ZKP Implementation details

The Circom Circuit powering the application

pragma circom 2.0.0;
include "../../node_modules/circomlib/circuits/poseidon.circom";

template CommitmentHasher(){
    signal input nullifier;
    signal input secret;
    signal input nonce;
    signal output commitment;
    signal output paymentIntent;

    component commitmentHasher  = Poseidon(2);

    component nullifierHasher = Poseidon(2);

    commitmentHasher.inputs[0] <== nullifier;
    commitmentHasher.inputs[1] <== secret;

    commitment <==commitmentHasher.out;

    nullifierHasher.inputs[0] <== nullifier;
    nullifierHasher.inputs[1] <== nonce;

    paymentIntent <== nullifierHasher.out;
}

template DirectDebit(){
    signal input paymentIntent;
    signal input commitmentHash;

    signal input payee;

    // The max amount that can be debited with the proof
    signal input maxDebitAmount;
    
    // The amount of times this proof can be used ti withdraw max amount
    signal input debitTimes;

    // The time that needs to pass before the proof can be used to debit an account again
    signal input debitInterval;

   // Private inputs!
    signal input secret;
    // A nonce for the nullifier so the note is reusable!
    signal input nonce;
    // The nullifier is used to calculate the secret with the commitment
    // And also the payment intent with the nonce!
    signal input nullifier;
    
    //Hidden signals to verify inputs
    signal payeeSquare;
    signal maxDebitAmountSquare;
    signal debitTimesSquare;
    signal debitIntervalSquare;

    // Hashing the commitment and the nullifier
    component commitmentHasher = CommitmentHasher();
    commitmentHasher.nullifier <== nullifier;
    commitmentHasher.secret <== secret;
    commitmentHasher.nonce <== nonce;

    commitmentHasher.paymentIntent === paymentIntent;
    commitmentHasher.commitment === commitmentHash;

    payeeSquare <== payee * payee;
    maxDebitAmountSquare <== maxDebitAmount * maxDebitAmount;
    debitTimesSquare <== debitTimes * debitTimes;
    debitIntervalSquare <==debitInterval * debitInterval;
}

component main {public [paymentIntent,commitmentHash, payee, maxDebitAmount, debitTimes,debitInterval]} = DirectDebit();

The direct debit implementation is powered by this zkp circuit.

Let me explain what is going on, 🤔

Commitment Hasher

The hasher takes a nullifier, a secret and a nonce which are BigIntegers and outputs Poseidon Hashes Commitment and PaymentIntent

Nullifier is a random generated number created when the Debit Account is created
Secret is a random generated number created when the Debit Account is created
Nonce is a random generated number created when a payment intent is created to allow reusing the Nullifier!
The Commitment hash is the identifier of the Account. It is the poseidon hash of the nullifier and the secret
The PaymentIntent hash is the identifier of the PaymentIntent that is used to nullify it and it's created by hashing the nullifier with the nonce!

Direct Debit Template

The template contains public, private and hidden signals. The public signals need to be available when the proof is verified in the smart contract, the private signals are kept secret and the hidden signals are used to verify parameters of the subscription so they can't be altered! Private Inputs, These are provided only when the ZKP is created

Secret, nonce, nullifier

Public Inputs:

paymentIntent - Used to verify the creator knows the nullifier and the nonce without revealing it
commitment - Used to verify the creator knows the secret and the nullifier that created the commitment hash
payee, maxDebitAmount,debitTimes, debitInterval - These are arguments to the smart contract function and they are used to verify they were not tampared with, this is done using hidden signals!

PreviousPayment Intents NextSmart Contract Implementation details

Last updated 11 months ago

pragma circom 2.0.0; include "../../node_modules/circomlib/circuits/poseidon.circom"; template CommitmentHasher(){ signal input nullifier; signal input secret; signal input nonce; signal output commitment; signal output paymentIntent; component commitmentHasher = Poseidon(2); component nullifierHasher = Poseidon(2); commitmentHasher.inputs[0] <== nullifier; commitmentHasher.inputs[1] <== secret; commitment <==commitmentHasher.out; nullifierHasher.inputs[0] <== nullifier; nullifierHasher.inputs[1] <== nonce; paymentIntent <== nullifierHasher.out; } template DirectDebit(){ signal input paymentIntent; signal input commitmentHash; signal input payee; // The max amount that can be debited with the proof signal input maxDebitAmount; // The amount of times this proof can be used ti withdraw max amount signal input debitTimes; // The time that needs to pass before the proof can be used to debit an account again signal input debitInterval; // Private inputs! signal input secret; // A nonce for the nullifier so the note is reusable! signal input nonce; // The nullifier is used to calculate the secret with the commitment // And also the payment intent with the nonce! signal input nullifier; //Hidden signals to verify inputs signal payeeSquare; signal maxDebitAmountSquare; signal debitTimesSquare; signal debitIntervalSquare; // Hashing the commitment and the nullifier component commitmentHasher = CommitmentHasher(); commitmentHasher.nullifier <== nullifier; commitmentHasher.secret <== secret; commitmentHasher.nonce <== nonce; commitmentHasher.paymentIntent === paymentIntent; commitmentHasher.commitment === commitmentHash; payeeSquare <== payee * payee; maxDebitAmountSquare <== maxDebitAmount * maxDebitAmount; debitTimesSquare <== debitTimes * debitTimes; debitIntervalSquare <==debitInterval * debitInterval; } component main {public [paymentIntent,commitmentHash, payee, maxDebitAmount, debitTimes,debitInterval]} = DirectDebit();