‹ Notes

Sealed state signers using indistinguishability obfuscation

IO = (public inputs, public outputs, hidden logic)

Using IO, you might design a sealed state signer - a function which produces signatures over a keypair, where the keypair is embedded in the logic - and thus hidden from any user of the function.

This would be very powerful for token bridges. To bridge tokens from one blockchain to another, we typically require a counterparty to operate wallets on both networks. When a user makes a deposit, the counterparty signs a transaction withdrawing the same amount on the other chain.

All current bridge designs use either a single signer, a multisig, or a threshold signer (M-of-N, threshold ECDSA typically) for their counterparty. As there is no way to program what types of data the counterparty can sign, this makes the bridges susceptible to theft and hacks. A counterparty can produce fake deposits to withdraw tokens, and their private key can be leaked meaning others can do so too.

Now imagine we design a function which custodies a private key, and given a ZK proof of a deposit, outputs a signature for a withdrawal of that same amount. Applying IO, anyone can use this function to generate signatures, the signatures are generated only according to predefined conditions, and the private key is never leaked.

Public inputs (deposit transaction, ZK proof), public outputs (signature for withdrawal), hidden logic (private key).

How do we embed the private key?

I don’t know. Perhaps we can use something similar to a trusted setup ceremony, commonly used in ZK-SNARK’s like Groth16.

How do we verify what the signer function does?

Maybe this is also a part of the trusted setup ceremony. Renegade generates a ZK proof of computation run inside a MPC circuit. It might be something similar here.

How efficiently could the function verify ZK proofs?

In the limit, Groth16 is only 3 field multiplications, which is super efficient. Proofs can be generated, then proofs of verifying those proofs inside more compact proofing systems can make them smalller/more efficient for our uses.