For further details, please refer to the full version of the project manuscript.
Consider a scenario where the user interacts with the service provider by displaying or scanning a QR code on their mobile phone, which contains the identity proof and the service request.
Our approach utilizes a two-step verification process, encompassing both user identity authentication and the validation of specific required associated information. Together with these components, we develop an effective solution to support privacy-preserving QR code verification, as illustrated at a low level in Figure a, as well as a high level idea of our solution in the Figure b below. Fig c illustrates a QR code from the user who is entering a pub to verify he has a valid credential and is over 18 years old. The QR code has error correction level L (Low), and contains a zero-knowledge proof generated by Plonk plus other insensitive necessary information. For the access criteria proven QR code, it embeds the Plonk range proofs. It contains important information shows below:
- Transcript: The required transcript for Plonk includes the commitments, which are actually points(a pair of value x, y) on the elliptic curve, along with several field elements required to complete the verification process.
- Protocol name: e.g. Plonk. The application is able to support variable protocols.
- Curve name: e.g. bn128. The application is able to support variable curves if the curve is compatible with use on a smart contract.
- Public signal: the public parameters if available.
a. An illustration of the foundational concept of converting a real-world problem into a zk-SNARK proof within the
${\tt zk\text{-}qrcode}$ framework shows below
b. An illustration of our solution for privacy-preserving access criteria in-person verification via QR code shows below
c. An example QR code containing Plonk age proof information generated by the user before entering a bar
We implement our smart contract in Solidity and deploy our contract on the test Ethereum network, set the security parameter
External libaries and tools used to construct this demo application: