Circuits with different tree sizes for the trusted setup ceremony

circuits/authV3-8-32.circom

@@ -0,0 +1,16 @@
+pragma circom 2.1.1;
+
+include "auth/authV3.circom";
+
+/*
+* The identity authorization circuit.
+* User ownership of the identity verified by signed challenge.
+* Auth claim should be in the user state and not revoked.
+* User state should be genesis or added to the global state tree (available in the smart contract).
+* The state is verified out of circuits by a verifier.
+* public signals:
+    - userID
+    - challenge
+    - gistRoot
+*/
+component main {public [challenge, gistRoot]} = AuthV3(8, 32); // IdOwnershipLevels, onChainLevels

circuits/authV3.circom

@@ -13,4 +13,4 @@ include "auth/authV3.circom";
     - challenge
     - gistRoot
 */
-component main {public [challenge, gistRoot]} = AuthV3(40, 64);
+component main {public [challenge, gistRoot]} = AuthV3(40, 64); // IdOwnershipLevels, onChainLevels

circuits/credentialAtomicQueryV3-16-16-64.circom

@@ -0,0 +1,27 @@
+pragma circom 2.1.1;
+
+include "offchain/credentialAtomicQueryV3OffChain.circom";
+
+/*
+ public output signals:
+ userID - user profile id
+ merklized - `1` if claim is merklized
+ issuerState - equals to issuerAuthState for sig, and to issuerClaimIdenState for mtp
+ nullifier - sybil resistant user identifier for session id
+ linkID - linked proof identifier
+*/
+component main{public [requestID,
+                       issuerID,
+                       issuerClaimNonRevState,
+                       claimSchema,
+                       slotIndex,
+                       claimPathKey,
+                       operator,
+                       value,
+                       valueArraySize,
+                       timestamp, 
+                       isRevocationChecked,
+                       proofType,
+                       verifierID,
+                       nullifierSessionID
+                       ]} = credentialAtomicQueryV3OffChain(16, 16, 64); // issuerLevels, claimLevels, maxValueArraySize

circuits/credentialAtomicQueryV3.circom

@@ -24,4 +24,4 @@ component main{public [requestID,
                        proofType,
                        verifierID,
                        nullifierSessionID
-                       ]} = credentialAtomicQueryV3OffChain(40, 32, 64);
+                       ]} = credentialAtomicQueryV3OffChain(40, 32, 64); // issuerLevels, claimLevels, maxValueArraySize

circuits/credentialAtomicQueryV3OnChain-16-16-64-16-32.circom

@@ -0,0 +1,21 @@
+pragma circom 2.1.1;
+
+include "./onchain/credentialAtomicQueryV3OnChain.circom";
+
+/*
+ public output signals:
+ userID - user profile id
+ merklized - `1` if claim is merklized
+ issuerState - equals to issuerAuthState for sig, and to issuerClaimIdenState for mtp
+ nullifier - sybil resistant user identifier for session id
+ linkID - linked proof identifier
+*/
+component main{public [requestID,
+                       issuerID,
+                       issuerClaimNonRevState,
+                       timestamp,
+                       challenge,
+                       gistRoot,
+                       proofType,
+                       isBJJAuthEnabled
+                       ]} = credentialAtomicQueryV3OnChain(16, 16, 64, 16, 32); // issuerLevels, claimLevels, maxValueArraySize, idOwnershipLevels, onChainLevels

circuits/credentialAtomicQueryV3OnChain.circom

@@ -18,4 +18,4 @@ component main{public [requestID,
                        gistRoot,
                        proofType,
                        isBJJAuthEnabled
-                       ]} = credentialAtomicQueryV3OnChain(40, 32, 64, 40, 64);
+                       ]} = credentialAtomicQueryV3OnChain(40, 32, 64, 40, 64); // issuerLevels, claimLevels, maxValueArraySize, idOwnershipLevels, onChainLevels

circuits/credentialAtomicQueryV3Universal-16-16-64.circom

@@ -0,0 +1,28 @@
+pragma circom 2.1.1;
+
+include "universal/credentialAtomicQueryV3Universal.circom";
+
+/*
+public outputsignal s:
+userID - user profile id
+merklized - `1` if claim is merklized
+issuerState - equals to issuerAuthState for sig, and to issuerClaimIdenState for mtp
+nullifier - sybil resistant user identifier for session id
+linkID - linked proof identifier
+circuitQueryHash - hash of the query
+*/
+component main{public [requestID,
+    issuerID,
+    issuerClaimNonRevState,
+    claimSchema,
+    slotIndex,
+    claimPathKey,
+    operator,
+    value,
+    valueArraySize,
+    timestamp,
+    isRevocationChecked,
+    proofType,
+    verifierID,
+    nullifierSessionID
+]} = credentialAtomicQueryV3Universal(16, 16, 64); // issuerLevels, claimLevels, maxValueArraySize

