Merge pull request #151 from hyperledger-labs/lock-4-kyc

Add locking to Zeto_AnonNullifierKyc

Author: jimthematrix

solidity/contracts/lib/interfaces/izeto_kyc.sol

@@ -0,0 +1,33 @@
+// Copyright © 2025 Kaleido, Inc.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+pragma solidity ^0.8.27;
+
+import {Commonlib} from "../common.sol";
+
+interface IZetoKyc {
+    event IdentityRegistered(uint256[2] publicKey, bytes data);
+
+    function register(
+        uint256[2] memory publicKey,
+        bytes calldata data
+    ) external;
+
+    function isRegistered(
+        uint256[2] memory publicKey
+    ) external view returns (bool);
+
+    function getIdentitiesRoot() external view returns (uint256);
+}

solidity/contracts/lib/registry.sol

@@ -19,6 +19,8 @@ import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/Own
 import {SmtLib} from "@iden3/contracts/lib/SmtLib.sol";
 import {PoseidonUnit2L, PoseidonUnit3L} from "@iden3/contracts/lib/Poseidon.sol";
 import {Commonlib} from "./common.sol";
+import {IZeto} from "./interfaces/izeto.sol";
+import {IZetoKyc} from "./interfaces/izeto_kyc.sol";
 
 uint256 constant MAX_SMT_DEPTH = 64;
 
@@ -28,28 +30,21 @@ uint256 constant MAX_SMT_DEPTH = 64;
 ///   submitters can generate proofs of membership for the
 ///   accounts in a privacy-preserving manner.
 /// @author Kaleido, Inc.
-abstract contract Registry is OwnableUpgradeable {
+abstract contract Registry is OwnableUpgradeable, IZetoKyc {
     SmtLib.Data internal _publicKeysTree;
     using SmtLib for SmtLib.Data;
 
-    event IdentityRegistered(uint256[2] publicKey);
-
     error AlreadyRegistered(uint256[2]);
 
     function __Registry_init() internal onlyInitializing {
         _publicKeysTree.initialize(MAX_SMT_DEPTH);
     }
 
-    /// @dev Register a new Zeto account
-    /// @param publicKey The public Babyjubjub key to register
-    function _register(uint256[2] memory publicKey) internal {
-        uint256 nodeHash = _getIdentitiesLeafNodeHash(publicKey);
-        SmtLib.Node memory node = _publicKeysTree.getNode(nodeHash);
-        if (node.nodeType != SmtLib.NodeType.EMPTY) {
-            revert AlreadyRegistered(publicKey);
-        }
-        _publicKeysTree.addLeaf(nodeHash, nodeHash);
-        emit IdentityRegistered(publicKey);
+    function register(
+        uint256[2] memory publicKey,
+        bytes calldata data
+    ) public onlyOwner {
+        _register(publicKey, data);
     }
 
     /// @dev returns whether the given public key is registered
@@ -67,6 +62,21 @@ abstract contract Registry is OwnableUpgradeable {
         return _publicKeysTree.getRoot();
     }
 
+    /// @dev Register a new Zeto account
+    /// @param publicKey The public Babyjubjub key to register
+    function _register(
+        uint256[2] memory publicKey,
+        bytes calldata data
+    ) internal {
+        uint256 nodeHash = _getIdentitiesLeafNodeHash(publicKey);
+        SmtLib.Node memory node = _publicKeysTree.getNode(nodeHash);
+        if (node.nodeType != SmtLib.NodeType.EMPTY) {
+            revert AlreadyRegistered(publicKey);
+        }
+        _publicKeysTree.addLeaf(nodeHash, nodeHash);
+        emit IdentityRegistered(publicKey, data);
+    }
+
     function _getIdentitiesLeafNodeHash(
         uint256[2] memory publicKey
     ) internal pure returns (uint256) {

…erifiers/verifier_anon_nullifier_kyc.sol …verifier_anon_nullifier_kyc_transfer.solsolidity/contracts/verifiers/verifier_anon_nullifier_kyc.sol renamed to solidity/contracts/verifiers/verifier_anon_nullifier_kyc_transfer.sol solidity/contracts/verifiers/verifier_anon_nullifier_kyc.sol renamed to solidity/contracts/verifiers/verifier_anon_nullifier_kyc_transfer.sol

@@ -20,7 +20,7 @@
 
 pragma solidity >=0.7.0 <0.9.0;
 
-contract Groth16Verifier_AnonNullifierKyc {
+contract Groth16Verifier_AnonNullifierKycTransfer {
     // Scalar field size
     uint256 constant r    = 21888242871839275222246405745257275088548364400416034343698204186575808495617;
     // Base field size
@@ -43,32 +43,32 @@ contract Groth16Verifier_AnonNullifierKyc {
     uint256 constant deltay2 = 8495653923123431417604973247489272438418190587263600148770280649306958101930;
 
