zexe: enabling decentralized private computation · 1 zexe: enabling decentralized private...
TRANSCRIPT
![Page 1: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/1.jpg)
1
ZEXE: EnablingDecentralized Private Computation
Sean Bowe Alessandro Chiesa
Matthew Green Ian Miers
Pratyush Mishra Howard Wu
Zcash UC Berkeley JHU Cornell Tech UC Berkeley UC Berkeley
ia.cr/2018/962 libzexe.org
PENCIL Workshop, 2019
![Page 2: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/2.jpg)
Computing on distributed ledgers
![Page 3: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/3.jpg)
Computing on distributed ledgers
• Today we have a number of systems for running general computations on distributed ledgers: Ethereum, Tezos, EOS…
![Page 4: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/4.jpg)
Computing on distributed ledgers
• Today we have a number of systems for running general computations on distributed ledgers: Ethereum, Tezos, EOS…
• These usually work by re-execution: every node re-executes every transaction.
![Page 5: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/5.jpg)
Computing on distributed ledgers
• Today we have a number of systems for running general computations on distributed ledgers: Ethereum, Tezos, EOS…
• These usually work by re-execution: every node re-executes every transaction.
![Page 6: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/6.jpg)
3
Scalability and privacy issuesScalability Privacy
![Page 7: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/7.jpg)
3
Scalability and privacy issuesScalability Privacy
![Page 8: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/8.jpg)
3
Scalability and privacy issuesScalability Privacy
![Page 9: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/9.jpg)
3
Scalability and privacy issuesScalability Privacy
![Page 10: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/10.jpg)
3
Scalability and privacy issuesScalability Privacy
![Page 11: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/11.jpg)
3
Scalability and privacy issuesScalability Privacy
•Bottlenecked by weakest node
![Page 12: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/12.jpg)
3
Scalability and privacy issuesScalability Privacy
•Bottlenecked by weakest node•Independent of consensus-layer
improvements
![Page 13: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/13.jpg)
3
Scalability and privacy issuesScalability Privacy
•Bottlenecked by weakest node•Independent of consensus-layer
improvements
Anyone can see:
![Page 14: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/14.jpg)
3
Scalability and privacy issuesScalability Privacy
•Bottlenecked by weakest node•Independent of consensus-layer
improvements
executed program
Anyone can see:
![Page 15: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/15.jpg)
3
Scalability and privacy issuesScalability Privacy
•Bottlenecked by weakest node•Independent of consensus-layer
improvements
executed program input
data
Anyone can see:
![Page 16: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/16.jpg)
3
Scalability and privacy issuesScalability Privacy
•Bottlenecked by weakest node•Independent of consensus-layer
improvements
executed program input
datacaller
Anyone can see:
![Page 17: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/17.jpg)
3
Scalability and privacy issuesScalability Privacy
•Bottlenecked by weakest node•Independent of consensus-layer
improvements
executed program input
datacaller
Anyone can see:
•Permanently stored on the ledger
![Page 18: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/18.jpg)
This work: ZEXE
4
![Page 19: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/19.jpg)
This work: ZEXE
4
A ledger-based system that enables users to conduct offline computations and then publish transactions about these.
![Page 20: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/20.jpg)
This work: ZEXE
4
A ledger-based system that enables users to conduct offline computations and then publish transactions about these.
Privacy: tx reveals no info about offline computation
![Page 21: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/21.jpg)
This work: ZEXE
4
A ledger-based system that enables users to conduct offline computations and then publish transactions about these.
Privacy: tx reveals no info about offline computationSuccinctness: tx can be validated in poly(k) time
|tx|<1KB Verify(tx) in <50ms
![Page 22: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/22.jpg)
This work: ZEXE
4
A ledger-based system that enables users to conduct offline computations and then publish transactions about these.
Privacy: tx reveals no info about offline computationSuccinctness: tx can be validated in poly(k) time
|tx|<1KB Verify(tx) in <50msFunctionality:
![Page 23: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/23.jpg)
This work: ZEXE
4
A ledger-based system that enables users to conduct offline computations and then publish transactions about these.
Privacy: tx reveals no info about offline computationSuccinctness: tx can be validated in poly(k) time
|tx|<1KB Verify(tx) in <50msFunctionality:
• extensibility (user-defined functions)
![Page 24: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/24.jpg)
This work: ZEXE
4
A ledger-based system that enables users to conduct offline computations and then publish transactions about these.
Privacy: tx reveals no info about offline computationSuccinctness: tx can be validated in poly(k) time
|tx|<1KB Verify(tx) in <50msFunctionality:
• extensibility (user-defined functions)• isolation (malicious functions do not affect honest ones)
![Page 25: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/25.jpg)
This work: ZEXE
4
A ledger-based system that enables users to conduct offline computations and then publish transactions about these.
Privacy: tx reveals no info about offline computationSuccinctness: tx can be validated in poly(k) time
|tx|<1KB Verify(tx) in <50msFunctionality:
• extensibility (user-defined functions)• isolation (malicious functions do not affect honest ones)• inter-process communication (functions can interact)
![Page 26: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/26.jpg)
This work: ZEXE
4
A ledger-based system that enables users to conduct offline computations and then publish transactions about these.
Privacy: tx reveals no info about offline computationSuccinctness: tx can be validated in poly(k) time
|tx|<1KB Verify(tx) in <50msFunctionality:
• extensibility (user-defined functions)• isolation (malicious functions do not affect honest ones)• inter-process communication (functions can interact)
Example applications:
![Page 27: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/27.jpg)
This work: ZEXE
4
A ledger-based system that enables users to conduct offline computations and then publish transactions about these.
Privacy: tx reveals no info about offline computationSuccinctness: tx can be validated in poly(k) time
|tx|<1KB Verify(tx) in <50msFunctionality:
• extensibility (user-defined functions)• isolation (malicious functions do not affect honest ones)• inter-process communication (functions can interact)
Example applications:• private user-defined assets
![Page 28: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/28.jpg)
This work: ZEXE
4
A ledger-based system that enables users to conduct offline computations and then publish transactions about these.
Privacy: tx reveals no info about offline computationSuccinctness: tx can be validated in poly(k) time
|tx|<1KB Verify(tx) in <50msFunctionality:
• extensibility (user-defined functions)• isolation (malicious functions do not affect honest ones)• inter-process communication (functions can interact)
Example applications:• private user-defined assets• private stablecoins
![Page 29: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/29.jpg)
This work: ZEXE
4
A ledger-based system that enables users to conduct offline computations and then publish transactions about these.
Privacy: tx reveals no info about offline computationSuccinctness: tx can be validated in poly(k) time
|tx|<1KB Verify(tx) in <50msFunctionality:
• extensibility (user-defined functions)• isolation (malicious functions do not affect honest ones)• inter-process communication (functions can interact)
Example applications:• private user-defined assets• private stablecoins• private decentralized exchanges
![Page 30: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/30.jpg)
This talk: ZEXE
5
![Page 31: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/31.jpg)
This talk: ZEXE
5
Will use ideas from ZEXE to construct
![Page 32: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/32.jpg)
This talk: ZEXE
5
Will use ideas from ZEXE to construct
private user-defined assets
![Page 33: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/33.jpg)
This talk: ZEXE
5
Will use ideas from ZEXE to construct
private user-defined assetsprivate decentralized exchanges
![Page 34: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/34.jpg)
This talk: ZEXE
5
Will use ideas from ZEXE to construct
private user-defined assetsprivate decentralized exchangesprivate stablecoins
![Page 35: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/35.jpg)
Trading digital assets
![Page 36: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/36.jpg)
Trading digital assets• Custom, user-defined assets are most successful
application of smart contract systems.
