├── .eslintignore
├── .eslintrc.js
├── .github
├── dependabot.yml
└── workflows
│ ├── ci.yaml
│ └── npm-publish.yml
├── .gitignore
├── .nvmrc
├── .prettierrc
├── .vscode
└── launch.json
├── LICENSE
├── README.md
├── config
└── rollup.config.mjs
├── index.html
├── jest.config.js
├── package-lock.json
├── package.json
├── src
├── authGroth16.ts
├── authV2Groth16.ts
├── common.ts
├── hash.ts
├── index.ts
├── jwz.ts
├── proving.ts
└── witness_calculator.ts
├── test
├── data
│ └── authV2
│ │ ├── circuit.wasm
│ │ ├── circuit_final.zkey
│ │ └── verification_key.json
├── hash.test.ts
└── jwz.test.ts
└── tsconfig.json
/.eslintignore:
--------------------------------------------------------------------------------
1 | build/
2 | node_modules
3 |
--------------------------------------------------------------------------------
/.eslintrc.js:
--------------------------------------------------------------------------------
1 | const iden3Config = require('@iden3/eslint-config');
2 | const { spellcheckerRule, cspellConfig } = require('@iden3/eslint-config/cspell');
3 |
4 | module.exports = {
5 | ...iden3Config,
6 | rules: {
7 | '@cspell/spellchecker': [
8 | 1,
9 | {
10 | ...spellcheckerRule,
11 | cspell: {
12 | ...cspellConfig,
13 | ignoreWords: ['mymessage']
14 | }
15 | }
16 | ]
17 | }
18 | };
19 |
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 | - package-ecosystem: "npm"
4 | directory: "/"
5 | schedule:
6 | interval: "daily"
7 | allow:
8 | - dependency-name: "@iden3*"
9 | reviewers:
10 | - "Kolezhniuk"
11 | - "vmidyllic"
12 |
--------------------------------------------------------------------------------
/.github/workflows/ci.yaml:
--------------------------------------------------------------------------------
1 | name: Build, Lint and Test
2 | on: push
3 | jobs:
4 | build:
5 | timeout-minutes: 7
6 | runs-on: ubuntu-latest
7 | steps:
8 | - name: Checkout
9 | uses: actions/checkout@v4
10 |
11 | - name: Setup Node.js
12 | uses: actions/setup-node@v4
13 | with:
14 | node-version: 'lts/*'
15 |
16 | - name: Cache node modules
17 | uses: actions/cache@v4
18 | with:
19 | # npm cache files are stored in `~/.npm` on Linux/macOS
20 | path: ~/.npm
21 | key: cache-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }}
22 |
23 | - name: Install dependencies
24 | run: npm ci
25 |
26 | - name: Run Prettier
27 | run: npm run format:check
28 |
29 | - name: Run ESLint
30 | run: npm run lint:check
31 |
32 | - name: Build
33 | run: npm run build
34 |
35 | - name: Run Tests
36 | run: npm run test
37 |
--------------------------------------------------------------------------------
/.github/workflows/npm-publish.yml:
--------------------------------------------------------------------------------
1 | name: Publish package to NPM
2 |
3 | on:
4 | release:
5 | types: [created]
6 |
7 | jobs:
8 | publish-npm:
9 | runs-on: ubuntu-latest
10 | steps:
11 | - uses: actions/checkout@v4
12 | - uses: actions/setup-node@v4
13 | with:
14 | node-version-file: '.nvmrc'
15 | registry-url: https://registry.npmjs.org/
16 | cache: 'npm'
17 | - run: npm ci
18 | - run: npm run build
19 | - run: npm publish
20 | env:
21 | NODE_AUTH_TOKEN: ${{secrets.IDENTITY_NPM_PUBLISH_TOKEN}}
22 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /node_modules
2 | coverage
3 | dist
4 | .DS_Store
5 | .idea
6 | .vscode
7 |
--------------------------------------------------------------------------------
/.nvmrc:
--------------------------------------------------------------------------------
1 | v20.11.1
2 |
--------------------------------------------------------------------------------
/.prettierrc:
--------------------------------------------------------------------------------
1 | "@iden3/eslint-config/prettier"
--------------------------------------------------------------------------------
/.vscode/launch.json:
--------------------------------------------------------------------------------
1 | {
2 | "version": "0.2.0",
3 | "configurations": [
4 | {
5 | "name": "Debug Jest Tests",
6 | "type": "node",
7 | "request": "launch",
8 | "runtimeArgs": [
9 | "--inspect-brk",
10 | "${workspaceRoot}/node_modules/.bin/jest",
11 | "--runInBand"
12 | ],
13 | "console": "integratedTerminal",
14 | "internalConsoleOptions": "neverOpen",
15 | "port": 9229
16 | }
17 | ]
18 | }
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU AFFERO GENERAL PUBLIC LICENSE
2 | Version 3, 19 November 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU Affero General Public License is a free, copyleft license for
11 | software and other kinds of works, specifically designed to ensure
12 | cooperation with the community in the case of network server software.
13 |
14 | The licenses for most software and other practical works are designed
15 | to take away your freedom to share and change the works. By contrast,
16 | our General Public Licenses are intended to guarantee your freedom to
17 | share and change all versions of a program--to make sure it remains free
18 | software for all its users.
19 |
20 | When we speak of free software, we are referring to freedom, not
21 | price. Our General Public Licenses are designed to make sure that you
22 | have the freedom to distribute copies of free software (and charge for
23 | them if you wish), that you receive source code or can get it if you
24 | want it, that you can change the software or use pieces of it in new
25 | free programs, and that you know you can do these things.
26 |
27 | Developers that use our General Public Licenses protect your rights
28 | with two steps: (1) assert copyright on the software, and (2) offer
29 | you this License which gives you legal permission to copy, distribute
30 | and/or modify the software.
31 |
32 | A secondary benefit of defending all users' freedom is that
33 | improvements made in alternate versions of the program, if they
34 | receive widespread use, become available for other developers to
35 | incorporate. Many developers of free software are heartened and
36 | encouraged by the resulting cooperation. However, in the case of
37 | software used on network servers, this result may fail to come about.
38 | The GNU General Public License permits making a modified version and
39 | letting the public access it on a server without ever releasing its
40 | source code to the public.
41 |
42 | The GNU Affero General Public License is designed specifically to
43 | ensure that, in such cases, the modified source code becomes available
44 | to the community. It requires the operator of a network server to
45 | provide the source code of the modified version running there to the
46 | users of that server. Therefore, public use of a modified version, on
47 | a publicly accessible server, gives the public access to the source
48 | code of the modified version.
49 |
50 | An older license, called the Affero General Public License and
51 | published by Affero, was designed to accomplish similar goals. This is
52 | a different license, not a version of the Affero GPL, but Affero has
53 | released a new version of the Affero GPL which permits relicensing under
54 | this license.
55 |
56 | The precise terms and conditions for copying, distribution and
57 | modification follow.
58 |
59 | TERMS AND CONDITIONS
60 |
61 | 0. Definitions.
62 |
63 | "This License" refers to version 3 of the GNU Affero General Public License.
64 |
65 | "Copyright" also means copyright-like laws that apply to other kinds of
66 | works, such as semiconductor masks.
67 |
68 | "The Program" refers to any copyrightable work licensed under this
69 | License. Each licensee is addressed as "you". "Licensees" and
70 | "recipients" may be individuals or organizations.
71 |
72 | To "modify" a work means to copy from or adapt all or part of the work
73 | in a fashion requiring copyright permission, other than the making of an
74 | exact copy. The resulting work is called a "modified version" of the
75 | earlier work or a work "based on" the earlier work.
76 |
77 | A "covered work" means either the unmodified Program or a work based
78 | on the Program.
79 |
80 | To "propagate" a work means to do anything with it that, without
81 | permission, would make you directly or secondarily liable for
82 | infringement under applicable copyright law, except executing it on a
83 | computer or modifying a private copy. Propagation includes copying,
84 | distribution (with or without modification), making available to the
85 | public, and in some countries other activities as well.
86 |
87 | To "convey" a work means any kind of propagation that enables other
88 | parties to make or receive copies. Mere interaction with a user through
89 | a computer network, with no transfer of a copy, is not conveying.
90 |
91 | An interactive user interface displays "Appropriate Legal Notices"
92 | to the extent that it includes a convenient and prominently visible
93 | feature that (1) displays an appropriate copyright notice, and (2)
94 | tells the user that there is no warranty for the work (except to the
95 | extent that warranties are provided), that licensees may convey the
96 | work under this License, and how to view a copy of this License. If
97 | the interface presents a list of user commands or options, such as a
98 | menu, a prominent item in the list meets this criterion.
99 |
100 | 1. Source Code.
101 |
102 | The "source code" for a work means the preferred form of the work
103 | for making modifications to it. "Object code" means any non-source
104 | form of a work.
105 |
106 | A "Standard Interface" means an interface that either is an official
107 | standard defined by a recognized standards body, or, in the case of
108 | interfaces specified for a particular programming language, one that
109 | is widely used among developers working in that language.
110 |
111 | The "System Libraries" of an executable work include anything, other
112 | than the work as a whole, that (a) is included in the normal form of
113 | packaging a Major Component, but which is not part of that Major
114 | Component, and (b) serves only to enable use of the work with that
115 | Major Component, or to implement a Standard Interface for which an
116 | implementation is available to the public in source code form. A
117 | "Major Component", in this context, means a major essential component
118 | (kernel, window system, and so on) of the specific operating system
119 | (if any) on which the executable work runs, or a compiler used to
120 | produce the work, or an object code interpreter used to run it.
121 |
122 | The "Corresponding Source" for a work in object code form means all
123 | the source code needed to generate, install, and (for an executable
124 | work) run the object code and to modify the work, including scripts to
125 | control those activities. However, it does not include the work's
126 | System Libraries, or general-purpose tools or generally available free
127 | programs which are used unmodified in performing those activities but
128 | which are not part of the work. For example, Corresponding Source
129 | includes interface definition files associated with source files for
130 | the work, and the source code for shared libraries and dynamically
131 | linked subprograms that the work is specifically designed to require,
132 | such as by intimate data communication or control flow between those
133 | subprograms and other parts of the work.
134 |
135 | The Corresponding Source need not include anything that users
136 | can regenerate automatically from other parts of the Corresponding
137 | Source.
138 |
139 | The Corresponding Source for a work in source code form is that
140 | same work.
141 |
142 | 2. Basic Permissions.
143 |
144 | All rights granted under this License are granted for the term of
145 | copyright on the Program, and are irrevocable provided the stated
146 | conditions are met. This License explicitly affirms your unlimited
147 | permission to run the unmodified Program. The output from running a
148 | covered work is covered by this License only if the output, given its
149 | content, constitutes a covered work. This License acknowledges your
150 | rights of fair use or other equivalent, as provided by copyright law.
151 |
152 | You may make, run and propagate covered works that you do not
153 | convey, without conditions so long as your license otherwise remains
154 | in force. You may convey covered works to others for the sole purpose
155 | of having them make modifications exclusively for you, or provide you
156 | with facilities for running those works, provided that you comply with
157 | the terms of this License in conveying all material for which you do
158 | not control copyright. Those thus making or running the covered works
159 | for you must do so exclusively on your behalf, under your direction
160 | and control, on terms that prohibit them from making any copies of
161 | your copyrighted material outside their relationship with you.
