@mocanetwork/privado-js-sdk 1.0.0

package/src/iden3comm/handlers/common.ts

@@ -0,0 +1,324 @@
+import { getRandomBytes } from '@iden3/js-crypto';
+import {
+  AcceptProfile,
+  AuthMethod,
+  AuthProof,
+  BasicMessage,
+  JsonDocumentObject,
+  JWSPackerParams,
+  ZeroKnowledgeProofAuthResponse,
+  ZeroKnowledgeProofQuery,
+  ZeroKnowledgeProofRequest,
+  ZeroKnowledgeProofResponse
+} from '../types';
+import { mergeObjects } from '../../utils';
+import { RevocationStatus, VerifiableConstants, W3CCredential } from '../../verifiable';
+import { DID, getUnixTimestamp } from '@mocanetwork/moca-iden3';
+import { IProofService } from '../../proof';
+import { CircuitId } from '../../circuits';
+import { AcceptJwsAlgorithms, defaultAcceptProfile, MediaType } from '../constants';
+import { ethers, Signer } from 'ethers';
+import { packZkpProof, prepareZkpProof } from '../../storage/blockchain/common';
+
+/**
+ * Groups the ZeroKnowledgeProofRequest objects based on their groupId.
+ * Returns a Map where the key is the groupId and the value is an object containing the query and linkNonce.
+ *
+ * @param requestScope - An array of ZeroKnowledgeProofRequest objects.
+ * @returns A Map<number, { query: ZeroKnowledgeProofQuery; linkNonce: number }> representing the grouped queries.
+ */
+const getGroupedQueries = (
+  requestScope: ZeroKnowledgeProofRequest[]
+): Map<number, { query: ZeroKnowledgeProofQuery; linkNonce: number }> =>
+  requestScope.reduce((acc, proofReq) => {
+    const groupId = proofReq.query.groupId as number | undefined;
+    if (!groupId) {
+      return acc;
+    }
+
+    const existedData = acc.get(groupId);
+    if (!existedData) {
+      const seed = getRandomBytes(12);
+      const dataView = new DataView(seed.buffer);
+      const linkNonce = dataView.getUint32(0);
+      acc.set(groupId, { query: proofReq.query, linkNonce });
+      return acc;
+    }
+
+    const credentialSubject = mergeObjects(
+      existedData.query.credentialSubject as JsonDocumentObject,
+      proofReq.query.credentialSubject as JsonDocumentObject
+    );
+
+    acc.set(groupId, {
+      ...existedData,
+      query: {
+        skipClaimRevocationCheck:
+          existedData.query.skipClaimRevocationCheck || proofReq.query.skipClaimRevocationCheck,
+        ...existedData.query,
+        credentialSubject
+      }
+    });
+
+    return acc;
+  }, new Map<number, { query: ZeroKnowledgeProofQuery; linkNonce: number }>());
+
+/**
+ * Processes zero knowledge proof requests.
+ *
+ * @param to - The identifier of the recipient.
+ * @param requests - An array of zero knowledge proof requests.
+ * @param from - The identifier of the sender.
+ * @param proofService - The proof service.
+ * @param opts - Additional options for processing the requests.
+ * @returns A promise that resolves to an array of zero knowledge proof responses.
