diff --git a/doc/src/overview/anonymous_assets.md b/doc/src/overview/anonymous_assets.md new file mode 100644 index 000000000..6801781e3 --- /dev/null +++ b/doc/src/overview/anonymous_assets.md @@ -0,0 +1,71 @@ +# Anonymous assets + +DarkFi network allows for the issuance and transfer of anonymous assets with an arbitrary number of parameters. These tokens are anonymous, relying on zero-knowledge proofs to ensure validity without revealing any other information. + +New tokens are created and destroyed every time you send an anonymous transaction. To send a transaction on DarkFi, you must first issue a credential that commits to some value you have in your wallet. This is called the **Mint** phase. Once the credential is spent, it destroys itself: what is called the **Burn.** + +Through this process, the link between inputs and outputs is broken. + +![](transaction.png) + +**Mint** + +During the **Mint** phase we create a new coin *C*, which is bound to the public key *P*. The coin *C* is publicly revealed on the blockchain and added to the merkle tree, which is stored locally on the DarkFi wallet. + +We do this using the following process: + +Let *v* be the coin's value. Generate random $r_C$, $r_V$ and serial $\rho$. + +Create a commitment to these parameters in zero-knowledge: + +$$ C = H(P, v, \rho, r_C) $$ + +Check that the value commitment is constructed correctly: + +$$ v > 0 $$ +$$ V = v G_1 + r_V G_2 $$ + +Reveal *C* and *V*. Add *C* to the merkle tree. + +**Burn** + +When we spend the coin, we must ensure that the value of the coin cannot be double spent. We call this the *Burn* phase. The process relies on a *N* nullifier, which we create using the secret key *x* for the public key *P*. Nullifier's are unique per coin and prevent double spending. +*R* is the merkle root. *v* is the coin's value. + +Generate a random number $r_V$. + +$$ N = H(x, \rho) $$ + +Check that the secret key corresponds to a public key: + +$$ P = xG $$ + +Check that the public key corresponds to a coin which is in the merkle tree *R*: + +$$ C = H(P, v, \rho, r_C) $$ +$$ C \in R $$ + +Check that the value commitment is constructed correctly: + +$$ v > 0 $$ +$$ V = v G_1 + r_V G_2 $$ + +Reveal *N*, *V* and *R*. Check *R* is a valid merkle root. Check *N* does not exist in the nullifier set. + +The zero-knowledge proof confirms that *N* binds to an unrevealed value *C*, and that this coin is in the merkle tree, without linking *N* to *C*. Once the nullifier is produced the coin becomes unspendable. + +**Adding values** + +Assets on DarkFi can have any number of values or attributes. This is achieved by creating a credential *C* and hashing any number of values and checking that they are valid in zero-knowledge. + +We check that the sum of the inputs equals the sum of the outputs. This means that: + +$$ B = \sum{V_{in}} - \sum{V_{out}} $$ + +And that *B* is a valid point on the curve $G_2$. + +This proves that $B = 0 G_1 + b G_2 = b G_2$ where *b* is a secret blinding factor for the amounts. + +**Diagram** + +![](../../specs/diagram-dkzk.png) diff --git a/doc/src/overview/diagram-dkzk.png b/doc/src/overview/diagram-dkzk.png new file mode 100644 index 000000000..4cc6bbf99 Binary files /dev/null and b/doc/src/overview/diagram-dkzk.png differ diff --git a/doc/src/overview/network.png b/doc/src/overview/network.png new file mode 100644 index 000000000..1d0214978 Binary files /dev/null and b/doc/src/overview/network.png differ diff --git a/doc/src/overview/overview.md b/doc/src/overview/overview.md new file mode 100644 index 000000000..af68d5b37 --- /dev/null +++ b/doc/src/overview/overview.md @@ -0,0 +1,22 @@ +# Overview + +DarkFi is a layer one proof-of-stake blockchain that supports anonymous applications. It is currently under heavy development. This overview will outline a few key terms that help explain DarkFi. + +![](network.png) + +**Cashier:** The Cashier is the entry-point to the DarkFi network. Its role is to exchange cryptocurrency assets for anonymous wrapped tokens that are pegged to the underlying currency. This is fully redeemable at cash-out. For example, if you deposit 1 ETH, you will receive 1 wETH on entry to the DarkFi network. If you gain a further 0.5 ETH on a successful trade, you will exit with 1.5 ETH, minus network fees. + +Much like on a traditional OTC trading website, anyone can be a cashier. Cashier's have one public key, however a Cashier can also be a multisig through an aggregated public key. + +Currently, the role of the Cashier is trusted and centralized. As a next step, DarkFi plans to implement trust-minimized bridges and eventually fully trustless bridges. + +**Blockchain:** Once new anonymous tokens (e.g. wETH) have been issued, the Cashier posts that data on the blockchain. This data is encrypted and the transaction link is broken. + +On the DarkFi network, the role of the blockchain is minimized to data availability. All execution and computation is handled locally in a user's wallet. However, this does not impact security: if non-valid behavior is detected, it will be rejected from the blockchain. + +The DarkFi blockchain uses a Proof-of-Stake consensus system. Validators are paid for in transaction fees, which are denominated in DRK. Anyone can be a validator and stake DRK in exchange for transaction fees. + +**Wallets:** A wallet is a portal to the DarkFi network. It provides the user with the ability to open and enter into trades, as well as to issue their own custom contracts and assets. Each wallet is a full node and stores a copy of the blockchain. All contract execution is done locally on the DarkFi wallet. + +The DarkFi wallet communicates with other wallets through a peer-to-peer network. This peer-to-peer network is called the **Pulse Network** and allows for the coordination of anonymous trades. + diff --git a/doc/src/overview/transaction.png b/doc/src/overview/transaction.png new file mode 100644 index 000000000..b65e0971c Binary files /dev/null and b/doc/src/overview/transaction.png differ