Merge pull request #61 from HarryR/miximus-cleanup

Merkle fixes, Miximus cleanup + security fix

Author: HarryR

Diff for: .solhint.json

@@ -10,6 +10,7 @@
 		"expression-indent": false,
 		"max-line-length": false,
 		"two-lines-top-level-separator": false,
-		"separate-by-one-line-in-contract": false
+		"separate-by-one-line-in-contract": false,
+		"function-max-lines": false
 	}
 }

Diff for: CMakeLists.txt

@@ -4,14 +4,6 @@ project(ethsnarks)
 
 set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/bin)
 
-if(CMAKE_COMPILER_IS_GNUCXX OR "${CMAKE_CXX_COMPILER_ID}" STREQUAL "Clang")
-  # Common compilation flags and warning configuration
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -Wall -Wfatal-errors -Wno-unused-variable")
-   if("${MULTICORE}")
-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fopenmp")
-  endif()
-    # Default optimizations flags (to override, use -DOPT_FLAGS=...)
-endif()
 
 
 set(
@@ -60,34 +52,35 @@ option(
   OFF
 )
 
+option(
+  USE_MIXED_ADDITION
+  "Convert each element of the key pair to affine coordinates"
+  OFF
+)
+
 option(
   BINARY_OUTPUT
   "Use binary output for serialisation"
   ON
 )
 
 option(
-  PERFORMANCE
-  "Enable link-time and aggressive optimizations"
-  OFF
+  MONTGOMERY_OUTPUT
+  "Serialize Fp elements as their Montgomery representations (faster but not human-readable)"
+  ON
 )
 
+
 option(
   WITH_PROCPS
   "Use procps for memory profiling"
   OFF
 )
 
-option(
-  VERBOSE
-  "Print internal messages"
-  OFF
-)
-
 option(
   DEBUG
   "Enable debugging mode"
-  ON
+  OFF
 )
 
 option(
@@ -103,19 +96,12 @@ if(${CURVE} STREQUAL "BN128")
   add_definitions(-DBN_SUPPORT_SNARK=1)
 endif()
 
-if("${VERBOSE}")
-  add_definitions(-DVERBOSE=1)
-endif()
-
 if("${MULTICORE}")
   add_definitions(-DMULTICORE=1)
 endif()
 
-if("${DEBUG}")
+if("${DEBUG}" OR "${CMAKE_BUILD_TYPE}" STREQUAL "Debug")
   add_definitions(-DDEBUG=1)
-  add_compile_options(-g)
-else()
-  add_compile_options(-O3)
 endif()
 
 
@@ -154,6 +140,15 @@ else()
   )
 endif()
 
+if(CMAKE_COMPILER_IS_GNUCXX OR "${CMAKE_CXX_COMPILER_ID}" STREQUAL "Clang")
+  # Common compilation flags and warning configuration
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -Wall -Wfatal-errors -Wno-unused-variable")
+   if("${MULTICORE}")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fopenmp")
+  endif()
+    # Default optimizations flags (to override, use -DOPT_FLAGS=...)
+endif()
+
 
 find_path(GMP_INCLUDE_DIR NAMES gmp.h)
 find_library(GMP_LIBRARY gmp)
@@ -205,6 +200,4 @@ add_library(
 
 target_link_libraries(ff GMP::gmp gmpxx ${PROCPS_LIBRARIES})
 
-#add_subdirectory(depends)
 add_subdirectory(src)
-

Diff for: Makefile

@@ -47,6 +47,16 @@ bin/miximus_genKeys: build/Makefile
 build/src/libmiximus.$(DLL_EXT): build/Makefile
 	make -C build
 
+cmake-debug: build
+	cd build && cmake -DCMAKE_BUILD_TYPE=Debug ..
+
+cmake-release: build
+	cd build && cmake -DCMAKE_BUILD_TYPE=Release ..
+
+release: cmake-release all
+
+debug: cmake-debug all
+
 build/Makefile: build CMakeLists.txt
 	cd build && cmake ..
 
@@ -163,6 +173,9 @@ $(GANACHE): node_modules
 truffle-test: $(TRUFFLE)
 	$(NPM) run test
 
+truffle-migrate: $(TRUFFLE)
+	$(TRUFFLE) migrate
+
 truffle-compile: $(TRUFFLE)
 	$(TRUFFLE) compile
 

Diff for: contracts/MerkleTree.sol

@@ -63,7 +63,7 @@ library MerkleTree
 
 
     function Insert(Data storage self, uint256 leaf)
-        internal returns (uint256)
+        internal returns (uint256, uint256)
     {
         require( leaf != 0 );
 
@@ -83,7 +83,48 @@ library MerkleTree
 
         self.cur = offset + 1;
 
-        return new_root;
+        return (new_root, offset);
+    }
+
+
+    /**
+    * Returns calculated merkle root
+    */
+    function VerifyPath(uint256 leaf, uint256[29] in_path, bool[29] address_bits)
+        internal pure returns (uint256)
+    {
+        uint256[10] memory C;
+        LongsightL.ConstantsL12p5(C);
+
+        uint256[29] memory IVs;
+        FillLevelIVs(IVs);
+
+        uint256 item = leaf;
+
+        for (uint depth = 0; depth < TREE_DEPTH; depth++)
+        {
+            if (address_bits[depth]) {
+                item = HashImpl(in_path[depth], item, C, IVs[depth]);
+            } else {
+                item = HashImpl(item, in_path[depth], C, IVs[depth]);
+            }
+        }
+
+        return item;
+    }
+
+
+    function VerifyPath(Data storage self, uint256 leaf, uint256[29] in_path, bool[29] address_bits)
+        internal view returns (bool)
+    {
+        return VerifyPath(leaf, in_path, address_bits) == GetRoot(self);
+    }
+
+
+    function GetLeaf(Data storage self, uint depth, uint offset)
+        internal view returns (uint256)
+    {
+        return GetUniqueLeaf(depth, offset, self.leaves[depth][offset]);
     }
 
 
@@ -98,12 +139,10 @@ library MerkleTree
         {
             address_bits[depth] = index % 2 == 0 ? false : true;
 
-            if (index%2 == 0)
-            {
-                proof_path[depth] = GetUniqueLeaf(depth, index, self.leaves[depth][index + 1]);
-            } else
-            {
-                proof_path[depth] = GetUniqueLeaf(depth, index, self.leaves[depth][index - 1]);
+            if (index%2 == 0) {
+                proof_path[depth] = GetLeaf(self, depth, index + 1);
+            } else {
+                proof_path[depth] = GetLeaf(self, depth, index - 1);
             }
 
             index = uint(index / 2);
@@ -161,13 +200,6 @@ library MerkleTree
 
         return self.leaves[TREE_DEPTH][0];
     }
-    
-   
-    function GetLeaf(Data storage self, uint depth, uint offset)
-        internal view returns (uint256)
-    {
-        return self.leaves[depth][offset];
-    }
 
 
     function GetRoot (Data storage self)

Diff for: contracts/Miximus.sol

@@ -18,11 +18,11 @@
 */
 
 pragma solidity 0.4.24;
-pragma experimental ABIEncoderV2;
 
 import "./Verifier.sol";
 import "./SnarkUtils.sol";
 import "./MerkleTree.sol";
+import "./LongsightL.sol";
 
 
 contract Miximus
@@ -35,39 +35,89 @@ contract Miximus
 
     MerkleTree.Data internal tree;
 
+
+    function GetRoot()
+        public view returns (uint256)
+    {
+        return tree.GetRoot();
+    }
+
+
+    /**
+    * Returns leaf offset
+    */
     function Deposit(uint256 leaf)
-        public payable returns (uint256)
+        public payable returns (uint256 new_root, uint256 new_offset)
     {
         require( msg.value == AMOUNT );
 
         return tree.Insert(leaf);
     }
 
 
-    function Withdraw(
-        uint256 in_root,
-        uint256 in_nullifier,
-        Verifier.Proof in_proof
-    )
-        public
+    function MakeLeafHash(uint256 spend_preimage, uint256 nullifier)
+        public pure returns (uint256)
     {
-        require( false == nullifiers[in_nullifier] );
+        uint256[10] memory round_constants;
+        LongsightL.ConstantsL12p5(round_constants);
+
+        uint256 spend_hash = LongsightL.LongsightL12p5_MP([spend_preimage, nullifier], 0, round_constants);
+
+        return LongsightL.LongsightL12p5_MP([nullifier, spend_hash], 0, round_constants);
+    }
 
-        uint256[] memory snark_input = new uint256[](3);
 
-        snark_input[0] = SnarkUtils.ReverseBits(in_root);
+    function GetPath(uint256 leaf)
+        public view returns (uint256[29] out_path, bool[29] out_addr)
+    {
+        return tree.GetProof(leaf);
+    }
 
-        snark_input[1] = SnarkUtils.ReverseBits(in_nullifier);
 
-        snark_input[2] = SnarkUtils.ReverseBits(uint256(sha256(
+    function GetExtHash()
+        public view returns (uint256)
+    {
+        return uint256(sha256(
             abi.encodePacked(
                 address(this),
                 msg.sender
-            )))) % Verifier.ScalarField();
+            ))) % Verifier.ScalarField();
+    }
+
+
+    function IsSpent(uint256 nullifier)
+        public view returns (bool)
+    {
+        return nullifiers[nullifier];
+    }
+
+
+    function VerifyProof( uint256 in_root, uint256 in_nullifier, uint256 in_exthash, uint256[8] proof )
+        public view returns (bool)
+    {
+        uint256[] memory snark_input = new uint256[](3);
+        snark_input[0] = in_root;
+        snark_input[1] = in_nullifier;
+        snark_input[2] = in_exthash;
+
+        uint256[14] memory vk;
+        uint256[] memory vk_gammaABC;
+        (vk, vk_gammaABC) = GetVerifyingKey();
+
+        return Verifier.Verify( vk, vk_gammaABC, proof, snark_input );
+    }
 
-        Verifier.VerifyingKey memory vk = GetVerifyingKey();
 
-        bool is_valid = Verifier.Verify( vk, in_proof, snark_input );
+    function Withdraw(
+        uint256 in_root,
+        uint256 in_nullifier,
+        uint256[8] proof
+    )
+        public
+    {
+        require( false == nullifiers[in_nullifier] );
+
+        bool is_valid = VerifyProof(in_root, in_nullifier, GetExtHash(), proof);
 
         require( is_valid );
 
@@ -76,7 +126,7 @@ contract Miximus
         msg.sender.transfer(AMOUNT);
     }
 
-    function GetVerifyingKey ()
-        internal pure returns (Verifier.VerifyingKey memory);
 
+    function GetVerifyingKey ()
+        public view returns (uint256[14] out_vk, uint256[] out_gammaABC);
 }