npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

ew-precise-proofs-js

v1.2.0

Published

Energyweb Origin project's proof-of-concept Precise Proofs implementation and demo.

Downloads

1,335

Readme

NPM Version

Precise Proofs implementation

This is a JS npm package and some demo scripts for creating-, verifying- and getting started with Precise Proofs.

What are precise proofs?

Precise Proofs is a "privacy technique" based on Merkle trees to prove that some revealed parts of your document belong to the whole document without revealing other sensitive data For more information on Precise Proofs, please refer to EnergyWeb's Privacy wiki page.

This implementation was inspired by Centrifuge's Precise Proofs implementation in Go. In our version we emphasized improved security by:

  • making the leaf positions matter in the tree
  • adding the hash of the document schema to the tree as well

to prevent injection/duplicate key attacks and the prover to create phony proofs.

What do you find here?

  • A small npm package to create and verify proofs yourself
  • Examples (demos), which demonstrate the capabilities and possible vulnerabilities too (for educative purposes)

Maintainers

Primary: Adam Nagy (@ngyam)

Heiko Burkhardt (@hai-ko), who did the heavy lifting and should get the credit for creating this implementation.

Quickstart

In your project:

npm install ew-precise-proofs-js

Then in a JS project:

const {PreciseProofs} = require("ew-precise-proofs-js");
[...]

Or in a Typescript project:

import {PreciseProofs} from "ew-precise-proofs-js"
[...]

Unfortunately the code is not documented. For examples look into the demo files or read the good source. They are quite intuitive though.

console.log(PreciseProofs)
> { printTree: [Function],
  hash: [Function],
  getRootHash: [Function],
  sortLeafsByKey: [Function],
  sortSchema: [Function],
  canonizeValue: [Function],
  createMerkleTree: [Function],
  hashSchema: [Function],
  createExtendedTreeRootHash: [Function],
  createLeafs: [Function],
  createProof: [Function],
  verifyProof: [Function] }

Demos

After cloning the repo and installing dependencies, you can run the demo scripts with npm run demoX, where X should be replaced by the number of the demo you are interested in.

Demo 1

Simple proof generation and successful verification example which does not include the schema hash.

Demo 2

Simple proof generation with a bad proof and failed verification.

Demo 3

Demonstration of an identical key attack in the case you are not including the schema hash.

Lesson: you have to include the schema.

Demo 4

Demonstration that the prover can literally create any phony merkle roots and proofs if the schema hash is not included.

Lesson: again, you have to include the schema.

Demo 5

Extended proof generation and successful verification example which includes the schema hash.

Demo 6

How an identical key attack looks like if you include the schema hash.

Lesson: if you see a published commitment & schema with 2 identical keys, you should not trust any proof for that. In the implementation, a duplicate key attack is only possible for the key first in the "abc" order, otherwise the verification simply fails (leaf position matters).

Demo 7

Publishing the merkle root / schema as a commitment to Smart Contract, which the verifier can interact with.

  1. Prover publishes its commitment on-chain to a registry-like smart contract
  2. Prover creates a proof
  3. Prover sends the proof off-chain to the verifier
  4. Verifier reads the commitment on-chain and verifies the proof off-chain

Demo 8

Creating precise proof and using on-chain verifier to prove.

  1. Prover creates a proof
  2. Verifier uses on-chain verifier to prove the proof

Contributing

Please read contributing and our code of conduct for details.

Getting started

Prerequisites

  • node, npm
  • Truffle, if you want to deploy Smart Contracts

Installing the deps

git clone https://github.com/energywebfoundation/precise-proofs.git
cd precise-proofs
npm install -D

Running the tests

npm test

Versioning

We use SemVer for versioning.

License

This project is licensed under MIT - see the LICENSE file for details.

Limitatons

  • Not optimized for efficieny/saving space/gas
  • Proof format is not as generic as Centrifuge's protobuf one
  • Nested objects / arrays are flattened out as a big string (minimal support)
  • You can generate a proof for one revealed field at a time
  • Duplicate keys are not prohibited in the schema (but visible)
  • Only JS implementation so far

Output examples

A document (JSON):

{ operationalSince: 0,
  capacityWh: 10,
  country: 'Germany',
  region: 'Saxony',
  active: true,
  nestedObject: {
    id: 1 },
  zip: '09648',
  city: 'Mittweida',
  street: 'Main Street',
  houseNumber: '101',
  gpsLatitude: '0',
  gpsLongitude: '0' }

Leafs:

[ { key: 'region',
    value: 'U2F4b255',
    salt: 'LpFp9PDgFfumrYj/',
    hash: 
     '0xa9137a2bea5ce2c04c4406d764ea91044e3f793f9e273732a3bc691c435256a7',
  { key: 'gpsLongitude',
    value: 'MTIuOTgwOTc3',
    salt: 'PPiIor5ZjSb3ISpV',
    hash:
     '0x5c7687899e737d4394bb7f66409441c900f2c2cbc32514e76596115fb6405929' },
...]

Extended Merkle Tree:

Tree

Proof:

{
  key: 'street',
  value: 'TWFpbiBTdHJlZXQ=',
  salt: 'zcgja7NX7lkC2QRf',
  proofPath: [
    {
      right: '0x1aa21bd98ca498bfdf530f6ef508ef088b3db6b5c3492ff530e695a213cf962e'
    },
    {
      left: '0x8c792b76a96463f40e9c40ab10c203eb0f49d401c25a91f0284158ec34db6255'
    },
    {
      left: '0x570c210a5bb120c6fddab47d59c38b1932b51c262b2fe2434f95d46f93d1b119'
    },
    {
      right: '0xf69d1880dd4b21e9c462fc76e3e59103b86756aa2c775b0bb47a16e079e7c862'
    }
  ]
}