Paper 2022/1002

Zswap: zk-SNARK Based Non-Interactive Multi-Asset Swaps

Felix Engelmann, IT University of Copenhagen
Thomas Kerber, IOHK
Markulf Kohlweiss, University of Edinburgh, IOHK
Mikhail Volkhov, University of Edinburgh
Abstract

Privacy-oriented cryptocurrencies, like Zcash or Monero, provide fair transaction anonymity and confidentiality but lack important features compared to fully public systems, like Ethereum. Specifically, supporting assets of multiple types and providing a mechanism to atomically exchange them, which is critical for e.g. decentralized finance (DeFi), is challenging in the private setting. By combining insights and security properties from Zcash and SwapCT (PETS 21, an atomic swap system for Monero), we present a simple zk-SNARKs-based transaction scheme, called Zswap, which is carefully malleable to allow the merging of transactions, while preserving anonymity. Our protocol enables multiple assets and atomic exchanges by making use of sparse homomorphic commitments with aggregated open randomness, together with Zcash-friendly simulation-extractable non-interactive zero-knowledge (NIZK) proofs. This results in a provably secure privacy-preserving transaction protocol, with efficient swaps, and overall performance close to that of existing deployed private cryptocurrencies. It is similar to Zcash Sapling and benefits from existing code bases and implementation expertise.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. PoPETs 2022
Keywords
NIZK Cryptocurrency Privacy Multi-Asset Exchange DeFi
Contact author(s)
fe-research @ nlogn org
thomas kerber @ iohk io
markulf kohlweiss @ ed ac uk
mikhail volkhov @ ed ac uk
History
2022-08-04: approved
2022-08-04: received
See all versions
Short URL
https://ia.cr/2022/1002
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/1002,
      author = {Felix Engelmann and Thomas Kerber and Markulf Kohlweiss and Mikhail Volkhov},
      title = {Zswap: zk-SNARK Based Non-Interactive Multi-Asset Swaps},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1002},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1002}},
      url = {https://eprint.iacr.org/2022/1002}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.