# Verifiable Credentials Smart Contract Pattern with Circle Verite

Note - this section is mostly excerpts from the [Verite documentation](https://developers.circle.com/verite/docs/verite-protocol-introduction). Refer to the documentation for a full, in depth explanation of Verite.

## Overview 

From Merriam-Webster

*vérité* - noun : the art or technique of filming something (such as a motion picture) so as to convey candid realism 

From Circle's [introduction](https://developers.circle.com/verite/docs/verite-protocol-introduction)

> Verite is a set of free open source decentralized identity protocols and data models to facilitate interoperability between Verite products present and future. These protocols allow people and institutions to cryptographically prove claims about their identities, and allow services to attest to those claims, while avoiding exposure of sensitive data. For example, an individual might prove KYC, credit, insurance, accredited investor status, or similar identity claims to an application or smart contract while preserving privacy.
>
>Unlike centralized identity architectures, Verite's decentralized approach enables people and institutions to control how their identity data is accessed and avoids the sensitivity of identity data being used to justify vendor lock-in or "toll-roads". Verite is not a token and requires no specific blockchain, but functions across many major blockchain and wallet ecosystems, never storing ANY sensitive or de-anonymizing data on-chain.
>
>Verite empowers developers, financial institutions, regulators, and individuals with an open, free, interoperable identity model for decentralized finance. Interoperability ensures that applications, services, wallets, and smart contracts can interact with one another following a shared set of standard rules and interfaces.

### Architecture Overview

Circle docs - see [here](https://developers.circle.com/verite/docs/architecture-overview)


#### Identity Hierarchy

![Identity Hierarchy](./id-hierarchy.png)

#### Identity Protocol

![Identity Protocol](./id-protocol.png)


## Foundational Standards

Foundational standards that Verite draws upon include:

>**W3C Verifiable Credentials (“VCs”)**: Verifiable Credentials define a standard flexible, tamper-evident way for an issuer to make a claim about a subject in a way that is independently verifiable and privacy-preserving. VCs are the data model used for Verite claims attestations.
>
>**Verifiable Presentations ("VPs")**: Also defined in the VC spec, Verifiable Presentations provide a way to securely package a set of VCs for transmission to a relying party in a way that allows the subject to prove control over the credentials.
>
>**Identifiers, Decentralized Identifiers**: An "identifier" refers to both a subject and an issuer of a VC. The identifier data type is a URI, and may be a W3C Decentralized Identifier (DID), which is used in Verite reference implementations. Verite does not require the use of DIDs, but they are one standard way to implement identifiers that minimize correlability and enable proof of control over credentials.
>
>**Verifiable Data Registry**: This is a general concept that enables decoupling of verification from the issuer. It's typically used for storing revocation registries, trusted issuer lists, or similar data repositories to be accessed during the verification process. In VC implementations, these are often implemented with a distributed ledger (note that in the Verite approach, the credentials themselves are not stored on-chain).
>
>**Credential Manifest**: This standard from the Decentralized Identity Foundation (DIF) defines the mechanism for requesting and receiving a credential. A Credential Manifest allows an issuer to describe (in a machine-readable way) what types (schemas) of credentials they issue and what their requirements are. It also describes the format for a subject/holder to submit an application for a credential that conforms to those requirements.
>
>**Presentation Exchange**: This DIF standard enables a verifier to describe what types of credentials they require from a subject/holder, and how the subject/holder can send a submission.
>
>**Wallet and Credential Interactions**: Verite's Wallet interaction protocols use a lightweight flow loosely based on the work-in-progress DIF Wallet and Credential Interactions specification.


## Smart Contract Patterns

>A core functionality of Verite is that it enables smart contracts to require successful verification of Verifiable Credentials in order to safely and securely assess proofs of identity, credit and risk scoring, insurance, accredited investor status and other identity-related claims.
>
>Today, smart contracts on most chains (such as ethereum) are not technically capable and/or economically practical at executing the verification operations themselves, and they cannot call upon external verification or other network services beyond the constraints of their own chains. Verification in-contract would also require transmitting credentials on-chain, which may leak sensitive personal information and violate the first principle of 'Privacy by Design.'
>
>Instead, verification can be done by a web-based "front-end", or outsourced to a verifier service that communicates to the dApp directly (via offchain transactions delivered to the smart contract along with the transactions it authorizes) or indirectly (via on-chain registries, oracles, or other mechanisms).
>

### Verification Results

![Verification Results](./verification-results.png)

### Verification Records and Registry

![Verification Registry](./verification-records.png)

