feat: add ZK examples (zk-id, zk-nullifier, zk-merkle-proof, shielded-pool)

- Move zk-id from root to zk/ folder
- Add zk-nullifier: single and batch (4x) nullifier creation with Groth16
- Add zk-merkle-proof: merkle proof verification with compressed accounts
- Add shielded-pool: privacy-preserving deposit/withdrawal
- Update CI to test zk/zk-id and zk/zk-nullifier

Author: tilo-14

.github/workflows/rust-tests.yml

@@ -29,7 +29,10 @@ jobs:
           - counter/native
           - counter/pinocchio
           - account-comparison
-          - zk-id
+          - zk/zk-id
+          - zk/zk-nullifier
+          - zk/zk-merkle-proof
+          - zk/shielded-pool
           - airdrop-implementations/simple-claim/program
         include:
           - example: basic-operations/native
@@ -51,10 +54,10 @@ jobs:
           example: ${{ matrix.example }}
           solana-cli-version: ${{ env.SOLANA_CLI_VERSION }}
           rust-toolchain: ${{ env.RUST_TOOLCHAIN }}
-          install-circom: ${{ matrix.example == 'zk-id' }}
+          install-circom: ${{ startsWith(matrix.example, 'zk/') || startsWith(matrix.example, 'zk/') }}
 
       - name: Setup ZK circuits
-        if: matrix.example == 'zk-id'
+        if: startsWith(matrix.example, 'zk/') || startsWith(matrix.example, 'zk/')
         working-directory: ${{ matrix.example }}
         run: ./scripts/setup.sh
 

README.md

@@ -12,16 +12,18 @@
 For simple client side distribution visit [this example](https://github.com/Lightprotocol/example-token-distribution).
 
 ### Basic Operations
-- **[create-nullifier](./basic-operations/anchor/create-nullifier)** - Basic Anchor example to create nullifiers.
-- **[basic-operations/anchor](./basic-operations/anchor/)** - Anchor program with Rust and TypeScript tests
-- **[basic-operations/native-rust](./basic-operations/native-rust/)** - Native Solana program with light-sdk and Rust tests.
 
-Basic Operations include:
-- **create** - Initialize a new compressed account.
-- **update** - Modify data in an existing compressed account.
-- **close** - Clear account data and preserve its address.
-- **reinit** - Reinitialize a closed account with the same address.
-- **burn** - Permanently delete a compressed account.
+- **[create-nullifier](./basic-operations/anchor/create-nullifier)** - Basic Anchor example to create nullifiers for payments.
+- **create** - Initialize a new compressed account
+  - [Anchor](./basic-operations/anchor/create) | [Native](./basic-operations/native/programs/create)
+- **update** - Modify data in an existing compressed account
+  - [Anchor](./basic-operations/anchor/update) | [Native](./basic-operations/native/programs/update)
+- **close** - Clear account data and preserve its address
+  - [Anchor](./basic-operations/anchor/close) | [Native](./basic-operations/native/programs/close)
+- **reinit** - Reinitialize a closed account with the same address
+  - [Anchor](./basic-operations/anchor/reinit) | [Native](./basic-operations/native/programs/reinit)
+- **burn** - Permanently delete a compressed account
+  - [Anchor](./basic-operations/anchor/burn) | [Native](./basic-operations/native/programs/burn)
 
 ### Counter Program
 
@@ -45,9 +47,17 @@ Full compressed account lifecycle (create, increment, decrement, reset, close):
 
 - **[account-comparison](./account-comparison/)** - Compare compressed vs regular Solana accounts.
 
-### zk-id Program
+### ZK Programs
 
-- **[zk-id](./zk-id)** - A minimal zk id Solana program that uses zero-knowledge proofs for identity verification with compressed accounts.
+**Full Examples:**
+
+- **[zk-id](./zk/zk-id)** - Identity verification using Groth16 proofs. Issuers create credentials; users prove ownership without revealing the credential.
+- **[shielded-pool](./zk/shielded-pool)** - Privacy-preserving deposit/withdrawal .
+
+**Basic Examples:**
+
+- **[zk-nullifier](./zk/zk-nullifier)** - Creates one or four nullifiers. Uses Groth16 proofs and compressed accounts.
+- **[zk-merkle-proof](./zk/zk-merkle-proof)** - Creates compressed accounts and verifies with Groth16 proofs (without nullifier).
 
 
 ## Light Protocol dependencies

zk/shielded-pool/.gitignore

@@ -0,0 +1,11 @@
+node_modules/
+build/
+target/
+pot/
+*.sym
+*.r1cs
+*.wasm
+*.zkey
+*.wtns
+proof.json
+public.json

zk/shielded-pool/CLAUDE.md

@@ -0,0 +1,146 @@
+# shielded-pool
+
+Privacy-preserving deposit/withdrawal using Groth16 proofs and rent-free nullifiers.
+
+## Summary
+
+- Deposits create note commitments as compressed accounts with Poseidon hashing
+- Note commitment: `Poseidon(amount, secret, nullifier_secret)`
+- Withdrawals verify ZK proof and create nullifier to prevent double-spending
+- Nullifier: `Poseidon(pool_id, nullifier_secret)`
+- Address derivation prevents duplicate notes/nullifiers
+
+## Instructions
+
+### `deposit`
+
+Creates a note commitment as a compressed account.
+
+- **discriminator**: `[242, 35, 198, 137, 82, 225, 242, 182]`
+- **path**: `src/lib.rs:41`
+
+**Instruction data:**
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `proof` | `ValidityProof` | Light Protocol validity proof for new address |
+| `address_tree_info` | `PackedAddressTreeInfo` | Address tree reference |
+| `output_state_tree_index` | `u8` | State tree for output account |
+| `note_commitment` | `[u8; 32]` | Poseidon(amount, secret, nullifier_secret) |
+| `_amount` | `u64` | Amount (encoded in commitment, kept for client reference) |
+
+**Accounts:**
+
+| Name | Signer | Writable | Description |
+|------|--------|----------|-------------|
+| `signer` | ✓ | ✓ | Transaction fee payer |
+
+**Logic:**
+1. Validate address tree is `ADDRESS_TREE_V2`
+2. Derive address from `[b"note", note_commitment]`
+3. Create `NoteAccount` with Poseidon hashing via Light CPI
+
+### `withdraw`
+
+Verifies ZK proof and creates nullifier to prevent double-spending.
+
+- **discriminator**: `[183, 18, 70, 156, 148, 109, 161, 34]`
+- **path**: `src/lib.rs:89`
+
+**Instruction data:**
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `proof` | `ValidityProof` | Light Protocol validity proof |
+| `address_tree_info` | `PackedAddressTreeInfo` | Address tree reference |
+| `output_state_tree_index` | `u8` | State tree for nullifier account |
+| `zk_proof` | `CompressedProof` | Groth16 proof (a, b, c compressed) |
+| `commitment` | `[u8; 32]` | Note commitment being spent |
+| `nullifier` | `[u8; 32]` | Nullifier hash |
+| `amount` | `u64` | Withdrawal amount |
+
+**Accounts:**
+
+| Name | Signer | Writable | Description |
+|------|--------|----------|-------------|
+| `signer` | ✓ | ✓ | Transaction fee payer |
+
+**Logic:**
+1. Validate address tree is `ADDRESS_TREE_V2`
+2. Compute public inputs: `[pool_id_hashed, commitment, nullifier, amount]`
+3. Decompress G1/G2 proof points
+4. Verify Groth16 proof against public inputs
+5. Derive nullifier address from `[b"nullifier", nullifier, POOL_ID]`
+6. Create `NullifierAccount` via Light CPI (fails if exists = double-spend)
+
+## Accounts
+
+### `NoteAccount`
+
+Compressed account storing a deposit commitment.
+
+- **path**: `src/lib.rs:201`
+- **derivation**: `[b"note", note_commitment]`
+- **hashing**: Poseidon (via `LightAccountPoseidon`)
+- **data**: `commitment: [u8; 32]`
+
+### `NullifierAccount`
+
+Empty marker account. Existence at derived address proves nullifier was spent.
+
+- **path**: `src/lib.rs:217`
+- **derivation**: `[b"nullifier", nullifier, POOL_ID]`
+- **data**: None (empty struct)
+
+## Circuit
+
+**`shielded_pool.circom`**
+
+| Public Inputs | Private Inputs |
+|---------------|----------------|
+| `pool_id`, `commitment`, `nullifier`, `amount` | `secret`, `nullifier_secret` |
+
+**Constraints:**
+1. `commitment === Poseidon(amount, secret, nullifier_secret)`
+2. `nullifier === Poseidon(pool_id, nullifier_secret)`
+
+## Diagrams
+
+- `flow.mermaid` - Sequence diagram of deposit/withdraw flows
+- `states.mermaid` - State machine showing note lifecycle and double-spend prevention
+
+## State Flow
+
+```text
+                    deposit()
+                       |
+                       v
++----------+      +-----------+
+|  [None]  | ---> | NoteAccount|
++----------+      +-----------+
+                       |
+                   withdraw()
+                       |
+                       v
+               +----------------+
+               | NullifierAccount|
+               +----------------+
+                       |
+                  (exists = spent)
+```
+
+## Errors
+
+| Code | Name | Condition |
+|------|------|-----------|
+| 6000 | `AccountNotEnoughKeys` | Missing accounts in remaining_accounts |
+| 6001 | `ProofVerificationFailed` | Groth16 proof invalid |
+| 6002 | `InvalidNullifier` | Nullifier validation failed |
+
+## Build & Test
+
+```bash
+./scripts/setup.sh                    # Compile circuit, generate zkey
+cargo build-sbf && cargo test-sbf     # Rust tests
+```
+