Circuits Summary

The Sacred Finance project makes use of circom circuits for two aspects:

  • Mixing

  • Anonymity mining

Anonymity mining makes use of the following circuits:

  • MerkleTreeUpdater.circom

    • Adds a new leaf to a merkle tree

  • TreeUpdate.circom

    • Instantiation of the MerkleTreeUpdater template

  • Withdraw.circom

    • Fork of Tornado.cash’s anonymity mining withdrawal circuit but implements the shares of staked seconds model described previously

  • Reward.circom

    • Fork of Tornado.cash’s anonymity mining reward circuit but implements the shares of staked second model described previously

Mixing functionality makes use of the following circuits:

  • Withdraw.circom

    • Deposits take in a

      • root of the deposit merkle tree in order to ensure that the user is withdrawing assets for which there indeed was a deposit and that the user doing the withdrawal owns the assets to be withdrawn.

      • nullifierHash as part of the SacredCommitmentHasher

    • In order to withdraw funds from Sacred.finance, you need

      • Merkle path: purported path from the leaf node to the root

      • Root: root of the deposit tree

      • Leaf: the leaf is a commitment as specified in Utils.circom

      • Nullifier: nullifier is to ensure that funds are withdrawn exactly once and is revealed once the withdrawal is done

    • These properties enable a user to prove that they have a priori deposited into Sacred.Finance

    • In order to ensure that the proof is dependent on the recipient and fee, the withdrawal circuit also contains extra constraints to invalidate the withdrawal snark proof.

Circuits that are common to both the anonymity mining and mixing are:

  • Utils.circom

    • Contains the circuit for enforcing the correctness of the commitments generated in Sacred. Commitments are of the form H(nullifier, secret), H is the pedersen hash function and nullifiers are hashed using the pedersen hash function.

    • Merkletree.circom

      • Leafs are of the form (commitment)

Both the mixing and anonymity mining make use of the same merkletree.circom circuit. This circuit verifies that a given root along with a merkle path was indeed computed correctly. The merkle tree has the following properties:

  • Binary merkle tree

  • Leaf nodes are hashed using the poseidon hash function

PreviousSacred Rules to keep your deposit privateNextLinks to individual Contracts

Last updated