In /circuits-circom/regexes/hdfc/hdfc_upi_subject.circom, there is no reveal0 output signal, but there is still an is_consecutive signal. This signal is therefore not needed since it is only used to constrain reveal0. Right now, it doesn't constrain anything, so it is unused.

I recommend removing is_consecutive from the circuit.

The venmo_actor_id 'reveal' outputs an array where everything is 0s except for where the venmo id is:

So the registration circuit will call ShiftAndPack on this output array, to shift the array to the point the venmo id number starts. However, the number of shifts is up to the user. The user can input any number as the shift count as the signal venmo_actor_id_idx:

As far as I know there are no constraints on this signal, so it's a degree of freedom for the user. I believe they can input different shifts to get possible venmo ids. For example, if the output array from venmo_actor_id is [0, 0, 0, 1, 2, 3, 4, 0, 0] and the actual id is [1, 2, 3, 4], then I believe the user could enter the shift as '5' (when it should be 4) to get an id of [2, 3, 4, 0].

Let me know if my thinking is correct here. If so, I believe we need some additional constraint on the input shift.

Wise.com is a popular money transfer service in Europe. It sends emails with the transfer amount when you send or receive a payment.

Momo is mobile wallet in Vietnam. Any idea for this integration?.They dont have email receipt, just in app message.

From reading the docs it appears that whenever DKIM keys get rotated governance needs to update the contract, which may cause service disruptions.

An oracle could be implemented to enforce the updates in real time, it could leverage Chainlink functions for verification or some other decetralized platform like Phala Network.

Are there any plans around adding oracle functionality already?

Using as reference issue #202, it would be great to have PIX integration.

The Bisq p2p Bitcoin onramping software has made the decision not to include Venmo as a payment method, due to the frequency of chargebacks
bisq-network/growth#221

Do you have reason to expect that the zk-p2p setup is robust to these problems?
Would the zk verification technique generalize to other payment providers?

This is an optional nitpick optimization. I know the circuits are generated from a script so I understand not wanting to change it. Just adding this for informational purposes.

In the hdfc_accnum.circom circuit, there is the variablesignal is_substr0[msg_bytes][3];. However, the first column is set to all 0s and never changed. So it's unnecessary and the variable can be made a 2 column signal instead of 3.

For many of the regex circuits, I am seeing duplicate circuit patterns that may be simplified.

For example, in venmo_actor_id.circom, this less than circuit is created twice:

So just taking the venmo_actor_id as an example, I would simplify this for-loop block:

To:

`

    lt[0][i] = LessThan(8);
    lt[0][i].in[0] <== 47;
    lt[0][i].in[1] <== in[i];
    
    lt[1][i] = LessThan(8);
    lt[1][i].in[0] <== in[i];
    lt[1][i].in[1] <== 58;
    
    and[0][i] = AND();
    and[0][i].a <== lt[0][i].out;
    and[0][i].b <== lt[1][i].out;
    
    and[1][i] = AND();
    and[1][i].a <== states[i][1];
    and[1][i].b <== and[0][i].out;
    
   '''REMOVE (these are duplicates):
    lt[2][i] = LessThan(8);
    lt[2][i].in[0] <== 47;
    lt[2][i].in[1] <== in[i];
    
    lt[3][i] = LessThan(8);
    lt[3][i].in[0] <== in[i];
    lt[3][i].in[1] <== 58;
    
    and[2][i] = AND();
    and[2][i].a <== lt[2][i].out;
    and[2][i].b <== lt[3][i].out; '''
    
    and[3][i] = AND();
    and[3][i].a <== states[i][16];
    # CHANGE TO and[0] instead of and[2]
    and[3][i].b <== and[0][i].out;
    
    multi_or[0][i] = MultiOR(2);
    multi_or[0][i].in[0] <== and[1][i].out;
    multi_or[0][i].in[1] <== and[3][i].out;
    states[i+1][1] <== multi_or[0][i].out;

`

If my thinking makes sense, then we can get rid of two columns of the and component. These optimizations can be applied to the other regex circuits as well.

I would assume it would use much of the same circuits, would just have to change the regex and add an additional dkim key (or several for each bank) ?

Attempting to paste my email data to register. While waiting for the tx to resolve, I observed a requirement I didn't bother to read "Provide a historical transaction email sent from Venmo containing "You paid" in the subject received after January 10th, 2024 to complete registration. Base ETH is required to submit a registration transaction. Base Bridge ↗"

I missed the January 10th, 2024 part so I knew the tx should fail. I waited for over 60 seconds and the UI gave me no indication of failure, just infinite spin. I'm sorry if I have to state this explicitly but not resolving to something after 60 seconds (+15?) is bad UX. Thanks for the great product otherwise.