add circuit test

plugin/dapp/mix/cmd/gnark/circuit/authorize.go

@@ -5,6 +5,7 @@ import (
 	"github.com/consensys/gnark/frontend"
 	"github.com/consensys/gnark/gadgets/hash/mimc"
 	"github.com/consensys/gurvy"
+	"strconv"
 )
 
 func main() {
@@ -38,53 +39,69 @@ func NewAuth() *frontend.R1CS {
 	// create root constraint system
 	circuit := frontend.New()
 
-	spendValue := circuit.SECRET_INPUT("spendAmount")
+	spendAmount := circuit.SECRET_INPUT("spendAmount")
 
 	//spend pubkey
-	spendPubkey := circuit.SECRET_INPUT("spendPubKey")
-	returnPubkey := circuit.SECRET_INPUT("returnPubKey")
-	authPubkey := circuit.SECRET_INPUT("authorizePubKey")
-	authorizePrikey := circuit.SECRET_INPUT("authorizePriKey")
+	spendPubKey := circuit.SECRET_INPUT("spendPubKey")
+	returnPubKey := circuit.SECRET_INPUT("returnPubKey")
+	authorizePriKey := circuit.SECRET_INPUT("authorizePriKey")
+	noteRandom := circuit.SECRET_INPUT("noteRandom")
+
+	authPubKey := circuit.PUBLIC_INPUT("authorizePubKey")
+	authorizeHash := circuit.PUBLIC_INPUT("authorizeHash")
 
-	authPubHashInput := circuit.PUBLIC_INPUT("authorizePubKey")
 	// hash function
 	mimc, _ := mimc.NewMiMCGadget("seed", gurvy.BN256)
-	calcAuthPubHash := mimc.Hash(&circuit, authorizePrikey)
-	circuit.MUSTBE_EQ(authPubkey, calcAuthPubHash)
-	circuit.MUSTBE_EQ(authPubHashInput, mimc.Hash(&circuit, authPubkey))
+	calcAuthPubKey := mimc.Hash(&circuit, authorizePriKey)
+	circuit.MUSTBE_EQ(authPubKey, calcAuthPubKey)
+
+	circuit.MUSTBE_EQ(authorizeHash, mimc.Hash(&circuit, authPubKey, noteRandom))
 
 	//note hash random
-	noteRandom := circuit.SECRET_INPUT("noteRandom")
 	authSpendHash := circuit.PUBLIC_INPUT("authorizeSpendHash")
 	//spend_flag 0：return_pubkey, 1:  spend_pubkey
 	spendFlag := circuit.SECRET_INPUT("spendFlag")
 	circuit.MUSTBE_BOOLEAN(spendFlag)
-	targetPubHash := circuit.SELECT(spendFlag, spendPubkey, returnPubkey)
-	calcAuthSpendHash := mimc.Hash(&circuit, targetPubHash, spendValue, noteRandom)
+	targetPubHash := circuit.SELECT(spendFlag, spendPubKey, returnPubKey)
+	calcAuthSpendHash := mimc.Hash(&circuit, targetPubHash, spendAmount, noteRandom)
 	circuit.MUSTBE_EQ(authSpendHash, calcAuthSpendHash)
 
 	//通过merkle tree保证noteHash存在，即便return,auth都是null也是存在的，则可以不经过授权即可消费
-	//preImage=hash(spendPubkey, returnPubkey,AuthPubkey,spendValue,noteRandom)
-	noteHash := circuit.SECRET_INPUT("noteHash")
 	// specify note hash constraint
-	preImage := mimc.Hash(&circuit, spendPubkey, returnPubkey, authPubkey, spendValue, noteRandom)
-	circuit.MUSTBE_EQ(noteHash, mimc.Hash(&circuit, preImage))
-
-	merkelPathPart(&circuit, mimc, noteHash)
+	preImage := mimc.Hash(&circuit, spendPubKey, returnPubKey, authPubKey, spendAmount, noteRandom)
+	merkelPathPart(&circuit, mimc, preImage)
 
 	r1cs := circuit.ToR1CS()
 
 	return r1cs
 }
 
+func merkelPathPart(circuit *frontend.CS, mimc mimc.MiMCGadget, noteHash *frontend.Constraint) {
+	var proofSet, helper, valid []*frontend.Constraint
+	merkleRoot := circuit.PUBLIC_INPUT("treeRootHash")
+	proofSet = append(proofSet, noteHash)
+	//helper[0],valid[0]占位， 方便接口只设置有效值
+	helper = append(helper, circuit.ALLOCATE("1"))
+	valid = append(valid, circuit.ALLOCATE("1"))
+
+	//depth:10, path num need be 9
+	for i := 1; i < 10; i++ {
+		proofSet = append(proofSet, circuit.SECRET_INPUT("path"+strconv.Itoa(i)))
+		helper = append(helper, circuit.SECRET_INPUT("helper"+strconv.Itoa(i)))
+		valid = append(valid, circuit.SECRET_INPUT("valid"+strconv.Itoa(i)))
+	}
+
+	VerifyMerkleProof(circuit, mimc, merkleRoot, proofSet, helper, valid)
+}
+
 func VerifyMerkleProof(circuit *frontend.CS, h mimc.MiMCGadget, merkleRoot *frontend.Constraint, proofSet, helper, valid []*frontend.Constraint) {
 
 	sum := leafSum(circuit, h, proofSet[0])
 
 	for i := 1; i < len(proofSet); i++ {
-		circuit.MUSTBE_BOOLEAN(helper[i-1])
-		d1 := circuit.SELECT(helper[i-1], sum, proofSet[i])
-		d2 := circuit.SELECT(helper[i-1], proofSet[i], sum)
+		circuit.MUSTBE_BOOLEAN(helper[i])
+		d1 := circuit.SELECT(helper[i], sum, proofSet[i])
+		d2 := circuit.SELECT(helper[i], proofSet[i], sum)
 		rst := nodeSum(circuit, h, d1, d2)
 		sum = circuit.SELECT(valid[i], rst, sum)
 	}

plugin/dapp/mix/cmd/gnark/circuit/authorize_test.go

+package main
+
+import (
+	"testing"
+
+	backend_bn256 "github.com/consensys/gnark/backend/bn256"
+
+	"github.com/consensys/gnark/backend"
+	"github.com/consensys/gnark/backend/bn256/groth16"
+)
+
+/*
+public:
+	treeRootHash
+	authorizePubKey
+	authorizeHash(=hash(authpubkey+noterandom))
+	authorizeSpendHash(=hash(spendpub+value+noterandom))
+
+private:
+	spendAmount
+	spendPubKey
+	returnPubKey
+	authorizePriKey
+	spendFlag
+	noteRandom
+
+	path...
+	helper...
+	valid...
+*/
+func TestAuthorizeSpend(t *testing.T) {
+
+	assert := groth16.NewAssert(t)
+
+	r1cs := NewAuth()
+	r1csBN256 := backend_bn256.Cast(r1cs)
+	{
+		good := backend.NewAssignment()
+		good.Assign(backend.Public, "treeRootHash", "10531321614990797034921282585661869614556487056951485265320464926630499341310")
+		good.Assign(backend.Public, "authorizePubKey", "13519883267141251871527102103999205179714486518503885909948192364772977661583")
+		good.Assign(backend.Public, "authorizeHash", "1267825436937766239630340333349685320927256968591056373125946583184548355070")
+		good.Assign(backend.Public, "authorizeSpendHash", "14468512365438613046028281588661351435476168610934165547900473609197783547663")
+
+		good.Assign(backend.Secret, "spendAmount", "28242048")
+		good.Assign(backend.Secret, "spendPubKey", "13735985067536865723202617343666111332145536963656464451727087263423649028705")
+		good.Assign(backend.Secret, "returnPubKey", "16067249407809359746114321133992130903102335882983385972747813693681808870497")
+		good.Assign(backend.Secret, "authorizePriKey", "17822967620457187568904804290291537271142779717280482398091401115827760898835")
+		good.Assign(backend.Secret, "spendFlag", "1")
+		good.Assign(backend.Secret, "noteRandom", "2824204835")
+
+		//nodehash="16308793397024662832064523892418908145900866571524124093537199035808550255649"
+		good.Assign(backend.Secret, "path1", "19561523370160677851616596032513161448778901506614020103852017946679781620105")
+		good.Assign(backend.Secret, "path2", "13898857070666440684265042188056372750257678232709763835292910585848522658637")
+		good.Assign(backend.Secret, "path3", "15019169196974879571470243100379529757970866395477207575033769902587972032431")
+		good.Assign(backend.Secret, "path4", "0")
+		good.Assign(backend.Secret, "path5", "0")
+		good.Assign(backend.Secret, "path6", "0")
+		good.Assign(backend.Secret, "path7", "0")
+		good.Assign(backend.Secret, "path8", "0")
+		good.Assign(backend.Secret, "path9", "0")
+
+		good.Assign(backend.Secret, "helper1", "1")
+		good.Assign(backend.Secret, "helper2", "1")
+		good.Assign(backend.Secret, "helper3", "1")
+		good.Assign(backend.Secret, "helper4", "0")
+		good.Assign(backend.Secret, "helper5", "0")
+		good.Assign(backend.Secret, "helper6", "0")
+		good.Assign(backend.Secret, "helper7", "0")
+		good.Assign(backend.Secret, "helper8", "0")
+		good.Assign(backend.Secret, "helper9", "0")
+
+		good.Assign(backend.Secret, "valid1", "1")
+		good.Assign(backend.Secret, "valid2", "1")
+		good.Assign(backend.Secret, "valid3", "1")
+		good.Assign(backend.Secret, "valid4", "0")
+		good.Assign(backend.Secret, "valid5", "0")
+		good.Assign(backend.Secret, "valid6", "0")
+		good.Assign(backend.Secret, "valid7", "0")
+		good.Assign(backend.Secret, "valid8", "0")
+		good.Assign(backend.Secret, "valid9", "0")
+
+		assert.Solved(&r1csBN256, good, nil)
+	}
+
+}

plugin/dapp/mix/cmd/gnark/circuit/deposit.go

@@ -19,9 +19,9 @@ public:
 	amount
 
 private:
-	spendPubkey
-	returnPubkey
-	authorizePubkey
+	spendPubKey
+	returnPubKey
+	authorizePubKey
 	noteRandom
 
 */
@@ -34,9 +34,9 @@ func NewDeposit() *frontend.R1CS {
 	spendValue := circuit.PUBLIC_INPUT("amount")
 
 	//spend pubkey
-	spendPubkey := circuit.SECRET_INPUT("spendPubkey")
-	returnPubkey := circuit.SECRET_INPUT("returnPubkey")
-	authPubkey := circuit.SECRET_INPUT("authorizePubkey")
+	spendPubkey := circuit.SECRET_INPUT("spendPubKey")
+	returnPubkey := circuit.SECRET_INPUT("returnPubKey")
+	authPubkey := circuit.SECRET_INPUT("authorizePubKey")
 
 	// hash function
 	mimc, _ := mimc.NewMiMCGadget("seed", gurvy.BN256)
@@ -49,7 +49,7 @@ func NewDeposit() *frontend.R1CS {
 	noteHash := circuit.PUBLIC_INPUT("noteHash")
 	// specify note hash constraint
 	preImage := mimc.Hash(&circuit, spendPubkey, returnPubkey, authPubkey, spendValue, noteRandom)
-	circuit.MUSTBE_EQ(noteHash, mimc.Hash(&circuit, preImage))
+	circuit.MUSTBE_EQ(noteHash, preImage)
 
 	r1cs := circuit.ToR1CS()
 

plugin/dapp/mix/cmd/gnark/circuit/deposit_test.go

+package main
+
+import (
+	"testing"
+
+	backend_bn256 "github.com/consensys/gnark/backend/bn256"
+
+	"github.com/consensys/gnark/backend"
+	"github.com/consensys/gnark/backend/bn256/groth16"
+)
+
+/*
+public:
+	nodeHash
+	amount
+
+private:
+	spendPubkey
+	returnPubkey
+	authorizePubkey
+	noteRandom
+
+*/
+
+func TestDeposit(t *testing.T) {
+
+	assert := groth16.NewAssert(t)
+
+	//spend prikey="10190477835300927557649934238820360529458681672073866116232821892325659279502"
+	//spend pubkey="13735985067536865723202617343666111332145536963656464451727087263423649028705"
+
+	//return prikey="7969140283216448215269095418467361784159407896899334866715345504515077887397"
+	//return pubkey="16067249407809359746114321133992130903102335882983385972747813693681808870497"
+
+	//authorize prikey="17822967620457187568904804290291537271142779717280482398091401115827760898835"
+	//authorize pubkey="13519883267141251871527102103999205179714486518503885909948192364772977661583"
+
+	r1cs := NewDeposit()
+	r1csBN256 := backend_bn256.Cast(r1cs)
+	{
+		good := backend.NewAssignment()
+		good.Assign(backend.Public, "noteHash", "16308793397024662832064523892418908145900866571524124093537199035808550255649")
+		good.Assign(backend.Public, "amount", "28242048")
+
+		good.Assign(backend.Secret, "spendPubKey", "13735985067536865723202617343666111332145536963656464451727087263423649028705")
+		good.Assign(backend.Secret, "returnPubKey", "16067249407809359746114321133992130903102335882983385972747813693681808870497")
+		good.Assign(backend.Secret, "authorizePubKey", "13519883267141251871527102103999205179714486518503885909948192364772977661583")
+		good.Assign(backend.Secret, "noteRandom", "2824204835")
+
+		assert.Solved(&r1csBN256, good, nil)
+	}
+
+}

plugin/dapp/mix/cmd/gnark/circuit/transferInput.go

 package main
 
 import (
-	"strconv"
-
 	"github.com/consensys/gnark/encoding/gob"
 	"github.com/consensys/gnark/frontend"
 	twistededwards_gadget "github.com/consensys/gnark/gadgets/algebra/twistededwards"
@@ -48,10 +46,10 @@ func NewTransferInput() *frontend.R1CS {
 	spendValue := circuit.SECRET_INPUT("spendAmount")
 
 	//spend pubkey
-	spendPubkey := circuit.SECRET_INPUT("spendPubkey")
-	returnPubkey := circuit.SECRET_INPUT("returnPubkey")
-	authPubkey := circuit.SECRET_INPUT("authorizePubkey")
-	spendPrikey := circuit.SECRET_INPUT("spendPrikey")
+	spendPubkey := circuit.SECRET_INPUT("spendPubKey")
+	returnPubkey := circuit.SECRET_INPUT("returnPubKey")
+	authPubkey := circuit.SECRET_INPUT("authorizePubKey")
+	spendPrikey := circuit.SECRET_INPUT("spendPriKey")
 	//spend_flag 0：return_pubkey, 1:  spend_pubkey
 	spendFlag := circuit.SECRET_INPUT("spendFlag")
 	circuit.MUSTBE_BOOLEAN(spendFlag)
@@ -69,25 +67,29 @@ func NewTransferInput() *frontend.R1CS {
 	noteRandom := circuit.SECRET_INPUT("noteRandom")
 
