Merged conflicts

integration_test.go

@@ -165,3 +165,26 @@ func TestDeletionWrongInput(t *testing.T) {
 		t.Fatalf("Expected error message to be tagged with 'proving_error', got %s", string(responseBody))
 	}
 }
+
+func TestDeletionBatchPadding(t *testing.T) {
+	if mode != server.DeletionMode {
+		return
+	}
+	body := `{
+		"inputHash":"0x509d6e4ca8a621713cc5feb95de95cb4eed3c1127176d93da653fd3cc55db537",
+		"deletionIndices":[0,8],
+		"preRoot":"0xd11eefe87b985333c0d327b0cdd39a9641b5ac32c35c2bda84301ef3231a8ac",
+		"postRoot":"0x22c58cf24838c2eb1701f2aa6e6a867e10237590dbdb423e4d3e053b121c44cb",
+		"identityCommitments":["0x1","0x0"],
+		"merkleProofs":[
+			["0x2","0x20a3af0435914ccd84b806164531b0cd36e37d4efb93efab76913a93e1f30996","0x1069673dcdb12263df301a6ff584a7ec261a44cb9dc68df067a4774460b1f1e1"],
+			["0x0","0x0","0x0"]
+		]}`
+	response, err := http.Post("http://localhost:8080/prove", "application/json", strings.NewReader(body))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if response.StatusCode != http.StatusOK {
+		t.Fatalf("Expected status code %d, got %d", http.StatusOK, response.StatusCode)
+	}
+}

prover/deletion_circuit.go

@@ -1,6 +1,7 @@
 package prover
 
 import (
+	"fmt"
 	"worldcoin/gnark-mbu/prover/keccak"
 
 	"github.com/consensys/gnark/frontend"
@@ -25,6 +26,9 @@ type DeletionMbuCircuit struct {
 }
 
 func (circuit *DeletionMbuCircuit) Define(api frontend.API) error {
+	if circuit.Depth > 31 {
+		return fmt.Errorf("max depth supported is 31")
+	}
 	// Hash private inputs.
 	// We keccak hash all input to save verification gas. Inputs are arranged as follows:
 	// deletionIndices[0] || deletionIndices[1] || ... || deletionIndices[batchSize-1] || PreRoot || PostRoot
@@ -64,28 +68,33 @@ func (circuit *DeletionMbuCircuit) Define(api frontend.API) error {
 	// externally, so we can safely assert their equality here.
 	api.AssertIsEqual(circuit.InputHash, sum)
 
-	// Actual batch merkle proof verification.
-	var root frontend.Variable
-
 	prevRoot := circuit.PreRoot
 
 	// Individual insertions.
 	for i := 0; i < circuit.BatchSize; i += 1 {
-		currentPath := api.ToBinary(circuit.DeletionIndices[i], circuit.Depth)
+		currentPath := api.ToBinary(circuit.DeletionIndices[i], circuit.Depth+1)
+		// Treating indices with the one-too-high bit set as a skip flag. This allows
+		// us to pad batches with meaningless ops to commit something even if there
+		// isn't enough deletions happening to fill a batch.
+		skipFlag := currentPath[circuit.Depth]
+		currentPath = currentPath[:circuit.Depth]
 
 		// Verify proof for idComm.
-		root = abstractor.CallGadget(api, VerifyProof{append([]frontend.Variable{circuit.IdComms[i]}, circuit.MerkleProofs[i][:]...), currentPath})[0]
-		api.AssertIsEqual(root, prevRoot)
+		rootPreDeletion := abstractor.CallGadget(api, VerifyProof{append([]frontend.Variable{circuit.IdComms[i]}, circuit.MerkleProofs[i][:]...), currentPath})[0]
 
 		// Verify proof for empty leaf.
-		root = abstractor.CallGadget(api, VerifyProof{append([]frontend.Variable{emptyLeaf}, circuit.MerkleProofs[i][:]...), currentPath})[0]
+		rootPostDeletion := abstractor.CallGadget(api, VerifyProof{append([]frontend.Variable{emptyLeaf}, circuit.MerkleProofs[i][:]...), currentPath})[0]
+
+		preRootCorrect := api.IsZero(api.Sub(rootPreDeletion, prevRoot))
+		preRootCorrectOrSkip := api.Or(preRootCorrect, skipFlag)
+		api.AssertIsEqual(preRootCorrectOrSkip, 1)
 
 		// Set root for next iteration.
-		prevRoot = root
+		prevRoot = api.Select(skipFlag, prevRoot, rootPostDeletion) // If skipFlag is set, we don't update the root.
 	}
 
 	// Final root needs to match.
-	api.AssertIsEqual(root, circuit.PostRoot)
+	api.AssertIsEqual(prevRoot, circuit.PostRoot)
 
 	return nil
 }