SwapperMHA

Hinkal’s SwapperMHA circuit is a variant of the multi‑token swapper used in the Hinkal privacy protocol. Like SwapperM, this circuit enables a user to spend multiple UTXOs across several token types and create new UTXOs in a single zero‑knowledge proof. The “HA” suffix stands for “Hinkal Address”;

What distinguishes SwapperMHA from the base SwapperM template is its batch conversion of external approval addresses into Hinkal addresses. In many Hinkal workflows, a user may need to prove that they have received approvals from external accounts (for example, ERC‑20 approve() allowances or other off‑protocol permissions) without revealing their shielded private key. To facilitate this, the circuit accepts a matrix of addresses:

• externalApprovalAddresses[tokenCount][conversionCount] – for each token type, a list of external addresses that have granted approvals.

Using the ApprovalConversionHandlerBatch component, SwapperMHA hashes each external approval address with the sender’s shielded private key to produce an “in‑Hinkal” version of that address. The batch gadget outputs:

• conversionInHinkalAddress[tokenCount][conversionCount] – for each token type and each external approval index, a Hinkal address derived as:

These derived addresses are exposed as public outputs of the proof. In other words, the proof simultaneously demonstrates that the user knows a shielded private key (used to authorise both the spend and the approval) and provides the hashed form of every external approval address. The host smart contract can then rely on these conversionInHinkalAddress values to cross‑check on‑chain allowance records or to link off‑chain approvals to the transaction—all without ever seeing the raw external addresses or the shielded key.