Made issuerAuthState signal an input. Added issuerState output signal…

… that switches between issuerAuthState and issuerAuthState depending on proofType, so that only one value needs to be checked outside the circuit. Added missing isRevocationChecked signal output to testvector gen. Minor testvectorgen code reorg.

circuits/credentialAtomicQueryV3.circom

@@ -3,11 +3,10 @@ pragma circom 2.1.1;
 include "offchain/credentialAtomicQueryV3OffChain.circom";
 
 /*
- public signals:
+ public output signals:
  userID - user profile id
  merklized - `1` if claim is merklized
- issuerAuthState // for sig
- issuerClaimIdenState // for mtp
+ issuerState - equals to issuerAuthState for sig, and to issuerClaimIdenState for mtp
 */
 component main{public [requestID,
                        issuerID,
@@ -20,7 +19,6 @@ component main{public [requestID,
                        value,
                        timestamp, 
                        isRevocationChecked,
-                       issuerClaimIdenState, // MTP specific
                        proofType,
                        verifierID
                        ]} = credentialAtomicQueryV3OffChain(40, 32, 64);

circuits/credentialAtomicQueryV3OnChain.circom

@@ -2,9 +2,14 @@ pragma circom 2.1.1;
 
 include "./onchain/credentialAtomicQueryV3OnChain.circom";
 
+/*
+ public output signals:
+ userID - user profile id
+ merklized - `1` if claim is merklized
+ issuerState - equals to issuerAuthState for sig, and to issuerClaimIdenState for mtp
+*/
 component main{public [requestID,
                        issuerID,
-                       issuerClaimIdenState,
                        issuerClaimNonRevState,
                        timestamp,
                        isRevocationChecked,

circuits/offchain/credentialAtomicQueryV3OffChain.circom

@@ -68,6 +68,7 @@ template credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySi
     signal input issuerAuthClaimsTreeRoot;
     signal input issuerAuthRevTreeRoot;
     signal input issuerAuthRootsTreeRoot;
+    signal input issuerAuthState;
     signal input issuerAuthClaimNonRevMtp[issuerLevels];
     signal input issuerAuthClaimNonRevMtpNoAux;
     signal input issuerAuthClaimNonRevMtpAuxHi;
@@ -76,8 +77,10 @@ template credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySi
     signal input issuerClaimSignatureR8y;
     signal input issuerClaimSignatureS;
 
-    // Sig specific outputs
-    signal output issuerAuthState;
+    // Issuer State to be checked outside of the circuit
+    // in case of MTP proof issuerState = issuerClaimIdenState
+    // in case of Sig proof issuerState = issuerAuthState
+    signal output issuerState;
 
     // Private random nonce, used to generate LinkID
     signal input linkNonce;
@@ -130,45 +133,38 @@ template credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySi
         issuerClaimSignatureS <== issuerClaimSignatureS
     ); // 28265 constraints
 
-    // TODO: move calc outside of the circuit
-    signal tmpAuthState;
-    tmpAuthState <== getIdenState()(
-        issuerAuthClaimsTreeRoot,
-        issuerAuthRevTreeRoot,
-        issuerAuthRootsTreeRoot
-    );
-    issuerAuthState <== tmpAuthState * isSig;
-
     signal issuerAuthClaimHi, issuerAuthClaimHv;
 	(issuerAuthClaimHi, issuerAuthClaimHv) <== getClaimHiHv()(issuerAuthClaim);
 
-    signal tmpClaimHi, tmpClaimHv, tmpClaimIssuanceMtp[issuerLevels],
-        tmpClaimIssuanceClaimsTreeRoot, tmpClaimIssuanceRevTreeRoot,
-        tmpClaimIssuanceRootsTreeRoot, tmpClaimIssuanceIdenState;
+    signal _claimHi, _claimHv, _claimIssuanceMtp[issuerLevels],
+        _claimIssuanceClaimsTreeRoot, _claimIssuanceRevTreeRoot,
+        _claimIssuanceRootsTreeRoot, _claimIssuanceIdenState;
 
-    tmpClaimHi <== Mux1()([issuerClaimHi, issuerAuthClaimHi], isSig);
-    tmpClaimHv <== Mux1()([issuerClaimHv, issuerAuthClaimHv], isSig);
+    // switch between claim and authClaim issuance proof depending if Sig or MTP proof is provided
+    issuerState <== Mux1()([issuerClaimIdenState, issuerAuthState], isSig);
+    _claimHi <== Mux1()([issuerClaimHi, issuerAuthClaimHi], isSig);
+    _claimHv <== Mux1()([issuerClaimHv, issuerAuthClaimHv], isSig);
     for (var i = 0; i < issuerLevels; i++) {
-        tmpClaimIssuanceMtp[i] <== Mux1()([issuerClaimMtp[i], issuerAuthClaimMtp[i]], isSig);
+        _claimIssuanceMtp[i] <== Mux1()([issuerClaimMtp[i], issuerAuthClaimMtp[i]], isSig);
     }
-    tmpClaimIssuanceClaimsTreeRoot <== Mux1()([issuerClaimClaimsTreeRoot, issuerAuthClaimsTreeRoot], isSig);
-    tmpClaimIssuanceRevTreeRoot <== Mux1()([issuerClaimRevTreeRoot, issuerAuthRevTreeRoot], isSig);
-    tmpClaimIssuanceRootsTreeRoot <== Mux1()([issuerClaimRootsTreeRoot, issuerAuthRootsTreeRoot], isSig);
-    tmpClaimIssuanceIdenState <== Mux1()([issuerClaimIdenState, issuerAuthState], isSig);
+    _claimIssuanceClaimsTreeRoot <== Mux1()([issuerClaimClaimsTreeRoot, issuerAuthClaimsTreeRoot], isSig);
+    _claimIssuanceRevTreeRoot <== Mux1()([issuerClaimRevTreeRoot, issuerAuthRevTreeRoot], isSig);
+    _claimIssuanceRootsTreeRoot <== Mux1()([issuerClaimRootsTreeRoot, issuerAuthRootsTreeRoot], isSig);
+    _claimIssuanceIdenState <== Mux1()([issuerClaimIdenState, issuerAuthState], isSig);
 
     // Verify issuance of claim in case of MTP proof OR issuance of auth claim in case of Sig proof
     verifyClaimIssuance(issuerLevels)(
         enabled <== 1,
-        claimHi <== tmpClaimHi,
-        claimHv <== tmpClaimHv,
-        claimIssuanceMtp <== tmpClaimIssuanceMtp,
-        claimIssuanceClaimsTreeRoot <== tmpClaimIssuanceClaimsTreeRoot,
-        claimIssuanceRevTreeRoot <== tmpClaimIssuanceRevTreeRoot,
-        claimIssuanceRootsTreeRoot <== tmpClaimIssuanceRootsTreeRoot,
-        claimIssuanceIdenState <== tmpClaimIssuanceIdenState
+        claimHi <== _claimHi,
+        claimHv <== _claimHv,
+        claimIssuanceMtp <== _claimIssuanceMtp,
+        claimIssuanceClaimsTreeRoot <== _claimIssuanceClaimsTreeRoot,
+        claimIssuanceRevTreeRoot <== _claimIssuanceRevTreeRoot,
+        claimIssuanceRootsTreeRoot <== _claimIssuanceRootsTreeRoot,
+        claimIssuanceIdenState <== issuerState
     );
 
-    // non revocation status
+    // check claim is not revoked
     checkClaimNotRevoked(issuerLevels)(
         enabled <== isRevocationChecked,
         claim <== issuerClaim,
@@ -301,14 +297,15 @@ template sigFlow(issuerLevels) {
         80551937543569765027552589160822318028
     );
 
