Merge pull request #111 from iden3/feature/extract-nullifier

[WIP] Extract nullifier, change proofType values

circuits/credentialAtomicQueryV3.circom

@@ -7,6 +7,8 @@ include "offchain/credentialAtomicQueryV3OffChain.circom";
  userID - user profile id
  merklized - `1` if claim is merklized
  issuerState - equals to issuerAuthState for sig, and to issuerClaimIdenState for mtp
+ nullifier - sybil resistant user identifier for session id
+ linkID - linked proof identifier
 */
 component main{public [requestID,
                        issuerID,
@@ -20,5 +22,6 @@ component main{public [requestID,
                        timestamp, 
                        isRevocationChecked,
                        proofType,
-                       verifierID
+                       verifierID,
+                       verifierSessionID
                        ]} = credentialAtomicQueryV3OffChain(40, 32, 64);

circuits/credentialAtomicQueryV3OnChain.circom

@@ -7,6 +7,8 @@ include "./onchain/credentialAtomicQueryV3OnChain.circom";
  userID - user profile id
  merklized - `1` if claim is merklized
  issuerState - equals to issuerAuthState for sig, and to issuerClaimIdenState for mtp
+ nullifier - sybil resistant user identifier for session id
+ linkID - linked proof identifier
 */
 component main{public [requestID,
                        issuerID,
@@ -16,5 +18,6 @@ component main{public [requestID,
                        challenge,
                        gistRoot,
                        proofType,
-                       verifierID
+                       verifierID,
+                       verifierSessionID
                        ]} = credentialAtomicQueryV3OnChain(40, 32, 64, 40, 64);

circuits/lib/query/nullify.circom

@@ -1,26 +1,30 @@
 pragma circom 2.1.1;
 
 include "../../../node_modules/circomlib/circuits/comparators.circom";
-include "../../../node_modules/circomlib/circuits/mux2.circom";
+include "../../../node_modules/circomlib/circuits/gates.circom";
+include "../../../node_modules/circomlib/circuits/mux1.circom";
 include "../../../node_modules/circomlib/circuits/poseidon.circom";
 
 template Nullify() {
     signal input genesisID;
     signal input claimSubjectProfileNonce;
     signal input claimSchema;
-    signal input fieldValue;
     signal input verifierID;
-    signal input crs;
+    signal input verifierSessionID;
 
     signal output nullifier;
 
     signal isZeroNonce <== IsZero()(claimSubjectProfileNonce);
     signal isZeroVerifierID <== IsZero()(verifierID);
+    signal isZeroVerifierSessionID <== IsZero()(verifierSessionID);
 
-    signal hash <== Poseidon(6)([genesisID, claimSubjectProfileNonce, claimSchema, fieldValue, verifierID, crs]);
+    signal hash <== Poseidon(5)([genesisID, claimSubjectProfileNonce, claimSchema, verifierID, verifierSessionID]);
 
-    nullifier <== Mux2()(
-        [hash, 0, 0, 0],
-        [isZeroNonce, isZeroVerifierID]
+    signal isZero1 <== OR()(isZeroNonce, isZeroVerifierID);
+    signal isZero2 <== OR()(isZero1, isZeroVerifierSessionID);
+
+    nullifier <== Mux1()(
+        [hash, 0],
+        isZero2
     );
 }

circuits/lib/query/query.circom

@@ -21,7 +21,6 @@ include "comparators.circom";
       9 - between
     Modifier/computation operators:
       16 - selective disclosure (16 = 10000 binary)
-      17 - nullify (17 = 10001 binary)
 */
 
 // Query template works only with Query operators (0-15), for the rest returns 0

circuits/offchain/credentialAtomicQueryV3OffChain.circom

@@ -1,5 +1,6 @@
 pragma circom 2.1.5;
 
+include "../../node_modules/circomlib/circuits/gates.circom";
 include "../../node_modules/circomlib/circuits/mux1.circom";
 include "../../node_modules/circomlib/circuits/mux4.circom";
 include "../../node_modules/circomlib/circuits/bitify.circom";
@@ -18,7 +19,7 @@ template credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySi
     signal output userID;
 
