shield point H as circuit pub input

62f57dc9 · mdj33 · vipwzw · 12a86ad0 · 62f57dc9 · 62f57dc9
Commit 62f57dc9 authored Sep 15, 2021 by mdj33 Committed by vipwzw Sep 18, 2021
14 changed files
--- a/chain33.toml
+++ b/chain33.toml
@@ -295,11 +295,11 @@ txFee=100000000
 #私对私token转账，花费token(true)还是BTY(false),
 tokenFee=false
 #curve H point
-pointHX="9252662952969393856711468743327022054484546162727338092576697495684140272191"
+pointHX="19172955941344617222923168298456110557655645809646772800021167670156933290312"
-pointHY="8220002160263982499510761441032261960817037857915665984040705585999508400744"
+pointHY="21116962883761739586121793871108889864627195706475546685847911817475098399811"
 #电路最大支持1024个叶子hash，10 level， 配置可以小于1024,但不能大于
 maxTreeLeaves=1024
-hashSeed="seed"
+hashSeed="19172955941344617222923168298456110557655645809646772800021167670156933290312"
 [metrics]
 #是否使能发送metrics数据的发送

--- a/plugin/dapp/mix/cmd/build/testcase.sh
+++ b/plugin/dapp/mix/cmd/build/testcase.sh
--- a/plugin/dapp/mix/executor/transfer.go
+++ b/plugin/dapp/mix/executor/transfer.go
@@ -22,7 +22,7 @@ import (
 2. check if exist in authorize pool and nullifier pool
 */
-func transferInput(db dbm.KV, execer, symbol string, proof *mixTy.ZkProofInfo) (*mixTy.TransferInputCircuit, error) {
+func transferInput(cfg *types.Chain33Config, db dbm.KV, execer, symbol string, proof *mixTy.ZkProofInfo) (*mixTy.TransferInputCircuit, error) {
 	var input mixTy.TransferInputCircuit
 	err := mixTy.ConstructCircuitPubInput(proof.PublicInput, &input)
 	if err != nil {
@@ -37,6 +37,16 @@ func transferInput(db dbm.KV, execer, symbol string, proof *mixTy.ZkProofInfo) (
 		return nil, errors.Wrap(err, "transferInput verify spendVerify")
 	}
+	//确保用户使用的和链配置的一致，不能私自篡改
+	conf := types.ConfSub(cfg, mixTy.MixX)
+	pointHX := conf.GStr("pointHX")
+	pointHY := conf.GStr("pointHY")
+	inputHX := frontend.FromInterface(frontend.GetAssignedValue(input.ShieldPointHX))
+	inputHY := frontend.FromInterface(frontend.GetAssignedValue(input.ShieldPointHY))
+	if pointHX != inputHX.String() || pointHY != inputHY.String() {
+		return nil, errors.Wrapf(types.ErrInvalidParam, "input circuit H point=%s-%s not match config", inputHX.String(), inputHY.String())
+	}
 	err = zkProofVerify(db, proof, mixTy.VerifyType_TRANSFERINPUT)
 	if err != nil {
 		return nil, errors.Wrap(err, "transferInput verify proof verify")
@@ -51,12 +61,23 @@ func transferInput(db dbm.KV, execer, symbol string, proof *mixTy.ZkProofInfo) (
 2. check if exist in authorize pool and nullifier pool
 */
-func transferOutputVerify(db dbm.KV, proof *mixTy.ZkProofInfo) (*mixTy.TransferOutputCircuit, error) {
+func transferOutputVerify(cfg *types.Chain33Config, db dbm.KV, proof *mixTy.ZkProofInfo) (*mixTy.TransferOutputCircuit, error) {
 	var input mixTy.TransferOutputCircuit
 	err := mixTy.ConstructCircuitPubInput(proof.PublicInput, &input)
 	if err != nil {
 		return nil, errors.Wrapf(err, "decode string=%s", proof.PublicInput)
 	}
+	//确保用户使用的和链配置的一致，不能私自篡改
+	conf := types.ConfSub(cfg, mixTy.MixX)
+	pointHX := conf.GStr("pointHX")
+	pointHY := conf.GStr("pointHY")
+	inputHX := frontend.FromInterface(frontend.GetAssignedValue(input.ShieldPointHX))
+	inputHY := frontend.FromInterface(frontend.GetAssignedValue(input.ShieldPointHY))
+	if pointHX != inputHX.String() || pointHY != inputHY.String() {
+		return nil, errors.Wrapf(types.ErrInvalidParam, "output circuit H point=%s-%s not match config", inputHX.String(), inputHY.String())
+	}
 	err = zkProofVerify(db, proof, mixTy.VerifyType_TRANSFEROUTPUT)
 	if err != nil {
 		return nil, errors.Wrap(err, "Output verify proof verify")
@@ -110,7 +131,7 @@ func MixTransferInfoVerify(cfg *types.Chain33Config, db dbm.KV, transfer *mixTy.
 	txFee := mixTy.GetTransferTxFee(cfg, execer)
 	//inputs
 	for _, i := range transfer.Inputs {
-		in, err := transferInput(db, execer, symbol, i)
+		in, err := transferInput(cfg, db, execer, symbol, i)
 		if err != nil {
 			return nil, nil, err
 		}
@@ -119,14 +140,14 @@ func MixTransferInfoVerify(cfg *types.Chain33Config, db dbm.KV, transfer *mixTy.
 	}
 	//output
-	out, err := transferOutputVerify(db, transfer.Output)
+	out, err := transferOutputVerify(cfg, db, transfer.Output)
 	if err != nil {
 		return nil, nil, err
 	}
 	outputs = append(outputs, out)
 	//change
-	change, err := transferOutputVerify(db, transfer.Change)
+	change, err := transferOutputVerify(cfg, db, transfer.Change)
 	if err != nil {
 		return nil, nil, err
 	}

--- a/plugin/dapp/mix/executor/transfer_test.go
+++ b/plugin/dapp/mix/executor/transfer_test.go
@@ -14,8 +14,8 @@ import (
 )
 const (
-	baseHX = "9252662952969393856711468743327022054484546162727338092576697495684140272191"
+	baseHX = "19172955941344617222923168298456110557655645809646772800021167670156933290312"
-	baseHY = "8220002160263982499510761441032261960817037857915665984040705585999508400744"
+	baseHY = "21116962883761739586121793871108889864627195706475546685847911817475098399811"
 	fee    = 100000
 )

--- a/plugin/dapp/mix/types/transferInput.go
+++ b/plugin/dapp/mix/types/transferInput.go
@@ -12,6 +12,8 @@ type TransferInputCircuit struct {
 	NullifierHash      frontend.Variable `gnark:",public"`
 	ShieldAmountX      frontend.Variable `gnark:",public"`
 	ShieldAmountY      frontend.Variable `gnark:",public"`
+	ShieldPointHX      frontend.Variable `gnark:",public"`
+	ShieldPointHY      frontend.Variable `gnark:",public"`
 	//secret
 	ReceiverPubKey  frontend.Variable
@@ -130,7 +132,7 @@ func (circuit *TransferInputCircuit) Define(curveID ecc.ID, cs *frontend.Constra
 	valid = append(valid, circuit.Valid8)
 	valid = append(valid, circuit.Valid9)
-	CommitValueVerify(cs, circuit.Amount, circuit.AmountRandom, circuit.ShieldAmountX, circuit.ShieldAmountY)
+	CommitValueVerify(cs, circuit.Amount, circuit.AmountRandom, circuit.ShieldAmountX, circuit.ShieldAmountY, circuit.ShieldPointHX, circuit.ShieldPointHY)
 	VerifyMerkleProof(cs, mimc, circuit.TreeRootHash, proofSet, helper, valid)
 	return nil

--- a/plugin/dapp/mix/types/transferInput_test.go
+++ b/plugin/dapp/mix/types/transferInput_test.go
@@ -9,7 +9,7 @@ import (
 	"github.com/consensys/gnark/frontend"
 )
-func TestTransferInputAuth(t *testing.T) {
+func TestTransferInput(t *testing.T) {
 	assert := groth16.NewAssert(t)
 	var inputCircuit TransferInputCircuit
@@ -21,8 +21,10 @@ func TestTransferInputAuth(t *testing.T) {
 		inputCircuit.TreeRootHash.Assign("950328190378475063285997697131233976268556642407874368795731039491163033995")
 		inputCircuit.AuthorizeSpendHash.Assign("21866258877426223880121052705448065394371888667902748431050285218933372701264")
 		inputCircuit.NullifierHash.Assign("18261754976334473090934939020486888794395514077667802499672726421629833403191")
-		inputCircuit.ShieldAmountX.Assign("2999198834503527181782558341022909853195739283744640133924786234819945005771")