162 |
163 | Conveying under any other circumstances is permitted solely under
164 | the conditions stated below. Sublicensing is not allowed; section 10
165 | makes it unnecessary.
166 |
167 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
168 |
169 | No covered work shall be deemed part of an effective technological
170 | measure under any applicable law fulfilling obligations under article
171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
172 | similar laws prohibiting or restricting circumvention of such
173 | measures.
174 |
175 | When you convey a covered work, you waive any legal power to forbid
176 | circumvention of technological measures to the extent such circumvention
177 | is effected by exercising rights under this License with respect to
178 | the covered work, and you disclaim any intention to limit operation or
179 | modification of the work as a means of enforcing, against the work's
180 | users, your or third parties' legal rights to forbid circumvention of
181 | technological measures.
182 |
183 | 4. Conveying Verbatim Copies.
184 |
185 | You may convey verbatim copies of the Program's source code as you
186 | receive it, in any medium, provided that you conspicuously and
187 | appropriately publish on each copy an appropriate copyright notice;
188 | keep intact all notices stating that this License and any
189 | non-permissive terms added in accord with section 7 apply to the code;
190 | keep intact all notices of the absence of any warranty; and give all
191 | recipients a copy of this License along with the Program.
192 |
193 | You may charge any price or no price for each copy that you convey,
194 | and you may offer support or warranty protection for a fee.
195 |
196 | 5. Conveying Modified Source Versions.
197 |
198 | You may convey a work based on the Program, or the modifications to
199 | produce it from the Program, in the form of source code under the
200 | terms of section 4, provided that you also meet all of these conditions:
201 |
202 | a) The work must carry prominent notices stating that you modified
203 | it, and giving a relevant date.
204 |
205 | b) The work must carry prominent notices stating that it is
206 | released under this License and any conditions added under section
207 | 7. This requirement modifies the requirement in section 4 to
208 | "keep intact all notices".
209 |
210 | c) You must license the entire work, as a whole, under this
211 | License to anyone who comes into possession of a copy. This
212 | License will therefore apply, along with any applicable section 7
213 | additional terms, to the whole of the work, and all its parts,
214 | regardless of how they are packaged. This License gives no
215 | permission to license the work in any other way, but it does not
216 | invalidate such permission if you have separately received it.
217 |
218 | d) If the work has interactive user interfaces, each must display
219 | Appropriate Legal Notices; however, if the Program has interactive
220 | interfaces that do not display Appropriate Legal Notices, your
221 | work need not make them do so.
222 |
223 | A compilation of a covered work with other separate and independent
224 | works, which are not by their nature extensions of the covered work,
225 | and which are not combined with it such as to form a larger program,
226 | in or on a volume of a storage or distribution medium, is called an
227 | "aggregate" if the compilation and its resulting copyright are not
228 | used to limit the access or legal rights of the compilation's users
229 | beyond what the individual works permit. Inclusion of a covered work
230 | in an aggregate does not cause this License to apply to the other
231 | parts of the aggregate.
232 |
233 | 6. Conveying Non-Source Forms.
234 |
235 | You may convey a covered work in object code form under the terms
236 | of sections 4 and 5, provided that you also convey the
237 | machine-readable Corresponding Source under the terms of this License,
238 | in one of these ways:
239 |
240 | a) Convey the object code in, or embodied in, a physical product
241 | (including a physical distribution medium), accompanied by the
242 | Corresponding Source fixed on a durable physical medium
243 | customarily used for software interchange.
244 |
245 | b) Convey the object code in, or embodied in, a physical product
246 | (including a physical distribution medium), accompanied by a
247 | written offer, valid for at least three years and valid for as
248 | long as you offer spare parts or customer support for that product
249 | model, to give anyone who possesses the object code either (1) a
250 | copy of the Corresponding Source for all the software in the
251 | product that is covered by this License, on a durable physical
252 | medium customarily used for software interchange, for a price no
253 | more than your reasonable cost of physically performing this
254 | conveying of source, or (2) access to copy the
255 | Corresponding Source from a network server at no charge.
256 |
257 | c) Convey individual copies of the object code with a copy of the
258 | written offer to provide the Corresponding Source. This
259 | alternative is allowed only occasionally and noncommercially, and
260 | only if you received the object code with such an offer, in accord
261 | with subsection 6b.
262 |
263 | d) Convey the object code by offering access from a designated
264 | place (gratis or for a charge), and offer equivalent access to the
265 | Corresponding Source in the same way through the same place at no
266 | further charge. You need not require recipients to copy the
267 | Corresponding Source along with the object code. If the place to
268 | copy the object code is a network server, the Corresponding Source
269 | may be on a different server (operated by you or a third party)
270 | that supports equivalent copying facilities, provided you maintain
271 | clear directions next to the object code saying where to find the
272 | Corresponding Source. Regardless of what server hosts the
273 | Corresponding Source, you remain obligated to ensure that it is
274 | available for as long as needed to satisfy these requirements.
275 |
276 | e) Convey the object code using peer-to-peer transmission, provided
277 | you inform other peers where the object code and Corresponding
278 | Source of the work are being offered to the general public at no
279 | charge under subsection 6d.
280 |
281 | A separable portion of the object code, whose source code is excluded
282 | from the Corresponding Source as a System Library, need not be
283 | included in conveying the object code work.
284 |
285 | A "User Product" is either (1) a "consumer product", which means any
286 | tangible personal property which is normally used for personal, family,
287 | or household purposes, or (2) anything designed or sold for incorporation
288 | into a dwelling. In determining whether a product is a consumer product,
289 | doubtful cases shall be resolved in favor of coverage. For a particular
290 | product received by a particular user, "normally used" refers to a
291 | typical or common use of that class of product, regardless of the status
292 | of the particular user or of the way in which the particular user
293 | actually uses, or expects or is expected to use, the product. A product
294 | is a consumer product regardless of whether the product has substantial
295 | commercial, industrial or non-consumer uses, unless such uses represent
296 | the only significant mode of use of the product.
297 |
298 | "Installation Information" for a User Product means any methods,
299 | procedures, authorization keys, or other information required to install
300 | and execute modified versions of a covered work in that User Product from
301 | a modified version of its Corresponding Source. The information must
302 | suffice to ensure that the continued functioning of the modified object
303 | code is in no case prevented or interfered with solely because
304 | modification has been made.
305 |
306 | If you convey an object code work under this section in, or with, or
307 | specifically for use in, a User Product, and the conveying occurs as
308 | part of a transaction in which the right of possession and use of the
309 | User Product is transferred to the recipient in perpetuity or for a
310 | fixed term (regardless of how the transaction is characterized), the
311 | Corresponding Source conveyed under this section must be accompanied
312 | by the Installation Information. But this requirement does not apply
313 | if neither you nor any third party retains the ability to install
314 | modified object code on the User Product (for example, the work has
315 | been installed in ROM).
316 |
317 | The requirement to provide Installation Information does not include a
318 | requirement to continue to provide support service, warranty, or updates
319 | for a work that has been modified or installed by the recipient, or for
320 | the User Product in which it has been modified or installed. Access to a
321 | network may be denied when the modification itself materially and
322 | adversely affects the operation of the network or violates the rules and
323 | protocols for communication across the network.
324 |
325 | Corresponding Source conveyed, and Installation Information provided,
326 | in accord with this section must be in a format that is publicly
327 | documented (and with an implementation available to the public in
328 | source code form), and must require no special password or key for
329 | unpacking, reading or copying.
330 |
331 | 7. Additional Terms.
332 |
333 | "Additional permissions" are terms that supplement the terms of this
334 | License by making exceptions from one or more of its conditions.
335 | Additional permissions that are applicable to the entire Program shall
336 | be treated as though they were included in this License, to the extent
337 | that they are valid under applicable law. If additional permissions
338 | apply only to part of the Program, that part may be used separately
339 | under those permissions, but the entire Program remains governed by
340 | this License without regard to the additional permissions.
341 |
342 | When you convey a copy of a covered work, you may at your option
343 | remove any additional permissions from that copy, or from any part of
344 | it. (Additional permissions may be written to require their own
345 | removal in certain cases when you modify the work.) You may place
346 | additional permissions on material, added by you to a covered work,
347 | for which you have or can give appropriate copyright permission.
348 |
349 | Notwithstanding any other provision of this License, for material you
350 | add to a covered work, you may (if authorized by the copyright holders of
351 | that material) supplement the terms of this License with terms:
352 |
353 | a) Disclaiming warranty or limiting liability differently from the
354 | terms of sections 15 and 16 of this License; or
355 |
356 | b) Requiring preservation of specified reasonable legal notices or
357 | author attributions in that material or in the Appropriate Legal
358 | Notices displayed by works containing it; or
359 |
360 | c) Prohibiting misrepresentation of the origin of that material, or
361 | requiring that modified versions of such material be marked in
362 | reasonable ways as different from the original version; or
363 |
364 | d) Limiting the use for publicity purposes of names of licensors or
365 | authors of the material; or
366 |
367 | e) Declining to grant rights under trademark law for use of some
368 | trade names, trademarks, or service marks; or
369 |
370 | f) Requiring indemnification of licensors and authors of that
371 | material by anyone who conveys the material (or modified versions of
372 | it) with contractual assumptions of liability to the recipient, for
373 | any liability that these contractual assumptions directly impose on
374 | those licensors and authors.
375 |
376 | All other non-permissive additional terms are considered "further
377 | restrictions" within the meaning of section 10. If the Program as you
378 | received it, or any part of it, contains a notice stating that it is
379 | governed by this License along with a term that is a further
380 | restriction, you may remove that term. If a license document contains
381 | a further restriction but permits relicensing or conveying under this
382 | License, you may add to a covered work material governed by the terms
383 | of that license document, provided that the further restriction does
384 | not survive such relicensing or conveying.
385 |
386 | If you add terms to a covered work in accord with this section, you
387 | must place, in the relevant source files, a statement of the
388 | additional terms that apply to those files, or a notice indicating
389 | where to find the applicable terms.
390 |
391 | Additional terms, permissive or non-permissive, may be stated in the
392 | form of a separately written license, or stated as exceptions;
393 | the above requirements apply either way.
394 |
395 | 8. Termination.
396 |
397 | You may not propagate or modify a covered work except as expressly
398 | provided under this License. Any attempt otherwise to propagate or
399 | modify it is void, and will automatically terminate your rights under
400 | this License (including any patent licenses granted under the third
401 | paragraph of section 11).
402 |
403 | However, if you cease all violation of this License, then your
404 | license from a particular copyright holder is reinstated (a)
405 | provisionally, unless and until the copyright holder explicitly and
406 | finally terminates your license, and (b) permanently, if the copyright
407 | holder fails to notify you of the violation by some reasonable means
408 | prior to 60 days after the cessation.
409 |
410 | Moreover, your license from a particular copyright holder is
411 | reinstated permanently if the copyright holder notifies you of the
412 | violation by some reasonable means, this is the first time you have
413 | received notice of violation of this License (for any work) from that
414 | copyright holder, and you cure the violation prior to 30 days after
415 | your receipt of the notice.
416 |
417 | Termination of your rights under this section does not terminate the
418 | licenses of parties who have received copies or rights from you under
419 | this License. If your rights have been terminated and not permanently
420 | reinstated, you do not qualify to receive new licenses for the same
421 | material under section 10.
