Open Grant: <Lit-Privacy-SDK by Curve Labs>

[iremozturan]

Open Grant Proposal: Lit-Privacy-SDK

Name of Project: Lit-Privacy-SDK

Proposal Category: grants:devtools-libraries

Proposer: Curve Labs

Do you agree to open source all work you do on behalf of this grant and dual-license under MIT, APACHE2, or GPL licenses?: Yes

Project Description

The notion of radical transparency in blockchains, where anybody can observe the current state and the details of all state transitions, is not always optimal. One example is decentralized governance where the transparency of voting procedures can lead to individuals publicly expressing preferences that differ from their true beliefs or attitudes, because they fear social disapproval for expressing their true preferences, and instead conform to prevailing societal norms. Providing individuals with the ability to verifiably prove their voting eligibility while obscuring their identity presumably leads to outcomes that approximate the aggregated individual preferences more accurately than public voting does. This proposal aims to lay out a user-friendly, decentralized architecture to establish privacy in different contexts, based on Lit Protocol, an external Relay Service Provider (to be researched) and Smart Contracts. The use case put forward in this proposal centers around governance and private voting, but the proposed framework remains agnostic to the use case.

Trustless privacy on public blockchains has really just been enabled by zero-knowledge technology. The first widely adopted application using such technology on Ethereum was Tornado Cash, a popular coin mixing protocol that breaks the link between the address that deposits tokens and the address that withdraws, unlocking private ownership of fungible tokens. On a high level the way that it works is that the depositor posts a hashed secret together with the deposit. The hashed secret and the deposit amount are inserted in a special data structure, a Merkle Tree. With a Merkle Tree it is particularly computationally cheap to prove that a specific piece of data is part of the wider data set, even when the set grows very large. To enable the withdrawal of funds, the protocol verifies that the withdrawer provides a valid zk proof that is constructed locally in the user’s browser. That zk proof must prove that the withdrawer knows a secret that when hashed yields a hash that is part of the Merkle Tree. It doesn’t leak what the secret or the hash are though, thereby enabling the privacy property.

The two-step approach where a user first commits a hashed secret and later on provides a proof that they have knowledge about the underlying secret fits well for use cases where the desire for privacy is the main motivation for users to come together and use the same protocol (as is the case for a coin mixer). However, in contexts where privacy is to be enabled for already existing groups (e.g. a group of governance token holders), the two-step process that is commonly used in many zk protocols to ensure privacy is not practical. That is one of the reasons why privacy in governance hasn’t really taken off yet. If the set of eligible voters has been delineated by means of token holding, committing a hashed secret to unlock a private voting identity not just represents an additional cumbersome step before a user is able to vote. If voter eligibility is determined by a transferable token (e.g. an NFT) the registry of voting identities also needs to be updated frequently to make sure that only the current token holder is eligible to vote (anonymously).

Ideally there would be a one-click way that users can utilize to prove to a smart contract that they are part of a group without revealing their identity. This is where Lit Protocol comes into play. At a high level, based on the user's signature a Lit Action determines if the user is member of a group (defined by holding a token). It then creates a deterministic yet privacy-conserving hash representation of the user's address and signs that hash with its associated PKP. The application smart contract verifies the PKP signature as a proof of membership and records the hash representation to prevent replay and double-spend attacks. To create a seamless User Experience a relayer service is used to submit the transaction to the blockchain.

Value

Privacy is a very important topic in the blockchain industry and its absence a blocker to various use cases. By providing user-friendly, use case agnostic supporting infrastructure for privacy, Lit Protocol can establish itself as an important primitive for building privacy-conserving decentralized applications. Supporting privacy-conserving app development seems a natural fit for a protocol that offers decentralized encryption/decryption as one of its core services.

The main risk to not getting the technical design right is that the deliverables claim to be privacy-conserving while they actually leak sensitive information. By putting privacy at the core of all considerations we plan to not make that mistake.

What makes the execution of this project difficult is the many moving parts: the lit actions, the relayer service, the verifying smart contracts. We have worked with complex architectures before and are confident that we are able to navigate these dependencies.

Deliverables

The use case that we want to focus on is private NFT-based voting. This means that the identity of on-chain voters is kept secret in perpetuity. However, we want to build re-usable building blocks that can be applied to unlock privacy also in other contexts.

We envision packaging the associated deliverables in a “lit-privacy-sdk” for easy re-usability and composability. Any work presented in this proposal that is not direct work on Lit Actions is stripped down to the bare minimum to make the privacy-preserving protocol work as a whole. For example, voting functionality is not included in this proposal. However, the privacy-preserving membership proof generated by the lit-privacy-sdk could be used in a governance context to privately prove voting eligibility.

User Story

As a user, I want to proof that I am member with a certain group of token holders without revealing my identity, so that I can interact privately with an application.

Problem breakdown

• a user needs to prove that they have control over an address
• it needs to be validated that the address holds a membership token (eg an NFT)
• it requires a privacy-preserving proof of membership that can be understood by a smart contract
• it must not be possible to re-use a proof of membership once it had been used (replay attack), or for one user to generate multiple valid proofs of membership for one and the same onchain action (double spend attack)
• the transaction that contains the proof of membership must get to the blockchain in a way that doesn't leak the user's identity or that is prohibitively frictionous in terms of UX

Implementation logic

• when a dapp team wants to integrate a privacy-preserving members-only onchain functionality they integrate the lit-privacy-sdk; they specify the target contract's abi
• a user visits the dapp, connects their wallet, potentially provides inputs required by the target application logic and signs a message
• the message is sent from the sdk to a Lit Action w/ PKP1 which:
  • verifies the address that signed the message
  • signs the address w/ PKP1
  • returns the signature to the sdk ("proof of identity") (the resulting signature serves as a deterministic representation of the user's identity that can be stored onchain without leaking identity information)
• the sdk sends this signature, the user's address, the block number of the desired proof of membership and a public signal (e.g. the proposal id on which a user would like to vote) to another Lit Action w/ PKP2 which:
  • verifies that the proof of identity had been created by PKP1
  • checks if user's address holds member token
  • if both is the case signs a hashed concatenation of identity proof, public signal and block number ("nullifierHash")
  • returns that signature to the sdk ("proof of membership")
• the sdk:
  • uses the proof of membership to assemble a transaction based on the abi specified by the dapp developer team
  • generates a random private key
  • signs the transaction with that key
  • sends the signed transaction to a relay service
• the relay service:
  • submits the transaction as meta-transaction (needs to be funded by the dapp development team for gas money)
• the smart contract consists of the actual application contract that inherits from our membership verifier contract (which in turn inherits from a relay contract)
• the membership verifier contract
  • verifies the membership proof
  • stores the underlying nullifierHash (protection against double spend & replay attacks)

Deliverables

1. Lit Action 1
2. Lit Action 2
3. lit-privacy-sdk
4. Relay-compatible Membership Verifier Smart Contract

(see exact specification in previous section)

Development Roadmap

Milestone 1: Lit Actions 1 & 2

• Includes both Lit Actions as specified in section Implementation Logic
• This milestone represents the core of the proof of membership logic
• Scope: 1 FTE for 7 days

Milestone 2: Relay-compatible membership verifier smart contract

• Includes the Smart Contracts as specified in section Implementation Logic
• Scope: 1 FTE for 7 days

Milestone 3: SDK

• Includes the lit-privacy-sdk meant to create a smooth developer experience and specified in section Implementation Logic
• Scope: 1 FTE for 6 days

Milestone 4: Documentation

• Includes a documentation for all deliverables
• Describes:
  • how the privacy-preserving protocol works
  • how it can be used in dapp development
• Scope: 1 FTE for 2 days

Total Budget Requested

Talent	FTE	Monthly Budget
Smart Contract Engineer	1	$8,000
Legal & Operations Costs*		$2,000
Total Monthly		$10,000

Curve Labs operates as a legally compliant German corporation and pays corporate taxes, insurance, legal, and compliance costs. We envision this work being covered within a little over than a month, bringing the total requested budget to $10,000.

Team

The Curve Labs team is a collection of mechanism designers, economists, software engineers and researchers aspiring to develop frameworks and tooling for a decentralized socio-economic paradigm, with extensive experience in protocol design, smart contract architecture and development, dApp design and development.

