From dfd241dcf95c71784bea07353a64e0ff63581417 Mon Sep 17 00:00:00 2001
From: rymnc <43716372+rymnc@users.noreply.github.com>
Date: Mon, 13 Nov 2023 03:28:03 +0300
Subject: [PATCH] feat: use RLN with RC instead of Poseidon

---
 .gitmodules              |  3 +++
 README.md                | 47 ++++++++++++++++++++++++++++++++++++----
 circuits/rln.circom      | 13 ++++++-----
 circuits/utils.circom    |  4 ++--
 circuits/withdraw.circom |  4 ++--
 lib/rc-impls             |  1 +
 6 files changed, 59 insertions(+), 13 deletions(-)
 create mode 100644 .gitmodules
 create mode 160000 lib/rc-impls

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..3b3f8ba
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "lib/rc-impls"]
+	path = lib/rc-impls
+	url = https://github.com/rymnc/reinforced-concrete-impls
diff --git a/README.md b/README.md
index 0b0bdf6..f5e7895 100644
--- a/README.md
+++ b/README.md
@@ -3,13 +3,52 @@
     <img src="https://github.com/Rate-Limiting-Nullifier/rln-circuits-v2/workflows/Test/badge.svg" width="110">
 </p>
 
-<div align="center">
+___
 
-*The project was audited by Veridise, yAcademy fellows and internally.*
+## This is a fork of RLN
 
-</div>
+This fork of RLN makes use of [RC hash function](https://rc-hash.info) as a drop in replacement to poseidon.
 
-___
+
+### Constraint differences
+
+1. RLN Circuit =>
+
+```diff
+circom compiler 2.1.5
+-template instances: 216
++template instances: 48
+-non-linear constraints: 5820
++non-linear constraints: 957
+linear constraints: 0
+public inputs: 2
+public outputs: 3
+private inputs: 43
+private outputs: 0
+-wires: 5844
++wires: 1053
+-labels: 18553
++labels: 24733
+```
+
+2. Withdraw Circuit =>
+
+```diff
+circom compiler 2.1.5
+-template instances: 71
++template instances: 42
+-non-linear constraints: 214
++non-linear constraints: 37
+linear constraints: 0
+public inputs: 1
+public outputs: 1
+private inputs: 1
+private outputs: 0
+-wires: 217
++wires: 43
+-labels: 585
++labels: 1021
+```
 
 ## What's RLN?
 
diff --git a/circuits/rln.circom b/circuits/rln.circom
index 7d1939b..f6cf45f 100644
--- a/circuits/rln.circom
+++ b/circuits/rln.circom
@@ -1,7 +1,7 @@
 pragma circom 2.1.0;
 
 include "./utils.circom";
-include "../node_modules/circomlib/circuits/poseidon.circom";
+include "../lib/rc-impls/rc-circom/circuits/reinforcedConcrete.circom";
 
 template RLN(DEPTH, LIMIT_BIT_SIZE) {
     // Private signals
@@ -20,8 +20,8 @@ template RLN(DEPTH, LIMIT_BIT_SIZE) {
     signal output root;
     signal output nullifier;
 
-    signal identityCommitment <== Poseidon(1)([identitySecret]);
-    signal rateCommitment <== Poseidon(2)([identityCommitment, userMessageLimit]);
+    signal identityCommitment <== ReinforcedConcreteHash()([identitySecret, 0]);
+    signal rateCommitment <== ReinforcedConcreteHash()([identityCommitment, userMessageLimit]);
 
     // Membership check
     root <== MerkleTreeInclusionProof(DEPTH)(rateCommitment, identityPathIndex, pathElements);
@@ -30,11 +30,14 @@ template RLN(DEPTH, LIMIT_BIT_SIZE) {
     RangeCheck(LIMIT_BIT_SIZE)(messageId, userMessageLimit);
 
     // SSS share calculations
-    signal a1 <== Poseidon(3)([identitySecret, externalNullifier, messageId]);
+    component rcPermutation = ReinforcedConcretePermutation();
+    signal a1;
+    rcPermutation.state <== [identitySecret, externalNullifier, messageId];
+    a1 <== rcPermutation.hash[0];
     y <== identitySecret + a1 * x;
 
     // nullifier calculation
-    nullifier <== Poseidon(1)([a1]);
+    nullifier <== ReinforcedConcreteHash()([a1, 0]);
 }
 
 component main { public [x, externalNullifier] } = RLN(20, 16);
\ No newline at end of file
diff --git a/circuits/utils.circom b/circuits/utils.circom
index f9c76de..a3300ad 100644
--- a/circuits/utils.circom
+++ b/circuits/utils.circom
@@ -1,6 +1,6 @@
 pragma circom 2.1.0;
 
-include "../node_modules/circomlib/circuits/poseidon.circom";
+include "../lib/rc-impls/rc-circom/circuits/reinforcedConcrete.circom";
 include "../node_modules/circomlib/circuits/mux1.circom";
 include "../node_modules/circomlib/circuits/bitify.circom";
 include "../node_modules/circomlib/circuits/comparators.circom";
@@ -27,7 +27,7 @@ template MerkleTreeInclusionProof(DEPTH) {
             pathIndex[i]
         );
 
-        levelHashes[i + 1] <== Poseidon(2)([mux[i][0], mux[i][1]]);
+        levelHashes[i + 1] <== ReinforcedConcreteHash()([mux[i][0], mux[i][1]]);
     }
 
     root <== levelHashes[DEPTH];
diff --git a/circuits/withdraw.circom b/circuits/withdraw.circom
index f141837..1bc1c33 100644
--- a/circuits/withdraw.circom
+++ b/circuits/withdraw.circom
@@ -1,12 +1,12 @@
 pragma circom 2.1.0;
 
-include "../node_modules/circomlib/circuits/poseidon.circom";
+include "../lib/rc-impls/rc-circom/circuits/reinforcedConcrete.circom";
 
 template Withdraw() {
     signal input identitySecret;
     signal input address;
 
-    signal output identityCommitment <== Poseidon(1)([identitySecret]);
+    signal output identityCommitment <== ReinforcedConcreteHash()([identitySecret, 0]);
 
     // Dummy constraint to prevent compiler optimizing it
     signal addressSquared <== address * address;
diff --git a/lib/rc-impls b/lib/rc-impls
new file mode 160000
index 0000000..b1b18aa
--- /dev/null
+++ b/lib/rc-impls
@@ -0,0 +1 @@
+Subproject commit b1b18aa17f6e351a49611aadf5797fc578362274