Merge pull request #180 from privacy-scaling-explorations/refactor/nu…

…llifier

Remove `nullifier` from `poseidon-proof` circuit

packages/circuits/circom/poseidon-proof.circom

@@ -8,8 +8,8 @@ include "poseidon.circom";
 // for zero-knowledge proof contexts. A parameter is defined to specify
 // the number of inputs a Poseidon hash function can support 
 // (i.e. 'NUMBER_OF_INPUTS').
-// A scope value can be used to define a nullifier to prevent the same
-// proof from being re-used twice.
+// A scope value can be used to externally compute a nullifier to prevent 
+// the same proof from being re-used twice.
 template PoseidonProof(NUMBER_OF_INPUTS) {
     // The circuit takes two inputs: the pre-images and an additional scope parameter.
     signal input preimages[NUMBER_OF_INPUTS];
@@ -22,8 +22,6 @@ template PoseidonProof(NUMBER_OF_INPUTS) {
     signal output digest;
     digest <== Poseidon(NUMBER_OF_INPUTS)(preimages);
 
-    // A nullifier is also computed using both the scope and the digest, providing a value
-    // to prevent the same proof from being reused twice.
-    signal output nullifier;
-    nullifier <== Poseidon(2)([scope, digest]);
+    // Dummy constraint to prevent compiler from optimizing it.
+    signal dummySquare <== scope * scope;
 }

packages/circuits/tests/poseidon-proof.test.ts

@@ -1,24 +1,22 @@
 import { WitnessTester } from "circomkit"
-import { poseidon2, poseidon3 } from "poseidon-lite"
+import { poseidon3 } from "poseidon-lite"
 import { circomkit } from "./common"
 
 describe("poseidon-proof", () => {
-    let circuit: WitnessTester<["preimages", "scope"], ["digest", "nullifier"]>
+    let circuit: WitnessTester<["preimages", "scope"], ["digest"]>
 
     const numberOfInputs = 3
     const preimages = [1, 2, 3]
     const scope = 2
     const digest = poseidon3(preimages)
-    const nullifier = poseidon2([scope, digest])
 
     const INPUT = {
         preimages,
         scope
     }
 
     const OUTPUT = {
-        digest,
-        nullifier
+        digest
     }
 
     before(async () => {

packages/poseidon-proof/src/generate.ts

@@ -9,7 +9,7 @@ import { PoseidonProof, SnarkArtifacts } from "./types"
 /**
  * Creates a zero-knowledge proof to prove that you have the preimages of a hash,
  * without disclosing the actual preimages themselves.
- * The use of a scope parameter along with a nullifier helps ensure the uniqueness
+ * The use of a scope parameter helps ensure the uniqueness
  * and non-reusability of the proofs, enhancing security in applications like
  * blockchain transactions or private data verification.
  * If, for example, this package were used with Semaphore to demonstrate possession
@@ -44,7 +44,6 @@ export default async function generate(
     return {
         scope: BigNumber.from(scope).toString() as NumericString,
         digest: publicSignals[0],
-        nullifier: publicSignals[1],
         proof: packProof(proof)
     }
 }

packages/poseidon-proof/src/types/index.ts

@@ -8,7 +8,6 @@ export type SnarkArtifacts = {
 export type PoseidonProof = {
     scope: NumericString
     digest: NumericString
-    nullifier: NumericString
     proof: PackedProof
 }
 

packages/poseidon-proof/src/verify.ts

@@ -9,15 +9,12 @@ import verificationKeys from "./verification-keys.json"
  * @param poseidonProof The Poseidon zero-knowledge proof.
  * @returns True if the proof is valid, false otherwise.
  */
-export default function verify(
-    numberOfInputs: number,
-    { scope, digest, nullifier, proof }: PoseidonProof
-): Promise<boolean> {
+export default function verify(numberOfInputs: number, { scope, digest, proof }: PoseidonProof): Promise<boolean> {
     const verificationKey = {
         ...verificationKeys,
         vk_delta_2: verificationKeys.vk_delta_2[numberOfInputs - 1],
         IC: verificationKeys.IC[numberOfInputs - 1]
     }
 
-    return groth16.verify(verificationKey, [digest, nullifier, hash(scope)], unpackProof(proof))
+    return groth16.verify(verificationKey, [digest, hash(scope)], unpackProof(proof))
 }

packages/poseidon-proof/tests/index.test.ts

@@ -69,12 +69,10 @@ describe("PoseidonProof", () => {
                 fullProof = await generate(currentPreimages, scope)
 
                 const digest = computePoseidon(currentPreimages.map((preimage) => hash(preimage)))
-                const nullifier = poseidon2([hash(scope), digest])
 
                 expect(fullProof.proof).toHaveLength(8)
                 expect(fullProof.scope).toBe(scope.toString())
                 expect(fullProof.digest).toBe(digest.toString())
-                expect(fullProof.nullifier).toBe(nullifier.toString())
 
                 // Verify.
                 const response = await verify(currentPreimages.length, fullProof)