Onchain ZK Shuffle Texas HoldEm

Onchain ZKShuffle Contracts We build a zkSNARK based card shuffling and dealing scheme based on the seminal paper from RSA: https://people.csail.mit.edu/rivest/pubs/SRA81.pdf. It solves two big problems of playing board/card games (and more generally information hidden games) on chain, how to fairly shuffle a deck of cards and how to deal the deck of cards to players privately (Otherwise the game is not playable due to MEV). ZKShuffle has 3 functions: ZKShuffle.setup: Each player generates a private-secret key pair and collectively generate an aggregated public key using all player’s public key ZKShuffle.shuffle_encrypt: To shuffle a deck of cards, every player needs to take her turn to call shuffle_encrypt. Here, we use a Homomorphic Encryption scheme: Elgamal, to make sure the sequence of encryption and decryption can be done in arbitrary order. For example, if there a three players in the game, intuitively, each card has three locks after a round of encryption: Card{Alice, Bob, Charlie} ZKShuffle.decrypt: To deal a card to a particular player, each player needs to call the decrypt function. Say, if the game logic need to deal the card to Charlie, a valid sequence could be: Alice fetches the encrypted card “Card{Alice, Bob, Charlie}”, and decrypts using her secret key. Alice submit the decrypted card “Card{Bob, Charlie}” on chain along with the zero-knowledge proof for the validity of the decryption Bob fetches the partially decrypted card “Card{Bob, Charlie}” from Alice on-chain, and decrypts the card using his secret key. After Bob’s decryption, he submits the decrypted card “Card{Charlie}” and the zero-knowledge proof of validity of his decryption on chain. Now, Charlie can fetch the card (“Card{Charlie}”) with only his lock on-chain. He can use his own secret key to see his Card.

Texas HoldEm Demo We use ZKShuffle to build a Texas HoldEm demo. This demo is a DApp built using Solidity, React, and Ether.js. In this demo, when a new game starts, all the players run a round of setup and the initial shuffle to get a fairly shuffled encrypted deck on-chain. Then, each player runs a round of decrypt so that 2 cards are dealed to players. Now, every player starts to play the Texas Hold’em on a EVM based blockchain.

We deployed the DApp to Optimism Goerli, Ethereum Goerli, Skale.

The entire project consist of 3 parts: ZKP circuits, for verifying decrypt and shuffle smart contracts, including ZKShuffle contract and Texas Hold’em game logic contract DApp front-end, the Texas Hold’em demo game built using React and ether.js and Circomlib cryptographic JS library

The ZKShuffle cryptographic scheme design is an improved version of Geometry research’s. The major difference is that we implement the scheme using the Groth16 Proof system with Circom Language instead of using a specialized Bayer-Groth proof system. There are two ZKP circuits (https://github.com/p0xeidon-labs/zk-poker/tree/main/circuits): encrypt, generate/verify the result of shuffle_encrypt function decrypt, generate/verify the result of decrypt

In the Circom implementation, we implement a ElGamal encryption scheme and use existing Circom libraries such as poseidon hashes.

The encrypt circuit has 87308 R1CS constraints and 4.5 sec proof generation time in the DApp. The decrypt circuit has 1522 R1CS constraints and 0.1 sec proof generation time in the DApp. We use SnarkJs to generate the zero-knowledge proof in the DApp

The smart contract part consists of two parts, the ZKShuffle framework contract and the Texas Hold’em game playing logic contract. The ZKShuffle contracts simply wrap the ZKP verification logic of the two circuits. In the Texas Hold’em smart contracts, we implement a game play state machine. The DApp works in a pull model, each DApp periodically pulls from the RPC node to get the stage of the game as well as which player’s turn to play.

The DApp is implemented using React frameworks and Ether.js. It displays a Texas’ Holden play table and displays the animation with each player’s actions. When a player’s action is required, the player simply clicks the button in the UI and signs the transaction using metamask.