Demo BitVM
BitVM-style boolean gate proof.
txt
# A compact boolean proof: each bit is opened by choosing one hash from a committed pair.
Contract DemoBitVM:
# For each wire, index 0 represents bit 0 and index 1 represents bit 1.
Struct HashPair:
hash0: hex
hash1: hex
def main(preimageE: hex, preimageB: hex, preimageA: hex):
# Opening a preimage tells us which bit value was selected for A, B, and E.
hA = Hash160(preimageA)
okA = Or(Equal(hA.Clone(), self.hashPairA.hash0), Equal(hA.Clone(), self.hashPairA.hash1))
NumEqualVerify(okA, 1)
bitA = Equal(hA, self.hashPairA.hash1)
hB = Hash160(preimageB)
okB = Or(Equal(hB.Clone(), self.hashPairB.hash0), Equal(hB.Clone(), self.hashPairB.hash1))
NumEqualVerify(okB, 1)
bitB = Equal(hB, self.hashPairB.hash1)
hE = Hash160(preimageE)
okE = Or(Equal(hE.Clone(), self.hashPairE.hash0), Equal(hE.Clone(), self.hashPairE.hash1))
NumEqualVerify(okE, 1)
bitE = Equal(hE, self.hashPairE.hash1)
# The selected E bit must be the NAND result of the selected A and B bits.
EqualVerify(Not(And(bitA, bitB)), bitE)