Skip to content

rarimo/passport-contracts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits

.github

.github

 
 

.husky

.husky

 
 

contracts

contracts

 
 

deploy

deploy

 
 

scripts

scripts

 
 

test

test

 
 

.editorconfig

.editorconfig

 
 

.env.example

.env.example

 
 

.gitignore

.gitignore

 
 

.prettierignore

.prettierignore

 
 

.prettierrc.json

.prettierrc.json

 
 

.solcover.ts

.solcover.ts

 
 

.solhint.json

.solhint.json

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

hardhat.config.ts

hardhat.config.ts

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

tsconfig.json

tsconfig.json

 
 

Repository files navigation

License: MIT

🛂 Decentralized Identity Issuance

Issue your unique on-chain identity through Rarimo and ZKP.

🧪 How it works

The general idea is to create a decentralized, permissionless protocol that will be able to issue users' on-chain identities without revealing anything about the users themselves.

Users will then use these identities as a gateway to a slew of activities like anonymous voting, socials, participation in events that require KYC, generation of humanity proofs, etc.

The ambitious idea has a set of challenges to overcome:

  • Identify the unique user being registered
  • Verify that the user is not being impersonated
  • Prove that the user is a human being
  • Issue the user <-> identity bond
  • Reveal no or minimal information about user's credentials

1. Identify the user

We are anchoring to NFC-integrated passports to solve the first problem. Each passport is unique and represents a unique human. Users scan their passports through the mobile application and generate ZK proofs that verify their uniqueness.

2. Verify the user is not impersonated

The second problem is solved through utilizing "active authentication (AA)" mechanism built into the NFC passports. We ask the user to sign the public key of their identity via AA and then verify this signature on-chain.

3. Prove the user is a human

Upon issuance, every NFC passport is signed by an authorized (slave) entity that is in turn signed by a member of ICAO Master List. We can extract these signatures from passports and check that the master signature resolves to a member of ICAO. The extraction is a two step process:

  1. Extract a slave X509 certificate and check its validity against the master signature
  2. Extract a slave signature and check a passport's validity against a valid X509 certificate

4. Issue decentralized identity

If all the checks succeed, we issue a "hash of passport public key" <-> "identity public key" bond and store it in the Sparse Merkle Tree (SMT). That enables us to prove the belonging of the identity to a certain user in the participation events.

The stunning beauty of the aforementioned proccess is that no vital information is revealed during the registration. We are using advanced ZK techniques and Circom-based circuits to make it work.

🪛 How to use

We distribute the smart contracts in the following NPM package:

npm install @rarimo/passport-contracts

Afterwards, you will be able to use the application by calling the Registration entrypoint smart contract.

Note

This is experimental, state of the art software. Behold and use at your own risk.

Limitations

Currently only a few AA verification methods are supported:

  • RSA + SHA1 with 2688 encapsulated content bits
  • ECDSA + SHA1 with 2704 encapsulated content bits

License

The smart contracts are released under the MIT License.

About

Decentralized Identity Issuer Contracts

Topics

identity passport icao did

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

5 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages