Mimosa
An asset mixer on Starknet - using ZK proofs to break the link between a deposit and withdraw
Project Description
The project implements a Tornado Cash like asset mixer on Starknet. It has a website for user to deposit assets (STRK tokens) and for withdrawing the assets with another address.
The problem with Starknet is that it's a ZK rollup with the ZK part. It does not provide privacy for its users. Everything you do on the network is public.
The project is meant for any user of Starknet who cares about their privacy. The reasons for wanting to hide your asset transfers can vary wildly, but we believe every user should have the possibility for it, if they so want. Currently, there is no project on Starknet that implements anything similar.
How it's Made
The UI is implemented with the help of Starknet Scaffold project. Burner wallets are utilized to demonstrate the functionality and the utilized Cairo contract is connected to the website.
The smart contracts are implemented with Cairo 1. They implement the very basic functionality of Tornado Cash: merkle trees and part of the commitment management.
ZK should be used to hide the link between the deposit and the withdrawal, but unfortunately we could not get that part working in time. Therefore, the withdrawal requires a plaintext secret to be submitted - the same secret that was hashed and given as input upon deposit.
The plan was to use the Stone prover for proof generation and Integrity verifier to verify the withdrawal proof. We found another Starkhack project (StarkSwirl) implementing a very similar idea, so we collaborated with them, trying to get the ZK part working. We made good progress, fixing documentation issues and compatibility problems on both ends (Stone and Integrity), but our team ran out of time.
During the hackathon, we also realized that Stone prover can't provide real ZK privacy. Or, to be more precise: the prover probably could, but Cairo can't. So any privacy achieved with ZK would only be obfuscation, at best.
We utilize devnet-rs for running the blockchain locally. It works very well and is blazingly fast. It provides us with ready burner wallets we can use directly in the UI.
We could not get invokes to work properly thought the UI, so the contract invokes are performed through a separate script, for demonstration purposes.