![Page 37: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/37.jpg)
Trading digital assets• Custom, user-defined assets are most successful
application of smart contract systems.
• Many different kinds of assets such as ERC-20, ERC-721 tokens and stablecoins. Different properties and controlling authorities.
![Page 38: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/38.jpg)
Trading digital assets• Custom, user-defined assets are most successful
application of smart contract systems.
• Many different kinds of assets such as ERC-20, ERC-721 tokens and stablecoins. Different properties and controlling authorities.
• How to trade such assets?
![Page 39: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/39.jpg)
Trading digital assets• Custom, user-defined assets are most successful
application of smart contract systems.
• Many different kinds of assets such as ERC-20, ERC-721 tokens and stablecoins. Different properties and controlling authorities.
• How to trade such assets?Centralized exchanges
![Page 40: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/40.jpg)
Trading digital assets• Custom, user-defined assets are most successful
application of smart contract systems.
• Many different kinds of assets such as ERC-20, ERC-721 tokens and stablecoins. Different properties and controlling authorities.
• How to trade such assets?Centralized exchanges
- Users give up custody of assets.
![Page 41: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/41.jpg)
Trading digital assets• Custom, user-defined assets are most successful
application of smart contract systems.
• Many different kinds of assets such as ERC-20, ERC-721 tokens and stablecoins. Different properties and controlling authorities.
• How to trade such assets?Centralized exchanges
- Users give up custody of assets.
- Can lead to loss of funds due to fraud/breach/error
![Page 42: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/42.jpg)
Trading digital assets• Custom, user-defined assets are most successful
application of smart contract systems.
• Many different kinds of assets such as ERC-20, ERC-721 tokens and stablecoins. Different properties and controlling authorities.
• How to trade such assets?Centralized exchanges
- Users give up custody of assets.
- Can lead to loss of funds due to fraud/breach/error
+ Efficient: infrequent on-chain activity
![Page 43: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/43.jpg)
Trading digital assets• Custom, user-defined assets are most successful
application of smart contract systems.
• Many different kinds of assets such as ERC-20, ERC-721 tokens and stablecoins. Different properties and controlling authorities.
• How to trade such assets?Centralized exchanges
- Users give up custody of assets.
- Can lead to loss of funds due to fraud/breach/error
+ Efficient: infrequent on-chain activity
+ (Somewhat) private: only exchange learns trade details
![Page 44: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/44.jpg)
Trading digital assets• Custom, user-defined assets are most successful
application of smart contract systems.
• Many different kinds of assets such as ERC-20, ERC-721 tokens and stablecoins. Different properties and controlling authorities.
• How to trade such assets?Centralized exchanges
- Users give up custody of assets.
- Can lead to loss of funds due to fraud/breach/error
+ Efficient: infrequent on-chain activity
+ (Somewhat) private: only exchange learns trade details
Decentralized exchanges
![Page 45: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/45.jpg)
Trading digital assets• Custom, user-defined assets are most successful
application of smart contract systems.
• Many different kinds of assets such as ERC-20, ERC-721 tokens and stablecoins. Different properties and controlling authorities.
• How to trade such assets?Centralized exchanges
- Users give up custody of assets.
- Can lead to loss of funds due to fraud/breach/error
+ Efficient: infrequent on-chain activity
+ (Somewhat) private: only exchange learns trade details
Decentralized exchanges
+ Users retain custody of assets
![Page 46: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/46.jpg)
Trading digital assets• Custom, user-defined assets are most successful
application of smart contract systems.
• Many different kinds of assets such as ERC-20, ERC-721 tokens and stablecoins. Different properties and controlling authorities.
• How to trade such assets?Centralized exchanges
- Users give up custody of assets.
- Can lead to loss of funds due to fraud/breach/error
+ Efficient: infrequent on-chain activity
+ (Somewhat) private: only exchange learns trade details
Decentralized exchanges
+ Users retain custody of assets
- Inefficient: on-chain activity for all trades
![Page 47: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/47.jpg)
Trading digital assets• Custom, user-defined assets are most successful
application of smart contract systems.
• Many different kinds of assets such as ERC-20, ERC-721 tokens and stablecoins. Different properties and controlling authorities.
• How to trade such assets?Centralized exchanges
- Users give up custody of assets.
- Can lead to loss of funds due to fraud/breach/error
+ Efficient: infrequent on-chain activity
+ (Somewhat) private: only exchange learns trade details
Decentralized exchanges
+ Users retain custody of assets
- Inefficient: on-chain activity for all trades
- Non-private: any observer can see trade details
![Page 48: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/48.jpg)
Limitations of DEXs
![Page 49: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/49.jpg)
Limitations of DEXs
Privacy:
![Page 50: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/50.jpg)
Limitations of DEXs
Privacy:• Every trade goes on the ledger.
![Page 51: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/51.jpg)
Limitations of DEXs
Privacy:• Every trade goes on the ledger.• Transactions reveal participating parties, assets and
values.
![Page 52: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/52.jpg)
Limitations of DEXs
Privacy:• Every trade goes on the ledger.• Transactions reveal participating parties, assets and
values.
![Page 53: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/53.jpg)
Limitations of DEXs
Privacy:• Every trade goes on the ledger.• Transactions reveal participating parties, assets and
values.
User financial privacy
![Page 54: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/54.jpg)
Limitations of DEXs
Privacy:• Every trade goes on the ledger.• Transactions reveal participating parties, assets and
values.
User financial privacy
Trading history of users is public on the ledger, which reduces fungibility and can reveal secrets like trading patterns and techniques.
![Page 55: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/55.jpg)
Limitations of DEXs
Privacy:• Every trade goes on the ledger.• Transactions reveal participating parties, assets and
values.
Frontrunning
Miners’ privileged network position enables them to see big orders before others, allowing them to place their own orders before prices change.
User financial privacy
Trading history of users is public on the ledger, which reduces fungibility and can reveal secrets like trading patterns and techniques.
![Page 56: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/56.jpg)
Limitations of DEXs
Privacy:• Every trade goes on the ledger.• Transactions reveal participating parties, assets and
values.
Frontrunning
Miners’ privileged network position enables them to see big orders before others, allowing them to place their own orders before prices change.
User financial privacy
Trading history of users is public on the ledger, which reduces fungibility and can reveal secrets like trading patterns and techniques.
[BDJT17, BBDJLZ17, DGKLZBBJ19]
![Page 57: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/57.jpg)
8
![Page 58: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/58.jpg)
8
Private user-defined assets
![Page 59: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/59.jpg)
8
Private DEX
Private user-defined assets
![Page 60: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/60.jpg)
8
Private DEX
Private user-defined assets
Private stablecoins
![Page 61: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/61.jpg)
8
Private DEX
Private user-defined assets
Private stablecoins
![Page 62: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/62.jpg)
The Zerocash Paradigm
9
Each transaction consumes old coins and creates new coins. The senders, receivers, and values are provably hidden.
[BCGGMTV14]
![Page 63: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/63.jpg)
The Zerocash Paradigm
9
Each transaction consumes old coins and creates new coins. The senders, receivers, and values are provably hidden.
[BCGGMTV14]
sn1 cma
sn2 cmb
∗
![Page 64: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/64.jpg)
The Zerocash Paradigm
9
Each transaction consumes old coins and creates new coins. The senders, receivers, and values are provably hidden.
sn3 cmc
sn4 cmd
∗
[BCGGMTV14]
sn1 cma
sn2 cmb
∗
![Page 65: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/65.jpg)
The Zerocash Paradigm
9
Each transaction consumes old coins and creates new coins. The senders, receivers, and values are provably hidden.
sn3 cmc
sn4 cmd
∗
[BCGGMTV14]
sn1 cma
sn2 cmb
∗sn5 cme
sn6 cmf
∗
![Page 66: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/66.jpg)
The Zerocash Paradigm
9
Each transaction consumes old coins and creates new coins. The senders, receivers, and values are provably hidden.
sn3 cmc
sn4 cmd
∗
HIDDEN
[BCGGMTV14]
sn1 cma
sn2 cmb
∗sn5 cme
sn6 cmf
∗
![Page 67: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/67.jpg)
The Zerocash Paradigm
9
Each transaction consumes old coins and creates new coins. The senders, receivers, and values are provably hidden.
sn3 cmc
sn4 cmd
∗
v5+v6=ve+vfHIDDEN
[BCGGMTV14]
sn1 cma
sn2 cmb
∗sn5 cme
sn6 cmf
∗
![Page 68: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/68.jpg)
The Zerocash Paradigm
9
Each transaction consumes old coins and creates new coins. The senders, receivers, and values are provably hidden.
sn3 cmc
sn4 cmd
∗
v5+v6=ve+vfHIDDEN
[BCGGMTV14]
all created coins (commitments)
sn1 cma
sn2 cmb
∗sn5 cme
sn6 cmf
∗
![Page 69: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/69.jpg)
The Zerocash Paradigm
9
Each transaction consumes old coins and creates new coins. The senders, receivers, and values are provably hidden.
sn3 cmc
sn4 cmd
∗
v5+v6=ve+vfHIDDEN
[BCGGMTV14]
all created coins (commitments)
cmb
cme cmc...
sn1 cma
sn2 cmb
∗sn5 cme
sn6 cmf
∗
![Page 70: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/70.jpg)
The Zerocash Paradigm
9
Each transaction consumes old coins and creates new coins. The senders, receivers, and values are provably hidden.
sn3 cmc
sn4 cmd
∗
v5+v6=ve+vfHIDDEN
[BCGGMTV14]
all created coins (commitments)
consumed coins (serial numbers)
cmb
cme cmc...
sn1 cma
sn2 cmb
∗sn5 cme
sn6 cmf
∗
![Page 71: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/71.jpg)
The Zerocash Paradigm
9
Each transaction consumes old coins and creates new coins. The senders, receivers, and values are provably hidden.
sn3 cmc
sn4 cmd
∗
v5+v6=ve+vfHIDDEN
[BCGGMTV14]
all created coins (commitments)
consumed coins (serial numbers)
cmb sn5
cme cmc...
...
sn1 cma
sn2 cmb
∗sn5 cme
sn6 cmf
∗
![Page 72: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/72.jpg)
The Zerocash Paradigm
9
Each transaction consumes old coins and creates new coins. The senders, receivers, and values are provably hidden.
sn3 cmc
sn4 cmd
∗
v5+v6=ve+vfHIDDEN
[BCGGMTV14]
all created coins (commitments)
consumed coins (serial numbers)
cmb sn5
cme cmc...
...
sn1 cma
sn2 cmb
∗sn5 cme
sn6 cmf
∗
![Page 73: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/73.jpg)
Sketch of Zerocash
10
tx
old coin serial numbers
new coin commitments
[BCGGMTV14]
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
Simplify: just say that proof proves four things: Existence of coins, unique spends, construction of new coins, and correct values.
Reason: don’t use it in the rest of the talk anyway.
![Page 74: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/74.jpg)
Sketch of Zerocash
10
𝛑tx
old coin serial numbers
new coin commitments ZKP
[BCGGMTV14]
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
Simplify: just say that proof proves four things: Existence of coins, unique spends, construction of new coins, and correct values.
Reason: don’t use it in the rest of the talk anyway.
![Page 75: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/75.jpg)
Sketch of Zerocash
10
𝛑tx
old coin serial numbers
new coin commitments ZKP
COMM
[BCGGMTV14]
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
𝗉𝗄𝗈𝗅𝖽i v𝗈𝗅𝖽
i ρ𝗈𝗅𝖽ic𝗈𝗅𝖽
i
Simplify: just say that proof proves four things: Existence of coins, unique spends, construction of new coins, and correct values.
Reason: don’t use it in the rest of the talk anyway.
![Page 76: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/76.jpg)
Sketch of Zerocash
10
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
COMM
∈
[BCGGMTV14]
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
𝗉𝗄𝗈𝗅𝖽i v𝗈𝗅𝖽
i ρ𝗈𝗅𝖽ic𝗈𝗅𝖽
i
𝖼𝗆𝗈𝗅𝖽i
Simplify: just say that proof proves four things: Existence of coins, unique spends, construction of new coins, and correct values.
Reason: don’t use it in the rest of the talk anyway.
![Page 77: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/77.jpg)
Sketch of Zerocash
10
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMM
∈
[BCGGMTV14]
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
𝗉𝗄𝗈𝗅𝖽i v𝗈𝗅𝖽
i ρ𝗈𝗅𝖽ic𝗈𝗅𝖽
i
𝖼𝗆𝗈𝗅𝖽i
𝗌𝗄𝗈𝗅𝖽i
Simplify: just say that proof proves four things: Existence of coins, unique spends, construction of new coins, and correct values.
Reason: don’t use it in the rest of the talk anyway.
![Page 78: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/78.jpg)
Sketch of Zerocash
10
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMMCOMM
∈
[BCGGMTV14]
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
𝗉𝗄𝗈𝗅𝖽i v𝗈𝗅𝖽
i ρ𝗈𝗅𝖽i 𝗉𝗄𝗇𝖾𝗐
j v𝗇𝖾𝗐j ρ𝗇𝖾𝗐
jc𝗈𝗅𝖽i c𝗇𝖾𝗐
j
𝖼𝗆𝗈𝗅𝖽i
𝗌𝗄𝗈𝗅𝖽i
Simplify: just say that proof proves four things: Existence of coins, unique spends, construction of new coins, and correct values.
Reason: don’t use it in the rest of the talk anyway.
![Page 79: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/79.jpg)
Sketch of Zerocash
10
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMMCOMM
∈
[BCGGMTV14]
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
𝗉𝗄𝗈𝗅𝖽i v𝗈𝗅𝖽
i ρ𝗈𝗅𝖽i 𝗉𝗄𝗇𝖾𝗐
j v𝗇𝖾𝗐j ρ𝗇𝖾𝗐
jc𝗈𝗅𝖽i c𝗇𝖾𝗐
j
𝖼𝗆𝗈𝗅𝖽i
∑i
v𝗈𝗅𝖽i = ∑
j
v𝗇𝖾𝗐j
𝗌𝗄𝗈𝗅𝖽i
Simplify: just say that proof proves four things: Existence of coins, unique spends, construction of new coins, and correct values.
Reason: don’t use it in the rest of the talk anyway.
![Page 80: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/80.jpg)
11
Zerocash achieves ideal anonymity for a single asset
(on a single blockchain).
![Page 81: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/81.jpg)
11
Zerocash achieves ideal anonymity for a single asset
(on a single blockchain).
How to achieve ideal privacy for multiple user-defined assets (on the same blockchain)?
![Page 82: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/82.jpg)
Private user-defined assets
12
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMMCOMM
∈
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
𝗉𝗄𝗈𝗅𝖽i ρ𝗈𝗅𝖽
i 𝗉𝗄𝗇𝖾𝗐j ρ𝗇𝖾𝗐
jc𝗈𝗅𝖽i c𝗇𝖾𝗐
j
𝖼𝗆𝗈𝗅𝖽i
𝗌𝗄𝗈𝗅𝖽i
* For now we ignore how to mint an initial supply and generate a unique id.
*
![Page 83: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/83.jpg)
Private user-defined assets
12
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMMCOMM
∈
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
𝗉𝗄𝗈𝗅𝖽i (𝗂𝖽𝗈𝗅𝖽
i , v𝗈𝗅𝖽i ) ρ𝗈𝗅𝖽
i 𝗉𝗄𝗇𝖾𝗐j (𝗂𝖽𝗇𝖾𝗐
j , v𝗇𝖾𝗐j ) ρ𝗇𝖾𝗐
jc𝗈𝗅𝖽i c𝗇𝖾𝗐
j
𝖼𝗆𝗈𝗅𝖽i
𝗌𝗄𝗈𝗅𝖽i
* For now we ignore how to mint an initial supply and generate a unique id.
*
![Page 84: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/84.jpg)
Private user-defined assets
12
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMMCOMM
∈
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
𝗉𝗄𝗈𝗅𝖽i (𝗂𝖽𝗈𝗅𝖽
i , v𝗈𝗅𝖽i ) ρ𝗈𝗅𝖽
i 𝗉𝗄𝗇𝖾𝗐j (𝗂𝖽𝗇𝖾𝗐
j , v𝗇𝖾𝗐j ) ρ𝗇𝖾𝗐
jc𝗈𝗅𝖽i c𝗇𝖾𝗐
j
𝖼𝗆𝗈𝗅𝖽i
𝗌𝗄𝗈𝗅𝖽i
* For now we ignore how to mint an initial supply and generate a unique id.
For every id in tx, id-value is conserved
*
![Page 85: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/85.jpg)
13
![Page 86: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/86.jpg)
13
So far: multiple, private, user-defined assets in the same transaction, with the same anonymity pool.
![Page 87: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/87.jpg)
13
So far: multiple, private, user-defined assets in the same transaction, with the same anonymity pool.
But: assets are still isolated.
![Page 88: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/88.jpg)
13
So far: multiple, private, user-defined assets in the same transaction, with the same anonymity pool.
But: assets are still isolated.
How to enable applications that interact with multiple assets?
![Page 89: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/89.jpg)
Custom access to user-defined assets
14
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMMCOMM
∈
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
c𝗈𝗅𝖽i
𝖼𝗆𝗈𝗅𝖽i
∙ ∀𝗂𝖽, 𝗂𝖽-value is conserved
𝗌𝗄𝗈𝗅𝖽i
c𝗇𝖾𝗐j𝗉𝗄𝗈𝗅𝖽
i ρ𝗈𝗅𝖽i 𝗉𝗄𝗇𝖾𝗐
j ρ𝗇𝖾𝗐j(𝗂𝖽𝗈𝗅𝖽
i , v𝗈𝗅𝖽i , 𝖺𝗎𝗑𝗈𝗅𝖽
i ) (𝗂𝖽𝗇𝖾𝗐j , v𝗇𝖾𝗐
j , 𝖺𝗎𝗑𝗇𝖾𝗐j )
![Page 90: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/90.jpg)
Custom access to user-defined assets
14
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMMCOMM
∈
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
c𝗈𝗅𝖽i
𝖼𝗆𝗈𝗅𝖽i
∙ ∀𝗂𝖽, 𝗂𝖽-value is conserved
𝗌𝗄𝗈𝗅𝖽i
c𝗇𝖾𝗐j𝗉𝗄𝗈𝗅𝖽
i ρ𝗈𝗅𝖽iϕ𝗈𝗅𝖽
i 𝗉𝗄𝗇𝖾𝗐j ρ𝗇𝖾𝗐
jϕ𝗇𝖾𝗐j
∙ ∀i, ϕ𝗈𝗅𝖽i (all coins) = 1
(𝗂𝖽𝗈𝗅𝖽i , v𝗈𝗅𝖽
i , 𝖺𝗎𝗑𝗈𝗅𝖽i ) (𝗂𝖽𝗇𝖾𝗐
j , v𝗇𝖾𝗐j , 𝖺𝗎𝗑𝗇𝖾𝗐
j )
![Page 91: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/91.jpg)
Custom access to user-defined assets
14
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMMCOMM
∈
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
c𝗈𝗅𝖽i
𝖼𝗆𝗈𝗅𝖽i
∙ ∀𝗂𝖽, 𝗂𝖽-value is conserved
𝗌𝗄𝗈𝗅𝖽i
c𝗇𝖾𝗐j𝗉𝗄𝗈𝗅𝖽
i ρ𝗈𝗅𝖽iϕ𝗈𝗅𝖽
i 𝗉𝗄𝗇𝖾𝗐j ρ𝗇𝖾𝗐
jϕ𝗇𝖾𝗐j
∙ ∀i, ϕ𝗈𝗅𝖽i (all coins) = 1
(𝗂𝖽𝗈𝗅𝖽i , v𝗈𝗅𝖽
i , 𝖺𝗎𝗑𝗈𝗅𝖽i ) (𝗂𝖽𝗇𝖾𝗐
j , v𝗇𝖾𝗐j , 𝖺𝗎𝗑𝗇𝖾𝗐
j )
Transaction reveals no information about asset
identifier, value, or predicate
![Page 92: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/92.jpg)
15
Private atomic swaps
![Page 93: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/93.jpg)
15
Private atomic swaps Key primitive for constructing DEXs
![Page 94: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/94.jpg)
(𝗂𝖽𝗈𝗅𝖽1 , v𝗈𝗅𝖽
1 , 𝖺𝗎𝗑𝗈𝗅𝖽1 )
ϕ𝗈𝗅𝖽1 = ϕ𝖾𝗑𝖼𝗁
𝗉𝗄𝗈𝗅𝖽1
c𝗈𝗅𝖽1
15
Private atomic swaps Key primitive for constructing DEXs
![Page 95: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/95.jpg)
(𝗂𝖽𝗈𝗅𝖽1 , v𝗈𝗅𝖽
1 , 𝖺𝗎𝗑𝗈𝗅𝖽1 )
ϕ𝗈𝗅𝖽1 = ϕ𝖾𝗑𝖼𝗁
𝗉𝗄𝗈𝗅𝖽1
c𝗈𝗅𝖽1
15
Private atomic swaps
(𝗂𝖽𝗈𝗅𝖽2 , v𝗈𝗅𝖽
2 , 𝖺𝗎𝗑𝗈𝗅𝖽2 )
ϕ𝗈𝗅𝖽2
𝗉𝗄𝗈𝗅𝖽2
c𝗈𝗅𝖽2
(𝗂𝖽𝗇𝖾𝗐1 , v𝗇𝖾𝗐
1 , ⊥ )
ϕ𝗇𝖾𝗐1
𝗉𝗄𝗇𝖾𝗐1
c𝗇𝖾𝗐1
(𝗂𝖽𝗇𝖾𝗐2 , v𝗇𝖾𝗐
2 , ⊥ )
ϕ𝗇𝖾𝗐2
𝗉𝗄𝗇𝖾𝗐2
c𝗇𝖾𝗐2
Key primitive for constructing DEXs
![Page 96: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/96.jpg)
(𝗂𝖽𝗈𝗅𝖽1 , v𝗈𝗅𝖽
1 , 𝖺𝗎𝗑𝗈𝗅𝖽1 )
ϕ𝗈𝗅𝖽1 = ϕ𝖾𝗑𝖼𝗁
𝗉𝗄𝗈𝗅𝖽1
c𝗈𝗅𝖽1
15
Private atomic swaps
ϕ𝖾𝗑𝖼𝗁(c𝗈𝗅𝖽1 , c𝗈𝗅𝖽
2 , c𝗇𝖾𝗐1 , c𝗇𝖾𝗐
2 ) :
(𝗂𝖽𝗈𝗅𝖽2 , v𝗈𝗅𝖽
2 , 𝖺𝗎𝗑𝗈𝗅𝖽2 )
ϕ𝗈𝗅𝖽2
𝗉𝗄𝗈𝗅𝖽2
c𝗈𝗅𝖽2
(𝗂𝖽𝗇𝖾𝗐1 , v𝗇𝖾𝗐
1 , ⊥ )
ϕ𝗇𝖾𝗐1
𝗉𝗄𝗇𝖾𝗐1
c𝗇𝖾𝗐1
(𝗂𝖽𝗇𝖾𝗐2 , v𝗇𝖾𝗐
2 , ⊥ )
ϕ𝗇𝖾𝗐2
𝗉𝗄𝗇𝖾𝗐2
c𝗇𝖾𝗐2
Key primitive for constructing DEXs
![Page 97: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/97.jpg)
(𝗂𝖽𝗈𝗅𝖽1 , v𝗈𝗅𝖽
1 , 𝖺𝗎𝗑𝗈𝗅𝖽1 )
ϕ𝗈𝗅𝖽1 = ϕ𝖾𝗑𝖼𝗁
𝗉𝗄𝗈𝗅𝖽1
c𝗈𝗅𝖽1
15
Private atomic swaps
ϕ𝖾𝗑𝖼𝗁(c𝗈𝗅𝖽1 , c𝗈𝗅𝖽
2 , c𝗇𝖾𝗐1 , c𝗇𝖾𝗐
2 ) :
Parse 𝖺𝗎𝗑𝗈𝗅𝖽1 as (𝗂𝖽⋆, v⋆, 𝗉𝗄⋆)
(𝗂𝖽𝗈𝗅𝖽2 , v𝗈𝗅𝖽
2 , 𝖺𝗎𝗑𝗈𝗅𝖽2 )
ϕ𝗈𝗅𝖽2
𝗉𝗄𝗈𝗅𝖽2
c𝗈𝗅𝖽2
(𝗂𝖽𝗇𝖾𝗐1 , v𝗇𝖾𝗐
1 , ⊥ )
ϕ𝗇𝖾𝗐1
𝗉𝗄𝗇𝖾𝗐1
c𝗇𝖾𝗐1
(𝗂𝖽𝗇𝖾𝗐2 , v𝗇𝖾𝗐
2 , ⊥ )
ϕ𝗇𝖾𝗐2
𝗉𝗄𝗇𝖾𝗐2
c𝗇𝖾𝗐2
(𝗂𝖽⋆, v⋆, 𝗉𝗄⋆)
Key primitive for constructing DEXs
![Page 98: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/98.jpg)
(𝗂𝖽𝗈𝗅𝖽1 , v𝗈𝗅𝖽
1 , 𝖺𝗎𝗑𝗈𝗅𝖽1 )
ϕ𝗈𝗅𝖽1 = ϕ𝖾𝗑𝖼𝗁
𝗉𝗄𝗈𝗅𝖽1
c𝗈𝗅𝖽1
15
Private atomic swaps
ϕ𝖾𝗑𝖼𝗁(c𝗈𝗅𝖽1 , c𝗈𝗅𝖽
2 , c𝗇𝖾𝗐1 , c𝗇𝖾𝗐
2 ) :
Parse 𝖺𝗎𝗑𝗈𝗅𝖽1 as (𝗂𝖽⋆, v⋆, 𝗉𝗄⋆)
Check that 𝗂𝖽𝗈𝗅𝖽2 = 𝗂𝖽⋆ and v𝗈𝗅𝖽
2 = v⋆
(𝗂𝖽𝗈𝗅𝖽2 , v𝗈𝗅𝖽
2 , 𝖺𝗎𝗑𝗈𝗅𝖽2 )
ϕ𝗈𝗅𝖽2
𝗉𝗄𝗈𝗅𝖽2
c𝗈𝗅𝖽2
(𝗂𝖽𝗇𝖾𝗐1 , v𝗇𝖾𝗐
1 , ⊥ )
ϕ𝗇𝖾𝗐1
𝗉𝗄𝗇𝖾𝗐1
c𝗇𝖾𝗐1
(𝗂𝖽𝗇𝖾𝗐2 , v𝗇𝖾𝗐
2 , ⊥ )
ϕ𝗇𝖾𝗐2
𝗉𝗄𝗇𝖾𝗐2
c𝗇𝖾𝗐2
(𝗂𝖽⋆, v⋆, 𝗉𝗄⋆)
Key primitive for constructing DEXs
![Page 99: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/99.jpg)
(𝗂𝖽𝗈𝗅𝖽1 , v𝗈𝗅𝖽
1 , 𝖺𝗎𝗑𝗈𝗅𝖽1 )
ϕ𝗈𝗅𝖽1 = ϕ𝖾𝗑𝖼𝗁
𝗉𝗄𝗈𝗅𝖽1
c𝗈𝗅𝖽1
15
Private atomic swaps
ϕ𝖾𝗑𝖼𝗁(c𝗈𝗅𝖽1 , c𝗈𝗅𝖽
2 , c𝗇𝖾𝗐1 , c𝗇𝖾𝗐
2 ) :
Parse 𝖺𝗎𝗑𝗈𝗅𝖽1 as (𝗂𝖽⋆, v⋆, 𝗉𝗄⋆)
Check that 𝗂𝖽𝗈𝗅𝖽2 = 𝗂𝖽⋆ and v𝗈𝗅𝖽
2 = v⋆
Perform swap: 𝗂𝖽𝗇𝖾𝗐
1 = 𝗂𝖽𝗈𝗅𝖽2 ; v𝗇𝖾𝗐
1 = v𝗈𝗅𝖽2
𝗂𝖽𝗇𝖾𝗐2 = 𝗂𝖽𝗈𝗅𝖽
1 ; v𝗇𝖾𝗐2 = v𝗈𝗅𝖽
1
(𝗂𝖽𝗈𝗅𝖽2 , v𝗈𝗅𝖽
2 , 𝖺𝗎𝗑𝗈𝗅𝖽2 )
ϕ𝗈𝗅𝖽2
𝗉𝗄𝗈𝗅𝖽2
c𝗈𝗅𝖽2
(𝗂𝖽𝗇𝖾𝗐1 , v𝗇𝖾𝗐
1 , ⊥ )
ϕ𝗇𝖾𝗐1
𝗉𝗄𝗇𝖾𝗐1
c𝗇𝖾𝗐1
(𝗂𝖽𝗇𝖾𝗐2 , v𝗇𝖾𝗐
2 , ⊥ )
ϕ𝗇𝖾𝗐2
𝗉𝗄𝗇𝖾𝗐2
c𝗇𝖾𝗐2
(𝗂𝖽⋆, v⋆, 𝗉𝗄⋆)
Key primitive for constructing DEXs
![Page 100: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/100.jpg)
(𝗂𝖽𝗈𝗅𝖽1 , v𝗈𝗅𝖽
1 , 𝖺𝗎𝗑𝗈𝗅𝖽1 )
ϕ𝗈𝗅𝖽1 = ϕ𝖾𝗑𝖼𝗁
𝗉𝗄𝗈𝗅𝖽1
c𝗈𝗅𝖽1
15
Private atomic swaps
ϕ𝖾𝗑𝖼𝗁(c𝗈𝗅𝖽1 , c𝗈𝗅𝖽
2 , c𝗇𝖾𝗐1 , c𝗇𝖾𝗐
2 ) :
Parse 𝖺𝗎𝗑𝗈𝗅𝖽1 as (𝗂𝖽⋆, v⋆, 𝗉𝗄⋆)
Check that 𝗂𝖽𝗈𝗅𝖽2 = 𝗂𝖽⋆ and v𝗈𝗅𝖽
2 = v⋆
Perform swap: 𝗂𝖽𝗇𝖾𝗐
1 = 𝗂𝖽𝗈𝗅𝖽2 ; v𝗇𝖾𝗐
1 = v𝗈𝗅𝖽2
𝗂𝖽𝗇𝖾𝗐2 = 𝗂𝖽𝗈𝗅𝖽
1 ; v𝗇𝖾𝗐2 = v𝗈𝗅𝖽
1
Check addresses: 𝗉𝗄𝗇𝖾𝗐
1 = 𝗉𝗄⋆
𝗉𝗄𝗇𝖾𝗐2 = 𝗉𝗄𝗈𝗅𝖽
2
(𝗂𝖽𝗈𝗅𝖽2 , v𝗈𝗅𝖽
2 , 𝖺𝗎𝗑𝗈𝗅𝖽2 )
ϕ𝗈𝗅𝖽2
𝗉𝗄𝗈𝗅𝖽2
c𝗈𝗅𝖽2
(𝗂𝖽𝗇𝖾𝗐1 , v𝗇𝖾𝗐
1 , ⊥ )
ϕ𝗇𝖾𝗐1
𝗉𝗄𝗇𝖾𝗐1
c𝗇𝖾𝗐1
(𝗂𝖽𝗇𝖾𝗐2 , v𝗇𝖾𝗐
2 , ⊥ )
ϕ𝗇𝖾𝗐2
𝗉𝗄𝗇𝖾𝗐2
c𝗇𝖾𝗐2
(𝗂𝖽⋆, v⋆, 𝗉𝗄⋆)
= 𝗉𝗄⋆
Key primitive for constructing DEXs
