Overview
What is the ZeKnow Solv protocol?
ZeKnow Solv is a cryptographic protocol that uses zk-SNARK technology to prove that an exchange has enough funds to cover all of its user deposits.
It has two main subprotocols: a Proof-of-Assets and a Proof-of-Liabilities. The Proof-of-Assets protocol is a zk-SNARK whose output is a list of balances controlled by the exchange. The Proof-of-Liabilities protocol is a zk-SNARK whose output is the sum of the balances of all users of the exchange, as well as the root node of a Merkle tree which includes each individual user balance in a leaf node.
The Proof-of-Assets and Proof-of-Liabilities zk-SNARKs are included as private inputs to a top-level Solvency zk-SNARK. The top-level Solvency process privately verifies that the provided asset balances exceed the provided liability balances.
What does the SolvencyProtocol smart contract do?
The SolvencyProtocol smart contract contains the verifying keys for the top-level Solvency zk-SNARK and it provides a function to publish a proof which checks the pairing equations that certify the validity of the proof. It also serves as an immutable record of the public outputs that are revealed by the top-level Solvency snark.
What zk-SNARK protocol does ZeKnow Solv use?
The ZeKnow Solv protocol currently uses the Groth16 protocol over the BN254 curve.
When is the trusted setup ceremony?
We plan to run a secure trusted setup ceremony to ensure the security of the zk-SNARKs powering the ZeKnow Solv protocol. If you want to participate in the trusted setup ceremony please reach out to us at [email protected].
Which L1s are supported?
We natively support ownership of assets on the Ethereum and Bitcoin blockchains. In addition, we support third-party attestations of fiat balances and other chain balances.
What is revealed by the top-level Solvency zk-SNARK?
The top-level Solvency zk-SNARK reveals the following public outputs:
The (hash of the) verifying keys that are used to verify each of the sub-components.
The (hash of the) blockchain snapshots that are used to determine the balance of the addresses owned by the exchange.
The value of the Merkle root node for the Merkle tree that aggregates all included user balances.
Optionally, the system can also selectively reveal the total values of assets and liabilities.
Code Repository For Verification
Last updated