miden_crypto/merkle/smt/full/

proof.rs

use alloc::string::ToString;

use super::{SMT_DEPTH, SmtLeaf, SmtProofError, SparseMerklePath, Word};
use crate::{
    merkle::InnerNodeInfo,
    utils::{ByteReader, ByteWriter, Deserializable, DeserializationError, Serializable},
};

/// A proof which can be used to assert membership (or non-membership) of key-value pairs
/// in a [`super::Smt`] (Sparse Merkle Tree).
///
/// The proof consists of a sparse Merkle path and a leaf, which describes the node located at
/// the base of the path.
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct SmtProof {
    /// The sparse Merkle path from the leaf to the root.
    path: SparseMerklePath,
    /// The leaf node containing one or more key-value pairs.
    leaf: SmtLeaf,
}

impl SmtProof {
    // CONSTRUCTOR
    // --------------------------------------------------------------------------------------------

    /// Returns a new instance of [`SmtProof`] instantiated from the specified path and leaf.
    ///
    /// # Errors
    /// Returns an error if the path length does not match the expected [`SMT_DEPTH`],
    /// which would make the proof invalid.
    pub fn new(path: SparseMerklePath, leaf: SmtLeaf) -> Result<Self, SmtProofError> {
        let depth = path.depth();
        if depth != SMT_DEPTH {
            return Err(SmtProofError::InvalidMerklePathLength(depth as usize));
        }

        Ok(Self { path, leaf })
    }

    /// Returns a new instance of [`SmtProof`] instantiated from the specified path and leaf.
    ///
    /// The length of the path is not checked. Reserved for internal use.
    pub(in crate::merkle::smt) fn new_unchecked(path: SparseMerklePath, leaf: SmtLeaf) -> Self {
        Self { path, leaf }
    }

    // PROOF VERIFIER
    // --------------------------------------------------------------------------------------------

    /// Returns true if a [`super::Smt`] with the specified root contains the provided
    /// key-value pair.
    ///
    /// Note: this method cannot be used to assert non-membership. That is, if false is returned,
    /// it does not mean that the provided key-value pair is not in the tree.
    pub fn verify_membership(&self, key: &Word, value: &Word, root: &Word) -> bool {
        let maybe_value_in_leaf = self.leaf.get_value(key);

        match maybe_value_in_leaf {
            Some(value_in_leaf) => {
                // The value must match for the proof to be valid
                if value_in_leaf != *value {
                    return false;
                }

                // make sure the Merkle path resolves to the correct root
                self.compute_root() == *root
            },
            // If the key maps to a different leaf, the proof cannot verify membership of `value`
            None => false,
        }
    }

    // PUBLIC ACCESSORS
    // --------------------------------------------------------------------------------------------

    /// Returns the value associated with the specific key according to this proof, or None if
    /// this proof does not contain a value for the specified key.
    ///
    /// A key-value pair generated by using this method should pass the `verify_membership()` check.
    pub fn get(&self, key: &Word) -> Option<Word> {
        self.leaf.get_value(key)
    }

    /// Computes the root of a [`super::Smt`] to which this proof resolves.
    pub fn compute_root(&self) -> Word {
        self.path
            .compute_root(self.leaf.index().value(), self.leaf.hash())
            .expect("failed to compute Merkle path root")
    }

    /// Returns the proof's sparse Merkle path.
    pub fn path(&self) -> &SparseMerklePath {
        &self.path
    }

    /// Returns the leaf associated with the proof.
    pub fn leaf(&self) -> &SmtLeaf {
        &self.leaf
    }

    /// Returns an iterator over every inner node of this proof's merkle path.
    pub fn authenticated_nodes(&self) -> impl Iterator<Item = InnerNodeInfo> + '_ {
        self.path
            .authenticated_nodes(self.leaf.index().value(), self.leaf.hash())
            .expect("leaf index is u64 and should be less than 2^SMT_DEPTH")
    }

    /// Consume the proof and returns its parts.
    pub fn into_parts(self) -> (SparseMerklePath, SmtLeaf) {
        (self.path, self.leaf)
    }
}

impl Serializable for SmtProof {
    fn write_into<W: ByteWriter>(&self, target: &mut W) {
        self.path.write_into(target);
        self.leaf.write_into(target);
    }
}

impl Deserializable for SmtProof {
    fn read_from<R: ByteReader>(source: &mut R) -> Result<Self, DeserializationError> {
        let path = SparseMerklePath::read_from(source)?;
        let leaf = SmtLeaf::read_from(source)?;

        Self::new(path, leaf).map_err(|err| DeserializationError::InvalidValue(err.to_string()))
    }
}