-
Creator generates a Property Proof which:
- asserts they have some content which satisfies a particular property (
f(data) = property) - outputs the encryption of the data with a randomly generated key (
Enc(data, key)) - outputs the hash of the randomly generated key (
H(key))
- asserts they have some content which satisfies a particular property (
-
The creator publishes the proof on IPFS and registers the IPFS URI and the key hash on a smart contract
-
Using the IPFS URI on the contract, the buyer sees the property and verifies that:
- the Property Proof is valid
- the output key hash in the proof matches the key hash stored on the contract (if this is unchecked the creator could maliciously submit two different keys to the smart contract and the Property Proof, so the buyer won't be able to successfully retrieve the content)
-
if valid, the buyer will purchase the token and lock ETH in the contract
-
the creator will generate an Encryption Proof which:
- asserts that they have the preimage to the key hash stored on the contract (
H(preimage) = H(key)) - outputs the encryption of the preimage with the buyer's public key (
Enc(preimage, pk)) if the proof is valid, the ETH is redeemed from the contract
- asserts that they have the preimage to the key hash stored on the contract (
-
the buyer retrieves the encrypted key (
Enc(key, pk)) from the contract computesDec(Enc(key, pk), sk) => keyDec(Enc(data, key), key) => data
The circuits are divided into two types Encryption Proofs and Property Proofs. The Encryption Proof is the proof sent over the contract by the seller to verify the decryption key exchange. The Property Proofs are the proofs published on IPFS by the seller to commit to the property of the content.
The proof sent by the seller in step 5, which
- asserts that they have the preimage to the key hash stored on the contract (
H(preimage) = H(key)) - outputs the encryption of the preimage with the buyer's public key (
Enc(preimage, pk))
| signal | private | type | description |
|---|---|---|---|
| key | true | BigInt | |
| private_key | true | BigInt | |
| hash | false | BigInt | |
| public_key | false | Array[2] |
| signal | type | description |
|---|---|---|
| out | Array[2] |
The proof published by the seller on IPFS in step 1-2, which
- asserts they have some content which satisfies a particular property (
f(data) = property) - outputs the encryption of the data with a randomly generated key (
Enc(key, pk)) - outputs the hash of the randomly generated key (
H(key))
Below are possible properties that can be committed and verified.
Commits the MiMC hash of the content.
f(data) = H(data)
| signal | private | type | description |
|---|---|---|---|
| preimage | true | BigInt | |
| key | true | BigInt | |
| hash | false | BigInt | |
| salt | false | BigInt |
| signal | type | description |
|---|---|---|
| key_hash | BigInt | |
| ciphertext | Array[2] |
Commits the MiMC hash of the x and y coordinates of a Dark Forest planet.
| signal | private | type | description |
|---|---|---|---|
| x | true | BigInt | |
| y | true | BigInt | |
| key | true | BigInt | |
| hash | false | BigInt | |
| salt | false | BigInt |
| signal | type | description |
|---|---|---|
| key_hash | BigInt | |
| ciphertext | Array[3] |
Commits the XOR of a bitmap with a key.
Note: Obviously, this means the property is nothing more than a random bitmap that is non-unique to the content and doesn't give any indication to the buyer of what they are purchasing. This was made as a quick example of another property and an early attempt at proving a property of an image. Hopefully, this can be improved in the future to be more applicable.
| signal | private | type | description |
|---|---|---|---|
| preimage | true | Array[N] | |
| key | true | BigInt | |
| blurred_image | false | Array[N] |
| signal | type | description |
|---|---|---|
| hash | BigInt | |
| computed_image | Array[N] |