Zero-Knowledge Cryptography

RAILGUN heavily leverages Zero-Knowledge Proofs (ZKPs), a revolutionary tool for privacy preservation. ZKPs allow for advanced logic and contract interactions without any information leakage.

What is a zk-SNARK?

Zero-Knowledge proofs are methods whereby one party, the prover, can mathematically satisfy another party, the verifier, the veracity or truth of information without revealing the originating details of the information. This is achieved by the prover-passing components of mathematical problems that deliver the truth and verifiability of the information, being proved to the verifier multiple times. These interactions occur until the verifier is satisfied that it is statistically impossible for the information to not be true or is being faked by the prover, all without revealing the contents of the verified information.

​zk-SNARK stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge”. Put simply, a zk-SNARK is a form of ZKP that does not require direct interaction between the prover and verifier. Rather, they achieve their non-interactivity through the prover simulating the interactions between prover and verifier, and the verifier simply checks that the simulation was performed correctly. These proofs rely on computational assumptions that cannot be cracked. As it stands, it would take millions of years to crack with currently available computational power.

For zk-SNARKs to be “succinct”, the proof size and verification cost must be small, logarithmic, or lower. Elliptic curves allow for smaller key generation and therefore more succinct ZK proof outputs. Elliptic Curve Cryptography use points on an elliptic curve graph to generate public and private keys from mathematical equations between the points on the curve. They form the basis of the RAILGUN privacy system, as zk-SNARKs allow a smart contract to act as a verifier. The verifiers in RAILGUN’s privacy system are the smart contracts themselves. This breakthrough was powered by EIP 197 and EIP 198, which together enables RAILGUN to generate zk-SNARK circuits on-chain. These zk-SNARK circuits are created on the client side and can then be submitted for confirmation on-chain.

zk-SNARKs can prove the veracity of any form of information, such as valid unspent token balances or, in other terms, who has the right to spend which token on a blockchain without revealing details about the person originating the interaction.

What is a circuit?

RAILGUN's zk-SNARK Circuit Design

The advanced cryptography contained in RAILGUN’s privacy system uses multiple circuits to enable complex interaction types. Each circuit is differentiated by the number of inputs and outputs, and together they form the cryptographic basis for RAILGUN.

Multiple circuits are needed to account for different transaction types as circuits require the number of signals (that are inputs and outputs) to be instantiated at the setup phase. For example, a transaction that sends DAI to 2 different 0zk addresses might require a circuit with 1 input to 2 outputs. Extending this idea, a transaction that sends DAI comprised of 7 UTXO balances to 2 0zk addresses would require a 7 to 2 circuit. Inputs in these scenarios are equivalent to UTXOs and outputs would be equivalent to recipients.

Currently, there are 54 circuits, each with different numbers inputs (UTXOs) and outputs (UTXO destinations). Circuits can be chained together to handle all possible combinations of UTXOs and outputs, and the system will automatically route a transaction through the most gas & cost efficient combination.

RAILGUN also supports multiple inputs to singular outputs, such as 5 to 1. These circuits are used for multi-sends, where users send more than 1 token type in the same transaction to a singular recipient. They are also useful for swaps where the price of the token has changed, leaving some leftover change in the original swap token or for paying a Broadcaster fee in a token other than the one being sent. E.g., if WETH is sent as a Broadcaster fee to send DAI.

RAILGUN’s circuit design is flexible in terms of supporting tokens other than just ERC-20, RAILGUN can Shield ERC-721 and ERC-1155 NFTs. For example, with RAILGUN’s circuits and smart contracts, users could potentially provide liquidity on Uniswap v3 privately and shield their LP NFT privately as well. This kind of composability is only possible with the flexibility of RAILGUN’s privacy system and is the result of it being designed from the ground up for real world DeFi use cases.