circuits/credentialAtomicQueryV3Universal.circom

@@ -0,0 +1,28 @@
+pragma circom 2.1.1;
+
+include "universal/credentialAtomicQueryV3Universal.circom";
+
+/*
+public outputsignal s:
+userID - user profile id
+merklized - `1` if claim is merklized
+issuerState - equals to issuerAuthState for sig, and to issuerClaimIdenState for mtp
+nullifier - sybil resistant user identifier for session id
+linkID - linked proof identifier
+circuitQueryHash - hash of the query
+*/
+component main{public [requestID,
+    issuerID,
+    issuerClaimNonRevState,
+    claimSchema,
+    slotIndex,
+    claimPathKey,
+    operator,
+    value,
+    valueArraySize,
+    timestamp,
+    isRevocationChecked,
+    proofType,
+    verifierID,
+    nullifierSessionID
+]} = credentialAtomicQueryV3Universal(40, 32, 64); // issuerLevels, claimLevels, maxValueArraySize

circuits/lib/stateTransition.circom

@@ -10,7 +10,7 @@ include "../../node_modules/circomlib/circuits/smt/smtprocessor.circom";
 include "utils/safeOne.circom";
 include "idOwnership.circom";
 
-template StateTransition(IdOwnershipLevels) {
+template StateTransitionV3(IdOwnershipLevels) {
     signal input userID;
     signal input oldUserState;
     signal input newUserState;

circuits/linkedMultiQuery10.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.1;
 
 include "linked/multiQuery.circom";
 
-component main = LinkedMultiQuery(10, 32, 64); // 175331 constraints
+component main = LinkedMultiQuery(10, 32, 64); // N, claimLevels, maxValueArraySize

circuits/linkedMultiQuery3.circom

@@ -0,0 +1,5 @@
+pragma circom 2.1.1;
+
+include "linked/multiQuery.circom";
+
+component main = LinkedMultiQuery(3, 32, 64); // N, claimLevels, maxValueArraySize

circuits/linkedMultiQuery5.circom

@@ -0,0 +1,5 @@
+pragma circom 2.1.1;
+
+include "linked/multiQuery.circom";
+
+component main = LinkedMultiQuery(5, 32, 64); // N, claimLevels, maxValueArraySize

circuits/offchain/credentialAtomicQueryV3OffChain.circom

@@ -98,7 +98,7 @@ template credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, maxValueArra
     // get safe one values to be used in ForceEqualIfEnabled
     signal {binary} one <== SafeOne()(userGenesisID);
 
-    /////////////////////////////////////////////////////////////////
+   /////////////////////////////////////////////////////////////////
     // Claim Verification (id, schema, expiration, issuance, revocation)
     /////////////////////////////////////////////////////////////////
 
@@ -250,6 +250,10 @@ template credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, maxValueArra
     // Link ID calculation
     /////////////////////////////////////////////////////////////////
     linkID <== LinkID()(issuerClaimHash, linkNonce); // 243 constraints
+
+    // dummy constraints
+    signal tmp <== requestID * requestID;
+    signal tmp2 <== issuerID * issuerID;
 }
 
 template sigFlow(issuerLevels) {

circuits/stateTransition.circom → circuits/stateTransitionV3.circom

@@ -2,4 +2,4 @@ pragma circom 2.1.1;
 
 include "lib/stateTransition.circom";
 
-component main {public [userID,oldUserState,newUserState,isOldStateGenesis]} = StateTransition(40);
+component main {public [userID,oldUserState,newUserState,isOldStateGenesis]} = StateTransitionV3(40);

circuits/universal/credentialAtomicQueryV3Universal.circom

@@ -0,0 +1,200 @@
+pragma circom 2.1.1;
+include "../../node_modules/circomlib/circuits/mux1.circom";
+include "../../node_modules/circomlib/circuits/bitify.circom";
+include "../../node_modules/circomlib/circuits/comparators.circom";
+include "../../node_modules/circomlib/circuits/poseidon.circom";
+include "../lib/query/comparators.circom";
+include "../lib/query/query.circom";
+include "../lib/utils/idUtils.circom";
+include "../lib/utils/spongeHash.circom";
+include "../offchain/credentialAtomicQueryV3OffChain.circom";
+include "../lib/utils/queryHash.circom";
+include "../lib/utils/tags-managing.circom";
+
+/**
+credentialAtomicQueryV3Universal.circom - query claim value and verify claim issuer signature or mtp, and query hash
+
+issuerLevels - Merkle tree depth level for claims issued by the issuer
+claimLevels - Merkle tree depth level for claim JSON-LD document
+maxValueArraySize - Number of elements in comparison array for in/notin operation if level = 3 number of values for
+comparison ["1", "2", "3"]
+*/
+
+template credentialAtomicQueryV3Universal(issuerLevels, claimLevels, maxValueArraySize) {
+    // userID outputsignal will be assigned with ProfileID SelectProfile(UserGenesisID, nonce)
+    // unless nonce =  = 0, in which case userID will be assigned with userGenesisID
+    signal output userID;
+
+    // circuits query Hash
+    signal output circuitQueryHash;
+
+    signal input proofType;  // sig 1, mtp 2
+
+    // we have no constraints for "requestID" in this circuit, it is used as a unique identifier for the request
+    // and verifier can use it to identify the request, and verify the proof of specific request in case of multiple query requests
+    signal input requestID;
+
+    /* userID ownershipsignal s */
+    signal input userGenesisID;
+    signal input profileNonce; /* random number */
+
+    /* issuerClaimsignal s */
+    signal input claimSubjectProfileNonce; // nonce of the profile that claim is issued to, 0 if claim is issued to genesisID
+
+    // issuer ID
+    signal input issuerID;
+
+    // claim issued by issuer to the user
+    signal input issuerClaim[8];
+
+    // issuerClaim non rev inputs
+    signal input isRevocationChecked;
+    signal input issuerClaimNonRevMtp[issuerLevels];
+    signal input issuerClaimNonRevMtpNoAux;
+    signal input issuerClaimNonRevMtpAuxHi;
+    signal input issuerClaimNonRevMtpAuxHv;
+    signal input issuerClaimNonRevClaimsTreeRoot;
+    signal input issuerClaimNonRevRevTreeRoot;
+    signal input issuerClaimNonRevRootsTreeRoot;
+    signal input issuerClaimNonRevState;
+
+    /* current time */
+    signal input timestamp;
+
+    /** Query */
+    signal input claimSchema;
+
+    signal input claimPathMtp[claimLevels];
+    signal input claimPathMtpNoAux; // 1 if aux node is empty, 0 if non-empty or for inclusion proofs
+    signal input claimPathMtpAuxHi; // 0 for inclusion proof
+    signal input claimPathMtpAuxHv; // 0 for inclusion proof
+    signal input claimPathKey; // hash of path in merklized json-ld document
+    signal input claimPathValue; // value in this path in merklized json-ld document
+
+    signal input slotIndex;
+    signal input operator;
+    signal input value[maxValueArraySize];
+    signal input valueArraySize;
+
+    // MTP specific
+    signal input issuerClaimMtp[issuerLevels];
+    signal input issuerClaimClaimsTreeRoot;
+    signal input issuerClaimRevTreeRoot;
+    signal input issuerClaimRootsTreeRoot;
+    signal input issuerClaimIdenState;
+
+    // Sig specific
+    signal input issuerAuthClaim[8];
+    signal input issuerAuthClaimMtp[issuerLevels];
+    signal input issuerAuthClaimsTreeRoot;
+    signal input issuerAuthRevTreeRoot;
+    signal input issuerAuthRootsTreeRoot;
+    signal input issuerAuthState;
+    signal input issuerAuthClaimNonRevMtp[issuerLevels];
+    signal input issuerAuthClaimNonRevMtpNoAux;
+    signal input issuerAuthClaimNonRevMtpAuxHi;
+    signal input issuerAuthClaimNonRevMtpAuxHv;
+    signal input issuerClaimSignatureR8x;
+    signal input issuerClaimSignatureR8y;
+    signal input issuerClaimSignatureS;
+
