vacp2p/vac.dev-experimental-old
1
0
Fork 0
mirror of https://github.com/vacp2p/vac.dev-experimental-old.git synced 2025-02-21 09:38:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
vac.dev-experimental-old/feasibility-semaphore-rate-limiting-zksnarks.html
Jenkins 5a7edfa5be Updates
2022-01-11 20:48:02 +00:00

443 lines
28 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html class="h-full" lang="en-US">
<head>
<title>Vac - Feasibility Study: Semaphore rate limiting through zkSNARKs</title>
<meta charset="utf-8" />
<meta http-equiv="x-ua-compatible" content="ie=edge" />
<title>Vac</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<script async defer src="https://cdn.simpleanalytics.io/hello.js"></script>
<noscript><img src="https://api.simpleanalytics.io/hello.gif" alt="" /></noscript>
<!-- Fathom - simple website analytics - https://github.com/usefathom/fathom -->
<script>
(function (f, a, t, h, o, m) {
a[h] =
a[h] ||
function () {
(a[h].q = a[h].q || []).push(arguments);
};
(o = f.createElement("script")), (m = f.getElementsByTagName("script")[0]);
o.async = 1;
o.src = t;
o.id = "fathom-script";
m.parentNode.insertBefore(o, m);
})(document, window, "//fathom.status.im/tracker.js", "fathom");
fathom("set", "siteId", "YELIA");
fathom("trackPageview");
</script>
<!-- / Fathom -->
<!-- Twitter cards -->
<meta name="twitter:site" content="@vacp2p" />
<meta name="twitter:creator" content="@oskarth" />
<meta name="twitter:title" content="Feasibility Study: Semaphore rate limiting through zkSNARKs" />
<meta name="twitter:description" content="A research log. Zero knowledge signaling as a rate limiting mechanism to prevent spam in p2p networks." />
<meta name="twitter:card" content="summary_large_image" />
<meta name="twitter:image" content="https://vac.dev/assets/img/peacock-signaling.jpg" />
<!-- end of Twitter cards -->
<link rel="shortcut icon" href="/assets/img/favicon.png" type="image/png" />
<link rel="preload" href="/fonts/OpenSans-Regular.woff2" as="font" type="font/woff2" crossorigin />
<link rel="preload" href="/fonts/OpenSans-SemiBold.woff2" as="font" type="font/woff2" crossorigin />
<link rel="preload" href="/fonts/OpenSans-SemiBoldItalic.woff2" as="font" type="font/woff2" crossorigin />
<link rel="stylesheet" href="/assets/css/style.css" />
</head>
<body class="h-full flex flex-col font-body">
<div class="flex-grow container max-w-screen-xl mx-auto px-5 md:px-12 lg:pt-6">
<header class="sm:sticky sm:top-0 bg-white z-50">
<div class="container max-w-screen-xl sm:border-b">
<div class="nav-section flex justify-between items-center py-3 md:py-5 lg:py-10">
<div class="logo md:pr-8 l:p-0">
<a href="/"><img src="/assets/img/logo.png" alt="Vac logo" class="w-9 h-11" /></a>
</div>
<div class="flex justify-between items-center w-9/12">
<div class="burger block sm:hidden z-50">
<button class="burger__button burger__button--open fixed top-2 right-5 w-12 h-12" type="button" aria-label="Mobile menu button">
<img class="burger__icon" src="/assets/img/burger.svg" alt="Open menu button" />
</button>
<button class="burger__button burger__button--close hidden fixed top-2 right-5 w-12 h-12" type="button" aria-label="Close mobile menu button">
<img class="burger__icon burger__icon--close" src="/assets/img/close.svg" alt="Close menu button" />
</button>
</div>
<nav class="nav max-w-screen-xm md:max-w-screen-sl container">
<ul class="nav__list hidden sm:flex justify-between container text-xs font-semibold md:pr-8 l:p-0">
<li class="hover:opacity-50">
<a class="nav__link" href="/#work">Work</a>
</li>
<li class="hover:opacity-50">
<a class="nav__link" href="/#about">About</a>
</li>
<li class="hover:opacity-50">
<a class="nav__link" href="/#join">Join Vac</a>
</li>
<li class="hover:opacity-50">
<a class="nav__link" href="/research-log">Research log</a>
</li>
<li class="hover:opacity-50">
<a class="nav__link" href="/media">Media</a>
</li>
<li class="hover:opacity-50">
<a href="https://rfc.vac.dev/" target="_blank" rel="noopener noreferrer">Specs</a>
</li>
<li class="hover:opacity-50">
<a href="https://forum.vac.dev/" target="_blank" rel="noopener noreferrer">Forum</a>
</li>
</ul>
</nav>
<ul class="social items-center hidden md:flex">
<li class="pr-5">
<a href="https://twitter.com/vacp2p" target="_blank" rel="noopener noreferrer">
<svg width="25" height="21" viewBox="0 0 25 21" fill="none" xmlns="http://www.w3.org/2000/svg" class="hover:opacity-50">
<path
d="M24.8872 3.04499C23.9872 3.43499 23.0572 3.70498 22.0672 3.82499C23.0872 3.22498 23.8672 2.26499 24.2272 1.09499C23.2672 1.66499 22.2172 2.05499 21.1072 2.29499C20.2072 1.33499 18.9172 0.734985 17.5072 0.734985C14.7772 0.734985 12.5872 2.95499 12.5872 5.65499C12.5872 6.04499 12.6172 6.40498 12.7072 6.76498C8.62721 6.58498 5.02721 4.60498 2.59721 1.63499C0.857207 4.75498 2.80721 7.33499 4.09721 8.20499C3.31721 8.20499 2.53721 7.96499 1.87721 7.60499C1.87721 10.035 3.58721 12.045 5.80721 12.495C5.32721 12.645 4.24721 12.735 3.58721 12.585C4.21721 14.535 6.04721 15.975 8.17721 16.005C6.49721 17.325 4.03721 18.375 0.887207 18.045C3.07721 19.455 5.65721 20.265 8.44721 20.265C17.5072 20.265 22.4272 12.765 22.4272 6.28499C22.4272 6.07499 22.4272 5.86499 22.3972 5.65499C23.4172 4.90499 24.2572 4.03499 24.8872 3.04499Z"
fill="#151512"
/>
</svg>
</a>
</li>
<li class="pr-5">
<a href="https://github.com/vacp2p" target="_blank" rel="noopener noreferrer">
<svg width="26" height="25" viewBox="0 0 26 25" fill="none" xmlns="http://www.w3.org/2000/svg" class="hover:opacity-50">
<path
d="M12.8857 0.856567C6.26021 0.856567 0.915339 6.20154 0.950043 12.7951C0.9778 18.0687 4.43935 22.5427 9.21766 24.1227C9.81824 24.2327 10.0353 23.864 10.0336 23.5474C10.0321 23.2635 10.0177 22.5129 10.0065 21.5171C6.67274 22.238 5.95552 19.9163 5.95552 19.9163C5.40376 18.5369 4.61433 18.1698 4.61433 18.1698C3.51994 17.4296 4.69151 17.4444 4.69151 17.4444C5.89646 17.5291 6.53549 18.6751 6.53549 18.6751C7.61609 20.4989 9.35182 19.9727 10.0342 19.6665C10.1382 18.8951 10.4459 18.3689 10.7878 18.0702C8.12222 17.7684 5.31483 16.7443 5.29076 12.1708C5.2839 10.8672 5.74629 9.80152 6.50989 8.96619C6.3838 8.66445 5.96641 7.45009 6.61027 5.80766C6.61027 5.80766 7.61658 5.4866 9.9167 7.03094C10.8723 6.76636 11.8976 6.63408 12.9191 6.62962C13.9376 6.63556 14.9658 6.76636 15.9257 7.03242C18.2081 5.48809 19.2163 5.80914 19.2163 5.80914C19.8789 7.45306 19.4743 8.66594 19.3529 8.96767C20.1268 9.80301 20.5959 10.8687 20.6028 12.1723C20.6269 16.7577 17.8272 17.767 15.1558 18.0628C15.5882 18.4314 15.976 19.1597 15.9819 20.273C15.9903 21.8693 15.9821 23.1565 15.9841 23.5474C15.9858 23.867 16.2038 24.2386 16.8122 24.1212C21.5663 22.5397 24.9778 18.0672 24.95 12.7951C24.9153 6.20154 19.5142 0.856567 12.8857 0.856567Z"
fill="#151512"
/>
</svg>
</a>
</li>
<li>
<a href="https://discord.gg/PQFdubGt6d" target="_blank" rel="noopener noreferrer">
<svg width="25" height="21" viewBox="0 0 25 21" fill="none" xmlns="http://www.w3.org/2000/svg" class="hover:opacity-50">
<path
d="M22.7861 9.04256C21.8482 5.74455 20.7799 4.04048 20.7627 4.00991C20.7017 3.93459 19.189 2.104 15.5271 0.75L15.0353 2.0764C16.7774 2.72057 18.0116 3.50643 18.6899 4.01419C16.6599 3.40408 14.2431 3.03041 12.1008 3.03041C9.95851 3.03041 7.53775 3.40408 5.50128 4.01419C6.18496 3.50648 7.42744 2.72057 9.17631 2.0764L8.69846 0.75C5.02238 2.104 3.49044 3.93459 3.42863 4.00991C3.41108 4.04048 2.32479 5.74455 1.35221 9.04256C0.414855 12.2208 0.0415214 16.7045 0.027872 16.8843C0.109225 17.0131 1.97891 20.25 7.12077 20.25L8.43406 18.3536C6.97595 17.964 5.58693 17.3357 4.31689 16.4832L5.10228 15.3069C7.15122 16.6822 9.54509 17.4092 12.0251 17.4092C14.5051 17.4092 16.9067 16.6822 18.9701 15.3069L19.7431 16.4832C18.4641 17.3357 17.0684 17.964 15.6062 18.3536L16.8995 20.25C22.0414 20.25 23.9452 17.0131 24.0279 16.8843C24.0161 16.7045 23.69 12.2208 22.7861 9.04256ZM8.79853 12.7392H7.39228L7.40468 10.3841H8.81093L8.79853 12.7392ZM16.7071 12.7392H15.3008L15.3132 10.3841H16.7195L16.7071 12.7392Z"
fill="#151512"
/>
</svg>
</a>
</li>
</ul>
</div>
<div class="overlay container max-w-screen-sm w-full hidden sm:hidden fixed top-0 right-0 h-screen bg-black bg-opacity-40 z-30">
<nav class="nav-mobile hidden fixed top-0 right-0 flex flex-col justify-between items-center pt-14 px-12 pb-5 bg-white w-9/12 h-3/4 z-40">
<ul class="nav__list flex flex-col flex-1 justify-between items-center container box-content w-32 h-auto max-h-nav text-xs font-normal">
<li class="hover:opacity-50">
<a class="nav__link" href="/#work">Work</a>
</li>
<li class="hover:opacity-50">
<a class="nav__link" href="/#about">About</a>
</li>
<li class="hover:opacity-50">
<a class="nav__link" href="/#join">Join Vac</a>
</li>
<li class="hover:opacity-50">
<a class="nav__link" href="/research-log">Research log</a>
</li>
<li class="hover:opacity-50">
<a class="nav__link" href="/media">Media</a>
</li>
<li class="hover:opacity-50">
<a href="https://rfc.vac.dev/" target="_blank" rel="noopener noreferrer">Specs</a>
</li>
<li class="hover:opacity-50">
<a href="https://forum.vac.dev/" target="_blank" rel="noopener noreferrer">Forum</a>
</li>
</ul>
<ul class="social items-center flex mt-8">
<li class="pr-5">
<a href="https://twitter.com/vacp2p" target="_blank" rel="noopener noreferrer">
<svg width="25" height="21" viewBox="0 0 25 21" fill="none" xmlns="http://www.w3.org/2000/svg" class="hover:opacity-50">
<path
d="M24.8872 3.04499C23.9872 3.43499 23.0572 3.70498 22.0672 3.82499C23.0872 3.22498 23.8672 2.26499 24.2272 1.09499C23.2672 1.66499 22.2172 2.05499 21.1072 2.29499C20.2072 1.33499 18.9172 0.734985 17.5072 0.734985C14.7772 0.734985 12.5872 2.95499 12.5872 5.65499C12.5872 6.04499 12.6172 6.40498 12.7072 6.76498C8.62721 6.58498 5.02721 4.60498 2.59721 1.63499C0.857207 4.75498 2.80721 7.33499 4.09721 8.20499C3.31721 8.20499 2.53721 7.96499 1.87721 7.60499C1.87721 10.035 3.58721 12.045 5.80721 12.495C5.32721 12.645 4.24721 12.735 3.58721 12.585C4.21721 14.535 6.04721 15.975 8.17721 16.005C6.49721 17.325 4.03721 18.375 0.887207 18.045C3.07721 19.455 5.65721 20.265 8.44721 20.265C17.5072 20.265 22.4272 12.765 22.4272 6.28499C22.4272 6.07499 22.4272 5.86499 22.3972 5.65499C23.4172 4.90499 24.2572 4.03499 24.8872 3.04499Z"
fill="#151512"
/>
</svg>
</a>
</li>
<li class="pr-5">
<a href="https://github.com/vacp2p" target="_blank" rel="noopener noreferrer">
<svg width="26" height="25" viewBox="0 0 26 25" fill="none" xmlns="http://www.w3.org/2000/svg" class="hover:opacity-50">
<path
d="M12.8857 0.856567C6.26021 0.856567 0.915339 6.20154 0.950043 12.7951C0.9778 18.0687 4.43935 22.5427 9.21766 24.1227C9.81824 24.2327 10.0353 23.864 10.0336 23.5474C10.0321 23.2635 10.0177 22.5129 10.0065 21.5171C6.67274 22.238 5.95552 19.9163 5.95552 19.9163C5.40376 18.5369 4.61433 18.1698 4.61433 18.1698C3.51994 17.4296 4.69151 17.4444 4.69151 17.4444C5.89646 17.5291 6.53549 18.6751 6.53549 18.6751C7.61609 20.4989 9.35182 19.9727 10.0342 19.6665C10.1382 18.8951 10.4459 18.3689 10.7878 18.0702C8.12222 17.7684 5.31483 16.7443 5.29076 12.1708C5.2839 10.8672 5.74629 9.80152 6.50989 8.96619C6.3838 8.66445 5.96641 7.45009 6.61027 5.80766C6.61027 5.80766 7.61658 5.4866 9.9167 7.03094C10.8723 6.76636 11.8976 6.63408 12.9191 6.62962C13.9376 6.63556 14.9658 6.76636 15.9257 7.03242C18.2081 5.48809 19.2163 5.80914 19.2163 5.80914C19.8789 7.45306 19.4743 8.66594 19.3529 8.96767C20.1268 9.80301 20.5959 10.8687 20.6028 12.1723C20.6269 16.7577 17.8272 17.767 15.1558 18.0628C15.5882 18.4314 15.976 19.1597 15.9819 20.273C15.9903 21.8693 15.9821 23.1565 15.9841 23.5474C15.9858 23.867 16.2038 24.2386 16.8122 24.1212C21.5663 22.5397 24.9778 18.0672 24.95 12.7951C24.9153 6.20154 19.5142 0.856567 12.8857 0.856567Z"
fill="#151512"
/>
</svg>
</a>
</li>
<li>
<a href="https://discord.gg/PQFdubGt6d" target="_blank" rel="noopener noreferrer">
<svg width="25" height="21" viewBox="0 0 25 21" fill="none" xmlns="http://www.w3.org/2000/svg" class="hover:opacity-50">
<path
d="M22.7861 9.04256C21.8482 5.74455 20.7799 4.04048 20.7627 4.00991C20.7017 3.93459 19.189 2.104 15.5271 0.75L15.0353 2.0764C16.7774 2.72057 18.0116 3.50643 18.6899 4.01419C16.6599 3.40408 14.2431 3.03041 12.1008 3.03041C9.95851 3.03041 7.53775 3.40408 5.50128 4.01419C6.18496 3.50648 7.42744 2.72057 9.17631 2.0764L8.69846 0.75C5.02238 2.104 3.49044 3.93459 3.42863 4.00991C3.41108 4.04048 2.32479 5.74455 1.35221 9.04256C0.414855 12.2208 0.0415214 16.7045 0.027872 16.8843C0.109225 17.0131 1.97891 20.25 7.12077 20.25L8.43406 18.3536C6.97595 17.964 5.58693 17.3357 4.31689 16.4832L5.10228 15.3069C7.15122 16.6822 9.54509 17.4092 12.0251 17.4092C14.5051 17.4092 16.9067 16.6822 18.9701 15.3069L19.7431 16.4832C18.4641 17.3357 17.0684 17.964 15.6062 18.3536L16.8995 20.25C22.0414 20.25 23.9452 17.0131 24.0279 16.8843C24.0161 16.7045 23.69 12.2208 22.7861 9.04256ZM8.79853 12.7392H7.39228L7.40468 10.3841H8.81093L8.79853 12.7392ZM16.7071 12.7392H15.3008L15.3132 10.3841H16.7195L16.7071 12.7392Z"
fill="#151512"
/>
</svg>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
</header>
<main class="bg-white text-black flex flex-col"><section class="container max-w-screen-xl flex flex-col items-center pt-10 pb-0 md:pb-10 lg:pb-0">
<div class="info-block max-w-680 pb-5 sm:pb-10 overflow-hidden">
<div class="post mb-10">
<h1 class="text-xl md:text-xxl mb-5 sm:max-w-md lg:max-w-2xl">Feasibility Study: Semaphore rate limiting through zkSNARKs</h1>
<div>
<span class="text-s lg:text-base"> 08 Nov 2019 • by </span>
<a href="/authors/oskarth" class="text-s lg:text-base font-bold hover:underline">oskarth</a>
</div>
</div>
