diff --git a/solidity/contracts/lib/verifier_anon_enc.sol b/solidity/contracts/lib/verifier_anon_enc.sol index ba456da..4bfdbc2 100644 --- a/solidity/contracts/lib/verifier_anon_enc.sol +++ b/solidity/contracts/lib/verifier_anon_enc.sol @@ -43,35 +43,44 @@ contract Groth16Verifier_AnonEnc { uint256 constant deltay2 = 8495653923123431417604973247489272438418190587263600148770280649306958101930; - uint256 constant IC0x = 5696326670703652601376328914723856805804139150397636629981154943267586835846; - uint256 constant IC0y = 17913431813079674015620165360736989993822627917830194405007674349883405519566; + uint256 constant IC0x = 15520848054661511274945320545667385548601069271438999324366330478358568711164; + uint256 constant IC0y = 21157706785088596766640646951118458870358425037843657358834285142096534241567; - uint256 constant IC1x = 2102562587253616254650248571898720579563063454685611900201869023012028011038; - uint256 constant IC1y = 858837120372047227699859025595943051604219338012183710955972141361344096680; + uint256 constant IC1x = 8426080128821983408742228948574443657002575937683949448708665466581838540418; + uint256 constant IC1y = 2961289054807278996124904978204815851370317973256653070013442261730110386382; - uint256 constant IC2x = 19871902121561448541783335513612822391415363559792595451397804594141318386828; - uint256 constant IC2y = 14203964380144242038882743638980469366132880555873818345914201687170773944754; + uint256 constant IC2x = 16846214183034172122880181483898983231574288374891417794445456783443571203454; + uint256 constant IC2y = 4795943127049292018241039074381217225273912831887247849230603976368095834324; - uint256 constant IC3x = 4534338244167504974683945726615729215678954323916000129150608047181600075942; - uint256 constant IC3y = 9004530693581096650487103914238080672423858350236817229254519649589395343912; + uint256 constant IC3x = 10240231648004351535934471246939085350017538992419843720960233896502823753829; + uint256 constant IC3y = 918298420507614225062851310351147657365217324218976043633227084147487484538; - uint256 constant IC4x = 16926200767829183396766074136228821955738540059328214039731068817771880630127; - uint256 constant IC4y = 15535238050385142389806452090946716626530242126040333805866336792975972380578; + uint256 constant IC4x = 2676903711586497323483713249304841063436832787967161822350958984717228651508; + uint256 constant IC4y = 11366926733173287985429506187405640951452084685400170840758508049511684394323; - uint256 constant IC5x = 269115022971501175992618085182824077406065858697651888560831707201556157978; - uint256 constant IC5y = 19699073094724988754117299114476621695804537148277402334737306097425629024180; + uint256 constant IC5x = 7501808156091619633948887448038018539596703524171333033985091618683129395104; + uint256 constant IC5y = 15183325431102096756416380632145698394481557936329850246257270656919651359614; - uint256 constant IC6x = 1913049492538130220079715288227546492513434304091272666779551189559174650055; - uint256 constant IC6y = 8026674512639726678535471254304139996984356128094657497323442787106936741295; + uint256 constant IC6x = 16142642127854572324146698192700027612727186725464085127687467897687720973766; + uint256 constant IC6y = 4517714220502032665709414305462814581261203269046555880307186415606032799074; - uint256 constant IC7x = 19540350047697937581651886063231839834190225823779317423395632407508094676034; - uint256 constant IC7y = 11509057717377452054369845075648430924127395960184841862468027451544630252263; + uint256 constant IC7x = 1755538289631427930924987331320419179208761530645468129027087746202210024610; + uint256 constant IC7y = 12173734026028648655823071635152323182912152859934466692190630751344902966218; - uint256 constant IC8x = 20424145427206879140473289312774507494632015321325422705294860020477582644926; - uint256 constant IC8y = 7679128631893396357290525051865682086413798390080076016853338090494897502827; + uint256 constant IC8x = 7848298938728453306694415912843236021632832336242686994829367580246363462232; + uint256 constant IC8y = 14621047188318073218187719299332281645270167229458286064175382232430986150614; - uint256 constant IC9x = 1473626294810953820540987430623254549322665071695014303081451346851945206320; - uint256 constant IC9y = 11106503043437375969357683402411680940320268283974144474358260758792518561470; + uint256 constant IC9x = 5702664871943851440604579505620421848165916037464510240027885273509338564683; + uint256 constant IC9y = 4155173472639459280548275148817066405334382784770925752738906208871756122916; + + uint256 constant IC10x = 11951237379444909975940139423428082852090010220501184525120096272922224325380; + uint256 constant IC10y = 7330212864492454320053389793155451329372996827534004209553742378250571973798; + + uint256 constant IC11x = 17758792179933266126153564380301713721054370865026967564744749205362384449189; + uint256 constant IC11y = 20123875363051656182295676194267758869550749528323178608799833168744783048873; + + uint256 constant IC12x = 16531299530766176947215740556184329586746603539886897864186093216474595540644; + uint256 constant IC12y = 8268807341917110402770543111430324212645734302589993091794921535136544275649; // Memory data @@ -80,7 +89,7 @@ contract Groth16Verifier_AnonEnc { uint16 constant pLastMem = 896; - function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[9] calldata _pubSignals) public view returns (bool) { + function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[12] calldata _pubSignals) public view returns (bool) { assembly { function checkField(v) { if iszero(lt(v, r)) { @@ -142,6 +151,12 @@ contract Groth16Verifier_AnonEnc { g1_mulAccC(_pVk, IC9x, IC9y, calldataload(add(pubSignals, 256))) + g1_mulAccC(_pVk, IC10x, IC10y, calldataload(add(pubSignals, 288))) + + g1_mulAccC(_pVk, IC11x, IC11y, calldataload(add(pubSignals, 320))) + + g1_mulAccC(_pVk, IC12x, IC12y, calldataload(add(pubSignals, 352))) + // -A mstore(_pPairing, calldataload(pA)) @@ -215,6 +230,12 @@ contract Groth16Verifier_AnonEnc { checkField(calldataload(add(_pubSignals, 288))) + checkField(calldataload(add(_pubSignals, 320))) + + checkField(calldataload(add(_pubSignals, 352))) + + checkField(calldataload(add(_pubSignals, 384))) + // Validate all evaluations let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem) diff --git a/solidity/contracts/lib/verifier_anon_enc_batch.sol b/solidity/contracts/lib/verifier_anon_enc_batch.sol index 08fa76b..a89577e 100644 --- a/solidity/contracts/lib/verifier_anon_enc_batch.sol +++ b/solidity/contracts/lib/verifier_anon_enc_batch.sol @@ -43,83 +43,137 @@ contract Groth16Verifier_AnonEncBatch { uint256 constant deltay2 = 8495653923123431417604973247489272438418190587263600148770280649306958101930; - uint256 constant IC0x = 7189741265667894171386648378312185912800151749367063899439033842829619018531; - uint256 constant IC0y = 17884484227326304060547068939975681487394009815094922588370149976422726273268; + uint256 constant IC0x = 2597671780590251694570119685565323840048843183405159335694422232267097858944; + uint256 constant IC0y = 8213860297773598587502270259232550419091407212880698106060980975459142704915; - uint256 constant IC1x = 6976989834931789878418842558738463271861881797006171069806563232198951042869; - uint256 constant IC1y = 4607620418496754938241282900428029803466093854317753547452611458077967907674; + uint256 constant IC1x = 8862483812835763900195190187644217978558523440961934857686069698277251165035; + uint256 constant IC1y = 7652510358319732081254853215291009089945882523574369846519334872331056472570; - uint256 constant IC2x = 1104559830706076731296654664075637185187356334768646358777598477822609389028; - uint256 constant IC2y = 3345550768796772178044166540721073265036018491137886953153002525534815362810; + uint256 constant IC2x = 7888217796744605716171927246027604238387016217738102223849326057462148785492; + uint256 constant IC2y = 8576582989723476354505896974449655963516713987661765330961011770238676018217; - uint256 constant IC3x = 7339167904292788453737629411047095669569958420885203529836108618320029225321; - uint256 constant IC3y = 10127811846629680704572895087773581197933131108027374452597163321161722356281; + uint256 constant IC3x = 14352528680833998697032764557955482324646413153382503495075845465567317915183; + uint256 constant IC3y = 19243011797365702752348337725258868465391417895775931958786329833019920483153; - uint256 constant IC4x = 17995410030890053741976076817185127523995916552402057091226681421315541788709; - uint256 constant IC4y = 14362557177387632374616439821157396761988637853842253785476976058551274774314; + uint256 constant IC4x = 4392487320426708391579693966075795790380185591934224629876177226656021920102; + uint256 constant IC4y = 13082952223885280332924734169956320971361821620479520152957670710665009299216; - uint256 constant IC5x = 13293531195867414094312058265307495428535040802030900847168051381875064849320; - uint256 constant IC5y = 20854607687676821128519061564661683540031633583994135645214015131023213236658; + uint256 constant IC5x = 3246410921612126522937407677617019956902523430558290131050966139863929179563; + uint256 constant IC5y = 15810399654885178166598854163407739153721316569421450866223951195409637465167; - uint256 constant IC6x = 3806382113870713333535697141069048771701877301218229542219146213062636519118; - uint256 constant IC6y = 968164612680877984576678128366936845032166057358019883376362869104455951991; + uint256 constant IC6x = 6608448200226248204694649478827679708944271084059128867495190620836363543432; + uint256 constant IC6y = 1469463329425024480904685533245022389379237452483964428569855536915085989870; - uint256 constant IC7x = 7414361066968300446965646463524768189839597644475453090614884170383834231467; - uint256 constant IC7y = 18871824017586458935577810902748110232038032948171198588195313828414014642834; + uint256 constant IC7x = 7307852231039475112593987142383601694880236463128197701708676560849024948266; + uint256 constant IC7y = 15825828005819521547988669529549429477219509748212340587417074460536404323121; - uint256 constant IC8x = 2681577168042166677173735754938968405641600798435441472230369938066386631441; - uint256 constant IC8y = 20989323624899116464465781536163070510329583651379897156356229335935295115550; + uint256 constant IC8x = 7082876175210469881576943800412028198549838067675996862482715259243907738723; + uint256 constant IC8y = 20866219759165505486220546499441896125892835863491955389574735982947973009001; - uint256 constant IC9x = 837988643285174883060701192686929019767214369278310628575501631534377414317; - uint256 constant IC9y = 1497027309281778698096450532537321682620096834272532975906513350631947481246; + uint256 constant IC9x = 16367296414927203597516613989590733068013952698060738405287535212048793073436; + uint256 constant IC9y = 13100662036162133830465657628089803359747036547046363278544562928671020462939; - uint256 constant IC10x = 13846091047999257285561818943917831947161925448727251083606199040901309455483; - uint256 constant IC10y = 21140858725718514275007364686974077359947858906470399301442263017523861516462; + uint256 constant IC10x = 12660953324410882204944497454942873011932420236908450607037711554496291551834; + uint256 constant IC10y = 5017337532572709501338492356315622676676311947680125340270552472293496948209; - uint256 constant IC11x = 15327736368672693106243983767532414151733383231820598039546845408367990407510; - uint256 constant IC11y = 8978233402234246206405919493829088814272806423483168479609950953091130281624; + uint256 constant IC11x = 12938017223692108736253470542300205103074687940280976163691951851236725973494; + uint256 constant IC11y = 17569330124188420068165415153185726437478171411764985964911950185946817551407; - uint256 constant IC12x = 2808000964050401522326265944234314863481085671375895951164989497843153038972; - uint256 constant IC12y = 11531380100407111226047699879374413435547572518965709942666525827464698301031; + uint256 constant IC12x = 20342630885581806890644137027056481970543735603633976578131518125105821917614; + uint256 constant IC12y = 15056484383544158070695679930126332525674495858173628085598715222609521785187; - uint256 constant IC13x = 7703837959548087219235606509992045716672614065853991067483742493093046292830; - uint256 constant IC13y = 2855993324665746281147411571159804015907170749504611606481193074879718553646; + uint256 constant IC13x = 8455788225496452961679299633801872615012410834148396636082678777338966830587; + uint256 constant IC13y = 14667533314468679725174123240933383024760244475242830186466272876754757134870; - uint256 constant IC14x = 902373741697942289280883575614240691556745280904627931982629145867494138505; - uint256 constant IC14y = 15733161533380354744692088486161623354470279164235678485868913277212174304447; + uint256 constant IC14x = 12149567170771778292494559727410871049802426926691679765077855282315998609309; + uint256 constant IC14y = 1380951936221823370087711818380075591504589948146383500969529833976400607862; - uint256 constant IC15x = 10994298705029863992028152134353022932251042831787422154933994573982689419045; - uint256 constant IC15y = 17398965607134011589197925374325765086901718241003855850730487379127452367799; + uint256 constant IC15x = 4766352989791691182635058002456509827848802635606176367260246470124364530595; + uint256 constant IC15y = 16021379633910943936876425379013477219651362538262135400890871107365203200691; - uint256 constant IC16x = 11892951991080935208554921924154615154971175142927057562324705784166460551163; - uint256 constant IC16y = 5691008018070641581295928491484464757049108925919901219628385025776797906143; + uint256 constant IC16x = 13432698768504751724696856885735307391004439817130841678111462400792972424486; + uint256 constant IC16y = 19500268176699315470221660540450777362459609923828512875319635638535908023564; - uint256 constant IC17x = 16385349760746062660392139502252187515058108917152683574075970755109588098255; - uint256 constant IC17y = 4006132200257192648446443543123854816490277008709107776860749056319583986723; + uint256 constant IC17x = 2027106978523088520304891108191654793258486055367592742515642621734479986878; + uint256 constant IC17y = 12885379807754498633078727887648044664952754419022086638754196996033264000769; - uint256 constant IC18x = 15737238506544786286259248091214287531404595722259507957910389449246442985860; - uint256 constant IC18y = 8774257820042718930005071001419692491634003552583131904074826546903152827936; + uint256 constant IC18x = 10949220398425644397776376483790772577269629182083303688453860881073414915560; + uint256 constant IC18y = 20057436519045729231987911965222396188122848678213106428088994494919359307386; - uint256 constant IC19x = 5261338761583986889127298709462187597480484617121164266844247211605815308980; - uint256 constant IC19y = 6461699773895519123933988281435508110784080627465540530243192163198806094903; + uint256 constant IC19x = 5846485923548152593765310696533795024730896419830093371615151423977602741415; + uint256 constant IC19y = 17772204202833804655322390479163634517799539727968468621900059788600589940328; - uint256 constant IC20x = 13036766766347670871820341262760106552456337170159401152071561005164842009774; - uint256 constant IC20y = 4274612413808318257961480446591695381400369399274465055760884716846613784526; + uint256 constant IC20x = 16215609594427567394775135826335779265030042744678385760381534305280435465518; + uint256 constant IC20y = 18603709842506682831291739646314175009181915216384941921308130259270074065385; - uint256 constant IC21x = 18562363328719873772558553506930699000799009500209416935448544000103659611256; - uint256 constant IC21y = 6385384130214162329638041686219155710711521598989619892924465023706403534836; + uint256 constant IC21x = 1766058222969804186851406321305907427335207817599904620543688044203524722607; + uint256 constant IC21y = 13804893675033551122681507240136237947277680441710440600217850520760585066138; - uint256 constant IC22x = 17307502141503920070248089676990085687750784085011485656505049451549390745686; - uint256 constant IC22y = 16334791657275865216071338891586271191049672233905856090086893120335561416428; + uint256 constant IC22x = 10941193629908240647792765252351165933874237692700406745824002033868870639031; + uint256 constant IC22y = 3638020580879185829103840161089592128597068702224187657764432052756035287255; - uint256 constant IC23x = 2382115653931008587031786671517514604327077298833478735209768652527387951249; - uint256 constant IC23y = 10812017646661427158453552758883333361569252034751344876291235951652181181624; + uint256 constant IC23x = 5930952354462594760376136142156168856897650178619630953622712543360935660800; + uint256 constant IC23y = 1039287092721675860743161800482533616450705342550210168940302819140444260018; - uint256 constant IC24x = 21260776816977489464621013688132612122819671246444567586980092869722567001366; - uint256 constant IC24y = 20734284890134842035357978897812101948609357231813112868709593640153549726412; + uint256 constant IC24x = 532646474113271627018071424500519783214891032448645307389061272582944254003; + uint256 constant IC24y = 10151057854673851550754133166208989367948300699959847868052519117382459699016; - uint256 constant IC25x = 6214032079313504274522884081468353949125435329668975592674808638707721409871; - uint256 constant IC25y = 7937870012562608748137139051862521736631851938383982008246874681096560011742; + uint256 constant IC25x = 8405375250703253790117459631087585294901701344117711232998075871750664438242; + uint256 constant IC25y = 3944328247961513119633005636272243777809959277100342011559673763007836092026; + + uint256 constant IC26x = 21614355317718094894664738157772558388158937098373656545906139451342893449131; + uint256 constant IC26y = 8071511638847832054915722800013967614757521955341169310081076405458398492749; + + uint256 constant IC27x = 270478275418174140981268275965608765397454128234005817847677613575246346435; + uint256 constant IC27y = 2168666035663772154819161912982184259884565651971605752352808469034945793397; + + uint256 constant IC28x = 19569908851449880064455947092469809211114746841722376707408325655352308844700; + uint256 constant IC28y = 3025699621270862613925776395824335832232953797690111658313929728015843768796; + + uint256 constant IC29x = 2397616016443675765741599870545252815144654843924204698241664346514355482355; + uint256 constant IC29y = 14005094129994017499220324359090683323552493484403197787371287972073964141391; + + uint256 constant IC30x = 1594026336486525641702314048066413763993325793300000100171229876791999089353; + uint256 constant IC30y = 8072633066576840209208996401111739145989116649091797339956073760079554394308; + + uint256 constant IC31x = 941465443692266427834241213682069926914266822578025045598574216227841103683; + uint256 constant IC31y = 2162285939012937035604048436417716678642325048065608592368777414167124309037; + + uint256 constant IC32x = 17755298264501538848178211159255564751361039329014714629678463389493815518413; + uint256 constant IC32y = 5373972597904315947883222328549882023096106569825979715283040233275564684452; + + uint256 constant IC33x = 18102455506412198143265025688384882255364199113479575052771971652823946543361; + uint256 constant IC33y = 10611532522259229347040295119756938634134184132433010612585681043909048550194; + + uint256 constant IC34x = 9287592647220739061864536287605711120641354785099018403519028816976992208810; + uint256 constant IC34y = 5368688991717252135366170215180249655728193010657555227283514482663613267436; + + uint256 constant IC35x = 19759330282652380493014428586685989919377111184913674764033542113439733508101; + uint256 constant IC35y = 2793822654429148772664656948523274725780698166747463520325079729154142634364; + + uint256 constant IC36x = 11049781270295565209712493670155543711476396567038998500851076991617994490106; + uint256 constant IC36y = 11993996864162381036679383108580743566026297793935046480209203450105332505905; + + uint256 constant IC37x = 11286956316213496198784831587292367873435614453135297133863480708511731868507; + uint256 constant IC37y = 15499569902989547236933665888709713545624276075502070694155608647074297062790; + + uint256 constant IC38x = 11623006485365493322989951720233690859710722576577484852549967707014267001110; + uint256 constant IC38y = 9604064454128931077040373778349956271228053422158312825986387039993421951298; + + uint256 constant IC39x = 2464723668469969175747439301173496600708067106680738792474183669780873148058; + uint256 constant IC39y = 5627731506388173033330722271769856914412098157257440317053576454763368750030; + + uint256 constant IC40x = 386775949029146918515856173542289693566462223678664899892733838474232891465; + uint256 constant IC40y = 21843306558508533555498999953845692654015104011212021286439942440993655717111; + + uint256 constant IC41x = 14998380474237577930727399192140759096552055906436435270065429803038238552107; + uint256 constant IC41y = 16246300275134921397192579770377320255339611288167554408872393937397750566904; + + uint256 constant IC42x = 2126752576878583697702142208053334270599109357577167069195979265172189209012; + uint256 constant IC42y = 4244611359849526612607201560441002012851317308605825891261545861264066872978; + + uint256 constant IC43x = 11478497790344429290280909138615535796732148307974183201168482934125997648260; + uint256 constant IC43y = 1580586981837574023152058865433485528026059123101773522208265717828608271288; // Memory data @@ -128,7 +182,7 @@ contract Groth16Verifier_AnonEncBatch { uint16 constant pLastMem = 896; - function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[25] calldata _pubSignals) public view returns (bool) { + function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[43] calldata _pubSignals) public view returns (bool) { assembly { function checkField(v) { if iszero(lt(v, r)) { @@ -222,6 +276,42 @@ contract Groth16Verifier_AnonEncBatch { g1_mulAccC(_pVk, IC25x, IC25y, calldataload(add(pubSignals, 768))) + g1_mulAccC(_pVk, IC26x, IC26y, calldataload(add(pubSignals, 800))) + + g1_mulAccC(_pVk, IC27x, IC27y, calldataload(add(pubSignals, 832))) + + g1_mulAccC(_pVk, IC28x, IC28y, calldataload(add(pubSignals, 864))) + + g1_mulAccC(_pVk, IC29x, IC29y, calldataload(add(pubSignals, 896))) + + g1_mulAccC(_pVk, IC30x, IC30y, calldataload(add(pubSignals, 928))) + + g1_mulAccC(_pVk, IC31x, IC31y, calldataload(add(pubSignals, 960))) + + g1_mulAccC(_pVk, IC32x, IC32y, calldataload(add(pubSignals, 992))) + + g1_mulAccC(_pVk, IC33x, IC33y, calldataload(add(pubSignals, 