Reference
Circuits reference
The Circom sources in @shh/circuits: the shared Merkle-proof and keypair library, the Privacy-Pool withdraw circuit, the shielded transaction circuit, and the compile + trusted-setup pipeline.
@shh/circuits is the zk heart of the project — independent of the chain it runs on. It compiles to WASM witnesses and Groth16 zkeys, and exports Solidity verifiers.
Layout
circuits/ ├─ lib/ │ ├─ merkleProof.circom Poseidon Merkle inclusion │ └─ keypair.circom pubkey + signature helpers ├─ pool/ │ └─ poolWithdraw.circom state + association membership withdraw └─ shielded/ ├─ transaction.circom generic join-split template └─ transaction2x2.circom the 2-in / 2-out instantiation
The circuits
lib/merkleProof.circom- Verifies a Poseidon Merkle inclusion proof of fixed depth
LEVELS, selecting left/right by path-index bits. lib/keypair.circom- Derives
pubKey = H(privKey)and the per-note signature used to form nullifiers. pool/poolWithdraw.circom- Proves a commitment is in both the state and association trees and binds the withdrawal parameters. See Profile B.
shielded/transaction2x2.circom- The 2-in/2-out join-split with value conservation and 248-bit range checks. See Profile A.
The pipeline
- 1Compile
pnpm circuits:compileruns circom to produce.r1csand.wasm(the witness generator). - 2Trusted setup
pnpm circuits:setupruns the Powers-of-Tau and per-circuit Groth16 setup, producing.zkeyproving keys and verification keys. - 3Export verifiersThe setup exports
*Verifier.solintopackages/contracts/contracts/verifiers/. - 4Test
pnpm circuits:test(4/4) proves a valid witness verifies and a tampered witness fails its constraints.
Committed artifacts
Verification keys are checked in for reproducibility — keys/poolWithdraw_vkey.json and keys/transaction2x2_vkey.json — alongside circuits.config.json which declares the circuits and their parameters.