Merge pull request #206 from zk-passport/merge-175

circuits/circuits/disclose/disclose.circom

@@ -16,15 +16,6 @@ template DISCLOSE() {
     signal output older_than[2];
     signal output nullifier;
 
-    // Verify validity of the passport
-    component isValid = IsValid();
-    isValid.currDate <== current_date;
-    for (var i = 0; i < 6; i++) {
-        isValid.validityDateASCII[i] <== dg1[70 + i];
-    }
-
-    1 === isValid.out;
-
     // Disclose optional data
     component isOlderThan = IsOlderThan();
     isOlderThan.majorityASCII <== majority;

circuits/circuits/disclose/proveCountryIsNotInList.circom

@@ -0,0 +1,21 @@
+pragma circom 2.1.5;
+
+include "circomlib/circuits/comparators.circom";
+include "../utils/other/bytes.circom";
+template ProveCountryIsNotInList(forbiddenCountriesListLength) {
+
+    signal input dg1[93];
+    signal input forbidden_countries_list[forbiddenCountriesListLength * 3]; 
+
+    signal equality_results[forbiddenCountriesListLength][4];
+    for (var i = 0; i < forbiddenCountriesListLength; i++) {
+            equality_results[i][0] <== IsEqual()([dg1[7], forbidden_countries_list[i ]]);
+            equality_results[i][1] <== IsEqual()([dg1[8], forbidden_countries_list[i + 1]]); 
+            equality_results[i][2] <== IsEqual()([dg1[9], forbidden_countries_list[i + 2]]);
+            equality_results[i][3] <==  equality_results[i][0] * equality_results[i][1];
+            0 ===  equality_results[i][3] * equality_results[i][2];
+    }
+    signal output forbidden_countries_list_packed[2];
+    forbidden_countries_list_packed  <== PackBytes(forbiddenCountriesListLength * 3)(forbidden_countries_list);
+
+}

circuits/circuits/ofac/ofac_name.circom

@@ -4,31 +4,16 @@ include "circomlib/circuits/poseidon.circom";
 include "circomlib/circuits/comparators.circom";
 include "binary-merkle-root.circom";
 include "../utils/other/getCommonLength.circom";
-include "../disclose/verify_commitment.circom";
 include "../utils/other/smt.circom";
 
-template OFAC_NAME(nLevels) {
-    signal input secret;
-    signal input attestation_id;
-    signal input pubkey_leaf;
+template OFAC_NAME() {
+
     signal input dg1[93];
-    signal input dg2_hash[64];
-    signal input merkle_root;
-    signal input merkletree_size;
-    signal input path[nLevels];
-    signal input siblings[nLevels];
-    signal input current_date[6]; 
 
-    signal input closest_leaf;
+    signal input smt_leaf_value;
     signal input smt_root;
     signal input smt_siblings[256];
-    signal output proofType;
-    signal output proofLevel;
-
-    // Verify commitment is part of the merkle tree
-    VERIFY_COMMITMENT(nLevels)(secret, attestation_id, pubkey_leaf, dg1, dg2_hash, merkle_root, merkletree_size, path, siblings);
 
-    // Name Hash
     component poseidon_hasher[3];
     for (var j = 0; j < 3; j++) {
         poseidon_hasher[j] = Poseidon(13);
@@ -38,16 +23,7 @@ template OFAC_NAME(nLevels) {
     }
 
     signal name_hash <== Poseidon(3)([poseidon_hasher[0].out, poseidon_hasher[1].out, poseidon_hasher[2].out]);
-    signal smtleaf_hash <== Poseidon(3)([name_hash, 1,1]);
-
-    // SMT Verification
-    signal closestleaf <== SMTVerify(256)(name_hash, 1, closest_leaf, smt_root, smt_siblings);
-
-    proofType <== IsEqual()([closestleaf,smtleaf_hash]); 
-    proofType === 0;  // Uncomment this line to make circuit handle both membership and non-membership proof and returns the type of proof (0 for non-membership, 1 for membership)
-
-    proofLevel <== 1;
 
+    signal output ofacCheckResult <== SMTVerify(256)(name_hash, smt_leaf_value, smt_root, smt_siblings, 0);
 }
 
-component main { public [ merkle_root,smt_root ] } = OFAC_NAME(16);

circuits/circuits/ofac/ofac_name_dob.circom

@@ -5,29 +5,15 @@ include "circomlib/circuits/comparators.circom";
 include "circomlib/circuits/bitify.circom";
 include "binary-merkle-root.circom";
 include "../utils/other/getCommonLength.circom";
-include "../disclose/verify_commitment.circom";
 include "../utils/other/smt.circom";
 