 	//need check in database if not null
-	authHash := circuit.PUBLIC_INPUT("authorizeHash")
+	authHash := circuit.PUBLIC_INPUT("authorizeSpendHash")
 
-	nullValue := circuit.ALLOCATE("null")
-	// specify auth hash constraint
-	calcAuthHash := mimc.Hash(&circuit, targetPubHash, spendValue, noteRandom)
-	targetAuthHash := circuit.SELECT(authFlag, calcAuthHash, nullValue)
+	nullValue := circuit.ALLOCATE(0)
+	//// specify auth hash constraint
+	calcAuthSpendHash := mimc.Hash(&circuit, targetPubHash, spendValue, noteRandom)
+	targetAuthHash := circuit.SELECT(authFlag, calcAuthSpendHash, nullValue)
 	circuit.MUSTBE_EQ(authHash, targetAuthHash)
 
+	//need check in database if not null
+	nullifierHash := circuit.PUBLIC_INPUT("nullifierHash")
+	calcNullifierHash := mimc.Hash(&circuit, noteRandom)
+	circuit.MUSTBE_EQ(nullifierHash, calcNullifierHash)
+
 	//通过merkle tree保证noteHash存在，即便return,auth都是null也是存在的，则可以不经过授权即可消费
-	//preImage=hash(spendPubkey, returnPubkey,AuthPubkey,spendValue,noteRandom)
 	noteHash := circuit.SECRET_INPUT("noteHash")
 	calcReturnPubkey := circuit.SELECT(authFlag, returnPubkey, nullValue)
 	calcAuthPubkey := circuit.SELECT(authFlag, authPubkey, nullValue)
 	// specify note hash constraint
 	preImage := mimc.Hash(&circuit, spendPubkey, calcReturnPubkey, calcAuthPubkey, spendValue, noteRandom)
-	circuit.MUSTBE_EQ(noteHash, mimc.Hash(&circuit, preImage))
+	circuit.MUSTBE_EQ(noteHash, preImage)
 
 	commitValuePart(&circuit, spendValue)
-	merkelPathPart(&circuit, mimc, noteHash)
+	merkelPathPart(&circuit, mimc, preImage)
 
 	r1cs := circuit.ToR1CS()
 
@@ -131,18 +133,3 @@ func commitValuePart(circuit *frontend.CS, spendValue *frontend.Constraint) {
 	circuit.MUSTBE_EQ(cmtvalueX, pointSumSnark.X)
 	circuit.MUSTBE_EQ(cmtvalueY, pointSumSnark.Y)
 }
-
-func merkelPathPart(circuit *frontend.CS, mimc mimc.MiMCGadget, noteHash *frontend.Constraint) {
-	var proofSet, helper, valid []*frontend.Constraint
-	merkleRoot := circuit.PUBLIC_INPUT("treeRootHash")
-	proofSet = append(proofSet, noteHash)
-
-	//depth:10, path num need be 9
-	for i := 1; i < 10; i++ {
-		proofSet = append(proofSet, circuit.SECRET_INPUT("path"+strconv.Itoa(i)))
-		helper = append(helper, circuit.SECRET_INPUT("helper"+strconv.Itoa(i)))
-		valid = append(valid, circuit.SECRET_INPUT("valid"+strconv.Itoa(i)))
-	}
-
-	VerifyMerkleProof(circuit, mimc, merkleRoot, proofSet, helper, valid)
-}

plugin/dapp/mix/cmd/gnark/circuit/transferOutput.go

@@ -51,7 +51,7 @@ func NewTransferOutput() *frontend.R1CS {
 	noteHash := circuit.SECRET_INPUT("noteHash")
 	// specify note hash constraint
 	preImage := mimc.Hash(&circuit, spendPubkey, returnPubkey, authPubkey, spendValue, noteRandom)
-	circuit.MUSTBE_EQ(noteHash, mimc.Hash(&circuit, preImage))
+	circuit.MUSTBE_EQ(noteHash, preImage)
 
 	commitValuePart(&circuit, spendValue)
 

plugin/dapp/mix/cmd/gnark/circuit/transferOutput_test.go

+package main
+
+import (
+	"testing"
+
+	backend_bn256 "github.com/consensys/gnark/backend/bn256"
+
+	"github.com/consensys/gnark/backend"
+	"github.com/consensys/gnark/backend/bn256/groth16"
+)
+
+/*
+public:
+	commitValueX
+	commitValueY
+	nodeHash
+
+private:
+	spendAmount
+	spendRandom
+	spendPubKey
+	returnPubKey
+	authorizePubKey
+	noteRandom
+
+*/
+func TestTransferOutput(t *testing.T) {
+
+	assert := groth16.NewAssert(t)
+
+	r1cs := NewTransferOutput()
+	r1csBN256 := backend_bn256.Cast(r1cs)
+	{
+		good := backend.NewAssignment()
+		good.Assign(backend.Public, "commitValueX", "14087975867275911077371231345227824611951436822132762463787130558957838320348")
+		good.Assign(backend.Public, "commitValueY", "15113519960384204624879642069520481336224311978035289236693658603675385299879")
+		good.Assign(backend.Public, "nodeHash", "16308793397024662832064523892418908145900866571524124093537199035808550255649")
+
+		good.Assign(backend.Secret, "spendAmount", "28242048")
+		good.Assign(backend.Secret, "spendRandom", "35")
+
+		good.Assign(backend.Secret, "spendPubKey", "13735985067536865723202617343666111332145536963656464451727087263423649028705")
+		good.Assign(backend.Secret, "returnPubKey", "16067249407809359746114321133992130903102335882983385972747813693681808870497")
+		good.Assign(backend.Secret, "authorizePubKey", "13519883267141251871527102103999205179714486518503885909948192364772977661583")
+
+		good.Assign(backend.Secret, "noteRandom", "2824204835")
+
+		good.Assign(backend.Secret, "noteHash", "16308793397024662832064523892418908145900866571524124093537199035808550255649")
+
+		assert.Solved(&r1csBN256, good, nil)
+	}
+
+}