1024))) + + g1_mulAccC(_pVk, IC34x, IC34y, calldataload(add(pubSignals, 1056))) + + g1_mulAccC(_pVk, IC35x, IC35y, calldataload(add(pubSignals, 1088))) + + g1_mulAccC(_pVk, IC36x, IC36y, calldataload(add(pubSignals, 1120))) + + g1_mulAccC(_pVk, IC37x, IC37y, calldataload(add(pubSignals, 1152))) + + g1_mulAccC(_pVk, IC38x, IC38y, calldataload(add(pubSignals, 1184))) + + g1_mulAccC(_pVk, IC39x, IC39y, calldataload(add(pubSignals, 1216))) + + g1_mulAccC(_pVk, IC40x, IC40y, calldataload(add(pubSignals, 1248))) + + g1_mulAccC(_pVk, IC41x, IC41y, calldataload(add(pubSignals, 1280))) + + g1_mulAccC(_pVk, IC42x, IC42y, calldataload(add(pubSignals, 1312))) + + g1_mulAccC(_pVk, IC43x, IC43y, calldataload(add(pubSignals, 1344))) + // -A mstore(_pPairing, calldataload(pA)) @@ -327,6 +417,42 @@ contract Groth16Verifier_AnonEncBatch { checkField(calldataload(add(_pubSignals, 800))) + checkField(calldataload(add(_pubSignals, 832))) + + checkField(calldataload(add(_pubSignals, 864))) + + checkField(calldataload(add(_pubSignals, 896))) + + checkField(calldataload(add(_pubSignals, 928))) + + checkField(calldataload(add(_pubSignals, 960))) + + checkField(calldataload(add(_pubSignals, 992))) + + checkField(calldataload(add(_pubSignals, 1024))) + + checkField(calldataload(add(_pubSignals, 1056))) + + checkField(calldataload(add(_pubSignals, 1088))) + + checkField(calldataload(add(_pubSignals, 1120))) + + checkField(calldataload(add(_pubSignals, 1152))) + + checkField(calldataload(add(_pubSignals, 1184))) + + checkField(calldataload(add(_pubSignals, 1216))) + + checkField(calldataload(add(_pubSignals, 1248))) + + checkField(calldataload(add(_pubSignals, 1280))) + + checkField(calldataload(add(_pubSignals, 1312))) + + checkField(calldataload(add(_pubSignals, 1344))) + + checkField(calldataload(add(_pubSignals, 1376))) + // Validate all evaluations let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem) diff --git a/solidity/contracts/lib/verifier_anon_enc_nullifier.sol b/solidity/contracts/lib/verifier_anon_enc_nullifier.sol index cfbe4f3..a58f3d8 100644 --- a/solidity/contracts/lib/verifier_anon_enc_nullifier.sol +++ b/solidity/contracts/lib/verifier_anon_enc_nullifier.sol @@ -43,44 +43,53 @@ contract Groth16Verifier_AnonEncNullifier { uint256 constant deltay2 = 8495653923123431417604973247489272438418190587263600148770280649306958101930; - uint256 constant IC0x = 19712575420668268335634440622054263372704657131549679423053748840610444649065; - uint256 constant IC0y = 21552018618280422667464008645151951952543569291144282502207358485399703168568; + uint256 constant IC0x = 7171865328513703290093700380380451739385788586354130557725671671306758284835; + uint256 constant IC0y = 15160988901383576473200213855983245130977503188173050431265741631039643989659; - uint256 constant IC1x = 21152648367462137565411101477610760889415992049938974004172633386627195379833; - uint256 constant IC1y = 17526913059347331839566720566403027766484314611214702153099182458740108823; + uint256 constant IC1x = 3084387037124888968906054526437397944607369603426340221309478427286378241883; + uint256 constant IC1y = 466692009472632412227422575571510864857515798042934045112835241921551265392; - uint256 constant IC2x = 5554249810657633166990745736699774333938659965451342592982728994998805456417; - uint256 constant IC2y = 9730676046857216859008721613182313555756289801254042508531677626774346999622; + uint256 constant IC2x = 21832264940508969407116160765601208248355133736795673808562573616973826318173; + uint256 constant IC2y = 17513865622302204578145142072242964680658195506435185515338697999465131372215; - uint256 constant IC3x = 16411770669872316544841615427270736472060848758458781353444450000872952405569; - uint256 constant IC3y = 3883712029134278704236321509155602434293779347341551692030084302663589933567; + uint256 constant IC3x = 12015675409779862456858459776469990615909895302707101975777128025909710875049; + uint256 constant IC3y = 2520892781547161601538120167223137961114737111406729888435197618701217196087; - uint256 constant IC4x = 7689756896440471053876099704125828625789315755353261183292592808881136591701; - uint256 constant IC4y = 8154637307804119872460314948142196702392444351248969101164117581937044926170; + uint256 constant IC4x = 18587338580725867825677477230134951065880542623566314115410920967489785517516; + uint256 constant IC4y = 21420226112439899782985709520125134654836350697076867144518818376075706925435; - uint256 constant IC5x = 12299330364713292827284970278663419727424821736280679334696618553775046366194; - uint256 constant IC5y = 21075649501958706881669057145213727696785798949405955661717827102964559861134; + uint256 constant IC5x = 18346549061396084692847221708184331260051262422967450576733753481236492888092; + uint256 constant IC5y = 633678319913138336192943173886371080587792382475177160197178800699073737695; - uint256 constant IC6x = 10141596242461404912518109964401084678967632289314439332839020401548328603774; - uint256 constant IC6y = 18596814881249233508292216013928301485171008828816753337887644078332357068446; + uint256 constant IC6x = 15514772902364296574205078627736326288883089283745048573804246962058079873557; + uint256 constant IC6y = 1394197625614777654031366434591548394543950554494358685957018689229660853575; - uint256 constant IC7x = 5614211990972664557080527725484506953288266319545848669045886717392583866765; - uint256 constant IC7y = 13622161010194655100671746578655460938884567062465471617156602291997657595529; + uint256 constant IC7x = 16806786020637006306786960369076775679377041920806079893283199359601728188047; + uint256 constant IC7y = 7411897025668958146789418373160957758956645515920701058704613059473583938439; - uint256 constant IC8x = 6674121637621268879341351421207312207401087947460600984859920407988595702356; - uint256 constant IC8y = 10297122448001673280362835411108103427153986449726570946470743159995277939236; + uint256 constant IC8x = 19018133878713314349758532819088967051326614327028573516334511747113847292530; + uint256 constant IC8y = 9877630889165761579247296300368869133011487886615672260442723260497640161991; - uint256 constant IC9x = 14487240002804256779858245326714020924079439763932772957979292163240955688212; - uint256 constant IC9y = 16988309562312141308802604991498243717875695442329729574872217613083014315603; + uint256 constant IC9x = 10767786868330800120105196501607321338228888213304687234183402295397263198094; + uint256 constant IC9y = 6019304260155989652844712735958857170410842538847088443761410076894957598387; - uint256 constant IC10x = 331827925163768778062537710925718807691608177755963956359629993337951014752; - uint256 constant IC10y = 2715351447505382739630038777112973934297452331505048219000306694702162071453; + uint256 constant IC10x = 1505415316604755207127167367509090828253238030863717428595372929062841294642; + uint256 constant IC10y = 15576511224449925043716733649200226332764494096523179313664988851737446263390; - uint256 constant IC11x = 13128076096956955897155413586102975697915976403573738208997121798160993905747; - uint256 constant IC11y = 6622341877451948745754498349942713396142692080087407135054018744590375773156; + uint256 constant IC11x = 11350863237254989736684670387882645815396381623210736835421534659894890674850; + uint256 constant IC11y = 16286149570223574421139051231332214489084057970766222780431895095582201480175; - uint256 constant IC12x = 6241746058410361502439758570169395071225249678440416671369691972243849981950; - uint256 constant IC12y = 9239330025746492103538814672852590060964426378580885726917297781331433247737; + uint256 constant IC12x = 7451628250668181305280701888064824846978152009744420355240144648812642407336; + uint256 constant IC12y = 15936005158368160846313683217538494908244490784117984880368453648065515023911; + + uint256 constant IC13x = 6686413412529197180696873383139717022076724166313051457947592231187870145140; + uint256 constant IC13y = 1497406026079419977690750812932970362785235177787112328312491862602145590536; + + uint256 constant IC14x = 7772549737172193473908663974458932734834195419159040157600433771144206321357; + uint256 constant IC14y = 16378591475564435647871798005772579246008315305784601998199949074907153910639; + + uint256 constant IC15x = 13119566302351156728138299811993016524473146429243176521298671852157284998237; + uint256 constant IC15y = 16574498854084276113707136023151636502896085017309379147845117906554354077783; // Memory data @@ -89,7 +98,7 @@ contract Groth16Verifier_AnonEncNullifier { uint16 constant pLastMem = 896; - function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[12] calldata _pubSignals) public view returns (bool) { + function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[15] calldata _pubSignals) public view returns (bool) { assembly { function checkField(v) { if iszero(lt(v, r)) { @@ -157,6 +166,12 @@ contract Groth16Verifier_AnonEncNullifier { g1_mulAccC(_pVk, IC12x, IC12y, calldataload(add(pubSignals, 352))) + g1_mulAccC(_pVk, IC13x, IC13y, calldataload(add(pubSignals, 384))) + + g1_mulAccC(_pVk, IC14x, IC14y, calldataload(add(pubSignals, 416))) + + g1_mulAccC(_pVk, IC15x, IC15y, calldataload(add(pubSignals, 448))) + // -A mstore(_pPairing, calldataload(pA)) @@ -236,6 +251,12 @@ contract Groth16Verifier_AnonEncNullifier { checkField(calldataload(add(_pubSignals, 384))) + checkField(calldataload(add(_pubSignals, 416))) + + checkField(calldataload(add(_pubSignals, 448))) + + checkField(calldataload(add(_pubSignals, 480))) + // Validate all evaluations let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem) diff --git a/solidity/contracts/lib/verifier_anon_enc_nullifier_batch.sol b/solidity/contracts/lib/verifier_anon_enc_nullifier_batch.sol index 1545642..53b49d2 100644 --- a/solidity/contracts/lib/verifier_anon_enc_nullifier_batch.sol +++ b/solidity/contracts/lib/verifier_anon_enc_nullifier_batch.sol @@ -43,116 +43,170 @@ contract Groth16Verifier_AnonEncNullifierBatch { uint256 constant deltay2 = 8495653923123431417604973247489272438418190587263600148770280649306958101930; - uint256 constant IC0x = 15463228992890913407256271912655902703204304471203583418871710110367568509017; - uint256 constant IC0y = 6081643586730902920310484720784368541485121289118172242921785599841793039397; + uint256 constant IC0x = 12126744414123145446927544518860644117520956174461536844904979731739153937319; + uint256 constant IC0y = 9695184835202931902032395296633846848346566651202119425523352011687050447653; - uint256 constant IC1x = 7690092334332803225358122531593469612638564706239742127383115275750637128544; - uint256 constant IC1y = 4070716537409257501255053424367331199883828899205760134468805014488240593235; + uint256 constant IC1x = 195592937835855475172740086869646488202858994940627750986459540968521127076; + uint256 constant IC1y = 20133094631443294605453490663465191307905205631306063705224666266432847314101; - uint256 constant IC2x = 1897861027150832646882538023040630326718005087509077431813937643855057325512; - uint256 constant IC2y = 1439104093149456820519872532162098266586027883053410812354650892557521752658; + uint256 constant IC2x = 609379390311908960003738861564802384037207126281378208589622790217906675428; + uint256 constant IC2y = 14024044248311930231657958997658229326035537165238311551943681440974095988896; - uint256 constant IC3x = 4247406668949246815522915881558097313801033425260638984520747823588066294010; - uint256 constant IC3y = 384187583735544539895332388057505134919889393310645722394574257594265340544; + uint256 constant IC3x = 14475258944672930562917429258419275006330018007564140466732576979600095527986; + uint256 constant IC3y = 8383831786003410168382306689982076122231122079851574658280916054063860804082; - uint256 constant IC4x = 2163280919944916722705407124486638913202715101976337577933948527523763136316; - uint256 constant IC4y = 17743925429712862815908467894864768203059146362469259706665186071908793546304; + uint256 constant IC4x = 2753592531034501021865774444348121286705967891727631798687428893089756717516; + uint256 constant IC4y = 10956196239229551190326394756148632499327174891582324228559177700070138627435; - uint256 constant IC5x = 1619258089617143478432432741785464751663918498436908219039181629518309232037; - uint256 constant IC5y = 11630616902607787050358650172682737668169372249533372501954846248236883577037; + uint256 constant IC5x = 20694727281247008058140870402913983925603757764003248536372865152419453726184; + uint256 constant IC5y = 632675084443897428190075680269855858382656311919806104466344079557191993970; - uint256 constant IC6x = 11856397151368437471647436909385425738968114143993909218432032948582691038255; - uint256 constant IC6y = 678272634636435534137608607645423344933204026891856980589563368261431859655; + uint256 constant IC6x = 15429847497402072415689042470309154270994030517871107730087057583238557913338; + uint256 constant IC6y = 5432278756669468541861545244015645582266245449985525214546028390310773531354; - uint256 constant IC7x = 5770940534172849936200191790166968674512475692082635469024125098067660874340; - uint256 constant IC7y = 5796891932643059731209408355543252398184249413054025674322014797701901199161; + uint256 constant IC7x = 12596502105325655558267857046382181213663420017501532384280652854282498583279; + uint256 constant IC7y = 10333147987837832448849674060620143310129669614798565710383011814099409472027; - uint256 constant IC8x = 21157884469337147167484623772858155700668090233318692577599491819791268263103; - uint256 constant IC8y = 11319817801893944559243060679771033423769978982984416308930737959593420067187; + uint256 constant IC8x = 19706927842290699304337091536861015009104078371247908023635836241791720370976; + uint256 constant IC8y = 12152105452911677618830339171375361924352461862712516323327576003984499587771; - uint256 constant IC9x = 17155601633062182536973842836383359711305654711820090042777274053320592459792; - uint256 constant IC9y = 4153339199036173911292560028271096884640710297588841704979849414084725739989; + uint256 constant IC9x = 16502342806517603727453825489628207300342455950110654028899078381918045746715; + uint256 constant IC9y = 5759609699403129611200125092383023856891064107714256272998295476995274119975; - uint256 constant IC10x = 19502162444772235516642339462161346484221330878380009887837212894180467490090; - uint256 constant IC10y = 8746377545292087029262304097721851587587533642816798045978033468894796298271; + uint256 constant IC10x = 15221251781596258119997351899631148736262625069933837816302411218064388784101; + uint256 constant IC10y = 21714792109295217531628722325832557564632293527405759778556005756241745940902; - uint256 constant IC11x = 10492727340495605431811280843573770802173281509627577093132502224855941607786; - uint256 constant IC11y = 12593957599668519647646623252624235771356540353621190049672109046663132567393; + uint256 constant IC11x = 13518783476272320621059295563539618751199322165040898390459311820772920006328; + uint256 constant IC11y = 20348572405520834933650462837534509197678154321262996827351132403485707735007; - uint256 constant IC12x = 2141055855219834142007696005384065075492349785073794976665158196389003189441; - uint256 constant IC12y = 17406300413981635438953802745917216957016698564219386571963271017518080214467; + uint256 constant IC12x = 3085516350134090993142344171310595321303355811767747642909734046142759413333; + uint256 constant IC12y = 18292877018001033289323482707732762697493866308762540047493452370416598882671; - uint256 constant IC13x = 19032830625159879771752338038675350316929691880552436444519236054639916485885; - uint256 constant IC13y = 12903015174084070036198447168709051493274452823678667961495604360873262456786; + uint256 constant IC13x = 20415604312840579619461394202638369951741974304444342076923070910792744270166; + uint256 constant IC13y = 1274709640988443541674157446934369153698888932825153138931739737641414694825; - uint256 constant IC14x = 16371683632587610030576224024875254515874360648746009582599446538505985845307; - uint256 constant IC14y = 11173673008313918399612751353743129118083339259017536663266638097162487858620; + uint256 constant IC14x = 5858495509291051391546986394308939271118066275102133287209201740349735192015; + uint256 constant IC14y = 14561847678802194093246461244839677155048289046064941818821298670851532929175; - uint256 constant IC15x = 15737548200096487165947831292170304880183367558719053011425105902130220221758; - uint256 constant IC15y = 17935613113686543895175918584771321696813538867893834513577602284559153945408; + uint256 constant IC15x = 9907641005437705469547042991575734390388809601076326909237625045131034319622; + uint256 constant IC15y = 19228656501051437063502091175033925062642380193719554208510346953512647375465; - uint256 constant IC16x = 18944733370869458467936382884278952997679539994012239122340654508303854835845; - uint256 constant IC16y = 15129624232037524523766906312590739384074339500781885555180217280630980807979; + uint256 constant IC16x = 15683266867669391751788871262440210660433189459096145429401999628086509910994; + uint256 constant IC16y = 167032798777044716931677543915419096661362132560388266364782869921944477073; - uint256 constant IC17x = 766879213842683919337084764327101390445760653210017226852735122564521980106; - uint256 constant IC17y = 13257194366329105926979110483114146395805993555097867134185789623853915836985; + uint256 constant IC17x = 14379095517200257325173372890767390667862742491742696929601242603656637834384; + uint256 constant IC17y = 19300151202444669113633208264532627998474371658767796608943018449744115979864; - uint256 constant IC18x = 466834947469548587015244622123248056190476516827510567771023410872527806519; - uint256 constant IC18y = 19073602954069385500938225445649671911205643444983500612737255746611614950303; + uint256 constant IC18x = 19979595040717998606962225834005938237531481513259865988215018262605224517880; + uint256 constant IC18y = 21832910879168436184260345537048484374140139897617063690564706843941073502156; - uint256 constant IC19x = 17648949249985332116986320075129441784946087962808100600088809464478557448096; - uint256 constant IC19y = 21066315663090040597626054677994311826852899593331220450852631484801939023727; + uint256 constant IC19x = 8226426957042014569991432650455316949765932564299138456555947664857114623439; + uint256 constant IC19y = 6228408145117381653549320958239734390061251228728720735702635598241136382652; - uint256 constant IC20x = 20154598293008989566712339828669128400118781474137050820769849877249304503719; - uint256 constant IC20y = 15496920822463556703581064294717331871146167137627219477973885063073492653138; + uint256 constant IC20x = 17772049787279101603624397097351662093398629430679036525849489583491916545941; + uint256 constant IC20y = 6754896174898647897440194918577444380308237651917088540483028012130071465948; - uint256 constant IC21x = 2324404389181201284864046287742150257907858884919451986972847726132386478888; - uint256 constant IC21y = 18134091977179255262951024580719856195604717288045403200882669041767528019153; + uint256 constant IC21x = 12428668390308036975156424643882363758080198297785963375946287369862732125338; + uint256 constant IC21y = 7754229916510745472520198965378403757343034624927137610169519146053204953496; - uint256 constant IC22x = 13221158529900749092192403410247720061249921155486754588343968542295912904556; - uint256 constant IC22y = 5028152056563650345537782053038682532283749227333291047889444926654818553282; + uint256 constant IC22x = 1151593409168857067491034330441560752818628055677134980028730195638046983154; + uint256 constant IC22y = 12238796633655133229171421264868652590324604792233399738876498509127150935586; - uint256 constant IC23x = 19361641654406595295525840785289520677449987795910033166894352349186921404440; - uint256 constant IC23y = 10650981683931869840049161361062935794760639354500379916723750499138676334844; + uint256 constant IC23x = 15130553149239877848171470204612941417069785217509981487672396229892643378048; + uint256 constant IC23y = 16099406353286235569807649940674558048574755883258872577176185277811179253351; - uint256 constant IC24x = 11148283475053323553211040486718325234959050263310938469899343323289033646909; - uint256 constant IC24y = 3109004693780647674006249758989929090923302709028884287247288297028214451989; + uint256 constant IC24x = 3794745696420163629058946455956008692538593039450146927979252667276878344635; + uint256 constant IC24y = 13521345602435249413225916136398623110469993915904908805128428652627696269000; - uint256 constant IC25x = 13228357596868509323150572957775844911612210741725650349702162165507904750898; - uint256 constant IC25y = 6331432384044620993460078250696905421162322835257350537296378202567121643631; + uint256 constant IC25x = 12972999372467026203108869807300469886972394303736354207616238357759320843869; + uint256 constant IC25y = 110817155195077381550608470818272201981579466679958649026939036130976959129; - uint256 constant IC26x = 9536375111163305409151475098581692610659685731562165281574114090536689951418; - uint256 constant IC26y = 9038552082961206589631129524924598934056043439597158013469625214978143001100; + uint256 constant IC26x = 11351987952539946970678101437449176359792007487358798597473939591460664122408; + uint256 constant IC26y = 1308124816220407348542397349028779400655687187740795098032329552311132540023; - uint256 constant IC27x = 8844438162532508945581808751476500747305933630010310294265168458587341146748; - uint256 constant IC27y = 12351730175630032342235309720309605330011746933984028737009670971810498581435; + uint256 constant IC27x = 6347411655408647494979217671534610942549776678980729506377609014193036126452; + uint256 constant IC27y = 7650341917145132808217914696212924364920359501843941028327806385968924055369; - uint256 constant IC28x = 890093037798729429015514465180574619659335658459970475515347887554928607216; - uint256 constant IC28y = 3321203689472727739933204766233295262326623168468132630828838742083531545396; + uint256 constant IC28x = 2241979173525358989962235321215348074120583391280990146670854896634571001132; + uint256 constant IC28y = 12185388424274874369299686917985366094479590786809423606708624138284993838412; - uint256 constant IC29x = 894376188310087732920965947612568506834752896038979836462341779500867941506; - uint256 constant IC29y = 8608004138419721497755714589979878275974393904523232633132083164800041862950; + uint256 constant IC29x = 9735885194340002038427422932616677437854464253276355235258485361692033205001; + uint256 constant IC29y = 