Open lispc opened 3 years ago
orderPos = orderId % 2**orderLevel
seems very adhoc and limited. Client side have to 'fetch an available order id', then sign it....
Considering nullifier.
I think 'prove something happened/exists' in zkrollup is easy, while 'prove something did not happen / does not exist' seems a bit hard, nullifier is a general solution. But nullifier has some performance problems...
anyway ... it is not a blocking issue
https://medium.com/aztec-protocol/aztecs-zk-zk-rollup-looking-behind-the-cryptocurtain-2b8af1fca619
our Pedersen hashes are 5x more efficient than systems that use R1CS and 18x more efficient than regular Plonk
seems not easy to prevent operator from replaying users' orders.
Be careful here.
ref: https://ethresear.ch/t/account-based-anonymous-rollup/6657
The current circuirts code may not be correct. A evil operator can put order into the tree more than once.