UNPKG

mina-attestations

Version:

Private Attestations on Mina

github.com/zksecurity/mina-attestations

zksecurity/mina-attestations

241 lines 10.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
/** * This file contains some helpers to wrap zkpass responses in ecdsa credentials. * * See `ecdsa-credential.test.ts` */ import { DynamicBytes, DynamicSHA3 } from "../dynamic.js"; import { assert, ByteUtils, fill, zip } from "../util.js"; import { EcdsaEthereum, getHashHelper, parseSignature, verifyEthereumSignature, verifyEthereumSignatureSimple, } from "./ecdsa-credential.js"; import { Credential } from "../credential-index.js"; import { Bool, Gadgets, Unconstrained, Bytes } from 'o1js'; export { ZkPass }; const { Signature, Address } = EcdsaEthereum; const maxMessageLength = 128; const Message = DynamicBytes({ maxLength: maxMessageLength }); const Bytes32 = Bytes(32); /** * Utilities to help process zkpass responses. */ const ZkPass = { importCredentialPartial, verifyPublicInput, encodeParameters, genPublicFieldHash, CredentialPartial() { return (partialCredential ??= createCredentialZkPassPartial()); }, async compileDependenciesPartial({ proofsEnabled = true } = {}) { await getHashHelper(maxMessageLength).compile({ proofsEnabled }); let cred = await ZkPass.CredentialPartial(); await cred.compile({ proofsEnabled }); }, CredentialFull() { return (fullCredential ??= createCredentialZkPassFull()); }, async compileDependenciesFull({ proofsEnabled = true } = {}) { await getHashHelper(maxMessageLength).compile({ proofsEnabled }); let cred = await ZkPass.CredentialFull(); await cred.compile({ proofsEnabled }); }, }; let partialCredential; let fullCredential; async function importCredentialPartial(owner, schema, response, log = () => { }, { proofsEnabled = true } = {}) { // validate public fields hash let recoveredPublicFieldsHash = ZkPass.genPublicFieldHash(response.publicFields).toBytes(); assert('0x' + ByteUtils.toHex(recoveredPublicFieldsHash) === response.publicFieldsHash); let schemaBytes = encodeParameter('bytes32', ByteUtils.fromString(schema)); let taskId = encodeParameter('bytes32', ByteUtils.fromString(response.taskId)); let uHash = encodeParameter('bytes32', ByteUtils.fromHex(response.uHash)); let publicFieldsHash = encodeParameter('bytes32', recoveredPublicFieldsHash); let { signature: validatorSignature, parityBit: validatorParityBit } = parseSignature(response.validatorSignature); let validatorAddress = ByteUtils.fromHex(response.validatorAddress); let { signature: allocatorSignature, parityBit: allocatorParityBit } = parseSignature(response.allocatorSignature); let allocatorAddress = ByteUtils.fromHex(response.allocatorAddress); log('Compiling ZkPass credential...'); await ZkPass.compileDependenciesPartial({ proofsEnabled }); let ZkPassCredential = await ZkPass.CredentialPartial(); log('Creating ZkPass credential...'); let credential = await ZkPassCredential.create({ owner, publicInput: { schema: Bytes32.from(schemaBytes), taskId: Bytes32.from(taskId), allocatorAddress: Address.from(allocatorAddress), validatorAddress: Address.from(validatorAddress), allocatorSignature, allocatorParityBit, }, privateInput: { publicFieldsHash: Bytes32.from(publicFieldsHash), uHash: Bytes32.from(uHash), validatorSignature, validatorParityBit, }, }); return credential; } /** * Verify the public input of a partial zkpass credential. * * Returns the allocator address and schema id for further verification against * expected values. * * This is a verification step that can be done in the clear, and is * outsourced from the proof to the verifier. */ function verifyPublicInput(publicInput) { let allocatorMessage = DynamicBytes.from([ ...publicInput.taskId.bytes, ...publicInput.schema.bytes, ...fill(12, 0x00), // 12 zero bytes to fill up address ...publicInput.validatorAddress.bytes, ]); verifyEthereumSignatureSimple(allocatorMessage, Signature.from(publicInput.allocatorSignature), publicInput.allocatorAddress, Unconstrained.from(publicInput.allocatorParityBit.toBoolean())); return { allocatorAddress: publicInput.allocatorAddress.toHex(), schema: ByteUtils.toString(publicInput.schema.toBytes()), }; } function createCredentialZkPassPartial() { return Credential.Imported.fromMethod({ name: `zkpass-partial-${maxMessageLength}`, publicInput: { schema: Bytes32, taskId: Bytes32, validatorAddress: Address, allocatorAddress: Address, allocatorSignature: { r: Gadgets.Field3, s: Gadgets.Field3 }, allocatorParityBit: Bool, }, privateInput: { uHash: Bytes32, publicFieldsHash: Bytes32, validatorSignature: Signature, validatorParityBit: Unconstrained.withEmpty(false), }, data: { nullifier: Bytes32, publicFieldsHash: Bytes32 }, }, async ({ publicInput: { schema, taskId, validatorAddress }, privateInput: { uHash, publicFieldsHash, validatorSignature, validatorParityBit, }, }) => { // combine inputs to validator message let validatorMessage = DynamicBytes.from([ ...taskId.bytes, ...schema.bytes, ...uHash.bytes, ...publicFieldsHash.bytes, ]); // Verify validator signature await verifyEthereumSignature(validatorMessage, validatorSignature, validatorAddress, validatorParityBit, maxMessageLength); return { nullifier: uHash, publicFieldsHash }; }); } // Verifies both validator and allocator signatures async function importCredentialFull(owner, schema, response, log = () => { }) { let publicFieldsHash = ZkPass.genPublicFieldHash(response.publicFields).toBytes(); // validate public fields hash assert('0x' + ByteUtils.toHex(publicFieldsHash) === response.publicFieldsHash); // compute allocator message hash let allocatorMessage = ZkPass.encodeParameters(['bytes32', 'bytes32', 'address'], [ ByteUtils.fromString(response.taskId), ByteUtils.fromString(schema), ByteUtils.fromHex(response.validatorAddress), ]); // compute validator message hash let validatorMessage = ZkPass.encodeParameters(['bytes32', 'bytes32', 'bytes32', 'bytes32'], [ ByteUtils.fromString(response.taskId), ByteUtils.fromString(schema), ByteUtils.fromHex(response.uHash), publicFieldsHash, ]); let { signature: allocatorSignature, parityBit: allocatorParityBit } = parseSignature(response.allocatorSignature); let { signature: validatorSignature, parityBit: validatorParityBit } = parseSignature(response.validatorSignature); let allocatorAddress = ByteUtils.fromHex(response.allocatorAddress); let validatorAddress = ByteUtils.fromHex(response.validatorAddress); log('Compiling ZkPass full credential...'); await ZkPass.compileDependenciesFull(); let ZkPassCredential = await ZkPass.CredentialFull(); log('Creating ZkPass full credential...'); let credential = await ZkPassCredential.create({ owner, publicInput: { allocatorAddress: EcdsaEthereum.Address.from(allocatorAddress), }, privateInput: { allocatorMessage, allocatorSignature, allocatorParityBit, validatorMessage, validatorSignature, validatorParityBit, validatorAddress: EcdsaEthereum.Address.from(validatorAddress), }, }); return credential; } // Verifies both validator and allocator signatures // TODO: OOM function createCredentialZkPassFull() { return Credential.Imported.fromMethod({ name: `zkpass-full-${maxMessageLength}`, publicInput: { allocatorAddress: Address }, privateInput: { allocatorMessage: Message, allocatorSignature: Signature, allocatorParityBit: Unconstrained.withEmpty(false), validatorMessage: Message, validatorSignature: Signature, validatorParityBit: Unconstrained.withEmpty(false), validatorAddress: Address, }, data: { allocatorMessage: Message, validatorMessage: Message }, }, async ({ publicInput: { allocatorAddress }, privateInput: { allocatorMessage, allocatorSignature, allocatorParityBit, validatorMessage, validatorSignature, validatorParityBit, validatorAddress, }, }) => { // Verify allocator signature await verifyEthereumSignature(allocatorMessage, allocatorSignature, allocatorAddress, allocatorParityBit, maxMessageLength); // Verify validator signature await verifyEthereumSignature(validatorMessage, validatorSignature, validatorAddress, validatorParityBit, maxMessageLength); return { allocatorMessage, validatorMessage }; }); } function encodeParameters(types, values) { let arrays = zip(types, values).map(([type, value]) => encodeParameter(type, value)); return ByteUtils.concat(...arrays); } function encodeParameter(type, value) { if (type === 'bytes32') return ByteUtils.padEnd(value, 32, 0); if (type === 'address') return ByteUtils.padStart(value, 32, 0); throw Error('unexpected type'); } // hash used by zkpass to commit to public fields // FIXME unfortunately this does nothing to prevent collisions -.- function genPublicFieldHash(publicFields) { let publicData = publicFields.map((item) => { if (typeof item === 'object') delete item.str; return item; }); let values = []; function recurse(obj) { if (typeof obj === 'string') { values.push(obj); return; } for (let key in obj) { if (obj.hasOwnProperty(key)) { if (typeof obj[key] === 'object' && obj[key] !== null) { recurse(obj[key]); // it's a nested object, so we do it again } else { values.push(obj[key]); // it's not an object, so we just push the value } } } } publicData.forEach((data) => recurse(data)); let publicFieldStr = values.join(''); if (publicFieldStr === '') publicFieldStr = '1'; // ??? another deliberate collision return DynamicSHA3.keccak256(publicFieldStr); } //# sourceMappingURL=zkpass.js.map