Merge pull request #104 from hyperledger-labs/deposit-outputs

Increase the size of the deposit output for better tracking-resistance

solidity/contracts/lib/zeto_fungible.sol

@@ -45,15 +45,16 @@ abstract contract ZetoFungible is OwnableUpgradeable {
 
     function _deposit(
         uint256 amount,
-        uint256 utxo,
+        uint256[] memory outputs,
         Commonlib.Proof calldata proof
     ) public virtual {
         // verifies that the output UTXOs match the claimed value
         // to be deposited
         // construct the public inputs
-        uint256[2] memory publicInputs;
+        uint256[3] memory publicInputs;
         publicInputs[0] = amount;
-        publicInputs[1] = utxo;
+        publicInputs[1] = outputs[0];
+        publicInputs[2] = outputs[1];
 
         // Check the proof
         require(

solidity/contracts/zeto_anon.sol

@@ -170,14 +170,12 @@ contract Zeto_Anon is IZeto, ZetoBase, ZetoFungibleWithdraw, UUPSUpgradeable {
 
     function deposit(
         uint256 amount,
-        uint256 utxo,
+        uint256[] memory outputs,
         Commonlib.Proof calldata proof,
         bytes calldata data
     ) public {
-        _deposit(amount, utxo, proof);
-        uint256[] memory utxos = new uint256[](1);
-        utxos[0] = utxo;
-        _mint(utxos, data);
+        _deposit(amount, outputs, proof);
+        _mint(outputs, data);
     }
 
     function withdraw(

solidity/contracts/zeto_anon_enc.sol

@@ -208,14 +208,12 @@ contract Zeto_AnonEnc is
 
     function deposit(
         uint256 amount,
-        uint256 utxo,
+        uint256[] memory outputs,
         Commonlib.Proof calldata proof,
         bytes calldata data
     ) public {
-        _deposit(amount, utxo, proof);
-        uint256[] memory utxos = new uint256[](1);
-        utxos[0] = utxo;
-        _mint(utxos, data);
+        _deposit(amount, outputs, proof);
+        _mint(outputs, data);
     }
 
     function withdraw(

solidity/contracts/zeto_anon_enc_nullifier.sol

@@ -223,14 +223,12 @@ contract Zeto_AnonEncNullifier is
 
     function deposit(
         uint256 amount,
-        uint256 utxo,
+        uint256[] memory outputs,
         Commonlib.Proof calldata proof,
         bytes calldata data
     ) public {
-        _deposit(amount, utxo, proof);
-        uint256[] memory utxos = new uint256[](1);
-        utxos[0] = utxo;
-        _mint(utxos, data);
+        _deposit(amount, outputs, proof);
+        _mint(outputs, data);
     }
 
     function withdraw(

solidity/contracts/zeto_anon_enc_nullifier_kyc.sol

@@ -238,14 +238,12 @@ contract Zeto_AnonEncNullifierKyc is
     // Therefore, token circulation from & to parties that are not in the KYC list is prevented
     function deposit(
         uint256 amount,
-        uint256 utxo,
+        uint256[] memory outputs,
         Commonlib.Proof calldata proof,
         bytes calldata data
     ) public {
-        _deposit(amount, utxo, proof);
-        uint256[] memory utxos = new uint256[](1);
-        utxos[0] = utxo;
-        _mint(utxos, data);
+        _deposit(amount, outputs, proof);
+        _mint(outputs, data);
     }
 
     function withdraw(

solidity/contracts/zeto_anon_enc_nullifier_non_repudiation.sol

@@ -274,14 +274,12 @@ contract Zeto_AnonEncNullifierNonRepudiation is
 
     function deposit(
         uint256 amount,
-        uint256 utxo,
+        uint256[] memory outputs,
         Commonlib.Proof calldata proof,
         bytes calldata data
     ) public {
-        _deposit(amount, utxo, proof);
-        uint256[] memory utxos = new uint256[](1);
-        utxos[0] = utxo;
-        _mint(utxos, data);
+        _deposit(amount, outputs, proof);
+        _mint(outputs, data);
     }
 