 
-    uint256 constant IC0x = 1368020126977316196213187057636983114330468061731699977744344817587788882990;
-    uint256 constant IC0y = 7686063895143330261591855899880142399404728944441362517893141962995856727929;
+    uint256 constant IC0x = 4549255854730728979068045147826494135688297252583383060843842296705895492978;
+    uint256 constant IC0y = 5950970323653353113740267223097183547451063574376546024149863590759652058488;
 
-    uint256 constant IC1x = 14502254530076089964675033671517993862419783705089359180705605116873724842019;
-    uint256 constant IC1y = 9049190990509151956509627927047158802465613185726643157556086701266946091568;
+    uint256 constant IC1x = 1216073448663996885271432419027841106055434472971561665165335238062653822316;
+    uint256 constant IC1y = 5097558434483111811746720335754493980758046673865340798005109731076493822092;
 
-    uint256 constant IC2x = 3455128039314231841012773119366413118715790719104028464745205146228319556246;
-    uint256 constant IC2y = 13175890403996370630092498196483049850968580675778268285842736204668575597675;
+    uint256 constant IC2x = 11161664165685458227890392607023596630662854996855616216929683515288525643261;
+    uint256 constant IC2y = 12818956025711134634246546712440119681905145689756714720889316358763299716670;
 
-    uint256 constant IC3x = 13393887812211802083177209056510129401898394892926768888874562627657192399962;
-    uint256 constant IC3y = 9042351346749284573092801161759462514076637268352518870596537996458419743091;
+    uint256 constant IC3x = 9365147676333024284193510374200233681101801733129915318628858200430878767972;
+    uint256 constant IC3y = 16602542985321581865161591791610629735092802111155748538031045719192964144533;
 
-    uint256 constant IC4x = 19203333608926332054415117565053561595496895142521866494460868409916811713957;
-    uint256 constant IC4y = 4334310208006613584617716058867417381004655491738058483537403401767079516612;
+    uint256 constant IC4x = 16628303690015057161260898115672715952728211813184122219719600578319362166707;
+    uint256 constant IC4y = 15728053840296638802851558372415064634368090476197617381470156332889352222403;
 
-    uint256 constant IC5x = 8459703094760317168584339428426828704909860684147786556335328845261416934167;
-    uint256 constant IC5y = 5466581123301380049065739652342512947564262375698860839217249516144678047196;
+    uint256 constant IC5x = 5827873543537045343412383010600634430953834092125113195251309483077699447403;
+    uint256 constant IC5y = 10857871525251638374522087235240657063634455578539572588195509683601405770706;
 
-    uint256 constant IC6x = 15924950080287000946685929883765297309673360990922044949928505866624182997859;
-    uint256 constant IC6y = 5360581200037747345688259956951448973597185992056174685326726615654044407192;
+    uint256 constant IC6x = 6904548272880268591909423473706195905482887793913653919663823478756560783089;
+    uint256 constant IC6y = 13063380749905117216780308403936319461263137579341895411135333490405118421388;
 
-    uint256 constant IC7x = 9672280002529117458221100657711877410026000365131526255571070587277130104994;
-    uint256 constant IC7y = 8600285172183660002776649258511861921290142756223662537727755349462907425056;
+    uint256 constant IC7x = 14792454403924655648675695084766983654532792668337095643557509432994258770907;
+    uint256 constant IC7y = 275832895488262903192405898395553290304405685441693387518881548143112407836;
 
-    uint256 constant IC8x = 21090833180119544777441412377177995972112553132880250907146360470568389276832;
-    uint256 constant IC8y = 17643666097863395616263152084290402410806471541492999210218290396458240055652;
+    uint256 constant IC8x = 9609823634861781908325095271708251605778434197921847173219811698057550155044;
+    uint256 constant IC8y = 3132713041953533394988012935482842223032660540368789530274800749083525578584;
 