+ */
+export const processZeroKnowledgeProofRequests = async (
+  to: DID,
+  requests: ZeroKnowledgeProofRequest[] | undefined,
+  from: DID | undefined,
+  proofService: IProofService,
+  opts: {
+    mediaType?: MediaType;
+    packerOptions?: JWSPackerParams;
+    supportedCircuits: CircuitId[];
+    ethSigner?: Signer;
+    challenge?: bigint;
+  }
+): Promise<ZeroKnowledgeProofResponse[]> => {
+  const requestScope = requests ?? [];
+
+  const combinedQueries = getGroupedQueries(requestScope);
+
+  const groupedCredentialsCache = new Map<
+    number,
+    { cred: W3CCredential; revStatus?: RevocationStatus }
+  >();
+
+  const zkpResponses = [];
+
+  for (const proofReq of requestScope) {
+    let zkpRes: ZeroKnowledgeProofResponse;
+    try {
+      const isCircuitSupported = opts.supportedCircuits.includes(proofReq.circuitId as CircuitId);
+      if (!isCircuitSupported) {
+        if (proofReq.optional) {
+          continue;
+        }
+        throw new Error(`Circuit ${proofReq.circuitId} is not allowed`);
+      }
+
+      const query = proofReq.query;
+      const groupId = query.groupId as number | undefined;
+      const combinedQueryData = combinedQueries.get(groupId as number);
+
+      if (groupId) {
+        if (!combinedQueryData) {
+          throw new Error(`Invalid group id ${query.groupId}`);
+        }
+        const combinedQuery = combinedQueryData.query;
+
+        if (!groupedCredentialsCache.has(groupId)) {
+          const credWithRevStatus = await proofService.findCredentialByProofQuery(
+            to,
+            combinedQueryData.query
+          );
+          if (!credWithRevStatus.cred) {
+            if (proofReq.optional) {
+              continue;
+            }
+            throw new Error(
+              VerifiableConstants.ERRORS.PROOF_SERVICE_NO_CREDENTIAL_FOR_QUERY +
+                `${JSON.stringify(combinedQuery)}`
+            );
+          }
+
+          groupedCredentialsCache.set(groupId, credWithRevStatus);
+        }
+      }
+
+      const credWithRevStatus = groupedCredentialsCache.get(groupId as number);
+      zkpRes = await proofService.generateProof(proofReq, to, {
+        verifierDid: from,
+        challenge: opts.challenge,
+        skipRevocation: Boolean(query.skipClaimRevocationCheck),
+        credential: credWithRevStatus?.cred,
+        credentialRevocationStatus: credWithRevStatus?.revStatus,
+        linkNonce: combinedQueryData?.linkNonce ? BigInt(combinedQueryData.linkNonce) : undefined
+      });
+    } catch (error: unknown) {
+      const expectedErrors = [
+        VerifiableConstants.ERRORS.PROOF_SERVICE_NO_CREDENTIAL_FOR_IDENTITY_OR_PROFILE,
+        VerifiableConstants.ERRORS.ID_WALLET_NO_CREDENTIAL_SATISFIED_QUERY,
+        VerifiableConstants.ERRORS.CREDENTIAL_WALLET_ALL_CREDENTIALS_ARE_REVOKED
+      ];
+      // handle only errors in case credential is not found and it is optional proof request - otherwise throw
+      if (
+        error instanceof Error &&
+        (expectedErrors.includes(error.message) ||
+          error.message.includes(
+            VerifiableConstants.ERRORS.PROOF_SERVICE_NO_CREDENTIAL_FOR_QUERY
+          )) &&
+        proofReq.optional
+      ) {
+        continue;
+      }
+      throw error;
+    }
+
+    zkpResponses.push(zkpRes);
+  }
+
+  return zkpResponses;
+};
+
+/**
+ * Processes auth proof requests.
+ *
+ * @param to - The identifier of the recipient.
+ * @param proofService - The proof service.
+ * @param opts - Additional options for processing the requests.
+ * @returns A promise that resolves to an auth proof response.
+ */
+export const processProofAuth = async (
+  to: DID,
+  proofService: IProofService,
+  opts: {
+    supportedCircuits: CircuitId[];
+    acceptProfile?: AcceptProfile;
+    senderAddress: string;
+    zkpResponses: ZeroKnowledgeProofResponse[];
+  }
+): Promise<{ authProof: AuthProof }> => {
+  if (!opts.acceptProfile) {
+    opts.acceptProfile = defaultAcceptProfile;
+  }
+
+  switch (opts.acceptProfile.env) {
+    case MediaType.ZKPMessage:
+      if (!opts.acceptProfile.circuits) {
+        throw new Error('Circuit not specified in accept profile');
+      }
+
+      for (const circuitId of opts.acceptProfile.circuits) {
+        if (!opts.supportedCircuits.includes(circuitId as unknown as CircuitId)) {
+          throw new Error(`Circuit ${circuitId} is not supported`);
+        }
+        if (!opts.senderAddress) {
+          throw new Error('Sender address is not provided');
+        }
+        const challengeAuth = calcChallengeAuthV2(opts.senderAddress, opts.zkpResponses);
+
+        const zkpRes: ZeroKnowledgeProofAuthResponse = await proofService.generateAuthProof(
+          circuitId as unknown as CircuitId,
+          to,
+          { challenge: challengeAuth }
+        );
+        return {
+          authProof: {
+            authMethod: AuthMethod.AUTHV2,
+            zkp: zkpRes
+          }
+        };
+      }
+      throw new Error(`Auth method is not supported`);
+    case MediaType.SignedMessage:
+      if (!opts.acceptProfile.alg || opts.acceptProfile.alg.length === 0) {
+        throw new Error('Algorithm not specified');
+      }
+      if (opts.acceptProfile.alg[0] === AcceptJwsAlgorithms.ES256KR) {
+        return {
+          authProof: {
+            authMethod: AuthMethod.ETH_IDENTITY,
+            userDid: to
+          }
+        };
+      }
+      throw new Error(`Algorithm ${opts.acceptProfile.alg[0]} not supported`);
+    default:
+      throw new Error('Accept env not supported');
+  }
+};
+
+/**
+ * Processes a ZeroKnowledgeProofResponse object and prepares it for further use.
+ * @param zkProof - The ZeroKnowledgeProofResponse object containing the proof data.
+ * @returns An object containing the requestId, zkProofEncoded, and metadata.
+ */
+export const processProofResponse = (zkProof: ZeroKnowledgeProofResponse) => {
+  const requestId = zkProof.id;
+  const inputs = zkProof.pub_signals;
+  const emptyBytes = '0x';
+
+  if (inputs.length === 0) {
+    return { requestId, zkProofEncoded: emptyBytes, metadata: emptyBytes };
+  }
+
+  const preparedZkpProof = prepareZkpProof(zkProof.proof);
+  const zkProofEncoded = packZkpProof(
+    inputs,
+    preparedZkpProof.a,
+    preparedZkpProof.b,
+    preparedZkpProof.c
+  );
+
+  const metadata = emptyBytes;
+
+  return { requestId, zkProofEncoded, metadata };
+};
+
+/**
+ * Calculates the challenge authentication V2 value.
+ * @param senderAddress - The address of the sender.
+ * @param zkpResponses - An array of ZeroKnowledgeProofResponse objects.
+ * @returns A bigint representing the challenge authentication value.
+ */
+export const calcChallengeAuthV2 = (
+  senderAddress: string,
+  zkpResponses: ZeroKnowledgeProofResponse[]
+): bigint => {
+  const responses = zkpResponses.map((zkpResponse) => {
+    const response = processProofResponse(zkpResponse);
+    return {
+      requestId: response.requestId,
+      proof: response.zkProofEncoded,
+      metadata: response.metadata
+    };
+  });
+
+  return (
+    BigInt(
+      ethers.keccak256(
+        new ethers.AbiCoder().encode(
+          ['address', '(uint256 requestId,bytes proof,bytes metadata)[]'],
+          [senderAddress, responses]
+        )
+      )
+    ) & BigInt('0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
+  );
+};
+
+/**
+ * Packs metadata into a string format suitable for encoding in a transaction.
+ * @param metas - An array of objects containing key-value pairs to be packed.
+ * @returns A string representing the packed metadata.
+ */
+export const packMetadatas = (
+  metas: {
+    key: string;
+    value: Uint8Array;
+  }[]
+): string => {
+  return new ethers.AbiCoder().encode(['tuple(' + 'string key,' + 'bytes value' + ')[]'], [metas]);
+};
+
+/**
+ * Verifies that the expires_time field of a message is not in the past. Throws an error if it is.
+ *
+ * @param message - Basic message to verify.
+ */
+export const verifyExpiresTime = (message: BasicMessage) => {
+  if (message?.expires_time && message.expires_time < getUnixTimestamp(new Date())) {
+    throw new Error('Message expired');
+  }
+};

package/src/iden3comm/handlers/contract-request.ts

@@ -0,0 +1,367 @@
+import { CircuitId } from '../../circuits/models';
+import { IProofService } from '../../proof/proof-service';
+import { defaultAcceptProfile, PROTOCOL_MESSAGE_TYPE, ProtocolVersion } from '../constants';
+import {
+  AcceptProfile,
+  BasicMessage,
+  IPackageManager,
+  ZeroKnowledgeInvokeResponse,
+  ZeroKnowledgeProofResponse
+} from '../types';
+import { ContractInvokeRequest, ContractInvokeResponse } from '../types/protocol/contract-request';
+import { DID, ChainIds, getUnixTimestamp, BytesHelper } from '@mocanetwork/moca-iden3';
+import { FunctionSignatures, IOnChainZKPVerifier } from '../../storage';
+import { Signer } from 'ethers';
+import { processProofAuth, processZeroKnowledgeProofRequests, verifyExpiresTime } from './common';
+import {
+  AbstractMessageHandler,
+  BasicHandlerOptions,
+  IProtocolMessageHandler
+} from './message-handler';
+import { parseAcceptProfile } from '../utils';
+import { hexToBytes } from '../../utils';
+
+/**
+ * Interface that allows the processing of the contract request
+ *
+ * @beta
+ * @interface IContractRequestHandler
+ */
+export interface IContractRequestHandler {
+  /**
+   * unpacks contract invoke request
+   * @beta
+   * @param {Uint8Array} request - raw byte message
+   * @returns `Promise<ContractInvokeRequest>`
+   */
+  parseContractInvokeRequest(request: Uint8Array): Promise<ContractInvokeRequest>;
+
+  /**
+   * handle contract invoke request
+   * @beta
+   * @param {did} did  - sender DID
+   * @param {Uint8Array} request - raw byte message
+   * @param {ContractInvokeHandlerOptions} opts - handler options
+   * @returns {Map<string, ZeroKnowledgeProofResponse>}` -  map of transaction hash - ZeroKnowledgeProofResponse
+   */
+  handleContractInvokeRequest(
+    did: DID,
+    request: Uint8Array,
+    opts?: ContractInvokeHandlerOptions
+  ): Promise<Map<string, ZeroKnowledgeProofResponse>>;
+}
+
+/** ContractInvokeHandlerOptions represents contract invoke handler options */
+export type ContractInvokeHandlerOptions = BasicHandlerOptions & {
+  ethSigner: Signer;
+  challenge?: bigint;
+};
+
+export type ContractMessageHandlerOptions = {
+  senderDid: DID;
+  ethSigner: Signer;
+  challenge?: bigint;
+};
+
+/**
+ *
+ * Allows to process ContractInvokeRequest protocol message
+ *
+ * @beta
+
+ * @class ContractRequestHandler
+ * @implements implements IContractRequestHandler interface
+ */
+export class ContractRequestHandler
+  extends AbstractMessageHandler
+  implements IContractRequestHandler, IProtocolMessageHandler
+{
+  private readonly _supportedCircuits = [
+    CircuitId.AuthV2,
+    CircuitId.AtomicQueryMTPV2OnChain,
+    CircuitId.AtomicQuerySigV2OnChain,
+    CircuitId.AtomicQueryV3OnChain,
+    // Now we support off-chain circuits on-chain
+    // TODO: We need to create validators for them
+    CircuitId.AuthV2,
+    CircuitId.AtomicQueryV3,
+    CircuitId.LinkedMultiQuery10
+  ];
+
+  /**
+   * Creates an instance of ContractRequestHandler.
+   * @param {IPackageManager} _packerMgr - package manager to unpack message envelope
+   * @param {IProofService} _proofService -  proof service to verify zk proofs
+   * @param {IOnChainZKPVerifier} _zkpVerifier - zkp verifier to submit response
+   * @param {IOnChainVerifierMultiQuery} _verifierMultiQuery - verifier multi-query to submit response
+   *
+   */
+
+  constructor(
+    private readonly _packerMgr: IPackageManager,
+    private readonly _proofService: IProofService,
+    private readonly _zkpVerifier: IOnChainZKPVerifier
+  ) {
+    super();
+  }
+
+  async handle(
+    message: BasicMessage,
+    ctx: ContractMessageHandlerOptions
+  ): Promise<BasicMessage | null> {
+    switch (message.type) {
+      case PROTOCOL_MESSAGE_TYPE.CONTRACT_INVOKE_REQUEST_MESSAGE_TYPE: {
+        const ciMessage = message as ContractInvokeRequest;
+        const txHashResponsesMap = await this.handleContractInvoke(ciMessage, ctx);
+        return this.createContractInvokeResponse(ciMessage, txHashResponsesMap);
+      }
+      default:
+        return super.handle(message, ctx);
+    }
+  }
+
+  private async handleContractInvoke(
+    message: ContractInvokeRequest,
+    ctx: ContractMessageHandlerOptions
+  ): Promise<Map<string, ZeroKnowledgeInvokeResponse>> {
+    if (message.type !== PROTOCOL_MESSAGE_TYPE.CONTRACT_INVOKE_REQUEST_MESSAGE_TYPE) {
+      throw new Error('Invalid message type for contract invoke request');
+    }
+
+    const { senderDid: did, ethSigner, challenge } = ctx;
+    if (!ctx.ethSigner) {
+      throw new Error("Can't sign transaction. Provide Signer in options.");
+    }
+
+    const { chain_id } = message.body.transaction_data;
+    const networkFlag = Object.keys(ChainIds).find((key) => ChainIds[key] === chain_id);
+
+    if (!networkFlag) {
+      throw new Error(`Invalid chain id ${chain_id}`);
+    }
+    const verifierDid = message.from ? DID.parse(message.from) : undefined;
+
+    const { scope = [] } = message.body;
+
+    const zkpResponses = await processZeroKnowledgeProofRequests(
+      did,
+      scope,
+      verifierDid,
+      this._proofService,
+      {
+        ethSigner,
+        challenge: challenge ?? BytesHelper.bytesToInt(hexToBytes(await ethSigner.getAddress())),
+        supportedCircuits: this._supportedCircuits
+      }
+    );
+
