You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-***export-keys*** - generates proving and verification keys. Do not forget to perform a trusted setup first. Usage: ```export-keys <circuit_name> <power>```
7
+
## Usage
18
8
19
-
-***gen-witness*** - generates witness. Can be done without a trusted setup. Do not forget to compile circuit first. Usage: ```gen-witness <circuit_name> <inputs>```
9
+
The repository leverages `hardhat-zkit` environment to carry out the management of circuits. There are several scripts available:
20
10
21
-
-***prove*** - generates witness and proof. Do not forget to compile the circuit and export keys first. Usage: ```prove <circuit_name> <inputs>```
11
+
-`npm run zkit-make`, to compile and set up the keys for the circuits.
12
+
-`npm run zkit-compile`, to compile just compile the circuits (witness testing).
13
+
-`npm run zkit-verifiers`, to generate Solidity (or Vyper) smart contract verifiers.
22
14
23
-
-***verify*** - verifies the proof. Usage: ```verify <circuit_name>```
15
+
> [!NOTE]
16
+
> Install the necessary packages via `npm install` before proceeding with the circuits.
Data in a passport is separated into data groups. Not all of them are required to be present in the passport. Document Security Object (SOD) has **encapculated content** field that contains hashes of all datagroups. During passive authentication verification party hashes data from the datagroups and compare it with hashes stored in the **encapculated content** with *ASN1* encoding. The hash of the **encapculated content** itself is stored in the **signed attributes** field, which is also *ASN1* encoded.
24
+
Data in a passport is separated into data groups. Not all of them are required to be present in the passport. Document Security Object (SOD) has **encapsulated content** field that contains hashes of all datagroups. During passive authentication verification party hashes data from the datagroups and compare it with hashes stored in the **encapsulated content** with *ASN1* encoding. The hash of the **encapsulated content** itself is stored in the **signed attributes** field, which is also *ASN1* encoded.
32
25
To verify **signed attributes**, verification party uses the passport signature, which is also stored in the **SOD**. To confirm that the passport is authenticated by a legitimate authority (ensuring the signer's public key is genuinely owned by a passport-issuing entity), the corresponding **PKI x509** certificate is stored in the **SOD**. Utilizing a Public Key Infrastructure (PKI) allows for the establishment of a verification path to a trusted anchor. This trusted anchor should be a publicly recognized list of master certificates. Specifically, a *Master List* comprises *Country Signing Certification Authority (CSCA)* certificates that have been issued and digitally signed by the respective issuing State, providing a robust framework for ensuring the authenticity and integrity of passport data.
33
26
34
27
## Circuits
@@ -43,74 +36,49 @@ The Merkle Tree is built upon participants registration. After proving that the
43
36
44
37
By using the knowledge of the commitment preimage and generating the corresponding proof, users can express their votes.
45
38
46
-
#### Circuit parameter
47
-
48
-
**depth** - depth of a Merkle Tree used to prove leaf inclusion.
49
-
50
-
#### Inputs
51
-
52
-
-***root***: *public*; Poseidon Hash is used for tree hashing;
39
+
#### Circuit parameters
53
40
54
-
-***nullifierHash***: *public*; Poseidon Hash is used for the *nullifier* hashing;
41
+
-**depth** - depth of a Merkle Tree used to prove leaf inclusion.
55
42
56
-
-***vote***: *public*; not taking part in any computations; binds the vote to the proof
43
+
#### Circuit public inputs
57
44
58
-
-***nullifier***: *private*
45
+
-[0]**root** - Poseidon Hash is used for tree hashing;
46
+
-[1]**nullifierHash** - Poseidon Hash is used for the *nullifier* hashing;
47
+
-[2]**vote** - not taking part in any computations; binds the vote to the proof
-***pathIndices[levels]***: *private*; `0` - left, `1` - right
51
+
-**nullifier**
52
+
-**secret**
53
+
-**pathElements[levels]** - Merkle Branch
54
+
-**pathIndices[levels]** - `0` - left, `1` - right
65
55
66
56
### Passport Verification circuits
67
57
68
58
Passport Verification circuits are used to prove that user is eligible to vote. Currently following checks are made:
69
59
70
60
- Date of passport expiracy is less than the current date;
71
-
72
61
- Current date is after date of birth + **18** years; (for now **18** years is a constant);
73
-
74
62
- Passport issuer code is used as an output signal;
75
63
76
-
### Circuit public inputs
77
-
78
-
-**currentDateYear**
79
-
80
-
-**currentDateMonth**
81
-
82
-
-**currentDateDay**
64
+
#### Circuit public inputs
83
65
84
-
-**credValidYear**
66
+
-[0]**currentDateYear**
67
+
-[1]**currentDateMonth**
68
+
-[2]**currentDateDay**
69
+
-[3]**credValidYear**
70
+
-[4]**credValidMonth**
71
+
-[5]**credValidDay**
72
+
-[6]**ageLowerbound** - age limit for voting rights. The circuit verifies that the passport owner is older than *ageLowerbound* years at the *currentDate*.
85
73
86
-
-**credValidMonth**
87
-
88
-
-**credValidDay**
89
-
90
-
-**ageLowerbound** - age limit for voting rights. The circuit verifies that the passport owner is older than *ageLowerbound* years at the *currentDate*.
91
-
92
-
### Circuits private inputs
74
+
#### Circuits private inputs
93
75
94
76
-**in** - passport **DG1** serialized in binary.
95
77
96
78
The current date is needed to timestamp the date of proof generation. The circuit proves that at this date, the user is eligible to vote (and will be eligible by the protocol rules at least until the credValid date).
97
79
98
80
Passport data is separated into *DataGroups*. The hashes of these datagroups are stored in **SOD***(Security Object of the Document)*. All neccesary data is stored in *Data Group 1 (DG1)*. Currently, **SHA1** and **SHA256** hashes are supported (```passportDG1VerificationSHA256``` and ```passportDG1VerificationSHA256```).
To enhance user experience and eliminate the repetitive need for passport rescanning, we have implemented a user identity management platform. This platform streamlines the process, making it easier and more efficient for users to verify their identity.
@@ -202,7 +170,7 @@ Poseidon(SHA256(signed_attributes\[:252bits])), while `dg15PubKeyHash` will be s
202
170
-[1]**output** passportHash;
203
171
-[2]**output** dg1Commitment;
204
172
-[3]**output** pkIdentityHash;
205
-
-[4]**input** slaveMerkleRoot; // public
173
+
-[4]**input** slaveMerkleRoot;
206
174
207
175
#### Query circuit
208
176
@@ -242,9 +210,8 @@ The query circuit allows you to prove arbitrary data from a passport.
242
210
}
243
211
```
244
212
245
-
***IMPORTANT!***
246
-
247
-
If date input is **NOT** used, put “0x303030303030” (52983525027888 - decimal). This is equal to “000000” in UTF-8 encoding, which is used to encode date in the passport. Otherwise date verification constraints will fail.
213
+
> [!IMPORTANT]
214
+
> If date input is **NOT** used, put “0x303030303030” (52983525027888 - decimal). This is equal to “000000” in UTF-8 encoding, which is used to encode date in the passport. Otherwise date verification constraints will fail.
248
215
249
216
#### Query circuit public signals
250
217
@@ -315,6 +282,7 @@ By applying the selector, we can use the same circuit for any set of revealed an
0 commit comments