This post was written by the Anon Aadhaar team. If you’re new to Anon Aadhaar make sure to read our initial announcement post.

Introducing Anon Aadhaar v1.0.0

Anon Aadhaar is a protocol that enables Aadhaar holders to prove their identity anonymously. It works by verifying the Aadhaar card's issuer signature, which is issued by the Indian government in formats like PDF, XML, and Secure QR code. These digital versions are signed using RSA, involving a pair of keys: a private key for signing data and a public key for verification.

Our protocol leverages the UIDAI's (government authority) RSA signature, enabling us to verify the documents as anyone could. The novelty of our approach is the use of a SNARK proof in the verification process, which hides sensitive data from the verifier, maintaining the same level of verification while enhancing privacy.

Recap of Previous Version Developments

In the previous version, we implemented RSA verification in Circom using Groth16. We used the eAadhaar PDF, which is easily downloadable by Aadhaar residents, for signature verification.

However, we encountered two major issues:

1. The PDF's size was too large for circuit input

2. A changing timestamp in the document made it impossible to have a consistent identity hash

To overcome these obstacles, we transitioned to use the Aadhaar secure QR code for verification purposes.

This method is not only broadly adopted but also readily accessible through the mAadhaar mobile application or via the printed version of the e-Aadhaar PDF. This adjustment enhances the efficiency of verifying signed identity data and streamlines the process of document parsing within our system.

Key Features in v1.0.0

1. SHA-256 Hash Verification: leveraging zk-email implementation, we've integrated SHA-256 hash verification alongside RSA verification, allowing us to work effectively with the signed data.

2. Extractor: with verified data, our new Circom extractor implementation enables selective extraction of identity fields from the document.

3. Nullifiers: we're now computing two types of nullifiers:

   • userNullifier: this nullifier serves as a high-entropy, unique identifier for each user, virtually eliminating the possibility of collisions between the identifiers of different individuals. It is generated by hashing the combination of the last four digits of a user's Aadhaar number and their identity photo. The unique byte data of the photo enhances the identifier's uniqueness, ensuring distinctness even in the vast pool of users. This approach is particularly useful for app interactions, where collision avoidance is crucial.

     userNullifier=Hash(last4,photo)
     

   • identityNullifier: This nullifier is constructed from a hash of various personal identity elements, including the last four digits of the Aadhaar number, date of birth (DOB), name, gender, and PIN code. The design of the identity nullifier allows for its easy recomputation by users, should there be any changes to their identity data. This feature is particularly valuable for maintaining continuity of identity within the system. For instance, if a user updates their photo—thus altering their user nullifier—they can still be linked to their historical interactions by recalculating the identity nullifier using readily available personal information.

     identityNullifier=Hash(last4,name,DOB,gender,pin code)
     

   The dual nullifier system ensures both robust identity verification and the flexibility to accommodate changes in user data, maintaining a seamless user experience while safeguarding against identity collisions and enhancing privacy and security.

4. Timestamp Check: our circuit extracts the IST signature timestamp, captured at the moment the QR code is signed, and convert it to UNIX UTC timestamp. This serves as a real-time indicator of document issuance and user access to their UIDAI portal, functioning akin to a Time-based One-Time Password (TOTP) system. It ensures document freshness and validates recent user interaction, requiring proofs to be signed within a specified timeframe (e.g., less than 1 hour ago) for verification purposes.

5. Signal Signing: this functionality empowers both applications and users to securely sign any data during the proof generation process, a critical component for implementing ERC-4337 standards. It facilitates the creation of Aadhaar-linked transaction hash signatures, offering a robust mechanism to deter front-running in on-chain transactions by anchoring the msg.sender identity within smart contract interactions. This advancement paves the way for the development of Account Abstraction Wallets, enabling users to authenticate and execute transactions directly with their identity, streamlining the user experience while enhancing security.

6. Improved On-chain Verification Gas Cost: outputting the issuer's public key hash from the circuit allows us to store this value in the AnonAadhaar smart contract, reducing on-chain verification costs.

Looking Forward

We are incredibly excited to see what developers will build using Anon Aadhaar v1! And invite you to join the Anon Aadhaar Community to continue the conversation. To support and inspire your innovative projects, we prepared a variety of resources for you to try:

• GitHub Repository: dive into the codebase and explore the inner workings of our protocol.

• Project ideas to Build with Anon Aadhaar: looking for inspiration? Here are some ideas we’ve compiled.

• On-chain voting Example App: get hands-on with a practical implementation to see how Anon Aadhaar can be integrated into real-world applications.

• Quick Setup Repository: for those eager to get started, this repository provides a streamlined Nextjs setup process.

• Documentation: comprehensive and detailed, our documentation covers everything from basic setup to advanced features, ensuring you have the information needed at your fingertips.

• Roadmap: get an idea about how we’re thinking of evolving the protocol.

We're eager to witness the creative and impactful ways in which the developer community will utilize Anon Aadhaar, pushing the boundaries of privacy and security in digital identity verification. Happy coding!