ZK-Wormhole

The ZK Wormhole ERC20 token standard improves transaction privacy on public EVM chains by leveraging zero-knowledge proofs enabling the minting of secretly burnt ZKW-ERC20. The project is inspired by the EIP-7503: Zero-Knowledge Wormholes (https://eips.ethereum.org/EIPS/eip-7503).

With standard ERC20 any transaction links the sender address and the recipient address. ZK Wormhole ERC20 standard allows the following:

1. Address A pre-computes an unspendable address that looks like a common 0x address using CREATE2. The CREATE2 calculates the address as H(sender, bytecode,salt). The sender and bytecode are fixed while the salt is calculated from a secret and nonce from the user.
2. Address A makes a standard transfer of ZKW-ERC20 tokens to the pre-computed unspendable address of amount X.
3. Address A generates a proof using our SP1 zkvm program. The proof proves that:

• The sender knows the precomputed unspendable address.
• The sender can compute the unspendable address using CREATE2 providing the secret and nonce
• The sender and bytecode are fixed according to the program => the unspendable address is actually unspendable
• The sender has sent enough funds to the unspendable address than the ones he is asking for. This is made by proving the Ethereum state in the zkvm and proving the balanceOf call execution checking the unspendable balance

1. Any address (so not only Address A) can submit the ZK SNARK proof and the proof public values onchain and reminting the tokens. The proof public values contain the amount to remint and the address recipient. This way the mint transaction can be relayed by any address for maximum privacy. The smart contract validates the nullified preventing the tokens double spending, however, the smart contract allows partial minting too.

We developed an SP1 rust program that anyone can run locally (for maximum privacy) to generate the SNARK proof according to the succinct hardware requirements.

Smart contracts deployed and verified on Holesky:

• WormholeWrapper deployed at: 0x6D46BE315b48f579387A5EA247E1E25D2FcCE7EE
• Trifecta USDC (for testing) deployed at: 0xe8b3C7e5BD537159698656251A5F187BeBEa995D

Check our slides here

The project uses the following technologies:

• frontend: is a standard (but cool 😀) Next js typescript using react and wagmi for wallet connections and read/write onchain operations.
• SP1 rust program: we developed a rust SP1 succinct zkvm program that proves: 1) the precomputation of the unspendable address passing the secret and nonce. 2) proves the Ethereum state root and proves the call execution of balanceOf on the unspendable address for checking balance. We made the program a compiled executable binary so that users don't have to download dependencies.

The project is inspired by the EIP-7503: Zero-Knowledge Wormholes (https://eips.ethereum.org/EIPS/eip-7503).