Overview

ZAP is the first Zero-Knowledge Attestation Protocol built on Mina. It's a module-based, scalable and intuitive protocol that enables developers to build privacy-preserving applications on Mina by using ZkOracles.

At the core, ZAP is a standardization of the usage of ZkOracles by providing a robust attestation-verification system for zkApps on Mina.

If you are not familiar with ZkOracles please read the What are (Zk)Oracles? introduction first.

What is ZAP?

Mina unlocks a variety of new applications thanks to the use of zero knowledge. Specifically, there's a lot of new potential zkApp's use cases by being able to verify some kind of attestation based on private datas from outside of Mina.

ZkOracles solves most of the current problems faced by Oracles while providing a trustless and privacy-preserving way to interact with the real world. But each zkApp has to implement its own ZkOracles verification system which is a complex and time-consuming task.

There's less separation of concerns that adds unnecessary complexity: this often leads to less secure and less reliable protocols because of the lack of standardization.

We want to separate the complexity of using ZkOracles so that:

• zkApps developers can focus on building their application without having to worry about the Oracle part.
• Oracle developers can focus on building ZAP sources without having to worry about the Zk part.
• Users can use zkApps while having a standard, transparent and comprehensible format of the process.

For this, ZAP introduces a new attestation-verification standard: it aims to be another layer of abstraction on top of Mina that allows developers to easily create and use zk-attestations on Mina about any kind of data with minimal effort and maximum flexibility. It abstracts the whole Oracle systems to reduce the complexity of using ZkOracles.

With ZAP, zkApps developers can focus on the logic rules by creating statements, and users can use zkApps by creating attestations of these statements. You can let ZAP handle the rest!

Currently, we need to restrict the potential data sources by using only ZAP Sources. ZAP provides a default Airstack Ethereum Source as a first example, but anyone can build and use new ZAP Sources. Please refers to the ZAP Sources page.

Contributing to the whole Mina Ecosystem

ZAP is a non-profit solution and operates as a public good for the Mina ecosystem.

ZAP aims to be integrated in many different projects in the Mina ecosystem. We specifically want to focus on the following points:

1. Streamlined Development: ZAP simplifies the creation of zero-knowledge attestation about any kind of data on Mina, making development of complex zkApps more accessible for developers.
2. Improved User Experience and Safety: ZAP has a strong focus on user experience. It aims to provide an open-source attestations explorer, allowing both users and developers to easily interact and verify attestation's informations without the need to build extra infrastructures.

What is a Zero-Knowledge Attestation ?

To fully understand what is the abstraction behind ZAP, we need to understand what is a statement, an attestation, and a zero-knowledge proof.

• Statement: a logical expression that contains one or more variables and that can be either true or false.
• Attestation: the truth value of a statement when all the variables of that statement are given a value.

Zero-Knowledge Proofs are a novel type of cryptographic proofs that have two components: a prover and a verifier. The prover generates a proof based on both private and public inputs, and the verifier is able to verify the validity of the proof based on the public inputs only.

We can directly see the use case of zero-knowledge Proofs in the context of attestations: the user wants to prove that a statement is true, i.e. create an attestation, but without revealing all the variables values, and the verifier is the end-application that wants to use the attestation to verify the truth value of the statement. This is a significant step in the direction of privacy-preserving applications, and this is what ZAP and Mina is all about!

Mina Protocol

Mina is a lightweight and efficient blockchain, with a focus on privacy with the ability to develop zkApps.

Here's the key characteristics of Mina:

1. Lightweight Blockchain: Mina's constant-sized blockchain ensures scalability.
2. Zero-knowledge primitives: Mina possess all the needed cryptographic primitives in order to easily build zkApps.
3. Decentralized and Secure: Mina's robust security and decentralization are critical for the reliability and trustless nature of any privacy preserving application.

Mina provides a strong foundation that abstract lots of complex cryptography and blockchain concepts.

Use cases

ZAP's flexibility and privacy-preserving nature open up numerous possibilities across different sectors, encouraging innovation while safeguarding user data. While we provides some examples here, we are more than excited to see what you will build with it!

The main idea to keep in mind is that ZAP allow you to verify some kind of information about your users in a privacy-preserving way.

Be careful that the smaller the set of possible private data is, the easier it is to deanonymize the user. For example, "Owner of a specific NFT" is a very small set, and it's easy to restrict the set of possible values (especially when combining with other condition).

On-chain

• Proof of Holding: Verify asset holdings without exposing amounts.
• Proof of Profit: Confirm profitable wallet without revealing address.
• Proof of Activity: Validate user activity on the blockchain, such as volume or transaction count.
• Proof of Ownership: Attest to owning specific tokens or NFTs (ERC20, ERC721, etc.).

Off-chain / Web2

• Signatures (Email, ...): Verify the authenticity of digital communications.
• API Keys/Auth Tokens/Session Keys: Confirm valid authentication without exposing the actual credentials.
• Membership: Validate membership status in private organizations or companies.

Decentralized identity

Prove identity claims without revealing sensitive personal information, useful for building sybil-resistant applications, reputation systems, proof of humanity, ...

Additional Ideas

Some additional ideas that can use ZAP:

• Educational Credentials: Verify academic achievements.
• Employment History: Confirm past employment without detailing specific roles, locations, teams, ...
• Age Verification: Attest legal age requirements are met.
• Location Verification: Verify geographical compliance.
• Supply Chain Authenticity: Attest to the origin of products in a supply chain.
• Compliance: Demonstrate adherence to regulations (Zk-Kyc, ...)
• Subscription: Verify access rights to subscription-based services.
• Social Influence Verification: Validate follower counts anonymously.
• Energy Consumption Validation: Confirm energy usage for eco-incentives.
• ... and many more!

Official example: Credit-score attestation

Let's review the official Mina Oracle example (opens in a new tab) where an user wants to attest that he has more than 700 credit score (provided by a specific API). We see that this process is quite complex and requires a lot of steps to be done by the user:

• Development of an HTTP API
  • Generation and handling of the oracle keys
  • Development of the API endpoints with signed responses
  • Deployment and maintenance of the API (Point of failure if non-decentralized)
• Development of a smart contract
  • Verification of the oracle signatures
  • Need to develop a new smart contract for each new statement to attest
  • Emit events (and handle them in frontend)

As we can see this approach is not really scalable and requires a lot of work from the developer. In the example, the condition is manually checked in the smart contract:

// Check that the provided credit score is greater than 700
creditScore.assertGreaterThanOrEqual(Field(700));

There's no upgradability, and the developer needs to new logic in the smart contract and redeploy each time he wants to attest a new statement.

With ZAP, the developer can focus on the logic of the statement and let ZAP handle the rest. The developer can create a new statement in a few lines of code (simplified):

// Necessary values
const sourceKey: PublicKey = ...; // Price Oracle ZAP Source
const minaWallet: PublicKey = ...; // user's Mina wallet
 
// Define statement to verify
// "The price of ETH is greater than 3000 USD based on the Price Oracle"
let statement: Statement = {
  sourceKey: sourceKey.toBase58(),
  route: {
    path: "/api/v1/price",
    args: {
      symbol: "ETH",
      currency: "USD",
    },
  },
  condition: {
    type: ConditionType.GT,
    targetValue: 3000,
  },
};
 
// Fetch the response of the source for the specific route
const private_response = await post(
  `${ORACLE_ENDPOINT}${statement.route.path}`,
  statement.route.args
).data as SignResponse;
 
let attestation: Attestation = new Attestation({
  statement,
  address: minaWallet
});
 
// Generate the proof in the browser
await attest.zapWorkerClient.createGenerateAttestationTransaction(attestation);
await attest.zapWorkerClient.proveGenerateAttestationTransaction();
 
// Send transaction to the ZAP Verifier contract
const transaction = await attest.zapWorkerClient.getTransactionJSON();
const { hash } = await window.mina.sendTransaction(transaction);
 
// Wait for 'verified' event matching the corresponding attestation

Because we can define a common interface for all the oracles, we plan to provide a single package that will simplify the process for the developer by providing helpers to create the statements and attestations, handling the oracle calls, verification of the proofs and frontend integration.

Project status

Currently, ZAP is in-development and should not be used in production at the moment. Use at your own risk and please report any issue you encounter.

You can track the majors milestones of the project in the Project Milestones page. You are free to contribute to the project, and we will be happy to review your pull requests.

References

• Mina Documentation (opens in a new tab)