1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
k = 11;
field = "pallas";

constant "VoteMain" {
    EcFixedPointBase NULLIFIER_K,
    EcFixedPointBase VALUE_COMMIT_RANDOM_BASE,
    EcFixedPointShort VALUE_COMMIT_VALUE,
}

witness "VoteMain" {
    # Proposal parameters
    Base proposal_auth_calls_commit,
    Base proposal_creation_blockwindow,
    Base proposal_duration_blockwindows,
    Base proposal_user_data,
    Base proposal_blind,

    # DAO parameters
    Base dao_proposer_limit,
    Base dao_quorum,
    Base dao_early_exec_quorum,
    Base dao_approval_ratio_quot,
    Base dao_approval_ratio_base,
    Base dao_gov_token_id,
    Base dao_notes_public_x,
    Base dao_notes_public_y,
    Base dao_proposer_public_x,
    Base dao_proposer_public_y,
    Base dao_proposals_public_x,
    Base dao_proposals_public_y,
    EcNiPoint dao_votes_public_key,
    Base dao_exec_public_x,
    Base dao_exec_public_y,
    Base dao_early_exec_public_x,
    Base dao_early_exec_public_y,
    Base dao_bulla_blind,

    # Is the vote yes or no
    Base vote_option,
    Base yes_vote_blind,

    # Total amount of capital allocated to vote
    Base all_vote_value,
    Base all_vote_blind,

    # Check the inputs and this proof are for the same token
    Base gov_token_blind,

    # Check whether the proposal has expired or not
    Base current_blockwindow,

    Base ephem_secret,
}

circuit "VoteMain" {
    token_commit = poseidon_hash(dao_gov_token_id, gov_token_blind);
    constrain_instance(token_commit);

    # Cast to EcPoint
    # (otherwise zkas refuses to compile)
    ONE = witness_base(1);
    dao_votes_pubkey = ec_mul_var_base(ONE, dao_votes_public_key);
    dao_votes_public_x = ec_get_x(dao_votes_pubkey);
    dao_votes_public_y = ec_get_y(dao_votes_pubkey);

    dao_bulla = poseidon_hash(
        dao_proposer_limit,
        dao_quorum,
        dao_early_exec_quorum,
        dao_approval_ratio_quot,
        dao_approval_ratio_base,
        dao_gov_token_id,
        dao_notes_public_x,
        dao_notes_public_y,
        dao_proposer_public_x,
        dao_proposer_public_y,
        dao_proposals_public_x,
        dao_proposals_public_y,
        dao_votes_public_x,
        dao_votes_public_y,
        dao_exec_public_x,
        dao_exec_public_y,
        dao_early_exec_public_x,
        dao_early_exec_public_y,
        dao_bulla_blind,
    );

    proposal_bulla = poseidon_hash(
        proposal_auth_calls_commit,
        proposal_creation_blockwindow,
        proposal_duration_blockwindows,
        proposal_user_data,
        dao_bulla,
        proposal_blind,
    );
    constrain_instance(proposal_bulla);

    # Normally we call this yes vote
    # Pedersen commitment for vote option
    yes_vote_value = base_mul(vote_option, all_vote_value);
    yes_vote_value_c = ec_mul_short(yes_vote_value, VALUE_COMMIT_VALUE);
    yes_vote_blind_c = ec_mul_base(yes_vote_blind, VALUE_COMMIT_RANDOM_BASE);
    yes_vote_commit = ec_add(yes_vote_value_c, yes_vote_blind_c);
    constrain_instance(ec_get_x(yes_vote_commit));
    constrain_instance(ec_get_y(yes_vote_commit));

    # Pedersen commitment for vote value
    all_vote_c = ec_mul_short(all_vote_value, VALUE_COMMIT_VALUE);
    all_vote_blind_c = ec_mul_base(all_vote_blind, VALUE_COMMIT_RANDOM_BASE);
    all_vote_commit = ec_add(all_vote_c, all_vote_blind_c);
    constrain_instance(ec_get_x(all_vote_commit));
    constrain_instance(ec_get_y(all_vote_commit));

    # Vote option should be 0 or 1
    bool_check(vote_option);

    # Enforce that the proposal has not expired
    end_time = base_add(proposal_creation_blockwindow, proposal_duration_blockwindows);
    less_than_strict(current_blockwindow, end_time);
    constrain_instance(current_blockwindow);

    # Verifiable encryption
    ephem_public = ec_mul_base(ephem_secret, NULLIFIER_K);
    constrain_instance(ec_get_x(ephem_public));
    constrain_instance(ec_get_y(ephem_public));
    shared_point = ec_mul_var_base(ephem_secret, dao_votes_public_key);
    shared_secret = poseidon_hash(
        ec_get_x(shared_point),
        ec_get_y(shared_point),
    );
    const_1 = witness_base(1);
    const_2 = witness_base(2);
    const_3 = witness_base(3);
    const_4 = witness_base(4);
    # Vote option
    shared_secret_1 = poseidon_hash(shared_secret, const_1);
    enc_vote_option = base_add(vote_option, shared_secret_1);
    constrain_instance(enc_vote_option);
    # Yes vote blind
    shared_secret_2 = poseidon_hash(shared_secret, const_2);
    enc_yes_vote_blind = base_add(yes_vote_blind, shared_secret_2);
    constrain_instance(enc_yes_vote_blind);
    # All vote value
    shared_secret_3 = poseidon_hash(shared_secret, const_3);
    enc_all_vote_value = base_add(all_vote_value, shared_secret_3);
    constrain_instance(enc_all_vote_value);
    # All vote blind
    shared_secret_4 = poseidon_hash(shared_secret, const_4);
    enc_all_vote_blind = base_add(all_vote_blind, shared_secret_4);
    constrain_instance(enc_all_vote_blind);
}