ceremony/new test

.github/workflows/finish-ceremony.yml

@@ -3,34 +3,36 @@ on:
   pull_request:
     types: [ closed ]
 jobs:
-  debug:
+  debug-action:
     runs-on: ubuntu-latest
     steps:
     - name: Dump event
       run: |
         echo "${{ toJson(github.event) }}"
         echo "${{ github.actor }}"
         echo "${{ github.ref_name }}"
-  finish-ceremony:
-    if: ${{ github.event.pull_request.merged == false && github.actor == github.event.pull_request.user.login && contains(github.event.pull_request.labels.*.name, 'on-going-ceremony') && startsWith(github.ref_name, 'ceremony/') }}
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout the repository
-      uses: actions/checkout@v4
-      with:
-        lfs: true
-        ref: ${{ github.event.pull_request.head.ref }}
-    - name: Checkout LFS objects
-      run: git lfs checkout
-    - name: Run toolkit
-      run: |
-        docker build -q -t vocdoni/zk-voceremony --target zk-voceremony .
-        docker run --rm -qt -v ./:/app --env-file ./ceremony.env vocdoni/zk-voceremony finish
-    - name: Commit ceremony artifacts
-      uses: stefanzweifel/git-auto-commit-action@v5
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        commit_message: Finish '${{ github.event.pull_request.head.ref }}' ceremony
-        commit_options: '--no-verify'
-        commit_user_name: ${{ github.actor }}
+        echo "${{ github.event.pull_request.merged }}"
+        echo "${{ github.event.pull_request.head.ref }}"
+  # finish-ceremony:
+  #   if: ${{ github.event.pull_request.merged == false && github.actor == github.event.pull_request.user.login && contains(github.event.pull_request.labels.*.name, 'on-going-ceremony') && startsWith(github.event.pull_request.head.ref, 'ceremony/') }}
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #   - name: Checkout the repository
+  #     uses: actions/checkout@v4
+  #     with:
+  #       lfs: true
+  #       ref: ${{ github.event.pull_request.head.ref }}
+  #   - name: Checkout LFS objects
+  #     run: git lfs checkout
+  #   - name: Run toolkit
+  #     run: |
+  #       docker build -q -t vocdoni/zk-voceremony --target zk-voceremony .
+  #       docker run --rm -qt -v ./:/app --env-file ./ceremony.env vocdoni/zk-voceremony finish
+  #   - name: Commit ceremony artifacts
+  #     uses: stefanzweifel/git-auto-commit-action@v5
+  #     env:
+  #       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  #     with:
+  #       commit_message: Finish '${{ github.event.pull_request.head.ref }}' ceremony
+  #       commit_options: '--no-verify'
+  #       commit_user_name: ${{ github.actor }}

ceremony.env

@@ -0,0 +1,5 @@
+TARGET_CIRCUIT=./inputs/census.circom
+INPUT_PTAU=./inputs/input.ptau
+CEREMONY_BRANCH=ceremony/new-test
+CONTRIBUTIONS_PATH=./contributions
+OUTPUT_PATH=./results

contributions/CONTRIBUTIONS.md

@@ -0,0 +1,15 @@
+### Global artifacts
+- [r1cs](./artifacts/circuit.r1cs) - `fdad2fdb0cca00da8c97a737bb60945a84a350affc055ce0419a048eb817eb22e08ebfe473dcc610f5e41c171108b762e95afc7c62b4a7288c91fbc9764c18de`
+- [wasm](./artifacts/circuit.wasm) - `7afc31c9484e2379aed0d55688318071b78d99b3aad4c01572d1121133d6e5b7f87a8b806d6e5061a05ef1bd49d2ef35701dc909cf9b557484bf7099a56cb485`
+- [initial ptau](./artifacts/initial.ptau) - `6247a3433948b35fbfae414fa5a9355bfb45f56efa7ab4929e669264a0258976741dfbe3288bfb49828e5df02c2e633df38d2245e30162ae7e3bcca5b8b49345`
+
+### Contributions
+```
+census_initial_contribution.zkey:273004d57344e8018b271a9ace15e03a17eda10d3c7b51ffb0c6bc372cb2a59e26966cc3da213bef642836e89078f7d399ed3d1594f389610c930c2c31aed3eb
+census_lucasmenendez.zkey:a6ff43f200809bf7b5d1b25b1b4007eb99021f7fe40b895c8465789cc358bdf51e47ce362bb930d2556bbfecd3b366f75ae5c7099137e1474a60b9bffc166b2d
+```
+
+### Last contribution
+```
+census_lucasmenendez.zkey:a6ff43f200809bf7b5d1b25b1b4007eb99021f7fe40b895c8465789cc358bdf51e47ce362bb930d2556bbfecd3b366f75ae5c7099137e1474a60b9bffc166b2d
+```

