shogun-core 6.2.3 → 6.3.0

package/dist/src/plugins/zkproof/zkCredentials.js

@@ -0,0 +1,287 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+import { Group } from "@semaphore-protocol/group";
+import { generateProof, verifyProof } from "@semaphore-protocol/proof";
+import { ethers } from "ethers";
+import { ErrorHandler, ErrorType } from "../../utils/errorHandler.js";
+/**
+ * Types of verifiable credentials
+ */
+export var CredentialType;
+(function (CredentialType) {
+    CredentialType["AGE"] = "age";
+    CredentialType["CITIZENSHIP"] = "citizenship";
+    CredentialType["EDUCATION"] = "education";
+    CredentialType["INCOME"] = "income";
+    CredentialType["EMPLOYMENT"] = "employment";
+    CredentialType["HEALTH"] = "health";
+    CredentialType["CUSTOM"] = "custom";
+})(CredentialType || (CredentialType = {}));
+/**
+ * ZK Credentials Manager
+ * Extends ZK-Proof functionality to support verifiable credentials
+ */
+var ZkCredentials = /** @class */ (function () {
+    function ZkCredentials() {
+        this.groups = new Map();
+    }
+    /**
+     * Create a verifiable credential from private data
+     */
+    ZkCredentials.prototype.createCredential = function (identity, credentialData) {
+        try {
+            // Hash the private data to create a credential commitment
+            var privateDataString = JSON.stringify(credentialData.privateData);
+            var credentialHash = ethers.keccak256(ethers.toUtf8Bytes(privateDataString));
+            // For now, return a basic credential structure
+            // Full proof generation requires circuit files
+            var credential = {
+                type: credentialData.type,
+                claim: credentialData.claim,
+                proof: {
+                    merkleTreeRoot: "",
+                    nullifierHash: "",
+                    signal: credentialHash,
+                    externalNullifier: "",
+                    proof: [],
+                },
+                credentialHash: credentialHash,
+                timestamp: Date.now(),
+            };
+            return {
+                credential: credential,
+                credentialHash: credentialHash,
+            };
+        }
+        catch (error) {
+            ErrorHandler.handle(ErrorType.ENCRYPTION, "CREDENTIAL_CREATION_FAILED", "Failed to create verifiable credential: ".concat(error.message), error);
+            throw error;
+        }
+    };
+    /**
+     * Prove an attribute about yourself without revealing the underlying data
+     */
+    ZkCredentials.prototype.proveAttribute = function (identity_1, credentialData_1) {
+        return __awaiter(this, arguments, void 0, function (identity, credentialData, groupId) {
+            var _a, credential, credentialHash, signal, signalBigInt, group, externalNullifier, fullProof, error_1;
+            if (groupId === void 0) { groupId = "verified-credentials"; }
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0:
+                        _b.trys.push([0, 2, , 3]);
+                        _a = this.createCredential(identity, credentialData), credential = _a.credential, credentialHash = _a.credentialHash;
+                        signal = ethers.keccak256(ethers.toUtf8Bytes(credentialData.claim));
+                        signalBigInt = BigInt(signal);
+                        group = this.getOrCreateGroup(groupId);
+                        // Add identity if not already in group
+                        if (group.indexOf(identity.commitment) === -1) {
+                            group.addMember(identity.commitment);
+                        }
+                        externalNullifier = BigInt(ethers.keccak256(ethers.toUtf8Bytes(credentialData.type)));
+                        return [4 /*yield*/, generateProof(identity, group, signalBigInt, externalNullifier, {
+                                wasmFilePath: "./circuits/semaphore/20/semaphore.wasm",
+                                zkeyFilePath: "./circuits/semaphore/20/semaphore.zkey",
+                            })];
+                    case 1:
+                        fullProof = _b.sent();
+                        return [2 /*return*/, {
+                                type: credentialData.type,
+                                claim: credentialData.claim,
+                                proof: {
+                                    merkleTreeRoot: fullProof.merkleTreeRoot.toString(),
+                                    nullifierHash: fullProof.nullifierHash.toString(),
+                                    signal: fullProof.signal.toString(),
+                                    externalNullifier: fullProof.externalNullifier.toString(),
+                                    proof: fullProof.proof.map(function (p) { return p.toString(); }),
+                                },
+                                credentialHash: credentialHash,
+                                timestamp: Date.now(),
+                            }];
+                    case 2:
+                        error_1 = _b.sent();
+                        ErrorHandler.handle(ErrorType.ENCRYPTION, "ATTRIBUTE_PROOF_FAILED", "Failed to prove attribute: ".concat(error_1.message), error_1);
+                        throw error_1;
+                    case 3: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    /**
+     * Verify a credential proof
+     */
+    ZkCredentials.prototype.verifyCredential = function (proof_1) {
