Merge pull request #49 from Quantus-Network/hash-updates

feat: poseidon2 integration

Author: ethan-crypto

Cargo.lock

@@ -123,7 +123,7 @@ impl CircuitFragment for VoteCircuitData {
     fn circuit(targets: &Self::Targets, builder: &mut CircuitBuilder<F, D>) {
         // --- 1. Merkle Proof Verification ---
         let leaf_hash_targets = builder
-            .hash_n_to_hash_no_pad::<plonky2::hash::poseidon::PoseidonHash>(
+            .hash_n_to_hash_no_pad_p2::<plonky2::hash::poseidon2::Poseidon2Hash>(
                 targets.private_key.elements.to_vec(),
             );
         let mut current_hash_targets = leaf_hash_targets;
@@ -159,7 +159,9 @@ impl CircuitFragment for VoteCircuitData {
             combined_elements.extend(&right_elements);
 
             let parent_hash_candidacy = builder
-                .hash_n_to_hash_no_pad::<plonky2::hash::poseidon::PoseidonHash>(combined_elements);
+                .hash_n_to_hash_no_pad_p2::<plonky2::hash::poseidon2::Poseidon2Hash>(
+                    combined_elements,
+                );
 
             let mut next_hash_elements = Vec::with_capacity(DIGEST_NUM_FIELD_ELEMENTS);
             for k in 0..DIGEST_NUM_FIELD_ELEMENTS {
@@ -184,7 +186,7 @@ impl CircuitFragment for VoteCircuitData {
         nullifier_input_elements.extend_from_slice(&targets.proposal_id.elements);
 
         let computed_nullifier_targets = builder
-            .hash_n_to_hash_no_pad::<plonky2::hash::poseidon::PoseidonHash>(
+            .hash_n_to_hash_no_pad_p2::<plonky2::hash::poseidon2::Poseidon2Hash>(
                 nullifier_input_elements,
             );
 
@@ -265,7 +267,7 @@ mod voting_tests {
     use super::*;
     use plonky2::{
         field::types::Field,
-        hash::poseidon::PoseidonHash,
+        hash::poseidon2::Poseidon2Hash,
         iop::witness::PartialWitness,
         plonk::{circuit_data::CircuitConfig, config::Hasher},
     };
@@ -275,11 +277,11 @@ mod voting_tests {
     };
 
     fn compute_nullifier(private_key: &PrivateKey, proposal_id: &Digest) -> Digest {
-        let pk_hash = PoseidonHash::hash_no_pad(private_key).elements;
+        let pk_hash = Poseidon2Hash::hash_no_pad(private_key).elements;
         let mut input = [F::ZERO; 8];
         input[..4].copy_from_slice(&pk_hash);
         input[4..].copy_from_slice(proposal_id);
-        PoseidonHash::hash_no_pad(&input).elements
+        Poseidon2Hash::hash_no_pad(&input).elements
     }
 
     fn create_test_inputs() -> VoteCircuitData {
@@ -291,7 +293,7 @@ mod voting_tests {
         ];
         let leaves: Vec<Digest> = private_keys_for_tree
             .iter()
-            .map(|bytes| PoseidonHash::hash_no_pad(&digest_bytes_to_felts(*bytes)).elements)
+            .map(|bytes| Poseidon2Hash::hash_no_pad(&digest_bytes_to_felts(*bytes)).elements)
             .collect();
 
         // Build the Merkle tree level by level
@@ -306,7 +308,7 @@ mod voting_tests {
                     let mut combined = [F::ZERO; 8];
                     combined[..4].copy_from_slice(&current_level[i]);
                     combined[4..].copy_from_slice(&current_level[i + 1]);
-                    next_level.push(PoseidonHash::hash_no_pad(&combined).elements);
+                    next_level.push(Poseidon2Hash::hash_no_pad(&combined).elements);
                 } else {
                     next_level.push(current_level[i]);
                 }

voting/src/lib.rs

@@ -14,7 +14,7 @@ use crate::codec::ByteCodec;
 use crate::codec::FieldElementCodec;
 use crate::inputs::CircuitInputs;
 use plonky2::{
-    hash::{hash_types::HashOutTarget, poseidon::PoseidonHash},
+    hash::{hash_types::HashOutTarget, poseidon2::Poseidon2Hash},
     iop::{
         target::Target,
         witness::{PartialWitness, WitnessWrite},
@@ -75,8 +75,8 @@ impl Nullifier {
         preimage.extend(secret);
         preimage.extend(transfer_count);
 
