Merge pull request #14 from TomAFrench/tf/update-stuff

feat: update to noir 1.0.0-beta.1

Author: vezenovm

.devcontainer/Dockerfile

@@ -0,0 +1,10 @@
+FROM mcr.microsoft.com/devcontainers/typescript-node:18
+SHELL ["/bin/bash", "-c"]
+RUN apt update && apt install -y curl tar gzip libc++-dev unzip
+
+# For simplicity's sake we install a compatible version of bb.
+ENV BB_HOME="/bb"
+RUN curl -L https://raw.githubusercontent.com/AztecProtocol/aztec-packages/master/barretenberg/cpp/installation/install | bash
+RUN $BB_HOME/bbup -v 0.66.0
+ENV PATH="$BB_HOME:$PATH"
+

.devcontainer/devcontainer.json

@@ -0,0 +1,14 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/docker-existing-dockerfile
+{
+  "name": "Existing Dockerfile",
+  "build": {
+    "context": ".",
+    "dockerfile": "Dockerfile"
+  },
+  "features": {
+    "ghcr.io/noir-lang/features/noir:latest": {
+      "version": "1.0.0-beta.1"
+    }
+  }
+}

.github/workflows/ci.yaml

@@ -0,0 +1,43 @@
+name: CI
+
+on:
+  pull_request:
+  merge_group:
+  push:
+    branches:
+      - master
+
+# This will cancel previous runs when a branch or PR is updated
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  yarn-lock:
+    runs-on: ubuntu-22.04
+    timeout-minutes: 30
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        id: node
+        with:
+          node-version: 18.19.0
+          cache: 'yarn'
+          cache-dependency-path: 'yarn.lock'
+    
+      - name: Install
+        run: yarn --immutable
+      
+      - uses: noir-lang/noirup@v0.1.3
+        with:
+          toolchain: 1.0.0-beta.1
+
+      - name: Compile circuits
+        working-directory: ./circuits/
+        run: nargo compile
+
+      - name: Run tests
+        run: yarn --immutable

README.md

@@ -73,11 +73,6 @@ const verified = await verify_proof(verifier, proof);
 
 Once we have compiled our program and generated an ACIR, we can generate a Solidity verifier rather than having to use the verifier provided by `nargo` or Noir's typescript wrapper. 
 
-In the `scripts` folder you will find a script for compiling a program and generating the Solidity verifier. You can call it using the command below (assuming you are in the root directory of the project).
-```
-npx ts-node ./scripts/generate_sol_verifier.ts
-```
-
 This Solidity verifier can also be generated by calling `nargo contract`. This will produce a Solidity verifier inside of the Noir project which you can then move into the correct `contracts` folder.
 
 It is important to note that if you change your circuit and want to verify proofs in Solidity you must also regenerate your Solidity verifier. The verifier is based upon the circuit and if the circuit changes any previous verifier will be out of date. 

circuits/Nargo.toml

@@ -0,0 +1,5 @@
+[workspace]
+members = [
+    "mimc_tree",
+    "pedersen_tree"
+]

circuits/mimc_tree/Nargo.toml

@@ -1,5 +1,8 @@
 [package]
+name="mimc_tree"
+type="bin"
 authors = [""]
-compiler_version = "0.1"
+compiler_version = ">=1.0.0"
 
-[dependencies]
+[dependencies]
+mimc = { tag = "v0.1.0", git = "https://github.com/noir-lang/mimc" }

circuits/mimc_tree/src/main.nr

@@ -1,4 +1,4 @@
-use dep::std;
+use std::embedded_curve_ops::{fixed_base_scalar_mul, EmbeddedCurveScalar};
 
 fn main(
   recipient: pub Field,
@@ -15,39 +15,38 @@ fn main(
   nullifierHash: pub Field, 
 ) -> pub Field {
     // Compute public key from private key to show ownership
-    let pubkey = std::scalar_mul::fixed_base(priv_key);
-    let pubkey_x = pubkey[0];
-    let pubkey_y = pubkey[1];
+    let pubkey = fixed_base_scalar_mul(EmbeddedCurveScalar::from_field(priv_key));
+    let pubkey_x = pubkey.x;
+    let pubkey_y = pubkey.y;
 
     // Compute input note commitment
-    let note_commitment = std::hash::pedersen([pubkey_x, pubkey_y, secret]);
+    let note_commitment = std::hash::pedersen_hash([pubkey_x, pubkey_y, secret]);
 
     // Compute input note nullifier
-    let nullifier = std::hash::pedersen([note_commitment[0], index, priv_key]);
-    constrain nullifierHash == nullifier[0];
+    let nullifier = std::hash::pedersen_hash([note_commitment, index, priv_key]);
+    assert_eq(nullifierHash, nullifier);
 
     // Check that the input note commitment is in the root
-    let new_root = compute_root_from_leaf(note_commitment[0], index, note_hash_path);
-    constrain new_root == note_root;
+    let new_root = compute_root_from_leaf(note_commitment, index, note_hash_path);
+    assert_eq(new_root, note_root);
 
     // Cannot have unused variables, return the recipient as public output of the circuit
     recipient
 }
 
 // Returns the root of the tree from the provided leaf and its hashpath, using mimc hash
-fn compute_root_from_leaf(leaf : Field, index : Field, hash_path: [Field]) -> Field {
-    let n = hash_path.len();
-    let index_bits = index.to_le_bits(n as u32);
+fn compute_root_from_leaf<let N: u32>(leaf: Field, index: Field, hash_path: [Field; N]) -> Field {
+    let index_bits: [u1; N] = index.to_le_bits();
     let mut current = leaf;
-    for i in 0..n {
+    for i in 0..N {
         let path_bit = index_bits[i] as bool;
         let (hash_left, hash_right) = if path_bit {
             (hash_path[i], current)
         } else {
             (current, hash_path[i])
         };
 
-        current = std::hash::mimc_bn254([hash_left, hash_right]);
+        current = mimc::mimc_bn254([hash_left, hash_right]);
     };
     current
-}
+}

circuits/pedersen_tree/Nargo.toml

@@ -1,5 +1,7 @@
 [package]
+name="pedersen_tree"
+type="bin"
 authors = [""]
-compiler_version = "0.1"
+compiler_version = ">=1.0.0"
 
 [dependencies]

circuits/pedersen_tree/src/main.nr

@@ -1,5 +1,4 @@
-use dep::std;
-
+use std::embedded_curve_ops::{fixed_base_scalar_mul, EmbeddedCurveScalar};
 fn main(
   recipient : pub Field,
   // Private key of note
@@ -15,28 +14,40 @@ fn main(
   nullifierHash: pub Field, 
 ) -> pub Field {
     // Compute public key from private key to show ownership
-    let pubkey = std::scalar_mul::fixed_base(priv_key);
-    let pubkey_x = pubkey[0];
-    let pubkey_y = pubkey[1];
+    let pubkey = fixed_base_scalar_mul(EmbeddedCurveScalar::from_field(priv_key));
+    let pubkey_x = pubkey.x;
+    let pubkey_y = pubkey.y;
 
     // Compute input note commitment
-    let note_commitment = std::hash::pedersen([pubkey_x, pubkey_y, secret]);
+    let note_commitment = std::hash::pedersen_hash([pubkey_x, pubkey_y, secret]);
 
     // Compute input note nullifier
-    let nullifier = std::hash::pedersen([note_commitment[0], index, priv_key]);
-    constrain nullifierHash == nullifier[0];
-
-    // TODO: check_membership is broken with the TS prover
-    // Check that the input note commitment is in the root
-    // let is_member = std::merkle::check_membership(note_root, note_commitment[0], index, note_hash_path);
-    // constrain is_member == 1;
+    let nullifier = std::hash::pedersen_hash([note_commitment, index, priv_key]);
+    assert_eq(nullifierHash, nullifier);
 
-    let new_root = std::merkle::compute_root_from_leaf(note_commitment[0], index, note_hash_path);
-    constrain new_root == note_root;
+    let new_root = compute_root_from_leaf(note_commitment, index, note_hash_path);
+    assert_eq(new_root, note_root);
 
     // TODO: Can't use println with the TS packages yet
     // std::println(new_root);
 
     // Cannot have unused variables, return the recipient as public output of the circuit
     recipient
-}
+}
+
+// Returns the root of the tree from the provided leaf and its hashpath, using mimc hash
+fn compute_root_from_leaf<let N: u32>(leaf: Field, index: Field, hash_path: [Field; N]) -> Field {
+    let index_bits: [u1; N] = index.to_le_bits();
+    let mut current = leaf;
+    for i in 0..N {
+        let path_bit = index_bits[i] as bool;
+        let (hash_left, hash_right) = if path_bit {
+            (hash_path[i], current)
+        } else {
+            (current, hash_path[i])
+        };
+
+        current = std::hash::pedersen_hash([hash_left, hash_right]);
+    };
+    current
+}

contracts/PrivateTransfer.sol

@@ -7,7 +7,7 @@ import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
 import "hardhat/console.sol";
 
 interface IVerifier {
-    function verify(bytes calldata) external view returns (bool);
+    function verify(bytes calldata, bytes32[] calldata) external view returns (bool);
 }
 
 contract PrivateTransfer is MerkleTreeWithHistory, ReentrancyGuard {
@@ -69,20 +69,20 @@ contract PrivateTransfer is MerkleTreeWithHistory, ReentrancyGuard {
     */
     function withdraw(
         bytes calldata proof,
+        address _recipient,
+        bytes32 _nullifierHash,
         bytes32 _root
     ) external payable nonReentrant {
-        uint256 recipient;
-        bytes32 _nullifierHash;
-        assembly {
-                recipient := calldataload(add(calldataload(0x04), 0x24))
-                _nullifierHash := calldataload(add(calldataload(0x04), 0x64))
-        } 
-        address payable _recipient = payable(address(uint160(recipient)));
-
         require(!nullifierHashes[_nullifierHash], "The note has been already spent");
         require(isKnownRoot(_root), "Cannot find your merkle root");
 
-        bool proofResult = verifier.verify(proof);
+
+        bytes32[] memory public_inputs = new bytes32[](4);
+        public_inputs[0] = bytes32(uint256(uint160(_recipient)));
+        public_inputs[1] = _root;
+        public_inputs[2] = _nullifierHash;
+        public_inputs[3] = bytes32(uint256(uint160(_recipient)));
+        bool proofResult = verifier.verify(proof, public_inputs);
         require(proofResult, "Invalid withdraw proof");
 
         // Set nullifier hash to true