📣 Important news

CLI

CLI templates

There are two new templates in the CLI: monorepo-ethers and monorepo-subgraph. You can select which one you prefer when creating your project:

Supported templates:

• contracts-hardhat: It contains a simple contract, a task to deploy it and some tests.
• monorepo-ethers: It is a complete application that contains a simple contract, a task to deploy it, some tests and a Next.js application to interact with that contract. It uses the SemaphoreEthers class to query the Semaphore.sol contract data. SemaphoreEthers is part of the @semaphore-protocol/data package and uses the Ethers library under the hood.
• monorepo-subgraph: It is a complete application that contains a simple contract, a task to deploy it, some tests and a Next.js application to interact with that contract. It uses the SemaphoreSubgraph class to query the Semaphore.sol contract data. SemaphoreSubgraph is part of the @semaphore-protocol/data package and uses The Graph protocol under the hood.

CLI commands

The get-group command in the CLI was split into get-group, get-members and get-proofs.

Commands:

• get-group: It returns the data of a group from a supported network.
• get-members: It returns the members of a group from a supported network.
• get-proofs: It returns the proofs of a group from a supported network.

PR: #303

Contracts

All contracts are using the same addresses on almost all the supported networks. You can take a look at the new contract addresses in the documentation.

PR: #304

Discord Bot

Semaphore has a new Discord bot that can be used to show the data of on-chain groups with a simple command: /get-group . The output of the command is private by default, but you can make it public by adding a third parameter /get-group true. Exciting new features will be integrated in the future, stay tuned!

Repository: https://github.com/semaphore-protocol/discord-bot

   🚀 Features

• @semaphore-protocol/cli:
  • Split the get-group command to make it easier to query group data  -  by @vplasencia (0cbbd)
  • Add checks for template integrity  -  by @vplasencia (14e39)
  • Add inquirer to select a template when creating a project  -  by @vplasencia (4d1a6)
  • Add the hardhat-nextjs-semaphoreethers template  -  by @vplasencia (53d87)
  • Add hardhat-nextjs-semaphoresubgraph template  -  by @vplasencia (58310)

   🐞 Bug Fixes

• Limit some npm scripts to public packages  -  by @cedoor (94bbf)
• @semaphore-protocol/cli:
  • Add solhint file in monorepo-ethers and monorepo-subgraph templates  -  by @vplasencia (7d487)
  • Add gitignore file  -  by @vplasencia (bd897)
  • Update package.json file in monorepos with correct package names  -  by @vplasencia (c4f35)
  • Set the correct env file path  -  by @vplasencia (d9b0a)
• @semaphore-protocol/contracts:
  • Set correct ProofVerifier event parameters  -  by @cedoor (84813)
• @semaphore-protocol/data:
  • Check if groups exist before adding members  -  by @cedoor (6e453)

   🏎 Performance

• @semaphore-protocol/cli:
  • Optimize get-members command  -  by @vplasencia (bb0b5)
  • Optimize get-proofs command  -  by @vplasencia (0b060)

   ♻️ Refactoring

• Ignore .next and public folders  -  by @vplasencia (6afb0)
• @semaphore-protocol/cli:
  • Organize inquirer prompts  -  by @vplasencia (d8ab9)
  • Organize get group ids logic  -  by @vplasencia (93e4a)
  • Change cli template names  -  by @vplasencia (84c1d)
  • Update template apps' names  -  by @cedoor (58de9)
  • Add the next-env.d.ts file to gitignore  -  by @vplasencia (02d13)
  • Set the monorepo-ethers template as default when creating a project  -  by @vplasencia (27ba2)
  • Copy the contents of the .env.example file to a new .env file  -  by @vplasencia (74c2e)
  • Rename the cli hardhat template package  -  by @vplasencia (e38b0)
  • Add access public in package.json file  -  by @vplasencia (abfff)
  • Update package names  -  by @vplasencia (eb997)
  • Remove unused code  -  by @vplasencia (e5cf4)
  • Remove unused import statement  -  by @vplasencia (5dbbd)
  • Remove unused code  -  by @vplasencia (fcaac)
  • Rename cli hardhat-nextjs-semaphoreethers template package  -  by @vplasencia (1c0d1)
  • Add yarn.lock file  -  by @vplasencia (b363c)
  • Rename cli hardhat-nextjs-semaphoresubgraph template  -  by @vplasencia (ee6e1)

    View changes on GitHub

   🚀 Features

• @semaphore-protocol/identity: Add new identity secret attribute and getter  -  by @cedoor (99ea3)

   🐞 Bug Fixes

• @semaphore-protocol/data: Set correct nullifier hash parameter  -  by @cedoor (d36a7)

    View changes on GitHub

📣 Important news

HeyAuthn

HeyAuthn (@semaphore-protocol/heyauthn) is a new library to allow developers to create and manage Semaphore identities using WebAuthn as a cross-device biometric authentication in a way that is more convenient, smoother and secure than localStorage, Chrome extensions, or password manager based solutions.

PR: #285
Special thanks to @vb7401, @rrrliu, @emmaguo13, @sehyunc and @enricobottazzi!

Arbitrum Goerli

Semaphore is now available on Arbitrum Goerli. Please, check the contract addresses in our documentation, or the subgraph endpoint here.

PR: #282

CLI

The Semaphore CLI also supports Sepolia and Arbitrum Goerli now. The commands try to use the Semaphore subgraphs when available, otherwise they use SemaphoreEthers. The template has been updated in accordance with the Semaphore boilerplate.

PRs: #281, #283

OpenZeppelin relay

The Semaphore boilerplate integrated a new relay (no need to deploy backend code anymore!). Relays are a key component in zero-knowledge applications. In order to preserve the user's anonymity, applications need a relay to post the proof transaction to Ethereum (where all transactions are public) on behalf of the user. OpenZeppelin Defender has been used to:

1. Create a OZ Relay for Arbitrum Goerli to send transactions via a regular HTTP API, which takes care of private key secure storage, transaction signing, nonce management, gas pricing estimation, and resubmissions.
2. Create a OZ Autotask to run a code snippet via webhooks and trigger the OZ Relay:

const { DefenderRelayProvider, DefenderRelaySigner } = require('defender-relay-client/lib/ethers');
const { ethers } = require('ethers');

exports.handler = async function(event) {
    const { body } = event.request;
  
	console.info(body)

	if (!body || !body.abi || !body.address || !body.functionName || !body.functionParameters) {
    	throw Error("The request body was not formatted correctly")
    }
  
  	const { abi, address, functionName,  functionParameters } = body

    const provider = new DefenderRelayProvider(event);
    const signer = new DefenderRelaySigner(event, provider, { speed: 'fast' });

    const contract = new ethers.Contract(address, abi, signer);

    const tx = await contract[functionName](...functionParameters);

    return tx.wait();
}

This code can be used for any contract and function, but you are free to customize it or set a whitelist in your relay.

PR: semaphore-protocol/boilerplate#36

   🚀 Features

• @semaphore-protocol/cli:
  • Add support for sepolia network in the cli  -  by @vplasencia (63666)
  • Update get-group command to use sepolia  -  by @vplasencia (4ddf7)
  • Add support for arbitrum goerli  -  by @cedoor (7c4a2)
• @semaphore-protocol/cli-template-hardhat:
  • Add new version of cli-template-hardhat  -  by @vplasencia (4133a)
• @semaphore-protocol/data:
  • Add support for arbitrum goerli network  -  by @cedoor (0571b)
• @semaphore-protocol/heyauthn:
  • Create heyauthn package  -  by @cedoor (f67c1)

   🐞 Bug Fixes

• @semaphore-protocol/cli: Add admin in get-group when using SemaphoreEthers  -  by @vplasencia (46417)

   ♻️ Refactoring

• @semaphore-protocol/cli:
  • Organize get-groups command code  -  by @vplasencia (eefff)
  • Remove unused code  -  by @vplasencia (4ecf2)
  • Remove unnecessary code in get-group command  -  by @vplasencia (716a2)

    View changes on GitHub

No significant changes

    View changes on GitHub

   🐞 Bug Fixes

• @semaphore-protocol/data: Set correct check for group existence  -  by @cedoor (7b938)

    View changes on GitHub

No significant changes

    View changes on GitHub

📣 Important news

Testnet networks

We are excited to announce that Semaphore is now available in the following testnet networks: Sepolia, Mumbai and Optimism Goerli. Please, check the contract addresses in our documentation. We will work to deploy the contracts on the mainnets as soon as possible!

New Semaphore package

⚠️ @semaphore-protocol/subgraph package has been replaced by @semaphore-protocol/data, which contains the former subgraph class (now SemaphoreSubgraph) and a new class (SemaphoreEthers). SemaphoreEthers supports all Ethers providers and networks and thus provides devs with a more flexible and simple solution to directly fetch on-chain data, potentially more convenient in the early stages of development.

Please, check out its README file for more information.

PR: #264
Special thanks to @vplasencia for the idea!

New subgraph endpoints

Semaphore discontinued TheGraph Hosting Service and is using TheGraph Studio now. You can find the new endpoints in our subgraph repository. New endpoints for Mumbai and Optimism Goerli are also available!

More security

⚠️ The hash function for generating Semaphore identities from secret messages has been updated to add an additional layer of security. Thus, the secret values of identities generated from v3.2.0 will be different from previous versions. The Semaphore core libraries (identity, group, proof) will not have any breaking changes in the future unless there are major bugs.

PR: #262
Special thanks to @vimwitch!

More efforts on packages' size

We know that package size is a key issue in adoption, especially in countries where connectivity is still slow. @semaphore-protocol/identity package's size has been drastically reduced, decreasing from 1.2 MB to 114.6 kB. Check out the progress on Bundlephobia!

PR: #271
Special thanks to @vimwitch!

Semaphore benchmarks

Semaphore has a new repository to collect benchmarks. Currently there is a simple web page that can be used to test the speed of generating a Semaphore proof in your devices. Try generating a Semaphore proof yourself on https://benchmarks.semaphore.appliedzkp.org!

   🚀 Features

• @semaphore-protocol/data:
  • Create new data package  -  by @cedoor (fc2f6)
  • Add support for mumbai network  -  by @cedoor (6b498)
  • Add support for optimism goerli network  -  by @cedoor (3722b)
• @semaphore-protocol/identity:
  • Prepend hex strings with 0x  -  by @vimwitch (3c359)
  • Use sha512 to extract more entropy from message  -  by @vimwitch (ed635)
• @semaphore-protocol/hardhat: add hardhat task to deploy semaphore verifier only - by @shiyingt (97279)

   ♻️ Refactoring

• @semaphore-protocol/contracts: Change Semaphore__InvalidProof to InvalidProof - by @0xdeenz (dc39c)

    View changes on GitHub

   🚀 Features

• @semaphore-protoco/subgraph:
  • Add query filters to subgraph library  -  by @saleel (bc8f3)
  • Add option to specify subgraph URL in subgraph library  -  by @saleel (fc4db)
• @semaphore-protocol/cli:
  • Add check for latest version  -  by @vplasencia (ed812)
  • Integrate inquirer in create command  -  by @vplasencia (7f63c)
• @semaphore-protocol/group:
  • Add id attribute to group class  -  by @cedoor (202fc)

    View changes on GitHub

Changelog

🚀 New Features

Semaphore CLI

Your Semaphore project can now be created with a simple command-line tool. For more information see the README file of our package or try our new Quick Setup in our documentation. Currently it can be used to create a project with Hardhat and Semaphore contracts (cli-template-hardhat) but we plan to integrate new templates (e.g. Foundry template).

By @cedoor in #191, #220, #228

Semaphore Hardhat plugin

The Hardhat plugin for Semaphore can be used to deploy the Semaphore.sol contract with a simple Hardhat task. For more information see the README file of our package.

By @cedoor in #140

🐛 Bug Fixes

Editor’s entity may be overwritten (V-SEM-VUL-003)

If an entity’s editor is overwritten, that entity would no longer be able to add or remove whistleblowers in the future. A malicious actor could therefore use createEntity to disrupt the expected operation of the contract.

For more information see the Github issue or read the Veridise report below.

By @cedoor in #199 (bug found by Veridise)

merkleRootDuration cannot be changed (V-SEM-VUL-007)

The admin might not know an appropriate value for the merkleRootDuration and may like to change it if the the initial value is inconvenient. In addition, under certain circumstances a poorly chosen value could cause verifyProof to fail.

For more information see the Github issue or read the Veridise report below.

by @cedoor in #208 (bug found by Veridise)

Infinite loop if input array is too large (V-SEM-VUL-006)

If an admin adds more than 255 members, the infinite loop will consume all of the transaction’s gas and then revert. This therefore can waste a user’s funds.

For more information see the Github issue or read the Veridise report below.

by @cedoor in #205 (bug found by Veridise)

Different checks used to determine if group exists (V-SEM-VUL-010)

In the unlikely scenario that the group exists and the root hash is 0, legitimate verify, update, and remove transactions would get rejected until the root hash changes.

For more information see the Github issue or read the Veridise report below.

by @cedoor in #206 (bug found by Veridise)

No zero value validation (V-SEM-VUL-001)

First, this value allows the creator of a group guaranteed access to the group. In certain circumstances this may be undesired (for example if the admin is not the group creator such as if the admin is a DAO that votes on who to add/remove or if an admin is changed) as the original creator has a permanent method of influencing the application that uses the groups. There are similar methods an admin (who might not be the group creator) can use without the zeroValue but these (1) are more visible as adding members is a matter of public record and (2) can be undone by removing the user.

