Skip to content

feat: add oprf to enable salted nullifier #135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
saleel merged 9 commits into from
Apr 27, 2026
Merged

feat: add oprf to enable salted nullifier #135

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
0bf0d9b
feat: add oprf circuits
saleel Mar 9, 2026
1c1f401
Merge remote-tracking branch 'origin/main' into saleel/oprf-2
saleel Apr 7, 2026
87ec114
chore: add solidity changes fo roprf
saleel Apr 17, 2026
3eeb91b
Merge remote-tracking branch 'origin' into saleel/oprf-2
saleel Apr 17, 2026
797245e
chore: fix for beta20
saleel Apr 17, 2026
317ab9e
fix: tests
saleel Apr 23, 2026
6669ace
chore: update utils package version
saleel Apr 26, 2026
9fc3b27
chore: update oprf-nr tag
saleel Apr 27, 2026
d7bdea9
Merge branch 'main' into saleel/oprf-2
saleel Apr 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Nargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ members = [
"src/noir/bin/exclusion-check/sanctions/evm",
"src/noir/bin/facematch/ios/standard",
"src/noir/bin/facematch/ios/evm",
"src/noir/bin/oprf-auth",
"src/noir/bin/sig-check/dsc/tbs_700/ecdsa/nist/p192/sha1",
"src/noir/bin/sig-check/dsc/tbs_700/ecdsa/nist/p192/sha256",
"src/noir/bin/sig-check/dsc/tbs_700/ecdsa/nist/p192/sha384",
Expand Down
2 changes: 1 addition & 1 deletion jest.config.cjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,5 @@ module.exports = {
},
],
},
transformIgnorePatterns: ["node_modules/(?!(\\.bun|@zkpassport|@noble)/)"],
transformIgnorePatterns: ["node_modules/(?!(\\.bun|\\.pnpm|@zkpassport|@noble|@taceo)/)"],
}
79 changes: 75 additions & 4 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
"@types/node": "^22.10.1",
"@types/node-forge": "^1.3.11",
"@zkpassport/poseidon2": "^0.6.1",
"@zkpassport/utils": "^0.35.0",
"@zkpassport/utils": "0.36.0-beta.1",
"aws-cdk": "^2.176.0",
"aws-cdk-lib": "^2.176.0",
"babel-jest": "^29.7.0",
Expand Down
8 changes: 5 additions & 3 deletions src/noir/bin/bind/evm/src/main.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,14 @@ fn main(
// provided to the proof is correct
data: [u8; 509],
nullifier_secret: Field,
oprf_proof: commitment::OPRFProof,
service_scope: pub Field,
service_subscope: pub Field,
) -> pub (Field, Field, Field) {
) -> pub (Field, Field, Field, Field) {
// Check the ID is not expired
check_expiry_from_date(salted_expiry_date.value, current_date);

let (nullifier, nullifier_type) = nullify(
let (nullifier, nullifier_type, oprf_pk_hash) = nullify(
comm_in,
salted_dg1,
salted_expiry_date,
Expand All @@ -32,9 +33,10 @@ fn main(
service_scope,
service_subscope,
nullifier_secret,
oprf_proof,
);
// Use SHA2-256 to calculate the parameter commitment so the parameter commitment can be
// reconstructed by verifiers on EVM chains
let param_commitment = calculate_param_commitment_sha2(data);
(param_commitment, nullifier_type, nullifier)
(param_commitment, nullifier_type, nullifier, oprf_pk_hash)
}
8 changes: 5 additions & 3 deletions src/noir/bin/bind/standard/src/main.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,14 @@ fn main(
// provided to the proof is correct
data: [u8; 509],
nullifier_secret: Field,
oprf_proof: commitment::OPRFProof,
service_scope: pub Field,
service_subscope: pub Field,
) -> pub (Field, Field, Field) {
) -> pub (Field, Field, Field, Field) {
// Check the ID is not expired
check_expiry_from_date(salted_expiry_date.value, current_date);

let (nullifier, nullifier_type) = nullify(
let (nullifier, nullifier_type, oprf_pk_hash) = nullify(
comm_in,
salted_dg1,
salted_expiry_date,
Expand All @@ -33,8 +34,9 @@ fn main(
service_scope,
service_subscope,
nullifier_secret,
oprf_proof,
);
// Use Poseidon2 to calculate the parameter commitment so the prover has less work to do
let param_commitment = calculate_param_commitment(data);
(param_commitment, nullifier_type, nullifier)
(param_commitment, nullifier_type, nullifier, oprf_pk_hash)
}
8 changes: 5 additions & 3 deletions src/noir/bin/compare/age/evm/src/main.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,10 @@ fn main(
// If the maximum age is 0, it is not checked
max_age_required: u8,
nullifier_secret: Field,
oprf_proof: commitment::OPRFProof,
service_scope: pub Field,
service_subscope: pub Field,
) -> pub (Field, Field, Field) {
) -> pub (Field, Field, Field, Field) {
// Check the ID is not expired
check_expiry(salted_dg1.value, current_date);

