alxs
commented
2 years ago Is obfuscating smart contracts even a thing? Sounds pretty hard tbh, especially considering that Bob needs to verify the smart contract on his side.
Open noot opened 2 years ago
alxs
commented
2 years ago Is obfuscating smart contracts even a thing? Sounds pretty hard tbh, especially considering that Bob needs to verify the smart contract on his side.
noot
commented
2 years ago yeah I have no idea if this is possible or not, probably not unless we somehow throw it in some privacy-preserving L2 rollup or such (if that even exists). I just opened this to keep it in mind
alxs
commented
2 years ago Otherwise we can probably always resort to the 'hard' DLEQ option, i.e. doing it the Monero way on both sides - which would preserve privacy.
Crypt0-Bear
commented
2 years ago Onne possible solution could be zkSNARKs shielded pool similar to torndado.cash. It would still show money coming into the contract but would help add a bigger anonymity set since all the ETH could be pooled into the contract and it would help obfuscate the transaction flow between specific eth coming in and out.
kayabaNerve
commented
2 years ago Instead of shielding the contract, which shouldn't be considered possible UNLESS you aim to replicate Taproot on BTC though I do believe this would be sufficiently suspicious on Ethereum, I'd be more interested if instead of specifying an address, you specify deposit info in order to directly enter a protocol such as Tornado Cash. Tornado Cash specifically isn't ideal due to the denomination system, yet something like AZTEC (zero research on them from my end) may be more pliable? It'd raise gas fees for the relayer yet offer ETH privacy. It does require relayers to be effective thhouugh, see #33.
0xTARC
commented
1 year ago All of the options I'm aware of on Ethereum are:
I think Obscuro is way too early and the fact that you can only interact with the contract on their L2 make it not very ETH native.
Would need more research to give an opinion on Railgun vs Aztec for this use-case
Would be fun to look at building a poc for one of these for an upcoming hackathon
kayabaNerve
commented
1 year ago With regards to Obscuro, it's not just the bridge which runs in a TEE. The entire privacy model does. SGX, the TEE they use, has been broken several times and cannot be argued as a privacy solution. It's a layer of additional security. No more, no less.
noot
commented
1 year ago @0xTARC thanks for the detailed comment! Would definitely be good to explore this issue more, I think Aztec or Railgun could be good solutions. I haven't looked into Railgun too much tbh, but I'll make a point of doing that.
At a high level, any sort of shielded pool should work. Funds will be "owned" by the contract, and the swap participants can validate the amounts transferred in the ETH locking step via a private view key or equivalent.
However, I think the simplest thing that can be achieved here is confidentiality of swap amounts. If the contract is modified to allow for relayers for both ETH locks and claims, then it could also achieve (better) anonymity for swap participants.
Let me know if you end up working on this or doing any more research, would love to chat about it!
on the ETH side, if someone decodes the bytecode of the smart contract, they would be able to see that the participants were using a Swap contract and thus Alice now owns some monero.
I'm not sure of a good way around this, but definitely something that needs to be considered.