+		inputCircuit.ShieldAmountX.Assign("12598656472198560295956115825363858683566688303969048230275808317634686855820")
-		inputCircuit.ShieldAmountY.Assign("19443413539487113257436159186910517766382570615508121086985490610335878889881")
+		inputCircuit.ShieldAmountY.Assign("5287524325952639485224317845546845679649328720392059741208352845659048630229")
+		inputCircuit.ShieldPointHX.Assign("19172955941344617222923168298456110557655645809646772800021167670156933290312")
+		inputCircuit.ShieldPointHY.Assign("21116962883761739586121793871108889864627195706475546685847911817475098399811")
 		inputCircuit.ReceiverPubKey.Assign("13496572805321444273664325641440458311310163934354047265362731297880627774936")
 		inputCircuit.ReturnPubKey.Assign("10193030166569398670555398535278072963719579248877156082361830729347727033510")

--- a/plugin/dapp/mix/types/transferOutput.go
+++ b/plugin/dapp/mix/types/transferOutput.go
@@ -11,6 +11,8 @@ type TransferOutputCircuit struct {
 	NoteHash      frontend.Variable `gnark:",public"`
 	ShieldAmountX frontend.Variable `gnark:",public"`
 	ShieldAmountY frontend.Variable `gnark:",public"`
+	ShieldPointHX frontend.Variable `gnark:",public"`
+	ShieldPointHY frontend.Variable `gnark:",public"`
 	//secret
 	ReceiverPubKey  frontend.Variable
@@ -29,7 +31,7 @@ func (circuit *TransferOutputCircuit) Define(curveID ecc.ID, cs *frontend.Constr
 	mimc.Write(circuit.ReceiverPubKey, circuit.ReturnPubKey, circuit.AuthorizePubKey, circuit.Amount, circuit.NoteRandom)
 	cs.AssertIsEqual(circuit.NoteHash, mimc.Sum())
-	CommitValueVerify(cs, circuit.Amount, circuit.AmountRandom, circuit.ShieldAmountX, circuit.ShieldAmountY)
+	CommitValueVerify(cs, circuit.Amount, circuit.AmountRandom, circuit.ShieldAmountX, circuit.ShieldAmountY, circuit.ShieldPointHX, circuit.ShieldPointHY)
 	return nil
 }
--- a/plugin/dapp/mix/types/transferOutput_test.go
+++ b/plugin/dapp/mix/types/transferOutput_test.go
@@ -21,8 +21,10 @@ func TestTransferOutput(t *testing.T) {
 	{
 		outCircuit.NoteHash.Assign("11183619348394875496624033204802036013086293645689330234403504655205992608466")
-		outCircuit.ShieldAmountX.Assign("2999198834503527181782558341022909853195739283744640133924786234819945005771")
+		outCircuit.ShieldAmountX.Assign("12598656472198560295956115825363858683566688303969048230275808317634686855820")
-		outCircuit.ShieldAmountY.Assign("19443413539487113257436159186910517766382570615508121086985490610335878889881")
+		outCircuit.ShieldAmountY.Assign("5287524325952639485224317845546845679649328720392059741208352845659048630229")
+		outCircuit.ShieldPointHX.Assign("19172955941344617222923168298456110557655645809646772800021167670156933290312")
+		outCircuit.ShieldPointHY.Assign("21116962883761739586121793871108889864627195706475546685847911817475098399811")
 		outCircuit.ReceiverPubKey.Assign("13496572805321444273664325641440458311310163934354047265362731297880627774936")
 		outCircuit.ReturnPubKey.Assign("10193030166569398670555398535278072963719579248877156082361830729347727033510")

--- a/plugin/dapp/mix/types/util.go
+++ b/plugin/dapp/mix/types/util.go
@@ -78,19 +78,20 @@ func leafSum(mimc *mimc.MiMC, data frontend.Variable) frontend.Variable {
 	return mimc.Sum()
 }
-func CommitValueVerify(cs *frontend.ConstraintSystem, amount, amountRandom, shieldAmountX, shieldAmountY frontend.Variable) {
+func CommitValueVerify(cs *frontend.ConstraintSystem, amount, amountRandom,
+	shieldAmountX, shieldAmountY, shieldPointHX, shieldPointHY frontend.Variable) {
 	cs.AssertIsLessOrEqual(amount, 9000000000000000000)
 	curve, _ := twistededwards.NewEdCurve(ecc.BN254)
 	var pointAmount twistededwards.Point
 	pointAmount.ScalarMulFixedBase(cs, curve.BaseX, curve.BaseY, amount, curve)
-	var pointH bn254.PointAffine
+	var pointH twistededwards.Point
-	pointH.X.SetString("9252662952969393856711468743327022054484546162727338092576697495684140272191")
+	pointH.X = shieldPointHX
-	pointH.Y.SetString("8220002160263982499510761441032261960817037857915665984040705585999508400744")
+	pointH.Y = shieldPointHY
 	var pointRandom twistededwards.Point
-	pointRandom.ScalarMulFixedBase(cs, pointH.X, pointH.Y, amountRandom, curve)
+	pointRandom.ScalarMulNonFixedBase(cs, &pointH, amountRandom, curve)
 	var pointSum twistededwards.Point
 	pointSum.AddGeneric(cs, &pointAmount, &pointRandom, curve)

--- a/plugin/dapp/mix/wallet/txauth.go
+++ b/plugin/dapp/mix/wallet/txauth.go
@@ -86,7 +86,7 @@ func (p *mixPolicy) createAuthTx(req *mixTy.CreateRawTxReq) (*types.Transaction,
 		return nil, errors.Wrapf(types.ErrInvalidParam, "asset exec=%s or symbol=%s not filled", req.AssetExec, req.AssetSymbol)
 	}
-	proofInfo, err := getZkProofKeys(mixTy.VerifyType_AUTHORIZE, auth.ZkPath, mixTy.AuthPk, input, req.ZkProof)
+	proofInfo, err := getZkProofKeys(mixTy.VerifyType_AUTHORIZE, auth.ZkPath, mixTy.AuthPk, input)
 	if err != nil {
 		return nil, errors.Wrapf(err, "getZkProofKeys note=%s", auth.NoteHash)
 	}

--- a/plugin/dapp/mix/wallet/txdeposit.go
+++ b/plugin/dapp/mix/wallet/txdeposit.go
@@ -126,7 +126,7 @@ func (p *mixPolicy) depositParams(exec, symbol, receiver, returner, auth, amount
 }
-func (p *mixPolicy) getDepositProof(exec, symbol, receiver, returner, auth, amount, zkPath string, verifyOnChain bool, proof string) (*mixTy.ZkProofInfo, error) {
+func (p *mixPolicy) getDepositProof(exec, symbol, receiver, returner, auth, amount, zkPath string, verifyOnChain bool) (*mixTy.ZkProofInfo, error) {
 	resp, err := p.depositParams(exec, symbol, receiver, returner, auth, amount)
 	if err != nil {
@@ -141,7 +141,7 @@ func (p *mixPolicy) getDepositProof(exec, symbol, receiver, returner, auth, amou
 	input.ReturnPubKey.Assign(resp.Proof.ReturnKey)
 	input.NoteRandom.Assign(resp.Proof.NoteRandom)
-	proofInfo, err := getZkProofKeys(mixTy.VerifyType_DEPOSIT, zkPath, mixTy.DepositPk, &input, proof)
+	proofInfo, err := getZkProofKeys(mixTy.VerifyType_DEPOSIT, zkPath, mixTy.DepositPk, &input)
 	if err != nil {
 		return nil, err
 	}
@@ -199,7 +199,7 @@ func (p *mixPolicy) createDepositTx(req *mixTy.CreateRawTxReq) (*types.Transacti
 	var proofs []*mixTy.ZkProofInfo
 	for i, rcv := range receivers {
-		p, err := p.getDepositProof(req.AssetExec, req.AssetSymbol, rcv, deposit.Deposit.ReturnAddr, deposit.Deposit.AuthorizeAddr, amounts[i], deposit.ZkPath, req.VerifyOnChain, req.ZkProof)
+		p, err := p.getDepositProof(req.AssetExec, req.AssetSymbol, rcv, deposit.Deposit.ReturnAddr, deposit.Deposit.AuthorizeAddr, amounts[i], deposit.ZkPath, req.VerifyOnChain)
 		if err != nil {
 			return nil, errors.Wrapf(err, "get Deposit proof for=%s", rcv)
 		}

--- a/plugin/dapp/mix/wallet/txtransfer.go
+++ b/plugin/dapp/mix/wallet/txtransfer.go
@@ -5,7 +5,6 @@
 package wallet
 import (
-	"fmt"
 	"github.com/consensys/gnark/frontend"
 	"path/filepath"
@@ -96,7 +95,7 @@ func (p *mixPolicy) getTransferOutput(exec, symbol string, req *mixTy.DepositInf
 }
 //input = output+找零+交易费
-func getShieldValue(cfg *types.Chain33Config, inputAmounts []uint64, outAmount, change, minTxFee uint64) (*mixTy.ShieldAmountRst, error) {
+func getShieldValue(inputAmounts []uint64, outAmount, change, minTxFee uint64, pointHX, pointHY string) (*mixTy.ShieldAmountRst, error) {
 	var sum uint64
 	for _, i := range inputAmounts {
 		sum += i
@@ -132,8 +131,6 @@ func getShieldValue(cfg *types.Chain33Config, inputAmounts []uint64, outAmount, 
 	random := v.String()
 	rChange.SetString(random[0 : len(random)/2])
 	rOut.SetString(random[len(random)/2:])
-	fmt.Println("rOut", rOut.String())
-	fmt.Println("rChange", rChange.String())
 	var rSumIn, rSumOut fr.Element
 	rSumIn.SetZero()
@@ -166,10 +163,6 @@ func getShieldValue(cfg *types.Chain33Config, inputAmounts []uint64, outAmount, 
 		return nil, errors.Wrapf(types.ErrInvalidParam, "random sumIn=%s not equal sumOut=%s", rSumIn.String(), rSumOut.String())
 	}
-	conf := types.ConfSub(cfg, mixTy.MixX)
-	pointHX := conf.GStr("pointHX")
-	pointHY := conf.GStr("pointHY")
 	var inputHPoints []*twistededwards.PointAffine
 	for _, i := range rInputs {
 		inputHPoints = append(inputHPoints, mixTy.MulCurvePointH(pointHX, pointHY, i.String()))
@@ -177,9 +170,6 @@ func getShieldValue(cfg *types.Chain33Config, inputAmounts []uint64, outAmount, 
 	//noteH := mixTy.MulCurvePointH(rNote.String())
 	outH := mixTy.MulCurvePointH(pointHX, pointHY, rOut.String())
 	changeH := mixTy.MulCurvePointH(pointHX, pointHY, rChange.String())
-	//fmt.Println("change",changeRandom.String())
-	//fmt.Println("transfer",transRandom.String())
-	//fmt.Println("note",noteRandom.String())
 	sumPointH := mixTy.GetCurveSum(inputHPoints...)
 	if !mixTy.CheckSumEqual(sumPointH, outH, changeH) {
 		return nil, errors.Wrapf(types.ErrInvalidParam, "random sum error")
@@ -203,7 +193,6 @@ func getShieldValue(cfg *types.Chain33Config, inputAmounts []uint64, outAmount, 
 	}
 	for _, r := range rInputs {
 		rst.InputRandoms = append(rst.InputRandoms, r.String())
-		fmt.Println("inputRandom", r.String())
 	}
 	for _, p := range inputGPoints {
 		rst.Inputs = append(rst.Inputs, &mixTy.ShieldAmount{X: p.X.String(), Y: p.Y.String()})
@@ -295,8 +284,12 @@ func (p *mixPolicy) createTransferTx(req *mixTy.CreateRawTxReq) (*types.Transact
 	}
 	bizlog.Info("transferProof deposit to change succ")
+	conf := types.ConfSub(p.walletOperate.GetAPI().GetConfig(), mixTy.MixX)
+	pointHX := conf.GStr("pointHX")
+	pointHY := conf.GStr("pointHY")
 	//获取shieldValue 输入输出对amount隐藏
-	shieldValue, err := getShieldValue(p.walletOperate.GetAPI().GetConfig(), inputAmounts, outAmount, changeAmount, uint64(txFee))
+	shieldValue, err := getShieldValue(inputAmounts, outAmount, changeAmount, uint64(txFee), pointHX, pointHY)
 	if err != nil {
 		return nil, err
 	}
@@ -307,30 +300,27 @@ func (p *mixPolicy) createTransferTx(req *mixTy.CreateRawTxReq) (*types.Transact
 		input.ShieldAmountX.Assign(shieldValue.Inputs[i].X)
 		input.ShieldAmountY.Assign(shieldValue.Inputs[i].Y)
 		input.AmountRandom.Assign(shieldValue.InputRandoms[i])
+		input.ShieldPointHX.Assign(pointHX)
+		input.ShieldPointHY.Assign(pointHY)
 	}
 	outPart.ShieldAmountX.Assign(shieldValue.Output.X)
 	outPart.ShieldAmountY.Assign(shieldValue.Output.Y)
 	outPart.AmountRandom.Assign(shieldValue.OutputRandom)
+	outPart.ShieldPointHX.Assign(pointHX)
+	outPart.ShieldPointHY.Assign(pointHY)
 	changePart.ShieldAmountX.Assign(shieldValue.Change.X)
 	changePart.ShieldAmountY.Assign(shieldValue.Change.Y)
 	changePart.AmountRandom.Assign(shieldValue.ChangeRandom)
+	changePart.ShieldPointHX.Assign(pointHX)
-	//输入的proof，CI测试目的，正常情况下为空，需输入pk路径
+	changePart.ShieldPointHY.Assign(pointHY)
-	proofs := make([]string, len(inputParts)+2)
-	if len(req.ZkProof) > 0 {
-		proofs = strings.Split(req.ZkProof, "-")
-		if len(proofs) != len(inputParts)+2 {
-			return nil, errors.Wrapf(types.ErrInvalidParam, "wrong proof num=%d, inputs=%d", len(proofs), len(inputParts)+2)
-		}
-	}
 	//verify input
 	var inputProofs []*mixTy.ZkProofInfo
 	vkFile := filepath.Join(transfer.ZkPath, mixTy.TransInputVk)
 	for i, input := range inputParts {
-		inputProof, err := getZkProofKeys(mixTy.VerifyType_TRANSFERINPUT, transfer.ZkPath, mixTy.TransInputPk, input, proofs[i])
+		inputProof, err := getZkProofKeys(mixTy.VerifyType_TRANSFERINPUT, transfer.ZkPath, mixTy.TransInputPk, input)
 		if err != nil {
 			return nil, errors.Wrapf(err, "verify.input getZkProofKeys,the i=%d", i)
 		}
@@ -342,7 +332,7 @@ func (p *mixPolicy) createTransferTx(req *mixTy.CreateRawTxReq) (*types.Transact
 	//verify output
 	vkOutFile := filepath.Join(transfer.ZkPath, mixTy.TransOutputVk)
-	outputProof, err := getZkProofKeys(mixTy.VerifyType_TRANSFEROUTPUT, transfer.ZkPath, mixTy.TransOutputPk, outPart, proofs[len(inputParts)])
+	outputProof, err := getZkProofKeys(mixTy.VerifyType_TRANSFEROUTPUT, transfer.ZkPath, mixTy.TransOutputPk, outPart)
 	if err != nil {
 		return nil, errors.Wrapf(err, "output getZkProofKeys")
 	}
@@ -352,7 +342,7 @@ func (p *mixPolicy) createTransferTx(req *mixTy.CreateRawTxReq) (*types.Transact
 	outputProof.Secrets = outDHSecret
 	//verify change
-	changeProof, err := getZkProofKeys(mixTy.VerifyType_TRANSFEROUTPUT, transfer.ZkPath, mixTy.TransOutputPk, changePart, proofs[len(inputParts)+1])
+	changeProof, err := getZkProofKeys(mixTy.VerifyType_TRANSFEROUTPUT, transfer.ZkPath, mixTy.TransOutputPk, changePart)
 	if err != nil {
 		return nil, errors.Wrapf(err, "change getZkProofKeys")
 	}

--- a/plugin/dapp/mix/wallet/txwithdraw.go
+++ b/plugin/dapp/mix/wallet/txwithdraw.go
@@ -98,7 +98,7 @@ func (p *mixPolicy) createWithdrawTx(req *mixTy.CreateRawTxReq) (*types.Transact
 		if err != nil {
 			return nil, errors.Wrapf(err, "getWithdrawParams note=%s", note)
 		}
-		proofInfo, err := getZkProofKeys(mixTy.VerifyType_WITHDRAW, withdraw.ZkPath, mixTy.WithdrawPk, input, req.ZkProof)
+		proofInfo, err := getZkProofKeys(mixTy.VerifyType_WITHDRAW, withdraw.ZkPath, mixTy.WithdrawPk, input)
 		if err != nil {
 			return nil, errors.Wrapf(err, "getZkProofKeys note=%s", note)
 		}

--- a/plugin/dapp/mix/wallet/util.go
+++ b/plugin/dapp/mix/wallet/util.go
@@ -212,59 +212,44 @@ func updateTreePath(obj interface{}, treeProof *mixTy.TreePathProof) {
 		tv.FieldByName("Valid" + strconv.Itoa(i)).Addr().Interface().(*frontend.Variable).Assign("0")
 	}
 }
-func getZkProofKeys(circuitTy mixTy.VerifyType, path, file string, inputs frontend.Circuit, proof string) (*mixTy.ZkProofInfo, error) {
+func getZkProofKeys(circuitTy mixTy.VerifyType, path, file string, inputs frontend.Circuit) (*mixTy.ZkProofInfo, error) {
-	var proofKey bytes.Buffer
+	//从电路文件获取电路约束
+	circuit, err := getCircuit(circuitTy)
-	//是Pk file, 需要生成proof
+	if err != nil {
-	if len(proof) > 0 {
+		return nil, err
-		//直接读proof
+	}
-		pkBuf, err := mixTy.GetByteBuff(proof)
+	//从pv 文件读取Pk结构
-		if err != nil {
+	pkFile := filepath.Join(path, file)
-			return nil, err
+	pkStr, err := readZkKeyFile(pkFile)
-		}
+	if err != nil {
+		return nil, errors.Wrapf(err, "readZkKeyFile")
-		proofKey.Write(pkBuf.Bytes())
+	}
+	pkBuf, err := mixTy.GetByteBuff(pkStr)
-	} else {
+	if err != nil {
+		return nil, err
-		//从电路文件获取电路约束
+	}
-		circuit, err := getCircuit(circuitTy)
-		if err != nil {
-			return nil, err
-		}
-		//从pv 文件读取Pk结构
-		pkFile := filepath.Join(path, file)
-		pkStr, err := readZkKeyFile(pkFile)
-		if err != nil {
-			return nil, errors.Wrapf(err, "readZkKeyFile")
-		}
-		pkBuf, err := mixTy.GetByteBuff(pkStr)
-		if err != nil {
-			return nil, err
-		}
-		pk := groth16.NewProvingKey(ecc.BN254)
+	pk := groth16.NewProvingKey(ecc.BN254)
-		if _, err := pk.ReadFrom(pkBuf); err != nil {
+	if _, err := pk.ReadFrom(pkBuf); err != nil {
-			return nil, errors.Wrapf(err, "read pk")
+		return nil, errors.Wrapf(err, "read pk")
-		}
+	}
-		//产生zk 证明
-		proof, err := createProof(circuit, pk, inputs)
-		if err != nil {
-			return nil, errors.Wrapf(err, "create proof to %s", pkFile)
-		}
-		if _, err := proof.WriteRawTo(&proofKey); err != nil {
+	//产生zk 证明
-			return nil, errors.Wrapf(err, "write proof")
+	proof, err := createProof(circuit, pk, inputs)
-		}
+	if err != nil {
+		return nil, errors.Wrapf(err, "create proof to %s", pkFile)
+	}
+	var proofKey bytes.Buffer
+	if _, err := proof.WriteRawTo(&proofKey); err != nil {
+		return nil, errors.Wrapf(err, "write proof")
 	}
-	//序列号成字符串
+	//公开输入序列化
 	var pubBuf bytes.Buffer
-	_, err := witness.WritePublicTo(&pubBuf, ecc.BN254, inputs)
+	_, err = witness.WritePublicTo(&pubBuf, ecc.BN254, inputs)
 	if err != nil {
 		return nil, errors.Wrapf(err, "write public input")
 	}