This demo uses Google Sign-In to generate a client authentication token. The token includes a nonce that contains the user's connected wallet address, aligning with similar principles described in the OpenPubkey: Augmenting OpenID Connect with User held Signing Keys paper. The JWT's integrity is verified within the guest zkVM Program using Google's public RS256 signing certificates. The guest uses Bonsai to run the RISC Zero zkVM, generating a cryptographic proof of the JWT's integrity, issuing a receipt that comprises the SNARK, an obfuscated identifier, and the user's address. The finalized proof is posted onchain and verified with the RISC Zero Verifier and used for arbitrary transactions, if valid.

Note: This software is not production ready. Do not use in production.

This is based on the Bonsai Foundry Template for writing an application using RISC Zero and Ethereum.

This repository implements the application on Ethereum utilizing RISC Zero as a coprocessor to the smart contract application. Prove computation with the RISC Zero zkVM and verify the results in your Ethereum contract.

Check out the developer FAQ for more information on zkVM application design.

First, install Rust and Foundry, and then restart your terminal.

# Install Rust
curl https://sh.rustup.rs -sSf | sh
# Install Foundry
curl -L https://foundry.paradigm.xyz | bash

Next, you will need to install the cargo risczero tool. We'll use cargo binstall to get cargo-risczero installed, and then install the risc0 toolchain. See RISC Zero installation for more details.

cargo install cargo-binstall
cargo binstall cargo-risczero
cargo risczero install

This demo requires a Google Cloud Platform account. You will also need an account to generate a client ID to enable Sign-In-With-Google with OIDC via Google Cloud Identity Platform. You can find more information on how to set up Google Sign-In here and here.

You will need an Etherscan API key to verify the contract's source code. You can get one here. This is not required, but is helpful for verifying the contract source code and generating the ABI bindings with wagmi, which is used in the Bonsai Pay UI.

Now you have all the tools you need to develop and deploy an application with RISC Zero.

• Builds for zkVM program, the publisher app, and any other Rust code.

  cargo build

• Build your Solidity smart contracts

  NOTE: cargo build needs to run first to generate the ImageID.sol contract.

  forge build

• Create a .env and update the necessary environment variables as shown in the .env.example file, for the UI.

  cp ui/.env.example ui/.env

• Tests your zkVM program.

  cargo test

• Test your Solidity contracts, integrated with your zkVM program.

  RISC0_DEV_MODE=true forge test -vvv 

Note: To request an API key complete the form here.

With the Bonsai proving service, you can produce a Groth16 SNARK proof that is verifiable on-chain. You can get started by setting the following environment variables with your API key and associated URL.

export BONSAI_API_KEY="YOUR_API_KEY" # see form linked above
export BONSAI_API_URL="BONSAI_URL" # provided with your api key

Now if you run forge test with RISC0_DEV_MODE=false, the test will run as before, but will additionally use the fully verifying RiscZeroGroth16Verifier contract instead of MockRiscZeroVerifier and will request a SNARK receipt from Bonsai.

RISC0_DEV_MODE=false forge test -vvv

To deploy the Bonsai Pay contract, you will need to set the following environment variables. You can read more about deploying with Foundry scripts here. Please note that the contracts are unaudited and should not be used in production chains.

export ETH_WALLET_PRIVATE_KEY="YOUR_PRIVATE_KEY"

You can deploy the contract using the forge deploy script.

forge script script/Deploy.s.sol \ 
  --rpc-url <YOUR_RPC_URL> \
  --broadcast \
  --etherscan-api-key <YOUR_ETHERSCAN_API_KEY> \
  --verify 

• Start the publisher/subscriber app with the configured variables.

  cargo run --bin pubsub -- --chain-id <DEPLOYED_CHAIN_ID> \
    --eth-wallet-private-key <YOUR_PUBLISHER_PRIVATE_KEY> \
    --rpc-url <YOUR_RPC_PROVIDER> \
    --contract <DEPLOYED_BONSAI_PAY_CONTRACT_ADDRESS>

• Start the UI.

  cd ui
  pnpm i 
  pnpm run dev

Below are the primary files in the project directory

.
├── Cargo.toml                      // Configuration for Cargo and Rust
├── foundry.toml                    // Configuration for Foundry
├── apps
│   ├── Cargo.toml
│   └── src
│       └── lib.rs                  // Utility functions
│       └── bin                     
│           └── pubsub.rs           // Publish program results and act as a backend server for proof requests from Bonsai Pay UI
├── contracts
│   ├── BonsaiPay.sol               // Bonsai Pay smart contract
│   └── ImageID.sol                 // Generated contract with the image ID for your zkVM program
├── methods
│   ├── Cargo.toml
│   ├── guest
│   │   ├── Cargo.toml
│   │   └── src
│   │       └── bin                 
│   │           └── jwt_validator.rs  // JWT validation guest program 
│   └── src
│       └── lib.rs                  // Compiled image IDs and tests for guest program
└── tests
│   ├── BonsaiPay.t.sol             // BonsaiPay tests for the contract
│   └── Elf.sol                     // Generated contract with paths the guest program ELF files.
└── oidc-validator
│   ├── Cargo.toml
│   └── src
│       └── lib.rs                  // OIDC JWT validation library
│       └── certs.rs                // JWT validation certificates
└── ui
    └── ...                         // React frontend UI for Bonsai Pay