Unirep
  • 👏Welcome
  • 🧩Introduction
  • 🎮Getting Started
    • Install & build 🛠
    • Start with cli commands 🔌
      • 0. Install and build
      • 1. Spin up the testing chain
      • 2. Deploy Unirep contract
      • 3. User generates semaphore identity
      • 4. User signs up
      • 5. Attester signs up
      • 6. User generates epoch key and epoch key proof
      • 7. Attesters/Users verify epoch key proof
      • 8. Submit epoch key proof to Unirep smart contract
      • 9. Attester attest to epoch key
      • 10. Epoch transition
      • 11. User state transition
      • 12. User generates reputation proof
      • 13. Attesters/ Users verify the reputation proof
      • 14. User generates sign up proof
      • 15. Attesters/ Users verify the sign up proof
    • Start with Typescript 📠
      • 0. Install packages
      • 1. deploy
      • 2. User signs up
      • 3. Attester signs up
      • 4. Epoch key proof
      • 5. Attest
      • 6. Epoch transition
      • 7. User state transition
      • 8. Reputation proof
    • Computation happens off-chain ℹ️
  • ☀️Protocol
    • Glossary
      • Users and Attesters
      • Epoch
      • Epoch Key
      • Reputation
      • Trees
      • Nullifiers
      • Epoch Transition
      • User State Transition
    • Circuits
      • Epoch Key Proof
      • Reputation Proof
      • User Sign Up Proof
      • User State Transition Proof
    • Contract
      • Sign up
      • Attestations
      • Epoch transition
      • User state transition
      • Verify proofs
  • 🌈Package usage
    • @unirep/crypto
    • @unirep/circuits
    • @unirep/contracts
    • @unirep/core
    • @unirep/subgraph
    • cli
      • Deploy Unirep Contract
      • User Identity
      • User Sign Up
      • Epoch Key And Proof
      • Attestation
      • Epoch transition
      • User state transition
      • Reputation Proof
      • Airdrop Reputation
      • Spend Reputation
  • 🌻Applications
    • Unirep Social
Powered by GitBook
On this page
  • Public inputs
  • Public outputs
  • Private inputs
  • Contraints
  • 1. Check if user exists in the Global State Tree and verify epoch key
  • 2. Check if the reputation given by the attester is in the user state tree
  • 3. Check if reputation nullifiers are valid
  • 4. Check if user has reputation greater than min_rep
  • 5. Check pre-image of graffiti

Was this helpful?

Edit on GitHub
  1. Protocol
  2. Circuits

Reputation Proof

The zero-knowledge circuit of reputation proof in UniRep

PreviousEpoch Key ProofNextUser Sign Up Proof

Last updated 2 years ago

Was this helpful?

Users can use a reputation proof to claim that how the reputation is from a given attester. There are following things that user can choose to prove:

  1. The pos_rep - neg_rep given by the attester is more than the claimed min_rep i.e.

    (pos_rep - neg_rep) > min_rep

  2. The graffiti_preimage of a graffiti i.e.

    hash(graffiti_preimage) == graffiti

  3. The are computed correctly i.e.

    // for all nonces
nonce >= 0
nonce < pos_rep - neg_rep
reputation_nullifiers = hash5(
    REPUTATION_NULLIFIER_DOMAIN, 
    identity_nullifier, 
    epoch, 
    nonce, 
    attesterId
)

The circuit also checks if the user has and performed in the claimed epoch.

Public inputs

  • epoch

  • epoch_key

  • GST_root

  • attester_id

  • rep_nullifiers_amount

  • min_rep

  • prove_graffiti

  • graffiti_pre_image

Public outputs

  • rep_nullifiers

Private inputs

  • epoch_key_nonce

  • identity_nullifier

  • identity_trapdoor

  • user_tree_root

  • GST_path_index

  • GST_path_elements

  • pos_rep

  • neg_rep

  • graffiti

  • sign_up

  • UST_path_elements

  • selectors

  • rep_nonce

Contraints

1. Check if user exists in the Global State Tree and verify epoch key

Check the constrains in epoch key proof.

2. Check if the reputation given by the attester is in the user state tree

Check if hash(pos_rep, neg_rep, graffiti, sign_up) is one of the leaves in the user state tree of root user_tree_root.

3. Check if reputation nullifiers are valid

Check if rep_nonce[i] < pos_rep - neg_rep for all output rep_nullifiers[i].

Check if 

rep_nullifier[i] = hash(
    REPUTATION_NULLIFIER_DOMAIN = 2, 
    identity_nullifier, 
    epoch, 
    rep_nonce[i], 
    attester_id
)

4. Check if user has reputation greater than min_rep

Check if

  1. min_rep > 0

  2. pos_rep - neg_rep >= 0

  3. pos_rep - neg_rep >= min_rep

5. Check pre-image of graffiti

Check if hash(graffiti_pre_image) == graffiti.

See:

See:

See the whole circuit in

☀️
Epoch Key Proof circuit
circuits/proveReputation.circom
registered
user state transition
reputation nullifiers
Reputation nullifiers