Zero-knowledge proof technology: lighting up the new star of DeFi
Original author: LZ
I. Introduction
Decentralized Finance (DeFi) is an important development direction in the current field of financial innovation. In DeFi, hiding transaction information and maintaining user privacy are crucial. As DeFi continues to expand and deepen, various projects emerge in endlessly and are full of vitality. The application of zero-knowledge proof (ZK) technology has opened up new possibilities for privacy protection in DeFi. ZK technology allows one party to prove to another party that they know a piece of information without revealing any specific details about that information. This technology is used in applications such asZigZag、unyfyand OKX’sZK DEXThe application in DeFi projects has greatly strengthened the privacy protection capabilities of DeFi, especially the protection of transaction information. It is foreseeable that the widespread application of ZK technology will bring about innovations in the way DeFi and the entire cryptocurrency field are handled, promote the future development of the entire field, and achieve major breakthroughs.
2. Privacy Challenges in DeFi
There are no secrets on the blockchain, and DeFi’s data transparency is undisputed. Take a certain transaction on Uniswap V3tradeFor example, we can easily view the transaction details through the Etherescan website (shown in Figure 1). For example, the address 0 x 3A 4 D...a 6 f 2 exchanged 2 WETH for 17, 654, 123, 249, 375 Bonk on Uniswap V3, and the transaction fee was 0.0046 Ether. Key information such as the sender (From), receiver (To), transaction amount (Value), and transaction fee (Transaction Fee) in these transactions are all publicly available.
Figure 1 Transaction details disclosed on etherescan
We can also view all transactions under the address 0 x 3A 4 D...a 6 f 2Record(As shown in Figure 2), if conditions permit, the true identity of this address in the real world can also be inferred.
Figure 2 A list of all transactions for a specific address is public on etherescan
However, DeFi’s data transparency may have some downsides. If you are a DeFi whale, every transaction you make may attract market attention. For example, when a whale withdraws from Binanceextract11.24 million WOO (approximately $4.2 million), this transaction will cause widespreadfocus on. Similarly, any large-value payments or institutional-level transactions may also trigger widespread public concern.
Other market participants may make buying and selling decisions based on these trading behaviors, which may adversely affect your investment strategy. For example, you invest a large amount of money in a certain project, but once your transaction is noticed by the market, other investors may follow suit, causing asset prices to rise, thereby increasing your investment costs. In addition, your selling operation may also trigger market panic, causing prices to fall and affecting your investment returns.
This situation highlights the urgent need for privacy protection among DeFi projects and users. If we don’t want the details of our transactions to be known to the public, we can choose to keep certain information about our DeFi transactions private.
ZK technology can ensure the legitimacy of transactions while hiding transaction details. Users need to submit two types of information: one is a transaction that partially hides details (such as transaction recipient or amount) (that is, a private transaction), and the other is a ZK certificate about these hidden information. Verifying the legitimacy of a private transaction is actually verifying the corresponding ZK certificate.
3. Unlocking the potential of DeFi: opportunities brought by ZK technology
3.1 The role of ZK technology in resisting front-running transactions
Suppose you are lucky enough to learn that a large company is about to purchase a large amount of a certain asset. You may choose to purchase this asset before the company does. Then, when heavy buying of that company drives up the price of the asset, you sell it for a profit. In this case, your trade before the big players constitute a front-running trade.
Front-running is an investment strategy in financial trading, typically occurring on exchanges such as Uniswap. This is because transactions in the blockchain are public and transaction confirmation takes a certain amount of time. Therefore, some malicious traders may increase the transaction gas fee to allow their transactions to be mined and confirmed before other peoples transactions, in order to achieve the purpose of front-running transactions.
Front-running trades can cause harm to other traders because it changes the original trading environment so that other traders trades may not proceed as originally planned. On the other hand, attackers initiate front-running transactions to make profits for themselves. They can make profits before the price changes. Therefore, many DeFi projects are also trying to prevent front-running transactions through various methods.
ZK technology can play a key role in combating front-running trades. Below, we take the sandwich attack in Decentralized Exchange (DEX) as an example. This is also a common type of front-running transaction for case analysis.
3.1.1 Case Study: Sandwich Attack in DEXs
What is a sandwich attack?
