Hydra-S1 is a Zero-Knowledge Proving Scheme used by Hydra S1 attesters of the Sismo Protocol.
Hydra-S1 generates ZK Proofs from a Merkle tree storing groups of accounts with values (e.g group of ENS DAO voters where the account value is the number of votes).
Hydra-S1 enables users to prove from these groups:
- Ownerships: They own two accounts, a source account, and a destination account. (via Hydra Delegate Proof of Ownership)
- Account inclusion: Their source account is part of a group (e.g group ENS DAO voters)
- Account value: Their source account holds a specific value (e.g number of votes in the group of ENS DAO voters)
- Nullifier Generation: They computed a nullifier from an externalNullifier. The nullifier is deterministically generated from their source account and the externalNullifier. It can be stored by proof verifiers to only accept one ZK Proof per account per externalNullifier.
Please make sure to read our documentation:
- Hydra-S1 general documentation
- Registry Tree The custom Merkle tree which stores the groups of accounts.
- Hydra Proof of Ownership via the Commitment Mapper
Hydra-S1 Proving Scheme was developed using circom and snarkjs. This repo contains the circuits.
It outputs an off-chain prover and verifiers (both on-chain and off-chain).
These implementations of prover and verifiers are in the @sismo-core/hydra-s1 npm package.
$ yarn add @sismo-core/hydra-s1
- Install Circom2 (rust version)
- Build
$ yarn build
$ yarn test
$ test:circuits
$ test:verifier-js
$ test:verifier-contract
$ test:prover-js
Distributed under the MIT License.
Please, feel free to open issues, pull requests, or simply provide feedback!