-template OFAC_NAME_DOB(nLevels) {
-    signal input secret;
-    signal input attestation_id;
-    signal input pubkey_leaf;
+template OFAC_NAME_DOB() {
+
     signal input dg1[93];
-    signal input dg2_hash[64];
-    signal input merkle_root;
-    signal input merkletree_size;
-    signal input path[nLevels];
-    signal input siblings[nLevels];
-    signal input current_date[6]; 
-
-    signal input closest_leaf;
+
+    signal input smt_leaf_value;
     signal input smt_root;
     signal input smt_siblings[256];
-    signal output proofLevel;
-
-    // Verify commitment is part of the merkle tree
-    VERIFY_COMMITMENT(nLevels)(secret, attestation_id, pubkey_leaf, dg1, dg2_hash, merkle_root, merkletree_size, path, siblings);
-
     // Name Hash
     component poseidon_hasher[3];
     for (var j = 0; j < 3; j++) {
@@ -46,15 +32,6 @@ template OFAC_NAME_DOB(nLevels) {
 
     // NameDob hash
     signal name_dob_hash <== Poseidon(2)([pos_dob.out, name_hash]);
-    signal smtleaf_hash <== Poseidon(3)([name_dob_hash, 1,1]);
-
-    // SMT Verification
-    signal closestleaf <== SMTVerify(256)(name_dob_hash, 1, closest_leaf, smt_root, smt_siblings);
-
-    signal proofType <== IsEqual()([closestleaf,smtleaf_hash]); 
-    proofType === 0;  // Uncomment this line to make circuit handle both membership and non-membership proof and returns the type of proof (0 for non-membership, 1 for membership)
-
-    proofLevel <== 2;
-}
 
-component main { public [ merkle_root,smt_root ] } = OFAC_NAME_DOB(16);
+    signal output ofacCheckResult <== SMTVerify(256)(name_dob_hash, smt_leaf_value, smt_root, smt_siblings, 0);
+}

circuits/circuits/ofac/ofac_passport_number.circom

@@ -6,44 +6,20 @@ include "circomlib/circuits/bitify.circom";
 include "../utils/other/array.circom";
 include "binary-merkle-root.circom";
 include "../utils/other/getCommonLength.circom";
-include "../disclose/verify_commitment.circom";
 include "../utils/other/smt.circom";
 
-template OFAC_PASSPORT_NUMBER(nLevels) {
-    signal input secret;
-    signal input attestation_id;
-    signal input pubkey_leaf;
+template OFAC_PASSPORT_NUMBER() {
+
     signal input dg1[93];
-    signal input dg2_hash[64];
-    signal input merkle_root;
-    signal input merkletree_size;
-    signal input path[nLevels];
-    signal input siblings[nLevels];
-    signal input current_date[6]; 
 
-    signal input closest_leaf;
+    signal input smt_leaf_value;
     signal input smt_root;
     signal input smt_siblings[256];
-    signal output proofLevel;
-
-    // Verify commitment is part of the merkle tree
-    VERIFY_COMMITMENT(nLevels)(secret, attestation_id, pubkey_leaf, dg1, dg2_hash, merkle_root, merkletree_size, path, siblings);
+    signal output proofLevel <== 3;
 
-    // PassportNo Hash
     component poseidon_hasher = Poseidon(9);
     for (var i = 0; i < 9; i++) {
         poseidon_hasher.inputs[i] <== dg1[49 + i];
     } 
-    signal smtleaf_hash <== Poseidon(3)([poseidon_hasher.out, 1,1]);
-
-    // SMT Verification
-    signal closestleaf <== SMTVerify(256)(poseidon_hasher.out, 1, closest_leaf, smt_root, smt_siblings);
-
-    // If leaf given = leaf calulated ; then membership proof
-    signal proofType <== IsEqual()([closestleaf,smtleaf_hash]); // 1 for membership proof, 0 for non-membership proof
-    proofType === 0;  // Uncomment this line to make circuit handle both membership and non-membership proof (0 for non-membership, 1 for membership)
-
-    proofLevel <== 3;
+   signal output ofacCheckResult <== SMTVerify(256)(poseidon_hasher.out, smt_leaf_value, smt_root, smt_siblings, 0);
 }
-
-component main { public [ merkle_root,smt_root ] } = OFAC_PASSPORT_NUMBER(16);

circuits/circuits/prove/instances/prove_ecdsa_secp256r1_sha1.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../openpassport_prove.circom";
 
