1
// SPDX-License-Identifier: GPL-3
2
pragma solidity ^0.8.20;
3

4
import "src/Verifier.sol";
5

6
contract BabyItsMe is Verifier {
7
    // This is the BabyJubjub public key A = (x, y) we want to impersonate.
8
    uint256 constant PK_X = 4342719913949491028786768530115087822524712248835451589697801404893164183326;
9
    uint256 constant PK_Y = 4826523245007015323400664741523384119579596407052839571721035538011798951543;
10

11
    mapping(address => uint256) public solved;
12

13
    // Make sure you first call `verifyProof` with the actual proof,
14
    // and then use your solving address as the solution.
15
    function verify(uint256 _start, uint256 _solution) external view returns (bool) {
16
        return solved[address(uint160(_solution))] == _start;
17
    }
18

19
    // The zkSNARK verifier expects as public inputs the BabyJubjub public key
20
    // A that is signing the message M and the message itself.
21
    // The zero knowledge proof shows that the msg.sender knows a valid
22
    // signature (s, R) for public key A and message M, without revealing the
23
    // signature.
24
    function verifyProof(Proof memory _proof) external returns (bool) {
25
        uint256 start = generate(msg.sender);
26
        bool user_solved = 0 == verify([PK_X, PK_Y, start, uint256(uint160(msg.sender))], _proof);
27
        if (user_solved) {
28
            solved[msg.sender] = start;
29
            return true;
30
        }
31

32
        return false;
33
    }
34

35
    // Specific message that the challenger has to sign.
36
    // We remove the 3 LSB to make the number fit in the used prime field.
37
    function generate(address _who) public pure returns (uint256) {
38
        return uint256(keccak256(abi.encode("Baby it's me, ", _who))) >> 3;
39
    }
40
}