+    const methodId = message.body.transaction_data.method_id.replace('0x', '');
+    switch (methodId) {
+      case FunctionSignatures.SubmitZKPResponseV2: {
+        const txHashZkpResponsesMap = await this._zkpVerifier.submitZKPResponseV2(
+          ethSigner,
+          message.body.transaction_data,
+          zkpResponses
+        );
+
+        const response = new Map<string, ZeroKnowledgeInvokeResponse>();
+        for (const [txHash, zkpResponses] of txHashZkpResponsesMap) {
+          response.set(txHash, { responses: zkpResponses });
+        }
+        // set txHash of the first response
+        message.body.transaction_data.txHash = txHashZkpResponsesMap.keys().next().value;
+        return response;
+      }
+      case FunctionSignatures.SubmitZKPResponseV1: {
+        const txHashZkpResponseMap = await this._zkpVerifier.submitZKPResponse(
+          ethSigner,
+          message.body.transaction_data,
+          zkpResponses
+        );
+        const response = new Map<string, ZeroKnowledgeInvokeResponse>();
+        for (const [txHash, zkpResponse] of txHashZkpResponseMap) {
+          response.set(txHash, { responses: [zkpResponse] });
+        }
+        // set txHash of the first response
+        message.body.transaction_data.txHash = txHashZkpResponseMap.keys().next().value;
+        return response;
+      }
+      case FunctionSignatures.SubmitResponse: {
+        // We need to
+        // 1. Generate auth proof from message.body.accept -> authResponse
+        // 2. Generate proofs for each query in scope -> zkpResponses
+
+        // Build auth response from accept
+        if (!message.to) {
+          throw new Error(`failed message. empty 'to' field`);
+        }
+
+        // Get first supported accept profile and pass it to processProofAuth
+        const acceptProfile = this.getFirstSupportedProfile(
+          PROTOCOL_MESSAGE_TYPE.CONTRACT_INVOKE_REQUEST_MESSAGE_TYPE,
+          message.body.accept
+        );
+
+        const identifier = DID.parse(message.to);
+
+        const { authProof } = await processProofAuth(identifier, this._proofService, {
+          supportedCircuits: this._supportedCircuits,
+          acceptProfile,
+          senderAddress: await ethSigner.getAddress(),
+          zkpResponses: zkpResponses
+        });
+
+        // we return txHash because responsesMap could be empty if there are no queries in scope
+        const txHashZkpResponsesMap = await this._zkpVerifier.submitResponse(
+          ethSigner,
+          message.body.transaction_data,
+          zkpResponses,
+          authProof
+        );
+        message.body.transaction_data.txHash = txHashZkpResponsesMap.keys().next().value;
+
+        return txHashZkpResponsesMap;
+      }
+      default:
+        throw new Error(
+          `Not supported method id. Only '${FunctionSignatures.SubmitZKPResponseV1}, ${FunctionSignatures.SubmitZKPResponseV2} and ${FunctionSignatures.SubmitResponse} are supported.'`
+        );
+    }
+  }
+
+  private getFirstSupportedProfile(
+    responseType: string,
+    profile?: string[] | undefined
+  ): AcceptProfile {
+    if (profile?.length) {
+      for (const acceptProfileString of profile) {
+        // 1. check protocol version
+        const acceptProfile = parseAcceptProfile(acceptProfileString);
+        const responseTypeVersion = Number(responseType.split('/').at(-2));
+        if (
+          acceptProfile.protocolVersion !== ProtocolVersion.V1 ||
+          (acceptProfile.protocolVersion === ProtocolVersion.V1 &&
+            (responseTypeVersion < 1 || responseTypeVersion >= 2))
+        ) {
+          continue;
+        }
+        // 2. check packer support
+        if (this._packerMgr.isProfileSupported(acceptProfile.env, acceptProfileString)) {
+          return acceptProfile;
+        }
+      }
+    }
+
+    // if we don't have supported profiles, we use default
+    return defaultAcceptProfile;
+  }
+
+  /**
+   * unpacks contract-invoke request
