Skip to content

opaquecash/circuits

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.github/workflows
.github/workflows
 
 
scripts
scripts
 
 
test
test
 
 
v2
v2
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Opaque — Circuits

CI

Canonical source of truth for the Opaque zero-knowledge circuits. The ethereum and solana repos consume this repo as a git submodule, so a circuit change happens here once. Proof system: Groth16 (BN254), Poseidon hashing, depth-20 Merkle trees, all inside the pinned pot16 Powers of Tau (65,536-constraint ceiling — npm test asserts every circuit still fits).

Circuits

Circuit Constraints Public signals Spec
v2/stealth_reputation.circom 5,421 merkle_root, attestation_id, external_nullifier, nullifier_hash PSR
v2/withdrawal.circom 23,852 withdrawn_value, state_root, asp_root, nullifier_hash, new_commitment, context privacy-pool §4.1
v2/association.circom minimal asp_root, label (off-chain ASP statement) privacy-pool §4.2
v2/conditional_disclosure.circom 12,517 value, label, threshold, state_root, disclosure_nullifier, context conditional-disclosure §4

V1 (stealth_attestation) was retired 2026-06-10; no deployed verifier accepts V1 proofs. It lives in git history only.

Build & test

Prerequisites: circom 2.1.6+, Node 18+.

npm install
npm run download:ptau    # pot16_final.ptau (~75 MB, not committed)
npm run build            # all circuits → r1cs + wasm under v2/build/
npm run setup            # Groth16 trusted setup (development only)
npm test                 # see below

Each circuit has a committed fixture under test/fixtures/ — a real proof made with the production proving key whose verification key is transcribed into the on-chain verifiers. The tests verify it (pinning the production vkey in CI), reject tampered variants, and — when v2/build/ + the ptau exist — run a fresh setup→prove→verify round-trip. The disclosure suite additionally asserts a below-threshold witness is unsatisfiable. Regenerate fixtures after a circuit change with the matching npm run generate:*-fixture script.

scripts/export_solana_vk.py <vkey.json> <NAME> prints the Rust vkey constants the Solana programs embed.

Trusted setup is development-only. Production requires an audited multi-party ceremony (tracked in ethereum's audit plan).

Test vectors

test/test_vectors.json holds the canonical DKSAP vectors, cross-validated byte-for-byte against the Rust scanner, the @noble TypeScript SDK, and the Python generator (test/generate_vectors.py); referenced by CSAP.md.

License

GPL-3.0.

About

Canonical Groth16/BN254 Circom circuits for Opaque: stealth reputation, pool withdrawal, association sets, conditional disclosure.

github.com/opaquecash/spec

Topics

privacy zero-knowledge zk-snarks circom bn254 groth16

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages