@@ -606,106 +606,94 @@ function ProofStep({
606606 Proof details
607607 </ summary >
608608 < div className = "mt-3 space-y-4" >
609- { /* Commitments */ }
609+ { /* Circuit inputs */ }
610610 < div >
611611 < p className = "text-[13px] font-medium text-secondary mb-2" >
612- Poseidon commitments
612+ Circuit inputs
613613 </ p >
614- < div className = "bg-surface border border-border rounded px-4 py-3 font-mono text-[12px] space-y-4 " >
614+ < div className = "bg-surface border border-border rounded px-4 py-3 font-mono text-[12px] space-y-2 " >
615615 < div >
616- < div className = "text-secondary text-[11px] mb-1" >
617- calldataCommitment = Poseidon({ r . calldataInputs . map ( ( i ) => i . name ) . join ( ", " ) } )
618- </ div >
619- < div className = "space-y-0.5 mb-1.5 ml-2 text-[11px]" >
620- { r . calldataInputs . map ( ( input ) => (
621- < div key = { input . name } className = "flex gap-2" >
622- < span className = "text-secondary min-w-[100px]" > { input . name } </ span >
623- < span className = "break-all" > { input . value } </ span >
624- </ div >
625- ) ) }
616+ < div className = "text-[11px] text-emerald-600 mb-1" > Public input</ div >
617+ < div className = "flex gap-2 ml-2" >
618+ < span className = "text-secondary min-w-[100px]" > selector</ span >
619+ < span className = "break-all" > { r . calldataInputs [ 0 ] ?. value } </ span >
626620 </ div >
627- < div className = "text-[11px] text-secondary/60" > = </ div >
628- < span className = "break-all" > { r . calldataCommitment } </ span >
629621 </ div >
630622 < div >
631- < div className = "text-secondary text-[11px] mb-1" >
632- outputCommitment = Poseidon({ r . outputInputs . map ( ( i ) => i . name ) . join ( ", " ) } )
633- </ div >
634- < div className = "space-y-0.5 mb-1.5 ml-2 text-[11px]" >
635- { r . outputInputs . map ( ( input ) => (
623+ < div className = "text-[11px] text-amber-600 mb-1" > Private inputs (hidden from verifier)</ div >
624+ < div className = "space-y-0.5 ml-2" >
625+ { r . calldataInputs . slice ( 1 ) . map ( ( input ) => (
636626 < div key = { input . name } className = "flex gap-2" >
637627 < span className = "text-secondary min-w-[100px]" > { input . name } </ span >
638628 < span className = "break-all" > { input . value } </ span >
639629 </ div >
640630 ) ) }
641631 </ div >
642- < div className = "text-[11px] text-secondary/60" > = </ div >
643- < span className = "break-all" > { r . outputCommitment } </ span >
644632 </ div >
645633 </ div >
646634 < p className = "text-[12px] text-secondary/70 mt-1.5" >
647- Poseidon hashes over BLS12-381's scalar field, binding the raw
648- calldata and the evaluated intent to the proof. uint256 values are
649- split into two 128-bit limbs to fit the field.
635+ The prover knows all inputs. The verifier only sees the selector.
636+ uint256 values are split into two 128-bit limbs to fit BLS12-381.
