c8be9d7414
- Add Prometheus metrics for marketplace API throughput and error rates with new dashboard panels - Implement confidential transaction models with encryption support and access control - Add key management system with registration, rotation, and audit logging - Create services and registry routers for service discovery and management - Integrate ZK proof generation for privacy-preserving receipts - Add metrics instru
6.3 KiB
6.3 KiB
Zero-Knowledge Receipt Attestation Design
Overview
This document outlines the design for adding zero-knowledge proof capabilities to the AITBC receipt attestation system, enabling privacy-preserving settlement flows while maintaining verifiability.
Goals
- Privacy: Hide sensitive transaction details (amounts, parties, specific computations)
- Verifiability: Prove receipts are valid and correctly signed without revealing contents
- Compatibility: Work with existing receipt signing and settlement systems
- Efficiency: Minimize proof generation and verification overhead
Architecture
Current Receipt System
The existing system has:
- Receipt signing with coordinator private key
- Optional coordinator attestations
- History retrieval endpoints
- Cross-chain settlement hooks
Receipt structure includes:
- Job ID and metadata
- Computation results
- Pricing information
- Miner and coordinator signatures
Privacy-Preserving Flow
1. Job Execution
↓
2. Receipt Generation (clear text)
↓
3. ZK Circuit Input Preparation
↓
4. ZK Proof Generation
↓
5. On-Chain Settlement (with proof)
↓
6. Verification (without revealing data)
ZK Circuit Design
What to Prove
-
Receipt Validity
- Receipt was signed by coordinator
- Computation was performed correctly
- Pricing follows agreed rules
-
Settlement Conditions
- Amount owed is correctly calculated
- Parties have sufficient funds/balance
- Cross-chain transfer conditions met
What to Hide
- Sensitive Data
- Actual computation amounts
- Specific job details
- Pricing rates
- Participant identities
Circuit Components
// High-level circuit structure
template ReceiptAttestation() {
// Public inputs
signal input receiptHash;
signal input settlementAmount;
signal input timestamp;
// Private inputs
signal input receipt;
signal input computationResult;
signal input pricingRate;
signal input minerReward;
// Verify receipt signature
component signatureVerifier = ECDSAVerify();
// ... signature verification logic
// Verify computation correctness
component computationChecker = ComputationVerify();
// ... computation verification logic
// Verify pricing calculation
component pricingVerifier = PricingVerify();
// ... pricing verification logic
// Output settlement proof
settlementAmount <== minerReward + coordinatorFee;
}
Implementation Plan
Phase 1: Research & Prototyping
-
Library Selection
- snarkjs for development (JavaScript/TypeScript)
- circomlib2 for standard circuits
- Web3.js for blockchain integration
-
Basic Circuit
- Simple receipt hash preimage proof
- ECDSA signature verification
- Basic arithmetic operations
Phase 2: Integration
-
Coordinator API Updates
- Add ZK proof generation endpoint
- Integrate with existing receipt signing
- Add proof verification utilities
-
Settlement Flow
- Modify cross-chain hooks to accept proofs
- Update verification logic
- Maintain backward compatibility
Phase 3: Optimization
-
Performance
- Trusted setup for Groth16
- Batch proof generation
- Recursive proofs for complex receipts
-
Security
- Audit circuits
- Formal verification
- Side-channel resistance
Data Flow
Proof Generation (Coordinator)
async def generate_receipt_proof(receipt: Receipt) -> ZKProof:
# 1. Prepare circuit inputs
public_inputs = {
"receiptHash": hash_receipt(receipt),
"settlementAmount": calculate_settlement(receipt),
"timestamp": receipt.timestamp
}
private_inputs = {
"receipt": receipt,
"computationResult": receipt.result,
"pricingRate": receipt.pricing.rate,
"minerReward": receipt.pricing.miner_reward
}
# 2. Generate witness
witness = generate_witness(public_inputs, private_inputs)
# 3. Generate proof
proof = groth16.prove(witness, proving_key)
return {
"proof": proof,
"publicSignals": public_inputs
}
Proof Verification (On-Chain/Settlement Layer)
contract SettlementVerifier {
// Groth16 verifier
function verifySettlement(
uint256[2] memory a,
uint256[2][2] memory b,
uint256[2] memory c,
uint256[] memory input
) public pure returns (bool) {
return verifyProof(a, b, c, input);
}
function settleWithProof(
address recipient,
uint256 amount,
ZKProof memory proof
) public {
require(verifySettlement(proof.a, proof.b, proof.c, proof.inputs));
// Execute settlement
_transfer(recipient, amount);
}
}
Privacy Levels
Level 1: Basic Privacy
- Hide computation amounts
- Prove pricing correctness
- Reveal participant identities
Level 2: Enhanced Privacy
- Hide all amounts
- Zero-knowledge participant proofs
- Anonymous settlement
Level 3: Full Privacy
- Complete transaction privacy
- Ring signatures or similar
- Confidential transfers
Security Considerations
-
Trusted Setup
- Multi-party ceremony for Groth16
- Documentation of setup process
- Toxic waste destruction proof
-
Circuit Security
- Constant-time operations
- No side-channel leaks
- Formal verification where possible
-
Integration Security
- Maintain existing security guarantees
- Fail-safe verification
- Gradual rollout with monitoring
Migration Strategy
-
Parallel Operation
- Run both clear and ZK receipts
- Gradual opt-in adoption
- Performance monitoring
-
Backward Compatibility
- Existing receipts remain valid
- Optional ZK proofs
- Graceful degradation
-
Network Upgrade
- Coordinate with all participants
- Clear communication
- Rollback capability
Next Steps
-
Research Task
- Evaluate zk-SNARKs vs zk-STARKs trade-offs
- Benchmark proof generation times
- Assess gas costs for on-chain verification
-
Prototype Development
- Implement basic circuit in circom
- Create proof generation service
- Build verification contract
-
Integration Planning
- Design API changes
- Plan data migration
- Prepare rollout strategy