zPass merkle tree size 8 program
Overview
This program illustrates a design where credential fields (such as issuer, subject, date of birth, or any other fields) are first hashed into an array of leaf nodes. These leaves are then used to construct a Merkle tree, whose root is stored on-chain. The steps below outline the key components and their purposes:
ZPass
RecordDefines the core information of a zPass credential in this example:
owner
: The address of the credential holder (the caller who receives the zPass).issuer
: The address of the entity issuing the credential.root
: The Merkle root representing the hashed credential data.
get_merkle_tree
FunctionGiven an array of eight hashed leaves (
[field; 8]
), it constructs a small, fixed-depth Merkle tree.It returns the Merkle tree root, the second-level nodes, and the third-level nodes (leaf hashes aggregated two-by-two).
get_merkle
TransitionExternally callable function that returns the Merkle tree structure (root, second-level nodes, third-level nodes) for the given leaves.
Primarily a convenience transition for on-chain callers who need to compute or verify the Merkle tree within the same program.
issue
TransitionResponsible for issuing a ZPass record.
It takes three parameters:
sig
: A private signature proving the issuer’s authority.leaves_hashes
: An array of eight hashed fields that collectively form the credential data.issuer
: The address of the credential issuer.
Validates that:
The first leaf belongs to the issuer.
The issuer’s signature correctly verifies against the computed Merkle root.
Once validated, it generates a new
ZPass
record whereroot
corresponds to the Merkle root of the hashed leaves.
verify
TransitionEnables verification that a single leaf was indeed part of the Merkle tree used to create the
ZPass
record.Takes:
zpass
: The existing ZPass record to verify against.leaf_hash
: The individual hashed leaf.merkle_proof
: The array of sibling nodes needed to recompute the path up to the Merkle root.
Performs step-by-step hashing with the sibling proofs until it reconstructs and checks it against the
zpass.root
.
How It Works
Hashing & Leaf Construction:
Before calling
issue
, developers must hash each credential field and store the results in an 8-element array ([field; 8]
).
Merkle Root Generation & Signature:
Inside
issue
, the program callsget_merkle_tree
to derive the Merkle root.The issuer signs this root off-chain, and the signature (
sig
) is verified on-chain to confirm authenticity.
ZPass Creation:
Upon verification, the program returns a new
ZPass
record containing theowner
,issuer
, and the computedroot
.
Verification:
The
verify
transition confirms that a specific leaf (e.g., a hashed credential field) is part of theZPass
root.It reconstructs the path with the supplied
merkle_proof
and ensures the resulting hash matches theZPass
root.
Last updated