650637 </ p >
651638 </ div >
652639
653- { /* Public signals */ }
640+ { /* Circuit outputs (Poseidon commitments) */ }
654641 < div >
655642 < p className = "text-[13px] font-medium text-secondary mb-2" >
656- Public signals
643+ Circuit outputs (computed by Poseidon inside the circuit)
657644 </ p >
658- < div className = "bg-surface border border-border rounded px-4 py-3 font-mono text-[12px] space-y-1.5" >
659- < div className = "flex gap-2" >
660- < span className = "text-secondary min-w-[150px]" > calldataCommitment</ span >
661- < span className = "break-all" > { r . publicSignals [ 0 ] } </ span >
662- </ div >
663- < div className = "flex gap-2" >
664- < span className = "text-secondary min-w-[150px]" > outputCommitment</ span >
665- < span className = "break-all" > { r . publicSignals [ 1 ] } </ span >
645+ < div className = "bg-surface border border-border rounded px-4 py-3 font-mono text-[12px] space-y-3" >
646+ < div >
647+ < div className = "text-secondary text-[11px] mb-0.5" >
648+ calldataCommitment = Poseidon({ r . calldataInputs . map ( ( i ) => i . name ) . join ( ", " ) } )
649+ </ div >
650+ < span className = "break-all text-[11px]" > { r . calldataCommitment } </ span >
666651 </ div >
667- < div className = "flex gap-2" >
668- < span className = "text-secondary min-w-[150px]" > selector</ span >
669- < span className = "break-all" > { r . publicSignals [ 2 ] } </ span >
652+ < div >
653+ < div className = "text-secondary text-[11px] mb-0.5" >
654+ outputCommitment = Poseidon({ r . outputInputs . map ( ( i ) => i . name ) . join ( ", " ) } )
655+ </ div >
656+ < span className = "break-all text-[11px]" > { r . outputCommitment } </ span >
670657 </ div >
671658 </ div >
672659 < p className = "text-[12px] text-secondary/70 mt-1.5" >
673- The three values exposed by the circuit. The verifier checks that
674- the proof was generated with these exact public inputs.
660+ The circuit hashes the inputs with Poseidon over BLS12-381 and
661+ exposes these two commitments as public outputs. They bind the
662+ raw calldata and the evaluated template to the proof.
675663 </ p >
676664 </ div >
677665
678- { /* Proof points */ }
666+ { /* Proof */ }
679667 < div >
680668 < p className = "text-[13px] font-medium text-secondary mb-2" >
681- Groth16 proof
669+ Groth16 proof (BLS12-381)
682670 </ p >
683671 < div className = "bg-surface border border-border rounded px-4 py-3 font-mono text-[11px] space-y-2" >
684672 < div >
685673 < span className = "text-[#8B5CF6]" > { "\u03C0_A" } </ span >
686674 < span className = "text-secondary" > (G1): </ span >
687675 < span className = "break-all text-secondary/80" >
688- [{ r . proof . pi_a [ 0 ] . slice ( 0 , 24 ) } ..., { r . proof . pi_a [ 1 ] . slice ( 0 , 24 ) } ...]
676+ [{ r . proof . pi_a [ 0 ] . slice ( 0 , 20 ) } ...]
689677 </ span >
690678 </ div >
691679 < div >
692680 < span className = "text-[#8B5CF6]" > { "\u03C0_B" } </ span >
693681 < span className = "text-secondary" > (G2): </ span >
694682 < span className = "break-all text-secondary/80" >
695- [[{ r . proof . pi_b [ 0 ] [ 0 ] . slice ( 0 , 16 ) } ..., { r . proof . pi_b [ 0 ] [ 1 ] . slice ( 0 , 16 ) } ...], [{ r . proof . pi_b [ 1 ] [ 0 ] . slice ( 0 , 16 ) } ..., { r . proof . pi_b [ 1 ] [ 1 ] . slice ( 0 , 16 ) } ...]]
683+ [[{ r . proof . pi_b [ 0 ] [ 0 ] . slice ( 0 , 12 ) } ...], [{ r . proof . pi_b [ 1 ] [ 0 ] . slice ( 0 , 12 ) } ...]]
696684 </ span >
697685 </ div >
698686 < div >
699687 < span className = "text-[#8B5CF6]" > { "\u03C0_C" } </ span >
700688 < span className = "text-secondary" > (G1): </ span >
701689 < span className = "break-all text-secondary/80" >
702- [{ r . proof . pi_c [ 0 ] . slice ( 0 , 24 ) } ..., { r . proof . pi_c [ 1 ] . slice ( 0 , 24 ) } ...]
690+ [{ r . proof . pi_c [ 0 ] . slice ( 0 , 20 ) } ...]
703691 </ span >
704692 </ div >
705693 </ div >
706694 < p className = "text-[12px] text-secondary/70 mt-1.5" >
707- BLS12-381 curve. Three elliptic curve points encoding the
708- prover's knowledge of the witness satisfying the circuit constraints .
695+ Three elliptic curve points proving the prover knows private
696+ inputs that satisfy all circuit constraints without revealing them .
709697 </ p >
710698 </ div >
711699 </ div >
0 commit comments