HomeEIPs
EIPsERC-1923
ERC-1923

zk-SNARK Verifier Registry Standard

StagnantStandards Track: ERC
Created: 2018-12-22
Requires: EIP-165, EIP-196, EIP-197
Michael Connor <michael.connor@uk.ey.com>, Chaitanya Konda <chaitanya.konda@uk.ey.com>, Duncan Westland <duncan.westland@uk.ey.com>
DiscussionsOriginal linkEdit
1 min read

The ERC-1923 zk-SNARK Verifier Registry Standard is a proposed standard interface for a contract API that allows for the registration of zk-SNARKs, which are zero-knowledge proofs used for private transactions, computations, and scaling solutions on the Ethereum blockchain. The standard aims to make it easier for applications to implement private transactions and contracts, as well as scaling solutions, by providing a standardized way to register all zk-SNARKs. The standard also allows for the extraction and interpretation of limited information emitted during zk-SNARK verifications. The motivation for standardizing a registry is to provide a more efficient and secure way for consumers of information to interface with the standard verifier registry. The standard references other Ethereum Improvement Proposals (EIPs) such as EIP-165, EIP-196, and EIP-197, as well as educational material on zk-SNARKs. However, the referenced verifier registry implementations are not yet ready for deployment, and the standard needs to be updated to provide references to deployed versions of these implementations. Overall, the ERC-1923 zk-SNARK Verifier Registry Standard is a proposed standard interface that aims to make it easier for applications to implement private transactions and contracts, as well as scaling solutions, by providing a standardized way to register all zk-SNARKs.

Video
Anyone may contribute to propose contents.
Go propose
Original

Simple Summary

A standard interface for a "Verifier Registry"'" contract, through which all zk-SNARK verification activity can be registered.

Abstract

The following standard allows for the implementation of a standard contract API for the registration of zk-SNARKs ("Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge"), also known as "proofs", "arguments", or "commitments".

TODO: Which functionality is exposed in this standard interface?

Motivation

zk-SNARKs are a promising area of interest for the Ethereum community. Key applications of zk-SNARKs include:

  • Private transactions
  • Private computations
  • Ethereum scaling through proofs of 'bundled' transactions

A standard interface for registering all zk-SNARKs will allow applications to more easily implement private transactions, private contracts, and scaling solutions; and to extract and interpret the limited information which gets emitted during zk-SNARK verifications.

:warning: TODO: Explain the motivation for standardizing a registry, other than simply standardizing the verifier interactions.

⚠️ TODO: Explain the benefits to and perspective of a consumer of information. I.e. the thing that interfaces with the standard verifier registry.

Specification

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

pragma solidity ^0.5.6; /// @title EIP-XXXX zk-SNARK Verifier Registry Standard /// @dev See https://github.com/EYBlockchain/zksnark-verifier-standard /// Note: the ERC-165 identifier for this interface is 0xXXXXXXXXX. /// ⚠️ TODO: Set the interface identifier interface EIP-XXXX /* is ERC165 */ { event NewProofSubmitted(bytes32 indexed _proofId, uint256[] _proof, uint64[] _inputs); event NewVkRegistered(bytes32 indexed _vkId); event NewVerifierContractRegistered(address indexed _contractAddress); event NewAttestation(bytes32 indexed _proofId, address indexed _verifier, bool indexed _result); function getVk(bytes32 _vkId) external returns (uint256[] memory); function registerVerifierContract(address _verifierContract) external returns (bool); function registerVk(uint256[] calldata _vk, address[] calldata _verifierContracts) external returns (bytes32); function submitProof(uint256[] calldata _proof, uint64[] calldata _inputs, bytes32 _vkId) external returns (bytes32); function submitProof(uint256[] calldata _proof, uint64[] calldata _inputs, bytes32 _vkId, address _verifierContract) external returns (bytes32); function submitProofAndVerify(uint256[] calldata _proof, uint64[] calldata _inputs, bytes32 _vkId, address _verifierContract) external returns (bytes32); function attestProof(bytes32 _proofId, bytes32 _vkId, bool _result) external; function attestProofs(bytes32[] calldata _proofIds, bytes32[] calldata _vkIds, bool[] calldata _results) external; function challengeAttestation(bytes32 _proofId, uint256[] calldata _proof, uint64[] calldata _inputs, address _verifierContract) external; function createNewVkId(uint256[] calldata _vk) external pure returns (bytes32); function createNewProofId(uint256[] calldata _proof, uint64[] calldata _inputs) external pure returns (bytes32); }

Interface

interface ERC165 { /// @notice Query if a contract implements an interface /// @param interfaceID The interface identifier, as specified in ERC-165 /// @dev Interface identification is specified in ERC-165. This function /// uses less than 30,000 gas. /// @return `true` if the contract implements `interfaceID` and /// `interfaceID` is not 0xffffffff, `false` otherwise function supportsInterface(bytes4 interfaceID) external view returns (bool); }

Rationale

⚠️ TODO: Add Rationale section.

Backwards Compatibility

⚠️ TODO: Add Backwards Compatibility section.

Test Cases

Truffle tests of example implementations are included in this Repo.

⚠️ TODO: Reference specific test cases because there are many currently in the repository.

Implementations

Detailed example implementations and Truffle tests of these example implementations are included in this Repo.

⚠️ TODO: Update referenced verifier registry implementations so that they are ready-to-deploy or reference deployed versions of those implementations. At current, the referenced code specifically states "DO NOT USE THIS IN PRODUCTION".

⚠️ TODO: Provide reference to an implementation which interrogates a standard verifier registry contract that implements this standard.

References

⚠️ TODO: Update references and confirm that each reference is cited (parenthetical documentation not necessary) in the text.

Standards

  1. ERC-20 Token Standard. ./eip-20.md

  2. ERC-165 Standard Interface Detection. ./eip-165.md

  3. ERC-173 Contract Ownership Standard (DRAFT). ./eip-173.md

  4. ERC-196 Precompiled contracts for addition and scalar multiplication on the elliptic curve alt_bn128. ./eip-196.md

  5. ERC-197 Precompiled contracts for optimal ate pairing check on the elliptic curve alt_bn128. ./eip-197.md

  6. Ethereum Name Service (ENS). https://ens.domains

  7. RFC 2119 Key words for use in RFCs to Indicate Requirement Levels. https://www.ietf.org/rfc/rfc2119.txt

Educational material: zk-SNARKs
  1. Zcash. What are zk-SNARKs? https://z.cash/technology/zksnarks.html
  2. Vitalik Buterin. zk-SNARKs: Under the Hood. https://medium.com/@VitalikButerin/zk-snarks-under-the-hood-b33151a013f6
  3. Christian Reitweissner. zk-SNARKs in a Nutshell. https://blog.ethereum.org/2016/12/05/zksnarks-in-a-nutshell/
  4. Ben-Sasson, Chiesa, Tromer, et. al. Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture. https://eprint.iacr.org/2013/879.pdf
Notable applications of zk-SNARKs
  1. EY. Implementation of a business agreement through Token Commitment transactions on the Ethereum mainnet. https://github.com/EYBlockchain/ZKPChallenge
  2. Zcash. https://z.cash
  3. Zcash. How Transactions Between Shielded Addresses Work. https://blog.z.cash/zcash-private-transactions/
Notable projects relating to zk-SNARKs
  1. libsnark: A C++ Library for zk-SNARKs ("project README)". https://github.com/scipr-lab/libsnark
  2. ZoKrates: Scalable Privacy-Preserving Off-Chain Computations. https://www.ise.tu-berlin.de/fileadmin/fg308/publications/2018/2018_eberhardt_ZoKrates.pdf
  3. ZoKrates Project Repository. https://github.com/JacobEberhardt/ZoKrates
  4. Joseph Stockermans. zkSNARKs: Driver's Ed. https://github.com/jstoxrocky/zksnarks_example
  5. Christian Reitweissner - snarktest.solidity. https://gist.github.com/chriseth/f9be9d9391efc5beb9704255a8e2989d
Notable 'alternatives' to zk-SNARKs - areas of ongoing zero-knowledge proof research
  1. Vitalik Buterin. STARKs. https://vitalik.ca/general/2017/11/09/starks_part_1.html
  2. Bu ̈nz, Bootle, Boneh, et. al. Bulletproofs. https://eprint.iacr.org/2017/1066.pdf
  3. Range Proofs. https://www.cosic.esat.kuleuven.be/ecrypt/provpriv2012/abstracts/canard.pdf
  4. Apple. Secure Enclaves. https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/storing_keys_in_the_secure_enclave
  5. Intel Software Guard Extensions. https://software.intel.com/en-us/sgx

Copyright and related rights waived via CC0.

Further reading
Anyone may contribute to propose contents.
Go propose
Adopted by projects
Anyone may contribute to propose contents.
Go propose

Not miss a beat of EIPs' update?

Subscribe EIPs Fun to receive the latest updates of EIPs Good for Buidlers to follow up.

View all
Serve EIP builders, scale Ethereum.
Resources
GitHub
Supported by