-        let inner_hash = PoseidonHash::hash_no_pad(&preimage).elements;
-        let outer_hash = PoseidonHash::hash_no_pad(&inner_hash).elements;
+        let inner_hash = Poseidon2Hash::hash_no_pad(&preimage).elements;
+        let outer_hash = Poseidon2Hash::hash_no_pad(&inner_hash).elements;
         let hash = Digest::from(outer_hash);
 
         Self {
@@ -251,9 +251,9 @@ impl CircuitFragment for Nullifier {
         preimage.extend(transfer_count);
 
         // Compute the `generated_account` by double-hashing the preimage (salt + secret).
-        let inner_hash = builder.hash_n_to_hash_no_pad::<PoseidonHash>(preimage);
+        let inner_hash = builder.hash_n_to_hash_no_pad_p2::<Poseidon2Hash>(preimage);
         let computed_hash =
-            builder.hash_n_to_hash_no_pad::<PoseidonHash>(inner_hash.elements.to_vec());
+            builder.hash_n_to_hash_no_pad_p2::<Poseidon2Hash>(inner_hash.elements.to_vec());
 
         // Assert that hashes are equal.
         builder.connect_hashes(computed_hash, hash);

wormhole/circuit/src/nullifier.rs

@@ -20,7 +20,7 @@ use zk_circuits_common::{
 pub mod leaf;
 
 pub const MAX_PROOF_LEN: usize = 20;
-pub const PROOF_NODE_MAX_SIZE_F: usize = 188; // Should match the felt preimage max set on poseidon-resonance crate.
+pub const PROOF_NODE_MAX_SIZE_F: usize = 189; // Should match the felt preimage max set on poseidon-resonance crate.
 pub const PROOF_NODE_MAX_SIZE_B: usize = 256;
 pub const FELTS_PER_AMOUNT: usize = 2;
 
@@ -147,7 +147,7 @@ impl CircuitFragment for StorageProof {
         }: &Self::Targets,
         builder: &mut CircuitBuilder<F, D>,
     ) {
-        use plonky2::hash::poseidon::PoseidonHash;
+        use plonky2::hash::poseidon2::Poseidon2Hash;
         use zk_circuits_common::gadgets::is_const_less_than;
 
         let leaf_targets_32_bit = leaf_inputs.collect_32_bit_targets();
@@ -158,7 +158,7 @@ impl CircuitFragment for StorageProof {
 
         // Calculate the leaf inputs hash.
         let leaf_inputs_hash =
-            builder.hash_n_to_hash_no_pad::<PoseidonHash>(leaf_inputs.collect_to_vec());
+            builder.hash_n_to_hash_no_pad_p2::<Poseidon2Hash>(leaf_inputs.collect_to_vec());
 
         // constant 2^32 for (lo + hi * 2^32) reconstruction
         let two_pow_32 = builder.constant(F::from_canonical_u64(1u64 << 32));
@@ -177,7 +177,7 @@ impl CircuitFragment for StorageProof {
             let is_leaf_node = builder.is_equal(i_t, proof_len);
 
