JWZ - JSON Web Zero Knowledge
JSON Web Zero-knowledge (JWZ) is an open standard for representing messages proven with zero-knowledge technology.
In Iden3 Protocol, JWZ is the core primitive to manage communications between different parties. A JWZ expands the signature schema of the popular JWT standard.
Any message can be packed inside a JWZ while the signature guarantees data integrity and provenance of the message, providing helpful metadata among the message.
JWZ
This is an example of a JWZ generated by an identity wallet as a response to the auth request generated in the ZK-login Integration Demo.
JWZ consists of three parts separated by dots (.), which are:
- Header
- Payload message
- Signature
eyJhbGciOiJncm90aDE2IiwiY2lyY3VpdElkIjoiYXV0aCIsImNyaXQiOlsiY2lyY3VpdElkIl0sInR5cCI6ImFwcGxpY2F0aW9uL2lkZW4zLXprcC1qc29uIn0.eyJpZCI6IjZhOWU4MDlhLTAwNzktNDI2OS1hMzA5LTdlYmIyZDE2YTIzYyIsInR5cCI6ImFwcGxpY2F0aW9uL2lkZW4zY29tbS1wbGFpbi1qc29uIiwidHlwZSI6Imh0dHBzOi8vaWRlbjMtY29tbXVuaWNhdGlvbi5pby9hdXRob3JpemF0aW9uLzEuMC9yZXNwb25zZSIsInRoaWQiOiI3ZjM4YTE5My0wOTE4LTRhNDgtOWZhYy0zNmFkZmRiOGI1NDIiLCJmcm9tIjoiMTFCckE5cmhiWEJwWEMyS0tUOTlzNTEyc1htYnlWa3V1MjFuWWU0NHFiIiwidG8iOiIxMTI1R0pxZ3c2WUVzS0Z3ajYzR1k4N01NeFBMOWt3REt4UFVpd01MTloiLCJib2R5Ijp7Im1lc3NhZ2UiOiJtZXNzYWdlIHRvIHNpZ24iLCJzY29wZSI6W3siaWQiOjEsImNpcmN1aXRfaWQiOiJjcmVkZW50aWFsQXRvbWljUXVlcnlTaWciLCJwcm9vZiI6eyJwaV9hIjpbIjIzNDkzNTkyMTg4NjIyMTAxOTk4NTgzMTc3MTE2OTMwMDAyNTg2MzIwMjQxMzk4MjE2NTQ0MTk1Nzg4MTg3MTc0MDk5MTExMDMzNDUiLCI5NzgzNjU5NTQyNzgxOTM1OTQ3NTk0MjcxMTk1ODA5OTk3MzcyOTM4NDk5NzQ1MDM3NzI1MjMxNDgwNjE3NzgyODk1MTA4Nzk4NjM4IiwiMSJdLCJwaV9iIjpbWyIyNzIyNTc0ODgxMjgxNTQ1MDgyOTAzNjAyMjIyMDYwOTQ3MjA3OTA0NzcwMjYyMzMwOTM2NTQ3MTQ5NjAzNzAxNzE5MTE1Njc2OTY2IiwiOTEyNTA4MDA3ODY0MzM4OTU0ODIzNzExMjk1NDU2MzAyOTE4NTU1NjI4NjMwMTg5MDM5ODc2MzUxNDUyMzExOTQ4MDAzNjU3MDMxMSJdLFsiMTM2NDAzMDk4MDA3ODQwNTUyMDI2OTYwOTk3ODI5MTk3OTg1NjE5ODU0OTA3MDI2NjM1MzgxNjgyMTkxMTUxNzU4NDk5OTk5MTkzNzMiLCIxMDM2MzMyMDQ2MjI5NjAwMTc5ODU2MDUwNTc4MTM5NzM3MzAzMjk0MzI5NzU3MTU4OTY3NzA3NjQyMDU1MDg3Nzg2MzYzNDQ3NzY1MiJdLFsiMSIsIjAiXV0sInBpX2MiOlsiMTk0NjgyODk1MDc0Mjg1MTUyOTcwNTU0MjM1MjEzNjkwNTg1MTQ4NTgyMjgxMTE0MDA2MTkzOTcwODkxODQ3OTg3OTU1MDIwMzA0MzQiLCI2MTg0NTc0NjY3ODYyNjg5OTQ2Mjk0MzgwMDAxMDk5NjgzOTI3NTYwMzk0ODE4MjM2Mzc5MzEzNTgxMTI2NjIwMjYyMDUxMzI1OTkwIiwiMSJdLCJjdXJ2ZSI6bnVsbCwicHJvdG9jb2wiOiJncm90aDE2In0sInB1Yl9zaWduYWxzIjpbIjE2NTE2MTkxMjIyMjc2NDg0NzQzMDE5NDIyMDM5ODIxMTA4ODcwNjI3MjcxNTgwNzIwMzI5NTk5MzQwNzg5MjQxMjcwMDE1Mjg2Mjg4IiwiMzc4MTg4ODY2MjM0Njc5Nzk0MTcxNjY1Njk4NTU0NjQ4OTEyMjYyNTUwMTQzODY2NTUyMzY5MTQ3NDY4MTY2OTAyMzc4NzkwOTEyIiwiMTI5NzU3NjYzNTEzNTMyMjM1ODA4MDk5MDYxNzAwMDY0NjYwNzAzOTQ3NDE3ODM5MjUzOTI2OTE1MTU5NDc2NTI2NDc1MTY3NDYxODIiLCIxIiwiNTMxMDMwMjA4MzM5MTc0NDM5OTUxMDAxNTExODU5MjI4OTU5MTYyMTkzNDcwNzY5NTM2MDMwMzIxODI4MTIyMjI2MDczOTI3NjgiLCIxNTU4NjUxOTcwMDcwNTkxMjc3OTE3MzU3MzgzMDEyMTYyMzU2NTg4OTcyODE3MjAzOTE5NTk2ODQyNTU3MTA5MTAxMzc0NTY5ODg2NiIsIjE2NTUzMDQwNDkiLCIyMTA0NTk1Nzk4NTkwNTgxMzU0MDQ3NzAwNDM3ODgwMjgyOTIzOTgiLCIyIiwiMiIsIjIwMDAwMTAxIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIiwiMCIsIjAiLCIwIl19XX19.eyJwcm9vZiI6eyJwaV9hIjpbIjIxNzkwODAzMjI2NDE1NDQzNTg3NTAzMjk4NzY5MjQwODA5MDYzMTE5MTgzMjY4MzMzODU1NzM4MTI4NDU4MDA2NjI1MTM4NzM4MTIwIiwiMTY2OTg2MjAyMzY2MjE3Mjk1MjM4NjUzNzc5MTkzODMyNjM2MDc3MzQ4OTU0NjQ5MDEwNDY2ODI3Mjc0NDE4NDczODcwNTM0NTIyMjMiLCIxIl0sInBpX2IiOltbIjQ1MzU3NDg4NDc0NTE2MjA3MjcwMzA4NTA5NjgzNDgyODM1MzMyMjE4OTIxNTY0Nzk3ODQ0Nzg1NTA1NzYyOTE5Njc4NzAxNDYzNjkiLCI5NzM4MjczODE4NDA0ODMyNzYzNzk3NzU1NzI5MzY0NDY5MzU5MDMyNTg5Mzc0MjU3MDc3OTg3MzE0ODQwMDc0MjkxNzAwMDQ2NjYzIl0sWyI4MDQyMTUzMDUwOTA0ODE0NzUzNTI0Mjk5OTM2OTczNjg4MDMzNDg0NzU5MDk5MDAwNjE2OTUyNTk3MjQwOTI0MDIwMTYxNTIyOTAzIiwiMTIxODAwMzE1NDk1NzkwMzU5OTI1MTU5NDI5MzQ1MDk3MjgwNzQ0NDYwMzU5MDU2MDkxNzA2MDAxMTE3NDM4MDgxMDM2MzE1MzAxNiJdLFsiMSIsIjAiXV0sInBpX2MiOlsiMTA3OTQ0MzMyNTU0NTc0MDU0NTcxNTA5NjUxMDgyNDI0MTg2NzkyNzEyNjQyOTExNDIwNzkzNTgzODc3OTUwNTA4NzE4MTg0MDU4NjIiLCIyMDk0MjA1NTIxMTA2NDMyNTg2NjU4NjUxMDAwNzU2NjgwMjcyNjg3NjgxNjIzNzEyMTgyODM2MDQ4Mzk0ODc0MTIyMzk5MTkzNTE5OCIsIjEiXSwicHJvdG9jb2wiOiJncm90aDE2In0sInB1Yl9zaWduYWxzIjpbIjE4MDE2NDYyOTI3NzgzNjAwNDgyODIyNjgxNTQ4OTg1MDYxMDk5MzY5MTQ0MjczMzE1OTA1MDU1Mzc4NDUxMjg5NzM1MjY0MTI3NTMyIiwiMTI5NzU3NjYzNTEzNTMyMjM1ODA4MDk5MDYxNzAwMDY0NjYwNzAzOTQ3NDE3ODM5MjUzOTI2OTE1MTU5NDc2NTI2NDc1MTY3NDYxODIiLCIzNzgxODg4NjYyMzQ2Nzk3OTQxNzE2NjU2OTg1NTQ2NDg5MTIyNjI1NTAxNDM4NjY1NTIzNjkxNDc0NjgxNjY5MDIzNzg3OTA5MTIiXX0
Each part of the token can be parse into human-readable string by base 64 decoding.
Header
Defines the feature of the token.
{
"alg":"groth16",
"circuitId":"auth",
"crit":["circuitId"],
"typ":"application/iden3-zkp-json"
}
alg - is a zero-knowledge algorithm that is used for proof generation.
circuitId - is a circuit that is used for proof generation. For authentication - auth circuit must be used.
crit describes the list of header keys that the verifier must support.
typ is the media type of the message. In our case, it’s the protocol type of packed message application/iden3-zkp-json
Payload Message
Contains the message that wants to be shared with another party
In this example the message is the proof related to the query analysed previously. However, any type of message can be included in the payload.
{
"id":"6a9e809a-0079-4269-a309-7ebb2d16a23c",
"typ":"application/iden3comm-plain-json",
"type":"https://iden3-communication.io/authorization/1.0/response",
"thid":"7f38a193-0918-4a48-9fac-36adfdb8b542",
"from":"11BrA9rhbXBpXC2KKT99s512sXmbyVkuu21nYe44qb",
"to":"1125GJqgw6YEsKFwj63GY87MMxPL9kwDKxPUiwMLNZ",
"body": {
"message":"message to sign",
"scope":[
{"id":1,
"circuit_id":"credentialAtomicQuerySig",
"proof":
{"pi_a":["2349359218862210199858317711693000258632024139821654419578818717409911103345","9783659542781935947594271195809997372938499745037725231480617782895108798638","1"],
"pi_b":[["2722574881281545082903602222060947207904770262330936547149603701719115676966","9125080078643389548237112954563029185556286301890398763514523119480036570311"],["13640309800784055202696099782919798561985490702663538168219115175849999919373","10363320462296001798560505781397373032943297571589677076420550877863634477652"],["1","0"]],
"pi_c":["19468289507428515297055423521369058514858228111400619397089184798795502030434","6184574667862689946294380001099683927560394818236379313581126620262051325990","1"],
"curve":null,
"protocol":"groth16"},
"pub_signals":["16516191222276484743019422039821108870627271580720329599340789241270015286288","378188866234679794171665698554648912262550143866552369147468166902378790912","12975766351353223580809906170006466070394741783925392691515947652647516746182","1","53103020833917443995100151185922895916219347076953603032182812222607392768","15586519700705912779173573830121623565889728172039195968425571091013745698866","1655304049","210459579859058135404770043788028292398","2","2","20000101","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"]
}
]
}
}
Signature
It represents a ZK authentication proof based on the auth circuit
{
"proof":
{"pi_a":["21790803226415443587503298769240809063119183268333855738128458006625138738120","16698620236621729523865377919383263607734895464901046682727441847387053452223","1"],
"pi_b":[["4535748847451620727030850968348283533221892156479784478550576291967870146369","9738273818404832763797755729364469359032589374257077987314840074291700046663"],["8042153050904814753524299936973688033484759099000616952597240924020161522903",
"1218003154957903599251594293450972807444603590560917060011174380810363153016"],["1","0"]],"pi_c":["10794433255457405457150965108242418679271264291142079358387795050871818405862","20942055211064325866586510007566802726876816237121828360483948741223991935198","1"],
"protocol":"groth16"},
"pub_signals":["18016462927783600482822681548985061099369144273315905055378451289735264127532","12975766351353223580809906170006466070394741783925392691515947652647516746182","378188866234679794171665698554648912262550143866552369147468166902378790912"]
}
Difference between JWT and JWZ
JWT relies on digital signatures for secure transmission of information. In particular "JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA". (JWT.io). In JWZ, this signature is performed with Zero Knowledge. In particular:
- The
headerand thepayloadgets hashed together using the poseidon hash - The JWZ initiator signs the hashed content using his/her private key
- The JWZ creator generates a proof using the authorization circuit to demonstrate that his/her identity signed the content
- The proof gets included in the
zero knowledge proofof the JWZ together with the public inputs used inside the circuit to generate the proof - Any third party that access the JWZ can verify the proof to check if the information contained in the payload actually originated from that identity and hasn't tampered with.
Usage
JWZ represents the main instrument to communicate securely between parties off-chain. This data primitive integrates seamlessy withing web2 architectures for authentication purposes.
Here we used the JWZ to manage the communication between user and verifier. A JWZ can also be used in the communiciation between user and issuer for user to prove their identity in order to fetch the claims associated with their identity.
For web3/smart contract based authentication the data must be passed in a different format. This will be the subject of the next section of the tutorial.