From f7838fc4b39008c27644fdd8907931555061d9d6 Mon Sep 17 00:00:00 2001 From: Drew Stone Date: Thu, 21 Jan 2021 21:55:52 -0500 Subject: [PATCH 1/6] Create MIXER.md --- applications/MIXER.md | 126 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) create mode 100644 applications/MIXER.md diff --git a/applications/MIXER.md b/applications/MIXER.md new file mode 100644 index 00000000000..32392f143e0 --- /dev/null +++ b/applications/MIXER.md @@ -0,0 +1,126 @@ +# Open Grant Proposal + +* **Project Name:** Webb Mixer +* **Team Name:** Webb +* **Payment Address:** 0xAC8E9305dc7AC95685c7D52E759c35aCd9eB90Ff + +*The above combination of your GitHub account submitting the application and payment address will be your unique identifier during the program. Please keep them safe.* + +## Project Overview :page_facing_up: + +### Overview +- We will design and develop a zero-knowledge mixer with no trusted setup in a series of pallets. +- We will integrate this to a Substrate node. +- We like zkps and deploying tech. + +### Project Details +https://www.notion.so/hicommonwealth/W3F-Open-Grants-1-4a26651baefb488ba5db3734920f8de0 + +### Ecosystem Fit +Everyone else is doing some DeFi stuff (with respect to ZKP). I think the innovations that can be made here are more interesting. + +## Team :busts_in_silhouette: + +### Team members +Drew Stone +Filip Lazovic +Shady Khalifa +1 other member + +### Contact +- Drew Stone +- drew@commonwealth.im +- https://commonwealth.im + +### Legal Structure +- 1 World Trade Center, New York City, New York 10007 +- Commonwealth Labs + +### Team's experience +Our team has deep experience building on Substrate and growing experience building zero-knowledge proof based applications. I have been building on Substrate for 2 years and helped launch Edgeware. Shady worked on Sunshine Protocol as well. + +### Team Code Repos +- https://github.com/edgeware-builders/bulletproofs +- https://github.com/edgeware-builders/anon + +### Team LinkedIn Profiles +- https://www.linkedin.com/in/drewcstone/ + +## Development Roadmap :nut_and_bolt: +### Overview +* **Total Estimated Duration:** 3-4 months +* **Full-time equivalent (FTE):** 3-4 FTE +* **Total Costs:** $100,000 DAI/USDC/ETH/DOTS + +### Milestone 1 Example — Implement Substrate Modules and circuits +* **Estimated Duration:** 1 month +* **FTE:** 4 +* **Costs:** $30,000 + +| Number | Deliverable | Specification | +| ------------- | ------------ | ------------- | +| 0a. | License | Apache 2.0 / MIT / Unlicense | +| 0b. | Documentation | We will provide both inline documentation of the code and a basic tutorial that explains how a user can (for example) spin up one of our Substrate nodes. Once the node is up, it will be possible to send test transactions that will show how the new functionality works. | +| 0c. | Testing Guide | The code will have unit-test coverage (min. 70%) to ensure functionality and robustness. In the guide we will describe how to run these tests | +| 0d. | Article/Tutorial | We will write an article or tutorial that explains the work done as part of the grant. +| 1. | Substrate module: SparseMerkleTree (SMT) | We will create a Sparse Merkle Tree module that will support a standard interface for interacting with Merkle Trees | +| 2. | Substrate module: Mixer | We will create a Mixer module that will facilitate a deposit/withdraw functionality for mixing a token. | +| 4. | Substrate chain | Modules SMT/Mixer of our custom chain will interact in such a way, allowing a user to deposit native tokens into the mixer and withdraw them with a valid zero-knowledge proof. | +| 5. | Docker | We will provide a dockerfile to demonstrate the full functionality of our chain | + +*Additional details about modules* +1. Build out and standardize a common interface for all zero-knowledge proof circuits we will use to facilitate the mixer. + - Merkle tree proof verification circuits. + - Support for a variety of commitment types. +2. Design and develop the pallets necessary for the underlying storage of data and funds in a mixer. + - A sparse merkle tree pallet that exposes a common merkle tree interface (insert, verify proof) + - A mixer pallet that facilitates the mixer and allows for creating, deleting, as well as other governance functions over mixers. + - A standard interface for integrating a new zero-knowledge verifier of a given circuit. + +### Milestone 2 Example — Additional features +* **Estimated Duration:** 1 month +* **FTE:** 4 +* **Costs:** $30,000 + +| Number | Deliverable | Specification | +| ------------- | ------------ | ------------- | +| 1. | Mixer feature | Add support for multiple token types to allow users to create/use mixers with any token supported by the underlying chain (using an assets pallet) | +| 2a. | Module Upgrade: Mixer | Add support for EVM token types using the Frontier EVM system (ERC20 assets) | +| 2b. | Substrate module: EVM token contract wrapper pallet | Add support for EVM token types using the Frontier EVM system (ERC20 assets) | +| 3. | Mixer feature | Add governance support on top of the mixer starting with admin functions and preceding with decentralising these admin functions. | +| 4. | Mixer feature | Add support for time-based rewarding scheme for participation in the mixer. | +| 5. | Merkle feature | Make more efficient Sparse Merkle Tree using optimisation techniques, better indexing functions. | + +### Milestone 2 Example — UI integration +* **Estimated Duration:** 1 month +* **FTE:** 4 +* **Costs:** $25,000 + +| Number | Deliverable | Specification | +| ------------- | ------------ | ------------- | +| 1. | API creation | Build an API that demonstrates using the mixer in Typescript | +| 2. | Dapp creation | Build a dApp using the API to demonstrate how to use the mixer, using PolkadotJS extension. | + +### Milestone 4 - Documentation, Testing/Benchmarking, Security Review +* **Estimated Duration:** 1 month +* **FTE:** 4 +* **Costs:** $15,000 + +| Number | Deliverable | Specification | +| ------------- | ------------ | ------------- | +| 1. | API creation | Build an API that demonstrates using the mixer in Typescript | +| 2. | Dapp creation | Build a dApp using the API to demonstrate how to use the mixer, using PolkadotJS extension. | + + +## Future Plans +The team's future plans are to build zero-knowledge products with extensible UIs and composable runtime primitives. We want to explore governance in zero-knowledge and we see mixers as being the core primitives towards this pursuit. + +## Additional Information :heavy_plus_sign: +Nope + +### What work has been done so far? +- We have spent a decent amount of time researching available tools, creating sample circuits, and playing around with all the concepts and tools mentioned in this document. Currently, no part is deployable or composable as we would want to get this system to. +### Are there are any teams who have already contributed (financially) to the project? +- No +### Have you applied for other grants so far? +- One very long ago which I don't think we ever proceeded with. From a34da126f91b23e44083126bc69e05972e3732a4 Mon Sep 17 00:00:00 2001 From: Drew Stone Date: Fri, 22 Jan 2021 13:24:01 -0500 Subject: [PATCH 2/6] Update MIXER.md --- applications/MIXER.md | 37 +------------------------------------ 1 file changed, 1 insertion(+), 36 deletions(-) diff --git a/applications/MIXER.md b/applications/MIXER.md index 32392f143e0..76c6559d437 100644 --- a/applications/MIXER.md +++ b/applications/MIXER.md @@ -50,7 +50,7 @@ Our team has deep experience building on Substrate and growing experience buildi ### Overview * **Total Estimated Duration:** 3-4 months * **Full-time equivalent (FTE):** 3-4 FTE -* **Total Costs:** $100,000 DAI/USDC/ETH/DOTS +* **Total Costs:** $30,000 DAI/USDC/ETH/DOTS ### Milestone 1 Example — Implement Substrate Modules and circuits * **Estimated Duration:** 1 month @@ -77,41 +77,6 @@ Our team has deep experience building on Substrate and growing experience buildi - A mixer pallet that facilitates the mixer and allows for creating, deleting, as well as other governance functions over mixers. - A standard interface for integrating a new zero-knowledge verifier of a given circuit. -### Milestone 2 Example — Additional features -* **Estimated Duration:** 1 month -* **FTE:** 4 -* **Costs:** $30,000 - -| Number | Deliverable | Specification | -| ------------- | ------------ | ------------- | -| 1. | Mixer feature | Add support for multiple token types to allow users to create/use mixers with any token supported by the underlying chain (using an assets pallet) | -| 2a. | Module Upgrade: Mixer | Add support for EVM token types using the Frontier EVM system (ERC20 assets) | -| 2b. | Substrate module: EVM token contract wrapper pallet | Add support for EVM token types using the Frontier EVM system (ERC20 assets) | -| 3. | Mixer feature | Add governance support on top of the mixer starting with admin functions and preceding with decentralising these admin functions. | -| 4. | Mixer feature | Add support for time-based rewarding scheme for participation in the mixer. | -| 5. | Merkle feature | Make more efficient Sparse Merkle Tree using optimisation techniques, better indexing functions. | - -### Milestone 2 Example — UI integration -* **Estimated Duration:** 1 month -* **FTE:** 4 -* **Costs:** $25,000 - -| Number | Deliverable | Specification | -| ------------- | ------------ | ------------- | -| 1. | API creation | Build an API that demonstrates using the mixer in Typescript | -| 2. | Dapp creation | Build a dApp using the API to demonstrate how to use the mixer, using PolkadotJS extension. | - -### Milestone 4 - Documentation, Testing/Benchmarking, Security Review -* **Estimated Duration:** 1 month -* **FTE:** 4 -* **Costs:** $15,000 - -| Number | Deliverable | Specification | -| ------------- | ------------ | ------------- | -| 1. | API creation | Build an API that demonstrates using the mixer in Typescript | -| 2. | Dapp creation | Build a dApp using the API to demonstrate how to use the mixer, using PolkadotJS extension. | - - ## Future Plans The team's future plans are to build zero-knowledge products with extensible UIs and composable runtime primitives. We want to explore governance in zero-knowledge and we see mixers as being the core primitives towards this pursuit. From 5c5200d3c0cbdda54c664ee653896c61311950cd Mon Sep 17 00:00:00 2001 From: Drew Stone Date: Fri, 22 Jan 2021 13:24:21 -0500 Subject: [PATCH 3/6] Update MIXER.md --- applications/MIXER.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/MIXER.md b/applications/MIXER.md index 76c6559d437..4f0e7d3de39 100644 --- a/applications/MIXER.md +++ b/applications/MIXER.md @@ -48,7 +48,7 @@ Our team has deep experience building on Substrate and growing experience buildi ## Development Roadmap :nut_and_bolt: ### Overview -* **Total Estimated Duration:** 3-4 months +* **Total Estimated Duration:** 1 months * **Full-time equivalent (FTE):** 3-4 FTE * **Total Costs:** $30,000 DAI/USDC/ETH/DOTS From e124443250237b044f8cb3f735b26ab43fff6227 Mon Sep 17 00:00:00 2001 From: Drew Stone Date: Fri, 22 Jan 2021 13:26:06 -0500 Subject: [PATCH 4/6] Update MIXER.md --- applications/MIXER.md | 114 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 107 insertions(+), 7 deletions(-) diff --git a/applications/MIXER.md b/applications/MIXER.md index 4f0e7d3de39..5a1e82480b5 100644 --- a/applications/MIXER.md +++ b/applications/MIXER.md @@ -69,13 +69,113 @@ Our team has deep experience building on Substrate and growing experience buildi | 5. | Docker | We will provide a dockerfile to demonstrate the full functionality of our chain | *Additional details about modules* -1. Build out and standardize a common interface for all zero-knowledge proof circuits we will use to facilitate the mixer. - - Merkle tree proof verification circuits. - - Support for a variety of commitment types. -2. Design and develop the pallets necessary for the underlying storage of data and funds in a mixer. - - A sparse merkle tree pallet that exposes a common merkle tree interface (insert, verify proof) - - A mixer pallet that facilitates the mixer and allows for creating, deleting, as well as other governance functions over mixers. - - A standard interface for integrating a new zero-knowledge verifier of a given circuit. +# Goal + +To build a pallet on top of the zero-knowledge merkle membership pallet that supports the following functionality. + +- Deposit - a user can deposit **N** tokens into the pallet and create a leaf in a merkle tree. +- Withdraw - a user can withdraw **N** tokens by providing proof data for a zk-proof. +- Withdraw_with_reward - a user can withdraw **N** tokens by providing proof data of a deposit **at least T** blocks in the past and receive a token reward (tbd how we create the useless asset) + +To build a front-end interface for using this that supports creating and storing the secret data in the browsers local storage. + +[https://github.com/kobigurk/wasm_proof](https://github.com/kobigurk/wasm_proof) + +- Write WASM bindings to rust functions for creating random points on the scalar field for Curve25519. +- Develop simple interface (similar to tornado cash) +- Generate random data for hashing to a leaf and present the user with the byte strings (concatenated) to be saved. Instruct the user that this will not be saved in local storage and losing it will result in losing the ability to withdraw/prove deposits exist. + +# Tasks + +**Pallet:** + +- [ ] Start new pallet using functions and interfaces defined above @Drew Stone + - [ ] Add events to the pallet for the client @Drew Stone + - [ ] Create new mixer groups by initialisation @Drew Stone + - [ ] Deposit into a mixer group @Drew Stone + - [ ] Withdraw from mixer group @Drew Stone + - [ ] Add permissions so that actions for mixer groups must occur from mixer pallet @Drew Stone + - [ ] Tests +- [ ] Create a standard Sparse Merkle tree palet + - [ ] Standard interface that generalises over the hash function being used + - [ ] Standard interface that generalises over the indexing function being used + - [ ] Uses pallet storage as backend if selected by tree creator + - [ ] Should support standard merkle tree operations (insert, get, verify) + +**Circuit** + +- [ ] A hash preimage circuit +- [ ] A non-zero circuit and bounded number circuit +- [ ] A merkle tree proof verification circuit +- [ ] All using `curve25519-dalek` + +# Zero-knowledge Circuit + +### Merkle Tree + +Definitions: Secret Key(S), Public key(P), Nullifier (N), Leaf(L), Hash function(H), Secret Key (SC), Public Key (PC), Merkle Root (R), Merkle Path (MP), Circuit Proof (ZKP) + +- Leaf insert: User calculates L = H(S, N), submits L to the tree (add_member func) +- Proof of creation: + - User submits L, SC, N, verifier calculates if H(SC, N) == L + - Public: N + - Private: S, L (really L gets replaced with path in membership section) + - Relation: H(S, N)=L +- Proof of membership: User submits the path in zero knowledge + - Public: R + - Private: MP - Vec<(Scalar, u8)> + - Relation: compute_root(H(S,N), MP) = R +- Verify: + - User submits N, ZKP + - If N exists, return + - If N doesn't exist, store it if successful verification + +### Commitments (leaves) in merkle trees + +**Public variables to Spend (fixed deposit tree)** + +- Public nullifier_hash or serial number ***sn***. +- Merkle tree root + +**Private variables to Spend (fixed deposit tree)** + +- Randomness +- Nullifier +- Leaf +- Proof path bits +- Proof path elements + +**Public variables to Spend for each input coin (variable deposit tree)** + +- Public nullifier_hash or serial number ***sn***. +- Input serial number +- Merkle tree root + +**Private variables to Spend for each input coin (fixed deposit tree)** + +- inverse value +- value +- rho +- randomness +- nullifier +- Proof path bits +- Proof path elements + +**Public variables to Spend for each output coin (variable deposit tree)** + +- Output commitment number + +**Private variables to Spend for each output coin (fixed deposit tree)** + +- inverse value +- value +- rho +- randomness +- nullifier + +# Tech Stack + +- [bulletproofs](https://github.com/edgeware-builders/bulletproofs) ## Future Plans The team's future plans are to build zero-knowledge products with extensible UIs and composable runtime primitives. We want to explore governance in zero-knowledge and we see mixers as being the core primitives towards this pursuit. From b8ff9d7960aee9b472d993d464b8c4e6b8fd5f27 Mon Sep 17 00:00:00 2001 From: Drew Stone Date: Fri, 22 Jan 2021 13:27:17 -0500 Subject: [PATCH 5/6] Update MIXER.md --- applications/MIXER.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/applications/MIXER.md b/applications/MIXER.md index 5a1e82480b5..66cc90f2e03 100644 --- a/applications/MIXER.md +++ b/applications/MIXER.md @@ -151,7 +151,7 @@ Definitions: Secret Key(S), Public key(P), Nullifier (N), Leaf(L), Hash function - Input serial number - Merkle tree root -**Private variables to Spend for each input coin (fixed deposit tree)** +**Private variables to Spend for each input coin (variable deposit tree)** - inverse value - value @@ -165,7 +165,7 @@ Definitions: Secret Key(S), Public key(P), Nullifier (N), Leaf(L), Hash function - Output commitment number -**Private variables to Spend for each output coin (fixed deposit tree)** +**Private variables to Spend for each output coin (variable deposit tree)** - inverse value - value From 4517015e02361a07a5a04998eb9c85dac428065c Mon Sep 17 00:00:00 2001 From: Drew Stone Date: Fri, 22 Jan 2021 13:27:33 -0500 Subject: [PATCH 6/6] Update MIXER.md --- applications/MIXER.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/MIXER.md b/applications/MIXER.md index 66cc90f2e03..da578232c78 100644 --- a/applications/MIXER.md +++ b/applications/MIXER.md @@ -52,7 +52,7 @@ Our team has deep experience building on Substrate and growing experience buildi * **Full-time equivalent (FTE):** 3-4 FTE * **Total Costs:** $30,000 DAI/USDC/ETH/DOTS -### Milestone 1 Example — Implement Substrate Modules and circuits +### Milestone 1 — Implement Substrate Modules and circuits * **Estimated Duration:** 1 month * **FTE:** 4 * **Costs:** $30,000