Sismo Docs


The Hydra-S1 ZK Proving Scheme is the first proving scheme of the Hydra Family:
  • Hydra = using Hydra Delegated Proof of ownership (via commitment mapper)
  • S1 = Single Source, Version 1: one group membership verification
It enables users to prove, in one ZK Proof, that for a given external nullifier and for a defined Registry Merkle Tree filled with Accounts Trees:
  • They own 2 accounts
  • The source account is part of an accounts tree (Accounts Tree Merkle Proof)
  • This accounts tree was registered in a registry tree with a specific value (Registry Tree Merkle Proof)
  • A claim about their source account value is true:
    • e.g: "my account value is superior to 5" (non strict claim)
    • or "my account value is strictly equal to 5" (strict claim)
  • They correctly generated a nullifier by hashing the externalNullifier with the secret from the source account (a.k.a IdNullifier)
The nullifier can be stored by the verifier to make sure that a user cannot use two ZKPs for the same external nullifier.
The Hydra-S1 ZK Proving Scheme is used by the Hydra S1 Attesters of the Sismo Protocol.
In the Hydra S1 Simple Attester, we use the Hydra S1 proving scheme to let a user:
  • Prove they own a source account that's part of a specific Group of accounts identified by a group identifier. (the accounts tree value in the registry tree = groupIdentifier)
  • Prove they own a destination account (that will receive the destination)
  • Make a claim about the value of the account inside the Group.
  • generate a nullifier that will be saved on-chain inside the attester.
The externalNullifier is defined as being the group identifier. This makes sure a user cannot generate two attestations per groups.
All these steps are executed inside the hydra-s1 circom circuit which is available here.