-
Notifications
You must be signed in to change notification settings - Fork 0
ZK Commitments
ZkChainCommitment lets you prove an A1 authorization occurred without revealing the full delegation chain. Verification is O(1) — one Blake3 hash + one Ed25519 check — regardless of the original chain depth.
| Scenario | Solution |
|---|---|
| Ship proof to a blockchain or transparency log |
anchor_hash(commitment) → submit 32 bytes on-chain |
| Prove authorization to a downstream service without exposing org structure | Send the ZkChainCommitment instead of the full chain |
| Mobile / IoT client needs to verify, but can't process full chains | Client verifies the compact commitment |
| Upgrade to real zero-knowledge in future without changing downstream code | Set mode = ZkProofMode::ExternalZkvm
|
[dependencies]
a1-ai = { version = "2.8", features = ["zk"] }use a1::zk::{ZkChainCommitment, ZkProofMode};
use a1::{DyoloChain, Intent};
// After a successful authorization, seal the chain:
let commitment = ZkChainCommitment::seal(
&chain,
&intent.hash(),
&narrowing_mask.as_bytes(),
now_unix,
&authority_identity, // signs the commitment
Some("acme-trading-bot"), // optional namespace tag
);The commitment field is:
Blake3("a1::dyolo::zk::commit::v2.8.0" ‖ chain_fingerprint ‖ intent ‖ narrowing_commitment ‖ timestamp)
signed by the sealing authority's Ed25519 key.
let result = commitment.verify_commitment(
&narrowing_mask.as_bytes(),
now_unix,
Some(max_age_seconds), // None = no freshness check
);
match result {
Ok(()) => println!("Commitment valid"),
Err(e) => println!("Invalid: {:?}", e),
}O(1) regardless of original chain depth.
use a1::zk::anchor_hash;
let hash = anchor_hash(&commitment); // 32-byte Blake3
// Submit hash to your smart contract, Ethereum calldata, etc.Feature flag: features = ["anchor"]
The default mode. A cryptographic commitment derived from Blake3. Proves the authorization was valid without revealing chain details, but is not zero-knowledge in the strict cryptographic sense (the chain length and fingerprint are derivable by anyone with the full chain).
No extra dependencies. Works everywhere A1 runs.
println!("{:?}", commitment.mode); // ZkProofMode::Blake3Commit
println!("{}", commitment.has_zk_proof()); // falseAttach a real zero-knowledge proof generated by a zkVM (RISC Zero, Jolt, SP1, etc.). The wire format is identical to Blake3Commit — downstream consumers don't need to change anything.
let commitment = commitment.with_zk_proof(proof_bytes);
println!("{:?}", commitment.mode); // ZkProofMode::ExternalZkvm
println!("{}", commitment.has_zk_proof()); // trueThe RISC Zero guest program for generating proofs is at src/zk_guest/src/main.rs.
Agents can record a step-by-step reasoning trace and commit it alongside the authorization chain commitment. Individual steps can be disclosed to auditors without revealing the full trace.
use a1::provenance::{ReasoningTrace, ReasoningStepKind};
use a1::zk::ZkTraceProof;
let mut trace = ReasoningTrace::new(now);
trace.record(ReasoningStepKind::Thought, b"analyzing trade signal", now + 1);
trace.record(ReasoningStepKind::ToolCall, b"read_portfolio()", now + 2);
trace.record(ReasoningStepKind::FinalAction, b"execute BUY AAPL 100", now + 3);
let chain_fp = chain.fingerprint();
let root = trace.finalize(now + 4, &chain_fp)?;
// Seal the trace commitment alongside the chain commitment:
let proof = ZkTraceProof::seal(chain_commitment, root, &authority_identity);
assert!(proof.verify().is_ok());The trace root is a Merkle commitment — individual steps can be proven via ProvenanceStepProof without revealing all steps.
POST /v1/anchor
Anchor a ZkChainCommitment via the gateway. The gateway submits the 32-byte hash to the configured transparency log.
Source: src/zk.rs, src/zk_guest/, src/provenance.rs · Back to wiki home