Expand All @@ -35,7 +36,7 @@ fn main(
max_age_required,
current_date,
);
let (nullifier, nullifier_type) = nullify(
let (nullifier, nullifier_type, oprf_pk_hash) = nullify(
comm_in,
salted_dg1,
salted_expiry_date,
Expand All @@ -45,9 +46,10 @@ fn main(
service_scope,
service_subscope,
nullifier_secret,
oprf_proof,
);
// Use SHA2-256 to calculate the parameter commitment so the parameter commitment can be
// reconstructed by verifiers on EVM chains
let param_commitment = calculate_param_commitment_sha2(min_age_required, max_age_required);
(param_commitment, nullifier_type, nullifier)
(param_commitment, nullifier_type, nullifier, oprf_pk_hash)
}
8 changes: 5 additions & 3 deletions src/noir/bin/compare/age/standard/src/main.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,10 @@ fn main(
// If the maximum age is 0, it is not checked
max_age_required: u8,
nullifier_secret: Field,
oprf_proof: commitment::OPRFProof,
service_scope: pub Field,
service_subscope: pub Field,
) -> pub (Field, Field, Field) {
) -> pub (Field, Field, Field, Field) {
// Check the ID is not expired
check_expiry(salted_dg1.value, current_date);

Expand All @@ -35,7 +36,7 @@ fn main(
max_age_required,
current_date,
);
let (nullifier, nullifier_type) = nullify(
let (nullifier, nullifier_type, oprf_pk_hash) = nullify(
comm_in,
salted_dg1,
salted_expiry_date,
Expand All @@ -45,8 +46,9 @@ fn main(
service_scope,
service_subscope,
nullifier_secret,
oprf_proof,
);
// Use Poseidon2 to calculate the parameter commitment so the prover has less work to do
let param_commitment = calculate_param_commitment(min_age_required, max_age_required);
(param_commitment, nullifier_type, nullifier)
(param_commitment, nullifier_type, nullifier, oprf_pk_hash)
}
8 changes: 5 additions & 3 deletions src/noir/bin/compare/birthdate/evm/src/main.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,17 +23,18 @@ fn main(
// If the maximum date timestamp is 0, it is not checked
max_date: u64,
nullifier_secret: Field,
oprf_proof: commitment::OPRFProof,
service_scope: pub Field,
service_subscope: pub Field,
) -> pub (Field, Field, Field) {
) -> pub (Field, Field, Field, Field) {
// Check the ID is not expired
check_expiry(salted_dg1.value, current_date);

let birthdate = get_birthdate(salted_dg1.value, current_date);
// Verify the birthdate of the ID holder
// Uses 1900 as the epoch year because birthdates can be before 1970 (the usual unix epoch)
compare_date(birthdate, min_date, max_date, 1900);
let (nullifier, nullifier_type) = nullify(
let (nullifier, nullifier_type, oprf_pk_hash) = nullify(
comm_in,
salted_dg1,
salted_expiry_date,
Expand All @@ -43,10 +44,11 @@ fn main(
service_scope,
service_subscope,
nullifier_secret,
oprf_proof,
);
// Use SHA2-256 to calculate the parameter commitment so the parameter commitment can be
// reconstructed by verifiers on EVM chains
let param_commitment =
calculate_param_commitment_sha2(PROOF_TYPE_BIRTHDATE, min_date, max_date);
(param_commitment, nullifier_type, nullifier)
(param_commitment, nullifier_type, nullifier, oprf_pk_hash)
}
8 changes: 5 additions & 3 deletions src/noir/bin/compare/birthdate/standard/src/main.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,17 +23,18 @@ fn main(
// If the maximum date timestamp is 0, it is not checked
max_date: u64,
nullifier_secret: Field,
oprf_proof: commitment::OPRFProof,
service_scope: pub Field,
service_subscope: pub Field,
) -> pub (Field, Field, Field) {
) -> pub (Field, Field, Field, Field) {
// Check the ID is not expired
check_expiry(salted_dg1.value, current_date);

