feat: proof of reserve p2pkh (#52)

* .

* .

* calc merkle root

* check p2pkh utxo spending and acumulate amount

* build node from leafs and final root

* .

* improve code

* .

* prove 1 chunk

* fmt

* update noir version (to fix bug with ecdsa verify)

* prove many chunks async

* fix calc merkle root

* fix

* generate constants in nr files

* use UTXO indexer as circuits inputs

* .

* shortened "get utxos" functions

* add signing message cli

Author: DmitriiKJ

circuits/Nargo.toml

@@ -17,4 +17,6 @@ members = [
     "app/p2sh_p2wsh",
     "app/blocks_recursive/recursive_base",
     "app/blocks_recursive/recursive",
+    "app/proof_of_reserve/coins",
+    "app/proof_of_reserve/utxos_tree",
 ]

circuits/app/proof_of_reserve/coins/Nargo.toml

@@ -0,0 +1,9 @@
+[package]
+name = "coins"
+type = "bin"
+
+[dependencies]
+sha256 = { tag = "v0.2.1", git = "https://github.com/noir-lang/sha256" }
+ripemd160 = { tag = "v0.0.4", git = "https://github.com/distributed-lab/noir-ripemd160" }
+utils = { path = "../../../crates/utils" }
+crypto = { path = "../../../crates/crypto" }

circuits/app/proof_of_reserve/coins/provers/Prover1.toml

@@ -0,0 +1,66 @@
+const_message_hash = [49, 95, 91, 219, 118, 208, 120, 196, 59, 138, 192, 6, 78, 74, 1, 100, 97, 43, 31, 206, 119, 200, 105, 52, 91, 252, 148, 199, 88, 148, 237, 211]
+finalize_mr = false
+
+[[coins_database]]
+script_pub_key = [118, 169, 20, 121, 176, 0, 136, 118, 38, 178, 148, 169, 20, 80, 26, 76, 210, 38, 181, 139, 35, 89, 131, 136, 172]
+amount = 9958792
+
+[[coins_database]]
+script_pub_key = [118, 169, 20, 121, 176, 0, 136, 118, 38, 178, 148, 169, 20, 80, 26, 76, 210, 38, 181, 139, 35, 89, 131, 136, 172]
+amount = 7890518
+
+[[coins_database]]
+script_pub_key = [118, 169, 20, 121, 176, 0, 136, 118, 38, 178, 148, 169, 20, 80, 26, 76, 210, 38, 181, 139, 35, 89, 131, 136, 172]
+amount = 1713909
+
+[[coins_database]]
+script_pub_key = [118, 169, 20, 121, 176, 0, 136, 118, 38, 178, 148, 169, 20, 80, 26, 76, 210, 38, 181, 139, 35, 89, 131, 136, 172]
+amount = 3185577
+
+[[coins_database]]
+script_pub_key = [118, 169, 20, 121, 176, 0, 136, 118, 38, 178, 148, 169, 20, 80, 26, 76, 210, 38, 181, 139, 35, 89, 131, 136, 172]
+amount = 8493002
+
+[[coins_database]]
+script_pub_key = [118, 169, 20, 121, 176, 0, 136, 118, 38, 178, 148, 169, 20, 80, 26, 76, 210, 38, 181, 139, 35, 89, 131, 136, 172]
+amount = 979956
+
+[[coins_database]]
+script_pub_key = [118, 169, 20, 121, 176, 0, 136, 118, 38, 178, 148, 169, 20, 80, 26, 76, 210, 38, 181, 139, 35, 89, 131, 136, 172]
+amount = 372481
+
+[[coins_database]]
+script_pub_key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+amount = 0
+
+[[own_utxos]]
+witness = [48, 69, 2, 33, 0, 176, 13, 195, 19, 255, 73, 45, 45, 108, 64, 66, 69, 250, 68, 134, 160, 179, 250, 237, 127, 30, 197, 101, 2, 107, 209, 142, 13, 184, 235, 138, 56, 2, 32, 120, 103, 36, 158, 33, 198, 151, 26, 30, 56, 250, 37, 73, 202, 33, 166, 26, 253, 114, 192, 163, 252, 223, 56, 48, 150, 15, 48, 27, 224, 6, 63, 0]
+pub_key = [3, 27, 132, 197, 86, 123, 18, 100, 64, 153, 93, 62, 213, 170, 186, 5, 101, 215, 30, 24, 52, 96, 72, 25, 255, 156, 23, 245, 233, 213, 221, 7, 143, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+
+[[own_utxos]]
+witness = [48, 69, 2, 33, 0, 176, 13, 195, 19, 255, 73, 45, 45, 108, 64, 66, 69, 250, 68, 134, 160, 179, 250, 237, 127, 30, 197, 101, 2, 107, 209, 142, 13, 184, 235, 138, 56, 2, 32, 120, 103, 36, 158, 33, 198, 151, 26, 30, 56, 250, 37, 73, 202, 33, 166, 26, 253, 114, 192, 163, 252, 223, 56, 48, 150, 15, 48, 27, 224, 6, 63, 0]
+pub_key = [3, 27, 132, 197, 86, 123, 18, 100, 64, 153, 93, 62, 213, 170, 186, 5, 101, 215, 30, 24, 52, 96, 72, 25, 255, 156, 23, 245, 233, 213, 221, 7, 143, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+
+[[own_utxos]]
+witness = [48, 69, 2, 33, 0, 176, 13, 195, 19, 255, 73, 45, 45, 108, 64, 66, 69, 250, 68, 134, 160, 179, 250, 237, 127, 30, 197, 101, 2, 107, 209, 142, 13, 184, 235, 138, 56, 2, 32, 120, 103, 36, 158, 33, 198, 151, 26, 30, 56, 250, 37, 73, 202, 33, 166, 26, 253, 114, 192, 163, 252, 223, 56, 48, 150, 15, 48, 27, 224, 6, 63, 0]
+pub_key = [3, 27, 132, 197, 86, 123, 18, 100, 64, 153, 93, 62, 213, 170, 186, 5, 101, 215, 30, 24, 52, 96, 72, 25, 255, 156, 23, 245, 233, 213, 221, 7, 143, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+
+[[own_utxos]]
+witness = [48, 69, 2, 33, 0, 176, 13, 195, 19, 255, 73, 45, 45, 108, 64, 66, 69, 250, 68, 134, 160, 179, 250, 237, 127, 30, 197, 101, 2, 107, 209, 142, 13, 184, 235, 138, 56, 2, 32, 120, 103, 36, 158, 33, 198, 151, 26, 30, 56, 250, 37, 73, 202, 33, 166, 26, 253, 114, 192, 163, 252, 223, 56, 48, 150, 15, 48, 27, 224, 6, 63, 0]
+pub_key = [3, 27, 132, 197, 86, 123, 18, 100, 64, 153, 93, 62, 213, 170, 186, 5, 101, 215, 30, 24, 52, 96, 72, 25, 255, 156, 23, 245, 233, 213, 221, 7, 143, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+
+[[own_utxos]]
+witness = [48, 69, 2, 33, 0, 176, 13, 195, 19, 255, 73, 45, 45, 108, 64, 66, 69, 250, 68, 134, 160, 179, 250, 237, 127, 30, 197, 101, 2, 107, 209, 142, 13, 184, 235, 138, 56, 2, 32, 120, 103, 36, 158, 33, 198, 151, 26, 30, 56, 250, 37, 73, 202, 33, 166, 26, 253, 114, 192, 163, 252, 223, 56, 48, 150, 15, 48, 27, 224, 6, 63, 0]
+pub_key = [3, 27, 132, 197, 86, 123, 18, 100, 64, 153, 93, 62, 213, 170, 186, 5, 101, 215, 30, 24, 52, 96, 72, 25, 255, 156, 23, 245, 233, 213, 221, 7, 143, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+
+[[own_utxos]]
+witness = [48, 69, 2, 33, 0, 176, 13, 195, 19, 255, 73, 45, 45, 108, 64, 66, 69, 250, 68, 134, 160, 179, 250, 237, 127, 30, 197, 101, 2, 107, 209, 142, 13, 184, 235, 138, 56, 2, 32, 120, 103, 36, 158, 33, 198, 151, 26, 30, 56, 250, 37, 73, 202, 33, 166, 26, 253, 114, 192, 163, 252, 223, 56, 48, 150, 15, 48, 27, 224, 6, 63, 0]
+pub_key = [3, 27, 132, 197, 86, 123, 18, 100, 64, 153, 93, 62, 213, 170, 186, 5, 101, 215, 30, 24, 52, 96, 72, 25, 255, 156, 23, 245, 233, 213, 221, 7, 143, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+
+[[own_utxos]]
+witness = [48, 69, 2, 33, 0, 176, 13, 195, 19, 255, 73, 45, 45, 108, 64, 66, 69, 250, 68, 134, 160, 179, 250, 237, 127, 30, 197, 101, 2, 107, 209, 142, 13, 184, 235, 138, 56, 2, 32, 120, 103, 36, 158, 33, 198, 151, 26, 30, 56, 250, 37, 73, 202, 33, 166, 26, 253, 114, 192, 163, 252, 223, 56, 48, 150, 15, 48, 27, 224, 6, 63, 0]
+pub_key = [3, 27, 132, 197, 86, 123, 18, 100, 64, 153, 93, 62, 213, 170, 186, 5, 101, 215, 30, 24, 52, 96, 72, 25, 255, 156, 23, 245, 233, 213, 221, 7, 143, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+
+[[own_utxos]]
+witness = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+pub_key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

