ZK Circuits

The project uses circom, a functional programming language developed by the Iden3 team, for constructing cryptographic circuits. According to the business processes, we design the cryptographic circuits as follows:

Id Ownership by Signature

This circuit is used for authentication for every interaction

Issuance Non Rev

This circuit is for verifying the issuance of a claim and making sure it is not revoked yet

State Transition

Whether it is Adding, Removing keys or Issuing, Revoking claims, the identity uses the same circuit State Transition

The message used for Authentication is Poseidon(oldStateāˆ£newState)Poseidon(oldState|newState)

Query Credential

This circuit is for holder to prove their claims:

We use Fixed Merkle Tree in proving Set Membership and Non SetMembership when the operation in the attestation is ININ or NOTā€…ā€ŠINNOT\;IN. If helps reduce the number of public inputs as otherwise, using the naive method, in case when the set is relatively large, the number of public inputs will scale linearly with the set's size. With Fixed Merkle Tree, we only have to publish the root, thus fixing a number of public inputs really small.


Here is the number constraints and public inputs for the 2 most important constraints which are used directly by the identities and verified on-chain

CircuitNumber of constraints

Proving Claims



State Transition



Quinary Merkle Tree helps us optimize the number of constraints from ~40k to ~30k.

The Verification fee for the most expensive circuit - Proving Claims if we verify singly proof by proof is roughly 400k, using the batching technique when we verify 10 or 20 proofs at once, the average fee for each proof is decreased to ~120k, just double the fee of ERC-20 transfer.

Last updated