 
     // Memory data

solidity/contracts/verifiers/verifier_anon_nullifier_kyc_transferLocked.sol

@@ -0,0 +1,224 @@
+// SPDX-License-Identifier: GPL-3.0
+/*
+    Copyright 2021 0KIMS association.
+
+    This file is generated with [snarkJS](https://github.com/iden3/snarkjs).
+
+    snarkJS is a free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    snarkJS is distributed in the hope that it will be useful, but WITHOUT
+    ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+    License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with snarkJS. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+pragma solidity >=0.7.0 <0.9.0;
+
+contract Groth16Verifier_AnonNullifierKycTransferLocked {
+    // Scalar field size
+    uint256 constant r    = 21888242871839275222246405745257275088548364400416034343698204186575808495617;
+    // Base field size
+    uint256 constant q   = 21888242871839275222246405745257275088696311157297823662689037894645226208583;
+
+    // Verification Key data
+    uint256 constant alphax  = 20491192805390485299153009773594534940189261866228447918068658471970481763042;
+    uint256 constant alphay  = 9383485363053290200918347156157836566562967994039712273449902621266178545958;
+    uint256 constant betax1  = 4252822878758300859123897981450591353533073413197771768651442665752259397132;
+    uint256 constant betax2  = 6375614351688725206403948262868962793625744043794305715222011528459656738731;
+    uint256 constant betay1  = 21847035105528745403288232691147584728191162732299865338377159692350059136679;
+    uint256 constant betay2  = 10505242626370262277552901082094356697409835680220590971873171140371331206856;
+    uint256 constant gammax1 = 11559732032986387107991004021392285783925812861821192530917403151452391805634;
+    uint256 constant gammax2 = 10857046999023057135944570762232829481370756359578518086990519993285655852781;
+    uint256 constant gammay1 = 4082367875863433681332203403145435568316851327593401208105741076214120093531;
+    uint256 constant gammay2 = 8495653923123431417604973247489272438418190587263600148770280649306958101930;
+    uint256 constant deltax1 = 11559732032986387107991004021392285783925812861821192530917403151452391805634;
+    uint256 constant deltax2 = 10857046999023057135944570762232829481370756359578518086990519993285655852781;
+    uint256 constant deltay1 = 4082367875863433681332203403145435568316851327593401208105741076214120093531;
+    uint256 constant deltay2 = 8495653923123431417604973247489272438418190587263600148770280649306958101930;
+
+    
+    uint256 constant IC0x = 4549255854730728979068045147826494135688297252583383060843842296705895492978;
+    uint256 constant IC0y = 5950970323653353113740267223097183547451063574376546024149863590759652058488;
+    
+    uint256 constant IC1x = 1216073448663996885271432419027841106055434472971561665165335238062653822316;
+    uint256 constant IC1y = 5097558434483111811746720335754493980758046673865340798005109731076493822092;
+    
+    uint256 constant IC2x = 11161664165685458227890392607023596630662854996855616216929683515288525643261;
+    uint256 constant IC2y = 12818956025711134634246546712440119681905145689756714720889316358763299716670;
+    
+    uint256 constant IC3x = 18953400531314048493020249666915884736194198558848991201724079983703815588941;
+    uint256 constant IC3y = 13699191758758035746733801303773823863589848011566156471658385360695236966394;
+    
+    uint256 constant IC4x = 6418340491795971921392115660810008144220633855594784047024627824300258762503;
+    uint256 constant IC4y = 331206681118086868666335692518221964875102632478886860969461713448972106730;
+    
+    uint256 constant IC5x = 20672826781381085929236676912315916823659231399175782091852650610024412774769;
+    uint256 constant IC5y = 11005715100892641133661679250179409252147733448250729630291805759444701807471;
+    
+    uint256 constant IC6x = 12231940204046029565793569026881079629242556494447978554412435777385899724966;
+    uint256 constant IC6y = 3022258914215080208953007370687180295593086983336375430220334804021677602519;
+    
+    uint256 constant IC7x = 2730676615629181794195823324572752660852961858858579583326943949762787485542;
+    uint256 constant IC7y = 19195486438582872786798796988852373517285255929228549822615489262799978113088;
+    
+    uint256 constant IC8x = 20579458023158866087289023203244829165084026526103516895694907053440656858473;
+    uint256 constant IC8y = 3021614608224014561606228442635508559916615305041679215398457772032721217921;
+    
+    uint256 constant IC9x = 19700709081187424389075413367891493951275133113931731320975747028787203904612;
+    uint256 constant IC9y = 14877838899466508832438353194361674038017333564191473092717528104566401199120;
+    
+ 
+    // Memory data
+    uint16 constant pVk = 0;
+    uint16 constant pPairing = 128;
+
+    uint16 constant pLastMem = 896;
+
+    function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[9] calldata _pubSignals) public view returns (bool) {
+        assembly {
+            function checkField(v) {