     function withdraw(

solidity/contracts/zeto_anon_nullifier.sol

@@ -192,14 +192,12 @@ contract Zeto_AnonNullifier is
 
     function deposit(
         uint256 amount,
-        uint256 utxo,
+        uint256[] memory outputs,
         Commonlib.Proof calldata proof,
         bytes calldata data
     ) public {
-        _deposit(amount, utxo, proof);
-        uint256[] memory utxos = new uint256[](1);
-        utxos[0] = utxo;
-        _mint(utxos, data);
+        _deposit(amount, outputs, proof);
+        _mint(outputs, data);
     }
 
     function withdraw(

solidity/contracts/zeto_anon_nullifier_kyc.sol

@@ -202,14 +202,12 @@ contract Zeto_AnonNullifierKyc is
 
     function deposit(
         uint256 amount,
-        uint256 utxo,
+        uint256[] memory outputs,
         Commonlib.Proof calldata proof,
         bytes calldata data
     ) public {
-        _deposit(amount, utxo, proof);
-        uint256[] memory utxos = new uint256[](1);
-        utxos[0] = utxo;
-        _mint(utxos, data);
+        _deposit(amount, outputs, proof);
+        _mint(outputs, data);
     }
 
     function withdraw(

solidity/test/utils.ts

@@ -42,17 +42,27 @@ export function loadProvingKeys(type: string) {
   };
 }
 
-export async function prepareDepositProof(signer: User, output: UTXO) {
-  const outputCommitments: [BigNumberish] = [output.hash] as [BigNumberish];
-  const outputValues = [BigInt(output.value || 0n)];
-  const outputOwnerPublicKeys: [[BigNumberish, BigNumberish]] = [
-    signer.babyJubPublicKey,
-  ] as [[BigNumberish, BigNumberish]];
+export async function prepareDepositProof(signer: User, outputs: [UTXO, UTXO]) {
+  const outputCommitments: [BigNumberish, BigNumberish] = [
+    outputs[0].hash,
+    outputs[1].hash,
+  ] as [BigNumberish, BigNumberish];
+  const outputValues = [
+    BigInt(outputs[0].value || 0n),
+    BigInt(outputs[1].value || 0n),
+  ];
+  const outputOwnerPublicKeys: [
+    [BigNumberish, BigNumberish],
+    [BigNumberish, BigNumberish],
+  ] = [signer.babyJubPublicKey, signer.babyJubPublicKey] as [
+    [BigNumberish, BigNumberish],
+    [BigNumberish, BigNumberish],
+  ];
 
   const inputObj = {
     outputCommitments,
     outputValues,
-    outputSalts: [output.salt],
+    outputSalts: [outputs[0].salt, outputs[1].salt],
     outputOwnerPublicKeys,
   };
 

solidity/test/zeto_anon.ts

@@ -170,13 +170,14 @@ describe("Zeto based fungible token with anonymity without encryption or nullifi
     await tx1.wait();
 
     utxo100 = newUTXO(100, Alice);
+    const utxo0 = newUTXO(0, Alice);
     const { outputCommitments, encodedProof } = await prepareDepositProof(
       Alice,
-      utxo100,
+      [utxo100, utxo0],
     );
     const tx2 = await zeto
       .connect(Alice.signer)
-      .deposit(100, outputCommitments[0], encodedProof, "0x");
+      .deposit(100, outputCommitments, encodedProof, "0x");
     await tx2.wait();
   });
 

solidity/test/zeto_anon_enc.ts

@@ -191,13 +191,14 @@ describe("Zeto based fungible token with anonymity and encryption", function ()
     await tx1.wait();
 
     utxo100 = newUTXO(100, Alice);
+    const utxo0 = newUTXO(0, Alice);
     const { outputCommitments, encodedProof } = await prepareDepositProof(
       Alice,
-      utxo100,
+      [utxo100, utxo0],
     );
     const tx2 = await zeto
       .connect(Alice.signer)
-      .deposit(100, outputCommitments[0], encodedProof, "0x");
+      .deposit(100, outputCommitments, encodedProof, "0x");
     await tx2.wait();
   });
 

solidity/test/zeto_anon_enc_nullifier.ts

@@ -275,17 +275,20 @@ describe("Zeto based fungible token with anonymity using nullifiers and encrypti
     await tx1.wait();
 
     utxo100 = newUTXO(100, Alice);
+    const utxo0 = newUTXO(0, Alice);
     const { outputCommitments, encodedProof } = await prepareDepositProof(
       Alice,
-      utxo100,
+      [utxo100, utxo0],
     );
     const tx2 = await zeto
       .connect(Alice.signer)
-      .deposit(100, outputCommitments[0], encodedProof, "0x");
+      .deposit(100, outputCommitments, encodedProof, "0x");
     await tx2.wait();
 
     await smtAlice.add(utxo100.hash, utxo100.hash);
+    await smtAlice.add(utxo0.hash, utxo0.hash);
     await smtBob.add(utxo100.hash, utxo100.hash);
+    await smtBob.add(utxo0.hash, utxo0.hash);
   });
 
   it("mint to Alice and transfer UTXOs honestly to Bob should succeed", async function () {

solidity/test/zeto_anon_enc_nullifier_kyc.ts

@@ -61,6 +61,7 @@ describe("Zeto based fungible token with anonymity using nullifiers and encrypti
   let erc20: any;
   let zeto: any;
   let utxo100: UTXO;
+  let utxo0: UTXO;
   let utxo1: UTXO;
   let utxo2: UTXO;
   let utxo3: UTXO;
@@ -336,17 +337,20 @@ describe("Zeto based fungible token with anonymity using nullifiers and encrypti
     await tx1.wait();
 
     utxo100 = newUTXO(100, Alice);
+    utxo0 = newUTXO(0, Alice);
     const { outputCommitments, encodedProof } = await prepareDepositProof(
       Alice,
-      utxo100,
+      [utxo100, utxo0],
     );
     const tx2 = await zeto
       .connect(Alice.signer)
-      .deposit(100, outputCommitments[0], encodedProof, "0x");
+      .deposit(100, outputCommitments, encodedProof, "0x");
     await tx2.wait();
 
     await smtAlice.add(utxo100.hash, utxo100.hash);
+    await smtAlice.add(utxo0.hash, utxo0.hash);
     await smtBob.add(utxo100.hash, utxo100.hash);
+    await smtBob.add(utxo0.hash, utxo0.hash);
   });
 
   it("mint to Alice and transfer UTXOs honestly to Bob should succeed", async function () {
@@ -576,6 +580,7 @@ describe("Zeto based fungible token with anonymity using nullifiers and encrypti
 
   describe("unregistered user cases", function () {
     let unregisteredUtxo100: UTXO;
+    let unregisteredUtxo0: UTXO;
 
     it("deposit by an unregistered user should succeed", async function () {
       const tx = await erc20
@@ -588,24 +593,28 @@ describe("Zeto based fungible token with anonymity using nullifiers and encrypti
       await tx1.wait();
 
       unregisteredUtxo100 = newUTXO(100, unregistered);
+      unregisteredUtxo0 = newUTXO(0, unregistered);
       const { outputCommitments, encodedProof } = await prepareDepositProof(
         unregistered,
-        unregisteredUtxo100,
+        [unregisteredUtxo100, unregisteredUtxo0],
       );
       const tx2 = await zeto
         .connect(unregistered.signer)
-        .deposit(100, outputCommitments[0], encodedProof, "0x");
+        .deposit(100, outputCommitments, encodedProof, "0x");
       await tx2.wait();
 
