Anonymous Endorsemnt Mechanism

In addition to normal attestation we also aim to support anonymous attestation in the same manner, in this case, peer to peer message attestation with customized identity roles. Anonymous in this case refers to instead of revealing attester we hide them instead while valid identity roles are still shown.

ZKP Overview:

To achieve this, we utilize a cryptographic primitive called zero knowledge proof, this allows us to hide some information while guaranteeing an enforced correct statement for such information. In this case, identity roles.

Chosen ZKP Protocols:

We choose UltraPlonk (zkSNARK) to be our ZK scheme and will be implemented using Noir (https://noir-lang.org/) due to ease of development, community support, and tooling.

Implementation Details And Workflow:

ZK Proof Generation:

Identity role proof is generated by verifying Curia signature. The signature and address verification is obtained off-chain from passport-frontend. Address verification process is done through either ECDSA signature verification (native signature), or EDDSA signature verification (derived signature from registered keypair, intended for AA account), The AA account signature can be later replaced with ERC-6492 signature.

  • User request to do anonymous attestation to target address on some message

  • User input password for the revocation of the attestation

  • User send signature verifying their ownership of address to Curia through frontend or directly to api (signature can be ECDSA or registered EDDSA)

  • Curia gives back a signature that guarantees ownership of the address with the identity role. This signature is signed on the address, identity role, and timestamp of the generation .

  • Calculate revoker using hash of timestamp and the password

  • User generate ZK Proof that proof that

    • User know a valid Curia signature that sign on that specific address

    • Attestation message is attached in public input

    • Random nonce is attached in public input

    • Revoker hash (hash of revoker) is correctly calculated and is attached in public input

Pros:

  • Support real time role update

  • Infinite identity group (We can support arbitrary identity groups ex. Top 10 Delegate, etc.)

  • Very fast and not heavy computation dependent.

Cons:

  • Rely on Curia infrastructure.

Then the proof is submitted to the relayer which the relayer then will call the “Curia Anonymous Attestation” contract. This contract will then verify the zk proof and call attestation function at EAS on behalf of the user.

Result of attestation would be “Curia Anonymous Attestation” contract attest to target address.

Anonymous attestation can be revoked by calling “Curia Anonymous Attestation” contract and providing uid of the attestation and preimage of “Revoker hash” submitted in the attestation. If the contract can correctly verify Revoker hash preimage, then the contract will call revoke at EAS on behalf of the user.

Last updated