plugin/dapp/mix/cmd/gnark/circuit/transferinput_test.go

+package main
+
+import (
+	"testing"
+
+	backend_bn256 "github.com/consensys/gnark/backend/bn256"
+
+	"github.com/consensys/gnark/backend"
+	"github.com/consensys/gnark/backend/bn256/groth16"
+)
+
+/*
+public:
+	treeRootHash
+	commitValueX
+	commitValueY
+	authorizeHash
+	nullifierHash
+
+private:
+	spendAmount
+	spendRandom
+	spendPubKey
+	returnPubKey
+	authorizePubKey
+	spendPriKey
+	spendFlag
+	authorizeFlag
+	noteRandom
+
+	path...
+	helper...
+	valid...
+*/
+func TestTransferInputAuth(t *testing.T) {
+
+	assert := groth16.NewAssert(t)
+
+	r1cs := NewTransferInput()
+	r1csBN256 := backend_bn256.Cast(r1cs)
+	{
+		good := backend.NewAssignment()
+		good.Assign(backend.Public, "treeRootHash", "10531321614990797034921282585661869614556487056951485265320464926630499341310")
+		good.Assign(backend.Public, "commitValueX", "14087975867275911077371231345227824611951436822132762463787130558957838320348")
+		good.Assign(backend.Public, "commitValueY", "15113519960384204624879642069520481336224311978035289236693658603675385299879")
+		good.Assign(backend.Public, "authorizeSpendHash", "14468512365438613046028281588661351435476168610934165547900473609197783547663")
+		good.Assign(backend.Public, "nullifierHash", "6747518781649068310795677405858353007442326529625450860668944156162052335195")
+
+		good.Assign(backend.Secret, "spendAmount", "28242048")
+		good.Assign(backend.Secret, "spendRandom", "35")
+
+		good.Assign(backend.Secret, "spendPubKey", "13735985067536865723202617343666111332145536963656464451727087263423649028705")
+		good.Assign(backend.Secret, "returnPubKey", "16067249407809359746114321133992130903102335882983385972747813693681808870497")
+		good.Assign(backend.Secret, "authorizePubKey", "13519883267141251871527102103999205179714486518503885909948192364772977661583")
+
+		good.Assign(backend.Secret, "spendPriKey", "10190477835300927557649934238820360529458681672073866116232821892325659279502")
+		good.Assign(backend.Secret, "spendFlag", "1")
+		good.Assign(backend.Secret, "authorizeFlag", "1")
+
+		good.Assign(backend.Secret, "noteRandom", "2824204835")
+
+		good.Assign(backend.Secret, "noteHash", "16308793397024662832064523892418908145900866571524124093537199035808550255649")
+
+		//nodehash="16308793397024662832064523892418908145900866571524124093537199035808550255649"
+		good.Assign(backend.Secret, "path1", "19561523370160677851616596032513161448778901506614020103852017946679781620105")
+		good.Assign(backend.Secret, "path2", "13898857070666440684265042188056372750257678232709763835292910585848522658637")
+		good.Assign(backend.Secret, "path3", "15019169196974879571470243100379529757970866395477207575033769902587972032431")
+		good.Assign(backend.Secret, "path4", "0")
+		good.Assign(backend.Secret, "path5", "0")
+		good.Assign(backend.Secret, "path6", "0")
+		good.Assign(backend.Secret, "path7", "0")
+		good.Assign(backend.Secret, "path8", "0")
+		good.Assign(backend.Secret, "path9", "0")
+
+		good.Assign(backend.Secret, "helper1", "1")
+		good.Assign(backend.Secret, "helper2", "1")
+		good.Assign(backend.Secret, "helper3", "1")
+		good.Assign(backend.Secret, "helper4", "0")
+		good.Assign(backend.Secret, "helper5", "0")
+		good.Assign(backend.Secret, "helper6", "0")
+		good.Assign(backend.Secret, "helper7", "0")
+		good.Assign(backend.Secret, "helper8", "0")
+		good.Assign(backend.Secret, "helper9", "0")
+
+		good.Assign(backend.Secret, "valid1", "1")
+		good.Assign(backend.Secret, "valid2", "1")
+		good.Assign(backend.Secret, "valid3", "1")
+		good.Assign(backend.Secret, "valid4", "0")
+		good.Assign(backend.Secret, "valid5", "0")
+		good.Assign(backend.Secret, "valid6", "0")
+		good.Assign(backend.Secret, "valid7", "0")
+		good.Assign(backend.Secret, "valid8", "0")
+		good.Assign(backend.Secret, "valid9", "0")
+
+		assert.Solved(&r1csBN256, good, nil)
+	}
+
+}
+
+func TestTransferInputReturnKey(t *testing.T) {
+
+	assert := groth16.NewAssert(t)
+
+	r1cs := NewTransferInput()
+	r1csBN256 := backend_bn256.Cast(r1cs)
+	{
+		good := backend.NewAssignment()
+		good.Assign(backend.Public, "treeRootHash", "10531321614990797034921282585661869614556487056951485265320464926630499341310")
+		good.Assign(backend.Public, "commitValueX", "14087975867275911077371231345227824611951436822132762463787130558957838320348")
+		good.Assign(backend.Public, "commitValueY", "15113519960384204624879642069520481336224311978035289236693658603675385299879")
+		good.Assign(backend.Public, "authorizeSpendHash", "6026163592877030954825395224309219861774131411806846860652261047183070579370")
+		good.Assign(backend.Public, "nullifierHash", "6747518781649068310795677405858353007442326529625450860668944156162052335195")
+
+		good.Assign(backend.Secret, "spendAmount", "28242048")
+		good.Assign(backend.Secret, "spendRandom", "35")
+
+		good.Assign(backend.Secret, "spendPubKey", "13735985067536865723202617343666111332145536963656464451727087263423649028705")
+		good.Assign(backend.Secret, "returnPubKey", "16067249407809359746114321133992130903102335882983385972747813693681808870497")
+		good.Assign(backend.Secret, "authorizePubKey", "13519883267141251871527102103999205179714486518503885909948192364772977661583")
+
+		good.Assign(backend.Secret, "spendPriKey", "7969140283216448215269095418467361784159407896899334866715345504515077887397")
+		good.Assign(backend.Secret, "spendFlag", "0")
+		//not need authorize
+		good.Assign(backend.Secret, "authorizeFlag", "1")
+
+		good.Assign(backend.Secret, "noteRandom", "2824204835")
+
+		good.Assign(backend.Secret, "noteHash", "16308793397024662832064523892418908145900866571524124093537199035808550255649")
+
+		//nodehash="16308793397024662832064523892418908145900866571524124093537199035808550255649"
+		good.Assign(backend.Secret, "path1", "19561523370160677851616596032513161448778901506614020103852017946679781620105")
+		good.Assign(backend.Secret, "path2", "13898857070666440684265042188056372750257678232709763835292910585848522658637")
+		good.Assign(backend.Secret, "path3", "15019169196974879571470243100379529757970866395477207575033769902587972032431")
+		good.Assign(backend.Secret, "path4", "0")
+		good.Assign(backend.Secret, "path5", "0")
+		good.Assign(backend.Secret, "path6", "0")
+		good.Assign(backend.Secret, "path7", "0")
+		good.Assign(backend.Secret, "path8", "0")
+		good.Assign(backend.Secret, "path9", "0")
+
+		good.Assign(backend.Secret, "helper1", "1")
+		good.Assign(backend.Secret, "helper2", "1")
+		good.Assign(backend.Secret, "helper3", "1")
+		good.Assign(backend.Secret, "helper4", "0")
+		good.Assign(backend.Secret, "helper5", "0")
+		good.Assign(backend.Secret, "helper6", "0")
+		good.Assign(backend.Secret, "helper7", "0")
+		good.Assign(backend.Secret, "helper8", "0")
+		good.Assign(backend.Secret, "helper9", "0")
+
+		good.Assign(backend.Secret, "valid1", "1")
+		good.Assign(backend.Secret, "valid2", "1")
+		good.Assign(backend.Secret, "valid3", "1")
+		good.Assign(backend.Secret, "valid4", "0")
+		good.Assign(backend.Secret, "valid5", "0")
+		good.Assign(backend.Secret, "valid6", "0")
+		good.Assign(backend.Secret, "valid7", "0")
+		good.Assign(backend.Secret, "valid8", "0")
+		good.Assign(backend.Secret, "valid9", "0")
+
+		assert.Solved(&r1csBN256, good, nil)
+	}
+
+}

