Cardano Privacy Layer: Zero-Knowledge Proof-Based Membership Verification and Anonymous Voting & Signaling (Phase 2)

[GENERAL] Name and surname of main applicant

Agustín Salinas

[GENERAL] Are you delivering this project as an individual or as an entity (whether formally incorporated or not)

Entity (Not Incorporated)

[GENERAL] Requested funds in ada

300000

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

12

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language

No

[GENERAL] Summarize your solution to the problem (200-character limit including spaces)

Port the Semaphore Protocol from the Ethereum ecosystem to bring a privacy layer to Cardano that empowers communities with secure, verifiable anonymous signaling, encompassing votes and endorsements.

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

No

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.”

No dependencies

[GENERAL] Will your project’s output/s be fully open source?

Yes

[GENERAL] Please provide here more information on the open source status of your project outputs

The project will be fully open source.

[SOLUTION] Please describe your proposed solution

¿Why this proposal matters?

Privacy is a key element of every network that pursues to be safe, power balanced and censorship-resistant. These matters are even more important today with the emergence of hypervigilance and Artificial Intelligence technologies. At the moment, Cardano is by default a transparent network that lacks built-in privacy capabilities; however, the adoption of Zero-Knowledge cryptography is enhancing key aspects of the blockchain industry that were neglected in the past such as Privacy. Our proposal aims to develop an application layer that could be used directly in layer 1 and in other contexts as well. The usage of this technology will catalyze the development of new privacy-focused applications in Cardano with a broad use-cases.

¿What is the Semaphore protocol?

The Semaphore Protocol is a privacy focused layer that was born in the Ethereum ecosystem. It allows users to demonstrate their membership in a group and send arbitrary information without revealing their identity. It uses Zero-Knowledge cryptography to achieve anonymous proof of membership and overcome the double-signaling problem. As we point out later, the protocol has proven to have a wide range of use cases, and it serves as a base layer where other types of applications can be built on top of it. Since the verification of Zero-Knowledge proofs will be possible soon with the next Plutus hard fork, the objective of this proposal is to adapt this protocol to the Cardano network.

The proposal

Thus, in general, this proposal intends to port the Semaphore protocol to Cardano, a project consisting of a two-phased process.

The first phase, funded in Catalyst F11 and presently under development. On one hand, it mainly involves conducting research and laying the groundwork for integrating the protocol into the Cardano ecosystem. On the other hand, the base smart contracts of the protocol are currently being prototyped and developed.

• https://cardano.ideascale.com/c/idea/113249

As a second phase, the current proposal will intend to improve the on-chain components and develop the off-chain components of the protocol. This will imply the following:

• Test the smart contracts of the protocol that have been prototyped and develop them into their final form.
• Develop a library that interfaces and constructs the transactions needed to interact with the protocol. This library will be in TypeScript or JavaScript, featuring an API for constructing such transactions.
• Create and develop the protocol relayer. To interact with the protocol, an intermediary called the relayer is required. Relayers act as channels for sending messages and proofs to the blockchain while preserving the anonymity of the user. The application API mentioned above will be utilized to create this relayer.

The completion of this proposal will result in an MVP of the protocol. This adaptation of the Semaphore protocol will catalyze the development of new privacy-focused applications in Cardano that were previously unattainable. Projects could benefit from this proposal according to their needs and utilize it in various contexts:

1. Layer 1: Projects that need high security standards could run this protocol directly in layer 1 of the blockchain.
2. Hydra protocol: Projects that require a high transaction throughput with multi-party security assumptions could use this layer on top of the Hydra protocol. At the moment our team is already developing a Hydra environment focused on Zero-Knowledge applications, and in this context developers will be able to use the Semaphore solution in Hydra.
3. Off-chain: Projects that need less security assumptions could use this protocol off-chain for certain processes of their applications.

Status of the project

As the challenge requires, prototypes of the solution are necessary. Our team has already developed some important pieces of the protocol:

(1) Zero-Knowledge Validator

The protocol in order to work and function, it requires to verify Zero-Knowledge proofs. This verification is an indispensable component of the protocol operation, concretely, the validator (smart contract) which checks the Zero-Knowledge proofs. We already developed this validator along with some front-end utilities to make proof construction a straight forward process. This component can be found in the ak-381 library.

• https://github.com/Modulo-P/ak-381

To showcase and demonstrate the possible applications of this validators a dapp has been made. It is important to note that these demo is one of the first fully functional Zero-Knowledge application of the Cardano ecosystem.

• https://zkmastermind.modulo-p.io/

(2) The Incremental Merkle Tree

A key feature of the protocol is managing users and memberships within a group. To represent this set of members, we needed to develop a data structure that is efficient for on-chain use. This data structure is the Incremental Merkle Tree, which we developed in Aiken. It enables users to register and provide proof of their membership in the group:

• https://github.com/Modulo-P/settled-pimt

[IMPACT] Please define the positive impact your project will have on the wider Cardano community

With the integration of the Semaphore protocol into the Cardano network, numerous privacy-centric signaling applications can be envisioned and developed. The Semaphore protocol has diverse use cases, including: 

• Mixers
• Voting systems
• Reputation dApps
• Login functionalities
• Anonymous Identity dapps.

Bringing the Semaphore will significantly expand the privacy capabilities of the Cardano ecosystem.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Our team was formed as a result of our participation in the Zero-Knowledge track of the Cardano Emurgo Build 2023 Hackaton. As a result of very intensive work we were able to:

•  Deliver a working DApp showcasing the use of Hydra to implement ZKPs in the context of the game “Mastermind” as a proof of concept. This was one of this first zk-dapps of the ecosystem.
• Write a Plutus and Aiken implementation of a Weil’s pairing for a generic Elliptic Curve and initiate testing on the BN128 and BLS12-381 Elliptic Curve (which is extensively used in ZKPs deployed in Ethereum).  
• Gained experience that gives us confidence that we will be able to successfully integrate the off-chain and on-chain code to arrive at a consolidated solution. 

Our team has a strong background in software development for the Cardano ecosystem and Mathematics research. (See section on ‘Project Team’ below.)

[PROJECT MILESTONES] What are the key milestones you need to achieve in order to complete your project successfully?

The first step of the protocol will be to review the base smart contract prototypes and complete any missing features.

Acceptance Criteria

Develop Cardano validators capable of:

• Registering and managing users within the protocol.
• Sending and recording signals on-chain.
• Verifying the Semaphore's Zero-Knowledge proofs.

The second milestone will involve conducting unit tests and possibly property tests on the base smart contracts.

Acceptance Criteria

Ensure that the smart contracts pass the following tests:

• Each validator passes a set of sample tests.
• The transaction flow of the protocol functions as expected.
• The protocol is not vulnerable to certain types of attacks, such as impersonation and signal tampering.

Develop a library for constructing transactions that can interact with the protocol.

Acceptance Criteria

The library should have an API that includes the following features:

• Creation of an identity
• Creation of groups and management of users
• Construction of Zero-Knowledge proofs
• Sending signals or messages to the blockchain

With the use of a front-end library, a relayer prototype will be developed. This involves creating a REST API that users can use to send signals anonymously.

Acceptance Criteria

Create a REST API that can succesfully:

• Receive and broadcast signals.
• Mantain some basic measures of user anonymity.

In this step, all previous developments will be integrated into a decentralized application (dApp) that demonstrates the usage of the protocol.

This dapp will include:

• Basic UI where the basic transactions of the protocol can be made.

In this final milestone, a promotional blog articles will be created to highlight the product, alongside the completion of a comprehensive close-out report.

This milestone will involve:

• Crafting a blog article to introduce the product.
• Creating a video to showcase the product's features.
• Preparing the final or close-out report.
• Producing a video to conclude the project.

[RESOURCES] Who is in the project team and what are their roles?

• Antonio Hernandez-Garduño (https://www.linkedin.com/in/antoniohg/). Haskell developer and mathematician, with 20+ years of experience in Mathematics research and 2+ years of involvement in Cardano development. Certified Cardano Developer Professional by Emurgo Academy. Will head the cryptography analysis tasks and protocol research.
• Juan Salvador Magán Valero. Full stack Web 3 developer and CIP-0093 creator, focused on bringing adoption to Cardano. Will be in charge of Off-chain tooling, front-end development for proof-of-concept DApps, Hydra deployment, and integration testing. 
• Agustín Salinas Hernandez. PlutusTx & Aiken smart contract developer and technical writer. Will be in charge of on-chain code benchmarking, code optimization and documentation.

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

The main expense of the project is the development hours. In that sense is important to note:

• The team consist of three developers that will work 75 hours per week in the project a full year.
• The hourly wage is $50 USD which will represent $96,000 USD a year. Which according to https://web3.career/web3-salaries/blockchain-develope is within the range of salaries of blockchains developers (starts from $50,000 up to $250,000).