# PSE Grant Proposal * **Project:** Verifiable Web Proofs (VWP) ## Project Overview :page_facing_up: ### Overview Verifiable Web Proofs (VWP) is a project to develop a service infrastructure, browser extension and smart contracts on all possible chains that enables creating verifiable selective disclosure proofs from signed HTTP exchanges (SXG) and RFC9421 compliant web content. It enables trustless web content verification that eliminates middleman dependencies present in current solutions like zkTLS and TLSNotary. By leveraging emerging standards such as Signed Exchange (SXG) and RFC9421, combined with zero-knowledge proofs, Web Proofs enables direct, verifiable proof generation of web content while maintaining privacy and security. ### Short Rationale There exists no standardized trustless way to bridge web content into blockchain environments and web's trust model needs a secure bridge kind of like a roll up for web content to bring the interesting and astronomically diverse information on chain in a decentralized fashion. VWP solves this by allowing users to create zero-knowledge proofs about signed web content that can be verified on-chain while preserving privacy and minimizing data disclosure. Unlike Signed Exchanges (SXG), which are opinionated and rely on a Merkle integrity structure that is not zero-knowledge (zk) friendly, RFC9421 provides a more flexible and zk-friendly alternative. This makes RFC9421 better suited for trustless and privacy-preserving integrations between web content and blockchain environments. ### Why now? 1. It's a finalized standard -- [RFC 9421](https://datatracker.ietf.org/doc/rfc9421/), with insights from [conversations](https://blog.aayushg.com/standards/#rfc-9421) with Justin Taylor(Author of rfc9421) 2. Major institutions are exploring adoption with web proofs, including [Brave](https://brave.com/blog/distefano/) 3. Companies like eBay are [adopting RFC 9421](https://developer.ebay.com/develop/guides/digital-signatures-for-apis) 4. Many [websites](https://github.com/pluto/how-many-sxg-sites) already have SXG enabled in production, allowing us to bring Web2 data onchain 5. Our blog examines the challenges of Signed HTTP Exchanges (SXGs) and implies that RFC 9421 adoption may provide solutions to these limitations. ### Project Details **Technology Stack:** | Component | Technologies | |-----------|--------------| | **Zk DSL** | • Noir<br>• SP1 | | **Browser Extension** | • TypeScript/JavaScript<br>• webextension-polyfill<br>• RFC9421, SXG/HTTP message signature verification libraries | | **Backend Service** | • Golang<br>• Rust<br>• Node.js/TypeScript | | **Smart Contracts** | • Solidity<br>• Foundry | **Core Components:** 1. **Signature Verification Module** - Implements RFC 9421 HTTP Message Signatures verification - Validates Signed HTTP Exchanges per spec - Manages certificate chains and revocation checking 2. **Selective Disclosure Module** - JSON-path based content selection - Template-based circuit generation - Optimization in proof generation time 3. **Smart Contract Interface** ```solidity // Core registry for proofs contract ProofRegistry { mapping(bytes32 => bool) public verifiedProofs; mapping(address => bytes32[]) public userProofs; function submitProof( bytes calldata proof, bytes calldata publicInputs ) external; function verifyProof(bytes32 proofHash) external view returns (bool); } // Certificate registry for tracking valid signers contract CertificateRegistry { mapping(bytes32 => bool) public validCertificates; function updateCertificate( bytes32 certHash, bool valid ) external; } ``` 4. **Browser Extension UI** - Point-and-click interface for selecting content - Proof generation workflow - Transaction management - Proof status monitoring ## Team :busts_in_silhouette: Website: [Crema.sh](https://crema.sh) Twitter: [@CremaLabs](https://x.com/CremaLabs) GitHub: [Crema Labs](https://github.com/crema-labs/) ### Members - [Yash](https://github.com/yash25198) FTE : 1 - [Ayman](https://github.com/nesopie) FTE : 1 - [Sushanth](https://github.com/Sushants-Git) FTE : 0.25 ### Experience 1. Build [SXG verification using SP1](https://x.com/CremaLabs/status/1847182768306053583) 2. Collaborated with ZKEmail and OpenPassport on different projects such as [ECDSA secp384r1](https://github.com/crema-labs/ecdsa-p384-circom) and [app-attest](https://github.com/crema-labs/app-attest) 3. Showcased proof of concept for the [extention](https://github.com/crema-labs/sxg-extension) @Edge City Lanna 4. Implemented various cryptographic primitives such as Generic [AES](https://github.com/crema-labs/aes-circom), [ECIES](https://github.com/zk-bankai/soulforge/blob/main/applications/ecies.md#section-1-project-information), [HMAC](https://github.com/orgs/crema-labs/repositories?q=hmac) and [HKDF](https://github.com/crema-labs/hkdf-circom) in Circom, which are being used by pluto.xyz 5. Built [TickBit](https://github.com/yash25198/tickbit), a trustless way to bet on when the next bitcoin block will be mined and [BitMix](https://github.com/crema-labs/BitMix) a novel way that implements [witness encrytion to utilize the bitcoin SPV](https://ethresear.ch/t/trustless-bitcoin-bridge-creation-with-witness-encryption/11953) made available via relayers uilt for TickBit on EVM to enable private briging solutions providing anonmity to the user in the process. 6. Currently implementing ECIES in circom. ### Team Code Repos https://github.com/crema-labs/sxg-sp1 https://github.com/crema-labs/sxg-extension https://github.com/crema-labs/TickBit https://github.com/crema-labs/aes-circom https://github.com/crema-labs/BitMix https://github.com/crema-labs/ecdsa-p384-circom https://github.com/crema-labs/app-attest https://github.com/crema-labs/PurrSettle ## Development Roadmap :nut_and_bolt: ### Project Plan: SXG & RFC9421 Implementation #### Overview - **Total Duration:** 3 months - **Focus:** SXG Exploration and RFC9421 Integration - **Total FTE:** 2.25 - **Total Cost:** $67,500 ## Milestone 1: SXG Core Development - **Duration:** 1 month - **FTE:** 2.25 - **Cost:** $22,500 ### Deliverables 1. Extension for private and public data extraction 2. Making SP1 Circuits generic 3. Noir client-side experimentation and benchmarking 4. Proof generation pipeline for SXG circuits with Noir and SP1 5. Explorating Delegated proving technique with noir and sp1 for proofs on private data. ## Milestone 2a (First Half): Integration Phase - **Duration:** 15 days - **FTE:** 2.25 - **Cost:** $11,250 ### Deliverables 1. Extension integration with proof generation pipeline 2. Onchain verifier implementation for SXG 3. Publish extension in Chrome Web Store. ## Milestone 2b (Second Half): RFC9421 Implementation - **Duration:** 15 days - **FTE:** 2.25 - **Cost:** $11,250 ### Deliverables 1. RFC9421 support with Noir and SP1 circuits 2. Modular Rust crate development for RFC9421 3. Extension support for RFC9421 data handling ## Milestone 3: Final Integration & Applications - **Duration:** 1 months - **FTE:** 2.25 - **Cost:** $22,500 ### Core Development 1. End-to-end RFC9421 integration 2. Testing with major websites 3. Onchain verifier for RFC9421 4. Technical documentation and blog posts ## Milestone 4: Ecosystem expansion - **Duration:** Tentative ### Build Sample Apps 1. Oracle implementation 2. Twitter follower verification system 3. Production-ready TickBit implementation using new SXG stack - Reference: https://github.com/crema-labs/TickBit 5. Launch tickbit.xyz platform 6. Explore possible integrations with EU based marketplaces which are going to enable RFC9421 as per [regulations](https://finance.ec.europa.eu/publications/strong-customer-authentication-requirement-psd2-comes-force_en) laid. (still looking for more sources and information in this direction) ## Additional Information :heavy_plus_sign: ### Research and Prior Work The project builds on established standards: - RFC 9421 (HTTP Message Signatures) - Signed HTTP Exchanges specification ### Initial Prototypes We have developed initial prototypes demonstrating: - Basic SXG parsing and validation [sxg-sp1](https://github.com/crema-labs/sxg-sp1) - Simple selective disclosure circuit - Smart contract integration ### Current support 1. https://cryptoid.info/ has enabled SXG's on their indexer. 2. Working with BlockScout to have variable ethereum data , idea here is to build co processors and data retrieving systems with attested sources .We are given this deployment to check compatibility [Sepolia Test Deployment](https://eth-sepolia.k8s-dev.blockscout.com/) ### Impact and Ecosystem Benefits This project will enable: - Privacy-preserving web oracles - Trustless asset trading based on web content - Verifiable web-based credentials - New forms of cross-platform identity and reputation systems The tools developed will be open source and designed for easy integration into existing web3 applications.