       // Alice tracks the UTXO inside the SMT
       await smtAlice.add(unregisteredUtxo100.hash, unregisteredUtxo100.hash);
+      await smtAlice.add(unregisteredUtxo0.hash, unregisteredUtxo0.hash);
       // Bob also locally tracks the UTXOs inside the SMT
       await smtBob.add(unregisteredUtxo100.hash, unregisteredUtxo100.hash);
+      await smtBob.add(unregisteredUtxo0.hash, unregisteredUtxo0.hash);
     });
 
     it("transfer from an unregistered user should fail", async function () {
       // catch up the local SMT for the unregistered user
       await smtUnregistered.add(utxo100.hash, utxo100.hash);
+      await smtUnregistered.add(utxo0.hash, utxo0.hash);
       await smtUnregistered.add(utxo1.hash, utxo1.hash);
       await smtUnregistered.add(utxo2.hash, utxo2.hash);
       await smtUnregistered.add(_utxo3.hash, _utxo3.hash);
@@ -620,6 +629,7 @@ describe("Zeto based fungible token with anonymity using nullifiers and encrypti
         unregisteredUtxo100.hash,
         unregisteredUtxo100.hash,
       );
+      await smtUnregistered.add(unregisteredUtxo0.hash, unregisteredUtxo0.hash);
       const utxosRoot = await smtUnregistered.root();
 
       const nullifier = newNullifier(unregisteredUtxo100, unregistered);

solidity/test/zeto_anon_enc_nullifier_non_repudiation.ts

@@ -59,6 +59,7 @@ describe("Zeto based fungible token with anonymity using nullifiers and encrypti
   let erc20: any;
   let zeto: any;
   let utxo100: UTXO;
+  let utxo0: UTXO;
   let utxo1: UTXO;
   let utxo2: UTXO;
   let utxo3: UTXO;
@@ -330,17 +331,20 @@ describe("Zeto based fungible token with anonymity using nullifiers and encrypti
     await tx1.wait();
 
     utxo100 = newUTXO(100, Alice);
+    utxo0 = newUTXO(0, Alice);
     const { outputCommitments, encodedProof } = await prepareDepositProof(
       Alice,
-      utxo100,
+      [utxo100, utxo0],
     );
     const tx2 = await zeto
       .connect(Alice.signer)
-      .deposit(100, outputCommitments[0], encodedProof, "0x");
+      .deposit(100, outputCommitments, encodedProof, "0x");
     await tx2.wait();
 
     await smtAlice.add(utxo100.hash, utxo100.hash);
+    await smtAlice.add(utxo0.hash, utxo0.hash);
     await smtBob.add(utxo100.hash, utxo100.hash);
+    await smtBob.add(utxo0.hash, utxo0.hash);
   });
 
   it("mint to Alice and transfer UTXOs honestly to Bob should succeed and verifiable by the regulator", async function () {

solidity/test/zeto_anon_nullifier.ts

@@ -247,17 +247,20 @@ describe("Zeto based fungible token with anonymity using nullifiers without encr
     await tx1.wait();
 
     utxo100 = newUTXO(100, Alice);
+    const utxo0 = newUTXO(0, Alice);
     const { outputCommitments, encodedProof } = await prepareDepositProof(
       Alice,
-      utxo100,
+      [utxo0, utxo100],
     );
     const tx2 = await zeto
       .connect(Alice.signer)
-      .deposit(100, outputCommitments[0], encodedProof, "0x");
+      .deposit(100, outputCommitments, encodedProof, "0x");
     await tx2.wait();
 
     await smtAlice.add(utxo100.hash, utxo100.hash);
+    await smtAlice.add(utxo0.hash, utxo0.hash);
     await smtBob.add(utxo100.hash, utxo100.hash);
+    await smtBob.add(utxo0.hash, utxo0.hash);
   });
 
   it("mint to Alice and transfer UTXOs honestly to Bob should succeed", async function () {