ZKaptcha
Zkaptcha is the first ever Web3 captcha, designed to operate on the Mina Protocol. It utilizes zero-knowledge proofs and merkle proofs for on-chain reputation and secure captcha verification.
Project Description
Zkaptcha addresses the challenge of implementing a secure and decentralized captcha solution on the Mina Protocol, a blockchain known for its lightweight design and privacy features. Traditional captcha systems in Web2 applications are often centralized, prone to bot attacks, and may compromise user privacy. Zkaptcha introduces a Web3 captcha solution that leverages zero-knowledge proofs (zkps) and merkle proofs to solve these issues.
How it's Made
- Zero-Knowledge Proofs (ZKPs): ZKP Circuit: A custom zero-knowledge proof circuit is designed to enable secure and private captcha verification. The circuit includes:
Input Signals:
providedHash: The hash provided by the captcha creator (Bob). userResponse: The hash of the user-generated preimage. Hashing Function:
Utilizes a custom hashing function or cryptographic primitive. Constraints to ensure the output matches the providedHash. Logging:
Optional debugging or monitoring logs for the hashing process. 2. Merkle Proofs: 2.1 Challenge Generation: Challenges are generated with custom logic, and components include:
image: Captcha image or challenge representation. hash: Hash of the solution_text or challenge solution. 2.2 Merkle Proof Verification: Merkle proof verification is integrated into the zero-knowledge proof, ensuring the user solved a legitimate challenge.
Verification Process:
Validates the merkle proof inside the zero-knowledge proof. Ensures the merkle root used in zkps matches the stored one. 3. Additional Security and Extensions: 3.1 Prevent Replay Attacks: Custom logic to prevent replay attacks, potentially including user-specific information.
3.2 Nullifiers: Maintains a record or mapping of validated hashes to prevent challenge reuse.
3.3 Challenge Time Invalidation: Tracks the creation time of challenges and ensures they are only valid for a specified period.
3.4 Support for Multiple Challenge Generators: Ensures the merkle root corresponds to a valid challenge generator, allowing for decentralized challenge creation.
3.5 Off-Chain Verification: Provides an option for off-chain verification to accommodate applications not requiring on-chain validation.
