PlatON Privacy-Preserving Computation WhitePaper|Part 5 Applications

PlatON Privacy-Preserving Computation WhitePaper|Part 5 Applications

Continued from the previous article. PlatON Privacy-Preserving Computation White Paper | Part 4. Off-Chain Services

This article is about the characteristics of applications on the privacy-preserving Computation network.

5 . Applications

In this section, we generally describe several applications based on privacy-preserving capabilities.

5.1 Fair Exchange

Fair exchange enables a seller and a buyer to exchange data securely. Security means that the buyer pays to the seller if and only if the buyer gets the digital goods. Theoretical result shows that it is impossible to exchange fairly without a trusted third party. However, it is possible to take the public blockchain system as a trusted third party to design fair exchange protocols.

In general, an efficient protocol for fair exchange of digital goods uses smart contracts. A fair exchange protocol allows a sender to sell a digital commodity x for a fixed price p to a buyer. A typical solution of fair exchange is “Zero-Knowledge Contingent Payment” (ZKCP) [33, 8, 16]. ZKCP technique enables fair exchange to be achieved by using blockchain, where Bitcoins are released if and only if some knowledge is disclosed by the payee. In particular, ZKCP uses zero-knowledge proof algorithms together with a hash-locked transaction to make sure the revealed data in the released hashlock is the data that the payer need. Using the progress in ZK-SNARK[32], we could even exchange a large amount of data that satisfies properties featured by deep learning models.

5.2 Anonymous DAO

Decentralized Autonomous Organization (DAO) is an organization that was designed to be auto- mated and decentralized. It acted as a form of venture capital fund, based on open-source code and without a typical management structure or board of directors. To be fully decentralized, the DAO was unaffiliated with any particular nation-state, though it made use of the public blockchain network. Anonymous DAO aims to improve participants’ privacy by using cryptographic privacy-preserving techniques like zk-snarks.

People can create a proposal by proving the validity of their membership within the group. Also DAO needs to prevent spam proposals by requiring any proposal to be uniquely created in an epoch. People can make votes to any proposal by proving their memberships without disclosing their identities, and proving the freshness of their votes. Technically speaking, one could use ZK- SNARKs to prove the following and achieve the above requirements: a) Membership of a Merkle tree. b) The correctness of a nullifier, where a nullifier is an unforgettable identifier of an item (a vote, a membership, etc).

5.3 Private Decentralized Exchange

A private DEX is a decentralized exchange that protects the identity and the amount of the traders. Current DEXs mostly focus on automated market maker (AMM) modes. An automated liquidity protocol powered by a constant product formula and implemented in a system of non-upgradeable smart contracts on the blockchain. It obviates the need for trusted intermediaries, prioritizing decentralization, censorship resistance, and security.

Anyone can become a liquidity provider (LP) for a pool by depositing an equivalent value of each underlying token in return for pool tokens. These tokens track pro-rata LP shares of the total reserves, and can be redeemed for the underlying assets at any time. Pairs act as automated market makers, standing ready to accept one token for the other as long as the “constant product” formula is preserved. This formula, most simply expressed as x ∗ y = k, states that trades must not change the product (k) of a pair’s reserve balances (x and y). Because k remains unchanged from the reference frame of a trade, it is often referred to as the invariant.

Private payment could be used to construct private DEXs. Anonymity could be held by applying anonymous transactions based on ZK-SNARKs. However, in the AMM model, it is difficult to protect the transfer amount. This is because the changed values ∆x and ∆y have to satisfy the constraint (x − ∆x) ∗ (y + ∆y) = k, and these two values should be public for all the participants. It is still an open problem to provide anonymity and confidentiality for DEXs.

5.4 Sealed Bidding

Sealed Bidding provides a privacy-preserving manner for the auction where no bidder learns any information about the other bids. The bidders are encouraged to bid according to their monetary valuation of the asset. On the other hand, the existence of any collusion between the auctioneer and a malicious bidder can break the advantage. To prevent the conflict between protecting the privacy of the bids and trusting the auctioneer to individually determine the winner, cryptographic protocols can be utilized to accomplish the publicly verifiable correctness without sacrificing the privacy of the bids.

A typical cryptographic sealed-bid could involve the auctioneer, different bidders and the auction smart contract to interact with each other, where they use primitives like homomorphic commitment schemes, zero-knowledge proofs for interval memberships, etc. The auctioneer initially deploys the auction contract on the blockchain, with some parameters to be configured, including the amount of initial deposit of bidders, time intervals, the maximum number of bidders, etc. During the bidding process, each bidder submits a commitment of his bid to the auction contract, and also encryption of the bid witness and randomness to the auctioneer. The auctioneer orders the bids according to the correctness to determine the winning bid, the associated account address, and commitment and proves the correctness of the winner simultaneously.

5.5 Private NFT

Private non-fungible Tokens (NFT) enable verifiable representation of unique items and events, such that ownership and transactions are private by default. Private NFT can be specialized with different ZK-SNARK circuits based on different scenarios. For instance, an invoice that dictates that Bob will pay Alice $1000 in 90 days, can be minted as an NFT that represents a claim on the future revenue. The owner of the invoice Alice can transfer this NFT to Cindy by making on-chain trading of this asset.

A simple NFT registry based on a smart contract that lets anyone mint an NFT by providing a ZK-SNARK proof that validates the NFT completely off-chain. With that, we can achieve that the private information in the off-chain document stays private, but all NFTs have verifiable attributes.

5.6 ZK-Game

ZK-Game is essentially a type of “game with incomplete information”, where players do not possess full information about their opponents and the environments. Some players possess private information, a fact that the others should take into account when forming expectations about how those players will behave. For instance, Poker is a typical game with incomplete information, where a player never knows the cards in his opponents. Game with incomplete information allows people to explore a richer and more dramatic strategy. Information asymmetry enables deceive, conditional coordinate, and complex social dynamics.

Using ZKP tools like ZK-SNARKs in building games with incomplete information is quite crucial. For instance, ZK-SNARKs makes it possible to build and verify claims like “I moved my horse from a secret location A to a secret location B. I will not tell you any information of location A and location B, but this proof proves that the movement from A to B is indeed valid”.

Dark Forest is built on ZKP as a game with incomplete information in Ethereum. One of the core ideas behind Dark Forest is the “cryptographic fog of war” protected by ZK-SNARKs. We encourage developers to create interesting games like Dark Forest in our systems.

Publisher:PlatONWorld,Please indicate the source for forwarding:https://platonworld.org/?p=4241

Like (0)
Previous July 20, 2021 08:38
Next July 20, 2021 22:13

相关推荐

Leave a Reply

Please Login to Comment