Skip to content

microbecode/zk-identity-onramp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
circuits
circuits
 
 
frontend
frontend
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
RESEARCH.md
RESEARCH.md
 
 
onramp.drawio
onramp.drawio
 
 
onramp.png
onramp.png
 
 

Repository files navigation

Identity onramp

This project aims to on-ramp off-chain identities.

This project is loosely based on a non-funded ZkIgnite proposal, which in turn is based on Bonsai Pay and zkLogin. We mostly leave the asset management things out and focus on the identity.

The project is divided into two phases: the first phase aims to implement the basic functionality, in a PoC style. The second phase adds required ZK privacy and succinctness.

Basic flow

Phase 1

The flow goes something like this:

  1. User authenticates with their web2 identity provider, such as Google. The authentication flow is just what the user is used to. The only difference is that we embed an on-chain address (public key) into the flow (in the nonce field).
  2. User gets a JWT authentication token that has the on-chain address embedded in it.
  3. The JWT token is sent on-chain
  4. On-chain smart contract verifies its signature (using a stored public key for the identity provider) and associates the web2 identity with the web3 address.

Issues

Note that this phase implements a very insecure an inefficient version, and can be considered a Proof of Concept.

Mainly it's not a good idea to upload a full functioning identity token to an on-chain contract. And it's not a good idea to upload the full token when only a portion of it is needed in reality.

Phase 2

This phase aims to bring the project beyond the PoC phase and to make it more realistic to use.

Add ZK proofs to:

  1. Add ZK privacy. Instead of uploading the real token, only generate a proof of the needed parts and send the proof.
  2. Related to the previous point: generating a proof makes the process also more succinct. Two birds with one stone.
  3. Some of the JWT token verification on-chain is expensive. Do some of it off-chain and just prove it.

Overall recognized issues

There are a few open issues that don't have a good solution thought of, currently.

  1. The used tokens are signed by a private key from the identity provider. The identity provider changes their keys, making the old data obsolete. The cycle can be as fast as a week. This means the on-chain verification keys need to be updated as well. How to do this?
  2. How to handle timestamps in the tokens. Which time to use and how to handle token expiry.
  3. How to handle reuse of old JWT tokens. Maybe we need nullifiers?

Developer info

For running this locally, you a Twitch account with API setup.

Twitch setup

Go to the Twitch Console at https://dev.twitch.tv/console/apps . Register a new application:

Change the "audience" in index.tsx to use your Twitch client ID.

Run frontend

Run the frontend from the frontend folder with npm run dev, open the site and login with your Twitch account.

About

An identity onramp project

zk-identity-onramp.vercel.app

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages