PoW gone. (#83)

* PoW gone.

* fixed tests and removed range check chip

* a shot at fixing WF

* my bad

* ffs

* show me

* another CI try

* yaml format

* rollback changes

* review comment

---------

Co-authored-by: filip <fbielejec@gmail.com>

Author: DamianStraszak

.github/actions/prepare-rust-env/action.yml

@@ -6,6 +6,7 @@ inputs:
   ssh-private-key:
     description: "SSH private key to authenticate with"
     required: true
+
 runs:
   using: composite
   steps:

crates/shielder-circuits/src/chips/id_hiding.rs

@@ -1,5 +1,4 @@
 pub mod el_gamal;
-pub mod id_hiding;
 pub mod mac;
 pub mod note;
 pub mod points_add;

crates/shielder-circuits/src/chips/mod.rs

@@ -3,17 +3,15 @@ use DepositInstance::DepositValue;
 
 use crate::{
     chips::{
-        id_hiding::IdHidingChip,
         mac::{MacChip, MacInput},
         note::{Note, NoteChip},
-        range_check::RangeCheckChip,
         sym_key::SymKeyChip,
     },
     circuits::{
         deposit::knowledge::DepositProverKnowledge,
         merkle::{MerkleChip, MerkleProverKnowledge},
     },
-    deposit::DepositInstance::{self, HashedNewNote, HashedOldNullifier, *},
+    deposit::DepositInstance::{self, HashedNewNote, HashedOldNullifier},
     instance_wrapper::InstanceWrapper,
     poseidon::circuit::{hash, PoseidonChip},
     synthesizer::Synthesizer,
@@ -25,7 +23,6 @@ use crate::{
 pub struct DepositChip {
     pub public_inputs: InstanceWrapper<DepositInstance>,
     pub poseidon: PoseidonChip,
-    pub range_check: RangeCheckChip,
     pub merkle: MerkleChip,
     pub note: NoteChip,
 }
@@ -69,17 +66,6 @@ impl DepositChip {
             .constrain_cells(synthesizer, [(hashed_old_nullifier, HashedOldNullifier)])
     }
 
-    pub fn check_id_hiding(
-        &self,
-        synthesizer: &mut impl Synthesizer,
-        knowledge: &DepositProverKnowledge<AssignedCell>,
-    ) -> Result<(), Error> {
-        let id_hiding = IdHidingChip::new(self.poseidon.clone(), self.range_check.clone())
-            .id_hiding(synthesizer, knowledge.id.clone(), knowledge.nonce.clone())?;
-        self.public_inputs
-            .constrain_cells(synthesizer, [(id_hiding, IdHiding)])
-    }
-
     pub fn check_new_note(
         &self,
         synthesizer: &mut impl Synthesizer,

crates/shielder-circuits/src/circuits/deposit/chip.rs

@@ -31,15 +31,13 @@ impl Circuit<Fr> for DepositCircuit {
         let configs_builder = ConfigsBuilder::new(meta)
             .with_poseidon()
             .with_merkle(public_inputs.narrow())
-            .with_range_check()
             .with_note(public_inputs.narrow());
 
         (
             DepositChip {
                 public_inputs,
                 poseidon: configs_builder.poseidon_chip(),
                 merkle: configs_builder.merkle_chip(),
-                range_check: configs_builder.range_check_chip(),
                 note: configs_builder.note_chip(),
             },
             configs_builder.finish(),
@@ -58,7 +56,6 @@ impl Circuit<Fr> for DepositCircuit {
         main_chip.check_old_note(&mut synthesizer, &knowledge)?;
         main_chip.check_old_nullifier(&mut synthesizer, &knowledge)?;
         main_chip.check_new_note(&mut synthesizer, &knowledge)?;
-        main_chip.check_id_hiding(&mut synthesizer, &knowledge)?;
         main_chip.check_mac(&mut synthesizer, &knowledge)
     }
 }
@@ -186,10 +183,11 @@ mod tests {
             });
 
             let pub_input = |instance: DepositInstance| match instance {
-                IdHiding => hash(&[hash(&[pk.id]), pk.nonce]),
                 MerkleRoot => merkle_root,
                 HashedOldNullifier => h_nullifier_old,
                 HashedNewNote => h_note_new,
+                // Important note: there is no range check in the circuit for DepositValue, however there is an external constraint
+                // (in the smart contract) guaranteeing that this never exceeds MAX_CONTRACT_BALANCE = 2^{112} - 1.
                 DepositValue => pk.deposit_value,
                 TokenAddress => pk.token_address,
                 MacSalt => pk.mac_salt,
@@ -245,10 +243,10 @@ mod tests {
             pk.trapdoor_new,
             new_balance_hash,
         ]);
-        assert_eq!(new_note_hash, pub_input[3]);
+        assert_eq!(new_note_hash, pub_input[2]);
 
         // Verify the token address.
-        assert_eq!(Fr::from(123), pub_input[5]);
+        assert_eq!(Fr::from(123), pub_input[4]);
     }
 
     #[test]
@@ -265,7 +263,7 @@ mod tests {
             // The returned failure location happens to be in
             // a `poseidon-gadget` region the token address was copied to.
             "add input for domain ConstantLength<7>",
-            5,
+            4,
         );
     }
 

crates/shielder-circuits/src/circuits/deposit/circuit.rs

@@ -1,13 +1,9 @@
 use macros::embeddable;
-use rand::Rng;
 use rand_core::RngCore;
 
 use crate::{
     chips::sym_key,
-    consts::{
-        merkle_constants::{ARITY, NOTE_TREE_HEIGHT},
-        NONCE_UPPER_LIMIT,
-    },
+    consts::merkle_constants::{ARITY, NOTE_TREE_HEIGHT},
     curve_arithmetic,
     deposit::{circuit::DepositCircuit, DepositInstance},
     embed::Embed,
@@ -43,8 +39,6 @@ pub struct DepositProverKnowledge<T> {
     pub nullifier_new: T,
     pub trapdoor_new: T,
 
-    // Nonce for id_hiding
-    pub nonce: T,
     // Salt for MAC.
     pub mac_salt: T,
 
@@ -59,7 +53,6 @@ impl ProverKnowledge for DepositProverKnowledge<Fr> {
     /// amount and the old account balances.
     fn random_correct_example(rng: &mut impl RngCore) -> Self {
         let id = curve_arithmetic::generate_user_id(Fr::random(&mut *rng).to_bytes());
-        let nonce = Fr::from(rng.gen_range(0..NONCE_UPPER_LIMIT) as u64);
 
         let nullifier_old = Fr::random(&mut *rng);
         let trapdoor_old = Fr::random(&mut *rng);
@@ -76,7 +69,6 @@ impl ProverKnowledge for DepositProverKnowledge<Fr> {
         let (_, path) = generate_example_path_with_given_leaf(h_note_old, &mut *rng);
         Self {
             id,
-            nonce,
             nullifier_old,
             trapdoor_old,
             account_old_balance,
@@ -98,7 +90,6 @@ impl ProverKnowledge for DepositProverKnowledge<Fr> {
             account_old_balance: Value::known(self.account_old_balance),
             token_address: Value::known(self.token_address),
             id: Value::known(self.id),
-            nonce: Value::known(self.nonce),
             path: self.path.map(|level| level.map(Value::known)),
             deposit_value: Value::known(self.deposit_value),
             mac_salt: Value::known(self.mac_salt),
@@ -111,7 +102,6 @@ impl PublicInputProvider<DepositInstance> for DepositProverKnowledge<Fr> {
         let sym_key = sym_key::off_circuit::derive(self.id);
 
         match instance_id {
-            DepositInstance::IdHiding => hash(&[hash(&[self.id]), self.nonce]),
             DepositInstance::MerkleRoot => hash(&self.path[NOTE_TREE_HEIGHT - 1]),
             DepositInstance::HashedOldNullifier => hash(&[self.nullifier_old]),
             DepositInstance::HashedNewNote => note_hash(&Note {

crates/shielder-circuits/src/circuits/deposit/knowledge.rs

@@ -13,7 +13,6 @@ use crate::chips::mac::MacInstance;
 
 #[derive(Copy, Clone, Debug, Eq, PartialEq, Ord, PartialOrd, EnumIter, EnumCount)]
 pub enum DepositInstance {
-    IdHiding,
     MerkleRoot,
     HashedOldNullifier,
     HashedNewNote,
@@ -69,7 +68,6 @@ mod tests {
     fn instance_order() {
         // This is the order used in other parts of the codebase (e.g., in contracts).
         let expected_order = vec![
-            IdHiding,
             MerkleRoot,
             HashedOldNullifier,
             HashedNewNote,

crates/shielder-circuits/src/circuits/deposit/mod.rs

@@ -58,14 +58,14 @@ impl NewAccountChip {
         )
     }
 
-    pub fn constrain_hashed_id(
+    pub fn constrain_prenullifier(
         &self,
         synthesizer: &mut impl Synthesizer,
         knowledge: &NewAccountProverKnowledge<AssignedCell>,
     ) -> Result<(), Error> {
         let h_id = hash(synthesizer, self.poseidon.clone(), [knowledge.id.clone()])?;
         self.public_inputs
-            .constrain_cells(synthesizer, [(h_id, HashedId)])
+            .constrain_cells(synthesizer, [(h_id, Prenullifier)])
     }
 
     /// check whether symmetric key is such that it forms a quadratic reside on the Grumpkin curve

crates/shielder-circuits/src/circuits/new_account/chip.rs

@@ -61,7 +61,9 @@ impl Circuit<Fr> for NewAccountCircuit {
             .embed(&mut synthesizer, "NewAccountProverKnowledge")?;
 
         main_chip.check_note(&mut synthesizer, &knowledge)?;
-        main_chip.constrain_hashed_id(&mut synthesizer, &knowledge)?;
+        // Instead of a nullifier we emit here the hashed id. Think of it as the "public key".
+        // Since it is deterministic it can be used as a nullifier to prevent creating a second account with the same id.
+        main_chip.constrain_prenullifier(&mut synthesizer, &knowledge)?;
         main_chip.constrain_sym_key_encryption(&mut synthesizer, &knowledge)
     }
 }
@@ -130,7 +132,7 @@ mod tests {
     #[test]
     fn fails_if_incorrect_h_id_is_published() {
         let pk = NewAccountProverKnowledge::random_correct_example(&mut OsRng);
-        let pub_input = pk.with_substitution(HashedId, |v| v + Fr::ONE);
+        let pub_input = pk.with_substitution(Prenullifier, |v| v + Fr::ONE);
 
         assert!(
             expect_prover_success_and_run_verification(pk.create_circuit(), &pub_input).is_err()

crates/shielder-circuits/src/circuits/new_account/circuit.rs

@@ -102,7 +102,7 @@ impl PublicInputProvider<NewAccountInstance> for NewAccountProverKnowledge<Fr> {
                 account_balance: self.initial_deposit,
                 token_address: self.token_address,
             }),
-            NewAccountInstance::HashedId => hash(&[self.id]),
+            NewAccountInstance::Prenullifier => hash(&[self.id]),
             NewAccountInstance::InitialDeposit => self.initial_deposit,
             NewAccountInstance::TokenAddress => self.token_address,
             NewAccountInstance::AnonymityRevokerPublicKeyX => self.anonymity_revoker_public_key.x,