This repo implements a proof of concept implementation to prove to a verifier the ownership of a UTXO still existing in the UTXO set.
UTXO set membership is proved using UTreeXO. A backend server acts as the bridge node of UTreeXO providing proof for a queried UTXO in the set.
The UTXO ownership is proved by providing a Schnorr signature verified by the tweaked public key included in the output of a P2TR UTXO (for now this is the only type of UTXO supported in the repo).
Install the dependencied by running the following command in the root directory of the repository.
npm install To setup the regtest and run the UTreeXO server, run the network setup script.
sudo chmod +x ./helper/network_setup.sh
./helper/network_setup.shDownload the powers of tau file necessary for the proof generation as below (for the test case where there are 5 UTXOs we need powers of tau >= 22):
wget https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_22.ptauRunning the script for proof generation, it queries UTXOs for a hardcoded wallet in src/prover/prover.ts and get the corresponding proof for it from the UTreeXO server. The script will then go on to do the setup for the circom general circuit, create the circuit proving and verification key, generate witness using the values generated by the prover, and in the end generate and verify the proof using src/prover/proof_generation.js file.
To do
The tests folder contains different tests to check the passed inputs and the computations done between the circom circuits and Javascript. To run the tests for the overall circuit proving the ownership and set membership of a UTXO run the circuit_test.js as below:
npx mocha tests/cicruit_test.js The code will mount the current directory to include the files created and changed by the regtest in the ./data folder. The dumped UTXO set can also be found in this folder under the format "./data/regtest/utxo-set-{block height}.dat" indicating which block height the UTXO set belongs to.
Upon running the prover, an inputs.json file will be created containing the public and private inputs neccessary to create the witness and proof for the general circuit "./circuits/circuit.circom".
This is a proof of concept implementation and is not checked for security bugs or problems thoroughly enough to be used in real cases concerning money. The circuits created for Schnorr signatures, UTreeXO proof verification, and concatinations must be checked to make sure all signals are considered as constraints.
This repository is using the seckp256k1 implementation for circom as provided by 0xPARC circom-ecdsa and the sha512 implementation provided by bkomuves hash-circuits.