plugin/dapp/mix/cmd/gnark/circuit/withdraw.go

@@ -16,7 +16,7 @@ func main() {
 /*
 public:
 	treeRootHash
-	authorizeHash
+	authorizeSpendHash
 	nullifierHash
 	amount
 
@@ -62,9 +62,9 @@ func NewWithdraw() *frontend.R1CS {
 	noteRandom := circuit.SECRET_INPUT("noteRandom")
 
 	//need check in database if not null
-	authHash := circuit.PUBLIC_INPUT("authorizeHash")
+	authHash := circuit.PUBLIC_INPUT("authorizeSpendHash")
 
-	nullValue := circuit.ALLOCATE("null")
+	nullValue := circuit.ALLOCATE(0)
 	// specify auth hash constraint
 	calcAuthHash := mimc.Hash(&circuit, targetPubHash, spendValue, noteRandom)
 	targetAuthHash := circuit.SELECT(authFlag, calcAuthHash, nullValue)
@@ -77,9 +77,9 @@ func NewWithdraw() *frontend.R1CS {
 	calcAuthPubkey := circuit.SELECT(authFlag, authPubkey, nullValue)
 	// specify note hash constraint
 	preImage := mimc.Hash(&circuit, spendPubkey, calcReturnPubkey, calcAuthPubkey, spendValue, noteRandom)
-	circuit.MUSTBE_EQ(noteHash, mimc.Hash(&circuit, preImage))
+	circuit.MUSTBE_EQ(noteHash, preImage)
 
-	merkelPathPart(&circuit, mimc, noteHash)
+	merkelPathPart(&circuit, mimc, preImage)
 
 	r1cs := circuit.ToR1CS()
 

plugin/dapp/mix/cmd/gnark/circuit/withdraw_test.go

+package main
+
+import (
+	"testing"
+
+	backend_bn256 "github.com/consensys/gnark/backend/bn256"
+
+	"github.com/consensys/gnark/backend"
+	"github.com/consensys/gnark/backend/bn256/groth16"
+)
+
+/*
+public:
+	treeRootHash
+	authorizeHash
+	nullifierHash
+	amount
+
+private:
+	spendPubKey
+	returnPubKey
+	authorizePubKey
+	spendPriKey
+	spendFlag
+	authorizeFlag
+	noteRandom
+
+	path...
+	helper...
+	valid...
+*/
+func TestWithdraw(t *testing.T) {
+
+	assert := groth16.NewAssert(t)
+
+	r1cs := NewWithdraw()
+	r1csBN256 := backend_bn256.Cast(r1cs)
+	{
+		good := backend.NewAssignment()
+		good.Assign(backend.Public, "treeRootHash", "10531321614990797034921282585661869614556487056951485265320464926630499341310")
+		good.Assign(backend.Public, "authorizeSpendHash", "14468512365438613046028281588661351435476168610934165547900473609197783547663")
+		good.Assign(backend.Public, "nullifierHash", "6747518781649068310795677405858353007442326529625450860668944156162052335195")
+		good.Assign(backend.Public, "amount", "28242048")
+
+		good.Assign(backend.Secret, "spendPubKey", "13735985067536865723202617343666111332145536963656464451727087263423649028705")
+		good.Assign(backend.Secret, "returnPubKey", "16067249407809359746114321133992130903102335882983385972747813693681808870497")
+		good.Assign(backend.Secret, "authorizePubKey", "13519883267141251871527102103999205179714486518503885909948192364772977661583")
+
+		good.Assign(backend.Secret, "spendPriKey", "10190477835300927557649934238820360529458681672073866116232821892325659279502")
+		good.Assign(backend.Secret, "spendFlag", "1")
+		good.Assign(backend.Secret, "authorizeFlag", "1")
+
+		good.Assign(backend.Secret, "noteRandom", "2824204835")
+
+		good.Assign(backend.Secret, "noteHash", "16308793397024662832064523892418908145900866571524124093537199035808550255649")
+
+		//nodehash="16308793397024662832064523892418908145900866571524124093537199035808550255649"
+		good.Assign(backend.Secret, "path1", "19561523370160677851616596032513161448778901506614020103852017946679781620105")
+		good.Assign(backend.Secret, "path2", "13898857070666440684265042188056372750257678232709763835292910585848522658637")
+		good.Assign(backend.Secret, "path3", "15019169196974879571470243100379529757970866395477207575033769902587972032431")
+		good.Assign(backend.Secret, "path4", "0")
+		good.Assign(backend.Secret, "path5", "0")
+		good.Assign(backend.Secret, "path6", "0")
+		good.Assign(backend.Secret, "path7", "0")
+		good.Assign(backend.Secret, "path8", "0")
+		good.Assign(backend.Secret, "path9", "0")
+
+		good.Assign(backend.Secret, "helper1", "1")
+		good.Assign(backend.Secret, "helper2", "1")
+		good.Assign(backend.Secret, "helper3", "1")
+		good.Assign(backend.Secret, "helper4", "0")
+		good.Assign(backend.Secret, "helper5", "0")
+		good.Assign(backend.Secret, "helper6", "0")
+		good.Assign(backend.Secret, "helper7", "0")
+		good.Assign(backend.Secret, "helper8", "0")
+		good.Assign(backend.Secret, "helper9", "0")
+
+		good.Assign(backend.Secret, "valid1", "1")
+		good.Assign(backend.Secret, "valid2", "1")
+		good.Assign(backend.Secret, "valid3", "1")
+		good.Assign(backend.Secret, "valid4", "0")
+		good.Assign(backend.Secret, "valid5", "0")
+		good.Assign(backend.Secret, "valid6", "0")
+		good.Assign(backend.Secret, "valid7", "0")
+		good.Assign(backend.Secret, "valid8", "0")
+		good.Assign(backend.Secret, "valid9", "0")
+
+		assert.Solved(&r1csBN256, good, nil)
+	}
+
+}

plugin/dapp/mix/cmd/gnark/input/transferInput

-public, treeRootHash,0x2afea5c28f761f42f35cca471170ca072cbe4b69b6b18c4a3b45637e974783c4
-public, commitValueX,9940039130125917226477779823200431190767730273667531970219395440191717439673
-public, commitValueY,9940039130125917226477779823200431190767730273667531970219395440191717439673
-public, authorizeHash,0x2afea5c28f761f42f35cca471170ca072cbe4b69b6b18c4a3b45637e974783c4
-public, nullifierHash,0x2afea5c28f761f42f35cca471170ca072cbe4b69b6b18c4a3b45637e974783c4
+public, treeRootHash,10531321614990797034921282585661869614556487056951485265320464926630499341310
+public, commitValueX,14087975867275911077371231345227824611951436822132762463787130558957838320348
+public, commitValueY,15113519960384204624879642069520481336224311978035289236693658603675385299879
+public, authorizeSpendHash,14468512365438613046028281588661351435476168610934165547900473609197783547663
+public, nullifierHash,6747518781649068310795677405858353007442326529625450860668944156162052335195
 
 
 secret, spendAmount,28242048
-secret, spendRandom,1000
-secret, spendPubKey,9940039130125917226477779823200431190767730273667531970219395440191717439673
-secret, returnPubKey,9940039130125917226477779823200431190767730273667531970219395440191717439673
-secret, authorizePubKey,9940039130125917226477779823200431190767730273667531970219395440191717439673
-secret, spendPriKey,19226210204356004706765360050059680583735587569269469539941275797408975356275
-secret, spendFlag,0
-secret, authorizeFlag,0
-secret, noteRandom,28242048
-
-secret, path0,1e44c73ba7980b0450a8e997c9d9c78be5a9d7ceaf597df781469a1c9db4e4c9
-secret, path1,191a80e377af9e0d04e1d75e8d702d4c2db21b952b9fff6bcca31f9e9fd5de00
-secret, path2,220dc2041a8c81086a9bc8084e7f9ee0788ae2c8b7928e0b2e2672339b2933b3
-secret, path3,295d631fcf0ed0d34742ac560fe7a0c0585225cff9194806d4d9d8e1f00e1747
-secret, path4,215849ad7bd4344a807f4f0c9aefd2131572e3cb21a8b21aa96e8a11c4a214e5
+secret, spendRandom,35
+secret, spendPubKey,13735985067536865723202617343666111332145536963656464451727087263423649028705
+secret, returnPubKey,16067249407809359746114321133992130903102335882983385972747813693681808870497
+secret, authorizePubKey,13519883267141251871527102103999205179714486518503885909948192364772977661583
+secret, spendPriKey,10190477835300927557649934238820360529458681672073866116232821892325659279502
+secret, spendFlag,1
+secret, authorizeFlag,1
+secret, noteRandom,2824204835
+secret, noteHash,16308793397024662832064523892418908145900866571524124093537199035808550255649
+
+secret, path1,19561523370160677851616596032513161448778901506614020103852017946679781620105
+secret, path2,13898857070666440684265042188056372750257678232709763835292910585848522658637
+secret, path3,15019169196974879571470243100379529757970866395477207575033769902587972032431
+secret, path4,0
 secret, path5,0
 secret, path6,0
 secret, path7,0
 secret, path8,0
 secret, path9,0
-secret, path10,0
+
 
 secret, helper1,1
 secret, helper2,1
@@ -36,19 +36,19 @@ secret, helper6,1
 secret, helper7,1
 secret, helper8,1
 secret, helper9,1
-secret, helper10,1
 
 
-secret, valid0,1
+
+
 secret, valid1,1
 secret, valid2,1
 secret, valid3,1
-secret, valid4,1
+secret, valid4,0
 secret, valid5,0
 secret, valid6,0
 secret, valid7,0
 secret, valid8,0
 secret, valid9,0
-secret, valid10,0
+
 
 

plugin/dapp/mix/executor/transfer_test.go

@@ -37,3 +37,30 @@ func TestVerifyCommitValues(t *testing.T) {
 	assert.Equal(t, true, ret)
 
 }
+
+func TestVerifyCommitValues2(t *testing.T) {
+	input1 := &mixTy.TransferInputPublicInput{
+		CommitValueX: "10190477835300927557649934238820360529458681672073866116232821892325659279502",
+		CommitValueY: "7969140283216448215269095418467361784159407896899334866715345504515077887397",
+	}
+
+	input2 := &mixTy.TransferInputPublicInput{
+		CommitValueX: "17822967620457187568904804290291537271142779717280482398091401115827760898835",
+		CommitValueY: "17714526567340249480661526843742175665966437069228179299143955140199226385576",
+	}
+
+	var inputs []*mixTy.TransferInputPublicInput
+	inputs = append(inputs, input1)
+	inputs = append(inputs, input2)
+
+	output1 := &mixTy.TransferOutputPublicInput{
+		CommitValueX: "14087975867275911077371231345227824611951436822132762463787130558957838320348",
+		CommitValueY: "15113519960384204624879642069520481336224311978035289236693658603675385299879",
+	}
+	var outputs []*mixTy.TransferOutputPublicInput
+	outputs = append(outputs, output1)
+
+	ret := verifyCommitValues(inputs, outputs)
+	assert.Equal(t, true, ret)
+
+}