tornado-core/contracts/MerkleTreeWithHistory.sol

121 lines
3.9 KiB
Solidity
Raw Normal View History

2019-08-02 13:12:30 -04:00
// https://tornado.cash
/*
* d888888P dP a88888b. dP
* 88 88 d8' `88 88
* 88 .d8888b. 88d888b. 88d888b. .d8888b. .d888b88 .d8888b. 88 .d8888b. .d8888b. 88d888b.
* 88 88' `88 88' `88 88' `88 88' `88 88' `88 88' `88 88 88' `88 Y8ooooo. 88' `88
* 88 88. .88 88 88 88 88. .88 88. .88 88. .88 dP Y8. .88 88. .88 88 88 88
* dP `88888P' dP dP dP `88888P8 `88888P8 `88888P' 88 Y88888P' `88888P8 `88888P' dP dP
* ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
*/
2020-04-13 15:02:21 -04:00
pragma solidity 0.5.17;
2019-07-09 09:05:30 -04:00
library Hasher {
2019-12-13 16:18:16 -05:00
function MiMCSponge(uint256 in_xL, uint256 in_xR) public pure returns (uint256 xL, uint256 xR);
2019-07-09 09:05:30 -04:00
}
contract MerkleTreeWithHistory {
2019-11-02 08:35:22 -04:00
uint256 public constant FIELD_SIZE = 21888242871839275222246405745257275088548364400416034343698204186575808495617;
2019-11-15 03:42:48 -05:00
uint256 public constant ZERO_VALUE = 21663839004416932945382355908790599225266501822907911457504978515578255421292; // = keccak256("tornado") % FIELD_SIZE
2019-07-09 09:05:30 -04:00
uint32 public levels;
2019-11-04 14:45:56 -05:00
// the following variables are made public for easier testing and debugging and
// are not supposed to be accessed in regular code
2019-11-04 16:04:22 -05:00
bytes32[] public filledSubtrees;
bytes32[] public zeros;
2019-11-06 05:52:00 -05:00
uint32 public currentRootIndex = 0;
uint32 public nextIndex = 0;
uint32 public constant ROOT_HISTORY_SIZE = 100;
bytes32[ROOT_HISTORY_SIZE] public roots;
2019-07-09 09:05:30 -04:00
constructor(uint32 _treeLevels) public {
2019-11-02 09:04:17 -04:00
require(_treeLevels > 0, "_treeLevels should be greater than zero");
require(_treeLevels < 32, "_treeLevels should be less than 32");
2019-11-02 09:04:17 -04:00
levels = _treeLevels;
2019-07-09 09:05:30 -04:00
2019-11-04 16:04:22 -05:00
bytes32 currentZero = bytes32(ZERO_VALUE);
2019-11-03 03:45:54 -05:00
zeros.push(currentZero);
2019-11-02 09:04:17 -04:00
filledSubtrees.push(currentZero);
2019-07-09 09:05:30 -04:00
for (uint32 i = 1; i < levels; i++) {
2019-11-02 09:04:17 -04:00
currentZero = hashLeftRight(currentZero, currentZero);
zeros.push(currentZero);
filledSubtrees.push(currentZero);
2019-07-09 09:05:30 -04:00
}
2019-11-02 09:04:17 -04:00
roots[0] = hashLeftRight(currentZero, currentZero);
2019-07-09 09:05:30 -04:00
}
2019-11-04 14:45:56 -05:00
/**
@dev Hash 2 tree leaves, returns MiMC(_left, _right)
*/
2019-11-04 16:04:22 -05:00
function hashLeftRight(bytes32 _left, bytes32 _right) public pure returns (bytes32) {
require(uint256(_left) < FIELD_SIZE, "_left should be inside the field");
require(uint256(_right) < FIELD_SIZE, "_right should be inside the field");
uint256 R = uint256(_left);
2019-07-09 09:05:30 -04:00
uint256 C = 0;
2019-12-13 16:18:16 -05:00
(R, C) = Hasher.MiMCSponge(R, C);
2019-11-04 16:04:22 -05:00
R = addmod(R, uint256(_right), FIELD_SIZE);
2019-12-13 16:18:16 -05:00
(R, C) = Hasher.MiMCSponge(R, C);
2019-11-04 16:04:22 -05:00
return bytes32(R);
2019-07-09 09:05:30 -04:00
}
2019-11-04 16:04:22 -05:00
function _insert(bytes32 _leaf) internal returns(uint32 index) {
2019-11-02 09:04:17 -04:00
uint32 currentIndex = nextIndex;
require(currentIndex != uint32(2)**levels, "Merkle tree is full. No more leafs can be added");
2019-11-02 09:04:17 -04:00
nextIndex += 1;
2019-11-04 16:04:22 -05:00
bytes32 currentLevelHash = _leaf;
bytes32 left;
bytes32 right;
2019-07-09 09:05:30 -04:00
for (uint32 i = 0; i < levels; i++) {
2019-11-02 09:04:17 -04:00
if (currentIndex % 2 == 0) {
left = currentLevelHash;
right = zeros[i];
2019-07-09 09:05:30 -04:00
2019-11-02 09:04:17 -04:00
filledSubtrees[i] = currentLevelHash;
2019-07-09 09:05:30 -04:00
} else {
2019-11-02 09:04:17 -04:00
left = filledSubtrees[i];
right = currentLevelHash;
2019-07-09 09:05:30 -04:00
}
2019-11-02 09:04:17 -04:00
currentLevelHash = hashLeftRight(left, right);
2019-07-09 09:05:30 -04:00
2019-11-02 09:04:17 -04:00
currentIndex /= 2;
2019-07-09 09:05:30 -04:00
}
2019-11-02 09:04:17 -04:00
currentRootIndex = (currentRootIndex + 1) % ROOT_HISTORY_SIZE;
roots[currentRootIndex] = currentLevelHash;
return nextIndex - 1;
2019-07-09 09:05:30 -04:00
}
2019-11-04 14:45:56 -05:00
/**
@dev Whether the root is present in the root history
*/
2019-11-04 16:04:22 -05:00
function isKnownRoot(bytes32 _root) public view returns(bool) {
2019-11-02 09:04:17 -04:00
if (_root == 0) {
2019-07-09 09:05:30 -04:00
return false;
}
uint32 i = currentRootIndex;
2019-11-03 04:06:58 -05:00
do {
2019-12-13 16:18:16 -05:00
if (_root == roots[i]) {
return true;
}
if (i == 0) {
i = ROOT_HISTORY_SIZE;
}
i--;
2019-11-03 04:06:58 -05:00
} while (i != currentRootIndex);
2019-07-09 09:05:30 -04:00
return false;
}
2019-11-04 14:45:56 -05:00
/**
@dev Returns the last root
*/
2019-11-04 16:04:22 -05:00
function getLastRoot() public view returns(bytes32) {
2019-11-02 09:04:17 -04:00
return roots[currentRootIndex];
2019-07-09 09:05:30 -04:00
}
}