     // common inputs for Sig and MTP
-    signal input proofType;  // sig 0, mtp 1
+    signal input proofType;  // sig 1, mtp 2
     signal input requestID;
     signal input userGenesisID;
     signal input profileNonce;
@@ -88,8 +89,10 @@ template credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySi
 
     // Identifier of the verifier
     signal input verifierID;
+    signal input verifierSessionID;
+    signal output nullifier;
 
-    // Modifier/Computation Operator output ($sd, $nullify)
+    // Modifier/Computation Operator output ($sd)
     signal output operatorOutput;
 
     /////////////////////////////////////////////////////////////////
@@ -126,11 +129,10 @@ template credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySi
     // verify issuerClaim expiration time
     verifyExpirationTime()(issuerClaimHeader.claimFlags[3], issuerClaim, timestamp); // 322 constraints
 
-    signal isSig;
-    signal isMTP;
-    isSig  <== 1 - proofType;
-    isMTP <== proofType;
-    isSig * isMTP === 0;
+    signal isSig  <== IsEqual()([proofType, 1]);
+    signal isMTP <== IsEqual()([proofType, 2]);
+    signal validProofType <== OR()(isSig, isMTP);
+    ForceEqualIfEnabled()(one, [validProofType, 1]);
 
     signal issuerClaimHash, issuerClaimHi, issuerClaimHv;
     (issuerClaimHash, issuerClaimHi, issuerClaimHv) <== getClaimHash()(issuerClaim);
@@ -260,13 +262,12 @@ template credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySi
     // no need to calc anything, fieldValue is just passed as an output
 
     // nullifier calculation
-    signal nullifier <== Nullify()(
+    nullifier <== Nullify()(
         userGenesisID,
         claimSubjectProfileNonce,
         claimSchema,
-        fieldValue,
         verifierID,
-        value[0] // get csr from value array
+        verifierSessionID
     ); // 362 constraints
 
     /////////////////////////////////////////////////////////////////
@@ -278,8 +279,7 @@ template credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySi
         operator <== operator,
         modifierOutputs <== [
             fieldValue, // 16 - selective disclosure (16-16 = index 0)
-            nullifier, // 17 - nullify (17-16 = index 1)
-            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 // 18-31 - not used
+            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 // 17-31 - not used
         ]
     );
 

circuits/onchain/credentialAtomicQueryV3OnChain.circom

@@ -45,7 +45,7 @@ template credentialAtomicQueryV3OnChain(issuerLevels, claimLevels, valueArraySiz
     // circuits query Hash
     signal output circuitQueryHash;
 
-    signal input proofType;  // sig 0, mtp 1
+    signal input proofType;  // sig 1, mtp 2
 
     // we have no constraints for "requestID" in this circuit, it is used as a unique identifier for the request
     // and verifier can use it to identify the request, and verify the proof of specific request in case of multiple query requests
@@ -158,6 +158,8 @@ template credentialAtomicQueryV3OnChain(issuerLevels, claimLevels, valueArraySiz
 
     // Identifier of the verifier
     signal input verifierID;
+    signal input verifierSessionID;
+    signal output nullifier;
 
     // Modifier/Computation Operator output ($sd, $nullify)
     signal output operatorOutput;
@@ -204,7 +206,7 @@ template credentialAtomicQueryV3OnChain(issuerLevels, claimLevels, valueArraySiz
     // Claim checks
     /////////////////////////////////////////////////////////////////
 
