use super::*;
impl<E: Environment, PH: PathHash<E>, const DEPTH: u8, const ARITY: u8> KaryMerklePath<E, PH, DEPTH, ARITY> {
pub fn verify<LH: LeafHash<Hash = PH::Hash>>(
&self,
leaf_hasher: &LH,
path_hasher: &PH,
root: &PH::Hash,
leaf: &LH::Leaf,
) -> Boolean<E> {
if (*self.leaf_index.eject_value() as u128) >= (ARITY as u128).pow(DEPTH as u32) {
E::halt("Found an out of bounds Merkle leaf index")
}
else if self.siblings.len() != DEPTH as usize {
E::halt("Found an incorrect Merkle path length")
}
for sibling in &self.siblings {
if sibling.len() != ARITY.saturating_sub(1) as usize {
return E::halt("Merkle path is not the correct depth");
}
}
let mut current_hash = leaf_hasher.hash_leaf(leaf);
let arity = U64::<E>::new(Mode::Constant, console::U64::new(ARITY as u64));
let indicator_indexes = (0..DEPTH).map(|i| {
let index = U16::<E>::new(Mode::Constant, console::U16::new(i as u16));
&self.leaf_index / (arity.clone().pow(index)) % arity.clone()
});
let zero_index = U64::<E>::zero();
let last_index = U64::<E>::new(Mode::Constant, console::U64::new(ARITY.saturating_sub(1) as u64));
for (indicator_index, sibling_hashes) in indicator_indexes.zip_eq(&self.siblings) {
let mut children = Vec::with_capacity(sibling_hashes.len() + 1);
let first_child =
PH::Hash::ternary(&indicator_index.is_equal(&zero_index), ¤t_hash, &sibling_hashes[0]);
children.push(first_child);
for i in 1..sibling_hashes.len() {
let index = U64::<E>::new(Mode::Constant, console::U64::new(i as u64));
let option_a = PH::Hash::ternary(
&index.is_less_than(&indicator_index),
&sibling_hashes[i],
&sibling_hashes[i - 1],
);
let option_b = PH::Hash::ternary(&index.is_equal(&indicator_index), ¤t_hash, &option_a);
children.push(option_b);
}
let last_child = PH::Hash::ternary(
&indicator_index.is_equal(&last_index),
¤t_hash,
sibling_hashes.last().unwrap(),
);
children.push(last_child);
current_hash = path_hasher.hash_children(&children);
}
root.is_equal(¤t_hash)
}
}
#[cfg(all(test, console))]
mod tests {
use super::*;
use snarkvm_circuit_algorithms::{Keccak256, Poseidon2, Poseidon4, Sha3_256, BHP1024, BHP512};
use snarkvm_circuit_types::environment::Circuit;
use snarkvm_utilities::{TestRng, Uniform};
use anyhow::Result;
const ITERATIONS: u128 = 10;
const DOMAIN: &str = "MerkleTreeCircuit0";
macro_rules! check_verify {
($lh:ident, $ph:ident, $mode:ident, $depth:expr, $arity:expr, $num_inputs:expr, ($num_constants:expr, $num_public:expr, $num_private:expr, $num_constraints:expr)) => {{
let native_leaf_hasher =
snarkvm_console_algorithms::$lh::<<Circuit as Environment>::Network>::setup(DOMAIN)?;
let circuit_leaf_hasher = $lh::<Circuit>::constant(native_leaf_hasher.clone());
let mut rng = TestRng::default();
let native_path_hasher =
snarkvm_console_algorithms::$ph::<<Circuit as Environment>::Network>::setup(DOMAIN)?;
let circuit_path_hasher = $ph::<Circuit>::constant(native_path_hasher.clone());
for i in 0..ITERATIONS {
let num_leaves = core::cmp::min(($arity as u128).pow($depth as u32), i);
let leaves = (0..num_leaves)