circuits/app/proof_of_reserve/coins/provers/Prover2.toml

@@ -0,0 +1,34 @@
+const_message_hash = [49, 95, 91, 219, 118, 208, 120, 196, 59, 138, 192, 6, 78, 74, 1, 100, 97, 43, 31, 206, 119, 200, 105, 52, 91, 252, 148, 199, 88, 148, 237, 211]
+finalize_mr = true
+
+[[coins_database]]
+script_pub_key = [118, 169, 20, 121, 176, 0, 136, 118, 38, 178, 148, 169, 20, 80, 26, 76, 210, 38, 181, 139, 35, 89, 131, 136, 172]
+amount = 622954
+
+[[coins_database]]
+script_pub_key = [118, 169, 20, 121, 176, 0, 136, 118, 38, 178, 148, 169, 20, 80, 26, 76, 210, 38, 181, 139, 35, 89, 131, 136, 172]
+amount = 2383456
+
+[[coins_database]]
+script_pub_key = [118, 169, 20, 121, 176, 0, 136, 118, 38, 178, 148, 169, 20, 80, 26, 76, 210, 38, 181, 139, 35, 89, 131, 136, 172]
+amount = 2875827
+
+[[coins_database]]
+script_pub_key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+amount = 0
+
+[[own_utxos]]
+witness = [48, 69, 2, 33, 0, 176, 13, 195, 19, 255, 73, 45, 45, 108, 64, 66, 69, 250, 68, 134, 160, 179, 250, 237, 127, 30, 197, 101, 2, 107, 209, 142, 13, 184, 235, 138, 56, 2, 32, 120, 103, 36, 158, 33, 198, 151, 26, 30, 56, 250, 37, 73, 202, 33, 166, 26, 253, 114, 192, 163, 252, 223, 56, 48, 150, 15, 48, 27, 224, 6, 63, 0]
+pub_key = [3, 27, 132, 197, 86, 123, 18, 100, 64, 153, 93, 62, 213, 170, 186, 5, 101, 215, 30, 24, 52, 96, 72, 25, 255, 156, 23, 245, 233, 213, 221, 7, 143, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+
+[[own_utxos]]
+witness = [48, 69, 2, 33, 0, 176, 13, 195, 19, 255, 73, 45, 45, 108, 64, 66, 69, 250, 68, 134, 160, 179, 250, 237, 127, 30, 197, 101, 2, 107, 209, 142, 13, 184, 235, 138, 56, 2, 32, 120, 103, 36, 158, 33, 198, 151, 26, 30, 56, 250, 37, 73, 202, 33, 166, 26, 253, 114, 192, 163, 252, 223, 56, 48, 150, 15, 48, 27, 224, 6, 63, 0]
+pub_key = [3, 27, 132, 197, 86, 123, 18, 100, 64, 153, 93, 62, 213, 170, 186, 5, 101, 215, 30, 24, 52, 96, 72, 25, 255, 156, 23, 245, 233, 213, 221, 7, 143, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+
+[[own_utxos]]
+witness = [48, 69, 2, 33, 0, 176, 13, 195, 19, 255, 73, 45, 45, 108, 64, 66, 69, 250, 68, 134, 160, 179, 250, 237, 127, 30, 197, 101, 2, 107, 209, 142, 13, 184, 235, 138, 56, 2, 32, 120, 103, 36, 158, 33, 198, 151, 26, 30, 56, 250, 37, 73, 202, 33, 166, 26, 253, 114, 192, 163, 252, 223, 56, 48, 150, 15, 48, 27, 224, 6, 63, 0]
+pub_key = [3, 27, 132, 197, 86, 123, 18, 100, 64, 153, 93, 62, 213, 170, 186, 5, 101, 215, 30, 24, 52, 96, 72, 25, 255, 156, 23, 245, 233, 213, 221, 7, 143, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+
+[[own_utxos]]
+witness = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+pub_key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

