https://github.com/noway/nzcp-circom

ZK proof of NZ COVID Pass identity written in Circom
https://github.com/noway/nzcp-circom

cbor circom circuit covid-19 cwt newzealand nzcp vaccine vaccine-passports zk zk-snarks zkp

Last synced: 9 months ago
JSON representation

ZK proof of NZ COVID Pass identity written in Circom

• Host: GitHub
• URL: https://github.com/noway/nzcp-circom
• Owner: noway
• License: mit
• Created: 2022-02-02T19:51:54.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2022-04-03T00:07:44.000Z (about 4 years ago)
• Last Synced: 2025-04-05T16:22:21.355Z (about 1 year ago)
• Topics: cbor, circom, circuit, covid-19, cwt, newzealand, nzcp, vaccine, vaccine-passports, zk, zk-snarks, zkp
• Language: JavaScript
• Homepage:
• Size: 764 KB
• Stars: 8
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# NZCP.circom

ZK proof of [NZ COVID Pass](https://github.com/minhealthnz/nzcovidpass-spec) identity written in [Circom](https://github.com/iden3/circom).

This circuit allows to prove that a unique identity is part of an NZ COVID Pass without revealing that identity.

## How it works

The circuit takes in the following private inputs:

- `toBeSigned` - the `ToBeSigned` value of NZ COVID Pass as per https://datatracker.ietf.org/doc/html/rfc8152#section-4.4

- `toBeSignedLen` - the length of `toBeSigned`

The circuit outputs the following public inputs:

- `credSubjSha256` - the SHA256 hash of the credential subject of the NZ COVID Pass. That is your given name, family name and date of birth delimited by comma. 

- `toBeSignedSha256` - the SHA256 hash of the `toBeSigned` value.

- `exp` - the expiry date of the NZ COVID Pass.

## NZ COVID Pass verification

The circuit does not verify the signature of the NZ COVID Pass. It merely proves that an identity is associated with the NZ COVID Pass, be it signed or unsigned. The user may not be in a possession of a valid signature for the `ToBeSigned` value that is provided.

While it is theoretically possbile to verify the signature (using a circuit similar to [circom-ecdsa](https://github.com/0xPARC/circom-ecdsa) for NIST P-256 curves), it is outside the scope of this project.

## Limitations

For live passes:

- The length of the `ToBeSigned` value is limited to 355 bytes.

- The length of the credential subject string (defined as `${familyName},${givenName},${dob}`) is limited to 64 bytes.

## Tests

- Create `.env` file in the root directory of the project

- Populate it with at least 1 live pass URI. 

    - Use `.env.example` as a reference.

- Run `make test`

## Usage

See the [test/nzcp.js](test/nzcp.js) file for usage examples.