Understanding Zero-Knowledge Proofs Through the Source Code of Tornado Cash | by Laszlo Fazekas | Mar, 2022

Dive into the world of sensible contracts with Zero-knowledge proof

Supply: https://unsplash.com/photos/JrrWC7Qcmhs
supply: https://en.wikipedia.org/wiki/Merkle_tree
pragma circom 2.0.0;

embrace "node_modules/circomlib/circuits/bitify.circom";
embrace "node_modules/circomlib/circuits/pedersen.circom";

template Essential()
sign enter nullifier;
sign output nullifierHash;

element nullifierHasher = Pedersen(248);
element nullifierBits = Num2Bits(248);

nullifierBits.in <== nullifier;
for (var i = 0; i < 248; i++)
nullifierHasher.in[i] <== nullifierBits.out[i];

nullifierHash <== nullifierHasher.out[0];

element primary = Essential();

embrace "../node_modules/circomlib/circuits/bitify.circom";
embrace "../node_modules/circomlib/circuits/pedersen.circom";
embrace "merkleTree.circom";
// computes Pedersen(nullifier + secret)
template CommitmentHasher()
sign enter nullifier;
sign enter secret;
sign output dedication;
sign output nullifierHash;
element commitmentHasher = Pedersen(496);
element nullifierHasher = Pedersen(248);
element nullifierBits = Num2Bits(248);
element secretBits = Num2Bits(248);
nullifierBits.in <== nullifier;
secretBits.in <== secret;
for (var i = 0; i < 248; i++)
nullifierHasher.in[i] <== nullifierBits.out[i];
commitmentHasher.in[i] <== nullifierBits.out[i];
commitmentHasher.in[i + 248] <== secretBits.out[i];
dedication <== commitmentHasher.out[0];
nullifierHash <== nullifierHasher.out[0];
// Verifies that dedication that corresponds to given secret and nullifier is included within the merkle tree of deposits
template Withdraw(ranges)
sign enter root;
sign enter nullifierHash;
sign personal enter nullifier;
sign personal enter secret;
sign personal enter pathElements[levels];
sign personal enter pathIndices[levels];
element hasher = CommitmentHasher();
hasher.nullifier <== nullifier;
hasher.secret <== secret;
hasher.nullifierHash === nullifierHash;
element tree = MerkleTreeChecker(ranges);
tree.leaf <== hasher.dedication;
tree.root <== root;
for (var i = 0; i < ranges; i++)
tree.pathElements[i] <== pathElements[i];
tree.pathIndices[i] <== pathIndices[i];

element primary = Withdraw(20);

More Posts