Team Members

Fabian Scherer

Backend Engineer, Curve Labs After starting out in Product Management, Fabian transitioned into Engineering in 2019 and took on his first fullstack role shortly after. He joined Curve Labs in 2021 and since then has been focusing on designing and implementing DeFi and Governance solutions. He led the specification, design and implementation of the smart contract based governance system for the Kolektivo Framework. More recently, in the context of a grant by Ceramic and Bacalhau, he developed a UI and a system of smart contracts for DAO contributors to manage their contributions and claim token rewards. He is well versed in the design and implementation of smart contract systems (including zk components) and in React-based UI development.

Mihirsinh Parmar

Backend Engineer, Curve Labs Full-stack developer with a focus on smart contract development and system design. Mihir joined Curve Labs in 2021 and since then has designed NFT primitives, developed DeFi protocols, and worked with cross-chain solutions, leading the specification and implementation of a cross-chain bridge between Celo and Polygon using Hyperlane for Toucan. Recently, he designed modular docker images for DAOs to evaluate the impact generated by their contributors. Mihir is also involved in governance research and React-based UI development.

Marvin Gross

Smart Contract Developer, Curve Labs Marvin began his career by starting several companies and learning various disciplines. In June2021, he joined the Curvelabs team as a Web3 engineer with a focus on smart contract development. He has since designed, developed as well as documented DeFi, ReFi, and Cross-chain protocols. Marvin is known for his ability to create a positive and productive company culture.

Irem Ozturan

Project Manager, Curve Labs Irem is an ecosystem developer and project manager at Curve Labs, specializing in web3 ecosystem design, high-impact fundraising, partnerships, and network growth. Previously at Token Engineering Commons, she focuses on bridging synergetic projects and protocols to build toward complex governance structures, ReFi frameworks and experimental open networks.

Team Member LinkedIn Profiles

Fabian Scherer Mihirsinh Parmar Marvin Gross Irem Ozturan

Team Website

https://www.curvelabs.eu/

Relevant Experience

Curve Labs is a mechanism design and development organization where we experiment with open networks, incentive mechanisms and multi-agent control systems. We choose our research and implementation areas according to social utility and ecosystemic value. Considering our extensive experience in DAO governance tooling and modular approach to architecting multi-layered web3 frameworks, we believe we are the right team to research and deliver a new private voting mechanism leveraging the strengths of protocols like Lit.

Below we highlight a few projects which we’ve developed and supported that attests to our design and development capabilities.

Impact Evaluators is a contribution and impact tracking infrastructure that distributes value among members and contributors — a common challenge most decentralized organizations face. Impact Evaluators are functions that take contribution metrics and, based on this logic, divide and assign rewards. We recently received a grant from Protocol Labs and implemented an MVP impact evaluator using Ceramic and Bacalhau platforms.

Badger Access Control (BAC) is a fork of Gnosis Zodiac’s Roles Modifier. It enables a Safe to delegate the permission to call certain functions on behalf of the Safe to another externally owned address or smart contract. In BAC, functions are extended with an optional ability for the governance body to veto proposed transactions within a given period. Using Lit Protocol as an encrypted off-chain communication channelAs a complement to BAC, we also developed the Badger, an ERC1155 token contract through which non-transferable and transferable badges are assigned. Badger is a key component of Kolektivo’s governance module as well as a key governance token adopted by the DAOist.

Kolektivo Framework is a suite of institutional Web3 tools for local communities to launch, govern, and maintain their own regenerative economies. As its core technical architects and builders since 2019, we’ve approached critical design problems such as the tokenization of natural capital assets using GeoNFTs, the adoption of decentralized MRV processes to monetize ecological data, and the adoption of community cryptocurrencies backed by natural capital.

Toucan Protocol is a pioneer Web3 infrastructure bringing carbon offsets on-chain.Our team assisted in the early token design behind the protocol and built a cross-chain bridge between Celo and Polygon using Hyperlane.

API3DAO is a decentralized oracle provider network. Curve Labs provided technical support to the rollout of the Authoritative Decentralized Autonomous Organization (DAO).

Team code repositories

https://github.com/Curve-Labs/ie-bacalhau https://github.com/PrimeDAO/contracts-v2 https://github.com/Kolektivo/kolektivo-governance-contracts

Additional information

As builders of the Kolektivo framework, and participants in the We3 social hackathon, we gained extensive experience using Lit protocol’s tooling. We came across the grants program surfing through your GitHub.

Please reach out to irem@curvelabs.eu to discuss the grant agreement and general next steps.

[debbly]

We're approving this grant - will follow up on telegram :)