On going ceremony: refs/heads/ceremony/final-test

ceremony.env

@@ -0,0 +1,5 @@
+TARGET_CIRCUIT=./inputs/census.circom
+INPUT_PTAU=./inputs/input.ptau
+CEREMONY_BRANCH=ceremony/final-test
+CONTRIBUTIONS_PATH=./contributions
+OUTPUT_PATH=./results

contributions/CONTRIBUTIONS.md

@@ -0,0 +1,19 @@
+### Global artifacts
+- [r1cs](./artifacts/circuit.r1cs) - `fdad2fdb0cca00da8c97a737bb60945a84a350affc055ce0419a048eb817eb22e08ebfe473dcc610f5e41c171108b762e95afc7c62b4a7288c91fbc9764c18de`
+- [wasm](./artifacts/circuit.wasm) - `7afc31c9484e2379aed0d55688318071b78d99b3aad4c01572d1121133d6e5b7f87a8b806d6e5061a05ef1bd49d2ef35701dc909cf9b557484bf7099a56cb485`
+- [initial ptau](./artifacts/initial.ptau) - `6247a3433948b35fbfae414fa5a9355bfb45f56efa7ab4929e669264a0258976741dfbe3288bfb49828e5df02c2e633df38d2245e30162ae7e3bcca5b8b49345`
+
+### Contributions
+```
+census_initial_contribution.zkey:273004d57344e8018b271a9ace15e03a17eda10d3c7b51ffb0c6bc372cb2a59e26966cc3da213bef642836e89078f7d399ed3d1594f389610c930c2c31aed3eb
+census_lucasmenendez.zkey:54fe275ab895498cd30244a4d80ea4624405c9af555cefc6eda79028f92eda760669938f6d236b5500de895bc6525152d17f2309a8fc0d292c94f60a9ef967c2
+census_elboletaire.zkey:1e0efeda1728dcadcaf66cd70f814a445b04659367ff2a6ac94e5ac4938905539dda415bdf825f1b2655178b49c9ced2fe484da7d923232abf4b8dcc7b4d91a7
+census_jordipainan.zkey:b07a7e46a7daeafca8a150553c2638ff8344d1baaf4339267cfdef21fa1a59ff428ebbbda5b1e1e5da49458c1421d07e4ab2ca2cc6feeacdb41071871279860b
+census_marcvelmer.zkey:243fa3b550a9a5ba618fddb6f561090f364fdc3c4dea52664ff1545af21f3ff7de0b2c50770a744ebff05bbd2e972fda7bca7f1bf589e144b637bc9748d71c75
+census_p4u.zkey:34d1d4f5f07a9d13be21d4f8851becbd0c0df63c148014edd06bf89bdd06dff3644644b3f63ab171dbf8dd53a9f9108479bc50577bd1ef29d99812a89de3d3ee
+```
+
+### Last contribution
+```
+census_p4u.zkey:34d1d4f5f07a9d13be21d4f8851becbd0c0df63c148014edd06bf89bdd06dff3644644b3f63ab171dbf8dd53a9f9108479bc50577bd1ef29d99812a89de3d3ee
+```

