Merge pull request #3 from DoraFactory/feature/proof-compression

Feature/proof compression

Author: 99Kies

packages/voter/package.json

@@ -47,6 +47,7 @@
 	},
 	"dependencies": {
 		"snarkjs": "0.7.5",
+		"ffjavascript": "0.3.1",
 		"@noble/curves": "^1.4.2",
 		"@noble/hashes": "^1.4.0",
 		"@scure/bip32": "^1.3.3",

packages/voter/src/crypto/adapter.ts

@@ -0,0 +1,41 @@
+import { Groth16Proof } from 'snarkjs';
+import { utils } from 'ffjavascript';
+const { unstringifyBigInts } = utils;
+
+import * as curves from './curve';
+
+const Bytes2Str = (arr: number[]) => {
+	let str = '';
+	for (let i = 0; i < arr.length; i++) {
+		let tmp = arr[i].toString(16);
+		if (tmp.length == 1) {
+			tmp = '0' + tmp;
+		}
+		str += tmp;
+	}
+	return str;
+};
+
+let BN128Curve: any = null;
+
+export const adaptToUncompressed = async (proof: Groth16Proof) => {
+	const p = unstringifyBigInts(proof);
+
+	let curve = BN128Curve;
+	if (!curve) {
+		BN128Curve = await curves.getCurveFromName('BN128');
+		curve = BN128Curve;
+	}
+
+	// convert u8 array(little-endian order)to uncompressed type(big-endian order and on bls12_381 curve)
+	// which can be convert into Affine type in bellman
+	const pi_a = curve.G1.toUncompressed(curve.G1.fromObject(p.pi_a));
+	const pi_b = curve.G2.toUncompressed(curve.G2.fromObject(p.pi_b));
+	const pi_c = curve.G1.toUncompressed(curve.G1.fromObject(p.pi_c));
+
+	return {
+		a: Bytes2Str(Array.from(pi_a)),
+		b: Bytes2Str(Array.from(pi_b)),
+		c: Bytes2Str(Array.from(pi_c)),
+	};
+};

packages/voter/src/crypto/curve.ts

@@ -0,0 +1,58 @@
+import { Scalar, buildBn128, buildBls12381 } from 'ffjavascript';
+
+const bls12381r = Scalar.e(
+	'73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001',
+	16
+);
+const bn128r = Scalar.e(
+	'21888242871839275222246405745257275088548364400416034343698204186575808495617'
+);
+
+const bls12381q = Scalar.e(
+	'1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab',
+	16
+);
+const bn128q = Scalar.e(
+	'21888242871839275222246405745257275088696311157297823662689037894645226208583'
+);
+
+export async function getCurveFromR(r: bigint) {
+	let curve;
+	if (Scalar.eq(r, bn128r)) {
+		curve = await buildBn128();
+	} else if (Scalar.eq(r, bls12381r)) {
+		curve = await buildBls12381();
+	} else {
+		throw new Error(`Curve not supported: ${Scalar.toString(r)}`);
+	}
+	return curve;
+}
+
+export async function getCurveFromQ(q: bigint) {
+	let curve;
+	if (Scalar.eq(q, bn128q)) {
+		curve = await buildBn128();
+	} else if (Scalar.eq(q, bls12381q)) {
+		curve = await buildBls12381();
+	} else {
+		throw new Error(`Curve not supported: ${Scalar.toString(q)}`);
+	}
+	return curve;
+}
+
+export async function getCurveFromName(name: string) {
+	let curve;
+	const normName = normalizeName(name);
+	if (['BN128', 'BN254', 'ALTBN128'].indexOf(normName) >= 0) {
+		curve = await buildBn128();
+	} else if (['BLS12381'].indexOf(normName) >= 0) {
+		curve = await buildBls12381();
+	} else {
+		throw new Error(`Curve not supported: ${name}`);
+	}
+	return curve;
+
+	function normalizeName(n: string) {
+		return (n.toUpperCase().match(/[A-Za-z0-9]+/g) || []).join('');
+	}
+}

packages/voter/src/crypto/index.ts

@@ -5,4 +5,6 @@ export * from './hashing';
 export * from './types';
 export * from './tree';
 export * from './babyjub';
+export * from './curve';
+export * from './adapter';
 export type { Keypair, PubKey, PrivKey } from './types';

packages/voter/src/types/lib.d.ts

@@ -0,0 +1,7 @@
+declare module 'ffjavascript' {
+	export const utils: any;
+	// eslint-disable-next-line @typescript-eslint/naming-convention
+	export const Scalar: any;
+	export const buildBn128: any;
+	export const buildBls12381: any;
+}

packages/voter/src/voter.ts

@@ -1,5 +1,6 @@
 import CryptoJS from 'crypto-js';
 import { solidityPackedSha256 } from 'ethers';
+import snarkjs from 'snarkjs';
 
 import { MaciAccount } from './account';
 import {
@@ -12,6 +13,7 @@ import {
 	Tree,
 	stringizing,
 	SNARK_FIELD_SIZE,
+	adaptToUncompressed,
 } from './crypto';
 import { poseidon } from './crypto/hashing';
 import { poseidonEncrypt } from '@zk-kit/poseidon-cipher';
@@ -102,7 +104,7 @@ export class VoterClient {
 			derivePathParams
 		);
 
-		return payload;
+		return stringizing(payload);
 	}
 
 	batchGenMessage(
@@ -201,28 +203,59 @@ export class VoterClient {
 		stateTreeDepth,
 		operatorPubkey,
 		deactivates,
+		wasmFile,
+		zkeyFile,
 		derivePathParams,
 	}: {
 		stateTreeDepth: number;
 		operatorPubkey: bigint;
 		deactivates: DeactivateMessage[];
+		wasmFile: string;
+		zkeyFile: string;
 		derivePathParams?: DerivePathParams;
-	}) {
+	}): Promise<{
+		proof: {
+			a: string;
+			b: string;
+			c: string;
+		};
+		d: string[];
+		nullifier: string;
+	}> {
 		const [coordPubkeyX, coordPubkeyY] =
 			this.unpackMaciPubkey(operatorPubkey);
 		// const stateTreeDepth = Number(circuitPower.split('-')[0]);
-		const inputObj = this.genAddKeyInput(stateTreeDepth + 2, {
+		const addKeyInput = await this.genAddKeyInput(stateTreeDepth + 2, {
 			coordPubKey: [coordPubkeyX, coordPubkeyY],
 			deactivates: deactivates.map((d: any) => d.map(BigInt)),
 			derivePathParams,
 		});
-		return inputObj;
+
+		if (addKeyInput === null) {
+			throw Error('genAddKeyInput failed');
+		}
 
 		// 1. generate proof
+		const { proof } = await snarkjs.groth16.fullProve(
+			addKeyInput,
+			wasmFile,
+			zkeyFile
+		);
 
 		// 2. compress proof to vote proof
+		const proofHex = await adaptToUncompressed(proof);
 
 		// 3. send addNewKey tx
+		return {
+			proof: proofHex,
+			d: [
+				addKeyInput.d1[0].toString(),
+				addKeyInput.d1[1].toString(),
+				addKeyInput.d2[0].toString(),
+				addKeyInput.d2[1].toString(),
+			],
+			nullifier: addKeyInput.nullifier.toString(),
+		};
 	}
 
 	async genAddKeyInput(
@@ -318,6 +351,6 @@ export class VoterClient {
 			[[0, 0]],
 			derivePathParams
 		);
-		return payload;
+		return stringizing(payload[0]);
 	}
 }