tornado-core/circuits/merkleTree.circom

52 lines
1.4 KiB
Plaintext
Raw Normal View History

2019-07-09 09:05:30 -04:00
include "../node_modules/circomlib/circuits/mimcsponge.circom";
2019-11-03 03:41:05 -05:00
// Computes MiMC([left, right])
2019-11-01 21:33:19 -04:00
template HashLeftRight() {
2019-07-09 09:05:30 -04:00
signal input left;
signal input right;
signal output hash;
2019-11-01 21:33:19 -04:00
component hasher = MiMCSponge(2, 220, 1);
2019-07-09 09:05:30 -04:00
hasher.ins[0] <== left;
hasher.ins[1] <== right;
hasher.k <== 0;
hash <== hasher.outs[0];
}
// if s == 0 returns [in[0], in[1]]
// if s == 1 returns [in[1], in[0]]
2019-11-15 03:43:30 -05:00
template DualMux() {
signal input in[2];
signal input s;
signal output out[2];
2019-11-20 12:27:08 -05:00
s * (1 - s) === 0
out[0] <== (in[1] - in[0])*s + in[0];
out[1] <== (in[0] - in[1])*s + in[1];
2019-07-09 09:05:30 -04:00
}
2019-07-10 08:35:46 -04:00
// Verifies that merkle proof is correct for given merkle root and a leaf
2019-11-01 22:05:25 -04:00
// pathIndices input is an array of 0/1 selectors telling whether given pathElement is on the left or right side of merkle path
2019-11-01 21:33:19 -04:00
template MerkleTree(levels) {
2019-07-09 09:05:30 -04:00
signal input leaf;
2019-07-10 08:35:46 -04:00
signal input root;
2019-07-09 09:05:30 -04:00
signal private input pathElements[levels];
2019-11-01 22:05:25 -04:00
signal private input pathIndices[levels];
2019-07-09 09:05:30 -04:00
component selectors[levels];
component hashers[levels];
for (var i = 0; i < levels; i++) {
2019-11-15 03:43:30 -05:00
selectors[i] = DualMux();
2019-11-03 03:41:05 -05:00
selectors[i].in[0] <== i == 0 ? leaf : hashers[i - 1].hash;
selectors[i].in[1] <== pathElements[i];
2019-11-01 22:05:25 -04:00
selectors[i].s <== pathIndices[i];
2019-07-09 09:05:30 -04:00
2019-11-03 03:41:05 -05:00
hashers[i] = HashLeftRight();
hashers[i].left <== selectors[i].out[0];
hashers[i].right <== selectors[i].out[1];
2019-07-09 09:05:30 -04:00
}
2019-07-10 08:35:46 -04:00
root === hashers[levels - 1].hash;
2019-07-12 12:34:25 -04:00
}