+        return __awaiter(this, arguments, void 0, function (proof, treeDepth) {
+            var verified, error_2;
+            if (treeDepth === void 0) { treeDepth = 20; }
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        _a.trys.push([0, 2, , 3]);
+                        return [4 /*yield*/, verifyProof(proof.proof, treeDepth)];
+                    case 1:
+                        verified = _a.sent();
+                        return [2 /*return*/, {
+                                verified: verified,
+                                type: proof.type,
+                                claim: proof.claim,
+                                timestamp: proof.timestamp,
+                            }];
+                    case 2:
+                        error_2 = _a.sent();
+                        ErrorHandler.handle(ErrorType.ENCRYPTION, "CREDENTIAL_VERIFICATION_FAILED", "Failed to verify credential: ".concat(error_2.message), error_2);
+                        return [2 /*return*/, {
+                                verified: false,
+                                error: error_2.message,
+                            }];
+                    case 3: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    /**
+     * Create a group for credential holders
+     */
+    ZkCredentials.prototype.getOrCreateGroup = function (groupId) {
+        if (!this.groups.has(groupId)) {
+            var groupIdHash = ethers.keccak256(ethers.toUtf8Bytes(groupId));
+            var groupIdNumber = BigInt(groupIdHash);
+            this.groups.set(groupId, new Group(groupIdNumber));
+        }
+        return this.groups.get(groupId);
+    };
+    /**
+     * Add an identity to a credentials group
+     */
+    ZkCredentials.prototype.addToCredentialGroup = function (identity, groupId) {
+        if (groupId === void 0) { groupId = "verified-credentials"; }
+        var group = this.getOrCreateGroup(groupId);
+        if (group.indexOf(identity.commitment) === -1) {
+            group.addMember(identity.commitment);
+        }
+    };
+    /**
+     * Common credential proofs
+     */
+    /**
+     * Prove age without revealing exact birthdate
+     */
+    ZkCredentials.prototype.proveAge = function (identity, birthDate, minimumAge) {
+        return __awaiter(this, void 0, void 0, function () {
+            var age;
+            return __generator(this, function (_a) {
+                age = Math.floor((Date.now() - birthDate.getTime()) / (365.25 * 24 * 60 * 60 * 1000));
+                if (age < minimumAge) {
+                    throw new Error("Age ".concat(age, " is less than required ").concat(minimumAge));
+                }
+                return [2 /*return*/, this.proveAttribute(identity, {
+                        type: CredentialType.AGE,
+                        claim: "Age is ".concat(minimumAge, " or older"),
+                        privateData: {
+                            birthDate: birthDate.toISOString(),
+                            actualAge: age,
+                        },
+                    })];
+            });
+        });
+    };
+    /**
+     * Prove citizenship without revealing country
+     */
+    ZkCredentials.prototype.proveCitizenship = function (identity_1, country_1) {
+        return __awaiter(this, arguments, void 0, function (identity, country, region) {
+            if (region === void 0) { region = "EU"; }
+            return __generator(this, function (_a) {
+                return [2 /*return*/, this.proveAttribute(identity, {
+                        type: CredentialType.CITIZENSHIP,
+                        claim: "Citizen of ".concat(region),
+                        privateData: {
+                            country: country,
+                            passportNumber: "hidden",
+                        },
+                    })];
+            });
+        });
+    };
+    /**
+     * Prove education without revealing institution
+     */
+    ZkCredentials.prototype.proveEducation = function (identity, degree, university, year) {
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_a) {
+                return [2 /*return*/, this.proveAttribute(identity, {
+                        type: CredentialType.EDUCATION,
+                        claim: "Has ".concat(degree, " degree"),
+                        privateData: {
+                            university: university,
+                            degree: degree,
+                            year: year,
+                        },
+                    })];
+            });
+        });
+    };
+    /**
+     * Prove income range without revealing exact amount
+     */
+    ZkCredentials.prototype.proveIncome = function (identity_1, amount_1, minimumRequired_1) {
+        return __awaiter(this, arguments, void 0, function (identity, amount, minimumRequired, currency) {
+            if (currency === void 0) { currency = "USD"; }
+            return __generator(this, function (_a) {
+                if (amount < minimumRequired) {
+                    throw new Error("Income ".concat(amount, " is less than required ").concat(minimumRequired));
+                }
+                return [2 /*return*/, this.proveAttribute(identity, {
+                        type: CredentialType.INCOME,
+                        claim: "Income \u2265 ".concat(minimumRequired, " ").concat(currency),
+                        privateData: {
+                            actualIncome: amount,
