Skip to content

kadena-io/xchan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
contracts
contracts
 
 
lib
lib
 
 
program
program
 
 
script
script
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE-MIT
LICENSE-MIT
 
 
README.md
README.md
 
 
rust-toolchain
rust-toolchain
 
 

Repository files navigation

Redeem Proof Verification for EVM Cross-Chain Channels

This repository implements a verifier for redeem proofs for cross-chain channels that can be used with the SP1 ZK framework.

The verifier is implemented in Rust. At the moment the only way to execute the verifier on-chain is through generation of a ZK proof. Future versions will include a native verifier that can validate uncompressed Merkle proofs directly on chain. The native verifier will be implemented by translating the Rust implemenation into EVM bytecode.

The input to proof verification is a Merkle proof that proves the burn balance of a channel on the source chain. If verification is successful the verifier computes the proof and returns the root along with the proof claim, which contains the information that is used by the redeem contract. The proof root and the claim together establish the public parameters of the redeem proof.

A ZK proof represents a concise version of the orginal Merkle proof that can be used by the respective zkVM verifier to establish the validaty of the proof with respect to the public parameters without revealing the details of original Merkle proof.

Protocol Overview

  1. A user defines a cross-chain channel between to Chaiwneb chains, but picking
    1. the source chain of the channel,
    2. the target chains of the channel,
    3. a set of accounts that can receive funds from the channel on the target chain, and
    4. optional extra data that qualifies the channel and that also serves as salt to hide the properties of the channel from probing attacks. From this information the user computes the send-address of the channel.
  2. A user burns tokens on the source chain by sending funds to the send-address of the cross-chain channel.
  3. The user picks a target account from the list of available accounts for the channel and generates a Merkle proof that proves the balance of burnded tokens in the channel and also confirms that the chosen account is available for the channel. To do so the users needs know the the properties of the channel and needs to query the relevant information from the chains via the respective RPC endpoints.
  4. Optionally, the user compresses the Merkle proof into a concise ZK proof by executing the Merkle proof in a zkVM. The resulting ZK proof also hides all information that is not required for receiving funds from the channel on the target chain, like the send-address of the channel and the exact amount of burned funds in the channel.
  5. The user submits the proof to the redeem contract on the target chain along with the amount that they wish to withdraw from the channel. The redeem contract verifies the proof and, if successful sends the requested amount to the designated account on the target chain.

Requirements

Running the Verifier

There are 3 main ways to run the verifier: directly verify the Merkle proof by executing the verifier, generate a core ZK proof, and generate a compacted ZK proof for on-chain verification.

Build the Verifier

The verifier executable is automatically built through script/build.rs when the script is built.

Execute the Verifier

In order to test the verifier you first need to generate a redeem Merkle proof. This can be done from the Kadena EVM sandbox using the provided off-chain scripts.

To run the verifier without generating a ZK proof:

cd script
cargo run --release -- --command execute --redem-proof <HEX_ENCODED_PROOF>

This will execute the verifier executable and display the output.

Generate an SP1 ZK Proof

To generate an SP1 core proof for a verifier run:

cd script
cargo run --release -- --command prove --proof-type core --redem-proof <HEX_ENCODED_PROOF>

This command will generate an uncompress STARK proof that is several MB large. For on chain verification purposes, you will need to generate a Groth16 or PLONK proof by setting --proof-types groth16 or --proof-type plonk respectively.

Generating a Groth16 or Plonk proof will take a long time and consume a lot of memory. Using the Succinct Prover Network is recommnded for more effcient proof generation. Generating a Groth16 proof takes about 20 seconds on the prover network, Plonk proofs take about 90 seconds.

Retrieve the Verification Key

To retrieve the programVKey that represents the verifier program in the zkVM, run the following command in script:

cargo run --release --bin vkey

Testing the Verifier

In order to test on-chain proof verification you will need to install Foundry

The following will test on-chain proof verification with foudry using the test fixtures provided in contracts/src/fixtures:

cd contracts
forge test --match-path test/Redeem.t.sol -v

Deploying the Redeem Contract

The repositry contains a prototype of a redeem contract that wraps the verifier and demonstrates how the verifier is used to facility cross-chain transfers.

For details about how to deploy and use the redeem contract, please refer to the Redeem Contract README.

About

Cross-chain channels

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages