feat: add zk-nullifier example with single and batch proof support

- Add nullifier circuit with Poseidon hash for single nullifier creation
- Add batch nullifier circuit for creating 4 nullifiers with single proof
- Include setup script for circuit compilation and key generation
- Add e2e tests for both single and batch nullifier creation
- Remove incomplete mixer and shielded-pool examples

Author: tilo-14

.gitignore

@@ -12,3 +12,7 @@ pot
 # ZK examples - TypeScript tests not ready
 zk/**/*.ts
 zk/**/tsconfig.json
+
+# ZK examples - not ready
+zk/mixer/
+zk/shielded-pool/

zk/README.md

@@ -12,7 +12,9 @@ You can use Light to:
 
 **Full Examples:**
 
-- **[zk-id](./zk/zk-id)** - Identity verification using Groth16 proofs. Issuers create credentials; users prove ownership without revealing the credential.
+- **[zk-id](./zk-id)** - Identity verification using Groth16 proofs. Issuers create credentials; users prove ownership without revealing the credential.
+- **[shielded-pool](./shielded-pool)** - Privacy-preserving SOL pool (Tornado Nova port). UTXO model with arbitrary amounts, encrypted outputs, and relayer support.
+- **[mixer](./mixer)** - Fixed-denomination privacy mixer (Tornado Core port). Deposit/withdraw fixed amounts to break on-chain transaction links.
 
 **Basic Examples:**
 

zk/zk-merkle-proof/CLAUDE.md

@@ -0,0 +1,101 @@
+# zk-merkle-proof
+
+Proves compressed account existence with Groth16 verification without revealing Merkle path.
+
+## Summary
+
+- Creates compressed accounts with Poseidon-hashed data
+- Verifies Groth16 proofs that account exists in state tree
+- Merkle path, leaf position, and address stay private
+- Only data_hash, discriminator, and root are public inputs
+
+## Instructions
+
+### `create_account`
+
+Creates a compressed account with a data hash.
+
+- **path**: `src/lib.rs:37`
+
+**Instruction data:**
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `proof` | `ValidityProof` | Light Protocol validity proof |
+| `address_tree_info` | `PackedAddressTreeInfo` | Address tree reference |
+| `output_state_tree_index` | `u8` | State tree for output |
+| `data_hash` | `[u8; 32]` | Hash of account data |
+
+**Accounts:**
+
+| Name | Signer | Writable | Description |
+|------|--------|----------|-------------|
+| `signer` | ✓ | ✓ | Transaction fee payer |
+
+**Logic:**
+
+1. Derive address from `[b"data_account", data_hash]`
+2. Create `DataAccount` with Poseidon hashing via Light CPI
+
+### `verify_account`
+
+Verifies a Groth16 proof that account exists in state tree.
+
+- **path**: `src/lib.rs:76`
+
+**Instruction data:**
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `input_root_index` | `u16` | Root index in state tree |
+| `zk_proof` | `CompressedProof` | Groth16 proof (a, b, c) |
+| `data_hash` | `[u8; 32]` | Expected data hash |
+
+**Accounts:**
+
+| Name | Signer | Writable | Description |
+|------|--------|----------|-------------|
+| `signer` | ✓ | ✓ | Transaction fee payer |
+| `state_merkle_tree` | ✗ | ✗ | State tree to read root from |
+
+**Logic:**
+
+1. Read expected root from state Merkle tree at `input_root_index`
+2. Hash program ID and tree pubkey to BN254 field size
+3. Construct 5 public inputs: `[owner_hashed, merkle_tree_hashed, discriminator, data_hash, expected_root]`
+4. Decompress G1/G2 proof points
+5. Verify Groth16 proof against verifying key
+
+## Accounts
+
+### `DataAccount`
+
+Stores a data hash using Poseidon hashing.
+
+- **path**: `src/lib.rs:157`
+- **derivation**: `[b"data_account", data_hash]`
+- **hashing**: Poseidon (via `LightHasher` derive)
+
+## Circuit
+
+5 public inputs:
+
+- `owner_hashed` - program ID hashed to BN254 field
+- `merkle_tree_hashed` - state tree pubkey hashed
+- `discriminator` - account type discriminator
+- `data_hash` - account data hash
+- `expectedRoot` - current Merkle root
+
+Private inputs (hidden in proof):
+
+- `leaf_index` - position in tree
+- `account_leaf_index` - SDK internal position
+- `address` - account address
+- `pathElements[26]` - Merkle proof siblings
+
+## Build & Test
+
+```bash
+./scripts/setup.sh                    # Compile circuits, generate zkeys
+cargo build-sbf && cargo test-sbf     # Rust tests
+```

zk/zk-merkle-proof/circuits/README.md

@@ -1,6 +1,6 @@
-# Merkle Proof Circuit
+# Compressed Account Merkle Proof Circuit
 
-Zero-knowledge circuit that proves a compressed account exists in a Merkle tree without revealing private account details.
+Zero-knowledge circuit that proves ownership of a compressed account in a Merkle tree without revealing the account details.
 
 ## What It Does
 
@@ -41,9 +41,9 @@ cargo test-sbf
 Single file `merkle_proof.circom` contains all templates:
 
 ```
-AccountMerkleProof (main)
+CompressedAccountMerkleProof (main)
 ├── CompressedAccountHash
 │   └── Poseidon hash of 6 account fields
-└── MerkleProof (Tornado Cash Nova pattern)
-    └── 26-level binary tree verification using Switcher
+└── MerkleProof 
+    └── 26-level binary tree verification  
 ```

zk/zk-merkle-proof/circuits/merkle_proof.circom

@@ -4,6 +4,8 @@ include "../node_modules/circomlib/circuits/poseidon.circom";
 include "../node_modules/circomlib/circuits/bitify.circom";
 include "../node_modules/circomlib/circuits/switcher.circom";
 
+// Merkle Proof Verification Template
+// Verifies that a leaf is in a Merkle tree with a given root
 template MerkleProof(levels) {
     signal input leaf;
     signal input pathElements[levels];
@@ -48,7 +50,7 @@ template CompressedAccountHash() {
     hash <== poseidon.out;
 }
 
-template AccountMerkleProof(levels) {
+template CompressedCompressedAccountMerkleProof(levels) {
     signal input owner_hashed;
     signal input merkle_tree_hashed;
     signal input discriminator;
@@ -77,4 +79,4 @@ template AccountMerkleProof(levels) {
 
 component main {
     public [owner_hashed, merkle_tree_hashed, discriminator, data_hash, expectedRoot]
-} = AccountMerkleProof(26);
+} = CompressedAccountMerkleProof(26);

zk/zk-merkle-proof/src/lib.rs

@@ -23,7 +23,7 @@ declare_id!("MPzkYomvQc4VQPwMr6bFduyWRQZVCh5CofgDC4dFqJp");
 pub const LIGHT_CPI_SIGNER: CpiSigner =
     derive_light_cpi_signer!("MPzkYomvQc4VQPwMr6bFduyWRQZVCh5CofgDC4dFqJp");
 
-pub const DATA_ACCOUNT: &[u8] = b"data_account";
+pub const ZK_ACCOUNT: &[u8] = b"zk_account";
 
 pub mod verifying_key;
 
@@ -52,12 +52,12 @@ pub mod zk_merkle_proof {
             .map_err(|_| ProgramError::InvalidAccountData)?;
 
         let (address, address_seed) = derive_address(
-            &[DATA_ACCOUNT, &data_hash],
+            &[ZK_ACCOUNT, &data_hash],
             &address_tree_pubkey,
             &crate::ID,
         );
 
-        let mut account = LightAccountPoseidon::<DataAccount>::new_init(
+        let mut account = LightAccountPoseidon::<ZkAccount>::new_init(
             &crate::ID,
             Some(address),
             output_state_tree_index,
@@ -94,7 +94,7 @@ pub mod zk_merkle_proof {
                 .unwrap();
 
         let mut discriminator = [0u8; 32];
-        discriminator[24..].copy_from_slice(DataAccount::LIGHT_DISCRIMINATOR_SLICE);
+        discriminator[24..].copy_from_slice(ZkAccount::LIGHT_DISCRIMINATOR_SLICE);
 
         let public_inputs: [[u8; 32]; 5] = [
             owner_hashed,
@@ -155,7 +155,7 @@ pub struct VerifyAccountAccounts<'info> {
 }
 
 #[derive(Clone, Debug, Default, BorshSerialize, BorshDeserialize, LightDiscriminator, LightHasher)]
-pub struct DataAccount {
+pub struct ZkAccount {
     pub data_hash: DataHash,
 }
 

zk/zk-merkle-proof/tests/test.rs

@@ -16,7 +16,7 @@ use solana_sdk::{
     signature::{Keypair, Signature, Signer},
 };
 use std::collections::HashMap;
-use zk_merkle_proof::DATA_ACCOUNT;
+use zk_merkle_proof::ZK_ACCOUNT;
 
 #[link(name = "circuit", kind = "static")]
 extern "C" {}
@@ -40,7 +40,7 @@ async fn test_create_and_verify_account() {
     let address_tree_info = rpc.get_address_tree_v2();
 
     let (account_address, _) = derive_address(
-        &[DATA_ACCOUNT, &data_hash],
+        &[ZK_ACCOUNT, &data_hash],
         &address_tree_info.tree,
         &zk_merkle_proof::ID,
     );

zk/zk-nullifier/build.rs

@@ -1,29 +1,33 @@
 use groth16_solana::vk_parser::generate_vk_file;
 
 fn main() {
-    println!("cargo:rerun-if-changed=build/verification_key.json");
-    println!("cargo:rerun-if-changed=build/batch_verification_key.json");
-    println!("cargo:rerun-if-changed=build/nullifier_js");
-    println!("cargo:rerun-if-changed=build/batchnullifier_js");
+    println!("cargo:rerun-if-changed=build/nullifier_1_verification_key.json");
+    println!("cargo:rerun-if-changed=build/nullifier_4_verification_key.json");
+    println!("cargo:rerun-if-changed=build/nullifier_1_js");
+    println!("cargo:rerun-if-changed=build/nullifier_4_js");
 
     // Single nullifier verifying key
-    if std::path::Path::new("./build/verification_key.json").exists() {
-        generate_vk_file("./build/verification_key.json", "./src", "verifying_key.rs")
-            .expect("Failed to generate verifying_key.rs");
+    if std::path::Path::new("./build/nullifier_1_verification_key.json").exists() {
+        generate_vk_file(
+            "./build/nullifier_1_verification_key.json",
+            "./src",
+            "nullifier_1.rs",
+        )
+        .expect("Failed to generate nullifier_1.rs");
     } else {
-        println!("cargo:warning=verification_key.json not found. Run './scripts/setup.sh'");
+        println!("cargo:warning=nullifier_1_verification_key.json not found. Run './scripts/setup.sh'");
     }
 
     // Batch nullifier verifying key
-    if std::path::Path::new("./build/batch_verification_key.json").exists() {
+    if std::path::Path::new("./build/nullifier_4_verification_key.json").exists() {
         generate_vk_file(
-            "./build/batch_verification_key.json",
+            "./build/nullifier_4_verification_key.json",
             "./src",
-            "batch_verifying_key.rs",
+            "nullifier_batch_4.rs",
         )
-        .expect("Failed to generate batch_verifying_key.rs");
+        .expect("Failed to generate nullifier_batch_4.rs");
     } else {
-        println!("cargo:warning=batch_verification_key.json not found. Run './scripts/setup.sh'");
+        println!("cargo:warning=nullifier_4_verification_key.json not found. Run './scripts/setup.sh'");
     }
 
