diff --git a/src/WorldIDIdentityManagerImplV3.sol b/src/WorldIDIdentityManagerImplV3.sol index 206e923..00233e7 100644 --- a/src/WorldIDIdentityManagerImplV3.sol +++ b/src/WorldIDIdentityManagerImplV3.sol @@ -102,7 +102,7 @@ contract WorldIDIdentityManagerImplV3 is WorldIDIdentityManagerImplV2 { /// @notice KZG proof associated with the commitment. uint128[3] kzgProof; - /// @notice Expected evaluation of the polynomial at a certain point equal to kzgChallenge. + /// @notice Expected evaluation of the polynomial at a certain point equal to KZG challenge. uint256 expectedEvaluation; /// @notice The value for the root of the tree before the `identityCommitments` have been inserted. @@ -113,9 +113,6 @@ contract WorldIDIdentityManagerImplV3 is WorldIDIdentityManagerImplV2 { /// by `preRoot`. Must be an element of the field `Kr`. (already in reduced form) uint256 postRoot; - /// @notice Challenge value used in the KZG proof to evaluate the polynomial. - uint256 kzgChallenge; - /// @notice Hash of the input data calculated as described in the comment /// to `calculateIdentityRegistrationInputHash()`. bytes32 inputHash; @@ -174,9 +171,10 @@ contract WorldIDIdentityManagerImplV3 is WorldIDIdentityManagerImplV2 { // which it was expired. rootHistory[params.preRoot] = uint128(block.timestamp); + bytes32 kzgChallenge = computeKzgChallenge(params.inputHash, kzgCommitmentHash); bool success = evaluatePoint( kzgCommitmentHash, - bytes32(params.kzgChallenge), + kzgChallenge, bytes32(params.expectedEvaluation), params.kzgCommitment, params.kzgProof @@ -225,4 +223,16 @@ contract WorldIDIdentityManagerImplV3 is WorldIDIdentityManagerImplV2 { (bool success, ) = PRECOMPILE_POINT_EVALUATION.staticcall(input); return success; } + + /// @notice Converts input values to a KZG challenge. + /// @dev The challenge is defined as a bytes32 value of a keccak256 hash of the concatenated inputs reduced by BN254 modulus. + /// @param inputHash Hash of the input data calculated as described in the comment + /// to `calculateIdentityRegistrationInputHash()`. + /// @param kzgCommitmentVersionedHash versioned hash of the KZG commitment. + /// @return challenge The reduced keccak256 hash. + function computeKzgChallenge(bytes32 inputHash, bytes32 kzgCommitmentVersionedHash) public pure returns (bytes32) { + bytes memory inputBytes = abi.encodePacked(inputHash, kzgCommitmentVersionedHash); + uint256 reducedHash = uint256(keccak256(inputBytes)) % SNARK_SCALAR_FIELD; + return bytes32(reducedHash); + } } diff --git a/src/test/identity-manager/WorldIDIdentityManagerIdentityRegistration4844.t.sol b/src/test/identity-manager/WorldIDIdentityManagerIdentityRegistration4844.t.sol index 9a1e0bc..e68e7ff 100644 --- a/src/test/identity-manager/WorldIDIdentityManagerIdentityRegistration4844.t.sol +++ b/src/test/identity-manager/WorldIDIdentityManagerIdentityRegistration4844.t.sol @@ -60,7 +60,6 @@ contract WorldIDIdentityManagerIdentityRegistration4844 is WorldIDIdentityManage expectedEvaluation: insertionExpectedEvaluation, preRoot: insertionPreRoot, postRoot: insertionPostRoot4844, - kzgChallenge: kzgChallenge, inputHash: insertionInputHash4844, batchSize: uint32(identityCommitmentsSize), startIndex: startIndex @@ -127,7 +126,6 @@ contract WorldIDIdentityManagerIdentityRegistration4844 is WorldIDIdentityManage expectedEvaluation: insertionExpectedEvaluation, preRoot: newPreRoot, postRoot: newPostRoot, - kzgChallenge: kzgChallenge, inputHash: insertionInputHash4844, batchSize: uint32(preparedIdents.length), startIndex: newStartIndex @@ -193,7 +191,6 @@ contract WorldIDIdentityManagerIdentityRegistration4844 is WorldIDIdentityManage expectedEvaluation: insertionExpectedEvaluation, preRoot: newPreRoot, postRoot: newPostRoot, - kzgChallenge: kzgChallenge, inputHash: insertionInputHash4844, batchSize: uint32(preparedIdents.length), startIndex: newStartIndex @@ -260,7 +257,6 @@ contract WorldIDIdentityManagerIdentityRegistration4844 is WorldIDIdentityManage expectedEvaluation: insertionExpectedEvaluation, preRoot: newPreRoot, postRoot: newPostRoot, - kzgChallenge: kzgChallenge, inputHash: insertionInputHash4844, batchSize: uint32(preparedIdents.length), startIndex: newStartIndex @@ -310,7 +306,6 @@ contract WorldIDIdentityManagerIdentityRegistration4844 is WorldIDIdentityManage expectedEvaluation: insertionExpectedEvaluation, preRoot: newPreRoot, postRoot: newPostRoot, - kzgChallenge: kzgChallenge, inputHash: insertionInputHash4844, batchSize: uint32(identityCommitments.length), startIndex: newStartIndex @@ -356,7 +351,6 @@ contract WorldIDIdentityManagerIdentityRegistration4844 is WorldIDIdentityManage expectedEvaluation: insertionExpectedEvaluation, preRoot: insertionPreRoot, postRoot: insertionPostRoot, - kzgChallenge: kzgChallenge, inputHash: insertionInputHash4844, batchSize: uint32(identityCommitments.length), startIndex: newStartIndex @@ -408,7 +402,6 @@ contract WorldIDIdentityManagerIdentityRegistration4844 is WorldIDIdentityManage expectedEvaluation: insertionExpectedEvaluation, preRoot: insertionPreRoot, postRoot: insertionPostRoot, - kzgChallenge: kzgChallenge, inputHash: insertionInputHash4844, batchSize: uint32(identities.length), startIndex: startIndex @@ -472,7 +465,6 @@ contract WorldIDIdentityManagerIdentityRegistration4844 is WorldIDIdentityManage expectedEvaluation: insertionExpectedEvaluation, preRoot: insertionPreRoot, postRoot: newPostRoot, - kzgChallenge: kzgChallenge, inputHash: insertionInputHash4844, batchSize: uint32(identityCommitments.length), startIndex: startIndex @@ -504,7 +496,6 @@ contract WorldIDIdentityManagerIdentityRegistration4844 is WorldIDIdentityManage expectedEvaluation: insertionExpectedEvaluation, preRoot: insertionPreRoot, postRoot: insertionPostRoot, - kzgChallenge: kzgChallenge, inputHash: insertionInputHash4844, batchSize: uint32(identityCommitments.length), startIndex: startIndex @@ -551,7 +542,6 @@ contract WorldIDIdentityManagerIdentityRegistration4844 is WorldIDIdentityManage expectedEvaluation: insertionExpectedEvaluation, preRoot: actualRoot, postRoot: insertionPostRoot, - kzgChallenge: kzgChallenge, inputHash: insertionInputHash4844, batchSize: uint32(identityCommitments.length), startIndex: startIndex @@ -608,7 +598,6 @@ contract WorldIDIdentityManagerIdentityRegistration4844 is WorldIDIdentityManage expectedEvaluation: insertionExpectedEvaluation, preRoot: initialRoot, postRoot: insertionPostRoot, - kzgChallenge: kzgChallenge, inputHash: insertionInputHash4844, batchSize: uint32(identities.length), startIndex: startIndex @@ -639,7 +628,6 @@ contract WorldIDIdentityManagerIdentityRegistration4844 is WorldIDIdentityManage expectedEvaluation: insertionExpectedEvaluation, preRoot: initialRoot, postRoot: insertionPostRoot, - kzgChallenge: kzgChallenge, inputHash: insertionInputHash4844, batchSize: uint32(identityCommitments.length), startIndex: startIndex diff --git a/src/test/identity-manager/WorldIDIdentityManagerTest.sol b/src/test/identity-manager/WorldIDIdentityManagerTest.sol index 083e4a0..a5be493 100644 --- a/src/test/identity-manager/WorldIDIdentityManagerTest.sol +++ b/src/test/identity-manager/WorldIDIdentityManagerTest.sol @@ -80,8 +80,6 @@ contract WorldIDIdentityManagerTest is WorldIDTest { 0x3d5d4a7d6098f2147ed77be69d93179e6179479b8771c2554e5404c06f836408; uint256 internal constant insertionPostRoot4844 = 0x0c3f30b0604dae9a378e2bf62826bf5a772e9ad745df6f8c8256dff351fecee8; - uint256 internal constant kzgChallenge = - 0x1b5f5a71803049342dbd89f27e11d537400e959eea99de6e29e262d22adc3468; uint256[8] insertionProof4844; uint256[2] commitments;