semaphore

A zero-knowledge protocol for anonymous interactions.

MIT License

Downloads
30.5K
Stars
899
Committers
43
View Code on GitHub Visit Website
Ecosystems: Solidity, TypeScript, Ethereum, JavaScript

Bot releases are visible (Hide)

semaphore - v3.12.3

Published by github-actions[bot] about 1 year ago

No significant changes

    View changes on GitHub
semaphore - v3.12.2

Published by github-actions[bot] about 1 year ago

   🐞 Bug Fixes

    View changes on GitHub
semaphore - v3.12.1

Published by github-actions[bot] about 1 year ago

No significant changes

    View changes on GitHub
semaphore - v3.12.0

Published by github-actions[bot] about 1 year ago

No significant changes

    View changes on GitHub
semaphore - v3.11.1

Published by github-actions[bot] about 1 year ago

   🐞 Bug Fixes

   ♻️ Refactoring

    View changes on GitHub
semaphore - v3.11.0

Published by github-actions[bot] about 1 year ago

   🚀 Features

  • Add identitycommitment as groups filter  -  by @wslyvh (36925)

   ♻️ Refactoring

    View changes on GitHub
semaphore - v3.10.1

Published by github-actions[bot] over 1 year ago

   🐞 Bug Fixes

    View changes on GitHub
semaphore - v3.10.0

Published by github-actions[bot] over 1 year ago

📣 Important news

Off-chain groups

In order for a member of a Semaphore group to generate a valid zero-knowledge proof, it is necessary to create an off-chain group and add all members so that the Merkle proof for that member can be calculated. This step can take place in a server or on the browser, but in any case it is important that the time for adding members is reasonable. The old addMembers method has been replaced with a third parameter in the Group class, which is more than 10 times faster.

import { Group } from "@semaphore-protocol/group"
import { SemaphoreSubgraph } from "@semaphore-protocol/data"

const semaphoreSubgraph = new SemaphoreSubgraph()
const members = await semaphoreEthers.getGroupMembers("42")

const group = new Group("42", 20, members)

PR: #322

Documentation

Answers to frequently asked questions have been added to a separate page in the documentation, along with the troubleshooting page and a new guide to fetch on-chain data with the @semaphore-protocol/data package. Also, the search bar can now also be used in Spanish.

   🚀 Features

    View changes on GitHub
semaphore - v3.9.0

Published by github-actions[bot] over 1 year ago

   🚀 Features

    View changes on GitHub
semaphore - v3.8.0

Published by github-actions[bot] over 1 year ago

   🚀 Features

   ♻️ Refactoring

    View changes on GitHub
semaphore - v3.7.0

Published by github-actions[bot] over 1 year ago

No significant changes

    View changes on GitHub
semaphore - v3.6.0

Published by github-actions[bot] over 1 year ago

📣 Important news

CLI

CLI templates

There are two new templates in the CLI: monorepo-ethers and monorepo-subgraph. You can select which one you prefer when creating your project:

Supported templates:

CLI commands

The get-group command in the CLI was split into get-group, get-members and get-proofs.

Commands:

  • get-group: It returns the data of a group from a supported network.
  • get-members: It returns the members of a group from a supported network.
  • get-proofs: It returns the proofs of a group from a supported network.

PR: #303

Contracts

All contracts are using the same addresses on almost all the supported networks. You can take a look at the new contract addresses in the documentation.

PR: #304

Discord Bot

Semaphore has a new Discord bot that can be used to show the data of on-chain groups with a simple command: /get-group . The output of the command is private by default, but you can make it public by adding a third parameter /get-group true. Exciting new features will be integrated in the future, stay tuned!