     // Transpile witness generators for non-Solana targets
@@ -33,8 +37,8 @@ fn main() {
         let out_dir = std::env::var("OUT_DIR").unwrap();
 
         // Transpile single nullifier circuit
-        if std::path::Path::new("./build/nullifier_js").exists() {
-            rust_witness::transpile::transpile_wasm("./build/nullifier_js".to_string());
+        if std::path::Path::new("./build/nullifier_1_js").exists() {
+            rust_witness::transpile::transpile_wasm("./build/nullifier_1_js".to_string());
             // Rename libcircuit.a → libcircuit_single.a
             let src = format!("{}/libcircuit.a", out_dir);
             let dst = format!("{}/libcircuit_single.a", out_dir);
@@ -44,8 +48,8 @@ fn main() {
         }
 
         // Transpile batch nullifier circuit
-        if std::path::Path::new("./build/batchnullifier_js").exists() {
-            rust_witness::transpile::transpile_wasm("./build/batchnullifier_js".to_string());
+        if std::path::Path::new("./build/nullifier_4_js").exists() {
+            rust_witness::transpile::transpile_wasm("./build/nullifier_4_js".to_string());
             // Rename libcircuit.a → libcircuit_batch.a
             let src = format!("{}/libcircuit.a", out_dir);
             let dst = format!("{}/libcircuit_batch.a", out_dir);

zk/zk-nullifier/src/lib.rs

@@ -22,7 +22,7 @@ pub const LIGHT_CPI_SIGNER: CpiSigner =
 
 pub const NULLIFIER_PREFIX: &[u8] = b"nullifier";
 
-// Max nullifiers per tx: 1 (single) or 4 (batch)
+// Customize nullifiers per tx, e.g. 1 (single) or 4 (batch)
 pub const BATCH_SIZE: usize = 4;
 
 pub mod nullifier_1;

zk/zk-nullifier/src/nullifier_1.rs

@@ -9,7 +9,7 @@ pub const VERIFYINGKEY: Groth16Verifyingkey = Groth16Verifyingkey {
 
 	vk_gamma_g2: [25u8, 142u8, 147u8, 147u8, 146u8, 13u8, 72u8, 58u8, 114u8, 96u8, 191u8, 183u8, 49u8, 251u8, 93u8, 37u8, 241u8, 170u8, 73u8, 51u8, 53u8, 169u8, 231u8, 18u8, 151u8, 228u8, 133u8, 183u8, 174u8, 243u8, 18u8, 194u8, 24u8, 0u8, 222u8, 239u8, 18u8, 31u8, 30u8, 118u8, 66u8, 106u8, 0u8, 102u8, 94u8, 92u8, 68u8, 121u8, 103u8, 67u8, 34u8, 212u8, 247u8, 94u8, 218u8, 221u8, 70u8, 222u8, 189u8, 92u8, 217u8, 146u8, 246u8, 237u8, 9u8, 6u8, 137u8, 208u8, 88u8, 95u8, 240u8, 117u8, 236u8, 158u8, 153u8, 173u8, 105u8, 12u8, 51u8, 149u8, 188u8, 75u8, 49u8, 51u8, 112u8, 179u8, 142u8, 243u8, 85u8, 172u8, 218u8, 220u8, 209u8, 34u8, 151u8, 91u8, 18u8, 200u8, 94u8, 165u8, 219u8, 140u8, 109u8, 235u8, 74u8, 171u8, 113u8, 128u8, 141u8, 203u8, 64u8, 143u8, 227u8, 209u8, 231u8, 105u8, 12u8, 67u8, 211u8, 123u8, 76u8, 230u8, 204u8, 1u8, 102u8, 250u8, 125u8, 170u8],
 
