The hydra-s1-zkps from sismo-core

hydra-s1-zkps's Introduction

Hydra-S1 ZKPS

Hydra-S1 Zero-Knowledge Proving Scheme

Made by Sismo

Hydra-S1 is a Zero-Knowledge Proving Scheme used by Hydra S1 attesters of the Sismo Protocol.

Hydra-S1 generates ZK Proofs from a Merkle tree storing groups of accounts with values (e.g group of ENS DAO voters where the account value is the number of votes).

Hydra-S1 enables users to prove from these groups:

Ownerships: They own two accounts, a source account, and a destination account. (via Hydra Delegate Proof of Ownership)
Account inclusion: Their source account is part of a group (e.g group ENS DAO voters)
Account value: Their source account holds a specific value (e.g number of votes in the group of ENS DAO voters)
Nullifier Generation: They computed a nullifier from an externalNullifier. The nullifier is deterministically generated from their source account and the externalNullifier. It can be stored by proof verifiers to only accept one ZK Proof per account per externalNullifier.

Please make sure to read our documentation:

Hydra-S1 general documentation
Registry Tree The custom Merkle tree which stores the groups of accounts.
Hydra Proof of Ownership via the Commitment Mapper

Circuits and Package

Hydra-S1 Proving Scheme was developed using circom and snarkjs. This repo contains the circuits.

It outputs an off-chain prover and verifiers (both on-chain and off-chain).

These implementations of prover and verifiers are in the @sismo-core/hydra-s1 npm package.

$ yarn add @sismo-core/hydra-s1

Installation

Install Circom2 (rust version)
Build

$ yarn build

Test

$ yarn test 
$ test:circuits
$ test:verifier-js
$ test:verifier-contract
$ test:prover-js

License

Distributed under the MIT License.

Contribute

Please, feel free to open issues, pull requests, or simply provide feedback!

Contact

Prefer Discord or Twitter

hydra-s1-zkps's People

Contributors

Stargazers

Watchers

hydra-s1-zkps's Issues

No need for range check

The range check performed here on sourceValue and claimedValue is not necessary in my opinion.

This range check would only fail if:

2 ** 252 <= sourceValue < p
2 ** 252 <= claimedValue < p

And these are not actually cases of overflow.

I performed the test included in the library after having removed these 4 lines and they all pass successfully.

You can check these 2 gists here (circuit and test) to test out my hypotheses.

It would be interesting to understand if the LessOrEqual operation is sufficient to prevent any overflow

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.

Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

TensorFlow

An Open Source Machine Learning Framework for Everyone

Django

The Web framework for perfectionists with deadlines.

Laravel

A PHP framework for web artisans

D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

web

Some thing interesting about web. New door for the world.

server

A server is a program made to process requests and deliver data to clients.

Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

Visualization

Some thing interesting about visualization, use data art

Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.

Microsoft

Open source projects and samples from Microsoft.

Google

Google ❤️ Open Source for everyone.

Alibaba

Alibaba Open Source for everyone

D3

Data-Driven Documents codes.

Tencent

China tencent open source team.

sismo-core / hydra-s1-zkps Goto Github PK