1  k = 13;
 2  field = "pallas";
 3  
 4  constant "RlnV2_Diff_Signal" {}
 5  
 6  witness "RlnV2_Diff_Signal" {
 7      Base identity_nullifier,
 8      Base identity_trapdoor,
 9  
10      MerklePath identity_path,
11      Uint32 identity_leaf_pos,
12  
13      Base x, # The message hash
14      Base external_nullifier, # Hash(Epoch, RLN identifier)
15  
16      Base message_id,
17      Base user_message_limit,
18  
19      Base epoch,
20  }
21  
22  circuit "RlnV2_Diff_Signal" {
23      constrain_instance(epoch);
24      constrain_instance(external_nullifier);
25  
26      less_than_strict(message_id, user_message_limit);
27  
28      # Identity secret hash
29      a_0 = poseidon_hash(identity_nullifier, identity_trapdoor);
30      a_1 = poseidon_hash(a_0, external_nullifier, message_id);
31  
32      # y = a_0 + x * a_1
33      x_a_1 = base_mul(x, a_1);
34      y = base_add(a_0, x_a_1);
35      constrain_instance(x);
36      constrain_instance(y);
37  
38      internal_nullifier = poseidon_hash(a_1);
39      constrain_instance(internal_nullifier);
40  
41      identity_commitment = poseidon_hash(a_0, user_message_limit);
42      root = merkle_root(identity_leaf_pos, identity_path, identity_commitment);
43      constrain_instance(root);
44  }