Plasma chain outputs
Private computations on Ethereum are very expensive. ZoKrates and AZTEC are great projects that work hard to make zero-knowledge proofs a reality. However, they are limited by pre-defined functions and high gas costs. When we learned about the ZEXE paper, we were super curious to try to bring this to Ethereum! ZEXE allows you to execute arbitrary contracts in zero knowledge. ZEXE constructs its own ledger to do this. When we heard "own ledger", it was obvious that Plasma came to our mind. So we began our endeavour to integrate one of the latest second layer scaling solutions with the latest in zero-knowledge research.
What it does
ZEXE on Plasma implements two protocols:
- ZEXE is a protocol to create arbitrary contracts and let's you execute transactions protected by zk-SNRAKS.
- zk-Plasma is our twist on MVP Plasma. It implements a UTXO model with a different transaction structure due to the ZEXE construction.
With ZEXE on Plasma we implemented a simple ERC20 functionality to mint coins. But you can do much more: build a DEX is just one of the examples. The cool thing is that you get both scalability in an off-chain construct together with the privacy of zero-knowledge proofs.
How we built it
The first major challenge was to convert the elliptic curves used in ZEXE to Ethereum friendly ones. This is done in Rust using the bellman library. Using Rust, we can calculate the private inputs required for creating transactions.
Next, zk-SNARKS requires a shared setup. In ZEXE, users need to exchange private information to execute transactions. Ultimately, you want to hide your inputs from everybody else. But, you should be able to participate in the smart contracts that you are part of. We achieve this with an encrypted data exchange on IPFS. The private data is encrypted by Alice using Bob's Ethereum public key. Bob, the recipient of the data, can then decrypt it using his private key. The implementation is done in Rust.
To put ZEXE on Ethereum we first implemented the ledger as a smart contract in Ethereum. However, we soon realised that we would run into out-of-gas situations since we need to update the Merkle tree of the transactions when adding new ones. Hence, the idea was born to use Plasma for this. The offchain ledger is built with Python as well as a Flask server that helps to keep the offchain and onchain ledger in sync. The onchain ledger only stores the Merkle roots of each new update and is implemented in Solidity. We are making heavy use of the ethsnarks library for Python and Solidity to handle the Merkle tree constructs using MiMC hashing and Merkle inclusion proofs.
Last, we needed a user interface. For now, the user needs to create the transaction data with a Rust CLI interface. Minting ERC20 tokens and sending transactions is possible through the React app. We also included the Ethereum name service.
Challenges we ran into
Due to the time constraints and complexity, we did not finish implementing the transformation of the elliptic curves between ZEXE and Ethereum (from BLS12-381 to BN256). This did not allow us to fully implement the zk-SNARKS proofs. Although the Plasma side should be able to verify correct proofs (as those use already BN256), we could not test this.
Also, Plasma MVP defines a different structure for transactions as is required in ZEXE. We did not implement the exit functionality or any dispute resolution. This is very challenging due to the zk-proofs and we need more time to work out a strategy to achieve these features.
Accomplishments that we are proud of
We are very proud of our ambitious goal to implement a zero-knowledge protocol in a second layer scaling solution. We have a working MVP that combines several decentralised technologies together including Ethereum, IPFS, Plasma, and zk-SNARKS.
What we learned
The whole team learned a lot about zk-SNARKS. We definitely understood that there is a big difference between learning technology on a conceptual level and to actually implement such algorithms are quite different. It was great to experiment with different libraries and challenging technology.
What's next for ZEXE on Ethereum
We would like to finish transferring the elliptic curves and subsequently test that our Plasma implementation works as intended. It would also be great to experiment with more complex constructs in the contracts like a DEX.