<div class="post__content"><p><strong>tldr: Moon math promising for solving spam in Whisper, but to get there we need to invest more in performance work and technical upskilling.</strong></p>
<h2 id="motivating-problem">Motivating problem</h2>
<p>In open p2p networks for messaging, one big problem is spam-resistance. Existing solutions, such as Whispers proof of work, are insufficient, especially for heterogeneous nodes. Other reputation-based approaches might not be desirable, due to issues around arbitrary exclusion and privacy.</p>
<p>One possible solution is to use a right-to-access staking-based method, where a node is only able to send a message, signal, at a certain rate, and otherwise they can be slashed. One problem with this is in terms of privacy-preservation, where we specifically dont want a user to be tied to a specific payment or unique fingerprint.</p>
<h3 id="related-problems">Related problems</h3>
<p>In addition to above, there are a lot of related problems that share similarities in terms of their structure and proposed solution.</p>
<ul>
<li>Private transactions (<a href="https://z.cash/">Zcash</a>, <a href="https://www.aztecprotocol.com/">AZTEC</a>)</li>
<li>Private voting (<a href="https://github.com/kobigurk/semaphore">Semaphore</a>)</li>
<li>Private group membership (Semaphore)</li>
<li>Layer 2 scaling, poss layer 1 (<a href="https://ethresear.ch/t/on-chain-scaling-to-potentially-500-tx-sec-through-mass-tx-validation/3477">ZK Rollup</a>; StarkWare/Eth2-3)</li>
</ul>
<h2 id="overview">Overview</h2>
<h2 id="basic-terminology">Basic terminology</h2>
<p>A <em>zero-knowledge proof</em> allows a <em>prover</em> to show a <em>verifier</em> that they know something, without revealing what that something is. This means you can do trust-minimized computation that is also privacy preserving. As a basic example, instead of showing your ID when going to a bar you simply give them a proof that you are over 18, without showing the doorman your id.</p>
<p><em>zkSNARKs</em> is a form of zero-knowledge proofs. There are many types of zero-knowledge proofs, and the field is evolving rapidly. They come with various trade-offs in terms of things such as: trusted setup, cryptographic assumptions, proof/verification key size, proof/verification time, proof size, etc. See section below for more.</p>
<p><em>Semaphore</em> is a framework/library/construct on top of zkSNARks. It allows for zero-knowledge signaling, specifically on top of Ethereum. This means an approved user can broadcast some arbitrary string without revealing their identity, given some specific constraints. An approved user is someone who has been added to a certain merkle tree. See <a href="https://github.com/kobigurk/semaphore">current Github home</a> for more.</p>
<p><em>Circom</em> is a DSL for writing arithmetic circuits that can be used in zkSNARKs, similar to how you might write a NAND gate. See <a href="https://github.com/iden3/circom">Github</a> for more.</p>
<h2 id="basic-flow">Basic flow</h2>
<p>We start with a private voting example, and then extend it to the slashable rate limiting example.</p>
<ol>
<li>
<p>A user registers an identity (arbitrary keypair), along with a small fee, to a smart contract. This adds them to a merkle tree and allows them to prove that they are member of that group, without revealing who they are.</p>
</li>
<li>
<p>When a user wants to send a message, they compute a zero-knowledge proof. This ensures certain invariants, have some <em>public outputs</em>, and can be verified by anyone (including a smart contract).</p>
</li>
<li>
<p>Any node can verify the proof, including smart contracts on chain (as of Byzantinum HF). Additionally, a node can have rules for the public output. In the case of voting, one such rule is that a specific output hash has to be equal to some predefined value, such as “2020-01-01 vote on Foo Bar for president”.</p>
</li>
<li>
<p>Because of how the proof is constructed, and the rules around output values, this ensures that: a user is part of the approved set of voters and that a user can only vote once.</p>
</li>
<li>
<p>As a consequence of above, we have a system where registered users can only vote once, no one can see who voted for what, and this can all be proven and verified.</p>
</li>
</ol>
<h3 id="rate-limiting-example">Rate limiting example</h3>
<p>In the case of rate limiting, we do want nodes to send multiple messages. This changes step 3-5 above somewhat.</p>
<p><em>NOTE: It is a bit more involved than this, and if we precompute proofs the flow might look a bit different. But the general idea is the same</em>.</p>
<ol>
<li>
<p>Instead of having a rule that you can only vote once, we have a rule that you can only send a message per epoch. Epoch here can be every second, as defined by UTC date time +-20s.</p>
</li>
<li>
<p>Additionally, if a users sends more than one message per epoch, one of the public outputs is a random share of a private key. Using Shamirs Secret Sharing (similar to a multisig) and 2/3 key share as an example threshold: in the normal case only 1/3 private keys is revealed, which is insufficient to have access. In the case where two messages are sent in an epoch, probabilistically 2/3 shares is sufficient to have access to the key (unless you get the same random share of the key).</p>
</li>
<li>
<p>This means any untrusted user who detects a spamming user, can use it to access their private key corresponding to funds in the contract, and thus slash them.</p>
</li>
<li>
<p>As a consequence of above, we have a system where registered users can only messages X times per epoch, and no one can see who is sending what messages. Additionally, if a user is violating the above rate limit, they can be punished and any user can profit from it.</p>
</li>
</ol>
<h3 id="briefly-on-scope-of-approved-users">Briefly on scope of approved users</h3>
<p>In the case of an application like Status, this construct can either be a global StatusNetwork group, or one per chat, or network, etc. It can be applied both at the network and user level. There are no specific limitations on where or who deploys this, and it is thus more of a UX consideration.</p>
<h2 id="technical-details">Technical details</h2>
<p>For a fairly self-contained set of examples above, see exploration in <a href="https://github.com/vacp2p/research/blob/master/zksnarks/semaphore/src/hello.js">Vac research repo</a>. Note that the Shamir secret sharing is not inside the SNARK, but out-of-band for now.</p>
<p>The <a href="https://github.com/kobigurk/semaphore">current version</a> of Semaphore is using NodeJS and <a href="https://github.com/iden3/circom">Circom</a> from Iden3 for Snarks.</p>
<p>For more on rate limiting idea, see <a href="https://ethresear.ch/t/semaphore-rln-rate-limiting-nullifier-for-spam-prevention-in-anonymous-p2p-setting/5009/">ethresearch post</a>.</p>
