Pythia ZK Proving Scheme
In ancient Greek religion, Pythia was the oracle of Apollo’s temple at Delphi.
The Pythia Family bundles proving schemes enabling users to prove off-chain data provided by a centralized service while preserving their privacy.
A Proving Scheme has a prover that is able to generate proofs for a verifier that can verify their validity.
In the Pythia-1 Proving Scheme, the user will interact with the off-chain service using a Blind Signature Scheme to retrieve their data in a privacy preserving way.
The user frontend (prover) can then create a ZK Proof.
The verifier is an on-chain smart contract, called a Pythia-1 Verifier. The Pythia-1 Verifier is a smart contract that will verify the ZK proof and return its validity in the form of a True or False statement.
You can see the Pythia-1 Proving Scheme in the following schema that will be explained in the next section.
Pythia-1 Proving Scheme
The Pythia-1 Proving Scheme works as follows:
- 1.A user generates a commitment on his frontend (the Poseidon hash of a secret). The secret is randomly generated by the frontend.
2. The commitment is sent to the off-chain service API (can be a KYC Provider, DegenScore, Twitter, Github…)
3. The off-chain service retrieves the user data with the user consent, it can be a KYC registration or an account verification for example.
5. The Commitment Receipt is sent to the user frontend.
6. In the frontend, the ZK Proof is generated from private and public inputs:
- Private inputs
- the secret
- the value
- the Commitment Receipt
- Public inputs
- the groupId for the badge
- a nullifier that can be stored on-chain for a sybil-resistant badge
- the public key of the off-chain service
7. The proof is then sent on-chain to the verifier contract.
8. The verifier contract verifies the ZK proof on-chain.