refactor: hash merkle tree pubkey onchain, chore: update circuit readme

ananas-block · ananas-block · commit 4e55253c78e9 · 2025-10-20T20:15:44.000+01:00
diff --git a/zk-id/circuits/README.md b/zk-id/circuits/README.md
@@ -1,75 +1,41 @@
-# ZK Circom Circuit for Compressed Account Merkle Proof
+# Compressed Account Merkle Proof Circuit
 
-This directory contains a circom circuit that verifies a Merkle proof of a compressed account on Solana.
+Zero-knowledge circuit that proves ownership of a compressed account in a Merkle tree without revealing the account details.
 
-## Circuit Overview
+## What It Does
 
-The `compressed_account_merkle_proof.circom` circuit combines two key components:
+The circuit verifies:
+1. **Account Hash** - Computes Poseidon hash of account fields (owner, discriminator, data)
+2. **Merkle Inclusion** - Proves the account exists at a specific leaf in a 26-level tree
 
-1. **Compressed Account Hash**: Computes the hash of a compressed account using Poseidon hash
-   - Based on: https://github.com/ananas-block/compressed-account-circuit
-   - Inputs: owner_hashed, leaf_index, merkle_tree_hashed, discriminator, data_hash
-
-2. **Merkle Proof Verification**: Verifies the account exists in a Merkle tree
-   - Based on: /Users/ananas/dev/light-protocol2/circuit-lib/circuit-lib.circom
-   - Inputs: pathElements (26 levels), expectedRoot
-
-## Setup
-
-Run the setup script - it will handle dependencies, compilation, and key generation:
+## Setup & Testing
 
 ```bash
+# Compile circuit and generate keys
 ./scripts/setup.sh
-```
 
-To clean up build artifacts:
+# Run tests
+cargo test-sbf
 
-```bash
+# Clean build artifacts
 ./scripts/clean.sh
 ```
 
-## Testing
-
-### Rust Test with Mopro
+## Circuit I/O
 
-The circuit can be tested from Rust using the mopro library:
+**Public inputs** (visible in proof):
+- `owner_hashed`, `merkle_tree_hashed`, `discriminator` - Account identifiers
+- `issuer_hashed` - Credential issuer
+- `expectedRoot` - Merkle tree root
+- `public_encrypted_data_hash`, `public_data_hash` - Data commitments
 
-```bash
-cargo test test_compressed_account_merkle_proof_circuit
-```
+**Private inputs** (hidden):
+- `leaf_index` - Account position in tree
+- `pathElements[26]` - Merkle proof path
 
-This test:
-1. Loads the compiled circuit and zkey
-2. Generates a proof with sample inputs
-3. Verifies the proof is valid
+## Architecture
 
-## Circuit Structure
-
-```
-CompressedAccountMerkleProof (main)
-├── CompressedAccountHash
-│   └── Poseidon(5) - Hashes account fields
-└── MerkleProof(26)
-    ├── Num2Bits - Converts leaf index to bits
-    ├── Switcher[26] - Routes left/right based on path
-    └── Poseidon(2)[26] - Hashes up the tree
 ```
-
-## Public Inputs
-
-The following inputs are public (visible in the proof):
-- owner_hashed
-- merkle_tree_hashed
-- discriminator
-- data_hash
-- expectedRoot
-
-Private inputs:
-- leaf_index
-- pathElements
-
-## References
-
-- Compressed Account Circuit: https://github.com/ananas-block/compressed-account-circuit
-- Mopro ZK Library: https://github.com/zkmopro/mopro
-- SnarkJS: https://github.com/iden3/snarkjs
+CompressedAccountMerkleProof
+├── CompressedAccountHash (Poseidon hash of 5 fields)
+└── MerkleProof (26-level binary tree verification)
diff --git a/zk-id/src/lib.rs b/zk-id/src/lib.rs
@@ -156,7 +156,6 @@ pub mod zk_id {
         encrypted_data: Vec<u8>,
         credential_proof: CompressedProof,
         issuer: [u8; 32],
-        merkle_tree_hashed: [u8; 32],
         data_hash: [u8; 32],
         verification_id: [u8; 32],
     ) -> Result<()> {
@@ -190,6 +189,12 @@ pub mod zk_id {
             input_root_index,
         )
         .map_err(|e| ProgramError::from(e))?;
+
+        let merkle_tree_pubkey = ctx.accounts.input_merkle_tree.key();
+        let merkle_tree_hashed =
+            hashv_to_bn254_field_size_be_const_array::<2>(&[&merkle_tree_pubkey.to_bytes()])
+                .unwrap();
+
         let mut discriminator = [0u8; 32];
         discriminator[24..].copy_from_slice(CredentialAccount::LIGHT_DISCRIMINATOR_SLICE);
         let issuer_hashed = hashv_to_bn254_field_size_be_const_array::<2>(&[&issuer]).unwrap();
diff --git a/zk-id/src/verifying_key.rs b/zk-id/src/verifying_key.rs
@@ -9,7 +9,7 @@ pub const VERIFYINGKEY: Groth16Verifyingkey = Groth16Verifyingkey {
 
 	vk_gamma_g2: [25u8, 142u8, 147u8, 147u8, 146u8, 13u8, 72u8, 58u8, 114u8, 96u8, 191u8, 183u8, 49u8, 251u8, 93u8, 37u8, 241u8, 170u8, 73u8, 51u8, 53u8, 169u8, 231u8, 18u8, 151u8, 228u8, 133u8, 183u8, 174u8, 243u8, 18u8, 194u8, 24u8, 0u8, 222u8, 239u8, 18u8, 31u8, 30u8, 118u8, 66u8, 106u8, 0u8, 102u8, 94u8, 92u8, 68u8, 121u8, 103u8, 67u8, 34u8, 212u8, 247u8, 94u8, 218u8, 221u8, 70u8, 222u8, 189u8, 92u8, 217u8, 146u8, 246u8, 237u8, 9u8, 6u8, 137u8, 208u8, 88u8, 95u8, 240u8, 117u8, 236u8, 158u8, 153u8, 173u8, 105u8, 12u8, 51u8, 149u8, 188u8, 75u8, 49u8, 51u8, 112u8, 179u8, 142u8, 243u8, 85u8, 172u8, 218u8, 220u8, 209u8, 34u8, 151u8, 91u8, 18u8, 200u8, 94u8, 165u8, 219u8, 140u8, 109u8, 235u8, 74u8, 171u8, 113u8, 128u8, 141u8, 203u8, 64u8, 143u8, 227u8, 209u8, 231u8, 105u8, 12u8, 67u8, 211u8, 123u8, 76u8, 230u8, 204u8, 1u8, 102u8, 250u8, 125u8, 170u8],
 
