Zero-Knowledge Proofs for Trustless Oracles on Diva

## Design goals summary Diva aims to provide a completely trustless staking stack which is verifiable and collusion-resistant. However, no such solution exists today and it must be researched & developed. Due to the lack of communication between Ethereum's Execution Layer and Consensus Layer, most staking solutions today rely on one or more trusted entities reporting the value of the staked ETH and its rewards. This is a problematic "Proof of Authority" model, as these trusted parties can collude to alter the economic value of Liquid Staking Tokens, amongst other risks, exposing protocols and their users. Current implementations of such trusted mechanisms include: - CEXs or Staking Providers relying on internal systems to calculate ETH balances and staking rewards - Liquid Staking protocols rely on whitelisted Oracles for tasks like calculating ETH balances & rewards, verifying validator status, withdrawal credentials, etc - [Lido's Accounting Oracle currently relies on votes from 5 out of 9 members](https://research.lido.fi/t/zkllvm-trustless-zk-proof-tvl-oracle/5028) for decisions affecting their $14bn stake - [Rocketpool's oDAO](https://docs.rocketpool.net/guides/odao/overview.html) has a [comparable committee](https://dune.com/greywizard/rocket-pool-odao-stats) and risks ## Proposal Diva proposes to use novel zero-knowledge tech to trustlessly & verifiably report the correct data for validator TVL and staking rewards. This is expected to bring the following benefits: - Replacing Proof of Authority models for ZK-based mathematical proofs - Minimal cost to operate, reducing oracle dependencies and costs - No trust assumptions from any party or humans - Open-source so anybody can verify its behavior and run their nodes Discussions and temperature checks took place in a [Diva Discord thread](https://discord.com/channels/1041618287500460083/1134216124293197924). Developers from the Diva community have worked with the DendrETH team to confirm the following scope of collaboration: - **Providing a $50k grant to the DendrETH team** to fund development - Working together on Diva Staking as the first use case - Joint development of DendrETH as an open-source public good to the benefit of Ethereum staking and other Liquid Staking solutions We welcome other solutions in the ecosystem to contribute to this exciting new technology. ## Diva use cases The Diva Staking protocol will rely on these developments for topics like: 1. Reporting ETH balances and TVL 2. Reporting and verifying validator status 3. Updating rewards on divETH, Diva's Liquid Staking Token The ZKP provides a mathematically verifiable proof (trustless) which anyone can submit using # DendrETH references *These are referenced from [DendrETH: A trustless oracle for liquid staking protocols](https://hackmd.io/@metacraft-labs/DendrETH-for-liquid-staking-protocols) for convenience* > The DendrETH project has implemented a zero-knowledge circuit capable of proving successful state transitions based on the beacon chain light client sync protocol. The project is currently aiming to implement a zero-knowledge circuit capable of proving the Casper finality conditions by processing the attestation messages of the entire Ethereum validator set. > > We believe that these building blocks are well-suited for solving a pressing problem that all liquid staking protocols face: How can a smart contract keep track of the on-chain performance of the created validators without relying on a set of trusted oracles that inevitably introduce additional security risks and economic overhead to the protocol? > > In particular, after the introduction of EIP-4788, all liquid staking protocols will benefit from the presence of security-audited zero-knowledge circuits providing the following proofs: > > ## 1. Proof of Total Locked Value > > [...] Provide a proof for the sum of the balances of all validators at the last finalized epoch. > > ## 2. Proof of Total Rewards Potential > > [...] Provide a proof that indicates the maximum number of rewards that the set of validators were eligible for within the canonical finalized history. [...] > > ## 3. Proof of Poor Validator Performance > > [...] Provide a proof that the validator has earned less than a target percentage of the maximum rewards (e.g. 90%). Such a proof can be used to penalize or evict particular operators from the protocol. [...] > > ## 4. Proof of Slashing > > [...] Proofs for slashing events [...] > > ## 5. Proof of Deposit > > A common mitigation for the well-known validator deposit front-running attack is the execution of 1 ETH initial deposit before the rest of the 32 ETH are committed [...] > > ## Rationale > > The development of the proposed zero-knowledge circuits is motivated by several key factors and considerations. > > Firstly, the **reliance on trusted oracles in liquid staking protocols poses a significant risk**. These oracles have the power to influence token prices within the protocols, potentially favoring certain users and shifting profits disproportionately. This centralized control contradicts the fundamental principles of decentralization and trustlessness that underpin blockchain technology. > > Secondly, the **oracles in question control a substantial amount of funds within the protocol**. To ensure their continued participation and prevent potential defection, it is essential to provide them with adequate compensation. Additionally, given the substantial power they possess, the oracles become prime targets for hackers. This necessitates significant investment in maintaining their security infrastructure, further contributing to the overhead associated with the existing liquid staking protocols. > > In practice, **the current costs associated with oracles in the already deployed liquid staking protocols have been subject to criticism**, raising concerns regarding the economic efficiency and viability of the protocols. Therefore, it becomes crucial to explore alternative approaches that can address these concerns and potentially reduce costs while enhancing overall security and trustlessness. > > The zero-knowledge circuits envisioned in this proposal can be developed as a public good - **a reusable solution that can potentially replace the use of trusted oracles in all existing and future liquid staking protocols**. When leveraged, this solution will eliminate the variable costs associated with trusted oracles in favor of the fixed cost of verifying zero-knowledge proofs on chain (expected to be less than 500K gas per update). > > By introducing these trust-minimized oracle alternatives, the DendrETH team aims to enhance the security, decentralization, and economic efficiency of liquid staking protocols. The reduction in reliance on trusted oracles and the associated costs can lead to a more robust and sustainable ecosystem, fostering greater user confidence and participation. ## Project Timeline - August 2023 - Functional proof of concept implementation of the “Total Locked Value” circuit that will provide realistic estimate for the operational latency and cost of the final solution. - September 2023 - Final version of the “Total Locked Value” circuit with suitable documentation for audit purposes. Early prototype of the operator software. Start of development the “Proof of Slashing” and “Proof of Deposit” proofs. - October 2023 - First production-ready version of the operator software, capable of creating proofs for total locked value, deposits and slashings. The software is likely to depend on the services of cloud operators such as AWS. - Rest of 2023 - Audit and further improvements to the operator software. - 2024 Q1/Q2 - Development of the “Total Rewards Potential” and “Poor Validator Performance” proofs. All these proofs are planned to be integrated into Diva Staking as soon as they're proven to be feasible and safe.