I have created a declarative language for expressing zero-knowledge proofs, that can be compiled into an executeable representation of R1CS gadgets. The goal is to showcase benefits of restrictions in expressiveness (compared to existing general-purpose high-level languages) and a requirement for witness data to comply to a public schema (e.g. a passport or drivers license) such as readability and additional tools for error prevention through type safety.
The code, documentation and examples are available on GitHub.
Statements written in the language can be compiled into an intermediate representation of R1CS gadgets (called bulletproofs_gadgets) executable using the experimental R1CS API of dalek-cryptograhy’s Bulletproofs implementation.
A proof of age claiming a person being born at least 18 years ago using a goverment-issued passport as witness could be expressed as:
PROOF FOR WITNESS myPassport COMPLIANT TO us_passport THAT myPassport.dateOfBirth <= 20020123
us_passport would for example be a JSON schema published by the U.S. government defining the fields and data types of a valid passport along with an additional statement to express logic used to prove the authenticity of a document. In this case this could be the structure of a merkle tree for the government to sign and publish the root hash for:
PROOF FOR THIS THAT public.rootHash IS MERKLE ROOT OF ( ( (private.firstName, private.lastName), (private.dateOfBirth, private.placeOfOrigin) ), ( (private.dateOfIssue, private.dateOfExpiry), (private.authority, private.identifier) ) )
A full example of a proof of age together with instruction to its execution can be found as example within the repository.
As this is the first iteration of the language, any feedback, inputs and ideas would be appreciated.