RLN: Signatures instead of raw private key #113
Description
Right now the user's private RLN key is part of the circuit input see. It is provided so that you can prove that this hashed private key is part of a given merkle tree represented by root r. The fact that the private key is an inpur to the circuit is not an issue per se, since the user generates the proof locally and the key is not shared with third parties.
However it makes the integration with key management apps tricky. Imagine your private key is managed by metamask or any wallet. While they usually offer to export the private key, it is not seen as a good practice for security reasons. It is better to let these wallet handle your keys, and use them to sign stuff. As it is, waku/rln can't leverage this existing tools.
So the suggestion here would be to modify the RLN circuits to rely on a signature verification rather than using the raw key. At the end of the day what we want to proove is that you know the private key. As it is, its done by revealing the key as it is. But the same statement can be prooved by signing a given message. If the signature verifies correctly, then the verifier knows the prover knows the private key.
This would allow waku users to use keys managed by metamask or other apps, without having to manually export the private key and giving a Web3 UX with existing tools.
I'm aware verifying secp256k1 signatures in circom is not trivial and is expensive. Unsure what would be the penalty in terms of prooving/verification times.