Kusama Shield | Dotsama assets and ZK

EVM based Multi Asset ZK shielded pool for Kusama

Project name: Kusama Shield

Summary: 

This is a proposal for a privacy-friendly multi-asset shielded pool. Allowing anyone on Kusama to deposit any asset into the pool without reveiling the destination.

By utilizing Moonriver parachain, the goal is to have a solidity contract that can be utilized with regular assethub XC-20 parachain assets + erc20 evm tokens. Targeting a wide range of different assets.

This is a proposal to bring more privacy and ZK tech into Kusama by developing zk and dotsama compatible smart contracts, Make ZK technology more compatible with the Dotsama ecosystem.

Users generate a zk proof when depositing tokens into the Pool. This commitment is stored on-chain but does not reveal the user's identity or balance.

Interacting with Assethub native asset in solidity:

Moonriver provides a good home for this application as its supports interacting with assethub based assets using their solidity interface:

https://docs.moonbeam.network/builders/interoperability/xcm/xc20/interact/#calculate-xc20-address

https://docs.moonbeam.network/builders/interoperability/xcm/xc20/interact/#The%20ERC-20%20Permit%20Solidity%20Interface

This would allow anyone to send tokens with XCM from any Kusama connected parachain and then transfer the tokens over to the EVM Moonriver chain where they can utilize the privacy pool.

 

 

Problem statement:

There is a big lack of Privacy-friendly technology in the Dotsama ecosystem. The Pseudonymity of holding an asset in your wallet on a Dotsama chain is not enough to remain hidden. By learning from previous web3 project such as Zcash. Keeping your assets in a shielded pool allows for anonymous ownership. Currently there is a Big lack of ZK dapps in the Kusama Space which is something we want to solve.

 

From the community:

Erin interview: https://www.youtube.com/watch?v=ziXIjY5MeVo

Shawn's forum post: https://forum.polkadot.network/t/make-kusama-chaotic-again/11123

Web3 foundation push towards more ZK on Kusama: https://kusama.subsquare.io/referenda/498

 

Solution:

In order to bring privacy to a wide set of Asset, we suggest a zk Multi asset shielded pool. Creating a base for interacting with dotsama assets and ZK in solidity. Anyone can then take that base build cool applications on top of it.

Features:

• Zero Knowledge proofs with halo2 XC-20(parachain native/assethub compatible assets) and ERC20 EVM assets supported
• Censorship resistant Anyone can interact with the privacy pool contract permisionly.
• UI could be hosted on ipfs
• Plug and play privacy Once the smart contract and UI is developed it can be deployed any EVM compatible parachain.
• Not TEE(trusted execution enviroment) based Several approaches have been taken to make data more privacy-friendly by utilizing proprietary trusted execution enviroments, this limits the users hardware options and makes the user rely on technology that continuously gets broken by security researchers. https://arstechnica.com/information-technology/2024/12/new-badram-attack-neuters-security-assurances-in-amd-epyc-processors/ https://www.sciencedirect.com/science/article/pii/S0167404823000901

What can this enable? 

• More research in the dotsama ZK space
• More interoperability for dotsama assets and ZK Anonymous donations
• Privacy for all assethub based assets

 

Align with Kusama:

• Privacy-focused
• Decentralized | UI gets hosted on IPFS(no opinated hosting providers), permisionly send assets via XCM and deposit to the ZK contract. No centralized party needed.
• Self-Sovereign | Smart contract lives on-chain allowing anyone to interact with it and build things with it.

 

Why EVM not !ink?

• A lot of research is being made by multiple ecosystems into Zero knowledge with Solidity.
• The solidity <> ZK landscape is more mature than the ink <> ZK landscape.
• Compatible with future Assethub Plaza | By the development of Assethub into Plaza, in the near future we would be able to run evm contracts on Assethub.

 

User journey:

• User XCM KSM from parachain/relaychain to Moonriver from the user interface.
• User selects how much to deposit
• Reciever claims the selected asset in the withdraw section

 

Solidity Zero Knowledge halo2 implementation from:

https://github.com/privacy-scaling-explorations/halo2-solidity-verifier

from https://pse.dev/en

 

UI sketch:

 

 

The first iteration of the user interface will support 3 main functions:

1. Deposit deposit tokens into the shielded pool.
2. Withdraw Withdraw tokens from the shielded pool.
3. XCM transfer Transfer tokens to other parachains.

Support for browser wallets(polkadot.js.org/talisman/subwallet)

 

Correlation Attacks:

Some anti-correlation attack mitigations will be put in, including:

Allowing only fixed amounts

If one user deposits 21.3737475 tokens and withdraws the same amount, it's very easy for a malicious actor to watch the balance changes and figure out where the funds are going. But limiting the users to only deposit 1, 10, 100, or 1000 units of the token, it makes it a lot harder to track several people that deposit the same amount.

Batch payouts

Batch'ing withdraws, sending multiple withdraws with same amount to multple users.

 

Limitations:

• Not audited(yet)
• The more people who use, the better privacy the users get

 

 

KSM support in Solidity:

As the time of writing this, in order to interact with assethub native assets such as KSM, USDT and other pallet assets(assethub assets) based assets in Solidity an interface between the chains and the EVM enviroment. In solidity this is solved by the chain having "precompiles", which are interfaces to interact with non-evm native stuff. Since the EVM precompiles with pallet revive is still on the roadmap and has not been publicly deployed, the solution to support KSM straight out of the box is to first make a version 1 on Moonrivers EVM, where they have solidity precompiles. Since this is a limitation and will hopefully soon be solved and deployed on Paseo and westend the structure is pitched to first deploy it to Moonriver and then in Milestone 3 migrate over the contract once the precompiles are on assethub.

Once we have Kusama Shield on the soon to come Assethub Plaza, cross chain evm calls and a lot of great integrate opertunities will be possible!

Open evm precompile issue on Polkadot sdk github

Read more from Parity's smart contract roadmap:

https://github.com/orgs/paritytech/projects/29/views/1

 

Milestones:

The goal is to build a working stable MVP. 

• Total amount of hours: 430 hours

• FTE: 2

• Cost per developer hour: 90 USD

• Total USD price for all milestones: 38700

• Total amount of Milestones: 3

• Total estimated delivery time: 3.5 months

 

Milestone 1, Inital pools:

• Price for milestone: 16200 USD
• Hours: 180
• Estimated delivery time: 1 month

 

Name	Description	Hours
Tests	Smart contract test	30
Smart contract	ZK shielded smart contract with KSM and multi asset support on Moonriver	120
Basic UI	A basic UI for interacting with the smart contract	30

 

 

M1 Deliver details:

• Smart contract

The smart contract shall be compatible with multiple assets and the halo2 ZK libs mentioned above.

Ability to deposit and withdraw funds without seeing a clear link inbetween. 

• Basic UI The team will provide a basic react UI as a alpha UI. To interact be able to deposit and withdraw assets.

 

 

Milestone 2, UI + XCM:

• Price for milestone: 9900
• Hours: 110
• Estimated delivery time: 1 month

  

Name	Description	Hours
tests	tests for all features	30
User interface design	UI design	40
XCM transfers	XCM transfer assets in UI	30
Fixed amount transfer only	allow fixed amount transfers in the UI	10

 

M2 Deliver details:

• Smart contract

The smart contract shall be compatible with multiple assets and the halo2 ZK libs mentioned above. Ability to deposit and withdraw funds without seeing a clear link inbetween.

• XCM transfer asset in UI

Ability to transfer assets in the main user interface.

• Fixed amount transfer

Only allowed fixed amount to deposit in the Pool in the UI.

 

 

Milestone 3, the migration:

• Price for milestone: 12600
• Hours: 140
• Estimated delivery time(timeline might be pushed back a bit if there are delays in support solidity precompiles on AH): 1 - 1.5 months

 

Name	Description	Hours
Contract Migration to Kusama Assethub	Migrate contract from Moonriver to Kusama Assethub	80
Public documentation	Docuemtation for using Kusama shield and developer integration documentation	30
test	tests for contract	30

 

M3 Deliver details:

• Smart contract migration

Migration of the solidity asset handling to support the pallet revive assethub solidity precompiles for Native assets.