let birthdate = get_birthdate(salted_dg1.value, current_date);
// Verify the birthdate of the ID holder
// Uses 1900 as the epoch year because birthdates can be before 1970 (the usual unix epoch)
compare_date(birthdate, min_date, max_date, 1900);
let (nullifier, nullifier_type) = nullify(
let (nullifier, nullifier_type, oprf_pk_hash) = nullify(
comm_in,
salted_dg1,
salted_expiry_date,
Expand All @@ -43,8 +44,9 @@ fn main(
service_scope,
service_subscope,
nullifier_secret,
oprf_proof,
);
// Use Poseidon2 to calculate the parameter commitment so the prover has less work to do
let param_commitment = calculate_param_commitment(PROOF_TYPE_BIRTHDATE, min_date, max_date);
(param_commitment, nullifier_type, nullifier)
(param_commitment, nullifier_type, nullifier, oprf_pk_hash)
}
16 changes: 9 additions & 7 deletions src/noir/bin/compare/expiry/evm/src/main.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,10 @@ fn main(
// If the maximum date timestamp is 0, it is not checked
max_date: u64,
nullifier_secret: Field,
oprf_proof: commitment::OPRFProof,
service_scope: pub Field,
service_subscope: pub Field,
) -> pub (Field, Field, Field) {
) -> pub (Field, Field, Field, Field) {
// Check the ID is not expired
check_expiry(salted_dg1.value, current_date);

Expand All @@ -33,11 +34,7 @@ fn main(
// Uses the usual unix epoch year of 1970 as the epoch year as expiry dates are in the future
// and for expired documents, the expiry date is still way after 1970
compare_date(expiry_date, min_date, max_date, 1970);
// Use SHA2-256 to calculate the parameter commitment so the parameter commitment can be
// reconstructed by verifiers on EVM chains
let param_commitment =
calculate_param_commitment_sha2(PROOF_TYPE_EXPIRY_DATE, min_date, max_date);
let (nullifier, nullifier_type) = nullify(
let (nullifier, nullifier_type, oprf_pk_hash) = nullify(
comm_in,
salted_dg1,
salted_expiry_date,
Expand All @@ -47,6 +44,11 @@ fn main(
service_scope,
service_subscope,
nullifier_secret,
oprf_proof,
);
(param_commitment, nullifier_type, nullifier)
// Use SHA2-256 to calculate the parameter commitment so the parameter commitment can be
// reconstructed by verifiers on EVM chains
let param_commitment =
calculate_param_commitment_sha2(PROOF_TYPE_EXPIRY_DATE, min_date, max_date);
(param_commitment, nullifier_type, nullifier, oprf_pk_hash)
}
12 changes: 7 additions & 5 deletions src/noir/bin/compare/expiry/standard/src/main.nr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,10 @@ fn main(
// If the maximum date timestamp is 0, it is not checked
max_date: u64,
nullifier_secret: Field,
oprf_proof: commitment::OPRFProof,
service_scope: pub Field,
service_subscope: pub Field,
) -> pub (Field, Field, Field) {
) -> pub (Field, Field, Field, Field) {
// Check the ID is not expired
check_expiry(salted_dg1.value, current_date);

Expand All @@ -34,9 +35,7 @@ fn main(
// Uses the usual unix epoch year of 1970 as the epoch year as expiry dates are in the future
// and for expired documents, the expiry date is still way after 1970
compare_date(expiry_date, min_date, max_date, 1970);
// Use Poseidon2 to calculate the parameter commitment so the prover has less work to do
let param_commitment = calculate_param_commitment(PROOF_TYPE_EXPIRY_DATE, min_date, max_date);
let (nullifier, nullifier_type) = nullify(
let (nullifier, nullifier_type, oprf_pk_hash) = nullify(
comm_in,
salted_dg1,
salted_expiry_date,
Expand All @@ -46,6 +45,9 @@ fn main(
service_scope,
service_subscope,
nullifier_secret,
oprf_proof,
);
(param_commitment, nullifier_type, nullifier)
// Use Poseidon2 to calculate the parameter commitment so the prover has less work to do
let param_commitment = calculate_param_commitment(PROOF_TYPE_EXPIRY_DATE, min_date, max_date);
(param_commitment, nullifier_type, nullifier, oprf_pk_hash)
}
Loading
Loading