+                            currency: currency,
+                            verified: true,
+                        },
+                    })];
+            });
+        });
+    };
+    /**
+     * Cleanup resources
+     */
+    ZkCredentials.prototype.cleanup = function () {
+        this.groups.clear();
+    };
+    return ZkCredentials;
+}());
+export { ZkCredentials };

package/dist/src/plugins/zkproof/zkProofConnector.js

@@ -0,0 +1,267 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+import { Identity } from "@semaphore-protocol/identity";
+import { Group } from "@semaphore-protocol/group";
+import { generateProof, verifyProof } from "@semaphore-protocol/proof";
+import { ethers } from "ethers";
+import derive from "../../gundb/derive.js";
+import { ErrorHandler, ErrorType } from "../../utils/errorHandler.js";
+/**
+ * Connector for ZK-Proof operations using Semaphore protocol
+ */
+var ZkProofConnector = /** @class */ (function () {
+    function ZkProofConnector() {
+        this.identityCache = new Map();
+        this.credentialCache = new Map();
+        this.groups = new Map();
+    }
+    /**
+     * Generate a new Semaphore identity
+     */
+    ZkProofConnector.prototype.generateIdentity = function (seed) {
+        return __awaiter(this, void 0, void 0, function () {
+            var identity, commitment, trapdoor, nullifier;
+            return __generator(this, function (_a) {
+                try {
+                    identity = void 0;
+                    if (seed) {
+                        // Deterministic generation from seed
+                        identity = new Identity(seed);
+                    }
+                    else {
+                        // Random generation
+                        identity = new Identity();
+                    }
+                    commitment = identity.commitment.toString();
+                    trapdoor = identity.trapdoor.toString();
+                    nullifier = identity.nullifier.toString();
+                    // Cache the identity
+                    this.identityCache.set(commitment, identity);
+                    return [2 /*return*/, {
+                            commitment: commitment,
+                            trapdoor: trapdoor,
+                            nullifier: nullifier,
+                            createdAt: Date.now(),
+                        }];
+                }
+                catch (error) {
+                    ErrorHandler.handle(ErrorType.ENCRYPTION, "ZK_IDENTITY_GENERATION_FAILED", "Failed to generate ZK identity: ".concat(error.message), error);
+                    throw error;
+                }
+                return [2 /*return*/];
+            });
+        });
+    };
+    /**
+     * Restore identity from trapdoor
+     */
+    ZkProofConnector.prototype.restoreIdentity = function (trapdoor) {
+        return __awaiter(this, void 0, void 0, function () {
+            var identity, commitment;
+            return __generator(this, function (_a) {
+                try {
+                    identity = new Identity(trapdoor);
+                    commitment = identity.commitment.toString();
+                    // Cache the identity
+                    this.identityCache.set(commitment, identity);
+                    return [2 /*return*/, {
+                            commitment: commitment,
+                            trapdoor: identity.trapdoor.toString(),
+                            nullifier: identity.nullifier.toString(),
+                            createdAt: Date.now(),
+                        }];
+                }
+                catch (error) {
+                    ErrorHandler.handle(ErrorType.ENCRYPTION, "ZK_IDENTITY_RESTORE_FAILED", "Failed to restore ZK identity: ".concat(error.message), error);
+                    throw error;
+                }
+                return [2 /*return*/];
+            });
+        });
+    };
+    /**
+     * Generate Gun credentials from ZK identity
+     */
+    ZkProofConnector.prototype.generateCredentials = function (identityData) {
+        return __awaiter(this, void 0, void 0, function () {
+            var username, password, gunPair, error_1;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        _a.trys.push([0, 2, , 3]);
+                        username = "zk_".concat(identityData.commitment.slice(0, 16));
+                        password = ethers.keccak256(ethers.toUtf8Bytes("".concat(identityData.trapdoor, "_").concat(identityData.nullifier)));
+                        return [4 /*yield*/, derive(password, username, {
+                                includeP256: true,
+                            })];
+                    case 1:
+                        gunPair = _a.sent();
+                        // Cache credential
+                        this.credentialCache.set(identityData.commitment, {
+                            commitment: identityData.commitment,
+                            gunPair: gunPair,
+                            createdAt: identityData.createdAt,
+                        });
+                        return [2 /*return*/, gunPair];
+                    case 2:
+                        error_1 = _a.sent();
+                        ErrorHandler.handle(ErrorType.ENCRYPTION, "ZK_CREDENTIAL_GENERATION_FAILED", "Failed to generate credentials from ZK identity: ".concat(error_1.message), error_1);
+                        throw error_1;
+                    case 3: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    /**
+     * Get or create a Semaphore group
+     */
+    ZkProofConnector.prototype.getOrCreateGroup = function (groupId) {
+        if (groupId === void 0) { groupId = "default"; }
+        if (!this.groups.has(groupId)) {
+            // Convert string groupId to BigNumber using keccak256 hash
+            var groupIdHash = ethers.keccak256(ethers.toUtf8Bytes(groupId));
+            var groupIdNumber = BigInt(groupIdHash);
+            this.groups.set(groupId, new Group(groupIdNumber));
+        }
+        return this.groups.get(groupId);
+    };
+    /**
+     * Add identity to a group
+     */
+    ZkProofConnector.prototype.addToGroup = function (commitment, groupId) {
+        if (groupId === void 0) { groupId = "default"; }
+        var group = this.getOrCreateGroup(groupId);
+        group.addMember(BigInt(commitment));
+    };
+    /**
+     * Generate a Semaphore proof
+     */
+    ZkProofConnector.prototype.generateProof = function (identityData_1) {
+        return __awaiter(this, arguments, void 0, function (identityData, options) {
+            var groupId, messageString, scopeString, messageHash, message, scopeHash, scope, identity, group, fullProof, error_2;
+            if (options === void 0) { options = {}; }
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        _a.trys.push([0, 2, , 3]);
+                        groupId = options.groupId || "default";
+                        messageString = options.message || "authenticate";
+                        scopeString = options.scope || "shogun-auth";
+                        messageHash = ethers.keccak256(ethers.toUtf8Bytes(messageString));
+                        message = BigInt(messageHash);
+                        scopeHash = ethers.keccak256(ethers.toUtf8Bytes(scopeString));
+                        scope = BigInt(scopeHash);
+                        identity = this.identityCache.get(identityData.commitment);
+                        if (!identity && identityData.trapdoor) {
+                            identity = new Identity(identityData.trapdoor);
+                            this.identityCache.set(identityData.commitment, identity);
+                        }
+                        if (!identity) {
+                            throw new Error("Identity not found and cannot be reconstructed");
+                        }
+                        group = this.getOrCreateGroup(groupId);
+                        // Add identity to group if not already added
+                        if (group.indexOf(identity.commitment) === -1) {
+                            group.addMember(identity.commitment);
+                        }
+                        return [4 /*yield*/, generateProof(identity, group, message, scope)];
+                    case 1:
+                        fullProof = _a.sent();
+                        return [2 /*return*/, {
+                                merkleTreeRoot: fullProof.merkleTreeRoot.toString(),
+                                nullifierHash: fullProof.nullifierHash.toString(),
+                                signal: fullProof.signal.toString(),
+                                externalNullifier: fullProof.externalNullifier.toString(),
+                                proof: fullProof.proof.map(function (p) { return p.toString(); }),
+                            }];
+                    case 2:
+                        error_2 = _a.sent();
+                        ErrorHandler.handle(ErrorType.ENCRYPTION, "ZK_PROOF_GENERATION_FAILED", "Failed to generate ZK proof: ".concat(error_2.message), error_2);
+                        throw error_2;
+                    case 3: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    /**
+     * Verify a Semaphore proof
+     */
+    ZkProofConnector.prototype.verifyProof = function (proof_1) {
+        return __awaiter(this, arguments, void 0, function (proof, treeDepth) {
+            var verified, error_3;
+            if (treeDepth === void 0) { treeDepth = 20; }
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        _a.trys.push([0, 2, , 3]);
+                        return [4 /*yield*/, verifyProof(proof, treeDepth)];
+                    case 1:
+                        verified = _a.sent();
+                        return [2 /*return*/, {
+                                success: true,
+                                verified: verified,
+                            }];
+                    case 2:
+                        error_3 = _a.sent();
+                        ErrorHandler.handle(ErrorType.ENCRYPTION, "ZK_PROOF_VERIFICATION_FAILED", "Failed to verify ZK proof: ".concat(error_3.message), error_3);
+                        return [2 /*return*/, {
+                                success: false,
+                                verified: false,
+                                error: error_3.message,
+                            }];
+                    case 3: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    /**
+     * Get cached credential by commitment
+     */
+    ZkProofConnector.prototype.getCredential = function (commitment) {
+        return this.credentialCache.get(commitment);
+    };
+    /**
+     * Clear all caches
+     */
+    ZkProofConnector.prototype.cleanup = function () {
+        this.identityCache.clear();
+        this.credentialCache.clear();
+        this.groups.clear();
+    };
+    return ZkProofConnector;
+}());
+export { ZkProofConnector };