circuits/app/proof_of_reserve/coins/src/constants.nr

@@ -0,0 +1,5 @@
+pub global MAX_COINS_DATABASE_AMOUNT: u32 = 8;
+pub global MAX_MERKLE_TREE_LEVELS: u32 = 4;
+
+pub global SHA256_HASH_SIZE: u32 = 32;
+pub global RIPEMD160_HASH_SIZE: u32 = 20;

circuits/app/proof_of_reserve/coins/src/main.nr

@@ -0,0 +1,92 @@
+// First proof
+// Checks if user own corresponding utxos and accumulate amount
+
+mod constants;
+
+use constants::{
+    MAX_COINS_DATABASE_AMOUNT, MAX_MERKLE_TREE_LEVELS, RIPEMD160_HASH_SIZE, SHA256_HASH_SIZE,
+};
+use crypto::ecdsa::{
+    ecdsa_verify, get_rs_from_signature, get_xy_from_compressed_pubkey,
+    get_xy_from_uncompressed_pubkey,
+};
+use utils::merkle_root::merkle_root;
+
+// p2pkh
+struct CoinsDatabaseElement {
+    script_pub_key: [u8; 25],
+    amount: u64,
+}
+
+struct Spending {
+    witness: [u8; 72],
+    pub_key: [u8; 65],
+}
+
+fn main(
+    const_message_hash: pub [u8; SHA256_HASH_SIZE],
+    coins_database: [CoinsDatabaseElement; MAX_COINS_DATABASE_AMOUNT],
+    own_utxos: [Spending; MAX_COINS_DATABASE_AMOUNT],
+    finalize_mr: bool,
+) -> pub ([u8; SHA256_HASH_SIZE], u64) {
+    let mut owned_amount = 0;
+    let mut coins_hashes = [[0; SHA256_HASH_SIZE]; MAX_COINS_DATABASE_AMOUNT];
+
+    for i in 0..MAX_COINS_DATABASE_AMOUNT {
+        if !own_utxos[i].witness.all(|e| e == 0) {
+            let signature = get_rs_from_signature(own_utxos[i].witness);
+            let mut key_hash = [0; RIPEMD160_HASH_SIZE];
+
+            let (x, y) = if own_utxos[i].pub_key[0] == 4 {
+                key_hash = ripemd160::ripemd160(sha256::digest(own_utxos[i].pub_key));
+                get_xy_from_uncompressed_pubkey(own_utxos[i].pub_key)
+            } else {
+                let mut c_key = [0; 33];
+                for j in 0..33 {
+                    c_key[j] = own_utxos[i].pub_key[j]
+                }
+
+                key_hash = ripemd160::ripemd160(sha256::digest(c_key));
+                get_xy_from_compressed_pubkey(c_key)
+            };
+
+            let mut hash_in_spk = [0; RIPEMD160_HASH_SIZE];
+            for j in 0..RIPEMD160_HASH_SIZE {
+                hash_in_spk[j] = coins_database[i].script_pub_key[j + 3];
+            }
+
+            assert(
+                key_hash == hash_in_spk,
+                "The specified public key does not match the key in the script_pub_key",
+            );
+
+            if ecdsa_verify(x, y, signature, const_message_hash) {
+                owned_amount += coins_database[i].amount;
+            } else {
+                assert(false, f"ECDSA signature check failed on utxo with index {i}");
+            }
+        }
+
+        let mut utx_bytes = [0; 33];
+
+        let amount_bytes = Field::to_le_bytes::<8>(coins_database[i].amount as Field);
+        for j in 0..8 {
+            utx_bytes[j] = amount_bytes[j];
+        }
+
+        for j in 0..25 {
+            utx_bytes[j + 8] = coins_database[i].script_pub_key[j];
+        }
+
+        coins_hashes[i] = if coins_database[i].amount != 0 {
+            sha256::digest(utx_bytes)
+        } else {
+            [0; SHA256_HASH_SIZE]
+        };
+    }
+
+    (
+        merkle_root::<MAX_COINS_DATABASE_AMOUNT, MAX_MERKLE_TREE_LEVELS>(coins_hashes, finalize_mr),
+        owned_amount,
+    )
+}

circuits/app/proof_of_reserve/utxos_tree/Nargo.toml

@@ -0,0 +1,7 @@
+[package]
+name = "utxos_tree"
+type = "bin"
+
+[dependencies]
+utils = { path = "../../../crates/utils" }
+bb_proof_verification = { git = "https://github.com/AztecProtocol/aztec-packages/", tag = "v3.0.0-nightly.20251104", directory = "barretenberg/noir/bb_proof_verification" }