diff --git a/config/iden3_docmap.py b/config/iden3_docmap.py index 4cf45ae..65466be 100644 --- a/config/iden3_docmap.py +++ b/config/iden3_docmap.py @@ -440,7 +440,7 @@ iden3_repo = [ iden3js_docs, goiden3_docs, tx_forwarder_docs, circom_docs, circomlib_docs, websnark_docs, - discovery_node_docs, citrus_docs, snarkjs_docs, notifications_server_docs, + discovery_node_docs, snarkjs_docs, notifications_server_docs, wasmbuilder_docs, research_docs ] iden3_docs = [ iden3_devel_docs, iden3_tech_docs, iden3_publications_docs] diff --git a/source/devel/centralized_login.rst b/source/devel/centralized_login.rst index 06d07d3..9c51b01 100644 --- a/source/devel/centralized_login.rst +++ b/source/devel/centralized_login.rst @@ -2,7 +2,7 @@ ############################################## -Centralized Login +Centralized Login Use Case ############################################## .. topic:: Overview diff --git a/source/iden3_repos/circom/README.rst b/source/iden3_repos/circom/README.rst index 4ae9074..47461c9 100644 --- a/source/iden3_repos/circom/README.rst +++ b/source/iden3_repos/circom/README.rst @@ -32,17 +32,17 @@ Creation of a circuit. This is an example of a NAND door: :: - template NAND() { - signal private input a; - signal input b; - signal output out; + template NAND() { + signal private input a; + signal input b; + signal output out; - out <== 1 - a*b; - a*(a-1) === 0; - b*(b-1) === 0; - } + out <== 1 - a*b; + a*(a-1) === 0; + b*(b-1) === 0; + } - component main = NAND(); + component main = NAND(); The language uses mainly JavaScript/C syntax together with 5 extra operators to define the following constraints: @@ -52,7 +52,7 @@ at the same time imply a constraint. As it is shown in the above example, a value is assigned to ``out`` and a constraint is also generated. The assigned value must be of the form -a\*b+c where a,b and c are linear combinations of the signals. +a*b+c where a,b and c are linear combinations of the signals. ``<--`` , ``-->`` : These operators assign values to signals but do not generate any constraints. This allows to assign to a signal any value @@ -74,13 +74,13 @@ First of all, the compiler must be installed by typing: :: - npm install -g circom + npm install -g circom The circuit is compiled with the following command: :: - circom mycircuit.circom -o mycircuit.json + circom mycircuit.circom -o mycircuit.json The resulting output ( ``mycircuit.json`` ) can be used in the `zksnarks JavaScript library `__. @@ -96,21 +96,21 @@ representation. Therefore, the circuits can be written this way: :: - template Num2Bits(n) { - signal input in; - signal output out[n]; - var lc1=0; + template Num2Bits(n) { + signal input in; + signal output out[n]; + var lc1=0; - for (var i = 0; i> i) & 1; - out[i] * (out[i] -1 ) === 0; - lc1 += out[i] * 2**i; - } + for (var i = 0; i> i) & 1; + out[i] * (out[i] -1 ) === 0; + lc1 += out[i] * 2**i; + } - lc1 === in; - } + lc1 === in; + } - component main = Num2Bits(8) + component main = Num2Bits(8) First of all, note that templates can have parameters. This allows to create libraries with templates that generate circuits in parametric @@ -129,7 +129,7 @@ big constraint of the form: :: - in === out[0]*2**0 + out[1]*2**1 + out[2]*2**2 + ... + out[n-1]*2**(n-1) + in === out[0]*2**0 + out[1]*2**1 + out[2]*2**2 + ... + out[n-1]*2**(n-1) We do this by using a variable ``lc1`` and adding each signal multiplied by its coefficient. This variable does not hold a value at compilation @@ -138,25 +138,25 @@ constraint: :: - lc1 === in; + lc1 === in; The last step is to force each output to be binary. This is done by adding the following constraint to each output: :: - out[i] * (out[i] -1 ) === 0; + out[i] * (out[i] -1 ) === 0; A binary adder ~~~~~~~~~~~~~~ -Let's now create a 32bits adder. +Let’s now create a 32bits adder. This operation could be done directly by adding a simple constraint ``out === in1 + in2``, but doing this the operation would not be module ``2**32`` but ``r``, where ``r``\ is the range of the elliptic curve. In the case of the zCash current implementation of zkSNARKs this number is -typically some prime close to 2\*\*253. +typically some prime close to 2**253. So, the strategy we will follow will be to first convert a number to binary, then do the addition using the binary representation like in @@ -169,140 +169,140 @@ bitify.circom: :: - template Num2Bits(n) { - signal input in; - signal output out[n]; - var lc1=0; + template Num2Bits(n) { + signal input in; + signal output out[n]; + var lc1=0; - for (var i = 0; i> i) & 1; - out[i] * (out[i] -1 ) === 0; - lc1 += out[i] * 2**i; - } + for (var i = 0; i> i) & 1; + out[i] * (out[i] -1 ) === 0; + lc1 += out[i] * 2**i; + } - lc1 === in; + lc1 === in; - } + } - template Bits2Num(n) { - signal input in[n]; - signal output out; - var lc1=0; + template Bits2Num(n) { + signal input in[n]; + signal output out; + var lc1=0; - for (var i = 0; i out; - } + lc1 ==> out; + } binsum.circom :: - /* + /* - Binary sum - ========== + Binary sum + ========== - This component creates a binary sum componet of ops operands and n bits each operand. + This component creates a binary sum componet of ops operands and n bits each operand. - e is number of carries and it depends on the number of operands in the input. + e is number of carries and it depends on the number of operands in the input. - Main Constraint: - in[0][0] * 2^0 + in[0][1] * 2^1 + ..... + in[0][n-1] * 2^(n-1) + - + in[1][0] * 2^0 + in[1][1] * 2^1 + ..... + in[1][n-1] * 2^(n-1) + - + .. - + in[ops-1][0] * 2^0 + in[ops-1][1] * 2^1 + ..... + in[ops-1][n-1] * 2^(n-1) + - === - out[0] * 2^0 + out[1] * 2^1 + + out[n+e-1] *2(n+e-1) + Main Constraint: + in[0][0] * 2^0 + in[0][1] * 2^1 + ..... + in[0][n-1] * 2^(n-1) + + + in[1][0] * 2^0 + in[1][1] * 2^1 + ..... + in[1][n-1] * 2^(n-1) + + + .. + + in[ops-1][0] * 2^0 + in[ops-1][1] * 2^1 + ..... + in[ops-1][n-1] * 2^(n-1) + + === + out[0] * 2^0 + out[1] * 2^1 + + out[n+e-1] *2(n+e-1) - To waranty binary outputs: + To waranty binary outputs: - out[0] * (out[0] - 1) === 0 - out[1] * (out[0] - 1) === 0 - . - . - . - out[n+e-1] * (out[n+e-1] - 1) == 0 + out[0] * (out[0] - 1) === 0 + out[1] * (out[0] - 1) === 0 + . + . + . + out[n+e-1] * (out[n+e-1] - 1) == 0 - */ + */ - /* This function calculates the number of extra bits in the output to do the full sum. */ + /* This function calculates the number of extra bits in the output to do the full sum. */ - function nbits(a) { - var n = 1; - var r = 0; - while (n-1> k) & 1; + for (k=0; k> k) & 1; - // Ensure out is binary - out[k] * (out[k] - 1) === 0; + // Ensure out is binary + out[k] * (out[k] - 1) === 0; - lout += out[k] * 2**k; - } + lout += out[k] * 2**k; + } - // Ensure the sum + // Ensure the sum - lin === lout; - } + lin === lout; + } sumtest.circom: :: - include "bitify.circom" - include "binsum.circom" + include "bitify.circom" + include "binsum.circom" - template Adder() { - signal private input a; - signal input b; - signal output out; + template Adder() { + signal private input a; + signal input b; + signal output out; - component n2ba = Num2Bits(32); - component n2bb = Num2Bits(32); - component sum = BinSum(32,2); - component b2n = Bits2Num(32); + component n2ba = Num2Bits(32); + component n2bb = Num2Bits(32); + component sum = BinSum(32,2); + component b2n = Bits2Num(32); - n2ba.in <== a; - n2bb.in <== b; + n2ba.in <== a; + n2bb.in <== b; - for (var i=0; i<32; i++) { - sum.in[0][i] <== n2ba.out[i]; - sum.in[1][i] <== n2bb.out[i]; - b2n.in[i] <== sum.out[i]; - } + for (var i=0; i<32; i++) { + sum.in[0][i] <== n2ba.out[i]; + sum.in[1][i] <== n2bb.out[i]; + b2n.in[i] <== sum.out[i]; + } - out <== b2n.out; - } + out <== b2n.out; + } - component main = Adder(); + component main = Adder(); In this example we have shown how to design a top-down circuit with many subcircuits and how to connect them together. One can also see that diff --git a/source/iden3_repos/circom/TUTORIAL.rst b/source/iden3_repos/circom/TUTORIAL.rst index f231143..296ab07 100644 --- a/source/iden3_repos/circom/TUTORIAL.rst +++ b/source/iden3_repos/circom/TUTORIAL.rst @@ -18,7 +18,7 @@ off-chain and on-chain on Ethereum. 1.1 Pre-requisites ~~~~~~~~~~~~~~~~~~ -If you don't have it installed yet, you need to install ``Node.js`` in +If you don’t have it installed yet, you need to install ``Node.js`` in your laptop. Last stable version of ``Node.js`` (Or 8.12.0) works just fine. But if @@ -35,13 +35,13 @@ Just run: .. code:: sh - npm install -g circom - npm install -g snarkjs + npm install -g circom + npm install -g snarkjs 2. Working with a circuit ------------------------- -Let's create a circuit that tries to prove that you are able to factor a +Let’s create a circuit that tries to prove that you are able to factor a number! 2.1 Create a circuit in a new directory @@ -50,30 +50,32 @@ number! 1. Create an empty directory called ``factor`` where you will put all the files that you will use in this tutorial. - :: +:: + + mkdir factor + cd factor - mkdir factor - cd factor +.. - In a real circuit, you will probably want to create a ``git`` - repository with a ``circuits`` directory and a ``test`` directory - with all your tests, and the needed scripts to build all the - circuits. + In a real circuit, you will probably want to create a ``git`` + repository with a ``circuits`` directory and a ``test`` directory + with all your tests, and the needed scripts to build all the + circuits. 2. Create a new file named ``circuit.circom`` with the following content: :: - template Multiplier() { - signal private input a; - signal private input b; - signal output c; - - c <== a*b; - } + template Multiplier() { + signal private input a; + signal private input b; + signal output c; + + c <== a*b; + } - component main = Multiplier(); + component main = Multiplier(); This circuit has 2 private input signals named ``a`` and ``b`` and one output named ``c``. @@ -94,7 +96,7 @@ We are now ready to compile the circuit. Run the following command: .. code:: sh - circom circuit.circom -o circuit.json + circom circuit.circom -o circuit.json to compile the circuit to a file named ``circuit.json`` @@ -107,7 +109,7 @@ typing: .. code:: sh - snarkjs --help + snarkjs --help 3.1 View information and stats regarding a circuit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -116,26 +118,28 @@ To show general statistics of this circuit, you can run: .. code:: sh - snarkjs info -c circuit.json + snarkjs info -c circuit.json You can also print the constraints of the circuit by running: .. code:: sh - snarkjs printconstraints -c circuit.json + snarkjs printconstraints -c circuit.json 3.2 Setting up using *snarkjs* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Ok, let's run a setup for our circuit: +Ok, let’s run a setup for our circuit: .. code:: sh - snarkjs setup + snarkjs setup + +.. - By default ``snarkjs`` will look for and use ``circuit.json``. You - can always specify a different circuit file by adding - ``-c `` + By default ``snarkjs`` will look for and use ``circuit.json``. You + can always specify a different circuit file by adding + ``-c `` The output of the setup will in the form of 2 files: ``proving_key.json`` and ``verification_key.json`` @@ -159,22 +163,22 @@ For example, Imagine that you want to prove that you are able to factor 33 that means that you know two numbers ``a`` and ``b`` that when you multiply them, it results in 33. - Of course you can always use one and the same number as ``a`` and - ``b``. We will deal with this problem later. + Of course you can always use one and the same number as ``a`` and + ``b``. We will deal with this problem later. So you want to prove that you know 3 and 11. -Let's create a file named ``input.json`` +Let’s create a file named ``input.json`` .. code:: json - {"a": 3, "b": 11} + {"a": 3, "b": 11} -And now let's calculate the witness: +And now let’s calculate the witness: .. code:: sh - snarkjs calculatewitness + snarkjs calculatewitness You may want to take a look at ``witness.json`` file with all the signals. @@ -186,7 +190,7 @@ Now that we have the witness generated, we can create the proof. .. code:: sh - snarkjs proof + snarkjs proof This command will use the ``prooving_key.json`` and the ``witness.json`` files by default to generate ``proof.json`` and ``public.json`` @@ -202,7 +206,7 @@ To verify the proof run: .. code:: sh - snarkjs verify + snarkjs verify This command will use ``verification_key.json``, ``proof.json`` and ``public.json`` to verify that is valid. @@ -218,7 +222,7 @@ Generate the solidity verifier .. code:: sh - snarkjs generateverifier + snarkjs generateverifier This command will take the ``verification_key.json`` and generate a solidity code in ``verifier.sol`` file. @@ -228,9 +232,9 @@ You can take the code in ``verifier.sol`` and cut and paste in remix. This code contains two contracts: Pairings and Verifier. You just need to deploy the ``Verifier`` contract. - You may want to use a test net like Rinkeby, Kovan or Ropsten. You - can also use the Javascript VM, but in some browsers, the - verification takes long and it may hang the page. + You may want to use a test net like Rinkeby, Kovan or Ropsten. You + can also use the Javascript VM, but in some browsers, the + verification takes long and it may hang the page. Verifying the proof on-chain ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -245,7 +249,7 @@ of the call by typing: .. code:: sh - snarkjs generatecall + snarkjs generatecall Just cut and paste the output to the parameters field of the ``verifyProof`` method in Remix. @@ -269,38 +273,38 @@ is one. We just calculate inv by ``1/(a-1)`` -So let's modify the circuit: +So let’s modify the circuit: :: - template Multiplier() { - signal private input a; - signal private input b; - signal output c; - signal inva; - signal invb; - - inva <-- 1/(a-1); - (a-1)*inva === 1; - - invb <-- 1/(b-1); - (b-1)*invb === 1; - - c <== a*b; - } - - component main = Multiplier(); + template Multiplier() { + signal private input a; + signal private input b; + signal output c; + signal inva; + signal invb; + + inva <-- 1/(a-1); + (a-1)*inva === 1; + + invb <-- 1/(b-1); + (b-1)*invb === 1; + + c <== a*b; + } + + component main = Multiplier(); A nice thing of circom language is that you can split a <== into two -independent acions: <-- and === +independent acions: <– and === -The <-- and --> operators Just assign a value to a signal without -creating any constraints. +The <– and –> operators Just assign a value to a signal without creating +any constraints. The === operator just adds a constraint without assigning any value to any signal. -The circuit has also another problem and it's that the operation works +The circuit has also another problem and it’s that the operation works in Zr, so we need to guarantee too that the multiplication does not overflow. This can be done by binarizing the inputs and checking the ranges, but we will reserve it for future tutorials. diff --git a/source/iden3_repos/circomlib.rst b/source/iden3_repos/circomlib.rst index ee2f1f9..f9b79cb 100644 --- a/source/iden3_repos/circomlib.rst +++ b/source/iden3_repos/circomlib.rst @@ -6,4 +6,4 @@ CircomLib .. toctree:: :maxdepth: 1 - rst + diff --git a/source/iden3_repos/citrus.rst b/source/iden3_repos/citrus.rst deleted file mode 100644 index 384e28f..00000000 --- a/source/iden3_repos/citrus.rst +++ /dev/null @@ -1,9 +0,0 @@ -.. _citrus: - -Citrus -====== - -.. toctree:: - :maxdepth: 1 - - citrus/README diff --git a/source/iden3_repos/citrus/README.rst b/source/iden3_repos/citrus/README.rst deleted file mode 100644 index f9d3e79..00000000 --- a/source/iden3_repos/citrus/README.rst +++ /dev/null @@ -1,99 +0,0 @@ -======== -Overview -======== - -.. contents:: :depth: 3 - -Citrus -====== - -Citrus: Continuous Integration Testing running until sunrise. - -Citrus is a simple continuous integration testing framework that can be -configured with scripts. - -The basis of citrus is **running 5 phases for each batch**: - -- Setup -- Start -- Test -- Stop -- Hooks - -Each phase will execute the corresponding scripts, which can be defined -globally and per repository. - -Configuration -------------- - -Each script will run through a prelude script that allows you to specify -global variables that will be available for all the scripts. - -There can be any number of ``setup``, ``start``, ``test``, ``stop`` and -``hook`` scripts. The filename of each script must start with the name -of the phase in lower case. - -The scripts for each phase will be sorted in alphabetical order; this -allows defining which scripts will run first. This sorting is applied to -the complete set of all phase scripts (global and repository scripts -together). For example, if a tests has two parts (send and recive) and -you want to ensure that send is run before receive, name them like this: -``test_00_send`` and ``test_01_recive`` - -All the scripts must be executable (``chmod +x script``). - -All the scripts will go to the configuration folder, where the top level -contains global scripts, and each folder with a repository names -contains the scripts that will run for that repository. - -The configuration folder also contains a configuration file -(``config.toml``) where you specify the list of repository urls, and -further parameters like timeouts in seconds. - -See the ``example`` folder for a specific example. - -Options -------- - -:: - - Usage of ./citrus: - -conf string - config directory - -debug - enable debug output - -docker - run tests in a docker container - -force - force an initial run even if repositories were not updated - -no-update - don't update the repositories - -no-web - don't run the web backend - -one-shot - run tests only once - -quiet - output warnings and errors only - -web-only - run web backend only - -Screenshots ------------ - -.. figure:: ./screenshot.png - :alt: Results Screenshot - - Results Screenshot - -Citrus also supports a night theme :) - -Other ------ - -The css style used in the web backend is based on the `the μ css -framework `__. - -License -------- - -GPLv3, see ``LICENSE.txt`` diff --git a/source/iden3_repos/citrus/logo.png b/source/iden3_repos/citrus/logo.png deleted file mode 100644 index 6e71134..00000000 Binary files a/source/iden3_repos/citrus/logo.png and /dev/null differ diff --git a/source/iden3_repos/citrus/screenshot.png b/source/iden3_repos/citrus/screenshot.png deleted file mode 100644 index 889ff46..00000000 Binary files a/source/iden3_repos/citrus/screenshot.png and /dev/null differ diff --git a/source/iden3_repos/discovery-node/README.rst b/source/iden3_repos/discovery-node/README.rst index 2dd62c3..ea3ab65 100644 --- a/source/iden3_repos/discovery-node/README.rst +++ b/source/iden3_repos/discovery-node/README.rst @@ -4,8 +4,8 @@ Overview .. contents:: :depth: 3 -discovery-node |Go Report Card| |GoDoc| -======================================= +discovery-node `Go Report Card `__ `GoDoc `__ +================================================================================================================================================================= Draft implementation of ``discovery-node`` of the decentralized discovery protocol over Pss Swarm @@ -28,7 +28,7 @@ each identity trusts its active discovery-node Node Storage ^^^^^^^^^^^^ -The ``discovery-node`` data storage is a leveldb database. It's +The ``discovery-node`` data storage is a leveldb database. It’s organized with prefixes, where each type of data is stored under a prefix. @@ -36,7 +36,7 @@ Databases: - ``dbOwnIds``: holds the data about the identities that the ``discovery-node`` manages - ``dbAnswCache``: holds the data about the discovered identites. Each data packet of a discovered identity, has a ``timestamp``, the data packets are valid under a time window where the -``timestamp`` allows to determine if it's already valed or is too old +``timestamp`` allows to determine if it’s already valed or is too old Sample discovery flow ^^^^^^^^^^^^^^^^^^^^^ @@ -76,7 +76,7 @@ Discovery flow: network under the topic ``id_discovery`` - the ``Requester`` waits a configured amount of time, if the - ``Answer`` don't comes inside that time window, returns an error + ``Answer`` don’t comes inside that time window, returns an error msg through https to the ``user`` 5. the ``Id_Agent`` server of that identity will receive the ``Query`` @@ -91,20 +91,20 @@ Discovery flow: :: - Requester Id_Agent - + + - | | - * 1 | - * 2 | - * 3 | - | 4 | - +--------------------------->+ - | * 5 - | 6 | - +<---------------------------+ - * 7 | - | | - + + + Requester Id_Agent + + + + | | + * 1 | + * 2 | + * 3 | + | 4 | + +--------------------------->+ + | * 5 + | 6 | + +<---------------------------+ + * 7 | + | | + + + Data structures ^^^^^^^^^^^^^^^ @@ -114,41 +114,41 @@ Each data packet that is sent over the network, goes with a .. code:: go - // Service holds the data about a node service (can be a Relay, a NameServer, a DiscoveryNode, etc) - type Service struct { - IdAddr common.Address - KademliaAddr []byte // Kademlia address - PssPubK PubK // Public Key of the pss node, to receive encrypted data packets - Url string - Type string // TODO define type specification (relay, nameserver, etc) - Mode string // Active or Passive(gateway) (this only affects to discovery-node's type) - ProofService []byte // TODO ProofClaimService data type (to be defined) - } - - // Query is the data packet that a node sends to discover data about one identity - type Query struct { - Version string // version of the protocol - MsgId string // random msg id, to identify and relate Query and Answer - AboutId common.Address // About Who is requesting data (about which identity address) - RequesterId common.Address - RequesterKAddr []byte // Kademlia address - RequesterPssPubK PubK // Public Key of the pss node requester, to receive encrypted data packets - InfoFrom []byte // TODO to be defined - Timestamp int64 - Nonce uint64 // for the PoW - } - - // Answer is the data packet that a node sends when answering to a Query data packet - type Answer struct { - Version string // version of the protocol - MsgId string // random msg id, to identify and relate Query and Answer - AboutId common.Address - FromId common.Address - AgentId Service - Services []Service - Timestamp int64 - Signature []byte - } + // Service holds the data about a node service (can be a Relay, a NameServer, a DiscoveryNode, etc) + type Service struct { + IdAddr common.Address + KademliaAddr []byte // Kademlia address + PssPubK PubK // Public Key of the pss node, to receive encrypted data packets + Url string + Type string // TODO define type specification (relay, nameserver, etc) + Mode string // Active or Passive(gateway) (this only affects to discovery-node's type) + ProofService []byte // TODO ProofClaimService data type (to be defined) + } + + // Query is the data packet that a node sends to discover data about one identity + type Query struct { + Version string // version of the protocol + MsgId string // random msg id, to identify and relate Query and Answer + AboutId common.Address // About Who is requesting data (about which identity address) + RequesterId common.Address + RequesterKAddr []byte // Kademlia address + RequesterPssPubK PubK // Public Key of the pss node requester, to receive encrypted data packets + InfoFrom []byte // TODO to be defined + Timestamp int64 + Nonce uint64 // for the PoW + } + + // Answer is the data packet that a node sends when answering to a Query data packet + type Answer struct { + Version string // version of the protocol + MsgId string // random msg id, to identify and relate Query and Answer + AboutId common.Address + FromId common.Address + AgentId Service + Services []Service + Timestamp int64 + Signature []byte + } Run ~~~ @@ -158,14 +158,14 @@ Run one node :: - go run *.go --config config0.yaml start + go run *.go --config config0.yaml start Run 3 nodes and test endpoints ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :: - bash run-tmux-demo.sh + bash run-tmux-demo.sh Test ~~~~ @@ -174,9 +174,4 @@ Unit tests: :: - go test ./... - -.. |Go Report Card| image:: https://goreportcard.com/badge/github.com/iden3/discovery-node - :target: https://goreportcard.com/report/github.com/iden3/discovery-node -.. |GoDoc| image:: https://godoc.org/github.com/iden3/discovery-node?status.svg - :target: https://godoc.org/github.com/iden3/discovery-node + go test ./... diff --git a/source/iden3_repos/go-iden3/README.rst b/source/iden3_repos/go-iden3/README.rst index 93d34a6..ec35d3d 100644 --- a/source/iden3_repos/go-iden3/README.rst +++ b/source/iden3_repos/go-iden3/README.rst @@ -9,14 +9,16 @@ go-iden3 Go implementation of the iden3 system. -|Go Report Card| |Build Status| +`Go Report +Card `__ +`Build Status `__ Install ------- :: - $ go get github.com/iden3/go-iden3 + $ go get github.com/iden3/go-iden3 Usage ----- @@ -31,12 +33,31 @@ Usage Documentation ------------- -Go Modules documentation: - |GoDoc| common - |GoDoc| core - |GoDoc| db - -|GoDoc| eth - |GoDoc| crypto - |GoDoc| merkletree - |GoDoc| utils - -|GoDoc| services/backupsrv - |GoDoc| services/centrauthsrv - |GoDoc| -services/claimsrv - |GoDoc| services/identitysrv - |GoDoc| -services/mongosrv - |GoDoc| services/namesrv - |GoDoc| services/rootsrv -- |GoDoc| services/signsrv +Go Modules documentation: - +`GoDoc `__ common - +`GoDoc `__ core - +`GoDoc `__ db - +`GoDoc `__ eth - +`GoDoc `__ crypto - +`GoDoc `__ +merkletree - +`GoDoc `__ utils - +`GoDoc `__ +services/backupsrv - +`GoDoc `__ +services/centrauthsrv - +`GoDoc `__ +services/claimsrv - +`GoDoc `__ +services/identitysrv - +`GoDoc `__ +services/mongosrv - +`GoDoc `__ +services/namesrv - +`GoDoc `__ +services/rootsrv - +`GoDoc `__ +services/signsrv Testing ------- @@ -54,38 +75,3 @@ License go-iden3 is part of the iden3 project copyright 2018 0kims association and published with GPL-3 license, please check the LICENSE file for more details. - -.. |Go Report Card| image:: https://goreportcard.com/badge/github.com/iden3/go-iden3 - :target: https://goreportcard.com/report/github.com/iden3/go-iden3 -.. |Build Status| image:: https://travis-ci.org/iden3/go-iden3.svg?branch=master - :target: https://travis-ci.org/iden3/go-iden3 -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/common?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/common -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/core?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/core -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/db?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/db -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/eth?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/eth -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/crypto?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/crypto -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/merkletree?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/merkletree -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/utils?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/utils -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/services/backupsrv?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/services/backupsrv -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/services/centrauthsrv?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/services/centrauthsrv -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/services/claimsrv?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/services/claimsrv -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/services/identitysrv?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/services/identitysrv -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/services/mongosrv?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/services/mongosrv -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/services/namesrv?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/services/namesrv -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/services/rootsrv?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/services/rootsrv -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/services/signsrv?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/services/signsrv diff --git a/source/iden3_repos/go-iden3/Relay.rst b/source/iden3_repos/go-iden3/Relay.rst index 61e6a08..f3df593 100644 --- a/source/iden3_repos/go-iden3/Relay.rst +++ b/source/iden3_repos/go-iden3/Relay.rst @@ -17,10 +17,10 @@ To run a relay we need to build the contracts used for iden3: :: - git clone https://github.com/iden3/contracts - cd contracts - npm install - node_modules/.bin/truffle compile + git clone https://github.com/iden3/contracts + cd contracts + npm install + node_modules/.bin/truffle compile Then we create a keystore protected by a password. First you need to install `geth `__. Then run the @@ -29,44 +29,44 @@ example): :: - echo "THEPASSWORD" > config-path/keystore.password - geth account new --keystore config-path/keystore # Input the same password as the one stored in keystore.password + echo "THEPASSWORD" > config-path/keystore.password + geth account new --keystore config-path/keystore # Input the same password as the one stored in keystore.password Then we will need to have a config file ``config.yaml`` with the following data: .. code:: yaml - server: - serviceapi: 127.0.0.1:8000 - adminapi: 127.0.0.1:8001 - - web3: - url: http://web3-gateway-url - - keystore: - path: config-path/keystore - address: 0xe0fbce58cfaa72812103f003adce3f284fe5fc7c - password: config-path/keystore.password - - contracts: - rootcommits: - jsonabi: contracts-repo-path/build/contracts/RootCommits.json - address: 0x6A6E04938d66Df5717ec4774E0ca181077e842ed - iden3impl: - jsonabi: contracts-repo-path/build/contracts/IDen3Impl.json - address: 0x66D0c2F85F1B717168cbB508AfD1c46e07227130 - iden3deployer: - jsonabi: contracts-repo-path/build/contracts/Deployer.json - address: 0xf02e236F9F6C08966DD63B9fB9C04764E01b0563 - iden3proxy: - jsonabi: contracts-repo-path/build/contracts/IDen3DelegateProxy.json - - storage: - path: /tmp/treedb - - domain: iden3.io - namespace: iden3.io + server: + serviceapi: 127.0.0.1:8000 + adminapi: 127.0.0.1:8001 + + web3: + url: http://web3-gateway-url + + keystore: + path: config-path/keystore + address: 0xe0fbce58cfaa72812103f003adce3f284fe5fc7c + password: config-path/keystore.password + + contracts: + rootcommits: + jsonabi: contracts-repo-path/build/contracts/RootCommits.json + address: 0x6A6E04938d66Df5717ec4774E0ca181077e842ed + iden3impl: + jsonabi: contracts-repo-path/build/contracts/IDen3Impl.json + address: 0x66D0c2F85F1B717168cbB508AfD1c46e07227130 + iden3deployer: + jsonabi: contracts-repo-path/build/contracts/Deployer.json + address: 0xf02e236F9F6C08966DD63B9fB9C04764E01b0563 + iden3proxy: + jsonabi: contracts-repo-path/build/contracts/IDen3DelegateProxy.json + + storage: + path: /tmp/treedb + + domain: iden3.io + namespace: iden3.io Running the relay ~~~~~~~~~~~~~~~~~ @@ -75,19 +75,19 @@ In the ``go-iden3/cmd/relay`` directory, run: :: - go run main.go --config path-to-config/config.yaml start + go run main.go --config path-to-config/config.yaml start Also can be built using: :: - go build + go build And then execute: :: - ./relay + ./relay API Endpoints ------------- @@ -99,10 +99,10 @@ Returns: .. code:: js - { - "contractRoot": "0x0000000000000000000000000000000000000000000000000000000000000000", - "root": "0x0458f3531f8292918aabef2d5f1c5a0c35da251c66c3f9d33eb4077e9ed0ec36" - } + { + "contractRoot": "0x0000000000000000000000000000000000000000000000000000000000000000", + "root": "0x0458f3531f8292918aabef2d5f1c5a0c35da251c66c3f9d33eb4077e9ed0ec36" + } POST http://127.0.0.1:8000/api/v0.1/claim/:idaddr ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -111,52 +111,52 @@ Input: .. code:: js - { - "valueHex": "0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 - 0000000000025521b25f396b1f62fcc46ce5b9a6b53684d5649958d83d79b5bb6711aa270000000000000000000000000000000000009105000000000000000000000004" - , - "signatureHex": "0xd7cfe7c0935e27a6ce3c587da2f55a5f6765b859f57baddd22a232bf12563ac60cd91f6c1046acfd2c3d148f9d082e0ec194d72f3f1b2ead7985 - 9809fa09bcae1c", - "ksignpk": "0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833" - } + { + "valueHex": "0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000025521b25f396b1f62fcc46ce5b9a6b53684d5649958d83d79b5bb6711aa270000000000000000000000000000000000009105000000000000000000000004" + , + "signatureHex": "0xd7cfe7c0935e27a6ce3c587da2f55a5f6765b859f57baddd22a232bf12563ac60cd91f6c1046acfd2c3d148f9d082e0ec194d72f3f1b2ead7985 + 9809fa09bcae1c", + "ksignpk": "0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833" + } Returns: .. code:: js - { - "proofClaim": { - "proofs": [ - { - "mtp0": "0x00030000000000000000000000000000000000000000000000000000000000041d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8 - ad761c3922", - "mtp1": "0x0303000000000000000000000000000000000000000000000000000000000004294c2853becf85699f4d65fa57bd43e5c2e7087e23945d2c5ec52f - 903443139728f8267fb21e8ce0cdd9888a6e532764eb8d52dd6c1e354157c78b7ea281ce801541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224bae - d", - "root": "0x26815c474fa21c55dbef8e8628fc418946b147278f42402db7f07e4324ae9c5f", - "aux": { - "version": 1, - "era": 0, - "ethAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22" - } - }, - { - "mtp0": "0x0001000000000000000000000000000000000000000000000000000000000001083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59 - fad48f8199", - "mtp1": "0x0301000000000000000000000000000000000000000000000000000000000001296c58506f1f3ecb09122a8eac285cd363840e2da8180d61188f0a - c78189b96a182adc955c46e6629ac74027ded0c843c7c65e8c3c4f12f77add56500f9f402e25451237d9133b0f5c1386b7b822f382cb14c5fff612a913956ef5436fb6208 - a", - "root": "0x141a1d2dceec7ff08497d15fc092f18ac460c8654ff9fed6626c1d66eeb3c75b", - "aux": null - } - ], - "leaf": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 - 00000000025521b25f396b1f62fcc46ce5b9a6b53684d5649958d83d79b5bb6711aa270000000000000000000000000000000000009105000000000000000000000004", - "date": 1548849932, - "signature": "0x224dca4c57fb4c4bb946ec1ba82cf46d2f12da5a1a73fe143bfcd3ae20212975519c9d711ce2c4e414eae950b28be741e6b9721cd663d71fb2a48 - 44efa5a84ed00" - } - } + { + "proofClaim": { + "proofs": [ + { + "mtp0": "0x00030000000000000000000000000000000000000000000000000000000000041d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8 + ad761c3922", + "mtp1": "0x0303000000000000000000000000000000000000000000000000000000000004294c2853becf85699f4d65fa57bd43e5c2e7087e23945d2c5ec52f + 903443139728f8267fb21e8ce0cdd9888a6e532764eb8d52dd6c1e354157c78b7ea281ce801541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224bae + d", + "root": "0x26815c474fa21c55dbef8e8628fc418946b147278f42402db7f07e4324ae9c5f", + "aux": { + "version": 1, + "era": 0, + "ethAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22" + } + }, + { + "mtp0": "0x0001000000000000000000000000000000000000000000000000000000000001083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59 + fad48f8199", + "mtp1": "0x0301000000000000000000000000000000000000000000000000000000000001296c58506f1f3ecb09122a8eac285cd363840e2da8180d61188f0a + c78189b96a182adc955c46e6629ac74027ded0c843c7c65e8c3c4f12f77add56500f9f402e25451237d9133b0f5c1386b7b822f382cb14c5fff612a913956ef5436fb6208 + a", + "root": "0x141a1d2dceec7ff08497d15fc092f18ac460c8654ff9fed6626c1d66eeb3c75b", + "aux": null + } + ], + "leaf": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 00000000025521b25f396b1f62fcc46ce5b9a6b53684d5649958d83d79b5bb6711aa270000000000000000000000000000000000009105000000000000000000000004", + "date": 1548849932, + "signature": "0x224dca4c57fb4c4bb946ec1ba82cf46d2f12da5a1a73fe143bfcd3ae20212975519c9d711ce2c4e414eae950b28be741e6b9721cd663d71fb2a48 + 44efa5a84ed00" + } + } GET http://127.0.0.1:8000/api/v0.1/claim/:idaddr/root ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -165,52 +165,52 @@ Returns: .. code:: js - { - "idRoot": "0x0000000000000000000000000000000000000000000000000000000000000000", - "idRootProof": "0x01020000000000000000000000000000000000000000000000000000000000030df6a62218b641b022bbd990303ec57411ebfe24965af84a7d3e4 - dc8e92d46bb2c7df576dfac28d7b2a9a534e1d099e0438f04f66bebaa03a2349860d26e2e62", - "root": "0x0458f3531f8292918aabef2d5f1c5a0c35da251c66c3f9d33eb4077e9ed0ec36" - } + { + "idRoot": "0x0000000000000000000000000000000000000000000000000000000000000000", + "idRootProof": "0x01020000000000000000000000000000000000000000000000000000000000030df6a62218b641b022bbd990303ec57411ebfe24965af84a7d3e4 + dc8e92d46bb2c7df576dfac28d7b2a9a534e1d099e0438f04f66bebaa03a2349860d26e2e62", + "root": "0x0458f3531f8292918aabef2d5f1c5a0c35da251c66c3f9d33eb4077e9ed0ec36" + } -GET http://127.0.0.1:8000/api/v0.1/claim\_proof/idaddr/:idaddr/hi/:hi -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +GET http://127.0.0.1:8000/api/v0.1/claim_proof/idaddr/:idaddr/hi/:hi +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4eb8d52dd6c1e354157c78b7ea281ce80 Returns: .. code:: js - { - "proofClaim": { - "proofs": [ - { - "mtp0": "0x00030000000000000000000000000000000000000000000000000000000000051b12c5489d45a9759a0aa761b4031fc4fa4afac3d6315273eecd13 - 58d562b9de294c2853becf85699f4d65fa57bd43e5c2e7087e23945d2c5ec52f9034431397", - "mtp1": "0x03030000000000000000000000000000000000000000000000000000000000051b12c5489d45a9759a0aa761b4031fc4fa4afac3d6315273eecd13 - 58d562b9de1d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c39221a81d39b8b3f86e7a4b3df400dcb541f478df56414d3bd0d4b3cfa2f8e7df07 - c1541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224baed", - "root": "0x1a99534d2fad42577649c8fa0af4c2b5610f316f7bf29814ba36a2c4f1e76c21", - "aux": { - "version": 2, - "era": 0, - "ethAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22" - } - }, - { - "mtp0": "0x00020000000000000000000000000000000000000000000000000000000000031744e6cadba4793eacdfb8d32e955ea12f976b72cef88059e09bb5 - f6ea5d9de0083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f8199", - "mtp1": "0x01020000000000000000000000000000000000000000000000000000000000030df6a62218b641b022bbd990303ec57411ebfe24965af84a7d3e4d - c8e92d46bb2c7df576dfac28d7b2a9a534e1d099e0438f04f66bebaa03a2349860d26e2e62", - "root": "0x0458f3531f8292918aabef2d5f1c5a0c35da251c66c3f9d33eb4077e9ed0ec36", - "aux": null - } - ], - "leaf": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 - 0000000003c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff50000000000000000000000000000000000007833000000000000000000000004", - "date": 1548849932, - "signature": "0xd18b60beb56a40dcb4ad5648d3b7d122137aa75f96c858cd1e8f0999cb02f35255897d9a6cbbf9df02745c36e6ac4ad2a7a839b81ae4941bcbd4c - 0136cb76b5200" - } - } + { + "proofClaim": { + "proofs": [ + { + "mtp0": "0x00030000000000000000000000000000000000000000000000000000000000051b12c5489d45a9759a0aa761b4031fc4fa4afac3d6315273eecd13 + 58d562b9de294c2853becf85699f4d65fa57bd43e5c2e7087e23945d2c5ec52f9034431397", + "mtp1": "0x03030000000000000000000000000000000000000000000000000000000000051b12c5489d45a9759a0aa761b4031fc4fa4afac3d6315273eecd13 + 58d562b9de1d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c39221a81d39b8b3f86e7a4b3df400dcb541f478df56414d3bd0d4b3cfa2f8e7df07 + c1541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224baed", + "root": "0x1a99534d2fad42577649c8fa0af4c2b5610f316f7bf29814ba36a2c4f1e76c21", + "aux": { + "version": 2, + "era": 0, + "ethAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22" + } + }, + { + "mtp0": "0x00020000000000000000000000000000000000000000000000000000000000031744e6cadba4793eacdfb8d32e955ea12f976b72cef88059e09bb5 + f6ea5d9de0083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f8199", + "mtp1": "0x01020000000000000000000000000000000000000000000000000000000000030df6a62218b641b022bbd990303ec57411ebfe24965af84a7d3e4d + c8e92d46bb2c7df576dfac28d7b2a9a534e1d099e0438f04f66bebaa03a2349860d26e2e62", + "root": "0x0458f3531f8292918aabef2d5f1c5a0c35da251c66c3f9d33eb4077e9ed0ec36", + "aux": null + } + ], + "leaf": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000003c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff50000000000000000000000000000000000007833000000000000000000000004", + "date": 1548849932, + "signature": "0xd18b60beb56a40dcb4ad5648d3b7d122137aa75f96c858cd1e8f0999cb02f35255897d9a6cbbf9df02745c36e6ac4ad2a7a839b81ae4941bcbd4c + 0136cb76b5200" + } + } POST http://127.0.0.1:8000/api/v0.1/id ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -219,46 +219,46 @@ Input: .. code:: js - { - "operationalpk": "0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833", - "recoverer": "0xf3c9f94e4eaffef676d4fd3b4fc2732044caea91", - "revokator": "0xb07079bd6238fa845dc77bbce3ec2edf98ffe735" - } + { + "operationalpk": "0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833", + "recoverer": "0xf3c9f94e4eaffef676d4fd3b4fc2732044caea91", + "revokator": "0xb07079bd6238fa845dc77bbce3ec2edf98ffe735" + } Returns: .. code:: js - { - "idaddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22", - "proofClaim": { - "proofs": [ - { - "mtp0": "0x0000000000000000000000000000000000000000000000000000000000000000", - "mtp1": "0x030000000000000000000000000000000000000000000000000000000000000028f8267fb21e8ce0cdd9888a6e532764eb8d52dd6c1e354157c78b - 7ea281ce801541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224baed", - "root": "0x1d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c3922", - "aux": { - "version": 0, - "era": 0, - "ethAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22" - } - }, - { - "mtp0": "0x0000000000000000000000000000000000000000000000000000000000000000", - "mtp1": "0x0300000000000000000000000000000000000000000000000000000000000000182adc955c46e6629ac74027ded0c843c7c65e8c3c4f12f77add56 - 500f9f402e25451237d9133b0f5c1386b7b822f382cb14c5fff612a913956ef5436fb6208a", - "root": "0x083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f8199", - "aux": null - } - ], - "leaf": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 - 0000000003c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff50000000000000000000000000000000000007833000000000000000000000004", - "date": 1548849932, - "signature": "0x65312b0604555dd6a406e394d2174bae040a22c13143d3f97b282d55619315765e4fb4f783aa4c26979dc9bbe51ff6c17c1176f57c140a3120e3e - 3d2f9044f1001" - } - } + { + "idaddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22", + "proofClaim": { + "proofs": [ + { + "mtp0": "0x0000000000000000000000000000000000000000000000000000000000000000", + "mtp1": "0x030000000000000000000000000000000000000000000000000000000000000028f8267fb21e8ce0cdd9888a6e532764eb8d52dd6c1e354157c78b + 7ea281ce801541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224baed", + "root": "0x1d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c3922", + "aux": { + "version": 0, + "era": 0, + "ethAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22" + } + }, + { + "mtp0": "0x0000000000000000000000000000000000000000000000000000000000000000", + "mtp1": "0x0300000000000000000000000000000000000000000000000000000000000000182adc955c46e6629ac74027ded0c843c7c65e8c3c4f12f77add56 + 500f9f402e25451237d9133b0f5c1386b7b822f382cb14c5fff612a913956ef5436fb6208a", + "root": "0x083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f8199", + "aux": null + } + ], + "leaf": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000003c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff50000000000000000000000000000000000007833000000000000000000000004", + "date": 1548849932, + "signature": "0x65312b0604555dd6a406e394d2174bae040a22c13143d3f97b282d55619315765e4fb4f783aa4c26979dc9bbe51ff6c17c1176f57c140a3120e3e + 3d2f9044f1001" + } + } GET http://127.0.0.1:8000/api/v0.1/id/0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -267,26 +267,26 @@ Returns: .. code:: js - { - "IdAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22", - "LocalDb": { - "Operational": "0xc7d89fe96acdb257b434bf580b8e6eb677d445a9", - "OperationalPk": "0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833", - "Relayer": "0xe0fbce58cfaa72812103f003adce3f284fe5fc7c", - "Recoverer": "0xf3c9f94e4eaffef676d4fd3b4fc2732044caea91", - "Revokator": "0xb07079bd6238fa845dc77bbce3ec2edf98ffe735", - "Impl": "0x66d0c2f85f1b717168cbb508afd1c46e07227130" - }, - "Onchain": { - "Codehash": "0x4fec321ffcfdd48cdbe4d02553acb18ddb04cd5c6a78bcaf86e87834b1f3d0ee", - "Impl": "0x66d0c2f85f1b717168cbb508afd1c46e07227130", - "Recoverer": "0xf3c9f94e4eaffef676d4fd3b4fc2732044caea91", - "RecovererProp": "0x0000000000000000000000000000000000000000", - "Revoker": "0xb07079bd6238fa845dc77bbce3ec2edf98ffe735", - "Relay": "0xe0fbce58cfaa72812103f003adce3f284fe5fc7c", - "LastNonce": 0 - } - } + { + "IdAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22", + "LocalDb": { + "Operational": "0xc7d89fe96acdb257b434bf580b8e6eb677d445a9", + "OperationalPk": "0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833", + "Relayer": "0xe0fbce58cfaa72812103f003adce3f284fe5fc7c", + "Recoverer": "0xf3c9f94e4eaffef676d4fd3b4fc2732044caea91", + "Revokator": "0xb07079bd6238fa845dc77bbce3ec2edf98ffe735", + "Impl": "0x66d0c2f85f1b717168cbb508afd1c46e07227130" + }, + "Onchain": { + "Codehash": "0x4fec321ffcfdd48cdbe4d02553acb18ddb04cd5c6a78bcaf86e87834b1f3d0ee", + "Impl": "0x66d0c2f85f1b717168cbb508afd1c46e07227130", + "Recoverer": "0xf3c9f94e4eaffef676d4fd3b4fc2732044caea91", + "RecovererProp": "0x0000000000000000000000000000000000000000", + "Revoker": "0xb07079bd6238fa845dc77bbce3ec2edf98ffe735", + "Relay": "0xe0fbce58cfaa72812103f003adce3f284fe5fc7c", + "LastNonce": 0 + } + } POST http://127.0.0.1:8000/api/v0.1/id/:idaddr/deploy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -295,16 +295,16 @@ Input: .. code:: js - {} + {} Returns: .. code:: js - { - idaddr: '0x8435ebb41634c05019be1710be0007fa0d92861f', - tx: '0x403859ccc701eb358d3a25c908c33de733cbb2d0ebc1c7738eed4908cc8cf5c4' - } + { + idaddr: '0x8435ebb41634c05019be1710be0007fa0d92861f', + tx: '0x403859ccc701eb358d3a25c908c33de733cbb2d0ebc1c7738eed4908cc8cf5c4' + } POST http://127.0.0.1:8000/api/v0.1/vinculateid ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -313,43 +313,43 @@ Input: .. code:: js - { - "ethAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22", - "name": "testName", - "signature": "0x8526016fb5f0fda5d04b37725768a82f17c7886541445304730bcf021c96e5ce6181b3a6e1d1ca4faa68f802d169514664f576d006fe872e646c96a - e9a75d6c11c", - "ksignpk": "0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833" - } + { + "ethAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22", + "name": "testName", + "signature": "0x8526016fb5f0fda5d04b37725768a82f17c7886541445304730bcf021c96e5ce6181b3a6e1d1ca4faa68f802d169514664f576d006fe872e646c96a + e9a75d6c11c", + "ksignpk": "0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833" + } Returns: .. code:: js - { - "claimAssignName": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f371550 - 7449f3a8e1f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000 - 000003", - "ethAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22", - "name": "testName", - "proofClaimAssignName": { - "proofs": [ - { - "mtp0": "0x00070000000000000000000000000000000000000000000000000000000000410df6a62218b641b022bbd990303ec57411ebfe24965af84a7d3e4d - c8e92d46bb296c58506f1f3ecb09122a8eac285cd363840e2da8180d61188f0ac78189b96a", - "mtp1": "0x03020000000000000000000000000000000000000000000000000000000000031744e6cadba4793eacdfb8d32e955ea12f976b72cef88059e09bb5 - f6ea5d9de0083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f8199137896c5dde3243fba9080cd9eb1aad51a293091da7afd15b05f54a82a4633a - c10b8436ad110ba4812e91e282ef9ef833006cda841f9121345a2eb8f76ed09bd", - "root": "0x0458f3531f8292918aabef2d5f1c5a0c35da251c66c3f9d33eb4077e9ed0ec36", - "aux": null - } - ], - "leaf": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f3715507449f3a8e - 1f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000000003", - "date": 1548849932, - "signature": "0xd18b60beb56a40dcb4ad5648d3b7d122137aa75f96c858cd1e8f0999cb02f35255897d9a6cbbf9df02745c36e6ac4ad2a7a839b81ae4941bcbd4c - 0136cb76b5200" - } - } + { + "claimAssignName": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f371550 + 7449f3a8e1f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000 + 000003", + "ethAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22", + "name": "testName", + "proofClaimAssignName": { + "proofs": [ + { + "mtp0": "0x00070000000000000000000000000000000000000000000000000000000000410df6a62218b641b022bbd990303ec57411ebfe24965af84a7d3e4d + c8e92d46bb296c58506f1f3ecb09122a8eac285cd363840e2da8180d61188f0ac78189b96a", + "mtp1": "0x03020000000000000000000000000000000000000000000000000000000000031744e6cadba4793eacdfb8d32e955ea12f976b72cef88059e09bb5 + f6ea5d9de0083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f8199137896c5dde3243fba9080cd9eb1aad51a293091da7afd15b05f54a82a4633a + c10b8436ad110ba4812e91e282ef9ef833006cda841f9121345a2eb8f76ed09bd", + "root": "0x0458f3531f8292918aabef2d5f1c5a0c35da251c66c3f9d33eb4077e9ed0ec36", + "aux": null + } + ], + "leaf": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f3715507449f3a8e + 1f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000000003", + "date": 1548849932, + "signature": "0xd18b60beb56a40dcb4ad5648d3b7d122137aa75f96c858cd1e8f0999cb02f35255897d9a6cbbf9df02745c36e6ac4ad2a7a839b81ae4941bcbd4c + 0136cb76b5200" + } + } GET http://127.0.0.1:8000/api/v0.1/identities/resolv/testName@iden3.io ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -358,26 +358,26 @@ Returns: .. code:: js - { - "claim": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f3715507449f3a8e1 - f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000000003", - "ethAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22", - "proofClaimAssignName": { - "proofs": [ - { - "mtp0": "0x00070000000000000000000000000000000000000000000000000000000000410df6a62218b641b022bbd990303ec57411ebfe24965af84a7d3e4d - c8e92d46bb296c58506f1f3ecb09122a8eac285cd363840e2da8180d61188f0ac78189b96a", - "mtp1": "0x03020000000000000000000000000000000000000000000000000000000000031744e6cadba4793eacdfb8d32e955ea12f976b72cef88059e09bb5 - f6ea5d9de0083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f8199137896c5dde3243fba9080cd9eb1aad51a293091da7afd15b05f54a82a4633a - c10b8436ad110ba4812e91e282ef9ef833006cda841f9121345a2eb8f76ed09bd", - "root": "0x0458f3531f8292918aabef2d5f1c5a0c35da251c66c3f9d33eb4077e9ed0ec36", - "aux": null - } - ], - "leaf": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f3715507449f3a8e - 1f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000000003", - "date": 1548849932, - "signature": "0xd18b60beb56a40dcb4ad5648d3b7d122137aa75f96c858cd1e8f0999cb02f35255897d9a6cbbf9df02745c36e6ac4ad2a7a839b81ae4941bcbd4c - 0136cb76b5200" - } - } + { + "claim": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f3715507449f3a8e1 + f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000000003", + "ethAddr": "0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22", + "proofClaimAssignName": { + "proofs": [ + { + "mtp0": "0x00070000000000000000000000000000000000000000000000000000000000410df6a62218b641b022bbd990303ec57411ebfe24965af84a7d3e4d + c8e92d46bb296c58506f1f3ecb09122a8eac285cd363840e2da8180d61188f0ac78189b96a", + "mtp1": "0x03020000000000000000000000000000000000000000000000000000000000031744e6cadba4793eacdfb8d32e955ea12f976b72cef88059e09bb5 + f6ea5d9de0083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f8199137896c5dde3243fba9080cd9eb1aad51a293091da7afd15b05f54a82a4633a + c10b8436ad110ba4812e91e282ef9ef833006cda841f9121345a2eb8f76ed09bd", + "root": "0x0458f3531f8292918aabef2d5f1c5a0c35da251c66c3f9d33eb4077e9ed0ec36", + "aux": null + } + ], + "leaf": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f3715507449f3a8e + 1f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000000003", + "date": 1548849932, + "signature": "0xd18b60beb56a40dcb4ad5648d3b7d122137aa75f96c858cd1e8f0999cb02f35255897d9a6cbbf9df02745c36e6ac4ad2a7a839b81ae4941bcbd4c + 0136cb76b5200" + } + } diff --git a/source/iden3_repos/go-iden3/cmd/backupserver/README.rst b/source/iden3_repos/go-iden3/cmd/backupserver/README.rst index 3dc4931..5bdc202 100644 --- a/source/iden3_repos/go-iden3/cmd/backupserver/README.rst +++ b/source/iden3_repos/go-iden3/cmd/backupserver/README.rst @@ -12,26 +12,26 @@ Backup Service :: - Wallet Backup Service - + + - | /register | - +------------------------>+ - | 200 OK | - +<------------------------+ - | | - | | - | /backup/upload | - +------------------------>+ - | 200 OK | - +<------------------------+ - | | - | | - | /backup/download | - +------------------------>+ - | {backup} | - +<------------------------+ - | | - + + + Wallet Backup Service + + + + | /register | + +------------------------>+ + | 200 OK | + +<------------------------+ + | | + | | + | /backup/upload | + +------------------------>+ + | 200 OK | + +<------------------------+ + | | + | | + | /backup/download | + +------------------------>+ + | {backup} | + +<------------------------+ + | | + + + Endpoints ~~~~~~~~~ @@ -40,62 +40,62 @@ Endpoints - in: - .. code:: js + .. code:: js - { + { username: "", password: "" - } + } - out: - :: + :: - 200 OK + 200 OK - POST /backup/upload - in: - .. code:: js + .. code:: js - { + { username: "", password: "" backup: "base64" - } + } - out: - :: + :: - 200 OK + 200 OK - POST /backup/download - in: - .. code:: js + .. code:: js - { + { username: "", password: "" - } + } - out: - .. code:: js + .. code:: js - { + { backup: "base64" - } + } - ERROR - out: - .. code:: js + .. code:: js - { + { error: "msg" - } + } diff --git a/source/iden3_repos/go-iden3/crypto/README.rst b/source/iden3_repos/go-iden3/crypto/README.rst index b6f7a94..e720cfc 100644 --- a/source/iden3_repos/go-iden3/crypto/README.rst +++ b/source/iden3_repos/go-iden3/crypto/README.rst @@ -4,8 +4,8 @@ Crypto .. contents:: :depth: 3 -crypto |GoDoc| -============== +crypto `GoDoc `__ +===================================================================== iden3 crypto Go package @@ -18,26 +18,23 @@ Usage: .. code:: go - package main - - import ( - "math/big" - "github.com/iden3/go-iden3/crypto/mimc7" - ) - - func mimc7Example() { - // for this example, define an array of big ints to hash - b1 := big.NewInt(int64(1)) - b2 := big.NewInt(int64(2)) - b3 := big.NewInt(int64(3)) - bigArr := []*big.Int{b1, b2, b3} - arr, err := mimc7.BigIntsToRElems(bigArr) - - // mimc7 hash - h := mimc7.Hash(arr) - fmt.Println((*big.Int)(h).String()) - // h == 10001192134743444757278983923787274376044444355175924720153500128284360571540 - } - -.. |GoDoc| image:: https://godoc.org/github.com/iden3/go-iden3/crypto?status.svg - :target: https://godoc.org/github.com/iden3/go-iden3/crypto + package main + + import ( + "math/big" + "github.com/iden3/go-iden3/crypto/mimc7" + ) + + func mimc7Example() { + // for this example, define an array of big ints to hash + b1 := big.NewInt(int64(1)) + b2 := big.NewInt(int64(2)) + b3 := big.NewInt(int64(3)) + bigArr := []*big.Int{b1, b2, b3} + arr, err := mimc7.BigIntsToRElems(bigArr) + + // mimc7 hash + h := mimc7.Hash(arr) + fmt.Println((*big.Int)(h).String()) + // h == 10001192134743444757278983923787274376044444355175924720153500128284360571540 + } diff --git a/source/iden3_repos/go-iden3/merkletreeDoc/merkletree.rst b/source/iden3_repos/go-iden3/merkletreeDoc/merkletree.rst index fda1782..bf97d7d 100644 --- a/source/iden3_repos/go-iden3/merkletreeDoc/merkletree.rst +++ b/source/iden3_repos/go-iden3/merkletreeDoc/merkletree.rst @@ -14,12 +14,12 @@ Import packages: .. code:: go - import ( - "github.com/iden3/go-iden3/db" - "github.com/iden3/go-iden3/merkletree" - "github.com/iden3/go-iden3/core" - common3 "github.com/iden3/go-iden3/common" - ) + import ( + "github.com/iden3/go-iden3/db" + "github.com/iden3/go-iden3/merkletree" + "github.com/iden3/go-iden3/core" + common3 "github.com/iden3/go-iden3/common" + ) New Merkletree -------------- @@ -28,18 +28,18 @@ Define new tree: .. code:: go - // first we create the storage, where will be placed the leveldb database - storage, err := db.NewLevelDbStorage("./path", false) - if err!=nil { - panic(err) - } - // new merkletree of 140 levels of maximum depth using the defined - // storage - mt, err := merkletree.NewMerkleTree(storage, 140) - if err!=nil { - panic(err) - } - defer mt.Storage().Close() + // first we create the storage, where will be placed the leveldb database + storage, err := db.NewLevelDbStorage("./path", false) + if err!=nil { + panic(err) + } + // new merkletree of 140 levels of maximum depth using the defined + // storage + mt, err := merkletree.NewMerkleTree(storage, 140) + if err!=nil { + panic(err) + } + defer mt.Storage().Close() Add claims ---------- @@ -49,17 +49,17 @@ To add claims, first we need to have a claim data struct that fits the .. code:: go - // Data consists of 4 elements of the mimc7 field. - type Data [4]ElemBytes - // An Entry contains Data where the claim will be serialized. - type Entry struct { - Data Data - [...] - } - // Entrier is the interface of a generic claim. - type Entrier interface { - Entry() *Entry - } + // Data consists of 4 elements of the mimc7 field. + type Data [4]ElemBytes + // An Entry contains Data where the claim will be serialized. + type Entry struct { + Data Data + [...] + } + // Entrier is the interface of a generic claim. + type Entrier interface { + Entry() *Entry + } We can use a new struct, or also use one of the already existing in the ``go-iden3/core/claim.go``. @@ -69,29 +69,29 @@ different claims into the merkletree: .. code:: go - name0 := "alice@iden3.io" - ethAddr0 := common.HexToAddress("0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22") - claim0 := core.NewClaimAssignName(name0, ethAddr0) - claimEntry0 := claim0.Entry() + name0 := "alice@iden3.io" + ethAddr0 := common.HexToAddress("0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22") + claim0 := core.NewClaimAssignName(name0, ethAddr0) + claimEntry0 := claim0.Entry() - name1 := "bob@iden3.io" - ethAddr1 := common.HexToAddress("0x28f8267fb21e8ce0cdd9888a6e532764eb8d52dd") - claim1 := core.NewClaimAssignName(name1, ethAddr1) - claimEntry1 := claim1.Entry() + name1 := "bob@iden3.io" + ethAddr1 := common.HexToAddress("0x28f8267fb21e8ce0cdd9888a6e532764eb8d52dd") + claim1 := core.NewClaimAssignName(name1, ethAddr1) + claimEntry1 := claim1.Entry() Once we have the ``claim`` struct that fits the ``Entrier`` interface, we can add it to the merkletree: .. code:: go - err = mt.Add(claimEntry0) - if err != nil { - panic(err) - } - err = mt.Add(claimEntry1) - if err != nil { - panic(err) - } + err = mt.Add(claimEntry0) + if err != nil { + panic(err) + } + err = mt.Add(claimEntry1) + if err != nil { + panic(err) + } Generate merkle proof --------------------- @@ -100,41 +100,41 @@ Now we can generat the merkle proof of this claim: .. code:: go - mp, err := mt.GenerateProof(claimEntry0.HIndex(), nil) - if err != nil { - panic(err) - } + mp, err := mt.GenerateProof(claimEntry0.HIndex(), nil) + if err != nil { + panic(err) + } - // We can display the merkleproof: - fmt.Println("merkle proof: ", mp) - // out: - // merkle proof: Proof: - // existence: true - // depth: 2 - // notempties: 01 - // siblings: 0 a045683a + // We can display the merkleproof: + fmt.Println("merkle proof: ", mp) + // out: + // merkle proof: Proof: + // existence: true + // depth: 2 + // notempties: 01 + // siblings: 0 a045683a Generate merkle proof for a specific tree (with specific root) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code:: go - mp, err := mt.GenerateProof(claimEntry0.HIndex(), specificRoot) - if err != nil { - panic(err) - } + mp, err := mt.GenerateProof(claimEntry0.HIndex(), specificRoot) + if err != nil { + panic(err) + } Check merkle proof ------------------ -Now from a given merkle proof, we can check that it's data is +Now from a given merkle proof, we can check that it’s data is consistent: .. code:: go - checked := merkletree.VerifyProof(mt.RootKey(), mp, - claimEntry0.HIndex(), claimEntry0.HValue()) - // checked == true + checked := merkletree.VerifyProof(mt.RootKey(), mp, + claimEntry0.HIndex(), claimEntry0.HValue()) + // checked == true Get value in position --------------------- @@ -144,10 +144,10 @@ merkle tree (determined by its Hash Index (``HIndex``)): .. code:: go - claimDataInPos, err := mt.GetDataByIndex(claimEntry0.HIndex()) - if err!=nil{ - panic(err) - } + claimDataInPos, err := mt.GetDataByIndex(claimEntry0.HIndex()) + if err!=nil{ + panic(err) + } Proof of non existence ---------------------- @@ -158,35 +158,35 @@ proof that a claim is not in the tree. For example, we have this .. code:: go - name2 := "eve@iden3.io" - ethAddr2 := common.HexToAddress("0x29a6a240e2d8f8bf39b5338b9664d414c5d793f4") - claim2 := core.NewClaimAssignName(name2, ethAddr2) - claimEntry2 := claim2.Entry() + name2 := "eve@iden3.io" + ethAddr2 := common.HexToAddress("0x29a6a240e2d8f8bf39b5338b9664d414c5d793f4") + claim2 := core.NewClaimAssignName(name2, ethAddr2) + claimEntry2 := claim2.Entry() Now, we can generate the merkle proof of the data in the position of -this claim in the merkletree, and print it to see that it's a +this claim in the merkletree, and print it to see that it’s a non-existence proof: .. code:: go - mp, err = mt.GenerateProof(claimEntry2.HIndex(), nil) - if err != nil { - panic(err) - } - - // We can display the merkleproof: - fmt.Println("merkle proof: ", mp) - // out: - // merkle proof: Proof: - // existence: false - // depth: 2 - // notempties: 01 - // siblings: 0 a045683a - // node aux: hi: c641b925, ht: eeae8c7e + mp, err = mt.GenerateProof(claimEntry2.HIndex(), nil) + if err != nil { + panic(err) + } + + // We can display the merkleproof: + fmt.Println("merkle proof: ", mp) + // out: + // merkle proof: Proof: + // existence: false + // depth: 2 + // notempties: 01 + // siblings: 0 a045683a + // node aux: hi: c641b925, ht: eeae8c7e In the ``mp`` we have the merkleproof that in the position of this ``claim2`` (that is determined by its Hash Index (``HIndex``)) there is -no data stored (so, it's an ``NodeTypeEmpty`` not actually stored in the +no data stored (so, it’s an ``NodeTypeEmpty`` not actually stored in the tree). We can check this proof by calling the ``VerifyProof`` function, and in @@ -196,8 +196,8 @@ use the Hash Total of the claim2 for convenience. .. code:: go - checked = merkletree.VerifyProof(mt.RootKey(), mp, claimEntry2.HIndex(), claimEntry2.HValue()) - // checked == true + checked = merkletree.VerifyProof(mt.RootKey(), mp, claimEntry2.HIndex(), claimEntry2.HValue()) + // checked == true Live snapshot of the tree ------------------------- @@ -210,16 +210,16 @@ not allow to add nodes into it. .. code:: go - snapshot, err := mt.Snapshot(concreteRootKey) - if err!=nil { - panic(err) - } - // now we can for example, generate proofs for that snapshot of the Merkle Tree - mp, err := snapshot.GenerateProof(claimEntry0.HIndex()) - if err != nil { - panic(err) - } - // and the mp (merkleproof) will be valid for the root of the snapshot + snapshot, err := mt.Snapshot(concreteRootKey) + if err!=nil { + panic(err) + } + // now we can for example, generate proofs for that snapshot of the Merkle Tree + mp, err := snapshot.GenerateProof(claimEntry0.HIndex()) + if err != nil { + panic(err) + } + // and the mp (merkleproof) will be valid for the root of the snapshot Walk over the Merkle Tree ------------------------- @@ -236,17 +236,17 @@ also into a file all the ``Leaf`` nodes: .. code:: go - w := bytes.NewBufferString("") - // mt.Walk(nil, [...] --> as we specify the RootKey as nil, it will use the current mt.RootKey() - err := mt.Walk(nil, func(n *Node) { - if n.Type == NodeTypeLeaf { - fmt.Fprintf(w, "node \"%v\"\n", common3.HexEncode(n.Value())) - } - }) - if err != nil { - panic(err) - } - fmt.Println(w) + w := bytes.NewBufferString("") + // mt.Walk(nil, [...] --> as we specify the RootKey as nil, it will use the current mt.RootKey() + err := mt.Walk(nil, func(n *Node) { + if n.Type == NodeTypeLeaf { + fmt.Fprintf(w, "node \"%v\"\n", common3.HexEncode(n.Value())) + } + }) + if err != nil { + panic(err) + } + fmt.Println(w) Or also we can just print each node inside a switch (also, in this case, we specify a concrete ``RootKey`` of the ``MerkleTree`` that we want to @@ -254,21 +254,21 @@ use): .. code:: go - err := mt.Walk(concreteRootKey, func(n *Node) { - switch n.Type { - case NodeTypeEmpty: - fmt.Println("empty") - case NodeTypeLeaf: - fmt.Println("leaf \"%v\"\n", common3.HexEncode(n.Value())) - case NodeTypeMiddle: - fmt.Println("node \"%v\"\n", common3.HexEncode(n.Value())) - default: - return ErrInvalidNodeFound - } - }) - if err != nil { - panic(err) - } + err := mt.Walk(concreteRootKey, func(n *Node) { + switch n.Type { + case NodeTypeEmpty: + fmt.Println("empty") + case NodeTypeLeaf: + fmt.Println("leaf \"%v\"\n", common3.HexEncode(n.Value())) + case NodeTypeMiddle: + fmt.Println("node \"%v\"\n", common3.HexEncode(n.Value())) + default: + return ErrInvalidNodeFound + } + }) + if err != nil { + panic(err) + } Dump all the claims of a MerkleTree ----------------------------------- @@ -281,12 +281,12 @@ the dumped claims, allowing to have the same tree from go in javascript. .. code:: go - w := bytes.NewBufferString("") - err := mt.DumpClaims(w, rootKey) // as rootKey we can pass a nil pointer, and it will use the current RootKey - if err!=nil { - panic(err) - } - fmt.Println(w) + w := bytes.NewBufferString("") + err := mt.DumpClaims(w, rootKey) // as rootKey we can pass a nil pointer, and it will use the current RootKey + if err!=nil { + panic(err) + } + fmt.Println(w) Merkle tree visual representation --------------------------------- @@ -299,40 +299,40 @@ claims: .. code:: go - s := bytes.NewBufferString("") - mt2.GraphViz(s, nil) - fmt.Println(s) + s := bytes.NewBufferString("") + mt2.GraphViz(s, nil) + fmt.Println(s) GraphViz output code: :: - digraph hierarchy { - node [fontname=Monospace,fontsize=10,shape=box] - "b0830ca8" -> {"5ae3cb67" "570088ed"} - "5ae3cb67" -> {"6ce2c761" "37b29928"} - "empty0" [style=dashed,label=0]; - "6ce2c761" -> {"e82bf1e7" "empty0"} - "e82bf1e7" -> {"6ee500bf" "63289a99"} - "6ee500bf" [style=filled]; - "63289a99" [style=filled]; - "37b29928" -> {"ef87b970" "8b6e9f1c"} - "ef87b970" -> {"1481190a" "93c79331"} - "1481190a" [style=filled]; - "93c79331" [style=filled]; - "8b6e9f1c" [style=filled]; - "570088ed" -> {"4f3d0101" "8a2524f6"} - "4f3d0101" -> {"74924bbf" "6aa34a3d"} - "74924bbf" [style=filled]; - "empty1" [style=dashed,label=0]; - "6aa34a3d" -> {"empty1" "69003eca"} - "69003eca" -> {"fac8618d" "43f442c5"} - "fac8618d" [style=filled]; - "43f442c5" [style=filled]; - "8a2524f6" -> {"3f5e7a5f" "d76c6447"} - "3f5e7a5f" [style=filled]; - "d76c6447" [style=filled]; - } + digraph hierarchy { + node [fontname=Monospace,fontsize=10,shape=box] + "b0830ca8" -> {"5ae3cb67" "570088ed"} + "5ae3cb67" -> {"6ce2c761" "37b29928"} + "empty0" [style=dashed,label=0]; + "6ce2c761" -> {"e82bf1e7" "empty0"} + "e82bf1e7" -> {"6ee500bf" "63289a99"} + "6ee500bf" [style=filled]; + "63289a99" [style=filled]; + "37b29928" -> {"ef87b970" "8b6e9f1c"} + "ef87b970" -> {"1481190a" "93c79331"} + "1481190a" [style=filled]; + "93c79331" [style=filled]; + "8b6e9f1c" [style=filled]; + "570088ed" -> {"4f3d0101" "8a2524f6"} + "4f3d0101" -> {"74924bbf" "6aa34a3d"} + "74924bbf" [style=filled]; + "empty1" [style=dashed,label=0]; + "6aa34a3d" -> {"empty1" "69003eca"} + "69003eca" -> {"fac8618d" "43f442c5"} + "fac8618d" [style=filled]; + "43f442c5" [style=filled]; + "8a2524f6" -> {"3f5e7a5f" "d76c6447"} + "3f5e7a5f" [style=filled]; + "d76c6447" [style=filled]; + } The GraphViz visualization looks like this: |image0| diff --git a/source/iden3_repos/iden3js/README.rst b/source/iden3_repos/iden3js/README.rst index 3ebf601..579edc2 100644 --- a/source/iden3_repos/iden3js/README.rst +++ b/source/iden3_repos/iden3js/README.rst @@ -9,14 +9,14 @@ iden3js Javascript client library of the iden3 system. -|Build Status| +`Build Status `__ Install ------- :: - npm install --save @iden3/iden3 + npm install --save @iden3/iden3 https://www.npmjs.com/package/@iden3/iden3 @@ -25,121 +25,121 @@ Basic usage .. code:: js - // import iden3js - const iden3 = require('@iden3/iden3'); - - // Simulate local storage locally if no browser is used - // if (typeof localStorage === 'undefined' || localStorage === null) { - // const LocalStorage = require('node-localstorage').LocalStorage; - // localStorage = new LocalStorage('./tmp'); - // } - - // It should be noted that if no babel is installed on `package.json` dependencies, - // next dependencies should be add to `dependecies` section on `package.json`: - // "babel-plugin-transform-class-properties": "^6.24.1", - // "babel-plugin-transform-runtime": "^6.23.0", - - - // new database - const db = new iden3.Db(); - // new key container using localStorage - const keyContainer = new iden3.KeyContainer('localStorage', db); - - // unlock the KeyContainer for the next 30 seconds - let passphrase = 'pass'; - keyContainer.unlock(passphrase); - - // generate master seed - const mnemonic = 'enjoy alter satoshi squirrel special spend crop link race rally two eye'; - keyContainer.generateMasterSeed(mnemonic); - - // Generate keys for first identity - const keys = keyContainer.createKeys(); + // import iden3js + const iden3 = require('@iden3/iden3'); + + // Simulate local storage locally if no browser is used + // if (typeof localStorage === 'undefined' || localStorage === null) { + // const LocalStorage = require('node-localstorage').LocalStorage; + // localStorage = new LocalStorage('./tmp'); + // } + + // It should be noted that if no babel is installed on `package.json` dependencies, + // next dependencies should be add to `dependecies` section on `package.json`: + // "babel-plugin-transform-class-properties": "^6.24.1", + // "babel-plugin-transform-runtime": "^6.23.0", + + + // new database + const db = new iden3.Db(); + // new key container using localStorage + const keyContainer = new iden3.KeyContainer('localStorage', db); + + // unlock the KeyContainer for the next 30 seconds + let passphrase = 'pass'; + keyContainer.unlock(passphrase); + + // generate master seed + const mnemonic = 'enjoy alter satoshi squirrel special spend crop link race rally two eye'; + keyContainer.generateMasterSeed(mnemonic); + + // Generate keys for first identity + const keys = keyContainer.createKeys(); + + /* + keys: [ + '0xc7d89fe96acdb257b434bf580b8e6eb677d445a9', + '0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833', + '0xf3c9f94e4eaffef676d4fd3b4fc2732044caea91', + '0xb07079bd6238fa845dc77bbce3ec2edf98ffe735' + ]; + */ + // It should be noted that 'keys' are in form of ethereum addresses except + // key[1] that is a pubic key in its compressed form + let keyAddressOp = keys[0]; + let keyPublicOp = keys[1]; + let keyRecover = keys[2]; + let keyRevoke = keys[3]; + + // For more info and details about mnemonic, see section Usage > KeyContainer + + // create a new relay object + const relayAddr = '0xe0fbce58cfaa72812103f003adce3f284fe5fc7c'; + const relayUrl = 'http://127.0.0.1:8000/api/unstable'; + const relay = new iden3.Relay(relayUrl); + + // create a new id object + let id = new iden3.Id(keyPublicOp, keyRecover, keyRevoke, relay, relayAddr, '', undefined, 0); + + // generates the counterfactoual contract through the relay, get the identity address as response + let proofKsign = {}; + + console.log('Create Identity'); + id.createID() + .then((createIdRes) => { + // Successfull create identity api call to relay + console.log(createIdRes.idAddr); // Identity counterfactoual address + proofKsign = createIdRes.proofClaim; + console.log(proofKsign); // Proof of claim regarding authorization of key public operational + + console.log('Create and authorize new key for address'); + // generate new key from identity and issue a claim to relay in order to authorize new key + const keyLabel = 'testKey'; + const newKey = id.createKey(keyContainer, keyLabel, true); + id.authorizeKSignSecp256k1(keyContainer, id.keyOperationalPub, newKey) + .then((authRes) => { + proofKSign = authRes.data.proofClaim; + console.log(proofKSign); + }) + .catch((error) => { + console.error(error.message); + }); + + console.log('Bind label to an identity'); + // bind the identity address to a label. It send required data to name-resolver service and name-resolver issue a claim 'assignName' binding identity address with label + const name = 'testName'; + id.bindID(keyContainer, name) + .then( (bindRes) => { + console.log(bindRes.data); + // request idenity address to name-resolver ( currently name-resolver service is inside relay) from a given label + relay.resolveName(`${name}@iden3.io`) + .then((resolveRes) => { + const idAddr = resolveRes.data.idAddr; + console.log(`${name}@iden3.io associated with addres: ` + idAddr); + }) + .catch((error) => { + console.error(error.message); + }); + }) + .catch((error) => { + console.error(error.message); + }); - /* - keys: [ - '0xc7d89fe96acdb257b434bf580b8e6eb677d445a9', - '0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833', - '0xf3c9f94e4eaffef676d4fd3b4fc2732044caea91', - '0xb07079bd6238fa845dc77bbce3ec2edf98ffe735' - ]; - */ - // It should be noted that 'keys' are in form of ethereum addresses except - // key[1] that is a pubic key in its compressed form - let keyAddressOp = keys[0]; - let keyPublicOp = keys[1]; - let keyRecover = keys[2]; - let keyRevoke = keys[3]; - - // For more info and details about mnemonic, see section Usage > KeyContainer - - // create a new relay object - const relayAddr = '0xe0fbce58cfaa72812103f003adce3f284fe5fc7c'; - const relayUrl = 'http://127.0.0.1:8000/api/unstable'; - const relay = new iden3.Relay(relayUrl); - - // create a new id object - let id = new iden3.Id(keyPublicOp, keyRecover, keyRevoke, relay, relayAddr, '', undefined, 0); - - // generates the counterfactoual contract through the relay, get the identity address as response - let proofKsign = {}; - - console.log('Create Identity'); - id.createID() - .then((createIdRes) => { - // Successfull create identity api call to relay - console.log(createIdRes.idAddr); // Identity counterfactoual address - proofKsign = createIdRes.proofClaim; - console.log(proofKsign); // Proof of claim regarding authorization of key public operational - - console.log('Create and authorize new key for address'); - // generate new key from identity and issue a claim to relay in order to authorize new key - const keyLabel = 'testKey'; - const newKey = id.createKey(keyContainer, keyLabel, true); - id.authorizeKSignSecp256k1(keyContainer, id.keyOperationalPub, newKey) - .then((authRes) => { - proofKSign = authRes.data.proofClaim; - console.log(proofKSign); - }) - .catch((error) => { - console.error(error.message); - }); - - console.log('Bind label to an identity'); - // bind the identity address to a label. It send required data to name-resolver service and name-resolver issue a claim 'assignName' binding identity address with label - const name = 'testName'; - id.bindID(keyContainer, name) - .then( (bindRes) => { - console.log(bindRes.data); - // request idenity address to name-resolver ( currently name-resolver service is inside relay) from a given label - relay.resolveName(`${name}@iden3.io`) - .then((resolveRes) => { - const idAddr = resolveRes.data.idAddr; - console.log(`${name}@iden3.io associated with addres: ` + idAddr); - }) - .catch((error) => { - console.error(error.message); - }); - }) - .catch((error) => { - console.error(error.message); - }); - - console.log('Deploy identity smart contract'); - // creates identity smart contract on the ethereum blockchain testnet - id.deployID() - .then((deployIdRes) => { - // Successfull deploy identity api call to relay - console.log(deployIdRes.status); - }) - .catch(() => { - // If identity is already deployed, throws an error - console.log('Identity already deployed'); - }); - }) - .catch((error) => { - console.error(error.message); - }); + console.log('Deploy identity smart contract'); + // creates identity smart contract on the ethereum blockchain testnet + id.deployID() + .then((deployIdRes) => { + // Successfull deploy identity api call to relay + console.log(deployIdRes.status); + }) + .catch(() => { + // If identity is already deployed, throws an error + console.log('Identity already deployed'); + }); + }) + .catch((error) => { + console.error(error.message); + }); Example can be found in ```iden3-basic-usage.example.js`` `__ @@ -148,10 +148,16 @@ Centralized login ----------------- In the next links, one can be found an example of ``iden3`` -implementation as well as the login protocol explained in detail ### +implementation as well as the login protocol explained in detail + Login protocol documentation -https://github.com/iden3/iden3js/blob/master/src/protocols/README.md ### +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +https://github.com/iden3/iden3js/blob/master/src/protocols/README.md + Demo centralized application +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + https://github.com/iden3/centralized-login-demo Usage @@ -162,63 +168,79 @@ Import .. code:: js - const iden3 = require('iden3'); + const iden3 = require('iden3'); KeyContainer ~~~~~~~~~~~~ -- new KeyContainer using localStorage \`\`\`js // new key container // - new database const db = new iden3.Db(); let keyContainer = new - iden3.KeyContainer('localStorage'); - -``- usage:``\ js // unlock the KeyContainer for the next 30 seconds let -passphrase = 'pass'; keyContainer.unlock(passphrase); - -// generate master seed const mnemonic = 'enjoy alter satoshi squirrel -special spend crop link race rally two eye'; -keyContainer.generateMasterSeed(mnemonic); +- new KeyContainer using localStorage -// Also, master seed can be generated randomly if no mnemonic is -specified // keyContainer.generateMasterSeed(); +.. code:: js -// functions above stores seed mnemonic into local storage // it can be -retrieved through: const mnemonicDb = keyContainer.getMasterSeed(); + // new key container + // new database + const db = new iden3.Db(); + let keyContainer = new iden3.KeyContainer('localStorage'); -// Generate keys for first identity const keys = -keyContainer.createKeys(); /* keys: [ -'0xc7d89fe96acdb257b434bf580b8e6eb677d445a9', -'0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833', -'0xf3c9f94e4eaffef676d4fd3b4fc2732044caea91', -'0xb07079bd6238fa845dc77bbce3ec2edf98ffe735' ]; */ // Each time -'keyContainer.createKeys()' is called, a new set of keys for an identity -is created +- usage: -// Retrieve key seed and its current derivation path const { keySeed, -pathKey } = keyContainer.getKeySeed(); +.. code:: js -// It should be noted that 'keys' are in form of ethereum addresses -except // key[1] that is a pubic key in its compressed form const -keyAddressOp = keys[0]; const keyPublicOp = keys[1]; const keyRecover = -keys[2]; const keyRevoke = keys[3]; \`\`\` + // unlock the KeyContainer for the next 30 seconds + let passphrase = 'pass'; + keyContainer.unlock(passphrase); + + // generate master seed + const mnemonic = 'enjoy alter satoshi squirrel special spend crop link race rally two eye'; + keyContainer.generateMasterSeed(mnemonic); + + // Also, master seed can be generated randomly if no mnemonic is specified + // keyContainer.generateMasterSeed(); + + // functions above stores seed mnemonic into local storage + // it can be retrieved through: + const mnemonicDb = keyContainer.getMasterSeed(); + + // Generate keys for first identity + const keys = keyContainer.createKeys(); + /* + keys: [ + '0xc7d89fe96acdb257b434bf580b8e6eb677d445a9', + '0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833', + '0xf3c9f94e4eaffef676d4fd3b4fc2732044caea91', + '0xb07079bd6238fa845dc77bbce3ec2edf98ffe735' + ]; + */ + // Each time 'keyContainer.createKeys()' is called, a new set of keys for an identity is created + + // Retrieve key seed and its current derivation path + const { keySeed, pathKey } = keyContainer.getKeySeed(); + + // It should be noted that 'keys' are in form of ethereum addresses except + // key[1] that is a pubic key in its compressed form + const keyAddressOp = keys[0]; + const keyPublicOp = keys[1]; + const keyRecover = keys[2]; + const keyRevoke = keys[3]; Identity ~~~~~~~~ .. code:: js - const db = new iden3.Db(); - const keyContainer = new iden3.KeyContainer('localStorage', db); - const passphrase = 'pass'; - keyContainer.unlock(passphrase); + const db = new iden3.Db(); + const keyContainer = new iden3.KeyContainer('localStorage', db); + const passphrase = 'pass'; + keyContainer.unlock(passphrase); - // new relay - const relay = new iden3.Relay('http://127.0.0.1:8000/api/unstable'); - const relayAddr = '0xe0fbce58cfaa72812103f003adce3f284fe5fc7c'; - const relay = new iden3.Relay(relayUrl); + // new relay + const relay = new iden3.Relay('http://127.0.0.1:8000/api/unstable'); + const relayAddr = '0xe0fbce58cfaa72812103f003adce3f284fe5fc7c'; + const relay = new iden3.Relay(relayUrl); - // create identity object with a set of keys - const keyPath = 0; - const id = new iden3.Id(keyPublicOp, keyRecover, keyRevoke, relay, relayAddr, '', undefined, keyPath); + // create identity object with a set of keys + const keyPath = 0; + const id = new iden3.Id(keyPublicOp, keyRecover, keyRevoke, relay, relayAddr, '', undefined, keyPath); id.createID ^^^^^^^^^^^ @@ -229,71 +251,71 @@ automatically stored .. code:: js - id.createID().then(res => { - console.log(res.idAddr); - console.log(res.proofClaim); - }); + id.createID().then(res => { + console.log(res.idAddr); + console.log(res.proofClaim); + }); .. code:: js - // Return : - idAddr: Address identity identifier - // - proofOfClam: Structure of the claim emitted by the relay authorizing its key public operational - idAddr = 0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22; - proofClaim = { - date: 1549531663, - leaf:'000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff50000000000000000000000000000000000007833000000000000000000000004', - proofs: [{ - aux: { - era: 0, - idAddr: '0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22', - version: 0 - } - mtp0: '0000000000000000000000000000000000000000000000000000000000000000', - mtp1: '030000000000000000000000000000000000000000000000000000000000000028f8267fb21e8ce0cdd9888a6e532764eb8d52dd6c1e354157c78b7ea281ce801541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224baed', - root: '1d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c3922', - } , { - aux: null - mtp0: '0000000000000000000000000000000000000000000000000000000000000000', - mtp1: '0300000000000000000000000000000000000000000000000000000000000000182adc955c46e6629ac74027ded0c843c7c65e8c3c4f12f77add56500f9f402e25451237d9133b0f5c1386b7b822f382cb14c5fff612a913956ef5436fb6208a', - root: '083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f8199', - - }], - signature:'440ec709297ecb6a7f7a200719c29d96025a893aef7318cebdcec401e3c8b3b711358f5a3c14394dc120b067ade86d7eca0c79be580d35934cc36dc246be6ec000', - } + // Return : - idAddr: Address identity identifier + // - proofOfClam: Structure of the claim emitted by the relay authorizing its key public operational + idAddr = 0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22; + proofClaim = { + date: 1549531663, + leaf:'000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff50000000000000000000000000000000000007833000000000000000000000004', + proofs: [{ + aux: { + era: 0, + idAddr: '0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22', + version: 0 + } + mtp0: '0000000000000000000000000000000000000000000000000000000000000000', + mtp1: '030000000000000000000000000000000000000000000000000000000000000028f8267fb21e8ce0cdd9888a6e532764eb8d52dd6c1e354157c78b7ea281ce801541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224baed', + root: '1d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c3922', + } , { + aux: null + mtp0: '0000000000000000000000000000000000000000000000000000000000000000', + mtp1: '0300000000000000000000000000000000000000000000000000000000000000182adc955c46e6629ac74027ded0c843c7c65e8c3c4f12f77add56500f9f402e25451237d9133b0f5c1386b7b822f382cb14c5fff612a913956ef5436fb6208a', + root: '083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f8199', + + }], + signature:'440ec709297ecb6a7f7a200719c29d96025a893aef7318cebdcec401e3c8b3b711358f5a3c14394dc120b067ade86d7eca0c79be580d35934cc36dc246be6ec000', + } id.createKey ^^^^^^^^^^^^ .. code:: js - // Create new key for this identity and bind it to a label - const labelKey = 'test key' - const loginKey = id.createKey(keyContainer, labelKey); - console.log(loginKey); + // Create new key for this identity and bind it to a label + const labelKey = 'test key' + const loginKey = id.createKey(keyContainer, labelKey); + console.log(loginKey); .. code:: js - // Return : New key created - loginKey = '0xaac4ed37a11e6a9170cb19a6e558913dc3efa6a7'; + // Return : New key created + loginKey = '0xaac4ed37a11e6a9170cb19a6e558913dc3efa6a7'; id.getKeys ^^^^^^^^^^ .. code:: js - // Retrieve all keys that have been created for this identity - const keysIdentity = id.getKeys(); - console.log(keysIdentity); + // Retrieve all keys that have been created for this identity + const keysIdentity = id.getKeys(); + console.log(keysIdentity); .. code:: js - // Return : Object containing all the keys associated with the identity - { - operationalPub:"0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833", - recover:"0xf3c9f94e4eaffef676d4fd3b4fc2732044caea91", - revoke:"0xb07079bd6238fa845dc77bbce3ec2edf98ffe735", - test key:"0xaac4ed37a11e6a9170cb19a6e558913dc3efa6a7", - } + // Return : Object containing all the keys associated with the identity + { + operationalPub:"0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833", + recover:"0xf3c9f94e4eaffef676d4fd3b4fc2732044caea91", + revoke:"0xb07079bd6238fa845dc77bbce3ec2edf98ffe735", + test key:"0xaac4ed37a11e6a9170cb19a6e558913dc3efa6a7", + } id.deployID ^^^^^^^^^^^ @@ -302,39 +324,39 @@ Deploys the counterfactual smart contract of identity to the blockchain. .. code:: js - id.deployID().then(res => { - console.log(res.data); - }); - // Return object: - idAddr: Address identity identifier - // - tx: transaction identifier of the deploying identity smart contract on the blockchain + id.deployID().then(res => { + console.log(res.data); + }); + // Return object: - idAddr: Address identity identifier + // - tx: transaction identifier of the deploying identity smart contract on the blockchain id.bindID ^^^^^^^^^ Vinculates a label to an identity. It sends required data to -name-resolver service and name-resolver issue a claim 'assignName' +name-resolver service and name-resolver issue a claim ‘assignName’ binding identity address with a label .. code:: js - const name = 'testName'; - id.bindID(kc, name).then(bindRes => { - console.log(bindRes.data); - }); + const name = 'testName'; + id.bindID(kc, name).then(bindRes => { + console.log(bindRes.data); + }); - Output: - .. code:: js - - // Return object: - claimAssigName: hexadecimal representation of claim data - // - idAddr: ethereum addres to bind to the label - // - name: label binded to the ethereum address - // - proofClaimAssignName: full proof of existance of the claim issued by the name-resolved - { - claimAssigName: '0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f3715507449f3a8e1f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000000003', - idAddr: '0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22', - name: 'testName', - proofClaimAssignName: { +.. code:: js + + // Return object: - claimAssigName: hexadecimal representation of claim data + // - idAddr: ethereum addres to bind to the label + // - name: label binded to the ethereum address + // - proofClaimAssignName: full proof of existance of the claim issued by the name-resolved + { + claimAssigName: '0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f3715507449f3a8e1f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000000003', + idAddr: '0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22', + name: 'testName', + proofClaimAssignName: { date:1549532610, leaf:'00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f3715507449f3a8e1f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000000003', proofs:[{ @@ -344,239 +366,256 @@ binding identity address with a label root:'1b6feefde6e76c1e9d98d30fa0993a7a7b35f5b2580a757c9a57ee383dc50b96', }], signature:'1e6d15ef907000937577aa06437ee2a1230713be20ff09d7628ce4dc6c902c11274f34d4ae0f9e9fc2e67cf21abe5da7f11748fc243f4013faa42e53e9c81e3e01', - } - } + } + } id.authorizeKSignSecp256k1 ^^^^^^^^^^^^^^^^^^^^^^^^^^ .. code:: js - // generate new key from identity and add issue a claim to relay in order to authorize new key - const keyLabel = 'testKey'; - const newKey = id.createKey(keyContainer, keyLabel, true); - - // send claim to relay signed by operational key in order to authorize a second key 'newKey' - id.authorizeKSignSecp256k1(keyContainer, id.keyOperationalPub, loginKey) - .then((res) => { - console.error(res.data); - }); - -- Output: \`\`\`js // Return object: - proofClaim: full proof of - existence of the claim issued by the relay proofClaim = { date: - 1549534168, - leaf:'000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000aac4ed37a11e6a9170cb19a6e558913dc3ef000000000000000000000000000000000000a6a7000000000000000000000004', - proofs: [{ aux: { era: 0, idAddr: - '0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22', version: 1 } mtp0: - '00010000000000000000000000000000000000000000000000000000000000011d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c3922', - mtp1: - '03010000000000000000000000000000000000000000000000000000000000011d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c39221c8bdcd862752abf2dd32d16c9c3acfa20ea93cecc64d169c4550ca3e9bca20b1541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224baed', - root: - '21c6e1a81851f4017139ae8ddfbd5e894376fdd14c73cecf2a81939bae78595b', } - , { aux: null mtp0: - '0007000000000000000000000000000000000000000000000000000000000041083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f81990fef40cc16896de64be5a0f827799555344fd3d9aade9b65d95ecfbcac3e5a73', - Mtp1: - '0301000000000000000000000000000000000000000000000000000000000001081b6542453a651f2b0fea8b639a8823809f7fc032c051a644d1a8b559ba0322182adc955c46e6629ac74027ded0c843c7c65e8c3c4f12f77add56500f9f402e25451237d9133b0f5c1386b7b822f382cb14c5fff612a913956ef5436fb6208a', - root: - '1560e7b6983491305c6522c4227b98fbf26753b6a7fcb97ffb0ef7d98b271e99', - -}], -signature:'3cedbb3d6eab5ce9a1f8bb436a080f7ec5ede3526fdcfa094fee33cbbd414d0c6d41a6650f4fdda27a66d51d87d18b4cae0adbd695ccdb152dae65a998ba61f101', -} \`\`\ ``### Claims - Generic claim representation:``\ Entry\` - Claim -Types: - Basic - Authorize Key to sign - Set root key - Assign name - -Authorize key to sign secp256k1 + // generate new key from identity and add issue a claim to relay in order to authorize new key + const keyLabel = 'testKey'; + const newKey = id.createKey(keyContainer, keyLabel, true); + + // send claim to relay signed by operational key in order to authorize a second key 'newKey' + id.authorizeKSignSecp256k1(keyContainer, id.keyOperationalPub, loginKey) + .then((res) => { + console.error(res.data); + }); + +- Output: + +.. code:: js + + // Return object: - proofClaim: full proof of existence of the claim issued by the relay + proofClaim = { + date: 1549534168, + leaf:'000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000aac4ed37a11e6a9170cb19a6e558913dc3ef000000000000000000000000000000000000a6a7000000000000000000000004', + proofs: [{ + aux: { + era: 0, + idAddr: '0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22', + version: 1 + } + mtp0: '00010000000000000000000000000000000000000000000000000000000000011d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c3922', + mtp1: '03010000000000000000000000000000000000000000000000000000000000011d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c39221c8bdcd862752abf2dd32d16c9c3acfa20ea93cecc64d169c4550ca3e9bca20b1541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224baed', + root: '21c6e1a81851f4017139ae8ddfbd5e894376fdd14c73cecf2a81939bae78595b', + } , { + aux: null + mtp0: '0007000000000000000000000000000000000000000000000000000000000041083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f81990fef40cc16896de64be5a0f827799555344fd3d9aade9b65d95ecfbcac3e5a73', + Mtp1: '0301000000000000000000000000000000000000000000000000000000000001081b6542453a651f2b0fea8b639a8823809f7fc032c051a644d1a8b559ba0322182adc955c46e6629ac74027ded0c843c7c65e8c3c4f12f77add56500f9f402e25451237d9133b0f5c1386b7b822f382cb14c5fff612a913956ef5436fb6208a', + root: '1560e7b6983491305c6522c4227b98fbf26753b6a7fcb97ffb0ef7d98b271e99', + + }], + signature:'3cedbb3d6eab5ce9a1f8bb436a080f7ec5ede3526fdcfa094fee33cbbd414d0c6d41a6650f4fdda27a66d51d87d18b4cae0adbd695ccdb152dae65a998ba61f101', + } + +Claims +~~~~~~ + +- Generic claim representation: ``Entry`` +- Claim Types: + + - Basic + - Authorize Key to sign + - Set root key + - Assign name + - Authorize key to sign secp256k1 Entry ^^^^^ .. code:: js - /** - * Generic representation of claim elements - * Entry element structure is as follows: |element 0|element 1|element 2|element 3| - * Each element contains 253 useful bits enclosed on a 256 bits Buffer - */ - let entry = new iden3.Claim.Entry(); + /** + * Generic representation of claim elements + * Entry element structure is as follows: |element 0|element 1|element 2|element 3| + * Each element contains 253 useful bits enclosed on a 256 bits Buffer + */ + let entry = new iden3.Claim.Entry(); - Entry Methods: - .. code:: js +.. code:: js - entry.hi(); // Hash index is calculated from: |element 1|element 0| - entry.hv(); // Hash value is calculated from: |element 3|element 2| - entry.toHexadecimal(); // Concats all the elements of the entry and parse it into an hexadecimal string - entry.fromHexadecimal(); // String deserialization into entry element structure + entry.hi(); // Hash index is calculated from: |element 1|element 0| + entry.hv(); // Hash value is calculated from: |element 3|element 2| + entry.toHexadecimal(); // Concats all the elements of the entry and parse it into an hexadecimal string + entry.fromHexadecimal(); // String deserialization into entry element structure Basic claim ^^^^^^^^^^^ .. code:: js - const versionExample = 1; - const indexExample = Buffer.alloc(50); - indexExample.fill(41, 0, 1); - indexExample.fill(42, 1, 49); - indexExample.fill(43, 49, 50); - const dataExample = Buffer.alloc(62); - dataExample.fill(86, 0, 1); - dataExample.fill(88, 1, 61); - dataExample.fill(89, 61, 62); - // new basic claim - const claimBasic = new iden3.Claim.Factory(iden3.constants.CLAIMS.BASIC.ID, { - version: versionExample, index: utils.bytesToHex(indexExample), extraData: utils.bytesToHex(dataExample), - }); - /* - claim.structure: - { - claimType, - version, - index, - extraData, - }; - * Basic entry representation is as follows: - * |element 3|: |empty|index[0]|version|claim type| - |1 byte|19 bytes|4 bytes|8 bytes| - * |element 2|: |empty|index[1]| - |1 bytes|31 bytes| - * |element 1|: |empty|data[0]| - |1 bytes|31 bytes| - * |element 0|: |empty|data[1]| - |1 bytes|31 bytes| - */ - // methods of the Basic claim - claimBasic.createEntry(); // Code raw data claim object into an entry claim object - // parse Entry into Basic claim - let entry = new Entry(); - entry.fromHexadecimal(leaf); // Leaf is an hexadecimal representation of an Entry - let claimBasicParsed = iden3.claim.claimUtils.newClaimFromEntry(entry); + const versionExample = 1; + const indexExample = Buffer.alloc(50); + indexExample.fill(41, 0, 1); + indexExample.fill(42, 1, 49); + indexExample.fill(43, 49, 50); + const dataExample = Buffer.alloc(62); + dataExample.fill(86, 0, 1); + dataExample.fill(88, 1, 61); + dataExample.fill(89, 61, 62); + // new basic claim + const claimBasic = new iden3.Claim.Factory(iden3.constants.CLAIMS.BASIC.ID, { + version: versionExample, index: utils.bytesToHex(indexExample), extraData: utils.bytesToHex(dataExample), + }); + /* + claim.structure: + { + claimType, + version, + index, + extraData, + }; + * Basic entry representation is as follows: + * |element 3|: |empty|index[0]|version|claim type| - |1 byte|19 bytes|4 bytes|8 bytes| + * |element 2|: |empty|index[1]| - |1 bytes|31 bytes| + * |element 1|: |empty|data[0]| - |1 bytes|31 bytes| + * |element 0|: |empty|data[1]| - |1 bytes|31 bytes| + */ + // methods of the Basic claim + claimBasic.createEntry(); // Code raw data claim object into an entry claim object + // parse Entry into Basic claim + let entry = new Entry(); + entry.fromHexadecimal(leaf); // Leaf is an hexadecimal representation of an Entry + let claimBasicParsed = iden3.claim.claimUtils.newClaimFromEntry(entry); Authorize KSign claim ''''''''''''''''''''' .. code:: js - const versionExample = 1; - const signExample = true; - const ayExample = '0x0505050505050505050505050505050505050505050505050505050505050506'; - // new authorize ksign claim - const claimAuthorizeKSign = new Claim.Factory(iden3.constants.CLAIMS.AUTHORIZE_KSIGN.ID, { - version: versionExample, sign: signExample, ay: ayExample, - }); - /* - claim.structure: - { - claimType, - version, - sign, - ay, - }; - * Authorized Ksign element representation is as follows: - * |element 3|: |empty|sign|version|claim type| - |19 bytes|1 bytes|4 bytes|8 bytes| - * |element 2|: |Ay| - |32 bytes| - * |element 1|: |empty| - |32 bytes| - * |element 0|: |empty| - |32 bytes| - */ - // methods of the authorize Sign claim - claimAuthorizeKSign.createEntry(); // Code raw data claim object into an entry claim object - // parse Entry into authorize kSign claim - let entry = new Entry(); - entry.fromHexadecimal(leaf); // Leaf is an hexadecimal representation of an Entry - let claimBasicParsed = iden3.claim.claimUtils.newClaimFromEntry(entry); + const versionExample = 1; + const signExample = true; + const ayExample = '0x0505050505050505050505050505050505050505050505050505050505050506'; + // new authorize ksign claim + const claimAuthorizeKSign = new Claim.Factory(iden3.constants.CLAIMS.AUTHORIZE_KSIGN.ID, { + version: versionExample, sign: signExample, ay: ayExample, + }); + /* + claim.structure: + { + claimType, + version, + sign, + ay, + }; + * Authorized Ksign element representation is as follows: + * |element 3|: |empty|sign|version|claim type| - |19 bytes|1 bytes|4 bytes|8 bytes| + * |element 2|: |Ay| - |32 bytes| + * |element 1|: |empty| - |32 bytes| + * |element 0|: |empty| - |32 bytes| + */ + // methods of the authorize Sign claim + claimAuthorizeKSign.createEntry(); // Code raw data claim object into an entry claim object + // parse Entry into authorize kSign claim + let entry = new Entry(); + entry.fromHexadecimal(leaf); // Leaf is an hexadecimal representation of an Entry + let claimBasicParsed = iden3.claim.claimUtils.newClaimFromEntry(entry); Set root key claim '''''''''''''''''' .. code:: js - const versionExample = 1; - const eraExample = 1; - const idExample = '0x393939393939393939393939393939393939393A'; - const rootKeyExample = '0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0c'; - // new set root key ksign claim - const claimSetRootKey = new Claim.Factory(iden3.constants.CLAIMS.SET_ROOT_KEY.ID, { - version: versionExample, era: eraExample, id: idExample, rootKey: rootKeyExample, - }); - /* - claim.structure: - { - claimType, - version, - er, - id, - rootKey, - }; - * Set root key name entry representation is as follows: - * |element 3|: |empty|era|version|claim type| - |16 bytes|4 bytes|4 bytes|8 bytes| - * |element 2|: |empty|identity| - |12 bytes|20 bytes| - * |element 1|: |root key| - |32 bytes| - * |element 0|: |empty| - |32 bytes| - */ - // methods of the set root key claim - claimSetRootKey.createEntry(); // Code raw data claim object into an entry claim object - // parse Entry into set root key claim - let entry = new Entry(); - entry.fromHexadecimal(leaf); // Leaf is an hexadecimal representation of an Entry - let claimBasicParsed = iden3.claim.claimUtils.newClaimFromEntry(entry); + const versionExample = 1; + const eraExample = 1; + const idExample = '0x393939393939393939393939393939393939393A'; + const rootKeyExample = '0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0c'; + // new set root key ksign claim + const claimSetRootKey = new Claim.Factory(iden3.constants.CLAIMS.SET_ROOT_KEY.ID, { + version: versionExample, era: eraExample, id: idExample, rootKey: rootKeyExample, + }); + /* + claim.structure: + { + claimType, + version, + er, + id, + rootKey, + }; + * Set root key name entry representation is as follows: + * |element 3|: |empty|era|version|claim type| - |16 bytes|4 bytes|4 bytes|8 bytes| + * |element 2|: |empty|identity| - |12 bytes|20 bytes| + * |element 1|: |root key| - |32 bytes| + * |element 0|: |empty| - |32 bytes| + */ + // methods of the set root key claim + claimSetRootKey.createEntry(); // Code raw data claim object into an entry claim object + // parse Entry into set root key claim + let entry = new Entry(); + entry.fromHexadecimal(leaf); // Leaf is an hexadecimal representation of an Entry + let claimBasicParsed = iden3.claim.claimUtils.newClaimFromEntry(entry); Assign name claim ''''''''''''''''' .. code:: js - const versionExample = 1; - const nameExample = 'example.iden3.eth'; - const idExample = '0x393939393939393939393939393939393939393A'; - // new set root key ksign claim - const claimAssignName = new Claim.Factory(CONSTANTS.CLAIMS.ASSIGN_NAME.ID, { - version: versionExample, hashName: nameExample, id: idExample - }); - /* - claim.structure: - { - claimType, - version, - hashName, - id, - }; - * Assign name entry representation is as follows: - * |element 3|: |empty|version|claim type| - |20 bytes|4 bytes|8 bytes| - * |element 2|: |hash name| - |32 bytes| - * |element 1|: |empty|identity| - |12 bytes|20 bytes| - * |element 0|: |empty| - |32 bytes| - */ - // methods of the set root key claim - claimAssignName.createEntry(); // Code raw data claim object into an entry claim object - // parse Entry into set root key claim - let entry = new Entry(); - entry.fromHexadecimal(leaf); // Leaf is an hexadecimal representation of an Entry - let claimBasicParsed = iden3.claim.claimUtils.newClaimFromEntry(entry); + const versionExample = 1; + const nameExample = 'example.iden3.eth'; + const idExample = '0x393939393939393939393939393939393939393A'; + // new set root key ksign claim + const claimAssignName = new Claim.Factory(CONSTANTS.CLAIMS.ASSIGN_NAME.ID, { + version: versionExample, hashName: nameExample, id: idExample + }); + /* + claim.structure: + { + claimType, + version, + hashName, + id, + }; + * Assign name entry representation is as follows: + * |element 3|: |empty|version|claim type| - |20 bytes|4 bytes|8 bytes| + * |element 2|: |hash name| - |32 bytes| + * |element 1|: |empty|identity| - |12 bytes|20 bytes| + * |element 0|: |empty| - |32 bytes| + */ + // methods of the set root key claim + claimAssignName.createEntry(); // Code raw data claim object into an entry claim object + // parse Entry into set root key claim + let entry = new Entry(); + entry.fromHexadecimal(leaf); // Leaf is an hexadecimal representation of an Entry + let claimBasicParsed = iden3.claim.claimUtils.newClaimFromEntry(entry); + +.. _assign-name-claim-1: Assign name claim ''''''''''''''''' .. code:: js - const versionExample = 1; - const pubKeyCompressedExample = '0x036d94c84a7096c572b83d44df576e1ffb3573123f62099f8d4fa19de806bd4d593A'; - // new authorize kSign secp256k1 claim - const claimAuthKSignSecp256k1 = new Claim.Factory(CONSTANTS.CLAIMS.AUTHORIZE_KSIGN_SECP256K1.ID, { - version: versionExample, pubKeyCompressed: utils.bytesToHex(pubKeyCompressedExample), - }); - /* - claim.structure: - { - claimType, - version, - pubKeyCompressed, - }; - * Authorized KsignSecp256k1 element representation is as follows: - * |element 3|: |empty|public key[0]|version|claim type| - |18 bytes|2 bytes|4 bytes|8 bytes| - * |element 2|: |empty|public key[1]| - |1 bytes|31 bytes| - * |element 1|: |empty| - |32 bytes| - * |element 0|: |empty| - |32 bytes| - */ - // methods of the authorize ksign secp256k1 - claimAuthKSignSecp256k1.createEntry(); // Code raw data claim object into an entry claim object - // parse Entry into set root key claim - let entry = new Entry(); - entry.fromHexadecimal(leaf); // Leaf is an hexadecimal representation of an Entry - let claimBasicParsed = iden3.claim.claimUtils.newClaimFromEntry(entry); + const versionExample = 1; + const pubKeyCompressedExample = '0x036d94c84a7096c572b83d44df576e1ffb3573123f62099f8d4fa19de806bd4d593A'; + // new authorize kSign secp256k1 claim + const claimAuthKSignSecp256k1 = new Claim.Factory(CONSTANTS.CLAIMS.AUTHORIZE_KSIGN_SECP256K1.ID, { + version: versionExample, pubKeyCompressed: utils.bytesToHex(pubKeyCompressedExample), + }); + /* + claim.structure: + { + claimType, + version, + pubKeyCompressed, + }; + * Authorized KsignSecp256k1 element representation is as follows: + * |element 3|: |empty|public key[0]|version|claim type| - |18 bytes|2 bytes|4 bytes|8 bytes| + * |element 2|: |empty|public key[1]| - |1 bytes|31 bytes| + * |element 1|: |empty| - |32 bytes| + * |element 0|: |empty| - |32 bytes| + */ + // methods of the authorize ksign secp256k1 + claimAuthKSignSecp256k1.createEntry(); // Code raw data claim object into an entry claim object + // parse Entry into set root key claim + let entry = new Entry(); + entry.fromHexadecimal(leaf); // Leaf is an hexadecimal representation of an Entry + let claimBasicParsed = iden3.claim.claimUtils.newClaimFromEntry(entry); checkProofOfClaim ^^^^^^^^^^^^^^^^^ @@ -595,30 +634,30 @@ revocation of the ``SetRootClaim`` .. code:: js - let proofClaim = { - date: 1549534168, - leaf:'000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000aac4ed37a11e6a9170cb19a6e558913dc3ef000000000000000000000000000000000000a6a7000000000000000000000004', - proofs: [{ - aux: { - era: 0, - idAddr: '0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22', - version: 1 - } - mtp0: '00010000000000000000000000000000000000000000000000000000000000011d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c3922', - mtp1: '03010000000000000000000000000000000000000000000000000000000000011d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c39221c8bdcd862752abf2dd32d16c9c3acfa20ea93cecc64d169c4550ca3e9bca20b1541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224baed', - root: '21c6e1a81851f4017139ae8ddfbd5e894376fdd14c73cecf2a81939bae78595b', - } , { - aux: null - mtp0: '0007000000000000000000000000000000000000000000000000000000000041083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f81990fef40cc16896de64be5a0f827799555344fd3d9aade9b65d95ecfbcac3e5a73', - mtp1: '0301000000000000000000000000000000000000000000000000000000000001081b6542453a651f2b0fea8b639a8823809f7fc032c051a644d1a8b559ba0322182adc955c46e6629ac74027ded0c843c7c65e8c3c4f12f77add56500f9f402e25451237d9133b0f5c1386b7b822f382cb14c5fff612a913956ef5436fb6208a', - root: '1560e7b6983491305c6522c4227b98fbf26753b6a7fcb97ffb0ef7d98b271e99', - - }], - signature:'3cedbb3d6eab5ce9a1f8bb436a080f7ec5ede3526fdcfa094fee33cbbd414d0c6d41a6650f4fdda27a66d51d87d18b4cae0adbd695ccdb152dae65a998ba61f101', - } - let proofClaim = JSON.parse(proofClaim); - let verified = iden3.protocols.verifyProofClaimFull(proofClaim, relayAddr); - // verified === true + let proofClaim = { + date: 1549534168, + leaf:'000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000aac4ed37a11e6a9170cb19a6e558913dc3ef000000000000000000000000000000000000a6a7000000000000000000000004', + proofs: [{ + aux: { + era: 0, + idAddr: '0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22', + version: 1 + } + mtp0: '00010000000000000000000000000000000000000000000000000000000000011d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c3922', + mtp1: '03010000000000000000000000000000000000000000000000000000000000011d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c39221c8bdcd862752abf2dd32d16c9c3acfa20ea93cecc64d169c4550ca3e9bca20b1541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224baed', + root: '21c6e1a81851f4017139ae8ddfbd5e894376fdd14c73cecf2a81939bae78595b', + } , { + aux: null + mtp0: '0007000000000000000000000000000000000000000000000000000000000041083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f81990fef40cc16896de64be5a0f827799555344fd3d9aade9b65d95ecfbcac3e5a73', + mtp1: '0301000000000000000000000000000000000000000000000000000000000001081b6542453a651f2b0fea8b639a8823809f7fc032c051a644d1a8b559ba0322182adc955c46e6629ac74027ded0c843c7c65e8c3c4f12f77add56500f9f402e25451237d9133b0f5c1386b7b822f382cb14c5fff612a913956ef5436fb6208a', + root: '1560e7b6983491305c6522c4227b98fbf26753b6a7fcb97ffb0ef7d98b271e99', + + }], + signature:'3cedbb3d6eab5ce9a1f8bb436a080f7ec5ede3526fdcfa094fee33cbbd414d0c6d41a6650f4fdda27a66d51d87d18b4cae0adbd695ccdb152dae65a998ba61f101', + } + let proofClaim = JSON.parse(proofClaim); + let verified = iden3.protocols.verifyProofClaimFull(proofClaim, relayAddr); + // verified === true Sparse merkletree ~~~~~~~~~~~~~~~~~ @@ -626,18 +665,17 @@ Sparse merkletree Merkle tree initialization ^^^^^^^^^^^^^^^^^^^^^^^^^^ -Three parameters as an inputs: - db --> where to store key-value merkle -tree nodes - idaddr --> used as key prefix at the time to store key -nodes +Three parameters as an inputs: - db –> where to store key-value merkle +tree nodes - idaddr –> used as key prefix at the time to store key nodes .. code:: js - // New database - const db = new iden3.Db(); - // Hardcoded id address for multi identity purposes - const idAddr = '0xq5soghj264eax651ghq1651485ccaxas98461251d5f1sdf6c51c5d1c6sd1c651'; - // New merkle tree class instance - const mt = new iden3.sparseMerkleTree.SparseMerkleTree(db, idAddr); + // New database + const db = new iden3.Db(); + // Hardcoded id address for multi identity purposes + const idAddr = '0xq5soghj264eax651ghq1651485ccaxas98461251d5f1sdf6c51c5d1c6sd1c651'; + // New merkle tree class instance + const mt = new iden3.sparseMerkleTree.SparseMerkleTree(db, idAddr); Add claim ^^^^^^^^^ @@ -647,11 +685,11 @@ containing 4 ``bigInt`` fields .. code:: js - // Add leaf - // Create data leaf structure - const leaf = [bigInt(12), bigInt(45), bigInt(78), bigInt(41)]; - // Add leaf to the merkle tree - mt.addClaim(leaf); + // Add leaf + // Create data leaf structure + const leaf = [bigInt(12), bigInt(45), bigInt(78), bigInt(41)]; + // Add leaf to the merkle tree + mt.addClaim(leaf); Get leaf data by hash Index ^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -660,9 +698,9 @@ Look for a index leaf on the merkle tree ans retrieves its data .. code:: js - // Get leaf data by hash Index - // Retrieve data of the leaf - const leafData = mt.getClaimByHi(leaf.slice(2)); + // Get leaf data by hash Index + // Retrieve data of the leaf + const leafData = mt.getClaimByHi(leaf.slice(2)); Generate Proof ^^^^^^^^^^^^^^ @@ -672,10 +710,10 @@ certain leaf is on a merkle tree. .. code:: js - // Get leafProof for a given leaf index - const leafProof = mt.generateProof(leaf.slice(2)); - // Code `leafProof` into a hexadecimal string - const leafProofHex = iden3.utils.bytesToHex(leafProof); + // Get leafProof for a given leaf index + const leafProof = mt.generateProof(leaf.slice(2)); + // Code `leafProof` into a hexadecimal string + const leafProofHex = iden3.utils.bytesToHex(leafProof); CheckProof ^^^^^^^^^^ @@ -684,17 +722,17 @@ Checks the ``Merkle Proof`` of a ``Leaf``. ##### Proof-of-existence .. code:: js - // CheckProof - // Proof-of-existencee - // Retrieve merkle tree root and code it into a string - const rootHex = iden3.utils.bytesToHex(mt.root); - // Code hash index into a hexadecimal string - // Compute total hash of the leaf and code it into an hexadecimal string - const hashes = iden3.sparseMerkleTree.getHiHv(leaf); - const hiHex = iden3.utils.bytesToHex(helpers.bigIntToBuffer(hashes[0])); - const hvHex = iden3.utils.bytesToHex(helpers.bigIntToBuffer(hashes[1])); - // Check if a leaf is on the merkle tree - const verified = iden3.sparseMerkleTree.checkProof(rootHex, leafProofHex, hiHex, hvHex); + // CheckProof + // Proof-of-existencee + // Retrieve merkle tree root and code it into a string + const rootHex = iden3.utils.bytesToHex(mt.root); + // Code hash index into a hexadecimal string + // Compute total hash of the leaf and code it into an hexadecimal string + const hashes = iden3.sparseMerkleTree.getHiHv(leaf); + const hiHex = iden3.utils.bytesToHex(helpers.bigIntToBuffer(hashes[0])); + const hvHex = iden3.utils.bytesToHex(helpers.bigIntToBuffer(hashes[1])); + // Check if a leaf is on the merkle tree + const verified = iden3.sparseMerkleTree.checkProof(rootHex, leafProofHex, hiHex, hvHex); Proof-of-non-existence '''''''''''''''''''''' @@ -704,21 +742,21 @@ check if it is on the merkle tree. .. code:: js - // CheckProof - // Proof-of-non-existence - // create leaf2 data structure - const leaf2 = [bigInt(1), bigInt(2), bigInt(3), bigInt(4)]; - // Code hash index into a hexadecimal string - // Compute total hash of the leaf and code it into an hexadecimal string - const hashes2 = iden3.sparseMerkleTree.getHiHv(leaf2); - const hiHex2 = iden3.utils.bytesToHex(helpers.bigIntToBuffer(hashes2[0])); - const hvHex2 = iden3.utils.bytesToHex(helpers.bigIntToBuffer(hashes2[1])); - // Get leafProof for a given leaf index - const leafProof2 = mt.generateProof(leaf2.slice(2)); - // Code `leafProof` into a hexadecimal string - const leafProofHex2 = iden3.utils.bytesToHex(leafProof2); - // Check if a leaf is on the merkle tree - const verified2 = iden3.sparseMerkleTree.checkProof(rootHex, leafProofHex2, hiHex2, hvHex2); + // CheckProof + // Proof-of-non-existence + // create leaf2 data structure + const leaf2 = [bigInt(1), bigInt(2), bigInt(3), bigInt(4)]; + // Code hash index into a hexadecimal string + // Compute total hash of the leaf and code it into an hexadecimal string + const hashes2 = iden3.sparseMerkleTree.getHiHv(leaf2); + const hiHex2 = iden3.utils.bytesToHex(helpers.bigIntToBuffer(hashes2[0])); + const hvHex2 = iden3.utils.bytesToHex(helpers.bigIntToBuffer(hashes2[1])); + // Get leafProof for a given leaf index + const leafProof2 = mt.generateProof(leaf2.slice(2)); + // Code `leafProof` into a hexadecimal string + const leafProofHex2 = iden3.utils.bytesToHex(leafProof2); + // Check if a leaf is on the merkle tree + const verified2 = iden3.sparseMerkleTree.checkProof(rootHex, leafProofHex2, hiHex2, hvHex2); The complete example can be found in ```sparse-merkle-tree.example.js`` `__ @@ -728,15 +766,15 @@ Utils .. code:: js - // hash Buffer - let hash = iden3.utils.hashBytes(b); + // hash Buffer + let hash = iden3.utils.hashBytes(b); - let hex = iden3.utils.bytesToHex(buff); // returns a Hexadecimal representation of a Buffer - let buff = iden3.utils.hexToBytes(hex); // returns a Buffer from a Heximal representation string + let hex = iden3.utils.bytesToHex(buff); // returns a Hexadecimal representation of a Buffer + let buff = iden3.utils.hexToBytes(hex); // returns a Buffer from a Heximal representation string - // verify signature - let verified = iden3.utils.verifySignature(msgHashHex, signatureHex, addressHex); - // verified: true + // verify signature + let verified = iden3.utils.verifySignature(msgHashHex, signatureHex, addressHex); + // verified: true Relay http ~~~~~~~~~~ @@ -748,37 +786,37 @@ Create Relay object .. code:: js - // new relay - const relayAddr = '0xe0fbce58cfaa72812103f003adce3f284fe5fc7c'; - const relay = new iden3.Relay('http://127.0.0.1:8000/api/unstable'); + // new relay + const relayAddr = '0xe0fbce58cfaa72812103f003adce3f284fe5fc7c'; + const relay = new iden3.Relay('http://127.0.0.1:8000/api/unstable'); relay.getID ^^^^^^^^^^^ .. code:: js - relay.getID(id.idAddr).then((res) => { - console.log(res.data); - }); + relay.getID(id.idAddr).then((res) => { + console.log(res.data); + }); - Output: - .. code:: js +.. code:: js - // Return object: - IdAddr: Address identity identifier - // - LocalDb: contins necessary informatin to create counterfactoual - // - Onchain: information regarding smart contract deployed on the blockchain - { - IdAddr: '0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22', - LocalDb: { + // Return object: - IdAddr: Address identity identifier + // - LocalDb: contins necessary informatin to create counterfactoual + // - Onchain: information regarding smart contract deployed on the blockchain + { + IdAddr: '0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22', + LocalDb: { impl:'0x66d0c2f85f1b717168cbb508afd1c46e07227130', operational:'0xc7d89fe96acdb257b434bf580b8e6eb677d445a9', operationalPk:'0x03c2e48632c87932663beff7a1f6deb692cc61b041262ae8f310203d0f5ff57833', recoverer:'0xf3c9f94e4eaffef676d4fd3b4fc2732044caea91', relayer:'0xe0fbce58cfaa72812103f003adce3f284fe5fc7c', revokator:'0xb07079bd6238fa845dc77bbce3ec2edf98ffe735', - }, - onchain: { + }, + onchain: { Codehash:'0x4fec321ffcfdd48cdbe4d02553acb18ddb04cd5c6a78bcaf86e87834b1f3d0ee', Impl:'0x66d0c2f85f1b717168cbb508afd1c46e07227130', LastNonce:0, @@ -786,103 +824,112 @@ relay.getID RecovererProp:'0x0000000000000000000000000000000000000000', Relay:'0xe0fbce58cfaa72812103f003adce3f284fe5fc7c', Revoker:'0xb07079bd6238fa845dc77bbce3ec2edf98ffe735', - }, - } + }, + } - .. rubric:: relay.getRelayRoot - :name: relay.getrelayroot +relay.getRelayRoot +^^^^^^^^^^^^^^^^^^ - .. code:: js +.. code:: js - relay.getRelayRoot() - .then(res => { + relay.getRelayRoot() + .then(res => { console.log('res.data', res.data); - }); + }); - Output: - .. code:: js +.. code:: js - // Return object: - contractRoot: Address of the relay smart contract - // - root: Current root of the relay merkle tree - { - contractRoot: '0x0000000000000000000000000000000000000000000000000000000000000000', - root: '0x1560e7b6983491305c6522c4227b98fbf26753b6a7fcb97ffb0ef7d98b271e99' - } + // Return object: - contractRoot: Address of the relay smart contract + // - root: Current root of the relay merkle tree + { + contractRoot: '0x0000000000000000000000000000000000000000000000000000000000000000', + root: '0x1560e7b6983491305c6522c4227b98fbf26753b6a7fcb97ffb0ef7d98b271e99' + } relay.getIDRoot ^^^^^^^^^^^^^^^ .. code:: js - relay.getIDRoot(id.kc.addressHex()) - .then(res => { - console.log('res.data', res.data); - }); + relay.getIDRoot(id.kc.addressHex()) + .then(res => { + console.log('res.data', res.data); + }); - Output: - .. code:: js +.. code:: js - // Return object: - idRoot: Root of the identity merkle tree - // - proofIdRoot: Proof of SetRootClaim that relay merkle tree contains identity root merkle tree - // - root: Root of the relay merkle tree - { - idRoot: '0x0000000000000000000000000000000000000000000000000000000000000000', - proofIdRoot: '0x0000000000000000000000000000000000000000000000000000000000000000', - root: '0x0000000000000000000000000000000000000000000000000000000000000000' - } + // Return object: - idRoot: Root of the identity merkle tree + // - proofIdRoot: Proof of SetRootClaim that relay merkle tree contains identity root merkle tree + // - root: Root of the relay merkle tree + { + idRoot: '0x0000000000000000000000000000000000000000000000000000000000000000', + proofIdRoot: '0x0000000000000000000000000000000000000000000000000000000000000000', + root: '0x0000000000000000000000000000000000000000000000000000000000000000' + } - .. rubric:: relay.getClaimByHi - :name: relay.getclaimbyhi +relay.getClaimByHi +^^^^^^^^^^^^^^^^^^ - \`\`\`js let leaf = new iden3.claims.Entry(); +.. code:: js + + let leaf = new iden3.claims.Entry(); leaf.fromHexadecimal(proofClaim.Leaf); -relay.getClaimByHi(id.idAddr, iden.utils.bytesToHex(leaf.hi())) -.then(res => { console.log('res.data', res.data); }); ````\ js // Return -object: - proofOfClaim: Proof of claim for the claim asked proofClaim = -{ date: 1549534168, -leaf:'000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000aac4ed37a11e6a9170cb19a6e558913dc3ef000000000000000000000000000000000000a6a7000000000000000000000004', -proofs: [{ aux: { era: 0, idAddr: -'0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22', version: 1 } mtp0: -'00010000000000000000000000000000000000000000000000000000000000011d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c3922', -mtp1: -'03010000000000000000000000000000000000000000000000000000000000011d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c39221c8bdcd862752abf2dd32d16c9c3acfa20ea93cecc64d169c4550ca3e9bca20b1541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224baed', -root: -'21c6e1a81851f4017139ae8ddfbd5e894376fdd14c73cecf2a81939bae78595b', } , -{ aux: null mtp0: -'0007000000000000000000000000000000000000000000000000000000000041083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f81990fef40cc16896de64be5a0f827799555344fd3d9aade9b65d95ecfbcac3e5a73', -mtp1: -'0301000000000000000000000000000000000000000000000000000000000001081b6542453a651f2b0fea8b639a8823809f7fc032c051a644d1a8b559ba0322182adc955c46e6629ac74027ded0c843c7c65e8c3c4f12f77add56500f9f402e25451237d9133b0f5c1386b7b822f382cb14c5fff612a913956ef5436fb6208a', -root: -'1560e7b6983491305c6522c4227b98fbf26753b6a7fcb97ffb0ef7d98b271e99', - -}], -signature:'3cedbb3d6eab5ce9a1f8bb436a080f7ec5ede3526fdcfa094fee33cbbd414d0c6d41a6650f4fdda27a66d51d87d18b4cae0adbd695ccdb152dae65a998ba61f101', -} \`\`\` + relay.getClaimByHi(id.idAddr, iden.utils.bytesToHex(leaf.hi())) + .then(res => { + console.log('res.data', res.data); + }); + +.. code:: js + + // Return object: - proofOfClaim: Proof of claim for the claim asked + proofClaim = { + date: 1549534168, + leaf:'000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000aac4ed37a11e6a9170cb19a6e558913dc3ef000000000000000000000000000000000000a6a7000000000000000000000004', + proofs: [{ + aux: { + era: 0, + idAddr: '0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22', + version: 1 + } + mtp0: '00010000000000000000000000000000000000000000000000000000000000011d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c3922', + mtp1: '03010000000000000000000000000000000000000000000000000000000000011d9d41171c4b621ff279e2acb84d8ab45612fef53e37225bdf67e8ad761c39221c8bdcd862752abf2dd32d16c9c3acfa20ea93cecc64d169c4550ca3e9bca20b1541a6b5aa9bf7d9be3d5cb0bcc7cacbca26242016a0feebfc19c90f2224baed', + root: '21c6e1a81851f4017139ae8ddfbd5e894376fdd14c73cecf2a81939bae78595b', + } , { + aux: null + mtp0: '0007000000000000000000000000000000000000000000000000000000000041083dbb7700313075a2b8fe34b0188ff44784e3dc60987ed9277b59fad48f81990fef40cc16896de64be5a0f827799555344fd3d9aade9b65d95ecfbcac3e5a73', + mtp1: '0301000000000000000000000000000000000000000000000000000000000001081b6542453a651f2b0fea8b639a8823809f7fc032c051a644d1a8b559ba0322182adc955c46e6629ac74027ded0c843c7c65e8c3c4f12f77add56500f9f402e25451237d9133b0f5c1386b7b822f382cb14c5fff612a913956ef5436fb6208a', + root: '1560e7b6983491305c6522c4227b98fbf26753b6a7fcb97ffb0ef7d98b271e99', + + }], + signature:'3cedbb3d6eab5ce9a1f8bb436a080f7ec5ede3526fdcfa094fee33cbbd414d0c6d41a6650f4fdda27a66d51d87d18b4cae0adbd695ccdb152dae65a998ba61f101', + } relay.resolveName ^^^^^^^^^^^^^^^^^ .. code:: js - relay.resolveName('username@iden3.io') - .then(res => { - console.log('res.data', res.data); - }); + relay.resolveName('username@iden3.io') + .then(res => { + console.log('res.data', res.data); + }); - Output: - .. code:: js +.. code:: js - // Return object: - claim: Hexadecimal representation of the assign name claim - // - idAddr: Ethereum address associated with the name asked - // - proofOfClaimAssignName: Proof of the claim requested - { - claim: '0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f3715507449f3a8e1f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000000003', - ethAddr: '0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22'. - proofOfClaimAssignName: { + // Return object: - claim: Hexadecimal representation of the assign name claim + // - idAddr: Ethereum address associated with the name asked + // - proofOfClaimAssignName: Proof of the claim requested + { + claim: '0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f3715507449f3a8e1f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000000003', + ethAddr: '0x7b471a1bdbd3b8ac98f3715507449f3a8e1f3b22'. + proofOfClaimAssignName: { date: 1549539788, leaf: '00000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b471a1bdbd3b8ac98f3715507449f3a8e1f3b22008c8efcda9e563cf153563941b60fc5ac88336fc58d361eb0888686fadb99760000000000000000000000000000000000000000000000000000000000000003', proofs:[{ @@ -892,8 +939,8 @@ relay.resolveName root: '1560e7b6983491305c6522c4227b98fbf26753b6a7fcb97ffb0ef7d98b271e99', }] signature:'0b17f53111f890222d8139e0a400f9dbf900dabdc450759ac9ab19fb9f239f704d250cd3116b6f74905ffccd8754182d3de2e1fc4ac7a35b0db6fe660198422000', - }, - } + }, + } Tests ----- @@ -902,21 +949,21 @@ To run unitary test: .. code:: js - npm run test:unit + npm run test:unit To run integration test, needs to have a running `Relay `__ node. :: - npm run test:int + npm run test:int To run all test, needs to have a running `Relay `__ node. :: - npm run test:all + npm run test:all Browserify bundle ----------------- @@ -925,7 +972,7 @@ To generate the browserify bundle: :: - npm run browserify + npm run browserify WARNING ~~~~~~~ @@ -937,11 +984,11 @@ Releases Version compatibility -+-------+-----------+------------+ -| | iden3js | go-iden3 | -+=======+===========+============+ -| tag | v0.0.21 | v0.0.2 | -+-------+-----------+------------+ ++-----+---------+----------+ +| | iden3js | go-iden3 | ++=====+=========+==========+ +| tag | v0.0.21 | v0.0.2 | ++-----+---------+----------+ License ------- @@ -949,6 +996,3 @@ License iden3js is part of the iden3 project copyright 2018 0kims association and published with GPL-3 license, please check the LICENSE file for more details. - -.. |Build Status| image:: https://travis-ci.org/iden3/iden3js.svg?branch=master - :target: https://travis-ci.org/iden3/iden3js diff --git a/source/iden3_repos/iden3js/src/protocols/login_merge.rst b/source/iden3_repos/iden3js/src/protocols/login_merge.rst index ce346d0..ace2c0d 100644 --- a/source/iden3_repos/iden3js/src/protocols/login_merge.rst +++ b/source/iden3_repos/iden3js/src/protocols/login_merge.rst @@ -17,8 +17,7 @@ For the login case, the user desires to assert a particular identity (an ethereum address in this case) to a server so that they are allowed access into the service while being identified. -.. figure:: login_overview.png - :alt: +|image0| Assumptions ----------- @@ -39,13 +38,12 @@ What is needed Protocol flow ------------- -.. figure:: login_flow.png - :alt: +|image1| Challenges contain a cryptographic nonce and have a timeout that indicates the validity of the nonce in the challenge. A signed challenge with a timed out nonce must be rejected by the server. The server must -store a list of not timed out nonces that haven't been signed yet to +store a list of not timed out nonces that haven’t been signed yet to guarantee freshness. A cryptographic nonce must be securely generated and long enough to @@ -58,15 +56,15 @@ A signature may be requested as follows: :: - { - header: { - typ: iden3.sig.v0_1 - } - body: { - type: TYPE - data: DATA - } - } + { + header: { + typ: iden3.sig.v0_1 + } + body: { + type: TYPE + data: DATA + } + } The user will generate a packet following the signature protocol specification, that may contain data from a signature request, or may be @@ -81,23 +79,23 @@ elements are specified by the ``typ`` (signature packet) in the header. :: - JWS_PAYLOAD = { - type: TYPE - data: DATA - form: FORM - ksign: str # ksing public key in compressed form - proofKSing: proofClaim # Proof of authorize k sign claim (which contains the public key in compressed form) - } + JWS_PAYLOAD = { + type: TYPE + data: DATA + form: FORM + ksign: str # ksing public key in compressed form + proofKSing: proofClaim # Proof of authorize k sign claim (which contains the public key in compressed form) + } - JWS_HEADER = { - typ: iden3.sig.v0_1 - iss: str # Ethereum Address - iat: uint # issued at time, unix timestamp - exp: uint # expiration time, unix timestamp - alg: ? # algorithm - } + JWS_HEADER = { + typ: iden3.sig.v0_1 + iss: str # Ethereum Address + iat: uint # issued at time, unix timestamp + exp: uint # expiration time, unix timestamp + alg: ? # algorithm + } - JWS_SIGN(JWS_HEADER, JWS_PAYLOAD) + JWS_SIGN(JWS_HEADER, JWS_PAYLOAD) Each Signature request ``type`` has a view representation for the user, where the ``data`` and ``form`` are presented. Some of the values may be @@ -110,7 +108,7 @@ the ability to pick some elements of the ``form``. key. As ``JWS_HEADER.alg`` we will use a custom algorithm (not defined in the -JWS standard): "EK256K1", which is ECDSA with secp256k1 curve and keccak +JWS standard): “EK256K1”, which is ECDSA with secp256k1 curve and keccak as hash function, the same signature algorithm configuration used in Ethereum. @@ -119,19 +117,19 @@ Auxiliary data structures :: - proofClaim: { - signature: signature # Relay root + date signed by relay - date: uint - leaf: claim - proofs: proofClaimPartial[] - } + proofClaim: { + signature: signature # Relay root + date signed by relay + date: uint + leaf: claim + proofs: proofClaimPartial[] + } - proofClaimPartial: { - mtp0: mtp # merkle tree proof of leaf existence - mtp1: mtp # merkle tree proof of leaf non-existence - root: key # merkle tree root - aux: nil | { ver: uint, era: uint, idAddr: str } # Necessary data to construct SetRootClaim from root - } + proofClaimPartial: { + mtp0: mtp # merkle tree proof of leaf existence + mtp1: mtp # merkle tree proof of leaf non-existence + root: key # merkle tree root + aux: nil | { ver: uint, era: uint, idAddr: str } # Necessary data to construct SetRootClaim from root + } Usually the relay returns the ``proofClaim`` data structure to prove that a claim is valid and is in the merkle tree. @@ -143,16 +141,16 @@ payload: :: - type: iden3.iden_assert.v0_1 - data: { - challenge: nonce # 256 bits in base64 - timeout: uint # seconds - origin: str # domain - } - form: { - ethName: str # ethereumName - proofAssignName: proofClaim # proof of claim Assign Name for ethName - } + type: iden3.iden_assert.v0_1 + data: { + challenge: nonce # 256 bits in base64 + timeout: uint # seconds + origin: str # domain + } + form: { + ethName: str # ethereumName + proofAssignName: proofClaim # proof of claim Assign Name for ethName + } A session id, if necessary, can be computed from the challenge. This session id can be used to link the communication between the web service @@ -162,13 +160,13 @@ view: :: - type: Identity Assertion - data: { - origin: str # domain - } - form: { - ethName: str # ethereum name - } + type: Identity Assertion + data: { + origin: str # domain + } + form: { + ethName: str # ethereum name + } Algorithms ---------- @@ -184,14 +182,14 @@ Signature verification algorithm :: - VerifySignedPacket(jwsHeader, jwsPayload, signature, relayPk): - 1. Verify jwsHeader.typ is 'iden3.sig.v0_1' - 2. Verify jwsHeader.alg is 'EK256K1' - 3. Verify that jwsHeader.iat <= now() < jwsHeader.exp - 4. Verify that jwsPayload.ksign is in jwsPayload.proofKSign.leaf - 5. Verify that jwsHeader.iss is in jwsPayload.proofKSign - 6. Verify that signature of JWS(jwsHeader, jwsPayload) by jwsPayload.ksign is signature - 7. VerifyProofOfClaim(jwsPayload.proofKSign, relayPk) + VerifySignedPacket(jwsHeader, jwsPayload, signature, relayPk): + 1. Verify jwsHeader.typ is 'iden3.sig.v0_1' + 2. Verify jwsHeader.alg is 'EK256K1' + 3. Verify that jwsHeader.iat <= now() < jwsHeader.exp + 4. Verify that jwsPayload.ksign is in jwsPayload.proofKSign.leaf + 5. Verify that jwsHeader.iss is in jwsPayload.proofKSign + 6. Verify that signature of JWS(jwsHeader, jwsPayload) by jwsPayload.ksign is signature + 7. VerifyProofOfClaim(jwsPayload.proofKSign, relayPk) In 4. we verify that the ksign used to sign the packet is authorized by the user, identified by jwsHeader.iss ethereum address. @@ -201,27 +199,27 @@ Iden Assert verification algorithm :: - VerifyIdenAssertV01(nonceDB, origin, jwsHeader, jwsPayload, signature, relayPk): - 1. Verify jwsPayload.type is 'iden3.iden_assert.v0_1' - 2. Verify jwsPayload.data.origin is origin - 3. Verify jwsPayload.data.challenge is in nonceDB and hasn't expired, delete it - 4. Verify that jwsHeader.iss and jwsPayload.form.ethName are in jwsPayload.proofAssignName.leaf - 5. VerifyProofOfClaim(jwsPayload.form.ethName, relayPk) + VerifyIdenAssertV01(nonceDB, origin, jwsHeader, jwsPayload, signature, relayPk): + 1. Verify jwsPayload.type is 'iden3.iden_assert.v0_1' + 2. Verify jwsPayload.data.origin is origin + 3. Verify jwsPayload.data.challenge is in nonceDB and hasn't expired, delete it + 4. Verify that jwsHeader.iss and jwsPayload.form.ethName are in jwsPayload.proofAssignName.leaf + 5. VerifyProofOfClaim(jwsPayload.form.ethName, relayPk) ProofOfClaim verification ~~~~~~~~~~~~~~~~~~~~~~~~~ :: - VerifyProofOfClaim(p, relayPk): - 1. Verify signature of p.proofs[-1].root by relayPk is p.signature - let leaf = p.leaf - 2. loop for each proof in p.proofs: - 2.1 Verify proof.mtp0 is existence proof - 2.2 Verify proof.mtp0 with leaf and proof.root - 2.3 Verify proof.mtp1 is non-existence proof - 2.4 Verify proof.mtp1 with ClaimIncrementVersion(leaf) and proof.root - leaf = NewClaimSetRootClaim(p.root, p.aux.ver, p.aux.era, p.aux.ethAddr) + VerifyProofOfClaim(p, relayPk): + 1. Verify signature of p.proofs[-1].root by relayPk is p.signature + let leaf = p.leaf + 2. loop for each proof in p.proofs: + 2.1 Verify proof.mtp0 is existence proof + 2.2 Verify proof.mtp0 with leaf and proof.root + 2.3 Verify proof.mtp1 is non-existence proof + 2.4 Verify proof.mtp1 with ClaimIncrementVersion(leaf) and proof.root + leaf = NewClaimSetRootClaim(p.root, p.aux.ver, p.aux.era, p.aux.ethAddr) Rationale --------- @@ -229,6 +227,10 @@ Rationale See `this document `__ for the rationale of some decisions made in the design of this protocol. +.. |image0| image:: login_overview.png +.. |image1| image:: login_flow.png + + iden3js - protocols =================== @@ -237,31 +239,31 @@ Login (Identity Assertion) :: - Wallet Service - + + - | signatureRequest | - | <-------------------------------------+ | - | | - | +---+ | - | | | - | |sign packet | - | | | - | <---+ | - | signedPacket | - | +-------------------------------------> | - | | - | +---+ | - | verify | | - | signedPacket| | - | | | - | +---> | - | | - | ok | - | <-------------------------------------+ | - | | - | | - | | - + + + Wallet Service + + + + | signatureRequest | + | <-------------------------------------+ | + | | + | +---+ | + | | | + | |sign packet | + | | | + | <---+ | + | signedPacket | + | +-------------------------------------> | + | | + | +---+ | + | verify | | + | signedPacket| | + | | | + | +---> | + | | + | ok | + | <-------------------------------------+ | + | | + | | + | | + + + Read the login protocol specification `here `__. @@ -270,7 +272,7 @@ Define new NonceDB .. code:: js - const nonceDB = new iden3.protocols.NonceDB(); + const nonceDB = new iden3.protocols.NonceDB(); Generate New Request of Identity Assert ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -286,24 +288,24 @@ Generate New Request of Identity Assert - ``signatureRequest``: ``Object`` - .. code:: js + .. code:: js - const signatureRequest = iden3.protocols.login.newRequestIdenAssert(nonceDB, origin, 2*60); + const signatureRequest = iden3.protocols.login.newRequestIdenAssert(nonceDB, origin, 2*60); The ``nonce`` of the ``signatureRequest`` can be getted from: .. code:: js - const nonce = signatureRequest.body.data.challenge; - // nonce is the string containing the nonce value + const nonce = signatureRequest.body.data.challenge; + // nonce is the string containing the nonce value We can add auxiliar data to the ``nonce`` in the ``nonceDB`` only one time: .. code:: js - const added = nodeDB.addAuxToNonce(nonce, auxdata); - // added is a bool confirming if the aux data had been added + const added = nodeDB.addAuxToNonce(nonce, auxdata); + // added is a bool confirming if the aux data had been added Sign Packet ~~~~~~~~~~~ @@ -325,10 +327,10 @@ Sign Packet - ``signedPacket``: ``String`` - .. code:: js + .. code:: js - const expirationTime = unixtime + (3600 * 60); - const signedPacket = iden3.protocols.login.signIdenAssertV01(signatureRequest, usrAddr, ethName, proofOfEthName, kc, ksign, proofOfKSign, expirationTime); + const expirationTime = unixtime + (3600 * 60); + const signedPacket = iden3.protocols.login.signIdenAssertV01(signatureRequest, usrAddr, ethName, proofOfEthName, kc, ksign, proofOfKSign, expirationTime); Verify Signed Packet ~~~~~~~~~~~~~~~~~~~~ @@ -346,9 +348,9 @@ Verify Signed Packet deleted from the nonceDB when the signedPacket is verified. If the verification fails, the nonce will be ``undefined`` - .. code:: js + .. code:: js - const verified = iden3.protocols.login.verifySignedPacket(nonceDB, origin, signedPacket); + const verified = iden3.protocols.login.verifySignedPacket(nonceDB, origin, signedPacket); Apendix ~~~~~~~ @@ -374,7 +376,7 @@ https://medium.facilelogin.com/json-message-signing-alternatives-897f90d411c - JSON Web Signature (JWS) - - Doesn't need canonicalization + - Doesn’t need canonicalization - Allows signing arbitrary data (not only JSON) - Widely used @@ -397,14 +399,14 @@ References ---------- - https://en.wikipedia.org/wiki/OpenID -- https://en.wikipedia.org/wiki/OpenID\_Connect +- https://en.wikipedia.org/wiki/OpenID_Connect - https://en.wikipedia.org/wiki/IndieAuth - https://fidoalliance.org/how-fido-works/ WebAuth API ~~~~~~~~~~~ -- https://developer.mozilla.org/en-US/docs/Web/API/Web\_Authentication\_API +- https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API - https://w3c.github.io/webauthn/ - https://www.w3.org/TR/webauthn/ @@ -415,8 +417,8 @@ https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-2 - FIDO Threat analysis and mitigations: - https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html#threat-analysis -Currently (2018-01-08) there's no support for iOS (Safari): - -https://developer.mozilla.org/en-US/docs/Web/API/Web\_Authentication\_API#Browser\_compatibility +Currently (2018-01-08) there’s no support for iOS (Safari): - +https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API#Browser_compatibility Criticism: - https://www.scip.ch/en/?labs.20180424 @@ -433,16 +435,16 @@ The FIDO protocols security goals: [SG-1] ^^^^^^ -Strong User Authentication: Authenticate (i.e. recognize) a user and/or +Strong User Authentication: Authenticate (i.e. recognize) a user and/or a device to a relying party with high (cryptographic) strength. #### [SG-2] Credential Guessing Resilience: Provide robust protection against -eavesdroppers, e.g. be resilient to physical observation, resilient to +eavesdroppers, e.g. be resilient to physical observation, resilient to targeted impersonation, resilient to throttled and unthrottled guessing. #### [SG-3] Credential Disclosure Resilience: Be resilient to phishing attacks and real-time phishing attack, including resilience to online attacks by adversaries able to actively manipulate network traffic. #### [SG-4] Unlinkablity: Protect the protocol conversation such that any two -relying parties cannot link the conversation to one user (i.e. be +relying parties cannot link the conversation to one user (i.e. be unlinkable). #### [SG-5] Verifier Leak Resilience: Be resilient to leaks from other relying parties. I.e., nothing that a verifier could possibly leak can help an attacker impersonate the user to another relying party. diff --git a/source/iden3_repos/notifications-server/README.rst b/source/iden3_repos/notifications-server/README.rst index e90cf08..0bcbed3 100644 --- a/source/iden3_repos/notifications-server/README.rst +++ b/source/iden3_repos/notifications-server/README.rst @@ -14,16 +14,16 @@ Dump DB counter collection: :: - mongo notifications-server --eval "c=db.getCollection('counters'); c.find();" + mongo notifications-server --eval "c=db.getCollection('counters'); c.find();" Dump DB notification collection: :: - mongo notifications-server --eval "c=db.getCollection('notifications'); c.find();" + mongo notifications-server --eval "c=db.getCollection('notifications'); c.find();" Get notifications with curl: :: - curl -XPOST --data '{"idAddr": "0xd9d6800a1b20ceebef5420f878bbd915f8b4ed85"}' "http://127.0.0.1:10000/api/unstable/notifications?afterid=6&beforeid=9" | jq + curl -XPOST --data '{"idAddr": "0xd9d6800a1b20ceebef5420f878bbd915f8b4ed85"}' "http://127.0.0.1:10000/api/unstable/notifications?afterid=6&beforeid=9" | jq diff --git a/source/iden3_repos/research/publications/zkproof-standards-workshop-2/baby-jubjub/baby-jubjub.rst b/source/iden3_repos/research/publications/zkproof-standards-workshop-2/baby-jubjub/baby-jubjub.rst index 77ee631..18e7727 100644 --- a/source/iden3_repos/research/publications/zkproof-standards-workshop-2/baby-jubjub/baby-jubjub.rst +++ b/source/iden3_repos/research/publications/zkproof-standards-workshop-2/baby-jubjub/baby-jubjub.rst @@ -6,6 +6,26 @@ Baby Jubjub 1.2 +.. raw:: latex + + \maketitle + +.. raw:: latex + + \vspace{1.5cm} + +.. raw:: latex + + \tableofcontents + +.. raw:: latex + + \vspace{0.5cm} + +.. raw:: latex + + \newpage + Scope ===== @@ -27,9 +47,8 @@ Background With this purpose, we used a deterministic algorithm for finding elliptic curves over a specified finite field (Langley, Hamburg, and -Turner 2016) together with the restrictions of security parameters -described in SafeCurves project (Bernstein and Lange Accessed February -25, 2018). +Turner, n.d.) together with the restrictions of security parameters +described in SafeCurves project (Bernstein and Lange, n.d.). Terminology And Description =========================== @@ -39,18 +58,18 @@ Generation Of Baby Jubjub | In 2016, a group of researchers of IRPF designed a deterministic algorithm that, given a prime number :math:`p`, it returns the - elliptic curve defined over :math:`{\ensuremath{\mathbb{F}_p}}` with + elliptic curve defined over :math:`\ensuremath{\mathbb{F}_p}` with smallest coefficient :math:`A` such that :math:`A-2` is a multiple of 4 and equation :math:`y^2 = x^3 + Ax^2 + x` describes a Montgomery curve. The assumption :math:`A-2` divisible by 4 comes from the fact that as this value is used in many operations, so trying to keep it smaller and divisible by four is a reasonable assumption (Langley, - Hamburg, and Turner 2016). + Hamburg, and Turner, n.d.). | SafeCurves is a project that checks some of the most common and known attacks on several elliptic curves. It also provides the algorithm it - was used (Bernstein and Lange Accessed February 25, 2018). + was used (Bernstein and Lange, n.d.). | We considered the large prime number dividing the order of BN128 and - run algorithm A.1 from (Langley, Hamburg, and Turner 2016). The first + run algorithm A.1 from (Langley, Hamburg, and Turner, n.d.). The first elliptic curve it was returned satisfying SafeCurves criteria was the Montgomery curve with coefficient :math:`A = 168698`. We named this curve Baby Jubjub elliptic curve. @@ -65,14 +84,14 @@ From now on, let p = 21888242871839275222246405745257275088548364 400416034343698204186575808495617 - and :math:`{\ensuremath{\mathbb{F}_p}}` the finite field with :math:`p` + and :math:`\ensuremath{\mathbb{F}_p}` the finite field with :math:`p` elements. Montgomery Form ~~~~~~~~~~~~~~~ -We define :math:`E_M` as the *Baby-Jubjub* Montgomery elliptic curve -defined over :math:`{\ensuremath{\mathbb{F}_p}}` given by equation +We define :math:`E_M` as the Baby-Jubjub Montgomery elliptic curve +defined over :math:`\ensuremath{\mathbb{F}_p}` given by equation .. math:: E: v^2 = u^3 + 168698u^2 + u. @@ -83,10 +102,10 @@ defined over :math:`{\ensuremath{\mathbb{F}_p}}` given by equation r = 2736030358979909402780800718157159386076813972 158567259200215660948447373041 - is a prime number. Denote by :math:`{\ensuremath{\mathbb{G}}}` the + is a prime number. Denote by :math:`\ensuremath{\mathbb{G}}` the subgroup of points of order :math:`r`, that is, -.. math:: {\ensuremath{\mathbb{G}}}= \Set{ P \in E({\ensuremath{\mathbb{F}_p}}) | r P = O }. +.. math:: \ensuremath{\mathbb{G}}= \Set{ P \in E(\ensuremath{\mathbb{F}_p}) | r P = O }. Edwards Form ~~~~~~~~~~~~ @@ -96,8 +115,8 @@ Edwards Form .. math:: E: x^2 + y^2 = 1 + d x^2 y^2 where - :math:` d = 9706598848417545097372247223557719406784115219466060233080913168975159366771.` -| The birational equivalence (Bernstein et al. 2008 Thm. 3.2) from + :math:`d = 9706598848417545097372247223557719406784115219466060233080913168975159366771.` +| The birational equivalence (Bernstein et al., n.d. Thm. 3.2) from :math:`E` to :math:`E_M` is the map .. math:: (x,y) \to (u,v) = \left( \frac{1 + y}{1 - y} , \frac{1 + y}{(1 - y)x} \right) @@ -111,7 +130,7 @@ Arithmetic In Baby Jubjub In this section we define how to operate in the elliptic curve group: the addition of points and multiplication of a point by a scalar (an -element of :math:`{\ensuremath{\mathbb{F}_p}}`). +element of :math:`\ensuremath{\mathbb{F}_p}`). Addition Of Points ~~~~~~~~~~~~~~~~~~ @@ -121,14 +140,14 @@ careful if the points being added are equal (doubling) or not (adding) and if one of the points is the point at infinity (Okeya, Kurumatani, and Sakurai 2000). Edwards curves have the advantage that there is no such case distinction and doubling can be performed with exactly the -same formula as addition (Bernstein et al. 2008). In comparison, +same formula as addition (Bernstein et al., n.d.). In comparison, operating in Montgomery curves is cheaper. In this section, we summarize how addition and doubling is performed in both forms. For the exact number of operations required in different forms of elliptic curves, see -(Bernstein et al. 2008). +(Bernstein et al., n.d.). -- : Let :math:`{P_{1} = (x_{1}, y_{1})}` and - :math:`{P_{2} = (x_{2}, y_{2})}` be points of the Baby-Jubjub twisted +- : Let :math:`P_{1} = (x_{1}, y_{1})` and + :math:`P_{2} = (x_{2}, y_{2})` be points of the Baby-Jubjub twisted Edwards elliptic curve :math:`E`. The sum :math:`P_1 + P_2` is a third point :math:`P_3 = (x_3, y_3)` with @@ -143,9 +162,9 @@ number of operations required in different forms of elliptic curves, see Note that the neutral element is the point :math:`O = (0,1)` and the inverse of a point :math:`(x,y)` is :math:`(-x,y)`. -- : Let :math:`{P_{1} = (x_{1}, y_{1})}\not=O` and - :math:`{P_{2} = (x_{2}, y_{2})}\not=O` be two points of the - Baby-JubJub elliptic curve :math:`E_M` in Montgomery form. +- : Let :math:`P_{1} = (x_{1}, y_{1})\not=O` and + :math:`P_{2} = (x_{2}, y_{2})\not=O` be two points of the Baby-JubJub + elliptic curve :math:`E_M` in Montgomery form. If :math:`P_1\not=P_2`, then the sum :math:`P_1 + P_2` is a third point :math:`P_3 = (x_3, y_3)` with coordinates @@ -179,9 +198,9 @@ Multiplication Of A Point Of :math:`E` By A Scalar ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Let :math:`P\not= O` be a point of the Edwards curve :math:`E` of order -strictly greater than 8 (i.e. :math:`P\in{\ensuremath{\mathbb{G}}}`) and +strictly greater than 8 (i.e. :math:`P\in\ensuremath{\mathbb{G}}`) and let :math:`k` a binary number representing an element of -:math:`{\ensuremath{\mathbb{F}_p}}`. We describe the circuit used to +:math:`\ensuremath{\mathbb{F}_p}`. We describe the circuit used to compute the point :math:`k\cdot P`. #. First, we divide :math:`k` into chunks of 248 bits. If :math:`k` is @@ -209,6 +228,10 @@ compute the point :math:`k\cdot P`. are calculated separately inside the seq boxes and then added together. + .. raw:: latex + + \centering + |image| #. Each seq box takes a point of :math:`E` of the from @@ -222,10 +245,14 @@ compute the point :math:`k\cdot P`. \sum_{n = 0}^{247} b_n \cdot 2^{n} \cdot P_i. The first point is the input of the next :math:`(i+1)`-th seq box - (note that :math:` 2^{248} \cdot P_i = P_{i+1}`) whereas the second + (note that :math:`2^{248} \cdot P_i = P_{i+1}`) whereas the second output is the computation of the :math:`i`-th term in expression - ([kP]). The precise circuit is depicted in next two figures seq and - window. + (`[kP] <#kP>`__). The precise circuit is depicted in next two figures + seq and window. + + .. raw:: latex + + \centering | |image| @@ -260,7 +287,7 @@ compute the point :math:`k\cdot P`. because for any integer :math:`m`, :math:`2^m` is never a multiple of :math:`r`, even when :math:`2^m` is larger than :math:`r`, as :math:`r` is a prime number. Hence, :math:`2^m \cdot P \not= O` - for any :math:`m\in{\ensuremath{\mathbb{Z}}}`. + for any :math:`m\in\ensuremath{\mathbb{Z}}`. - Looking closely at the two inputs of the sum, it is easy to realize that they have different parity, one is an even multiple @@ -268,21 +295,25 @@ compute the point :math:`k\cdot P`. they must be different points. Hence, the sum in :math:`E_M` is done correctly. -#. The last term of expression ([kP]) is computed in a very similar - manner. The difference is that the number of bits composing +#. The last term of expression (`[kP] <#kP>`__) is computed in a very + similar manner. The difference is that the number of bits composing :math:`k_j` may be shorter and that there is no need to compute :math:`P_{j+1}`, as there is no other seq box after this one. So, there is only output, the point :math:`k_j \cdot P_j = k_j\cdot 2^{248j} P`. This circuit is named seq’. + .. raw:: latex + + \centering + |image| Challenges And Security ======================= As required in the construction of Baby-Jubjub, the curve satisfies -SafeCurves criteria. This can be checked following (Hat 2018). +SafeCurves criteria. This can be checked following (Hat, n.d.). Implementation ============== @@ -302,6 +333,14 @@ Intellectual Property We will release the final version of this proposal under creative commons, to ensure it is freely available to everyone. +.. raw:: latex + + \addcontentsline{toc}{section}{References} + +.. raw:: latex + + \bibliographystyle{acm} + .. raw:: html
@@ -320,10 +359,11 @@ McGraw-Hill Book Company. .. raw:: html -
+
-Bernstein, Daniel J., and Tanja Lange. Accessed February 25, 2018. -“SafeCurves: Choosing Safe Curves for Elliptic-Curve Cryptography.” +Bernstein, Daniel J., Peter Birkner, Marc Joye, Tanja Lange, and +Christiane Peters. n.d. “Twisted Edwards Curves.” Cryptology ePrint +Archive, Report 2008/013. .. raw:: html @@ -331,11 +371,10 @@ Bernstein, Daniel J., and Tanja Lange. Accessed February 25, 2018. .. raw:: html -
+
-Bernstein, Daniel J., Peter Birkner, Marc Joye, Tanja Lange, and -Christiane Peters. 2008. “Twisted Edwards Curves.” Cryptology ePrint -Archive, Report 2008/013. +Bernstein, Daniel J., and Tanja Lange. n.d. “SafeCurves: Choosing Safe +Curves for Elliptic-Curve Cryptography.” .. raw:: html @@ -345,7 +384,7 @@ Archive, Report 2008/013.
-Hat, Barry White. 2018. “Baby-Jubjub Supporting Evidence.” GitHub. +Hat, Barry White. n.d. “Baby-Jubjub Supporting Evidence.” GitHub. .. raw:: html @@ -355,9 +394,9 @@ Hat, Barry White. 2018. “Baby-Jubjub Supporting Evidence.” GitHub.
-Langley, Adam, Mike Hamburg, and Sean Turner. 2016. “Elliptic Curves for +Langley, Adam, Mike Hamburg, and Sean Turner. n.d. “Elliptic Curves for Security.” Request for Comments. RFC 7748; RFC Editor. -doi:\ `10.17487/RFC7748 `__. +https://doi.org/10.17487/RFC7748. .. raw:: html diff --git a/source/iden3_repos/research/publications/zkproof-standards-workshop-2/ed-dsa/ed-dsa.rst b/source/iden3_repos/research/publications/zkproof-standards-workshop-2/ed-dsa/ed-dsa.rst index 256853c..637e9e3 100644 --- a/source/iden3_repos/research/publications/zkproof-standards-workshop-2/ed-dsa/ed-dsa.rst +++ b/source/iden3_repos/research/publications/zkproof-standards-workshop-2/ed-dsa/ed-dsa.rst @@ -6,6 +6,26 @@ ED-DSA 1.2 +.. raw:: latex + + \maketitle + +.. raw:: latex + + \vspace{1cm} + +.. raw:: latex + + \tableofcontents + +.. raw:: latex + + \vspace{0.5cm} + +.. raw:: latex + + \newpage + Scope ===== @@ -17,7 +37,7 @@ Motivation ========== EdDSA is a variant of Schnorr’s signature scheme and it provides high -performance on a variety of platforms (Josefsson and Liusvaara 2007). +performance on a variety of platforms (Josefsson and Liusvaara, n.d.). Background ========== @@ -37,39 +57,63 @@ Terminology The table below summarizes the terminology used across the document. Each element is explained in greater detail in the following sections. -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| **Notation** | **Description** | -+=======================================+===============================================================================================================================+ -| :math:`p` | Prime number. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`{\ensuremath{\mathbb{F}_p}}` | Finite field with :math:`p` elements. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`E` | Baby Jubjub elliptic curve (defined over :math:`Fp`) in Edwards form. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`E_M` | Baby Jubjub elliptic curve (defined over :math:`Fp`) in Montgomery form. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`l` | Large prime number dividing the order of Baby Jubjub. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`{\ensuremath{\mathbb{F}_l}}` | Finite field with :math:`l` elements. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`{\ensuremath{\mathbb{G}}}` | Group of :math:`{\ensuremath{\mathbb{F}_p}}`-rational points of order :math:`l`. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`B` | Base point (generator of :math:`{\ensuremath{\mathbb{G}}}`) of Baby Jubjub. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`A = (A_x, A_y)` | Public key. :math:`A` is a point on :math:`E`. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`k` | Private key. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`M` | Message. :math:`M` is an element of :math:`{\ensuremath{\mathbb{F}_l}}`. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`(R,S) = ((R_x, R_y), S)` | Signature on :math:`M`. :math:`R` is a point on :math:`E` and :math:`S` and element of :math:`{\ensuremath{\mathbb{F}_l}}`. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`H` | Hash function MiMC-7. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`r` | Number of rounds of MiMC-7. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ -| :math:`c_0, c_1, \dots, c_r` | Constants used in MiMC-7. | -+---------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ +.. raw:: latex + + \centering + ++-----------------------------------+-----------------------------------+ +| Notation | Description | ++===================================+===================================+ +| :math:`p` | Prime number. | ++-----------------------------------+-----------------------------------+ +| :math:`\ensuremath{\mathbb{F}_p}` | Finite field with :math:`p` | +| | elements. | ++-----------------------------------+-----------------------------------+ +| :math:`E` | Baby Jubjub elliptic curve | +| | (defined over :math:`Fp`) in | +| | Edwards form. | ++-----------------------------------+-----------------------------------+ +| :math:`E_M` | Baby Jubjub elliptic curve | +| | (defined over :math:`Fp`) in | +| | Montgomery form. | ++-----------------------------------+-----------------------------------+ +| :math:`l` | Large prime number dividing the | +| | order of Baby Jubjub. | ++-----------------------------------+-----------------------------------+ +| :math:`\ensuremath{\mathbb{F}_l}` | Finite field with :math:`l` | +| | elements. | ++-----------------------------------+-----------------------------------+ +| :math:`\ensuremath{\mathbb{G}}` | Group of | +| | :math:`\ensuremath{\mathbb{F}_p}` | +| | -rational | +| | points of order :math:`l`. | ++-----------------------------------+-----------------------------------+ +| :math:`B` | Base point (generator of | +| | :math:`\ensuremath{\mathbb{G}}`) | +| | of Baby Jubjub. | ++-----------------------------------+-----------------------------------+ +| :math:`A = (A_x, A_y)` | Public key. :math:`A` is a point | +| | on :math:`E`. | ++-----------------------------------+-----------------------------------+ +| :math:`k` | Private key. | ++-----------------------------------+-----------------------------------+ +| :math:`M` | Message. :math:`M` is an element | +| | of | +| | :math:`\ensuremath{\mathbb{F}_l}` | +| | . | ++-----------------------------------+-----------------------------------+ +| :math:`(R,S) = ((R_x, R_y), S)` | Signature on :math:`M`. :math:`R` | +| | is a point on :math:`E` and | +| | :math:`S` and element of | +| | :math:`\ensuremath{\mathbb{F}_l}` | +| | . | ++-----------------------------------+-----------------------------------+ +| :math:`H` | Hash function MiMC-7. | ++-----------------------------------+-----------------------------------+ +| :math:`r` | Number of rounds of MiMC-7. | ++-----------------------------------+-----------------------------------+ +| :math:`c_0, c_1, \dots, c_r` | Constants used in MiMC-7. | ++-----------------------------------+-----------------------------------+ [tab:notation] @@ -83,10 +127,10 @@ Baby-Jubjub p = 21888242871839275222246405745257275088548364 400416034343698204186575808495617 - and let :math:`{\ensuremath{\mathbb{F}_p}}` be the finite field with - :math:`p` elements. We define :math:`E_M` as the *Baby-Jubjub* + and let :math:`\ensuremath{\mathbb{F}_p}` be the finite field with + :math:`p` elements. We define :math:`E_M` as the Baby-Jubjub Montgomery elliptic curve defined over - :math:`{\ensuremath{\mathbb{F}_p}}` given by equation + :math:`\ensuremath{\mathbb{F}_p}` given by equation .. math:: E: v^2 = u^3 + 168698u^2 + u. @@ -97,10 +141,10 @@ Baby-Jubjub l = 2736030358979909402780800718157159386076813972 158567259200215660948447373041 - is a prime number. Denote by :math:`{\ensuremath{\mathbb{G}}}` the + is a prime number. Denote by :math:`\ensuremath{\mathbb{G}}` the subgroup of points of order :math:`l`, that is, - .. math:: {\ensuremath{\mathbb{G}}}= \Set{ P \in E({\ensuremath{\mathbb{F}_p}}) | l P = O }. + .. math:: \ensuremath{\mathbb{G}}= \Set{ P \in E(\ensuremath{\mathbb{F}_p}) | l P = O }. Let @@ -110,14 +154,14 @@ Baby-Jubjub B = (17777552123799933955779906779655732241715742912184938656739573121738514868268,\\ 2626589144620713026669568689430873010625803728049924121243784502389097019475)\end{aligned} - be a generator of :math:`{\ensuremath{\mathbb{G}}}`. + be a generator of :math:`\ensuremath{\mathbb{G}}`. | :math:`E_M` is birationally equivalent to the Edwards elliptic curve .. math:: E: x^2 + y^2 = 1 + d x^2 y^2 where - :math:` d = 9706598848417545097372247223557719406784115219466060233080913168975159366771.` -| The birational equivalence (Bernstein et al. 2008 Thm. 3.2) from + :math:`d = 9706598848417545097372247223557719406784115219466060233080913168975159366771.` +| The birational equivalence (Bernstein et al., n.d. Thm. 3.2) from :math:`E` to :math:`E_M` is the map .. math:: (x,y) \to (u,v) = \left( \frac{1 + y}{1 - y} , \frac{1 + y}{(1 - y)x} \right) @@ -134,46 +178,36 @@ MiMC-7 specification, we use exponent 7 (hence the name MiMC-7) as 3 and :math:`l-1` are not coprime and 7 is the optimal choice for exponentiation (Albrecht et al. 2016 Sec. 6). -| Let :math:`{\ensuremath{\mathbb{F}_l}}` be the finite field with +| Let :math:`\ensuremath{\mathbb{F}_l}` be the finite field with :math:`l` elements. The block cipher is constructed by iterating a round function :math:`r` times where each round consists of a key addition with the key :math:`k`, the addition of a round constant - :math:`c_i\in {\ensuremath{\mathbb{F}_r}}`, and the application of a + :math:`c_i\in \ensuremath{\mathbb{F}_r}`, and the application of a non-linear function defined as :math:`F(x) :=x^7` for - :math:`x\in {\ensuremath{\mathbb{F}_l}}`. The ciphertext is finally + :math:`x\in \ensuremath{\mathbb{F}_l}`. The ciphertext is finally produced by adding the key :math:`k` again to the output of the last round. Hence, the round function is described as - :math:`F_i(x) = F(x) {\oplus}k {\oplus}c_i` where - :math:`c_0 = c_r = 0` and the encryption process is defined as + :math:`F_i(x) = F(x) \oplus k \oplus c_i` where :math:`c_0 = c_r = 0` + and the encryption process is defined as - .. math:: E_k(x) = (F_{r-1} \circ F_{r-2} \circ ... \circ F_0)(x) {\oplus}k. + .. math:: E_k(x) = (F_{r-1} \circ F_{r-2} \circ ... \circ F_0)(x) \oplus k. = [draw, minimum size=2em] = [pin edge=to-,thin,black] -(in) :math:`x`; (xor0) [right of=in, node distance=1cm] ; (e0) [right -of=xor0] :math:`x^7`; (xor1) [right of=e0] ; (e1) [right of=xor1] -:math:`x^7`; (xorr-1) [right of=e1, node distance=4cm] ; (er-1) [right -of=xorr-1] :math:`x^7`; (xor) [right of=er-1] ; (out) [right of=xor, -node distance=1cm] :math:`y`; - -(in) edge node (xor0); (xor0) edge node (e0); (e0) edge node (xor1); -(xor1) edge node (e1); (e1) edge[dotted] node (xorr-1); (xorr-1) edge -node (er-1); (er-1) edge node (xor); (xor) edge node (out); - As the random constants :math:`c_i` do not need to be generated for every evaluation of MiMC-7, they are hard-coded into the implementation. The generation of these constants and the required number of rounds is -described in section [sec-mimc]. +described in section `6.2 <#sec-mimc>`__. EdDSA ----- -The description of this protocol is based in (Josefsson and Liusvaara -2007): Let the public key be a point :math:`A = (A_x, A_y)\in E` of +The description of this protocol is based in (Josefsson and Liusvaara, +n.d.): Let the public key be a point :math:`A = (A_x, A_y)\in E` of order :math:`l` and :math:`M` a message we wish to sign. The signature on :math:`M` by :math:`A` consists of a par :math:`(R,S)` where :math:`R = (R_x, R_y)` is a point of order :math:`l` of :math:`E` and -:math:`S\in{\ensuremath{\mathbb{F}_l}}\backslash\{0\}` such that +:math:`S\in\ensuremath{\mathbb{F}_l}\backslash\{0\}` such that .. math:: 8SB = 8R + 8H(R,A,M)A. @@ -197,6 +231,10 @@ Implementation In this section, we specify how each of the main operations in the following EdDSA circuit are computed: +.. raw:: latex + + \centering + |image| Operations in the elliptic curve @@ -210,14 +248,14 @@ careful if the points being added are equal (doubling) or not (adding) and if one of the points is the point at infinity (Okeya, Kurumatani, and Sakurai 2000). Edwards curves have the advantage that there is no such case distinction and doubling can be performed with exactly the -same formula as addition (Bernstein et al. 2008). In comparison, +same formula as addition (Bernstein et al., n.d.). In comparison, operating in Montgomery curves is cheaper. In this section, we summarize how addition and doubling is performed in both forms. For the exact number of operations required in different forms of elliptic curves, see -(Bernstein et al. 2008). +(Bernstein et al., n.d.). -- : Let :math:`{P_{1} = (x_{1}, y_{1})}` and - :math:`{P_{2} = (x_{2}, y_{2})}` be points of the Baby-Jubjub twisted +- : Let :math:`P_{1} = (x_{1}, y_{1})` and + :math:`P_{2} = (x_{2}, y_{2})` be points of the Baby-Jubjub twisted Edwards elliptic curve :math:`E`. The sum :math:`P_1 + P_2` is a third point :math:`P_3 = (x_3, y_3)` with @@ -232,9 +270,9 @@ number of operations required in different forms of elliptic curves, see Note that the neutral element is the point :math:`O = (0,1)` and the inverse of a point :math:`(x,y)` is :math:`(-x,y)`. -- : Let :math:`{P_{1} = (x_{1}, y_{1})}\not=O` and - :math:`{P_{2} = (x_{2}, y_{2})}\not=O` be two points of the - Baby-JubJub elliptic curve :math:`E_M` in Montgomery form. +- : Let :math:`P_{1} = (x_{1}, y_{1})\not=O` and + :math:`P_{2} = (x_{2}, y_{2})\not=O` be two points of the Baby-JubJub + elliptic curve :math:`E_M` in Montgomery form. If :math:`P_1\not=P_2`, then the sum :math:`P_1 + P_2` is a third point :math:`P_3 = (x_3, y_3)` with coordinates @@ -268,9 +306,9 @@ Multiplication of a point of :math:`E` by a scalar ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Let :math:`P\not= O` be a point of the Edwards curve :math:`E` of order -strictly greater than 8 (i.e. :math:`P\in{\ensuremath{\mathbb{G}}}`) and +strictly greater than 8 (i.e. :math:`P\in\ensuremath{\mathbb{G}}`) and let :math:`k` a binary number representing an element of -:math:`{\ensuremath{\mathbb{F}_p}}`. We describe the circuit used to +:math:`\ensuremath{\mathbb{F}_p}`. We describe the circuit used to compute the point :math:`k\cdot P`. #. First, we divide :math:`k` into chunks of 248 bits. If :math:`k` is @@ -298,6 +336,10 @@ compute the point :math:`k\cdot P`. are calculated separately inside the seq boxes and then added together. + .. raw:: latex + + \centering + |image| #. Each seq box takes a point of :math:`E` of the from @@ -311,10 +353,14 @@ compute the point :math:`k\cdot P`. \sum_{n = 0}^{247} b_n \cdot 2^{n} \cdot P_i. The first point is the input of the next :math:`(i+1)`-th seq box - (note that :math:` 2^{248} \cdot P_i = P_{i+1}`) whereas the second + (note that :math:`2^{248} \cdot P_i = P_{i+1}`) whereas the second output is the computation of the :math:`i`-th term in expression - ([kP]). The precise circuit is depicted in next two figures seq and - window. + (`[kP] <#kP>`__). The precise circuit is depicted in next two figures + seq and window. + + .. raw:: latex + + \centering | |image| @@ -349,7 +395,7 @@ compute the point :math:`k\cdot P`. because for any integer :math:`m`, :math:`2^m` is never a multiple of :math:`r`, even when :math:`2^m` is larger than :math:`r`, as :math:`r` is a prime number. Hence, :math:`2^m \cdot P \not= O` - for any :math:`m\in{\ensuremath{\mathbb{Z}}}`. + for any :math:`m\in\ensuremath{\mathbb{Z}}`. - Looking closely at the two inputs of the sum, it is easy to realize that they have different parity, one is an even multiple @@ -357,24 +403,29 @@ compute the point :math:`k\cdot P`. they must be different points. Hence, the sum in :math:`E_M` is done correctly. -#. The last term of expression ([kP]) is computed in a very similar - manner. The difference is that the number of bits composing +#. The last term of expression (`[kP] <#kP>`__) is computed in a very + similar manner. The difference is that the number of bits composing :math:`k_j` may be shorter and that there is no need to compute :math:`P_{j+1}`, as there is no other seq box after this one. So, there is only output, the point :math:`k_j \cdot P_j = k_j\cdot 2^{248j} P`. This circuit is named seq’. + .. raw:: latex + + \centering + |image| +.. _sec-mimc: + MiMC-7 ------ -The specifications we use in the hash are (*we are working in explaining -this section in greater detail*): +The specifications we use in the hash are (we are working in explaining +this section in greater detail): -#. Number of rounds: - :math:` r = \ceil*{\frac{{\log_2}l}{{\log_2}7}} = 91. ` +#. Number of rounds: :math:`r = \ceil*{\frac{\log_2l}{\log_27}} = 91.` #. Inputs: @@ -392,7 +443,7 @@ this section in greater detail*): Example and test vectors ------------------------ -*Work in progress.* +Work in progress. Existing implementations ------------------------ @@ -407,6 +458,14 @@ Intellectual Property We will release the final version of this proposal under creative commons, to ensure it is freely available to everyone. +.. raw:: latex + + \addcontentsline{toc}{section}{References} + +.. raw:: latex + + \bibliographystyle{acm} + .. raw:: html
@@ -441,7 +500,7 @@ McGraw-Hill Book Company.
Bernstein, Daniel J., Peter Birkner, Marc Joye, Tanja Lange, and -Christiane Peters. 2008. “Twisted Edwards Curves.” Cryptology ePrint +Christiane Peters. n.d. “Twisted Edwards Curves.” Cryptology ePrint Archive, Report 2008/013. .. raw:: html @@ -452,9 +511,9 @@ Archive, Report 2008/013.
-Josefsson, S., and I. Liusvaara. 2007. “Edwards-Curve Digital Signature +Josefsson, S., and I. Liusvaara. n.d. “Edwards-Curve Digital Signature Algorithm (Eddsa).” Request for Comments. RFC 8032; RFC Editor. -doi:\ `10.17487/RFC8032 `__. +https://doi.org/10.17487/RFC8032. .. raw:: html diff --git a/source/iden3_repos/research/publications/zkproof-standards-workshop-2/merkle-tree/merkle-tree.rst b/source/iden3_repos/research/publications/zkproof-standards-workshop-2/merkle-tree/merkle-tree.rst index aed0447..fee80bb 100644 --- a/source/iden3_repos/research/publications/zkproof-standards-workshop-2/merkle-tree/merkle-tree.rst +++ b/source/iden3_repos/research/publications/zkproof-standards-workshop-2/merkle-tree/merkle-tree.rst @@ -4,6 +4,26 @@ Merkle Tree .. contents:: :depth: 3 +.. raw:: latex + + \maketitle + +.. raw:: latex + + \vspace{1cm} + +.. raw:: latex + + \tableofcontents + +.. raw:: latex + + \vspace{0.5cm} + +.. raw:: latex + + \newpage + Scope ===== @@ -31,8 +51,8 @@ fake blocks (Wikipedians, n.d.). Background ========== -*We are still working on the literature compending the state of the art -of this area.* +We are still working on the literature compending the state of the art +of this area. Terminology =========== @@ -40,32 +60,35 @@ Terminology The following concepts are definitions and properties we assume across the document. -- The leaves of the *Merkle tree* consist of key-value pairs +- The leaves of the Merkle tree consist of key-value pairs :math:`(k,v)`. We distinguish three different nodes: - - *Empty node*: A vertex that stores the key and value zero. + - Empty node: A vertex that stores the key and value zero. - - *Leaf*: A vertex with both empty children. + - Leaf: A vertex with both empty children. - - *Internal node*: A vertex with at least one non-empty child. The + - Internal node: A vertex with at least one non-empty child. The value is and the key such. It has the hash of its children. -- A *Merkle audit path* for a leaf in a Merkle tree is the shortest - list of additional nodes in the tree required to compute the root - hash for that tree. +- A Merkle audit path for a leaf in a Merkle tree is the shortest list + of additional nodes in the tree required to compute the root hash for + that tree. - If the root computed from the audit path matches the true root, then - the audit path is a *proof of membership* for that leaf in the tree. + the audit path is a proof of membership for that leaf in the tree. + +- Otherwise, it is a proof of non-membership for that leaf in the tree. -- Otherwise, it is a *proof of non-membership* for that leaf in the - tree. +.. raw:: latex + + \centering |image| Challenges ========== -*Work in progress*. +Work in progress. Description =========== @@ -82,23 +105,27 @@ Description starting by the less significant bit and from the root of :math:`T`, it descents the tree by taking the left edge if there is a 0 and right one if there is a 1. -| When adding an entry :math:`e`, we may not (see Sec. [sec-security]) - go down to the last level of the tree (by last we mean looking at all - the bits, length of which depends on the hash function :math:`H`). - What we do instead, is go down through the path until we find a node - without siblings (a leaf). If the leaf is empty, we store :math:`e`. - Otherwise, that node stores some other :math:`e'` (as non-empty leafs - store claims) with :math:`H(e') = H'_{path}`. This means that - :math:`H_{path}` and :math:`H'_{path}` start with the same sequence of - bits. We compare both hashes and go down the tree until the first - different bit. these two values and find the first different bit - (included). Then we store :math:`e` and :math:`e'` in their +| When adding an entry :math:`e`, we may not (see Sec. + `7 <#sec-security>`__) go down to the last level of the tree (by last + we mean looking at all the bits, length of which depends on the hash + function :math:`H`). What we do instead, is go down through the path + until we find a node without siblings (a leaf). If the leaf is empty, + we store :math:`e`. Otherwise, that node stores some other :math:`e'` + (as non-empty leafs store claims) with :math:`H(e') = H'_{path}`. This + means that :math:`H_{path}` and :math:`H'_{path}` start with the same + sequence of bits. We compare both hashes and go down the tree until + the first different bit. these two values and find the first different + bit (included). Then we store :math:`e` and :math:`e'` in their corresponding leafs of the path. | As an example, consider :math:`e` such that :math:`H_{path}=0111111...` and the Merkle tree below where in each leaf there is represented the value (and not the key) of each stored piece of data: +.. raw:: latex + + \centering + |image| If we go down the tree following the sequence 01111111... we get to the @@ -108,6 +135,10 @@ leaf containing the value 0704eaec of some :math:`e'` with that we should go down to the 7th level and store there the entries as shown in next figure: +.. raw:: latex + + \centering + |image| | Note that :math:`e` is stored in the right (as the 7th bit is a 1) and @@ -127,6 +158,14 @@ shown in next figure: | The procedure to store an entry in a Merkle tree is described below in pseudocode. +.. raw:: latex + + \setstretch{1.2} + +.. raw:: latex + + \Procedure{Insert Entry $e$ in Merkle Tree $T$ with Root $r$}{} + :math:`H_{path} \gets \text{GetPath($e$)}` :math:`b \gets \text{LeastSignificantBit($H_{Index}$)}` :math:`r \gets e` :math:`r \gets e` @@ -139,11 +178,16 @@ Leaf(\ :math:`b_0...b_j`)\ :math:`\gets e` Leaf(\ :math:`b_0...b'_j`)\ :math:`\gets e'` RecalculateIntermediateNodeValues(\ :math:`T`) +.. raw:: latex + + \newpage + {\it We are working on 4 more procedures} + | : On one side, DELETE of entries and UPDATE of the tree. On the other side, the generation of MEMBERSHIP proofs and generation of NON-MEMBERSHIP proofs. -| These last two procedure, although *we are working on explaining them - in detail in the following delivery*, they have already been +| These last two procedure, although we are working on explaining them + in detail in the following delivery, they have already been implemented in GoLang and JavaScript in the following two repositories: @@ -151,6 +195,8 @@ RecalculateIntermediateNodeValues(\ :math:`T`) - https://github.com/iden3/iden3js/tree/master/src/sparse-merkle-tree +.. _sec-security: + Security ======== @@ -181,6 +227,14 @@ Intellectual Property We will release the final version of this proposal under creative commons, to ensure it is freely available to everyone. +.. raw:: latex + + \addcontentsline{toc}{section}{References} + +.. raw:: latex + + \bibliographystyle{acm} + .. raw:: html
diff --git a/source/iden3_repos/research/publications/zkproof-standards-workshop-2/pedersen-hash/pedersen.rst b/source/iden3_repos/research/publications/zkproof-standards-workshop-2/pedersen-hash/pedersen.rst index 2a6a0b1..518a83c 100644 --- a/source/iden3_repos/research/publications/zkproof-standards-workshop-2/pedersen-hash/pedersen.rst +++ b/source/iden3_repos/research/publications/zkproof-standards-workshop-2/pedersen-hash/pedersen.rst @@ -4,12 +4,28 @@ Pedersen Hash .. contents:: :depth: 3 +.. raw:: latex + + \maketitle + +.. raw:: latex + + \vspace{-0.2cm} + +.. raw:: latex + + \tableofcontents + +.. raw:: latex + + \newpage + Scope ===== The 4-bit window Pedersen hash function is a secure hash function which maps a sequence of bits to a compressed point on an elliptic curve -(Libert, Mouhartem, and Stehlé 1016–17AD). +(Libert, Mouhartem, and Stehlé, n.d.). This proposal aims to standardize this hash function for use primarily within the arithmetic circuits of zero knowledge proofs, together with @@ -33,16 +49,17 @@ The primary advantage of this Pedersen hash function is its efficiency. The ability to compute the hash efficiently makes it an attractive proposal for use within the circuits associated with zk-SNARK proofs (“ZCash Open Discussion: Choose Improved Hash Function for Merkle Tree -(or Replace Merkle Tree)” Accessed February 25, 2018). Having a -standard, secure, and efficient hash function is one of the paramount -aspect for implementing usable, comprehensible, and easily verifiable -zero knowledge proofs. +(or Replace Merkle Tree),” n.d.). + +Having a standard, secure, and efficient hash function is one of the +paramount aspect for implementing usable, comprehensible, and easily +verifiable zero knowledge proofs. Background ========== The Pedersen hash has already been defined and used by the ZCash team in -Sapling, their latest network upgrade (Hopwood et al. 2018). They +Sapling, their latest network upgrade (Hopwood et al., n.d.). They construct it on the Jubjub elliptic curve and using 3-bit lookup tables. In this document, we propose a different implementation of the Pedersen hash function using Baby-Jubjub elliptic curve and 4-bit windows, which @@ -61,11 +78,11 @@ Consider the prime number p = 21888242871839275222246405745257275088548364 400416034343698204186575808495617 - and let :math:`{\ensuremath{\mathbb{F}_p}}` be the finite field with + and let :math:`\ensuremath{\mathbb{F}_p}` be the finite field with :math:`p` elements. -We define :math:`E_M` as the *Baby-Jubjub* Montgomery elliptic curve -defined over :math:`{\ensuremath{\mathbb{F}_p}}` given by equation +We define :math:`E_M` as the Baby-Jubjub Montgomery elliptic curve +defined over :math:`\ensuremath{\mathbb{F}_p}` given by equation .. math:: E: v^2 = u^3 + 168698u^2 + u. @@ -76,18 +93,18 @@ defined over :math:`{\ensuremath{\mathbb{F}_p}}` given by equation r = 2736030358979909402780800718157159386076813972 158567259200215660948447373041 - is a prime number. Denote by :math:`{\ensuremath{\mathbb{G}}}` the + is a prime number. Denote by :math:`\ensuremath{\mathbb{G}}` the subgroup of points of order :math:`r`, that is, -.. math:: {\ensuremath{\mathbb{G}}}= \Set{ P \in E({\ensuremath{\mathbb{F}_p}}) | r P = O }. +.. math:: \ensuremath{\mathbb{G}}= \Set{ P \in E(\ensuremath{\mathbb{F}_p}) | r P = O }. | :math:`E_M` is birationally equivalent to the Edwards elliptic curve .. math:: E: x^2 + y^2 = 1 + d x^2 y^2 where - :math:` d = 9706598848417545097372247223557719406784115219466060233080913168975159366771.` -| The birational equivalence (Bernstein et al. 2008 Thm. 3.2) from + :math:`d = 9706598848417545097372247223557719406784115219466060233080913168975159366771.` +| The birational equivalence (Bernstein et al., n.d. Thm. 3.2) from :math:`E` to :math:`E_M` is the map .. math:: (x,y) \to (u,v) = \left( \frac{1 + y}{1 - y} , \frac{1 + y}{(1 - y)x} \right) @@ -99,11 +116,11 @@ subgroup of points of order :math:`r`, that is, Pedersen Hash ------------- -Let :math:`M` be a sequence of bits. The *Pedersen hash* function of +Let :math:`M` be a sequence of bits. The Pedersen hash function of :math:`M` is defined as follows: - Let :math:`P_0,P_1,\dots,P_k` be uniformly sampled generators of - :math:`{\ensuremath{\mathbb{G}}}` (for some specified integer + :math:`\ensuremath{\mathbb{G}}` (for some specified integer :math:`k`). - Split :math:`M` into sequences of at most 200 bits and each of those @@ -145,9 +162,9 @@ Let :math:`M` be a sequence of bits. The *Pedersen hash* function of + \dots + \langle M_l \rangle \cdot P_l. Note that the expression above is a linear combination of elements - of :math:`{\ensuremath{\mathbb{G}}}`, so itself is also an element of - :math:`{\ensuremath{\mathbb{G}}}`. That is, the resulting Pedersen - hash :math:`H(M)` is a point of the elliptic curve :math:`E` of order + of :math:`\ensuremath{\mathbb{G}}`, so itself is also an element of + :math:`\ensuremath{\mathbb{G}}`. That is, the resulting Pedersen hash + :math:`H(M)` is a point of the elliptic curve :math:`E` of order :math:`r`. Description @@ -158,7 +175,7 @@ Set Of Generators We generate the points :math:`P_0,\dots,P_{{k}}` in such a manner that it is difficult to find a connection between any of these two points. -More precisely, we take ``D = string\_seed`` followed by a byte ``S`` +More precisely, we take ``D = "string\_seed"`` followed by a byte ``S`` holding that smallest number that ``H = Keccak256(D || S)`` results in a point in the elliptic curve :math:`E`. @@ -167,7 +184,12 @@ Computation Of The Pedersen Hash In the following circuit pedersen hash, we have depicted the circuit used to compute the Pedersen hash of a message :math:`M` described in -equation [eq-ped]. Each multiplication box returns a term of the sum. +equation `[eq-ped] <#eq-ped>`__. Each multiplication box returns a term +of the sum. + +.. raw:: latex + + \centering |image| |image| @@ -180,6 +202,10 @@ The sign determines if the :math:`x`-coordinate should be taken positive or negative, as with Edwards curves, negating a point corresponds to the negation of its first coordinate. +.. raw:: latex + + \centering + |image| [sec-computation] @@ -211,14 +237,14 @@ Security Overflow Prevention ------------------- -| As we described in section [sec-computation], we use a windowed scalar - multiplication algorithm with signed digits. Each 4-bit message chunk - corresponds to a window called selector and each chunk is encoded as - an integer from the set :math:`\{-8..8\}\backslash \{0\}`. This allows - a more efficient lookup of the window entry for each chunk than if the - set :math:`\{1..16\}` had been used, because a point can be - conditionally negated using only a single constraint (Hopwood et al. - 2018). +| As we described in section `[sec-computation] <#sec-computation>`__, + we use a windowed scalar multiplication algorithm with signed digits. + Each 4-bit message chunk corresponds to a window called selector and + each chunk is encoded as an integer from the set + :math:`\{-8..8\}\backslash \{0\}`. This allows a more efficient lookup + of the window entry for each chunk than if the set :math:`\{1..16\}` + had been used, because a point can be conditionally negated using only + a single constraint (Hopwood et al., n.d.). | As there are up to 50 segments per each generator :math:`P_i`, the largest multiple of the generator :math:`P_i` is :math:`n\cdot P_i` with @@ -234,7 +260,7 @@ Overflow Prevention \quad\; n & = 8 \times \sum_{ k = 0}^{49} 2^{5k} = 8 \times \frac{2^{250}-1}{2^5-1}\\ - & = 466903585634339497675689455680193176827701551071131306610716064548036813064 + & = 466903585634339497675689455680193176827701551071131306610716064548036813064%\\\end{aligned} and @@ -250,67 +276,75 @@ Implementation A Note On Efficency: Number Of Constraints Per Bit -------------------------------------------------- -| When using 3-bit and 4-bit windows, we have **1 constraint for the - sign** and **3 for the sum** (as we are using the Montgomery form of - the curve, that requires only 3). Now let’s look at the constraints - required for the multiplexers. -| With 3-bit windows we need only one constraint per multiplexer, so **2 - constraints** in total. +| When using 3-bit and 4-bit windows, we have 1 constraint for the sign + and 3 for the sum (as we are using the Montgomery form of the curve, + that requires only 3). Now let’s look at the constraints required for + the multiplexers. +| With 3-bit windows we need only one constraint per multiplexer, so 2 + constraints in total. | Standard 4-bit windows require two constraints: one for the output and another to compute :math:`s_0*s_1`. So, a priori we would need 4 constraints, two per multiplexer. But we can reduce it to 3 as the computation of :math:`s_0*s_1` is the same in both multiplexers, so - this constraint can be reused. This way only **3 constraints** are + this constraint can be reused. This way only 3 constraints are required. | So, the amount of constraints per bit are: -- 3-lookup window : :math:` (1+3+2)/3 = 2 ` constraints per bit. +- 3-lookup window : :math:`(1+3+2)/3 = 2` constraints per bit. -- 4-lookup window : :math:` (1 +3+3)/4 = 1.75 ` constraints per bit. +- 4-lookup window : :math:`(1 +3+3)/4 = 1.75` constraints per bit. The specific constraints can be determined as follows: let the multiplexers of coordinates :math:`x` and :math:`y` be represented by the following look up tables: -+---------------+---------------+---------------+---------------+ -| :math:`s_2` | :math:`s_1` | :math:`s_0` | :math:`out` | -+===============+===============+===============+===============+ -| 0 | 0 | 0 | :math:`a_0` | -+---------------+---------------+---------------+---------------+ -| 0 | 0 | 1 | :math:`a_1` | -+---------------+---------------+---------------+---------------+ -| 0 | 1 | 0 | :math:`a_2` | -+---------------+---------------+---------------+---------------+ -| 0 | 1 | 1 | :math:`a_3` | -+---------------+---------------+---------------+---------------+ -| 1 | 0 | 0 | :math:`a_4` | -+---------------+---------------+---------------+---------------+ -| 1 | 0 | 1 | :math:`a_5` | -+---------------+---------------+---------------+---------------+ -| 1 | 1 | 0 | :math:`a_6` | -+---------------+---------------+---------------+---------------+ -| 1 | 1 | 1 | :math:`a_7` | -+---------------+---------------+---------------+---------------+ - -+---------------+---------------+---------------+---------------+ -| :math:`s_2` | :math:`s_1` | :math:`s_0` | :math:`out` | -+===============+===============+===============+===============+ -| 0 | 0 | 0 | :math:`b_0` | -+---------------+---------------+---------------+---------------+ -| 0 | 0 | 1 | :math:`b_1` | -+---------------+---------------+---------------+---------------+ -| 0 | 1 | 0 | :math:`b_2` | -+---------------+---------------+---------------+---------------+ -| 0 | 1 | 1 | :math:`b_3` | -+---------------+---------------+---------------+---------------+ -| 1 | 0 | 0 | :math:`b_4` | -+---------------+---------------+---------------+---------------+ -| 1 | 0 | 1 | :math:`b_5` | -+---------------+---------------+---------------+---------------+ -| 1 | 1 | 0 | :math:`b_6` | -+---------------+---------------+---------------+---------------+ -| 1 | 1 | 1 | :math:`b_7` | -+---------------+---------------+---------------+---------------+ +.. raw:: latex + + \centering + ++-------------+-------------+-------------+-------------+ +| :math:`s_2` | :math:`s_1` | :math:`s_0` | :math:`out` | ++=============+=============+=============+=============+ +| 0 | 0 | 0 | :math:`a_0` | ++-------------+-------------+-------------+-------------+ +| 0 | 0 | 1 | :math:`a_1` | ++-------------+-------------+-------------+-------------+ +| 0 | 1 | 0 | :math:`a_2` | ++-------------+-------------+-------------+-------------+ +| 0 | 1 | 1 | :math:`a_3` | ++-------------+-------------+-------------+-------------+ +| 1 | 0 | 0 | :math:`a_4` | ++-------------+-------------+-------------+-------------+ +| 1 | 0 | 1 | :math:`a_5` | ++-------------+-------------+-------------+-------------+ +| 1 | 1 | 0 | :math:`a_6` | ++-------------+-------------+-------------+-------------+ +| 1 | 1 | 1 | :math:`a_7` | ++-------------+-------------+-------------+-------------+ + +.. raw:: latex + + \centering + ++-------------+-------------+-------------+-------------+ +| :math:`s_2` | :math:`s_1` | :math:`s_0` | :math:`out` | ++=============+=============+=============+=============+ +| 0 | 0 | 0 | :math:`b_0` | ++-------------+-------------+-------------+-------------+ +| 0 | 0 | 1 | :math:`b_1` | ++-------------+-------------+-------------+-------------+ +| 0 | 1 | 0 | :math:`b_2` | ++-------------+-------------+-------------+-------------+ +| 0 | 1 | 1 | :math:`b_3` | ++-------------+-------------+-------------+-------------+ +| 1 | 0 | 0 | :math:`b_4` | ++-------------+-------------+-------------+-------------+ +| 1 | 0 | 1 | :math:`b_5` | ++-------------+-------------+-------------+-------------+ +| 1 | 1 | 0 | :math:`b_6` | ++-------------+-------------+-------------+-------------+ +| 1 | 1 | 1 | :math:`b_7` | ++-------------+-------------+-------------+-------------+ We can express them with the following 3 constraints: @@ -320,10 +354,10 @@ We can express them with the following 3 constraints: + (a_6-a_4-a_2+a_0)*s_1` | :math:`\text{\qquad\;\;} + (a_5-a_4-a_1+a_0)*s_0 + (a_4 - a_0) ] z - + (a_3-a_2-a_1+a_0)*aux + (a_2-a_0)*s_1 ` + + (a_3-a_2-a_1+a_0)*aux + (a_2-a_0)*s_1` | :math:`\text{\qquad\;\;} + (a_1-a_0)*s_0+ a_0` -- | :math:` out = [ (b_7-b_6-b_5+b_4-b_3+b_2+b_1-b_0)*aux +- | :math:`out = [ (b_7-b_6-b_5+b_4-b_3+b_2+b_1-b_0)*aux + (b_6-b_4-b_2+b_0)*s_1` | :math:`\text{\qquad\;\;} + (b_5-b_4-b_1+b_0)*s_0 + (b_4 - b_0)] z @@ -352,6 +386,14 @@ Intellectual Property The source code of the implementations listed in this proposal are publicly available. Circom is licensed under GPL3. +.. raw:: latex + + \addcontentsline{toc}{section}{References} + +.. raw:: latex + + \bibliographystyle{acm} + .. raw:: html
@@ -361,7 +403,7 @@ publicly available. Circom is licensed under GPL3.
Bernstein, Daniel J., Peter Birkner, Marc Joye, Tanja Lange, and -Christiane Peters. 2008. “Twisted Edwards Curves.” Cryptology ePrint +Christiane Peters. n.d. “Twisted Edwards Curves.” Cryptology ePrint Archive, Report 2008/013. .. raw:: html @@ -372,8 +414,8 @@ Archive, Report 2008/013.
-Hopwood, Daira, Sean Bowe, Taylor Hornby, and Nathan Wilcox. 2018. -“ZCash Protocol Specification Version 2018.0-Beta-31.” +Hopwood, Daira, Sean Bowe, Taylor Hornby, and Nathan Wilcox. n.d. “ZCash +Protocol Specification Version 2018.0-Beta-31.” .. raw:: html @@ -383,7 +425,7 @@ Hopwood, Daira, Sean Bowe, Taylor Hornby, and Nathan Wilcox. 2018.
-Libert, B., F. Mouhartem, and D. Stehlé. 1016–17AD. “Tutorial 8.” +Libert, B., F. Mouhartem, and D. Stehlé. n.d. “Tutorial 8.” .. raw:: html @@ -394,7 +436,7 @@ Libert, B., F. Mouhartem, and D. Stehlé. 1016–17AD. “Tutorial 8.”
“ZCash Open Discussion: Choose Improved Hash Function for Merkle Tree -(or Replace Merkle Tree).” Accessed February 25, 2018. +(or Replace Merkle Tree).” n.d. .. raw:: html diff --git a/source/iden3_repos/snarkjs/README.rst b/source/iden3_repos/snarkjs/README.rst index af15a96..5de55f4 100644 --- a/source/iden3_repos/snarkjs/README.rst +++ b/source/iden3_repos/snarkjs/README.rst @@ -30,14 +30,14 @@ Install. .. code:: sh - npm install snarkjs + npm install snarkjs Usage from command line. ------------------------ .. code:: sh - snarkjs --help + snarkjs --help Will show all the info in how to use the cli. @@ -49,103 +49,103 @@ Import. .. code:: js - const zkSnark = require("snarkjs"); + const zkSnark = require("snarkjs"); Load a circuit. ~~~~~~~~~~~~~~~ .. code:: js - // "myCircuit.cir" is the output of the jaz compiler + // "myCircuit.cir" is the output of the jaz compiler - const circuitDef = JSON.parse(fs.readFileSync("myCircuit.cir", "utf8")); - const circuit = new zkSnark.Circuit(circuitDef); + const circuitDef = JSON.parse(fs.readFileSync("myCircuit.cir", "utf8")); + const circuit = new zkSnark.Circuit(circuitDef); Inspect the circuit. ~~~~~~~~~~~~~~~~~~~~ .. code:: js - // `signalId` can always be a number or an alias string + // `signalId` can always be a number or an alias string - circuit.nConstraints; // number of constraints - circuit.nSignals; // number of signals - circuit.nPublic; // number of public signals (nOutputs + nPublicInputs) + circuit.nConstraints; // number of constraints + circuit.nSignals; // number of signals + circuit.nPublic; // number of public signals (nOutputs + nPublicInputs) - // The array of signals is always sorted in this order: - // [ 1, outputs, publicInputs, privateInputs, internalSignals, constants] + // The array of signals is always sorted in this order: + // [ 1, outputs, publicInputs, privateInputs, internalSignals, constants] - // returns a,b and c coeficients of the `signalId` on a given `constraint` - circuit.a(constraint, signalId) - circuit.b(constraint, signalId) - circuit.c(constraint, signalId) + // returns a,b and c coeficients of the `signalId` on a given `constraint` + circuit.a(constraint, signalId) + circuit.b(constraint, signalId) + circuit.c(constraint, signalId) - circuit.nOutputs // number of public outputs - circuit.pubInputs // number of public inputs - circuit.nPrvInputs // number of private inputs - circuit.nInputs // number of inputs ( nPublicInputs + nPrivateInputs) - circuit.nVars // number of variables ( not including constants (one is a variable) ) - circuit.nSignals // number of signals ( including constants ) + circuit.nOutputs // number of public outputs + circuit.pubInputs // number of public inputs + circuit.nPrvInputs // number of private inputs + circuit.nInputs // number of inputs ( nPublicInputs + nPrivateInputs) + circuit.nVars // number of variables ( not including constants (one is a variable) ) + circuit.nSignals // number of signals ( including constants ) - circuit.outputIdx(i) // returns the index of the i'th output - circuit.inputIdx(i) // returns the index of the i'th input - circuit.pubInputIdx(i) // returns the index of the i'th public input - circuit.prvInputIdx(i) // returns the index of the i'th private input - circuit.varIdx(i) // returns the index of the i'th variable - circuit.constantIdx(i) // returns the index of the i'th constant - circuit.signalIdx(i) // returns the index of the i'th signal + circuit.outputIdx(i) // returns the index of the i'th output + circuit.inputIdx(i) // returns the index of the i'th input + circuit.pubInputIdx(i) // returns the index of the i'th public input + circuit.prvInputIdx(i) // returns the index of the i'th private input + circuit.varIdx(i) // returns the index of the i'th variable + circuit.constantIdx(i) // returns the index of the i'th constant + circuit.signalIdx(i) // returns the index of the i'th signal - // returns signal Idx given a signalId - // if the idx >= n , it is a constant - // if the idx == -1, the signal does not exist - circuit.getSignalIdx(name); + // returns signal Idx given a signalId + // if the idx >= n , it is a constant + // if the idx == -1, the signal does not exist + circuit.getSignalIdx(name); - // returns an array aliases names of the i'th signal - circuit.signalNames(i) + // returns an array aliases names of the i'th signal + circuit.signalNames(i) - // input is a key value object where keys are the signal names - // of all the inputs (public and private) - // returns an array of values representing the witness - circuit.calculateWitness(input) + // input is a key value object where keys are the signal names + // of all the inputs (public and private) + // returns an array of values representing the witness + circuit.calculateWitness(input) Trusted setup. ~~~~~~~~~~~~~~ .. code:: js - const setup = zkSnark.setup(circuit); - fs.writeFileSync("myCircuit.vk_proof", JSON.stringify(setup.vk_proof), "utf8"); - fs.writeFileSync("myCircuit.vk_verifier", JSON.stringify(setup.vk_verifier), "utf8"); - setup.toxic // Must be discarded. + const setup = zkSnark.setup(circuit); + fs.writeFileSync("myCircuit.vk_proof", JSON.stringify(setup.vk_proof), "utf8"); + fs.writeFileSync("myCircuit.vk_verifier", JSON.stringify(setup.vk_verifier), "utf8"); + setup.toxic // Must be discarded. Generate proof. ~~~~~~~~~~~~~~~ .. code:: js - const circuitDef = JSON.parse(fs.readFileSync("myCircuit.cir", "utf8")); - const circuit = new zkSnark.Circuit(circuitDef); - const input = { - "main.pubIn1": "123", - "main.out1": "456" - } - const witness = circuit.calculateWitness(input); - const vk_proof = JSON.parse(fs.readFileSync("myCircuit.vk_proof", "utf8")); + const circuitDef = JSON.parse(fs.readFileSync("myCircuit.cir", "utf8")); + const circuit = new zkSnark.Circuit(circuitDef); + const input = { + "main.pubIn1": "123", + "main.out1": "456" + } + const witness = circuit.calculateWitness(input); + const vk_proof = JSON.parse(fs.readFileSync("myCircuit.vk_proof", "utf8")); - const {proof, publicSignals} = zkSnark.genProof(vk_proof, witness); + const {proof, publicSignals} = zkSnark.genProof(vk_proof, witness); Verifier. ~~~~~~~~~ .. code:: js - const vk_verifier = JSON.parse(fs.readFileSync("myCircuit.vk_verifier", "utf8")); + const vk_verifier = JSON.parse(fs.readFileSync("myCircuit.vk_verifier", "utf8")); - if (zkSnark.isValid(vk_verifier, proof, publicSignals)) { - console.log("The proof is valid"); - } else { - console.log("The proof is not valid"); - } + if (zkSnark.isValid(vk_verifier, proof, publicSignals)) { + console.log("The proof is valid"); + } else { + console.log("The proof is not valid"); + } License ------- diff --git a/source/iden3_repos/tx-forwarder/README.rst b/source/iden3_repos/tx-forwarder/README.rst index 7c6aecc..7c9e4c2 100644 --- a/source/iden3_repos/tx-forwarder/README.rst +++ b/source/iden3_repos/tx-forwarder/README.rst @@ -19,25 +19,25 @@ Deploy contract: :: - ./tx-forwarder deploy + ./tx-forwarder deploy This will print the deployed contract address, then copy&paste in the config file ``config.yaml``: :: - server: - serviceapi: 0.0.0.0:11000 - adminapi: 0.0.0.0:11001 - web3: - url: http://127.0.0.1:8545 - keystore: - path: /var/config/keystore - address: 0x123456789... - passwd: /var/config/keystore.password - keyjsonpath: /var/config/keystore/UTC-etc - contracts: - samplecontract: 0xasdf + server: + serviceapi: 0.0.0.0:11000 + adminapi: 0.0.0.0:11001 + web3: + url: http://127.0.0.1:8545 + keystore: + path: /var/config/keystore + address: 0x123456789... + passwd: /var/config/keystore.password + keyjsonpath: /var/config/keystore/UTC-etc + contracts: + samplecontract: 0xasdf Run ~~~ @@ -46,7 +46,7 @@ Then, run the server: :: - ./tx-forwarder start + ./tx-forwarder start Contract ~~~~~~~~ @@ -60,8 +60,8 @@ the Go handlers: :: - solc --abi --bin SampleContract.sol -o build - abigen --bin=./build/SampleContract.bin --abi=./build/SampleContract.abi --pkg=SampleContract --out=SampleContract.go + solc --abi --bin SampleContract.sol -o build + abigen --bin=./build/SampleContract.bin --abi=./build/SampleContract.abi --pkg=SampleContract --out=SampleContract.go And place the ``sampleContract.go`` file in the ``eth/contract/sampleContract.go`` path. diff --git a/source/iden3_repos/wasmbuilder.rst b/source/iden3_repos/wasmbuilder.rst index e5cd8dc..432bbfe 100644 --- a/source/iden3_repos/wasmbuilder.rst +++ b/source/iden3_repos/wasmbuilder.rst @@ -6,4 +6,4 @@ Web Assembly Builder .. toctree:: :maxdepth: 1 - rst + diff --git a/source/iden3_repos/websnark/README.rst b/source/iden3_repos/websnark/README.rst index b84118c..9cfa750 100644 --- a/source/iden3_repos/websnark/README.rst +++ b/source/iden3_repos/websnark/README.rst @@ -27,7 +27,7 @@ You just need to import the websnark.js found in the build directory. .. code:: html - - - -

iden3

-

Zero knowledge proof generator

- -
- 

-
-    
-    
+   
+   

+   

+   
+   
+   
+   
iden3

+   
Zero knowledge proof generator

+   
+   

+   

+
+   
+   
 
 You can test it by running a web server on the example directory
 
 ::
 
-    npm -g install http-server
-    cd example
-    http-server .
+   npm -g install http-server
+   cd example
+   http-server .
 
 And then navegate to http://127.0.0.1:8080
 
@@ -133,19 +133,19 @@ tested with snarkjs
 
 ::
 
-    snarkjs verify
-    ``
+   snarkjs verify
+   ``
 
-    ## Building wasm.js
+   ## Building wasm.js
 
 npm run build
 
 ::
 
 
-    ## Testing
+   ## Testing
 
-npm test \`\`\`
+npm test \``\`
 
 License
 -------
diff --git a/source/index.rst b/source/index.rst
index 13b5f73..17f6643 100644
--- a/source/index.rst
+++ b/source/index.rst
@@ -28,37 +28,36 @@ Iden3 is an open source project offering a complete decentralized identity manag
 
 This documentation site includes the following sections:
 
+* :doc:`Technology ` : provides a description of iden3's technology.
+
 * :doc:`Developers ` : guide on how to integrate iden3's software for specific applications.
 
 * :doc:`Repository Guide ` : centralizes documentation scattered across different iden3's repos in a single place. 
 
-* :doc:`Technology ` : provides a description of iden3's technology.
-
 * :doc:`Publications ` : includes articles and papers authored by iden3.
 
 During the comming months, we will be sorting, improving and extending the documentation, so don't forget to come back. Thank you!!! 
 
-
 .. toctree::
    :maxdepth: 1
    :hidden:
-   :caption: Developers
+   :caption: Technology
 
-   developers
+   technology
 
 .. toctree::
    :maxdepth: 1
    :hidden:
-   :caption: Repository Guide
+   :caption: Developers
 
-   repositories
+   developers
 
 .. toctree::
    :maxdepth: 1
    :hidden:
-   :caption: Technology
+   :caption: Repository Guide
 
-   technology
+   repositories
 
 .. toctree::
    :maxdepth: 1
diff --git a/source/repositories.rst b/source/repositories.rst
index e4bebf1..fe18abe 100644
--- a/source/repositories.rst
+++ b/source/repositories.rst
@@ -85,13 +85,10 @@ Miscellaneous utilities.
 
    * - Repo
      - Description
-   * - citrus_ 
-     - Continuous integration testing for iden3 system
    * - wasmbuilder_ 
      - Javascript library to simplify writing Web Assembly code
 
 
-.. _citrus: https://github.com/iden3/citrus
 .. _wasmbuilder: https://github.com/iden3/wasmbuilder
 
 
@@ -100,5 +97,4 @@ Miscellaneous utilities.
    :hidden:
    :caption: Misc:
 
-   iden3_repos/citrus
    iden3_repos/wasmbuilder