Second, if common values such as 0 are repeatedly used and the identity commitment of this value is eventually compromised, such a user would be able to gain membership to all groups that use this value as the zeroValue.

For more information see the Github issue or read the Veridise report below.

By @cedoor in #197 (bug found by Veridise)

Minor bug fixes

• No version range for snarkjs and poseidon-lite dependencies by @cedoor in #226
• Fix/add ts suppress error comment by @vplasencia in #223
• Merkle roots for any tree update by @cedoor in #167

♻️ Refactoring

One Verifier to rule them all

The old SemaphoreCore.sol contract allowed zero-knowledge proofs to be verified using 17 other Verifier.sol contracts, each of which contained the same functions but with different parameters generated according to the depth of the Merkle tree. The new SemaphoreVerifier.sol contract contains the same functions and an array of parameters that differ in the Verifier.sol contracts, thus not duplicating the code and reducing the number of lines of code by about 3800. Deploying Semaphore contracts on other networks therefore becomes extremely cheaper.

By @cedoor in #166, #168

New Poseidon library

@semaphore-protocol/identity now uses poseidon-lite, a stripped down Poseidon implementation pulled from circomlibjs v0.0.8. This made it possible to drastically reduce code previously imported from the circomlibjs library that was not actually used.

By @cedoor in #173 (thanks to @vimwitch)

Minor changes

• Public merkleTree attribute and new method name by @cedoor in #163
• Remove modifiers from proof verification functions by @cedoor in #164
• New hash function to normalize signal & external nullifier by @cedoor in #170
• No SNARK restrictions for Group IDs by @cedoor in #180
• New hash function to generate identity secrets by @cedoor in #194
• Migrate from hardhat-waffle to hardhat-chai-matchers by @cedoor in #195
• Update circuits' nLevels comment by @cedoor in #204
• General refactoring and additional documentation to contracts by @cedoor in #210
• Arbitrum subgraph by @cedoor in #231

Migration

Some functions of the contracts and JavaScript libraries have been revised to make the dev experience smoother. Below are details of the changes to simplify your migration from v2.6.1 to v3.

@semaphore-protocol/contracts

SemaphoreVerifier.sol

The old Verifier contracts and the SemaphoreCore.sol contract were replaced by a single SemaphoreVerifier.sol contract, which contains a single external function to verify proofs. The old verifier parameter (the verifier contract address) was replaced by merkleTreeDepth.

- _verifyProof(signal, merkleTreeRoot, nullifierHash, externalNullifier, proof, verifier);
+ verifier.verifyProof(merkleTreeRoot, nullifierHash, signal, externalNullifier, proof, merkleTreeDepth);

SemaphoreGroups.sol

The zero value required for the Merkle trees of groups is now created internally based on the group id.

- _createGroup(groupId, merkleTreeDepth);
+ _createGroup(groupId, merkleTreeDepth, zeroValue);

Semaphore.sol

According to the new SemaphoreVerifier.sol contract, the constructor of Semaphore.sol only needs one address now.

- constructor(Verifier[] memory _verifiers) {
-   for (uint8 i = 0; i < _verifiers.length; ) {
-     verifiers[_verifiers[i].merkleTreeDepth] = IVerifier(_verifiers[i].contractAddress);
-
-     unchecked {
-       ++i;
-     }
-   }
- } 
+ constructor(ISemaphoreVerifier _verifier) {
+   verifier = _verifier;
+ }

According to the new SemaphoreGroups.sol contract, the createGroup function only needs three or four parameters now.

- createGroup(groupId, merkleTreeDepth, admin);
+ createGroup(groupId, merkleTreeDepth, zeroValue, admin);

- createGroup(groupId, merkleTreeDepth, admin, merkleTreeDuration);
+ createGroup(groupId, merkleTreeDepth, zeroValue, admin, merkleTreeDuration);

@semaphore-protocol/identity

Get the identity commitment

The identity commitment is generated in the constructor of the class, so that it is immediately available as an accessor property together with trapdoor a nullifier.

import { Identity } from "@semaphore-protocol/identity"
import { Group } from "@semaphore-protocol/group"

const identity = new Identity()
const group = new Group(1)

- group.addMember(identity.generateCommitment())
+ group.addMember(identity.commitment)

@semaphore-protocol/group

Create a group

The constructor parameters of the Group class are in accordance with the parameters of the createGroup fun...