1 of 10

Zk-DEX

private decentralized exchange

kevin, carl, thomas,(aiden, jin)

kevin.j@onther.io

At Consensys Hackathon

2 of 10

2

No Privacy in Ethereum!

3 of 10

3

  • (Smart)Note = (pk, v, type, vk, salt, isSmart);
    • pk := publicKey of the note owner
    • v := value of note in type
    • type := token type
    • vk := viewingKey of sender
    • salt := random value
    • isSmart := is smart note or not, 1 == smartNote(pk is another note hash)
  • a Note is on chain as [hash(Note), encrypt(Note)]
    • encrypted with PK owner, and Note itself is hashed
  • To Spend, TakeOrder, MakerOrder, Settle Note, you should make ZK-PROOF of
    • Spend, Take Oder : SK(Secret Key to Correspond to the Note), Value of the Note, Type, ViewingKey, salt, isSmart
    • Take Order : Corredpond Note’s Hash, Viewing Key

zk-DEX: (Smart)Note

inspired by ZkDai

4 of 10

4

zk-DEX: Order

makerViewingKey: viewingKey of maker

makerNote: hash of maker’s note to be traded

sourceToken: token type of makerNote

targetToken: token type of takerNoteToMaker

price: 1 sourceToken = n targetToken, n = price

takerNoteToMaker: hash of note to be traded, sent by taker

parentNote: parent note of takerNoteToMaker

An order is changin state of NOTE into trading(Via ZK-Proof).

Order is on chain as,

1.

Make Order

+

ZK Proof of (MakerNote.state → trading)

2.

Take Order

+

ZK Proof of

(TakerNote.state → trading)

  • 3. Settlement(Swap Note) ZK-Proof

5 of 10

5

zk-DEX: 1) make order

Alice(Taker)

Bob(Maker)

makerVk: ...

makerNote: ...

source: ETH

target: DAI

price: 10

takerNoteToMaker: [blank]

parentNote: [blank]

1. Make Order

1. Maker makes order with makerViewingKey, makerNote, sourceToken, targetToken, price.

6 of 10

6

zk-DEX: 2) take order

Alice(Taker)

Bob(Maker)

2. Take Order

makerVk: ...

makerNote: ...

source: ETH

target: DAI

price: 10

takerNoteToMaker: ...

parentNote: ...

1. Taker takes order with takerNoteToMaker and parentNote

Note that

*pk of takerNoteToMaker(smartNote) is makerNote

*takerNoteToMaker is encrypted with makerVk

*takerVk is included in takerNoteToMaker

7 of 10

7

zk-DEX: 3)settle order

Alice(Taker)

Bob(Maker)

makerVk: ...

makerNote: ...

source: ETH

target: DAI

price: 10

takerNoteToMaker: ...

parentNote: ...

3. Settle Order

1. Maker decrypts takerNoteToMaker with makerVk

2-1. if v0 - v1/price >= 0, maker should create newNoteToTaker(order.parentNote, v1/price), changeToMaker(makerNote, v0 - v1/price) from makerNote, and newNoteToMaker(makerNote, v1) from takerNoteToMaker

2-2. if v0 - v1/price <0, maker should create newNoteToTaker(order.parentNote, v0) from makerNote, and newNoteToMaker(makerNote, v0*price), changeToTaker(order.parentNote, v1-v0*price) from takerNoteToMaker

(2-2 is just opposite case of 2-1)

*Note that all notes given to taker are encrypted with takerVk

ZK Proof(logic is hidden)

8 of 10

8

Alice(Taker)

Bob(Maker)

makerVk: ...

makerNote: ...

source: ETH

target: DAI

price: 10

takerNoteToMaker: ...

parentNote: ...

1. Who are maker and taker of order?

2. How much did they trade with each other?

We can’t know!

makerNote

(maker, 1 ETH)

takerNoteToMaker

(makerNote, 5 DAI)

change

(makerNote, 0.5 ETH)

newNoteToTaker

(parentNote, 0.5 ETH)

newNoteToMaker

(makerNote, 5 DAI)

Because,

all Logic is behind Zero-Knowledge Computation

9 of 10

DEMO

9

https://youtu.be/QvKaqMH_5lk

10 of 10

See also

10

zk-DEX: https://github.com/Onther-Tech/zk-dex

zk-DAI : https://medium.com/@atvanguard/zkdai-private-dai-transactions-on-ethereum-using-zk-snarks-9e3ef4676e22