historical grants: https://aztecnetwork.notion.site/Aztec-Grants-Wave-3-RFPs-acba57016db048868e5ed07cbf549979
[一些git 一种抗女巫攻击的身份协议](https://twitter.com/aztecnetwork/status/1736779481829069106 https://github.com/Mach-34/zybil)
[noir-trie-proofs] (https://github.com/aragonzkresearch/noir-trie-proofs)
[darkforest-noir] https://github.com/SleepingShell/darkforest-noir
/pages/login.tsx/handleSignUp
router.push("/backup") => backup.tsxconst handleSignUp = useCallback(() => {
console.log("generating a new secret key")
const array = new Uint8Array(32)
crypto.getRandomValues(array)
const v = Buffer.from(array).toString("hex")
localStorage.setItem(LOCAL_STORAGE_SECRET_KEY_UNVERIFIED, v)
setUnverifiedSecretKey(v)
router.push("/backup")
}, [])一个简单的 copy secret key 的 page
pages/backup.tsx
<div className="mt-16 max-w-lg m-auto font-mono">
<div className="m-2 border border-gray-300 rounded-xl p-6">
<div>
This is your ZK CHAT login token. Keep it secret and save it somewhere
safe:
</div>
<textarea
className="block w-full outline-none py-5 px-6 my-6 rounded-xl border focus:border-blue-300 resize-none text-gray-800"
rows={3}
readOnly
value={unverifiedSecretKey || ""}
/>
<input
className="block w-full cursor-pointer bg-gray-300 text-gray-800 rounded-xl px-4 py-2 my-4"
type="button"
value={copied ? "Copied!" : "Copy"}
onClick={handleCopy}
/>
<Link href="/connect">
<a className="block cursor-pointer bg-pink hover:bg-midpink text-white text-center rounded-xl px-4 py-2">
Next
</a>
</Link>
</div>
</div>用户通过发布推文来验证其密钥(或身份)的所有权
getServerSideProps 函数
nookies库,函数尝试从cookies中获取publicKeypublicKey存在,它会在数据库中查找相应的用户。如果用户不存在(表示未验证),则销毁publicKey cookie;如果用户存在,则重定向到首页,因为用户已经验证过了openTwitterIntent 函数
useCallback钩子创建的函数,用于打开Twitter发布推文的URL。intent URL不为null,则在新窗口中打开该URL,并设置waiting状态为true,10秒后将其设置回false。createUser 函数
useCallback钩子创建的异步函数,用于在用户验证其密钥所有权后创建用户记录/api/users 端点(带上公钥),尝试创建用户。如果请求成功,将用户的密钥保存到本地存储,更新应用上下文中的用户信息,并重定向到首页const createUser = useCallback(async () => {
if (unverifiedSecretKey === null || publicKey === null || waiting) {
return
}
console.log("CONNECT- createUser");
const res = await fetch(`/api/users?publicKey=${publicKey}`, {
method: "POST",
})
if (res.status === 200) {
const user = await res.json()
localStorage.setItem(LOCAL_STORAGE_SECRET_KEY, unverifiedSecretKey)
setSecretKey(unverifiedSecretKey)
setUser(user)
router.push("/")
}
else {
console.error("CONNECT- createUser\n" + res);
alert("Could not verify user! Did you post the tweet?")
}
}, [unverifiedSecretKey, publicKey, waiting])这里 POST /api/users 做 2 件事
@zkChatTwitterHandle和publicKey的推文/2/tweets/search/recent端点,发起一个GET请求来搜索最近的相关推文User-Agent和使用环境变量TWITTER_BEARER_TOKEN设置的Authorization完成之后,回到首页,可以 verify
const handleLogin = useCallback(async () => {
console.log("loggin......Demian")
console.log("loggin in", valid, value)
if (valid) {
// if login is successful then this value will get set to
// LOCAL_STORAGE_SECRET_KEY in the first effect callback in _app.tsx
localStorage.setItem(LOCAL_STORAGE_SECRET_KEY_UNVERIFIED, value)
const publicKey = derivePublicKey(value)
// set the cookie client side and reload the page.
// if the public key is registered on the server then
// the server will redirect us to the homepage.
// if the public key is not registsered then the server
// will clear the publicKey cookie.
// setCookie(null, "publicKey", publicKey, {
// maxAge: 30 * 24 * 60 * 60,
// path: "/",
// secure: true,
// })
const res = await fetch(`/api/login?publicKey=${publicKey}`, {
method: "POST",
})
if (res.status === 200) {
const { user } = await res.json()
localStorage.setItem(LOCAL_STORAGE_SECRET_KEY, value)
setSecretKey(value)
setUser(user)
router.push("/")
// window.location.href = "/"
} else {
setUser(null)
router.push(`/login?error=${accountNotFoundError}`)
// window.location.href = `/login?error=${accountNotFoundError}`
}
}
}, [value, valid])hash 私钥 -> 公钥
export function derivePublicKey(secretKey: string) {
const n = BigInt("0x" + secretKey)
return mimcHash(n).toString(16)
}在 Backend postgres 数据库中 search 该 public key
const user = await prisma.user.findUnique({
where: { publicKey },
select: userProps,
})
if (user !== null) {
nookies.set({ res }, "publicKey", user.publicKey, {
maxAge: 30 * 24 * 60 * 60,
path: "/",
httpOnly: true,
})
return res.status(200).json({ user })
} else {
return res.status(404).end()
}export function CreateMessage(props: CreateMessageProps) {
const { user, secretKey } = useContext(PageContext)
const [value, setValue] = useState("")
const router = useRouter()
const handleSubmit = useCallback(async () => {
if (secretKey === null) {
return
}
const hash = hashMessage(value).toString(16)
const { proof, publicSignals } = await sign(secretKey, props.group, value)这个 value 就是你 input 的值:
<input
className={
isUserInGroup
? "rounded-lg px-4 py-3 flex-1 bg-white"
: "rounded-lg px-4 py-3 flex-1 bg-white placeholder-light"
}
disabled={!isUserInGroup}
type="text"
placeholder={
isUserInGroup
? "Reply"
: "You must be logged in as a group member to reply"
}
value={value}
onChange={(event) => setValue(event.target.value)}
/>export async function verifyMessage(
vKeys: VKeys,
message: Message
): Promise<boolean> {
const verified = await snarkjs.groth16.verify(
vKeys.sign,
message.publicSignals,
message.proof
)Group Membership (无 nullifiers)
Group Membership (有 nullifiers)
Group Membership (以太坊上的范例, 有 nullifiers)
Group Membership (其他范例)
分为 2 个阶段:注册阶段 , 验证阶段
component prove:
public input hashes [n]
public input message
private input secret
pk_ = hash(secret)
(pk_ - hashes[0]) * (pk_ - hashes[1]) * ... === 0
// sk // 公开的: pk // message
prove(9j...46, [75...gk, 6h...14], "HELLO!")问题:电路需要用户放个私钥进去
梁爽:不管怎么让我输入私钥我是不愿意的。
Roadmap:
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.