Withdrawal Circuit
The withdrawal circuit (withdraw.circom) handles private withdrawals:
template Withdraw(maxTreeDepth) {
// Public inputs
signal input withdrawnValue;
signal input stateRoot;
signal input stateTreeDepth;
signal input ASPRoot;
signal input ASPTreeDepth;
signal input context;
// Private inputs
signal input label;
signal input existingValue;
signal input existingNullifier;
signal input existingSecret;
signal input newNullifier;
signal input newSecret;
signal input stateSiblings[maxTreeDepth];
signal input stateIndex;
signal input ASPSiblings[maxTreeDepth];
signal input ASPIndex;
// Outputs
signal output newCommitmentHash;
signal output existingNullifierHash;
}
Circuit constraints:
- Validates existing commitment in state tree
- Verifies label inclusion in ASP tree
- Ensures withdrawn amount is valid
- Computes new commitment for remaining value
- Checks the existing and new nullifier don't match
- Verifies context matches on-chain data