Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Looking back at EDCON 2019 - blockchain.tokyo#19

Looking back at EDCON 2019 - blockchain.tokyo#19

Shun Takagiwa

May 24, 2019

More Decks by Shun Takagiwa

Other Decks in Technology


  1. about me Shun Takagiwa / 高際 隼 Senior Software Architect

    at LayerX Inc. • Software developer using blockchain (2018-) • former smartphone games developer (2013-2018) • studied mathematics & computer science at Tokyo Tech (2007-2013) currently responsible for a product development to securitize real estate using blockchain technology @shun_tak
  2. Table of contents 1. Participated in EDCON!!!! a. What is

    EDCON? b. at the hackathon (April 8-10) c. in the main hall (April 11-13) 2. ZEXE on Plasma (my team’s product at the hackathon)
  3. What is EDCON? Community Ethereum Development Conference • annual global

    Ethereum conference ◦ aiming to boost the communication and interaction of Ethereum communities worldwide and to accelerate the sound development of Ethereum ecosystem • EDCON2019 in 8-13 April in Sydney (6 days) ◦ 3-day hackathon ◦ 3-day conference • EDCON2018 in Toronto (3 days) • EDCON2017 in Paris (2 days)
  4. at the hackathon 2 teams participated from LayerX you can

    see all 18 teams here: https://edcon-hack.devpost.com/submissions • ZEXE on Plasma (my team) ◦ Scaling decentralized arbitrary computation with zk-SNARKs • CBC Casper Validator Rotation (colleagues’s team) ◦ A proposal of the protocol of validator rotation in CBC Casper and the implementation of a simulator & visualizer to do experiments Hachathon topics • Layer 1: Sharding/PoS/Clients • Layer 2: Plasma/Channel/Snark
  5. in the main hall 2 speakers participated from LayerX Ryuya

    Nakamura Formal Verification and CBC Casper https://www.youtube.com/watch?v=XUguMReOXek Dominik Harz XCLAIM: Trustless, Interoperable, Cryptocurrency-Backed Assets The video hasn’t been uploaded on YouTube yet
  6. Background Scalability with Plasma e.g. MVP, Generalized Plasma Privacy with

    zk-SNARKS e.g. ZoKrates, Zcash, ZEXE Why not both? Let’s build ZEXE on Plasma!
  7. ZEXE is generalized - UTXO model (original paper) - Privacy-preserving

    smart contracts - Arbitrary contract functions - Arbitrary data in contracts - Succinct proofs with zk-SNARKS Our use case: ERC20 contracts in zero knowledge
  8. ZEXE Overview https://eprint.iacr.org/2018/962.pdf Public: Serial numbers, commitments, memo, ledger digest,

    zk proof, predicates Private: address public key, address secret key, data payload
  9. ZEXE on Plasma https://eprint.iacr.org/2018/962.pdf Plasma Smart contract on Ethereum Public:

    Serial numbers, commitments, memo, ledger digest, zk proof, predicates Private: address public key, address secret key, data payload IPFS
  10. System components of ZEXE on Plasma Merkle root 1 Merkle

    root 2 Merkle root 3 Merkle root 1 tx1 Merkle root 2 tx2 Merkle root 3 tx3 Private inputs 1 Private inputs 2 Private inputs 3 Front-end Secret sharing zk-Plasma Root chain Generate transaction Execute zk-proving Mint coin Transfer coin
  11. Workflow 1. Generate a transaction and a zk-proof on local

    2. Store secret data on IPFS to share with a counterparty 3. Send the transaction on Plasma 4. Execute a smart contract to update merkle root Team Yohei Oka, Quantstamp Web3, Smart contract, ENS Shun Takagiwa, LayerX IPFS, Data sharing Dominik Harz, LayerX Plasma, Smart contract Osuke Sudo, LayerX zk-SNARKs, Transaction
  12. What we built • Privacy-preserving transaction to mint tokens •

    Private data sharing using IPFS • Plasma smart contract and off-chain contract ◦ to prevent double spending ◦ to maintain merkle tree of commitment records • Transaction execution on plasma • Web UI • ENS
  13. What works • Minting transactions • Sending transactions • Sharing

    a secret on IPFS • Storing Merkle headers to Ethereum • Storing Merkle tree and transaction verification on the Plasma child chain
  14. Things that were challenging • ZEXE uses a different curve

    than Ethereum supports • ZEXE has no concept of blocks • Transaction model of ZEXE is different to Plasma MVP UTXO
  15. Next steps • Make elliptic curve be compatible with Ethereum

    ◦ From BLS12-381 to BN256 • Verify zk-SNARKS • Encrypt data on IPFS with a recipient’s public key • Make it optional to use IPFS for data exchange (enable to use e-mail, temporary shared storage, etc) • Add more functionalities ◦ e.g. ERC20, DEX, stable coin • Allow exit in Plasma contract
  16. Background - Private computation • ZEXE’s Goal: A ledger-based system

    in which transactions attest to offline computations while simultaneously providing privacy and succinctness • Zerocash ◦ Money is represented via coins ◦ Commitment of a coin is published on the ledger when the coin is created ◦ Serial number of the coin is published when the coin is consumed ◦ A zero knowledge proof attesting that the serial numbers belong to coins created in the past without identifying which ones ◦ Commitments contain new coins of the same total value ◦ A transaction is private which contains how many coins were consumed and created (each coin’s value and owner address remain hidden) • ZEXE: Extending to an arbitrary function ◦ The function is known in advance to everyone ◦ Think of a coin as a record that stores some arbitrary data (payload) rather than integer