← Back to simd.watch
Activated

SIMD-0153

ZK ElGamal Proof Program

Author: Sam Kim · Category: Core Protocol GitHub →

Feature Gate Status

Mainnet Active E731
Testnet Active E701
Devnet Active E801

zkhiy5oLowR7HY4zogXjCjeMXyruLqBwSWH21qcFtnv

TL;DR

Deprecate the existing ZK Token Proof program that is tailored for the SPL Token program. Replace it with a more general zero-knowledge proof program called the ZK ElGamal Proof program that is application independent.

Summary

Deprecate the existing ZK Token Proof program that is tailored for the SPL Token program. Replace it with a more general zero-knowledge proof program called the ZK ElGamal Proof program that is application independent.

Motivation

The existing native ZK Token Proof program contains logic that is quite specialized for the SPL Token program. For example, the program contains instructions `VerifyTransfer`, `VerifyTransferWithFee`, and `VerifyWithdraw` that verify zero-knowledge proofs that are tailor made for `Transfer` and `Withdraw` instructions in the SPL Token confidential transfer extension. The ZK Token Proof program is a native built-in program that is part of the validator client. These types of programs should generally not favor any specific application/program like the SPL Token program. In this document, we propose that we deprecate the existing ZK Token Proof program and replace it with a more general ZK ElGamal Proof program that is application independent. The new ZK ElGamal Proof program inherits parts of the ZK Token Proof program that is independent of any specific application like the logic to verify the validity of a public key or range of the encrypted in an ElGamal ciphertext. It leaves out parts of the logic that are specific to the SPL Token application like the logic to verify a zero-knowledge proof required for a token transfer instruction.

Key Changes

  • VerifyZeroBalance: Verifies a proof that certifies that an ElGamal ciphertext encrypts the value zero.
  • VerifyFeeSigma: Verifies a proof that certifies that a tuple of Pedersen commitments satisfy a percentage relation.
  • VerifyWithdraw: Verifies the zero-knowledge proofs that are necessary for the Withdraw instruction in SPL Token.
  • VerifyTransfer: Verifies the zero-knowledge proofs that are necessary for the Transfer instruction in SPL Token.
  • VerifyTransferWithFee: Verifies the zero-knowledge proofs that are necessary for the Transfer instruction in SPL Token.
  • VerifyRangeProofU64: Verifies that a Pedersen commitment contains a positive 64-bit value. This instruction is not specific to the SPL Token program, but it can be subsumed by the existing VerifyBatchRangeProofU64 instruction.

Impact

The existing ZK Token Proof program in the address `ZkTokenProof1111111111111111111111111111111` will be deprecated and removed. A new ZK ElGamal Proof program will be added to the list of built-in programs in the address `ZkE1Gama1Proof11111111111111111111111111111`.

Backwards Compatibility

The original ZK Token Proof program has not yet been activated on any of the clusters. Therefore, deprecating it will simply be removing the unnecessary logic and the feature gate. The new ZK ElGamal program will require a new feature gate to be activated and included as part of the list of native built-in programs.

Security Considerations

The original ZK Token Proof program have been audited by multiple third party auditing firms. Since the new ZK ElGamal Proof program will inherit the same logic from the ZK Token Proof program, we do not expect additional security vulnerabilities introduced with the new ZK ElGamal Proof program.

← View all SIMDs on simd.watch