zkIntent: Zero-Knowledge Intent-Based Policy Enforcement

A full stack implementation of a zero-knowledge proof system to enforce user-defined Ethereum transaction policies such as:

• ✅ Maximum spend limits
• ✅ Destination address allowlist
• ✅ Rate limits (time-based access)
• ✅ Private calldata via hash commitments
• ✅ Intent signing and verification

---

🧱 Structure

zkIntent/
├── circuits/
│   └── intent_policy.circom          # Circom ZK circuit enforcing the policy
├── contracts/
│   ├── Verifier.sol                  # Groth16 verifier contract (auto-generated)
│   └── IntentExecutor.sol            # Smart contract to execute ZK-verified intents
├── scripts/
│   ├── generate_input.ts             # Creates witness input JSON from intent data
│   ├── prove.ts                      # Compiles, generates ZK proof, and verifies
├── test/
│   └── IntentExecutor.t.sol          # Foundry test suite
├── input.json                        # Sample input for the ZK circuit
├── witness.wtns                      # ZK witness (generated)
├── proof.json / public.json         # ZK proof artifacts
├── zkey/                            # Zkey + ptau files
├── verifier.sol                     # Verifier contract (output of snarkjs)
└── README.md

---

🔧 Requirements

• Node.js >= 18
• Circom 2.0
• snarkjs
• Foundry (forge)

---

🚀 Getting Started

1. Install Dependencies

npm install
forge install

2. Compile Circuit

circom circuits/intent_policy.circom --r1cs --wasm --sym -o build/

3. Setup Trusted Setup

snarkjs powersoftau new bn128 12 pot12_0000.ptau
snarkjs powersoftau contribute pot12_0000.ptau pot12_final.ptau
snarkjs groth16 setup build/intent_policy.r1cs pot12_final.ptau zkey/intent_policy.zkey

4. Generate Proof

node scripts/generate_input.ts > input.json
snarkjs wtns calculate build/intent_policy.wasm input.json witness.wtns
snarkjs groth16 prove zkey/intent_policy.zkey witness.wtns proof.json public.json

5. Generate Solidity Verifier

snarkjs zkey export solidityverifier zkey/intent_policy.zkey contracts/Verifier.sol

6. Deploy Contracts

forge script scripts/Deploy.s.sol --rpc-url $RPC_URL --private-key $PRIVATE_KEY --broadcast

---

✅ Intent Execution Flow

1. User signs keccak(to, value, keccak(data), nonce) off-chain.

2. Client generates ZK proof that:

   • value ≤ maxLimit
   • to ∈ allowlist
   • timestamp - lastUsedTime ≥ rateLimit
   • intent is signed correctly

3. Proof is submitted to IntentExecutor.sol onchain.

4. Contract verifies proof and executes the transaction.

---

🧪 Test

forge test -vv

---

🔐 Optional Enhancements

• Use Poseidon hash for calldata privacy
• Extend to ERC20/ERC721 transfer intents
• Add spend-tracking via Merkle state tree for rate limiting
• Aggregate multiple intents into a single proof

---

License

MIT