ProveThis allows users to prove statements from websites and APIs using TLS without revealing private information. Although efforts like TLSNotary can currently be used to prove the authenticity and origin of a full HTML page, we extend the capabilities of TLSNotary and allow users to make zk-SNARK based zero knowledge proofs about statements in complexity class NP. More concretely, this can allow users to prove statements about e.g. their banking data or other data sources. Such proofs can generally be used to reduce fraud without compromising privacy and confidentiality.
We are honoured that our open source work is sponsored by the NLNet Foundation.
In this final submission we developed a desktop application which can be run on a standard Linux or Mac computer. The user can choose a particular bank account (supported at the moment are two Dutch banks: ABN Amro and bunq). The user can then select a particular transaction from their history and make a zero-knowledge proof about it.
Please be aware that this code has not received a security code audit yet! Do not use this in production!
ProveThis allows users to prove statements from websites and APIs using TLS without revealing private information. We extend the capabilities of TLSNotary and allow users to make zk-SNARK based zero knowledge proofs. To make this more intuitive, first we show a high level overview of the different components we have added:
This repository proves that a response from a certain server contained a certain piece of data. We do this by:
- running tlsnotary's pagesigner-cli to notarize a page
- running distributed AES tag verification using the approach pioneered by DECO
- creating a zero-knowledge proof about a piece of plaintext being decryptable by some TLS key material which was committed to by the notary Note that we diverge from DECO's tag verification process. In their protocol (as described in appendix B.2), the verifier should not use the same IV more than once in any given 2PC protocol. However, in the current setup at the time of writing, we only prove data from a single TLS record with a single IV. If in the future this functionality is expanded to include proofs about multiple TLS records, full adherence to the DECO protocol is desired.
ProveThis is a desktop application, which allows to create a proof of a bank transaction with counter party account number and amount.
Supported banks:
- ABN Amro
- BUNQ
OS and hardware:
- OS:
- Ubuntu 18.04 64bit (later versions may work as well) or
- macOS Ventura 13.4.1
- 8GB free RAM (may require more in case of larger proof size)
- x86 CPU supporting SSE2, RDSEED, AES instructions or M1/M2 ARM
- 10+ MB/s internet connection (MPC creates around 1GB of traffic)
Software:
- Python 3
- Circom 2.1.5 (https://docs.circom.io/getting-started/installation/#installing-dependencies)
- OpenSSL 1.1.1
- MPC circuits please unpack before use
- Node 16.14
- NPM
- CMake 3.13+
- GCC 9+
- Python 3
ecdsa
0.18 python library
- Run
git submodule update --init --recursive
- Go to
aes-mpc-lib
directory and build the client manually by following the readme. Make sure to use-W
flag withnpm
when installing dependencies there.aes-mpc-lib
is configured as a workspace for this project. - Install dependencies by running
yarn
- Install Python 3 and
ecdsa>=0.18.0b1
Python library - Install Circom 2.1.5 following their guide
Modify notary
and mpcServerConfig
objects in provingHandler.ts.
Both IP addresses must be the same. For mpcIvPort
and mpcPoHPort
the server must have port ranges open from mpcIvPort
to mpcIvPort+3
and from mpcPoHPort
to mpcPoHPort+3
.
The CLI-only example can be modified similarly.
- Development:
yarn electron:dev
- CLI-only example using Google.com:
yarn electron-only && node build/electron/proverlib/example.js
- Release:
yarn electron:build
- the resulting bundle will be located indist/
. The target platform will be the same as host.
Notarization time: 3.207s Main circuit compiling time: 12.669s MPC tag verification time: 110.084s Witness generation time: 0.335s Proof creation time: 5.431s Proof verification time: 0.126s Preparing tag verification time: 0.129s Verifying tag time: 0.112s
Elapsed time: 137.168s (with selecting the folder for where to save)
Notarization time: 3.190s Main circuit compiling time: 27.766s MPC tag verification time: 110.081s Witness generation time: 0.704s Proof creation time: 10.788s Proof verification time: 0.125s Preparing tag verification time: 0.127s Verifying tag time: 0.109s
Elapsed time: 156.341s (with selecting the folder for where to save)
Notarization time: 4.170s Main circuit compiling time: 15.546s MPC tag verification time: 210.211s Witness generation time: 0.501s Proof creation time: 8.165s Proof verification time: 0.211s Preparing tag verification time: 0.271s Verifying tag time: 0.155s
Elapsed time: 248.018s (with selecting the folder for where to save)
Notarization time: 3.987s Main circuit compiling time: 27.884s MPC tag verification time: 200.193s Witness generation time: 0.952s Proof creation time: 15.799s Proof verification time: 0.201s Preparing tag verification time: 0.402s Verifying tag time: 0.149s
Elapsed time: 258.6s (with selecting the folder for where to save)
- emp-tool (MIT)
- emp-ot (MIT)
- emp-agmpc (MIT)
- tlslite-ng (Multiple licenses: BSD-style, public domain, GNU LGPL v2)
- pagesigner (GPL-3.0)