<h2 id="feasibility">Feasibility</h2>
<p>The above repo was used to exercise the basic paths and to gain intution of feasibility. Based on it and related reading we outline a few blockers and things that require further study.</p>
<h3 id="technical-feasibility">Technical feasibility</h3>
<h4 id="proof-time">Proof time</h4>
<p>Prove time for Semaphore (<a href="https://github.com/kobigurk/semaphore">https://github.com/kobigurk/semaphore</a>) zKSNARKs using circom, groth and snarkjs is currently way too long. It takes on the order of ~10m to generate a proof. With Websnark, it is likely to take 30s, which might still be too long. We should experiment with native code on mobile here.</p>
<p>See <a href="https://github.com/vacp2p/research/issues/7">details</a>.</p>
<h4 id="proving-key-size">Proving key size</h4>
<p>Prover key size is ~110mb for Semaphore. Assuming this is embedded on mobile device, it bloats the APK a lot. Current APK size is ~30mb and even that might be high for people with limited bandwidth.</p>
<p>See <a href="https://github.com/vacp2p/research/issues/8">details</a>.</p>
<h4 id="trusted-setup">Trusted setup</h4>
<p>Using zkSNARKs a trusted setup is required to generate prover and verifier keys. As part of this setup, a toxic parameter lambda is generated. If a party gets access to this lambda, they can prove anything. This means people using zKSNARKs usually have an elaborate MPC ceremony to ensure this parameter doesnt get discovered.</p>
<p>See <a href="https://github.com/vacp2p/research/issues/9">details</a>.</p>
<h4 id="shamir-logic-in-snark">Shamir logic in SNARK</h4>
<p>For <a href="https://ethresear.ch/t/semaphore-rln-rate-limiting-nullifier-for-spam-prevention-in-anonymous-p2p-setting/5009">Semaphore RLN</a> we need to embed the Shamir logic inside the SNARK in order to do slashing for spam. Currently the <a href="https://github.com/vacp2p/research/blob/master/zksnarks/semaphore/src/hello.js#L450">implementation</a> is trusted and very hacky.</p>
<p>See <a href="https://github.com/vacp2p/research/issues/10">details</a>.</p>
<h4 id="end-to-end-integation">End to end integation</h4>
<p><a href="https://github.com/vacp2p/research/blob/master/zksnarks/semaphore/src/hello.js">Currently</a> is standalone and doesnt touch multiple users, deployed contract with merkle tree and verification, actual transactions, a mocked network, add/remove members, etc. There are bound to be edge cases and unknown unknowns here.</p>
<p>See <a href="https://github.com/vacp2p/research/issues/11">details</a>.</p>
<h4 id="licensing-issues">Licensing issues</h4>
<p>Currently Circom <a href="https://github.com/iden3/circom/blob/master/COPYING">uses a GPL license</a>, which can get tricky when it comes to the App Store etc.</p>
<p>See <a href="https://github.com/vacp2p/research/issues/12">details</a>.</p>
<h4 id="alternative-zkps">Alternative ZKPs?</h4>
<p>Some of the isolated blockers for zKSNARKs (<a href="https://github.com/vacp2p/research/issues/7">#7</a>, <a href="https://github.com/vacp2p/research/issues/8">#8</a>, <a href="https://github.com/vacp2p/research/issues/9">#9</a>) might be mitigated by the use of other ZKP technology. However, they likely have their own issues.</p>
<p>See <a href="https://github.com/vacp2p/research/issues/13">details</a>.</p>
<h3 id="social-feasibility">Social feasibility</h3>