+   * @beta
+   * @param {Uint8Array} request - raw byte message
+   * @returns `Promise<ContractInvokeRequest>`
+   */
+  async parseContractInvokeRequest(request: Uint8Array): Promise<ContractInvokeRequest> {
+    const { unpackedMessage: message } = await this._packerMgr.unpack(request);
+    const ciRequest = message as unknown as ContractInvokeRequest;
+    if (message.type !== PROTOCOL_MESSAGE_TYPE.CONTRACT_INVOKE_REQUEST_MESSAGE_TYPE) {
+      throw new Error('Invalid media type');
+    }
+    ciRequest.body.scope = ciRequest.body.scope || [];
+    return ciRequest;
+  }
+
+  /**
+   * creates contract invoke response
+   * @private
+   * @beta
+   * @param {ContractInvokeRequest} request - ContractInvokeRequest
+   * @param { Map<string, ZeroKnowledgeInvokeResponse>} responses - map tx hash to array of ZeroKnowledgeInvokeResponse
+   * @returns `Promise<ContractInvokeResponse>`
+   */
+  private async createContractInvokeResponse(
+    request: ContractInvokeRequest,
+    txHashToZkpResponseMap: Map<string, ZeroKnowledgeInvokeResponse>
+  ): Promise<ContractInvokeResponse> {
+    const contractInvokeResponse: ContractInvokeResponse = {
+      id: request.id,
+      thid: request.thid,
+      type: PROTOCOL_MESSAGE_TYPE.CONTRACT_INVOKE_RESPONSE_MESSAGE_TYPE,
+      from: request.to,
+      to: request.from,
+      body: {
+        transaction_data: request.body.transaction_data,
+        scope: []
+      },
+      created_time: getUnixTimestamp(new Date())
+    };
+    for (const [txHash, zkpResponses] of txHashToZkpResponseMap) {
+      for (const zkpResponse of zkpResponses.responses) {
+        contractInvokeResponse.body.scope.push({
+          txHash,
+          ...zkpResponse
+        });
+      }
+      contractInvokeResponse.body = {
+        ...contractInvokeResponse.body,
+        crossChainProof: zkpResponses.crossChainProof,
+        authProof: zkpResponses.authProof
+      };
+    }
+    return contractInvokeResponse;
+  }
+
+  /**
+   * handle contract invoke request
+   * supports only 0xb68967e2 method id
+   * @beta
+   * @deprecated
+   * @param {did} did  - sender DID
+   * @param {ContractInvokeRequest} request  - contract invoke request
+   * @param {ContractInvokeHandlerOptions} opts - handler options
+   * @returns {Map<string, ZeroKnowledgeProofResponse>}` - map of transaction hash - ZeroKnowledgeProofResponse
+   */
+  async handleContractInvokeRequest(
+    did: DID,
+    request: Uint8Array,
+    opts: ContractInvokeHandlerOptions
+  ): Promise<Map<string, ZeroKnowledgeProofResponse>> {
+    const ciRequest = await this.parseContractInvokeRequest(request);
+    if (!opts.allowExpiredMessages) {
+      verifyExpiresTime(ciRequest);
+    }
+    if (ciRequest.body.transaction_data.method_id !== FunctionSignatures.SubmitZKPResponseV1) {
+      throw new Error(`please use handle method to work with other method ids`);
+    }
+
+    if (ciRequest.type !== PROTOCOL_MESSAGE_TYPE.CONTRACT_INVOKE_REQUEST_MESSAGE_TYPE) {
+      throw new Error('Invalid message type for contract invoke request');
+    }
+
+    const { ethSigner, challenge } = opts;
+    if (!ethSigner) {
+      throw new Error("Can't sign transaction. Provide Signer in options.");
+    }
+
+    const { chain_id } = ciRequest.body.transaction_data;
+    const networkFlag = Object.keys(ChainIds).find((key) => ChainIds[key] === chain_id);
+
+    if (!networkFlag) {
+      throw new Error(`Invalid chain id ${chain_id}`);
+    }
+    const verifierDid = ciRequest.from ? DID.parse(ciRequest.from) : undefined;
+    const zkpResponses = await processZeroKnowledgeProofRequests(
+      did,
+      ciRequest?.body?.scope,
+      verifierDid,
+      this._proofService,
+      { ethSigner, challenge, supportedCircuits: this._supportedCircuits }
+    );
+    return this._zkpVerifier.submitZKPResponse(
+      ethSigner,
+      ciRequest.body.transaction_data,
+      zkpResponses
+    );
+  }
+}