+    // check authClaim is not revoked
     checkClaimNotRevoked(issuerLevels)(
         enabled <== enabled,
         claim <== issuerAuthClaim,
         claimNonRevMTP <== issuerAuthClaimNonRevMtp,
         noAux <== issuerAuthClaimNonRevMtpNoAux,
         auxHi <== issuerAuthClaimNonRevMtpAuxHi,
         auxHv <== issuerAuthClaimNonRevMtpAuxHv,
-        treeRoot <== issuerClaimNonRevRevTreeRoot // TODO: can we reuse issuerAuthRevTreeRoot & state here?
+        treeRoot <== issuerClaimNonRevRevTreeRoot // the same value as for the claim non-revocation check
     ); // 11763 constraints
 
     component issuerAuthPubKey = getPubKeyFromClaim();

circuits/onchain/credentialAtomicQueryV3OnChain.circom

@@ -138,15 +138,19 @@ template credentialAtomicQueryV3OnChain(issuerLevels, claimLevels, valueArraySiz
     signal input issuerAuthClaimsTreeRoot;
     signal input issuerAuthRevTreeRoot;
     signal input issuerAuthRootsTreeRoot;
+    signal input issuerAuthState;
     signal input issuerAuthClaimNonRevMtp[issuerLevels];
     signal input issuerAuthClaimNonRevMtpNoAux;
     signal input issuerAuthClaimNonRevMtpAuxHi;
     signal input issuerAuthClaimNonRevMtpAuxHv;
     signal input issuerClaimSignatureR8x;
     signal input issuerClaimSignatureR8y;
     signal input issuerClaimSignatureS;
-    // Sig specific output
-    signal output issuerAuthState;
+
+    // Issuer State to be checked outside of the circuit
+    // in case of MTP proof issuerState = issuerClaimIdenState
+    // in case of Sig proof issuerState = issuerAuthState
+    signal output issuerState;
 
     // Private random nonce, used to generate LinkID
     signal input linkNonce;
@@ -191,7 +195,7 @@ template credentialAtomicQueryV3OnChain(issuerLevels, claimLevels, valueArraySiz
     // Claim checks
     /////////////////////////////////////////////////////////////////
 
-    (merklized, userID, issuerAuthState, linkID, operatorOutput) <== credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySize)(
+    (merklized, userID, issuerState, linkID, operatorOutput) <== credentialAtomicQueryV3OffChain(issuerLevels, claimLevels, valueArraySize)(
         proofType <== proofType,
         requestID <== requestID,
         userGenesisID <== userGenesisID,
@@ -230,6 +234,7 @@ template credentialAtomicQueryV3OnChain(issuerLevels, claimLevels, valueArraySiz
         issuerAuthClaimsTreeRoot <== issuerAuthClaimsTreeRoot,
         issuerAuthRevTreeRoot <== issuerAuthRevTreeRoot,
         issuerAuthRootsTreeRoot <== issuerAuthRootsTreeRoot,
+        issuerAuthState <== issuerAuthState,
         issuerAuthClaimNonRevMtp <== issuerAuthClaimNonRevMtp,
         issuerAuthClaimNonRevMtpNoAux <== issuerAuthClaimNonRevMtpNoAux,
         issuerAuthClaimNonRevMtpAuxHi <== issuerAuthClaimNonRevMtpAuxHi,