![Page 101: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/101.jpg)
16
DEX
![Page 102: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/102.jpg)
16
DEX
Atomic swap
![Page 103: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/103.jpg)
16
DEX
Atomic swap
Order creation
Trade finalizationOrder discovery
![Page 104: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/104.jpg)
17
DEX Architectures
![Page 105: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/105.jpg)
17
DEX Architectures
Order-based:
![Page 106: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/106.jpg)
17
• Order book maintains list of orders published by makers
DEX Architectures
Order-based:
![Page 107: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/107.jpg)
17
• Order book maintains list of orders published by makers
DEX Architectures
Order-based: (A, B, vA, vB, …)
![Page 108: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/108.jpg)
17
• Order book maintains list of orders published by makers• Takers can scan for open orders and fill them
DEX Architectures
Order-based: (A, B, vA, vB, …)
![Page 109: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/109.jpg)
17
• Order book maintains list of orders published by makers• Takers can scan for open orders and fill them• Eg: Radar Relay, IDEX.
DEX Architectures
Order-based: (A, B, vA, vB, …)
![Page 110: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/110.jpg)
17
• Order book maintains list of orders published by makers• Takers can scan for open orders and fill them• Eg: Radar Relay, IDEX.
DEX Architectures
Order-based:
Index-based:
(A, B, vA, vB, …)
![Page 111: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/111.jpg)
17
• Order book maintains list of orders published by makers• Takers can scan for open orders and fill them• Eg: Radar Relay, IDEX.
DEX Architectures
Order-based:
• Index maintains list of “intents-to-trade” published by makersIndex-based:
(A, B, vA, vB, …)
![Page 112: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/112.jpg)
17
• Order book maintains list of orders published by makers• Takers can scan for open orders and fill them• Eg: Radar Relay, IDEX.
DEX Architectures
Order-based:
• Index maintains list of “intents-to-trade” published by makersIndex-based:
(A, B, vA, vB, …)
(A, B, …)
![Page 113: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/113.jpg)
17
• Order book maintains list of orders published by makers• Takers can scan for open orders and fill them• Eg: Radar Relay, IDEX.
DEX Architectures
Order-based:
• Index maintains list of “intents-to-trade” published by makers• Takers can scan for intentions and interact with makers to fill
orders
Index-based:
(A, B, vA, vB, …)
(A, B, …)
![Page 114: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/114.jpg)
17
• Order book maintains list of orders published by makers• Takers can scan for open orders and fill them• Eg: Radar Relay, IDEX.
DEX Architectures
Order-based:
• Index maintains list of “intents-to-trade” published by makers• Takers can scan for intentions and interact with makers to fill
orders• Eg: AirSwap
Index-based:
(A, B, vA, vB, …)
(A, B, …)
![Page 115: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/115.jpg)
17
• Order book maintains list of orders published by makers• Takers can scan for open orders and fill them• Eg: Radar Relay, IDEX.
DEX Architectures
Order-based:
• Index maintains list of “intents-to-trade” published by makers• Takers can scan for intentions and interact with makers to fill
orders• Eg: AirSwap
Index-based:
(A, B, vA, vB, …)
(A, B, …)
![Page 116: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/116.jpg)
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
Intent-based DEX
18
Index
![Page 117: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/117.jpg)
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
Intent-based DEX
18
Maker
Index
![Page 118: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/118.jpg)
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
A B pkM
Intent-based DEX
18
Maker
Index
![Page 119: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/119.jpg)
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
A B pkM
Intent-based DEX
18
Maker Taker
Index
![Page 120: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/120.jpg)
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
A B pkM
Intent-based DEX
18
Maker Taker
Index
![Page 121: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/121.jpg)
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
A B pkM
Intent-based DEX
18
Maker Taker
tx
Index
![Page 122: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/122.jpg)
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
A B pkM
Intent-based DEX
18
Maker Taker
tx Ledger
Index
![Page 123: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/123.jpg)
19
Privacy Leakage
Ledger
tx
M T
![Page 124: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/124.jpg)
19
Privacy Leakage
Ledger
tx“The addresses
addrM and addrT are exchanging
vA units of A for
vB units of B”
M T
![Page 125: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/125.jpg)
19
Privacy Leakage
Ledger
tx“The addresses
addrM and addrT are exchanging
vA units of A for
vB units of B”
identities of transacting parties
M T
![Page 126: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/126.jpg)
19
Privacy Leakage
Ledger
tx“The addresses
addrM and addrT are exchanging
vA units of A for
vB units of B”
identities of transacting parties
assets and values in the trade
M T
![Page 127: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/127.jpg)
19
Privacy Leakage
Ledger
tx“The addresses
addrM and addrT are exchanging
vA units of A for
vB units of B”
identities of transacting parties
assets and values in the trade
Trade anonymityNo information about participants in the trade is revealed.
M T
![Page 128: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/128.jpg)
19
Privacy Leakage
Ledger
tx“The addresses
addrM and addrT are exchanging
vA units of A for
vB units of B”
identities of transacting parties
assets and values in the trade
Trade anonymityNo information about participants in the trade is revealed.
Trade confidentialityNo information about the assets and values used in the trade is revealed.
M T
![Page 129: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/129.jpg)
Private Intent-based DEX
20
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
Index
![Page 130: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/130.jpg)
Private Intent-based DEX
20
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
Maker
Index
![Page 131: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/131.jpg)
Private Intent-based DEX
20
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
A B pkM
Maker
Index
![Page 132: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/132.jpg)
Private Intent-based DEX
20
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
A B pkM
Maker Taker
Index
![Page 133: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/133.jpg)
Private Intent-based DEX
20
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
A B pkM
Maker Taker
Index
![Page 134: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/134.jpg)
Private Intent-based DEX
20
(A, vA) (B, vB)
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
Sell Buy Public key
BAT MKR pk1
ZRX OMG pk2
A B pkM
Maker Taker
Index
(A, vA) (B, vB)
![Page 135: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/135.jpg)
Private Intent-based DEX
21
Maker
![Page 136: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/136.jpg)
Private Intent-based DEX
21
(A, vA, 𝖺𝗎𝗑𝗈𝗅𝖽1 )
ϕ𝖾𝗑𝖼𝗁
𝗉𝗄𝗈𝗅𝖽1
c𝗈𝗅𝖽1(B, vB, 𝗉𝗄𝖬)
Maker
![Page 137: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/137.jpg)
Private Intent-based DEX
21
(A, vA, 𝖺𝗎𝗑𝗈𝗅𝖽1 )
ϕ𝖾𝗑𝖼𝗁
𝗉𝗄𝗈𝗅𝖽1
c𝗈𝗅𝖽1(B, vB, 𝗉𝗄𝖬)
(c𝗈𝗅𝖽1 , 𝗌𝗄𝗈𝗅𝖽
1 )
Maker Taker
![Page 138: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/138.jpg)
Private Intent-based DEX
21
(A, vA, 𝖺𝗎𝗑𝗈𝗅𝖽1 )
ϕ𝖾𝗑𝖼𝗁
𝗉𝗄𝗈𝗅𝖽1
c𝗈𝗅𝖽1(B, vB, 𝗉𝗄𝖬)
(c𝗈𝗅𝖽1 , 𝗌𝗄𝗈𝗅𝖽
1 ) (B, vB, 𝖺𝗎𝗑𝗈𝗅𝖽2 )
ϕ𝗈𝗅𝖽2
𝗉𝗄𝗈𝗅𝖽2
c𝗈𝗅𝖽2
Maker Taker
![Page 139: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/139.jpg)
Private Intent-based DEX
21
tx
(A, vA, 𝖺𝗎𝗑𝗈𝗅𝖽1 )
ϕ𝖾𝗑𝖼𝗁
𝗉𝗄𝗈𝗅𝖽1
c𝗈𝗅𝖽1(B, vB, 𝗉𝗄𝖬)
(c𝗈𝗅𝖽1 , 𝗌𝗄𝗈𝗅𝖽
1 ) (B, vB, 𝖺𝗎𝗑𝗈𝗅𝖽2 )
ϕ𝗈𝗅𝖽2
𝗉𝗄𝗈𝗅𝖽2
c𝗈𝗅𝖽2
Maker Taker
![Page 140: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/140.jpg)
Private Intent-based DEX
21
tx
Ledger
(A, vA, 𝖺𝗎𝗑𝗈𝗅𝖽1 )
ϕ𝖾𝗑𝖼𝗁
𝗉𝗄𝗈𝗅𝖽1
c𝗈𝗅𝖽1(B, vB, 𝗉𝗄𝖬)
(c𝗈𝗅𝖽1 , 𝗌𝗄𝗈𝗅𝖽
1 ) (B, vB, 𝖺𝗎𝗑𝗈𝗅𝖽2 )
ϕ𝗈𝗅𝖽2
𝗉𝗄𝗈𝗅𝖽2
c𝗈𝗅𝖽2
Maker Taker
![Page 141: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/141.jpg)
Private Intent-based DEX
21
tx
Ledger
(A, vA, 𝖺𝗎𝗑𝗈𝗅𝖽1 )
ϕ𝖾𝗑𝖼𝗁
𝗉𝗄𝗈𝗅𝖽1
c𝗈𝗅𝖽1(B, vB, 𝗉𝗄𝖬)
(c𝗈𝗅𝖽1 , 𝗌𝗄𝗈𝗅𝖽
1 ) (B, vB, 𝖺𝗎𝗑𝗈𝗅𝖽2 )
ϕ𝗈𝗅𝖽2
𝗉𝗄𝗈𝗅𝖽2
c𝗈𝗅𝖽2
Maker Taker
Trade anonymity:tx hides all information about Maker and Taker.
Trade confidentiality: tx hides all information about A, B, vA, and vB.
![Page 142: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/142.jpg)
22
![Page 143: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/143.jpg)
22
Private user-defined assets
![Page 144: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/144.jpg)
22
Private user-defined assets
Custom access to private user-defined
assets
![Page 145: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/145.jpg)
22
Private DEX
Private user-defined assets
Custom access to private user-defined
assets
![Page 146: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/146.jpg)
23
![Page 147: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/147.jpg)
23
But what if you want a user-defined asset with a different (custom) policy?
![Page 148: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/148.jpg)
23
But what if you want a user-defined asset with a different (custom) policy?
For example, simple ERC-20 tokens require only value-conservation. other tokens, like stablecoins, need to also implement blacklists and whitelists.
