Tags and fixes (#126)

* Introduce tags. Fix some review comments from Arnau

* Fixes

* Wrapped circuits to fix unit tests

* Update tags-managing.circom

Co-authored-by: GopherDID <[email protected]>

---------

Co-authored-by: GopherDID <[email protected]>

circuits/auth/authV2.circom

@@ -9,8 +9,8 @@ include "../lib/utils/safeOne.circom";
 
 template AuthV2(IdOwnershipLevels, onChainLevels) {
     signal input genesisID;
-    // random number, which should be stored by user
-    // if there is a need to generate the same userID (ProfileID) output for different proofs
+    // random number, which should be stored by user if there is a need to
+    // generate the same userID (ProfileID) output for different proofs
     signal input profileNonce;
 
     // user state
@@ -31,7 +31,7 @@ template AuthV2(IdOwnershipLevels, onChainLevels) {
     signal input authClaimNonRevMtpAuxHi;
     signal input authClaimNonRevMtpAuxHv;
 
-    // challenge signature
+    // challenge and it's signature
     signal input challenge;
     signal input challengeSignatureR8x;
     signal input challengeSignatureR8y;
@@ -50,7 +50,7 @@ template AuthV2(IdOwnershipLevels, onChainLevels) {
     signal output userID;
 
     // get safe zero and one values to be used in ForceEqualIfEnabled
-    signal one <== SafeOne()(genesisID);
+    signal {binary} one <== SafeOne()(genesisID);
 
     checkAuthV2(IdOwnershipLevels, onChainLevels)(
         one,
@@ -81,7 +81,7 @@ template AuthV2(IdOwnershipLevels, onChainLevels) {
 }
 
 template checkAuthV2(IdOwnershipLevels, onChainLevels) {
-    signal input enabled;
+    signal input {binary} enabled;
 
     signal input genesisID;
 
@@ -143,7 +143,7 @@ template checkAuthV2(IdOwnershipLevels, onChainLevels) {
 
     signal isStateGenesis <== IsEqual()([cutId, cutState]);
 
-    signal genesisIDhash <== Poseidon(1)([genesisID]);
+    signal genesisIDHash <== Poseidon(1)([genesisID]);
 
     SMTVerifier(onChainLevels)(
         enabled <== enabled,
@@ -153,7 +153,7 @@ template checkAuthV2(IdOwnershipLevels, onChainLevels) {
         oldKey <== gistMtpAuxHi,
         oldValue <== gistMtpAuxHv,
         isOld0 <== gistMtpNoAux,
-        key <== genesisIDhash,
+        key <== genesisIDHash,
         value <== state
     );
 }

circuits/lib/idOwnership.circom

@@ -12,7 +12,7 @@ include "utils/claimUtils.circom";
 include "utils/treeUtils.circom";
 
 template IdOwnership(nLevels) {
-    signal input enabled;
+    signal input {binary} enabled;
 
     signal input userState;
 

circuits/lib/linked/linkId.circom

@@ -1,7 +1,8 @@
 pragma circom 2.1.5;
 
-include "../../../node_modules/circomlib/circuits/poseidon.circom";
 include "../../../node_modules/circomlib/circuits/comparators.circom";
+include "../../../node_modules/circomlib/circuits/mux1.circom";
+include "../../../node_modules/circomlib/circuits/poseidon.circom";
 
 template LinkID() {
     signal input claimHash;

circuits/lib/query/comparators.circom

@@ -3,9 +3,12 @@ pragma circom 2.1.1;
 include "../../../node_modules/circomlib/circuits/comparators.circom";
 include "../../../node_modules/circomlib/circuits/gates.circom";
 
-// nElements - number of value elements
-// Example nElements = 3, '1' in ['12', '1231', '9999'], 1 not in array of values
-template IN (valueArraySize){
+// Checks if value `in` is included is in value array
+// Returns 1 if at least one value is equal to `in`, 0 otherwise
+// valueArraySize - size of value array
+// Example: IN(3)(1, [12, 1231, 9999]) ==> 0 (1 is not in array of values)
+// Example: IN(3)(1231, [12, 1231, 9999]) ==> 1 (1231 is in array of values)
+template IN(valueArraySize){
 
         signal input in;
         signal input value[valueArraySize];
@@ -25,7 +28,8 @@ template IN (valueArraySize){
 }
 
 // Same as IN but stops checking on valueArraySize
-template InWithDynamicArraySize (maxValueArraySize){
+// Example: InWithDynamicArraySize(5)(0, [12, 1231, 9999, 0, 0], 3) ==> 0 (0 is not in the first 3 elements of value array)
+template InWithDynamicArraySize(maxValueArraySize){
         signal input in;
         signal input value[maxValueArraySize];
         signal input valueArraySize;
@@ -38,7 +42,7 @@ template InWithDynamicArraySize (maxValueArraySize){
         signal lt[maxValueArraySize];
         isEq[0] <== 0;
         for (var i=0; i<maxValueArraySize; i++) {
-            lt[i] <== LessThan(8)([i, valueArraySize]);
+            lt[i] <== LessThan(9)([i, valueArraySize]);
             eq[i] = IsEqual();
             eq[i].in[0] <== in;
             eq[i].in[1] <== value[i];
@@ -48,7 +52,9 @@ template InWithDynamicArraySize (maxValueArraySize){
         out <== isEq[maxValueArraySize];
 }
 
+// Checks if first number is less than second
 // As LessThan but for all possible numbers from field (not only 252-bit-max like LessThan)
+// Treats numbers as non-negative 254-bit numbers
 template LessThan254() {
     signal input in[2];
     signal output out;

circuits/lib/query/processQueryWithModifiers.circom

@@ -14,10 +14,10 @@ template ProcessQueryWithModifiers(claimLevels, maxValueArraySize){
     signal input claimPathMtpAuxHv; // 0 for inclusion proof
     signal input claimPathKey; // hash of path in merklized json-ld document
     signal input claimPathValue; // value in this path in merklized json-ld document
-    signal input slotIndex;
+    signal input slotIndex; // slot index with value to check for non-merklized credentials
     signal input operator;
     signal input value[maxValueArraySize];
-    signal input valueArraySize;
+    signal input valueArraySize; // actual size of value array - we don't want zero filled arrays to cause false positives for 0 as input to IN/NIN operators
 
     signal input issuerClaim[8];
     signal input merklized;
@@ -26,15 +26,17 @@ template ProcessQueryWithModifiers(claimLevels, maxValueArraySize){
     // Modifier/Computation Operator output ($sd)
     signal output operatorOutput;
 
-    signal operatorNotNoop <== NOT()(IsZero()(operator));
+    signal isOpNoop <== IsZero()(operator);
     signal merklizedAndEnabled <== AND()(enabled, merklized);
 
-    signal claimPathNotExists <== AND()(IsZero()(value[0]), IsEqual()([operator, 11])); // for exist and value 0 operator 1, else 0
+    // if operator == exists and value[0] == 0 ($exists == false), then claimPathNotExists = 1 (check non-inclusion),
+    // otherwise claimPathNotExists = 0 (check inclusion)
+    signal claimPathNotExists <== AND()(IsEqual()([operator, 11]), IsZero()(value[0]));
 
-    // check path/in node exists in merkletree specified by jsonldRoot
+    // check path/in node exists in merkle tree specified by jsonldRoot
     SMTVerifier(claimLevels)(
-        enabled <== AND()(merklizedAndEnabled, operatorNotNoop),  // if merklize flag 0 or enabled 0 or NOOP operation skip MTP verification
-        fnc <== claimPathNotExists, // inclusion
+        enabled <== AND()(merklizedAndEnabled, NOT()(isOpNoop)),  // if merklize flag is 0 or enabled is 0 or it's NOOP operation --> skip MTP verification
+        fnc <== claimPathNotExists, // inclusion (or non-inclusion in case exists==false)
         root <== merklizedRoot,
         siblings <== claimPathMtp,
         oldKey <== claimPathMtpAuxHi,
@@ -55,11 +57,11 @@ template ProcessQueryWithModifiers(claimLevels, maxValueArraySize){
         merklized
     );
 
-    // For non-merklized credentials exists / non-exist operators don't work
-    signal operatorNotExists <== NOT()(IsEqual()([operator, 11]));
+    // For non-merklized credentials exists / non-exist operators should always fail
+    signal isOpExists <== IsEqual()([operator, 11]);
     ForceEqualIfEnabled()(
         AND()(enabled,  NOT()(merklized)),
-        [1, operatorNotExists]
+        [isOpExists, 0]
     );
 
     /////////////////////////////////////////////////////////////////

circuits/lib/query/query.circom

@@ -9,7 +9,7 @@ include "comparators.circom";
 /*
   Operators:
     Query operators:
-      0 - noop, skip execution. Ignores all `in` and `value` passed to query, out 1
+      0 - noop. Ignores all `in` and `value` passed to query, out 1
       1 - equals
       2 - less than
       3 - greater than
@@ -18,14 +18,16 @@ include "comparators.circom";
       6 - not equals
       7 - less than or equal
       8 - greater than or equal
-      9 - between
+      9 - between (value[0] <= in <= value[1])
       10 - not between
-      11 - exist
+      11 - exist (true / false)
     Modifier/computation operators:
       16 - selective disclosure (16 = 10000 binary)
 */
 
-// Query template works only with Query operators (0-15), for the rest returns 0
+// Query template works only with Query operators (0-15).
+// Returns 1 if query operator is satisfied, 0 otherwise.
+// For modifier/computation operators (16-31) it always returns 0.
 template Query (maxValueArraySize) {
     // signals
     signal input in;
@@ -66,7 +68,7 @@ template Query (maxValueArraySize) {
     // modifier/computation operator. It's used in the final mux.
     _ <== opBits[4];
 
-    queryOpSatisfied.c[0] <== 1; // noop; skip execution
+    queryOpSatisfied.c[0] <== 1; // noop; always succeeds
     queryOpSatisfied.c[1] <== eq;
     queryOpSatisfied.c[2] <== lt;
     queryOpSatisfied.c[3] <== gt;
@@ -77,7 +79,7 @@ template Query (maxValueArraySize) {
     queryOpSatisfied.c[8] <== gte; // gte === !lt
     queryOpSatisfied.c[9] <== between; // between
     queryOpSatisfied.c[10] <== NOT()(between); // not between
-    queryOpSatisfied.c[11] <== 1; // exists;
+    queryOpSatisfied.c[11] <== 1; // exists(true/false) - actual check is done by checking inclusion/non-inclusion of claimPathKey in merklized root by SMTVerifier outside
     queryOpSatisfied.c[12] <== 0; // not used
     queryOpSatisfied.c[13] <== 0; // not used
     queryOpSatisfied.c[14] <== 0; // not used

circuits/lib/stateTransition.circom

@@ -38,7 +38,7 @@ template StateTransition(IdOwnershipLevels) {
     signal input newRootsTreeRoot;
 
     // get safe one values to be used in ForceEqualIfEnabled
-    signal one <== SafeOne()(userID);
+    signal {binary} one <== SafeOne()(userID);
 
     signal cutId <== cutId()(userID);