zkPass Service processes the DVR query contained in the DVR Info and the user data referenced by the query in a pipeline flow, as depicted below.
Initialization of the Data Verification Request(DVR) The proof verification begins by creating a Data Verification Request (DVR). This record is essential as it holds the specific request or "query" that needs to be verified.
Inputs for Verification There are two key pieces of information that the DVR Query Engine requires to perform verification:
The Query: This is the request for information or action that needs to be checked.
The User Data: This refers to any information related to the user that the query will use or check against.
Processing by the DVR Query Engine The DVR Query Engine is the powerhouse where the actual verification takes place. This engine operates within the Zero-Knowledge Virtual Machine (ZKVM), a secure environment designed for processing these queries.
Results of the Verification Once the query has been processed, there are two results produced:
The Zero-Knowledge Proof (ZK Proof) This is a verification result that proves the query was processed correctly without revealing any private details.
The Query Result This is the outcome of the query after it has been processed.
Packaging the Results Both the ZK proof and the query result are bundled into a single package known as the zkPass Proof object. This object can then be used to confirm the integrity and accuracy of the query process without exposing any sensitive information.
The heart of the DVR application is the query engine, which implements the DVR app. The query engine is designed as a DVR Query language interpreter that runs on the ZKVM directly.
DVR Query Engine Codes The core component, the DVR Query Engine, is programmed in the Rust language. Rust is known for its safety and performance, making it an excellent choice for building reliable and secure systems.
Compilation to Assembly Code To integrate with the Zero-Knowledge Virtual Machine (ZKVM), the DVR Query Engine is compiled into assembly code. This compilation is done using a specialized set of tools known as the compiler toolchain, which is specifically designed for the ZKVM environment. This ensures that the Query Engine is compatible with the security and operational requirements of the ZKVM.
Build Outputs After the compilation process, two primary outputs are generated:
The Zero-Knowledge Proof Generator (ZK Proof Generator) This module is responsible for creating cryptographic proofs that confirm the validity of a query without revealing any underlying data. It is an integral part of the DVR Query Engine.
The Zero-Knowledge Proof Verifier (ZK Proof Verifier)
This is the counterpart to the Proof Generator. It is tasked with checking the validity of the proofs generated by the Proof Generator. The Proof Verifier is included in the zkpass-client library, allowing client applications to verify proofs independently.
DVR defines a JSON query language that allows the Proof Verifier to check if the user has data that meets specific requirements, conditions, or constraints.
The query language is implemented by the DVR Query Engine component, which takes two inputs:
User Data This is the JSON data that is issued by the Data Issuer and is being inquired by the Proof Verifier to see if the data meets specific requirements or conditions. The data can follow any schema or structure as DVR does not set any specific format requirement on the user data.
DVR Query The query is a JSON-based script that sets the requirements or conditions for the user data. The query is expressed as a DVR scripting language and is included in the "query" field of the Data Verification Request (DVR) object. An example of the query would be “user must be either married or over 21 years of age”. The query is executed by the DVR Query Engine to produce the ZK Proof and the result of the query.
The goal of defining its own query language is to let the Proof Validator client be able to perform queries on the data using an expressive, flexible, intuitive, easy-to-use, and performant scripting language.
The following are the supported basic data types by the DVR Query language:
Integer A signed 64-bit integer data type. Example: 10, -12
String A sequence of characters. Example: "Hello, world!"
Boolean A binary value that can be either true or false
The list of supported operators:
Boolean Operators:
or
and
Relational Operators: >, >=, <, <=
Applies to integer
Equality Operators
Equality operator: == Applies to boolean, integer, and string. In the case of a string, this is a case-sensitive comparison.
Inequality operator: != Applies to boolean, integer, string
String-specific Relational Operations
~!= Case-insensitive inequality operation on a string
~== Case-insensitive equality operation on string
The zkPass Query language also defines the following concepts:
Variable The variable corresponds to the key name of the key/value json element in the query data. To reference nested elements in the json data, delimiter “.” is used as the path separator. The variable must appear on the left-hand side of a relational expression.
Literal (Constant) The constant value is compared to the variable's value. The literal must appear on the right-hand side of a relational expression. The data type of the literal must match that of the variable.