Zero-Knowledge Wormholes (EIP-7503) Implementation

# Zero-Knowledge Wormholes (EIP-7503) Implementation This repository contains an implementation of [EIP-7503: Zero-Knowledge Wormholes](https://eips.ethereum.org/EIPS/eip-7503), a native privacy solution for Ethereum. **Repository:** [https://github.com/neotheprogramist/go-ethereum/tree/v1.15.11/eip-7503](https://github.com/neotheprogramist/go-ethereum/tree/v1.15.11/eip-7503) ## Overview Zero-Knowledge Wormholes provide a privacy mechanism that allows users to privately transfer ETH by: 1. **Burning ETH** by sending it to an unspendable address derived from a secret 2. **Later minting** the same amount back using zero-knowledge proofs The implementation offers strong privacy guarantees with plausible deniability, as there's no on-chain evidence of participation in the privacy protocol. It creates an anonymity pool that includes all Ethereum accounts with zero outgoing transactions by default. ## Components ### 1. Zero-Knowledge Circuit The Noir circuit (`wormhole/src/main.nr`) implements the ZK-proof logic defined in EIP-7503: - Validates deposit value limits (max 32 ETH) - Generates nullifiers to prevent double-spending - Verifies proof of work to prevent hash collision attacks - Confirms Merkle proof membership - Ensures value conservation (withdraw + change = deposit) ### 2. Go API The Go API (`internal/ethapi/mint.go`) handles minting operations: - Verifies ZK proofs using an external verification tool - Tracks nullifiers in a database to prevent double-spending - Creates and signs transactions to mint tokens - Manages nullifier state ### 3. Testing Framework Comprehensive tests (`internal/ethapi/mint_test.go`) validate: - Basic minting operations - Double-spend prevention using nullifiers - Error handling for invalid proofs or parameters - Tampered proof detection ## How It Works 1. **Deposit**: Users send ETH to an address derived from their secret: `sha256(MAGIC_ADDRESS + secret)[12:]` 2. **Generate Proof**: Users create a ZK proof showing they know a secret for funds in an unspendable address 3. **Withdraw**: Users present their proof to mint back their ETH to a new address, without revealing the link between deposit and withdrawal ## Security Features - **Nullifier Registry**: Prevents double-spending of burnt ETH - **Proof of Work**: Requires computational work to prevent hash collision attacks - **Privacy Pools**: Optional mechanism for responsible privacy usage - **Value Splitting**: Ability to withdraw only part of a deposit, with the remainder going to a change output ## Usage The implemented API allows for: - Minting ETH using ZK proofs - Verifying proofs before allowing mints - Tracking used nullifiers to prevent double-spending