Roman Kyoto

Our project is RomanKyoto, a Cross-Chain Multi Asset Shielded Pool.

It allows users to deposit, and then privately transfer ERC-20 tokens across. Users can then withdraw their tokens from the pool at any time, and can withdraw however much or little they want (up to their current balance in the MASP).

We currently only support private single chain deposit, withdrawals, and transfers. CCIP contracts are created, but we need additional integration for cross-chain private transfers.

This is a hardhat/circom circuit based project.

First things first, we utilised our private transfer proving model for a shielded asset pool largely based on the tornado nova protocol, but unique differentiator is that we support multiple assets within the same contract.

Our proving model is based on UTXO notes stored within the contracts merkle root. Each time a user deposits an asset, they create a record (an encrypted 'note' with a value) within the contracts merkle tree.

Once a user has a note, they can transfer values up to that amount (or up to the sum of any other notes they have) to other addresses.

If a user has a note, they can also just withdraw that amount straight back to the erc20 that that note represents.

Our example flow in our integration test:

1. User deposits X amount of USDC or WBTC ERC20, and generates an encrypted note within the contract that represents their asset, now encrypted.
2. The user can transfer their encrypted token to other users within the RomanKyoto contracts state. Example, user A deposits 10 USDC, and sends 5 USDC to user B within the RomanKyoto contract calling the transfer function.
3. Both user A and user B can call withdraw, and get their 5 USDC ERC20s back, leaving their encrypted balance with a total of 0.

We deployed these contracts to Base Sepolia (https://sepolia.basescan.org/address/0xC60B012f38017f512D2069aE3210Ad36075ACA6f) and Polygon Cardano (https://cardona-zkevm.polygonscan.com/address/0xC60B012f38017f512D2069aE3210Ad36075ACA6f) as their cheaper transaction costs make these more expensive proving operations much more feasible.