21257134599531732880615697459431269975454138566860287614597128553986677458275; - uint256 constant IC30x = 11044931439964914456344334341371494069878373560303210878419944483124170473203; - uint256 constant IC30y = 9803427855593328173483023013452443696485604414496416903172860867880720274417; + uint256 constant IC30x = 6412512253306584960786699140269842400589756139861876211328703556265682364873; + uint256 constant IC30y = 8581407114773955546646978840736423622848412760263687116910154515793679605244; - uint256 constant IC31x = 1684103584023867101860046558439190165716975237508236450519282487084361635734; - uint256 constant IC31y = 5133408065911135276667071999828368466267845111169710299435079940536432113214; + uint256 constant IC31x = 12178025225657053132665080940983731293612665002217512418283569056581120597462; + uint256 constant IC31y = 9607455014410621145198574027726039505738635719236281427844203271758404744637; - uint256 constant IC32x = 4338534039647724941082052989726012587859023977099240507207676336872464936054; - uint256 constant IC32y = 16897374641288201732671683609162272649324322852915208569511172322936944220689; + uint256 constant IC32x = 18085529495250116381253041145751943562444111566259228718399282295363598571826; + uint256 constant IC32y = 8782823250887339530756219046446889579146907517254987922714625664444135020715; - uint256 constant IC33x = 9170416470183524991008272907301201709743366647977411580114896261165534711616; - uint256 constant IC33y = 3690044898492576264147530421921970583305121687878000452671756007226539391733; + uint256 constant IC33x = 1684455964508238999037002157840252070214964666015086949858287180375841490215; + uint256 constant IC33y = 17317823021755689870171330660384352287541747050385661387955290054027403355027; - uint256 constant IC34x = 8334815801605428511890555908274200358088845436285928522753824970808649461924; - uint256 constant IC34y = 12560518115013611619606981133430503709544765639252741401402558626147052803884; + uint256 constant IC34x = 18856569786292380354208383060243350821329696637837390533524190265472245806265; + uint256 constant IC34y = 15170385454602492244681441975340956197395228417205548910355740362616203767205; - uint256 constant IC35x = 19825884431345163793705281160397189448823019129369075206515699595090927399070; - uint256 constant IC35y = 7994765120516944787797908101755469459475652122106465411690195168496698193539; + uint256 constant IC35x = 6785131565994547463443700779542841839255892841358327938723286020427767742379; + uint256 constant IC35y = 20646141934315263891703794412883175937007598956830529048607441435267188352006; - uint256 constant IC36x = 8596966023108930042949859388566908182935873370403952072939322045302182518981; - uint256 constant IC36y = 5807387851106953848587697067446771376304295390995987291509842895574618702671; + uint256 constant IC36x = 6142112958288288713721741987103643316152324184749373138621669384860357362760; + uint256 constant IC36y = 11477690672876208127297157941674443659023591957852535964173518338911594550233; + + uint256 constant IC37x = 11576205874089682561141608979153392853349589278479920557765688886550510217158; + uint256 constant IC37y = 20636343449556485913175020331073900113337601414770678635262733230661106311850; + + uint256 constant IC38x = 21269453497471835097480790967495702218084039255130168071556327157478305808777; + uint256 constant IC38y = 5558133198433894177562744499152791083414114634148997050934566673629137061765; + + uint256 constant IC39x = 21390235838909311153232942303825483037076887135821993796282105744561739700802; + uint256 constant IC39y = 20595831866461058789401812156840704130288771913324404760914744933513888205949; + + uint256 constant IC40x = 15108968727023597717708181716312456040954708879008242072671403834209124126750; + uint256 constant IC40y = 21642362401012076623505143315610051538418868156813229541212544750053727665811; + + uint256 constant IC41x = 4676921041249368691385772973394433123525348781391629077041073696446952307853; + uint256 constant IC41y = 3455150633426287414331416575295821544544983286252435425896827676498333277639; + + uint256 constant IC42x = 11473615547431627715479084652307953876948759423304237083348566005440424613537; + uint256 constant IC42y = 11880397112407624959975296336174025329790822775528008256584164936996730043462; + + uint256 constant IC43x = 144280706472074616974111776963484785112293106689209428729696289517621396884; + uint256 constant IC43y = 5004797331399302171724998314688238671269525162831195827603563550926662143284; + + uint256 constant IC44x = 17937416577514179595555992349206950762346371377579337327375956989789185992781; + uint256 constant IC44y = 4706562120275640760035956575698254411341146065775454615083503549390428106814; + + uint256 constant IC45x = 6028502846265846157872138351926649108917378358004468502772419077751630260813; + uint256 constant IC45y = 1610605450716392777245163633677702348842710813982929295353634279862192986405; + + uint256 constant IC46x = 20141063340663189157054944434716958785175455085953456315504103557589402942560; + uint256 constant IC46y = 9420394857968479591478925576412437572728677224019988076827804618584163934194; + + uint256 constant IC47x = 18127069780096155830535755947830466630223230157049798571956174928085658798273; + uint256 constant IC47y = 6801063294000630374892835246016369983130409633044568041486837112693654055188; + + uint256 constant IC48x = 16182149093020958269594216045958105379538178453077387255279216324992015353251; + uint256 constant IC48y = 18316160889706950958969261837790035928674150206769644239725665787161636476483; + + uint256 constant IC49x = 3949908026086772315804919653711079994687298466353733764853664258194473256369; + uint256 constant IC49y = 3942564944144782203828107633618433107646509102323544673560261314511736786477; + + uint256 constant IC50x = 11227539341683934358245829885986203493424842258885732580499528444033926111411; + uint256 constant IC50y = 2641993489708465125648367588994825770902172935404386157992408160259561200325; + + uint256 constant IC51x = 15530708669345166982359883868765494131144955712473005394067986833015574932209; + uint256 constant IC51y = 16854387299972883130761390411793023064332059279533287092365273012880855620231; + + uint256 constant IC52x = 19879013054445385110179746397531206765963581460620226886063673937947628876243; + uint256 constant IC52y = 15699452951014667449248905102891447844972474113563121447359114087748893469079; + + uint256 constant IC53x = 8194440531815176404130697978708824056023090090624701927747808763629794457402; + uint256 constant IC53y = 17019120385819361075347135636850402270968347150863260476373100439757997339675; + + uint256 constant IC54x = 20512293947868579324477132529274423882298893397674273690289712752649033483380; + uint256 constant IC54y = 3856141993745158011335649033542760011301158064001661677116221331112179681778; // Memory data @@ -161,7 +215,7 @@ contract Groth16Verifier_AnonEncNullifierBatch { uint16 constant pLastMem = 896; - function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[36] calldata _pubSignals) public view returns (bool) { + function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[54] calldata _pubSignals) public view returns (bool) { assembly { function checkField(v) { if iszero(lt(v, r)) { @@ -277,6 +331,42 @@ contract Groth16Verifier_AnonEncNullifierBatch { g1_mulAccC(_pVk, IC36x, IC36y, calldataload(add(pubSignals, 1120))) + g1_mulAccC(_pVk, IC37x, IC37y, calldataload(add(pubSignals, 1152))) + + g1_mulAccC(_pVk, IC38x, IC38y, calldataload(add(pubSignals, 1184))) + + g1_mulAccC(_pVk, IC39x, IC39y, calldataload(add(pubSignals, 1216))) + + g1_mulAccC(_pVk, IC40x, IC40y, calldataload(add(pubSignals, 1248))) + + g1_mulAccC(_pVk, IC41x, IC41y, calldataload(add(pubSignals, 1280))) + + g1_mulAccC(_pVk, IC42x, IC42y, calldataload(add(pubSignals, 1312))) + + g1_mulAccC(_pVk, IC43x, IC43y, calldataload(add(pubSignals, 1344))) + + g1_mulAccC(_pVk, IC44x, IC44y, calldataload(add(pubSignals, 1376))) + + g1_mulAccC(_pVk, IC45x, IC45y, calldataload(add(pubSignals, 1408))) + + g1_mulAccC(_pVk, IC46x, IC46y, calldataload(add(pubSignals, 1440))) + + g1_mulAccC(_pVk, IC47x, IC47y, calldataload(add(pubSignals, 1472))) + + g1_mulAccC(_pVk, IC48x, IC48y, calldataload(add(pubSignals, 1504))) + + g1_mulAccC(_pVk, IC49x, IC49y, calldataload(add(pubSignals, 1536))) + + g1_mulAccC(_pVk, IC50x, IC50y, calldataload(add(pubSignals, 1568))) + + g1_mulAccC(_pVk, IC51x, IC51y, calldataload(add(pubSignals, 1600))) + + g1_mulAccC(_pVk, IC52x, IC52y, calldataload(add(pubSignals, 1632))) + + g1_mulAccC(_pVk, IC53x, IC53y, calldataload(add(pubSignals, 1664))) + + g1_mulAccC(_pVk, IC54x, IC54y, calldataload(add(pubSignals, 1696))) + // -A mstore(_pPairing, calldataload(pA)) @@ -404,6 +494,42 @@ contract Groth16Verifier_AnonEncNullifierBatch { checkField(calldataload(add(_pubSignals, 1152))) + checkField(calldataload(add(_pubSignals, 1184))) + + checkField(calldataload(add(_pubSignals, 1216))) + + checkField(calldataload(add(_pubSignals, 1248))) + + checkField(calldataload(add(_pubSignals, 1280))) + + checkField(calldataload(add(_pubSignals, 1312))) + + checkField(calldataload(add(_pubSignals, 1344))) + + checkField(calldataload(add(_pubSignals, 1376))) + + checkField(calldataload(add(_pubSignals, 1408))) + + checkField(calldataload(add(_pubSignals, 1440))) + + checkField(calldataload(add(_pubSignals, 1472))) + + checkField(calldataload(add(_pubSignals, 1504))) + + checkField(calldataload(add(_pubSignals, 1536))) + + checkField(calldataload(add(_pubSignals, 1568))) + + checkField(calldataload(add(_pubSignals, 1600))) + + checkField(calldataload(add(_pubSignals, 1632))) + + checkField(calldataload(add(_pubSignals, 1664))) + + checkField(calldataload(add(_pubSignals, 1696))) + + checkField(calldataload(add(_pubSignals, 1728))) + // Validate all evaluations let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem) diff --git a/solidity/contracts/lib/verifier_anon_enc_nullifier_kyc.sol b/solidity/contracts/lib/verifier_anon_enc_nullifier_kyc.sol index 377364a..a8b5c75 100644 --- a/solidity/contracts/lib/verifier_anon_enc_nullifier_kyc.sol +++ b/solidity/contracts/lib/verifier_anon_enc_nullifier_kyc.sol @@ -43,47 +43,56 @@ contract Groth16Verifier_AnonEncNullifierKyc { uint256 constant deltay2 = 8495653923123431417604973247489272438418190587263600148770280649306958101930; - uint256 constant IC0x = 9571444203847882263349163823295111750012388583457810565732023354927681835330; - uint256 constant IC0y = 8269430673392355800760839451470053559913816443341643262118006327992857911204; + uint256 constant IC0x = 20190008737197394450342108694091338568135578498705703052207100846737147771508; + uint256 constant IC0y = 18598201807933691587559529080991026720330392609151625239622109760005685213067; - uint256 constant IC1x = 4171425333877223863056817685674841454723358686631303251580406544847360463144; - uint256 constant IC1y = 15508434706912610115961511481609592716639093445421134335652880195025374357944; + uint256 constant IC1x = 452139730047001491535774769574376048901142363466012203113053837887098221240; + uint256 constant IC1y = 13658069816340688216031892919771477183715607138270132569610223992086459291779; - uint256 constant IC2x = 2805234997490797748511701790284534458659062187129667755544299868178828988756; - uint256 constant IC2y = 12737871927823892823240455203969207068418359360382939881586564793007265918634; + uint256 constant IC2x = 11669592363904336123147793129704111667124410995913742542844393202522824384133; + uint256 constant IC2y = 2129828274111755038359532307450490184933143179791119510470279863460174053208; - uint256 constant IC3x = 10037927645989308427370729946962854922194022862178974033089345641900642443287; - uint256 constant IC3y = 1869974150112738935511161628734764742128849823652210548167483049626273686915; + uint256 constant IC3x = 5602520055221798217852910005981059118735291244544863913087079277844381774053; + uint256 constant IC3y = 7726036063333401533144228011207326932588220311717018715578006508331000287817; - uint256 constant IC4x = 20687486203577926209406522416577489369623505298901447042889614462294165837937; - uint256 constant IC4y = 2451926520013626473243440086333573559066473857550647156934680886755185047100; + uint256 constant IC4x = 6072157368296199502061429238559064959224878744730210919572391729526656729676; + uint256 constant IC4y = 4396342922072404817552790123329348653983654878359756160338991902928904020767; - uint256 constant IC5x = 17506157096475522989244923493066068666613854999605413994180693698287006754601; - uint256 constant IC5y = 18337141315691397667266548067044460253572013083720894042089481649614687489349; + uint256 constant IC5x = 14156444020699427007396523765579676190302247297633651840365755554480657506994; + uint256 constant IC5y = 2881585601062356032052344229762934155665470619310149307816022512770496579212; - uint256 constant IC6x = 13169264733918854243504094459072017908892434194925230289069972473474865423260; - uint256 constant IC6y = 12873033270668213434072395062604551402080299183418425353301844285688316634747; + uint256 constant IC6x = 9358173501594313028986369364273485629339361346113755970129286915338770046017; + uint256 constant IC6y = 13384389474884560654773999400020608975692705219594212374206662773259083468823; - uint256 constant IC7x = 4139352737455682815820399999502807530902270791132588001997383898128565726560; - uint256 constant IC7y = 18130358037765445238866373406538395199727660880929816773059128417420908294103; + uint256 constant IC7x = 14065806997763568929014806532831294339309631956437145603843703478380691197500; + uint256 constant IC7y = 1687305135103805962026175705339802858788468976159872593451010969624096085402; - uint256 constant IC8x = 10242723724534050633824073816542552050545643197784462676335615048377039832420; - uint256 constant IC8y = 1522077533586266907104192963207500158509684879768383246564448114116860886045; + uint256 constant IC8x = 9926610124142437987886950959946429216445771850541529210620246513398511687976; + uint256 constant IC8y = 19502865377786189863697059376790350920703694340906636204501830435181993622220; - uint256 constant IC9x = 9331953561001587156072982617181494822635260561293948857418310817015123003664; - uint256 constant IC9y = 21434180133029315517714324102175079176171466970274711902142297829796086888419; + uint256 constant IC9x = 20202496612886706972728070168467780317520786329990263116983954505480252669124; + uint256 constant IC9y = 913586774577507188230910872703557858180540085501267099041510624577736818444; - uint256 constant IC10x = 9864640468360420795111662135353906469273928885319595720979255522131895987062; - uint256 constant IC10y = 4347845420812651539643028407865491584531559916191524645768616247857747093924; + uint256 constant IC10x = 266278504835704567488781146768665494860951993308633063784954130573281237215; + uint256 constant IC10y = 2705526920088398580864915394173201881547745998451271955180647659470935759026; - uint256 constant IC11x = 12816855581744969923196393315369134257252339197623955937790101684782832727528; - uint256 constant IC11y = 10852386397854977410896573210092846697497925902496902459833247615681245355742; + uint256 constant IC11x = 1150624403544560144697842282547677965958865873924009049840449265122527450897; + uint256 constant IC11y = 2724516316035952928352656968720561599106380710401940450252385609550641895905; - uint256 constant IC12x = 14713198324057425181537280290297404746877953868974288063529731081142062871032; - uint256 constant IC12y = 12697331297870828686780559216672799476293214005074082773567772130976271883336; + uint256 constant IC12x = 6415803768033221091455097928212215437695034131747853061147487425545026770551; + uint256 constant IC12y = 16246443751013967544556252590900249372263924353922568489267825578174001055; - uint256 constant IC13x = 15748313782243366848688530768530734630700786383695534160287365098087100629526; - uint256 constant IC13y = 19624787309979166735737404819294173148608360816934232838701010568600344101162; + uint256 constant IC13x = 15362136016566638974392387943924303320566554984973627142090315874098276162948; + uint256 constant IC13y = 12045497701488042756223977093441513681724756561681694654028210754872237560091; + + uint256 constant IC14x = 851199703448569646817260303478184435364430795694990453617924138405538051073; + uint256 constant IC14y = 12946466316772451490596102009978657497675437325340719204986803177959608723364; + + uint256 constant IC15x = 32697875031995482206558610095285352816496757317111207419861004689639953522; + uint256 constant IC15y = 299944843066286224755462589381457389641818411976194173762533229362772488245; + + uint256 constant IC16x = 7813691748167190362850964237044883316155748259819716238134403668032515123276; + uint256 constant IC16y = 16204491922723545729259832959950455311755157458533342319134684244887734211089; // Memory data @@ -92,7 +101,7 @@ contract Groth16Verifier_AnonEncNullifierKyc { uint16 constant pLastMem = 896; - function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[13] calldata _pubSignals) public view returns (bool) { + function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[16] calldata _pubSignals) public view returns (bool) { assembly { function checkField(v) { if iszero(lt(v, r)) { @@ -162,6 +171,12 @@ contract Groth16Verifier_AnonEncNullifierKyc { g1_mulAccC(_pVk, IC13x, IC13y, calldataload(add(pubSignals, 384))) + g1_mulAccC(_pVk, IC14x, IC14y, calldataload(add(pubSignals, 416))) + + g1_mulAccC(_pVk, IC15x, IC15y, calldataload(add(pubSignals, 448))) + + g1_mulAccC(_pVk, IC16x, IC16y, calldataload(add(pubSignals, 480))) + // -A mstore(_pPairing, calldataload(pA)) @@ -243,6 +258,12 @@ contract Groth16Verifier_AnonEncNullifierKyc { checkField(calldataload(add(_pubSignals, 416))) + checkField(calldataload(add(_pubSignals, 448))) + + checkField(calldataload(add(_pubSignals, 480))) + + checkField(calldataload(add(_pubSignals, 512))) + // Validate all evaluations let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem) diff --git a/solidity/contracts/lib/verifier_anon_enc_nullifier_kyc_batch.sol b/solidity/contracts/lib/verifier_anon_enc_nullifier_kyc_batch.sol index 4a00e5f..57fec5c 100644 --- a/solidity/contracts/lib/verifier_anon_enc_nullifier_kyc_batch.sol +++ b/solidity/contracts/lib/verifier_anon_enc_nullifier_kyc_batch.sol @@ -43,119 +43,173 @@ contract Groth16Verifier_AnonEncNullifierKycBatch { uint256 constant deltay2 = 8495653923123431417604973247489272438418190587263600148770280649306958101930; - uint256 constant IC0x = 11662660143860874931072351186047069691934558454076806957543648503057847943513; - uint256 constant IC0y = 10038348414197657683445922076295262289652998118153787101974831249817368174353; + uint256 constant IC0x = 2557045328174556474259602364787060617413037186775787740247120052256591101057; + uint256 constant IC0y = 8545914595700052385922827053758169584458550417191596397077967009342340172963; - uint256 constant IC1x = 8988535072375717724497491246352234049328213447683207989537377224470040054966; - uint256 constant IC1y = 8166282710103471067373199268434356717037308329558570925972507352895336171600; + uint256 constant IC1x = 8900866652413972639447801185066566440613708319253275484468074220706268630752; + uint256 constant IC1y = 18117300326867814101825535845382858738704176302675336121313760471944027618579; - uint256 constant IC2x = 18432294692910581759472826919355763187872967572458291145949908209816982819688; - uint256 constant IC2y = 21529300506719821524307516873688911621260384833976448337733933552847314256874; + uint256 constant IC2x = 6893165486528724258452539284348100242940680901205710094027141947523508922556; + uint256 constant IC2y = 11428083713288237383922201052960038086381204628185844551802602980459665852296; - uint256 constant IC3x = 614735613818836283841982905943976709929041752739745042789141794733265028134; - uint256 constant IC3y = 3860703814665496245605558172188863798062943606333015527826728127069465082427; + uint256 constant IC3x = 2787509042012632529212775966824220639705355486752580713355548540317374958318; + uint256 constant IC3y = 13559075319591979484148387886304036951246196260874348065387705986067180861572; - uint256 constant IC4x = 21110382318575147474338865721398707915802737103567042212867029114347240559300; - uint256 constant IC4y = 11477828230558650608120671853203757664438453457364362308796561794776172008451; + uint256 constant IC4x = 7981603848980165083052696916252376820361500997039057002907078064409646042704; + uint256 constant IC4y = 1631170154333774225978701321671377089584774646241757146636720110297678397686; - uint256 constant IC5x = 10955202528924804812958438713742990627683883390569205805287044297181502266729; - uint256 constant IC5y = 17858987609351477507179059147091144336664455743112357073106373084043189280164; + uint256 constant IC5x = 2718945106954835265374519388993004950467939770842588234333099827036921488036; + uint256 constant IC5y = 54129075547188978676123602750315602783350522469912352491032758031739397264; - uint256 constant IC6x = 9247132710507257341694745715536030078362897235873976845653448343004216578059; - uint256 constant IC6y = 4077530447461105776970121739853125425415755933636891068527434065606633343729; + uint256 constant IC6x = 10147624070030089461943558234086476925326752621677677347469962144928874051171; + uint256 constant IC6y = 14137637656464541694095908034649703224311668569886704894187366498167267119930; - uint256 constant IC7x = 9282229099621743758927934855838604257685882618355194980012233357617245438364; - uint256 constant IC7y = 15674736937935764122279448687928959717281418334634353011570533455984105715121; + uint256 constant IC7x = 14131833902483915573002378883085094517189637884537825125543294251780418938907; + uint256 constant IC7y = 8350712732464638756493234130405621139170404316430682690462953318721564280425; - uint256 constant IC8x = 9722132009325333783456053646735667902530261615407197523392160208704603988454; - uint256 constant IC8y = 14618244177095367221394852282157340600459069670233465954719723502618367220099; + uint256 constant IC8x = 6466504309236504330936004664742363699367258661498527049422417011059950380261; + uint256 constant IC8y = 10308743258353094916300411811569013911785525949453696511480625272875805213094; - uint256 constant IC9x = 973628821824034631277519892548216364093065392435755888383034381618210105026; - uint256 constant IC9y = 19130664929693827307694622317521885236690764504040079683400014381939179764886; + uint256 constant IC9x = 15034560127374538253652390881068026376032149277012915824928102233595801597871; + uint256 