Authlist

The Member Authlist

GunClear allows transactions between two vetted parties who have the documentation necessary to prove that they are complying with all laws of the jurisdiction they are conducting a transfer in. It is core to our mission of making legal transfers of firearms as easy to conduct in compliance with the law as possible. The Member Authlist is critical to this functionality.

The Authlist works by managing the list of addresses representing licensed gun owners GunClear has vetted. The address is an Ethereum account generated by a set of cryptographic keys unique to the GunClear application, therefore each account starts with no transactions and has no state attributable to them. Whenever a licensed gun owner wishes to tokenize their legal firearm, GunClear reviews the documentation provided and transfers their token on their behalf to Gunero through the PlasmaRifle Manager contract, which allows it to be trustlessly transferred in compliance of the law without any knowledge of it's transfer to any network participants (besides those parties who conducted the transaction).

Only GunClear knows which account maps to which licensed gun owner internally in their system.

Therefore, we know who originally tokenized any firearm that has been on-boarded into our system. However, it is not possible for us to know who owns the firearm after a transaction has occurred, given the "zero knowledge" properties of the transfers on our Gunero network. To ensure your anonymity, the GunClear application will randomly "transfer" ownership of your firearm back to yourself if it has been tokenized within the first checkpoint period (currently 30 days), once you have validated you do not intend to conduct your own transfer to another participant within that time period.

Inclusion

GunClear manages the Authlist contract, and therefore is the only one allowed to submit new entries to the list. It can do so at any time, and has the ability to submit multiple entries into the list within one transaction. Inclusion in the list updates the root hash, as that is necessary to conduct a "Zero-Knowledge Proof of Inclusion" (more on that below) to show that transaction involves two Authlisted parties without revealing who they are.

Since the root hash is managed independently from the Authlist (and we do not want to manage a Merkle Tree on chain) it is updated at a regular interval corresponding to the checkpoint in the PlasmaRifle Manager contract. This is useful as it allows transactions to have a dependable source for this information to conduct the inclusion proof, and creates a timeline for the removal and dispute to work.

Removal [MVP Only]

Occasionally, there are compliance issues with authorized accounts that require us to remove them from the Authlist. This means we need a process to ensure that they cannot perform transactions, after a defined dispute period. The check-pointing interval (currently 30 days) ensures that this is possible, by having GunClear attest to a removal and having the root-hash only update for that individual after the dispute period has elapsed. This means the individual may be able to conduct trades, depending on the rules set for that particular jurisdiction.

Dispute [MVP Only]

As noted prior, the dispute period allows an address who is about to be removed from the Authlist (and therefore will be permanently removed from the Gunero network) to dispute this removal. This time period allows GunClear to reverse a removal (following a review cycle) without impacting that individual's ability to perform transactions. By publicly attesting to requesting a dispute, it is made clear that GunClear, as custodians of the Authlist, have a legal obligation to conduct a review of the decision made within the time period prescribed.

A user will do this by purchasing Ether and submitting it as a collateral for help pay for legal fees to conduct the review. The collateral is returned and the removal reversed if GunClear is found to be in error.

Zero-Knowledge Proof of Inclusion

In order to conduct trust-less, "zero knowledge" transfers that are in compliance with the jurisdiction a trade is conducted in, it is necessary to have a succinct proof of inclusion of an individual in the our maintained list of vetted individuals without revealing who those participants are. To that end, we have developed a zkSNARK circuit showing the validity of a Merkle proof of an individual in that list (as well as a proof that they are that individual) requiring only the root hash of the Merkle tree to conduct the proof. Therefore, the value of the committed Merkle proof is of critical importance to the consensus algorithm of the Gunero network, and one of the few public parameters required in every transaction. This root is also used to ensure the timeline of transactions, as it is tracked alongside the Plasmachain root in the Manager contract.