Skip to content
A zkSNARK implementation of a merkle tree membership preimage proof.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bellman
ff
pairing
sapling-crypto
src
.gitignore
Cargo.lock
Cargo.toml
README.md

README.md

rust-miximus

This repo contains a MVP, WASM compatible zkSNARK of barrywhitehat's original Miximus. Details of the construction are as follows.

Miximus

Miximus is an anonymous cryptocurrency mixer using zkSNARKs. A full implementation allows users to deposit coins into a smart contract as in Ethereum or blockchain runtime as in Substrate, create a leaf in a merkle tree with some secret data, and then withdraw these coins anonymously by providing a zkSNARK over data in the merkle tree. The proof allows a valid depositor to prove they deposited coins into the merkle tree without enforcing that the withdrawer show which leaf they are proving over.

Double-spend protection

To use Miximus on a blockchain, one must ensure participants cannot double spend/withdraw coins. This is done by using a zkSNARK that proves knowledge of a preimage P for a leaf L in a merkle tree T such that P is the concatenation of a nullifier N and a secret S.

The private inputs of the zkSNARK are:

  1. The secret S.
  2. The merkle authentication path PATH.

The public inputs of the zkSNARK are:

  1. The nullifier N.
  2. The merkle root T.

The zkSNARK ensures in zero-knowledge that HASH(N|S) is a valid leaf by using it to reconstruct T using an authentication path PATH. Since the nullifier is a public input, this can be recorded in a persistent manner to ensure users can't prove knowledge of deposits more than once as each nullifier is only good for a single leaf. A simple boolean check on a blockchain runtime prevents double spending from occurring.

You can’t perform that action at this time.