constant IC9y = 14933364448090705000296248910019334925480794867671226328859117405842595498286; - uint256 constant IC10x = 18497489122159836005440235191181397682168825652742401878718303497751950476573; - uint256 constant IC10y = 184674817624142463950860554146189016898202305618730035365532664689559015024; + uint256 constant IC10x = 1435567384244739999636752756588097453785728405750034036596678824485141706320; + uint256 constant IC10y = 21045412560666440575260065642431316733861600716932140912086713771905478605642; - uint256 constant IC11x = 20742886562308807174975673124416469858072816509700038966264317699622470845864; - uint256 constant IC11y = 6892841648413503913935428607180182195114904340636618216544980552932522306183; + uint256 constant IC11x = 20660910050407044985841964548615754563198335468098466571354791341814009582143; + uint256 constant IC11y = 17161276760446539174103283658490390916497070640753169765510233658752644125327; - uint256 constant IC12x = 1554767197776271090848221696659744029443606469011424330576588038599488901790; - uint256 constant IC12y = 17824173807300533295074190605171784659758705215735044173456990718107986673990; + uint256 constant IC12x = 14297221549426245599275426280912312242758539460442195637765479076821005351090; + uint256 constant IC12y = 7045746153755160132606239721075319853671165146167794961048168331481327369378; - uint256 constant IC13x = 8926678800934477977183437663176073269804039617131246226117210958642974831665; - uint256 constant IC13y = 7759817179292182986840792444788081906199101563123339998406609301418454149912; + uint256 constant IC13x = 6709297759563652448455456777394655766655295904612361150672442940274698264117; + uint256 constant IC13y = 604939571031743874843375836514454028390240836996444630147060119881962118591; - uint256 constant IC14x = 892387531981845359273038619022215455220935019529138222295972719463971685626; - uint256 constant IC14y = 21664606451742576757250844476052733616001992300681450622144236517957407335395; + uint256 constant IC14x = 1506931283257291434315981891710633368372940860477458257990053769650899625020; + uint256 constant IC14y = 16234509187615275824159269295900874844499753487293080637471224460931211356610; - uint256 constant IC15x = 11644738412527836785033238753051417149187120228925099428899706835198503714732; - uint256 constant IC15y = 20385101286516026017516350545863829411647430450169209244102096545003646405227; + uint256 constant IC15x = 3663986373923028376047433528346986422113085036111303782126649588832018217222; + uint256 constant IC15y = 2833212771516071304842292770750586061301584725053640822674852019170921553978; - uint256 constant IC16x = 6914380489103854988747068027174251954079888530380820907417133182165125002895; - uint256 constant IC16y = 16001027808620196049156676450902737881221224855685201356892867218134413591974; + uint256 constant IC16x = 9441974398462151962861519019668159526029441202966112923894683419951453007203; + uint256 constant IC16y = 20398645667686807455795531059467229874168827249918904721471455262548811448301; - uint256 constant IC17x = 14819004697379517927442020076999128258818136109044427450238213315710239729290; - uint256 constant IC17y = 18234035980915600023635619254964104942336216004642311690220730031352749295516; + uint256 constant IC17x = 9941969049637054555017138554864083807451665108028251180781197146279496720189; + uint256 constant IC17y = 12083041856346926425137954851405721196793285382115647784815644983516676101313; - uint256 constant IC18x = 10782655998802736438708390186837190841583872252631539739869717362042994127890; - uint256 constant IC18y = 6223193220871490512854223407339053827650007826976048957711920097140884329831; + uint256 constant IC18x = 4513953042000608174347593715577667089282919422419113365380162468063688775130; + uint256 constant IC18y = 17768548800782673039169889569716085142981878050151504480878715449322827273410; - uint256 constant IC19x = 1895164154807081669060491556433373630284427382709469252391398895819775411625; - uint256 constant IC19y = 15502891301545941170843587746206524939661082838133458062213752972874935576258; + uint256 constant IC19x = 12249598222891158199710492081231845984159762606864132240852548984852903893394; + uint256 constant IC19y = 8218081839064592605577365459229129812592277515386687488909134942995986616646; - uint256 constant IC20x = 13887414818061216296960695706977042112426565238817982814880739463438328917279; - uint256 constant IC20y = 7484477067983396480837362197475960184311309962467034141451929400540619439308; + uint256 constant IC20x = 6813471708188402912338247638719280180144768836532653959906749755180831733701; + uint256 constant IC20y = 10630452899956666539442022832713171293838832707279857274903723291215504725074; - uint256 constant IC21x = 5054771292297611149580407057004026930126834333985311096593522198136005344912; - uint256 constant IC21y = 9846301605360728746360669788291305483667978418447570933133518441453812077532; + uint256 constant IC21x = 4645195348559291511944588819754123347451366573885154192985637448206304620124; + uint256 constant IC21y = 16766206162461102255042753211815836900424951725074557637817692932957001273876; - uint256 constant IC22x = 6375011858346699471620766703454180460474959318906959854737520006721913377252; - uint256 constant IC22y = 3796913124771080981656421285118700913079563083089989934442241685039240456288; + uint256 constant IC22x = 612198738216091583770089992329981011003570889532673265272801632641592335601; + uint256 constant IC22y = 21009776677696441122580148742821355608472017491940177896149934304781750294343; - uint256 constant IC23x = 12664019414260530425201012729657179596363883228871830375986018330410576140745; - uint256 constant IC23y = 7724324759234305150098870450511243647469859115829862950119746163372770734859; + uint256 constant IC23x = 7845708505520385664103122252124442232529534143144281637399707935968372058244; + uint256 constant IC23y = 15192802321724721965923896418287287881746337425062951377408799115613924493192; - uint256 constant IC24x = 8414475932517376718246446511190686353933356473167597163507393977956520237760; - uint256 constant IC24y = 18567739092665780186541027431450016060501602309168108628165515395048109525145; + uint256 constant IC24x = 11044743356250821069784980936566426424857876182337346673003368733690232366513; + uint256 constant IC24y = 21968542138387545717894491159110633336985278011066255264274935509925404276; - uint256 constant IC25x = 3120359907362450985974214561527700848503852347080997608106866995365092938990; - uint256 constant IC25y = 15598034416975435647171366075254343399116960825160529831975796905883095316090; + uint256 constant IC25x = 15739104432512218764744514918039053175648927736786942938917098136624846456654; + uint256 constant IC25y = 11473837237244115867873717433248212843653746603581652183709166795371859623666; - uint256 constant IC26x = 7618398623080814369986094262260112943677198176279294076050134118180709564420; - uint256 constant IC26y = 6351701903764767447401679181425343449080736954061708171606650791995388240779; + uint256 constant IC26x = 12659745779361797715321216070590036668890759442977154045015864656515913110821; + uint256 constant IC26y = 15436857874387771595832460190912333282587447051076428904935035331068995068691; - uint256 constant IC27x = 7660149068846033504478826117178890832918932678832205596487410124265824854510; - uint256 constant IC27y = 2491826788761961957821876406677372156214488096819322910097327511124260678669; + uint256 constant IC27x = 9203173977602946543016875848991349465294047894411764290600412715281184637502; + uint256 constant IC27y = 8557329422378274647247494844347551526466632349826006833910662893194934281525; - uint256 constant IC28x = 20794838749313203903911030270946907016433597109553720174221656385211714777857; - uint256 constant IC28y = 17812498163364921099637863734271985783984365300073299650639268105274324002530; + uint256 constant IC28x = 21043592517032634711239990905884702982054744461304587368835062757863764173274; + uint256 constant IC28y = 1631750092321340715930642498551502008794205048320252109690579472702482883693; - uint256 constant IC29x = 4470726918138395764759380807649395990732471367466166253310755622776103465819; - uint256 constant IC29y = 17507663986159322748561449962825208817145248778005235057962503024107788565141; + uint256 constant IC29x = 1965593797962209845476914161340324215049454355711575611255794847486588198621; + uint256 constant IC29y = 20420112496369531484716420634051964705303428701409013107809743921895693778420; - uint256 constant IC30x = 2282738716454269120180527219287809294651441549016730273033210373774062724582; - uint256 constant IC30y = 9623151597448060795671840649081334455274395484568727058139159897873039048540; + uint256 constant IC30x = 14459258316049621520625093813598405781231837198148192657248564100568126911436; + uint256 constant IC30y = 4189670097301689361279714226734357198747625987495488973380038361744870962865; - uint256 constant IC31x = 17305720772558963560489472259732910387932131794541742579825391441778640282514; - uint256 constant IC31y = 17978483020480616572180687903365084753182987002773905082575771176385017798184; + uint256 constant IC31x = 13108879096940415310362336426378117914756114957855406964927612281735121697971; + uint256 constant IC31y = 13922315068161235910520981793423554652810239633897980696104312477364323289837; - uint256 constant IC32x = 7571937518121766238677733127868492321558436932028274617193759428484887548524; - uint256 constant IC32y = 13639634797327254842916621072030476726854653633267901223609159210218680193213; + uint256 constant IC32x = 3672774723765929810525726446377577070495042440381259398721824519467692223036; + uint256 constant IC32y = 5504189137877852784897136813364091880095479448638215793137890720712833089772; - uint256 constant IC33x = 20491321178426427862122967005183398251779924470644678424571372683050891038410; - uint256 constant IC33y = 11866037972312670211817727171740620564847008846992179291696597777640193650198; + uint256 constant IC33x = 17130781702453148735613043990802970337134477759322098512883706161057337504002; + uint256 constant IC33y = 16351907669841445135205102522017369314355429337431004692059562467792755202730; - uint256 constant IC34x = 7405036655032262031472090543721788457203124544189082692990295451049187204918; - uint256 constant IC34y = 17405807581678636956378393569562099137850325108621234185518676366335548019795; + uint256 constant IC34x = 12031667235281243664253700834599818547380367496538162959699982743848078891598; + uint256 constant IC34y = 6616306445409952843359602511870642177994574094251005373437394528227240955856; - uint256 constant IC35x = 12328260325084982532450273571086533395727110714550084687965119377605785323469; - uint256 constant IC35y = 8142505738758504286142612135433392554621238433204631934113088648731836869316; + uint256 constant IC35x = 10731123795727845951791321856155816019889142705311580809720843346374187513971; + uint256 constant IC35y = 16068650898493671048010070098850477199748100710010759421745286594693280298357; - uint256 constant IC36x = 21455489380416043414802439866337341338095098412697364482542368506991948195301; - uint256 constant IC36y = 177380340269897070531510667485546719600921933001020617304645726088643982991; + uint256 constant IC36x = 6502894893010883942423075381722837038696334248009036389776781991138833860268; + uint256 constant IC36y = 20790809673001992281463007604198705518066093384563083477497988619198326219881; - uint256 constant IC37x = 3450411197718861866556684118720127022485036312758274952373537023832934853655; - uint256 constant IC37y = 15542683513967475831837975619927185145121842635660806931638451693301339778065; + uint256 constant IC37x = 17893528808061411108476748553695245038781846398552576836224230715924125892190; + uint256 constant IC37y = 3396165818344392654074158537612720431771510878758650774669727330733546082337; + + uint256 constant IC38x = 10897508493118616620048369575610774538686816226070866208104945341887798715990; + uint256 constant IC38y = 3477357433659395048329281632040211062291869085580053535523965138254126524307; + + uint256 constant IC39x = 6232305602842554721699996063058147937412901964622386302125531286379410216341; + uint256 constant IC39y = 865167260793798759680935843664150177300892974890677439296402891134136533334; + + uint256 constant IC40x = 1896700859908460930091624595675776615402193748854462019745978620107291409907; + uint256 constant IC40y = 19538419883460717066552832903405877575081999780942435734967867221406789589399; + + uint256 constant IC41x = 919917946864295765320845049317324032542470918660595400102049568313393745259; + uint256 constant IC41y = 4905312417092777244239947166508788614667233335337264831713809305929873826211; + + uint256 constant IC42x = 11260058824584772528807061119314472338786531909501746400162839164183738065949; + uint256 constant IC42y = 9692558976165758378143630277186357355884473671639921608383879688904015447492; + + uint256 constant IC43x = 16500664765246509026092343746736878544449617806107262161088710179454171005068; + uint256 constant IC43y = 2318970865336931978806827275921781650216283891871191849842243055051647241566; + + uint256 constant IC44x = 15266083558060117092889105437693230282542989249077821947771936425702618705353; + uint256 constant IC44y = 5933912916741823626580572218992545666034550775510312837553273107032523100335; + + uint256 constant IC45x = 58707545314175203397280970210969715660178168988171479206762359173733595778; + uint256 constant IC45y = 18337733572288419475605999960151866998282044219653232437655934170784662568961; + + uint256 constant IC46x = 586233669714266072235077089672820057713553723712257638939984508768691446266; + uint256 constant IC46y = 5805420287012844261801028660062719860928333497295759197250699480287517497513; + + uint256 constant IC47x = 18533811404590119489507085680888268159057504006917018635283187815937097547211; + uint256 constant IC47y = 4105347632669743236449600156045402810957294409584662993772317423421882395967; + + uint256 constant IC48x = 7963255695223444100125880939097224728146759221469423275545846145917825941948; + uint256 constant IC48y = 13512044941955473329651037303898509853731877911390554418237190804988526456008; + + uint256 constant IC49x = 1246040208265149753842480934506849680611118792544861176402750181192234961189; + uint256 constant IC49y = 8563441033219483164633277222289522857294420978768986809528993427373045444984; + + uint256 constant IC50x = 2588594350644268564085849031861239502254810392738869347650201531798451495394; + uint256 constant IC50y = 15910783489501827060267126604385240212657463315742131285497095914663726625032; + + uint256 constant IC51x = 13536358811202144933899812454990919546110622582416000445508880943657060919439; + uint256 constant IC51y = 13636439389086566021867409527624225391658272934816689794906398506550354679701; + + uint256 constant IC52x = 3069052660704238265078596844313226533136449247403800942357593600286959491284; + uint256 constant IC52y = 2851907145042254355715210427589229005946148117819918992483522956786765330528; + + uint256 constant IC53x = 4532058296252955609362103735166225278277027937093609645966321436167953753849; + uint256 constant IC53y = 16885038322595100901701279116331564344696993077930991807708669198697751982536; + + uint256 constant IC54x = 21657088241609806957806596139919891483933646681016763066971961683666639010914; + uint256 constant IC54y = 5540503589899208339201031551963806514853512880214799648245011777415136792427; + + uint256 constant IC55x = 3180572821870628434033407206819005535080638863627732738600363337929557825472; + uint256 constant IC55y = 12213704425579070357451089645113850518215300513830671326650618723999697008004; // Memory data @@ -164,7 +218,7 @@ contract Groth16Verifier_AnonEncNullifierKycBatch { uint16 constant pLastMem = 896; - function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[37] calldata _pubSignals) public view returns (bool) { + function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[55] calldata _pubSignals) public view returns (bool) { assembly { function checkField(v) { if iszero(lt(v, r)) { @@ -282,6 +336,42 @@ contract Groth16Verifier_AnonEncNullifierKycBatch { g1_mulAccC(_pVk, IC37x, IC37y, calldataload(add(pubSignals, 1152))) + g1_mulAccC(_pVk, IC38x, IC38y, calldataload(add(pubSignals, 1184))) + + g1_mulAccC(_pVk, IC39x, IC39y, calldataload(add(pubSignals, 1216))) + + g1_mulAccC(_pVk, IC40x, IC40y, calldataload(add(pubSignals, 1248))) + + g1_mulAccC(_pVk, IC41x, IC41y, calldataload(add(pubSignals, 1280))) + + g1_mulAccC(_pVk, IC42x, IC42y, calldataload(add(pubSignals, 1312))) + + g1_mulAccC(_pVk, IC43x, IC43y, calldataload(add(pubSignals, 1344))) + + g1_mulAccC(_pVk, IC44x, IC44y, calldataload(add(pubSignals, 1376))) + + g1_mulAccC(_pVk, IC45x, IC45y, calldataload(add(pubSignals, 1408))) + + g1_mulAccC(_pVk, IC46x, IC46y, calldataload(add(pubSignals, 1440))) + + g1_mulAccC(_pVk, IC47x, IC47y, calldataload(add(pubSignals, 1472))) + + g1_mulAccC(_pVk, IC48x, IC48y, calldataload(add(pubSignals, 1504))) + + g1_mulAccC(_pVk, IC49x, IC49y, calldataload(add(pubSignals, 1536))) + + g1_mulAccC(_pVk, IC50x, IC50y, calldataload(add(pubSignals, 1568))) + + g1_mulAccC(_pVk, IC51x, IC51y, calldataload(add(pubSignals, 1600))) + + g1_mulAccC(_pVk, IC52x, IC52y, calldataload(add(pubSignals, 1632))) + + g1_mulAccC(_pVk, IC53x, IC53y, calldataload(add(pubSignals, 1664))) + + g1_mulAccC(_pVk, IC54x, IC54y, calldataload(add(pubSignals, 1696))) + + g1_mulAccC(_pVk, IC55x, IC55y, calldataload(add(pubSignals, 1728))) + // -A mstore(_pPairing, calldataload(pA)) @@ -411,6 +501,42 @@ contract Groth16Verifier_AnonEncNullifierKycBatch { checkField(calldataload(add(_pubSignals, 1184))) + checkField(calldataload(add(_pubSignals, 1216))) + + checkField(calldataload(add(_pubSignals, 1248))) + + checkField(calldataload(add(_pubSignals, 1280))) + + checkField(calldataload(add(_pubSignals, 1312))) + + checkField(calldataload(add(_pubSignals, 1344))) + + checkField(calldataload(add(_pubSignals, 1376))) + + checkField(calldataload(add(_pubSignals, 1408))) + + checkField(calldataload(add(_pubSignals, 1440))) + + checkField(calldataload(add(_pubSignals, 1472))) + + checkField(calldataload(add(_pubSignals, 1504))) + + checkField(calldataload(add(_pubSignals, 1536))) + + checkField(calldataload(add(_pubSignals, 1568))) + + checkField(calldataload(add(_pubSignals, 1600))) + + checkField(calldataload(add(_pubSignals, 1632))) + + checkField(calldataload(add(_pubSignals, 1664))) + + checkField(calldataload(add(_pubSignals, 1696))) + + checkField(calldataload(add(_pubSignals, 1728))) + + checkField(calldataload(add(_pubSignals, 1760))) + // Validate all evaluations let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem) diff --git a/solidity/contracts/lib/verifier_anon_enc_nullifier_non_repudiation.sol b/solidity/contracts/lib/verifier_anon_enc_nullifier_non_repudiation.sol index cab4aa5..674d560 100644 --- a/solidity/contracts/lib/verifier_anon_enc_nullifier_non_repudiation.sol +++ b/solidity/contracts/lib/verifier_anon_enc_nullifier_non_repudiation.sol @@ -43,98 +43,107 @@ contract Groth16Verifier_AnonEncNullifierNonRepudiation { uint256 constant deltay2 = 8495653923123431417604973247489272438418190587263600148770280649306958101930; - uint256 constant IC0x = 7150602979198858324531264522050588047187864437625863115811019715531635342988; - uint256 constant IC0y = 18679352390540645799385538354080686740567422609949222164932202910206044361948; + uint256 constant IC0x = 13357693122907037228152017576645355734121761212845151058677661103609163192132; + uint256 constant IC0y = 13330988885278369125767434338537639082919338469462771561109770926455996769780; - uint256 constant IC1x = 20223737820803182000349268235929514427158015173398419989210846794808922069321; - uint256 constant IC1y = 19667519192504952779059431068168374697689187072685801450130109271314785916816; + uint256 constant IC1x = 12508620784608380390196070593153977553849768584303191369350347694786774228903; + uint256 constant IC1y = 10497463660231940953738699560093225567814393547271993966494372800288076113838; - uint256 constant IC2x = 7218856416869576295091037655873055759382316689150166584580005310257749626402; - uint256 constant IC2y = 18250824158316410204270915259713657522920241651507178610002708235185510464683; + uint256 constant IC2x = 13358213132064408118763369803680465216756629096152358454643353054476790534; + uint256 constant IC2y = 9790361827332836718478767131585804431439300890195490311537005578986541483010; - uint256 constant IC3x = 10439404763847100272263651164703534229485312727099492374093433329301042860786; - uint256 constant IC3y = 11622072859931810063779349289989468302907213687444913890818865119671330403457; + uint256 constant IC3x = 11263096887435970836664030639381921541149000469179795739631740020273500583762; + uint256 constant IC3y = 18832878831913866337749700133052402021364972422929250752553120232017053832188; - uint256 constant IC4x = 3552958783616921573961765146209426612549096385286630602708070235513481501531; - uint256 constant IC4y = 7983004287008394591564704928605579735201397516705121349773346875253626793464; + uint256 constant IC4x = 8650173660622548339501740890775948467326563125469871933001838882801234078865; + uint256 constant IC4y = 10759885712046409911388806010481069590886057315469905475498658179072397221074; - uint256 constant IC5x = 7951915017279680503511105259632243418945970352099146353813397644881747832494; - uint256 constant IC5y = 15580187666685695375077645460858502959715552703766566567151236942633699459128; + uint256 constant IC5x = 3295412410302077166334358912280077543044124527280728553051328605050569416328; + uint256 constant IC5y = 17049453399693780313254529273986739520322108517619709180649214354472986470570; - uint256 constant IC6x = 3810270046381397249153853319380867614609141932721597496641486068943447688518; - uint256 constant IC6y = 1789454555200419624433391404653719772125697252632300424422488567482953480839; + uint256 constant IC6x = 12760717566528938207556281409639493742824102965038241868422088472886397881705; + uint256 constant IC6y = 5727694270117362054335093381846045971004329934011468049227701728188501414293; - uint256 constant IC7x = 16582813285159387606825357695015456733307275683978941475967473789385465564139; - uint256 constant IC7y = 3370584196021878105671518949045188232217596798052799318361611555383941238644; + uint256 constant IC7x = 12723277170340368996181883999061862932296128028814086233379699010714790157803; + uint256 constant IC7y = 