EC Rate Limiting Nullifier

This is a simple rate limiting nullifier mechanism using Shamir Secret Sharing and an elliptic curve cryptography.

Using this scheme, you don't need to generate zkp for every signals which is critical for the high frequency and low latency networking. If you use elliptic curve's homomorphism together, you can use ZKP only once when you create a session and then send Elliptic Curve points instead of ZKP which is much faster than and also pretty affordable for the consensus layer too.

To be more detail, the transmitter creates (a,b,c,d,e) 5 shamir secret sharing keys and submits a commitment g^(abcde) to the receiver. And the transmitter gives a zkp that (a,b,c,d,e) are constructing a polynomial which evaulates to the private key for a given account at zero. After then, the transmitter can send up to 4 messages, and should send messages with a simple elliptic curve point reference togeter like {a, g^(bcde)}.

The detail mechanism should be something like

1. Transmitter handshakes with the receiver, and the transmitter creates a zkp for its handshake protocol to commit the shamir secret sharing points and prove that they're dervied from the given account's private key.

2. Creating a zkp will take a few seconds, and then if there's enough stake, the receiver starts a session with the given zkp & the scalar multplication commitments.

3. The transmitter can send messages using the shamir secret keys until its threshold.

4. The receiver will ping the transmitter to refresh the session with a new zkp before a few seconds before the session ends. It's just to give enough time to generate a zkp for the next session.

For more information, https://github.com/rate-limiting-nullifier

I used circom, and some finitie field and elliptic curve cryptography libraries. It's based on groth16 and bn128 curve.

I've also built a smart contract too just for demo, but for the most usecase, it should be fully offchain and only the slashing transaction should be an on-chain stuff.