Assume that on a DEX, there is a liquidity pool with a reserve status of 100 ETH / 300, 000 USDT. Alice initiates a transaction to purchase USDT, exchanging 20 ETH for USDT. When she submits the transaction, the DEX returns a result based on the current reserve status of the liquidity pool, telling Alice that approximately 50,000 USDT is available to buy. But in fact, Alice only got 45,714 USDT in the end.
Here, let’s first briefly understand why Alice can purchase 50,000 USDT with 20 ETH. The DEX adopts the Automated Market Maker (AMM) model and automatically calculates the buying and selling price through the Constant Product Market Maker (CPMM) algorithm. CPMM is a currently popular automated market maker algorithm that maintains a constant product of two assets in the trading pool to achieve liquidity supply and automatically adjust asset prices. In this example, the amount of USDT that Alice can buy is calculated through the formula 50, 000 = 300, 000-(100* 300, 000)/(100+ 20) (assuming no handling fees).
Alice did not buy the expected amount of USDT because she suffered a sandwich attack.
Sandwich attacks mainly occur in AMM-based DEXs. In a sandwich attack, the attacker places two transactions around the victims regular transactions to manipulate asset prices and profit from the victims losses. These two transactions are front-running transactions and follow-up transactions respectively. The transaction before the regular transaction is called the front-running transaction, and the transaction after the regular transaction is called the follow-up transaction.
So, how did Alices sandwich attack work? As shown in Figure 3.
Figure 3 Sandwich attack process
1. The attacker’s preemptive transaction: Before the transaction initiated by Alice to purchase USDT was executed, the attacker also initiated a transaction to purchase USDT (preemptive transaction), that is, exchanging 5 ETH for USDT. Moreover, the gas fee paid by the attacker to the miner for this transaction is higher than that of Alice, so the attackers transaction will be executed before Alice.
2. After the attacker executed the transaction to purchase USDT, he got approximately 14, 286 USDT from the liquidity pool, 14, 286 ≈ 300, 000-( 100* 300, 000)/( 100+ 5). The reserve of the liquidity pool changed from the initial state of 100 ETH / 300,000 USDT to 105 ETH / 285,714 USDT. However, Alice does not know that the reserve status of the liquidity pool has changed between the time she submits the transaction and the time her transaction is executed.
3. Victim’s regular transaction: Subsequently, Alice’s regular transaction starts to execute.
4. After Alice’s transaction to purchase USDT was executed, she received 45, 714 USDT from the liquidity pool (according to the constant product function, 45, 714 ≈ 285, 714-( 105* 285, 714)/( 105+ 20) ). The reserve status of liquidity changed from 105 ETH / 285, 714 USDT to 125 ETH / 240, 000 USDT. Therefore, Alice should have been able to buy 50,000 USDT with 20 ETH, but now she can only buy 45,714 USDT due to changes in the liquidity pool caused by the attackers transaction. Alice lost approximately 4286 USDT (4286 = 50,000-45,714).
5. The attackers follow-up transaction: Finally, the attacker initiated a transaction (follow-up transaction) again, that is, exchanging 14, 286 USDT for ETH (the 14, 286 USDT was purchased just now).
6. After the attacker’s follow-up transaction was executed, he took out 7 ETH from the liquidity pool (definite product function, 7 ≈ 125-(125* 240, 000)/(240, 000+ 14, 286)). The liquidity pools reserve status changed from 125 ETH / 240,000 USDT to 118 ETH / 254,286 USDT. Therefore, the attacker only spent 5 ETH at the beginning, but finally got 7 ETH and gained 2 ETH in profit (2 = 7-5).
During the entire sandwich attack process, the attacker initiated a total of two transactions, namely a front-running transaction and a follow-up transaction. Front-running caused Alice to lose approximately 4286 USDT. The combination of front-running and chasing trades netted the attacker 2 ETH.
In DEXs, the public nature of transactions is a key factor leading to the emergence of sandwich attacks, especially in AMM protocols. These protocols make real-time transaction information on DEXs public. This high level of transparency makes it possible for attackers to observe and analyze transaction flows in order to find opportunities to conduct sandwich attacks.
3.1.2 ZK technology can resist sandwich attacks
The application of ZK technology can significantly reduce the possibility of sandwich attacks. By using ZK technology to hide transaction volume, asset types, user or liquidity pool balances, user identities, transaction instructions and other protocol-related information, the privacy of transaction data can be effectively improved. As a result, it is difficult for the attacker to obtain complete transaction information, making it more difficult to implement a sandwich attack.
In addition, ZK technology can not only resist sandwich attacks, but ZK-based private transactions can also make it more difficult to judge user behavior models. Any third party that attempts to collect blockchain data to analyze account historical transactions, infer behavioral patterns, explore activity cycles, transaction frequencies or preferences, etc., will face challenges. This kind of analysis, known as behavioral model inference, not only violates user privacy, but can also pave the way for honeypot attacks and phishing scams.
3.2 Prevent liquidity manipulation based on ZK technology
Liquidity manipulation and front-running trading are both attack methods in DeFi. Both attack methods involve using market information and transaction speed to obtain benefits, but their specific strategies and operations are different.
Front-running is taking advantage of information, while liquidity manipulation is taking advantage of market activity to mislead other traders. The former mainly makes profits by obtaining and using undisclosed important information, while the latter misleads other investors by creating false market activity, causing them to make unfavorable trading decisions.
ZK technology can not only play a key role in resisting front-running trades, it can also help prevent liquidity manipulation.
3.2.1 Case Study: Liquidity Manipulation Using Oracles
Suppose you are buying apples in a busy fruit market. Market prices typically fluctuate based on changes in supply and demand. You usually watch prices over a period of time and then decide whether to buy based on the average price. Now imagine that a very wealthy buyer enters the market and he really wants to buy apples. He started buying apples in large quantities, regardless of the price. This will cause Apples price to skyrocket in a short period of time. If you still buy Apple based on this price, youre probably paying more than its actually worth.
This example can better understand the working principle of the TWAP (Time-Weighted Average Price, Time-Weighted Average Price) oracle and the concept of liquidity manipulation. The act of deciding to buy apples based on the average price is similar to the operation of the TWAP oracle, and the large purchase of apples by wealthy businessmen causing prices to rise is similar to liquidity manipulation.
The TWAP oracle determines asset prices by calculating the average transaction price over a period of time. The more recent the transaction, the greater the impact on the average price. If someone makes a large number of transactions or trades with a large amount of money in a short period of time, which may significantly affect the average price of an asset, this is liquidity manipulation. Liquidity manipulation can artificially raise or lower asset prices, resulting in inaccurate price information. If someone wants to use the TWAP oracle to intentionally increase the price of an asset, he can use a large amount of money to purchase the asset in the short term, causing the price to rise temporarily. If the asset price increases significantly during this time window, the TWAP oracle may treat this higher price as the asset price.
Liquidity manipulation of TWAP oracles can have a significant impact on DeFi protocols, especially emerging tokens with low liquidity. These DeFi protocols often make financial decisions, such as liquidation, lending, etc., based on the price of the asset. If price information is inaccurate or unreliable, it may lead to wrong decisions, thereby causing losses to users. Therefore, it is crucial to protect TWAP oracles from liquidity manipulation.
3.2.2 ZK technology can resist liquidity manipulation
Based on ZK technology, it can resist liquidity manipulation in the TWAP oracle. A smart contract can be designed to rely on a TWAP oracle to obtain the price of an asset. If an attacker performs liquidity manipulation, the price obtained from the TWAP oracle may exceed the preset acceptable range. In this case, the contract will temporarily stop its operations. It will then recalculate and confirm the asset price based on ZK technology.
To use ZK technology to calculate asset prices, you first need to add a wrapper contract to the TWAP oracle. The contract can directly access N price reports, or record N checkpoint values of the price at arbitrary intervals. Once N data points are available within a given interval, a ZK proof can be constructed to prove the median of the unsorted array of prices. The unsorted price array is labeled as a column vector x, of length N. The following is the calculation of asset prices based on ZK technologyprocess:
1. The proof can be verified in either of the following two ways. In either case, the prover cannot arbitrarily choose a price array as input.