.map(|_| (0..$num_inputs).map(|_| Uniform::rand(&mut rng)).collect::<Vec<_>>())
.collect::<Vec<_>>();
let merkle_tree = console::kary_merkle_tree::KaryMerkleTree::<_, _, $depth, $arity>::new(
&native_leaf_hasher,
&native_path_hasher,
&leaves,
)?;
for (index, merkle_leaf) in leaves.iter().enumerate() {
let merkle_path = merkle_tree.prove(index, merkle_leaf)?;
let path =
KaryMerklePath::<Circuit, $ph<Circuit>, $depth, $arity>::new(Mode::$mode, merkle_path.clone());
assert_eq!(merkle_path, path.eject_value());
let root = Field::new(Mode::$mode, *merkle_tree.root());
let leaf: Vec<_> = Inject::new(Mode::$mode, merkle_leaf.clone());
Circuit::scope(format!("Verify {}", Mode::$mode), || {
let candidate = path.verify(&circuit_leaf_hasher, &circuit_path_hasher, &root, &leaf);
assert!(candidate.eject_value());
assert_scope!($num_constants, $num_public, $num_private, $num_constraints);
});
Circuit::reset();
let incorrect_root = root.clone() + Field::one();
Circuit::scope(format!("Verify (Incorrect Root) {}", Mode::$mode), || {
let candidate = path.verify(&circuit_leaf_hasher, &circuit_path_hasher, &incorrect_root, &leaf);
assert!(!candidate.eject_value());
assert_scope!($num_constants, $num_public, $num_private, $num_constraints);
});
Circuit::reset();
let mut incorrect_leaf = leaf.clone();
let mut incorrect_value = Uniform::rand(&mut rng);
while incorrect_value == incorrect_leaf[0].eject_value() {
incorrect_value = Uniform::rand(&mut rng);
}
incorrect_leaf[0] = Inject::new(Mode::$mode, incorrect_value);
Circuit::scope(format!("Verify (Incorrect Leaf) {}", Mode::$mode), || {
let candidate = path.verify(&circuit_leaf_hasher, &circuit_path_hasher, &root, &incorrect_leaf);
assert!(!candidate.eject_value());
assert_scope!($num_constants, $num_public, $num_private, $num_constraints);
});
Circuit::reset();
}
}
Ok(())
}};
}
macro_rules! check_verify_keccak {
($lh:ident, $ph:ident, $mode:ident, $depth:expr, $arity:expr, $num_inputs:expr, ($num_constants:expr, $num_public:expr, $num_private:expr, $num_constraints:expr)) => {{
let native_leaf_hasher = snarkvm_console_algorithms::$lh::default();
let circuit_leaf_hasher = $lh::<Circuit>::new();
let mut rng = TestRng::default();
let native_path_hasher = snarkvm_console_algorithms::$ph::default();
let circuit_path_hasher = $ph::<Circuit>::new();
for i in 0..ITERATIONS {
let num_leaves = core::cmp::min(($arity as u128).pow($depth as u32), i);
let leaves = (0..num_leaves)
.map(|_| (0..$num_inputs).map(|_| Uniform::rand(&mut rng)).collect::<Vec<_>>())
.collect::<Vec<_>>();
let merkle_tree = console::kary_merkle_tree::KaryMerkleTree::<_, _, $depth, $arity>::new(
&native_leaf_hasher,
&native_path_hasher,
&leaves,
)?;
for (index, merkle_leaf) in leaves.iter().enumerate() {
let merkle_path = merkle_tree.prove(index, merkle_leaf)?;
let path =
KaryMerklePath::<Circuit, $ph<Circuit>, $depth, $arity>::new(Mode::$mode, merkle_path.clone());
assert_eq!(merkle_path, path.eject_value());
let root = <$ph<Circuit> as PathHash<Circuit>>::Hash::new(Mode::$mode, *merkle_tree.root());
let leaf: Vec<_> = Inject::new(Mode::$mode, merkle_leaf.clone());
Circuit::scope(format!("Verify {}", Mode::$mode), || {
let candidate = path.verify(&circuit_leaf_hasher, &circuit_path_hasher, &root, &leaf);
assert!(candidate.eject_value());
assert_scope!($num_constants, $num_public, $num_private, $num_constraints);
});
Circuit::reset();
let incorrect_root =
<$ph<Circuit> as PathHash<Circuit>>::Hash::new(Mode::$mode, Default::default());
Circuit::scope(format!("Verify (Incorrect Root) {}", Mode::$mode), || {
let candidate = path.verify(&circuit_leaf_hasher, &circuit_path_hasher, &incorrect_root, &leaf);
assert!(!candidate.eject_value());
assert_scope!($num_constants, $num_public, $num_private, $num_constraints);
});
Circuit::reset();
let mut incorrect_leaf = leaf.clone();
let mut incorrect_value = Uniform::rand(&mut rng);
while incorrect_value == incorrect_leaf[0].eject_value() {
incorrect_value = Uniform::rand(&mut rng);
}
incorrect_leaf[0] = Inject::new(Mode::$mode, incorrect_value);
Circuit::scope(format!("Verify (Incorrect Leaf) {}", Mode::$mode), || {
let candidate = path.verify(&circuit_leaf_hasher, &circuit_path_hasher, &root, &incorrect_leaf);
assert!(!candidate.eject_value());
assert_scope!($num_constants, $num_public, $num_private, $num_constraints);
});
Circuit::reset();
}
}
Ok(())
}};
}
#[test]
fn test_verify_bhp512_constant() -> Result<()> {
check_verify!(BHP1024, BHP512, Constant, 10, 4, 1024, (39234, 0, 0, 0))
}
#[test]
fn test_verify_bhp512_public() -> Result<()> {
check_verify!(BHP1024, BHP512, Public, 10, 4, 1024, (9465, 0, 53876, 54056))
}
#[test]
fn test_verify_bhp512_private() -> Result<()> {
check_verify!(BHP1024, BHP512, Private, 10, 4, 1024, (9465, 0, 53876, 54056))
}
#[test]
fn test_verify_poseidon2_constant() -> Result<()> {
check_verify!(Poseidon4, Poseidon2, Constant, 10, 4, 4, (3584, 0, 0, 0))
}
#[test]
fn test_verify_poseidon2_public() -> Result<()> {
check_verify!(Poseidon4, Poseidon2, Public, 10, 4, 4, (4843, 0, 14152, 14232))
}
#[test]
fn test_verify_poseidon2_private() -> Result<()> {
check_verify!(Poseidon4, Poseidon2, Private, 10, 4, 4, (4843, 0, 14152, 14232))
}
#[test]
fn test_verify_keccak256_constant() -> Result<()> {
check_verify_keccak!(Keccak256, Keccak256, Constant, 10, 4, 256, (6388, 0, 0, 0))
}
#[test]
fn test_verify_keccak256_public() -> Result<()> {
check_verify_keccak!(Keccak256, Keccak256, Public, 10, 4, 256, (7648, 0, 1696439, 1696519))
}
#[test]
fn test_verify_keccak256_private() -> Result<()> {
check_verify_keccak!(Keccak256, Keccak256, Private, 10, 4, 256, (7648, 0, 1696439, 1696519))
}
#[test]
fn test_verify_sha3_256_constant() -> Result<()> {
check_verify_keccak!(Sha3_256, Sha3_256, Constant, 10, 4, 256, (6388, 0, 0, 0))
}
#[test]
fn test_verify_sha3_256_public() -> Result<()> {
check_verify_keccak!(Sha3_256, Sha3_256, Public, 10, 4, 256, (7648, 0, 1696439, 1696519))
}
#[test]
fn test_verify_sha3_256_private() -> Result<()> {
check_verify_keccak!(Sha3_256, Sha3_256, Private, 10, 4, 256, (7648, 0, 1696439, 1696519))
}
}