15607664248618872066986748206455003464688091118493663837165373679303271618020; - uint256 constant IC8x = 6410335958983016577852137704582430672625504797739898593884922605316966411317; - uint256 constant IC8y = 3561862755304133383761205380693974589872824992821334084854993222686099463287; + uint256 constant IC8x = 16064173409510828580097158127999109660877176304290893887184870102987627587345; + uint256 constant IC8y = 7271726669102543421625318962122042361029332639092998786351706825402022983149; - uint256 constant IC9x = 141988548012661067741546583487301665549799271673511121018755490875713551541; - uint256 constant IC9y = 11381489344212088827476994843766826329038542391607626896308015896573859623397; + uint256 constant IC9x = 17868773711481907952191801046128922109639466718556606579429717630927232401150; + uint256 constant IC9y = 13426021423653145781149475638806424172443891179898547974414561873835013472273; - uint256 constant IC10x = 2400404699093079437844767864727773463595132175554480756228013854499052897743; - uint256 constant IC10y = 16641639829319720713179419428727890115364728294133162095260244114066308681409; + uint256 constant IC10x = 17231713394258993279280128626680971151901806250026905329830445951311024978649; + uint256 constant IC10y = 16362220893399236364987780855448702890941734166928744916454228037419247631859; - uint256 constant IC11x = 18819343891508230813261093280482339631274788730864531524665810946260398413656; - uint256 constant IC11y = 939232547935730618247481870142928145681722172369345232371161962470473621455; + uint256 constant IC11x = 16393437699418494278442854388319612745568802642878330160854040391387533400112; + uint256 constant IC11y = 13190069452272446793436396301020962811004079465757898954271497706698165528700; - uint256 constant IC12x = 19857900065761502826857489987079136225805396737807491159881256000358449239287; - uint256 constant IC12y = 14866158318731160894408347837912771366289709323081067853939131732571761322111; + uint256 constant IC12x = 7378753764477002577496984973794709537014547695465562205837932080193227331968; + uint256 constant IC12y = 14590455657777965484775453020094930760042823323462890204601760753586004282684; - uint256 constant IC13x = 654111863936885718257781142757347689010710641411633200860925542163991689666; - uint256 constant IC13y = 11276189838628957949004554103071438492770960919007402030163410690856320771850; + uint256 constant IC13x = 7997905266075296348375184091609158476322609729212752317911559367095944799223; + uint256 constant IC13y = 5745139122382514585485874184483029362402802135720894805094527346018931663747; - uint256 constant IC14x = 18969339244741250740753343010366495968956160496467373979506746525890248084164; - uint256 constant IC14y = 16274901896353030323013083904924198681645770552447391614076698136484842443636; + uint256 constant IC14x = 20169661212830681667121989012648338854355631560185391751223605196103160164011; + uint256 constant IC14y = 539780066201272709523495794614709990166877660139080643626983915026896119607; - uint256 constant IC15x = 5364945303376219658991823159374369520315533888650937587824150006805793367435; - uint256 constant IC15y = 15362324963834315062007218005904228090931585348452894617514266495515429954814; + uint256 constant IC15x = 8444655896238788895878628117268993903133580378477751962708257842437863740785; + uint256 constant IC15y = 14733855077207271591160962228017111069029157259271107029728347242748253125366; - uint256 constant IC16x = 7706652216614464307929318948621370806407028558413501412600554293234571043615; - uint256 constant IC16y = 4833155926438490231386220605163689437125897398884350656367983521056280632956; + uint256 constant IC16x = 6776365740560628275599288528214364007667844204832291628305205207440991363958; + uint256 constant IC16y = 10701762678011603715205160753666433247040031283169837460596997733566638035138; - uint256 constant IC17x = 1149166998309009330377390731594951819957167640308447230581596039029228635856; - uint256 constant IC17y = 17144496829204247748601976511350134750390256256716017203573337962163783928337; + uint256 constant IC17x = 20686935058199339354516949529825885235552968174904347091970372091458356050418; + uint256 constant IC17y = 2353883119734839433183501301793327525159037748688825810403810896910943236417; - uint256 constant IC18x = 9682269424428793097631391573982450090008352352784483866555904822950699832063; - uint256 constant IC18y = 7320838209204172545348024044818590112291242261458837363572039110259358463391; + uint256 constant IC18x = 10350893931145787572953344205303374116068374532338249687895170827700639749336; + uint256 constant IC18y = 14640813458603050243659774385299057516762787203076107453683687533882345081521; - uint256 constant IC19x = 1605487566693008705655072065911584353872368504749215742640417657776546622076; - uint256 constant IC19y = 2308043445104009725610511269022057743503782008796761536470885918528911939324; + uint256 constant IC19x = 19262254897475671623941666812023122929903981731944691423683488712448697081937; + uint256 constant IC19y = 18281492578904896322558724606234848271289139471406835707367843671116366444087; - uint256 constant IC20x = 2240609051444145211347356467283693175838292400028588894056540660459977622330; - uint256 constant IC20y = 1655940193015866774646205663901575824326740364428355076410141345515995005827; + uint256 constant IC20x = 124678580367106714324365512313981313186367450591290500393061028606175892723; + uint256 constant IC20y = 19622459168604563104848042405466516563770600657501108965523163775411098672757; - uint256 constant IC21x = 4853016079991973626530212093282440895734792373602971804488540915961627345640; - uint256 constant IC21y = 7414374958276543278011110955360778512607526840415566794056500103235098338046; + uint256 constant IC21x = 7958205631716894096124215035454651749998590123970961934398635953991688058318; + uint256 constant IC21y = 16567031668980761134299018248953094686118944235178042185849152200978184065876; - uint256 constant IC22x = 17185659180162348416125174675491441752772941877249583219738075242236758265273; - uint256 constant IC22y = 9370043102883086031548478743900979288817657004984653739334919382623844393263; + uint256 constant IC22x = 7147067657100593571638515910794468040722620253353965676612345848072450126796; + uint256 constant IC22y = 8323724847034448554879418517026785309068712740584276122197233489445879426431; - uint256 constant IC23x = 1586456447948676480094847981316788894535992294417175375639442973569813126062; - uint256 constant IC23y = 2424151834815363943272735355039654154632114257560884077218826838523761765895; + uint256 constant IC23x = 4475661955736946565036382810587106183520552266697138427686452731078117767736; + uint256 constant IC23y = 748082566430464216825026197955511509465126173616326433623980484101730257065; - uint256 constant IC24x = 16231165842198799919638181935933189812441001519682385504931669473701873751266; - uint256 constant IC24y = 17612049085973824664723374650586152547680864307435248820913416068867135991070; + uint256 constant IC24x = 18871094629535557959761172513178206026645275580390985276286511649250238153689; + uint256 constant IC24y = 3733404107218228733942648054164246626605647007073122795923180610554195384488; - uint256 constant IC25x = 7483158710251990522291145254248684609165926444128647658988098156057140409708; - uint256 constant IC25y = 1673962192351811413168005836076136338181422549980142181965437293503003409802; + uint256 constant IC25x = 2384341917215847801652641900530474605831147046585978262725620402385796765901; + uint256 constant IC25y = 1287779897102903993979483791221014755426631277038764827254149422137772335222; - uint256 constant IC26x = 2039664876281990730333439428242031929108223709931553554336538537301070725071; - uint256 constant IC26y = 14005074492108126348400685560436665000589249218363273187052286031208242682152; + uint256 constant IC26x = 15719716565017700920545871521869872133915063489073625817617400592054712067072; + uint256 constant IC26y = 17002113594755025448330507151173960578194214614717460071129326081566116414394; - uint256 constant IC27x = 5496301741656297227126500517214062125367112090119824717058375335361580584725; - uint256 constant IC27y = 13909185239757464535884774658879364364060378133383923006683376996195592981431; + uint256 constant IC27x = 6069617218858857906572692060956455933260615226814802013802199283144993419830; + uint256 constant IC27y = 14473506832002574954490482003760587485980065730322794298209159874969554193911; - uint256 constant IC28x = 3408743782650195676340178066737516111388313667630761738794006191813037817996; - uint256 constant IC28y = 5303551963048672301523729843825814073653383823758311162424233522116078262138; + uint256 constant IC28x = 2095872993541208595971848766255089085389698239862455369992367968040560542101; + uint256 constant IC28y = 4401957738071377442795776346853489896120525690607490420740185454723130517217; - uint256 constant IC29x = 4211252801454076822373001217403810729274630805294678301066236345126168784094; - uint256 constant IC29y = 8461944933834378462797492913096013822156422817717577384142109454005070578383; + uint256 constant IC29x = 7948782644008604365957640378662878722460387841213619643734690098279143596558; + uint256 constant IC29y = 14151027007218971202754362938797936052279026613643428871705306564386243582804; - uint256 constant IC30x = 415070733097326475913681601424674794998572314824594858080542203826311964945; - uint256 constant IC30y = 3336540749266077408699467353801385535951064172340925708089438425128638379875; + uint256 constant IC30x = 16055935718830733652525145369258352251162204565999270815122069851184919247791; + uint256 constant IC30y = 19977921078618552717906884259146829610529552736713600023585181237533888275450; + + uint256 constant IC31x = 1724644122707053931125669268159636051378467183669651442417045949735792435846; + uint256 constant IC31y = 3780427308194609121900455938646860005350278871116671233301051665551523150347; + + uint256 constant IC32x = 8043820203766420431969217152893413732635117572573736920587519044322309584347; + uint256 constant IC32y = 7641739641928705768386491515124236050049577395892226047572150942224894388223; + + uint256 constant IC33x = 1212239584949006580410344651147309255656379781955714183101293673886799379224; + uint256 constant IC33y = 7277339251039550149206299004468645563322367249804601268562416695922597671900; // Memory data @@ -143,7 +152,7 @@ contract Groth16Verifier_AnonEncNullifierNonRepudiation { uint16 constant pLastMem = 896; - function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[30] calldata _pubSignals) public view returns (bool) { + function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[33] calldata _pubSignals) public view returns (bool) { assembly { function checkField(v) { if iszero(lt(v, r)) { @@ -247,6 +256,12 @@ contract Groth16Verifier_AnonEncNullifierNonRepudiation { g1_mulAccC(_pVk, IC30x, IC30y, calldataload(add(pubSignals, 928))) + g1_mulAccC(_pVk, IC31x, IC31y, calldataload(add(pubSignals, 960))) + + g1_mulAccC(_pVk, IC32x, IC32y, calldataload(add(pubSignals, 992))) + + g1_mulAccC(_pVk, IC33x, IC33y, calldataload(add(pubSignals, 1024))) + // -A mstore(_pPairing, calldataload(pA)) @@ -362,6 +377,12 @@ contract Groth16Verifier_AnonEncNullifierNonRepudiation { checkField(calldataload(add(_pubSignals, 960))) + checkField(calldataload(add(_pubSignals, 992))) + + checkField(calldataload(add(_pubSignals, 1024))) + + checkField(calldataload(add(_pubSignals, 1056))) + // Validate all evaluations let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem) diff --git a/solidity/contracts/lib/verifier_anon_enc_nullifier_non_repudiation_batch.sol b/solidity/contracts/lib/verifier_anon_enc_nullifier_non_repudiation_batch.sol index 97c429e..9869d7f 100644 --- a/solidity/contracts/lib/verifier_anon_enc_nullifier_non_repudiation_batch.sol +++ b/solidity/contracts/lib/verifier_anon_enc_nullifier_non_repudiation_batch.sol @@ -43,314 +43,368 @@ contract Groth16Verifier_AnonEncNullifierNonRepudiationBatch { uint256 constant deltay2 = 8495653923123431417604973247489272438418190587263600148770280649306958101930; - uint256 constant IC0x = 4462440718767044134998162351966451562518066257960346710377069184713247719285; - uint256 constant IC0y = 4569752707050948599946597207280276287539329707858295488707483945649429752219; + uint256 constant IC0x = 7500535726679560657579283439937225600834190844886138210173985030451455825127; + uint256 constant IC0y = 19211173094810308874479540771713108816406079403971313989572690055722645083877; - uint256 constant IC1x = 15444985678636809312978594800523174081806733286376064553166174284965990139183; - uint256 constant IC1y = 15433744612719169811415194739223495951802871404441319181779987345899861341844; + uint256 constant IC1x = 16806344774942779306505877135056695979972584080776325374989648490702215091788; + uint256 constant IC1y = 13717852534241260147752477679415199499740910779435645828418374467800679660858; - uint256 constant IC2x = 9885990037414753377583491462853432028093686282965905887310871111746174146380; - uint256 constant IC2y = 20559621090064053286923137529065108649443916661380064235986881033473985498037; + uint256 constant IC2x = 1916139503704745689898523960297546340282030595985891097786214399443735136917; + uint256 constant IC2y = 12122404471421459930376373421371017459283777741639107186061873866664653486447; - uint256 constant IC3x = 15220266112866916329409503976568109087433925172545814071973149694002321739963; - uint256 constant IC3y = 9967028147547737060550357745757741357384433858664020146728346926570784983213; + uint256 constant IC3x = 8945226882505170846621830642118253540275806857825852371695491097772334231796; + uint256 constant IC3y = 1389636172342704194880391438762811545108381346908901092092717318384913908832; - uint256 constant IC4x = 21329947211706016683568942206967750269087916034352353170682885227754293170481; - uint256 constant IC4y = 18598611223760756746575538031357011297686509434289269381366033907229098220076; + uint256 constant IC4x = 4720000354007292185275041515476297017713751894951649840732039222933062765116; + uint256 constant IC4y = 8309818417196457976518803977124233410768792858397588812533806049028635450946; - uint256 constant IC5x = 6514122334235498249799999850630828523118746412876175037603777859661056194113; - uint256 constant IC5y = 7613641592052195772596513870294777261887749836185436293599101594590688831764; + uint256 constant IC5x = 7199104912090362163502951295934008886949479686422100263952248206164211485353; + uint256 constant IC5y = 16164449005147376477866173780305393298236981184699709322090554181593827679350; - uint256 constant IC6x = 6746606194181022767983976806013080529050278399390805600511506371718262635580; - uint256 constant IC6y = 5040900530838847143133329941371911710669409792156418239777488229389953818400; + uint256 constant IC6x = 2843912041877824320322393310006824854677121908412718870409497250717312679641; + uint256 constant IC6y = 7827715582861223894170300961094503992574657276861623990874852638266967896640; - uint256 constant IC7x = 16310252749266624170922178444895128571401957143728059112218900449972972021945; - uint256 constant IC7y = 19849405078170349616501907658417816640086069293900944359599337260725978612567; + uint256 constant IC7x = 9788197829849217864440989665539682204160479875809542892572343833501260255875; + uint256 constant IC7y = 5247569753791213588728317604116866569605781288314643612798847987978242262702; - uint256 constant IC8x = 12943035592697513054598143597066138028290758819564583428418427834613361895771; - uint256 constant IC8y = 17603815873244763036387162451789002048178806753191740409503763948085037340112; + uint256 constant IC8x = 19403614296896826743998907389148525012932729658278058752132347125377187794508; + uint256 constant IC8y = 51408059167637885618869915277185071933411987649931254551240199217265772473; - uint256 constant IC9x = 12904271190452756689460709035613620779998753026875639942268876213610218682758; - uint256 constant IC9y = 3412240378584514469154301902106616900474125795462889373052017372977004157425; + uint256 constant IC9x = 17898957347147717726551222139844907465409820999669398183757701831297622051364; + uint256 constant IC9y = 14606804311053587079091541104980170172419043649146045021354605179060328431614; - uint256 constant IC10x = 6331691481693568933183361080303344249163638849089168559069564832681362334724; - uint256 constant IC10y = 8408438512114059108704924659251298284430944217379780473759408521889262932134; + uint256 constant IC10x = 6238065553035971825111581642573915748187460674313041016860739176610996811287; + uint256 constant IC10y = 10751590147133361319427145411917033750868230773510804521928398020016242616278; - uint256 constant IC11x = 8041263062859819383030208297472141365592753021388417731220753939751969377673; - uint256 constant IC11y = 15906453673686024215193939771448924145012672899421766118859189664796191133751; + uint256 constant IC11x = 7342056090265083301770626449376875008245858021255267714744154729838971358548; + uint256 constant IC11y = 12063771229441878674400687905529977776458335378826498652935943121954810198909; - uint256 constant IC12x = 7215339494632317536574335410420512887140888961605922801690610674703936791690; - uint256 constant IC12y = 5270686168977103760944011889775790356727316296740640282588783046492617013757; + uint256 constant IC12x = 373524596084282635359130976258058593421536400057319175377893806123360396467; + uint256 constant IC12y = 14760670258604012914698381006051382694275220938579164835591747586399218816080; - uint256 constant IC13x = 3217265341412273322595135399781332967556551397197686878201114947206899054156; - uint256 constant IC13y = 7503102616401391535922628018582147279050323109558452732992780862830810951818; + uint256 constant IC13x = 4418236526774264570412986270922284322939568112401699654999793989825816069711; + uint256 constant IC13y = 12557078685359827252756688576225765305779748144404144960222828895872897383337; - uint256 constant IC14x = 21246857811876870925486466013559756448469407207868226507156573943584195736416; - uint256 constant IC14y = 2733600684692003494872043879919178019288831300666309740857197105148878418766; + uint256 constant IC14x = 21257485642209101440541262855049475786452634834647714540092892434266299426011; + uint256 constant IC14y = 18971897146012196950386564090753801629516833979407747406905450423529988474842; - uint256 constant IC15x = 20600577122988085366331314426352471330562718199855297539550267926322810640841; - uint256 constant IC15y = 16231929330271171876691408231412975041329685804795284908069818974298184549413; + uint256 constant IC15x = 16611243890640899140956062160503428811483680171417457952982245891497508999752; + uint256 constant IC15y = 2098357619974235417711388971755203696100694838741344705093631948513498230315; - uint256 constant IC16x = 3013516493834933880571265579483555886116657612754656330314477838378338957763; - uint256 constant IC16y = 4496376340543514378135122386308791454382914017654185722966748034632858780883; + uint256 constant IC16x = 4355590700036993009639420381936958601889921765819122718853640409809972719842; + uint256 constant IC16y = 15175463602073829667515214966415027094817288251345304171265812183665287504979; - uint256 constant IC17x = 14566715754086819820722811868524340109011579761633272047360433652167657911302; - uint256 constant IC17y = 5888712996271153651928451024341855957619655490208576862345200510559556697910; + uint256 constant IC17x = 3620493422748381691853120643516512372163420481937656511998695848026260320105; + uint256 constant IC17y = 1560848439972110289214389319917906019630412185841375012598626009666197413134; - uint256 constant IC18x = 4481146920828229318871654483669942380846673321468443130293564421234695733769; - uint256 constant IC18y = 20271157044718789134443586019092533529315594280339405708777284721610164653084; + uint256 constant IC18x = 4700274148367693232336831513076811485967114825117923276671705061219333681346; + uint256 constant IC18y = 8511274934316204889113881570640881830545481646152519241985180723413237682003; - uint256 constant IC19x = 12058758612490882679974363077579305208323053447875272297097120038018135913052; - uint256 constant IC19y = 15251484383604866864466202236981169528921776054941270557067166534203735798927; + uint256 constant IC19x = 10806720960072981669311367059548117404871246921816956597065725827341750476273; + uint256 constant IC19y = 21158531563976094327960067597282163184193348063369449379905304051936258801577; - uint256 constant IC20x = 14361789899910818132818801031990221222431521926232911846069754141800047412360; - uint256 constant IC20y = 3150377779097660373125294170878683323827601265329891132712370470232745767578; + uint256 constant IC20x = 13369217552722105292268334414614980598650220141525004260563926888539904272102; + uint256 constant IC20y = 10402746290939719898151331031171924883633465262768729580014215146825225005360; - uint256 constant IC21x = 19363025835995411733853977290476358325305107158384513584747918019127024228124; - uint256 constant IC21y = 18971551945271501522521473636649169684106226800265391745493927350489770667653; + uint256 constant IC21x = 2148697341810656611090754811248609047453259665955486969057737541337289271335; + uint256 constant IC21y = 21029346951026375384890347577694834697467345509708861998995709086074732476094; - uint256 constant IC22x = 19094123125018762499054135540373802123371844243522347851507632970534404969456; - uint256 constant IC22y = 16670188470952100839466765185789885210730956023356075788636114796410130484092; + uint256 constant IC22x = 1873710762427086841161676812964047827943676959997358463124181840860294888033; + uint256 constant IC22y = 14063422199669868332009175714038225820046889682804461668628059329477108292348; - uint256 constant IC23x = 18122032629347733938830121928377898437942771900957000944580840182850254686544; - uint256 constant IC23y = 5216591827501717404562544133936814946372134527719938477347011881553820377662; + uint256 constant IC23x = 4174585191479732244748267274242451644545245726408387398850177431048796399643; + uint256 constant IC23y = 14857834540533954748154708389725638016379871028032553609866901793768103884602; - uint256 constant IC24x = 20338962917949833865771215887219893815884228544407317459733265502406290301230; - uint256 constant IC24y = 18217754241610423349007139096743310765887097807831672993502649666085097852143; + uint256 constant IC24x = 6796031609956705157224738682377302362835652495661082431443390587382147903750; + uint256 constant IC24y = 14336948976066433616542400938618506901234134279659317590768587486919402107031; - uint256 