Usage Guide
This guide provides a step-by-step walkthrough on how to use the ZK Email Verifier. It covers the process from converting your email to regex to creating your zero-knowledge proof for email verification. The guide assumes you have already installed the necessary packages as outlined in the Installation Guide. If you haven't done so, please refer to the Installation Guide first.
For an easy setup, we suggest utilizing Zkrepl, a playground for compiling and testing your circuits in the early stages of development. Additionally, explore our Proof of Twitter guide for a practical demonstration on how to leverage our SDKs to construct your own circuits.
Step 1: Create the Regex File
Transform your target email string into a regex format and compile it into a regex.circom file. For guidance, visit our zk-regex repository.
Use our tool to convert regex into circom code: zkregex.com
Step 2: Implementing the Circuits
Next, use email-verifier.circom from the zk-email/circuits package to create your zk circuit to verify the DKIM signature.
To set up your own circuit for the email-verifier, you can follow these steps:
Include the
email-verifier.circomfile from the@zk-email/circuitspackage as well as theregex.circomfile that was generated from Step 1 of this guide.Create a template for your circuit, let's call it
MyCircuit.Define the input signal for your circuit.
Add any necessary witnesses and constraints for regex (learn more about how to setup regex here)
Define the output signal, which will be public.
Instantiate the EmailVerifier component within your
MyCircuittemplate.
NOTE: For teams using the email verifier circuit with the ignoreBodyHashCheck option disabled, please be aware of an important consideration. If you are conducting a body hash check within your own circuit configurations, it is essential to implement AssertZeroes for all characters beyond the specified limit.
AssertZeroPadding(maxBodyLength)(emailBody, emailBodyLength + 1)
maxBodyLength: maximum number of bytes that the email body can occupy.
emailBody: email body content that has been padded to meet the required size for processing.
emailBodyLength: length of the email body data including the padding.
Here's an example of how you can set up your own circuit:
Step 3: Compile your circuit
To compile the circuit locally, you need to have Rust and Circom installed first. You can visit this link to install both https://docs.circom.io/getting-started/installation/#installing-dependencies
Note: You can add -l to specify the directory where the directive include should look for the circuits indicated. For our repo use circom -l node_modules instead of circom. Additionally, we generally recommend using the --O0 flag for optimization during compilation for beginners. However, if you're more experienced with Circom, feel free to use the --O1 flag instead. It's important to avoid using the --O2 flag as that is the default setting and it may lead to the deletion of additional constraints.
After running this command, the circuit will be compiled into a .r1cs file, a .wasm file, and a .sym file. These files are used in the next steps to generate the proving and verifying keys, and to compute the witness.
Step 4: Generate Circuit Inputs
The second step in the zkEmail verification process is to generate the necessary circuit inputs. This involves parsing the email headers to extract the required information.
The required information includes the RSA signature, public key, body of the email, and hash of the email body. To do this, create a directory named 'emls' and place the raw email inside it.
Next, create an inputs.ts file. In this file, you will use the generateEmailVerifierInputs function from the @zk-email/helpers package.
Here is a sample code snippet from our proof-of-twitter example to guide you:
To generate the input.json file, run the following command:
Note: Increasing the emailHeaderLength or emailBodyLength sizes will increase the time required for compiling and creating proving keys.
Step 5: Compute the Witness
The process of creating a proof involves ensuring that all signals in the file adhere to the existing constraints. This is achieved by computing the witness using the Wasm file generated during compilation.
Navigate to the MyCircuit_js file and incorporate the input.json file that was produced in Step 2. Execute the following command in your terminal:
This operation will produce a file named 'witness.wtns'. This file is encoded in a format that is compatible with the snarkjs library. In the following steps, we will utilize snarkJs to initiate the proof creation process.
Step 6: Proving the Circuit
The next step involves using the snarkjs command-line tool to generate the keys and the verifier contract. If you haven't installed snarkjs globally, you can do so by running npm install -g snarkjs.
The generation of the zk proof requires a trusted setup, which includes the powers of tau ceremony and phase 2. Click here to read more about Trusted Setup.
Firstly, you need to determine the constraint size of your circuit. You can do this by running the following command:
Memory Allocation for snarkjs
To avoid out-of-memory errors in snarkjs for large circuits, increase Node.js memory with node --max-old-space-size=<size>, where <size> is in kilobytes.
Powers of Tau
You can download the ptau file directly from Google Cloud Platform using the following command:
Phase 2
To run Phase 2 of the trusted setup refer to this link: https://github.com/iden3/snarkjs
Step 7: Verify your circuit
After this process you should get three files
the proving key(vkey)
proof.json
public.json
You can use these files to verify your circuit.
Off-chain Verification
To verify your proof run:
The command uses the files verification_key.json we exported earlier,proof.json and public.json to check if the proof is valid. If the proof is valid, the command outputs an OK.
On-chain Verification
To create a solidity verifier that allows you to verify your proof on the ethereum blockchain, run:
This will generate a verifier.sol contract.
Last updated