             // Compute the hash of this node and compare it against the previous hash.
-            let computed_hash = builder.hash_n_to_hash_no_pad::<PoseidonHash>(node.clone());
+            let computed_hash = builder.hash_n_to_hash_no_pad_p2::<Poseidon2Hash>(node.clone());
             for y in 0..4 {
                 let diff = builder.sub(computed_hash.elements[y], prev_hash.elements[y]);
                 let result = builder.mul(diff, is_proof_node.target);

wormhole/circuit/src/storage_proof/mod.rs

@@ -2,7 +2,7 @@ use alloc::vec::Vec;
 use core::mem::size_of;
 
 use plonky2::{
-    hash::{hash_types::HashOutTarget, poseidon::PoseidonHash},
+    hash::{hash_types::HashOutTarget, poseidon2::Poseidon2Hash},
     iop::witness::{PartialWitness, WitnessWrite},
     plonk::{circuit_builder::CircuitBuilder, config::Hasher},
 };
@@ -46,12 +46,8 @@ impl UnspendableAccount {
         }
 
         // Hash twice to get the account id.
-        let inner_hash = PoseidonHash::hash_no_pad(&preimage).elements;
-        let outer_hash = PoseidonHash::hash_no_pad(&inner_hash).elements;
-        // println!(
-        //     "accountId: {:?}",
-        //     hex::encode(*digest_felts_to_bytes(outer_hash))
-        // );
+        let inner_hash = Poseidon2Hash::hash_no_pad(&preimage).elements;
+        let outer_hash = Poseidon2Hash::hash_no_pad(&inner_hash).elements;
         let account_id = Digest::from(outer_hash);
 
         Self {
@@ -184,9 +180,9 @@ impl CircuitFragment for UnspendableAccount {
         preimage.extend(secret.elements.iter());
 
         // Compute the `generated_account` by double-hashing the preimage (salt + secret).
-        let inner_hash = builder.hash_n_to_hash_no_pad::<PoseidonHash>(preimage.clone());
+        let inner_hash = builder.hash_n_to_hash_no_pad_p2::<Poseidon2Hash>(preimage.clone());
         let generated_account =
-            builder.hash_n_to_hash_no_pad::<PoseidonHash>(inner_hash.elements.to_vec());
+            builder.hash_n_to_hash_no_pad_p2::<Poseidon2Hash>(inner_hash.elements.to_vec());
 
         // Assert that hashes are equal.
         builder.connect_hashes(generated_account, account_id);

wormhole/circuit/src/unspendable_account.rs

@@ -1,4 +1,4 @@
-use plonky2::hash::poseidon::PoseidonHash;
+use plonky2::hash::poseidon2::Poseidon2Hash;
 use plonky2::plonk::circuit_data::CircuitConfig;
 use plonky2::plonk::config::Hasher;
 use plonky2::plonk::proof::ProofWithPublicInputs;
@@ -26,7 +26,7 @@ fn main() -> anyhow::Result<()> {
     leaf_inputs_felts.extend_from_slice(&funding_account.0);
     leaf_inputs_felts.extend_from_slice(&unspendable_account);
     leaf_inputs_felts.extend_from_slice(&u128_to_felts(funding_amount));
-    let leaf_inputs_hash = PoseidonHash::hash_no_pad(&leaf_inputs_felts);
+    let leaf_inputs_hash = Poseidon2Hash::hash_no_pad(&leaf_inputs_felts);
     let root_hash = digest_felts_to_bytes(leaf_inputs_hash.elements);
 
     let exit_account_id = 8226349481601990196u64;