![Page 149: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/149.jpg)
Birth predicates
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMMCOMM
∈
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
c𝗈𝗅𝖽i
𝖼𝗆𝗈𝗅𝖽i
𝗌𝗄𝗈𝗅𝖽i
c𝗇𝖾𝗐j𝗉𝗄𝗈𝗅𝖽
i ρ𝗈𝗅𝖽i 𝗉𝗄𝗇𝖾𝗐
j ρ𝗇𝖾𝗐j(𝗂𝖽𝗈𝗅𝖽
i , v𝗈𝗅𝖽i , c𝗈𝗅𝖽
i ) (𝗂𝖽𝗇𝖾𝗐j , v𝗇𝖾𝗐
j , c𝗇𝖾𝗐j )
24
![Page 150: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/150.jpg)
Birth predicates
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMMCOMM
∈
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
c𝗈𝗅𝖽i
𝖼𝗆𝗈𝗅𝖽i
𝗌𝗄𝗈𝗅𝖽i
c𝗇𝖾𝗐j𝗉𝗄𝗈𝗅𝖽
i ρ𝗈𝗅𝖽iϕ𝗈𝗅𝖽
𝖽,i 𝗉𝗄𝗇𝖾𝗐j ρ𝗇𝖾𝗐
jϕ𝗇𝖾𝗐𝖽, j
ϕ𝗈𝗅𝖽𝖽,i ( ⋅ ) = 1
ϕ𝗇𝖾𝗐𝖻, j ( ⋅ ) = 1
(𝗂𝖽𝗈𝗅𝖽i , v𝗈𝗅𝖽
i , c𝗈𝗅𝖽i ) (𝗂𝖽𝗇𝖾𝗐
j , v𝗇𝖾𝗐j , c𝗇𝖾𝗐
j )
24
ϕ𝗇𝖾𝗐𝖻, jϕ𝗈𝗅𝖽
𝖻,i
![Page 151: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/151.jpg)
Birth predicates
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMMCOMM
∈
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
c𝗈𝗅𝖽i
𝖼𝗆𝗈𝗅𝖽i
𝗌𝗄𝗈𝗅𝖽i
c𝗇𝖾𝗐j𝗉𝗄𝗈𝗅𝖽
i ρ𝗈𝗅𝖽iϕ𝗈𝗅𝖽
𝖽,i 𝗉𝗄𝗇𝖾𝗐j ρ𝗇𝖾𝗐
jϕ𝗇𝖾𝗐𝖽, j
ϕ𝗈𝗅𝖽𝖽,i ( ⋅ ) = 1
ϕ𝗇𝖾𝗐𝖻, j ( ⋅ ) = 1
(𝗂𝖽𝗈𝗅𝖽i , v𝗈𝗅𝖽
i , c𝗈𝗅𝖽i ) (𝗂𝖽𝗇𝖾𝗐
j , v𝗇𝖾𝗐j , c𝗇𝖾𝗐
j )
24
ϕ𝗇𝖾𝗐𝖻, jϕ𝗈𝗅𝖽
𝖻,i
∙ ∀𝗂𝖽, 𝗂𝖽-value is conserved∙ Policy p is enforced
![Page 152: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/152.jpg)
Supporting arbitrary data and computation
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMMCOMM
∈
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
r𝗈𝗅𝖽i
𝖼𝗆𝗈𝗅𝖽i
𝗌𝗄𝗈𝗅𝖽i
r𝗇𝖾𝗐j𝗉𝗄𝗈𝗅𝖽
i ρ𝗈𝗅𝖽iϕ𝗈𝗅𝖽
𝖽,i 𝗉𝗄𝗇𝖾𝗐j ρ𝗇𝖾𝗐
jϕ𝗇𝖾𝗐𝖽, j
ϕ𝗈𝗅𝖽𝖽,i ( ⋅ ) = 1
ϕ𝗇𝖾𝗐𝖻, j ( ⋅ ) = 1
𝗉𝖺𝗒𝗅𝗈𝖺𝖽 𝗉𝖺𝗒𝗅𝗈𝖺𝖽
25
ϕ𝗇𝖾𝗐𝖻, jϕ𝗈𝗅𝖽
𝖻,i
![Page 153: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/153.jpg)
Supporting arbitrary data and computation
rt 𝛑tx
set of all coin commitments
old coin serial numbers
new coin commitments ZKP
PRF
COMMCOMM
∈
𝗌𝗇𝗈𝗅𝖽i 𝖼𝗆𝗇𝖾𝗐
j
r𝗈𝗅𝖽i
𝖼𝗆𝗈𝗅𝖽i
𝗌𝗄𝗈𝗅𝖽i
r𝗇𝖾𝗐j𝗉𝗄𝗈𝗅𝖽
i ρ𝗈𝗅𝖽iϕ𝗈𝗅𝖽
𝖽,i 𝗉𝗄𝗇𝖾𝗐j ρ𝗇𝖾𝗐
jϕ𝗇𝖾𝗐𝖽, j
ϕ𝗈𝗅𝖽𝖽,i ( ⋅ ) = 1
ϕ𝗇𝖾𝗐𝖻, j ( ⋅ ) = 1
𝗉𝖺𝗒𝗅𝗈𝖺𝖽 𝗉𝖺𝗒𝗅𝗈𝖺𝖽
25
ϕ𝗇𝖾𝗐𝖻, jϕ𝗈𝗅𝖽
𝖻,i
Store arbitrary data
Store arbitrary data
![Page 154: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/154.jpg)
ZEXE
26
![Page 155: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/155.jpg)
ZEXE
26
Modeling: Records Nano-Kernelminimalist shared execution environment that defines rules for computing on records (units of data)
![Page 156: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/156.jpg)
ZEXE
26
Modeling: Records Nano-Kernelminimalist shared execution environment that defines rules for computing on records (units of data)
![Page 157: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/157.jpg)
ZEXE
26
Modeling: Records Nano-Kernelminimalist shared execution environment that defines rules for computing on records (units of data)
Theoretical crypto: Decentralized Private Computation
crypto primitive that realizes a ledger-based RNK where txs reveal NO information about computations
![Page 158: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/158.jpg)
ZEXE
26
Modeling: Records Nano-Kernelminimalist shared execution environment that defines rules for computing on records (units of data)
Theoretical crypto: Decentralized Private Computation
crypto primitive that realizes a ledger-based RNK where txs reveal NO information about computations
![Page 159: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/159.jpg)
ZEXE
26
Modeling: Records Nano-Kernelminimalist shared execution environment that defines rules for computing on records (units of data)
Theoretical crypto: Decentralized Private Computation
crypto primitive that realizes a ledger-based RNK where txs reveal NO information about computations
Applied crypto: ZEXE
leverage techniques from zkSNARKs, recursive composition, and efficient circuit design
![Page 160: ZEXE: Enabling Decentralized Private Computation · 1 ZEXE: Enabling Decentralized Private Computation Sean Bowe Alessandro Chiesa Matthew Green Ian Miers Pratyush Mishra Howard Wu](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec8446f1b0b173c723b220e/html5/thumbnails/160.jpg)
ZEXE
26
Modeling: Records Nano-Kernelminimalist shared execution environment that defines rules for computing on records (units of data)
Theoretical crypto: Decentralized Private Computation
crypto primitive that realizes a ledger-based RNK where txs reveal NO information about computations
Applied crypto: ZEXE
leverage techniques from zkSNARKs, recursive composition, and efficient circuit design
libzexe.org