Repository: https://github.com/semaphore-protocol/discord-bot

   🚀 Features

  • @semaphore-protocol/cli:
    • Split the get-group command to make it easier to query group data  -  by @vplasencia (0cbbd)
    • Add checks for template integrity  -  by @vplasencia (14e39)
    • Add inquirer to select a template when creating a project  -  by @vplasencia (4d1a6)
    • Add the hardhat-nextjs-semaphoreethers template  -  by @vplasencia (53d87)
    • Add hardhat-nextjs-semaphoresubgraph template  -  by @vplasencia (58310)

   🐞 Bug Fixes

   🏎 Performance

   ♻️ Refactoring

  • Ignore .next and public folders  -  by @vplasencia (6afb0)
  • @semaphore-protocol/cli:
    • Organize inquirer prompts  -  by @vplasencia (d8ab9)
    • Organize get group ids logic  -  by @vplasencia (93e4a)
    • Change cli template names  -  by @vplasencia (84c1d)
    • Update template apps' names  -  by @cedoor (58de9)
    • Add the next-env.d.ts file to gitignore  -  by @vplasencia (02d13)
    • Set the monorepo-ethers template as default when creating a project  -  by @vplasencia (27ba2)
    • Copy the contents of the .env.example file to a new .env file  -  by @vplasencia (74c2e)
    • Rename the cli hardhat template package  -  by @vplasencia (e38b0)
    • Add access public in package.json file  -  by @vplasencia (abfff)
    • Update package names  -  by @vplasencia (eb997)
    • Remove unused code  -  by @vplasencia (e5cf4)
    • Remove unused import statement  -  by @vplasencia (5dbbd)
    • Remove unused code  -  by @vplasencia (fcaac)
    • Rename cli hardhat-nextjs-semaphoreethers template package  -  by @vplasencia (1c0d1)
    • Add yarn.lock file  -  by @vplasencia (b363c)
    • Rename cli hardhat-nextjs-semaphoresubgraph template  -  by @vplasencia (ee6e1)
    View changes on GitHub
semaphore - v3.5.0

Published by github-actions[bot] over 1 year ago

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
semaphore - v3.4.0

Published by github-actions[bot] over 1 year ago

📣 Important news

HeyAuthn

HeyAuthn (@semaphore-protocol/heyauthn) is a new library to allow developers to create and manage Semaphore identities using WebAuthn as a cross-device biometric authentication in a way that is more convenient, smoother and secure than localStorage, Chrome extensions, or password manager based solutions.

PR: https://github.com/semaphore-protocol/semaphore/pull/285
Special thanks to @vb7401, @rrrliu, @emmaguo13, @sehyunc and @enricobottazzi!

Arbitrum Goerli

Semaphore is now available on Arbitrum Goerli. Please, check the contract addresses in our documentation, or the subgraph endpoint here.

PR: https://github.com/semaphore-protocol/semaphore/pull/282

CLI

The Semaphore CLI also supports Sepolia and Arbitrum Goerli now. The commands try to use the Semaphore subgraphs when available, otherwise they use SemaphoreEthers. The template has been updated in accordance with the Semaphore boilerplate.

PRs: https://github.com/semaphore-protocol/semaphore/pull/281, https://github.com/semaphore-protocol/semaphore/pull/283

OpenZeppelin relay

The Semaphore boilerplate integrated a new relay (no need to deploy backend code anymore!). Relays are a key component in zero-knowledge applications. In order to preserve the user's anonymity, applications need a relay to post the proof transaction to Ethereum (where all transactions are public) on behalf of the user. OpenZeppelin Defender has been used to:

  1. Create a OZ Relay for Arbitrum Goerli to send transactions via a regular HTTP API, which takes care of private key secure storage, transaction signing, nonce management, gas pricing estimation, and resubmissions.
  2. Create a OZ Autotask to run a code snippet via webhooks and trigger the OZ Relay:
const { DefenderRelayProvider, DefenderRelaySigner } = require('defender-relay-client/lib/ethers');
const { ethers } = require('ethers');

exports.handler = async function(event) {
    const { body } = event.request;
  
	console.info(body)

	if (!body || !body.abi || !body.address || !body.functionName || !body.functionParameters) {
    	throw Error("The request body was not formatted correctly")
    }
  
  	const { abi, address, functionName,  functionParameters } = body

    const provider = new DefenderRelayProvider(event);
    const signer = new DefenderRelaySigner(event, provider, { speed: 'fast' });

    const contract = new ethers.Contract(address, abi, signer);

    const tx = await contract[functionName](...functionParameters);

    return tx.wait();
}

This code can be used for any contract and function, but you are free to customize it or set a whitelist in your relay.

PR: https://github.com/semaphore-protocol/boilerplate/pull/36

   🚀 Features

   🐞 Bug Fixes

   ♻️ Refactoring

    View changes on GitHub
semaphore - v3.2.3

Published by github-actions[bot] over 1 year ago

No significant changes

    View changes on GitHub
semaphore - v3.2.2

Published by github-actions[bot] over 1 year ago

   🐞 Bug Fixes

    View changes on GitHub
semaphore - v3.2.1

Published by github-actions[bot] over 1 year ago

No significant changes

    View changes on GitHub
semaphore - v3.2.0

Published by github-actions[bot] over 1 year ago

📣 Important news

Testnet networks

We are excited to announce that Semaphore is now available in the following testnet networks: Sepolia, Mumbai and Optimism Goerli. Please, check the contract addresses in our documentation. We will work to deploy the contracts on the mainnets as soon as possible!

New Semaphore package

⚠️ @semaphore-protocol/subgraph package has been replaced by @semaphore-protocol/data, which contains the former subgraph class (now SemaphoreSubgraph) and a new class (SemaphoreEthers). SemaphoreEthers supports all Ethers providers and networks and thus provides devs with a more flexible and simple solution to directly fetch on-chain data, potentially more convenient in the early stages of development.

Please, check out its README file for more information.

PR: https://github.com/semaphore-protocol/semaphore/pull/264
Special thanks to @vplasencia for the idea!

New subgraph endpoints

Semaphore discontinued TheGraph Hosting Service and is using TheGraph Studio now. You can find the new endpoints in our subgraph repository. New endpoints for Mumbai and Optimism Goerli are also available!

More security

⚠️ The hash function for generating Semaphore identities from secret messages has been updated to add an additional layer of security. Thus, the secret values of identities generated from v3.2.0 will be different from previous versions. The Semaphore core libraries (identity, group, proof) will not have any breaking changes in the future unless there are major bugs.

PR: https://github.com/semaphore-protocol/semaphore/pull/262
Special thanks to @vimwitch!

More efforts on packages' size

We know that package size is a key issue in adoption, especially in countries where connectivity is still slow. @semaphore-protocol/identity package's size has been drastically reduced, decreasing from 1.2 MB to 114.6 kB. Check out the progress on Bundlephobia!

PR: https://github.com/semaphore-protocol/semaphore/pull/271
Special thanks to @vimwitch!

Semaphore benchmarks

Semaphore has a new repository to collect benchmarks. Currently there is a simple web page that can be used to test the speed of generating a Semaphore proof in your devices. Try generating a Semaphore proof yourself on https://benchmarks.semaphore.appliedzkp.org!

   🚀 Features

   ♻️ Refactoring

    View changes on GitHub
semaphore - v3.1.0

Published by github-actions[bot] over 1 year ago

   🚀 Features

    View changes on GitHub
semaphore - v3.0.0

Published by cedoor over 1 year ago

Changelog

🚀 New Features

Semaphore CLI

Your Semaphore project can now be created with a simple command-line tool. For more information see the README file of our package or try our new Quick Setup in our documentation. Currently it can be used to create a project with Hardhat and Semaphore contracts (cli-template-hardhat) but we plan to integrate new templates (e.g. Foundry template).

By @cedoor in https://github.com/semaphore-protocol/semaphore/pull/191, https://github.com/semaphore-protocol/semaphore/pull/220, https://github.com/semaphore-protocol/semaphore/pull/228

Semaphore Hardhat plugin

The Hardhat plugin for Semaphore can be used to deploy the Semaphore.sol contract with a simple Hardhat task. For more information see the README file of our package.

By @cedoor in https://github.com/semaphore-protocol/semaphore/pull/140

🐛 Bug Fixes

Editor’s entity may be overwritten (V-SEM-VUL-003)

If an entity’s editor is overwritten, that entity would no longer be able to add or remove whistleblowers in the future. A malicious actor could therefore use createEntity to disrupt the expected operation of the contract.

For more information see the Github issue or read the Veridise report below.

By @cedoor in https://github.com/semaphore-protocol/semaphore/pull/199 (bug found by Veridise)

merkleRootDuration cannot be changed (V-SEM-VUL-007)

The admin might not know an appropriate value for the merkleRootDuration and may like to change it if the the initial value is inconvenient. In addition, under certain circumstances a poorly chosen value could cause verifyProof to fail.

For more information see the Github issue or read the Veridise report below.

by @cedoor in https://github.com/semaphore-protocol/semaphore/pull/208 (bug found by Veridise)

Infinite loop if input array is too large (V-SEM-VUL-006)

If an admin adds more than 255 members, the infinite loop will consume all of the transaction’s gas and then revert. This therefore can waste a user’s funds.

For more information see the Github issue or read the Veridise report below.

by @cedoor in https://github.com/semaphore-protocol/semaphore/pull/205 (bug found by Veridise)

Different checks used to determine if group exists (V-SEM-VUL-010)

In the unlikely scenario that the group exists and the root hash is 0, legitimate verify, update, and remove transactions would get rejected until the root hash changes.

For more information see the Github issue or read the Veridise report below.

by @cedoor in https://github.com/semaphore-protocol/semaphore/pull/206 (bug found by Veridise)

No zero value validation (V-SEM-VUL-001)

First, this value allows the creator of a group guaranteed access to the group. In certain circumstances this may be undesired (for example if the admin is not the group creator such as if the admin is a DAO that votes on who to add/remove or if an admin is changed) as the original creator has a permanent method of influencing the application that uses the groups. There are similar methods an admin (who might not be the group creator) can use without the zeroValue but these (1) are more visible as adding members is a matter of public record and (2) can be undone by removing the user.

Second, if common values such as 0 are repeatedly used and the identity commitment of this value is eventually compromised, such a user would be able to gain membership to all groups that use this value as the zeroValue.

For more information see the Github issue or read the Veridise report below.

By @cedoor in https://github.com/semaphore-protocol/semaphore/pull/197 (bug found by Veridise)

Minor bug fixes

♻️ Refactoring

One Verifier to rule them all

The old SemaphoreCore.sol contract allowed zero-knowledge proofs to be verified using 17 other Verifier.sol contracts, each of which contained the same functions but with different parameters generated according to the depth of the Merkle tree. The new SemaphoreVerifier.sol contract contains the same functions and an array of parameters that differ in the Verifier.sol contracts, thus not duplicating the code and reducing the number of lines of code by about 3800. Deploying Semaphore contracts on other networks therefore becomes extremely cheaper.

By @cedoor in https://github.com/semaphore-protocol/semaphore/pull/166, https://github.com/semaphore-protocol/semaphore/pull/168

New Poseidon library

@semaphore-protocol/identity now uses poseidon-lite, a stripped down Poseidon implementation pulled from circomlibjs v0.0.8. This made it possible to drastically reduce code previously imported from the circomlibjs library that was not actually used.

By @cedoor in https://github.com/semaphore-protocol/semaphore/pull/173 (thanks to @vimwitch)

Minor changes

Migration

Some functions of the contracts and JavaScript libraries have been revised to make the dev experience smoother. Below are details of the changes to simplify your migration from v2.6.1 to v3.

@semaphore-protocol/contracts

SemaphoreVerifier.sol

The old Verifier contracts and the SemaphoreCore.sol contract were replaced by a single SemaphoreVerifier.sol contract, which contains a single external function to verify proofs. The old verifier parameter (the verifier contract address) was replaced by merkleTreeDepth.

- _verifyProof(signal, merkleTreeRoot, nullifierHash, externalNullifier, proof, verifier);
+ verifier.verifyProof(merkleTreeRoot, nullifierHash, signal, externalNullifier, proof, merkleTreeDepth);

SemaphoreGroups.sol

The zero value required for the Merkle trees of groups is now created internally based on the group id.

- _createGroup(groupId, merkleTreeDepth);
+ _createGroup(groupId, merkleTreeDepth, zeroValue);

Semaphore.sol

According to the new SemaphoreVerifier.sol contract, the constructor of Semaphore.sol only needs one address now.

- constructor(Verifier[] memory _verifiers) {
-   for (uint8 i = 0; i < _verifiers.length; ) {
-     verifiers[_verifiers[i].merkleTreeDepth] = IVerifier(_verifiers[i].contractAddress);
-
-     unchecked {
-       ++i;
-     }
-   }
- } 
+ constructor(ISemaphoreVerifier _verifier) {
+   verifier = _verifier;
+ }

According to the new SemaphoreGroups.sol contract, the createGroup function only needs three or four parameters now.

- createGroup(groupId, merkleTreeDepth, admin);
+ createGroup(groupId, merkleTreeDepth, zeroValue, admin);

- createGroup(groupId, merkleTreeDepth, admin, merkleTreeDuration);
+ createGroup(groupId, merkleTreeDepth, zeroValue, admin, merkleTreeDuration);

@semaphore-protocol/identity

Get the identity commitment

The identity commitment is generated in the constructor of the class, so that it is immediately available as an accessor property together with trapdoor a nullifier.

import { Identity } from "@semaphore-protocol/identity"
import { Group } from "@semaphore-protocol/group"

const identity = new Identity()
const group = new Group(1)

- group.addMember(identity.generateCommitment())
+ group.addMember(identity.commitment)

@semaphore-protocol/group

Create a group

The constructor parameters of the Group class are in accordance with the parameters of the createGroup function of the Semaphore.sol contract. The first parameter is the group id (required), and the second is the depth of the Merkle tree (optional). The zero value, as in Semaphore.sol, is created internally and is the Keccak hash of the group id.

import { Group } from "@semaphore-protocol/group"

const groupId = 1

- const group = new Group()
+ const group = new Group(groupId)

@semaphore-protocol/proof

Generate/Verify a proof

It is no longer necessary to call the packToSolidityProof function, the proof generated with the generateProof function (i.e. fullProof.proof) can be verified by both on-chain and off-chain verifier functions now.

import { generateProof } from "@semaphore-protocol/proof"

const fullProof = await generateProof(
  identity,
  group,
  externalNullifier,
  signal,
  {
    zkeyFilePath: "./semaphore.zkey",
    wasmFilePath: "./semaphore.wasm",
  }
)

- const solidityProof = packToSolidityProof(fullProof.proof)

The outuput of generateProof has been revised so that it contains exactly the parameters needed for the verifier functions (the on-chain one also requires the group id).

- fullProof.publicSignals.merkleTreeRoot
- fullProof.publicSignals.nullifierHash
- fullProof.publicSignals.signalHash
- fullProof.publicSignals.externalNullifier
- solidityProof
+ fullProof.merkleTreeRoot
+ fullProof.nullifierHash
+ fullProof.signal
+ fullProof.externalNullifier
+ fullProof.proof

Also, the function to verify off-chain proofs does not need any JSON file, but only the proof and the depth of the tree.

import { verifyProof } from "@semaphore-protocol/proof"
 
- const verificationKey = JSON.parse(fs.readFileSync("/semaphore.json", "utf-8"))
- 
- await verifyProof(verificationKey, fullProof)
+ await verifyProof(fullProof, 20)

Audit

Semaphore v3 was formally audited and verified by our friends at Veridise. You can read the full report here: Veridise Auditing Report - Semaphore version 3.0.

Package Rankings
Top 1.94% on Npmjs.org
Related Projects
chainlink

node of the decentralized oracle network, bridging on and off-chain computation

20 Nov 2017 6,974
vea

Vea bridge

07 Nov 2022 10
prettier-plugin-solidity

A Prettier plugin for automatically formatting your Solidity code.

15 May 2018 730
hardhat-template

Hardhat-based template for developing Solidity smart contracts

06 Jul 2020 1,939
cannon

Manage EVM protocol deployments. Inspired by Docker, Terraform, and npm.

12 Jul 2022 77
Waffle

Library for writing and testing smart contracts.

16 Jul 2018 959
hardhat-js-starterkit

hardhat environment starterkit for testing and deployment of smart contracts

10 May 2021 17
solady

Optimized Solidity snippets.

16 Jul 2022 2,218
solidity

Solidity, the Smart Contract Programming Language

17 Aug 2015 22,570
solidity-examples

Loose collection of Solidity example code

11 Nov 2016 532
democracy

Tools for peer-to-peer privacy with Ethereum and AZTEC

22 Feb 2016 44
tevm-monorepo

Devnet, bundler and LSP for Solidity and TypeScript that runs in the browser

14 Feb 2023 165
balancer-v2-monorepo

Balancer V2 Monorepo

19 Aug 2020 287
eth.rb

a straightforward library to build, sign, and broadcast ethereum transactions anywhere you can ru...

29 Nov 2021 201
scribble

Scribble instrumentation tool

04 Dec 2020 313