Circuit Architecture
We provide five main circuits as follows.
account_creation.circom
A circuit to verify the account creation.
It takes as input the following data:
- an email address
email_addr
. - a relayer's randomness
relayer_rand
. - an account key
account_key
.
Its instances are as follows:
- the poseidon hash of the relayer's randomness (randomness hash)
relayer_rand_hash
. - an email address pointer
pointer
. - a commitment of the account key
ak_commit
. - a user's wallet salt
wallet_salt
, a PSI point on elliptic curvepsi_point
.
account_init.circom
A circuit to verify the account initialization.
It takes as input the following data:
- a padded email header
in_padded
. - an RSA public key
pubkey
. - an RSA signature
signature
. - the bytes of the padded email header
in_padded_len
. - the sender relayer's randomness
sender_relayer_rand
. - a starting position of the sender's email address in the email header
sender_email_idx
. - a starting position of the invitation code in the email header
code_idx
. - a starting position of the email domain in the sender's email address
domain_idx
. - a starting position of the timestamp in the email header
timestamp_idx
.
Its instances are as follows:
- an email domain
domain_name
. - a poseidon hash of the RSA public key
pubkey_hash
. - the sender relayer's randomness hash
sender_relayer_rand_hash
. - an nullifier of the email
email_nullifier
. - the sender's email address pointer
sender_pointer
. - a commitment of the sender's account key
sender_ak_commit
. - a timestamp in the email header
timestamp
.
account_transport.circom
A circuit to verify the account transport.
It takes as input the following data:
- a padded email header
in_padded
. - an RSA public key
pubkey
. - an RSA signature
signature
. - the bytes of the padded email header
in_padded_len
. - the old relayer's randomness hash
old_relayer_rand_hash
. - the new relayer's randomness
new_relayer_rand
. - a starting position of the sender's email address in the email header
sender_email_idx
. - a starting position of the invitation code in the email header
code_idx
. - a starting position of the email domain in the sender's email address
domain_idx
. - a starting position of the timestamp in the email header
timestamp_idx
.
Its instances are as follows:
- an email domain
domain_name
. - a poseidon hash of the RSA public key
pubkey_hash
. - an nullifier of the email
email_nullifier
. - a commitment of the sender's account key under the old relayer
old_ak_commit
. - a commitment of the sender's account key under the new relayer
new_ak_commit
. - the new relayer's randomness hash
new_relayer_rand_hash
. - a timestamp in the email header
timestamp
. - the old relayer's randomness hash
old_relayer_rand_hash
.
claim.circom
A circuit to verify the claim of unclaimed funds/states.
It takes as input the following data.
- an email address
recipient_email_addr
, - a relayer's randomness
recipient_relayer_rand
. - a randomness used for the email address commitment
cm_rand
.
Its instances are as follows:
- the relayer's randomness hash
recipient_relayer_rand_hash
. - an email address pointer
recipient_pointer
. - an email address commitment
recipient_email_addr_commit
.
email_sender.circom
A circuit to verify the user's email for calling a command.
It takes as input the following data.
- a padded email header
in_padded
. - an RSA public key
pubkey
. - an RSA signature
signature
. - the bytes of the padded email header
in_padded_len
. - the sender relayer's randomness
sender_relayer_rand
. - a starting position of the sender's email address in the email header
sender_email_idx
. - a starting position of the subject in the email header
subject_idx
. - a starting position of the recipient's email address in the subject
recipient_email_idx
. - a starting position of the email domain in the sender's email address
domain_idx
. - a starting position of the timestamp in the email header
timestamp_idx
.
Its instances are as follows:
- a masked subject where a character in the email address is replaced with zero
masked_subject_str
. - an email domain
domain_name
. - a poseidon hash of the RSA public key
pubkey_hash
. - the sender relayer's randomness hash
sender_relayer_rand_hash
. - an nullifier of the email
email_nullifier
. - the sender's email address pointer
sender_pointer
. - a flag whether the subject contains the recipient's email address
has_email_recipient
(0 or 1). - the recipient's email address commitment
recipient_email_addr_commit
. - a timestamp in the email header
timestamp
.
announcement.circom
A circuit to verify that the given email address commitment is derived from the given email address and randomness. While it is not used in our core contracts, it is provided for third-party contracts to register unclaimed funds/states for the public email address and the randomness.
It takes as input the following data:
- an email address
email_addr
. - a randomness used for the email address commitment
cm_rand
.
Its instances are as follows:
- a packed integer of the email address
email_addr_ints
. - an email address commitment
email_addr_commit
. - a randomness used for the email address commitment
cm_rand
.
How to Use
Build circuits
yarn && yarn build
Run tests
At packages/circuits
, make a build
directory, download the zip file from the following link, and place its unziped files under build
.
Then run the following command. yarn test
Generate proving keys and verifier contracts for main circuits
yarn dev-setup
Generate proofs for main circuits with example inputs
yarn gen-random-proofs
Verify the proofs
yarn verify-proofs