Merge pull request #77 from privacy-ethereum/feat/generalized-predicates

Generalised Predicates Integration

Author: 0xVikasRushi

wallet-unit-poc/README.md

@@ -46,69 +46,7 @@ This section contains comprehensive benchmark results for zkID wallet proof of c
 
 ### Desktop Benchmarks (ecdsa-spartan2)
 
-Performance measurements for different JWT payload sizes running on desktop hardware.
-
-**Test Device:** MacBook Pro, M4, 14-core GPU, 24GB RAM
-
-#### Prepare Circuit Timing
-
-All timing measurements are in milliseconds (ms).
-
-| Payload Size | Setup (ms) | Prove (ms) | Reblind (ms) | Verify (ms) |
-| ------------ | ---------- | ---------- | ------------ | ----------- |
-| 1KB          | 2,559      | 1,683      | 382          | 35          |
-| 1920 Bytes   | 4,157      | 2,727      | 715          | 74          |
-| 2KB          | 4,384      | 2,934      | 753          | 83          |
-| 3KB          | 6,466      | 4,242      | 1,357        | 119         |
-| 4KB          | 8,529      | 5,282      | 1,374        | 131         |
-| 5KB          | 10,979     | 6,166      | 1,460        | 140         |
-| 6KB          | 12,993     | 8,407      | 2,821        | 280         |
-| 7KB          | 15,151     | 8,856      | 2,732        | 230         |
-| 8KB          | 16,559     | 9,614      | 2,683        | 246         |
-
-#### Show Circuit Timing
-
-The Show circuit has constant performance regardless of JWT payload size.
-
-| Metric  | Time (ms) |
-| ------- | --------- |
-| Setup   | ~36       |
-| Prove   | ~77       |
-| Reblind | ~25       |
-| Verify  | ~9        |
-
-
-#### Prepare Circuit Sizes
-
-| Payload Size | Proving Key (MB) | Verifying Key (MB) | Proof Size (KB) | Witness Size (MB) |
-| ------------ | ---------------- | ------------------ | --------------- | ----------------- |
-| 1KB          | 252.76           | 252.76             | 75.80           | 32.03             |
-| 1920 Bytes   | 420.05           | 420.05             | 109.29          | 64.06             |
-| 2KB          | 433.76           | 433.76             | 109.29          | 64.06             |
-| 3KB          | 636.35           | 636.35             | 175.77          | 128.13            |
-| 4KB          | 836.79           | 836.79             | 175.77          | 128.13            |
-| 5KB          | 964.70           | 964.70             | 175.77          | 128.13            |
-| 6KB          | 1,222.26         | 1,222.26           | 308.26          | 256.25            |
-| 7KB          | 1,382.31         | 1,382.31           | 308.26          | 256.25            |
-| 8KB          | 1,542.35         | 1,542.35           | 308.26          | 256.25            |
-
-#### Show Circuit Sizes
-
-The Show circuit has constant sizes regardless of JWT payload size.
-
-| Metric        | Size      |
-| ------------- | --------- |
-| Proving Key   | 3.45 MB   |
-| Verifying Key | 3.45 MB   |
-| Proof Size    | 40.41 KB  |
-| Witness Size  | 512.52 KB |
-
-#### Running Desktop Benchmarks
-
-```sh
-cd ecdsa-spartan2
-cargo run --release -- benchmark
-```
+See [ecdsa-spartan2/README.md](./ecdsa-spartan2/README.md#latest-benchmark-results) for up-to-date timings and sizes across all circuit sizes (1k/2k/4k/8k).
 
 ### RSA Verifier Circuits (Reference)
 

wallet-unit-poc/circom/circuits.json

@@ -27,7 +27,7 @@
   "show": {
     "file": "show",
     "template": "Show",
-    "params": [128],
+    "params": [2, 2, 8, 64],
     "pubs": ["deviceKeyX", "deviceKeyY"]
   },
   "ecdsa": {

wallet-unit-poc/circom/circuits/components/age-verifier.circom

@@ -0,0 +1,79 @@
+pragma circom 2.1.6;
+
+include "circomlib/circuits/comparators.circom";
+include "@zk-email/circuits/utils/array.circom";
+include "../utils/utils.circom";
+
+/// @title ClaimValueExtractor
+/// @notice Extracts the value (3rd element) from a [salt, key, value] JSON tuple
+/// @notice A claim is encoded as: ["<salt>","<key>","<value>"]
+/// @param decodedLen: maximum length of decoded claim
+/// @input claim: array of decoded claim bytes (from ClaimDecoder output)
+/// @output value: array of value bytes extracted from the tuple
+/// @output valueLength: length of extracted value
+template ClaimValueExtractor(decodedLen) {
+    signal input claim[decodedLen];
+    signal input isActive; // 1 = enforce extraction constraints; 0 = output zeros without constraint
+    signal output value[decodedLen];
+    signal output valueLength;
+
+    // Step 1: Count quotes in ["salt","key","value"]
+    component isQuoteCmp[decodedLen];
+    signal isQuote[decodedLen];
+    signal quoteCount[decodedLen];
+
+    for (var i = 0; i < decodedLen; i++) {
+        isQuoteCmp[i] = IsEqual();
+        isQuoteCmp[i].in[0] <== claim[i];
+        isQuoteCmp[i].in[1] <== 34;
+        isQuote[i] <== isQuoteCmp[i].out;
+        quoteCount[i] <== (i == 0 ? 0 : quoteCount[i - 1]) + isQuote[i];
+    }
+
+    // We expect exactly 6 quotes in ["salt","key","value"] (only enforced for active slots)
+    isActive * (quoteCount[decodedLen - 1] - 6) === 0;
+
+    // Step 2: Locate 5th quote (value open) and 6th quote (value close)
+    component isFifthQuote[decodedLen];
+    component isSixthQuote[decodedLen];
+    signal atFifth[decodedLen];
+    signal atSixth[decodedLen];
+    signal fifthPosAcc[decodedLen];
+    signal sixthPosAcc[decodedLen];
+
+    for (var i = 0; i < decodedLen; i++) {
+        isFifthQuote[i] = IsEqual();
+        isFifthQuote[i].in[0] <== quoteCount[i];
+        isFifthQuote[i].in[1] <== 5;
+
+        isSixthQuote[i] = IsEqual();
+        isSixthQuote[i].in[0] <== quoteCount[i];
+        isSixthQuote[i].in[1] <== 6;
+
+        atFifth[i] <== isFifthQuote[i].out * isQuote[i];
+        atSixth[i] <== isSixthQuote[i].out * isQuote[i];
+
+        fifthPosAcc[i] <== (i == 0 ? 0 : fifthPosAcc[i - 1]) + atFifth[i] * i;
+        sixthPosAcc[i] <== (i == 0 ? 0 : sixthPosAcc[i - 1]) + atSixth[i] * i;
+    }
+
+    signal startPos <== fifthPosAcc[decodedLen - 1] + 1;
+    signal endPos <== sixthPosAcc[decodedLen - 1];
+    signal rawLength <== endPos - startPos;
+    // Gate through isActive: inactive slots get valueLength=0, which zeroes all value outputs.
+    valueLength <== isActive * rawLength;
+
+    // Step 3: Shift so value begins at index 0, then mask after valueLength
+    component shifter = VarShiftLeft(decodedLen, decodedLen);
+    shifter.in <== claim;
+    shifter.shift <== startPos;
+
+    component lengthGt[decodedLen];
+    for (var i = 0; i < decodedLen; i++) {
+        lengthGt[i] = GreaterThan(log2Ceil(decodedLen + 1));
+        lengthGt[i].in[0] <== valueLength;
+        lengthGt[i].in[1] <== i;
+        value[i] <== lengthGt[i].out * shifter.out[i];
+    }
+}
+