Please describe your proposed solution.

We plan to enable a type of ZKPs known as ZK-SNARKs (“zero-knowlege succinct non-interactive argument of knowledge”) to Cardano users by leveraging existing open-source solutions, particularly CIRCOM and SNARKJS. We will develop off-chain tooling that will generate ZK-proofs whose verification will be executed on-chain by smart contracts running on a Hydra head. We will also develop said smart contracts, which will implement an "Optimal Ate" pairing adapted to the BN128 Elliptic Curve.

How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

Zero-Knowledge-Proofs enable verification of information without revealing the information itself. By creating tools that enable native ZKPs on Cardano, we open the door for developers to create solutions where privacy is an important component. Furthermore, it is worth mentioning that ZKPs also have applications in scalability solutions and cross-chain protocols. Making sure that these tools exist in Cardano is of paramount importance given that ZKPs utilization in the Web3 space will increase significantly. This will allow novel applications, where a combination of transparency and privacy is required, to be brought to the Cardano ecosystem.

How do you intend to measure the success of your project?

A successful completion of the project will mean having a Github repo offering:

• Off-chain tooling that facilitates the deployment of ZK-SNARKs on a Hydra head, leveraging open source projects like CIRCOM and SNARKJS.
• On-chain tooling written in Plutus/Plutarch that implements the BN128 Elliptic Curve pairing in order to execute the verification of ZK-proofs produced by the off-chain code.
• Roll-up code to integrate the result of verification in the Cardano mainnet.
• Documentation and application examples to guide the Cardano community in the incorporation of Zero Knowledge Proofs in their projects.
• If the need is found justified, we will have written a CIP to improve the adaptability of low-level UPLC to the computation of the SNARK algorithms involved in ZK-proof verification.

Beyond the Github repo itself, an important measure of success is utilization of our tooling by the Cardano developers community.

Please describe your plans to share the outputs and results of your project?

We plan to make all the code fully open. This is just fair since we are leveraging existing open-source resources.

A very important “open” aspect of our project is the technical documentation that will be generated. ZKPs are very heavy on Mathematical sophistication, and having a clear documentation of how the Elliptic Curve implementation is executed will be very valuable to the community.

What is your capability to deliver your project with high levels of trust and accountability?

Our team was formed as a result of our participation in the Zero-Knowledge track of the Cardano Emurgo Build 2023 Hackaton. As a result of very intensive work we were able to:

• Deliver a working DApp showcasing the use of Hydra to implement ZKPs in the context of the game “Mastermind” as a proof of concept.
• Write a Plutus implementation of a Weil’s pairing for a generic Elliptic Curve and initiate testing on the BN128 Elliptic Curve (which is extensively used in ZKPs deployed in Ethereum).
• Did extensive testing on various components of Miller’s algorithm (which is required by the Elliptic Curve pairing) which has allowed us to identify the “bottlenecks” that need to be optimized in order to be run by Hydra heads as smart contracts.
• Gained experience that gives us confidence that we will be able to successfully integrate the off-chain and on-chain code to arrive at a consolidated solution.

Our team has a strong background in software development for the Cardano ecosystem and Mathematics research. (See section on ‘Project Team’ below.)

What are the main goals for the project and how will you validate if your approach is feasible?

Our main goal is to develop the necessary tooling so that projects in the Cardano ecosystem can perform ZK-proof verification via smart contracts on Cardano, at the security and versatility level of the Groth16 protocol of ZK-SNARKS. Since this is currently not possible to do directly on the Cardano mainnet, our solution will use the Hydra protocol.

Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

1. Starting from the generic “Weil’s pairing” that we already have developed as part of our solution submitted to the Emurgo Hackathon, we will construct the necessary algorithms, essentially a “tower of field extensions”, to implement in Plutus the “Optimal Ate” pairing for the BN128 Elliptic Curve. (We chose BN128 because it works well with existing open-source tooling that we plan to bring to Cardano.) [Six weeks]
2. Perform optimization analysis on the algorithm written in Plutus and implement the necessary optimizations, porting (parts of) the code to Plutarch if necessary. (We indeed anticipate the necessity of using Plutarch due to PlutusTx’s added overhead due to “strictness enforcement” in Haskell code.) Hydra nodes should be able to run UPLC code generated from the aforementioned optimized code. [Six weeks]
3. Integration of off-chain and on-chain tooling. ZK-proofs generated off-chain (leveraging existing open-source tooling) will be capable of being verified by the smart contracts running on Hydra. Roll-up to the Cardano mainnet will transfer the result of ZK-proof verification. [Eight weeks]
4. Documentation and sample use-cases. [Four weeks]

Please describe the deliverables, outputs and intended outcomes of each milestone.

Deliverable of milestone 1. - The code for elliptic code pairing must pass property based testing corresponding to its well known expected mathematical properties (e.g. “bilinearity”). The resulting validator (before compilation to UPLC) should “ACCEPT” valid proofs generated in the context of the BN128 elliptic curve.

Deliverable of milestone 2. - Should have generated experimental tables of code performance for various components of the “pairing” algorithm. UPLC code generated from optimized validator should be amenable to be run by Hydra nodes.

Deliverable of milestone 3. - Tooling must have been written allowing users to deploy an integrated solution where ZK-proofs generated off-chain are then verified on-chain by a smart contract deployed using the Hydra protocol.

Deliverable of milestone 4 . - Well written documentation and sample applications should have been incorporated into the project’s repository.

Please provide a detailed budget breakdown of the proposed work and resources.

Who is in the project team and what are their roles?

• Antonio Hernandez-Garduño (<https://www.linkedin.com/in/antoniohg/>). Haskell developer and mathematician, with 20+ years of experience in Mathematics research and 2+ years of involvement in Cardano development. Certified Cardano Developer Professional by Emurgo Academy. Will be in charge of algorithm development based on Elliptic Curve theory as well as Plutus/Plutarch optimization.
• Juan Salvador Magán Valero. Full stack Web 3 developer and CIP-0093 creator, focused on bringing adoption to Cardano. Will be in charge of Off-chain tooling, front-end development for proof-of-concept DApps, Hydra deployment, and integration testing.
• Agustín Salinas Hernandez. Plutus smart contract developer and technical writer. Will be in charge of onchain code benchmarking, code optimization and documentation.

How does the cost of the project represent value for money for the Cardano ecosystem?

Hourly rates are at or below typical software development standards. Development time based on our past experience as a team working on a ZKP related project.