Along with the rapid growth of the blockchain market, digital assets using blockchain are emerging one after another. Thus, privacy and security issues for users’ digital assets are becoming more crucial. However, in Klaytn which is an account-based public blockchain, all activities and assets of users are available publicly. It not only reveals user privacy but also violates the privacy regulation like EU GDPR. Although the simple encryption of accounts and transactions can preserve privacy, it triggers two issues: how to ensure the correctness of the transactions and the accounts, and how to meet the other regulation of anti money laundering. It is important for Klaytn to meet the regulations which require privacy and verifiability.
This proposal aims to tackle the privacy and verifiability issue on Klaytn environment. To solve the problem, we propose a zero-knowledge proof based project called ZKlay. In the proposed ZKlay, the user account values are encrypted and there is a special transferring operation called swap between the account model and the utxo model. A user can swap the encrypted asset between the account model and the utxo model in an encrypted form while the correctness is guaranteed by the zero-knowledge proof. In the utxo model, the asset transfers are performed anonymously, in which the transfer is not traceable in public. Nonetheless, the proposed scheme allows an authorized auditing entity to trace the transactions if it is required.
We will provide a technical report, and a software for the proposed ZKlay project.
Thanks for your proposal.
I have some questions. Could you help us to understand your proposal?
It seems like dummy transfer is necessary for this solution.
Should dummy transfer exist as an Klaytn transaction?
If so, how many dummy transfer transactions are required for complete privacy?
Thank you for your question.
The dummy transaction is equivalent to the swap transaction except that it can be created by anyone and the encrypted money should be zero. Therefore the third party including miners cannot distinguish wether it is dummy or real swap. The purpose of the dummy transaction is to increase the anonymity when there are not many transactions.
It is hard to say how many dummy transactions are required to guarantee the privacy (anonymity). In the proposed scheme, it is hidden with which account the transaction is interacting. So if there are n transactions which are generated by m accounts then m anonymity is provided, which means that miners do not know to which account among m accounts the transaction is interacting.
It is a user decision how many transactions including real swap and dummy swap are generated to ensure the anonymity. Note that the protocol itself is providing the complete anonymity even without dummy transactions.
Does this KIR proposal include fully functional(live) ZKlay?
if not, what are the additional timeline and technical resources required to reach “anonymous Klay transfer”?
Additionally, does the ZKrypto team plan to grow this project into a sustainable protocol on Klaytn? Curious to hear more about future fundraising / community adoption plans.
In this KIR proposal, it will be working as proof of concept in testbed environment. In our timeline, KIP will be completed in next KIR (after 6 month later) on the real Klaytn environment.
We, ZKrypto team, plan to continue this project to implement all of them in Klaytn closely coworking with GroundX.
@Prop_hoh
The 2nd tranche disbursement of the project was completed on 7 April 2021. Please confirm your receipt of the committed amount of KLAY through a reply to this post.
Hi, @Prop_hoh
This proposal looks very interesting!
May I have some questions?
Where can I find the progress report on your first milestone? The first milestone is expected to be completed at 2021.02.28 according to the proposal.
I am particularly interested in how Zklay would be different from Zether. According to the proposal, Zklay provides faster verification time and, yet, stronger anonymity.
By the way, do you have any plan to publish your work as an extension of [1]? That would be the first academic paper including the name of Klaytn, which is awesome
[1] Bünz, Benedikt, et al. “Zether: Towards privacy in a smart contract world.” International Conference on Financial Cryptography and Data Security . Springer, Cham, 2020.
The proposed scheme Zklay is different from Zether that utilizes mixing approach. Compared with the existing privacy preserving account model such as Zether, Zeth, BlockMaze, the proposed Zklay is the first privacy preserving account model allowing auditing that is mandatory for anti-money laundry.
At this first proposal, we complete the PoC and at the next step we will provide the commercial service in which Android and IOS apps will be supported.
Finally, we have a plan to write a paper for Zklay. Currently, we are writing a technical paper.
Thanks for your prompt reply and kind explanation.
I got it. To my understanding, Zklay is more suited for industrial use cases that require auditing for legal issues. I think it is well-aligned with Klaytn which is in between the fully decentralized setting and a centralized setting
[2] seems to be a relevant work as well, though they did not deliver the serious implementation on top of the public blockchain. (I might be totally wrong as I am not aware of any of this area).
I will be looking forward the next report
Thanks!
[2] Narula, Neha, Willy Vasquez, and Madars Virza. “zkledger: Privacy-preserving auditing for distributed ledgers.” 15th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 18) . 2018.
The auditor in [2] is different from Zklay since the auditor in [2] needs to interact with entities (banks) while the auditor in Zklay has a power to decrypt the transaction. Therefore we can say that the audio in Zklay is more power than [2]. In addition, since the transaction size increases linearly as the number of banks increases, the total number of entities (banks) should be limited. On the other hand, there is no concept and limitation about banks in Zklay. In Zklay, the auditor can decrypt all transactions in the ledger. We think that the auditing power in Zklay is required to meet the anti-money laundry regulation.