constant IC25x = 20415938860422927750334419431682847419560950986736944577610364321907854090207; - uint256 constant IC25y = 1811706832137740078783015389752767524932208339888912260166095247754144082605; + uint256 constant IC25x = 7569242654658133936340747585660944931268333908847730848759100510663123267137; + uint256 constant IC25y = 12043917912298666797114070456260207561319168319534634208021831159643321726059; - uint256 constant IC26x = 4009615321508047815711260104064529330703213737451287105919871546750408469276; - uint256 constant IC26y = 18353785168680766219428431427679557273060790378919012461419940007988830704229; + uint256 constant IC26x = 13619060361062972609581242432309237149941978819573786182006070973866484468920; + uint256 constant IC26y = 1778130477177295522446099216627259081346814994736312261439848974747521227458; - uint256 constant IC27x = 9111725773120243221625374051231594321895925829959250777918988474111428552809; - uint256 constant IC27y = 8767914060970317701665738928409076785543974302457898585340147516686911169299; + uint256 constant IC27x = 14582113689584039845068369999361449891331987536406378300547852053673581029; + uint256 constant IC27y = 16832763731582757514382997029476363999693114653383529374694410294769460052383; - uint256 constant IC28x = 9843768039128456379484000470399826391786235218161014147193172378749485822345; - uint256 constant IC28y = 5942986358657480708744873333864211643806585484697708152331924831769550465700; + uint256 constant IC28x = 20377066698453791023458287151938239594019822715825684621307962449389756844134; + uint256 constant IC28y = 16465755203020873308129491161826944266505991660198930428873015090822479174784; - uint256 constant IC29x = 21775778568767886964628862364878941499703483357546030912029290600060115760142; - uint256 constant IC29y = 14929316967024371538821998281577672404071550473413718889357628563929361046156; + uint256 constant IC29x = 10649285923762964369917057077121812021322905224482857478876413238735450814741; + uint256 constant IC29y = 21838478583818641080552513759450480672872225316500909643197879891174334244480; - uint256 constant IC30x = 13927585571628534987997056150531190480940393397582513342264249485661286014978; - uint256 constant IC30y = 18232879627291556798959023849791585712917959449605097433654417997703384643144; + uint256 constant IC30x = 1109087950222036174110964951435020267015623808240978786202742146115607301252; + uint256 constant IC30y = 3956368720643646860873662735333036398111077399675206246003858808777289636523; - uint256 constant IC31x = 18717068744029556727791880077138509136276808456366864775434322758401574592031; - uint256 constant IC31y = 14289080330654706444332688360679772953527061236492671656041020814456080933241; + uint256 constant IC31x = 8576714559669613458031244045461780388504756597868108986456998548724842622108; + uint256 constant IC31y = 7554628788621180844451495770327316094075077073031327580352589337679635770615; - uint256 constant IC32x = 16538883082347184299127040695141316363634496860825578138296375998653495560797; - uint256 constant IC32y = 838870550326759636834239199515684239156603027830904458425034813850430718985; + uint256 constant IC32x = 14656288601547980865604379551755939987955283217202788809494960550239721723961; + uint256 constant IC32y = 766824508218622323270303545794833087659956781279339003477101911534417865401; - uint256 constant IC33x = 19009604105059969680889512086998975232417248905100216470638342724167877756963; - uint256 constant IC33y = 6887762894722810554303309191435986523098450884585415905948255411223686038312; + uint256 constant IC33x = 3459904603095154924525955846501957568183885356393506680886387462734961216955; + uint256 constant IC33y = 17873456474529882090525128657932218280379783373738156426415490148507484791067; - uint256 constant IC34x = 16531683071318864874894878077899797406696996911006270311201733386895839734603; - uint256 constant IC34y = 8666717519577217798093188521875192145777039694421065876796414865172120401375; + uint256 constant IC34x = 9035012563148792506674112927575972384967719337164495552803038431090164998740; + uint256 constant IC34y = 4037586603668609002888775095476102814791360218227745807288646292504171369100; - uint256 constant IC35x = 6177777554055783807993222014736847207883074977905725744563635107454847595529; - uint256 constant IC35y = 4263138318324315888046557447563161181503642778249092020567460303413399452760; + uint256 constant IC35x = 2534742475005281868379587149694067952094999056981068032551302208506146526423; + uint256 constant IC35y = 12198448301468055355461438008846593911353601311542048279255721945565940970207; - uint256 constant IC36x = 4205536387120632613819296547301273289162157974895928179450315436333715150332; - uint256 constant IC36y = 20312416997511154415477343858536574450102877883177957262921784717954324572426; + uint256 constant IC36x = 11466999399869027581046875767681368679523765162159961829970347155160983383231; + uint256 constant IC36y = 14728120015413070781150170877833390889423822037559991016631039438101774487919; - uint256 constant IC37x = 12942617918080900315903228453269136398127168902964184649535351245368329432965; - uint256 constant IC37y = 19157458222473093380136466829908207278488549984635155725898745872282753655398; + uint256 constant IC37x = 14835759801275157675907480432161847097460725054043111187563905311162324019430; + uint256 constant IC37y = 8988388090647974630407822941647019946719747267832272782429673153376589466814; - uint256 constant IC38x = 12797139682577877058905772870479578076694731322444268435625480538739066576084; - uint256 constant IC38y = 20727104588637013174769304334623997926735939407551079492066161364902539626657; + uint256 constant IC38x = 19421739123622636037107042245134453960742228305647845554383597537661588927895; + uint256 constant IC38y = 15467472060760822188681708808044964192537771977244749537433758734276827106628; - uint256 constant IC39x = 16193627270614812573290129156347962719805742569353052701817456772794934381276; - uint256 constant IC39y = 10942250866161132274428730958320192333701173304290140196956890358201765926569; + uint256 constant IC39x = 19935977093502482182548979789195578560052815028405674303797001570548802038596; + uint256 constant IC39y = 6697860062510891376067995893110174455273885199850742505480547347302022477498; - uint256 constant IC40x = 12971960018139257046178803998989010317968596739040721055352793253859131510352; - uint256 constant IC40y = 19283254125631514544373761191562602608074231373915387788984894295259121506408; + uint256 constant IC40x = 15051865976796661053263397603506515712114247323956425399832997166097654770443; + uint256 constant IC40y = 4374537910217073650207037753738132179051546680623524376507665074715923417591; - uint256 constant IC41x = 4973223975910783897813848245279259988338994201214380734138076226251147962275; - uint256 constant IC41y = 20308006563490699737057375027526499910953601577265600622293092320172949802335; + uint256 constant IC41x = 19519284504040054446464895665875936024808141082948559256582980298586121967707; + uint256 constant IC41y = 15524576017614709763277884123834010483645911571052474791111550307182002039636; - uint256 constant IC42x = 17030317867513821418791571886460926935054674465473331652069943110476185476933; - uint256 constant IC42y = 20572233136020505493971200425387951894248945385198937170069383285929957457043; + uint256 constant IC42x = 14169047558741639063601425825528076715949947143481266982651402145760147350689; + uint256 constant IC42y = 11558742126368384663450582571191769475879481207234747961491402187585809030470; - uint256 constant IC43x = 7692553451176703422505793001654611374627553094893150073088893053319586919972; - uint256 constant IC43y = 12753082405115929758469368345500564751358540682206343637633766733129482166950; + uint256 constant IC43x = 5332465408258819374942719388093284211386692103588469945571877659452411471386; + uint256 constant IC43y = 11791448676918952308531355096392441407206027582305795467804432822986119027841; - uint256 constant IC44x = 12870749622804530478159602007951060728771320326463469142136290512480053201004; - uint256 constant IC44y = 14895591827941652855814380755451320737860546253193499816608439236526809467098; + uint256 constant IC44x = 13654245885227724388345981493092939387342814421366386083474600115721432266110; + uint256 constant IC44y = 5926153516600145974422289517971898358230338127793469527296139364876247557809; - uint256 constant IC45x = 89196947066260254533869499130107799131613847960990725360446302663710649562; - uint256 constant IC45y = 407076608675591844134527309673272501547629118028165689413285461476628842228; + uint256 constant IC45x = 13122586510068074078517089731879725456926231046988356228510234941204925995123; + uint256 constant IC45y = 12265238617608818055780513496240282847481054743119517968342725204221544781395; - uint256 constant IC46x = 14763410266333218926868118079821358534475399613923338328605601243110555424754; - uint256 constant IC46y = 17599204885038240804241721503294011005635060311218576426371347302446614183376; + uint256 constant IC46x = 8274528848355054591127494508072722718775015760071421827286001206942790699627; + uint256 constant IC46y = 11760918715293784379775030235331164880488442709518502275057572199465619802512; - uint256 constant IC47x = 10118726747047738678104431085895810720035635051697291562288025077298088214733; - uint256 constant IC47y = 19322776357993901409655478160822770136901958925596664461964210451717594181232; + uint256 constant IC47x = 11014810329931619965158398213406539755713461092731556060274626281453164309453; + uint256 constant IC47y = 11189323295385306543102382083746863577222972902104073927551637506494263735304; - uint256 constant IC48x = 17433596912197488142536558811210087828544024952005985935923537263724296695715; - uint256 constant IC48y = 10563946409897498644381864090366712696299250976464889740911072749915084138898; + uint256 constant IC48x = 12712508501357267278007738155943294295381520642767904828279001501481377210137; + uint256 constant IC48y = 17390657672085029832700943318373589605086952772090592854174422868227906933189; - uint256 constant IC49x = 13437595226325828138834863780845764635828817268034607359176754616642326181698; - uint256 constant IC49y = 8377501808190853158752612250000097188008118650864377354654651658326636024296; + uint256 constant IC49x = 8158155995935964817361153687378978065370076724750970984753519237713084097159; + uint256 constant IC49y = 19266736062723091675062119238987388544788241591582139615448136563045829614240; - uint256 constant IC50x = 18380606598711703423374534752675429629825934246200986774111473072918584427127; - uint256 constant IC50y = 14232575728529611668428027475223047875946997946012917158798714777202094329503; + uint256 constant IC50x = 15410549079733825403614355166850298862378845312773047869183699867090402758863; + uint256 constant IC50y = 9877816272544274288412437194652539541179097142155557486048641274060651656591; - uint256 constant IC51x = 722367671757803999310885906594262002822084370153325403880129053184420701885; - uint256 constant IC51y = 16991411294824433258874180108296453730430695993836125555989956901768262080509; + uint256 constant IC51x = 6629359193266028942713148037067952584305855665204022883127978023750323831268; + uint256 constant IC51y = 3743333996498987146147511851654428972618998595385126367990230310572340500629; - uint256 constant IC52x = 13496020518115514933800937650955414355602397955693565400373440221057424537585; - uint256 constant IC52y = 21065909895058099897589334673787294003396134826786731888651936425421401478719; + uint256 constant IC52x = 2446799394890562122022807485261900456170147937657250725501128587449798855710; + uint256 constant IC52y = 10831859484895982751194550869698635827390557779676319197690946463294137328618; - uint256 constant IC53x = 19623439250443309619091947329218651409469889127936492083551551030014415896214; - uint256 constant IC53y = 2625205233558748178418480276522280268356341127041102822640388160424014599246; + uint256 constant IC53x = 2953017421033136924678624468094000234644427178548329162920389392863998759085; + uint256 constant IC53y = 12151966610918690555352831153083558428557423274041184410708279948918928705346; - uint256 constant IC54x = 18346431934989235235833835905032456484485923699641645879365705207333658419610; - uint256 constant IC54y = 517136907682197625978064556574394476141925443618454737065827648376316242433; + uint256 constant IC54x = 8087846746377924976756683832428720847449604039113382881446326776286671798092; + uint256 constant IC54y = 7288341319881659843454388651325310716760815463129377255327335842805776878538; - uint256 constant IC55x = 3138979905429106492828819779751961380852688942103014057270129945377102144728; - uint256 constant IC55y = 4903465287653415944608220202728816459875049299077299191348062489631432289882; + uint256 constant IC55x = 13495987578579953277693326877949946772289507309011987627192310070351649046086; + uint256 constant IC55y = 7257346467449388144285371430101261259094193268967793660847530786322202968488; - uint256 constant IC56x = 3818666132496281252885342231969340100538892736272659098800199156423224696365; - uint256 constant IC56y = 16725255918872290527175982515440134508971630677817020227810816026732210759797; + uint256 constant IC56x = 17882197460124432060375387452223327434223221532213854429635214900516730297105; + uint256 constant IC56y = 6486140274455554609854267434998295186554345558025259611641091796618857591723; - uint256 constant IC57x = 15849945242555071680578608251305533796240075167241767933635389762711709136304; - uint256 constant IC57y = 19623688497762019513766109452410765776236408137598055032664841343031733872901; + uint256 constant IC57x = 18060644639329423390591461587690627453025007935899201493524474530222059353030; + uint256 constant IC57y = 13331379512282481166141130709457502487055532990062095012747890797220941533968; - uint256 constant IC58x = 15716627876476566418700698390911198187392470943729864252876805318847758555152; - uint256 constant IC58y = 21542720348956544826709230687050296321659755973899277940138213870535244729164; + uint256 constant IC58x = 7914303066558602668246205079409149593886974851237356057887630180998379164277; + uint256 constant IC58y = 11742715327474005618857155356669397308978829791791801695448436577436933235563; - uint256 constant IC59x = 21693658306551142818774093970554285626530270967824079536598117886288628593146; - uint256 constant IC59y = 924528975935198499881293343023992285582826421462419983235368422315682295343; + uint256 constant IC59x = 1737662495855912582360511320492416702002273998205249649984716218202390020969; + uint256 constant IC59y = 13418655392892450015136808325300261057784239425009576317224157000889828830049; - uint256 constant IC60x = 2378988107331033347460850151679461477793580217621829504536004163397015104074; - uint256 constant IC60y = 12839955041049287886502233201322183004427713008073313732274669695946418614228; + uint256 constant IC60x = 4834422649135352874647627764686462565699225845013283365686026069560501198404; + uint256 constant IC60y = 4757667430779664999587739264920467575683653864526511048906660419706636070768; - uint256 constant IC61x = 21832468341560924658936327710153414558584780085683422694779457426165847177089; - uint256 constant IC61y = 117312274264272090414958277926262025708715360017579806546714831556964057144; + uint256 constant IC61x = 2920992638216104155183967668094147376293386967008321931600826085803708308220; + uint256 constant IC61y = 8159758823941053250084307519757092527074157608929172237335408640809991962406; - uint256 constant IC62x = 3018238629968161579494804425259779540781422065436598113149379387035094736680; - uint256 constant IC62y = 8568458668401807393362413596709511290191073330862014248063413032803554773399; + uint256 constant IC62x = 20380022125089941982267545484277155711076109862266912429930748936390059655152; + uint256 constant IC62y = 470391815478528058241672409830369680813994569512149884965930095110810108984; - uint256 constant IC63x = 1282793573958458968971927933094471206080893678228175350336079122446958404776; - uint256 constant IC63y = 12498603528174334143768096584632542894223916853926331868937535155229078638823; + uint256 constant IC63x = 9425423724664098580536380897211772535118081412568624282696997277553286852839; + uint256 constant IC63y = 18102359130326432892074145491902162032784316084473839231833731864967644198318; - uint256 constant IC64x = 9617959971065461584955469690391462382117093995070687589510083232925219095129; - uint256 constant IC64y = 11018863524303246149442260755881908287922941691112564596126416087093604345628; + uint256 constant IC64x = 19500196743361397753441818011714661509028744136815029186609130185239906324695; + uint256 constant IC64y = 9166656329872966963508555901927598186094898417497111469308350422460271423546; - uint256 constant IC65x = 18494675724266065932303746924977017396929113474307371806359401523788727941102; - uint256 constant IC65y = 16097535133295928634162162517780143088230159419521341109791303759244723908021; + uint256 constant IC65x = 20508058021512460837118488786527087294694585061411301455950394061961904702904; + uint256 constant IC65y = 2578223733619336602943413450000425637548745859092326016651608266335574960494; - uint256 constant IC66x = 3415083099541466355922472786777524696440486815659826538362856059090168466055; - uint256 constant IC66y = 21843737062657972494870832477594000579903382696442884201323513267380462660556; + uint256 constant IC66x = 1071601579509139236412649336777516383083729411833025363285901187846951705514; + uint256 constant IC66y = 643778404700341783686316894071179800417687549225861429866927932290907352872; - uint256 constant IC67x = 4627469073003492692081267340370476560059598725588643453272534146391992363677; - uint256 constant IC67y = 3394839797037366879180540434526009043184480393900353544974252557966593979511; + uint256 constant IC67x = 21046686905022938762343110658685000333114003074832743789460482970929684291941; + uint256 constant IC67y = 16589695516620085044284865294304818658032377472492495403321572602644696285496; - uint256 constant IC68x = 16855117520614012750593394661559522115224312772742007753023953667480926227578; - uint256 constant IC68y = 17816700617479284171736370741327140530451913327152676849112278920461098914234; + uint256 constant IC68x = 15402727245438872470337281580419854325509021235549558441579332069237738542206; + uint256 constant IC68y = 12100658949812311807290740424830315786611473991678642131357227195466793178654; - uint256 constant IC69x = 3512208942781784738441229046544557918978151298191395832170296860208887519468; - uint256 constant IC69y = 2505225700037331828802591636773326790452866581901318024097244918874744068789; + uint256 constant IC69x = 5984396963935932069475014455874483850975993839370888235950954254263981029541; + uint256 constant IC69y = 8658244321663354058517608860644685738312456985966813850314182794608726926497; - uint256 constant IC70x = 11811112894872754299085263479604560501590590478241268189245643688628440648683; - uint256 constant IC70y = 18546962230916329328755427039622326464268028514850216640604830927968030769941; + uint256 constant IC70x = 13180402081920922842736886190093953231655326874611201456251342171630489279461; + uint256 constant IC70y = 18649658464519580163906798382923586107997731125760988378673369846514909161404; - uint256 constant IC71x = 17329412769385041011755512074931622014464544007921945629255020213102531435089; - uint256 constant IC71y = 8532056905413803097496014769465279358661845164966338552710370018656926026144; + uint256 constant IC71x = 11465613760655638455032324012041259936429065923953367597967854901531079869526; + uint256 constant IC71y = 1997868257671766278420414611308456329672567091454229700216047315765806631304; - uint256 constant IC72x = 12499852871185561422253376167019799648735207172681464009840294461239195188222; - uint256 constant IC72y = 20319333061740917925764368843994465380456164024362416598740064213349463358219; + uint256 constant IC72x = 17918109650394143090398200709147906843621449700067572334426785791214583511049; + uint256 constant IC72y = 5785087180604996996878479591688410688146103334006142651020815231268891900773; - uint256 constant IC73x = 13611836739262056798799919892708716022648332399944377961590069121334082918207; - uint256 constant IC73y = 1840281673669819140440191639717881323130098454217953330681420681771305528256; + uint256 constant IC73x = 736201990241690106987067004600088863457141457573681072149394616967572755929; + uint256 constant IC73y = 12537157162826621549086349254200249982552713002993943503127638231722978596924; - uint256 constant IC74x = 3080059060826164654915928266386228070871170799938996404113716331864067144292; - uint256 constant IC74y = 12503063943054595204075468765331127452619970579940584908913636468482392270520; + uint256 constant IC74x = 15785103340068683842513248354657964422095017416519973953965247557166746383423; + uint256 constant IC74y = 16150924406755343335896132050034914767928045988689480710519873684676576185028; - uint256 constant IC75x = 16433923389361333775927126833800818558680612925507786003170775000710001722305; - uint256 constant IC75y = 10503596066126211820217060014066415391057376892373743702389353058655984064889; + uint256 constant IC75x = 6404840253907413983145416199309477113029419362177186012992462488423921389989; + uint256 constant IC75y = 8735341945865532036256299477233956095055876095997087464613556071915976571146; - uint256 constant IC76x = 15065785319856470226961945722003203551387687174246998508091850983372092860681; - uint256 constant IC76y = 17896225228571809315986423739118202445046664678781781514879686360269381776743; + uint256 constant IC76x = 8724267365230902347229847202108650737209726005308343958546017169716303363251; + uint256 constant IC76y = 17777512362101876439834872855511544013815307612344519390875215243966466686025; - uint256 constant IC77x = 6870507339911801179138872152150615339958013992518264372631788950671523537614; - uint256 constant IC77y = 18037987737220811416285453912965586061676687691975309793517013459422037469273; + uint256 constant IC77x = 8918814611902546518920187003392494979454174182643529331409094384218166231650; + uint256 constant IC77y = 18184712480067856273523502143963922366841367703802154356706668556258107456291; - uint256 constant IC78x = 11822997279102317026991317765680191121052478599918882398078859661358268572609; - uint256 constant IC78y = 9534844203451570681341326976899711845339261467471924061990479104987248699193; + uint256 