422 |
423 | 9. Acceptance Not Required for Having Copies.
424 |
425 | You are not required to accept this License in order to receive or
426 | run a copy of the Program. Ancillary propagation of a covered work
427 | occurring solely as a consequence of using peer-to-peer transmission
428 | to receive a copy likewise does not require acceptance. However,
429 | nothing other than this License grants you permission to propagate or
430 | modify any covered work. These actions infringe copyright if you do
431 | not accept this License. Therefore, by modifying or propagating a
432 | covered work, you indicate your acceptance of this License to do so.
433 |
434 | 10. Automatic Licensing of Downstream Recipients.
435 |
436 | Each time you convey a covered work, the recipient automatically
437 | receives a license from the original licensors, to run, modify and
438 | propagate that work, subject to this License. You are not responsible
439 | for enforcing compliance by third parties with this License.
440 |
441 | An "entity transaction" is a transaction transferring control of an
442 | organization, or substantially all assets of one, or subdividing an
443 | organization, or merging organizations. If propagation of a covered
444 | work results from an entity transaction, each party to that
445 | transaction who receives a copy of the work also receives whatever
446 | licenses to the work the party's predecessor in interest had or could
447 | give under the previous paragraph, plus a right to possession of the
448 | Corresponding Source of the work from the predecessor in interest, if
449 | the predecessor has it or can get it with reasonable efforts.
450 |
451 | You may not impose any further restrictions on the exercise of the
452 | rights granted or affirmed under this License. For example, you may
453 | not impose a license fee, royalty, or other charge for exercise of
454 | rights granted under this License, and you may not initiate litigation
455 | (including a cross-claim or counterclaim in a lawsuit) alleging that
456 | any patent claim is infringed by making, using, selling, offering for
457 | sale, or importing the Program or any portion of it.
458 |
459 | 11. Patents.
460 |
461 | A "contributor" is a copyright holder who authorizes use under this
462 | License of the Program or a work on which the Program is based. The
463 | work thus licensed is called the contributor's "contributor version".
464 |
465 | A contributor's "essential patent claims" are all patent claims
466 | owned or controlled by the contributor, whether already acquired or
467 | hereafter acquired, that would be infringed by some manner, permitted
468 | by this License, of making, using, or selling its contributor version,
469 | but do not include claims that would be infringed only as a
470 | consequence of further modification of the contributor version. For
471 | purposes of this definition, "control" includes the right to grant
472 | patent sublicenses in a manner consistent with the requirements of
473 | this License.
474 |
475 | Each contributor grants you a non-exclusive, worldwide, royalty-free
476 | patent license under the contributor's essential patent claims, to
477 | make, use, sell, offer for sale, import and otherwise run, modify and
478 | propagate the contents of its contributor version.
479 |
480 | In the following three paragraphs, a "patent license" is any express
481 | agreement or commitment, however denominated, not to enforce a patent
482 | (such as an express permission to practice a patent or covenant not to
483 | sue for patent infringement). To "grant" such a patent license to a
484 | party means to make such an agreement or commitment not to enforce a
485 | patent against the party.
486 |
487 | If you convey a covered work, knowingly relying on a patent license,
488 | and the Corresponding Source of the work is not available for anyone
489 | to copy, free of charge and under the terms of this License, through a
490 | publicly available network server or other readily accessible means,
491 | then you must either (1) cause the Corresponding Source to be so
492 | available, or (2) arrange to deprive yourself of the benefit of the
493 | patent license for this particular work, or (3) arrange, in a manner
494 | consistent with the requirements of this License, to extend the patent
495 | license to downstream recipients. "Knowingly relying" means you have
496 | actual knowledge that, but for the patent license, your conveying the
497 | covered work in a country, or your recipient's use of the covered work
498 | in a country, would infringe one or more identifiable patents in that
499 | country that you have reason to believe are valid.
500 |
501 | If, pursuant to or in connection with a single transaction or
502 | arrangement, you convey, or propagate by procuring conveyance of, a
503 | covered work, and grant a patent license to some of the parties
504 | receiving the covered work authorizing them to use, propagate, modify
505 | or convey a specific copy of the covered work, then the patent license
506 | you grant is automatically extended to all recipients of the covered
507 | work and works based on it.
508 |
509 | A patent license is "discriminatory" if it does not include within
510 | the scope of its coverage, prohibits the exercise of, or is
511 | conditioned on the non-exercise of one or more of the rights that are
512 | specifically granted under this License. You may not convey a covered
513 | work if you are a party to an arrangement with a third party that is
514 | in the business of distributing software, under which you make payment
515 | to the third party based on the extent of your activity of conveying
516 | the work, and under which the third party grants, to any of the
517 | parties who would receive the covered work from you, a discriminatory
518 | patent license (a) in connection with copies of the covered work
519 | conveyed by you (or copies made from those copies), or (b) primarily
520 | for and in connection with specific products or compilations that
521 | contain the covered work, unless you entered into that arrangement,
522 | or that patent license was granted, prior to 28 March 2007.
523 |
524 | Nothing in this License shall be construed as excluding or limiting
525 | any implied license or other defenses to infringement that may
526 | otherwise be available to you under applicable patent law.
527 |
528 | 12. No Surrender of Others' Freedom.
529 |
530 | If conditions are imposed on you (whether by court order, agreement or
531 | otherwise) that contradict the conditions of this License, they do not
532 | excuse you from the conditions of this License. If you cannot convey a
533 | covered work so as to satisfy simultaneously your obligations under this
534 | License and any other pertinent obligations, then as a consequence you may
535 | not convey it at all. For example, if you agree to terms that obligate you
536 | to collect a royalty for further conveying from those to whom you convey
537 | the Program, the only way you could satisfy both those terms and this
538 | License would be to refrain entirely from conveying the Program.
539 |
540 | 13. Remote Network Interaction; Use with the GNU General Public License.
541 |
542 | Notwithstanding any other provision of this License, if you modify the
543 | Program, your modified version must prominently offer all users
544 | interacting with it remotely through a computer network (if your version
545 | supports such interaction) an opportunity to receive the Corresponding
546 | Source of your version by providing access to the Corresponding Source
547 | from a network server at no charge, through some standard or customary
548 | means of facilitating copying of software. This Corresponding Source
549 | shall include the Corresponding Source for any work covered by version 3
550 | of the GNU General Public License that is incorporated pursuant to the
551 | following paragraph.
552 |
553 | Notwithstanding any other provision of this License, you have
554 | permission to link or combine any covered work with a work licensed
555 | under version 3 of the GNU General Public License into a single
556 | combined work, and to convey the resulting work. The terms of this
557 | License will continue to apply to the part which is the covered work,
558 | but the work with which it is combined will remain governed by version
559 | 3 of the GNU General Public License.
560 |
561 | 14. Revised Versions of this License.
562 |
563 | The Free Software Foundation may publish revised and/or new versions of
564 | the GNU Affero General Public License from time to time. Such new versions
565 | will be similar in spirit to the present version, but may differ in detail to
566 | address new problems or concerns.
567 |
568 | Each version is given a distinguishing version number. If the
569 | Program specifies that a certain numbered version of the GNU Affero General
570 | Public License "or any later version" applies to it, you have the
571 | option of following the terms and conditions either of that numbered
572 | version or of any later version published by the Free Software
573 | Foundation. If the Program does not specify a version number of the
574 | GNU Affero General Public License, you may choose any version ever published
575 | by the Free Software Foundation.
576 |
577 | If the Program specifies that a proxy can decide which future
578 | versions of the GNU Affero General Public License can be used, that proxy's
579 | public statement of acceptance of a version permanently authorizes you
580 | to choose that version for the Program.
581 |
582 | Later license versions may give you additional or different
583 | permissions. However, no additional obligations are imposed on any
584 | author or copyright holder as a result of your choosing to follow a
585 | later version.
586 |
587 | 15. Disclaimer of Warranty.
588 |
589 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
590 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
594 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
595 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
597 |
598 | 16. Limitation of Liability.
599 |
600 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
608 | SUCH DAMAGES.
609 |
610 | 17. Interpretation of Sections 15 and 16.
611 |
612 | If the disclaimer of warranty and limitation of liability provided
613 | above cannot be given local legal effect according to their terms,
614 | reviewing courts shall apply local law that most closely approximates
615 | an absolute waiver of all civil liability in connection with the
616 | Program, unless a warranty or assumption of liability accompanies a
617 | copy of the Program in return for a fee.
618 |
619 | END OF TERMS AND CONDITIONS
620 |
621 | How to Apply These Terms to Your New Programs
622 |
623 | If you develop a new program, and you want it to be of the greatest
624 | possible use to the public, the best way to achieve this is to make it
625 | free software which everyone can redistribute and change under these terms.
626 |
627 | To do so, attach the following notices to the program. It is safest
628 | to attach them to the start of each source file to most effectively
629 | state the exclusion of warranty; and each file should have at least
630 | the "copyright" line and a pointer to where the full notice is found.
631 |
632 |
633 | Copyright (C)
634 |
635 | This program is free software: you can redistribute it and/or modify
636 | it under the terms of the GNU Affero General Public License as published
637 | by the Free Software Foundation, either version 3 of the License, or
638 | (at your option) any later version.
639 |
640 | This program is distributed in the hope that it will be useful,
641 | but WITHOUT ANY WARRANTY; without even the implied warranty of
642 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
643 | GNU Affero General Public License for more details.
644 |
645 | You should have received a copy of the GNU Affero General Public License
646 | along with this program. If not, see .
647 |
648 | Also add information on how to contact you by electronic and paper mail.
649 |
650 | If your software can interact with users remotely through a computer
651 | network, you should also make sure that it provides a way for users to
652 | get its source. For example, if your program is a web application, its
653 | interface could display a "Source" link that leads users to an archive
654 | of the code. There are many ways you could offer source, and different
655 | solutions will be better for different programs; see section 13 for the
656 | specific requirements.
657 |
658 | You should also get your employer (if you work as a programmer) or school,
659 | if any, to sign a "copyright disclaimer" for the program, if necessary.
660 | For more information on this, and how to apply and follow the GNU AGPL, see
661 | .
662 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # js-jwz
2 |
3 | JS implementation of JSON Web Zero-knowledge standard.
4 |
5 | WARNING
6 |
7 | All code here is experimental and WIP
8 |
--------------------------------------------------------------------------------
/config/rollup.config.mjs:
--------------------------------------------------------------------------------
1 | import commonJS from '@rollup/plugin-commonjs';
2 | import { nodeResolve } from '@rollup/plugin-node-resolve';
3 | import typescript from '@rollup/plugin-typescript';
4 | import tsConfig from '../tsconfig.json' with { type: 'json' };
5 | import packageJson from '../package.json' with { type: 'json' };
6 | import terser from '@rollup/plugin-terser';
7 | const external = [
8 | ...Object.keys(packageJson.peerDependencies).filter((key) => key.startsWith('@iden3/')),
9 | 'snarkjs',
10 | 'ffjavascript'
11 | ];
12 | const config = {
13 | input: 'src/index.ts',
14 | external,
15 | output: [
16 | {
17 | format: 'es',
18 | file: 'dist/browser/esm/index.js',
19 | sourcemap: true
20 | }
21 | ],
22 | plugins: [
23 | typescript({
24 | compilerOptions: {
25 | ...tsConfig.compilerOptions
26 | }
27 | }),
28 | commonJS(),
29 | nodeResolve({
30 | browser: true
31 | }),
32 | terser()
33 | ],
34 | treeshake: {
35 | preset: 'smallest'
36 | }
37 | };
38 |
39 | export default [
40 | config,
41 | {
42 | ...config,
43 | plugins: [
44 | typescript({
45 | compilerOptions: {
46 | ...tsConfig.compilerOptions
47 | }
48 | }),
49 | nodeResolve({
50 | browser: true
51 | }),
52 | commonJS(),
53 | terser()
54 | ],
55 | external: [],
56 | output: [
57 | {
58 | format: 'iife',
59 | file: 'dist/browser/umd/index.js',
60 | name: 'JWZ',
61 | sourcemap: true
62 | }
63 | ]
64 | }
65 | ];
66 |
--------------------------------------------------------------------------------
/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | Document
7 |
18 |
19 |
20 |
21 |
55 |
56 |
57 |
--------------------------------------------------------------------------------
/jest.config.js:
--------------------------------------------------------------------------------
1 | module.exports = {
2 | preset: 'ts-jest',
3 | testEnvironment: 'node',
4 | testTimeout: 20000,
5 | };
6 |
--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "@iden3/js-jwz",
3 | "version": "1.9.0",
4 | "description": "JS implementation of JWZ",
5 | "main": "./dist/node/cjs/index.js",
6 | "module": "./dist/node/esm/index.js",
7 | "exports": {
8 | ".": {
9 | "node": {
10 | "import": "./dist/node/esm/index.js",
11 | "require": "./dist/node/cjs/index.js"
12 | },
13 | "browser": "./dist/browser/esm/index.js",
14 | "umd": "./dist/browser/umd/index.js",
15 | "types": "./dist/types/index.d.ts"
16 | }
17 | },
18 | "types": "dist/types/index.d.ts",
19 | "source": "./src/index.ts",
20 | "files": [
21 | "dist"
22 | ],
23 | "scripts": {
24 | "clean": "rimraf ./dist",
25 | "build": "npm run clean && npm run build:node && npm run build:browser",
26 | "build:node": "npm run build:tsc && npm run build:esm",
27 | "build:esm": "tsc --outDir dist/node/esm --declaration --declarationDir dist/types",
28 | "build:browser": "rollup -c config/rollup.config.mjs",
29 | "build:tsc": "tsc --module commonjs --outDir dist/node/cjs",
30 | "test": "NODE_OPTIONS=--experimental-vm-modules npx jest",
31 | "test:watch": "jest --watch",
32 | "lint": "eslint --fix --ext .js,.ts src/** test/*.ts",
33 | "lint:check": "eslint --ext .js,.ts src/** test/*.ts",
34 | "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
35 | "format:check": "prettier \"src/**/*.ts\" \"test/**/*.ts\" --check"
36 | },
37 | "repository": {
38 | "type": "git",
39 | "url": "git+https://github.com/iden3/js-jwz.git"
40 | },
41 | "author": "iden3",
42 | "license": "AGPL-3.0",
43 | "bugs": {
44 | "url": "https://github.com/iden3/js-jwz/issues"
45 | },
46 | "homepage": "https://github.com/iden3/js-jwz#readme",
47 | "browserslist": {
48 | "production": [
49 | "chrome >= 67",
50 | "edge >= 79",
51 | "firefox >= 68",
52 | "opera >= 54",
53 | "safari >= 14"
54 | ],
55 | "development": [
56 | "last 1 chrome version",
57 | "last 1 firefox version",
58 | "last 1 safari version"
59 | ]
60 | },
61 | "peerDependencies": {
62 | "@iden3/js-crypto": "1.2.0",
63 | "@iden3/js-iden3-core": "1.6.0",
64 | "@iden3/js-merkletree": "1.4.0",
65 | "ffjavascript": "0.3.0",
66 | "rfc4648": "1.5.3",
67 | "snarkjs": "0.7.4"
68 | },
69 | "devDependencies": {
70 | "@cspell/eslint-plugin": "^8.14.2",
71 | "@iden3/eslint-config": "https://github.com/iden3/eslint-config",
72 | "@rollup/plugin-commonjs": "^25.0.4",
73 | "@rollup/plugin-node-resolve": "^15.2.1",
74 | "@rollup/plugin-replace": "^5.0.3",
75 | "@rollup/plugin-terser": "^0.4.4",
76 | "@rollup/plugin-typescript": "^11.1.4",
77 | "@types/jest": "29.5.5",
78 | "@types/node": "^16.18.54",
79 | "@typescript-eslint/eslint-plugin": "^5.0.0",
80 | "@typescript-eslint/parser": "^5.0.0",
81 | "eslint": "^8.13.0",
82 | "eslint-config-prettier": "^8.3.0",
83 | "eslint-plugin-prettier": "^4.0.0",
84 | "jest": "^29.7.0",
85 | "prettier": "^2.3.2",
86 | "rollup": "^3.29.4",
87 | "ts-jest": "^29.1.1",
88 | "ts-node": "^10.9.1",
89 | "typescript": "^4.3.5"
90 | }
91 | }
92 |
--------------------------------------------------------------------------------
/src/authGroth16.ts:
--------------------------------------------------------------------------------
1 | import { ProvingMethod, ProvingMethodAlg, ZKProof } from './proving';
2 | import { Id } from '@iden3/js-iden3-core';
3 | import { AuthCircuit, Groth16, prove, verify } from './common';
4 |
5 | // AuthPubSignals auth.circom public signals
6 | interface AuthPubSignals {
7 | challenge: bigint;
8 | userState: bigint;
9 | userId: Id;
10 | }
11 |
12 | // ProvingMethodGroth16Auth defines proofs family and specific circuit
13 | class ProvingMethodGroth16Auth implements ProvingMethod {
14 | constructor(public readonly methodAlg: ProvingMethodAlg) {}
15 |
16 | get alg(): string {
17 | return this.methodAlg.alg;
18 | }
19 |
20 | get circuitId(): string {
21 | return this.methodAlg.circuitId;
22 | }
23 |
24 | unmarshall(pubsignals: string[]): AuthPubSignals {
25 | const outputs: AuthPubSignals = {} as AuthPubSignals;
26 | if (pubsignals.length != 3) {
27 | throw new Error(`invalid number of Output values expected ${3} got ${pubsignals.length}`);
28 | }
29 | outputs.challenge = BigInt(pubsignals[0]);
30 | outputs.userState = BigInt(pubsignals[1]);
31 | outputs.userId = Id.fromBigInt(BigInt(pubsignals[2]));
32 |
33 | return outputs;
34 | }
35 |
36 | async verify(
37 | messageHash: Uint8Array,
38 | proof: ZKProof,
39 | verificationKey: Uint8Array
40 | ): Promise {
41 | return verify(messageHash, proof, verificationKey, this.unmarshall);
42 | }
43 |
44 | prove(inputs: Uint8Array, provingKey: Uint8Array, wasm: Uint8Array): Promise {
45 | return prove(inputs, provingKey, wasm);
46 | }
47 | }
48 |
49 | export const provingMethodGroth16AuthInstance: ProvingMethod = new ProvingMethodGroth16Auth(
50 | new ProvingMethodAlg(Groth16, AuthCircuit)
51 | );
52 |
--------------------------------------------------------------------------------
/src/authV2Groth16.ts:
--------------------------------------------------------------------------------
1 | import { Id } from '@iden3/js-iden3-core';
2 | import { ProvingMethod, ProvingMethodAlg, ZKProof } from './proving';
3 | import { AuthV2Circuit, Groth16, prove, verify } from './common';
4 | import { Hash } from '@iden3/js-merkletree';
5 | import { getCurveFromName } from 'ffjavascript';
6 |
7 | // AuthV2PubSignals auth.circom public signals
8 | export interface AuthV2PubSignals {
9 | userID: Id;
10 | challenge: bigint;
11 | GISTRoot: Hash;
12 | }
13 |
14 | export const AuthV2Groth16Alg = new ProvingMethodAlg(Groth16, AuthV2Circuit);
15 |
16 | // ProvingMethodGroth16AuthV2 instance for Groth16 proving method with an authV2 circuit
17 | export class ProvingMethodGroth16AuthV2 implements ProvingMethod {
18 | private static readonly curveName = 'bn128';
19 |
20 | constructor(public readonly methodAlg: ProvingMethodAlg) {}
21 |
22 | get alg(): string {
23 | return this.methodAlg.alg;
24 | }
25 |
26 | get circuitId(): string {
27 | return this.methodAlg.circuitId;
28 | }
29 |
30 | async verify(
31 | messageHash: Uint8Array,
32 | proof: ZKProof,
33 | verificationKey: Uint8Array
34 | ): Promise {
35 | const verificationResult = await verify(
36 | messageHash,
37 | proof,
38 | verificationKey,
39 | this.unmarshall
40 | );
41 | await this.terminateCurve();
42 |
43 | return verificationResult;
44 | }
45 |
46 | async prove(inputs: Uint8Array, provingKey: Uint8Array, wasm: Uint8Array): Promise {
47 | const zkProof = await prove(inputs, provingKey, wasm);
48 | await this.terminateCurve();
49 | return zkProof;
50 | }
51 |
52 | private async terminateCurve(): Promise {
53 | const curve = await getCurveFromName(ProvingMethodGroth16AuthV2.curveName);
54 | curve.terminate();
55 | }
56 |
57 | unmarshall(pubSignals: string[]): AuthV2PubSignals {
58 | const len = 3;
59 |
60 | if (pubSignals.length !== len) {
61 | throw new Error(`invalid number of Output values expected ${len} got ${pubSignals.length}`);
62 | }
63 |
64 | return {
65 | userID: Id.fromBigInt(BigInt(pubSignals[0])),
66 | challenge: BigInt(pubSignals[1]),
67 | GISTRoot: Hash.fromString(pubSignals[2])
68 | };
69 | }
70 | }
71 |
72 | export const provingMethodGroth16AuthV2Instance: ProvingMethod = new ProvingMethodGroth16AuthV2(
73 | new ProvingMethodAlg(Groth16, AuthV2Circuit)
74 | );
75 |
--------------------------------------------------------------------------------
/src/common.ts:
--------------------------------------------------------------------------------
1 | import { ZKProof } from './proving';
2 | import { witnessBuilder } from './witness_calculator';
3 | import { groth16 } from 'snarkjs';
4 | import { fromBigEndian } from '@iden3/js-iden3-core';
5 |
6 | export const Groth16 = 'groth16';
7 | export const AuthCircuit = 'auth';
8 | export const AuthV2Circuit = 'authV2';
9 | const textDecoder = new TextDecoder();
10 |
11 | export async function prove(
12 | inputs: Uint8Array,
13 | provingKey: Uint8Array,
14 | wasm: Uint8Array
15 | ): Promise {
16 | const witnessCalculator = await witnessBuilder(wasm);
17 |
18 | const jsonString = new TextDecoder().decode(inputs);
19 |
20 | const parsedData = JSON.parse(jsonString);
21 | const wtnsBytes: Uint8Array = await witnessCalculator.calculateWTNSBin(parsedData, 0);
22 |
23 | const { proof, publicSignals } = await groth16.prove(provingKey, wtnsBytes);
24 |
25 | return {
26 | proof: proof,
27 | pub_signals: publicSignals
28 | };
29 | }
30 |
31 | export async function verify(
32 | messageHash: Uint8Array,
33 | proof: ZKProof,
34 | verificationKey: Uint8Array,
35 | unmarshall: (pubSignals: string[]) => T
36 | ): Promise {
37 | const outputs: T = unmarshall(proof.pub_signals);
38 | if (outputs.challenge !== fromBigEndian(messageHash)) {
39 | throw new Error('challenge is not equal to message hash');
40 | }
41 | const result = await groth16.verify(
42 | JSON.parse(textDecoder.decode(verificationKey)),
43 | proof.pub_signals,
44 | proof.proof
45 | );
46 | return result;
47 | }
48 |
--------------------------------------------------------------------------------
/src/hash.ts:
--------------------------------------------------------------------------------
1 | import { fromBigEndian } from '@iden3/js-iden3-core';
2 | import { poseidon, sha256 } from '@iden3/js-crypto';
3 | // Q is the order of the integer field (Zq) that fits inside the SNARK.
4 | export const qString =
5 | '21888242871839275222246405745257275088548364400416034343698204186575808495617';
6 |
7 | export function hash(message: Uint8Array): bigint {
8 | // 1. sha256 hash
9 | const hashBytes = sha256(message);
10 |
11 | // 2. swap hash before hashing
12 | const bi = fromBigEndian(hashBytes.reverse());
13 |
14 | let m = BigInt(0);
15 | if (checkBigIntInField(bi)) {
16 | m = bi;
17 | } else {
18 | m = bi % BigInt(qString);
19 | }
20 |
21 | return poseidon.hash([m]);
22 | }
23 |
24 | // checkBigIntInField checks if given *big.Int fits in a Field Q element
25 | export function checkBigIntInField(a: bigint): boolean {
26 | return a < BigInt(qString);
27 | }
28 |
--------------------------------------------------------------------------------
/src/index.ts:
--------------------------------------------------------------------------------
1 | import { hash } from './hash';
2 | import { Token, Header } from './jwz';
3 | import { provingMethodGroth16AuthInstance } from './authGroth16';
4 | import {
5 | getProvingMethod,
6 | ProofInputsPreparerHandlerFunc,
7 | ProvingMethod,
8 | ProvingMethodAlg,
9 | registerProvingMethod,
10 | ZKProof,
11 | ProofData
12 | } from './proving';
13 | import { provingMethodGroth16AuthV2Instance } from './authV2Groth16';
14 |
15 | registerProvingMethod(
16 | provingMethodGroth16AuthInstance.methodAlg,
17 | () => provingMethodGroth16AuthInstance
18 | );
19 |
20 | registerProvingMethod(
21 | provingMethodGroth16AuthV2Instance.methodAlg,
22 | () => provingMethodGroth16AuthV2Instance
23 | );
24 |
25 | const proving = {
26 | registerProvingMethod,
27 | getProvingMethod,
28 | provingMethodGroth16AuthInstance,
29 | provingMethodGroth16AuthV2Instance
30 | };
31 |
32 | export {
33 | proving,
34 | ProofInputsPreparerHandlerFunc,
35 | ProvingMethod,
36 | ProvingMethodAlg,
37 | Token,
38 | hash,
39 | ZKProof,
40 | ProofData,
41 | Header
42 | };
43 |
--------------------------------------------------------------------------------
/src/jwz.ts:
--------------------------------------------------------------------------------
1 | import { hash } from './hash';
2 | import {
3 | ZKProof,
4 | ProvingMethod,
5 | ProvingMethodAlg,
6 | ProofInputsPreparerHandlerFunc,
7 | getProvingMethod,
8 | prepare
9 | } from './proving';
10 |
11 | import { base64url as base64 } from 'rfc4648';
12 | import { toBigEndian } from '@iden3/js-iden3-core';
13 |
14 | export enum Header {
15 | Type = 'typ',
16 | Alg = 'alg',
17 | CircuitId = 'circuitId',
18 | Critical = 'crit'
19 | }
20 |
21 | export interface IRawJSONWebZeroknowledge {
22 | payload: Uint8Array;
23 | protectedHeaders: Uint8Array;
24 | header: { [key: string]: unknown };
25 | zkp: Uint8Array;
26 |
27 | sanitized(): Promise;
28 | }
29 |
30 | export class RawJSONWebZeroknowledge implements IRawJSONWebZeroknowledge {
31 | constructor(
32 | public payload: Uint8Array,
33 | public protectedHeaders: Uint8Array,
34 | public header: { [key: string]: unknown },
35 | public zkp: Uint8Array
36 | ) {}
37 |
38 | async sanitized(): Promise {
39 | if (!this.payload) {
40 | throw new Error('iden3/js-jwz: missing payload in JWZ message');
41 | }
42 |
43 | const headers: { [key: string]: unknown } = JSON.parse(
44 | new TextDecoder().decode(this.protectedHeaders)
45 | );
46 | const criticalHeaders = headers[Header.Critical] as string[];
47 | criticalHeaders.forEach((key: string) => {
48 | if (!headers[key]) {
49 | throw new Error(`iden3/js-jwz: header is listed in critical ${key}, but not presented`);
50 | }
51 | });
52 |
53 | const alg = headers[Header.Alg] as string;
54 | const circuitId = headers[Header.CircuitId] as string;
55 |
56 | const method = await getProvingMethod(new ProvingMethodAlg(alg, circuitId));
57 | const zkp = JSON.parse(new TextDecoder().decode(this.zkp));
58 | const token = new Token(method, new TextDecoder().decode(this.payload));
59 | token.alg = alg;
60 | token.circuitId = circuitId;
61 | token.zkProof = zkp;
62 | for (const [key, value] of Object.entries(headers)) {
63 | token.setHeader(key, value);
64 | }
65 |
66 | return token;
67 | }
68 | }
69 |
70 | // Token represents a JWZ Token.
71 | export class Token {
72 | public alg: string;
73 | public circuitId: string;
74 | private raw: IRawJSONWebZeroknowledge;
75 | public zkProof: ZKProof = {} as ZKProof;
76 |
77 | constructor(
78 | public readonly method: ProvingMethod,
79 | payload: string,
80 | private readonly inputsPreparer?: ProofInputsPreparerHandlerFunc
81 | ) {
82 | this.alg = this.method.alg;
83 | this.circuitId = this.method.circuitId;
84 | this.raw = {} as IRawJSONWebZeroknowledge;
85 | this.raw.header = this.getDefaultHeaders();
86 |
87 | this.raw.payload = new TextEncoder().encode(payload);
88 | }
89 |
90 | public setHeader(key: string, value: unknown): void {
91 | this.raw.header[key] = value;
92 | }
93 |
94 | public getPayload(): string {
95 | return new TextDecoder().decode(this.raw.payload);
96 | }
97 |
98 | private getDefaultHeaders(): { [key: string]: string | string[] } {
99 | return {
100 | [Header.Alg]: this.alg,
101 | [Header.Critical]: [Header.CircuitId],
102 | [Header.CircuitId]: this.circuitId,
103 | [Header.Type]: 'JWZ'
104 | };
105 | }
106 |
107 | // Parse parses a jwz message in compact or full serialization format.
108 | static parse(tokenStr: string): Promise {
109 | // Parse parses a jwz message in compact or full serialization format.
110 | const token = tokenStr?.trim();
111 | return token.startsWith('{') ? Token.parseFull(tokenStr) : Token.parseCompact(tokenStr);
112 | }
113 |
114 | // parseCompact parses a message in compact format.
115 | private static async parseCompact(tokenStr: string): Promise {
116 | const parts = tokenStr.split('.');
117 | if (parts.length != 3) {
118 | throw new Error('iden3/js-jwz: compact JWZ format must have three segments');
119 | }
120 | const rawProtected = base64.parse(parts[0], { loose: true });
121 |
122 | const rawPayload = base64.parse(parts[1], { loose: true });
123 |
124 | const proof = base64.parse(parts[2], { loose: true });
125 |
126 | const raw: IRawJSONWebZeroknowledge = new RawJSONWebZeroknowledge(
127 | rawPayload,
128 | rawProtected,
129 | {},
130 | proof
131 | );
132 |
133 | return await raw.sanitized();
134 | }
135 |
136 | // parseFull parses a message in full format.
137 | private static async parseFull(tokenStr: string): Promise {
138 | const raw: IRawJSONWebZeroknowledge = JSON.parse(tokenStr);
139 | return await raw.sanitized();
140 | }
141 |
142 | // Prove creates and returns a complete, proved JWZ.
143 | // The token is proven using the Proving Method specified in the token.
144 | async prove(provingKey: Uint8Array, wasm: Uint8Array): Promise {
145 | // all headers must be protected
146 | const headers = this.serializeHeaders();
147 |
148 | this.raw.protectedHeaders = new TextEncoder().encode(headers);
149 |
150 | const msgHash: Uint8Array = await this.getMessageHash();
151 |
152 | if (!this.inputsPreparer) {
153 | throw new Error('iden3/jwz: prepare func must be defined');
154 | }
155 | const inputs: Uint8Array = await prepare(this.inputsPreparer, msgHash, this.circuitId);
156 |
157 | const proof: ZKProof = await this.method.prove(inputs, provingKey, wasm);
158 |
159 | const marshaledProof = JSON.stringify(proof);
160 |
161 | this.zkProof = proof;
162 | this.raw.zkp = new TextEncoder().encode(marshaledProof);
163 |
164 | return this.compactSerialize();
165 | }
166 |
167 | // CompactSerialize returns token serialized in three parts: base64 encoded headers, payload and proof.
168 | compactSerialize(): string {
169 | if (!this.raw.header || !this.raw.protectedHeaders || !this.zkProof) {
170 | throw new Error("iden3/jwz:can't serialize without one of components");
171 | }
172 |
173 | const serializedProtected = base64.stringify(this.raw.protectedHeaders, {
174 | pad: false
175 | });
176 | const serializedProof = base64.stringify(this.raw.zkp, { pad: false });
177 | const serializedPayload = base64.stringify(this.raw.payload, {
178 | pad: false
179 | });
180 | return `${serializedProtected}.${serializedPayload}.${serializedProof}`;
181 | }
182 |
183 | // fullSerialize returns marshaled presentation of raw token as json string.
184 | fullSerialize(): string {
185 | return JSON.stringify(this.raw);
186 | }
187 |
188 | async getMessageHash(): Promise {
189 | const serializedHeadersJSON = this.serializeHeaders();
190 |
191 | const serializedHeaders = new TextEncoder().encode(serializedHeadersJSON);
192 | const protectedHeaders = base64.stringify(serializedHeaders, {
193 | pad: false
194 | });
195 |
196 | const payload = base64.stringify(this.raw.payload, { pad: false });
197 |
198 | // JWZ ZkProof input value is ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload)).
199 | const messageToProof = new TextEncoder().encode(`${protectedHeaders}.${payload}`);
200 |
201 | const hashInt: bigint = await hash(messageToProof);
202 |
203 | return toBigEndian(hashInt, 32);
204 | }
205 |
206 | // Verify perform zero knowledge verification.
207 | async verify(verificationKey: Uint8Array): Promise {
208 | // 1. prepare hash o payload message that had to be proven
209 | const msgHash = await this.getMessageHash();
210 |
211 | // 2. verify that zkp is valid
212 |
213 | return this.method.verify(msgHash, this.zkProof, verificationKey);
214 | }
215 |
216 | serializeHeaders() {
217 | return JSON.stringify(this.raw.header, Object.keys(this.raw.header).sort());
218 | }
219 | }
220 |
--------------------------------------------------------------------------------
/src/proving.ts:
--------------------------------------------------------------------------------
1 | export interface ZKProof {
2 | proof: ProofData;
3 | pub_signals: string[];
4 | }
5 | export interface ProofData {
6 | pi_a: string[];
7 | pi_b: string[][];
8 | pi_c: string[];
9 | protocol: string;
10 | }
11 |
12 | export class ProvingMethodAlg {
13 | constructor(public readonly alg: string, public readonly circuitId: string) {}
14 |
15 | toString(): string {
16 | return `${this.alg}:${this.circuitId}`;
17 | }
18 | }
19 |
20 | const provingMethods = new Map ProvingMethod>(); // map[string]func() ProvingMethod{}
21 |
22 | // ProvingMethod can be used add new methods for signing or verifying tokens.
23 | export interface ProvingMethod {
24 | // Returns true if proof is valid
25 | verify(messageHash: Uint8Array, proof: ZKProof, verificationKey: Uint8Array): Promise;
26 | // Returns proof or error
27 | prove(inputs: Uint8Array, provingKey: Uint8Array, wasm: Uint8Array): Promise;
28 |
29 | readonly methodAlg: ProvingMethodAlg;
30 |
31 | readonly alg: string;
32 | // Returns the alg identifier for this method (example: 'AUTH-GROTH-16')
33 | readonly circuitId: string;
34 | }
35 |
36 | // RegisterProvingMethod registers the "alg" name and a factory function for proving method.
37 | // This is typically done during init() in the method's implementation
38 | export function registerProvingMethod(
39 | alg: ProvingMethodAlg,
40 | f: () => ProvingMethod
41 | ): Promise {
42 | return new Promise((res) => {
43 | provingMethods.set(alg.toString(), f);
44 | res();
45 | });
46 | }
47 |
48 | // GetProvingMethod retrieves a proving method from an "alg" string
49 | export function getProvingMethod(alg: ProvingMethodAlg): Promise {
50 | return new Promise((res, rej) => {
51 | const func = provingMethods.get(alg.toString());
52 | if (func) {
53 | const method: ProvingMethod = func();
54 | res(method);
55 | } else {
56 | rej('unknown alg');
57 | }
58 | });
59 | }
60 |
61 | export function getAlgorithms(): Promise {
62 | return Promise.resolve(Array.from(provingMethods.keys()).map((k) => k.split(':')[0]));
63 | }
64 |
65 | // ProofInputsPreparerHandlerFunc prepares inputs using hash message and circuit id
66 | export type ProofInputsPreparerHandlerFunc = (
67 | hash: Uint8Array,
68 | circuitId: string
69 | ) => Promise;
70 |
71 | // Prepare function is responsible to call provided handler for inputs preparation
72 | export function prepare(
73 | f: ProofInputsPreparerHandlerFunc,
74 | hash: Uint8Array,
75 | circuitId: string
76 | ): Promise {
77 | return f(hash, circuitId);
78 | }
79 |
--------------------------------------------------------------------------------
/src/witness_calculator.ts:
--------------------------------------------------------------------------------
1 | /* eslint-disable require-await */
2 | /* eslint-disable @typescript-eslint/no-explicit-any */
3 | export async function witnessBuilder(code, options?) {
4 | options = options || {};
5 |
6 | let wasmModule;
7 | try {
8 | wasmModule = await WebAssembly.compile(code);
9 | } catch (err) {
10 | // eslint-disable-next-line no-console
11 | console.log(err);
12 | // eslint-disable-next-line no-console
13 | console.log('\nTry to run circom --c in order to generate c++ code instead\n');
14 | throw new Error(err);
15 | }
16 |
17 | let errStr = '';
18 | let msgStr = '';
19 |
20 | const instance = await WebAssembly.instantiate(wasmModule, {
21 | runtime: {
22 | exceptionHandler: function (code) {
23 | let err;
24 | if (code == 1) {
25 | err = 'Signal not found.\n';
26 | } else if (code == 2) {
27 | err = 'Too many signals set.\n';
28 | } else if (code == 3) {
29 | err = 'Signal already set.\n';
30 | } else if (code == 4) {
31 | err = 'Assert Failed.\n';
32 | } else if (code == 5) {
33 | err = 'Not enough memory.\n';
34 | } else if (code == 6) {
35 | err = 'Input signal array access exceeds the size.\n';
36 | } else {
37 | err = 'Unknown error.\n';
38 | }
39 | throw new Error(err + errStr);
40 | },
41 | printErrorMessage: function () {
42 | errStr += getMessage() + '\n';
43 | // console.error(getMessage());
44 | },
45 | writeBufferMessage: function () {
46 | const msg = getMessage();
47 | // Any calls to `log()` will always end with a `\n`, so that's when we print and reset
48 | if (msg === '\n') {
49 | // eslint-disable-next-line no-console
50 | console.log(msgStr);
51 | msgStr = '';
52 | } else {
53 | // If we've buffered other content, put a space in between the items
54 | if (msgStr !== '') {
55 | msgStr += ' ';
56 | }
57 | // Then append the message to the message we are creating
58 | msgStr += msg;
59 | }
60 | },
61 | showSharedRWMemory: function () {
62 | printSharedRWMemory();
63 | }
64 | }
65 | });
66 |
67 | const sanityCheck = options;
68 | // options &&
69 | // (
70 | // options.sanityCheck ||
71 | // options.logGetSignal ||
72 | // options.logSetSignal ||
73 | // options.logStartComponent ||
74 | // options.logFinishComponent
75 | // );
76 |
77 | const wc = new WitnessCalculator(instance, sanityCheck);
78 | return wc;
79 |
80 | function getMessage() {
81 | let message = '';
82 | let c = (instance as any).exports.getMessageChar();
83 | while (c != 0) {
84 | message += String.fromCharCode(c);
85 | c = (instance as any).exports.getMessageChar();
86 | }
87 | return message;
88 | }
89 |
90 | function printSharedRWMemory() {
91 | const shared_rw_memory_size = (instance as any).exports.getFieldNumLen32();
92 | const arr = new Uint32Array(shared_rw_memory_size);
93 | for (let j = 0; j < shared_rw_memory_size; j++) {
94 | arr[shared_rw_memory_size - 1 - j] = (instance as any).exports.readSharedRWMemory(j);
95 | }
96 |
97 | // If we've buffered other content, put a space in between the items
98 | if (msgStr !== '') {
99 | msgStr += ' ';
100 | }
101 | // Then append the value to the message we are creating
102 | msgStr += fromArray32(arr).toString();
103 | }
104 | }
105 |
106 | class WitnessCalculator {
107 | version: any;
108 | n32: any;
109 | prime: any;
110 | witnessSize: any;
111 | sanityCheck: any;
112 | constructor(private instance, sanityCheck) {
113 | this.instance = instance;
114 | this.version = (this.instance.exports as any).getVersion();
115 | this.n32 = (this.instance.exports as any).getFieldNumLen32();
116 |
117 | (this.instance.exports as any).getRawPrime();
118 | const arr = new Uint32Array(this.n32);
119 | for (let i = 0; i < this.n32; i++) {
120 | arr[this.n32 - 1 - i] = (this.instance.exports as any).readSharedRWMemory(i);
121 | }
122 | this.prime = fromArray32(arr);
123 |
124 | this.witnessSize = (this.instance.exports as any).getWitnessSize();
125 |
126 | this.sanityCheck = sanityCheck;
127 | }
128 |
129 | circom_version() {
130 | return (this.instance.exports as any).getVersion();
131 | }
132 |
133 | async _doCalculateWitness(input, sanityCheck) {
134 | //input is assumed to be a map from signals to arrays of bigints
135 | (this.instance.exports as any).init(this.sanityCheck || sanityCheck ? 1 : 0);
136 | const keys = Object.keys(input);
137 | let input_counter = 0;
138 | keys.forEach((k) => {
139 | const h = fnvHash(k);
140 | const hMSB = parseInt(h.slice(0, 8), 16);
141 | const hLSB = parseInt(h.slice(8, 16), 16);
142 | const fArr = flatArray(input[k]);
143 | const signalSize = (this.instance.exports as any).getInputSignalSize(hMSB, hLSB);
144 | if (signalSize < 0) {
145 | throw new Error(`Signal ${k} not found\n`);
146 | }
147 | if (fArr.length < signalSize) {
148 | throw new Error(`Not enough values for input signal ${k}\n`);
149 | }
150 | if (fArr.length > signalSize) {
151 | throw new Error(`Too many values for input signal ${k}\n`);
152 | }
153 | for (let i = 0; i < fArr.length; i++) {
154 | const arrFr = toArray32(BigInt(fArr[i]) % this.prime, this.n32);
155 | for (let j = 0; j < this.n32; j++) {
156 | (this.instance.exports as any).writeSharedRWMemory(j, arrFr[this.n32 - 1 - j]);
157 | }
158 | try {
159 | (this.instance.exports as any).setInputSignal(hMSB, hLSB, i);
160 | input_counter++;
161 | } catch (err) {
162 | // console.log(`After adding signal ${i} of ${k}`)
163 | throw new Error(err);
164 | }
165 | }
166 | });
167 | if (input_counter < (this.instance.exports as any).getInputSize()) {
168 | throw new Error(
169 | `Not all inputs have been set. Only ${input_counter} out of ${(
170 | this.instance.exports as any
171 | ).getInputSize()}`
172 | );
173 | }
174 | }
175 |
176 | async calculateWitness(input, sanityCheck) {
177 | const w: bigint[] = [];
178 |
179 | await this._doCalculateWitness(input, sanityCheck);
180 |
181 | for (let i = 0; i < this.witnessSize; i++) {
