Zswap: zk-SNARK Based Non-Interactive Multi-Asset Swaps

Authors: Felix Engelmann (IT University of Copenhagen), Thomas Kerber (University of Edinburgh, IOHK, thomas.), Markulf Kohlweiss (University of Edinburgh, IOHK), Mikhail Volkhov (University of Edinburgh)

Volume: 2022
Issue: 4
Pages: 507–527
DOI: https://doi.org/10.56553/popets-2022-0120

artifact

Download PDF

Abstract: Privacy-oriented cryptocurrencies, like Zcash or Monero, provide fair transaction anonymity and confidentiality, but lack important features compared to fully public systems, like Ethereum. Specifically, supporting assets of multiple types and providing a mechanism to atomically exchange them, which is critical for e.g. decentralized finance (DeFi), is challenging in the private setting. By combining insights and security properties from Zcash and SwapCT (PETS 21, an atomic swap system for Monero), we present a simple zk-SNARKs based transaction scheme, called Zswap, which is carefully malleable to allow the merging of transactions, while preserving anonymity. Our protocol enables multiple assets and atomic exchanges by making use of sparse homomorphic commitments with aggregated open randomness, together with Zcash friendly simulation-extractable non-interactive zero-knowledge (NIZK) proofs. This results in a provably secure privacypreserving transaction protocol, with efficient swaps, and overall performance close to that of existing deployed private cryptocurrencies. It is similar to Zcash Sapling and benefits from existing code-bases and implementation expertise.

Keywords: NIZK, Cryptocurrency, Privacy, MultiAsset, Exchange

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.