inputs/census.circom

@@ -0,0 +1,117 @@
+pragma circom 2.1.2;
+
+include "/node_modules/circomlib/circuits/poseidon.circom";
+include "/node_modules/circomlib/circuits/comparators.circom";
+include "/node_modules/circomlib/circuits/smt/smtverifier.circom";
+
+/**
+                                                   ┌───────────┐
+                              ┌────────────────────▶lessOrEqual├──────────┐
+       (pub) voteWeight───────┘                    └─────▲─────┘          │
+                                                         │                │
+ (priv) availableWeight─┬────────────────────────────────┘                │
+                        │                                                 │    ┌────┐
+                        │                                                 └───▶│    └┐
+                        │       ┌────────────────────┐                 ┌──────▶│     └┐
+                        │  ┌────▶key                 │                 │       │      ├─
+                        └──│────▶value               │                 │   ┌──▶│     ┌┘
+                           │    │         SMTVerifier├─────────────────┘ ┌────▶│    ┌┘
+       (pub) censusRoot────│────▶root                │                   │ │   └────┘
+                        ┌──│────▶siblings            │                   │ │
+  (priv) censusSiblings─┘  │    └────────────────────┘                   │ │
+                           │                     ┌────────────────────┐  │ │
+                           │   ┌─────────────────▶key                 │  │ │
+                           │   │               ┌─▶value               │  │ │
+                           │   │               │ │         SMTVerifier├──│─┘
+          (pub) sikRoot────│─────────────────────▶root                │  │
+                           │   ┌─────────────────▶siblings            │  │
+     (priv) sikSiblings────│───┘               │ └────────────────────┘  │
+                           │   │               │                         │
+                           │   │               │                         │
+                           │   │               │                         │
+         (priv) address────┼───┘ ┌────────────┐│                         │
+                           ├────▶│            ││                         │
+        (priv) password────│────▶│    Hash    ├┘                         │
+                        ┌──│────▶│            │                          │
+       (priv) signature─┤  │     └────────────┘                          │
+                        │  │                                             │
+                        │  │     ┌────────────┐                          │
+                        │  └────▶│            │                          │
+                        └───────▶│    Hash    ├──────────┐               │
+                           ┌────▶│            │          │               │
+                           │     └────────────┘          │               │
+       (pub) electionId────┘                             │               │
+                                                   ┌─────▼─────┐         │
+        (pub) nullifier────────────────────────────▶   equal   ├─────────┘
+                                                   └───────────┘                        
+*/
+
+template ZkFranchiseProofCircuit (nLevels) {
+    var realNLevels = nLevels+1;
+    signal input electionId[2];
+    signal input nullifier;
+    signal input availableWeight;
+    // voteHash is not operated inside the circuit, assuming that in
+	// Circom an input that is not used will be included in the constraints
+	// system and in the witness
+    signal input voteHash[2];
+    signal input sikRoot;
+    signal input censusRoot;
+
+    signal input address;
+    signal input password;
+    signal input signature;
+
+    signal input voteWeight;
+    signal input censusSiblings[realNLevels];
+    signal input sikSiblings[realNLevels];
+
+    component checkWeight = LessEqThan(252);
+    checkWeight.in[0] <== voteWeight;
+    checkWeight.in[1] <== availableWeight;
+    checkWeight.out === 1;
+
+    component sik = Poseidon(3);
+	sik.inputs[0] <== address;
+	sik.inputs[1] <== password;
+    sik.inputs[2] <== signature;
+
+    component sikVerifier = SMTVerifier(realNLevels);
+	sikVerifier.enabled <== 1;
+	sikVerifier.fnc <== 0; // 0 as is to verify inclusion
+	sikVerifier.root <== sikRoot;
+	for (var i=0; i<realNLevels; i++) {
+		sikVerifier.siblings[i] <== sikSiblings[i];
+	}
+	sikVerifier.oldKey <== 0;
+	sikVerifier.oldValue <== 0;
+	sikVerifier.isOld0 <== 0;
+	sikVerifier.key <== address;
+	sikVerifier.value <== sik.out;
+
+    component censusVerifier = SMTVerifier(realNLevels);
+	censusVerifier.enabled <== 1;
+	censusVerifier.fnc <== 0; // 0 as is to verify inclusion
+	censusVerifier.root <== censusRoot;
+	for (var i=0; i<realNLevels; i++) {
+		censusVerifier.siblings[i] <== censusSiblings[i];
+	}
+	censusVerifier.oldKey <== 0;
+	censusVerifier.oldValue <== 0;
+	censusVerifier.isOld0 <== 0;
+	censusVerifier.key <== address;
+	censusVerifier.value <== availableWeight;
+
+    component computedNullifier = Poseidon(4);
+	computedNullifier.inputs[0] <== signature;
+    computedNullifier.inputs[1] <== password;
+	computedNullifier.inputs[2] <== electionId[0];
+	computedNullifier.inputs[3] <== electionId[1];
+
+    component checkNullifier = ForceEqualIfEnabled();
+	checkNullifier.enabled <== 1;
+	checkNullifier.in[0] <== computedNullifier.out;
+	checkNullifier.in[1] <== nullifier;
+}
+
+component main { public [ electionId, nullifier, voteWeight, voteHash, sikRoot, censusRoot ] } = ZkFranchiseProofCircuit(160);