-	vk_delta_g2: [15u8, 50u8, 226u8, 15u8, 25u8, 49u8, 85u8, 92u8, 250u8, 85u8, 137u8, 57u8, 88u8, 252u8, 101u8, 174u8, 216u8, 14u8, 90u8, 41u8, 162u8, 60u8, 209u8, 25u8, 208u8, 32u8, 185u8, 189u8, 104u8, 103u8, 199u8, 36u8, 25u8, 202u8, 32u8, 147u8, 48u8, 19u8, 68u8, 85u8, 122u8, 192u8, 42u8, 156u8, 71u8, 42u8, 101u8, 140u8, 37u8, 171u8, 240u8, 154u8, 222u8, 12u8, 19u8, 83u8, 34u8, 132u8, 233u8, 110u8, 77u8, 73u8, 207u8, 173u8, 40u8, 114u8, 71u8, 135u8, 57u8, 66u8, 210u8, 247u8, 147u8, 215u8, 36u8, 47u8, 39u8, 166u8, 215u8, 139u8, 84u8, 153u8, 43u8, 184u8, 129u8, 125u8, 16u8, 115u8, 125u8, 72u8, 250u8, 11u8, 174u8, 190u8, 61u8, 63u8, 40u8, 7u8, 176u8, 8u8, 193u8, 18u8, 115u8, 34u8, 248u8, 254u8, 223u8, 93u8, 117u8, 235u8, 180u8, 210u8, 184u8, 123u8, 194u8, 100u8, 133u8, 247u8, 9u8, 192u8, 41u8, 74u8, 8u8, 73u8, 170u8, 200u8, 31u8, 61u8],
+	vk_delta_g2: [5u8, 214u8, 55u8, 57u8, 195u8, 158u8, 141u8, 21u8, 221u8, 107u8, 234u8, 39u8, 157u8, 74u8, 252u8, 20u8, 199u8, 144u8, 101u8, 227u8, 7u8, 157u8, 38u8, 68u8, 167u8, 43u8, 87u8, 5u8, 11u8, 13u8, 171u8, 47u8, 47u8, 37u8, 222u8, 89u8, 11u8, 73u8, 171u8, 198u8, 130u8, 72u8, 158u8, 170u8, 147u8, 14u8, 4u8, 235u8, 56u8, 37u8, 173u8, 75u8, 74u8, 48u8, 155u8, 253u8, 66u8, 199u8, 129u8, 200u8, 141u8, 191u8, 112u8, 0u8, 14u8, 46u8, 100u8, 107u8, 1u8, 37u8, 237u8, 245u8, 61u8, 196u8, 22u8, 101u8, 102u8, 176u8, 178u8, 173u8, 53u8, 152u8, 121u8, 66u8, 157u8, 202u8, 157u8, 46u8, 44u8, 96u8, 119u8, 1u8, 65u8, 118u8, 80u8, 4u8, 27u8, 91u8, 77u8, 70u8, 87u8, 129u8, 236u8, 17u8, 33u8, 7u8, 179u8, 200u8, 171u8, 114u8, 72u8, 92u8, 229u8, 49u8, 225u8, 114u8, 250u8, 40u8, 144u8, 199u8, 198u8, 202u8, 150u8, 55u8, 123u8, 168u8, 195u8, 243u8],
 
 	vk_ic: &[
 		[0u8, 225u8, 39u8, 181u8, 79u8, 250u8, 189u8, 217u8, 124u8, 191u8, 91u8, 4u8, 250u8, 224u8, 250u8, 69u8, 80u8, 29u8, 217u8, 232u8, 11u8, 137u8, 22u8, 144u8, 107u8, 98u8, 206u8, 198u8, 55u8, 106u8, 245u8, 27u8, 24u8, 71u8, 117u8, 104u8, 154u8, 235u8, 39u8, 185u8, 32u8, 148u8, 197u8, 136u8, 176u8, 194u8, 26u8, 117u8, 68u8, 73u8, 196u8, 223u8, 81u8, 254u8, 228u8, 233u8, 7u8, 176u8, 206u8, 222u8, 224u8, 102u8, 198u8, 27u8],