inputs/census.circom

@@ -0,0 +1,117 @@
+pragma circom 2.1.2;
+
+include "/node_modules/circomlib/circuits/poseidon.circom";
+include "/node_modules/circomlib/circuits/comparators.circom";
+include "/node_modules/circomlib/circuits/smt/smtverifier.circom";
+
+/**
+                                                   ┌───────────┐
+                              ┌────────────────────▶lessOrEqual├──────────┐
+       (pub) voteWeight───────┘                    └─────▲─────┘          │
+                                                         │                │
+ (priv) availableWeight─┬────────────────────────────────┘                │
+                        │                                                 │    ┌────┐
+                        │                                                 └───▶│    └┐
+                        │       ┌────────────────────┐                 ┌──────▶│     └┐
+                        │  ┌────▶key                 │                 │       │      ├─
+                        └──│────▶value               │                 │   ┌──▶│     ┌┘
+                           │    │         SMTVerifier├─────────────────┘ ┌────▶│    ┌┘
+       (pub) censusRoot────│────▶root                │                   │ │   └────┘
+                        ┌──│────▶siblings            │                   │ │
+  (priv) censusSiblings─┘  │    └────────────────────┘                   │ │
+                           │                     ┌────────────────────┐  │ │
+                           │   ┌─────────────────▶key                 │  │ │
+                           │   │               ┌─▶value               │  │ │
+                           │   │               │ │         SMTVerifier├──│─┘
+          (pub) sikRoot────│─────────────────────▶root                │  │
+                           │   ┌─────────────────▶siblings            │  │
+     (priv) sikSiblings────│───┘               │ └────────────────────┘  │
+                           │   │               │                         │
+                           │   │               │                         │
+                           │   │               │                         │
+         (priv) address────┼───┘ ┌────────────┐│                         │
+                           ├────▶│            ││                         │
+        (priv) password────│────▶│    Hash    ├┘                         │
+                        ┌──│────▶│            │                          │
+       (priv) signature─┤  │     └────────────┘                          │
+                        │  │                                             │
+                        │  │     ┌────────────┐                          │
+                        │  └────▶│            │                          │
+                        └───────▶│    Hash    ├──────────┐               │
+                           ┌────▶│            │          │               │
+                           │     └────────────┘          │               │
+       (pub) electionId────┘                             │               │
+                                                   ┌─────▼─────┐         │
+        (pub) nullifier────────────────────────────▶   equal   ├─────────┘
+                                                   └───────────┘                        
+*/
+
+template ZkFranchiseProofCircuit (nLevels) {
+    var realNLevels = nLevels+1;
+    signal input electionId[2];
+    signal input nullifier;
+    signal input availableWeight;
+    // voteHash is not operated inside the circuit, assuming that in
+	// Circom an input that is not used will be included in the constraints
+	// system and in the witness
+    signal input voteHash[2];
+    signal input sikRoot;
+    signal input censusRoot;
+
+    signal input address;
+    signal input password;
+    signal input signature;
+
+    signal input voteWeight;
+    signal input censusSiblings[realNLevels];
+    signal input sikSiblings[realNLevels];
+
+    component checkWeight = LessEqThan(252);
+    checkWeight.in[0] <== voteWeight;
+    checkWeight.in[1] <== availableWeight;
+    checkWeight.out === 1;
+
+    component sik = Poseidon(3);
+	sik.inputs[0] <== address;
+	sik.inputs[1] <== password;
+    sik.inputs[2] <== signature;
+
+    component sikVerifier = SMTVerifier(realNLevels);
+	sikVerifier.enabled <== 1;
+	sikVerifier.fnc <== 0; // 0 as is to verify inclusion
+	sikVerifier.root <== sikRoot;
+	for (var i=0; i<realNLevels; i++) {
+		sikVerifier.siblings[i] <== sikSiblings[i];
+	}
+	sikVerifier.oldKey <== 0;
+	sikVerifier.oldValue <== 0;
+	sikVerifier.isOld0 <== 0;
+	sikVerifier.key <== address;
+	sikVerifier.value <== sik.out;
+
+    component censusVerifier = SMTVerifier(realNLevels);
+	censusVerifier.enabled <== 1;
+	censusVerifier.fnc <== 0; // 0 as is to verify inclusion
+	censusVerifier.root <== censusRoot;
+	for (var i=0; i<realNLevels; i++) {
+		censusVerifier.siblings[i] <== censusSiblings[i];
+	}
+	censusVerifier.oldKey <== 0;
+	censusVerifier.oldValue <== 0;
+	censusVerifier.isOld0 <== 0;
+	censusVerifier.key <== address;
+	censusVerifier.value <== availableWeight;
+
+    component computedNullifier = Poseidon(4);
+	computedNullifier.inputs[0] <== signature;
+    computedNullifier.inputs[1] <== password;
+	computedNullifier.inputs[2] <== electionId[0];
+	computedNullifier.inputs[3] <== electionId[1];
+
+    component checkNullifier = ForceEqualIfEnabled();
+	checkNullifier.enabled <== 1;
+	checkNullifier.in[0] <== computedNullifier.out;
+	checkNullifier.in[1] <== nullifier;
+}
+
+component main { public [ electionId, nullifier, voteWeight, voteHash, sikRoot, censusRoot ] } = ZkFranchiseProofCircuit(160);