From c7953ae2c64c3122e9a4156d410af2984cb2c7b0 Mon Sep 17 00:00:00 2001
From: poma <Semenov.Roman@mail.ru>
Date: Thu, 1 Aug 2019 17:49:34 +0300
Subject: [PATCH] reduce nullifier bits to 31

---
 circuits/withdraw.circom | 12 ++++++------
 cli.js                   |  4 ++--
 test/Mixer.test.js       | 16 ++++++++--------
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/circuits/withdraw.circom b/circuits/withdraw.circom
index 01fee0a..35f6fa5 100644
--- a/circuits/withdraw.circom
+++ b/circuits/withdraw.circom
@@ -10,16 +10,16 @@ template CommitmentHasher() {
     signal output commitment;
     signal output nullifierHash;
 
-    component commitmentHasher = Pedersen(512);
-    component nullifierHasher = Pedersen(256);
-    component nullifierBits = Num2Bits(256);
-    component secretBits = Num2Bits(256);
+    component commitmentHasher = Pedersen(496);
+    component nullifierHasher = Pedersen(248);
+    component nullifierBits = Num2Bits(248);
+    component secretBits = Num2Bits(248);
     nullifierBits.in <== nullifier;
     secretBits.in <== secret;
-    for (var i = 0; i < 256; i++) {
+    for (var i = 0; i < 248; i++) {
         nullifierHasher.in[i] <== nullifierBits.out[i];
         commitmentHasher.in[i] <== nullifierBits.out[i];
-        commitmentHasher.in[i + 256] <== secretBits.out[i];
+        commitmentHasher.in[i + 248] <== secretBits.out[i];
     }
 
     commitment <== commitmentHasher.out[0];
diff --git a/cli.js b/cli.js
index 45e980e..96aeb6c 100755
--- a/cli.js
+++ b/cli.js
@@ -21,7 +21,7 @@ const pedersenHash = (data) => circomlib.babyJub.unpackPoint(circomlib.pedersenH
 
 function createDeposit(nullifier, secret) {
   let deposit = { nullifier, secret }
-  deposit.preimage = Buffer.concat([deposit.nullifier.leInt2Buff(32), deposit.secret.leInt2Buff(32)])
+  deposit.preimage = Buffer.concat([deposit.nullifier.leInt2Buff(31), deposit.secret.leInt2Buff(31)])
   deposit.commitment = pedersenHash(deposit.preimage)
   return deposit
 }
@@ -61,7 +61,7 @@ async function withdraw(note, receiver) {
     })
   const tree = new merkleTree(MERKLE_TREE_HEIGHT, EMPTY_ELEMENT, leaves)
   const validRoot = await mixer.methods.isKnownRoot(await tree.root()).call()
-  const nullifierHash = pedersenHash(deposit.nullifier.leInt2Buff(32))
+  const nullifierHash = pedersenHash(deposit.nullifier.leInt2Buff(31))
   const nullifierHashToCheck = nullifierHash.toString(16).padStart('66', '0x000000')
   const isSpent = await mixer.methods.isSpent(nullifierHashToCheck).call()
   assert(validRoot === true)
diff --git a/test/Mixer.test.js b/test/Mixer.test.js
index 4a12fdb..b06e0ac 100644
--- a/test/Mixer.test.js
+++ b/test/Mixer.test.js
@@ -29,7 +29,7 @@ function generateDeposit() {
     secret: rbigint(31),
     nullifier: rbigint(31),
   }
-  const preimage = Buffer.concat([deposit.nullifier.leInt2Buff(32), deposit.secret.leInt2Buff(32)])
+  const preimage = Buffer.concat([deposit.nullifier.leInt2Buff(31), deposit.secret.leInt2Buff(31)])
   deposit.commitment = pedersenHash(preimage)
   return deposit
 }
@@ -127,7 +127,7 @@ contract('Mixer', accounts => {
 
       const input = stringifyBigInts({
         root,
-        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(32)),
+        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(31)),
         nullifier: deposit.nullifier,
         receiver,
         fee,
@@ -180,7 +180,7 @@ contract('Mixer', accounts => {
       const input = stringifyBigInts({
         // public
         root,
-        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(32)),
+        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(31)),
         receiver,
         fee,
 
@@ -228,7 +228,7 @@ contract('Mixer', accounts => {
 
       const input = stringifyBigInts({
         root,
-        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(32)),
+        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(31)),
         nullifier: deposit.nullifier,
         receiver,
         fee,
@@ -252,7 +252,7 @@ contract('Mixer', accounts => {
 
       const input = stringifyBigInts({
         root,
-        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(32)),
+        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(31)),
         nullifier: deposit.nullifier,
         receiver,
         fee,
@@ -276,7 +276,7 @@ contract('Mixer', accounts => {
       const oneEtherFee = bigInt(1e18) // 1 ether
       const input = stringifyBigInts({
         root,
-        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(32)),
+        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(31)),
         nullifier: deposit.nullifier,
         receiver,
         fee: oneEtherFee,
@@ -299,7 +299,7 @@ contract('Mixer', accounts => {
       const { root, path_elements, path_index } = await tree.path(0)
 
       const input = stringifyBigInts({
-        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(32)),
+        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(31)),
         root,
         nullifier: deposit.nullifier,
         receiver,
@@ -327,7 +327,7 @@ contract('Mixer', accounts => {
 
       const input = stringifyBigInts({
         root,
-        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(32)),
+        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(31)),
         nullifier: deposit.nullifier,
         receiver,
         fee,