182 | (this.instance.exports as any).getWitness(i);
183 | const arr = new Uint32Array(this.n32);
184 | for (let j = 0; j < this.n32; j++) {
185 | arr[this.n32 - 1 - j] = (this.instance.exports as any).readSharedRWMemory(j);
186 | }
187 | w.push(fromArray32(arr));
188 | }
189 |
190 | return w;
191 | }
192 |
193 | async calculateBinWitness(input, sanityCheck) {
194 | const buff32 = new Uint32Array(this.witnessSize * this.n32);
195 | const buff = new Uint8Array(buff32.buffer);
196 | await this._doCalculateWitness(input, sanityCheck);
197 |
198 | for (let i = 0; i < this.witnessSize; i++) {
199 | (this.instance.exports as any).getWitness(i);
200 | const pos = i * this.n32;
201 | for (let j = 0; j < this.n32; j++) {
202 | buff32[pos + j] = (this.instance.exports as any).readSharedRWMemory(j);
203 | }
204 | }
205 |
206 | return buff;
207 | }
208 |
209 | async calculateWTNSBin(input, sanityCheck) {
210 | const buff32 = new Uint32Array(this.witnessSize * this.n32 + this.n32 + 11);
211 | const buff = new Uint8Array(buff32.buffer);
212 | await this._doCalculateWitness(input, sanityCheck);
213 |
214 | //"wtns"
215 | buff[0] = 'w'.charCodeAt(0);
216 | buff[1] = 't'.charCodeAt(0);
217 | buff[2] = 'n'.charCodeAt(0);
218 | buff[3] = 's'.charCodeAt(0);
219 |
220 | //version 2
221 | buff32[1] = 2;
222 |
223 | //number of sections: 2
224 | buff32[2] = 2;
225 |
226 | //id section 1
227 | buff32[3] = 1;
228 |
229 | const n8 = this.n32 * 4;
230 | //id section 1 length in 64bytes
231 | const idSection1length = 8 + n8;
232 | const idSection1lengthHex = idSection1length.toString(16);
233 | buff32[4] = parseInt(idSection1lengthHex.slice(0, 8), 16);
234 | buff32[5] = parseInt(idSection1lengthHex.slice(8, 16), 16);
235 |
236 | //this.n32
237 | buff32[6] = n8;
238 |
239 | //prime number
240 | this.instance.exports.getRawPrime();
241 |
242 | let pos = 7;
243 | for (let j = 0; j < this.n32; j++) {
244 | buff32[pos + j] = this.instance.exports.readSharedRWMemory(j);
245 | }
246 | pos += this.n32;
247 |
248 | // witness size
249 | buff32[pos] = this.witnessSize;
250 | pos++;
251 |
252 | //id section 2
253 | buff32[pos] = 2;
254 | pos++;
255 |
256 | // section 2 length
257 | const idSection2length = n8 * this.witnessSize;
258 | const idSection2lengthHex = idSection2length.toString(16);
259 | buff32[pos] = parseInt(idSection2lengthHex.slice(0, 8), 16);
260 | buff32[pos + 1] = parseInt(idSection2lengthHex.slice(8, 16), 16);
261 |
262 | pos += 2;
263 | for (let i = 0; i < this.witnessSize; i++) {
264 | this.instance.exports.getWitness(i);
265 | for (let j = 0; j < this.n32; j++) {
266 | buff32[pos + j] = this.instance.exports.readSharedRWMemory(j);
267 | }
268 | pos += this.n32;
269 | }
270 |
271 | return buff;
272 | }
273 | }
274 |
275 | function toArray32(rem, size) {
276 | const res: number[] = []; //new Uint32Array(size); //has no unshift
277 | const radix = BigInt(0x100000000);
278 | while (rem) {
279 | res.unshift(Number(rem % radix));
280 | rem = rem / radix;
281 | }
282 | if (size) {
283 | let i = size - res.length;
284 | while (i > 0) {
285 | res.unshift(0);
286 | i--;
287 | }
288 | }
289 | return res;
290 | }
291 |
292 | function fromArray32(arr) {
293 | //returns a BigInt
294 | let res = BigInt(0);
295 | const radix = BigInt(0x100000000);
296 | for (let i = 0; i < arr.length; i++) {
297 | res = res * radix + BigInt(arr[i]);
298 | }
299 | return res;
300 | }
301 |
302 | function flatArray(a) {
303 | const res = [];
304 | fillArray(res, a);
305 | return res;
306 |
307 | function fillArray(res, a) {
308 | if (Array.isArray(a)) {
309 | for (let i = 0; i < a.length; i++) {
310 | fillArray(res, a[i]);
311 | }
312 | } else {
313 | res.push(a);
314 | }
315 | }
316 | }
317 |
318 | function fnvHash(str) {
319 | const uint64_max = BigInt(2) ** BigInt(64);
320 | let hash = BigInt('0xCBF29CE484222325');
321 | for (let i = 0; i < str.length; i++) {
322 | hash ^= BigInt(str[i].charCodeAt());
323 | hash *= BigInt(0x100000001b3);
324 | hash %= uint64_max;
325 | }
326 | let hashHex = hash.toString(16);
327 | const n = 16 - hashHex.length;
328 | hashHex = '0'.repeat(n).concat(hashHex);
329 | return hashHex;
330 | }
331 |
--------------------------------------------------------------------------------
/test/data/authV2/circuit.wasm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iden3/js-jwz/5432ff8b146d9670692ebea61794486e6ab9dada/test/data/authV2/circuit.wasm
--------------------------------------------------------------------------------
/test/data/authV2/circuit_final.zkey:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iden3/js-jwz/5432ff8b146d9670692ebea61794486e6ab9dada/test/data/authV2/circuit_final.zkey
--------------------------------------------------------------------------------
/test/data/authV2/verification_key.json:
--------------------------------------------------------------------------------
1 | {
2 | "protocol": "groth16",
3 | "curve": "bn128",
4 | "nPublic": 3,
5 | "vk_alpha_1": [
6 | "20491192805390485299153009773594534940189261866228447918068658471970481763042",
7 | "9383485363053290200918347156157836566562967994039712273449902621266178545958",
8 | "1"
9 | ],
10 | "vk_beta_2": [
11 | [
12 | "6375614351688725206403948262868962793625744043794305715222011528459656738731",
13 | "4252822878758300859123897981450591353533073413197771768651442665752259397132"
14 | ],
15 | [
16 | "10505242626370262277552901082094356697409835680220590971873171140371331206856",
17 | "21847035105528745403288232691147584728191162732299865338377159692350059136679"
18 | ],
19 | [
20 | "1",
21 | "0"
22 | ]
23 | ],
24 | "vk_gamma_2": [
25 | [
26 | "10857046999023057135944570762232829481370756359578518086990519993285655852781",
27 | "11559732032986387107991004021392285783925812861821192530917403151452391805634"
28 | ],
29 | [
30 | "8495653923123431417604973247489272438418190587263600148770280649306958101930",
31 | "4082367875863433681332203403145435568316851327593401208105741076214120093531"
32 | ],
33 | [
34 | "1",
35 | "0"
36 | ]
37 | ],
38 | "vk_delta_2": [
39 | [
40 | "19348002108780819114173729472654301218163032859568088336706241116778238895741",
41 | "19284032604233234928571460353820834374191278927251246481984913951512055557810"
42 | ],
43 | [
44 | "21776098145629385087398291089774771433562740024026573659898810715252640558233",
45 | "14218983818455325147294052529592333289252165180419872461494472283802951866537"
46 | ],
47 | [
48 | "1",
49 | "0"
50 | ]
51 | ],
52 | "vk_alphabeta_12": [
53 | [
54 | [
55 | "2029413683389138792403550203267699914886160938906632433982220835551125967885",
56 | "21072700047562757817161031222997517981543347628379360635925549008442030252106"
57 | ],
58 | [
59 | "5940354580057074848093997050200682056184807770593307860589430076672439820312",
60 | "12156638873931618554171829126792193045421052652279363021382169897324752428276"
61 | ],
62 | [
63 | "7898200236362823042373859371574133993780991612861777490112507062703164551277",
64 | "7074218545237549455313236346927434013100842096812539264420499035217050630853"
65 | ]
66 | ],
67 | [
68 | [
69 | "7077479683546002997211712695946002074877511277312570035766170199895071832130",
70 | "10093483419865920389913245021038182291233451549023025229112148274109565435465"
71 | ],
72 | [
73 | "4595479056700221319381530156280926371456704509942304414423590385166031118820",
74 | "19831328484489333784475432780421641293929726139240675179672856274388269393268"
75 | ],
76 | [
77 | "11934129596455521040620786944827826205713621633706285934057045369193958244500",
78 | "8037395052364110730298837004334506829870972346962140206007064471173334027475"
79 | ]
80 | ]
81 | ],
82 | "IC": [
83 | [
84 | "12385314984359904314257455036963499193805822249900169493212773820637861017270",
85 | "13455871848617958073752171682190449799364399689372987044617812281838570851280",
86 | "1"
87 | ],
88 | [
89 | "1493564767784757620464057507283285365409721187164502463730502309417194080296",
90 | "6377944811748764752279954590131952700069491229367911408873461121555475171995",
91 | "1"
92 | ],
93 | [
94 | "17810471156883173964067651564103955395454521925125801510057769541384109536787",
95 | "5548963437503981062668882632052452068705295424483999545932010198708798592260",
96 | "1"
97 | ],
98 | [
99 | "13853274336731202523728826661915506795333516652854674163618978302237601632434",
100 | "15420320918214290109713867361085955935385737854012308761626909938871786338011",
101 | "1"
102 | ]
103 | ]
104 | }
--------------------------------------------------------------------------------
/test/hash.test.ts:
--------------------------------------------------------------------------------
1 | import { poseidon } from '@iden3/js-crypto';
2 | import { hash } from '../src/hash';
3 |
4 | test('hash', () => {
5 | const utf8Encode = new TextEncoder();
6 | const arr = utf8Encode.encode('message');
7 |
8 | const res = hash(arr);
9 |
10 | expect(res.toString()).toBe(
11 | '12195879903067908640854440056941289904003404799313352286287749481941648225513'
12 | );
13 | });
14 | test('hash long message', () => {
15 | const utf8Encode = new TextEncoder();
16 | const arr = utf8Encode.encode(
