github/zkp2p-poc
1
1
Fork 0
mirror of https://github.com/zkp2p/zkp2p-poc.git synced 2026-01-09 13:48:06 -05:00
Code Issues Packages Projects Releases Wiki Activity
96 Commits 11 Branches 0 Tags
sachin/v1/contracts
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

ZKP2P

A trustless P2P fiat onramp powered by ZK proofs and Venmo

ZKP2P enables trustless USDC to USD trades using ZK proofs of DKIM signatures of Venmo confirmation emails. The app can be found at zkp2p.xyz. We use the libraries created by ZK Email to prove the SHA256 and RSA signatures and regex.

Part of ZK Hack Lisbon 2023 (2nd place winner).

Our demo at the ZK Hack closing ceremony and Devfolio

DM us to join the conversation!

Twitter

Telegram

Problem

  • New retail users face huge barriers to onboard funds onto web3
  • Users must register for a centralized exchange (e.g. Coinbase) or use centralized fiat onramps which charge high fees (e.g. 5%)
  • Crypto natives are unable to offboard funds into the real world
  • Only institutional accounts have direct access to convert USDC or USDT to USD
  • Existing P2P solutions either require meeting in person (e.g., LocalBitcoins) or rely on a centralized intermediary (e.g., OTC desks)

High Level Flows

There are 2 actors in the system: 1) off-rampers and 2) on-rampers:

  1. Off-rampers are users who intend to trade their USDC on-chain to USD on Venmo
  2. On-rampers are users who intend to trade their USD on Venmo to USDC on-chain

There are currently 2 major flows in the protocol described below: Registration

  1. All users of the system must register and tie up a Venmo user ID to their public wallet address
  2. Currently, users are able to specify any Venmo ID valid or not before posting orders. It is up to the counterparty to check that the Venmo ID is valid off-chain. In the future, we can make the system safer by requiring as part of the registration flow for the user to generate a proof of a historical Venmo transaction

Onramp / Offramp

  1. Onrampers create a new order specifying the amount of USDC they want to receive and the maximum amount of USD they are willing to pay
Screenshot 2023-04-04 at 11 36 50 AM
  1. Offrampers view orders that are posted and can indicate interest in filling an onrampers order by claiming. When offrampers claim an order, they lock their USDC to the Ramp escrow contract. Multiple offrampers can indicate interest in an order.
Screenshot 2023-04-04 at 11 37 23 AM
  1. Offrampers send a Venmo request off-chain to the onramper's Venmo ID. Multiple offrampers can send Venmo request to the onramper
  2. Onramper chooses which Venmo request to complete the charge for and check that orderID, offramper userID, and amount are correct
  3. Onramper completes request and downloads the confirmation email from Venmo. They generate a proof of the confirmation email and submit the transaction on-chain to unlock the escrow funds
Screenshot 2023-04-02 at 1 39 16 PM

Usage

This is WIP

  1. Clone the repo and run yarn install in both the root and app folders. Navigate to the app folder and run yarn start
  2. Currently, we still need to wire up the generate proof to the UI flow. You have to paste your proof.json and public.json into the Proof Output and Public Signal text boxes in the UI. To generate the proof, you'll need to first download the proving key from our S3 bucket (link to be updated)
  3. Then run yarn genProofGroth after cloning the repo. This will take a long time (5min+). Or user RapidSnark on a server by following Best Practices for Large Circuits.
Compilation Value
non-linear constraints 8811533
public inputs 17
public outputs 9
private inputs 7543
wires 8449232
labels 34981572

Limitations

  • Slow proving time. It takes 60s for witness generation and 15s for proof gen using RapidSnark. 5GB proving key size. 8M+ constraints (a lot can be heavily optimized in the future)
  • Mechanism relies on trusting Venmo. It is likely not sound for large transactions where a malicious actor has more incentive to attack the system. (e.g. chargebacks, convincing Venmo signatures to sign a malicious email). Hopefully for smaller transactions, there is more recourse (e.g. user ID is doxxed and victim can complain to Venmo)

Future Work

  • Deploy to prod!
  • Design around edge cases (What if a hacker gets Venmo to sign a malicious email? What are ways of recourse? How to deal with chargebacks? Nullifiers?)
  • Optimizations. Speed up proving time perhaps using Halo2 libs
  • Integrate more P2P payment systems (Paypal, Zelle) and potentially bank ACH / wires
  • Support more tokens

Deployed Addresses

Testnet (Goerli)

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme MIT 59 MiB
Languages
TypeScript 44.1%
Circom 30.2%
JavaScript 18.2%
Shell 3.8%
Python 2.8%
Other 0.9%