Please describe your proposed solution

¿Why this proposal matters?

Privacy is a key element of every network that pursues to be safe, power balanced and censorship-resistant. These matters are even more important today with the emergence of hypervigilance and Artificial Intelligence technologies. At the moment, Cardano is by default a transparent network that lacks built-in privacy capabilities; however, the adoption of Zero-Knowledge cryptography is enhancing key aspects of the blockchain industry that were neglected in the past such as Privacy. Our proposal aims to add private capabilities directly in layer 1 and in other contexts as well such as in the Hydra protocol. The usage of this technology will catalyze the development of new privacy-focused applications in Cardano with a broad use-cases.

¿What is the Semaphore protocol?

The Semaphore Protocol is a privacy focused layer that was born in the Ethereum ecosystem. It allows users to demonstrate their membership in a group and send arbitrary information without revealing their identity. It uses Zero-Knowledge cryptography to achieve anonymous proof of membership and overcome the double-signaling problem. As we point out later, the protocol has proven to have a wide range of use cases, and it serves as a base layer where other types of applications can be built on top of it. Since the verification of Zero-Knowledge proofs will be possible soon with the next Plutus hard fork, the objective of this proposal is to adapt this protocol to the Cardano network.

The proposal

Thus, in general, this proposal intends to port the Semaphore protocol to Cardano, a project consisting of a two-phased process.

The first phase, funded in Catalyst F11 and presently under development, consist in: On one hand, it mainly involved conducting research and laying the groundwork for integrating the cryptographic components into the Cardano ecosystem. On the other hand, the base smart contracts of the protocol are currently

• <https://cardano.ideascale.com/c/idea/113249>

As a second phase, the current proposal will intend to improve the on-chain components and develop the off-chain components of the protocol. This will imply the following:

• Test the smart contracts of the protocol that have been prototyped and develop them into their final form.
• Develop a library that interfaces and constructs the transactions needed to interact with the protocol. This library will be in TypeScript or JavaScript, featuring an API for constructing such transactions.
• Create and develop the protocol relayer. To interact with the protocol, an intermediary called the relayer is required. Relayers act as channels for sending messages and proofs to the blockchain while preserving the anonymity of the user. The application API mentioned above will be utilized to create this relayer.

Although our project will do a demo of the protocol by implementing a voting solution, the completion of this proposal will mainly result in an open-source tool that can be reused for various purposes. In this sense, the Semaphore protocol serves as a base protocol that can be extended by developers to address different privacy solutions (we will list many of the use cases below). Any project needing to privately verify its members and send anonymous messages to the blockchain will benefit from this solution. This adaptation of the Semaphore protocol will help develop new privacy-focused applications on Cardano that weren't possible before. Projects can use this proposal according to their needs and apply it in various contexts

1. Layer 1: Projects that need high security standards could run this protocol directly in layer 1 of the blockchain.
2. Hydra protocol: Projects that require a high transaction throughput with multi-party security assumptions could use this layer on top of the Hydra protocol. At the moment our team is already developing a Hydra environment focused on Zero-Knowledge applications, and in this context developers will be able to use the Semaphore solution in Hydra.
3. Off-chain: Projects that need less security assumptions could use this protocol off-chain for certain processes of their applications.

In summary, this project aims to adapt the Semaphore protocol and create an open-source tool that satisfy a wide range of privacy use-cases. As mentioned, the first phase is nearing completion, and in this round, we seek funding to refine our current progress and develop the off-chain components of the project.

Annex: Status of the project

Additionally, it could be useful to mention the state of the project and highlight some key pieces of the protocol that already has been developed:

(1) Zero-Knowledge Validator

The protocol in order to work and function, it requires to verify Zero-Knowledge proofs. This verification is an indispensable component of the protocol operation, concretely, the validator (smart contract) which checks the Zero-Knowledge proofs. We already developed this validator along with some front-end utilities to make proof construction a straight forward process. This component can be found in the ak-381 library:

• <https://github.com/Modulo-P/ak-381>

To showcase and demonstrate the possible applications of this validators a dapp has been made. It is important to note that these demo is one of the first fully functional Zero-Knowledge application of the Cardano ecosystem.

• <https://zkmastermind.modulo-p.io/>

(2) Semaphore circuit adaptation

Originally, the circuit of the protocol was implemented to work on the BN254 elliptic curve, we already concluded the adaptation of the circuit to the BLS12-381 supported by Cardano:

• <https://github.com/Modulo-P/modp-semaphore-bls12381>

(3) Base smart contracts of the protocol.

A first prototype of the protocol's smart contracts has already been developed. Also, the repository contains a document with the research findings that summarize the conclusions from the first phase:

• <https://github.com/Modulo-P/Cardano-Semaphore>

Please define the positive impact your project will have on the wider Cardano community

With the integration of the Semaphore protocol into the Cardano network, numerous privacy-centric signaling applications can be envisioned and developed. The Semaphore protocol has diverse use cases, including:

• Mixers
• Voting systems
• Reputation dApps
• Login functionalities
• Anonymous Identity dapps.

Bringing the Semaphore will significantly expand the privacy capabilities of the Cardano ecosystem.

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Our team was formed last year as a result of winning in the Zero-Knowledge track of the Cardano Emurgo Build 2023 Hackaton. As a result of very intensive work we were able to:

• Deliver a working DApp showcasing the use of Hydra to implement ZKPs in the context of the game “Mastermind” as a proof of concept. This was one of this first zk-dapps of the ecosystem.
• Write a Plutus and Aiken implementation of a Weil’s pairing for a generic Elliptic Curve and initiate testing on the BN128 and BLS12-381 Elliptic Curve (which is extensively used in ZKPs deployed in Ethereum).
• Gained experience that gives us confidence that we will be able to successfully integrate the off-chain and on-chain code to arrive at a consolidated solution.

Then, during 2024 we achieve some important progress in the field of Zero-Knowledge proofs in the Cardano ecosystem:

• We implemented one of the first Zero-Knowledge validators using both Plutus V2 and Plutus V3 (see ak-381 library).
• Successfully created one of the first zkDapps in the Cardano ecosystem, as describe above we created a demo in Hydra that showcases the use of Zero-Knowledge proof (see mastermind demo).

What are the key milestones you need to achieve in order to complete your project successfully?

Milestone 1: Second iteration of the smart contracts

The first step of the protocol will be to review the base smart contract prototypes and improve them by adding new features.

Acceptance Criteria

Develop Cardano validators capable of:

• Registering and managing users within the protocol.
• Sending and recording signals on-chain.
• Verifying the Semaphore's Zero-Knowledge proofs.

Evidence

The code found in the github repository.

Milestone 2: Review and testing of the smart contracts

The second milestone will involve conducting unit tests and possibly property tests on the base smart contracts.

Acceptance Criteria

Ensure that the smart contracts pass the following tests:

• Each validator passes a set of sample tests.
• The transaction flow of the protocol functions as expected.
• The protocol is not vulnerable to certain types of attacks, such as impersonation and signal tampering.

Evidence

The tests present in the github repository.

Milestone 3: Protocol off-chain library

Develop a library for constructing transactions that can interact with the protocol.

Acceptance Criteria

The library should have an API that includes the following features:

• Creation of an identity
• Creation of groups and management of users
• Construction of Zero-Knowledge proofs
• Sending signals or messages to the blockchain

Evidence

A github repository the code of the library.

Milestone 4: Relayer development

With the use of a front-end library, a relayer will be developed. This involves creating a REST API that users can use to send signals anonymously.

Acceptance Criteria

Create a REST API that can succesfully:

• Receive and broadcast signals.
• Mantain some basic measures of user anonymity.

In this step, all previous developments will be integrated into a decentralized application (dApp) that demonstrates the usage of the protocol.This dapp will include:

• Basic UI where the basic transactions of the protocol can be made.

Evidence

A website with the demonstration of the Dapp.

Final Milestone: Clouse-out &amp; documentation.

In this final milestone, a promotional blog articles will be created to highlight the product, alongside the completion of a comprehensive close-out report.

This milestone will involve:

• Crafting a blog article to introduce the product.
• Creating a video to showcase the product's features.
• Preparing the final or close-out report.
• Producing a video to conclude the project.

Who is in the project team and what are their roles?

• Juan Salvador Magán Valero. Full stack Web 3 developer and CIP-0093 creator, focused on bringing adoption to Cardano. Will be in charge of Off-chain tooling, front-end development for proof-of-concept DApps, Hydra deployment, and integration testing.
• Agustín Salinas Hernandez. PlutusTx &amp; Aiken smart contract developer and technical writer. Will be in charge of the on-chain development, code optimization and documentation.

Please provide a cost breakdown of the proposed work and resources

No dependencies

How does the cost of the project represent value for money for the Cardano ecosystem?

The main expense of the project is the development hours. In that sense is important to note:

• The team consist of two developers that will work from 40 to 50 hours per week in the project for at least 9 months.
• The hourly wage is $50 USD which will represent $96,000 USD a year. Which according to <https://web3.career/web3-salaries/blockchain-develope> is within the range of salaries of blockchains developers (starts from $50,000 up to $250,000) and below the average hourly rate of Blockchain Developer which is $77 per hour. This data shows that the criteria to construct the budget it is according to a reasonable price.