The Hydra-S1 ZK Proving Scheme is the first proving scheme of the Hydra Family:
  • Hydra = using Hydra Delegated Proof of ownership (via commitment mapper)
  • S1 = Single source (only one source account), variant number 1
It enables users to prove, in one ZK Proof, that for a given ticket identifier (aka external nullifier) and for a defined Registry Merkle Tree filled with Accounts Trees:
  • They own 2 accounts
  • The source account is part of an accounts tree (Accounts Tree Merkle Proof)
  • This accounts tree was registered in a registry tree with a specific value (Registry Tree Merkle Proof)
  • A claim about their source account value is true:
    • e.g: "my account value is superior to 5" (non strict claim)
    • or "my account value is strictly equal to 5" (strict claim)
  • They correctly generated a userTicket (aka nullifierHash) by hashing the ticketIdentifier (a.k.a externalNullifier) with the secret from the source account (a.k.a IdNullifier)
The user ticket (a.k.a nullifierHash) can be stored by the verifier to make sure that a user cannot use two ZKPs for the same ticket identifier (a.k.a externalNullifier)
The Hydra-S1 ZK Proving Scheme is used by the Hydra S1 Attesters of the Sismo Protocol.
In the Hydra S1 Simple Attester, we use the Hydra S1 proving scheme to let a user:
  • Prove they own a source account that's part of a specific Group of accounts identified by a group identifier. (the accounts tree value in the registry tree = groupIdentifier)
  • Prove they own a destination account (that will receive the destination)
  • Make a claim about the value of the account inside the Group.
  • generate a userTicket that will be saved on-chain inside the attester.
The ticketIdentifier is defined as being the group identifier. This makes sure a user cannot generate two attestations per groups.
All these steps are executed inside the hydra-s1 circom circuit which is available here.
Copy link