Paper 2022/1002
Zswap: zk-SNARK Based Non-Interactive Multi-Asset Swaps
Abstract
Privacy-oriented cryptocurrencies, like Zcash or Monero, provide fair transaction anonymity and confidentiality but lack important features compared to fully public systems, like Ethereum. Specifically, supporting assets of multiple types and providing a mechanism to atomically exchange them, which is critical for e.g. decentralized finance (DeFi), is challenging in the private setting. By combining insights and security properties from Zcash and SwapCT (PETS 21, an atomic swap system for Monero), we present a simple zk-SNARKs-based transaction scheme, called Zswap, which is carefully malleable to allow the merging of transactions, while preserving anonymity. Our protocol enables multiple assets and atomic exchanges by making use of sparse homomorphic commitments with aggregated open randomness, together with Zcash-friendly simulation-extractable non-interactive zero-knowledge (NIZK) proofs. This results in a provably secure privacy-preserving transaction protocol, with efficient swaps, and overall performance close to that of existing deployed private cryptocurrencies. It is similar to Zcash Sapling and benefits from existing code bases and implementation expertise.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. PoPETs 2022
- Keywords
- NIZK Cryptocurrency Privacy Multi-Asset Exchange DeFi
- Contact author(s)
-
fe-research @ nlogn org
thomas kerber @ iohk io
markulf kohlweiss @ ed ac uk
mikhail volkhov @ ed ac uk - History
- 2022-08-04: approved
- 2022-08-04: received
- See all versions
- Short URL
- https://ia.cr/2022/1002
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1002,
author = {Felix Engelmann and Thomas Kerber and Markulf Kohlweiss and Mikhail Volkhov},
title = {Zswap: zk-{SNARK} Based Non-Interactive Multi-Asset Swaps},
howpublished = {Cryptology {ePrint} Archive, Paper 2022/1002},
year = {2022},
url = {https://eprint.iacr.org/2022/1002}
}
