iden3: Introducing a new set of tools for mastering zkSNARKs
Recently, an association called 0KIMS was created to develop and launch a new distributed blockchain-based identity management solution: iden3.
iden3 is a very ambitious open source project which enables a new model and identity management platform with the objective to solve some of the problems and limitations current identity management solutions have, by providing: decentralized architecture, privacy of the user data, scalability on public blockchain, usability improvements, openness, etc.
The idea of this set of posts is to provide a detailed description of the project. We will also give a talk about the project at DEVCON4 which will take place from October 30 to Nov 2 in Prague (https://devcon4.ethereum.org/).
The software package consists of a
circom circuit compiler and
Zero-knowledge proofs are methods by which one party (prover) can prove to another party (verifier) that he/she knows a secret without revealing any information about it apart from the fact that he/she knows it. In the last few years, these protocols have gained a lot of interest, especially in field of cryptography. In particular, the zero-knowledge protocol we have implemented, zkSNARK, was introduced in 2012, and its appeal is based on its non-interaction, meaning that interaction between prover and verifier is not required, and its succinctness, that is, that the prover can easily verify the proof within few milliseconds.
The circuit can be designed in ‘circom’ and then be used in ‘zksnark’ to create the trusted setup, generate the proof and verify it.
The main characteristics are described below:
Templates and component based design
The language allows the representation of components using templates in the same manner that objects are represented by classes in object-oriented programming languages such as Java or C++. For instance, in circom one can create a template that defines an n-bits comparator and then use it to represent many comparators in a circuit each with a different number of bits. This way, one can create a set of standard templates and reuse them in different circuits and even in other projects.
The language also allows the creation of top-down designs of complex circuits with reusable components.
Constraints and witness calculation
circom consists of two elements:
A set of constraints of the form R1CS that the signals must satisfy.
A program that calculates all the intermediary and output signals given a set of specific values as input signals. This specific set of values matching the constraints of a circuit is called the witness. Calculating this witness is a necessary step before calculating a proof.
These are the normal steps that are followed in a live cycle of a circuit.
Done once per circuit.
Design of a circuit with ‘circom’.
Compilation of the circuit.
Done each time a proof is generated.
Calculation of the witness. One of the outputs of
circomis a code to calculate the output and all the intermediate signals for a given input (witness). In this step we use this generated code to calculate all the signals for a given input. All the signals will satisfy the constraints of the circuit.
With this witness and the proving key a proof is generated.
Done when a proof needs to be verified.
Verification of a proof given a public input, an output and a verification key.
It is important to note that if the proof is valid, it implies that whoever generated the proof knew the whole witness. Moreover, the proof does not reveal any information about the private input nor the rest of the intermediate signals, so this is why the protocol is considered a zero knowledge proof.
This library avoids the dependencies of libsnark and it also allows the creation and verification of proofs from the browser, bringing this technology closer to the end user.
In fact, the current version of the library makes uses of the native BigNum when available. We are also studying using webAssembly in the near future to improve the performance without losing the portability.
Status of the project
This technology is key to bring the idea of “privacy by design and by default” to the upcoming set of applications that will constitute the new internet we are building together. So, from here we are making a call to the community to help and support this library to bring zero knowledge proofs to the mainstream.
The project is in a very early stage, but we believe it to be very useful in many other projects. That’s why we accelerated its release. We expect that the open source spirit of the project will give us feedback and contributions from many other teams that find this work useful.
For more technical details, please take look at our github repositories and start using the libraries today.
Iden3 web page: https://iden3.io
Follow us also on twitter: @Identhree
Other interesting links:
Original zkSnarks paper: https://eprint.iacr.org/2017/013.pdf