-component main { public [  scope, user_identifier, current_date] } = OPENPASSPORT_PROVE(7, 43, 6, 320, 192);
+component main { public [  scope, user_identifier, current_date] } = OPENPASSPORT_PROVE(7, 43, 6, 320, 192, 20);

circuits/circuits/prove/instances/prove_ecdsa_secp256r1_sha256.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../openpassport_prove.circom";
 
-component main { public [  scope, user_identifier, current_date] } = OPENPASSPORT_PROVE(8, 43, 6, 384, 192);
+component main { public [  scope, user_identifier, current_date] } = OPENPASSPORT_PROVE(8, 43, 6, 384, 192, 20);

circuits/circuits/prove/instances/prove_rsa_65537_sha1.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../openpassport_prove.circom";
 
-component main { public [  scope, user_identifier, current_date] }  = OPENPASSPORT_PROVE(3, 64, 32, 320, 192);
+component main { public [  scope, user_identifier, current_date] }  = OPENPASSPORT_PROVE(3, 64, 32, 320, 192, 20);

circuits/circuits/prove/instances/prove_rsa_65537_sha256.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../openpassport_prove.circom";
 
-component main { public [  scope, user_identifier, current_date] }  = OPENPASSPORT_PROVE(1, 64, 32, 384, 192);
+component main { public [  scope, user_identifier, current_date] }  = OPENPASSPORT_PROVE(1, 64, 32, 384, 192, 20);

circuits/circuits/prove/instances/prove_rsapss_65537_sha256.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../openpassport_prove.circom";
 
-component main { public [  scope, user_identifier, current_date] }  = OPENPASSPORT_PROVE(4, 64, 32, 384, 192);
+component main { public [  scope, user_identifier, current_date] }  = OPENPASSPORT_PROVE(4, 64, 32, 384, 192, 20);

circuits/circuits/prove/openpassport_prove.circom

@@ -5,8 +5,10 @@ include "../utils/passport/computeCommitment.circom";
 include "../utils/passport/signatureAlgorithm.circom";
 include "../utils/passport/passportVerifier.circom";
 include "../disclose/disclose.circom";
+include "../disclose/proveCountryIsNotInList.circom";
+include "../ofac/ofac_name.circom";
 
-template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, MAX_SIGNED_ATTR_PADDED_LEN) {
+template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, MAX_SIGNED_ATTR_PADDED_LEN, FORBIDDEN_COUNTRIES_LIST_LENGTH) {
     var kLengthFactor = getKLengthFactor(signatureAlgorithm);
     var kScaled = k * kLengthFactor;
 
@@ -23,7 +25,15 @@ template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, M
     signal input signed_attr_econtent_hash_offset;
     signal input pubKey[kScaled];
     signal input signature[kScaled];
-    signal input selector_mode; // 0 - disclose, 1 - registration
+    signal input selector_mode[2];
+
+    // ofac check
+    signal input smt_leaf_value;
+    signal input smt_root;
+    signal input smt_siblings[256];
+    signal input selector_ofac;
+    // forbidden countries list
+    signal input forbidden_countries_list[FORBIDDEN_COUNTRIES_LIST_LENGTH * 3];
     // disclose related inputs
     signal input selector_dg1[88];
     signal input selector_older_than;
@@ -37,11 +47,22 @@ template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, M
 
     signal attestation_id <== 1;
 
-    // assert selector_mode is 0 or 1
-    selector_mode * (selector_mode - 1) === 0;
+    signal selectorModeDisclosure <== selector_mode[0];
+    signal selectorModePubKey <== selector_mode[1];
+    signal selectorModeBlindedDscCommitment <== 1 - selector_mode[1];
+    signal selectorModeCommitment <== (1- selector_mode[0]) * (1 - selector_mode[1]);
+    signal isWrongSelectorMode <== IsEqual()([2*selector_mode[0] + selector_mode[1], 1]);
+    isWrongSelectorMode === 0;
+
 
     // verify passport signature
     PassportVerifier(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, MAX_SIGNED_ATTR_PADDED_LEN)(dg1,dg1_hash_offset, dg2_hash, eContent,eContent_padded_length, signed_attr, signed_attr_padded_length, signed_attr_econtent_hash_offset, pubKey, signature);
+    // verify passport is not expired
+    component isValid = IsValid();
+    isValid.currDate <== current_date;
+    for (var i = 0; i < 6; i++) {
+        isValid.validityDateASCII[i] <== dg1[70 + i];
+    }
 
     // nulifier
     signal signatureHashed <== CustomHasher(kScaled)(signature); // generate nullifier
@@ -55,22 +76,39 @@ template OPENPASSPORT_PROVE(signatureAlgorithm, n, k, MAX_ECONTENT_PADDED_LEN, M
     disclose.selector_older_than <== selector_older_than;
     disclose.current_date <== current_date;
     disclose.majority <== majority;
-    signal output revealedData_packed[3] <== disclose.revealedData_packed;
-    signal output older_than[2] <== disclose.older_than;
+
+    signal output revealedData_packed[3];
+    for (var i = 0; i < 3; i++) {
+        revealedData_packed[i] <== disclose.revealedData_packed[i] * selectorModeDisclosure;
+    }
+    signal output older_than[2];
+    for (var i = 0; i < 2; i++) {
+        older_than[i] <== disclose.older_than[i] * selectorModeDisclosure;
+    }
     signal output pubKey_disclosed[kScaled];
     for (var i = 0; i < kScaled; i++) {
-        pubKey_disclosed[i] <== pubKey[i] * (1 - selector_mode);
+        pubKey_disclosed[i] <== pubKey[i] * selectorModePubKey;
+    }
+
+    // COUNTRY IS IN LIST
+    signal forbidden_countries_list_packed[2] <== ProveCountryIsNotInList(FORBIDDEN_COUNTRIES_LIST_LENGTH)(dg1, forbidden_countries_list);
+    signal output forbidden_countries_list_packed_disclosed[2];
+    for (var i = 0; i < 2; i++) {
+        forbidden_countries_list_packed_disclosed[i] <== forbidden_countries_list_packed[i] * selectorModeDisclosure;
     }
 
+    // OFAC
+    signal ofacCheckResult <== OFAC_NAME()(dg1,smt_leaf_value,smt_root,smt_siblings);
+    signal ofacIntermediaryOutput <== ofacCheckResult * selector_ofac;
+    signal output ofac_result <== ofacIntermediaryOutput;
 
     // REGISTRATION (optional)
     // generate the commitment
     signal leaf <== LeafHasher(kScaled)(pubKey, signatureAlgorithm);
     signal commitmentPrivate <== ComputeCommitment()(secret, attestation_id, leaf, dg1, dg2_hash);
-    signal output commitment <== commitmentPrivate * selector_mode;
+    signal output commitment <== commitmentPrivate * selectorModeCommitment;
     // blinded dsc commitment
     signal pubkeyHash <== CustomHasher(kScaled)(pubKey);
     signal blindedDscCommitmenPrivate <== Poseidon(2)([dsc_secret, pubkeyHash]);
-    signal output blinded_dsc_commitment <== blindedDscCommitmenPrivate * selector_mode;
-
+    signal output blinded_dsc_commitment <== blindedDscCommitmenPrivate * selectorModeBlindedDscCommitment;
 }

circuits/circuits/tests/ofac/ofac_name_dob_tester.circom

@@ -0,0 +1,3 @@
+pragma circom 2.1.9;
+include "../../ofac/ofac_name_dob.circom";
+component main { public [ smt_root ] } = OFAC_NAME_DOB();

circuits/circuits/tests/ofac/ofac_name_tester.circom

@@ -0,0 +1,3 @@
+pragma circom 2.1.9;
+include "../../ofac/ofac_name.circom";
+component main { public [ smt_root ] } = OFAC_NAME();

circuits/circuits/tests/ofac/ofac_passport_number_tester.circom

@@ -0,0 +1,3 @@
+pragma circom 2.1.9;
+include "../../ofac/ofac_passport_number.circom";
+component main { public [ smt_root ] } = OFAC_PASSPORT_NUMBER();

circuits/circuits/tests/utils/isValid_tester.circom

@@ -2,16 +2,4 @@ pragma circom  2.1.6;
 
 include "../../utils/passport/date/isValid.circom";
 
-template IsValid_tester() {
-
-    signal input currDate[6];
-    signal input validityDateASCII[6];
-
-    component isValid = IsValid();
-    isValid.currDate <== currDate;
-    isValid.validityDateASCII <== validityDateASCII;
-
-    signal output out <== isValid.out;
-}
-
-component main = IsValid_tester();
+component main = IsValid();

circuits/circuits/tests/utils/proveCountryIsNotInList_tester.circom

@@ -0,0 +1,3 @@
+pragma circom 2.1.9;
+include "../../disclose/proveCountryIsNotInList.circom";
+component main { public [ forbidden_countries_list ] } = ProveCountryIsNotInList(20);