+                if iszero(lt(v, r)) {
+                    mstore(0, 0)
+                    return(0, 0x20)
+                }
+            }
+            
+            // G1 function to multiply a G1 value(x,y) to value in an address
+            function g1_mulAccC(pR, x, y, s) {
+                let success
+                let mIn := mload(0x40)
+                mstore(mIn, x)
+                mstore(add(mIn, 32), y)
+                mstore(add(mIn, 64), s)
+
+                success := staticcall(sub(gas(), 2000), 7, mIn, 96, mIn, 64)
+
+                if iszero(success) {
+                    mstore(0, 0)
+                    return(0, 0x20)
+                }
+
+                mstore(add(mIn, 64), mload(pR))
+                mstore(add(mIn, 96), mload(add(pR, 32)))
+
+                success := staticcall(sub(gas(), 2000), 6, mIn, 128, pR, 64)
+
+                if iszero(success) {
+                    mstore(0, 0)
+                    return(0, 0x20)
+                }
+            }
+
+            function checkPairing(pA, pB, pC, pubSignals, pMem) -> isOk {
+                let _pPairing := add(pMem, pPairing)
+                let _pVk := add(pMem, pVk)
+
+                mstore(_pVk, IC0x)
+                mstore(add(_pVk, 32), IC0y)
+
+                // Compute the linear combination vk_x
+                
+                g1_mulAccC(_pVk, IC1x, IC1y, calldataload(add(pubSignals, 0)))
+                
+                g1_mulAccC(_pVk, IC2x, IC2y, calldataload(add(pubSignals, 32)))
+                
+                g1_mulAccC(_pVk, IC3x, IC3y, calldataload(add(pubSignals, 64)))
+                
+                g1_mulAccC(_pVk, IC4x, IC4y, calldataload(add(pubSignals, 96)))
+                
+                g1_mulAccC(_pVk, IC5x, IC5y, calldataload(add(pubSignals, 128)))
+                
+                g1_mulAccC(_pVk, IC6x, IC6y, calldataload(add(pubSignals, 160)))
+                
+                g1_mulAccC(_pVk, IC7x, IC7y, calldataload(add(pubSignals, 192)))
+                
+                g1_mulAccC(_pVk, IC8x, IC8y, calldataload(add(pubSignals, 224)))
+                
+                g1_mulAccC(_pVk, IC9x, IC9y, calldataload(add(pubSignals, 256)))
+                
+
+                // -A
+                mstore(_pPairing, calldataload(pA))
+                mstore(add(_pPairing, 32), mod(sub(q, calldataload(add(pA, 32))), q))
+
+                // B
+                mstore(add(_pPairing, 64), calldataload(pB))
+                mstore(add(_pPairing, 96), calldataload(add(pB, 32)))
+                mstore(add(_pPairing, 128), calldataload(add(pB, 64)))
+                mstore(add(_pPairing, 160), calldataload(add(pB, 96)))
+
+                // alpha1
+                mstore(add(_pPairing, 192), alphax)
+                mstore(add(_pPairing, 224), alphay)
+
+                // beta2
+                mstore(add(_pPairing, 256), betax1)
+                mstore(add(_pPairing, 288), betax2)
+                mstore(add(_pPairing, 320), betay1)
+                mstore(add(_pPairing, 352), betay2)
+
+                // vk_x
+                mstore(add(_pPairing, 384), mload(add(pMem, pVk)))
+                mstore(add(_pPairing, 416), mload(add(pMem, add(pVk, 32))))
+
+
+                // gamma2
+                mstore(add(_pPairing, 448), gammax1)
+                mstore(add(_pPairing, 480), gammax2)
+                mstore(add(_pPairing, 512), gammay1)
+                mstore(add(_pPairing, 544), gammay2)
+
+                // C
+                mstore(add(_pPairing, 576), calldataload(pC))
+                mstore(add(_pPairing, 608), calldataload(add(pC, 32)))
+
+                // delta2
+                mstore(add(_pPairing, 640), deltax1)
+                mstore(add(_pPairing, 672), deltax2)
+                mstore(add(_pPairing, 704), deltay1)
+                mstore(add(_pPairing, 736), deltay2)
+
+
+                let success := staticcall(sub(gas(), 2000), 8, _pPairing, 768, _pPairing, 0x20)
+
+                isOk := and(success, mload(_pPairing))
+            }
+
+            let pMem := mload(0x40)
+            mstore(0x40, add(pMem, pLastMem))
+
+            // Validate that all evaluations ∈ F
+            
+            checkField(calldataload(add(_pubSignals, 0)))
+            
+            checkField(calldataload(add(_pubSignals, 32)))
+            
+            checkField(calldataload(add(_pubSignals, 64)))
+            
+            checkField(calldataload(add(_pubSignals, 96)))
+            
+            checkField(calldataload(add(_pubSignals, 128)))
+            
+            checkField(calldataload(add(_pubSignals, 160)))
+            
+            checkField(calldataload(add(_pubSignals, 192)))
+            
+            checkField(calldataload(add(_pubSignals, 224)))
+            
+            checkField(calldataload(add(_pubSignals, 256)))
+            
+
+            // Validate all evaluations
+            let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem)
+
+            mstore(0, isValid)
+             return(0, 0x20)
+         }
+     }
+ }