From c318e7753950bb6b1b7c6566c8dfd541d4991b58 Mon Sep 17 00:00:00 2001 From: Michael Elliot Date: Sat, 8 Jun 2024 14:21:05 +0100 Subject: [PATCH 1/5] add DIP-38 --- DIPs/DIP-38.md | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 DIPs/DIP-38.md diff --git a/DIPs/DIP-38.md b/DIPs/DIP-38.md new file mode 100644 index 00000000..7ad5275e --- /dev/null +++ b/DIPs/DIP-38.md @@ -0,0 +1,70 @@ +--- +DIP: 38 +Title: Integration of zkPassport for Thai Citizen Discount Verification +Status: Draft +Themes: Ticketing, Purchases & ID +Instances: [Devcon7] +Tags: Software +Authors: Michael Elliot (@michaelelliot), Théo Madzou (@madztheo) +Created: 2024-06-08 +--- + +## Summary of Proposal +This proposal introduces an zkPassport integration for Devcon in Bangkok, allowing Thai citizens to prove their nationality using zero-knowledge proofs, ensuring privacy and security while accessing ticket discounts. + +## Abstract +The integration enables Thai citizens to use zkPassport to generate a zero-knowledge proof of their nationality without revealing additional personal information, facilitating a secure and private way to obtain discounted tickets. + +## Motivation & Rationale +To provide a privacy-preserving method for Thai citizens to claim Devcon ticket discounts, avoiding the need for sharing sensitive identity documents. This method ensures only Thai citizens can access the discount, using zero-knowledge proofs to protect personal information. + +## Implementation +**High Level User Flow**: +1. Users scan their ePassport via NFC into the zkPassport app. +2. On the Devcon ticket ordering site, users click a button to generate a unique QR code containing the credentials to prove (their nationality) and a callback URL. +3. Users scan this QR code, which opens the zkPassport app and prompts the user to prove the requested credentials (their nationality). +4. The user accepts, and a proof is generated locally on their phone, and submitted to the callback URL. +5. Backend verifies the proof, checks the `discount_codes` table, and returns a discount code if valid. + +**Circuit Public Inputs**: +- Nationality (expected to be THA) +- Merkle Root (of valid DSC public keys Merkle tree) +- Nullifier Scope (expected to be a hash of devcon.org) + +**Circuit Private Inputs**: +- DG1 (Data Group 1, containing the nationality) +- Data Group Hashes (from the SOD) +- Signed Attributes i.e. Hash of Data Group Hashes (from the SOD) +- RSA Signature of Signed Attributes (from the SOD) +- RSA Public Key +- Merkle Index +- Merkle Hash Path + +**Circuit Outputs**: +- Proof of Person Identifier (nullifier) + +**Circuit Steps**: +- Nationality public input is checked for inclusion in DG1 private input. +- The SHA2 hash of DG1 is calculated and checked for inclusion in Data Group Hashes private input. +- The SHA2 hash of the Data Group Hashes is calculated and compared against the Signed Attributes private input. +- The RSA Signature of Signed Attributes private input is verified using the RSA Public Key private input. +- The poseidon hash of the Signature Algorithm + RSA Public Key is calculated and checked for inclusion in the Merkle tree of valid DSC public keys, using the Merkle Root public input, and the Merkle Index and Merkle Hash Path private inputs. +- A unique Proof of Person Identifier (nullifier) is generated from the RSA Signature of Signed Attributes private input + the Nullifier Scope public input, and becomes a circuit output. + +**Detailed User Flow**: +- User loads their ePassport into the zkPassport app by tapping it against their phone and reading the chip contents via NFC. +- On the Devcon ticket ordering website, they click a button that generates a unique QR code containing the credentials to prove (their nationality) and a callback URL. +- They scan this QR code, which opens the zkPassport app and prompts the user to prove the requested credentials (their nationality). +- They accept, and the proof is generated locally on their phone, and then submitted to the callback URL. +- On the backend, there is a Postgres db with a pre-filled `discount_codes` table containing valid discount codes for Pretix. +- On the backend, the proof is verified. +- If the proof verification fails, a `400 Invalid proof` error is returned. +- If successfully verified, a `discount_codes` table is checked to ensure the `Proof of Person Identifier` hasn't already been used to claim a discount code. +- If `Proof of Person Identifier` has already been used, a `400 Code already claimed` error is returned. +- The next available row in the `discount_codes` table (with a `date_claimed` column value of `NULL`) is then updated by setting the `date_claimed` and `claimed_by_identifier` columns to the current date and the `Proof of Person Identifier` proof output, effectively claiming that discount code for the user. +- The `code` column (pre-filled with valid codes) value for that row is returned in a JSON message as a `200 Success` response. + +## Operational Requirements & Ownership +- **Development and Maintenance**: zkPassport and Devcon technical teams. +- **Backend Infrastructure**: Provided by zkPassport team and managed by Devcon team, including the database and verification services. +- **User Support**: Provided by Devcon support team for any issues related to the discount claim process. From 61c4f18cc790c6682cd0061b683aaca68d9e9f9b Mon Sep 17 00:00:00 2001 From: Michael Elliot Date: Fri, 14 Jun 2024 22:35:37 +0100 Subject: [PATCH 2/5] apply ligi's changes Co-authored-by: ligi --- DIPs/DIP-38.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/DIPs/DIP-38.md b/DIPs/DIP-38.md index 7ad5275e..8de42d7c 100644 --- a/DIPs/DIP-38.md +++ b/DIPs/DIP-38.md @@ -1,6 +1,6 @@ --- -DIP: 38 -Title: Integration of zkPassport for Thai Citizen Discount Verification +DIP: 39 +Title: Integration of zkPassport for SEA builder discounts Status: Draft Themes: Ticketing, Purchases & ID Instances: [Devcon7] @@ -10,13 +10,13 @@ Created: 2024-06-08 --- ## Summary of Proposal -This proposal introduces an zkPassport integration for Devcon in Bangkok, allowing Thai citizens to prove their nationality using zero-knowledge proofs, ensuring privacy and security while accessing ticket discounts. +This proposal introduces an zkPassport integration for Devcon in Bangkok, allowing SEA citizens to prove their nationality using zero-knowledge proofs, ensuring privacy and security while accessing ticket discounts. ## Abstract -The integration enables Thai citizens to use zkPassport to generate a zero-knowledge proof of their nationality without revealing additional personal information, facilitating a secure and private way to obtain discounted tickets. +The integration enables citizens of SEA to use zkPassport to generate a zero-knowledge proof of their nationality without revealing additional personal information, facilitating a secure and private way to obtain discounted tickets. ## Motivation & Rationale -To provide a privacy-preserving method for Thai citizens to claim Devcon ticket discounts, avoiding the need for sharing sensitive identity documents. This method ensures only Thai citizens can access the discount, using zero-knowledge proofs to protect personal information. +To provide a privacy-preserving method for citizens of SEA to claim Devcon ticket discounts, avoiding the need for sharing sensitive identity documents. This method ensures only citizens of SEA can access the discount, using zero-knowledge proofs to protect personal information. ## Implementation **High Level User Flow**: @@ -27,7 +27,7 @@ To provide a privacy-preserving method for Thai citizens to claim Devcon ticket 5. Backend verifies the proof, checks the `discount_codes` table, and returns a discount code if valid. **Circuit Public Inputs**: -- Nationality (expected to be THA) +- Nationality (expected to be in the set of SEA countries) - Merkle Root (of valid DSC public keys Merkle tree) - Nullifier Scope (expected to be a hash of devcon.org) From 2534c9e98e73d9ab4db42d29d0a770743b1ab888 Mon Sep 17 00:00:00 2001 From: Michael Elliot Date: Fri, 14 Jun 2024 22:37:27 +0100 Subject: [PATCH 3/5] rename DIP-38.md to DIP-39.md --- DIPs/{DIP-38.md => DIP-39.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename DIPs/{DIP-38.md => DIP-39.md} (100%) diff --git a/DIPs/DIP-38.md b/DIPs/DIP-39.md similarity index 100% rename from DIPs/DIP-38.md rename to DIPs/DIP-39.md From c36f384be41b447f32baa1a3490581b3b6dacb9d Mon Sep 17 00:00:00 2001 From: Michael Elliot Date: Fri, 14 Jun 2024 23:13:29 +0100 Subject: [PATCH 4/5] improve proposal summary --- DIPs/DIP-39.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DIPs/DIP-39.md b/DIPs/DIP-39.md index 8de42d7c..d2a3f682 100644 --- a/DIPs/DIP-39.md +++ b/DIPs/DIP-39.md @@ -10,7 +10,7 @@ Created: 2024-06-08 --- ## Summary of Proposal -This proposal introduces an zkPassport integration for Devcon in Bangkok, allowing SEA citizens to prove their nationality using zero-knowledge proofs, ensuring privacy and security while accessing ticket discounts. +This proposal introduces a zkPassport integration for Devcon in Bangkok, enabling SEA citizens to prove their nationality using zero-knowledge proofs and access ticket discounts in a privacy-preserving way. This improves the user experience and eliminates the need to share sensitive identity documents. ## Abstract The integration enables citizens of SEA to use zkPassport to generate a zero-knowledge proof of their nationality without revealing additional personal information, facilitating a secure and private way to obtain discounted tickets. From 9b23f3a75411d72ed7fceb8ae7f9774f43844a6d Mon Sep 17 00:00:00 2001 From: Michael Elliot Date: Tue, 18 Jun 2024 13:17:07 +0800 Subject: [PATCH 5/5] add forum discussion url --- DIPs/DIP-39.md | 1 + 1 file changed, 1 insertion(+) diff --git a/DIPs/DIP-39.md b/DIPs/DIP-39.md index d2a3f682..dccb3e93 100644 --- a/DIPs/DIP-39.md +++ b/DIPs/DIP-39.md @@ -6,6 +6,7 @@ Themes: Ticketing, Purchases & ID Instances: [Devcon7] Tags: Software Authors: Michael Elliot (@michaelelliot), Théo Madzou (@madztheo) +Discussion: https://forum.devcon.org/t/dip-39-integration-of-zkpassport-for-sea-builder-discounts/3621 Created: 2024-06-08 ---