of field elements is: X[0] * z + X[1] - struct G2Point { - uint256[2] X; - uint256[2] Y; - } - - /* - * @return The negation of p, i.e. p.plus(p.negate()) should be zero. - */ - function negate(G1Point memory p) internal pure returns (G1Point memory) { - - // The prime q in the base field F_q for G1 - if (p.X == 0 && p.Y == 0) { - return G1Point(0, 0); - } else { - return G1Point(p.X, PRIME_Q - (p.Y % PRIME_Q)); - } - } - - /* - * @return The sum of two points of G1 - */ - function plus( - G1Point memory p1, - G1Point memory p2 - ) internal view returns (G1Point memory r) { - - uint256[4] memory input; - input[0] = p1.X; - input[1] = p1.Y; - input[2] = p2.X; - input[3] = p2.Y; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-add-failed"); - } - - /* - * @return The product of a point on G1 and a scalar, i.e. - * p == p.scalar_mul(1) and p.plus(p) == p.scalar_mul(2) for all - * points p. - */ - function scalar_mul(G1Point memory p, uint256 s) internal view returns (G1Point memory r) { - - uint256[3] memory input; - input[0] = p.X; - input[1] = p.Y; - input[2] = s; - bool success; - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 7, input, 0x80, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - require (success,"pairing-mul-failed"); - } - - /* @return The result of computing the pairing check - * e(p1[0], p2[0]) * .... * e(p1[n], p2[n]) == 1 - * For example, - * pairing([P1(), P1().negate()], [P2(), P2()]) should return true. - */ - function pairing( - G1Point memory a1, - G2Point memory a2, - G1Point memory b1, - G2Point memory b2, - G1Point memory c1, - G2Point memory c2, - G1Point memory d1, - G2Point memory d2 - ) internal view returns (bool) { - - G1Point[4] memory p1 = [a1, b1, c1, d1]; - G2Point[4] memory p2 = [a2, b2, c2, d2]; - - uint256 inputSize = 24; - uint256[] memory input = new uint256[](inputSize); - - for (uint256 i = 0; i < 4; i++) { - uint256 j = i * 6; - input[j + 0] = p1[i].X; - input[j + 1] = p1[i].Y; - input[j + 2] = p2[i].X[0]; - input[j + 3] = p2[i].X[1]; - input[j + 4] = p2[i].Y[0]; - input[j + 5] = p2[i].Y[1]; - } - - uint256[1] memory out; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 8, add(input, 0x20), mul(inputSize, 0x20), out, 0x20) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-opcode-failed"); - - return out[0] != 0; - } -} - -contract BatchUpdateStateTreeVerifier32 { - - using Pairing for *; - - uint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct VerifyingKey { - Pairing.G1Point alpha1; - Pairing.G2Point beta2; - Pairing.G2Point gamma2; - Pairing.G2Point delta2; - Pairing.G1Point[25] IC; - } - - struct Proof { - Pairing.G1Point A; - Pairing.G2Point B; - Pairing.G1Point C; - } - - function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alpha1 = Pairing.G1Point(uint256(2235937757258328332581655207316854914340553041478756749021922386043254497665),uint256(11720695076632845600035435519386961195137050119051159881119328470568375901061)); - vk.beta2 = Pairing.G2Point([uint256(18103312586997372723464065125468726628197103937398148351874079500906002078514),uint256(3521241463040229090496972414283999306378042701894409495991649947043913050390)], [uint256(19929222577579677319710308208655935830382430571925744018028233535451768572526),uint256(2713488580683808567223254461296987686393416756219077378633699157752784449871)]); - vk.gamma2 = Pairing.G2Point([uint256(18540033106735871504246221953284252727449583113344978088798752551559197497443),uint256(11804507394712288367663827325809152799963322749311995594214433375808748914215)], [uint256(7823444017721090114052934461767123920657200397414318893992672133734334584881),uint256(381539947305595214533183072009982233806337443107151710535066901935181836650)]); - vk.delta2 = Pairing.G2Point([uint256(13777830633300304139191093890421583212822007120835768179730867378433207369904),uint256(5829308442558755354882021024059658392511579302722950339672751965830178369479)], [uint256(3247971301408566159364701679393539201504071675477219748559808130461833317206),uint256(20333401927295807868473825746451131502855146064139046665350946639946989255290)]); - vk.IC[0] = Pairing.G1Point(uint256(12695296843741290243689381493557344935288860265047293012366283732179354585998),uint256(8756234222257929396036211927997035681483199097361823776457523938231702657637)); - vk.IC[1] = Pairing.G1Point(uint256(19427060885837198291358374320196723084935525206551352881413292228008641375494),uint256(17830025099056800507919694199083128206588010134164569106894828438761905032458)); - vk.IC[2] = Pairing.G1Point(uint256(410478146407936532689270128315003070671881564424239715170777648878967168005),uint256(19810008246942770361558893286482792592821114623562524395734095279442205700805)); - vk.IC[3] = Pairing.G1Point(uint256(16927932954172000562734191935150272341340300065159146447389567055435697197896),uint256(7080985430376548388712273850247201104283444559574087251008037877021942324388)); - vk.IC[4] = Pairing.G1Point(uint256(16230357772827331182078389034367129255766008017458394951654453835970997773946),uint256(14390597016939564779231872532412964300980781945004466358993998728674970309401)); - vk.IC[5] = Pairing.G1Point(uint256(13714106385150866732996352043897273245837658980446605229373226331378168393032),uint256(486150390705720151962722842770974288776559483789878327517085343215375560197)); - vk.IC[6] = Pairing.G1Point(uint256(17768923331894319515675582767948565732688231025317939555708699614152398211686),uint256(8499610897814284712396152304339583329559266108913886418999627219565622002315)); - vk.IC[7] = Pairing.G1Point(uint256(14415647971716124875365599377021987010020281756838687529386783498764570820512),uint256(14613451060692886380252911494947779806626467670508276424823896732115700932878)); - vk.IC[8] = Pairing.G1Point(uint256(16764983637282451325253712526116676245825038387105887732952918407603662725617),uint256(1352524463256846201723591130214587605935782520895303289524343032854923110908)); - vk.IC[9] = Pairing.G1Point(uint256(10056087566202527332631589268663832673613483884145297923102443097932637361605),uint256(16730779773798332173061611611644870364986949778018646363117835815193258915616)); - vk.IC[10] = Pairing.G1Point(uint256(13290900503321714658935311585568872029990198888697506684512806338887123938831),uint256(8114386552118049168577883416679077864672808493670718294274215610717572843963)); - vk.IC[11] = Pairing.G1Point(uint256(7782896038733621968832942200150060348729169883217332185424996914395075738032),uint256(20682377337106534901146812854074383535826740744181459358117072396602346484606)); - vk.IC[12] = Pairing.G1Point(uint256(617901749705332346513537208464626960953097676177271170612675508795831094045),uint256(16186736174707113904460258035003488129644568973675010912669231698078479023222)); - vk.IC[13] = Pairing.G1Point(uint256(14477430187013369520618676362674934644081527218666492121095639975702523047093),uint256(13914336563460888476578316933419114155531706131840740221252768233483396324368)); - vk.IC[14] = Pairing.G1Point(uint256(5924187723811910208644055167942297972031087776772786313548743929893285133800),uint256(16361662290370920310451572623845118040008422660307051722847580146457871736989)); - vk.IC[15] = Pairing.G1Point(uint256(17090166758717550052215882897464335068092945362735421722892605678597646540057),uint256(16398300913997240579023943771253062149083261407674822502769328439978123578689)); - vk.IC[16] = Pairing.G1Point(uint256(7574674900722229272749996430153170469828315370484171764654649633984135615279),uint256(5069496413177806803124281195026969110815809700378025228167702995573586665836)); - vk.IC[17] = Pairing.G1Point(uint256(10441721171682792688941253005732564080622492912137608063443699246450315451923),uint256(15398991661933253947425996624904544110556542286879829919064231912826539570526)); - vk.IC[18] = Pairing.G1Point(uint256(17674413698382420009917026819492643888193304168981044450949863673048991538414),uint256(9527495908817414334530454481572961657315487660716656106473790248118706961070)); - vk.IC[19] = Pairing.G1Point(uint256(1305107076420532159069082995140140252760452422131801890994478405555848637105),uint256(20641138567711443797973886773618825716028720528130685248162815978012474008318)); - vk.IC[20] = Pairing.G1Point(uint256(20823282309713566159682969445806802229330524100205102112933548669175660181229),uint256(1585818072534898485010386083641472744958777764688589865815398129584392257276)); - vk.IC[21] = Pairing.G1Point(uint256(8602838104248160338689652217659749853668007141927006509298162439781733248626),uint256(3031659185416842164642200249451988498992828231012099148797461669175568452385)); - vk.IC[22] = Pairing.G1Point(uint256(15062697778545981716015498304594399446175287977109202577788056450289044074530),uint256(14595426536584631660528478734922855298873285152019524939752258039412967085035)); - vk.IC[23] = Pairing.G1Point(uint256(9203110864527021095159434212260506563713459019946440113668834753150698387275),uint256(6633831390080912793725673980685906970380191858784131579135247042888943087524)); - vk.IC[24] = Pairing.G1Point(uint256(9703769305917897594120374760147891009572024854624222123846683638776025013089),uint256(16754141899540658922386431411326524911697563540800148668488844811424060636134)); - - } - - /* - * @returns Whether the proof is valid given the hardcoded verifying key - * above and the public inputs - */ - function verifyProof( - uint256[2] memory a, - uint256[2][2] memory b, - uint256[2] memory c, - uint256[] memory input - ) public view returns (bool) { - - Proof memory proof; - proof.A = Pairing.G1Point(a[0], a[1]); - proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.C = Pairing.G1Point(c[0], c[1]); - - VerifyingKey memory vk = verifyingKey(); - - // Compute the linear combination vk_x - Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); - - // Make sure that proof.A, B, and C are each less than the prime q - require(proof.A.X < PRIME_Q, "verifier-aX-gte-prime-q"); - require(proof.A.Y < PRIME_Q, "verifier-aY-gte-prime-q"); - - require(proof.B.X[0] < PRIME_Q, "verifier-bX0-gte-prime-q"); - require(proof.B.Y[0] < PRIME_Q, "verifier-bY0-gte-prime-q"); - - require(proof.B.X[1] < PRIME_Q, "verifier-bX1-gte-prime-q"); - require(proof.B.Y[1] < PRIME_Q, "verifier-bY1-gte-prime-q"); - - require(proof.C.X < PRIME_Q, "verifier-cX-gte-prime-q"); - require(proof.C.Y < PRIME_Q, "verifier-cY-gte-prime-q"); - - // Make sure that every input is less than the snark scalar field - //for (uint256 i = 0; i < input.length; i++) { - for (uint256 i = 0; i < 24; i++) { - require(input[i] < SNARK_SCALAR_FIELD,"verifier-gte-snark-scalar-field"); - vk_x = Pairing.plus(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); - } - - vk_x = Pairing.plus(vk_x, vk.IC[0]); - - return Pairing.pairing( - Pairing.negate(proof.A), - proof.B, - vk.alpha1, - vk.beta2, - vk_x, - vk.gamma2, - proof.C, - vk.delta2 - ); - } -} \ No newline at end of file diff --git a/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifier32Batch16.sol b/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifier32Batch16.sol deleted file mode 100644 index 7450710a4..000000000 --- a/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifier32Batch16.sol +++ /dev/null @@ -1,270 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Copyright 2017 Christian Reitwiessner -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to -// deal in the Software without restriction, including without limitation the -// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -// sell copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -// IN THE SOFTWARE. - -// 2019 OKIMS - -pragma solidity ^0.6.12; - -library Pairing { - - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct G1Point { - uint256 X; - uint256 Y; - } - - // Encoding of field elements is: X[0] * z + X[1] - struct G2Point { - uint256[2] X; - uint256[2] Y; - } - - /* - * @return The negation of p, i.e. p.plus(p.negate()) should be zero. - */ - function negate(G1Point memory p) internal pure returns (G1Point memory) { - - // The prime q in the base field F_q for G1 - if (p.X == 0 && p.Y == 0) { - return G1Point(0, 0); - } else { - return G1Point(p.X, PRIME_Q - (p.Y % PRIME_Q)); - } - } - - /* - * @return The sum of two points of G1 - */ - function plus( - G1Point memory p1, - G1Point memory p2 - ) internal view returns (G1Point memory r) { - - uint256[4] memory input; - input[0] = p1.X; - input[1] = p1.Y; - input[2] = p2.X; - input[3] = p2.Y; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-add-failed"); - } - - /* - * @return The product of a point on G1 and a scalar, i.e. - * p == p.scalar_mul(1) and p.plus(p) == p.scalar_mul(2) for all - * points p. - */ - function scalar_mul(G1Point memory p, uint256 s) internal view returns (G1Point memory r) { - - uint256[3] memory input; - input[0] = p.X; - input[1] = p.Y; - input[2] = s; - bool success; - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 7, input, 0x80, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - require (success,"pairing-mul-failed"); - } - - /* @return The result of computing the pairing check - * e(p1[0], p2[0]) * .... * e(p1[n], p2[n]) == 1 - * For example, - * pairing([P1(), P1().negate()], [P2(), P2()]) should return true. - */ - function pairing( - G1Point memory a1, - G2Point memory a2, - G1Point memory b1, - G2Point memory b2, - G1Point memory c1, - G2Point memory c2, - G1Point memory d1, - G2Point memory d2 - ) internal view returns (bool) { - - G1Point[4] memory p1 = [a1, b1, c1, d1]; - G2Point[4] memory p2 = [a2, b2, c2, d2]; - - uint256 inputSize = 24; - uint256[] memory input = new uint256[](inputSize); - - for (uint256 i = 0; i < 4; i++) { - uint256 j = i * 6; - input[j + 0] = p1[i].X; - input[j + 1] = p1[i].Y; - input[j + 2] = p2[i].X[0]; - input[j + 3] = p2[i].X[1]; - input[j + 4] = p2[i].Y[0]; - input[j + 5] = p2[i].Y[1]; - } - - uint256[1] memory out; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 8, add(input, 0x20), mul(inputSize, 0x20), out, 0x20) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-opcode-failed"); - - return out[0] != 0; - } -} - -contract BatchUpdateStateTreeVerifier32Batch16 { - - using Pairing for *; - - uint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct VerifyingKey { - Pairing.G1Point alpha1; - Pairing.G2Point beta2; - Pairing.G2Point gamma2; - Pairing.G2Point delta2; - Pairing.G1Point[41] IC; - } - - struct Proof { - Pairing.G1Point A; - Pairing.G2Point B; - Pairing.G1Point C; - } - - function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alpha1 = Pairing.G1Point(uint256(17564466972987208178905070198019717960990774560424996549632340406571921270135),uint256(6212564911154525198736769572109918484573926992228075175561121911305420747892)); - vk.beta2 = Pairing.G2Point([uint256(19862806046850266517918019458699375042492414007810580051130360096409146797114),uint256(18968182867766566527308258731979440721408347503223170931357675093063900018998)], [uint256(15869963506744343382954688098759615756353669448820636651988694593208220260541),uint256(17415631041899920918759548249552784090262638044632769170520738845364398275366)]); - vk.gamma2 = Pairing.G2Point([uint256(11257253160245273080869306676658832074325489738113181602057846648381137371076),uint256(397473356291690562654977459050659929392435262209846402221339197403868900174)], [uint256(15964627439216663086041856051177544908720747472786343019771626700991693030486),uint256(6022076246583820501204467975945998225634462297953032723555607903078152261782)]); - vk.delta2 = Pairing.G2Point([uint256(8960304480954470322423292821010723559000712087743155784344677845709031842356),uint256(4733214216315583653992596764777849980658452927149554703439675897776902590030)], [uint256(5883145061333084001583838147325844327393273269643138829803996465957380959561),uint256(6556416943678009124760019244975816690522642072024061675141905579498114037881)]); - vk.IC[0] = Pairing.G1Point(uint256(20573688474783321846811030145444435978946625455817040976400110171429717762313),uint256(14219795410675122323711179893760742300342532333476317858787056167262160908937)); - vk.IC[1] = Pairing.G1Point(uint256(16042051692957428703650515029444172293895511179110788253133560310150814316357),uint256(17413331071024005080031335036071091790041478145914042688818908877361537279793)); - vk.IC[2] = Pairing.G1Point(uint256(4469309738798192251990686173604159186219995479238540395764540658446930749145),uint256(11574488575927551819587207552625323277821402181373682396813667332531657122576)); - vk.IC[3] = Pairing.G1Point(uint256(13663215469207902744973802514353956563905823199937005483772920223690579405487),uint256(14871215385058895610722549990927147904343728800816746147041918066710584226713)); - vk.IC[4] = Pairing.G1Point(uint256(3489292745098913386172335587317749246980343597777688754173176571645664598569),uint256(16900666770697929965250780969454193347188841711403509395696012994572983674828)); - vk.IC[5] = Pairing.G1Point(uint256(2945290910588501179672392707111211440991551718469541150674976815500282424963),uint256(14598879565524130705374188049646292346600280808118113951050422637050501514200)); - vk.IC[6] = Pairing.G1Point(uint256(1743907228984471502641556290643648078257956018892523942117108222472161514139),uint256(13546457107687734244831126558572113644917121420356142865411127965095244393366)); - vk.IC[7] = Pairing.G1Point(uint256(16239926623460462478853653011219290924924349984217262572113572728526722183948),uint256(6389572798636712055906110008459033979858910590912048163453532204275624832591)); - vk.IC[8] = Pairing.G1Point(uint256(4530655587139374397780646343900207609123290875354646335164468398273552121272),uint256(14128028354444670871720348761393076419788117867224991521747385291768930733900)); - vk.IC[9] = Pairing.G1Point(uint256(2084130186412291868004808742213302933245412886080440295285131766970403857381),uint256(13804644315777078738867680048258647864123013819623348345307968440653417669189)); - vk.IC[10] = Pairing.G1Point(uint256(18709486436861021941485824601602744556543964540298118932107637038300041246452),uint256(6227388549172304522473912467840752177496736905518667301640567961284075418436)); - vk.IC[11] = Pairing.G1Point(uint256(19122006749333320301608897562376816558619150023714623953742504350126075003788),uint256(1363782165044296870545293244929009318232323707960615856401281654383175898692)); - vk.IC[12] = Pairing.G1Point(uint256(5364413641687847338151532060627376981772485264434472923538886778626702553325),uint256(15629906454889243991306438607174696870420819153196924767318221349043732920137)); - vk.IC[13] = Pairing.G1Point(uint256(359121925809342098662374393566383044710271325511783297443508988005252057893),uint256(10811152193314929697376755563378270957694626213124806939092423550685049711334)); - vk.IC[14] = Pairing.G1Point(uint256(17981051144466785906880479913215952997275376146299543204378412051670626574122),uint256(9186797238560565226322431760068041435141486516483393586811312602762508934600)); - vk.IC[15] = Pairing.G1Point(uint256(6365374263154884818000869700803640946567044106549610402459455159852388744718),uint256(11797546156554134645751011447880999714231910885220716843380510034965755651040)); - vk.IC[16] = Pairing.G1Point(uint256(10032451025857463031715146956483534885580387223837889532345041361533387806339),uint256(3387493870558732227389076524589538808644245211636504330892809177455235677785)); - vk.IC[17] = Pairing.G1Point(uint256(2410612158467426620067995137390208949985066150538147153449069937898731808572),uint256(18521287304374984854388998234185412497698792859563570797864631992955274102818)); - vk.IC[18] = Pairing.G1Point(uint256(1813841176463493988104135613769097659002362073379920872551589566744485729425),uint256(6358940015006101246169889831008910886341927609866160536081376191976735620689)); - vk.IC[19] = Pairing.G1Point(uint256(19847081327301917802071509303149389020431564544248328496360668988278832485136),uint256(5211553418968503163058788485400452950515983724722138311061753467468280712633)); - vk.IC[20] = Pairing.G1Point(uint256(3426067802106052552538239688068111098552336356878690064196584551340276343362),uint256(16164134703700162701548772292563817322744059513730556911486018167068452826168)); - vk.IC[21] = Pairing.G1Point(uint256(8668312818069908501493412489204108759565349640063306306478085197244829974013),uint256(13810982784687518301385299461854703917878448472895644674481777667257255651320)); - vk.IC[22] = Pairing.G1Point(uint256(981077468077602291838374553840063429865380290334026656328300299263444718358),uint256(9119368190311983873098621061906337470424090352798797307268722991397740756160)); - vk.IC[23] = Pairing.G1Point(uint256(12527168323265871598354886691498363541846438222537709625367385945449773211746),uint256(2917118573022600221023372381853434922615408196327449576428539574935065403243)); - vk.IC[24] = Pairing.G1Point(uint256(10930278986094694298133371790221234279985134460531943692403668317610232742941),uint256(5862695788973409172672967320590899199162083486531717036727412479032235988065)); - vk.IC[25] = Pairing.G1Point(uint256(19143840440293111384177720404724681785293925298123626495518125552351038037165),uint256(7856520125014358900158196027676468930009418746941329024543565879388665656381)); - vk.IC[26] = Pairing.G1Point(uint256(6775239578044551661567862976069748513078619995670391427056172891956633265071),uint256(9284560981899345091778250628921565052467457991819815198504467006412459015751)); - vk.IC[27] = Pairing.G1Point(uint256(5437988353950279901669028370215493448328043979559724253975191086761262229143),uint256(8176067762582906031719418628593932629618591280530549530843556225763407224284)); - vk.IC[28] = Pairing.G1Point(uint256(14419631426965159557658781212186643724248390035688706768554749807493869120240),uint256(20829049296989859000251091454357109695901711580992440150395839575453171214015)); - vk.IC[29] = Pairing.G1Point(uint256(19608141634472932940433918240261639952962553934341785939122543569039402409141),uint256(13202356373118919099990439264234752617330284072473003408798579312466654945225)); - vk.IC[30] = Pairing.G1Point(uint256(6721446556587383910935961059312054388432394977522853801119708229959202737436),uint256(18874416278004109801516351556023467746164986339155152231450545308976800785800)); - vk.IC[31] = Pairing.G1Point(uint256(1121297910398623972014321595193328729838277331998467353747864490201136608978),uint256(5479532420089283113354607976800616803141032716983446523858749471234109786252)); - vk.IC[32] = Pairing.G1Point(uint256(467086760777282035652878041333579903278580939332416688170241256808993547575),uint256(13756152367683309448429375410787943224591772034678008033485038211776826923105)); - vk.IC[33] = Pairing.G1Point(uint256(544588907891071733780736623354853251736286846455666159919529736335009172121),uint256(19814174389629121597516552220557392671724772880943104553900974211505364673700)); - vk.IC[34] = Pairing.G1Point(uint256(9718043170262637281912309305033913756397788551277481886761502969350964449209),uint256(9928286376606476192337438359582609228172024954515187888460390683064495863566)); - vk.IC[35] = Pairing.G1Point(uint256(8833241059924366760602716054754193491983227264165402284693696886993482375792),uint256(20217437076969561492960066126914621838511190476542843609181381577334240082262)); - vk.IC[36] = Pairing.G1Point(uint256(21691301249544308137330827386088690246733997944828733953042133363071032775561),uint256(8416731669909969552797133391600423980357220150298256151928192993549593014572)); - vk.IC[37] = Pairing.G1Point(uint256(18591239855619987960480421772799014085639022706413599497355173036346631326229),uint256(19557170727169515145077122571593152129100237734331890620470088472162864118761)); - vk.IC[38] = Pairing.G1Point(uint256(3862906872967117807500943404548237031139970973065025611287515004824373974308),uint256(14763824391416574387650349848092354763656539119581187921054485482268328744531)); - vk.IC[39] = Pairing.G1Point(uint256(4581382328791187996308811405974001991040756459205750759173122039179987836596),uint256(14577738635095065315453864617647694757772478953718921634232796382928686688380)); - vk.IC[40] = Pairing.G1Point(uint256(17187231740479352852864198251137151477227537702159385928600612471898233918627),uint256(835160958364646681144544132626099284400020971025799680904837349622297335830)); - - } - - /* - * @returns Whether the proof is valid given the hardcoded verifying key - * above and the public inputs - */ - function verifyProof( - uint256[2] memory a, - uint256[2][2] memory b, - uint256[2] memory c, - uint256[] memory input - ) public view returns (bool) { - - Proof memory proof; - proof.A = Pairing.G1Point(a[0], a[1]); - proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.C = Pairing.G1Point(c[0], c[1]); - - VerifyingKey memory vk = verifyingKey(); - - // Compute the linear combination vk_x - Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); - - // Make sure that proof.A, B, and C are each less than the prime q - require(proof.A.X < PRIME_Q, "verifier-aX-gte-prime-q"); - require(proof.A.Y < PRIME_Q, "verifier-aY-gte-prime-q"); - - require(proof.B.X[0] < PRIME_Q, "verifier-bX0-gte-prime-q"); - require(proof.B.Y[0] < PRIME_Q, "verifier-bY0-gte-prime-q"); - - require(proof.B.X[1] < PRIME_Q, "verifier-bX1-gte-prime-q"); - require(proof.B.Y[1] < PRIME_Q, "verifier-bY1-gte-prime-q"); - - require(proof.C.X < PRIME_Q, "verifier-cX-gte-prime-q"); - require(proof.C.Y < PRIME_Q, "verifier-cY-gte-prime-q"); - - // Make sure that every input is less than the snark scalar field - //for (uint256 i = 0; i < input.length; i++) { - for (uint256 i = 0; i < 40; i++) { - require(input[i] < SNARK_SCALAR_FIELD,"verifier-gte-snark-scalar-field"); - vk_x = Pairing.plus(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); - } - - vk_x = Pairing.plus(vk_x, vk.IC[0]); - - return Pairing.pairing( - Pairing.negate(proof.A), - proof.B, - vk.alpha1, - vk.beta2, - vk_x, - vk.gamma2, - proof.C, - vk.delta2 - ); - } -} diff --git a/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifierBatch64.sol b/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifierBatch64.sol deleted file mode 100644 index a6d6f798a..000000000 --- a/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifierBatch64.sol +++ /dev/null @@ -1,366 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Copyright 2017 Christian Reitwiessner -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to -// deal in the Software without restriction, including without limitation the -// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -// sell copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -// IN THE SOFTWARE. - -// 2019 OKIMS - -pragma solidity ^0.6.12; - -library Pairing { - - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct G1Point { - uint256 X; - uint256 Y; - } - - // Encoding of field elements is: X[0] * z + X[1] - struct G2Point { - uint256[2] X; - uint256[2] Y; - } - - /* - * @return The negation of p, i.e. p.plus(p.negate()) should be zero. - */ - function negate(G1Point memory p) internal pure returns (G1Point memory) { - - // The prime q in the base field F_q for G1 - if (p.X == 0 && p.Y == 0) { - return G1Point(0, 0); - } else { - return G1Point(p.X, PRIME_Q - (p.Y % PRIME_Q)); - } - } - - /* - * @return The sum of two points of G1 - */ - function plus( - G1Point memory p1, - G1Point memory p2 - ) internal view returns (G1Point memory r) { - - uint256[4] memory input; - input[0] = p1.X; - input[1] = p1.Y; - input[2] = p2.X; - input[3] = p2.Y; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-add-failed"); - } - - /* - * @return The product of a point on G1 and a scalar, i.e. - * p == p.scalar_mul(1) and p.plus(p) == p.scalar_mul(2) for all - * points p. - */ - function scalar_mul(G1Point memory p, uint256 s) internal view returns (G1Point memory r) { - - uint256[3] memory input; - input[0] = p.X; - input[1] = p.Y; - input[2] = s; - bool success; - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 7, input, 0x80, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - require (success,"pairing-mul-failed"); - } - - /* @return The result of computing the pairing check - * e(p1[0], p2[0]) * .... * e(p1[n], p2[n]) == 1 - * For example, - * pairing([P1(), P1().negate()], [P2(), P2()]) should return true. - */ - function pairing( - G1Point memory a1, - G2Point memory a2, - G1Point memory b1, - G2Point memory b2, - G1Point memory c1, - G2Point memory c2, - G1Point memory d1, - G2Point memory d2 - ) internal view returns (bool) { - - G1Point[4] memory p1 = [a1, b1, c1, d1]; - G2Point[4] memory p2 = [a2, b2, c2, d2]; - - uint256 inputSize = 24; - uint256[] memory input = new uint256[](inputSize); - - for (uint256 i = 0; i < 4; i++) { - uint256 j = i * 6; - input[j + 0] = p1[i].X; - input[j + 1] = p1[i].Y; - input[j + 2] = p2[i].X[0]; - input[j + 3] = p2[i].X[1]; - input[j + 4] = p2[i].Y[0]; - input[j + 5] = p2[i].Y[1]; - } - - uint256[1] memory out; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 8, add(input, 0x20), mul(inputSize, 0x20), out, 0x20) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-opcode-failed"); - - return out[0] != 0; - } -} - -contract BatchUpdateStateTreeVerifierBatch64 { - - using Pairing for *; - - uint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct VerifyingKey { - Pairing.G1Point alpha1; - Pairing.G2Point beta2; - Pairing.G2Point gamma2; - Pairing.G2Point delta2; - Pairing.G1Point[137] IC; - } - - struct Proof { - Pairing.G1Point A; - Pairing.G2Point B; - Pairing.G1Point C; - } - - function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alpha1 = Pairing.G1Point(uint256(20111080972059956339770330822842174014028834762406291931369219466654304651947),uint256(12617701555281079140502645308327272670695003907823882015559302949283468652265)); - vk.beta2 = Pairing.G2Point([uint256(13542344348353495181403994427087825307359707135045861990032896341194354804027),uint256(21495413117026630692390948489284050783642854854611941789985830749278288076019)], [uint256(14506113082745454888160012508724679162141302039154827891210912565820929074277),uint256(3350288264585300535086052300399402169962936857002440578169769772249674537321)]); - vk.gamma2 = Pairing.G2Point([uint256(1405893342850909592901993047116357102257777845904120854072918797353322262004),uint256(19039671411780007398709575658966632348032959209903650830372041924458096901884)], [uint256(10246278299067469558430169227798852211761712958408139619453971385803508820401),uint256(15610397642216218497160132307603098145221061848302396069439857040941724165478)]); - vk.delta2 = Pairing.G2Point([uint256(218449558449230811211684913120166693986265997555702745202050296498830988537),uint256(5407412409774150903042787049136199519480710038481547450708858944052764255898)], [uint256(11041661707049238194800418097140585648833245776885036685698406508603026023618),uint256(133760400102501241432017477738575766306011192481736590344059611691663304908)]); - vk.IC[0] = Pairing.G1Point(uint256(21154028465075083712658841897667003802526258215567114307761064418376815086215),uint256(1508603373580985357750185712435454283342822243681375102146040323901851882861)); - vk.IC[1] = Pairing.G1Point(uint256(17138670918452087442204333646184278115264761559617238017915185098227172982811),uint256(5611082957038412360589088211229082874946611618574538759210306439661299176945)); - vk.IC[2] = Pairing.G1Point(uint256(15390062030817469858239962767688560984963862923150691651695470714836749513537),uint256(2326278356592104332893498078974085120183205776960952327317801670322144268312)); - vk.IC[3] = Pairing.G1Point(uint256(670502483544788577495533106037306685680302193138027386568284657638217305162),uint256(13899932709234250089113138746199887493989716128773617251114173979406178685854)); - vk.IC[4] = Pairing.G1Point(uint256(1668858581160068229751170422086552283069112892923284875458714097455940271060),uint256(10963928549779385078551207286148560603493064860855479456777796037752746438821)); - vk.IC[5] = Pairing.G1Point(uint256(14443949715331357106440648501127551284419877012742935773796450280993895557950),uint256(7327092816369746696069608426307677295251675492358792703722654814347910670799)); - vk.IC[6] = Pairing.G1Point(uint256(5195131423503819493553434036524142715087086191307960034902232416510656885185),uint256(12954097701521836361385154063939800867915572539231767504727206187028067060316)); - vk.IC[7] = Pairing.G1Point(uint256(5014496811794396976665624820671057271105624005885691507118903143762222055653),uint256(2439861537398184499213246384674917439703377312852628599682703382994166713105)); - vk.IC[8] = Pairing.G1Point(uint256(4283779997045552072886989647120873562506891397517893101552024394063778228179),uint256(6797444259192627688173655690751340206418239290444353902720624326561114110758)); - vk.IC[9] = Pairing.G1Point(uint256(1764526698812192069022588686170356509360022164888258513593936487059961066941),uint256(17009662947771196235743594446075866146647869480629555603040823675969643779051)); - vk.IC[10] = Pairing.G1Point(uint256(4634044914106045971667518785339036534014121178220843446289537005542492308535),uint256(15546587576688521479105738976327958863746365837253142983784091540880955579980)); - vk.IC[11] = Pairing.G1Point(uint256(2715687604695872089734177102456674874291540185351660893793943298723076162023),uint256(8175293297644947591266018188895500373877148851930870966940114884237467841513)); - vk.IC[12] = Pairing.G1Point(uint256(20121655344011849412536946281011930004933787724346969597015929984774157832582),uint256(21105616102575587428032100019159228354467439290237984300855255375809452861700)); - vk.IC[13] = Pairing.G1Point(uint256(12196403456413067372907894607228547021168026355185769152640581456011640908115),uint256(21407951242918884928699901097047515520528209072349143202832003101963003432617)); - vk.IC[14] = Pairing.G1Point(uint256(5310579898763467707257750843874466287781776312027753089568037427631501300785),uint256(13656390395313566507812604343352575249308212454341840895399980715808616168680)); - vk.IC[15] = Pairing.G1Point(uint256(5228663941897766588851959590652190955458180715181587426615826411725401946424),uint256(17071465706070749339990865138715666296514424588111537608363813692692990940366)); - vk.IC[16] = Pairing.G1Point(uint256(21392686683745202445405791550348258910214506132555422218147448100798518012624),uint256(19973818140995305279304988251723192392522267302457604906450941473549909206005)); - vk.IC[17] = Pairing.G1Point(uint256(15195347567926738961665396600441664048946386695266635762683008484732412196206),uint256(5443504796488635873491333526101509884793241238220915769454608984351813705352)); - vk.IC[18] = Pairing.G1Point(uint256(507648814511001940181794192328810194158207104111469073500188579284369879392),uint256(19878164414562305196590521861798978690302638328953743153865298948302940844681)); - vk.IC[19] = Pairing.G1Point(uint256(7804204219955298169106734572698710394497148749473703625951731300392649704154),uint256(20749617701130874929367317738562309195716127925605185086004583710327959048427)); - vk.IC[20] = Pairing.G1Point(uint256(4136423452244920542789285713474930233560780284858790342002681682013099183779),uint256(9973148020780206454495393084156055095162709960047565170525379600003193810062)); - vk.IC[21] = Pairing.G1Point(uint256(7431606657645725193952573841697636390810591901046924605499097775346387992290),uint256(5564038490812252127842883537078377994942518033402640280384493207800949173851)); - vk.IC[22] = Pairing.G1Point(uint256(15626975527875622140792987711825573705920791436147184958617981173929107303657),uint256(14502833020345145695691362402464485762891674236180321493138116694907998011)); - vk.IC[23] = Pairing.G1Point(uint256(12878936960170927766371526382844902588843389976321318914661478214677770790248),uint256(5876460520718282533702520524897969113039507901531034929557462309166868606822)); - vk.IC[24] = Pairing.G1Point(uint256(16206306303565793121727450649844616805570868789440368125097120703656428468197),uint256(21466131705360086522427463180380688685767570787253803257228497277582175527492)); - vk.IC[25] = Pairing.G1Point(uint256(21415591897257783503862369405185488044149515290857177493989651919054569685198),uint256(19111807106136759041568303560519102945559357726442697071460970763574722828826)); - vk.IC[26] = Pairing.G1Point(uint256(18597076716458443423413289916997990176080742981245463826800606445425301059259),uint256(7848662551744864770963244474671513926512950753742401298459761273493739794876)); - vk.IC[27] = Pairing.G1Point(uint256(13478058920612073343883464152893321390311200483920696440656727524055057501695),uint256(1141484237022293981977393567736173116561183466681305710973251196757434813744)); - vk.IC[28] = Pairing.G1Point(uint256(15769077441619055970381886505780732308249815547683508143977406021029452872552),uint256(11041176207552285494760896858611142356090292881145533908058442986708927140068)); - vk.IC[29] = Pairing.G1Point(uint256(6317204961991307505110367333461546493002130407088713977697365919648289809555),uint256(16485259080552904056112526579040492506588962838309100629831761305228011180668)); - vk.IC[30] = Pairing.G1Point(uint256(4257110455950153652298535845399920474497037031925464616890886837426603419588),uint256(11872545793699592767799719701047416357370472440569693263077615092286272478514)); - vk.IC[31] = Pairing.G1Point(uint256(6961807017167071724371454268303022052413314092826667739692730740465087447637),uint256(3548416379898170774979179836877281134673281973630993406136692598268193428615)); - vk.IC[32] = Pairing.G1Point(uint256(21126159292924936794341610841149549910479950100575700253425887185534804026911),uint256(9665356991799845435109808741455357929036550119689810467582994476043039656375)); - vk.IC[33] = Pairing.G1Point(uint256(4126555849352009875773383333602810568818670985786945593706220065006276506699),uint256(13389907085387505200515368697127009874021544752954888239558364644026308267105)); - vk.IC[34] = Pairing.G1Point(uint256(9237247460110549033997472057018612356175421663903706416565822025921474348482),uint256(12479126715944469540020905209065301961586449718316255995034034427944451434840)); - vk.IC[35] = Pairing.G1Point(uint256(141999452778411753111875715249603444123023422502137319587911822280155648959),uint256(1953125230366380735124086773077985745995946475601777124731379373291524377234)); - vk.IC[36] = Pairing.G1Point(uint256(11781645780818495939618015750292991736294631437879209396450605477900247000129),uint256(10427776284156614685231665682387604681177186710015159262013630828614428971274)); - vk.IC[37] = Pairing.G1Point(uint256(7320842327404510671561729460506495430535413853828849843449519029765075554813),uint256(21672549045605752785173249488145571339262757812277123222081715504950345316114)); - vk.IC[38] = Pairing.G1Point(uint256(15843737739485817496811128063605940139111457287880259830761212263801078571298),uint256(18242013210254730973873870903453729710621046943883887111042684248588571061847)); - vk.IC[39] = Pairing.G1Point(uint256(20016595100062158316451938534243252321996797777010650604387061069048405385417),uint256(20993637865430287538984233040285431558951614830256982679897124168312952630939)); - vk.IC[40] = Pairing.G1Point(uint256(15334716930997133577306970429209161911742529260933017908277231237452607330821),uint256(685388011722901396424928778072393449123264587481808881182825804771090518383)); - vk.IC[41] = Pairing.G1Point(uint256(1303572165860930120284335343212677918045902191683549658721438126058571397640),uint256(13905311908068188694433787916547614635591226084525428070472134336893399093746)); - vk.IC[42] = Pairing.G1Point(uint256(14221300826968969082380487511562669771162038931016459790783016554828539071028),uint256(3793753201377522263643616048114341014139606587430774642745359231545618520074)); - vk.IC[43] = Pairing.G1Point(uint256(11832772449848274783470280628809411265387468482258558389852767954678108547210),uint256(14834860013882731405618722640186796344077421236283342428469907998531860454177)); - vk.IC[44] = Pairing.G1Point(uint256(17639041462588987659575385363021668478220589429834850328037158110389078883040),uint256(8704969675351836770098849680526710356004509474160008874237661643718531775648)); - vk.IC[45] = Pairing.G1Point(uint256(5300669047095411489879499682325147800890453538028385356237349525690882478918),uint256(15807078216435200960341268208073744792548344803921008654764854111918279022000)); - vk.IC[46] = Pairing.G1Point(uint256(16759701479370137632714483158195271493447455620368412483284976632032643763769),uint256(12119578575407359446677894550708029309579098640507319654992119663517978340030)); - vk.IC[47] = Pairing.G1Point(uint256(3546618055876451624271770844642081662395644632532568159350978635181892288450),uint256(7899711169092095967606908624829171809878683672403689963659422259393482150720)); - vk.IC[48] = Pairing.G1Point(uint256(12510986215555297660829149639903728729881090196649895701627872388148718275015),uint256(17938310289008954981347264094252860622099244536932534849229515962756808374025)); - vk.IC[49] = Pairing.G1Point(uint256(10409103229107940165748369566396677252139728324786456864640963494010260668235),uint256(12208504036723332249430584763478241147278778517031072962335060653268740832434)); - vk.IC[50] = Pairing.G1Point(uint256(19078937359506343330527168061276270611841567433397448629987841881566543425430),uint256(11481500418047012282975132773342910097993984928448563097150924565336610666536)); - vk.IC[51] = Pairing.G1Point(uint256(5668164983048179781866248655288808464925703406969538833351186308137830654277),uint256(2036685125881168735638155303624535536249217225379298881837967911494254746186)); - vk.IC[52] = Pairing.G1Point(uint256(10582885345920107024694752542268339630454841905176111334219464927407148285571),uint256(5302511072101913226528212309612354576738191518686848766232770054248911296133)); - vk.IC[53] = Pairing.G1Point(uint256(10763456976681834643711799449282626018019885337204621884611514607700042818803),uint256(2301609750924291463999855717400419535128299260641718628700547785424597102453)); - vk.IC[54] = Pairing.G1Point(uint256(14090175978138869104232840539484119022774252145335173930783246809099832962316),uint256(6221349702045432514870976695635674962728125885258176729129488888732828800410)); - vk.IC[55] = Pairing.G1Point(uint256(12979553571150817138420948789020393806894793915531144444421859462533374052099),uint256(19200617597505760330609395924204780472385656815449526965159307707620566764859)); - vk.IC[56] = Pairing.G1Point(uint256(17463292323109723850032883884721435618399847208181626612913544509828940781241),uint256(4640330488095610287297321719298782385410932546586616186092407400139615590090)); - vk.IC[57] = Pairing.G1Point(uint256(5026751021136652956884280623386725977584562160860216981445937597176863849153),uint256(3726806205455462506192306538007629772202324302040678177248736103409118613785)); - vk.IC[58] = Pairing.G1Point(uint256(10401634702025754926410545975890506063988215551615820658203094591849811159631),uint256(18749829455441645964781375179927225016584277575687706948231860700748733027052)); - vk.IC[59] = Pairing.G1Point(uint256(8900544578516002654755404382821090990852948336443604263092346279560463093021),uint256(18006601535750985461327662670949981534033907644968069359180602924268163004324)); - vk.IC[60] = Pairing.G1Point(uint256(4923009907077112126720542234146116224672392899835836662687070218433373705722),uint256(18423757328042105778787925090173086548101110659746089450844654256764118325601)); - vk.IC[61] = Pairing.G1Point(uint256(8496765642282856203983699155346261739858072134636611403990649857712160055778),uint256(4388334225743601326859195830073286369325699325286991437221049420432654092953)); - vk.IC[62] = Pairing.G1Point(uint256(6814778709224790817106591651987195100179673979164667477931063958497939427212),uint256(202848748206250811388580708835503713707654793206461021686825244651622264039)); - vk.IC[63] = Pairing.G1Point(uint256(9712073020664581454703761893278579101940468173428050353979543473165772895683),uint256(16040831046435892825035903107855958297938152758905062284792692747629553256707)); - vk.IC[64] = Pairing.G1Point(uint256(464285856079964863337668128884110751354784252445460337726538919141766442307),uint256(18298744009556568810538541912213974993321803850681854903651969678496784694111)); - vk.IC[65] = Pairing.G1Point(uint256(1095197435643971555064350556393021336605395355065960270057589173461184696337),uint256(2371995713846161841708775649454592609278907116185770018881555739791203555532)); - vk.IC[66] = Pairing.G1Point(uint256(21496449855100960838766768514830510452996823088263015662455987171227339154387),uint256(579596441272302995884967634501598678761512973483058268484496798383540310589)); - vk.IC[67] = Pairing.G1Point(uint256(18887705942025081976221623747494259379053007766953067407121210914692251976307),uint256(19263616461960262551559783019847173689300250342438900318562000334791634717184)); - vk.IC[68] = Pairing.G1Point(uint256(14716293115883307245092089544318348512298862035942865682986124416102553587746),uint256(13407174783655301681566217843988935740396704279597545147247198530403440438542)); - vk.IC[69] = Pairing.G1Point(uint256(8900997157012117172770905271175132729552960821748024149989068731273061894060),uint256(18274585601658156662940484885212221657515118604751892338041379436414857450227)); - vk.IC[70] = Pairing.G1Point(uint256(12167440767111275300984212539995067770335699142323631256234615040761402805822),uint256(9075299166921376582555856072820251116892867974126953073350366964708808984910)); - vk.IC[71] = Pairing.G1Point(uint256(2059815164798909576203732646672210899587142768137518599550435283468704025507),uint256(2608153945501014126591908624616527620011162747374867493421981432572216497882)); - vk.IC[72] = Pairing.G1Point(uint256(10599096542036501024265560487895513859113363423568037524937840260694705766171),uint256(9279326687807953384658592766685984239789127905534993112158348724015076837698)); - vk.IC[73] = Pairing.G1Point(uint256(18572463152745003849804098342368124919247700243449857746217649935067065850150),uint256(4271302815739774362417719364521319242832592843797563758771516686536354433825)); - vk.IC[74] = Pairing.G1Point(uint256(20588410275488673850673340736265898273778034663881535267761168002085081885071),uint256(14214623554987678047849743210352845290635958141580656013834998776699751159828)); - vk.IC[75] = Pairing.G1Point(uint256(2163722300592233786295471708199826265491705308195110455734978794412240252082),uint256(8267508554119920340725744568125044648312324782432899548133021564673192786292)); - vk.IC[76] = Pairing.G1Point(uint256(7197484269598779655985151220872592322066489414844363451684046156382303125419),uint256(21616596691508874538973614495991415514486861395908301007359214048159264706847)); - vk.IC[77] = Pairing.G1Point(uint256(9317296188908243633506496117686166305859402226985134506599967925055807406239),uint256(9246662625993721575939009540092858167693567801636177886999030975109306100431)); - vk.IC[78] = Pairing.G1Point(uint256(13130291969164442309654135261527037484695214343744471907179891767339554237812),uint256(19439420900777819255222132111763290888110851303845997171070229099783225604353)); - vk.IC[79] = Pairing.G1Point(uint256(8341274125831103087891955418526024155350981135186426107382130311966075308341),uint256(4004611672363485155286210618830799765020486401448881276116498234644093532588)); - vk.IC[80] = Pairing.G1Point(uint256(18169731422481037799505983555963375952636041638492364150413818994301923394922),uint256(6920580573279503695945721875233103879114044960770671707600918652213055872299)); - vk.IC[81] = Pairing.G1Point(uint256(14650110447931945378950543791319356392503885786645882445700101669286085199593),uint256(2672236893363303197228993949960317801525904563326503330829870235354157424455)); - vk.IC[82] = Pairing.G1Point(uint256(2528986115564995166900493334973939997264055530799688307116832245865032633252),uint256(16154503512380645952650117479127814018462759770354166106071852796538589151508)); - vk.IC[83] = Pairing.G1Point(uint256(19481294150685092990791924103805501678815906468656811961335770799971334206204),uint256(3363598330662226286855183671247665794560445868227630426048283517520728381115)); - vk.IC[84] = Pairing.G1Point(uint256(18978808201339133091409700185663114595291545168713536752334377601075245117564),uint256(1213612765235708464178869186669487814311448260124908714497814085098588994320)); - vk.IC[85] = Pairing.G1Point(uint256(14418075925290525696668747676082112105539395074953365477412301469559858950260),uint256(4594154586437226394452076127560734363696966763267974496550853723612732151304)); - vk.IC[86] = Pairing.G1Point(uint256(15244532626961782816328729554676239130116573352299399696442635297143065136722),uint256(16264067400808255284629914138151864703503231517377905402475157542088372521552)); - vk.IC[87] = Pairing.G1Point(uint256(13412404072841706439721760404171528212883832785394223681641514970735279943894),uint256(18772972421520087602416100777493366840700406847871247779866356020537964956696)); - vk.IC[88] = Pairing.G1Point(uint256(7278518834098053866811197734898595965893448864016564932459779237303281761639),uint256(9543037822177179166761432005315104657257283894479997218038173048112648103966)); - vk.IC[89] = Pairing.G1Point(uint256(1709222636826423108574086973126513957814331116981895535842631406293849262297),uint256(4171313661071748327281373689968909626610309456777530265707325990329480802799)); - vk.IC[90] = Pairing.G1Point(uint256(15179786172976985895438656664754965437591541176657924883571685176235651293728),uint256(11638096950777001048523602013267712327098521271732859050058176904585051580899)); - vk.IC[91] = Pairing.G1Point(uint256(2407781716437481630793286485722773331260575264950391514382377514019101702961),uint256(14458695686781772302449747288128751866667294558156464499992469536004627829083)); - vk.IC[92] = Pairing.G1Point(uint256(16468694895252699887555280460041688687239148427728528952752209086050643766774),uint256(20788646394947004095604345011150936219737186787061030407112092179878706057219)); - vk.IC[93] = Pairing.G1Point(uint256(3991089774358787341484887719129638059357053872667707502370199075852626851388),uint256(3902510497519799402123711531126476360243139127161818082359557470600621147465)); - vk.IC[94] = Pairing.G1Point(uint256(1466886815147365122710697057812173142241409916115347202712031841666728491371),uint256(11081437349185659268515559439118507187272381051158242403039829784368439096334)); - vk.IC[95] = Pairing.G1Point(uint256(15675367948639125929148213270961949441292490055618970357828231434598551590204),uint256(2778909164426958617541800819922952546319291205058583128114764331756307890038)); - vk.IC[96] = Pairing.G1Point(uint256(9493824125881071996157942648835347397579068134315426656519530306969327486571),uint256(13569015783770899535131482373694228204303101581888049300595964306574568460864)); - vk.IC[97] = Pairing.G1Point(uint256(9242602532194001182855914032689535056578184961713113993929815181120862231207),uint256(6484901250930427127830138798552069220619407988056810332966942878581890583162)); - vk.IC[98] = Pairing.G1Point(uint256(1523872847727869237456921431552857964814153573520494518692099453140090587506),uint256(17418695360532982046447994094582201363152685411867522147722234353839392352963)); - vk.IC[99] = Pairing.G1Point(uint256(11399742549177078929798714912076333760007468805044120388679382257106867494165),uint256(10670133949401240696006942337972465426990736934932061421488627959980739421528)); - vk.IC[100] = Pairing.G1Point(uint256(14433470718644592947375658909140593220622114396056063069015450435001476096193),uint256(3402331349906821334617732939054219019484982686825450914946814521361485434979)); - vk.IC[101] = Pairing.G1Point(uint256(21833676945846828172148864519474394581737351469412892197765854727950456147819),uint256(7462335039361807122731055524290203689391395125357934825602744430038141690911)); - vk.IC[102] = Pairing.G1Point(uint256(210066286602533018799742236569265965239665480635234801768634128214921900378),uint256(16977879956906814285553478771463215856313874372007024525393213937911956567308)); - vk.IC[103] = Pairing.G1Point(uint256(19485406473781142572266866513249570342833693458809793171812114197067555622413),uint256(14983003204010254445281945758732583005538659082097191657565536755860705984136)); - vk.IC[104] = Pairing.G1Point(uint256(1643409554143106462161536815350340794659353923663214739221709734566068746896),uint256(11288237047349511313733592916022399013051134309999893750401178613798551720496)); - vk.IC[105] = Pairing.G1Point(uint256(5660270548866243505458641580735922840522326056308552445940776615197111838792),uint256(16533532851632707812388601246498492787400003143775487523391826146411027105771)); - vk.IC[106] = Pairing.G1Point(uint256(18747657054895962286964950383285730210515655024520661768552618132579955125115),uint256(19027238642993917589693815893442453793582302233540587165226862529468750526603)); - vk.IC[107] = Pairing.G1Point(uint256(2650826258757381691643075897762790582637910639050159702541438068052629614054),uint256(3774731589623370538734392851462470712657730891426324115255281048189285372436)); - vk.IC[108] = Pairing.G1Point(uint256(4662400107144032873395173618484459148565405388335329460947219312803233640865),uint256(8073252455973744240359587336736369228115457758316383143255777663748671850386)); - vk.IC[109] = Pairing.G1Point(uint256(13244815569763137509027845541821848396881898000645766685064481010466764272952),uint256(15522973493542306202906347506987443126632067507488219275739902568044982305697)); - vk.IC[110] = Pairing.G1Point(uint256(19749116273014997405254210700055584858311566706740802020066495391263747011588),uint256(11738555759350126374410652439691111485806802038437627641262728151255748920647)); - vk.IC[111] = Pairing.G1Point(uint256(11455436321789801029959926621468100831387257112637033043144729421294765064839),uint256(10277663761094508810186911322351958424104244917715020422247125949835571149267)); - vk.IC[112] = Pairing.G1Point(uint256(12732537264035416277851608224506324531375270159226936067760069141822919044048),uint256(16416240630658544393597970037593706089294118301617257468224946372126948974082)); - vk.IC[113] = Pairing.G1Point(uint256(10516115624793536684758243788374015086509817039690631741147324866729714618420),uint256(7281097342761181523840666064202614730291420363390735832776326394623945061814)); - vk.IC[114] = Pairing.G1Point(uint256(1902373706865446835156364162955903136789061174445568661057522144610650427069),uint256(5452659003657947834438667736032309272469975574808215759517389777040039530319)); - vk.IC[115] = Pairing.G1Point(uint256(11891140194810316547361992199254053502185941207721636377627299695075892638278),uint256(16130283882098494590042359320753560234548959693114287821736368875186436623966)); - vk.IC[116] = Pairing.G1Point(uint256(14522514398752668329215638117210177464868398724634637927944188255719495719791),uint256(3403517244273478901791556803769637205898834452903997586511432370635451167411)); - vk.IC[117] = Pairing.G1Point(uint256(5734575700530357400562096763439606095780205077210360017987438644395685957016),uint256(14336954586773900618591010892691057715838366325074462859243020677418854888386)); - vk.IC[118] = Pairing.G1Point(uint256(12945113475405829440179988254017674878359904858305320385471664828323468960215),uint256(9331695673206621682725776908309057304745443130609501436382308569434664050737)); - vk.IC[119] = Pairing.G1Point(uint256(12805183903263949727947933481510994462075090289151015632646584549911707672114),uint256(15054758166003413547242371494822609546352775865411590496523538807337930162163)); - vk.IC[120] = Pairing.G1Point(uint256(1461650666181324607934715397719669697167766930891294777923440461927270052477),uint256(19979989352259333167426847501212112161778188563489085835157314671288124368343)); - vk.IC[121] = Pairing.G1Point(uint256(11200654822846841133725824364839307380833213205471277971844423265332774024060),uint256(10238782818030344762170615817154386114792703189345414964959003512861602156265)); - vk.IC[122] = Pairing.G1Point(uint256(18744324171982470808688651814809297411690580944649636605549308210994185657270),uint256(1328654417237017417010783392800592190819703116836024667917667110819463217203)); - vk.IC[123] = Pairing.G1Point(uint256(612266599210749035013745392268833690974426686975573120141391354476146241027),uint256(7903077119396400694450206637930278212614063414142131659931620450565889229384)); - vk.IC[124] = Pairing.G1Point(uint256(12798298805836523370442542016556603769932526767799169681647656847075273744276),uint256(2999423457284549668595714800652056858584184770644989181648205538604660031710)); - vk.IC[125] = Pairing.G1Point(uint256(15562951103048198246058544397019105032195165943285808912291386560600736792878),uint256(17254303321388628569857907786894515305009188117276406287966816967851392077824)); - vk.IC[126] = Pairing.G1Point(uint256(7857905771896587186044136087414656474604671307343998508011003584850698242314),uint256(965966572394044230411443545922398510058722123750783128100264132456694748186)); - vk.IC[127] = Pairing.G1Point(uint256(6826563322944870206262950323378042094930942787115856237220092687812916923338),uint256(16997356694684541445466543668304270868828514937784717244056774581901581744501)); - vk.IC[128] = Pairing.G1Point(uint256(6916461496370818557272906066818414648287924724221672605801357595072816551227),uint256(18709969507672604061817338077692474555037780314646588254854697996453602915421)); - vk.IC[129] = Pairing.G1Point(uint256(13953856422146529357914602862431925106403810477983604430514681346184534247396),uint256(5852214220014262914689217151035149197684391482947611614040822660076949017339)); - vk.IC[130] = Pairing.G1Point(uint256(883027530876177460300657468207253106021065999640005620485264456323124773674),uint256(9645521061995659521432534479570562814747093346092082788327789703319317765640)); - vk.IC[131] = Pairing.G1Point(uint256(7682396289453340034942765191901335113671659387001278538463716593824450777179),uint256(11159553141771355181354519876188974719165136270626670989121305930207064649429)); - vk.IC[132] = Pairing.G1Point(uint256(7834352299743738961211888560865104800760657368650393621357707010227902129305),uint256(5256303466095737975531528989934871846609654422399758301358728690752178996964)); - vk.IC[133] = Pairing.G1Point(uint256(5115977327746256824998071788278199443411955778535105982357034789442747671146),uint256(5868891348240646803024539375568175374772325608896242181635723021982168546519)); - vk.IC[134] = Pairing.G1Point(uint256(18828553669800119068476997516015930097243571498795866530032170278543012797891),uint256(1286300698474334950849038692739675849219302930241092756607360829287530426744)); - vk.IC[135] = Pairing.G1Point(uint256(18655018460061098164066901184027734560881886408801867234084210199953746031888),uint256(16134600889715752130216186812644915735718850558240252492338479115835565582540)); - vk.IC[136] = Pairing.G1Point(uint256(4485659543400195319589657606363653034690372730120772385411739404388056406598),uint256(12596043386375142555047260357771861294052774830451299708187886980188757722437)); - - } - - /* - * @returns Whether the proof is valid given the hardcoded verifying key - * above and the public inputs - */ - function verifyProof( - uint256[2] memory a, - uint256[2][2] memory b, - uint256[2] memory c, - uint256[] memory input - ) public view returns (bool) { - - Proof memory proof; - proof.A = Pairing.G1Point(a[0], a[1]); - proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.C = Pairing.G1Point(c[0], c[1]); - - VerifyingKey memory vk = verifyingKey(); - - // Compute the linear combination vk_x - Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); - - // Make sure that proof.A, B, and C are each less than the prime q - require(proof.A.X < PRIME_Q, "verifier-aX-gte-prime-q"); - require(proof.A.Y < PRIME_Q, "verifier-aY-gte-prime-q"); - - require(proof.B.X[0] < PRIME_Q, "verifier-bX0-gte-prime-q"); - require(proof.B.Y[0] < PRIME_Q, "verifier-bY0-gte-prime-q"); - - require(proof.B.X[1] < PRIME_Q, "verifier-bX1-gte-prime-q"); - require(proof.B.Y[1] < PRIME_Q, "verifier-bY1-gte-prime-q"); - - require(proof.C.X < PRIME_Q, "verifier-cX-gte-prime-q"); - require(proof.C.Y < PRIME_Q, "verifier-cY-gte-prime-q"); - - // Make sure that every input is less than the snark scalar field - //for (uint256 i = 0; i < input.length; i++) { - for (uint256 i = 0; i < 136; i++) { - require(input[i] < SNARK_SCALAR_FIELD,"verifier-gte-snark-scalar-field"); - vk_x = Pairing.plus(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); - } - - vk_x = Pairing.plus(vk_x, vk.IC[0]); - - return Pairing.pairing( - Pairing.negate(proof.A), - proof.B, - vk.alpha1, - vk.beta2, - vk_x, - vk.gamma2, - proof.C, - vk.delta2 - ); - } -} diff --git a/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifierCustom.sol b/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifierCustom.sol deleted file mode 100644 index 48ce34bcd..000000000 --- a/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifierCustom.sol +++ /dev/null @@ -1,366 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Copyright 2017 Christian Reitwiessner -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to -// deal in the Software without restriction, including without limitation the -// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -// sell copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -// IN THE SOFTWARE. - -// 2019 OKIMS - -pragma solidity ^0.6.12; - -library Pairing { - - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct G1Point { - uint256 X; - uint256 Y; - } - - // Encoding of field elements is: X[0] * z + X[1] - struct G2Point { - uint256[2] X; - uint256[2] Y; - } - - /* - * @return The negation of p, i.e. p.plus(p.negate()) should be zero. - */ - function negate(G1Point memory p) internal pure returns (G1Point memory) { - - // The prime q in the base field F_q for G1 - if (p.X == 0 && p.Y == 0) { - return G1Point(0, 0); - } else { - return G1Point(p.X, PRIME_Q - (p.Y % PRIME_Q)); - } - } - - /* - * @return The sum of two points of G1 - */ - function plus( - G1Point memory p1, - G1Point memory p2 - ) internal view returns (G1Point memory r) { - - uint256[4] memory input; - input[0] = p1.X; - input[1] = p1.Y; - input[2] = p2.X; - input[3] = p2.Y; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-add-failed"); - } - - /* - * @return The product of a point on G1 and a scalar, i.e. - * p == p.scalar_mul(1) and p.plus(p) == p.scalar_mul(2) for all - * points p. - */ - function scalar_mul(G1Point memory p, uint256 s) internal view returns (G1Point memory r) { - - uint256[3] memory input; - input[0] = p.X; - input[1] = p.Y; - input[2] = s; - bool success; - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 7, input, 0x80, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - require (success,"pairing-mul-failed"); - } - - /* @return The result of computing the pairing check - * e(p1[0], p2[0]) * .... * e(p1[n], p2[n]) == 1 - * For example, - * pairing([P1(), P1().negate()], [P2(), P2()]) should return true. - */ - function pairing( - G1Point memory a1, - G2Point memory a2, - G1Point memory b1, - G2Point memory b2, - G1Point memory c1, - G2Point memory c2, - G1Point memory d1, - G2Point memory d2 - ) internal view returns (bool) { - - G1Point[4] memory p1 = [a1, b1, c1, d1]; - G2Point[4] memory p2 = [a2, b2, c2, d2]; - - uint256 inputSize = 24; - uint256[] memory input = new uint256[](inputSize); - - for (uint256 i = 0; i < 4; i++) { - uint256 j = i * 6; - input[j + 0] = p1[i].X; - input[j + 1] = p1[i].Y; - input[j + 2] = p2[i].X[0]; - input[j + 3] = p2[i].X[1]; - input[j + 4] = p2[i].Y[0]; - input[j + 5] = p2[i].Y[1]; - } - - uint256[1] memory out; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 8, add(input, 0x20), mul(inputSize, 0x20), out, 0x20) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-opcode-failed"); - - return out[0] != 0; - } -} - -contract BatchUpdateStateTreeVerifierCustom { - - using Pairing for *; - - uint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct VerifyingKey { - Pairing.G1Point alpha1; - Pairing.G2Point beta2; - Pairing.G2Point gamma2; - Pairing.G2Point delta2; - Pairing.G1Point[137] IC; - } - - struct Proof { - Pairing.G1Point A; - Pairing.G2Point B; - Pairing.G1Point C; - } - - function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alpha1 = Pairing.G1Point(uint256(20087353828077202850794044320950857268374503478528972609823484324215331801636),uint256(11476883565453070321867378546975856970885584116909418759035533502511538352926)); - vk.beta2 = Pairing.G2Point([uint256(21661869609286011667004284886876061748883471906320898511156819152590982503460),uint256(1411267331255101216687187759308799712318293061108820897500456502826062760161)], [uint256(242338193632610253406780460721162660970322868717712034766855444702801043068),uint256(11205102304711535815941921385002492265801636744630227197506747841473030702040)]); - vk.gamma2 = Pairing.G2Point([uint256(10703132643546140356186378204895065022814221219458116741589121895614548783664),uint256(8728787808915888886518516188706571827044921488715782720858292899421614548992)], [uint256(21855932176432612007184523640521010134533271824713890942038051024979667517411),uint256(14463000202053145707614344130583620641279820564069360237424059003065520412766)]); - vk.delta2 = Pairing.G2Point([uint256(15511409780586937596469386375448730565918438087848214063975685304482412679403),uint256(2871962587045834446520485474136952467328346328772359835190464961287391630197)], [uint256(15098923887127735110115098383257212634964365431441844211165982132092604642119),uint256(19716506293446006761611333969798166840619850480902019859898831749671195591534)]); - vk.IC[0] = Pairing.G1Point(uint256(13449409323553982807626717659206995893486616914721488975771211075709370315026),uint256(19819167563363500342420294247298414043779583800301883591559879913778994928970)); - vk.IC[1] = Pairing.G1Point(uint256(18288751040873995405829352561880517511670216090222253370470629005274973230224),uint256(3340939551764112714060652679366038538227707806197811714382712640842923887338)); - vk.IC[2] = Pairing.G1Point(uint256(9034324435110195600984520035015153412337260951213866638651602731777208517827),uint256(14546595006162979541631014330847388063705106451104883570324018472333580218369)); - vk.IC[3] = Pairing.G1Point(uint256(18959526910556928462007511646743694022357186454775805231806268761848703787052),uint256(21548913956199741505617644115252315331247918262133746388493422156797029529793)); - vk.IC[4] = Pairing.G1Point(uint256(14667130442384977541051000098091277853515714184455121995211368752877562919286),uint256(1571213305279482731892557325220575745236783105648521604666877211311213326751)); - vk.IC[5] = Pairing.G1Point(uint256(19913405290485444662222555136914754224161963225418121384899196830085445637499),uint256(9353516643529373068293908681832909830620075327436046394651358446880200530845)); - vk.IC[6] = Pairing.G1Point(uint256(4392121493858814884850445257811530682565304094158379534072964024456308711140),uint256(14425403533600244626342298100875789752762767255327078376159416785560008923705)); - vk.IC[7] = Pairing.G1Point(uint256(15817729744441652723145528920073644919288747927823346517846772502038661326087),uint256(6339493756631971029867733380652623802663224827384426871973039193434998926674)); - vk.IC[8] = Pairing.G1Point(uint256(480637294199047307667161992553993337214654072373808050110284394523079810339),uint256(8832148377128939012209474718545762695603645681727887570297879424473451535544)); - vk.IC[9] = Pairing.G1Point(uint256(18744271653088608732764725475608044605973633651736355180626060057128665597247),uint256(10029431604036329130096548676181936710270515833881358240468741367688995476231)); - vk.IC[10] = Pairing.G1Point(uint256(2887974560189403494889743306897414514537070863016749530233722584820661287284),uint256(19531090389757911465455371999342290893522171780307155242713966624430836080666)); - vk.IC[11] = Pairing.G1Point(uint256(14831622056182946369342012331708153541419644376854897007623505162522515905155),uint256(17207180946963880497939168446060614092109855520510825916157704836216098405189)); - vk.IC[12] = Pairing.G1Point(uint256(15506398342704908970868595954855105998758099219541375937953499095105173507550),uint256(1509358924009691430397237655658579260967617755952022251213522582773276442679)); - vk.IC[13] = Pairing.G1Point(uint256(13081356290354186063074749971306070814496882977524291959736906760563684568695),uint256(9884406427032162441347033456153235609148950546399906330857509941718552620268)); - vk.IC[14] = Pairing.G1Point(uint256(719373316591795302151839273680068838979384878504494828773494046765201947280),uint256(4285574473052728017508050004433562406388738477725957133910140811836712357969)); - vk.IC[15] = Pairing.G1Point(uint256(1161961279887123633351369246418294359429428925248242696699854294267840126266),uint256(2753838659155669461065600495917012924384518686391121187033697795542200403972)); - vk.IC[16] = Pairing.G1Point(uint256(13682879487790288634920243025369860399504234851888478701512257545221680936810),uint256(2153246008085528874532592135250171671811203616520867548078143863278493007749)); - vk.IC[17] = Pairing.G1Point(uint256(3516369807590261163059894146447014910302140628998802112065686961872586702551),uint256(5370787160830393410214210351964623688718912410066120987032733452259286528086)); - vk.IC[18] = Pairing.G1Point(uint256(1988524361751778706932724684329605660441921048206095037586339797069472862182),uint256(21114285963513640070787641747881253082556602533623795027313886115253996080647)); - vk.IC[19] = Pairing.G1Point(uint256(2485955165890974183236816009331112192305108639988665043518792297482584311923),uint256(11880640146304852444592379682415385509408598783155502899174478577569880083056)); - vk.IC[20] = Pairing.G1Point(uint256(10219331172860533280779041276433310836289975824303193871202179089572278703569),uint256(7370861950873412157131303975669615391088774540400276783484707074149416805294)); - vk.IC[21] = Pairing.G1Point(uint256(14167728148516477840256196286607935101668320057446161671806500834090072725785),uint256(14874328203966708937121090833723158080118646495824532613915964279405802897922)); - vk.IC[22] = Pairing.G1Point(uint256(6889309751089080036157423235545680142690650792398279314062387575899228869494),uint256(17678911668088463543175270505444996571219698085940587035964935219043301776169)); - vk.IC[23] = Pairing.G1Point(uint256(9673323848791621411824117667951494409448803912571572035911987567276800873692),uint256(8010318233717184439361450385728075741524318837946509278121601177634948395076)); - vk.IC[24] = Pairing.G1Point(uint256(19001216591939800685596329025823328559725214996604900719736845720656499624867),uint256(16800790914194952657872094131443784987321340590188967934648441664397455856225)); - vk.IC[25] = Pairing.G1Point(uint256(14229772670511491842377063841403695319183750623861101302835638264008211544676),uint256(16700086453597824634366081416911323903395382119942186242938984470600767077018)); - vk.IC[26] = Pairing.G1Point(uint256(6190110473128199039318674139275953731627477080237305570664048170694216558607),uint256(9156069687286703875886126396409243836856376303654173871625378309678962742301)); - vk.IC[27] = Pairing.G1Point(uint256(19041950742766772503703484046141610117011636465603587128037213418839536735126),uint256(1741521843922631538075137437516945946494447419662725791349055244115174732397)); - vk.IC[28] = Pairing.G1Point(uint256(20572595967381616358855167208674217372017018727251574275804447670907816537950),uint256(15530155742998922859635289650887433052284249839254842342598193039162339193385)); - vk.IC[29] = Pairing.G1Point(uint256(18894959902692739855443380454453511822218459028123989847552010175424931175589),uint256(21720555445949680264216624728183544115705279456243597689157013642155036265415)); - vk.IC[30] = Pairing.G1Point(uint256(11420223426220804446523491080946075698396582996335464285431689162267487484067),uint256(3181697461117579761185097953588782487765626082815159306282849737563745424506)); - vk.IC[31] = Pairing.G1Point(uint256(2921370814594030903899051421374417440461203550081209203567416200073023145049),uint256(5347812108419343983369408836373704300702310310540619421686782928991729409164)); - vk.IC[32] = Pairing.G1Point(uint256(16741476685225855934358725975984964877988445638736565287964542186206107152293),uint256(4729669602346204655607884191853032759553867998868447356742304646390812496415)); - vk.IC[33] = Pairing.G1Point(uint256(9756675234809793791892705465682087248632694984652554680972716007491924825951),uint256(5988354804897075683722895724359335032053854461455265017672782021744588344814)); - vk.IC[34] = Pairing.G1Point(uint256(19814683865678732851894888194537462976081202780523678223106719506629549258897),uint256(6080471180403505923559123931327801567873683689169241241662583679341260897736)); - vk.IC[35] = Pairing.G1Point(uint256(1438239620527399948189462788892238398578982906275271867592155948061939566626),uint256(2199055174486710563451423451952849431624087101967400585017518019108165853190)); - vk.IC[36] = Pairing.G1Point(uint256(967676148418361677737873476276863318059309477609707671643977589336859176127),uint256(15797276132011461989185803015523111093330042939894033038100054846133562563324)); - vk.IC[37] = Pairing.G1Point(uint256(20201801978563503818789599624676158315679823610998322710056742798817954976063),uint256(11598358783925779109653102359075130468763033066887386333859407419035615301007)); - vk.IC[38] = Pairing.G1Point(uint256(7747526982755731888665585361416626948929515076673700820729567631840982182127),uint256(8266477541281971795125742686488473665271470129792619047143237743745554013710)); - vk.IC[39] = Pairing.G1Point(uint256(19630347857068381357762752321517383973545380130254869958667818061574406509936),uint256(15186347777687718013099982394931225548070830348604080143466772297210051562836)); - vk.IC[40] = Pairing.G1Point(uint256(7557975808969352606285335263414157381982093159126770512582919553699648350483),uint256(6331359472500035804643208799188536087855091113155475777082984912192250759374)); - vk.IC[41] = Pairing.G1Point(uint256(14845008071231916162530646819506161170789752619959011105785671398905933762955),uint256(17510852870482242342381039816675219266744505657530214435696082802116282488658)); - vk.IC[42] = Pairing.G1Point(uint256(13028483425255096939536859978320334835707092501368542039049983266498742408332),uint256(9680955997542002092545710879095660094124123676658363044411252537219803810269)); - vk.IC[43] = Pairing.G1Point(uint256(18570485684385256456511558721236129814674664211827057233856298536476007823563),uint256(6786587425550032533190651930990699335249545132866171624112725170443784236607)); - vk.IC[44] = Pairing.G1Point(uint256(6229010105044576579707704062880618330142301356182755458537022491776084974500),uint256(2958446025628338713087051414787827196521720086407187883901740977668009458474)); - vk.IC[45] = Pairing.G1Point(uint256(19711064707259131885284329850510953278564434575422258680339661582446519996893),uint256(6447334502627514228819588471839200327796435951160054171955070846382297766993)); - vk.IC[46] = Pairing.G1Point(uint256(13654512333629104147605163426403071872951885435411994083936410963051621892949),uint256(17650265592485694925363566185316073499680014776202819473217500634597804211217)); - vk.IC[47] = Pairing.G1Point(uint256(5632109105332974207832397468511779966406880188637740594191372151186045229561),uint256(13651675148237626614923296165038029228539866352571194577844266938252974170084)); - vk.IC[48] = Pairing.G1Point(uint256(8527345386665720309165783434253008921795266063983738469923301602966779024366),uint256(16149187991861855926722833165905235574832072162827813978624809869628415187689)); - vk.IC[49] = Pairing.G1Point(uint256(6646163805935695669626521901182643404621755887577997925506901386112844229851),uint256(11361301962986100960081361654544753510182204509642964951112554856701961156187)); - vk.IC[50] = Pairing.G1Point(uint256(10921559406917075466554221464922756249180248754762588574619694367252428227945),uint256(15987818311916597433092891016570609774371036003985987971567882858356951694123)); - vk.IC[51] = Pairing.G1Point(uint256(19319321803549704705343605501384818081154665651565507251713174153621472515462),uint256(2737644346677906343234185972413750255380030320584877572350390603749165517091)); - vk.IC[52] = Pairing.G1Point(uint256(14097924791420990626067662965994354649057100100900878471771528723878979063670),uint256(3446659685548421144804125954538853863956916787759744530684127569073823331713)); - vk.IC[53] = Pairing.G1Point(uint256(9983862632251067005815597520616536972155239828533016448370610241448628423219),uint256(9425718421842054710526654962601883705369930663657776686776262667638786657422)); - vk.IC[54] = Pairing.G1Point(uint256(2688984403049401342903683721913746062136910340901612180883159738614628664638),uint256(6537385568788079956897582609732708399792014147299594434121004163987996923797)); - vk.IC[55] = Pairing.G1Point(uint256(18265540920707633157018592793425156625083767097873832410185928416315911651112),uint256(614830982358373399190790570742951602645537091079871616861069500149456469620)); - vk.IC[56] = Pairing.G1Point(uint256(12125321699285743073611607029813382470546481051048160495748291470225531864512),uint256(3716293670309368968675908852623314593073639774424731454150351335135845445749)); - vk.IC[57] = Pairing.G1Point(uint256(7853056802721517963036421484032072942693765378562098368306104805678418585162),uint256(6424789894907881712069802715529228349918886636331654615971484908566086243872)); - vk.IC[58] = Pairing.G1Point(uint256(19115005503431091096721184080895329804587690694447705536547788962171345376377),uint256(21684667845604031973485165382669985845242661934129735060595710490022281580308)); - vk.IC[59] = Pairing.G1Point(uint256(5934951296346946320689083498211342144043216739159202457194772865605223848817),uint256(16531730612519172995954542776277328233589925446255179981248179286637232098743)); - vk.IC[60] = Pairing.G1Point(uint256(548179290994039790062273715118266322711869818074110355798782872494554119127),uint256(21277541640969431282210948877991685569792198011788537435034440443744017806814)); - vk.IC[61] = Pairing.G1Point(uint256(5698932685323749446566832552112536072262214364822836541442194088625134869756),uint256(18173025416893411048966167980710924405089325259853820754338009550096212580109)); - vk.IC[62] = Pairing.G1Point(uint256(5407139961162687782789268353002587250953566955217132246179178517076765432715),uint256(15088228606773832436431560223153028924260952727854826128522128552157315934324)); - vk.IC[63] = Pairing.G1Point(uint256(3297833865321076345999149557999739794735986140950154026339694076355675796967),uint256(3411471118249712872884387591128740913549716748840876207700900440280171428377)); - vk.IC[64] = Pairing.G1Point(uint256(7842388686335992312801332510612951894847538866301083390230994724615251547549),uint256(9506065469948872795705994936031211750874514789756601843559917376763183093918)); - vk.IC[65] = Pairing.G1Point(uint256(4095852829188395404575969005812446864304840367703021566476256455754460675693),uint256(8491316200241330102237645830695567828271170242496389953775586915469855840662)); - vk.IC[66] = Pairing.G1Point(uint256(13025537576077929051149126228765064213045713215302857727492279859380396356016),uint256(2692834756506679874200086947427348829159380570066044209560542269051062640881)); - vk.IC[67] = Pairing.G1Point(uint256(8213689088249141668841132843593219869582692686267381807826045996178718589976),uint256(5934750740375389011242980889807579582140412795439731691760487737537146384870)); - vk.IC[68] = Pairing.G1Point(uint256(5064286005858996906539521173567342723294768227186533518332524072316626813796),uint256(18194357467986683563844190921029033308662124754563987268423540451940150494386)); - vk.IC[69] = Pairing.G1Point(uint256(513524361877395586890580626735501312175734658618400473937221160065153077430),uint256(21066430682077818283600250344847770187662959287016517114730950504105800523459)); - vk.IC[70] = Pairing.G1Point(uint256(16131973789317585551032586924024478720306017209112230164516773197156811660827),uint256(2629437023298887657704157265354419011007844685935531259234622748649925287960)); - vk.IC[71] = Pairing.G1Point(uint256(14333443795131676087362902053591471457648753635869483711366294938960766965855),uint256(12375065056354337574541874851953853772434526791527859885521192098306924954605)); - vk.IC[72] = Pairing.G1Point(uint256(8650965935327444683681899304659642514103760946243255832533343127837713901260),uint256(17350766954455027422821468769776856954427397105499750970125107357315321891443)); - vk.IC[73] = Pairing.G1Point(uint256(19127940891316463106484748416155199078020628471209896451231437541817085077431),uint256(9663583369451454043509657828849429547454302647650088620902697913423546564526)); - vk.IC[74] = Pairing.G1Point(uint256(4024045629953114025834675015518977207041945104823465323803797652513143739853),uint256(7099031579319409562306045437060668113626384467426238808017971940237526720957)); - vk.IC[75] = Pairing.G1Point(uint256(19777520349508781241579877240909708384019577017734082523373047015766886330187),uint256(20543687412232979508991763895812193752676648814819172150316512715838932781811)); - vk.IC[76] = Pairing.G1Point(uint256(13381716905414454291256465188057975528662534279036129120834023444787120778828),uint256(83068903289307625321440883120020242942419200390426643332494275740989439527)); - vk.IC[77] = Pairing.G1Point(uint256(7761960949208896426802556459429974793308266350208241353184947107970422491129),uint256(2089026195731535072085584097366292321990391592844991889095562893901021029045)); - vk.IC[78] = Pairing.G1Point(uint256(5197970819517869977641836587074894393807023630746693731371708152450489969498),uint256(15030173127846951102748719502126507555120149267996232824889459685032460633760)); - vk.IC[79] = Pairing.G1Point(uint256(10738029463630555541033436864764967361429379579447728903906800161601920881914),uint256(8890051727148365024606043733688100310356137564792142189316987818514656702210)); - vk.IC[80] = Pairing.G1Point(uint256(12792936448350863485798336539770498877619679941787502943063936842797879294217),uint256(14379669594142278338427457116016736020516627571642516277280265863257375782458)); - vk.IC[81] = Pairing.G1Point(uint256(13559434756703389257582627200705563231522482733893623255451993723994545049976),uint256(14892650996406162560002958956428094083109122401519142177808416014717662579626)); - vk.IC[82] = Pairing.G1Point(uint256(14252276184535708042709518130518888874496340661124769270302165933313034236450),uint256(15273924344508848264258477250341486434993268879902111993744999413719610729096)); - vk.IC[83] = Pairing.G1Point(uint256(9809205799202468521806578646546780450146808562401906118296006228293627684369),uint256(11307415536498866034675798915908732740209657309834816970198638577514763250721)); - vk.IC[84] = Pairing.G1Point(uint256(21705327260612726721607027572593333828131899563073285225389452443571564581741),uint256(21018596752445529907566552196456728940837044358621700846827205193330981345608)); - vk.IC[85] = Pairing.G1Point(uint256(8726253405089330847191862720082852744524984989277533298149093584335630612059),uint256(18486186530998050985018181700908491808421033831981323727450435858762932718129)); - vk.IC[86] = Pairing.G1Point(uint256(6503536483724878233870656193473281418950363845795000055683485451008630495010),uint256(20373536533546802032215725505482963077326337719927421078346183177571358001238)); - vk.IC[87] = Pairing.G1Point(uint256(21362345493034032487313388146136193327479786529066051395403594100453963769111),uint256(5659302265151057957108067254997946560345397781011169944959956043052574665674)); - vk.IC[88] = Pairing.G1Point(uint256(7449550964742803340675630812325796218565644913828914465913881384357756681548),uint256(17292064125777099006635793940096466365126227952794001913174478930939581123256)); - vk.IC[89] = Pairing.G1Point(uint256(6125497125689284067831318181472617987031052184276342829492439288589510595502),uint256(12585026108513932953515017993201613768584424358528209508664951085853306523754)); - vk.IC[90] = Pairing.G1Point(uint256(12762245270309389117737641685449675404740403315746754385981092875802564011552),uint256(4776105253784521029665216303967098003880083781647370925393247521792397407888)); - vk.IC[91] = Pairing.G1Point(uint256(13807938458651671227739057402325558662935793724423758150238166950827759630565),uint256(8407443299360885769442648551918604539455371547608849811398829544820103779159)); - vk.IC[92] = Pairing.G1Point(uint256(19354271469665911556037183311554687370650863636736009934227267454117678598867),uint256(2889581474166896849215445080012200130279831332202980472677608450870018824419)); - vk.IC[93] = Pairing.G1Point(uint256(6226227238242660704404188961830279826158507659691896952725574118929530402933),uint256(16450115825870066758814214991430148198082508764837404422948743285414888884178)); - vk.IC[94] = Pairing.G1Point(uint256(4780964847774203341666353527075414079062026230513049950866837627817139518944),uint256(16859068361144747142625578004213384508540191114869687793312011678232224372225)); - vk.IC[95] = Pairing.G1Point(uint256(8062525302997605008090891400414607999817592945480209521332494130391040549486),uint256(10042482661997039621263546535097387401245876819894143240347776832509613454998)); - vk.IC[96] = Pairing.G1Point(uint256(4156112324011039404668548707912082198272430690748058804543223692230235584010),uint256(6467835632275616211076158221632969554420082266873705242098900605173284788072)); - vk.IC[97] = Pairing.G1Point(uint256(16978493603420177201284890469513822737364101412764684161147950679395900370490),uint256(4804013104215913645504042647931299604664370881965529654982744609336873815572)); - vk.IC[98] = Pairing.G1Point(uint256(20063224436134296487145192369456053667043930173386619477170690006672425660230),uint256(8018762550302361989416661307519944480135763273042015031096306898128032672769)); - vk.IC[99] = Pairing.G1Point(uint256(9381136972738249930310747728613628512869836321932371408132641447585727108675),uint256(13792274675162440241090306118979937533255670775110959353619238438903042099483)); - vk.IC[100] = Pairing.G1Point(uint256(17249799750153971053356997293380265081163205379000759347308627353711859528438),uint256(11860582928346589952937516820758334143823517059789983241580798089780599031873)); - vk.IC[101] = Pairing.G1Point(uint256(2209125375494676829996593878418698944200062459109379104033878964709019186550),uint256(9044941556620400719209087348338656682667735114334848800591128202753917262364)); - vk.IC[102] = Pairing.G1Point(uint256(7905831048152572475855614559007206580981737455003199081628859335938538130184),uint256(3219362210026178835574532431902129534204421524894508591333411433674437426662)); - vk.IC[103] = Pairing.G1Point(uint256(10034645824488683370676189228201474691737684065016222057492787707541855843562),uint256(10962875262870711754286714288576688333775621455833092480063924261333137338082)); - vk.IC[104] = Pairing.G1Point(uint256(16681217492767809220626946625462893148742282263278770454356009745085326859036),uint256(8609765386746653380889813599059419164123726125803365736957612935297948115084)); - vk.IC[105] = Pairing.G1Point(uint256(10409861984682249634638249483107543711654774759190644297788218352203797832971),uint256(10963947759662935212884888830847146879486435953717902604694788526569408050896)); - vk.IC[106] = Pairing.G1Point(uint256(19610116640561738573121735873270623412842636275783845690930764829525483185517),uint256(19999697268734757669286329323254853862322933620601846163862344221876819142639)); - vk.IC[107] = Pairing.G1Point(uint256(20796538276246959844610503898053705465834091935725306697900595861453314277534),uint256(8463040972818515190474433150965544533570162872588257416128796378472361625254)); - vk.IC[108] = Pairing.G1Point(uint256(16242734927529699680977092850391685525876857116431871118405705879284460279923),uint256(233800030226637912442083358100093812963916941762884764432747765761205593722)); - vk.IC[109] = Pairing.G1Point(uint256(575299231355200429649645736454601450683561619418476466277518167882449241582),uint256(16441392148980496339439815763952122005106502317757024622981193995288053243753)); - vk.IC[110] = Pairing.G1Point(uint256(1603299324276303191667584100848645563589905602358091967172803717926108919833),uint256(2923207606433658024984614511442599369631740064463368057365647551116862475865)); - vk.IC[111] = Pairing.G1Point(uint256(15612397606496480900845188862617925195166889100242281072974188587056786460685),uint256(6067268371068187386960150210701543773298636595460683602669641801140055222693)); - vk.IC[112] = Pairing.G1Point(uint256(11716278844761725707707926991887023640732693999845301976833122906763630000470),uint256(4785089586353316211662706302146360930361614633336109347707536468281339428146)); - vk.IC[113] = Pairing.G1Point(uint256(13583970090332558444106411973400436007441644550158519399118705791407995280322),uint256(19644166569147988073283886636967542007943692023233562457318835255034799889940)); - vk.IC[114] = Pairing.G1Point(uint256(1686045902562150190863786039249272152595323263993869676824656256416347524970),uint256(17748495582430458497854085558648682169890368554794356546738567734485590533503)); - vk.IC[115] = Pairing.G1Point(uint256(14018407513023200909083059584310902264885930292989350049846251819450636644515),uint256(15282365300853626656506664284946919761222329988945904085162429142333058688432)); - vk.IC[116] = Pairing.G1Point(uint256(16724562362615523120167011908918353532981098883153390523539421723425152477307),uint256(843622462409191805919999628441033590397683131077427864110140693629784330140)); - vk.IC[117] = Pairing.G1Point(uint256(9317229908502429358451115076979763649356526034355777152382574378803867793407),uint256(2617787134893809524818335754594505537496659392456978184732584754140270601161)); - vk.IC[118] = Pairing.G1Point(uint256(12643564839060300175073382088429811648928756114554035624702422497673075822811),uint256(15646981702412923801232315502751915516527154519138252804608886597168220251051)); - vk.IC[119] = Pairing.G1Point(uint256(16136179725000153445080279536165216574525067823359334408100828869622561025204),uint256(710304109108463984900640046876452138580862272055110902990476351162646910693)); - vk.IC[120] = Pairing.G1Point(uint256(692942860249784705898329710403028922082659734627553976311078555856071631087),uint256(11843201175511394674224882314719744090005823775711198123908970674468441340626)); - vk.IC[121] = Pairing.G1Point(uint256(11779866285886477058233262617181102875810432515236086165301634888647796468285),uint256(20304904017079364293528985902914652711056094838577523831107251186430000376103)); - vk.IC[122] = Pairing.G1Point(uint256(16741048327094051449850380442322997638089566456733427175028993526920079216552),uint256(469168782820627354614016869964037684089616570710843167108196420227532543358)); - vk.IC[123] = Pairing.G1Point(uint256(8192970453232272547440654687523742209402660277066973787541850715511374651622),uint256(15378234133052651769174717524827877745034818735188283718621316832075692924406)); - vk.IC[124] = Pairing.G1Point(uint256(10874114257144317851900054481205527956050976138359009857985393174723062892676),uint256(12717308684825512964345073222442623220963599686472628674634895201106020201890)); - vk.IC[125] = Pairing.G1Point(uint256(5267065588819698865144857558764204428263327949346016006240918993613635535317),uint256(9504308288810723489809880319665125296646318783448726885811570230750183852840)); - vk.IC[126] = Pairing.G1Point(uint256(19589750306950764739097899155765349671907282871881276201801496319992047650746),uint256(19355465427953889761240746637309186677085883165092990254569077723585487580684)); - vk.IC[127] = Pairing.G1Point(uint256(17157506086704891040661746569169794341719382632415432679454534292409879487085),uint256(19897635624356405012232528284119658467695828553967677022062327424627204803193)); - vk.IC[128] = Pairing.G1Point(uint256(20238858483410373364817397805629956894825450075652394120977179046203337104373),uint256(6874509773395989359964200584287462074246787158135629964693169157409514901534)); - vk.IC[129] = Pairing.G1Point(uint256(12042579617996728748165735987255778752470955736200812791100866788721737191632),uint256(11956625767696871244461941300661106065113240619864391737851713805635374157021)); - vk.IC[130] = Pairing.G1Point(uint256(16548366919176947814040435329595118023993324878565761882418197223671907573357),uint256(10620821967136310262692802689974809502198526374547943939269158284384653114350)); - vk.IC[131] = Pairing.G1Point(uint256(8175466437668934308709975762665321770552084750706095349920295311638284090340),uint256(17425364680901154207661740679315488758276320872402168607111940050845887976471)); - vk.IC[132] = Pairing.G1Point(uint256(9198147470468043329255739956904344209746369324919711050881466969196801966276),uint256(20298732777222909816627151550361882672333769232236128952325518941075042836010)); - vk.IC[133] = Pairing.G1Point(uint256(15904946907253788347044186320302300871858274132480685493537494288950980594193),uint256(15409483562413553293784442699758192278775213388937158234684578475424442082364)); - vk.IC[134] = Pairing.G1Point(uint256(14220065024533152210243662627649996829439850016253669280094507063796589016407),uint256(2782695826772336437168593281979032224437557674189704274938530289022757554551)); - vk.IC[135] = Pairing.G1Point(uint256(3439664554786124907619188183455389534759238310861135614302099160907607051269),uint256(20990451399839802618416331354962424116625631351552047454336086879944775872991)); - vk.IC[136] = Pairing.G1Point(uint256(17322663660000121892857220907135345561983364271033777284327298998169328112152),uint256(8518935329747198938862986634975284512581273824227035851902576752634386127933)); - - } - - /* - * @returns Whether the proof is valid given the hardcoded verifying key - * above and the public inputs - */ - function verifyProof( - uint256[2] memory a, - uint256[2][2] memory b, - uint256[2] memory c, - uint256[] memory input - ) public view returns (bool) { - - Proof memory proof; - proof.A = Pairing.G1Point(a[0], a[1]); - proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.C = Pairing.G1Point(c[0], c[1]); - - VerifyingKey memory vk = verifyingKey(); - - // Compute the linear combination vk_x - Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); - - // Make sure that proof.A, B, and C are each less than the prime q - require(proof.A.X < PRIME_Q, "verifier-aX-gte-prime-q"); - require(proof.A.Y < PRIME_Q, "verifier-aY-gte-prime-q"); - - require(proof.B.X[0] < PRIME_Q, "verifier-bX0-gte-prime-q"); - require(proof.B.Y[0] < PRIME_Q, "verifier-bY0-gte-prime-q"); - - require(proof.B.X[1] < PRIME_Q, "verifier-bX1-gte-prime-q"); - require(proof.B.Y[1] < PRIME_Q, "verifier-bY1-gte-prime-q"); - - require(proof.C.X < PRIME_Q, "verifier-cX-gte-prime-q"); - require(proof.C.Y < PRIME_Q, "verifier-cY-gte-prime-q"); - - // Make sure that every input is less than the snark scalar field - //for (uint256 i = 0; i < input.length; i++) { - for (uint256 i = 0; i < 136; i++) { - require(input[i] < SNARK_SCALAR_FIELD,"verifier-gte-snark-scalar-field"); - vk_x = Pairing.plus(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); - } - - vk_x = Pairing.plus(vk_x, vk.IC[0]); - - return Pairing.pairing( - Pairing.negate(proof.A), - proof.B, - vk.alpha1, - vk.beta2, - vk_x, - vk.gamma2, - proof.C, - vk.delta2 - ); - } -} diff --git a/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifierMedium.sol b/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifierMedium.sol deleted file mode 100644 index 772e8c9fd..000000000 --- a/contracts/contracts/snarkVerifiers/BatchUpdateStateTreeVerifierMedium.sol +++ /dev/null @@ -1,246 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Copyright 2017 Christian Reitwiessner -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to -// deal in the Software without restriction, including without limitation the -// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -// sell copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -// IN THE SOFTWARE. - -// 2019 OKIMS - -pragma solidity ^0.6.12; - -library Pairing { - - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct G1Point { - uint256 X; - uint256 Y; - } - - // Encoding of field elements is: X[0] * z + X[1] - struct G2Point { - uint256[2] X; - uint256[2] Y; - } - - /* - * @return The negation of p, i.e. p.plus(p.negate()) should be zero. - */ - function negate(G1Point memory p) internal pure returns (G1Point memory) { - - // The prime q in the base field F_q for G1 - if (p.X == 0 && p.Y == 0) { - return G1Point(0, 0); - } else { - return G1Point(p.X, PRIME_Q - (p.Y % PRIME_Q)); - } - } - - /* - * @return The sum of two points of G1 - */ - function plus( - G1Point memory p1, - G1Point memory p2 - ) internal view returns (G1Point memory r) { - - uint256[4] memory input; - input[0] = p1.X; - input[1] = p1.Y; - input[2] = p2.X; - input[3] = p2.Y; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-add-failed"); - } - - /* - * @return The product of a point on G1 and a scalar, i.e. - * p == p.scalar_mul(1) and p.plus(p) == p.scalar_mul(2) for all - * points p. - */ - function scalar_mul(G1Point memory p, uint256 s) internal view returns (G1Point memory r) { - - uint256[3] memory input; - input[0] = p.X; - input[1] = p.Y; - input[2] = s; - bool success; - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 7, input, 0x80, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - require (success,"pairing-mul-failed"); - } - - /* @return The result of computing the pairing check - * e(p1[0], p2[0]) * .... * e(p1[n], p2[n]) == 1 - * For example, - * pairing([P1(), P1().negate()], [P2(), P2()]) should return true. - */ - function pairing( - G1Point memory a1, - G2Point memory a2, - G1Point memory b1, - G2Point memory b2, - G1Point memory c1, - G2Point memory c2, - G1Point memory d1, - G2Point memory d2 - ) internal view returns (bool) { - - G1Point[4] memory p1 = [a1, b1, c1, d1]; - G2Point[4] memory p2 = [a2, b2, c2, d2]; - - uint256 inputSize = 24; - uint256[] memory input = new uint256[](inputSize); - - for (uint256 i = 0; i < 4; i++) { - uint256 j = i * 6; - input[j + 0] = p1[i].X; - input[j + 1] = p1[i].Y; - input[j + 2] = p2[i].X[0]; - input[j + 3] = p2[i].X[1]; - input[j + 4] = p2[i].Y[0]; - input[j + 5] = p2[i].Y[1]; - } - - uint256[1] memory out; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 8, add(input, 0x20), mul(inputSize, 0x20), out, 0x20) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-opcode-failed"); - - return out[0] != 0; - } -} - -contract BatchUpdateStateTreeVerifierMedium { - - using Pairing for *; - - uint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct VerifyingKey { - Pairing.G1Point alpha1; - Pairing.G2Point beta2; - Pairing.G2Point gamma2; - Pairing.G2Point delta2; - Pairing.G1Point[17] IC; - } - - struct Proof { - Pairing.G1Point A; - Pairing.G2Point B; - Pairing.G1Point C; - } - - function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alpha1 = Pairing.G1Point(uint256(8127368723535166419632247524465558331085902869555340986059718511989533877903),uint256(20751332113681994095650238414495480904944949506381825493965392781178871266400)); - vk.beta2 = Pairing.G2Point([uint256(9685355385772429669466876586032950444529073715446288295667192086154215757045),uint256(7956626864936620944123193484482287319258088339178359422012222341945141262220)], [uint256(19277014037627504374082945717900190531762317571436581847505825764213853980686),uint256(1908967219375266398782153786533621521966321545716402064661821836653497251741)]); - vk.gamma2 = Pairing.G2Point([uint256(5702317503459074564121810512849723904030883133659602462895207227676159457073),uint256(9752411496072907857511096469537907301675968143151763666915902954766029820649)], [uint256(15311638672119697109635568189096163980728853237572158000887687187767443065721),uint256(1467949219797428504423330776372868631685191022967660814672971291349981326453)]); - vk.delta2 = Pairing.G2Point([uint256(10042644312445726099186680195135610911154557846368466839914514090420315363196),uint256(5953242661240745376894723690499081179580713522533109505888896972170548423447)], [uint256(10432007173047800436393448146423908598229591402975125688897148668885988436869),uint256(12761943683328572443702167247603024646278392963300375768416341208640194440024)]); - vk.IC[0] = Pairing.G1Point(uint256(11684292448093409938749262856593257593265415990315799375441434818225669117513),uint256(17354060169699583056385031768553520066269419437930441355141323183474193288344)); - vk.IC[1] = Pairing.G1Point(uint256(18978804233362855254748336240885798166167145695925971316209016129430982996836),uint256(257858084308660882579741098452103505697546993991481243530058803272769410057)); - vk.IC[2] = Pairing.G1Point(uint256(17649396753598836169644322173305297636595195297224350400248366524982692230220),uint256(2165143809338451531595352410274439369578304210861736455028198355991881901890)); - vk.IC[3] = Pairing.G1Point(uint256(12743475133933567838181095413456793317278787317007224370983379018748448880439),uint256(17387113142283371215066240407634247412819690889126818223090569191529216359300)); - vk.IC[4] = Pairing.G1Point(uint256(1973511551104436924982643118293031400664941922560734295520380902778965063251),uint256(21423512037659270408296674189055636682814308571306415638667681949212670378307)); - vk.IC[5] = Pairing.G1Point(uint256(12777475795556421867594783452639673004232530111226584159211744735927472586255),uint256(7326014169312842413471118740148351952862820599657458623242388398534338006363)); - vk.IC[6] = Pairing.G1Point(uint256(5216469969299120528732608160349918061249907501767043565375615161147976215332),uint256(989946861370125382242158047375361790746368218462907689336263579770837836807)); - vk.IC[7] = Pairing.G1Point(uint256(1682411899235644827727477309775512902504716511759651526016668337120108984926),uint256(21769687491878374021041256695129294708083537029426461275027954222572060532876)); - vk.IC[8] = Pairing.G1Point(uint256(5947652013068851029927893718347327362975416962746360721614242282675280018208),uint256(19799444121016126892140192037794264125999664316205188958742024257185442352276)); - vk.IC[9] = Pairing.G1Point(uint256(21375424700580426268242254401461692906048911765321104036248562923057326547366),uint256(9129515758103210983440731412054967409022512154388896010243757658363345066677)); - vk.IC[10] = Pairing.G1Point(uint256(5181083872326425277095701295102437078618842182808106432882453866402826205563),uint256(3909589691497505586347501966012568332505459927841506312555163682171624999043)); - vk.IC[11] = Pairing.G1Point(uint256(10937238241723729230999281548237275936689326872031049956988113144871249285169),uint256(908961722856783819279957126760115378461171320446208214965651116245467045331)); - vk.IC[12] = Pairing.G1Point(uint256(3340262943862885831954653074465395723752665498076653211793977667293737939299),uint256(10595003636105707362809228404198822880051256440874866938066599528736642232113)); - vk.IC[13] = Pairing.G1Point(uint256(17733118154261984975207903210356648996459746363268039856505287526450143633061),uint256(10229172354780818691484249140658139755710494926977826788534554464077750899291)); - vk.IC[14] = Pairing.G1Point(uint256(15606780348017354284133115125836593111691468822472478900734443507129354597871),uint256(7527502697349561903585389719636612489476423980435833597073323824095560676366)); - vk.IC[15] = Pairing.G1Point(uint256(20637507020360298247108263518839712916953032459692536666602324578797100233564),uint256(3551825909610153987714265190158118462865969018102364275668450938716744737389)); - vk.IC[16] = Pairing.G1Point(uint256(15117627238918034193896927328047801718793634367825184271113223515449162451314),uint256(5616304170205753474662337142730909509040421377018706342325018229476514760803)); - - } - - /* - * @returns Whether the proof is valid given the hardcoded verifying key - * above and the public inputs - */ - function verifyProof( - uint256[2] memory a, - uint256[2][2] memory b, - uint256[2] memory c, - uint256[] memory input - ) public view returns (bool) { - - Proof memory proof; - proof.A = Pairing.G1Point(a[0], a[1]); - proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.C = Pairing.G1Point(c[0], c[1]); - - VerifyingKey memory vk = verifyingKey(); - - // Compute the linear combination vk_x - Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); - - // Make sure that proof.A, B, and C are each less than the prime q - require(proof.A.X < PRIME_Q, "verifier-aX-gte-prime-q"); - require(proof.A.Y < PRIME_Q, "verifier-aY-gte-prime-q"); - - require(proof.B.X[0] < PRIME_Q, "verifier-bX0-gte-prime-q"); - require(proof.B.Y[0] < PRIME_Q, "verifier-bY0-gte-prime-q"); - - require(proof.B.X[1] < PRIME_Q, "verifier-bX1-gte-prime-q"); - require(proof.B.Y[1] < PRIME_Q, "verifier-bY1-gte-prime-q"); - - require(proof.C.X < PRIME_Q, "verifier-cX-gte-prime-q"); - require(proof.C.Y < PRIME_Q, "verifier-cY-gte-prime-q"); - - // Make sure that every input is less than the snark scalar field - //for (uint256 i = 0; i < input.length; i++) { - for (uint256 i = 0; i < 16; i++) { - require(input[i] < SNARK_SCALAR_FIELD,"verifier-gte-snark-scalar-field"); - vk_x = Pairing.plus(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); - } - - vk_x = Pairing.plus(vk_x, vk.IC[0]); - - return Pairing.pairing( - Pairing.negate(proof.A), - proof.B, - vk.alpha1, - vk.beta2, - vk_x, - vk.gamma2, - proof.C, - vk.delta2 - ); - } -} diff --git a/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifier.sol b/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifier.sol deleted file mode 100644 index d55ee98b7..000000000 --- a/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifier.sol +++ /dev/null @@ -1,240 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Copyright 2017 Christian Reitwiessner -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to -// deal in the Software without restriction, including without limitation the -// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -// sell copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -// IN THE SOFTWARE. - -// 2019 OKIMS - -pragma solidity ^0.6.12; - -library Pairing { - - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct G1Point { - uint256 X; - uint256 Y; - } - - // Encoding of field elements is: X[0] * z + X[1] - struct G2Point { - uint256[2] X; - uint256[2] Y; - } - - /* - * @return The negation of p, i.e. p.plus(p.negate()) should be zero. - */ - function negate(G1Point memory p) internal pure returns (G1Point memory) { - - // The prime q in the base field F_q for G1 - if (p.X == 0 && p.Y == 0) { - return G1Point(0, 0); - } else { - return G1Point(p.X, PRIME_Q - (p.Y % PRIME_Q)); - } - } - - /* - * @return The sum of two points of G1 - */ - function plus( - G1Point memory p1, - G1Point memory p2 - ) internal view returns (G1Point memory r) { - - uint256[4] memory input; - input[0] = p1.X; - input[1] = p1.Y; - input[2] = p2.X; - input[3] = p2.Y; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-add-failed"); - } - - /* - * @return The product of a point on G1 and a scalar, i.e. - * p == p.scalar_mul(1) and p.plus(p) == p.scalar_mul(2) for all - * points p. - */ - function scalar_mul(G1Point memory p, uint256 s) internal view returns (G1Point memory r) { - - uint256[3] memory input; - input[0] = p.X; - input[1] = p.Y; - input[2] = s; - bool success; - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 7, input, 0x80, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - require (success,"pairing-mul-failed"); - } - - /* @return The result of computing the pairing check - * e(p1[0], p2[0]) * .... * e(p1[n], p2[n]) == 1 - * For example, - * pairing([P1(), P1().negate()], [P2(), P2()]) should return true. - */ - function pairing( - G1Point memory a1, - G2Point memory a2, - G1Point memory b1, - G2Point memory b2, - G1Point memory c1, - G2Point memory c2, - G1Point memory d1, - G2Point memory d2 - ) internal view returns (bool) { - - G1Point[4] memory p1 = [a1, b1, c1, d1]; - G2Point[4] memory p2 = [a2, b2, c2, d2]; - - uint256 inputSize = 24; - uint256[] memory input = new uint256[](inputSize); - - for (uint256 i = 0; i < 4; i++) { - uint256 j = i * 6; - input[j + 0] = p1[i].X; - input[j + 1] = p1[i].Y; - input[j + 2] = p2[i].X[0]; - input[j + 3] = p2[i].X[1]; - input[j + 4] = p2[i].Y[0]; - input[j + 5] = p2[i].Y[1]; - } - - uint256[1] memory out; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 8, add(input, 0x20), mul(inputSize, 0x20), out, 0x20) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-opcode-failed"); - - return out[0] != 0; - } -} - -contract QuadVoteTallyVerifier { - - using Pairing for *; - - uint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct VerifyingKey { - Pairing.G1Point alpha1; - Pairing.G2Point beta2; - Pairing.G2Point gamma2; - Pairing.G2Point delta2; - Pairing.G1Point[11] IC; - } - - struct Proof { - Pairing.G1Point A; - Pairing.G2Point B; - Pairing.G1Point C; - } - - function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alpha1 = Pairing.G1Point(uint256(478592870202004608407700946626510860825148547055186999737325427570268071144),uint256(9157751337584079183052823489385089906467596264238255675172315388015682209774)); - vk.beta2 = Pairing.G2Point([uint256(6301620314605447452471250663439393534638947012799820621609105749783745560238),uint256(12341502659983370456526803525767300996895322973579878805909946779444016389895)], [uint256(17916035858196687513208189237457342837320151929236378973691981190169390281199),uint256(16444228891791804865508709572623644561615935374209966906478869289655940086819)]); - vk.gamma2 = Pairing.G2Point([uint256(5681708471910945625508468623962396133764094578948387511590294581780247636017),uint256(12118744368887744070277905720785727027721900792460533412560115235173516007908)], [uint256(19143226185719422706551432871778581754615352286078150770379633722946728087125),uint256(8771291206027627376480902628253800619076104193002741604312297889777140358543)]); - vk.delta2 = Pairing.G2Point([uint256(9183444025997791469483933628505481094940229831191936388841069110540752769781),uint256(8121628155109074152882719504614154410527219019551879405875845762324393116130)], [uint256(8325138441882418069414030057991625671383402127217529829084370835890202514000),uint256(9700306852366593120852495830825669684287132235431702544754680617352512454780)]); - vk.IC[0] = Pairing.G1Point(uint256(4473856644216221607948987814014926389720185629882460701333813122776100635359),uint256(6956131460421571269545707696409648145308526664212416140417363000095589815957)); - vk.IC[1] = Pairing.G1Point(uint256(19726295696846084173995518778637603505432011392669350104762042298570929316346),uint256(13684462422305003621518551338570850725671233410625819322646002682428910339429)); - vk.IC[2] = Pairing.G1Point(uint256(1793827834727029479223351236835013187707179140888477179764044490904850639387),uint256(9312618810000293440910138801600864403438208853566431650456704114136859489280)); - vk.IC[3] = Pairing.G1Point(uint256(11299035697656742275163765506077278401047329066124730515593035905313819503632),uint256(8322913632991975622972935760048898137909505419420978665497880611712700540401)); - vk.IC[4] = Pairing.G1Point(uint256(13280602119776390452472714232270236887712223629882412086729691920155671150647),uint256(9540967200702169920405239453575495565944466677486003725855919012643557907267)); - vk.IC[5] = Pairing.G1Point(uint256(12200560943472216911056438915706858784124211911450075427378114042676593812259),uint256(17363473751896243640122786159552908959774140510742843930466234747339374414344)); - vk.IC[6] = Pairing.G1Point(uint256(12464095219545033179030609307332889165874320294995310908043756072470336241120),uint256(18572326813401808505761456164543655416444739586565502040584417514349858243117)); - vk.IC[7] = Pairing.G1Point(uint256(15305793898268890519676908327637239309682558965763582917391906664096155448814),uint256(9329976234288148300706215406568623952682983727826487364179817651003418007797)); - vk.IC[8] = Pairing.G1Point(uint256(4350651078029810241597622803746393469046970908830068946962238954577441679407),uint256(20824581855206441124855000731935153775549323660729469647725245043549733300013)); - vk.IC[9] = Pairing.G1Point(uint256(16275960615024373983571481323744994250709112408244262892442567264765482858200),uint256(5739458670378731325014841645966986236597983834936517804475078311820134531416)); - vk.IC[10] = Pairing.G1Point(uint256(4795536229571555988834795837284084799723912608501169725196781157502877593631),uint256(9268532769594658382717845783893860710430840681661979231328300443942186410276)); - - } - - /* - * @returns Whether the proof is valid given the hardcoded verifying key - * above and the public inputs - */ - function verifyProof( - uint256[2] memory a, - uint256[2][2] memory b, - uint256[2] memory c, - uint256[] memory input - ) public view returns (bool) { - - Proof memory proof; - proof.A = Pairing.G1Point(a[0], a[1]); - proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.C = Pairing.G1Point(c[0], c[1]); - - VerifyingKey memory vk = verifyingKey(); - - // Compute the linear combination vk_x - Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); - - // Make sure that proof.A, B, and C are each less than the prime q - require(proof.A.X < PRIME_Q, "verifier-aX-gte-prime-q"); - require(proof.A.Y < PRIME_Q, "verifier-aY-gte-prime-q"); - - require(proof.B.X[0] < PRIME_Q, "verifier-bX0-gte-prime-q"); - require(proof.B.Y[0] < PRIME_Q, "verifier-bY0-gte-prime-q"); - - require(proof.B.X[1] < PRIME_Q, "verifier-bX1-gte-prime-q"); - require(proof.B.Y[1] < PRIME_Q, "verifier-bY1-gte-prime-q"); - - require(proof.C.X < PRIME_Q, "verifier-cX-gte-prime-q"); - require(proof.C.Y < PRIME_Q, "verifier-cY-gte-prime-q"); - - // Make sure that every input is less than the snark scalar field - //for (uint256 i = 0; i < input.length; i++) { - for (uint256 i = 0; i < 10; i++) { - require(input[i] < SNARK_SCALAR_FIELD,"verifier-gte-snark-scalar-field"); - vk_x = Pairing.plus(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); - } - - vk_x = Pairing.plus(vk_x, vk.IC[0]); - - return Pairing.pairing( - Pairing.negate(proof.A), - proof.B, - vk.alpha1, - vk.beta2, - vk_x, - vk.gamma2, - proof.C, - vk.delta2 - ); - } -} diff --git a/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifier32.sol b/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifier32.sol deleted file mode 100644 index c225996b6..000000000 --- a/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifier32.sol +++ /dev/null @@ -1,240 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Copyright 2017 Christian Reitwiessner -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to -// deal in the Software without restriction, including without limitation the -// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -// sell copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -// IN THE SOFTWARE. - -// 2019 OKIMS - -pragma solidity ^0.6.12; - -library Pairing { - - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct G1Point { - uint256 X; - uint256 Y; - } - - // Encoding of field elements is: X[0] * z + X[1] - struct G2Point { - uint256[2] X; - uint256[2] Y; - } - - /* - * @return The negation of p, i.e. p.plus(p.negate()) should be zero. - */ - function negate(G1Point memory p) internal pure returns (G1Point memory) { - - // The prime q in the base field F_q for G1 - if (p.X == 0 && p.Y == 0) { - return G1Point(0, 0); - } else { - return G1Point(p.X, PRIME_Q - (p.Y % PRIME_Q)); - } - } - - /* - * @return The sum of two points of G1 - */ - function plus( - G1Point memory p1, - G1Point memory p2 - ) internal view returns (G1Point memory r) { - - uint256[4] memory input; - input[0] = p1.X; - input[1] = p1.Y; - input[2] = p2.X; - input[3] = p2.Y; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-add-failed"); - } - - /* - * @return The product of a point on G1 and a scalar, i.e. - * p == p.scalar_mul(1) and p.plus(p) == p.scalar_mul(2) for all - * points p. - */ - function scalar_mul(G1Point memory p, uint256 s) internal view returns (G1Point memory r) { - - uint256[3] memory input; - input[0] = p.X; - input[1] = p.Y; - input[2] = s; - bool success; - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 7, input, 0x80, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - require (success,"pairing-mul-failed"); - } - - /* @return The result of computing the pairing check - * e(p1[0], p2[0]) * .... * e(p1[n], p2[n]) == 1 - * For example, - * pairing([P1(), P1().negate()], [P2(), P2()]) should return true. - */ - function pairing( - G1Point memory a1, - G2Point memory a2, - G1Point memory b1, - G2Point memory b2, - G1Point memory c1, - G2Point memory c2, - G1Point memory d1, - G2Point memory d2 - ) internal view returns (bool) { - - G1Point[4] memory p1 = [a1, b1, c1, d1]; - G2Point[4] memory p2 = [a2, b2, c2, d2]; - - uint256 inputSize = 24; - uint256[] memory input = new uint256[](inputSize); - - for (uint256 i = 0; i < 4; i++) { - uint256 j = i * 6; - input[j + 0] = p1[i].X; - input[j + 1] = p1[i].Y; - input[j + 2] = p2[i].X[0]; - input[j + 3] = p2[i].X[1]; - input[j + 4] = p2[i].Y[0]; - input[j + 5] = p2[i].Y[1]; - } - - uint256[1] memory out; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 8, add(input, 0x20), mul(inputSize, 0x20), out, 0x20) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-opcode-failed"); - - return out[0] != 0; - } -} - -contract QuadVoteTallyVerifier32 { - - using Pairing for *; - - uint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct VerifyingKey { - Pairing.G1Point alpha1; - Pairing.G2Point beta2; - Pairing.G2Point gamma2; - Pairing.G2Point delta2; - Pairing.G1Point[11] IC; - } - - struct Proof { - Pairing.G1Point A; - Pairing.G2Point B; - Pairing.G1Point C; - } - - function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alpha1 = Pairing.G1Point(uint256(9788127595119201866856617003695348381494833524466400639949073585957021339037),uint256(17932521094406734810716540317777009267479808128307339657586752246845966324546)); - vk.beta2 = Pairing.G2Point([uint256(21696649512957474520766095764799013940939016236949108680242351137594278285669),uint256(9016446391367028110234589585753924330264825516230321143634114592563371307117)], [uint256(7087399056167398372761076892757707007018670953459473525927429087917826945053),uint256(9659617587389110165682052807238376129317889332523805252341223621597875480794)]); - vk.gamma2 = Pairing.G2Point([uint256(13962369966765040668829655136924014476219060175797181969275750747389840617448),uint256(19823961448325229305204277789628974240377979114016419863625529107132599746377)], [uint256(21003505158985748144125490558991246355533878946496416497168816402925446815665),uint256(14051298214898763705311654324232715279911394037278143384416856363195856079315)]); - vk.delta2 = Pairing.G2Point([uint256(11530440852220161646149031563657779726613020784068593716469602804710970865016),uint256(14257554911323500151026989745783771294105663833290894907603970279224038797748)], [uint256(5383887732348773780113795775564370073998899934497202895231896126994803955425),uint256(11233493274723621382210142971760402149935803222743635486876071121294805940438)]); - vk.IC[0] = Pairing.G1Point(uint256(10331630364560579918439924807409069040574467453347970997831619467700630786260),uint256(7352703907083746684727908159265924004558758803834300636605141089397401744276)); - vk.IC[1] = Pairing.G1Point(uint256(2383454224874693764660765415618474893054453576782110395746877001592325997813),uint256(1542959527417798518589026170675817148209513312208940161838188351540305261351)); - vk.IC[2] = Pairing.G1Point(uint256(18884898847905030735430424271903368807631300921120481538677323215944429955882),uint256(7994371495659448868909256534360335828331664970438054963950762473745447828579)); - vk.IC[3] = Pairing.G1Point(uint256(12191131903986550861667269414449440505467282925229091327826064446444042925410),uint256(10287091939791432810651612894102236781556081667714076895904551125587377961104)); - vk.IC[4] = Pairing.G1Point(uint256(20501120058293061653434025117099905624068740273769213189741054505135138713238),uint256(17165567928850585462269967533098885781515290109705663694639983179304840313303)); - vk.IC[5] = Pairing.G1Point(uint256(20751307669795641184935675550765974725507672821656889501312345885830120955045),uint256(11018164791073843718441881117561339638946066654006646219940842025563325157728)); - vk.IC[6] = Pairing.G1Point(uint256(18159318129566988733741597410767431681008828827772613186940913319367318549079),uint256(12396436918085027159836905968189917573204122166878503885239851905631641956072)); - vk.IC[7] = Pairing.G1Point(uint256(13060171889041434447360216444511148806054464772702115083624471143224891275324),uint256(10094424363784529626834006689496204497794067280043536139893786658250635934309)); - vk.IC[8] = Pairing.G1Point(uint256(6854173124674957005941305536675433520123924432035620687587028033143445025531),uint256(19506224151286244452202284185755930627153417086070884411467083228467399266356)); - vk.IC[9] = Pairing.G1Point(uint256(18168338073015895229874309533757429566747399006686550780596425981177180963553),uint256(21672263069691916535914406330276563680996218330501255716766232162984703727459)); - vk.IC[10] = Pairing.G1Point(uint256(12867344578516149856332575271023915354048241534592007123391907132955424635582),uint256(1166388922196880405559962045533802218202004023209252233378224410860556005741)); - - } - - /* - * @returns Whether the proof is valid given the hardcoded verifying key - * above and the public inputs - */ - function verifyProof( - uint256[2] memory a, - uint256[2][2] memory b, - uint256[2] memory c, - uint256[] memory input - ) public view returns (bool) { - - Proof memory proof; - proof.A = Pairing.G1Point(a[0], a[1]); - proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.C = Pairing.G1Point(c[0], c[1]); - - VerifyingKey memory vk = verifyingKey(); - - // Compute the linear combination vk_x - Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); - - // Make sure that proof.A, B, and C are each less than the prime q - require(proof.A.X < PRIME_Q, "verifier-aX-gte-prime-q"); - require(proof.A.Y < PRIME_Q, "verifier-aY-gte-prime-q"); - - require(proof.B.X[0] < PRIME_Q, "verifier-bX0-gte-prime-q"); - require(proof.B.Y[0] < PRIME_Q, "verifier-bY0-gte-prime-q"); - - require(proof.B.X[1] < PRIME_Q, "verifier-bX1-gte-prime-q"); - require(proof.B.Y[1] < PRIME_Q, "verifier-bY1-gte-prime-q"); - - require(proof.C.X < PRIME_Q, "verifier-cX-gte-prime-q"); - require(proof.C.Y < PRIME_Q, "verifier-cY-gte-prime-q"); - - // Make sure that every input is less than the snark scalar field - //for (uint256 i = 0; i < input.length; i++) { - for (uint256 i = 0; i < 10; i++) { - require(input[i] < SNARK_SCALAR_FIELD,"verifier-gte-snark-scalar-field"); - vk_x = Pairing.plus(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); - } - - vk_x = Pairing.plus(vk_x, vk.IC[0]); - - return Pairing.pairing( - Pairing.negate(proof.A), - proof.B, - vk.alpha1, - vk.beta2, - vk_x, - vk.gamma2, - proof.C, - vk.delta2 - ); - } -} \ No newline at end of file diff --git a/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifier32Batch16.sol b/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifier32Batch16.sol deleted file mode 100644 index 4c0cb2f1f..000000000 --- a/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifier32Batch16.sol +++ /dev/null @@ -1,240 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Copyright 2017 Christian Reitwiessner -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to -// deal in the Software without restriction, including without limitation the -// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -// sell copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -// IN THE SOFTWARE. - -// 2019 OKIMS - -pragma solidity ^0.6.12; - -library Pairing { - - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct G1Point { - uint256 X; - uint256 Y; - } - - // Encoding of field elements is: X[0] * z + X[1] - struct G2Point { - uint256[2] X; - uint256[2] Y; - } - - /* - * @return The negation of p, i.e. p.plus(p.negate()) should be zero. - */ - function negate(G1Point memory p) internal pure returns (G1Point memory) { - - // The prime q in the base field F_q for G1 - if (p.X == 0 && p.Y == 0) { - return G1Point(0, 0); - } else { - return G1Point(p.X, PRIME_Q - (p.Y % PRIME_Q)); - } - } - - /* - * @return The sum of two points of G1 - */ - function plus( - G1Point memory p1, - G1Point memory p2 - ) internal view returns (G1Point memory r) { - - uint256[4] memory input; - input[0] = p1.X; - input[1] = p1.Y; - input[2] = p2.X; - input[3] = p2.Y; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-add-failed"); - } - - /* - * @return The product of a point on G1 and a scalar, i.e. - * p == p.scalar_mul(1) and p.plus(p) == p.scalar_mul(2) for all - * points p. - */ - function scalar_mul(G1Point memory p, uint256 s) internal view returns (G1Point memory r) { - - uint256[3] memory input; - input[0] = p.X; - input[1] = p.Y; - input[2] = s; - bool success; - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 7, input, 0x80, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - require (success,"pairing-mul-failed"); - } - - /* @return The result of computing the pairing check - * e(p1[0], p2[0]) * .... * e(p1[n], p2[n]) == 1 - * For example, - * pairing([P1(), P1().negate()], [P2(), P2()]) should return true. - */ - function pairing( - G1Point memory a1, - G2Point memory a2, - G1Point memory b1, - G2Point memory b2, - G1Point memory c1, - G2Point memory c2, - G1Point memory d1, - G2Point memory d2 - ) internal view returns (bool) { - - G1Point[4] memory p1 = [a1, b1, c1, d1]; - G2Point[4] memory p2 = [a2, b2, c2, d2]; - - uint256 inputSize = 24; - uint256[] memory input = new uint256[](inputSize); - - for (uint256 i = 0; i < 4; i++) { - uint256 j = i * 6; - input[j + 0] = p1[i].X; - input[j + 1] = p1[i].Y; - input[j + 2] = p2[i].X[0]; - input[j + 3] = p2[i].X[1]; - input[j + 4] = p2[i].Y[0]; - input[j + 5] = p2[i].Y[1]; - } - - uint256[1] memory out; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 8, add(input, 0x20), mul(inputSize, 0x20), out, 0x20) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-opcode-failed"); - - return out[0] != 0; - } -} - -contract QuadVoteTallyVerifier32Batch16 { - - using Pairing for *; - - uint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct VerifyingKey { - Pairing.G1Point alpha1; - Pairing.G2Point beta2; - Pairing.G2Point gamma2; - Pairing.G2Point delta2; - Pairing.G1Point[11] IC; - } - - struct Proof { - Pairing.G1Point A; - Pairing.G2Point B; - Pairing.G1Point C; - } - - function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alpha1 = Pairing.G1Point(uint256(3931802286032916768722587566330261370902955393767942929056531203487688137529),uint256(10293105233586296031473050653492052327805448683376110761534611791713915549265)); - vk.beta2 = Pairing.G2Point([uint256(21113959492300078886023582393043413128535975125428858805958839308822991748856),uint256(12222282698476210310273536080661281164688722800089362655366747391082242682958)], [uint256(20739573447354048976161197946493569928714465565589532971602923073536082697608),uint256(12941541312444627642958656716514029404685754754869818026526533196090365546374)]); - vk.gamma2 = Pairing.G2Point([uint256(14670836137271604202540255380769830849745744579684969689183516705496317922507),uint256(12178657156513808651243577987886528335149661869282225179912079606061386989744)], [uint256(1125902728883689137508324551765647737011904363437526425591650949891310723812),uint256(15919834918458423371681379777897287057084498811382451098590568497815773165692)]); - vk.delta2 = Pairing.G2Point([uint256(2231852960373618563799433391860999041123211180191070579878255252716013298732),uint256(14291274065364399133654336098495355501982202302398283580502954673818060696633)], [uint256(3168628806727684542778047539988455291220201924183716864807010176642260685841),uint256(12606002808572759608577415926932586006638023328815450374325080704700677189688)]); - vk.IC[0] = Pairing.G1Point(uint256(12848020380718535565089853534681145843006092696634142199856299025847321502371),uint256(6468756580219346512614969481554956146762400832923090074339557565951026058536)); - vk.IC[1] = Pairing.G1Point(uint256(789092430114940371944840041796419370450123967868354406244601329700742570445),uint256(11703230415288173665088837798624967250284180660322246777462631600764972864812)); - vk.IC[2] = Pairing.G1Point(uint256(16252197430844492890521435281772316410665185290137018091020232186750112907512),uint256(20861485175504002710376158881527553699531789728793309486150649246737774028347)); - vk.IC[3] = Pairing.G1Point(uint256(16969171625806775801891191965047460974818115969312194891897374689668597542196),uint256(14389419046525510722177847778450425484834864589330386321604392542455541983572)); - vk.IC[4] = Pairing.G1Point(uint256(13928883789499754049998767198742842124977905594692254232979837689918838899511),uint256(6757216204221511030872544186493375503384465407204524181513380457112801460878)); - vk.IC[5] = Pairing.G1Point(uint256(12615105472464956174046705416720445236758313003314061110048664932376957788951),uint256(1115476865907623432334995719744390855110066393577587591466560011685797098103)); - vk.IC[6] = Pairing.G1Point(uint256(12126180897004602060892141406139130628195608764592739755066384985876875328223),uint256(837414672224275155302376389224725114262382901229023048656048324984574980028)); - vk.IC[7] = Pairing.G1Point(uint256(721442001352764820041409242091349606527760014067614573870735409795650532250),uint256(5871690341119940542207233131936464616602051666920986699510353544932455895913)); - vk.IC[8] = Pairing.G1Point(uint256(11936590707137322489603100954274435093115715779097755089203405884503252799861),uint256(5832382048375298946996376174464817616061448358844675910441699738844607159400)); - vk.IC[9] = Pairing.G1Point(uint256(1150487096467611973629613424410317323826245588905051816727229632029031650443),uint256(19621934380117246037511579161242972091034040331100068879508644849318614270487)); - vk.IC[10] = Pairing.G1Point(uint256(14447725242028063610944438927433683612461991907837633029384208510392253681728),uint256(15642702797143402072429225245488363130997179355079100914641555016655302069615)); - - } - - /* - * @returns Whether the proof is valid given the hardcoded verifying key - * above and the public inputs - */ - function verifyProof( - uint256[2] memory a, - uint256[2][2] memory b, - uint256[2] memory c, - uint256[] memory input - ) public view returns (bool) { - - Proof memory proof; - proof.A = Pairing.G1Point(a[0], a[1]); - proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.C = Pairing.G1Point(c[0], c[1]); - - VerifyingKey memory vk = verifyingKey(); - - // Compute the linear combination vk_x - Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); - - // Make sure that proof.A, B, and C are each less than the prime q - require(proof.A.X < PRIME_Q, "verifier-aX-gte-prime-q"); - require(proof.A.Y < PRIME_Q, "verifier-aY-gte-prime-q"); - - require(proof.B.X[0] < PRIME_Q, "verifier-bX0-gte-prime-q"); - require(proof.B.Y[0] < PRIME_Q, "verifier-bY0-gte-prime-q"); - - require(proof.B.X[1] < PRIME_Q, "verifier-bX1-gte-prime-q"); - require(proof.B.Y[1] < PRIME_Q, "verifier-bY1-gte-prime-q"); - - require(proof.C.X < PRIME_Q, "verifier-cX-gte-prime-q"); - require(proof.C.Y < PRIME_Q, "verifier-cY-gte-prime-q"); - - // Make sure that every input is less than the snark scalar field - //for (uint256 i = 0; i < input.length; i++) { - for (uint256 i = 0; i < 10; i++) { - require(input[i] < SNARK_SCALAR_FIELD,"verifier-gte-snark-scalar-field"); - vk_x = Pairing.plus(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); - } - - vk_x = Pairing.plus(vk_x, vk.IC[0]); - - return Pairing.pairing( - Pairing.negate(proof.A), - proof.B, - vk.alpha1, - vk.beta2, - vk_x, - vk.gamma2, - proof.C, - vk.delta2 - ); - } -} diff --git a/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifierBatch64.sol b/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifierBatch64.sol deleted file mode 100644 index 7f5d8befd..000000000 --- a/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifierBatch64.sol +++ /dev/null @@ -1,240 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Copyright 2017 Christian Reitwiessner -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to -// deal in the Software without restriction, including without limitation the -// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -// sell copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -// IN THE SOFTWARE. - -// 2019 OKIMS - -pragma solidity ^0.6.12; - -library Pairing { - - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct G1Point { - uint256 X; - uint256 Y; - } - - // Encoding of field elements is: X[0] * z + X[1] - struct G2Point { - uint256[2] X; - uint256[2] Y; - } - - /* - * @return The negation of p, i.e. p.plus(p.negate()) should be zero. - */ - function negate(G1Point memory p) internal pure returns (G1Point memory) { - - // The prime q in the base field F_q for G1 - if (p.X == 0 && p.Y == 0) { - return G1Point(0, 0); - } else { - return G1Point(p.X, PRIME_Q - (p.Y % PRIME_Q)); - } - } - - /* - * @return The sum of two points of G1 - */ - function plus( - G1Point memory p1, - G1Point memory p2 - ) internal view returns (G1Point memory r) { - - uint256[4] memory input; - input[0] = p1.X; - input[1] = p1.Y; - input[2] = p2.X; - input[3] = p2.Y; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-add-failed"); - } - - /* - * @return The product of a point on G1 and a scalar, i.e. - * p == p.scalar_mul(1) and p.plus(p) == p.scalar_mul(2) for all - * points p. - */ - function scalar_mul(G1Point memory p, uint256 s) internal view returns (G1Point memory r) { - - uint256[3] memory input; - input[0] = p.X; - input[1] = p.Y; - input[2] = s; - bool success; - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 7, input, 0x80, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - require (success,"pairing-mul-failed"); - } - - /* @return The result of computing the pairing check - * e(p1[0], p2[0]) * .... * e(p1[n], p2[n]) == 1 - * For example, - * pairing([P1(), P1().negate()], [P2(), P2()]) should return true. - */ - function pairing( - G1Point memory a1, - G2Point memory a2, - G1Point memory b1, - G2Point memory b2, - G1Point memory c1, - G2Point memory c2, - G1Point memory d1, - G2Point memory d2 - ) internal view returns (bool) { - - G1Point[4] memory p1 = [a1, b1, c1, d1]; - G2Point[4] memory p2 = [a2, b2, c2, d2]; - - uint256 inputSize = 24; - uint256[] memory input = new uint256[](inputSize); - - for (uint256 i = 0; i < 4; i++) { - uint256 j = i * 6; - input[j + 0] = p1[i].X; - input[j + 1] = p1[i].Y; - input[j + 2] = p2[i].X[0]; - input[j + 3] = p2[i].X[1]; - input[j + 4] = p2[i].Y[0]; - input[j + 5] = p2[i].Y[1]; - } - - uint256[1] memory out; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 8, add(input, 0x20), mul(inputSize, 0x20), out, 0x20) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-opcode-failed"); - - return out[0] != 0; - } -} - -contract QuadVoteTallyVerifierBatch64 { - - using Pairing for *; - - uint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct VerifyingKey { - Pairing.G1Point alpha1; - Pairing.G2Point beta2; - Pairing.G2Point gamma2; - Pairing.G2Point delta2; - Pairing.G1Point[11] IC; - } - - struct Proof { - Pairing.G1Point A; - Pairing.G2Point B; - Pairing.G1Point C; - } - - function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alpha1 = Pairing.G1Point(uint256(8998677785356475976681729551581748241325038364445707399605311153715193285192),uint256(16532093260476468234284235622994996263894019866786993774689525941531486715280)); - vk.beta2 = Pairing.G2Point([uint256(14479696864247948470811129902981074107577880260267988466643697895429700862357),uint256(7673508468962275876822578116767566306007923040617408204893910425294482718359)], [uint256(3025794662125932744461510313664354244361345886188220954268088904152332320651),uint256(18992001603150737150609170655111529043323918325565233843250080825070227900741)]); - vk.gamma2 = Pairing.G2Point([uint256(4774442582759577548845273460482286945247270845418250880380173808037730007146),uint256(19632998816417277057191816929078931508219443286363999553420436712667847802509)], [uint256(8918484860111856084885536772945733139126131932286560515976472672010960012834),uint256(12728669449444166995903623839504592322409504301832398134300330772308607917073)]); - vk.delta2 = Pairing.G2Point([uint256(15785059851343798028684598751378759057245187772163751398827510094565061725238),uint256(21118128021055465323522140883656695832878555508305373434189121269701766235730)], [uint256(13568894355304319876421253464785911878212017214379681164608971423414503706203),uint256(13159583370455092481079763163823460297963250255523361267085961821806615709492)]); - vk.IC[0] = Pairing.G1Point(uint256(17565231262536262059880953057168652920760564268967484995833449932868505425453),uint256(12188686363387894404482877921579809555738089118150529762262500832547425324413)); - vk.IC[1] = Pairing.G1Point(uint256(11189327955398716455357578100208632792320136054341850974581633926389276968439),uint256(13346042944044822030526526592409317594222810159017045773876902868540767926789)); - vk.IC[2] = Pairing.G1Point(uint256(4841917664084834927763896883310585967014384374505892074230796208068284173617),uint256(18170939148620637269090232661132873974208089448822352559672713479981933524597)); - vk.IC[3] = Pairing.G1Point(uint256(18819966500293660402531086354419973912066562695742018658017872617474355110586),uint256(21777120900100859259925548526006244513934409052108418268054046593333988632979)); - vk.IC[4] = Pairing.G1Point(uint256(16090571137665417344860949919114298372447642825525030792688149453160603275973),uint256(11028345007100474884743109999990340096930987561377988366283061948118635256399)); - vk.IC[5] = Pairing.G1Point(uint256(8565376255290633678674898949265672764671797704000889552605773658404947597356),uint256(8134113217715388235372429381559636053722293848617705894690514518674228042182)); - vk.IC[6] = Pairing.G1Point(uint256(14563576887421649746847610551642066185997940451407657996153162281658269151338),uint256(3006545207325771542831873992663481302506804502922484994752738879448954888593)); - vk.IC[7] = Pairing.G1Point(uint256(2945281449524289396587806467221452974974132513125923527213072377993572783955),uint256(16114859942947305831498266256190478085152888824338102881853989411303260441326)); - vk.IC[8] = Pairing.G1Point(uint256(17535290294201239551318275539559369129483399986530054025564198618381997235450),uint256(4670423088334897050397605971773705631924741154427292154782933204365329751809)); - vk.IC[9] = Pairing.G1Point(uint256(17614334556994749443749549798035358239179553133825558482478045411777802484523),uint256(7094754689901925867819232494399619412173023860803836457804265404702369434376)); - vk.IC[10] = Pairing.G1Point(uint256(7390265632726797438431040125237407305009017950382543022039201491896546184823),uint256(17970645195573822913849013220214770354709981129727702271146338010115720135385)); - - } - - /* - * @returns Whether the proof is valid given the hardcoded verifying key - * above and the public inputs - */ - function verifyProof( - uint256[2] memory a, - uint256[2][2] memory b, - uint256[2] memory c, - uint256[] memory input - ) public view returns (bool) { - - Proof memory proof; - proof.A = Pairing.G1Point(a[0], a[1]); - proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.C = Pairing.G1Point(c[0], c[1]); - - VerifyingKey memory vk = verifyingKey(); - - // Compute the linear combination vk_x - Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); - - // Make sure that proof.A, B, and C are each less than the prime q - require(proof.A.X < PRIME_Q, "verifier-aX-gte-prime-q"); - require(proof.A.Y < PRIME_Q, "verifier-aY-gte-prime-q"); - - require(proof.B.X[0] < PRIME_Q, "verifier-bX0-gte-prime-q"); - require(proof.B.Y[0] < PRIME_Q, "verifier-bY0-gte-prime-q"); - - require(proof.B.X[1] < PRIME_Q, "verifier-bX1-gte-prime-q"); - require(proof.B.Y[1] < PRIME_Q, "verifier-bY1-gte-prime-q"); - - require(proof.C.X < PRIME_Q, "verifier-cX-gte-prime-q"); - require(proof.C.Y < PRIME_Q, "verifier-cY-gte-prime-q"); - - // Make sure that every input is less than the snark scalar field - //for (uint256 i = 0; i < input.length; i++) { - for (uint256 i = 0; i < 10; i++) { - require(input[i] < SNARK_SCALAR_FIELD,"verifier-gte-snark-scalar-field"); - vk_x = Pairing.plus(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); - } - - vk_x = Pairing.plus(vk_x, vk.IC[0]); - - return Pairing.pairing( - Pairing.negate(proof.A), - proof.B, - vk.alpha1, - vk.beta2, - vk_x, - vk.gamma2, - proof.C, - vk.delta2 - ); - } -} diff --git a/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifierCustom.sol b/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifierCustom.sol deleted file mode 100644 index a6a396654..000000000 --- a/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifierCustom.sol +++ /dev/null @@ -1,240 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Copyright 2017 Christian Reitwiessner -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to -// deal in the Software without restriction, including without limitation the -// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -// sell copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -// IN THE SOFTWARE. - -// 2019 OKIMS - -pragma solidity ^0.6.12; - -library Pairing { - - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct G1Point { - uint256 X; - uint256 Y; - } - - // Encoding of field elements is: X[0] * z + X[1] - struct G2Point { - uint256[2] X; - uint256[2] Y; - } - - /* - * @return The negation of p, i.e. p.plus(p.negate()) should be zero. - */ - function negate(G1Point memory p) internal pure returns (G1Point memory) { - - // The prime q in the base field F_q for G1 - if (p.X == 0 && p.Y == 0) { - return G1Point(0, 0); - } else { - return G1Point(p.X, PRIME_Q - (p.Y % PRIME_Q)); - } - } - - /* - * @return The sum of two points of G1 - */ - function plus( - G1Point memory p1, - G1Point memory p2 - ) internal view returns (G1Point memory r) { - - uint256[4] memory input; - input[0] = p1.X; - input[1] = p1.Y; - input[2] = p2.X; - input[3] = p2.Y; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-add-failed"); - } - - /* - * @return The product of a point on G1 and a scalar, i.e. - * p == p.scalar_mul(1) and p.plus(p) == p.scalar_mul(2) for all - * points p. - */ - function scalar_mul(G1Point memory p, uint256 s) internal view returns (G1Point memory r) { - - uint256[3] memory input; - input[0] = p.X; - input[1] = p.Y; - input[2] = s; - bool success; - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 7, input, 0x80, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - require (success,"pairing-mul-failed"); - } - - /* @return The result of computing the pairing check - * e(p1[0], p2[0]) * .... * e(p1[n], p2[n]) == 1 - * For example, - * pairing([P1(), P1().negate()], [P2(), P2()]) should return true. - */ - function pairing( - G1Point memory a1, - G2Point memory a2, - G1Point memory b1, - G2Point memory b2, - G1Point memory c1, - G2Point memory c2, - G1Point memory d1, - G2Point memory d2 - ) internal view returns (bool) { - - G1Point[4] memory p1 = [a1, b1, c1, d1]; - G2Point[4] memory p2 = [a2, b2, c2, d2]; - - uint256 inputSize = 24; - uint256[] memory input = new uint256[](inputSize); - - for (uint256 i = 0; i < 4; i++) { - uint256 j = i * 6; - input[j + 0] = p1[i].X; - input[j + 1] = p1[i].Y; - input[j + 2] = p2[i].X[0]; - input[j + 3] = p2[i].X[1]; - input[j + 4] = p2[i].Y[0]; - input[j + 5] = p2[i].Y[1]; - } - - uint256[1] memory out; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 8, add(input, 0x20), mul(inputSize, 0x20), out, 0x20) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-opcode-failed"); - - return out[0] != 0; - } -} - -contract QuadVoteTallyVerifierCustom { - - using Pairing for *; - - uint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct VerifyingKey { - Pairing.G1Point alpha1; - Pairing.G2Point beta2; - Pairing.G2Point gamma2; - Pairing.G2Point delta2; - Pairing.G1Point[11] IC; - } - - struct Proof { - Pairing.G1Point A; - Pairing.G2Point B; - Pairing.G1Point C; - } - - function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alpha1 = Pairing.G1Point(uint256(16943336223702478034729513866374796851228809856161008919800913520856468181573),uint256(2995090004627639065569871279932395584911899798711981190091501417285102191177)); - vk.beta2 = Pairing.G2Point([uint256(16224714118819881643530609308327988952043965596591357129331660443749437880225),uint256(18713080770238836914085757668180363883442449561648958290173009680301883643312)], [uint256(22349732573235212308155999603848231077445494488349558443704557051018923559),uint256(10320633006958853808156951459730803259989331403375988741484169048853496829865)]); - vk.gamma2 = Pairing.G2Point([uint256(13754685977183525838201298718645487522999887715054765691404125733830578085397),uint256(6942074706854035824685190568710272703891322307475144729076362801105779834805)], [uint256(5140158617774088963306972183201877929593031398407933973109566549607124831751),uint256(13035987335313190818598467074385857301795834547346013393313010045759712554988)]); - vk.delta2 = Pairing.G2Point([uint256(8060558336832861646731122586124893496721636529597338211955002623228447877246),uint256(11266091873376325088415037049219024114103234301565804309675027383590258801637)], [uint256(14778268722321702691286210615443377029665021234872720602744008230960335632554),uint256(159950337696748857596651038995043496935979997396302102605500326482927324500)]); - vk.IC[0] = Pairing.G1Point(uint256(16066585270605647433163972725844364442561475974556889399601021622371369271144),uint256(12676191990324881131751023451007364920714885702228311161299501530006872841519)); - vk.IC[1] = Pairing.G1Point(uint256(8741724346703266580019385312120367474943720529314996811441101272835876516470),uint256(17031176066038457326863997348851727124563803542303563511325983859631762911934)); - vk.IC[2] = Pairing.G1Point(uint256(18066750137770170845946733820200480964706781331673770545419839050076884756612),uint256(9347679342275024796450198445411694201271359973979853238013376665002795681996)); - vk.IC[3] = Pairing.G1Point(uint256(12615311434592602984490157419406590901170885801626249228431749604898753676825),uint256(14923844847934190225877627597124089862553879390935260800034269416514426560258)); - vk.IC[4] = Pairing.G1Point(uint256(20169822918031976507682131782892646776809554001149512021190639599804349326690),uint256(16500262714506045360275229153359308289644927300370679736657829361303433615345)); - vk.IC[5] = Pairing.G1Point(uint256(17087302943942300743176792228086268327696285793900716344408973607382655072319),uint256(18235408216267296600740961289869198243767504308584360263468406970385003239783)); - vk.IC[6] = Pairing.G1Point(uint256(19545026119096666217656647361860838923223293971001406747125714826757828149809),uint256(6559080491999014353344865620771583944769725829299641810721028046777843584264)); - vk.IC[7] = Pairing.G1Point(uint256(19060100374012958103958897290158267767597513329256041185857758273030309802587),uint256(9555898096763236508022594162106408962958705890577795983031819651275877959038)); - vk.IC[8] = Pairing.G1Point(uint256(11259424594567992022915148822616114808210551795687973599385042152935186891352),uint256(8847372443318686693647511285032355230775674903720747383283857986227997292264)); - vk.IC[9] = Pairing.G1Point(uint256(20034938052071061170101345512267783478448487278351248710639589348238685776221),uint256(20456838147183647185441901749475039833247081714013147449136222686509036222717)); - vk.IC[10] = Pairing.G1Point(uint256(14726963331140212908790922462256415603139476517884646197732123280907881194129),uint256(19499071686152952417621806302814788689759796377680900572072370183655072718752)); - - } - - /* - * @returns Whether the proof is valid given the hardcoded verifying key - * above and the public inputs - */ - function verifyProof( - uint256[2] memory a, - uint256[2][2] memory b, - uint256[2] memory c, - uint256[] memory input - ) public view returns (bool) { - - Proof memory proof; - proof.A = Pairing.G1Point(a[0], a[1]); - proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.C = Pairing.G1Point(c[0], c[1]); - - VerifyingKey memory vk = verifyingKey(); - - // Compute the linear combination vk_x - Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); - - // Make sure that proof.A, B, and C are each less than the prime q - require(proof.A.X < PRIME_Q, "verifier-aX-gte-prime-q"); - require(proof.A.Y < PRIME_Q, "verifier-aY-gte-prime-q"); - - require(proof.B.X[0] < PRIME_Q, "verifier-bX0-gte-prime-q"); - require(proof.B.Y[0] < PRIME_Q, "verifier-bY0-gte-prime-q"); - - require(proof.B.X[1] < PRIME_Q, "verifier-bX1-gte-prime-q"); - require(proof.B.Y[1] < PRIME_Q, "verifier-bY1-gte-prime-q"); - - require(proof.C.X < PRIME_Q, "verifier-cX-gte-prime-q"); - require(proof.C.Y < PRIME_Q, "verifier-cY-gte-prime-q"); - - // Make sure that every input is less than the snark scalar field - //for (uint256 i = 0; i < input.length; i++) { - for (uint256 i = 0; i < 10; i++) { - require(input[i] < SNARK_SCALAR_FIELD,"verifier-gte-snark-scalar-field"); - vk_x = Pairing.plus(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); - } - - vk_x = Pairing.plus(vk_x, vk.IC[0]); - - return Pairing.pairing( - Pairing.negate(proof.A), - proof.B, - vk.alpha1, - vk.beta2, - vk_x, - vk.gamma2, - proof.C, - vk.delta2 - ); - } -} diff --git a/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifierMedium.sol b/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifierMedium.sol deleted file mode 100644 index 6a0b9771c..000000000 --- a/contracts/contracts/snarkVerifiers/QuadVoteTallyVerifierMedium.sol +++ /dev/null @@ -1,240 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Copyright 2017 Christian Reitwiessner -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to -// deal in the Software without restriction, including without limitation the -// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -// sell copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -// IN THE SOFTWARE. - -// 2019 OKIMS - -pragma solidity ^0.6.12; - -library Pairing { - - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct G1Point { - uint256 X; - uint256 Y; - } - - // Encoding of field elements is: X[0] * z + X[1] - struct G2Point { - uint256[2] X; - uint256[2] Y; - } - - /* - * @return The negation of p, i.e. p.plus(p.negate()) should be zero. - */ - function negate(G1Point memory p) internal pure returns (G1Point memory) { - - // The prime q in the base field F_q for G1 - if (p.X == 0 && p.Y == 0) { - return G1Point(0, 0); - } else { - return G1Point(p.X, PRIME_Q - (p.Y % PRIME_Q)); - } - } - - /* - * @return The sum of two points of G1 - */ - function plus( - G1Point memory p1, - G1Point memory p2 - ) internal view returns (G1Point memory r) { - - uint256[4] memory input; - input[0] = p1.X; - input[1] = p1.Y; - input[2] = p2.X; - input[3] = p2.Y; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 6, input, 0xc0, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-add-failed"); - } - - /* - * @return The product of a point on G1 and a scalar, i.e. - * p == p.scalar_mul(1) and p.plus(p) == p.scalar_mul(2) for all - * points p. - */ - function scalar_mul(G1Point memory p, uint256 s) internal view returns (G1Point memory r) { - - uint256[3] memory input; - input[0] = p.X; - input[1] = p.Y; - input[2] = s; - bool success; - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 7, input, 0x80, r, 0x60) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - require (success,"pairing-mul-failed"); - } - - /* @return The result of computing the pairing check - * e(p1[0], p2[0]) * .... * e(p1[n], p2[n]) == 1 - * For example, - * pairing([P1(), P1().negate()], [P2(), P2()]) should return true. - */ - function pairing( - G1Point memory a1, - G2Point memory a2, - G1Point memory b1, - G2Point memory b2, - G1Point memory c1, - G2Point memory c2, - G1Point memory d1, - G2Point memory d2 - ) internal view returns (bool) { - - G1Point[4] memory p1 = [a1, b1, c1, d1]; - G2Point[4] memory p2 = [a2, b2, c2, d2]; - - uint256 inputSize = 24; - uint256[] memory input = new uint256[](inputSize); - - for (uint256 i = 0; i < 4; i++) { - uint256 j = i * 6; - input[j + 0] = p1[i].X; - input[j + 1] = p1[i].Y; - input[j + 2] = p2[i].X[0]; - input[j + 3] = p2[i].X[1]; - input[j + 4] = p2[i].Y[0]; - input[j + 5] = p2[i].Y[1]; - } - - uint256[1] memory out; - bool success; - - // solium-disable-next-line security/no-inline-assembly - assembly { - success := staticcall(sub(gas(), 2000), 8, add(input, 0x20), mul(inputSize, 0x20), out, 0x20) - // Use "invalid" to make gas estimation work - switch success case 0 { invalid() } - } - - require(success,"pairing-opcode-failed"); - - return out[0] != 0; - } -} - -contract QuadVoteTallyVerifierMedium { - - using Pairing for *; - - uint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 constant PRIME_Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - struct VerifyingKey { - Pairing.G1Point alpha1; - Pairing.G2Point beta2; - Pairing.G2Point gamma2; - Pairing.G2Point delta2; - Pairing.G1Point[11] IC; - } - - struct Proof { - Pairing.G1Point A; - Pairing.G2Point B; - Pairing.G1Point C; - } - - function verifyingKey() internal pure returns (VerifyingKey memory vk) { - vk.alpha1 = Pairing.G1Point(uint256(13319089463234179848573002558390225549925881544844229526026924163697823868217),uint256(16969301351798186988714599867637580075355998123297360899531464320382608917823)); - vk.beta2 = Pairing.G2Point([uint256(884135738813217152621098145714294997398020017370840732264237360992258561447),uint256(19265421094608053372816753968184963865893506095669353940268571978837240754173)], [uint256(6012149136709364348511994415938926021699699739179211173438016183904359873348),uint256(18991863387357993343955782395887020515221469647499376150856526155670788249449)]); - vk.gamma2 = Pairing.G2Point([uint256(21706235430892367859879218182417991464200104199464192769968420709969064082182),uint256(9915925245823821340262119200814211466249968283712127067494733663581717141808)], [uint256(8014379982653295859045609354888939159136652087530005163017336188856076697895),uint256(2588603844529736152444998937030017992055831391004763507477228242434048551536)]); - vk.delta2 = Pairing.G2Point([uint256(21672490495356192161771534456050409753676928730042015138105659729884181401296),uint256(11689585908171101387988657019546096291792404055572652014148290715892557767130)], [uint256(17715373485732263146801654162487114729339353301382818364817626786331552897670),uint256(7696588916204722756361279480504273602458100892781940413610616014966001317247)]); - vk.IC[0] = Pairing.G1Point(uint256(17087295223641082531404079553051944993373273715611908012655503993166473305754),uint256(6182736911358003151475000767360161120209489648201280392864464064000417014535)); - vk.IC[1] = Pairing.G1Point(uint256(21858953054392112643557291820558011932152397351662137062152873307837243226369),uint256(274645877754130014813042509232530378175318856440973274077059796717639658430)); - vk.IC[2] = Pairing.G1Point(uint256(14548545129502259069026547328012710742416048860809889195881907206952252416017),uint256(3228019127016928543942878181040938702662111374432682887727142995462783476447)); - vk.IC[3] = Pairing.G1Point(uint256(14373384695365988284659515115291314982184320080618552455788003283931361168551),uint256(8036736519216864070653705682127086068109886836500549090511686027151133616841)); - vk.IC[4] = Pairing.G1Point(uint256(16675333368700753066857800168703829812516465703476953717896334935892560689090),uint256(21608453333300419224392882163943662578792079956113795409183520246170299650376)); - vk.IC[5] = Pairing.G1Point(uint256(15736222309742563960248671973021862579667636851297012518581665096370726236454),uint256(21335199829751875203976028398898650985868040373956185059024547759260250305410)); - vk.IC[6] = Pairing.G1Point(uint256(16015435326083107624534169308129329045670274526456331351092633532436693939936),uint256(7453357474723762629421327112394063535945396093961872225177306831806502964062)); - vk.IC[7] = Pairing.G1Point(uint256(20800366726240207296493046386720608820175660231494817648971335534167674634983),uint256(2240276722181725673183741162820624252693987652993756341839102628211641338510)); - vk.IC[8] = Pairing.G1Point(uint256(21685869598701747502602869356260040072202071791936602760677041477453356238587),uint256(1570490528987142417400349354081659284444484408158915693119127128346469764684)); - vk.IC[9] = Pairing.G1Point(uint256(14687796710661759670182543591397320527000297314362566109212833620898352944810),uint256(14435809464288477390543880429818949557411637937848005232403789999458897870591)); - vk.IC[10] = Pairing.G1Point(uint256(4062878755941944424289598715546694691639070862682597049472966026221368157214),uint256(16596126292359214329416908692838229109530151425321455496930453385135619684735)); - - } - - /* - * @returns Whether the proof is valid given the hardcoded verifying key - * above and the public inputs - */ - function verifyProof( - uint256[2] memory a, - uint256[2][2] memory b, - uint256[2] memory c, - uint256[] memory input - ) public view returns (bool) { - - Proof memory proof; - proof.A = Pairing.G1Point(a[0], a[1]); - proof.B = Pairing.G2Point([b[0][0], b[0][1]], [b[1][0], b[1][1]]); - proof.C = Pairing.G1Point(c[0], c[1]); - - VerifyingKey memory vk = verifyingKey(); - - // Compute the linear combination vk_x - Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0); - - // Make sure that proof.A, B, and C are each less than the prime q - require(proof.A.X < PRIME_Q, "verifier-aX-gte-prime-q"); - require(proof.A.Y < PRIME_Q, "verifier-aY-gte-prime-q"); - - require(proof.B.X[0] < PRIME_Q, "verifier-bX0-gte-prime-q"); - require(proof.B.Y[0] < PRIME_Q, "verifier-bY0-gte-prime-q"); - - require(proof.B.X[1] < PRIME_Q, "verifier-bX1-gte-prime-q"); - require(proof.B.Y[1] < PRIME_Q, "verifier-bY1-gte-prime-q"); - - require(proof.C.X < PRIME_Q, "verifier-cX-gte-prime-q"); - require(proof.C.Y < PRIME_Q, "verifier-cY-gte-prime-q"); - - // Make sure that every input is less than the snark scalar field - //for (uint256 i = 0; i < input.length; i++) { - for (uint256 i = 0; i < 10; i++) { - require(input[i] < SNARK_SCALAR_FIELD,"verifier-gte-snark-scalar-field"); - vk_x = Pairing.plus(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i])); - } - - vk_x = Pairing.plus(vk_x, vk.IC[0]); - - return Pairing.pairing( - Pairing.negate(proof.A), - proof.B, - vk.alpha1, - vk.beta2, - vk_x, - vk.gamma2, - proof.C, - vk.delta2 - ); - } -} diff --git a/contracts/contracts/snarkVerifiers/README.md b/contracts/contracts/snarkVerifiers/README.md deleted file mode 100644 index 29d65dae2..000000000 --- a/contracts/contracts/snarkVerifiers/README.md +++ /dev/null @@ -1,51 +0,0 @@ -# SNARK verifiers - -## Trusted setup: - -- 'test' circuits: https://gateway.pinata.cloud/ipfs/Qmbi3nqjBwANPMk5BRyKjCJ4QSHK6WNp7v9NLLo4uwrG1f -- 'medium' circuits: https://gateway.pinata.cloud/ipfs/QmRzp3vkFPNHPpXiu7iKpPqVnZB97wq7gyih2mp6pa5bmD -- 'x32' circuits: https://gateway.pinata.cloud/ipfs/QmWSxPBNYDtsK23KwYdMtcDaJg3gWS3LBsqMnENrVG6nmc -- 'batch64' circuits: https://gateway.pinata.cloud/ipfs/QmbVzVWqNTjEv5S3Vvyq7NkLVkpqWuA9DGMRibZYJXKJqy - - -## Generating circuits -Instead of downloading the above circuits from the ipfs, they can be generated using the MACI scripts. For example, to build the x32 circuits on linux Ubuntu 22.04 + Node v16.13.2: - -``` -# Clone the MACI repo and switch to version v0.10.1: -git clone https://github.com/privacy-scaling-explorations/maci.git -cd maci/ -git checkout v0.10.1 - -# install deps -sudo apt-get install build-essential libgmp-dev libsodium-dev nasm git - -# recompile binaries (takes time: ~5min to ~10min), the output files are in ./params folder -cd circuits -./scripts/buildSnarks32.sh - -``` - - -### Generating batch64 circuits -The batch64 circuits can be generated using the [buildCustomSnarks.sh](https://github.com/privacy-scaling-explorations/maci/blob/master/circuits/scripts/buildCustomSnarks.sh) as follow: - -``` -./scripts/buildCustomSnarks.sh -s 32 -m 32 -v 3 -i 6 -b 64 -``` - -After generating the files, set the c binaries with executable permission and rename files as follow so they can be used with the tally scripts as described [here](../../../docs/tally-verify.md) - -``` -mv batchUstCustom batchUst32 -mv batchUstCustom.r1cs batchUst32.r1cs -mv batchUstCustom.params batchUst32.params -mv batchUstCustom.dat batchUst32.dat -mv batchUstCustom.sym batchUst32.sym -mv qvtCustom qvt32 -mv qvtCircuitCustom.r1cs qvtCircuit32.r1cs -mv qvtCustom.params qvt32.params -mv qvtCustom.dat qvt32.dat -mv qvtCustom.sym qvt32.sym -chmod u+x batchUst32 qvt32 -``` diff --git a/contracts/deploy-config-example.json b/contracts/deploy-config-example.json index 65086870d..77032cfed 100644 --- a/contracts/deploy-config-example.json +++ b/contracts/deploy-config-example.json @@ -5,7 +5,6 @@ "paramsDirectory": "./params" }, "ClrFund": { - "template": false, "coordinator": "", "token": "", "userRegistry": "SimpleUserRegistry", @@ -30,7 +29,6 @@ "paramsDirectory": "./params" }, "ClrFund": { - "template": false, "coordinator": "", "token": "0x65bc8dd04808d99cf8aa6749f128d55c2051edde", "userRegistry": "BrightIdUserRegistry", diff --git a/contracts/hardhat.config.ts b/contracts/hardhat.config.ts index bdb626f58..3b1477cf9 100644 --- a/contracts/hardhat.config.ts +++ b/contracts/hardhat.config.ts @@ -2,8 +2,7 @@ import fs from 'fs' import path from 'path' import dotenv from 'dotenv' -import { TASK_COMPILE_SOLIDITY_GET_SOURCE_PATHS } from 'hardhat/builtin-tasks/task-names' -import { subtask, task } from 'hardhat/config' +import { task } from 'hardhat/config' import '@nomicfoundation/hardhat-toolbox' import '@nomiclabs/hardhat-ganache' import 'hardhat-contract-sizer' @@ -180,15 +179,6 @@ export default { }, } -// filter out files that we don't want to compile -subtask(TASK_COMPILE_SOLIDITY_GET_SOURCE_PATHS, async (_, __, runSuper) => { - const paths = await runSuper() - - return paths.filter((filePath: string) => { - return !filePath.includes('snarkVerifiers') - }) -}) - task( 'compile', 'Compiles the entire project, building all artifacts', diff --git a/contracts/package.json b/contracts/package.json index 1ba90e415..7bbbb8133 100644 --- a/contracts/package.json +++ b/contracts/package.json @@ -1,6 +1,6 @@ { "name": "@clrfund/contracts", - "version": "4.3.1", + "version": "5.1.0", "license": "GPL-3.0", "scripts": { "hardhat": "hardhat", diff --git a/contracts/sh/runScriptTests.sh b/contracts/sh/runScriptTests.sh index bff6b4e07..f03a47bf9 100755 --- a/contracts/sh/runScriptTests.sh +++ b/contracts/sh/runScriptTests.sh @@ -11,6 +11,7 @@ export OUTPUT_DIR="./proof_output/${NOW}" export TALLY_FILE=${OUTPUT_DIR}/tally.json export HARDHAT_NETWORK=localhost export RAPID_SNARK=${RAPID_SNARK:-~/rapidsnark/package/bin/prover} +export ROUND_DURATION=1000 mkdir -p ${OUTPUT_DIR} @@ -25,12 +26,11 @@ export COORDINATOR_MACISK=$(echo "${MACI_KEYPAIR}" | grep -o "macisk.*$") yarn hardhat new-clrfund --network ${HARDHAT_NETWORK} # deploy a new funding round -yarn hardhat new-round --network ${HARDHAT_NETWORK} +yarn hardhat new-round --round-duration ${ROUND_DURATION} --network ${HARDHAT_NETWORK} yarn hardhat add-recipients --network ${HARDHAT_NETWORK} yarn hardhat contribute --network ${HARDHAT_NETWORK} -ROUND_DURATION=$(node -e 'const config=JSON.parse(fs.readFileSync(`./deploy-config.json`).toString()); console.log(config.localhost?.FundingRound?.duration || 1000)') yarn hardhat time-travel --seconds ${ROUND_DURATION} --network ${HARDHAT_NETWORK} # run the tally script diff --git a/contracts/tasks/helpers/Subtask.ts b/contracts/tasks/helpers/Subtask.ts index ccbac3796..089cf06d6 100644 --- a/contracts/tasks/helpers/Subtask.ts +++ b/contracts/tasks/helpers/Subtask.ts @@ -88,8 +88,17 @@ export class Subtask { try { this.config = JSONFile.read(DEPLOY_CONFIG) as TConfig } catch (e) { - //console.log('eror =======================', e) - this.config = {} as TConfig + if (e instanceof Error) { + const regex = new RegExp('ENOENT: no such file or directory') + if (regex.test(e.message)) { + // silent about no deploy-config.json file error to allow + // unit test to run without error + } else { + console.log('=======================') + console.log('Failed to read', DEPLOY_CONFIG, e.message) + } + } + this.config = {} } this.storage = ContractStorage.getInstance() @@ -384,8 +393,10 @@ export class Subtask { private getDefaultParams = ({ verify, incremental, + clrfund, + roundDuration, }: ISubtaskParams): Promise => - Promise.resolve({ verify, incremental }) + Promise.resolve({ verify, incremental, clrfund, roundDuration }) /** * Get deploy step sequence diff --git a/contracts/tasks/runners/finalize.ts b/contracts/tasks/runners/finalize.ts index 81f45ce94..0240ba16b 100644 --- a/contracts/tasks/runners/finalize.ts +++ b/contracts/tasks/runners/finalize.ts @@ -37,14 +37,14 @@ task('finalize', 'Finalize a funding round') await subtask.logStart() - const clrfundcontractAddress = + const clrfundContractAddress = clrfund ?? storage.mustGetAddress(EContracts.ClrFund, network.name) const clrfundContract = await ethers.getContractAt( EContracts.ClrFund, - clrfundcontractAddress + clrfundContractAddress ) - console.log('ClrFund address', clrfund) + console.log('ClrFund address', clrfundContractAddress) const currentRoundAddress = await clrfundContract.getCurrentRound() const fundingRound = await ethers.getContractAt( diff --git a/contracts/tasks/runners/newRound.ts b/contracts/tasks/runners/newRound.ts index acbe22e2a..51ece6374 100644 --- a/contracts/tasks/runners/newRound.ts +++ b/contracts/tasks/runners/newRound.ts @@ -26,73 +26,70 @@ task('new-round', 'Deploy a new funding round contract') types.int ) .addOptionalParam('clrfund', 'The ClrFund contract address') - .setAction( - async ( - { verify, manageNonce, roundDuration, clrfund }: ISubtaskParams, - hre - ) => { - const subtask = Subtask.getInstance(hre) + .addOptionalParam('skip', 'Skip steps with less or equal index', 0, types.int) + .setAction(async (params: ISubtaskParams, hre) => { + const { verify, manageNonce, roundDuration, clrfund } = params + const subtask = Subtask.getInstance(hre) - subtask.setHre(hre) + subtask.setHre(hre) - if (manageNonce) { - const signer = await subtask.getDeployer() - subtask.setNonceManager(signer) - } + if (manageNonce) { + const signer = await subtask.getDeployer() + subtask.setNonceManager(signer) + } - const deployer = await subtask.getDeployer() + const deployer = await subtask.getDeployer() - const clrfundContract = await subtask.getContract({ - name: EContracts.ClrFund, - signer: deployer, - address: clrfund, - }) + const clrfundContract = await subtask.getContract({ + name: EContracts.ClrFund, + signer: deployer, + address: clrfund, + }) - // check if the current round is finalized before starting a new round to avoid revert - const currentRoundAddress = await clrfundContract.getCurrentRound() - if (currentRoundAddress !== ZERO_ADDRESS) { - const currentRound = await subtask.getContract({ - name: EContracts.FundingRound, - address: currentRoundAddress, - }) - const isFinalized = await currentRound.isFinalized() - if (!isFinalized) { - throw new Error( - 'Cannot start a new round as the current round is not finalized' - ) - } + // check if the current round is finalized before starting a new round to avoid revert + const currentRoundAddress = await clrfundContract.getCurrentRound() + if (currentRoundAddress !== ZERO_ADDRESS) { + const currentRound = await subtask.getContract({ + name: EContracts.FundingRound, + address: currentRoundAddress, + }) + const isFinalized = await currentRound.isFinalized() + if (!isFinalized) { + throw new Error( + 'Cannot start a new round as the current round is not finalized' + ) } + } - let success: boolean - try { - await subtask.logStart() - const params: ISubtaskParams = { - manageNonce, - verify, - incremental: false, - roundDuration, - clrfund, - } - const steps = await subtask.getDeploySteps(['round'], params) - - const skip = 0 - await subtask.runSteps(steps, skip) - await subtask.checkResults(params.strict) - success = true - } catch (err) { - console.error( - '\n=========================================================\nERROR:', - err, - '\n' - ) - success = false + let success: boolean + try { + await subtask.logStart() + const params: ISubtaskParams = { + manageNonce, + verify, + incremental: false, + roundDuration, + clrfund, } + const steps = await subtask.getDeploySteps(['round'], params) + + const skip = params.skip || 0 + await subtask.runSteps(steps, skip) + await subtask.checkResults(params.strict) + success = true + } catch (err) { + console.error( + '\n=========================================================\nERROR:', + err, + '\n' + ) + success = false + } - await subtask.finish(success) + await subtask.finish(success) - if (verify) { - console.log('Verify all contracts') - await hre.run('verify-all') - } + if (verify) { + console.log('Verify all contracts') + await hre.run('verify-all') } - ) + }) diff --git a/contracts/tasks/runners/setCoordinator.ts b/contracts/tasks/runners/setCoordinator.ts index 68edb777f..10408dd6d 100644 --- a/contracts/tasks/runners/setCoordinator.ts +++ b/contracts/tasks/runners/setCoordinator.ts @@ -1,12 +1,14 @@ /** * Set the coordinator in clrfund + * * Usage: * hardhat set-coordinator --network * * Note: - * 1) Make sure you have deploy-config.json (see deploy-config-example.json). - * 2) Make sure you have deployed-contracts.json created from the new-clrfund task - * 3) Make sure that the COORDINATOR_MACISK (coordinator's MACI private key) is set in the .env file + * 1) The script will use the signer address as the coordinator address if + * it is not configured in the clrfund.coordinator field in the deploy-config.json file (see deploy-config-example.json). + * 2) Use --clrfund to specify the clrfund address if you do not have the deployed-contracts.json file + * 3) Make sure that the COORDINATOR_MACISK (the coordinator's MACI private key) is set in the .env file */ import { task } from 'hardhat/config' import { Subtask } from '../helpers/Subtask' diff --git a/contracts/tasks/runners/setRecipientRegistry.ts b/contracts/tasks/runners/setRecipientRegistry.ts index cb2ace2f8..69f4b1412 100644 --- a/contracts/tasks/runners/setRecipientRegistry.ts +++ b/contracts/tasks/runners/setRecipientRegistry.ts @@ -1,16 +1,18 @@ /* eslint-disable no-console */ /** - * Deploy a new instance of ClrFund - * - * Make sure you have deploy-config.json (see deploy-config-example.json). + * Set the recipient registry in the ClrFund contract. It will create + * the recipient registry contract if it is not deployed and recorded in the + * deployed-contract.json file * * Sample usage: - * yarn hardhat new-clrfund --verify --network + * yarn hardhat set-recipient-registry --verify --network * * Note: - * 1) use --incremental to resume a deployment stopped due to a failure - * 2) use --manage-nonce to manually set nonce, useful on optimism-sepolia - * where `nonce too low` errors occur occasionally + * 1) use --incremental to resume a previously interrupted deployment + * 2) use --manage-nonce to manually set the nonce. This is useful on the optimism-sepolia + * public node where `nonce too low` errors occur occasionally + * 3) use --clrfund to provide the clrfund address if you do not have the deployed-contracts.json file + * 4) Make sure you have the deploy-config.json file (see deploy-config-example.json). */ import { task, types } from 'hardhat/config' @@ -22,7 +24,7 @@ task('set-recipient-registry', 'Set recipient registry in ClrFund') .addFlag('strict', 'Fail on warnings') .addFlag('verify', 'Verify contracts at Etherscan') .addFlag('manageNonce', 'Manually increment nonce for each transaction') - .addOptionalParam('skip', 'Skip steps with less or equal index', 0, types.int) + .addOptionalParam('clrfund', 'The ClrFund contract address') .setAction(async (params: ISubtaskParams, hre) => { const { verify, manageNonce } = params const subtask = Subtask.getInstance(hre) diff --git a/contracts/tasks/runners/setToken.ts b/contracts/tasks/runners/setToken.ts index 71459c2ab..f9fc9272a 100644 --- a/contracts/tasks/runners/setToken.ts +++ b/contracts/tasks/runners/setToken.ts @@ -1,10 +1,14 @@ /** - * Set the native token in the ClrFund contract - * - * Make sure you have deploy-config.json (see deploy-config-example.json). + * Set the native token in the ClrFund contract, create a test token + * if a token address is not configured in the ClrFund.token field in + * the deploy-config.json file * * Sample usage: * yarn hardhat set-token --network + * + * Notes: + * 1) Make sure you have the deploy-config.json file (see deploy-config-example.json). + * 2) Use --clrfund
to provide the clrfund address if deployed-contracts.json does not exist */ import { task, types } from 'hardhat/config' @@ -16,6 +20,7 @@ task('set-token', 'Set the token in ClrFund') .addFlag('strict', 'Fail on warnings') .addFlag('verify', 'Verify contracts at Etherscan') .addFlag('manageNonce', 'Manually increment nonce for each transaction') + .addOptionalParam('clrfund', 'The ClrFund contract address') .addOptionalParam('skip', 'Skip steps with less or equal index', 0, types.int) .setAction(async (params: ISubtaskParams, hre) => { const { verify, manageNonce } = params diff --git a/contracts/tasks/runners/setUserRegistry.ts b/contracts/tasks/runners/setUserRegistry.ts index c8b71c342..c8f9487a5 100644 --- a/contracts/tasks/runners/setUserRegistry.ts +++ b/contracts/tasks/runners/setUserRegistry.ts @@ -1,13 +1,14 @@ /** - * Set the user registry in the ClrFund contract. + * Set the user registry in the ClrFund contract. It will create the user registry + * contract if it is not deployed and found in the deployed-contracts.json file. * * Sample usage: * - * yarn hardhat set-user-registry --network + * yarn hardhat set-user-registry --verify --network * * Note: - * 1) Make sure you have deploy-config.json (see deploy-config-example.json). - * 2) Make sure you have deployed-contracts.json created from the new-clrfund task + * 1) Make sure you have the deploy-config.json (see deploy-config-example.json). + * 2) Use --clrfund to specify clrfund address if you don't have the deployed-contracts.json * */ @@ -22,6 +23,7 @@ task('set-user-registry', 'Set the user registry in ClrFund') .addFlag('verify', 'Verify contracts at Etherscan') .addFlag('manageNonce', 'Manually increment nonce for each transaction') .addOptionalParam('skip', 'Skip steps with less or equal index', 0, types.int) + .addOptionalParam('clrfund', 'The ClrFund contract address') .setAction(async (params: ISubtaskParams, hre) => { const { verify, manageNonce } = params const subtask = Subtask.getInstance(hre) @@ -39,7 +41,6 @@ task('set-user-registry', 'Set the user registry in ClrFund') const steps = await subtask.getDeploySteps(['user'], params) const skip = params.skip || 0 - await subtask.runSteps(steps, skip) await subtask.checkResults(params.strict) success = true diff --git a/contracts/tasks/subtasks/coordinator/01-coordinator.ts b/contracts/tasks/subtasks/coordinator/01-coordinator.ts index a963e68e6..3b2f0b767 100644 --- a/contracts/tasks/subtasks/coordinator/01-coordinator.ts +++ b/contracts/tasks/subtasks/coordinator/01-coordinator.ts @@ -28,7 +28,7 @@ subtask address: clrfund, }) - const coordinator = await subtask.getConfigField( + const coordinator = await subtask.tryGetConfigField( EContracts.ClrFund, 'coordinator' ) diff --git a/contracts/tasks/subtasks/recipient/01-simpleRecipientRegistry.ts b/contracts/tasks/subtasks/recipient/01-simpleRecipientRegistry.ts index 968d4f2c1..ee072465b 100644 --- a/contracts/tasks/subtasks/recipient/01-simpleRecipientRegistry.ts +++ b/contracts/tasks/subtasks/recipient/01-simpleRecipientRegistry.ts @@ -18,7 +18,7 @@ subtask 'recipient:deploy-simple-recipient-registry', 'Deploy a simple recipient regsitry' ) - .setAction(async ({ incremental }: ISubtaskParams, hre) => { + .setAction(async ({ incremental, clrfund }: ISubtaskParams, hre) => { subtask.setHre(hre) const deployer = await subtask.getDeployer() @@ -40,11 +40,12 @@ subtask return } - const clrfundContractAddress = storage.mustGetAddress( - EContracts.ClrFund, - hre.network.name - ) + const clrfundContract = await subtask.getContract({ + name: EContracts.ClrFund, + address: clrfund, + }) + const clrfundContractAddress = await clrfundContract.getAddress() const args = [clrfundContractAddress] const simpleRecipientRegistryContract = await subtask.deployContract( EContracts.SimpleRecipientRegistry, diff --git a/contracts/tasks/subtasks/recipient/02-optimisticRecipientRegistry.ts b/contracts/tasks/subtasks/recipient/02-optimisticRecipientRegistry.ts index 2ccfb74b2..4db14252f 100644 --- a/contracts/tasks/subtasks/recipient/02-optimisticRecipientRegistry.ts +++ b/contracts/tasks/subtasks/recipient/02-optimisticRecipientRegistry.ts @@ -40,7 +40,7 @@ subtask 'recipient:deploy-optimistic-recipient-registry', 'Deploy an optimistic recipient regsitry' ) - .setAction(async ({ incremental }: ISubtaskParams, hre) => { + .setAction(async ({ incremental, clrfund }: ISubtaskParams, hre) => { subtask.setHre(hre) const deployer = await subtask.getDeployer() const network = hre.network.name @@ -72,17 +72,13 @@ subtask 'challengePeriodSeconds' ) - const clrfundContractAddress = storage.mustGetAddress( - EContracts.ClrFund, - network - ) - const clrfundContract = await subtask.getContract({ name: EContracts.ClrFund, - address: clrfundContractAddress, + address: clrfund, }) const decimals = await getTokenDecimals(clrfundContract) + const clrfundContractAddress = await clrfundContract.getAddress() const args = [ parseUnits(deposit, decimals), challengePeriodSeconds || defaultChallengePeriodSeconds, diff --git a/contracts/tasks/subtasks/recipient/99-setRecipientRegistry.ts b/contracts/tasks/subtasks/recipient/99-setRecipientRegistry.ts index 9565dd8b3..4bbc52faa 100644 --- a/contracts/tasks/subtasks/recipient/99-setRecipientRegistry.ts +++ b/contracts/tasks/subtasks/recipient/99-setRecipientRegistry.ts @@ -20,7 +20,7 @@ subtask 'recipient:set-recipient-registry', 'Set recipient registry in the ClrFund contract' ) - .setAction(async ({ incremental }: ISubtaskParams, hre) => { + .setAction(async ({ incremental, clrfund }: ISubtaskParams, hre) => { subtask.setHre(hre) const network = hre.network.name @@ -36,6 +36,7 @@ subtask const clrfundContract = await subtask.getContract({ name: EContracts.ClrFund, + address: clrfund, }) if (incremental) { diff --git a/contracts/tasks/subtasks/token/01-anyOldERC20Token.ts b/contracts/tasks/subtasks/token/01-anyOldERC20Token.ts index d53c33073..dc1fcaf06 100644 --- a/contracts/tasks/subtasks/token/01-anyOldERC20Token.ts +++ b/contracts/tasks/subtasks/token/01-anyOldERC20Token.ts @@ -20,17 +20,12 @@ subtask subtask.setHre(hre) const deployer = await subtask.getDeployer() - const token = subtask.getConfigField(EContracts.ClrFund, 'token') - if (isAddress(token)) { + const token = subtask.tryGetConfigField(EContracts.ClrFund, 'token') + if (token && isAddress(token)) { // using an existing token, no need to deploy return } - const initialSupply = subtask.getConfigField( - EContracts.AnyOldERC20Token, - 'initialSupply' - ) - const anyOldERC20TokenContractAddress = storage.getAddress( EContracts.AnyOldERC20Token, hre.network.name @@ -40,6 +35,10 @@ subtask return } + const initialSupply = subtask.getConfigField( + EContracts.AnyOldERC20Token, + 'initialSupply' + ) const args = [initialSupply] const anyOldERC20TokenContract = await subtask.deployContract( EContracts.AnyOldERC20Token, diff --git a/contracts/tasks/subtasks/token/02-setToken.ts b/contracts/tasks/subtasks/token/02-setToken.ts index a728aed7b..72a75557e 100644 --- a/contracts/tasks/subtasks/token/02-setToken.ts +++ b/contracts/tasks/subtasks/token/02-setToken.ts @@ -17,14 +17,16 @@ const storage = ContractStorage.getInstance() */ subtask .addTask('token:set-token', 'Set token in the ClrFund contract') - .setAction(async ({ incremental }: ISubtaskParams, hre) => { + .setAction(async ({ incremental, clrfund }: ISubtaskParams, hre) => { subtask.setHre(hre) const network = hre.network.name + const deployer = await subtask.getDeployer() - let tokenAddress = subtask.getConfigField( + let tokenAddress = subtask.tryGetConfigField( EContracts.ClrFund, 'token' ) + if (!tokenAddress) { tokenAddress = storage.mustGetAddress( EContracts.AnyOldERC20Token, @@ -34,6 +36,8 @@ subtask const clrfundContract = await subtask.getContract({ name: EContracts.ClrFund, + address: clrfund, + signer: deployer, }) if (incremental) { @@ -49,4 +53,6 @@ subtask if (receipt?.status !== 1) { throw new Error('Failed to set token') } + + subtask.logTransaction(tx) }) diff --git a/contracts/tasks/subtasks/user/03-brightidSponsor.ts b/contracts/tasks/subtasks/user/03-brightidSponsor.ts index bd7759cf6..9482a449e 100644 --- a/contracts/tasks/subtasks/user/03-brightidSponsor.ts +++ b/contracts/tasks/subtasks/user/03-brightidSponsor.ts @@ -18,6 +18,15 @@ subtask subtask.setHre(hre) const deployer = await subtask.getDeployer() + const userRegistryName = subtask.getConfigField( + EContracts.ClrFund, + 'userRegistry' + ) + + if (userRegistryName !== EContracts.BrightIdUserRegistry) { + return + } + let brightidSponsorContractAddress = subtask.tryGetConfigField( EContracts.BrightIdUserRegistry, 'sponsor' diff --git a/contracts/tasks/subtasks/user/99-setUserRegistry.ts b/contracts/tasks/subtasks/user/99-setUserRegistry.ts index 5591eaa16..3589a1227 100644 --- a/contracts/tasks/subtasks/user/99-setUserRegistry.ts +++ b/contracts/tasks/subtasks/user/99-setUserRegistry.ts @@ -20,7 +20,7 @@ subtask 'user:set-user-registry', 'Set user registry in the ClrFund contract' ) - .setAction(async ({ incremental }: ISubtaskParams, hre) => { + .setAction(async ({ incremental, clrfund }: ISubtaskParams, hre) => { subtask.setHre(hre) const network = hre.network.name @@ -36,6 +36,7 @@ subtask const clrfundContract = await subtask.getContract({ name: EContracts.ClrFund, + address: clrfund, }) if (incremental) { diff --git a/docs/deployment.md b/docs/deployment.md index 3525ebbdc..d0c3f585d 100644 --- a/docs/deployment.md +++ b/docs/deployment.md @@ -41,6 +41,8 @@ Goto the `contracts` folder. yarn hardhat new-maci-key ``` +Make a note of MACI private key to setup the `contracts/.env` file. + ### Edit the `contracts/.env` file E.g. @@ -74,21 +76,16 @@ Update the `VkRegistry.paramsDirectory` with the circuit parameter folder. If yo ### Run the deploy script Use the `-h` switch to print the command line help menu for all the scripts in the `cli` folder. For hardhat help, use `yarn hardhat help`. -1. Generate coordinator MACI key - -``` -yarn ts-node tasks/maciNewKey.ts -``` - -Update the `/contracts/.env` and set the `COORDINATOR_MACISK` environment variable value to the `SecretKey` value. -2. Deploy an instance of ClrFund +1. Deploy an instance of ClrFund ``` yarn hardhat new-clrfund --network ``` -3. deploy new funding round +Notice that the file `deployed-contracts.json` is created or updated (if already exists). Make a copy of this file now in case you run the `new-clrfund` command without the --incremental flag, this file will be overwritten. You'll need this file for the `new-round` and `verify-all` commands. + +2. deploy new funding round ``` yarn hardhat new-round --network ``` @@ -103,7 +100,7 @@ yarn hardhat load-simple-users --file-path addresses.txt --user-registry subgraph.template.yaml > subgraph.yaml` 2. Build: - `yarn codegen` - `yarn build` diff --git a/docs/funding-source.md b/docs/funding-source.md index 7c0c6a8b6..f84afceed 100644 --- a/docs/funding-source.md +++ b/docs/funding-source.md @@ -2,4 +2,4 @@ The funding source is an ethereum address from which clr.fund can receive matching funding using the [allowance mechanism](https://docs.openzeppelin.com/contracts/3.x/api/token/erc20#IERC20-allowance-address-address-). It could be an externally owned account or a contract (such as DAO). -To become a funding source the address should be added to the list of funding sources by the clr.fund administrator (the owner of the FundingRoundFactory). At the end of each funding round clr.fund checks token allowance for the `FundingRoundFactory` contract address and transfers allowed amount of tokens to the matching pool. +To become a funding source the address should be added to the list of funding sources by the clr.fund administrator (the owner of the ClrFund). At the end of each funding round clr.fund checks token allowance for the `ClrFund` contract address and transfers allowed amount of tokens to the matching pool. diff --git a/docs/tally-verify.md b/docs/tally-verify.md index 897e01c49..b2edd2a50 100644 --- a/docs/tally-verify.md +++ b/docs/tally-verify.md @@ -9,11 +9,11 @@ Install MACI dependencies (see the github action, `.github/workflows/test-script Run the script monorepo/.github/scripts/download-6-9-2-3.sh to download the parameter files. -Set the following env vars in `.env`: +Set the following env vars in `/contracts/.env`: ``` # private key for decrypting messages -COORDINATOR_MACISK= +COORDINATOR_MACISK= # private key for interacting with contracts WALLET_MNEMONIC= @@ -23,14 +23,16 @@ WALLET_PRIVATE_KEY Decrypt messages and tally the votes: ``` -yarn hardhat tally --rapidsnark ${RAPID_SNARK} --output-dir ${OUTPUT_DIR} --network +yarn hardhat tally --rapidsnark {RAPID_SNARK} --output-dir {OUTPUT_DIR} --network {network} ``` +You only need to provide `--rapidsnark` if you are running the `tally` command on an intel chip. + If there's error and the tally task was stopped prematurely, it can be resumed by passing 2 additional parameters, '--tally-file' and/or '--maci-state-file', if the files were generated. ``` # for rerun -yarn hardhat tally --maci-state-file --tally-file --network +yarn hardhat tally --maci-state-file {maci-state.json} --tally-file {tally.json} --output-dir {OUTPUT_DIR} --network {network} ``` Result will be saved to `tally.json` file, which must then be published via IPFS. @@ -58,7 +60,7 @@ WALLET_PRIVATE_KEY= Once you have the `tally.json` from the tally script, run: ``` -yarn hardhat finalize --tally-file --network +yarn hardhat finalize --tally-file {tally.json} --network {network} ``` # How to verify the tally results @@ -68,7 +70,7 @@ Anyone can verify the tally results in the tally.json. From the clrfund contracts folder, run the following command to verify the result: ``` -yarn hardhat verify-tally-file --tally-file --network +yarn hardhat verify-tally-file --tally-file {tally.json} --network {network} ``` # How to enable the leaderboard view @@ -81,7 +83,7 @@ After finalizing the round, enable the leaderboard view in the vue-app by export ```sh cd contracts -yarn hardhat export-round --output-dir ../vue-app/src/rounds --network --round-address --operator --start-block --ipfs +yarn hardhat export-round --output-dir ../vue-app/src/rounds --network {network} --round-address {round_address} --operator {operator} --start-block {recipient-registry-start-block} --ipfs {ipfs-gateway-url} ``` 3) Build and deploy the app diff --git a/subgraph/package.json b/subgraph/package.json index 9d391ce19..3b9809da7 100644 --- a/subgraph/package.json +++ b/subgraph/package.json @@ -1,6 +1,6 @@ { "name": "@clrfund/subgraph", - "version": "4.3.1", + "version": "5.1.0", "repository": "https://github.com/clrfund/monorepo/subgraph", "keywords": [ "clr.fund", diff --git a/vue-app/package.json b/vue-app/package.json index 299e57d7e..e5317799f 100644 --- a/vue-app/package.json +++ b/vue-app/package.json @@ -1,6 +1,6 @@ { "name": "@clrfund/vue-app", - "version": "4.3.1", + "version": "5.1.0", "private": true, "license": "GPL-3.0", "type": "module", diff --git a/vue-app/src/api/core.ts b/vue-app/src/api/core.ts index 4aa23cf68..5caa704c6 100644 --- a/vue-app/src/api/core.ts +++ b/vue-app/src/api/core.ts @@ -29,7 +29,7 @@ export const ipfsPinningJwt = import.meta.env.VITE_IPFS_PINNING_JWT export const ipfsApiKey = import.meta.env.VITE_IPFS_API_KEY export const ipfsSecretApiKey = import.meta.env.VITE_IPFS_SECRET_API_KEY if (!ipfsPinningJwt && !(ipfsApiKey && ipfsSecretApiKey)) { - throw new Error( + console.error( 'Please setup environment variables for ' + 'VITE_IPFS_API_KEY and VITE_IPFS_SECRET_API_KEY or VITE_IPFS_PINNING_JWT', )