chore(approaches|use-case): update private auth with more relevant details#97
chore(approaches|use-case): update private auth with more relevant details#97
Conversation
rymnc
force-pushed
the
chore/reposition-private-auth
branch
from
652bc0f to
ced8255
Compare
oskarth
left a comment
oskarth
left a comment
There was a problem hiding this comment.
Where does things like OpenAC (unlinkability) and Self (ZKPassport) fit in this framework?
ZKPassport fits under Document based ZK, already mentioned. OpenAC fits with eu digital id, so this could go there too |
approaches/approach-private-auth.md
Outdated
|
|
||
| **Universal:** | ||
|
|
||
| - Must not require a single canonical identity provider or central registry |
There was a problem hiding this comment.
Not clear.
Does it mean that 1 request cannot be solved by 1 provider? Or is it more that you don't, in general, see 1 universal identity system as a whole?
|
|
||
| - Must not require a single canonical identity provider or central registry | ||
| - Must support credential revocation without re-identifying holders | ||
| - Proof generation must be practical on consumer hardware |
There was a problem hiding this comment.
There's a lot of property we can list here:
- Unlikability
- Openness
- Interoperability
- Decentralized
- ...
approaches/approach-private-auth.md
Outdated
| | [zk-TLS](#c-tls-transcript-proofs) | Web2 data source | Notary + TLS server | Medium | PoC | TLSNotary | | ||
| | [On-chain attestation](#d-on-chain-attestation) | Trusted issuer | Issuer signing key | Low | Production | EAS, ONCHAINID | | ||
| | [Anti-collusion voting](#e-anti-collusion-voting) | Encrypted vote + ZK tally | Coordinator (decentralizing) | Medium | Pilot | MACI / ETHDam | | ||
| | [PCD framework](#f-pcd-proof-carrying-data) | Event/community | Attestation issuer | Low | Pilot | Zupass / Devcon | |
There was a problem hiding this comment.
Maybe wa can replace this by POD2 -> https://github.com/0xPARC/pod2
| - [zk-TLS](../patterns/pattern-zk-tls.md) | ||
| - [Selective Disclosure](../patterns/pattern-regulatory-disclosure-keys-proofs.md) | ||
| - [Co-SNARK](../patterns/pattern-co-snark.md) | ||
| A registry operator (institution, DAO) maintains a Merkle tree of approved members. Provers generate ZK membership proofs demonstrating inclusion in the tree and exclusion from a revocation tree, without revealing which leaf they correspond to. [Semaphore](https://semaphore.pse.dev/) is the most established implementation, using identity commitments as leaves and nullifiers to prevent proof reuse. |
There was a problem hiding this comment.
Should we specify trust assumptions regarding the operator?
approaches/approach-private-auth.md
Outdated
| **Deployment:** EAS is production-grade across multiple chains. | ||
| **Limitations:** Issuer linkage: the issuer knows which attestations they signed, creating a linkability vector unless combined with ZK membership proofs over the attestation set. | ||
|
|
||
| ### E. Anti-Collusion Voting |
There was a problem hiding this comment.
Should this item be here?
Doesn't feel like it solves private-auth; it's more like using it to achieve private voting.
approaches/approach-private-auth.md
Outdated
| - **ZK Frameworks:** Semaphore for membership proofs and exclusion proofs, Aztec Noir for custom circuits | ||
| - **Registry Management:** [Attestation infrastructure](../patterns/pattern-verifiable-attestation.md) (EAS, W3C VC, ONCHAINID), custom Merkle tree contracts | ||
| - **Identity Standards:** ERC-3643 for permissioned tokens, ERC-734/735 for identity claims | ||
| ### F. PCD (Proof-Carrying Data) |
There was a problem hiding this comment.
Same as above, PCD and Zupass are not under development anymore, but we can replace this with a mention of POD2.
approaches/approach-private-auth.md
Outdated
| | TLS proofs | [TLSNotary](https://tlsnotary.org/) | PoC | | ||
| | On-chain attestation | [EAS](https://attest.org/), [ONCHAINID](https://www.erc3643.org/) (Tokeny), W3C VC | Production | | ||
| | Anti-collusion voting | [MACI](https://maci.pse.dev/) (PSE) | Pilot | | ||
| | PCD framework | [Zupass](https://zupass.org/) (0xPARC) | Pilot | |
approaches/approach-private-auth.md
Outdated
| | Category | Vendors / Frameworks | Status | | ||
| | --- | --- | --- | | ||
| | Merkle membership | [Semaphore](https://semaphore.pse.dev/) (PSE), [Iden3](https://github.com/iden3) | Pilot | | ||
| | Document ZK | [ZKPassport](https://zkpassport.id/) (Noir/Barretenberg), [Anon Aadhaar](https://github.com/anon-aadhaar) (Circom) | Pilot/PoC | |
There was a problem hiding this comment.
We can mention Self, Rarimo
Maybe we can link? OpenAC is also used in other env but not public. Agree not production-ready, but it has key properties and is soon in pilot stage and EF/PSE is pushing it, so we can mention it with disclaimer IMO. |
|
|
||
| See detailed architecture and trade-offs in [**Approach: Private Authentication**](../approaches/approach-private-auth.md). | ||
|
|
||
| ## 6) Open Questions |
There was a problem hiding this comment.
Here we should again have the main question in terms of compliance. How the tech building blocks fit into a more global landscape.
There was a problem hiding this comment.
There was a problem hiding this comment.
dont exactly understand, added a question if you wanted that, in 27cd9e6
fair, addressed in 92da634 |
| - **Openness:** proof systems and verification logic must be open source and auditable | ||
| - **Interoperability:** must work across credential formats, chains, and verifier implementations | ||
| - **Decentralization:** must not require a single canonical identity provider or central registry | ||
| - Must support credential revocation without re-identifying holders |
There was a problem hiding this comment.
Should this adopt same formating as previous bullet points?
3 participants
What are you adding?
Description
rephrasing and modifying private auth approach and usecases to stay up to date
Checklist