constant IC78x = 9421173889055624068250468682319042736523104237111924853383033602305643651409; + uint256 constant IC78y = 17076225282910336421003758619520963376827046792873380653814378558509545536194; - uint256 constant IC79x = 814895131247362788031531982991074036243262345850417573362708717291604432861; - uint256 constant IC79y = 21119163236943748654854615264754138892357106429981990456746055653318414462289; + uint256 constant IC79x = 17827953591197465637068392424066919197785406468317003450376104975572451412752; + uint256 constant IC79y = 19758205883431149738033761058476595044973262048294152716378750980720592832264; - uint256 constant IC80x = 20977523352094306502640039044972336388464193873230419392339943532501600182549; - uint256 constant IC80y = 6946114395405271880485956008591194883884526407256410182099924261288084717296; + uint256 constant IC80x = 5877455143230750188145901369572724485485689221369018527546722077858039568378; + uint256 constant IC80y = 20547529821963006488317098177150986788254986979627053843788623333737172069898; - uint256 constant IC81x = 7761194069996716601950630741239994979663258841042742617860461241304593607995; - uint256 constant IC81y = 6797191380097140836268094911544893630353880091765474528227264913999543456188; + uint256 constant IC81x = 4980820155167635856488138968291416906237146248404772197352963295674430339670; + uint256 constant IC81y = 18701181065695552777076243336927915570742707349896197585530631698642256643422; - uint256 constant IC82x = 5000779558587306016002634421106764294422377396987971375779683765476680617367; - uint256 constant IC82y = 2847606885305153491337801029460483228469102266671889774030818592958554461000; + uint256 constant IC82x = 16777939488041114754768545674514709721185376316115997064200051282595721559173; + uint256 constant IC82y = 5939768806357633468561973089882202212779962921089081983016988372615989543242; - uint256 constant IC83x = 2751416486345290827256675548931184221845108475099448535337243712621306648334; - uint256 constant IC83y = 13178855505750200729609370638681050600585376172418107165516640570458326734329; + uint256 constant IC83x = 14796363017577142791220641668352160568683008269771782264758229033250072319628; + uint256 constant IC83y = 14600699583086517418061957134181365606986549922649060599373995683203928018438; - uint256 constant IC84x = 2231240240887990908791102754456950032619892746141888228754833711047565335291; - uint256 constant IC84y = 8186246799537450893888429295287350584243812961324933766087162379650650478146; + uint256 constant IC84x = 7903707117829484574409231745320520376775440889841126591886418591988650340645; + uint256 constant IC84y = 14392470618957976023051290670419524135641225612724566454081135462717269912207; - uint256 constant IC85x = 6763520269685728106480261588448536867109810505037764388066571118455009345663; - uint256 constant IC85y = 13992198566440164726742004323044186581843713357791293320583243615794358038697; + uint256 constant IC85x = 7040254646516169238176084030015013167692487701232513069536956450947996030379; + uint256 constant IC85y = 8344217891222417433515293421374060610622682714177382471358588153225451407752; - uint256 constant IC86x = 15119414408862590555871972886368557114099256030532542417814685037330684720768; - uint256 constant IC86y = 12651960976713863505082588076208802297943780899939898803346701374131052398909; + uint256 constant IC86x = 5937292643151495064112317366294053602775514009276861609583272956389590265518; + uint256 constant IC86y = 1667993821256079901229637548974554662929109034226271574914376494716722176625; - uint256 constant IC87x = 21408174621836638638819070586317447414399450694528139169612961883475232668246; - uint256 constant IC87y = 8578504868019990506679317007240468112720944674191565915486280347133203190720; + uint256 constant IC87x = 10429545704286591237503711116064846275257778264471187604753484534805146304406; + uint256 constant IC87y = 16809620886550722377592042848589246446559282211323461249142902747003154770550; - uint256 constant IC88x = 2782647542257934843851469693770665300487229167835685576077113843718087959867; - uint256 constant IC88y = 8867931823375641744668523057812106126349767332031839302450573191270189134171; + uint256 constant IC88x = 3855121632148124520024006603503851007303555175973870246013190185424275036884; + uint256 constant IC88y = 9999821343476899711639206159041995757833047189164312873277142359741350548524; - uint256 constant IC89x = 11081787434921178311521055933193567788981208429171218116392059771404415915928; - uint256 constant IC89y = 13788691199354900700437740369989382948494894015767885728090020000181419577173; + uint256 constant IC89x = 9406573531866980696091650555832533670257258889697579436673721246944489813161; + uint256 constant IC89y = 2995301525705710804516618281453063310646626808047888632169285966532787483816; - uint256 constant IC90x = 20412142355431119883654327361709186157969186949695197008618502840030428727513; - uint256 constant IC90y = 2637978714522201963297964679788704513672820014439747969926130681129386713861; + uint256 constant IC90x = 1526457548771184118859192752374469540237852714417643375364529068991571728824; + uint256 constant IC90y = 20322188999985982433213531153742375410479264418221090198365532243908587434326; - uint256 constant IC91x = 16239438031981465694184986627702858819230905991973519513613416477752335486284; - uint256 constant IC91y = 586067010227246804824172701580729134690358529668454744500238895375711939871; + uint256 constant IC91x = 3647145737859818823186946652451283687702129427645865082018890413183344701091; + uint256 constant IC91y = 7819570647789419112121104220074887639917070518824958166839036978493127740892; - uint256 constant IC92x = 6929626034770046196919926728056089724077903835689930035058009754021646837317; - uint256 constant IC92y = 14007720231836246873596106523297514407552613621031343551101023830932032505831; + uint256 constant IC92x = 1974959570150660280056827747341994528565992841758006521675207473433735955848; + uint256 constant IC92y = 21006636613984238277559183702894457139320631222645359136557640302488911243945; - uint256 constant IC93x = 16191063119243167501349773152042552977077071420162570551428089527910135791691; - uint256 constant IC93y = 2984063520247837772995081663217075179586748361247613654084564271711901631617; + uint256 constant IC93x = 3335546558418017109432168296043479711076786715915291707849840571166448680717; + uint256 constant IC93y = 15457404158417127280242556946917664267314355206231923461676831217126476725537; - uint256 constant IC94x = 1805678180711203997152780674041106704122361139443780127259289188160052960798; - uint256 constant IC94y = 15270845587733837292535075619741580576161184393824166722506351632755753865314; + uint256 constant IC94x = 21441171890803415112590743754336383724436140530077210167567372102065803298084; + uint256 constant IC94y = 15051654224966300966100369372810644938086280718983170638538542893794943673495; - uint256 constant IC95x = 3030851989242786878227015219826255264454396167798762189510444533025354203347; - uint256 constant IC95y = 16780636433243520227559677544450077156636715628577721858217260980176889413252; + uint256 constant IC95x = 904738135681670190617377831792546580612791936292381085800842878532135505927; + uint256 constant IC95y = 6810010775466597235605200839456323606371118774128866957554172174037252045485; - uint256 constant IC96x = 4997143430537083890383903744684245387767882305763508413837134908583524834001; - uint256 constant IC96y = 8464708169272634602912508283222037851304014468407864911550343690773336631317; + uint256 constant IC96x = 12378672532176880399179863916468913697757231729062916629030598871088671023717; + uint256 constant IC96y = 20098346558210018384886078536904272236032468181896137221453087052203307445892; - uint256 constant IC97x = 19449990402403926111015018329109064212719623759776180438013078952765416102804; - uint256 constant IC97y = 21012811006445063812663363396478099871012832817952978452182474412706339501325; + uint256 constant IC97x = 14126725259373963085833115402251987636083846580379370010321611053960982580197; + uint256 constant IC97y = 8861293133079280696383738053273123495504319603270485677836319874673972340741; - uint256 constant IC98x = 21410072561093014667243485477372681620347269649123295559095808164172911680365; - uint256 constant IC98y = 19048135683243837600048166328392524449612017127669778956891490700257195759044; + uint256 constant IC98x = 2779458784793250007636797371297106252345927312270015027009754037825546332040; + uint256 constant IC98y = 6382781516595596976789302946518420311632218283496249973336315992533865353499; - uint256 constant IC99x = 21807812488351239382456202149286344533518638925893692239226566402570030214620; - uint256 constant IC99y = 3629742897674077941851845853759045237433919524958880146116523921237166952508; + uint256 constant IC99x = 12020089154866213694886153183892256324563831725367557661773856911992435489223; + uint256 constant IC99y = 10539389055710673989774401671358672778776773383822655042303695446739250113568; - uint256 constant IC100x = 12427392476134497199132588563614579041639492579857449719794721285072670141886; - uint256 constant IC100y = 12371491225153780473943451544387687913512052832901359322741447080589728901639; + uint256 constant IC100x = 1541217357497749664630897344587304428219166612596999401181554817809595193037; + uint256 constant IC100y = 1097705315439307635001054134068893470549566691614527573241133227650398108706; - uint256 constant IC101x = 18443769813381837683086382929315220708416867094711673553986325183433940633782; - uint256 constant IC101y = 13338795090806453026229937430211181391630005899559855875683874904665077837972; + uint256 constant IC101x = 6924110088498046602982308167134133247344479690753907917086285028639996233588; + uint256 constant IC101y = 16592419187624283608496871565561693292923055390111494702590350464797911661390; - uint256 constant IC102x = 7574561200290261962423462434572163854621504572881617953107242661231763189666; - uint256 constant IC102y = 21866390679404529040744442684466099062367291297634322269244096831308344158789; + uint256 constant IC102x = 14932644092780567752595039674791582086146773837645564841325716111844162761264; + uint256 constant IC102y = 14054900461629673933793648127738805887431229404561600987677415365748211518346; + + uint256 constant IC103x = 21826829410184219425839758804275334693402242173351536315267229912359886610244; + uint256 constant IC103y = 13145247716512585016535403539623870656705505496302557231425567395284656174722; + + uint256 constant IC104x = 10723865532425252680822060295606975447785125920481417815144738067876106730958; + uint256 constant IC104y = 2750060412378528512577424517240805942396359085759338556589546221101062077366; + + uint256 constant IC105x = 13610479009495437335054156071592856091793553643856975168470544018067268382616; + uint256 constant IC105y = 5028480654630813391642834424074823337367863167323445900517774159378904611046; + + uint256 constant IC106x = 8959960947101181609929281882023411146543404908305682511969412722987403935244; + uint256 constant IC106y = 17037840716498058589865158148300926307629497039776820539424257599747813331825; + + uint256 constant IC107x = 3329946637562309018196253174483297743601321674428654693366091368185353418522; + uint256 constant IC107y = 20309461139797568927934774754657461672289961695874069337325221805890193148325; + + uint256 constant IC108x = 21577763683655929280456425529518529321926379101126163313514585836300198072883; + uint256 constant IC108y = 5476543500179140115023201502972107116336322511138291020260500310257209370084; + + uint256 constant IC109x = 20879417355885501023056776335954343977316914269670342899109262163784954610784; + uint256 constant IC109y = 7790465984785624865275709254138747779403603809154540066422090152714795953712; + + uint256 constant IC110x = 10557397239732988433654681269152879173600930019783367956573509681134457260086; + uint256 constant IC110y = 7760747882631581374951580418424188763749299740883466036564477990785808278328; + + uint256 constant IC111x = 18962979274573620241177899735421077206942165151980971157684600404371127947884; + uint256 constant IC111y = 11142278777830464346481917178613961960044247071174132381659353660719810821830; + + uint256 constant IC112x = 18891312112007878933891062369102830538664709181035663177465029203528273667154; + uint256 constant IC112y = 5564943993235366369184329626770514678860068350805886001507419654572046760366; + + uint256 constant IC113x = 20501391928161541047382080445731840991833860209032196150370454452982172727784; + uint256 constant IC113y = 1207148501022258147436761504410975875343607921399296901409233799477104107651; + + uint256 constant IC114x = 17449749498261985599386064163600842115651335494726639189966941953754641382504; + uint256 constant IC114y = 9640065465839134209644253399286219771227236184332577630199068058361560772286; + + uint256 constant IC115x = 16769669983681282562871860837400140314125866994699474615399676301888014220432; + uint256 constant IC115y = 3455672321968490307111155866069820382335223916916296430573383128146984877194; + + uint256 constant IC116x = 5825437435828009010970802796811824674875997475735353556089845861417246271396; + uint256 constant IC116y = 3863895669944585830686800190438236202353815776017372741294015563475133037794; + + uint256 constant IC117x = 15887302858133980561256600445148855988791677156721478505479844704907715953945; + uint256 constant IC117y = 14864003316951019654081870944034384171499262900596502976368490439531594106016; + + uint256 constant IC118x = 13323805276305597321424783160890342818248361487605892420745100352081621727431; + uint256 constant IC118y = 19266628193531456317076591986961861635710997442851400667066787849204723280505; + + uint256 constant IC119x = 1328308549643118846463693088427234362874488580638550564357277553774477010791; + uint256 constant IC119y = 7968099729757825375814311903873299078493699569227171322917885132937350997706; + + uint256 constant IC120x = 1556864282486119668149963214488257821693266783207387782817897342258032047205; + uint256 constant IC120y = 345066057082474708144324052630651363347247004656128520678101294107524804087; // Memory data @@ -359,7 +413,7 @@ contract Groth16Verifier_AnonEncNullifierNonRepudiationBatch { uint16 constant pLastMem = 896; - function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[102] calldata _pubSignals) public view returns (bool) { + function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[120] calldata _pubSignals) public view returns (bool) { assembly { function checkField(v) { if iszero(lt(v, r)) { @@ -607,6 +661,42 @@ contract Groth16Verifier_AnonEncNullifierNonRepudiationBatch { g1_mulAccC(_pVk, IC102x, IC102y, calldataload(add(pubSignals, 3232))) + g1_mulAccC(_pVk, IC103x, IC103y, calldataload(add(pubSignals, 3264))) + + g1_mulAccC(_pVk, IC104x, IC104y, calldataload(add(pubSignals, 3296))) + + g1_mulAccC(_pVk, IC105x, IC105y, calldataload(add(pubSignals, 3328))) + + g1_mulAccC(_pVk, IC106x, IC106y, calldataload(add(pubSignals, 3360))) + + g1_mulAccC(_pVk, IC107x, IC107y, calldataload(add(pubSignals, 3392))) + + g1_mulAccC(_pVk, IC108x, IC108y, calldataload(add(pubSignals, 3424))) + + g1_mulAccC(_pVk, IC109x, IC109y, calldataload(add(pubSignals, 3456))) + + g1_mulAccC(_pVk, IC110x, IC110y, calldataload(add(pubSignals, 3488))) + + g1_mulAccC(_pVk, IC111x, IC111y, calldataload(add(pubSignals, 3520))) + + g1_mulAccC(_pVk, IC112x, IC112y, calldataload(add(pubSignals, 3552))) + + g1_mulAccC(_pVk, IC113x, IC113y, calldataload(add(pubSignals, 3584))) + + g1_mulAccC(_pVk, IC114x, IC114y, calldataload(add(pubSignals, 3616))) + + g1_mulAccC(_pVk, IC115x, IC115y, calldataload(add(pubSignals, 3648))) + + g1_mulAccC(_pVk, IC116x, IC116y, calldataload(add(pubSignals, 3680))) + + g1_mulAccC(_pVk, IC117x, IC117y, calldataload(add(pubSignals, 3712))) + + g1_mulAccC(_pVk, IC118x, IC118y, calldataload(add(pubSignals, 3744))) + + g1_mulAccC(_pVk, IC119x, IC119y, calldataload(add(pubSignals, 3776))) + + g1_mulAccC(_pVk, IC120x, IC120y, calldataload(add(pubSignals, 3808))) + // -A mstore(_pPairing, calldataload(pA)) @@ -866,6 +956,42 @@ contract Groth16Verifier_AnonEncNullifierNonRepudiationBatch { checkField(calldataload(add(_pubSignals, 3264))) + checkField(calldataload(add(_pubSignals, 3296))) + + checkField(calldataload(add(_pubSignals, 3328))) + + checkField(calldataload(add(_pubSignals, 3360))) + + checkField(calldataload(add(_pubSignals, 3392))) + + checkField(calldataload(add(_pubSignals, 3424))) + + checkField(calldataload(add(_pubSignals, 3456))) + + checkField(calldataload(add(_pubSignals, 3488))) + + checkField(calldataload(add(_pubSignals, 3520))) + + checkField(calldataload(add(_pubSignals, 3552))) + + checkField(calldataload(add(_pubSignals, 3584))) + + checkField(calldataload(add(_pubSignals, 3616))) + + checkField(calldataload(add(_pubSignals, 3648))) + + checkField(calldataload(add(_pubSignals, 3680))) + + checkField(calldataload(add(_pubSignals, 3712))) + + checkField(calldataload(add(_pubSignals, 3744))) + + checkField(calldataload(add(_pubSignals, 3776))) + + checkField(calldataload(add(_pubSignals, 3808))) + + checkField(calldataload(add(_pubSignals, 3840))) + // Validate all evaluations let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem) diff --git a/solidity/contracts/zeto_anon_enc.sol b/solidity/contracts/zeto_anon_enc.sol index 0a62806..23b4c72 100644 --- a/solidity/contracts/zeto_anon_enc.sol +++ b/solidity/contracts/zeto_anon_enc.sol @@ -77,7 +77,7 @@ contract Zeto_AnonEnc is uint256[] memory inputs, uint256[] memory outputs, uint256 encryptionNonce, - uint256[4] memory encryptedValues, + uint256[] memory encryptedValues, Commonlib.Proof calldata proof, bytes calldata data ) public returns (bool) { @@ -90,7 +90,7 @@ contract Zeto_AnonEnc is if (inputs.length > 2) { // construct the public inputs - uint256[25] memory publicInputs; + uint256[43] memory publicInputs; uint256 piIndex = 0; // copy the encrypted value, salt and parity bit for (uint256 i = 0; i < encryptedValues.length; ++i) { @@ -121,7 +121,7 @@ contract Zeto_AnonEnc is ); } else { // construct the public inputs - uint256[9] memory publicInputs; + uint256[12] memory publicInputs; uint256 piIndex = 0; // copy the encrypted value, salt and parity bit for (uint256 i = 0; i < encryptedValues.length; ++i) { diff --git a/solidity/contracts/zeto_anon_enc_nullifier.sol b/solidity/contracts/zeto_anon_enc_nullifier.sol index 3cc8f23..9a26362 100644 --- a/solidity/contracts/zeto_anon_enc_nullifier.sol +++ b/solidity/contracts/zeto_anon_enc_nullifier.sol @@ -83,7 +83,7 @@ contract Zeto_AnonEncNullifier is uint256[] memory outputs, uint256 root, uint256 encryptionNonce, - uint256[4] memory encryptedValues, + uint256[] memory encryptedValues, Commonlib.Proof calldata proof, bytes calldata data ) public returns (bool) { @@ -99,7 +99,7 @@ contract Zeto_AnonEncNullifier is ); if (nullifiers.length > 2) { // construct the public inputs - uint256[36] memory publicInputs; + uint256[54] memory publicInputs; uint256 piIndex = 0; // copy the encrypted value, salt and parity bit for (uint256 i = 0; i < encryptedValues.length; ++i) { @@ -138,7 +138,7 @@ contract Zeto_AnonEncNullifier is ); } else { // construct the public inputs - uint256[12] memory publicInputs; + uint256[15] memory publicInputs; uint256 piIndex = 0; // copy the encrypted value, salt and parity bit for (uint256 i = 0; i < encryptedValues.length; ++i) { diff --git a/solidity/contracts/zeto_anon_enc_nullifier_kyc.sol b/solidity/contracts/zeto_anon_enc_nullifier_kyc.sol index 8f97830..4fdc2f4 100644 --- a/solidity/contracts/zeto_anon_enc_nullifier_kyc.sol +++ b/solidity/contracts/zeto_anon_enc_nullifier_kyc.sol @@ -88,7 +88,7 @@ contract Zeto_AnonEncNullifierKyc is uint256[] memory outputs, uint256 root, uint256 encryptionNonce, - uint256[4] memory encryptedValues, + uint256[] memory encryptedValues, Commonlib.Proof calldata proof, bytes calldata data ) public returns (bool) { @@ -104,7 +104,7 @@ contract Zeto_AnonEncNullifierKyc is ); if (nullifiers.length > 2) { // construct the public inputs - uint256[37] memory publicInputs; + uint256[55] memory publicInputs; uint256 piIndex = 0; // copy the encrypted value, salt and parity bit for (uint256 i = 0; i < encryptedValues.length; ++i) { @@ -145,7 +145,7 @@ contract Zeto_AnonEncNullifierKyc is ); } else { // construct the public inputs - uint256[13] memory publicInputs; + uint256[16] memory publicInputs; uint256 piIndex = 0; // copy the encrypted value, salt and parity bit for (uint256 i = 0; i < encryptedValues.length; ++i) { diff --git a/solidity/contracts/zeto_anon_enc_nullifier_non_repudiation.sol b/solidity/contracts/zeto_anon_enc_nullifier_non_repudiation.sol index 11c79a4..c2081c1 100644 --- a/solidity/contracts/zeto_anon_enc_nullifier_non_repudiation.sol +++ b/solidity/contracts/zeto_anon_enc_nullifier_non_repudiation.sol @@ -105,7 +105,7 @@ contract Zeto_AnonEncNullifierNonRepudiation is uint256[] memory outputs, uint256 root, uint256 encryptionNonce, - uint256[4] memory encryptedValuesForReceiver, + uint256[] memory encryptedValuesForReceiver, uint256[] memory encryptedValuesForAuthority, Commonlib.Proof calldata proof, bytes calldata data @@ -126,7 +126,7 @@ contract Zeto_AnonEncNullifierNonRepudiation is "Cipher Text for Authority must have a length of 64 with input or outputs number more than 2 and less than 10" ); // construct the public inputs - uint256[102] memory publicInputs; + uint256[120] memory publicInputs; uint256 piIndex = 0; // copy the encrypted value, salt and parity bit for receiver for (uint256 i = 0; i < encryptedValuesForReceiver.length; ++i) { @@ -177,7 +177,7 @@ contract Zeto_AnonEncNullifierNonRepudiation is "Cipher Text for Authority must have a length of 16 for no more than 2 inputs or outputs" ); // construct the public inputs - uint256[30] memory publicInputs; + uint256[33] memory publicInputs; uint256 piIndex = 0; // copy the encrypted value, salt and parity bit for receiver for (uint256 i = 0; i < encryptedValuesForReceiver.length; ++i) { diff --git a/solidity/test/gas_cost/zeto_anon_enc_nullifier_kyc_cost_analysis.ts b/solidity/test/gas_cost/zeto_anon_enc_nullifier_kyc_cost_analysis.ts index db70b54..6db235c 100644 --- a/solidity/test/gas_cost/zeto_anon_enc_nullifier_kyc_cost_analysis.ts +++ b/solidity/test/gas_cost/zeto_anon_enc_nullifier_kyc_cost_analysis.ts @@ -452,7 +452,14 @@ describe.skip('(Gas cost analysis) Zeto based fungible token with anonymity usin gasHistories.push(txResult?.gasUsed); } // add the clear text value so that it can be used by tests to compare with the decrypted value - return { txResult, plainTextSalt: outputs[0].salt }; + return { + txResult, + expectedPlainText: outputs.reduce((acc, o, i) => { + acc.push(BigInt(o.value || 0n) as BigNumberish); + acc.push((o.salt || 0n) as BigNumberish); + return acc; + }, [] as BigNumberish[]), + }; } async function prepareProof( diff --git a/solidity/test/zeto_anon_enc.ts b/solidity/test/zeto_anon_enc.ts index 0ecf9b2..a8fdb4f 100644 --- a/solidity/test/zeto_anon_enc.ts +++ b/solidity/test/zeto_anon_enc.ts @@ -123,26 +123,27 @@ describe('Zeto based fungible token with anonymity and encryption', function () events[0].encryptedValues, sharedKey, events[0].encryptionNonce, - 2 + 20 ); - expect(plainText).to.deep.equal([8n, result.plainTextSalt]); - // only the first utxo can be decrypted - const hash = poseidonHash([ - BigInt(plainText[0]), - plainText[1], - Bob.babyJubPublicKey[0], - Bob.babyJubPublicKey[1], - ]); - expect(hash).to.equal(incomingUTXOs[0]); + expect(plainText).to.deep.equal(result.expectedPlainText); // check the non-empty output hashes are correct - for (let i = 1; i < outputUtxos.length; i++) { - expect(incomingUTXOs[i]).to.equal(outputUtxos[i].hash); + for (let i = 0; i < outputUtxos.length; i++) { + // Bob uses the information received from Alice to reconstruct the UTXO sent to him + const hash = poseidonHash([ + BigInt(plainText[2 * i]), + plainText[2 * i + 1], + outputOwners[i].babyJubPublicKey[0], + outputOwners[i].babyJubPublicKey[1], + ]); + expect(incomingUTXOs[i]).to.equal(hash); } - // check empty hashes are empty + // check empty values, salt and hashes are empty for (let i = outputUtxos.length; i < 10; i++) { expect(incomingUTXOs[i]).to.equal(0); + expect(plainText[2 * i]).to.equal(0); + expect(plainText[2 * i + 1]).to.equal(0); } }); @@ -209,9 +210,9 @@ describe('Zeto based fungible token with anonymity and encryption', function () events[0].encryptedValues, sharedKey, events[0].encryptionNonce, - 2 + 4 ); - expect(plainText).to.deep.equal([25n, result.plainTextSalt]); + expect(plainText).to.deep.equal(result.expectedPlainText); // Bob verifies that the UTXO constructed from the decrypted values matches the UTXO from the event const hash = poseidonHash([ BigInt(plainText[0]), @@ -356,7 +357,14 @@ describe('Zeto based fungible token with anonymity and encryption', function () encodedProof ); // add the clear text value so that it can be used by tests to compare with the decrypted value - return { txResult, plainTextSalt: outputs[0].salt }; + return { + txResult, + expectedPlainText: outputs.reduce((acc, o, i) => { + acc.push(BigInt(o.value || 0n) as BigNumberish); + acc.push((o.salt || 0n) as BigNumberish); + return acc; + }, [] as BigNumberish[]), + }; } async function prepareProof( @@ -385,7 +393,9 @@ describe('Zeto based fungible token with anonymity and encryption', function () let circuitToUse = circuit; let provingKeyToUse = provingKey; + let isBatch = false; if (inputCommitments.length > 2 || outputCommitments.length > 2) { + isBatch = true; circuitToUse = batchCircuit; provingKeyToUse = batchProvingKey; } @@ -416,7 +426,9 @@ describe('Zeto based fungible token with anonymity and encryption', function () ); const encodedProof = encodeProof(proof); - const encryptedValues = publicSignals.slice(0, 4); + const encryptedValues = isBatch + ? publicSignals.slice(0, 22) + : publicSignals.slice(0, 7); return { inputCommitments, outputCommitments, diff --git a/solidity/test/zeto_anon_enc_nullifier.ts b/solidity/test/zeto_anon_enc_nullifier.ts index fbe155a..86948ef 100644 --- a/solidity/test/zeto_anon_enc_nullifier.ts +++ b/solidity/test/zeto_anon_enc_nullifier.ts @@ -167,30 +167,29 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti events[0].encryptedValues, sharedKey, events[0].encryptionNonce, - 2 + 20 ); - expect(plainText).to.deep.equal([8n, result.plainTextSalt]); - // only the first utxo can be decrypted - const hash = poseidonHash([ - BigInt(plainText[0]), - plainText[1], - Bob.babyJubPublicKey[0], - Bob.babyJubPublicKey[1], - ]); - expect(hash).to.equal(incomingUTXOs[0]); - await smtAlice.add(incomingUTXOs[0], incomingUTXOs[0]); - await smtBob.add(incomingUTXOs[0], incomingUTXOs[0]); + expect(plainText).to.deep.equal(result.expectedPlainText); // check the non-empty output hashes are correct - for (let i = 1; i < outputUtxos.length; i++) { - expect(incomingUTXOs[i]).to.equal(outputUtxos[i].hash); + for (let i = 0; i < outputUtxos.length; i++) { + // Bob uses the information received from Alice to reconstruct the UTXO sent to him + const hash = poseidonHash([ + BigInt(plainText[2 * i]), + plainText[2 * i + 1], + outputOwners[i].babyJubPublicKey[0], + outputOwners[i].babyJubPublicKey[1], + ]); + expect(incomingUTXOs[i]).to.equal(hash); await smtAlice.add(incomingUTXOs[i], incomingUTXOs[i]); await smtBob.add(incomingUTXOs[i], incomingUTXOs[i]); } - // check empty hashes are empty + // check empty values, salt and hashes are empty for (let i = outputUtxos.length; i < 10; i++) { expect(incomingUTXOs[i]).to.equal(0); + expect(plainText[2 * i]).to.equal(0); + expect(plainText[2 * i + 1]).to.equal(0); } }); @@ -299,9 +298,9 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti events[0].encryptedValues, sharedKey, events[0].encryptionNonce, - 2 + 4 ); - expect(plainText).to.deep.equal([25n, result2.plainTextSalt]); + expect(plainText).to.deep.equal(result2.expectedPlainText); // Bob uses the decrypted values to construct the UTXO received from the transaction utxo3 = newUTXO(Number(plainText[0]), Bob, plainText[1]); @@ -651,7 +650,14 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti encodedProof ); // add the clear text value so that it can be used by tests to compare with the decrypted value - return { txResult, plainTextSalt: outputs[0].salt }; + return { + txResult, + expectedPlainText: outputs.reduce((acc, o, i) => { + acc.push(BigInt(o.value || 0n) as BigNumberish); + acc.push((o.salt || 0n) as BigNumberish); + return acc; + }, [] as BigNumberish[]), + }; } async function prepareProof( @@ -685,7 +691,9 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti }); let circuitToUse = circuit; let provingKeyToUse = provingKey; + let isBatch = false; if (inputCommitments.length > 2 || outputCommitments.length > 2) { + isBatch = true; circuitToUse = batchCircuit; provingKeyToUse = batchProvingKey; } @@ -720,7 +728,9 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti ); const encodedProof = encodeProof(proof); - const encryptedValues = publicSignals.slice(0, 4); + const encryptedValues = isBatch + ? publicSignals.slice(0, 22) + : publicSignals.slice(0, 7); return { inputCommitments, outputCommitments, diff --git a/solidity/test/zeto_anon_enc_nullifier_kyc.ts b/solidity/test/zeto_anon_enc_nullifier_kyc.ts index 51baa40..77d19de 100644 --- a/solidity/test/zeto_anon_enc_nullifier_kyc.ts +++ b/solidity/test/zeto_anon_enc_nullifier_kyc.ts @@ -216,32 +216,30 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti events[0].encryptedValues, sharedKey, events[0].encryptionNonce, - 2 + 20 ); - expect(plainText).to.deep.equal([8n, result.plainTextSalt]); - // only the first utxo can be decrypted - const hash = poseidonHash([ - BigInt(plainText[0]), - plainText[1], - Bob.babyJubPublicKey[0], - Bob.babyJubPublicKey[1], - ]); - expect(hash).to.equal(incomingUTXOs[0]); - await smtAlice.add(incomingUTXOs[0], incomingUTXOs[0]); - await smtBob.add(incomingUTXOs[0], incomingUTXOs[0]); - await smtUnregistered.add(incomingUTXOs[0], incomingUTXOs[0]); + expect(plainText).to.deep.equal(result.expectedPlainText); // check the non-empty output hashes are correct - for (let i = 1; i < outputUtxos.length; i++) { - expect(incomingUTXOs[i]).to.equal(outputUtxos[i].hash); + for (let i = 0; i < outputUtxos.length; i++) { + // Bob uses the information received from Alice to reconstruct the UTXO sent to him + const hash = poseidonHash([ + BigInt(plainText[2 * i]), + plainText[2 * i + 1], + outputOwners[i].babyJubPublicKey[0], + outputOwners[i].babyJubPublicKey[1], + ]); + expect(incomingUTXOs[i]).to.equal(hash); await smtAlice.add(incomingUTXOs[i], incomingUTXOs[i]); await smtBob.add(incomingUTXOs[i], incomingUTXOs[i]); await smtUnregistered.add(incomingUTXOs[i], incomingUTXOs[i]); } - // check empty hashes are empty + // check empty values, salt and hashes are empty for (let i = outputUtxos.length; i < 10; i++) { expect(incomingUTXOs[i]).to.equal(0); + expect(plainText[2 * i]).to.equal(0); + expect(plainText[2 * i + 1]).to.equal(0); } }); @@ -374,9 +372,9 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti events[0].encryptedValues, sharedKey, events[0].encryptionNonce, - 2 + 4 ); - expect(plainText).to.deep.equal([25n, result2.plainTextSalt]); + expect(plainText).to.deep.equal(result2.expectedPlainText); // Bob uses the decrypted values to construct the UTXO received from the transaction utxo3 = newUTXO(Number(plainText[0]), Bob, plainText[1]); @@ -974,7 +972,14 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti encodedProof ); // add the clear text value so that it can be used by tests to compare with the decrypted value - return { txResult, plainTextSalt: outputs[0].salt }; + return { + txResult, + expectedPlainText: outputs.reduce((acc, o, i) => { + acc.push(BigInt(o.value || 0n) as BigNumberish); + acc.push((o.salt || 0n) as BigNumberish); + return acc; + }, [] as BigNumberish[]), + }; } async function prepareProof( @@ -1010,7 +1015,9 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti }); let circuitToUse = circuit; let provingKeyToUse = provingKey; + let isBatch = false; if (inputCommitments.length > 2 || outputCommitments.length > 2) { + isBatch = true; circuitToUse = batchCircuit; provingKeyToUse = batchProvingKey; } @@ -1047,7 +1054,9 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti ); const encodedProof = encodeProof(proof); - const encryptedValues = publicSignals.slice(0, 4); + const encryptedValues = isBatch + ? publicSignals.slice(0, 22) + : publicSignals.slice(0, 7); return { inputCommitments, outputCommitments, diff --git a/solidity/test/zeto_anon_enc_nullifier_non_repudiation.ts b/solidity/test/zeto_anon_enc_nullifier_non_repudiation.ts index d5f47a6..ff575b5 100644 --- a/solidity/test/zeto_anon_enc_nullifier_non_repudiation.ts +++ b/solidity/test/zeto_anon_enc_nullifier_non_repudiation.ts @@ -141,7 +141,6 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti mtps.push(p.siblings.map((s) => s.bigInt())); } - // Alice proposes the output UTXOs, 1 utxo to bob, 2 utxos to alice const _bOut1 = newUTXO(8, Bob); const _bOut2 = newUTXO(1, Alice); @@ -182,30 +181,29 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti events[0].encryptedValuesForReceiver, sharedKey, events[0].encryptionNonce, - 2 + 20 ); - expect(plainText).to.deep.equal([8n, result.plainTextSalt]); - // only the first utxo can be decrypted - const hash = poseidonHash([ - BigInt(plainText[0]), - plainText[1], - Bob.babyJubPublicKey[0], - Bob.babyJubPublicKey[1], - ]); - expect(hash).to.equal(incomingUTXOs[0]); - await smtAlice.add(incomingUTXOs[0], incomingUTXOs[0]); - await smtBob.add(incomingUTXOs[0], incomingUTXOs[0]); + expect(plainText).to.deep.equal(result.expectedPlainText); // check the non-empty output hashes are correct - for (let i = 1; i < outputUtxos.length; i++) { - expect(incomingUTXOs[i]).to.equal(outputUtxos[i].hash); + for (let i = 0; i < outputUtxos.length; i++) { + // Bob uses the information received from Alice to reconstruct the UTXO sent to him + const hash = poseidonHash([ + BigInt(plainText[2 * i]), + plainText[2 * i + 1], + outputOwners[i].babyJubPublicKey[0], + outputOwners[i].babyJubPublicKey[1], + ]); + expect(incomingUTXOs[i]).to.equal(hash); await smtAlice.add(incomingUTXOs[i], incomingUTXOs[i]); await smtBob.add(incomingUTXOs[i], incomingUTXOs[i]); } - // check empty hashes are empty + // check empty values, salt and hashes are empty for (let i = outputUtxos.length; i < 10; i++) { expect(incomingUTXOs[i]).to.equal(0); + expect(plainText[2 * i]).to.equal(0); + expect(plainText[2 * i + 1]).to.equal(0); } // The regulator uses the encrypted values in the event to decrypt and recover the UTXO value and salt @@ -357,9 +355,9 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti events[0].encryptedValuesForReceiver, sharedKey1, events[0].encryptionNonce, - 2 + 4 ); - expect(plainText1).to.deep.equal([25n, result2.plainTextSalt]); + expect(plainText1).to.deep.equal(result2.expectedPlainText); // The regulator uses the encrypted values in the event to decrypt and recover the UTXO value and salt const sharedKey2 = genEcdhSharedKey( @@ -758,7 +756,14 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti encodedProof ); // add the clear text value so that it can be used by tests to compare with the decrypted value - return { txResult, plainTextSalt: outputs[0].salt }; + return { + txResult, + expectedPlainText: outputs.reduce((acc, o, i) => { + acc.push(BigInt(o.value || 0n) as BigNumberish); + acc.push((o.salt || 0n) as BigNumberish); + return acc; + }, [] as BigNumberish[]), + }; } async function prepareProof( @@ -833,10 +838,12 @@ describe('Zeto based fungible token with anonymity using nullifiers and encrypti return { inputCommitments, outputCommitments, - encryptedValuesForReceiver: publicSignals.slice(0, 4), + encryptedValuesForReceiver: isBatch + ? publicSignals.slice(0, 22) + : publicSignals.slice(0, 7), encryptedValuesForRegulator: isBatch - ? publicSignals.slice(4, 68) - : publicSignals.slice(4, 20), + ? publicSignals.slice(22, 86) + : publicSignals.slice(7, 23), encryptionNonce, encodedProof, }; diff --git a/solidity/test/zeto_anon_nullifier.ts b/solidity/test/zeto_anon_nullifier.ts index 8ea8705..11c0341 100644 --- a/solidity/test/zeto_anon_nullifier.ts +++ b/solidity/test/zeto_anon_nullifier.ts @@ -619,7 +619,14 @@ describe('Zeto based fungible token with anonymity using nullifiers without encr encodedProof ); // add the clear text value so that it can be used by tests to compare with the decrypted value - return { txResult, plainTextSalt: outputs[0].salt }; + return { + txResult, + expectedPlainText: outputs.reduce((acc, o, i) => { + acc.push(BigInt(o.value || 0n) as BigNumberish); + acc.push((o.salt || 0n) as BigNumberish); + return acc; + }, [] as BigNumberish[]), + }; } async function prepareProof( diff --git a/solidity/test/zeto_anon_nullifier_kyc.ts b/solidity/test/zeto_anon_nullifier_kyc.ts index 3b763ad..fafd18d 100644 --- a/solidity/test/zeto_anon_nullifier_kyc.ts +++ b/solidity/test/zeto_anon_nullifier_kyc.ts @@ -943,7 +943,14 @@ describe('Zeto based fungible token with anonymity, KYC, using nullifiers withou encodedProof ); // add the clear text value so that it can be used by tests to compare with the decrypted value - return { txResult, plainTextSalt: outputs[0].salt }; + return { + txResult, + expectedPlainText: outputs.reduce((acc, o, i) => { + acc.push(BigInt(o.value || 0n) as BigNumberish); + acc.push((o.salt || 0n) as BigNumberish); + return acc; + }, [] as BigNumberish[]), + }; } async function prepareProof( diff --git a/zkp/circuits/basetokens/anon_enc_base.circom b/zkp/circuits/basetokens/anon_enc_base.circom index 86af9be..ac5539d 100644 --- a/zkp/circuits/basetokens/anon_enc_base.circom +++ b/zkp/circuits/basetokens/anon_enc_base.circom @@ -40,8 +40,14 @@ template Zeto(nInputs, nOutputs) { signal input outputOwnerPublicKeys[nOutputs][2]; signal input encryptionNonce; - // the output for a 2-element input (value and salt) encryption is a 4-element array - signal output cipherText[4]; + // the output for encrypted output values and salts + var cLen = 2 * nOutputs; + if (cLen % 3 != 0) { + cLen += (3 - (cLen % 3)); + } + cLen++; + signal output cipherText[cLen]; + // derive the sender's public key from the secret input // for the sender's private key. This step demonstrates @@ -86,15 +92,15 @@ template Zeto(nInputs, nOutputs) { sharedSecret[0] = ecdh.sharedKey[0]; sharedSecret[1] = ecdh.sharedKey[1]; - // encrypt the value for the receiver - component encrypt = SymmetricEncrypt(2); - // our circuit requires that the output UTXO for the receiver must be the first in the array - encrypt.plainText[0] <== outputValues[0]; - encrypt.plainText[1] <== outputSalts[0]; + // encrypt the value for the output utxos + component encrypt = SymmetricEncrypt(2 * nOutputs); + for (var i = 0; i < nOutputs; i++) { + encrypt.plainText[2 * i] <== outputValues[i]; + encrypt.plainText[2 * i + 1] <== outputSalts[i]; + } encrypt.key <== sharedSecret; encrypt.nonce <== encryptionNonce; - encrypt.cipherText[0] ==> cipherText[0]; - encrypt.cipherText[1] ==> cipherText[1]; - encrypt.cipherText[2] ==> cipherText[2]; - encrypt.cipherText[3] ==> cipherText[3]; + for (var i = 0; i < cLen; i++) { + encrypt.cipherText[i] ==> cipherText[i]; + } } diff --git a/zkp/circuits/basetokens/anon_enc_nullifier_base.circom b/zkp/circuits/basetokens/anon_enc_nullifier_base.circom index fba891e..8c62561 100644 --- a/zkp/circuits/basetokens/anon_enc_nullifier_base.circom +++ b/zkp/circuits/basetokens/anon_enc_nullifier_base.circom @@ -48,8 +48,13 @@ template Zeto(nInputs, nOutputs, nSMTLevels) { signal input outputSalts[nOutputs]; signal input encryptionNonce; - // the output for a 2-element input (value and salt) encryption is a 4-element array - signal output cipherText[4]; + // the output for encrypted output values and salts + var cLen = 2 * nOutputs; + if (cLen % 3 != 0) { + cLen += (3 - (cLen % 3)); + } + cLen++; + signal output cipherText[cLen]; // derive the sender's public key from the secret input // for the sender's private key. This step demonstrates @@ -111,15 +116,15 @@ template Zeto(nInputs, nOutputs, nSMTLevels) { sharedSecret[0] = ecdh.sharedKey[0]; sharedSecret[1] = ecdh.sharedKey[1]; - // encrypt the value for the receiver - component encrypt = SymmetricEncrypt(2); - // our circuit requires that the output UTXO for the receiver must be the first in the array - encrypt.plainText[0] <== outputValues[0]; - encrypt.plainText[1] <== outputSalts[0]; + // encrypt the value for the output utxos + component encrypt = SymmetricEncrypt(2 * nOutputs); + for (var i = 0; i < nOutputs; i++) { + encrypt.plainText[2 * i] <== outputValues[i]; + encrypt.plainText[2 * i + 1] <== outputSalts[i]; + } encrypt.key <== sharedSecret; encrypt.nonce <== encryptionNonce; - encrypt.cipherText[0] ==> cipherText[0]; - encrypt.cipherText[1] ==> cipherText[1]; - encrypt.cipherText[2] ==> cipherText[2]; - encrypt.cipherText[3] ==> cipherText[3]; + for (var i = 0; i < cLen; i++) { + encrypt.cipherText[i] ==> cipherText[i]; + } } diff --git a/zkp/circuits/basetokens/anon_enc_nullifier_kyc_base.circom b/zkp/circuits/basetokens/anon_enc_nullifier_kyc_base.circom index 4f6ba7f..4231c76 100644 --- a/zkp/circuits/basetokens/anon_enc_nullifier_kyc_base.circom +++ b/zkp/circuits/basetokens/anon_enc_nullifier_kyc_base.circom @@ -51,8 +51,13 @@ template Zeto(nInputs, nOutputs, nUTXOSMTLevels, nIdentitiesSMTLevels) { signal input outputSalts[nOutputs]; signal input encryptionNonce; - // the output for a 2-element input (value and salt) encryption is a 4-element array - signal output cipherText[4]; + // the output for encrypted output values and salts + var cLen = 2 * nOutputs; + if (cLen % 3 != 0) { + cLen += (3 - (cLen % 3)); + } + cLen++; + signal output cipherText[cLen]; // derive the sender's public key from the secret input // for the sender's private key. This step demonstrates @@ -140,15 +145,15 @@ template Zeto(nInputs, nOutputs, nUTXOSMTLevels, nIdentitiesSMTLevels) { sharedSecret[0] = ecdh.sharedKey[0]; sharedSecret[1] = ecdh.sharedKey[1]; - // encrypt the value for the receiver - component encrypt = SymmetricEncrypt(2); - // our circuit requires that the output UTXO for the receiver must be the first in the array - encrypt.plainText[0] <== outputValues[0]; - encrypt.plainText[1] <== outputSalts[0]; + // encrypt the value for the output utxos + component encrypt = SymmetricEncrypt(2 * nOutputs); + for (var i = 0; i < nOutputs; i++) { + encrypt.plainText[2 * i] <== outputValues[i]; + encrypt.plainText[2 * i + 1] <== outputSalts[i]; + } encrypt.key <== sharedSecret; encrypt.nonce <== encryptionNonce; - encrypt.cipherText[0] ==> cipherText[0]; - encrypt.cipherText[1] ==> cipherText[1]; - encrypt.cipherText[2] ==> cipherText[2]; - encrypt.cipherText[3] ==> cipherText[3]; + for (var i = 0; i < cLen; i++) { + encrypt.cipherText[i] ==> cipherText[i]; + } } \ No newline at end of file diff --git a/zkp/circuits/basetokens/anon_enc_nullifier_non_repudiation_base.circom b/zkp/circuits/basetokens/anon_enc_nullifier_non_repudiation_base.circom index 0cddc73..d31e0a1 100644 --- a/zkp/circuits/basetokens/anon_enc_nullifier_non_repudiation_base.circom +++ b/zkp/circuits/basetokens/anon_enc_nullifier_non_repudiation_base.circom @@ -50,8 +50,14 @@ template Zeto(nInputs, nOutputs, nSMTLevels) { signal input encryptionNonce; signal input authorityPublicKey[2]; - // the output for a 2-element input (value and salt) encryption is a 4-element array - signal output cipherTextReceiver[4]; + // the output for encrypted output values and salts + var cLen = 2 * nOutputs; + if (cLen % 3 != 0) { + cLen += (3 - (cLen % 3)); + } + cLen++; + signal output cipherText[cLen]; + // the number of cipher text messages returned by // the encryption template will be 3n+1 // input length: @@ -126,18 +132,17 @@ template Zeto(nInputs, nOutputs, nSMTLevels) { sharedSecretReceiver[0] = ecdh1.sharedKey[0]; sharedSecretReceiver[1] = ecdh1.sharedKey[1]; - // encrypt the value for the receiver - component encrypt1 = SymmetricEncrypt(2); - // our circuit requires that the output UTXO for the receiver must be the first in the array - encrypt1.plainText[0] <== outputValues[0]; - encrypt1.plainText[1] <== outputSalts[0]; + // encrypt the value for the output utxos + component encrypt1 = SymmetricEncrypt(2 * nOutputs); + for (var i = 0; i < nOutputs; i++) { + encrypt1.plainText[2 * i] <== outputValues[i]; + encrypt1.plainText[2 * i + 1] <== outputSalts[i]; + } encrypt1.key <== sharedSecretReceiver; encrypt1.nonce <== encryptionNonce; - // the output for a 2-element input encryption is a 4-element array - encrypt1.cipherText[0] ==> cipherTextReceiver[0]; - encrypt1.cipherText[1] ==> cipherTextReceiver[1]; - encrypt1.cipherText[2] ==> cipherTextReceiver[2]; - encrypt1.cipherText[3] ==> cipherTextReceiver[3]; + for (var i = 0; i < cLen; i++) { + encrypt1.cipherText[i] ==> cipherText[i]; + } // generate shared secret for the authority var sharedSecretAuthority[2];