17 | '{"userAuthClaim":["304427537360709784173770334266246861770","0","17640206035128972995519606214765283372613874593503528180869261482403155458945","20634138280259599560273310290025659992320584624461316485434108770067472477956","15930428023331155902","0","0","0"],"userAuthClaimMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"userAuthClaimNonRevMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"userAuthClaimNonRevMtpAuxHi":"0","userAuthClaimNonRevMtpAuxHv":"0","userAuthClaimNonRevMtpNoAux":"1","challenge":"6568187306293073175114267504711682812904598368490904573742495126063294481938","challengeSignatureR8x":"15230565441506590379169832995887068998322005265009046474267743823535028195613","challengeSignatureR8y":"10769958837943955028152112183244447895061604149794975067459918696631541903296","challengeSignatureS":"421650140447062113811542806382702329042840096310563827636625110300562791229","userClaimsTreeRoot":"9763429684850732628215303952870004997159843236039795272605841029866455670219","userID":"379949150130214723420589610911161895495647789006649785264738141299135414272","userRevTreeRoot":"0","userRootsTreeRoot":"0","userState":"18656147546666944484453899241916469544090258810192803949522794490493271005313"}'
18 | );
19 |
20 | const res = hash(arr);
21 |
22 | expect(res.toString()).toBe(
23 | '3741385570005605084300493775652159969493539073276486448913383306368831791102'
24 | );
25 | });
26 |
27 | test('poseidon', () => {
28 | const utf8Encode = new TextEncoder();
29 | const arr = utf8Encode.encode('message');
30 | const hex = Buffer.from(arr).toString('hex');
31 | const bigIntToHash = BigInt('0x' + hex);
32 |
33 | const bi = poseidon.hash([bigIntToHash]);
34 | expect(
35 | bi.toString() == '16076885786305451396952367807583087877643965039481491647404584414044042908412'
36 | );
37 | });
38 |
--------------------------------------------------------------------------------
/test/jwz.test.ts:
--------------------------------------------------------------------------------
1 | import { Groth16, AuthV2Circuit } from './../src/common';
2 |
3 | import { ProofInputsPreparerHandlerFunc, proving } from '../src/index';
4 | import { Token } from './../src/jwz';
5 | import { base64url as base64 } from 'rfc4648';
6 |
7 | import * as fs from 'fs';
8 |
9 | describe('authV2Groth16', () => {
10 | let mock: ProofInputsPreparerHandlerFunc;
11 |
12 | beforeAll(() => {
13 | mock = (): Promise => {
14 | return Promise.resolve(
15 | new TextEncoder().encode(
16 | `{"genesisID":"23148936466334350744548790012294489365207440754509988986684797708370051073","profileNonce":"0","authClaim":["80551937543569765027552589160822318028","0","4720763745722683616702324599137259461509439547324750011830105416383780791263","4844030361230692908091131578688419341633213823133966379083981236400104720538","16547485850637761685","0","0","0"],"authClaimIncMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"authClaimNonRevMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"authClaimNonRevMtpAuxHi":"0","authClaimNonRevMtpAuxHv":"0","authClaimNonRevMtpNoAux":"1","challenge":"6110517768249559238193477435454792024732173865488900270849624328650765691494","challengeSignatureR8x":"10923900855019966925146890192107445603460581432515833977084358496785417078889","challengeSignatureR8y":"16158862443157007045624936621448425746188316255879806600364391221203989186031","challengeSignatureS":"51416591880507739389339515804072924841765472826035808894700970942045022090","claimsTreeRoot":"8162166103065016664685834856644195001371303013149727027131225893397958846382","revTreeRoot":"0","rootsTreeRoot":"0","state":"8039964009611210398788855768060749920589777058607598891238307089541758339342","gistRoot":"1243904711429961858774220647610724273798918457991486031567244100767259239747","gistMtp":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"gistMtpAuxHi":"1","gistMtpAuxHv":"1","gistMtpNoAux":"0"}`
17 | )
18 | );
19 | };
20 | });
21 |
22 | test('jwz new with payload', async () => {
23 | const payload = 'mymessage';
24 | const token = new Token(proving.provingMethodGroth16AuthV2Instance, payload, mock);
25 |
26 | expect(token.alg).toEqual(Groth16);
27 | expect(token.circuitId).toEqual(AuthV2Circuit);
28 | });
29 |
30 | test('prove method', async () => {
31 | const payload = 'mymessage';
32 |
33 | const token = new Token(proving.provingMethodGroth16AuthV2Instance, payload, mock);
34 |
35 | expect(token.alg).toEqual(Groth16);
36 | const provingKey = fs.readFileSync('./test/data/authV2/circuit_final.zkey');
37 | const wasm = fs.readFileSync('./test/data/authV2/circuit.wasm');
38 | const verificationKey = fs.readFileSync('./test/data/authV2/verification_key.json');
39 | const tokenStr = await token.prove(provingKey, wasm);
40 |
41 | const isValid = await token.verify(verificationKey);
42 |
43 | expect(isValid).toBeTruthy();
44 | const parsedToken = await Token.parse(tokenStr);
45 | expect(await parsedToken.verify(verificationKey)).toBeTruthy();
46 | });
47 |
48 | test('parse and verify', async () => {
49 | const verificationKey = fs.readFileSync('./test/data/authV2/verification_key.json');
50 |
51 | const token = await Token.parse(
52 | `eyJhbGciOiJncm90aDE2IiwiY2lyY3VpdElkIjoiYXV0aFYyIiwiY3JpdCI6WyJjaXJjdWl0SWQiXSwidHlwIjoiSldaIn0.bXltZXNzYWdl.eyJwcm9vZiI6eyJwaV9hIjpbIjU4OTA4MTc2NDc0NDY4MzQ2MDU3NjU3NzA0NTExMDIyMDg4NjMyMDkxNDgwMTE5NDgzNjA0MDQ3NDU0ODA2NzE1NDM2MjU5MTkwNDIiLCI2OTY1MzI0OTI3MDYzMDQxOTU2NTIwODg5ODU1MDcxNjU1OTg5Mzg4NzQyODM1ODgzOTI1NjU4MDI1NDE0MjM4OTQ2OTkxNjE1ODMwIiwiMSJdLCJwaV9iIjpbWyIxNjgwMjkyNTc5OTM3NjI4MDExOTc1MTk2MTk1MDEzNjQ5NjkyMjMyOTU1NDI5Mjc0Nzc5OTE1NDI2MDQwMzMwNTM0Njc1NDU1Mzk5NCIsIjIwNzkzNDcyNDAwMzczNDkzMjIyNzAyNDY4NDcxMjQzNzcwMzk3NzY1MzY0OTc3NDA0NDQwNTQ2Mzc0MTkxNjU2OTM0NDE3Mjg1MDQxIl0sWyI2MTI1MjcxNjYyOTI4NDUzMjQ5NDgyMjc5MjQ2ODA2NTIxNTE2MzU5NDQwMTcxMDM1MzgxMzU4OTI3MjI4Njc2NTQxNTc0NTg5MDkxIiwiNTY4MDc3OTcxNTc0MjMyMjI0ODQyOTM0NDc1ODA5NDk0MzMyMzE1OTIzOTQzNjkyNzI3MjM3NDEwOTkxMzYzOTAyMjM2NDMyMjYwNiJdLFsiMSIsIjAiXV0sInBpX2MiOlsiOTQ4MTkzNTE5MTMwNTA0OTM5MTA3MjkxMDkxNzE2ODQzNzA0OTI4MjQyMzc3NDQ5MDM4NzMwNDU3NzM3MTI4Mjc0Mjc1NTc3ODYwOCIsIjEyMDMxNDE1NjE1ODExNTEzNzc2OTcwMDYwOTgzMDk2NTMxNzcwMTcwNDAxMjkzODEwMTQwMDY2ODM1NzkyMjk4NTcwNDQxMzcyMTg3IiwiMSJdLCJwcm90b2NvbCI6Imdyb3RoMTYiLCJjdXJ2ZSI6ImJuMTI4In0sInB1Yl9zaWduYWxzIjpbIjIzMTQ4OTM2NDY2MzM0MzUwNzQ0NTQ4NzkwMDEyMjk0NDg5MzY1MjA3NDQwNzU0NTA5OTg4OTg2Njg0Nzk3NzA4MzcwMDUxMDczIiwiNjExMDUxNzc2ODI0OTU1OTIzODE5MzQ3NzQzNTQ1NDc5MjAyNDczMjE3Mzg2NTQ4ODkwMDI3MDg0OTYyNDMyODY1MDc2NTY5MTQ5NCIsIjEyNDM5MDQ3MTE0Mjk5NjE4NTg3NzQyMjA2NDc2MTA3MjQyNzM3OTg5MTg0NTc5OTE0ODYwMzE1NjcyNDQxMDA3NjcyNTkyMzk3NDciXX0`
53 | );
54 | const isValid = await token.verify(verificationKey);
55 | expect(isValid).toBeTruthy();
56 |
57 | const proofByte = base64.parse(
58 | 'eyJwcm9vZiI6eyJwaV9hIjpbIjU4OTA4MTc2NDc0NDY4MzQ2MDU3NjU3NzA0NTExMDIyMDg4NjMyMDkxNDgwMTE5NDgzNjA0MDQ3NDU0ODA2NzE1NDM2MjU5MTkwNDIiLCI2OTY1MzI0OTI3MDYzMDQxOTU2NTIwODg5ODU1MDcxNjU1OTg5Mzg4NzQyODM1ODgzOTI1NjU4MDI1NDE0MjM4OTQ2OTkxNjE1ODMwIiwiMSJdLCJwaV9iIjpbWyIxNjgwMjkyNTc5OTM3NjI4MDExOTc1MTk2MTk1MDEzNjQ5NjkyMjMyOTU1NDI5Mjc0Nzc5OTE1NDI2MDQwMzMwNTM0Njc1NDU1Mzk5NCIsIjIwNzkzNDcyNDAwMzczNDkzMjIyNzAyNDY4NDcxMjQzNzcwMzk3NzY1MzY0OTc3NDA0NDQwNTQ2Mzc0MTkxNjU2OTM0NDE3Mjg1MDQxIl0sWyI2MTI1MjcxNjYyOTI4NDUzMjQ5NDgyMjc5MjQ2ODA2NTIxNTE2MzU5NDQwMTcxMDM1MzgxMzU4OTI3MjI4Njc2NTQxNTc0NTg5MDkxIiwiNTY4MDc3OTcxNTc0MjMyMjI0ODQyOTM0NDc1ODA5NDk0MzMyMzE1OTIzOTQzNjkyNzI3MjM3NDEwOTkxMzYzOTAyMjM2NDMyMjYwNiJdLFsiMSIsIjAiXV0sInBpX2MiOlsiOTQ4MTkzNTE5MTMwNTA0OTM5MTA3MjkxMDkxNzE2ODQzNzA0OTI4MjQyMzc3NDQ5MDM4NzMwNDU3NzM3MTI4Mjc0Mjc1NTc3ODYwOCIsIjEyMDMxNDE1NjE1ODExNTEzNzc2OTcwMDYwOTgzMDk2NTMxNzcwMTcwNDAxMjkzODEwMTQwMDY2ODM1NzkyMjk4NTcwNDQxMzcyMTg3IiwiMSJdLCJwcm90b2NvbCI6Imdyb3RoMTYiLCJjdXJ2ZSI6ImJuMTI4In0sInB1Yl9zaWduYWxzIjpbIjIzMTQ4OTM2NDY2MzM0MzUwNzQ0NTQ4NzkwMDEyMjk0NDg5MzY1MjA3NDQwNzU0NTA5OTg4OTg2Njg0Nzk3NzA4MzcwMDUxMDczIiwiNjExMDUxNzc2ODI0OTU1OTIzODE5MzQ3NzQzNTQ1NDc5MjAyNDczMjE3Mzg2NTQ4ODkwMDI3MDg0OTYyNDMyODY1MDc2NTY5MTQ5NCIsIjEyNDM5MDQ3MTE0Mjk5NjE4NTg3NzQyMjA2NDc2MTA3MjQyNzM3OTg5MTg0NTc5OTE0ODYwMzE1NjcyNDQxMDA3NjcyNTkyMzk3NDciXX0',
59 | { loose: true }
60 | );
61 | const zkProof = JSON.parse(new TextDecoder().decode(proofByte));
62 |
63 | expect(zkProof.pub_signals).toEqual(token.zkProof.pub_signals);
64 | expect(zkProof.proof).toEqual(token.zkProof.proof);
65 | expect(AuthV2Circuit).toEqual(token.circuitId);
66 | expect(Groth16).toEqual(token.alg);
67 | });
68 | });
69 |
--------------------------------------------------------------------------------
/tsconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "compilerOptions": {
3 | "moduleResolution": "node",
4 | "module": "ES2020",
5 | "target": "es2020",
6 | "lib": ["es2020", "dom"],
7 | "allowJs": true,
8 | "esModuleInterop": true,
9 | "noImplicitAny": false,
10 | "strict": true,
11 | "skipLibCheck": true,
12 | "allowSyntheticDefaultImports": true,
13 | "useUnknownInCatchVariables": false,
14 | "resolveJsonModule": true,
15 | "rootDir": "src",
16 | "typeRoots": ["node_modules/@types"]
17 | },
18 | "include": ["src"]
19 | }
20 |
--------------------------------------------------------------------------------