Klaytn Improvement Reserve
ZKlay : Zero knowledge based Klay to preserve privacy with verifiability for Klay transfer
Date: 2021.03.12
Summary
Along with the rapid growth of the blockchain market, digital assets using blockchain are emerging one after another. Thus, privacy and security issues for users’ digital assets are becoming more crucial. However, in Klaytn which is an account-based public blockchain, all activities and assets of users are available publicly. It not only reveals user privacy but also violates the privacy regulation like EU GDPR. Although the simple encryption of accounts and transactions can preserve privacy, it triggers two issues: how to ensure the correctness of the transactions and the accounts, and how to meet the other regulation of anti money laundering. It is important for Klaytn to meet the regulations which require privacy and verifiability.
This proposal aims to tackle the privacy and verifiability issue on Klaytn environment. To solve the problem, we propose a zero-knowledge proof based project called ZKlay. In the proposed ZKlay, the user account values are encrypted called zklay account (ZA). To transfer coins among ZA and external owned account (EOA), an anon_transfer function is called between the account model and the utxo model. A user can transfer the encrypted coins between the account model and the utxo model in an encrypted form while the correctness is guaranteed by the zero-knowledge proof. In the utxo model, the asset transfers are performed anonymously, in which the transfer is not traceable in public. Nonetheless, the proposed scheme allows an authorized auditing entity to trace the transactions if it is required. We will provide a technical report, and a software for the proposed ZKlay project.
This progress report contains the details on the progress at milestone 1.
Project Milestones and Schedule
At Milestone 1, we research the previous work related with privacy providing blockchain services such as Zcash, Zeth, and Zether. In addition, we design the Zklay protocol without security analysis.
ZKlay’s scheme is as following:
Fig 1. Overview of Zklay
Fig 2. Architecture of Zklay smart contract
Entities
Auditor
• Auditor publishes its pk
•Using auditor’s private key, a ciphertext in a transaction can be decrypted
Encrypted Account (ZA)
•User account
•Each user has a private key and a public key
•The public key includes keys for auditing
•Account is a ciphertext of <u,v> where u is random and v is a value
Dapp
•KeyGenaudit
•KeyGenuser
•TriggerTransfer (sk,pk,pk′,dv′,pv,pv′,toEOA)
•dv’ : amount sent to a mixer
•pv : amount received from EOA (self)
•pv’ : amount sent to EOA (toEOA)
•Create a Tx = (π,rt,nf,addr,c′,ct′,pv,pv′,K′u,K′a,T′,CT′,toEOA)
Smart contract
•registerAuditor
•registerUser
•AnonTransfer(π,rt,nf,addr,c′,ct′,pv,pv′,K′u,K′a,T′,CT′,toEOA)
•Verify a proof
•Manage root, nf, and account list
•Call transferFrom(self, this, pv) and transferFrom(this,toEOA, pv’)
Auditing
•For a given transaction of (π,rt,sn,addr,c′,ct′,K′u,K′a,T′,CT′,toEOA)
•Compute k = K’aask
• <du’, dv’, addr’> = Dec(k, CT)
• The transaction reveals that dv’ amount is transferred from addr to addr’
Key Deliverables
At milestone 1, we write a technical paper explaining the Zklay protocol which is available at ZklayTechReport.pdf - Google Drive
Budget
The table below contains the status of invested resources.
Table 1: Resource investment (USD)
