Zero-Knowledge Proof of innocence on Cardano - Encoins + Módulo P + Eryx

[GENERAL] Name and surname of main applicant

Agustín Salinas

[GENERAL] Are you delivering this project as an individual or as an entity (whether formally incorporated or not)

Entity (Not Incorporated)

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

4

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language

No

[GENERAL] Summarize your solution to the problem (200-character limit including spaces)

Zero Knowledge Proof of Innocence is a solution that allows a user to anonymously demonstrate that they are not associated with or involved in a specific set of malicious transactions.

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

No

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.”

No dependencies

[GENERAL] Will your project’s output/s be fully open source?

Yes

[GENERAL] Please provide here more information on the open source status of your project outputs

Yes. Will be fully open source with a public Git Hub repository

[METADATA] Horizons

Privacy

[SOLUTION] Please describe your proposed solution

Introduction

Proof of Innocence allows users to demonstrate anonymously that their funds did not originate from a blacklisted set of transactions. By leveraging zero-knowledge cryptography, users can construct statements about private information that can be verified by third parties. In this case, we want to prove that users' funds are not part of a specified set of transactions, without revealing the specific transaction in which the user was involved. In an increasingly scrutinized and compliant financial landscape, such a mechanism will facilitate safer participation for users who wish to uphold their privacy rights.

How it works

Proof of Innocence is designed to be an extension that can be integrated into any protocol operating over a private pool of transactions. Examples of such protocols include Tornado Cash, Railgun, and Encoins. When users interact with these protocols, they typically make commitments with their deposits, allowing them to withdraw their funds later. In this context, malicious activity can be tracked at the moment of deposit, or, in other words, when there is a commitment to the private pool of transactions.

By using zero-knowledge proofs, we can create a proof that demonstrates a withdrawal is not linked to commitments identified as malicious, without specifying the exact transaction involved. This generated proof serves as a privacy-preserving resource to show that funds are not related to the set of transactions deemed malicious. As a result, projects can differentiate between licit and illicit transactions while maintaining privacy.

It is important to note that Proof of Innocence relies on oracles to provide information about the nature of transactions. Different actors can take the roles of oracles, allowing projects to choose trusted data sources according to their criteria.

The scope of the proposal

Our proposal aims to develop and adapt key parts of the protocol, focusing on the on-chain components and the circuits used to create zero-knowledge proofs. This will serve as the first iteration and a proof of concept for a future product.

As a first step, we will research how to adapt Proof of Innocence (PoI) for Cardano. This includes a thorough review of existing implementations of the protocol. Since these protocols originate from the Ethereum ecosystem, we will redesign them to function within a EUTxO context. We will also evaluate different zk-SNARK schemes and their technical trade-offs for Cardano, while adapting the circuits used to generate the ZKPs to ensure compatibility with the BLS12-381 curve supported by Cardano. Lastly, we will try to determine to what extent PoI can be used as a protocol-agnostic solution and strategies to easily integrate PoI to privacy protocols.

In the second and third steps, we will implement the smart contracts and circuits. Our goal is to complete the on-chain components and proof generation processes during this phase. The components developed in this phase will include:

• An arithmetic circuit for Proof of Innocence (PoI) used to generate the proof.
• A smart contract that validates the PoI.
• A smart contract that manages the logic of the oracles.

After that, we will test them and aim to develop a working prototype that meets the basic requirements of PoI and can be further enhanced later.

Conclusion

Proof of Innocence (PoI) not only facilitates compliance with regulatory standards but also promotes a more privacy-preserving ecosystem by enabling legitimate users to demonstrate the innocence of their funds. By providing a mechanism to verify the source of funds without exposing personal information, PoI offers a practical alternative to traditional KYC policies. This approach is an interesting balance between accountability and the protection of privacy of users.

[IMPACT] Please define the positive impact your project will have on the wider Cardano community

PoI will introduce a new level of privacy and security on Cardano by allowing users to prove their innocence in relation to malicious transactions without compromising their anonymity. PoI will enable privacy protocols like Encoins and other future solutions to gain wider trust and adoption, as users can now interact with these systems knowing they can demonstrate their non-involvement in malicious activities. By providing a means for users to anonymously prove that they are not involved in harmful or illegal activities, PoI strengthens the trustworthiness of the ecosystem, encouraging adoption from users and entities that require higher security and privacy standards. The protocol opens the door for more innovative privacy and compliance use cases, which can drive real-world utility in sectors like finance, healthcare, and supply chain, where privacy and trust are crucial.

Regarding the measurement of the proposal, we want to clarify that the scope of the proof of concept is limited to designing the architecture and the necessary Zero Knowledge testing. That is why, we will measure the impact by repository contributions to estimate the level of developer interest and engagement with the open-source project. All project outputs will be available via a public GitHub repository, ensuring transparency and the ability for developers across the ecosystem to contribute, adapt, and build upon the solution. We will create comprehensive technical documentation and tutorials, ensuring ease of use for developers and service providers who want to integrate PoI into their protocols.

By addressing the privacy concerns inherent in transparent blockchain systems, this project not only enhances the Cardano ecosystem but also positions Cardano in the forefront in balancing privacy with compliance. The proof of innocence proof of concept will promote greater user adoption and trust while laying the groundwork for a more flexible, privacy-enhancing infrastructure that other developers can leverage in their own solutions. This will ultimately contribute to a more secure, user-friendly, and innovative Cardano community.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Our team has extensive experience in blockchain development, cryptography, and privacy-focused protocols, which gives us the expertise required to successfully deliver the Proof of Innocence (PoI) project. We are uniquely positioned to execute this project due to the following reasons:

Technical Expertise:

Our team includes skilled developers with deep knowledge of zk-SNARKs and zero-knowledge proofs. We are also experienced in designing and developing zkDapps, which ensures the proper integration of Zero-Knowledge protocols with Cardano.

Eryx team experience

Eryx is a worker-owned labor cooperative with over 10 years of experience solving complex problems involving mathematics and software. We are a team of nerdy PhDs with a solid background in math and computer science, specialized in blockchain and zero-knowledge proof cryptography. We've been core contributors to the Lambdaworks library, implemented the CircleSTARKS protocol in GPU alongside with Nethermind and developed an ACIR backend for Aztec's Noir.

Modulo-p team experience

Modulo-p is a development team specializing in Cardano and a pioneer of the advancement of Zero-Knowledge (ZK) cryptography in our ecosystem. The team’s journey began when they secured second place in the 2023 Emurgo Hackathon’s ZK challenge. Since then, Modulo-p has been at the forefront of bringing Zero-Knowledge advancements to Cardano.

During 2024, they developed one of the first validators capable of verifying ZK-proofs directly on the Cardano network. This breakthrough led to the creation of the Hydra-ZK-Mastermind game, a demonstration of ZK cryptography within the Hydra ecosystem using only Plutus V2.

In addition to this, Modulo-p is currently working on porting the Semaphore protocol to Cardano, enabling private voting directly on Layer 1 through the use of Zero-Knowledge cryptography. Their experience in both ZK technologies and the Cardano blockchain makes Modulo-p a valuable support in delivering privacy-focused solutions.

Track Record:

Our previous experience with similar projects, such as building privacy layers for decentralized applications (dApps), provides strong validation of our capability to execute complex blockchain solutions.

Project Management Experience:

We have experience managing cross-functional teams in blockchain development, ensuring projects are delivered on time and within budget. We apply agile methodologies to keep the project on track and adaptable to changes in the development process.

[PROJECT MILESTONES] What are the key milestones you need to achieve in order to complete your project successfully?

Research 

As a first step, we’ll conduct a comprehensive research about the design, implementation and adaptation of the solution to Cardano. This study will cover some key challenges such as the design of the architecture, the implementation of the circuits needed to construct the zkProofs, and guidelines to make this solution suitable for the technical requirements of the network.

Milestone Outputs:

Specifically the research will:

• Explain how PoI works and review existing implementations of the protocol.
• Design the protocol in Cardano and create a technical specification.
• Determine which SNARK scheme we’ll be used to construct the Zero-Knowledge proofs.

Acceptance Criteria:

The research will have to clearly provide answers regarding:

• How PoI works in general and an explanation of existing implementations.
• Identifies the specific zk-SNARK scheme to be used considering the different technical trade-offs between existing alternatives.
• A clear specification about how Proof of Innocence will work in Cardano.

Evidence of Milestone Completion:

• The research will be published as a document on the project’s GitHub repository.

Smart contract and circuit development

In the second milestone we will implement a first iteration of the on-chain components and the circuits of the protocol.

Milestone Outputs:

• A smart contract that can validate a Proof of Innocence.
• A circuit compatible with the BL12-381 elliptic curve supported by Cardano (required to construct a PoI). 

Acceptance Criteria:

• The smart contract implements the specified features mentioned in the research document.
• A circuit that implements PoI. 

Evidence of Milestone Completion:

• The code will be provided in the github repository of the project.

Testing

In the third milestone we will test the implementation of the components made in the previous milestone. In this phase we will try to find errors and vulnerabilities in our design, once this is completed a revision of the protocol will be made. 

A. Milestone Outputs:

This milestone will include a test-suite that: 

• Perform unit tests in Aiken that demonstrate that the smart contract can verify the PoI. 
• Perform unit tests that validates the correct functioning of the circuit.

B. Acceptance Criteria:

• The code must pass all the tests provided. Corrections of the protocol must be addressed in an update of the main research document.

C. Evidence of Milestone Completion:

• The code and update report will be published in Github.

Project Close-out Report and Final Video

A. Milestone Outputs:

• Complete project report summarizing all activities, technical findings, and key learnings.
• Final video showcasing the Proof of Innocence architecture protocol 

B. Acceptance Criteria:

• Final video explaining the project’s objectives, outcomes, and future potential.

C. Evidence of Milestone Completion:

• Published close-out report on Github .
• Final project demo video shared on YouTube.

[RESOURCES] Who is in the project team and what are their roles?

[RESOURCES] Who is in the project team and what are their roles?

Agustín Salinas

• Role: Smart contract developer & technical writer
• Github: https://github.com/AgustinBadi
• Responsibilities: Agustín is a Cardano developer at Modulo-p. He has pioneered in the ecosystem by writing the smart contracts of early zkDapps in Cardano such as the zk-Mastermind and a port of the Semaphore protocol from Ethereum. He will design, implement and test the on-chain components of the protocol. 

Caro Lang

• Role: ZK Cryptographer
• Github: https://github.com/carolang
• Responsibilities: Caro is a computer scientist and ZK cryptographer at Eryx. He has many years of experience as a software developer and recently completed a Cardano course by IOHK. Caro will work along with Sergio in the research phase implementing prototypes and also in the final PoI protocol.

Sergio Chouhy

• Role: ZK Cryptographer
• Github: https://github.com/schouhy 
• Responsibilities: Sergio has a PhD in math and is a senior applied ZK cryptographer at Eryx. He’s got extensive experience implementing zero-knowledge protocols across different ecosystems. For this project, he’ll be leading the effort to find the best approach for implementing a PoI protocol on Cardano, while keeping the project’s constraints in mind.

Agustin Franchella

• Role: Project Manager 
• LinkedIn: https://www.linkedin.com/in/afranchella/
• Responsibilities: Agustin is a Cardano Ambassador and Encoins team member. He has also been a funded proposer in F12. Agustín will be a project manager, leading the development of the project’s documentation and educational resources, ensuring that the solution’s concept, architecture, and potential applications are communicated clearly and effectively. He will collaborate closely with the development team to ensure the accuracy and accessibility of the project's documentation and onboarding materials for users and developers.

The rest of the Eryx team will be available to contribute or advise on this proposal as needed.

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources

Budget Breakdown

FTE = Full-time equivalent

Development: ₳120,000 total

The activities of this item will consider: Smart Contract Development; Mathematical and cryptographical research; circuit design and integration.

Cardano developer: ½ FTE x 4 months = ₳40,000

Zero-Knowledge Cryptographer: ½ FTE x 4 months = ₳40,000

Zero-Knowledge Cryptographer: ½ FTE x 4 months = ₳40,000

Project Management: ₳25,000

The activities of this item will be: Organize the project execution, create reports and write the documentation, and maintain communication with the community and reviewers.

Project Management: ½ FTE x 4 months = ₳25,000

Documentation & Reporting: ₳5,000

The activities of this item will include:Preparing clear and comprehensive technical documentation, project updates, and ensuring ongoing reporting to the community.

Technical writer: 1/4 FTE x 4 months = ₳5,000

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

We decided to focus on spending the expenses of the project in the development hours. In that regard, it is important to note:

• The team consists of 3 developers that will work 60 hours per week approximately.
• The total development hours of the whole team will be approximately 960 hours. If we divide the development hours by the assigned budget (120000₳ / 960h = 125₳), it results in 125 Ada per hour which according with the current valuation it results 43,75 dollars per development hour. 

• The projected annual salary is $84,000 USD a year per developer. According to https://web3.career/web3-salaries/blockchain-develope is within the range of salaries of developers, these salaries vary from $50,000 to $250,000 with an average of 140,000 up to 200,000k for the web3 developer. This information demonstrates that the price of each developer is according to the normal range of salaries and below the average of the industry, which a reasonable price considering the skills and experience of the team.