Merge pull request #1146 from privacy-scaling-explorations/feat/non-qv

feat(qv): add optional flag to use quadratic voting or not in MACI
privacy-scaling-explorations · Feb 2, 2024 · 236f2cf · 236f2cf
2 parents a8ee053 + 86ba854
commit 236f2cf
Show file tree

Hide file tree

Showing 31 changed files with 1,777 additions and 173 deletions.
diff --git a/circuits/circom/circuits.json b/circuits/circom/circuits.json
@@ -5,12 +5,24 @@
     "params": [10, 2, 1, 2],
     "pubs": ["inputHash"]
   },
+  "ProcessMessagesNonQv_10-2-1-2_test": {
+    "file": "processMessagesNonQv",
+    "template": "ProcessMessagesNonQv",
+    "params": [10, 2, 1, 2],
+    "pubs": ["inputHash"]
+  },
   "TallyVotes_10-1-2_test": {
     "file": "tallyVotes",
     "template": "TallyVotes",
     "params": [10, 1, 2],
     "pubs": ["inputHash"]
   },
+  "TallyVotesNonQv_10-1-2_test": {
+    "file": "tallyVotesNonQv",
+    "template": "TallyVotesNonQv",
+    "params": [10, 1, 2],
+    "pubs": ["inputHash"]
+  },
   "SubsidyPerBatch_10-1-2_test": {
     "file": "subsidy",
     "template": "SubsidyPerBatch",

diff --git a/circuits/circom/hasherSha256.circom b/circuits/circom/hasherSha256.circom
@@ -23,7 +23,7 @@ template Sha256Hasher3() {
     signal output hash;
 
     component hasher = Sha256Hasher(length);
-    for (var i = 0; i < length; i ++) {
+    for (var i = 0; i < length; i++) {
         hasher.in[i] <== in[i];
     }
     hash <== hasher.hash;
@@ -37,7 +37,7 @@ template Sha256Hasher4() {
     signal output hash;
 
     component hasher = Sha256Hasher(length);
-    for (var i = 0; i < length; i ++) {
+    for (var i = 0; i < length; i++) {
         hasher.in[i] <== in[i];
     }
     hash <== hasher.hash;
@@ -51,7 +51,7 @@ template Sha256Hasher5() {
     signal output hash;
 
     component hasher = Sha256Hasher(length);
-    for (var i = 0; i < length; i ++) {
+    for (var i = 0; i < length; i++) {
         hasher.in[i] <== in[i];
     }
     hash <== hasher.hash;
@@ -65,7 +65,7 @@ template Sha256Hasher6() {
     signal output hash;
 
     component hasher = Sha256Hasher(length);
-    for (var i = 0; i < length; i ++) {
+    for (var i = 0; i < length; i++) {
         hasher.in[i] <== in[i];
     }
     hash <== hasher.hash;
@@ -79,7 +79,7 @@ template Sha256Hasher10() {
     signal output hash;
 
     component hasher = Sha256Hasher(length);
-    for (var i = 0; i < length; i ++) {
+    for (var i = 0; i < length; i++) {
         hasher.in[i] <== in[i];
     }
     hash <== hasher.hash;
@@ -98,8 +98,8 @@ template Sha256Hasher(length) {
     }
 
     component sha = Sha256(inBits);
-    for (var i = 0; i < length; i ++) {
-        for (var j = 0; j < 256; j ++) {
+    for (var i = 0; i < length; i++) {
+        for (var j = 0; j < 256; j++) {
             sha.in[(i * 256) + 255 - j] <== n2b[i].out[j];
         }
     }

diff --git a/circuits/circom/messageHasher.circom b/circuits/circom/messageHasher.circom
@@ -16,7 +16,7 @@ template MessageHasher() {
     component hasher = Hasher13();
 
     // we add all parts of the msg
-    for (var i = 0; i < 11; i ++) {
+    for (var i = 0; i < 11; i++) {
         hasher.in[i] <== in[i];
     }
     hasher.in[11] <== encPubKey[0];

diff --git a/circuits/circom/messageToCommand.circom b/circuits/circom/messageToCommand.circom
@@ -55,7 +55,7 @@ template MessageToCommand() {
 
     // save the decrypted message into a packed command signal
     signal packedCommand[PACKED_CMD_LENGTH];
-    for (var i = 0; i < PACKED_CMD_LENGTH; i ++) {
+    for (var i = 0; i < PACKED_CMD_LENGTH; i++) {
         packedCommand[i] <== decryptor.decrypted[i];
     }
 
@@ -80,7 +80,7 @@ template MessageToCommand() {
 
     // this could be removed and instead
     // use packedCommand as output
-    for (var i = 0; i < PACKED_CMD_LENGTH; i ++) {
+    for (var i = 0; i < PACKED_CMD_LENGTH; i++) {
         packedCommandOut[i] <== packedCommand[i];
     }
 }
diff --git a/circuits/circom/messageValidator.circom b/circuits/circom/messageValidator.circom
@@ -48,7 +48,7 @@ template MessageValidator() {
     validSignature.R8[0] <== sigR8[0];
     validSignature.R8[1] <== sigR8[1];
     validSignature.S <== sigS;
-    for (var i = 0; i < PACKED_CMD_LENGTH; i ++) {
+    for (var i = 0; i < PACKED_CMD_LENGTH; i++) {
         validSignature.preimage[i] <== cmd[i];
     }
 

diff --git a/circuits/circom/messageValidatorNonQv.circom b/circuits/circom/messageValidatorNonQv.circom
@@ -0,0 +1,84 @@
+pragma circom 2.0.0;
+
+// local imports
+include "./verifySignature.circom";
+include "./utils.circom";
+
+// template that validates whether a message
+// is valid or not 
+// @note it does not do quadratic voting
+template MessageValidatorNonQv() {
+    // a) Whether the state leaf index is valid
+    signal input stateTreeIndex;
+    // how many signups we have in the state tree
+    signal input numSignUps;
+    // we check that the state tree index is <= than the number of signups
+    // as first validation
+    // it is <= because the state tree index is 1-based
+    // 0 is for blank state leaf then 1 for the first actual user
+    // which is where the numSignUps starts
+    component validStateLeafIndex = SafeLessEqThan(252);
+    validStateLeafIndex.in[0] <== stateTreeIndex;
+    validStateLeafIndex.in[1] <== numSignUps;
+
+    // b) Whether the max vote option tree index is correct
+    signal input voteOptionIndex;
+    signal input maxVoteOptions;
+    component validVoteOptionIndex = SafeLessThan(252);
+    validVoteOptionIndex.in[0] <== voteOptionIndex;
+    validVoteOptionIndex.in[1] <== maxVoteOptions;
+
+    // c) Whether the nonce is correct
+    signal input originalNonce;
+    signal input nonce;
+    component validNonce = IsEqual();
+    // the nonce should be previous nonce + 1
+    validNonce.in[0] <== originalNonce + 1;
+    validNonce.in[1] <== nonce;
+
+    var PACKED_CMD_LENGTH = 4;
+    // d) Whether the signature is correct
+    signal input cmd[PACKED_CMD_LENGTH];
+    signal input pubKey[2];
+    signal input sigR8[2];
+    signal input sigS;
+
+    component validSignature = VerifySignature();
+    validSignature.pubKey[0] <== pubKey[0];
+    validSignature.pubKey[1] <== pubKey[1];
+    validSignature.R8[0] <== sigR8[0];
+    validSignature.R8[1] <== sigR8[1];
+    validSignature.S <== sigS;
+    for (var i = 0; i < PACKED_CMD_LENGTH; i++) {
+        validSignature.preimage[i] <== cmd[i];
+    }
+
+    // e) Whether the state leaf was inserted before the Poll period ended
+    signal input slTimestamp;
+    signal input pollEndTimestamp;
+    component validTimestamp = SafeLessEqThan(252);
+    validTimestamp.in[0] <== slTimestamp;
+    validTimestamp.in[1] <== pollEndTimestamp;
+
+    // f) Whether there are sufficient voice credits
+    signal input currentVoiceCreditBalance;
+    signal input currentVotesForOption;
+    signal input voteWeight;
+
+    // Check that currentVoiceCreditBalance + (currentVotesForOption) >= (voteWeight)
+    component sufficientVoiceCredits = SafeGreaterEqThan(252);
+    sufficientVoiceCredits.in[0] <== currentVotesForOption + currentVoiceCreditBalance;
+    sufficientVoiceCredits.in[1] <== voteWeight;
+
+    // if all 6 checks are correct then is IsValid = 1
+    component validUpdate = IsEqual();
+    validUpdate.in[0] <== 6;
+    validUpdate.in[1] <== validSignature.valid + 
+                          sufficientVoiceCredits.out +
+                          validNonce.out +
+                          validStateLeafIndex.out +
+                          validTimestamp.out +
+                          validVoteOptionIndex.out;
+    signal output isValid;
+    isValid <== validUpdate.out;
+}
diff --git a/circuits/circom/poseidon/poseidonHashT3.circom b/circuits/circom/poseidon/poseidonHashT3.circom
@@ -8,7 +8,7 @@ template PoseidonHashT3() {
     signal output out;
 
     component hasher = Poseidon_OLD(nInputs);
-    for (var i = 0; i < nInputs; i ++) {
+    for (var i = 0; i < nInputs; i++) {
         hasher.inputs[i] <== inputs[i];
     }
     out <== hasher.out;

diff --git a/circuits/circom/poseidon/poseidonHashT4.circom b/circuits/circom/poseidon/poseidonHashT4.circom
@@ -8,7 +8,7 @@ template PoseidonHashT4() {
     signal output out;
 
     component hasher = Poseidon_OLD(nInputs);
-    for (var i = 0; i < nInputs; i ++) {
+    for (var i = 0; i < nInputs; i++) {
         hasher.inputs[i] <== inputs[i];
     }
     out <== hasher.out;

diff --git a/circuits/circom/poseidon/poseidonHashT5.circom b/circuits/circom/poseidon/poseidonHashT5.circom
@@ -8,7 +8,7 @@ template PoseidonHashT5() {
     signal output out;
 
     component hasher = Poseidon_OLD(nInputs);
-    for (var i = 0; i < nInputs; i ++) {
+    for (var i = 0; i < nInputs; i++) {
         hasher.inputs[i] <== inputs[i];
     }
     out <== hasher.out;

diff --git a/circuits/circom/poseidon/poseidonHashT6.circom b/circuits/circom/poseidon/poseidonHashT6.circom
@@ -8,7 +8,7 @@ template PoseidonHashT6() {
     signal output out;
 
     component hasher = Poseidon_OLD(nInputs);
-    for (var i = 0; i < nInputs; i ++) {
+    for (var i = 0; i < nInputs; i++) {
         hasher.inputs[i] <== inputs[i];
     }
     out <== hasher.out;