### Verification Query

![Verification Query](./verification-query.png)



In [None]:
import json

from web3 import Web3
w3 = Web3(Web3.HTTPProvider('http://127.0.0.1:8545'))

In [None]:
# Eth test account addresses
ACCT0='0x892BB2e4F6b14a2B5b82Ba8d33E5925D42D4431F'
ACCT1='0x9949f7e672a568bB3EBEB777D5e8D1c1107e96E5'
ACCT2='0x835F0Aa692b8eBCdEa8E64742e5Bce30303669c2'
ACCT3='0x7bA7d161F9E8B707694f434d65c218a1F0853B1C'
ACCT4='0xB4C3D79CDC0eb7A8576a8bf224Bbc6Bec790c320'
ACCT5='0x5Ad35F89D8C1d03089BDe2578Ce43883E3f2A7B0'
ACCT6='0x0234643975F308b76d1241897e7d70b02C155daa'
ACCT7='0x5199524B11e801c52161CA76dB9BFD72f4a4E1E1'
ACCT8='0x549381D65fe61046911d11743D5c0941Ed704640'
ACCT9='0x73dA1eD554De26C467d97ADE090af6d52851745E'

In [None]:
# Eth test account private keys
ACCT0KEY='0xcb1a18dff8cfcee16202bf86f1f89f8b3881107b8192cd06836fda9dbc0fde1b'
ACCT1KEY='0xa54f24f80839b659fc44fbb19492507bc734ea572f6f5672787cd8e9a198bf28'
ACCT2KEY='0x824f9e081f93102ca26e9e696bb6804079a5e4e3fca3a05216e2b6e0538fcab9'
ACCT3KEY='0x3e56e9b2db8389123a03816c37dd4515e07077483fbe865156a2d8f6003b6725'
ACCT4KEY='0xca55c5904f97405816f8d24c5e7810aaec2aa347ea0e1f920f19eca05669ae7b'
ACCT5KEY='0x6100006a16d6a0fd065f62165e64d412920afd0e8fc59956ad7a9116e363b72e'
ACCT6KEY='0x55b0e7919eb08e618dbddf025341094eefc0db60244736c1faac1412d68868f3'
ACCT7KEY='0x81b475051c4686cffe815e50216a9bac397c0e5d9108170823b290d41823fa8a'
ACCT8KEY='0xc3599ced1484dc8eccbb477cf8c318ca48ef1f2aac81a10a3774fe40d3b678de'
ACCT9KEY='0xf9832eeac47db42efeb2eca01e6479bfde00fda8fdd0624d45efd0e4b9ddcd3b'

## Deploy the Verification Registry 

In [None]:
home = ! echo $HOME
exec_home = home[0] + '/code/vc-verite'
print(exec_home)

In [None]:
!cd {exec_home} && DEPLOYER_KEY={ACCT0KEY} OWNER_ADDRESS={ACCT0} forge script script/VerificationRegistry.s.sol:DeployScript --broadcast --rpc-url http://127.0.0.1:8545 --extra-output-files abi --extra-output-files bin


In [None]:
%%bash -s "$exec_home" --out REGISTRY_ADDRESS
cd $1
ls
node script/registry-deploy-details.js 

In [None]:
REGISTRY_ADDRESS = REGISTRY_ADDRESS.strip()
print(REGISTRY_ADDRESS)

## KYCToken Deploy

In [None]:
!cd {exec_home} && DEPLOYER_KEY={ACCT0KEY} OWNER_ADDRESS={ACCT0} REGISTRY_ADDRESS={REGISTRY_ADDRESS} forge script script/KYCToken.s.sol:DeployScript --broadcast --rpc-url http://127.0.0.1:8545 --extra-output-files abi --extra-output-files bin


In [None]:
%%bash -s "$exec_home" --out KYCTOKEN_ADDRESS
cd $1
ls
node script/kyctoken-deploy-details.js 

In [None]:
KYCTOKEN_ADDRESS = KYCTOKEN_ADDRESS.strip()
print(KYCTOKEN_ADDRESS)

## Token Transfer to Unregistered Address

In [None]:
tokenAbiFile = home[0] + '/code/vc-verite/out/KYCToken.sol/KYCToken.json'

In [None]:
import json

with open(tokenAbiFile) as f:
    token_json = json.load(f)

tokenAbi = token_json['abi']

In [None]:
kycToken = w3.eth.contract(address=KYCTOKEN_ADDRESS, abi=tokenAbi)

In [None]:
kycToken.functions.balanceOf(ACCT1).call()

In [None]:
# Check registry contract address
kycToken.functions.registryAddress().call() == REGISTRY_ADDRESS

In [None]:
# Transfer some kyc coin to acct1
tx = kycToken.functions.transfer(ACCT1, 100).build_transaction(
    {
        "from":ACCT0,
        "nonce": w3.eth.get_transaction_count(ACCT0),
    }
)

## Configure Verification Registry

In [None]:
registryAbiFile =  home[0] + '/code/vc-verite/out/VerificationRegistry.sol/VerificationRegistry.json'

In [None]:
import json

with open(registryAbiFile) as f:
    registry_json = json.load(f)

registryAbi = registry_json['abi']

In [None]:
verificationRegistry = w3.eth.contract(address=REGISTRY_ADDRESS, abi=registryAbi)

In [None]:
verificationRegistryNameBytes32 = str.encode('VerificationRegistry')
verificationRegistryNameBytes32 =  b'\0'*12 + verificationRegistryNameBytes32
print(len (verificationRegistryNameBytes32))
print(verificationRegistryNameBytes32.hex())

In [None]:
tx = verificationRegistry.functions.addVerifier(ACCT0,(verificationRegistryNameBytes32, "did:verificationregistry:contract", "https://example.com/owner", ACCT9)).build_transaction(
    {
        "from":ACCT0,
        "nonce": w3.eth.get_transaction_count(ACCT0),
    }
)

In [None]:
signed_tx = w3.eth.account.sign_transaction(tx, ACCT0KEY)
tx_hash = w3.eth.send_raw_transaction(signed_tx.rawTransaction)
tx_receipt = w3.eth.wait_for_transaction_receipt(tx_hash)
print(tx_receipt)
print(f"Tx successful with hash: { tx_receipt.transactionHash.hex() }")

In [None]:
verificationRegistry.functions.getVerifierCount().call()

In [None]:
# Check ACCT status
verificationRegistry.functions.isVerified(ACCT1).call()

### Add ACCT1 Verification Record

In [None]:
domain_data = {
    "name": "VerificationRegistry",
    "version": "1.0",
    "chainId": w3.eth.chain_id,
    "verifyingContract": REGISTRY_ADDRESS
}

In [None]:
msg_types = {
    "VerificationResult": [
        {"name": "schema", "type": "string"},
        {"name": "subject", "type": "address"},
        {"name": "expiration", "type": "uint256"},
    ],
}

In [None]:
expiration = w3.eth.get_block(w3.eth.block_number).timestamp + 3000

In [None]:
msg_data = {
    "schema":"circle.com/credentials/kyc",
    "subject":ACCT1,
    "expiration":expiration
}

In [None]:
msg_data

In [None]:
from eth_account import Account
signed_msg = Account.sign_typed_data(ACCT9KEY, domain_data, msg_types, msg_data)

In [None]:
signed_msg

In [None]:
# registry.registerVerification(VerificationResult(
#            "circle.com/credentials/kyc", known, expiration),
#        signature);

tx = verificationRegistry.functions.registerVerification(("circle.com/credentials/kyc",ACCT1,w3.eth.get_block(w3.eth.block_number).timestamp + 3000), signed_msg.signature).build_transaction(
    {
        "from":ACCT0,
        "nonce": w3.eth.get_transaction_count(ACCT0),
    }
)

In [None]:
signed_tx = w3.eth.account.sign_transaction(tx, ACCT0KEY)
tx_hash = w3.eth.send_raw_transaction(signed_tx.rawTransaction)
tx_receipt = w3.eth.wait_for_transaction_receipt(tx_hash)
print(tx_receipt)
print(f"Tx successful with hash: { tx_receipt.transactionHash.hex() }")

In [None]:
verificationRegistry.functions.getVerificationsForSubject(ACCT1).call()

In [None]:
verificationRegistry.functions.isVerified(ACCT1).call()

### Retry Transfer

In [None]:
# Transfer some kyc coin to acct1
tx = kycToken.functions.transfer(ACCT1, 100).build_transaction(
    {
        "from":ACCT0,
        "nonce": w3.eth.get_transaction_count(ACCT0),
    }
)

In [None]:
signed_tx = w3.eth.account.sign_transaction(tx, ACCT0KEY)
tx_hash = w3.eth.send_raw_transaction(signed_tx.rawTransaction)
tx_receipt = w3.eth.wait_for_transaction_receipt(tx_hash)
print(tx_receipt)
print(f"Tx successful with hash: { tx_receipt.transactionHash.hex() }")

In [None]:
kycToken.functions.balanceOf(ACCT1).call()