wormhole/example/src/main.rs

@@ -1,7 +1,7 @@
 use anyhow::Context;
 use anyhow::Result;
 use plonky2::field::types::Field;
-use plonky2::hash::poseidon::PoseidonHash;
+use plonky2::hash::poseidon2::Poseidon2Hash;
 use plonky2::plonk::circuit_data::CircuitConfig;
 use plonky2::plonk::config::{Hasher, PoseidonGoldilocksConfig};
 use plonky2::util::serialization::{DefaultGateSerializer, DefaultGeneratorSerializer};
@@ -10,17 +10,22 @@ use serde::de::DeserializeOwned;
 use std::path::{Path, PathBuf};
 use std::process::Command;
 use std::{env, fs};
+use test_helpers::storage_proof::TestInputs;
+use test_helpers::DEFAULT_FUNDING_ACCOUNT;
+use test_helpers::DEFAULT_SECRETS;
 use wormhole_circuit::circuit::circuit_logic::WormholeCircuit;
 use wormhole_circuit::circuit::{circuit_data_from_bytes, circuit_data_to_bytes};
 use wormhole_circuit::inputs::{CircuitInputs, PrivateCircuitInputs, PublicCircuitInputs};
 use wormhole_circuit::nullifier::Nullifier;
+use wormhole_circuit::storage_proof::leaf::LeafInputs;
 use wormhole_circuit::storage_proof::ProcessedStorageProof;
 use wormhole_circuit::substrate_account::SubstrateAccount;
 use wormhole_circuit::unspendable_account::UnspendableAccount;
 use wormhole_prover::WormholeProver;
 use wormhole_verifier::WormholeVerifier;
 use zk_circuits_common::circuit::{TransferProofJson, D, F};
-use zk_circuits_common::utils::u64_to_felts;
+use zk_circuits_common::utils::felts_to_u128;
+use zk_circuits_common::utils::felts_to_u64;
 use zk_circuits_common::utils::BytesDigest;
 use zk_circuits_common::utils::{digest_felts_to_bytes, u128_to_felts};
 
@@ -140,33 +145,42 @@ fn test_prover_and_verifier_from_file_e2e() -> Result<()> {
     let verifier = WormholeVerifier::new_from_files(&verifier_path, &common_path)?;
 
     // Create inputs
-    let funding_account = SubstrateAccount::new(&[2u8; 32])?;
-    let secret = BytesDigest::try_from([1u8; 32]).unwrap();
-    let unspendable_account = UnspendableAccount::from_secret(secret).account_id;
-    let funding_amount = 1000u128;
-    let transfer_count = 0u64;
+    let leaf_inputs = LeafInputs::test_inputs_0();
+    let secret =
+        BytesDigest::try_from(hex::decode(DEFAULT_SECRETS[0]).unwrap().as_slice()).unwrap();
+    let funding_account = leaf_inputs.funding_account;
+    // let secret = BytesDigest::try_from([1u8; 32]).unwrap();
+    let unspendable_account = leaf_inputs.to_account;
+    let funding_amount = leaf_inputs.funding_amount;
+    let transfer_count = leaf_inputs.transfer_count;
 
     let mut leaf_inputs_felts = Vec::new();
-    leaf_inputs_felts.extend(&u64_to_felts(transfer_count));
-    leaf_inputs_felts.extend_from_slice(&funding_account.0);
-    leaf_inputs_felts.extend_from_slice(&unspendable_account);
-    leaf_inputs_felts.extend_from_slice(&u128_to_felts(funding_amount));
+    leaf_inputs_felts.extend(transfer_count);
+    leaf_inputs_felts.extend_from_slice(funding_account.as_slice());
+    leaf_inputs_felts.extend_from_slice(unspendable_account.as_slice());
+    leaf_inputs_felts.extend(funding_amount);
 
-    let leaf_inputs_hash = PoseidonHash::hash_no_pad(&leaf_inputs_felts);
+    let transfer_count = felts_to_u64(transfer_count).unwrap();
+    let funding_amount = felts_to_u128(funding_amount).unwrap();
+
+    let leaf_inputs_hash = Poseidon2Hash::hash_no_pad(&leaf_inputs_felts);
     let root_hash: [u8; 32] = *digest_felts_to_bytes(leaf_inputs_hash.elements);
 
+    // print the hex of the root hash
+    println!("root_hash: {}", hex::encode(root_hash));
+
     let exit_account = SubstrateAccount::new(&[2u8; 32])?;
     let inputs = CircuitInputs {
         private: PrivateCircuitInputs {
             secret,
             funding_account: (*funding_account).into(),
             storage_proof: ProcessedStorageProof::new(vec![], vec![]).unwrap(),
-            unspendable_account: (unspendable_account).into(),
+            unspendable_account: (*unspendable_account).into(),
             transfer_count,
         },
         public: PublicCircuitInputs {
             funding_amount,
-            nullifier: Nullifier::from_preimage(secret, 0).hash.into(),
+            nullifier: Nullifier::from_preimage(secret, transfer_count).hash.into(),
             root_hash: root_hash.try_into().unwrap(),
             exit_account: (*exit_account).into(),
         },
@@ -269,10 +283,7 @@ fn test_prover_and_verifier_fuzzing() -> Result<()> {
                 ProcessedStorageProof::new(storage_proof_bytes, proof_json.indices.clone())
                     .context("failed to build ProcessedStorageProof")?;
 
