zk-auctions

Workflow

1. Auction Setup

• A Starknet smart contract is deployed to manage the auction.
• The auction has predefined rules:
  • Start and end times for the bidding phase.
  • Constraints (ex: minimum bid, maximum bid, or bid increment steps).
  • A unique auction item (ex: an NFT).

1. Commit Phase (Private Bidding)

• Users generate zk-proofs:
  • Each user computes a commitment for their bid amount (commitment = hash(bid_amount + secret_salt)).
  • They use zk-SNARKs to prove that their bid:
    • Meets the auction constraints (ie, falls within the allowed range).
    • Is associated with a unique secret salt to prevent replay attacks.
  • No actual bid amount is revealed during this phase; only the commitment and proof are submitted.
• The commitment and zk-proof are sent to the Starknet contract.

1. Reveal Phase

• After the commit phase ends, users reveal their bids:
  • They submit their actual bid_amount and secret_salt to the Starknet contract.
  • The contract validates the reveal by:
    • Recomputing the commitment (hash(bid_amount + secret_salt)) and comparing it with the stored commitment.
    • Ensuring the bid still meets the auction rules.

1. Winner Determination

• The smart contract determines the highest valid bid and declares the winner.
• The winner pays their bid amount, and the auction item is transferred to them.

The project is not yet functional, therefore unfortunately we cannot test anything yet.

1. The main contract is a Cairo Starknet smart contract. I was planning to deploy it to the Starknet Sepolia testnet. I was planning to make use of Starknet Composability & Components features to integrate existing logic to my contract like ownable related logic. I also was planning to deploy a NFT contract as the reward of the auction.

2. Concerning the proof, I wanted to deploy my very own groth16 proof verifier contract on Starknet Sepolia using Garada, which would verify zk-SNARK proofs. In order to generate proofs, I was going to build a circom circuit (program to prove) and use snarkjs to set up the trusted setup needed for zk-SNARKS as well as to generate the proof that I would then send for verification to the verifier contract mentioned right before. And this proof generation would happen in the frontend following the user bid input, before sending it to my Auction contract, which would itself call my groth16 proof verifier contract before executing its own logic.

3. A Nextjs frontend for the users to participate to the auction by making their bids. The frontend is incomplete because I was first focusing on the smart contract & proof generation/verification parts before working on the frontend, which I did not end up having time, as I had too many issues with the proof generation & verification.

My main difficulties were related to the zk-SNARKs generation & verification:

• Lots of difficulties generating and verifying zk-proofs:
  • First, tried with stone prover and integrity verifier locally and then deployed, but had major issues when verifying on deployed verifier (errors with no visible way of debugging and very little documentation)
  • Then, tried exploring zk-SNARKs instead of zk-STARKs using snarkjs & groth16. Tried following Garaga tutorial but encountered issues with little documentation, and then found another tutorial explaining more in depths zk-SNARKs, but did not have time to fully explore it.
  • In short, I lacked of understanding and time. As I am really interested in learning more about zk-proofs theoretically and practically, I will continue this project in my free time in order to complete it.