Background

During the past 1.5 years, We (Manta.Network) developed the on-chain privacy solution for DOT/SAMA eco-systems using zkSNARKs, here are some highlights:

Dolphin Testnet V1(unincentivized)

• 60,000 + transactions
• 6,000+ distinct addresses
• send more private transaction powered by zkSNARK in 3 months than Tornado.cash in 1 year

"The Dolphin Testnet] is really good... The experience is really pleasing, congrats to
the team.”
(Thibaut Sarda, Core Developer, Polkadot.js)

Dolphin Testnet V2

• 1/10 ZCash's (Sapling) constraints count in zero-knowledge-proof circuit
• Improved prover performance from 30 sec to 2 sec

As the first project in the substrate space (and very few in the entire Web 3 space) working on zero-knowledge-proof based developed, we experienced a lot of difficulties in terms of ZKP tooling. As a result, we developed a lot of internal tooling that could benefit peer substrate teams deploying zero-knowledge-proof techniques securely and quickly into their project.

Potential Applications

• DID projects like KILT can leverage OpenZL to make their KYC/AML process more decentralized
• Cross-chain Bridges can leverage OpenZL to make the bridges high-performance and trust-less
• DAO tooling project can leverage OpenZL to build MACI for governance
• Project like Astar can leverage OpenZL to build ZKRollups

and many more

OpenZL Design

OpenZL is an open-source library that helps practioners (especially in Web3 space) to develop and deploy secure, high performance zero-knowledge proof code in production. It tries to bridge the gap between low level cryptographic primitives and devlopers' need to build scalable protocols using zero-knowlege proof cryptography securely and quickly. More specifically, many developers today want to leverage zero-knowledge proof systems to build powerful protocols like ZCash/Manta/ZKSync. However, they are facing two less than ideal choices; first, building a protocol using high-level languages like Circom or Cairo loses many performance optimization opportunities, and second, building the protocol directly using libraries like arkworks/groth16, zk-garage/plonk, or microsoft/nova requires expertise in cryptography and can be very error-prone. Also, zero-knowledge proof systems are a moving target. There have been many new, and "better", proof systems coming out every 2-3 years (BCTV -> Groth16 -> Plonk -> Nova). OpenZL tries to solve this problem by building flexible, proof-system agnostic, and extensible libraries for Web3 practitioners.

OpenZL consists of 3 parts:

• Gadget libraries: a library of gadgets that developers can use as building blocks for their protocols. The initial range of the gadgets includes accumulators (merkle tree with zero-knowledge membership proof), zk-friendly hash functions (poseidon hash), and commitment schemes. The gadget libraries are programmed in eclair.
• Embedded Circuit Language And Intermediate Representation (eclair): An embedded DSL in Rust that describes circuit logic. eclair leverages Rust's expressive type system to rule out certain classes of errors during the circuit construction.
• Adaptors to Proof Systems: Adaptors that convert circuit logic in eclair to the constraint systems used in different proof systems. The initial supported proof systems are arkworks/groth16, zk-garage/plonk, and microsoft/nova.

Interested Users (alphabetical)

• Acala
• Astar
• Interlay
• Mangata
• Jump Trading Crypto (at ZK Podcast: https://www.youtube.com/watch?v=N-gayIFspno)
• KILT
• Talisman

Milestones, Deliveries and Budgets

Oversight Committee

Oversight commitee will manage the overall execution and the financial budget of OpenZL:

• Shumo Chu (Co-founder, Manta Network), DOT address: 15yUHnjUPumSZUWsAJuDgm794kLyCPFehXrFY4uFUt18jTnV
• Luke Pearson (Research Partner, Polychain Capital), DOT address: 14QPHeVLAvv5EU24mF4LBoqXFPmNg8MpNwsT9e1GSoEKW3Eh
• Bryan Chen (CTO, Acala Network), DOT address: 14DsLzVyTUTDMm2eP3czwPbH53KgqnQRp3CJJZS9GR7yxGDP

Funding and spendings will be managed in a 2/3 multisig:
15t6F3Ww4LHy6uw6vYqJzFzWSBqM2gLFDj3mzBFx8qzLeuH7

OpenZL Milestones and Deliveries

• Milestone 1 (Product): Oct, 2022
  • Code complete for all gadget libraries
  • Code complete for eclair
  • Code complete for groth16 adaptor
  • End-to-end example and test using groth16 backend
  • Spec complete for security audit
• Milestone 2 (Audit): Nov. 2022
  Potential auditors: ABDK, Least Authority, Trail of Bits
  • Audit complete for all production level support code
  • Substrate based tutorials
  • Trusted-setup toolings

Project Budgets:

• Developer salary, 405,000 USD, (4 cryptographic engineers * 6 months + 1 devop engineer * 0.5 month )
• Security audit, 600,000 USD, 40,000 LOC (currently, manta-rs has about 30,000 LOC) * 15 USD/LOC (quote from ABDK) |
• CI/CD, 5,000 USD, CI/CD for OpenZL
• Misc. , 500 USD, DNS, Website Hosting, etc

Total budget: 1,010,500 USD

In this proposal, we would like to ask from the milestone 1 funding, 400,500 USD development fund. According to the average DOT price of recent 30 days (https://polkadot.subscan.io/tools/charts?type=price), this equals to
53149.6 DOT (price 7.62 USD at July 10, 2022).

Budget and Execution

After the completion of milestone 1, the oversight committee will evaluate the technical merits of the OpenZL and decide whether or not to release the fund to Manta Ray Lab (the dev company of Manta Network).