-            let funding_account = SubstrateAccount::new(&[
-                223, 23, 232, 59, 97, 108, 223, 113, 2, 89, 54, 39, 126, 65, 248, 106, 156, 219, 7,
-                123, 213, 197, 228, 118, 177, 81, 61, 77, 23, 89, 200, 80,
-            ])?; // Alice test account from dev node.
+            let funding_account = SubstrateAccount::new(&DEFAULT_FUNDING_ACCOUNT)?;
             let secret = BytesDigest::try_from(secret.as_slice()).unwrap();
             let unspendable_account = UnspendableAccount::from_secret(secret).account_id;
 

wormhole/tests/src/circuit/circuit_data_tests.rs

@@ -10,20 +10,20 @@ use zk_circuits_common::{
 
 #[cfg(test)]
 const SECRETS: [&str; 5] = [
-    "cd94df2e3c38a87f3e429b62af022dbe4363143811219d80037e8798b2ec9229",
-    "8b680b2421968a0c1d3cff6f3408e9d780157ae725724a78c3bc0998d1ac8194",
+    "4c8587bd422e01d961acdc75e7d66f6761b7af7c9b1864a492f369c9d6724f05",
+    "c6034553e5556630d24a593d2c92de9f1ede81d48f0fb3371764462cc3594b3f",
     "87f5fc11df0d12f332ccfeb92ddd8995e6c11709501a8b59c2aaf9eefee63ec1",
     "ef69da4e3aa2a6f15b3a9eec5e481f17260ac812faf1e685e450713327c3ab1c",
     "9aa84f99ef2de22e3070394176868df41d6a148117a36132d010529e19b018b7",
 ];
 
 #[cfg(test)]
 const ADDRESSES: [&str; 5] = [
-    "b209bdf6636fd7a3a224b9e62dde4acf7a93ecc7d19f618990e34bdeae8e1455",
-    "aebdf7b4136139bbda4d8b5b4cfe3726dfdd64c842e16f79ad8033f8044c3b7e",
-    "f5fc29c796b56aeabc3d3d9bd113d6b958f434b0919e207d81c3ded261331677",
-    "c18c0dfb3f71945ea7cf1ecfdd110a6ed1c2d0cdde5db0b2d05c60e14bc2da83",
-    "96d45bf29b88b160511748dba781606b10e1f5f9dfdc9d7350e7d57676f65e43",
+    "4d38abc959eb7e11526fd632c73d47e8945972fa3d9ce3d62532d5f386353993",
+    "8213d62e0104abe36482ef26346e0d5cd1d7511b22e4b03c770ca2c687b0ed04",
+    "7c281f0265adab691f06195b30deb4d133477a363355c584143827210b19bb09",
+    "5511b416ec05918b6fbc78fbd61d2575be3bd9d5f931b0f2438f7f5f7d46ae6e",
+    "ae18069d04d3fb4b3eb1fb41d6b5bf51b1bad41ff95d067b65116a1f5a68ba09",
 ];
 
 #[cfg(test)]
@@ -49,6 +49,8 @@ fn preimage_matches_right_address() {
     for (secret, address) in SECRETS.iter().zip(ADDRESSES) {
         let decoded_secret: [u8; 32] = hex::decode(secret).unwrap().try_into().unwrap();
         let decoded_address = hex::decode(address).unwrap();
+        // print the decoded address
+        println!("decoded_address: {:?}", decoded_address);
         let unspendable_account =
             UnspendableAccount::from_secret(decoded_secret.try_into().unwrap());