Weekly Meeting Minutes 25/1/23

Weekly Meeting Minutes 25/1/23 === :::info - **Date:** Jan 25, 2023 7:30 AM (UTC) - **Agenda** 1. Grant Milestone Status Summary 2. New Nullifier Milestone 3. AnonMinting Service - **Participants:** - Blake [name=BlakeMScurr] - Gauthier [name=r1oga] ::: [Grant Milestones](https://hackmd.io/EzB7W6GcRn-IhAmoyij78Q?view) Status Summary --- - [ ] 1. Setup - [x] 1.1 - [x] 1.2 - [ ] 1.3 - [ ] 2. Public Key Recovery Template Replaced by [non membership template milestone](https://hackmd.io/EsmnIXHhSaim3O9PlTiIHw#Circom-Set-Non-Membership-Circuit). [PR](https://github.com/privacy-scaling-explorations/e2e-zk-ecdsa/pull/76) submitted, waiting for reviews. - [x] 3. Pub key validation template: done. Not paid - [x] 4. ecrecover: irrelevant Because we can pass the pub key to the circuit instead of deriving it from sig To replace with [new nullifier milestone](#New-Nullifier-Milestone). - [x] 5. Set Membership circuit: done. Not paid - [ ] 6. Blog post New Nullifier Milestone --- Several ideas for a public nullifier have been discussed in the past weeks. - $N=Poseidon(signature)$ where $signature$ would use RFC6979(deterministic nonce) ([name=Wanseob]) - going around the nullifier problem by integrating with [Unirep](https://developer.unirep.io/) > We can build a unirep attester that gives an Ethereum address to a semaphore identity as user data. When the user wants to sign up with another platform they can prove control of an Ethereum address by proving their unirep user data. [name=Chance] Although this idea is appealing, the *e2e-zk-ecdsa* intends to achieve an end to end proof of membership zk workflow without having to rely on onchain contracts to manage anonymity sets / merkle trees, so we'll exlude that option. - Collaborate with [Personae Labs](https://personaelabs.org/) and build on ~~[zk-nullifier snap](https://ethglobal.com/showcase/zk-nullifier-snap-6a9sq)~~ [full PLUME proof](https://hackmd.io/VsojkopuSMuEA4vkYKSB8g?view) This is the option we will go forward with. **[name=BlakeMScurr] to prepare corresponding new milestone description.** AnonMinting Service MVP --- ### Product Walkthrough 1. connect with metamask 2. Sign message 3. Ask for receive address 4. See an animation showing progress: a. "Generating offchain zk proof..." b. Sending proof to relay... c. Relay broadcasting tx to verifier contract... d. Minting AnonNFT... 5. User has received his AnonNFT on the provided address ### UX **UX of zk app should be: gasless, 5s anonymous final tx** ### Features - web interface - anon onchain minting - tx relaying - proof generation: remote - offchain - proof verification: in browser + on chain verifier contract - docs - can't reuse proof (nullifying) ### Implementation - [ ] circuit (*in grant's scope*) - [x] circom membership template(s) - [ ] nullifier - [ ] Documentation website - [x] [Query API](https://github.com/privacy-scaling-explorations/e2e-zk-ecdsa/tree/main/apis/query) Serve list of punk owners as of latest block - [ ] Proofs generation server API (*in grant's scope*) Node JS server (with circomlibjs, snarkjs)? To be confirmed POST endpoint that accepts a signature, returns a proof - [ ] Minting contract on a test network (For 1 NFT collection (crypto punk)) Receive a proof and a receive-address. Verify proof. Send AnonNFT to receive address - [ ] Relayer or simply start with faucet Anymously send transactions to minting contract - [ ] User interface React web app that implements a workflow describe in [product walkthrough](Product-Walkthrough)