Post

Architecture of ZKBadge

Posted
By Martinet Lee 2 min read

ZKBadge-Architecture

The following understanding is based on the Devcon talk, I have not looked into their code yet.

ZKBadge is a project that allows one to selectively import reputation from source addresses to target address, proving that the entity behind the target address holds certain reputation, without revealing any source addresses and other information.

What is reputation? When importing reputation in ZKBadge, reputation is not a numerical value, but represented by being included in a group or not. For example, “All addresses that have at least 100 ETH”, the answer of this is a list of addresses, which can be constructed into a group — but someone needs to collect this information. When exporting reputation in ZKBadge, the reputation is being represented by a mint of the SBT. When an address holds such token, it means that it is being included in the specified group on the import side.

A trusted centralized party, “Attester Publisher”, will collect data and construct the group, and convert the group into a Merkle tree as it is an efficient data structure for membership proofs. The Merkle root is published on-chain and the full tree is provided to the user when the need to mint the reputation.

When the user wants to export his reputation, this is what the user needs to do:

  1. acquiring the full tree (either directly from Attester Publisher or fetching from a published decentralized frontend).
  2. Using ZK to generate a proof about the following things at the same time:
    • Source address is included in the full tree - a Merkle proof
    • The user owns the source address
    • The user owns the target address
  3. Submit the proof on-chain to mint SBT.

The circuit input likely needs to include the following:

  • Source address (private)
  • Merkle proof (private)
  • Target address (public)
  • Merkle Root (public)
  • Source address signature (private)
  • Target address signature (does not matter whether it is public or private imo)
  • Reputation group id (public)

The circuit should produce a proof that can be used to mint a SBT that is linked to the reputation group.

I have a couple critiques of the system. First of all, the attester publisher is centralized and thus can censor certain address and not include them into the groups. Second, having a reputation now does not mean that it always holds true for the address. For example, I may own a CryptoPunk 1 year ago, but then I did some bad trades and had to liquidate it. However, if I have already minted my SBT, then I’ll still retain it after I sold my CryptoPunk. The SBT only means that the statement holds true when the attester publisher was taking the snapshot and forming the group, it does not guarantee the maintenance of the reputation in this mechanism. That said, ZKBadge is an interesting project on using ZK to help import/export reputation.

blockchain
ZK DID reputation
This post is licensed under CC BY 4.0 by the author.