• Documentation

Public documentation and developer integration guide, using mdbook. Once this milestone is delivered anyone can fork the code, modify it(MIT license), integrate current applications with the deployed smart contract.

 

Payment terms:

Each milestone shall be paid out after the reviewers/moderators approve the delivery.

 

Delivery:

Code will be published as open source under the MIT license.

Code repos will be publicly available here: https://codeberg.org/KusamaShield

The interface will be deployed on IPFS.

All project updates will be shared publicly on Polkassembly. If the timeline is not met, the funds will be returned to the treasury.

Team:

The majority of the team wish to remain and contribute anonymously, in order to provide more transparent and work checking, a public moderator group has been selected.

Developer team consists of one Solidity EVM developer and one React UI frontend developer. That will contribute to the development of Kusama Shield on the public codeberg repo.

Moderators(2/3 approval):

flipchan - Fan of Polkadot since 2021, previously substrate developer on various chains including early Picasso chain and Edgeware, Uptest testing, Bagpipes UI development.    

Erin -

James Slusser —

 

3 moderators have been selected by the community based on the following forum post: https://forum.polkadot.network/t/ksm-rfp-1-shielded-kusama-hub-transfers/12147/4

Responsibility of Moderators:

The moderators serve as a transparent layer to the Kusama DAO. Their responsibility is to review each milestones and verify that the features work for example:

M1 gets deliverd, can moderator use the features? Test that the UI works and that funds can be deposited and withdrawn from the smart contract.

The goal of the moderator group is to verify that milestone functionality has been delivered and not perform deep code reviews. The next steps after this will be delivered would be to get the entire source code audited by a reputable solidity zk auditing firm as a future referendum.

 

Moderator fee: 5000 USD has been put aside to give the moderators a fee for checking the features.

5000 USD - Split 4 ways, 1250usd per moderator.

 

Public discussion:

Kusama shield was mentioned on the monday show of AAG, link:

 

Total price breakdown: 

 

Name	Description	Price
M1-M3 Development milestones	development of Kusama Shield	38700
Moderator fee	Moderation of deliverables	5000
Total USD:		43700

 

 

Allow anonymous contributors   

The codebase will be available on codeberg, which is best pratice for anonymous contributors, inspired by Darkfi: https://darkrenaissance.github.io/darkfi/dev/contrib/contrib.html

Future:   

• Publish guides and how-tos on how anyone can interact with deposit and withdraw functions of the ZK pool.
• Testnet version on Paseo Solidity zk pool contract gets audited
• Privacy friendly version of Polkadot Gifts
• Incentivized privacy pools

Once the new version of Assethub launches and smart contracts can interact with staking, ideally the funds in the ZK pool will be able to earn rewards, incentivizing more people to add coins to the shielded pool and increasing the anonymity set.

 

After this PoC is built, next proposal would be to cover the auditing costs, ideally the code would be auditable by a reputable security company such as Trail of Bits or Fyeo.

 

Sustainability:

Ideally a 0.25-0.5% fee on each transaction will be taken to sustain future development.

 

FAQ:

What about all the Tornado Cash fud that is around?

Recently there has been a lot of attention on an ethereum privacy tool called Tornado Cash.

Interview with Coinbase about tornado cash case, where the US court rules that immutable smart contracts are not property and shall not be sanctioned under ofac. https://m.youtube.com/watch?v=4BfiRMGs6Hg&t=1s&pp=2AEBkAIB

Interacting with a zk smart contract is done in a non custodial way, only the users has control of its own funds, no centralized party controls the user funds and the project is in no way considered a VASP.

More tornado cash interviews:

https://m.youtube.com/watch?v=nFhe9kSbLGs&pp=ygUWQmFua2xlc3MgdG9ybmFkbyBjYXNoIA%3D%3D

https://m.youtube.com/watch?v=kFqBjAEqzoo

 

ZK projects in other ecosytems:

https://www.railgun.org/

https://protocol.penumbra.zone/main/index.html

https://namada.net/

https://darkrenaissance.github.io/darkfi/start-here.html

https://github.com/zcash/halo2

https://arxiv.org/pdf/2303.08221 

 

What are your thoughts? Comment :)