Retrieve array values from contract storage and use them as public inputs to on-chain validators;
A hash chain is gradually formed through the hash function, representing the array as a single hash value and using that value in the on-chain validator.
2. There is an N x N matrix A (square matrix). When the matrix is multiplied by the column vector x, a column vector y is generated such that. A is an invertible permutation matrix, but since there may be duplicate price values, A is not necessarily unique, and A contains only binary values.
3. The values in y are ordered, ie. Again, < cannot be used because there may be duplicate price values.
4. The circuits public output m is the median vaue of y. The proof shows that where N is a static value when the circuit is compiled, it must be an odd number.
According to the above process, a median price m is output based on ZK technology, which is tamper-proof. The median m can prevent liquidity manipulation to a certain extent. In order to achieve this, we need to limit the value of y so that in each block, the value of y is only inserted once, or the number of insertions is within an acceptable number. within the range.
3.3 ZK technology empowers lending platforms
As mentioned above, ZK technology is resistant to front-running and liquidity manipulation in DEXs. So, can we further explore the application possibilities of ZK technology in other DeFi scenarios? For example, ZK technology can also play a key role in lending, an important part of DeFi projects.
3.3.1 The Key to Lending: How to Assess Borrower Creditworthiness
On traditional lending platforms, the loan application process usually covers five steps: application, credit assessment, loan approval, loan issuance and repayment. Among them, the credit evaluation link is particularly important. Borrowers must prove that their income meets the standard and they have the ability to repay. During the evaluation process, the platform will conduct an in-depth investigation of the borrowers credit history, including income, liabilities, and past repayment records, to ensure that the borrower has the ability to repay the loan. Only on this basis will the platform consider approving the loan application.
However, when you turn to DeFi lending platforms such as Aave or Compound, the situation changes. Due to their decentralized nature, most DeFi lending platforms do not have the KYC (Know Your Customer, Know Your Customer) procedures and risk assessment procedures of traditional banks, and they cannot investigate the credit status of borrowers through joint credit bureaus. In this case, you may be wondering, how will my credit be evaluated?
On DeFi lending platforms, you can prove your creditworthiness through reputation token proof. Reputation token is a credit system based on blockchain technology, which uses digital tokens to represent and quantify users reputation. The number of reputation tokens has become an important indicator for evaluating a users creditworthiness. The greater the number of tokens, the better the users reputation and corresponding improvement in credit rating, making it possible to obtain more loan lines on the DeFi lending platform.
However, the generation of reputation tokens relies on users’ transaction history and financial information, which may violate users’ privacy rights.
3.3.2 Evaluate borrower’s credit: reputation token based on ZK technology
ZK technology protects user privacy. The combination of ZK technology and reputation tokens can protect user privacy while maintaining and tracking their reputation in the network.
Users can use ZK technology to generate reputation tokens without disclosing historical transactions. On the one hand, users can generate proof of historical transactions based on ZK technology; on the other hand, the proof is verified by a smart contract (often called a reputation token generation contract), and reputation tokens can be generated if the verification passes.
In addition, on some DeFi lending platforms that require over-collateralization, reputation tokens can reduce collateral requirements, thereby solving the problem of over-collateralization and improving market liquidity. And the application of reputation tokens based on ZK technology is not limited to DeFi lending platforms, it can also be widely used in insurance, medical subsidies and other fields.
4. Summary and Outlook
This article explores the various application scenarios of ZK technology for privacy protection in DeFi, especially its potential to resist front-running, liquidity manipulation, and lending. As we explore DeFi, we face several challenges, especially issues related to privacy and security. Privacy challenges in the DeFi ecosystem are a key topic, and ZK technology provides a unique solution that not only enhances privacy protection, but also improves transaction efficiency and security. If you want to introduce ZK technology to your DApp, please feel free to contact usSalusconnect.
Looking to the future, ZK technology may be applied in deeper DeFi fields, such as liquidity staking, derivatives protocols, real-world assets, insurance, etc. Salus focuses on researching and exploring the application of ZK technology in DeFi and other Ethereum application layer projects. We sincerely invite blockchain researchers, technology developers and all professionals in the web3 field around the world to work with us to promote the in-depth development and widespread application of ZK technology to drive the development of DeFi and even the entire industry.
IOS
Android