+    // Issuer State to be checked outside of the circuit
+    // in case of MTP proof issuerState = issuerClaimIdenState
+    // in case of Sig proof issuerState = issuerAuthState
+    signal output issuerState;
+
+    // Private random nonce, used to generate LinkID
+    signal input linkNonce;
+    signal output linkID;
+
+    // Identifier of the verifier
+    signal input verifierID;
+
+    // nullifier input & outputsignal s
+    signal input nullifierSessionID;
+    signal output nullifier;
+
+    // Modifier/Computation Operator output ($sd, $nullify)
+    signal output operatorOutput;
+
+    // flag indicates if merklized flag set in issuer claim (if set MTP is used to verify that
+    // claimPathValue and claimPathKey are stored in the merkle tree) and verification is performed
+    // on root stored in the index or value slot
+    // if it is not set verification is performed on according to the slotIndex. Value selected from the
+    // provided slot. For example if slotIndex is `1` value gets from `i_1` slot. If `4` from `v_1`.
+signal {binary} merklized;
+
+    /////////////////////////////////////////////////////////////////
+    // Claim checks
+    /////////////////////////////////////////////////////////////////
+
+    (merklized, userID, issuerState, linkID, nullifier, operatorOutput) <== credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, maxValueArraySize)(
+    proofType <== proofType,
+    requestID <== requestID,
+    userGenesisID <== userGenesisID,
+    profileNonce <== profileNonce,
+    claimSubjectProfileNonce <== claimSubjectProfileNonce,
+    issuerID <== issuerID,
+    isRevocationChecked <== isRevocationChecked,
+    issuerClaimNonRevMtp <== issuerClaimNonRevMtp,
+    issuerClaimNonRevMtpNoAux <== issuerClaimNonRevMtpNoAux,
+    issuerClaimNonRevMtpAuxHi <== issuerClaimNonRevMtpAuxHi,
+    issuerClaimNonRevMtpAuxHv <== issuerClaimNonRevMtpAuxHv,
+    issuerClaimNonRevClaimsTreeRoot <== issuerClaimNonRevClaimsTreeRoot,
+    issuerClaimNonRevRevTreeRoot <== issuerClaimNonRevRevTreeRoot,
+    issuerClaimNonRevRootsTreeRoot <== issuerClaimNonRevRootsTreeRoot,
+    issuerClaimNonRevState <== issuerClaimNonRevState,
+    timestamp <== timestamp,
+    claimSchema <== claimSchema,
+    claimPathMtp <== claimPathMtp,
+    claimPathMtpNoAux <== claimPathMtpNoAux,
+    claimPathMtpAuxHi <== claimPathMtpAuxHi,
+    claimPathMtpAuxHv <== claimPathMtpAuxHv,
+    claimPathKey <== claimPathKey,
+    claimPathValue <== claimPathValue,
+    slotIndex <== slotIndex,
+    operator <== operator,
+    value <== value,
+    valueArraySize <== valueArraySize,
+    issuerClaim <== issuerClaim,
+    issuerClaimMtp <== issuerClaimMtp,
+    issuerClaimClaimsTreeRoot <== issuerClaimClaimsTreeRoot,
+    issuerClaimRevTreeRoot <== issuerClaimRevTreeRoot,
+    issuerClaimRootsTreeRoot <== issuerClaimRootsTreeRoot,
+    issuerClaimIdenState <== issuerClaimIdenState,
+    issuerAuthClaim <== issuerAuthClaim,
+    issuerAuthClaimMtp <== issuerAuthClaimMtp,
+    issuerAuthClaimsTreeRoot <== issuerAuthClaimsTreeRoot,
+    issuerAuthRevTreeRoot <== issuerAuthRevTreeRoot,
+    issuerAuthRootsTreeRoot <== issuerAuthRootsTreeRoot,
+    issuerAuthState <== issuerAuthState,
+    issuerAuthClaimNonRevMtp <== issuerAuthClaimNonRevMtp,
+    issuerAuthClaimNonRevMtpNoAux <== issuerAuthClaimNonRevMtpNoAux,
+    issuerAuthClaimNonRevMtpAuxHi <== issuerAuthClaimNonRevMtpAuxHi,
+    issuerAuthClaimNonRevMtpAuxHv <== issuerAuthClaimNonRevMtpAuxHv,
+    issuerClaimSignatureR8x <== issuerClaimSignatureR8x,
+    issuerClaimSignatureR8y <== issuerClaimSignatureR8y,
+    issuerClaimSignatureS <== issuerClaimSignatureS,
+    linkNonce <== linkNonce,
+    verifierID <== verifierID,
+    nullifierSessionID <== nullifierSessionID
+    );
+
+    /////////////////////////////////////////////////////////////////
+    // Verify query hash matches
+    /////////////////////////////////////////////////////////////////
+
+    circuitQueryHash <== QueryHash(maxValueArraySize)(
+    value,
+    claimSchema,
+    slotIndex,
+    operator,
+    claimPathKey,
+    valueArraySize,
+    merklized,
+    isRevocationChecked,
+    verifierID,
+    nullifierSessionID
+    );
+
+}