Zcash and Monero Have Been Turned Into an Ethereum Smart Contract, Zero-Knowledge Proofs Are Now Just a Dapp – Trustnodes

Zcash and Monero Have Been Turned Into an Ethereum Smart Contract, Zero-Knowledge Proofs Are Now Just a Dapp


A team of coders has implemented a smart contract that utilizes zero knowledge proofs to hide who is transacting with who and to hide the amount transacted.

“The AZTEC protocol can enable confidential transactions for any generic digital asset on Ethereum, including existing assets.

For our proof of concept implementation of the AZTEC protocol, we attached an AZTEC token to MakerDAO’s DAI token.

This smart contract can be used to convert DAI from its public ERC-20 form into a confidential AZTEC note form,” they say.

Zero knowledge proofs are a cryptographic method whereby you can show you have the right to something without revealing what that is or how much you have.

They’re most famously used in Zcash where you can’t see who is transacting with who or by what amount. Now, Zcash has effectively been turned into a smart contract.

One of the first sender of a zero knowledge DAI transaction, December 2018

The Aztec coding team says this has been implemented in a proof of concept that utilizes the algorithmically stablecoin DAI.

A representative says he made the above transaction 14 days ago whereby he sent 40 dai to 0x6, the zero knowledge smart contract.

From that we can see that he sent 40 dai to the smart contract. So he transacted with someone or some people in an unknown amount except that it couldn’t be more than $40, but it could be less.

Now when we look at the smart contract, we can see that there was a transaction out of it 14 days ago, but it appears to be unrelated.

Ethereum’s first zero knowledge smart contract, December 2018.

We see here that 10 dai was withdrawn to the address highlighted above, but the representative says he transacted through the smart contract to a very different address.

He claims he sent an unknown amount to 0xD, which, if true, would be quite interesting because this is what  the address in question looks like:

One of the first receiver of a zero knowledge DAI transaction, November 2018

We can see here the recipient of this claimed first zero knowledge transaction received and sent some eth a long time ago, which is of no interest whatever.

What is of interest is that there is no ERC20 tab. There should be, if he/she did indeed receive dai, but there isn’t.

The blockchain is telling us this account has no dai when a human is telling us this account was sent dai. Blockchains obviously can’t lie, humans can, but if the human is actually not lying, that means blockchains – and ethereum’s blockchain specifically – will gain the ability to “lie” by hiding the dai or whatever other token.

We couldn’t test this our self, hence the emphasis on “claimed” and so on, but they’ve promised MetaMask integration and they appear to be ConsenSys backed so we don’t really have any rational reason to doubt the human.

In which case, we’ll have reason to doubt the blockchain because we’ll know what it says, but we don’t know what it doesn’t say.

The way this works is that you send however much you want to use to the smart contract, and there it is turned into a note.

We, therefore, can’t see dai at the receiver’s end because conceptually he doesn’t actually have dai. He has notes. Those notes are sort of a promise or sort of a claim to the amount of dai he was sent.

To have any actual dai, and thus to make any use of them such as sending them to the dai smart contract for payback, he will have to convert the notes into dai which he “easily” can – and we have easily in quotes because right now it is command line, but conceptually you can just press a button.

So to kind of get the gist of it, the smart contract is basically a database of its own where who owns what and how much is sort of kept in a blackhole that is not accessible to the blockchain.

You’ll probably eventually want to get out of the blackhole and then the blockchain will probably be able to see how much you received, but not from who.

You can obviously stay in the blackhole if you want, presumably, but then, one would think logically, you’d only be able to transact with people in the blackhole because only there the database knows of your rights. Outside of it no one has a clue, so you need to claim your right by converting the notes.

Making it quite interesting because you can now kind of just disappear and do things outside of the watchful eye of the blockchain and do so by just sending a transaction to some contract. The representative says:

“The implications of this are far wider than sending around confidential ERC20 tokens – over the coming months we’re going to be releasing our full, open-source implementation of the AZTEC protocol which includes the cryptographic protocols required to manage financial instruments in full zero knowledge.

This includes anonymous voting for governence mechanics, anonymous identity schemes (e.g. proving that you’re a member of a whitelisted group, without revealing who in that group you are) and a decentralized zero-knowledge exchange, which will enable people to trade AZTEC assets with each other without publicly revealing the values of the trade.”

Now, this is the blockchain space where overpromises are kind of the norm and it comes from their representative so you’d expect some yeeha, but one can see how it can have some use cases.

The decentralized zero-knowledge exchange, however, isn’t easy to see, unless we take it to mean the “dumb” version of I know you and I send you whatever without anyone else knowing.

That’s not what he/she appeared to mean from the context, with one led to believe of a proper exchange where I buy or sell from a complete rando who I’ve never heard of and don’t want to.

Achieving that without leakage would be difficult because there has to be an order-book somewhere and someone has to manage it and unless the orderbook is on the blockchain – which would be very costly – then that someone has to know who is what and doing what as traders have to know what are the bids and what is the price.

But one can see how a more simple exchange can occur in a private form even with people you don’t know by having offers in a way you don’t know who is the offeror through the zero knowledge proof.

Making it all very interesting. Especially how you don’t even have to incorporate zkSNARKs, or whatever, into the ethereum protocol itself as you can just publish a smart contract and do the same thing while allowing people to choose whether you want that complete privacy or not.

Copyrights Trustnodes.com


Comments (4)

  1. This is quite possibly the stupidest clickbait title I’ve ever read. First, you can’t just “throw on” a trusted setup, opt-in privacy based solution on a non-private chain and expect it to work flawlessly. Second, they’ve just made DAI inauditable, which completely kills its purpose as a decentralized stablecoin. Third, this literally has nothing to do with Monero other than it’s a privacy feature. Has this author done any research!?

    1. I agree the title could be better. But as I bystander I have to say the article was pretty clear. DAI doesn’t become inauditable because in all likelihood the balances sent to the anonmization contract can be seen, and all the contracts intended to keep it stable would still function as intended. What you’d get is a sort of derivative DAI “note” that you can pass around as much as you want, and redeem for DAI later, which is also auditable. So this sounds like a fancy mixer where on-ramps and off-ramps will probably be scrutinized , but seems pretty technologically impressive none-the-less.

  2. this is great news and hating on zcash trusted set up nodes like myself wont help..the audits took place the foundation is set up and much more going on

Leave a Reply to alko89 Cancel Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>