hiroism007/circuit_semaphore.circom

## circuit_semaphore.circom
pragma circom 2.0.0;

include "../node_modules/circomlib/circuits/poseidon.circom";
include "./tree.circom";

template CalculateSecret() {
    signal input identityNullifier;
    signal input identityTrapdoor;

    signal output out;

    component poseidon = Poseidon(2);

    poseidon.inputs[0] <== identityNullifier;
    poseidon.inputs[1] <== identityTrapdoor;

    out <== poseidon.out;
}

template CalculateIdentityCommitment() {
    signal input secret;

    signal output out;

    component poseidon = Poseidon(1);

    poseidon.inputs[0] <== secret;

    out <== poseidon.out;
}

template CalculateNullifierHash() {
    signal input externalNullifier;
    signal input identityNullifier;

    signal output out;

    component poseidon = Poseidon(2);

    poseidon.inputs[0] <== externalNullifier;
    poseidon.inputs[1] <== identityNullifier;

    out <== poseidon.out;
}

// nLevels must be < 32.
template Semaphore(nLevels) {
    signal input identityNullifier;
    signal input identityTrapdoor;
    signal input treePathIndices[nLevels];
    signal input treeSiblings[nLevels];

    signal input signalHash;
    signal input externalNullifier;

    signal output root;
    signal output nullifierHash;

    component calculateSecret = CalculateSecret();
    calculateSecret.identityNullifier <== identityNullifier;
    calculateSecret.identityTrapdoor <== identityTrapdoor;

    signal secret;
    secret <== calculateSecret.out;

    component calculateIdentityCommitment = CalculateIdentityCommitment();
    calculateIdentityCommitment.secret <== secret;

    component calculateNullifierHash = CalculateNullifierHash();
    calculateNullifierHash.externalNullifier <== externalNullifier;
    calculateNullifierHash.identityNullifier <== identityNullifier;

    component inclusionProof = MerkleTreeInclusionProof(nLevels);
    inclusionProof.leaf <== calculateIdentityCommitment.out;

    for (var i = 0; i < nLevels; i++) {
        inclusionProof.siblings[i] <== treeSiblings[i];
        inclusionProof.pathIndices[i] <== treePathIndices[i];
    }

    root <== inclusionProof.root;

    // Dummy square to prevent tampering signalHash.
    signal signalHashSquared;
    signalHashSquared <== signalHash * signalHash;

    nullifierHash <== calculateNullifierHash.out;
}

// depth 14 is enogh for usual NFT collections
component main {public [signalHash, externalNullifier]} = Semaphore(14);

## tree.circom
pragma circom 2.0.0;

include "../node_modules/circomlib/circuits/poseidon.circom";
include "../node_modules/circomlib/circuits/mux1.circom";

template MerkleTreeInclusionProof(nLevels) {
    signal input leaf;
    signal input pathIndices[nLevels];
    signal input siblings[nLevels];

    signal output root;

    component poseidons[nLevels];
    component mux[nLevels];

    signal hashes[nLevels + 1];
    hashes[0] <== leaf;

    for (var i = 0; i < nLevels; i++) {
        pathIndices[i] * (1 - pathIndices[i]) === 0;

        poseidons[i] = Poseidon(2);
        mux[i] = MultiMux1(2);

        mux[i].c[0][0] <== hashes[i];
        mux[i].c[0][1] <== siblings[i];

        mux[i].c[1][0] <== siblings[i];
        mux[i].c[1][1] <== hashes[i];

        mux[i].s <== pathIndices[i];

        poseidons[i].inputs[0] <== mux[i].out[0];
        poseidons[i].inputs[1] <== mux[i].out[1];

        hashes[i + 1] <== poseidons[i].out;
    }

    root <== hashes[nLevels];
}
	pragma circom 2.0.0;

	include "../node_modules/circomlib/circuits/poseidon.circom";
	include "./tree.circom";

	template CalculateSecret() {
	signal input identityNullifier;
	signal input identityTrapdoor;

	signal output out;

	component poseidon = Poseidon(2);

	poseidon.inputs[0] <== identityNullifier;
	poseidon.inputs[1] <== identityTrapdoor;

	out <== poseidon.out;
	}

	template CalculateIdentityCommitment() {
	signal input secret;

	signal output out;

	component poseidon = Poseidon(1);

	poseidon.inputs[0] <== secret;

	out <== poseidon.out;
	}

	template CalculateNullifierHash() {
	signal input externalNullifier;
	signal input identityNullifier;

	signal output out;

	component poseidon = Poseidon(2);

	poseidon.inputs[0] <== externalNullifier;
	poseidon.inputs[1] <== identityNullifier;

	out <== poseidon.out;
	}

	// nLevels must be < 32.
	template Semaphore(nLevels) {
	signal input identityNullifier;
	signal input identityTrapdoor;
	signal input treePathIndices[nLevels];
	signal input treeSiblings[nLevels];

	signal input signalHash;
	signal input externalNullifier;

	signal output root;
	signal output nullifierHash;

	component calculateSecret = CalculateSecret();
	calculateSecret.identityNullifier <== identityNullifier;
	calculateSecret.identityTrapdoor <== identityTrapdoor;

	signal secret;
	secret <== calculateSecret.out;

	component calculateIdentityCommitment = CalculateIdentityCommitment();
	calculateIdentityCommitment.secret <== secret;

	component calculateNullifierHash = CalculateNullifierHash();
	calculateNullifierHash.externalNullifier <== externalNullifier;
	calculateNullifierHash.identityNullifier <== identityNullifier;

	component inclusionProof = MerkleTreeInclusionProof(nLevels);
	inclusionProof.leaf <== calculateIdentityCommitment.out;

	for (var i = 0; i < nLevels; i++) {
	inclusionProof.siblings[i] <== treeSiblings[i];
	inclusionProof.pathIndices[i] <== treePathIndices[i];
	}

	root <== inclusionProof.root;

	// Dummy square to prevent tampering signalHash.
	signal signalHashSquared;
	signalHashSquared <== signalHash * signalHash;

	nullifierHash <== calculateNullifierHash.out;
	}

	// depth 14 is enogh for usual NFT collections
	component main {public [signalHash, externalNullifier]} = Semaphore(14);