Is it necessary to add an enabled signal for outputUTXO to support the situation where there is only one output UTXO?

[yushihang]

zeto/zkp/circuits/anon_enc_nullifier.circom

Line 44 in 8547ca5

signal input enabled[nInputs];

[jimthematrix]

Thanks @yushihang for the question. I assume you were referring to the enabled array corresponding to the elements in the input commitments array (since that controls whether the merkle proofs for the input commitments should be checked inside the circuit or not).

The circuit itself always needs to be parameterized with the size of the inputs, because a ZKP circuit must always result in the same amount of computation regardless of the different combination of input values. This means we have a dilemma between efficiency of the circuits vs. complexity of the circuit maintenance. We could have different circuits for the different combinations of input sizes:

• circuit 1: 1 input, 1 output
• circuit 2: 2 input, 1 output
• circuit 3: 1 input, 2 output
• circuit 4: 2 input, 2 output
• ...

But this makes code maintenance much harder. So instead today we have a single circuit with 2 inputs and 2 outputs that supports the different combinations. This means the enabled array will always be of size 2, as are the arrays for input commitments and output commitments.

[yushihang]

@jimthematrix Thank you very much for your response.

I understand that maintaining multiple circuits as listed below will increase complexity:

• Circuit 1: 1 input, 1 output
• Circuit 2: 2 inputs, 1 output
• Circuit 3: 1 input, 2 outputs
• Circuit 4: 2 inputs, 2 outputs

Since the current circuits provide an enabled signal for the nullifier of the input, my understanding is that we could use the same circuit to achieve:

• Circuit 3: 1 input, 2 outputs
• Circuit 4: 2 inputs, 2 outputs

However, in some cases, we also have the need for the following situations:

Circuit 1: 1 input, 1 output
Circuit 2: 2 inputs, 1 output

For example, Alice uses two UTXOs/nullifiers with both value of 1 as inputs, and then generates a UTXO with a value of 2 to transfer to Bob.

In this case, because two output UTXOs are required in the circuit, I have to generate a UTXO with a value of 0 as the second output UTXO to send back to Alice herself when writing test cases. （I'm not sure if there are other methods that could better achieve this requirement.）

This might increase the complexity when verifying the ZKP in the contract and consume more gas.

So I was wondering if we could also introduce an enabled signal for the output UTXO. This way, by combining the enabled signals for the inputs and outputs, we could implement the following four scenarios while minimizing gas consumption:

• Circuit 1: 1 input, 1 output
• Circuit 2: 2 inputs, 1 output
• Circuit 3: 1 input, 2 outputs
• Circuit 4: 2 inputs, 2 outputs

I’m not sure if my understanding of zeto is correct. If there are any errors, please help me correct them. Thank you very much!