Reputation Proof
The zero-knowledge circuit of reputation proof in UniRep
Users can use a reputation proof to claim that how the reputation is from a given attester. There are following things that user can choose to prove:
The
pos_rep - neg_repgiven by the attester is more than the claimedmin_repi.e.The
graffiti_preimageof agraffitii.e.The reputation nullifiers are computed correctly i.e.
The circuit also checks if the user has registered and performed user state transition in the claimed epoch.
Public inputs
epochepoch_keyGST_rootattester_idrep_nullifiers_amountmin_repprove_graffitigraffiti_pre_image
Public outputs
rep_nullifiers
Private inputs
epoch_key_nonceidentity_nullifieridentity_trapdooruser_tree_rootGST_path_indexGST_path_elementspos_repneg_repgraffitisign_upUST_path_elementsselectorsrep_nonce
Contraints
1. Check if user exists in the Global State Tree and verify epoch key
Check the constrains in epoch key proof.
2. Check if the reputation given by the attester is in the user state tree
Check if hash(pos_rep, neg_rep, graffiti, sign_up) is one of the leaves in the user state tree of root user_tree_root.
3. Check if reputation nullifiers are valid
Check if rep_nonce[i] < pos_rep - neg_rep for all output rep_nullifiers[i].
Check if
4. Check if user has reputation greater than min_rep
min_repCheck if
min_rep > 0pos_rep - neg_rep >= 0pos_rep - neg_rep >= min_rep
5. Check pre-image of graffiti
Check if hash(graffiti_pre_image) == graffiti.
See the whole circuit in circuits/proveReputation.circom
Last updated