forked from personaelabs/spartan-ecdsa
-
Notifications
You must be signed in to change notification settings - Fork 2
/
pubkey_membership.circom
46 lines (40 loc) · 1.31 KB
/
pubkey_membership.circom
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
pragma circom 2.1.2;
include "./eff_ecdsa.circom";
include "./tree.circom";
include "../poseidon/poseidon.circom";
/**
* PubkeyMembership
* ================
*
* Checks that an inputted efficient ECDSA signature (definition and discussion
* can be found at https://personaelabs.org/posts/efficient-ecdsa-1/)
* is signed by a public key that is in a Merkle tree of public keys. Avoids the
* SNARK-unfriendly Keccak hash that must be performed when validating if the
* public key is in a Merkle tree of addresses.
*/
template PubKeyMembership(nLevels) {
signal input s;
signal input root;
signal input Tx;
signal input Ty;
signal input Ux;
signal input Uy;
signal input pathIndices[nLevels];
signal input siblings[nLevels];
component ecdsa = EfficientECDSA();
ecdsa.Tx <== Tx;
ecdsa.Ty <== Ty;
ecdsa.Ux <== Ux;
ecdsa.Uy <== Uy;
ecdsa.s <== s;
component pubKeyHash = Poseidon();
pubKeyHash.inputs[0] <== ecdsa.pubKeyX;
pubKeyHash.inputs[1] <== ecdsa.pubKeyY;
component merkleProof = MerkleTreeInclusionProof(nLevels);
merkleProof.leaf <== pubKeyHash.out;
for (var i = 0; i < nLevels; i++) {
merkleProof.pathIndices[i] <== pathIndices[i];
merkleProof.siblings[i] <== siblings[i];
}
root === merkleProof.root;
}