-    (merklized, userID, issuerState, linkID, operatorOutput) <== credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySize)(
+    (merklized, userID, issuerState, linkID, nullifier, operatorOutput) <== credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySize)(
         proofType <== proofType,
         requestID <== requestID,
         userGenesisID <== userGenesisID,
@@ -252,7 +254,8 @@ template credentialAtomicQueryV3OnChain(issuerLevels, claimLevels, valueArraySiz
         issuerClaimSignatureR8y <== issuerClaimSignatureR8y,
         issuerClaimSignatureS <== issuerClaimSignatureS,
         linkNonce <== linkNonce,
-        verifierID <== verifierID
+        verifierID <== verifierID,
+        verifierSessionID <== verifierSessionID
     );
 
     /////////////////////////////////////////////////////////////////

test/offchain/credentialAtomicQueryV3OffChain.test.ts

@@ -52,7 +52,7 @@ describe("Test credentialAtomicQueryV3OffChain.circom", function () {
         require(`${mtpBasePath}/between_operator.json`),
         require(`${mtpBasePath}/less_than_eq_operator.json`),
         require(`${mtpBasePath}/selective_disclosure.json`),
-        require(`${mtpBasePath}/nullify_modifier.json`),
+        require(`${mtpBasePath}/nullify.json`),
         require(`${mtpBasePath}/revoked_claim_without_revocation_check.json`),
     ];
 

test/query/nullify.test.ts

@@ -3,41 +3,38 @@ import {describe} from "mocha";
 const path = require("path");
 const wasm_tester = require("circom_tester").wasm;
 
-describe("Test Nullify operator:", async function () {
+describe("Test Nullify template:", async function () {
     const tests = [
         {
             desc: "nullify with all inputs non zero",
             input: {
                 genesisID: "23148936466334350744548790012294489365207440754509988986684797708370051073",
                 claimSubjectProfileNonce: "999",
                 claimSchema: "180410020913331409885634153623124536270",
-                fieldValue: "10",
                 verifierID: "21929109382993718606847853573861987353620810345503358891473103689157378049",
-                crs: "94313",
+                verifierSessionID: "94313",
             },
-            expOut: { nullifier: "2087978292462493888670232038371828714766286629966158700504811197876900431862" }
+            expOut: { nullifier: "1774255757463994926045333540514329781531189541970510727873068125458049917662" }
         },
         {
-            desc: "nullify with csr = zero",
+            desc: "nullify with verifierSessionID = zero",
             input: {
                 genesisID: "23148936466334350744548790012294489365207440754509988986684797708370051073",
                 claimSubjectProfileNonce: "999",
                 claimSchema: "180410020913331409885634153623124536270",
-                fieldValue: "10",
                 verifierID: "21929109382993718606847853573861987353620810345503358891473103689157378049",
-                crs: "0",
+                verifierSessionID: "0",
             },
-            expOut: { nullifier: "726655184513479858506545456523347580294479110324074029543303083957717308550" }
+            expOut: { nullifier: "0" }
         },
         {
             desc: "nullify with credProfileNonce = zero",
             input: {
                 genesisID: "23148936466334350744548790012294489365207440754509988986684797708370051073",
                 claimSubjectProfileNonce: "0",
                 claimSchema: "180410020913331409885634153623124536270",
-                fieldValue: "10",
                 verifierID: "21929109382993718606847853573861987353620810345503358891473103689157378049",
-                crs: "94313",
+                verifierSessionID: "94313",
             },
             expOut: { nullifier: "0" }
         },
@@ -47,9 +44,8 @@ describe("Test Nullify operator:", async function () {
                 genesisID: "23148936466334350744548790012294489365207440754509988986684797708370051073",
                 claimSubjectProfileNonce: "999",
                 claimSchema: "180410020913331409885634153623124536270",
-                fieldValue: "10",
                 verifierID: "0",
-                crs: "94313",
+                verifierSessionID: "94313",
             },
             expOut: { nullifier: "0" }
         },

testvectorgen/auth/authV2_test.go

@@ -8,11 +8,12 @@ import (
 	"math/big"
 	"testing"
 
-	core "github.com/iden3/go-iden3-core"
+	"test/utils"
+
+	core "github.com/iden3/go-iden3-core/v2"
 	"github.com/iden3/go-merkletree-sql/v2"
 	"github.com/iden3/go-merkletree-sql/v2/db/memory"
 	"github.com/stretchr/testify/require"
-	"test/utils"
 )
 
 const (
@@ -243,7 +244,7 @@ func TestTre(t *testing.T) {
 
 	typ, err := core.BuildDIDType(core.DIDMethodIden3, core.Polygon, core.Mumbai)
 	require.NoError(t, err)
-	id, err := core.IdGenesisFromIdenState(typ, state)
+	id, err := core.NewIDFromIdenState(typ, state)
 	require.NoError(t, err)
 
 	fmt.Println("id", id.BigInt())

testvectorgen/auth/testdata/userID_genesis.json

@@ -1 +1 @@
-{"desc":"Ownership true. User state: genesis. Auth claims total/signedWith/revoked: 1/1/none","inputs":{"genesisID":"23148936466334350744548790012294489365207440754509988986684797708370051073","profileNonce":"0","authClaim":["80551937543569765027552589160822318028","0","4720763745722683616702324599137259461509439547324750011830105416383780791263","4844030361230692908091131578688419341633213823133966379083981236400104720538","16547485850637761685","0","0","0"],"authClaimIncMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"authClaimNonRevMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"authClaimNonRevMtpAuxHi":"0","authClaimNonRevMtpAuxHv":"0","authClaimNonRevMtpNoAux":"1","challenge":"12345","challengeSignatureR8x":"15829360093371098546177008474519342171461782120259125067189481965541223738777","challengeSignatureR8y":"10840522802382821290541462398953040493080116495308402635486440290351677745960","challengeSignatureS":"1196477404779941775725836688033485533497812196897664950083199167075327114562","claimsTreeRoot":"8162166103065016664685834856644195001371303013149727027131225893397958846382","revTreeRoot":"0","rootsTreeRoot":"0","state":"8039964009611210398788855768060749920589777058607598891238307089541758339342","gistRoot":"1243904711429961858774220647610724273798918457991486031567244100767259239747","gistMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"gistMtpAuxHi":"1","gistMtpAuxHv":"1","gistMtpNoAux":"0"},"expOut":{"userID":"23148936466334350744548790012294489365207440754509988986684797708370051073","gistRoot":"1243904711429961858774220647610724273798918457991486031567244100767259239747","challenge":"12345"}}
+{"desc":"Ownership true. User state: genesis. Auth claims total/signedWith/revoked: 1/1/none","inputs":{"genesisID":"23273167900576580892722615617815475823351560716009055944677723144398443009","profileNonce":"0","authClaim":["80551937543569765027552589160822318028","0","4720763745722683616702324599137259461509439547324750011830105416383780791263","4844030361230692908091131578688419341633213823133966379083981236400104720538","16547485850637761685","0","0","0"],"authClaimIncMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"authClaimNonRevMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"authClaimNonRevMtpAuxHi":"0","authClaimNonRevMtpAuxHv":"0","authClaimNonRevMtpNoAux":"1","challenge":"12345","challengeSignatureR8x":"15829360093371098546177008474519342171461782120259125067189481965541223738777","challengeSignatureR8y":"10840522802382821290541462398953040493080116495308402635486440290351677745960","challengeSignatureS":"1196477404779941775725836688033485533497812196897664950083199167075327114562","claimsTreeRoot":"8162166103065016664685834856644195001371303013149727027131225893397958846382","revTreeRoot":"0","rootsTreeRoot":"0","state":"8039964009611210398788855768060749920589777058607598891238307089541758339342","gistRoot":"1243904711429961858774220647610724273798918457991486031567244100767259239747","gistMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"gistMtpAuxHi":"1","gistMtpAuxHv":"1","gistMtpNoAux":"0"},"expOut":{"userID":"23273167900576580892722615617815475823351560716009055944677723144398443009","gistRoot":"1243904711429961858774220647610724273798918457991486031567244100767259239747","challenge":"12345"}}