<h4 id="technical-skill">Technical skill</h4>
<p>zkSNARKs and related technologies are quite new. To learn how they work and get an intuition for them requires individuals to dedicate a lot of time to studying them. This means we must make getting competence in these technologies if we wish to use them to our advantage.</p>
<h4 id="time-and-resources">Time and resources</h4>
<p>In order for this and related projects (such as private transaction) to get anywhere, it must be made an explicit area of focus for an extend period of time.</p>
<h2 id="general-thoughts">General thoughts</h2>
<p>Similar to Whisper, and in line with moving towards protocol and infrastructure, we need to upskill and invest resources into this. This doesnt mean developing all of the technologies ourselves, but gaining enough competence to leverage and extend existing solutions by the growing ZKP community.</p>
<p>For example, this might also include leveraging largely ready made solutions such as AZTEC for private transaction; more fundamental research into ZK rollup and similar; using Semaphore for private group membership and private voting; Nim based wrapper aronud Bellman, etc.</p>
<h2 id="acknowledgement">Acknowledgement</h2>
<p>Thanks to Barry Whitehat for patient explanation and pointers. Thanks to WJ for helping with runtime issues.</p>
<p><em>Peacock header image from <a href="https://en.wikipedia.org/wiki/File:Flickr_-_lo.tangelini_-_Tonos_(1).jpg">Tonos</a>.</em></p>
</div>
</div>
</section>
</main>
</div>
<footer class="footer bg-black flex flex-shrink-0 justify-center">
<div class="container max-w-screen-xl flex sl:justify-between lm:justify-start p-5 md:px-12 md:pt-5 lg:py-10">
<div class="logo mr-10 sm:mr-0 sm:w-2/12 lg:w-3/12">
<a href="/"><img src="/assets/img/logo.png" alt="Vac logo" class="w-9 h-11" /></a>
</div>
<div class="flex flex-col xm:flex-row xm:justify-between sm:w-10/12 lg:w-9/12">
<p class="hidden sl:inline-block sl:mr-10 text-xxs lg:text-base text-white opacity-75">Vac researches peer-to-peer, private, censorship resistant communication</p>
<nav class="flex max-w-xs mr-0 xm:mr-5 l:mr-32 mb-5 sm:mb-0">
<div class="flex">
<div class="flex flex-col mr-5 sm:mr-10 sl:mr-14">
<p class="text-xxs lg:text-base text-white opacity-75 mb-5 lg:mb-8">Research</p>
<ul>
<li class="text-xxs lg:text-base text-white hover:opacity-50 mb-5">
<a href="/research-log" target="_blank" rel="noopener noreferrer">Log</a>
</li>
<li class="text-xxs lg:text-base text-white hover:opacity-50 mb-5">
<a href="https://rfc.vac.dev/" target="_blank" rel="noopener noreferrer">Specs</a>
</li>
</ul>
</div>
<div class="flex flex-col sl:mr-14">
<p class="text-xxs lg:text-base text-white opacity-75 mb-5 lg:mb-8">Socials</p>
<ul>
<li class="text-xxs lg:text-base text-white hover:opacity-50 mb-5">
<a href="https://twitter.com/vacp2p" target="_blank" rel="noopener noreferrer">Twitter</a>
</li>
<li class="text-xxs lg:text-base text-white hover:opacity-50 mb-5">
<a href="https://discord.gg/PQFdubGt6d" target="_blank" rel="noopener noreferrer">Discord</a>
</li>
<li class="text-xxs lg:text-base text-white hover:opacity-50 mb-5">
<a href="https://t.me/vacp2p" target="_blank" rel="noopener noreferrer">Telegram</a>
</li>
</ul>
</div>
</div></nav></div>
</div>
</footer>
<script src="/assets/js/main.min.js"></script>
<script src="/assets/js/smooth-scroll.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink