Wrap on Privacy
Hide transaction amounts and recipients for fungible tokens by entering a privacy pool wrapping any ERC20 token
Project Description
Now you can buy a coffee with crypto without revealing your entire transaction history!
Create private accounts, mint some private tokens, send them secretly, then burn back to the original ERC20 to exit.
Only the recipient can see the amount sent and the sender's public key.
Nobody can read your balance, to whom you've sent, or from whom you've received.
How it's Made
All functionality is achieved using a single Circom circuit
Mint/burn this fungible token (not an ERC20 because it uses double-entry accounting) publicly but then sending/receiving within the privacy pool is hidden.
Accounts inside the privacy pool use public keys as addresses so that the sender can asymmetrically encrypt the amount sent using the recipient's public key using ElGamal encryption.
Each proof submitted can be a send, a receive, or both at once. Sending/receiving are indistinguishable except to the account holder.
Account balances are encrypted using symmetric Poseidon encryption.
While each account can hold a balance up to the field size, each transaction can only be a maximum amount of 524,288 (2**19) in order to balance the storage/compute necessary to decode these values. For penny precision on a stablecoin, this results in a maximum transaction amount of $5,248.88.
Each transaction inserts a leaf into a merkle tree to ensure receives are valid. This limits the number of transactions in a privacy pool to the tree size. (2**32 = 4.2B) This should be plenty for a while though since tether on mainnet only has 263M transfers so far. A new pool can always be created and users can migrate.
The frontend creates a keypair based on a signature from your browser wallet. The client then scans all available transactions in the pool for any that decrypt successfully using the generated private key.
Although this demo wraps a single mock ERC20 contract on testnet, this circuit and contract could wrap any token with a single contract deployment transaction.
The circuit verifier was verified and deployed using Circuitscan:
https://circuitscan.org/chain/11155111/address/0xda66ad5da2619054d890c359cb22601b104ac662
The contract is deployed on Sepolia:
https://sepolia.etherscan.io/address/0x0e3f0713c4636e29bedc750f5b8e84ef02969bea
Although the proof submissions in this demo go through the user's wallet, (with a little more time) they could be sent through a relayer for added privacy
