ZK-071: Split the withdrawal circuit schema from the contract verifier payload explicitly

[ANAVHEOBA]

Wave: PrivacyLayer ZK Wave 2
Issue Key: ZK-071
Area: withdraw
Priority: High
Drips Complexity: High

Summary

The circuit now exposes eight public inputs while the Soroban verifier still behaves like it only sees six. Make the split between circuit-facing and contract-facing payloads explicit so witness generation and contract calls stop drifting.

Relevant Code

• circuits/withdraw/src/main.nr
• sdk/src/encoding.ts
• sdk/src/public_inputs.ts
• sdk/src/proof.ts
• contracts/privacy_pool/src/crypto/verifier.rs
• contracts/privacy_pool/src/types/state.rs

Scope

• Define separate typed payloads for full circuit public inputs and the reduced contract verifier input set.
• Remove comments and helper names that imply one schema serves both boundaries unchanged.
• Add parity tests that prove the reduced contract payload is derived from the full circuit payload deterministically.

Acceptance Criteria

• SDK code, contract types, and tests use distinct names for full versus reduced public-input payloads.
• Schema order is pinned in one place per boundary and regression tested.
• No helper silently drops or reorders pool or denomination fields.

Out of Scope

• New wallet UX and non-ZK frontend polish
• Unrelated Soroban business logic outside the withdrawal proof boundary

Dependencies

• ZK-032
• ZK-045

Validation

• Inspect derived checks: node scripts/zk_ticket_check.mjs --issue-key ZK-071
• Run derived checks: node scripts/zk_ticket_check.mjs --issue-key ZK-071 --run
• Pull requests should include Wave Issue Key: ZK-071 in the title or body.

References

• circuits/withdraw/src/main.nr
• sdk/src/encoding.ts
• sdk/src/public_inputs.ts
• sdk/src/proof.ts
• contracts/privacy_pool/src/crypto/verifier.rs
• contracts/privacy_pool/src/types/state.rs

[soomtochukwu]

@soomtochukwu has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

Hello, you can trust me to take care of this ASAP

ℹ️ Repo Maintainers: To accept this application, review their application or assign @soomtochukwu to this issue.

[drips-wave]

Congratulations, @soomtochukwu! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on April 29, 2026.

🧑‍💻 @soomtochukwu: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[slendereater-sketch]

/attempt

[laolaoqi]

Bid for ZK-071: Split withdrawal circuit schema from contract verifier payload

Wallet: 0x6c21794E27C34E93cd0049918d04Da58FC72595c

I'll make the circuit-facing vs contract-facing payload split explicit and verifiable.

Scope coverage:

1. Define separate typed payloads for full circuit public inputs (8) and reduced contract verifier input set
2. Clean up withdraw/src/main.nr, encoding.ts, public_inputs.ts, proof.ts, and Soroban verifier
3. Remove misleading comments/helpers that imply one schema serves both boundaries
4. Add parity tests proving circuit public inputs and contract verifier inputs stay in sync across changes

Timeline: 4-6 days from assignment

Tech stack: Noir, Rust (Soroban SDK), TypeScript, witness generation

Experience: Deep experience with Noir circuit development and Soroban contract integration. I've handled schema drift issues like this before - the key is strong typing + automated parity checks.

Why me: I understand both sides of the boundary (circuit witness gen and contract verification). Can deliver clean, testable separation with minimal disruption to downstream code.