Please describe your proposed solution.

Privacy is a key element of every network that pursues to be safe, power balanced and censorship-resistant. These matters are even more important today with the emergence of hypervigilance and Artificial Intelligence technologies. At the moment, Cardano is by default a transparent network that lacks built-in privacy capabilities; however, the adoption of Zero-Knowledge cryptography is enhancing key aspects of the blockchain industry that were neglected in the past such as Privacy. Our proposal aims to develop an application layer that could be used directly in layer 1 and in other contexts as well. The usage of this technology will catalyze the development of new privacy-focused applications in Cardano with a broad use-cases.

The Semaphore Protocol is a privacy focused layer that was born in the Ethereum ecosystem. It allows users to demonstrate their membership in a group and send arbitrary information without revealing their identity. It uses Zero-Knowledge cryptography to achieve anonymous proof of membership and overcome the double-signaling problem. As we point out later, the protocol has proven to have a wide range of use cases, and it serves as a base layer where other types of applications can be built on top of it. Since the verification of Zero-Knowledge proofs will be possible soon with the next Plutus hard fork, the objective of this proposal is to adapt this protocol to the Cardano network.

In general, this project involves conducting research and laying the groundwork for integrating the protocol into the Cardano ecosystem. As a summary, this proposal will require first conducting preliminary technical and cryptographical research, during which we will redesign certain aspects of the protocol from Ethereum to suit the Cardano blockchain. Second, in order to bring the protocol to Cardano, the circuits of the protocol have to be precomputed in a setup process. From such a process, a proof and verification key will be derived and later used to generate the Zero-Knowedlge proofs that the protocol uses. This step involves conducting a public multi party ceremony where a multitude of participants contribute with secret values that finally compute the expected keys. We expect to arrange the first massive ZK setup ceremony in Cardano, and part of the funding of this proposal includes the task of preparing the software needed and arranging the different parties that will be contributing to this process. Once both the research and ceremony are achieved, the protocol will be able to be adapted to the Cardano blockchain.

The adaptation of the Semaphore protocol will catalyze the development of new privacy-focused applications in Cardano that were not possible before. Projects could benefit from this proposal according to their needs and use it in different contexts:

1. Layer 1: Projects that need high security standards could run this protocol directly in layer 1 of the blockchain.
2. Hydra protocol: Projects that require a high transaction throughput with multi-party security assumptions could use this layer on top of the Hydra protocol. At the moment our team is already developing a Hydra environment focused on Zero-Knowledge applications, and in this context developers will be able to use the Semaphore solution in Hydra.
3. Off-chain: Projects that need less security assumptions could use this protocol off-chain for certain processes of their applications.

Note that this project aims to create a new product that currently does not exist on Cardano.

Please define the positive impact your project will have on the wider Cardano community.

With the integration of the Semaphore protocol into the Cardano network, numerous privacy-centric signaling applications can be envisioned and developed. The Semaphore protocol has diverse use cases, including:

• Mixers
• Voting systems
• Reputation dApps
• Login functionalities
• Anonymous Identity dapps.

Bringing the Semaphore will significantly expand the privacy capabilities of the Cardano ecosystem.

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Our team was formed as a result of our participation in the Zero-Knowledge track of the Cardano Emurgo Build 2023 Hackaton. As a result of very intensive work we were able to:

• Deliver a working DApp showcasing the use of Hydra to implement ZKPs in the context of the game “Mastermind” as a proof of concept.
• Write a Plutus and Aiken implementation of a Weil’s pairing for a generic Elliptic Curve and initiate testing on the BN128 and BLS12-381 Elliptic Curve (which is extensively used in ZKPs deployed in Ethereum).
• Did extensive testing on various components of Miller’s algorithm (which is required by the Elliptic Curve pairing) which has allowed us to identify the “bottlenecks” that need to be optimized in order to be run by Hydra heads as smart contracts.
• Gained experience that gives us confidence that we will be able to successfully integrate the off-chain and on-chain code to arrive at a consolidated solution.

Our team has a strong background in software development for the Cardano ecosystem and Mathematics research. (See section on ‘Project Team’ below.)

What are the key milestones you need to achieve in order to complete your project successfully?

Technical study - phase 1 (2 months)

Originally, this protocol is being developed on the Ethereum Blockchain; therefore the first step is to do a technical study of the revamping of the protocol to Cardano. This consist in:

• Workflow design. Design the workflow of the protocol to be used in the context of the EUTxO model in contrast to the Account model that Semaphore originally uses.
• Elliptic curve adaptation. The Zero-Knowledge proof technology that the Semaphore uses is based on elliptic curve cryptography. Therefore, it is necessary to study the adaptation of the circuits from the BN254 curve used in Ethereum to the BLS12-381 that will be used in Cardano in the next Plutus V3.

Output: The first part of the report summarizing the findings and conclusions derived from our research.

>Technical study - phase 2 (2 months)

In a second milestone we will research about the rest of the points needed for the document:

• Network and resource analysis. Analyze the network and resource considerations relative to Cardano that will condition and affect the function of the protocol.
• Setup ceremony security plan and considerations. The Semaphore protocol uses the Groth16 SNARK variant which requires a trusted setup in order to generate valid proofs. To generate the setup values, a multi-party ceremony has to be made, so we have to organize this setup in such a way that no security is compromised.

Output: The second part of the report summarizing the findings and conclusions derived from our research.

>Setup ceremony: Software wrap-up (1 month)

We will need to do a trusted setup ceremony of the Semaphore circuits for the BLS12-381 curve, which is a multi-party process where different participants contribute with secret values to the Setup phase of the SNARK scheme. This will require a preparation: Wrap-up the needed software to generate the secret values for each party.

Output: A GitHub repository containing the software and resources required for the setup ceremony.

>Setup Ceremony: Organize the event (2 months)

Educate about the process and coordinate the parties to contribute to the ceremony.

Output: After the completion of the setup ceremony, a pair of proof and verification keys will be generated; these are essential for constructing proofs related to the circuits of the Semaphore protocol.

Who is in the project team and what are their roles?

• Antonio Hernandez-Garduño (https://www.linkedin.com/in/antoniohg/). Haskell developer and mathematician, with 20+ years of experience in Mathematics research and 2+ years of involvement in Cardano development. Certified Cardano Developer Professional by Emurgo Academy. Will head the cryptography analysis tasks and protocol research.
• Juan Salvador Magán Valero. Full stack Web 3 developer and CIP-0093 creator, focused on bringing adoption to Cardano. Will be in charge of Off-chain tooling, front-end development for proof-of-concept DApps, Hydra deployment, and integration testing.
• Agustín Salinas Hernandez. PlutusTx & Aiken smart contract developer and technical writer. Will be in charge of on-chain code benchmarking, code optimization and documentation.

Please provide a cost breakdown of the proposed work and resources.

How does the cost of the project represent value for money for the Cardano ecosystem?

1. Research: each team member will work at least 15 hours per week with an hourly rate of $30 USD.
2. Wrap-up software development: each team member will work at least 15 hours per week for an hourly rate of $35 USD.
3. Promotion and organization of Setup Ceremony: each team member will work at least 10 hours per week for an hourly rate of $30 USD.
4. Each participant in the Setup Ceremony will receive an incentive of $100 USD. We anticipate to have approximately 60 participants.