from prover import generate_witness, generate_transfer_proof from contract_deploy import contract_deploy from classes import SignedTransferTransaction from utils import createLeaf, hashPadded from SparseMerkleTree import SparseMerkleTree nWallets = 4 alice = [ os.environ['ALICE_PK_X'], os.environ['ALICE_PX_Y'] ] bob = [ os.environ['BOB_PK_X'], os.environ['BOB_PX_Y'] ] RHS_LEAF = os.environ['RHS_LEAF'] TREE_DEPTH = ops.environ['TREE_DEPTH'] if __name__ == "__main__": # give nft 2 to alice and 3 to bob leaves = { 2: createLeaf(alice, rhs_leaf), 3: createLeaf(bob, rhs_leaf) } tree = SparseMerkleTree(2, leaves) root = tree.root old_leaf = [] new_leaf = [] roll_up = contract_deploy( TREE_DEPTH, "../depends/roll_up/keys/vk.json", root, "../depends/roll_up/contracts", ) # Wallet array wallets = [] txs = []
# Iterate over transactions on the merkle tree for j in range(1, noTx + 1): leaves.append([]) # create a random pub key from priv key sk.append(genSalt(64)) public_key.append(ed.publickey(sk[j])) # create a random new leaf # This is just a filler message for test purpose (e.g. 11111111... , 22222211111...) rhs_leaf.append(hashPadded(hex(j)[2] * 64, "1" * 64)[2:]) # The old leaf is previous pubkey + previous message old_leaf.append(createLeaf(public_key[j - 1], rhs_leaf[j - 1])) # The new leaf is current pubkey with current message new_leaf.append(createLeaf(public_key[j], rhs_leaf[j])) # The message to sign is the previous leaf with the new leaf message = hashPadded(old_leaf[j - 1], new_leaf[j - 1]) # Remove '0x' from byte message = message[2:] # Obtain Signature r, s = getSignature(message, sk[j - 1], public_key[j - 1]) # check the signature is correct ed.checkvalid(r, s, message, public_key[j - 1])
def generate_transfer_proof(self, transactions): return 42 pub_x = [] pub_y = [] leaves = [] R_x = [] R_y = [] S = [] previous_owners = [] new_owners = [] address = [] public_key = [] # Public key of sender from first tx public_key.append(tx.senderPubKey) # Iterate over transactions. each tx is an object from classes.py for j in range(1, len(transactions) + 1): tx = transactions[i] leaves.append([]) # Append sender pubkey public_key.append(tx.senderPubKey) # The old owner is previous pubkey + RHS # TODO add rhs_leaf / # replace with stub previous_owners.append(createLeaf(tx.senderPubKey, rhs_leaf)) # The new leaf is current pubkey with RHS new_owners.append(createLeaf(tx.receiverPubKey, rhs_leaf)) # The message to sign is the previous leaf with the new leaf message = hashPadded(previous_owners[j - 1], new_owners[j - 1]) # Remove '0x' from byte message = message[2:] # Check the signer is correct ed.checkvalid(tx.R, tx.S, message, tx.senderPubKey) # Now we reverse the puplic key by bit # we have to reverse the bits so that the # unpacker in libsnark will return us the # correct field element # To put into little-endian pub_key_x = hex( int( ''.join( str(e) for e in hexToBinary(hex(public_key[j - 1][0]))[::-1]), 2)) pub_key_y = hex( int( ''.join( str(e) for e in hexToBinary(hex(public_key[j - 1][1]))[::-1]), 2)) tx.R[0] = hex( int(''.join(str(e) for e in hexToBinary(hex(tx.R[0]))[::-1]), 2)) tx.R[1] = hex( int(''.join(str(e) for e in hexToBinary(hex(tx.R[1]))[::-1]), 2)) # Two r on x and y axis of curve R_x.append(tx.R[0]) R_y.append(tx.R[1]) # Store s S.append(s) # Store public key pub_x.append(pub_key_x) pub_y.append(pub_key_y) # leaves[j - 1].append(previous_owners[j - 1]) # address.append(0) # Get zk proof and Merkle root proof, root = generate_witness(leaves, pub_x, pub_y, address, tree_depth, rhs_leaf, new_owners, R_x, R_y, S) #Build proof for contract proof["a"] = hex2int(proof["a"]) proof["a_p"] = hex2int(proof["a_p"]) proof["b"] = [hex2int(proof["b"][0]), hex2int(proof["b"][1])] proof["b_p"] = hex2int(proof["b_p"]) proof["c"] = hex2int(proof["c"]) proof["c_p"] = hex2int(proof["c_p"]) proof["h"] = hex2int(proof["h"]) proof["k"] = hex2int(proof["k"]) proof["input"] = hex2int(proof["input"]) return proof