From 57b4e1de204e4ed0258fb361073cf80b35ce2a1a Mon Sep 17 00:00:00 2001 From: Oleksandr Brezhniev Date: Fri, 5 Jan 2024 02:43:56 +0000 Subject: [PATCH] Check profileNonce=0 when authChecked=0. Do not check issuer non rev state when isRevocationChecked=0 and proofType is MTP. Non-linear constraints: V3: 56215, V3OnChain: 107779. --- circuits/offchain/credentialAtomicQueryV3OffChain.circom | 8 +++++++- circuits/onchain/credentialAtomicQueryV3OnChain.circom | 2 ++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/circuits/offchain/credentialAtomicQueryV3OffChain.circom b/circuits/offchain/credentialAtomicQueryV3OffChain.circom index 80b64a1e..48b0a526 100644 --- a/circuits/offchain/credentialAtomicQueryV3OffChain.circom +++ b/circuits/offchain/credentialAtomicQueryV3OffChain.circom @@ -187,9 +187,15 @@ template credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySi treeRoot <== issuerClaimNonRevRevTreeRoot ); // 11763 constraints + // check issuer non revocation state only if we need it: + // 1. if Sig proof is provided we need to check non revocation of authClaim always + // AND non revocation of issuerClaim only if isRevocationChecked = 1 + // 2. if MTP proof is provided we need to check non revocation of claim only if isRevocationChecked = 1 + signal checkIssuerClaimNonRevState <== OR()(isSig, isRevocationChecked); + // verify issuer state for claim non-revocation proof checkIdenStateMatchesRoots()( - one, + checkIssuerClaimNonRevState, issuerClaimNonRevClaimsTreeRoot, issuerClaimNonRevRevTreeRoot, issuerClaimNonRevRootsTreeRoot, diff --git a/circuits/onchain/credentialAtomicQueryV3OnChain.circom b/circuits/onchain/credentialAtomicQueryV3OnChain.circom index a8e3d044..27bc8752 100644 --- a/circuits/onchain/credentialAtomicQueryV3OnChain.circom +++ b/circuits/onchain/credentialAtomicQueryV3OnChain.circom @@ -173,6 +173,8 @@ template credentialAtomicQueryV3OnChain(issuerLevels, claimLevels, valueArraySiz // Auth check ///////////////////////////////////////////////////////////////// + ForceEqualIfEnabled()(NOT()(authEnabled), [profileNonce, 0]); + checkAuthV2(idOwnershipLevels, onChainLevels)( authEnabled, // enabled userGenesisID,