optimized verifier update (#130)

* added optimized verifier contract * updated optimized verifier test * updated verifier contract to use depth 30 and batch size 100 * updated ITreeVerifier interface * fixed compliation errors resulting from verifier interface change * update test params and add docs tests still break * update verifiers test fail * fix incorrect import of insertion verifier for tests * fix registration/deletion tests * delete all update logic and unused functions in V1 * remove invalid commitment test we no longer need it because we make sure the commitments are valid off-chain within the circuit * remove unreduced element test we no longer need it because we make sure elements are reduced off-chain within the circuit * fix tests optimized verifier test still broken * new optimized verifier test still broken * fix interface errors proof invalid error * fix optimized semaphore verifier test * add natspec explainer * remove unused old enums, events and errors * Revert "remove unused old enums, events and errors" This reverts commit 4ea1185. * add dev comments --------- Co-authored-by: 0xKitsune <[email protected]>
worldcoin · Sep 27, 2023 · 65105be · 65105be
1 parent 2c32398
commit 65105be
Show file tree

Hide file tree

Showing 30 changed files with 2,730 additions and 1,588 deletions.
diff --git a/src/DeletionTreeVerifier.sol b/src/DeletionTreeVerifier.sol
diff --git a/src/InsertionTreeVerifier.sol b/src/InsertionTreeVerifier.sol
diff --git a/src/SemaphoreVerifier.sol b/src/SemaphoreVerifier.sol
diff --git a/src/WorldIDIdentityManagerImplV1.sol b/src/WorldIDIdentityManagerImplV1.sol
diff --git a/src/WorldIDIdentityManagerImplV2.sol b/src/WorldIDIdentityManagerImplV2.sol
@@ -51,6 +51,7 @@ contract WorldIDIdentityManagerImplV2 is WorldIDIdentityManagerImplV1 {
     VerifierLookupTable internal batchDeletionVerifiers;
 
     /// @notice Initializes the V2 implementation contract.
+    /// @param _batchUpdateVerifiers The table of verifiers for verifying batch identity deletions.
     /// @dev Must be called exactly once
     /// @dev This is marked `reinitializer()` to allow for updated initialisation steps when working
     ///      with upgrades based upon this contract. Be aware that there are only 256 (zero-indexed)
@@ -86,17 +87,11 @@ contract WorldIDIdentityManagerImplV2 is WorldIDIdentityManagerImplV1 {
     ///        described by `preRoot`. Must be an element of the field `Kr`.
     ///
     /// @custom:reverts Unauthorized If the message sender is not authorised to add identities.
-    /// @custom:reverts InvalidCommitment If one or more of the provided commitments is invalid.
     /// @custom:reverts NotLatestRoot If the provided `preRoot` is not the latest root.
     /// @custom:reverts ProofValidationFailure If `deletionProof` cannot be verified using the
     ///                 provided inputs.
-    /// @custom:reverts UnreducedElement If any of the `preRoot`, `postRoot` and
-    ///                 `identityCommitments` is not an element of the field `Kr`. It describes the
-    ///                 type and value of the unreduced element.
     /// @custom:reverts VerifierLookupTable.NoSuchVerifier If the batch sizes doesn't match a known
     ///                 verifier.
-    /// @custom:reverts VerifierLookupTable.BatchTooLarge If the batch size exceeds the maximum
-    ///                 batch size.
     function deleteIdentities(
         uint256[8] calldata deletionProof,
         uint32 batchSize,
@@ -114,24 +109,14 @@ contract WorldIDIdentityManagerImplV2 is WorldIDIdentityManagerImplV1 {
 
         // No matter what, the inputs can result in a hash that is not an element of the scalar
         // field in which we're operating. We reduce it into the field before handing it to the
-        // verifier. All other elements are reduced in the circuit.
+        // verifier. All other elements that are passed as calldata are reduced in the circuit.
         uint256 reducedElement = uint256(inputHash) % SNARK_SCALAR_FIELD;
 
         // We need to look up the correct verifier before we can verify.
         ITreeVerifier deletionVerifier = batchDeletionVerifiers.getVerifierFor(batchSize);
 
         // With that, we can properly try and verify.
-        try deletionVerifier.verifyProof(
-            [deletionProof[0], deletionProof[1]],
-            [[deletionProof[2], deletionProof[3]], [deletionProof[4], deletionProof[5]]],
-            [deletionProof[6], deletionProof[7]],
-            [reducedElement]
-        ) returns (bool verifierResult) {
-            // If the proof did not verify, we revert with a failure.
-            if (!verifierResult) {
-                revert ProofValidationFailure();
-            }
-
+        try deletionVerifier.verifyProof(deletionProof, [reducedElement]) {
             // If it did verify, we need to update the contract's state. We set the currently valid
             // root to the root after the insertions.
             _latestRoot = postRoot;

diff --git a/src/interfaces/ISemaphoreVerifier.sol b/src/interfaces/ISemaphoreVerifier.sol
@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.21;
+
+/// @title Tree Verifier Interface
+/// @author Worldcoin
+/// @notice An interface representing a merkle tree verifier.
+interface ISemaphoreVerifier {
+    /// @notice Verify an uncompressed Groth16 proof.
+    /// @notice Reverts with InvalidProof if the proof is invalid or
+    /// with PublicInputNotInField the public input is not reduced.
+    /// @notice There is no return value. If the function does not revert, the
+    /// proof was succesfully verified.
+    /// @param proof the points (A, B, C) in EIP-197 format matching the output
+    /// of compressProof.
+    /// @param input the public input field elements in the scalar field Fr.
+    /// Elements must be reduced.
+    function verifyProof(uint256[8] calldata proof, uint256[4] calldata input) external view;
+}
diff --git a/src/interfaces/ITreeVerifier.sol b/src/interfaces/ITreeVerifier.sol
@@ -5,22 +5,14 @@ pragma solidity ^0.8.21;
 /// @author Worldcoin
 /// @notice An interface representing a merkle tree verifier.
 interface ITreeVerifier {
-    /// @notice Verifies the provided proof data for the provided public inputs.
-    /// @dev It is highly recommended that the implementation is restricted to `view` if possible.
-    ///
-    /// @param a The first G1Point of the proof (ar).
-    /// @param b The G2Point for the proof (bs).
-    /// @param c The second G1Point of the proof (kr).
-    /// @param input The public inputs to the function, reduced such that it is a member of the
-    ///              field `Fr` where `r` is `SNARK_SCALAR_FIELD`.
-    ///
-    /// @return result True if the proof verifies successfully, false otherwise.
-    /// @custom:reverts string If the proof elements are not < `PRIME_Q` or if the `input` is not
-    ///                 less than `SNARK_SCALAR_FIELD`.
-    function verifyProof(
-        uint256[2] memory a,
-        uint256[2][2] memory b,
-        uint256[2] memory c,
-        uint256[1] memory input
-    ) external returns (bool result);
+    /// @notice Verify an uncompressed Groth16 proof.
+    /// @notice Reverts with InvalidProof if the proof is invalid or
+    /// with PublicInputNotInField the public input is not reduced.
+    /// @notice There is no return value. If the function does not revert, the
+    /// proof was succesfully verified.
+    /// @param proof the points (A, B, C) in EIP-197 format matching the output
+    /// of compressProof.
+    /// @param input the public input field elements in the scalar field Fr.
+    /// Elements must be reduced.
+    function verifyProof(uint256[8] calldata proof, uint256[1] calldata input) external;
 }