-	vk_delta_g2: [21u8, 72u8, 208u8, 181u8, 233u8, 215u8, 234u8, 232u8, 113u8, 68u8, 77u8, 114u8, 103u8, 162u8, 47u8, 11u8, 120u8, 77u8, 110u8, 19u8, 67u8, 254u8, 169u8, 8u8, 191u8, 75u8, 11u8, 227u8, 210u8, 6u8, 173u8, 116u8, 45u8, 185u8, 182u8, 83u8, 53u8, 212u8, 78u8, 213u8, 69u8, 211u8, 202u8, 5u8, 201u8, 183u8, 233u8, 109u8, 204u8, 118u8, 17u8, 183u8, 24u8, 152u8, 252u8, 216u8, 43u8, 181u8, 124u8, 88u8, 151u8, 223u8, 136u8, 89u8, 6u8, 22u8, 50u8, 253u8, 219u8, 31u8, 186u8, 76u8, 70u8, 153u8, 107u8, 169u8, 85u8, 202u8, 171u8, 74u8, 160u8, 61u8, 172u8, 104u8, 190u8, 41u8, 165u8, 192u8, 39u8, 17u8, 21u8, 78u8, 131u8, 223u8, 52u8, 147u8, 19u8, 186u8, 39u8, 3u8, 160u8, 232u8, 28u8, 85u8, 253u8, 159u8, 62u8, 190u8, 149u8, 21u8, 38u8, 33u8, 245u8, 201u8, 183u8, 80u8, 156u8, 157u8, 166u8, 239u8, 220u8, 76u8, 134u8, 209u8, 85u8, 64u8, 120u8, 130u8],
+	vk_delta_g2: [21u8, 95u8, 178u8, 184u8, 133u8, 102u8, 147u8, 146u8, 185u8, 207u8, 155u8, 169u8, 158u8, 231u8, 105u8, 245u8, 57u8, 139u8, 26u8, 255u8, 16u8, 86u8, 101u8, 167u8, 236u8, 145u8, 51u8, 165u8, 20u8, 243u8, 112u8, 130u8, 38u8, 60u8, 197u8, 144u8, 223u8, 87u8, 184u8, 6u8, 235u8, 119u8, 43u8, 252u8, 230u8, 206u8, 211u8, 215u8, 100u8, 176u8, 179u8, 120u8, 38u8, 106u8, 147u8, 215u8, 224u8, 190u8, 214u8, 137u8, 240u8, 14u8, 47u8, 193u8, 16u8, 27u8, 107u8, 220u8, 204u8, 166u8, 239u8, 13u8, 108u8, 46u8, 38u8, 131u8, 183u8, 51u8, 95u8, 158u8, 158u8, 190u8, 201u8, 191u8, 130u8, 253u8, 232u8, 240u8, 162u8, 198u8, 123u8, 165u8, 73u8, 239u8, 104u8, 173u8, 20u8, 105u8, 38u8, 204u8, 145u8, 51u8, 145u8, 114u8, 144u8, 104u8, 74u8, 34u8, 237u8, 28u8, 141u8, 184u8, 26u8, 194u8, 19u8, 233u8, 9u8, 172u8, 238u8, 107u8, 40u8, 113u8, 252u8, 18u8, 171u8, 199u8, 146u8, 213u8],
 
 	vk_ic: &[
 		[22u8, 24u8, 254u8, 206u8, 152u8, 246u8, 56u8, 167u8, 103u8, 120u8, 252u8, 140u8, 102u8, 72u8, 191u8, 241u8, 29u8, 106u8, 51u8, 197u8, 27u8, 159u8, 141u8, 78u8, 189u8, 160u8, 73u8, 24u8, 183u8, 155u8, 8u8, 91u8, 41u8, 139u8, 41u8, 97u8, 22u8, 78u8, 73u8, 136u8, 207u8, 61u8, 34u8, 70u8, 147u8, 59u8, 149u8, 33u8, 109u8, 142u8, 61u8, 247u8, 162u8, 228u8, 118u8, 62u8, 86u8, 245u8, 185u8, 137u8, 77u8, 166u8, 60u8, 84u8],
diff --git a/zk-id/tests/test.rs b/zk-id/tests/test.rs
@@ -332,8 +332,6 @@ where
         .get_random_state_tree_info()?
         .pack_output_tree_index(&mut remaining_accounts)?;
 
-    let merkle_tree_hashed = hash_to_bn254_field_size_be(state_tree.as_ref());
-
     let instruction_data = zk_id::instruction::ZkVerifyCredential {
         proof: rpc_result.proof,
         address_tree_info: packed_address_tree_accounts[0],
@@ -342,7 +340,6 @@ where
         encrypted_data,
         credential_proof,
         issuer: credential_account_parsed.issuer.to_bytes(),
-        merkle_tree_hashed,
         data_hash,
         verification_id,
     };
