Purpose

ZkCertificates, such as ZkKYC, belong to individual people. Only they can use it on-chain with the blockchain account they control. Guardians who issued a ZkCertificate should not be able to track this usage to preserve the user's privacy.

The holder commitment is the field in each ZkCertificate that implements this purpose. It has the following properties:

• Link ZkCertificate to an account owning it. Only this account can authorize using the ZkCertificate.

• Cryptographically hide this link, so that on-chain activity can not be associated with personal data known by the guardian issuing it.

• Ensure that certificate correctness is verifiable in a zero-knowledge circuit.

• Be deterministic for recovery from a user's mnemonic phrase.

Technical Implementation

The holder commitment of an account is defined by

$holderCommitment = poseidonHash( eddsaSignature ( poseidonHash (publicKey)))$

The result is a 256-bit unsigned integer in the Poseidon modulo field. The public key and the private key used for signing are generated according to the EdDSA standard.

How to obtain it

Users can generate the holder commitment in the Galactica Snap for Metamask. It holds the account's keys which are derived from the users main seed phrase, the one from setting up Metamask, not from imported (hardware-) wallets. We are going to add an option to generate it from a hardware wallet in the future when this feature is available in Metamask.

After generating the holder commitment, the Snap also attaches an encryption key to the resulting file. We call this file, which contains both an encryption key and the holder commitment as The Holder Commitment File. User sends the holder commitment file to the guardian, so the latter can encrypt the generated zkCert with the provided encryption key.