Semaphore is an anonymous signalling protocol for Ethereum. This means that you can vote/rsvp/etc without revealing your identity in a group of eligible entities. How does this work in a nutshell?
users generate an identity and a commitment to this secret identity
users submit their identity commitments to an admin who manages a Merkle Tree consisting of the submitted identity commitments
once the Merkle Tree is complete, users may submit a zero-knowledge proof proving their membership in the Merkle Tree
users send their vote or some generic signal along the proof.
Semaphore is designed to disallow double-signalling, i.e. users cannot vote twice with the same identity.
Structure
Semaphore can be divided into four main parts:
identities: user-generated identities that can be ephemeral (single-use) or deterministically (re)generated using a secret seed
groups: Merkle Trees accumulating the identity commitments (these can be stored and managed either on- or off-chain)
circuits: used for generating zk proofs (Groth16 SNARKs) which can be verified either on- or off-chain
contracts: for managing Merkle Trees and verifying proofs on-chain
How we could use it?
Off-chain Merkle Trees
our backend stores and maintains a Merkle Tree for each "privacy" role
users go through the same requirement checks when they want a role, but they also submit an emphemeral (one-time) identity along with their join request
if they pass the requirement checks, their identity commitment is added to the "privacy" role's Merkle Tree
On-chain Merkle Trees
we deploy a semaphore contract for each "privacy" role that only requires on-chain assets to join (e.g. tokens/credentials)
users can only join the on-chain Merkle Tree, if they pass a specific token/asset check on-chain (these could be Guild credentials as well)
when users want to join a discord server/telegram channel, they send a membership proof to the respective bot along with their dc/tg identity
the bot queries the Merkle Root from the Guild backend or the contract, checks the proof and grants them access without knowing which registered guild user joined the server
Notes and caveats
Semaphore is more of a tool that builds on Guild, i.e. it is usable by users who already have access to a role. The Semaphore identity is not an Ethereum address and it doesn't have any tokens, funds, etc. It is essentially just two secret numbers that makes proving knowledge of these numbers (witnesses) much easier and lightweight than proving ownership of an EVM address. Thus, we need extra steps to link it to the user's registered addresses.
IMPORTANT Even if we track that an address has sold an NFT and we remove their commitment from the Merkle Tree, we have no way to remove them from a discord server/telegram channel automatically. So the same issue holds as with our old solution.
However, we could link a deterministic identity commitment to a user's addresses, thus, when they sell their assets and lose the role, we can remove their commitment from the merkle tree and they won't be able to use semaphore-related apps connected to the role anymore.
Description
Semaphore is an anonymous signalling protocol for Ethereum. This means that you can vote/rsvp/etc without revealing your identity in a group of eligible entities. How does this work in a nutshell?
Semaphore is designed to disallow double-signalling, i.e. users cannot vote twice with the same identity.
Structure
Semaphore can be divided into four main parts:
How we could use it?
Notes and caveats
Semaphore is more of a tool that builds on Guild, i.e. it is usable by users who already have access to a role. The Semaphore identity is not an Ethereum address and it doesn't have any tokens, funds, etc. It is essentially just two secret numbers that makes proving knowledge of these numbers (witnesses) much easier and lightweight than proving ownership of an EVM address. Thus, we need extra steps to link it to the user's registered addresses.
IMPORTANT Even if we track that an address has sold an NFT and we remove their commitment from the Merkle Tree, we have no way to remove them from a discord server/telegram channel automatically. So the same issue holds as with our old solution.
However, we could link a deterministic identity commitment to a user's addresses, thus, when they sell their assets and lose the role, we can remove their commitment from the merkle tree and they won't be able to use semaphore-related apps connected to the role anymore.
Potential contributions