testvectorgen/credentials/onchain/v3/testdata/mtp/between_operator.json

@@ -1 +1 @@
-{"desc":"Between operator","inputs":{"requestID":"41","userGenesisID":"23148936466334350744548790012294489365207440754509988986684797708370051073","profileNonce":"0","claimSubjectProfileNonce":"0","authClaim":["80551937543569765027552589160822318028","0","4720763745722683616702324599137259461509439547324750011830105416383780791263","4844030361230692908091131578688419341633213823133966379083981236400104720538","16547485850637761685","0","0","0"],"authClaimIncMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"authClaimNonRevMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"authClaimNonRevMtpAuxHi":"0","authClaimNonRevMtpAuxHv":"0","authClaimNonRevMtpNoAux":"1","challenge":"12345","challengeSignatureR8x":"15829360093371098546177008474519342171461782120259125067189481965541223738777","challengeSignatureR8y":"10840522802382821290541462398953040493080116495308402635486440290351677745960","challengeSignatureS":"1196477404779941775725836688033485533497812196897664950083199167075327114562","userClaimsTreeRoot":"8162166103065016664685834856644195001371303013149727027131225893397958846382","userRevTreeRoot":"0","userRootsTreeRoot":"0","userState":"8039964009611210398788855768060749920589777058607598891238307089541758339342","gistRoot":"1243904711429961858774220647610724273798918457991486031567244100767259239747","gistMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"gistMtpAuxHi":"1","gistMtpAuxHv":"1","gistMtpNoAux":"0","issuerID":"21933750065545691586450392143787330185992517860945727248803138245838110721","issuerClaim":["3583233690122716044519380227940806650830","23148936466334350744548790012294489365207440754509988986684797708370051073","10","0","30803922965249841627828060161","0","0","0"],"issuerClaimMtp":["0","0","0","20643387758736831799596675626240785455902781070167728593409367019626753600795","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"issuerClaimClaimsTreeRoot":"5181482836916141156416342038332162656372113141706502558354777241159764399436","issuerClaimRevTreeRoot":"0","issuerClaimRootsTreeRoot":"0","issuerClaimIdenState":"3339503409184382089877035147936476106276990951173542963633720034821185132093","isRevocationChecked":1,"issuerClaimNonRevClaimsTreeRoot":"5181482836916141156416342038332162656372113141706502558354777241159764399436","issuerClaimNonRevRevTreeRoot":"0","issuerClaimNonRevRootsTreeRoot":"0","issuerClaimNonRevState":"3339503409184382089877035147936476106276990951173542963633720034821185132093","issuerClaimNonRevMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"issuerClaimNonRevMtpAuxHi":"0","issuerClaimNonRevMtpAuxHv":"0","issuerClaimNonRevMtpNoAux":"1","claimSchema":"180410020913331409885634153623124536270","claimPathNotExists":"0","claimPathMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"claimPathMtpNoAux":"0","claimPathMtpAuxHi":"0","claimPathMtpAuxHv":"0","claimPathKey":"0","claimPathValue":"0","operator":9,"slotIndex":2,"timestamp":"1642074362","value":["8","10","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"issuerClaimSignatureR8x":"0","issuerClaimSignatureR8y":"0","issuerClaimSignatureS":"0","issuerAuthClaim":["0","0","0","0","0","0","0","0"],"issuerAuthClaimMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"issuerAuthClaimNonRevMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"issuerAuthClaimNonRevMtpAuxHi":"0","issuerAuthClaimNonRevMtpAuxHv":"0","issuerAuthClaimNonRevMtpNoAux":"0","issuerAuthClaimsTreeRoot":"0","issuerAuthRevTreeRoot":"0","issuerAuthRootsTreeRoot":"0","proofType":"1","linkNonce":"0","verifierID":"21929109382993718606847853573861987353620810345503358891473103689157378049"},"expOut":{"proofType":"1","merklized":"0","userID":"23148936466334350744548790012294489365207440754509988986684797708370051073","circuitQueryHash":"1200197573263720781403876012067624377690459697223785410935360278236612478754","requestID":"41","issuerID":"21933750065545691586450392143787330185992517860945727248803138245838110721","issuerClaimNonRevState":"3339503409184382089877035147936476106276990951173542963633720034821185132093","timestamp":"1642074362","isRevocationChecked":"1","challenge":"12345","gistRoot":"1243904711429961858774220647610724273798918457991486031567244100767259239747","issuerClaimIdenState":"3339503409184382089877035147936476106276990951173542963633720034821185132093","issuerAuthState":"0","linkID":"0","verifierID":"21929109382993718606847853573861987353620810345503358891473103689157378049","operatorOutput":"0"}}
