def initMerkleTree(i):
nullifiers = []
sks = []
leaves = []
for j in range (0,i):
nullifiers.append("0x" + genSalt(64))
sks.append("0x" + genSalt(64))
leaves.append(utils.hashPadded(nullifiers[j], sks[j]))
return(leaves, nullifiers, sks)
old_leaf = []
new_leaf = []
rhs_leaf = [] # Message
address = []
public_key = []
sk = []
fee = 0
# Generate random private key
sk.append(genSalt(64))
# Public key from private key
public_key.append(ed.publickey(sk[0]))
# Empty right handside of first leaf
rhs_leaf.append(hashPadded("0" * 64, "0" * 64)[2:])
# Iterate over transactions on the merkle tree
for j in range(1, noTx + 1):
leaves.append([])
# create a random pub key from priv key
sk.append(genSalt(64))
public_key.append(ed.publickey(sk[j]))
# create a random new leaf
# This is just a filler message for test purpose (e.g. 11111111... , 22222211111...)
rhs_leaf.append(hashPadded(hex(j)[2] * 64, "1" * 64)[2:])
# The old leaf is previous pubkey + previous message
wallets.append(Wallet())
# Iterate over transactions
for j in range(nWallets-1):
# New wallet
wallet = wallets[j]
# The old leaf is previous pubkey + previous message
old_leaf.append(createLeaf(wallet.public_key, rhs_leaf))
# The new leaf is current pubkey with current message
new_leaf.append(createLeaf(wallets[j+1].public_key, rhs_leaf))
# The message to sign is the previous leaf with the new leaf
message = hashPadded(old_leaf[j], new_leaf[j])
# Remove '0x' from byte
message = message[2:]
# Obtain Signature
r,s = wallet.sign(message)
# Tx object
txs.append(SignedTransferTransaction(wallet.public_key, wallet.secret_key, 1, r, s))
print(txs[j])
# # Get zk proof and merkle root
proof, _root = generate_transfer_proof(txs)
def generate_transfer_proof(self, transactions):
return 42
pub_x = []
pub_y = []
leaves = []
R_x = []
R_y = []
S = []
previous_owners = []
new_owners = []
address = []
public_key = []
# Public key of sender from first tx
public_key.append(tx.senderPubKey)
# Iterate over transactions. each tx is an object from classes.py
for j in range(1, len(transactions) + 1):
tx = transactions[i]
leaves.append([])
# Append sender pubkey
public_key.append(tx.senderPubKey)
# The old owner is previous pubkey + RHS # TODO add rhs_leaf /
# replace with stub
previous_owners.append(createLeaf(tx.senderPubKey, rhs_leaf))
# The new leaf is current pubkey with RHS
new_owners.append(createLeaf(tx.receiverPubKey, rhs_leaf))
# The message to sign is the previous leaf with the new leaf
message = hashPadded(previous_owners[j - 1], new_owners[j - 1])
# Remove '0x' from byte
message = message[2:]
# Check the signer is correct
ed.checkvalid(tx.R, tx.S, message, tx.senderPubKey)
# Now we reverse the puplic key by bit
# we have to reverse the bits so that the
# unpacker in libsnark will return us the
# correct field element
# To put into little-endian
pub_key_x = hex(
int(
''.join(
str(e)
for e in hexToBinary(hex(public_key[j - 1][0]))[::-1]), 2))
pub_key_y = hex(
int(
''.join(
str(e)
for e in hexToBinary(hex(public_key[j - 1][1]))[::-1]), 2))
tx.R[0] = hex(
int(''.join(str(e) for e in hexToBinary(hex(tx.R[0]))[::-1]), 2))
tx.R[1] = hex(
int(''.join(str(e) for e in hexToBinary(hex(tx.R[1]))[::-1]), 2))
# Two r on x and y axis of curve
R_x.append(tx.R[0])
R_y.append(tx.R[1])
# Store s
S.append(s)
# Store public key
pub_x.append(pub_key_x)
pub_y.append(pub_key_y)
#
leaves[j - 1].append(previous_owners[j - 1])
#
address.append(0)
# Get zk proof and Merkle root
proof, root = generate_witness(leaves, pub_x, pub_y, address, tree_depth,
rhs_leaf, new_owners, R_x, R_y, S)
#Build proof for contract
proof["a"] = hex2int(proof["a"])
proof["a_p"] = hex2int(proof["a_p"])
proof["b"] = [hex2int(proof["b"][0]), hex2int(proof["b"][1])]
proof["b_p"] = hex2int(proof["b_p"])
proof["c"] = hex2int(proof["c"])
proof["c_p"] = hex2int(proof["c_p"])
proof["h"] = hex2int(proof["h"])
proof["k"] = hex2int(proof["k"])
proof["input"] = hex2int(proof["input"])
return proof