Skip to main content
Version: V4-beta



The identity of a user in the Semaphore protocol. A Semaphore identity consists of an EdDSA public/private key pair and a commitment. Semaphore uses an EdDSA implementation based on Baby Jubjub and Poseidon.

Identity commitment​

The public Semaphore identity value used in Semaphore groups. Semaphore uses the Poseidon hash function to create the identity commitment from the Semaphore identity public key.


A group is a Merkle tree in which each leaf is an identity commitment for a user. Semaphore uses the LeanIMT implementation, which is an optimized binary incremental Merkle tree. The tree nodes are calculated using Poseidon.

Merkle tree​

A tree in which every leaf (i.e., a node that doesn't have children) is labelled with the cryptographic hash of a data block, and every node that isn't a leaf is labelled with the cryptographic hash of its child node labels. In zero-knowledge protocols, Merkle trees can be used to efficiently summarize and validate large data sets. To validate that a tree contains a specific leaf, a verifier only needs a portion of the complete data structure.


A value used like a topic on which users can generate a valid proof only once. The scope is supposed to be used to generate the nullifier.


A value designed to be a unique identifier and used to prevent the same zero-knowledge proof from being used twice. In Semaphore, the nullifier is the hash of the scope and private key of the user's Semaphore identity.


The term "message" in Semaphore refers to the value the user broadcasts when voting, confirming, sending a text message and so on.


A third-party who could receive a fee for including relayed transactions in the blockchain (McMenamin, Daza, and Fitz., p.3). To preserve the anonymity of the user broadcasting a message with Semaphore, an application may use a relayer to send the transaction to Ethereum on behalf of the user.

Trusted setup​

A trusted setup in the context of zero-knowledge proofs, particularly zk-SNARKs, is a preparatory phase where certain parameters are generated for later use in creating and verifying proofs. This process must be conducted by trusted parties, as any retained secret information (toxic waste) could compromise the system's integrity by enabling the creation of false proofs.

Trusted setup files​

The secure, verifiable parameters generated by Semaphore's trusted setup ceremony. Semaphore uses the trusted setup files to generate and verify valid zero-knowledge proofs. The Semaphore circuit includes a parameter to set the tree's maximum depth (MAX_DEPTH). During the trusted setup, parameters are specifically generated for each circuit instance, aligning with their designated MAX_DEPTH (from 1 to 32).