+{"desc":"Between operator","inputs":{"requestID":"41","userGenesisID":"23148936466334350744548790012294489365207440754509988986684797708370051073","profileNonce":"0","claimSubjectProfileNonce":"0","authClaim":["80551937543569765027552589160822318028","0","4720763745722683616702324599137259461509439547324750011830105416383780791263","4844030361230692908091131578688419341633213823133966379083981236400104720538","16547485850637761685","0","0","0"],"authClaimIncMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"authClaimNonRevMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"authClaimNonRevMtpAuxHi":"0","authClaimNonRevMtpAuxHv":"0","authClaimNonRevMtpNoAux":"1","challenge":"12345","challengeSignatureR8x":"15829360093371098546177008474519342171461782120259125067189481965541223738777","challengeSignatureR8y":"10840522802382821290541462398953040493080116495308402635486440290351677745960","challengeSignatureS":"1196477404779941775725836688033485533497812196897664950083199167075327114562","userClaimsTreeRoot":"8162166103065016664685834856644195001371303013149727027131225893397958846382","userRevTreeRoot":"0","userRootsTreeRoot":"0","userState":"8039964009611210398788855768060749920589777058607598891238307089541758339342","gistRoot":"1243904711429961858774220647610724273798918457991486031567244100767259239747","gistMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"gistMtpAuxHi":"1","gistMtpAuxHv":"1","gistMtpNoAux":"0","issuerID":"21933750065545691586450392143787330185992517860945727248803138245838110721","issuerClaim":["3583233690122716044519380227940806650830","23148936466334350744548790012294489365207440754509988986684797708370051073","10","0","30803922965249841627828060161","0","0","0"],"issuerClaimMtp":["0","0","0","20643387758736831799596675626240785455902781070167728593409367019626753600795","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"issuerClaimClaimsTreeRoot":"5181482836916141156416342038332162656372113141706502558354777241159764399436","issuerClaimRevTreeRoot":"0","issuerClaimRootsTreeRoot":"0","issuerClaimIdenState":"3339503409184382089877035147936476106276990951173542963633720034821185132093","isRevocationChecked":1,"issuerClaimNonRevClaimsTreeRoot":"5181482836916141156416342038332162656372113141706502558354777241159764399436","issuerClaimNonRevRevTreeRoot":"0","issuerClaimNonRevRootsTreeRoot":"0","issuerClaimNonRevState":"3339503409184382089877035147936476106276990951173542963633720034821185132093","issuerClaimNonRevMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"issuerClaimNonRevMtpAuxHi":"0","issuerClaimNonRevMtpAuxHv":"0","issuerClaimNonRevMtpNoAux":"1","claimSchema":"180410020913331409885634153623124536270","claimPathNotExists":"0","claimPathMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"claimPathMtpNoAux":"0","claimPathMtpAuxHi":"0","claimPathMtpAuxHv":"0","claimPathKey":"0","claimPathValue":"0","operator":9,"slotIndex":2,"timestamp":"1642074362","value":["8","10","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"issuerClaimSignatureR8x":"0","issuerClaimSignatureR8y":"0","issuerClaimSignatureS":"0","issuerAuthClaim":["0","0","0","0","0","0","0","0"],"issuerAuthClaimMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"issuerAuthClaimNonRevMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"issuerAuthClaimNonRevMtpAuxHi":"0","issuerAuthClaimNonRevMtpAuxHv":"0","issuerAuthClaimNonRevMtpNoAux":"0","issuerAuthClaimsTreeRoot":"0","issuerAuthRevTreeRoot":"0","issuerAuthRootsTreeRoot":"0","issuerAuthState":"0","proofType":"1","linkNonce":"0","verifierID":"21929109382993718606847853573861987353620810345503358891473103689157378049"},"expOut":{"requestID":"41","userID":"23148936466334350744548790012294489365207440754509988986684797708370051073","issuerID":"21933750065545691586450392143787330185992517860945727248803138245838110721","issuerClaimNonRevState":"3339503409184382089877035147936476106276990951173542963633720034821185132093","circuitQueryHash":"1200197573263720781403876012067624377690459697223785410935360278236612478754","gistRoot":"1243904711429961858774220647610724273798918457991486031567244100767259239747","timestamp":"1642074362","merklized":"0","proofType":"1","isRevocationChecked":"1","challenge":"12345","issuerState":"3339503409184382089877035147936476106276990951173542963633720034821185132093","linkID":"0","verifierID":"21929109382993718606847853573861987353620810345503358891473103689157378049","operatorOutput":"0"}}