Bitcloak: dark pool on Kusama

The proposal is for collecting feedback for the appropriation. If the vote passed, we will start to work on the first milestone. If it is not passed, the proposal will be discussed and adjusted.

Date of proposal: 2020-06

Abstract

We want to build a decentralized dark pool on KUSAMA with all infomation encrypted and stored in a decentralized network. Everything in the dark pool is invisible – accounts, order book, order history – except your own orders.

The dark pool is built on Phala Network confidential smart contract. While the inputs, outputs, and the states are encrypted, the execution can still be verified by anyone. The dark pool allows users to trade with confidence, but without exposing any sensitive information.

In general, the protocol is based on TEE-Blockchain hybrid archetecture to help process the encrypted contract data. To further reduce the attack surface, while the order matching happens inside hardware enclaves ephemerally, the persistent assets balance can be protected by ZKP-based private token technology. This combination can achieve a good balance between utility and security.

Protocol

The protocol has two major subsystem: Private Assets, and Confidential Trading Engine.

The Privite Assets subsystem manages the conversion of external assets and the assets used in the dark pool in a privacy-perserving way. It interacts with the Confidential Trading Engine by allowing transferring assets between the two subsystems.

Private Assets: the naive protocol

The assets come from other blockchains (e.g. KSM from Ksuama relaychain, ACA from Acala parachain). They are not natually confidential. To ensrue the confidentialy of deposit and withdraw, we should have a protocol to convert between non-confidential external assets and confidential assets in some way.

A straightforward idea is to deploy an ERC-20 like smart contract as a confidential smart contract in Phala Network (i.e. in TEE). In this case, we can deploy a pallet to accept token deposit, and at the same time add the same amount of the token in the confidential contract in TEE, and vise versa. In the confidential contract, we allow token transferring and withdraw. The transactions are all encrypted. Therefore it preserves the confidentialy.

However, by using TEE, it implies the trust of the hardware, which is arguablely a compromise of decentralization. It's also arguable that a state-level adversary could potentially break the confidentiality. So in this design, we make the Private Assets a standalone and pluggable component, which can be replaced by other solutions.

Parivate Assets: ZKP-based protocol

One solution to the security concern of TEE is to utilize zero-knowoledge based protocol. Zerochain and Suterusu are both Substrate based ZKP private assets protocol. They both support assets deposit and withdraw, and fit the exact same requirements of Private Assets subsystem. The security of ZKP-based protocol are based on mathematic assumptions, which are much stronger than hardware.

Though ZKP-base solutions can offer sufficient security, they are usually incapable of building an decentralized dark pool because it's necessary to share confidential data among untrusted parties. Secure MPC is a pure cryptographic technology for this issue, but it has millions times performance overhead. Phala Network's TEE-Blockchain hybrid architecture can offer a good balance.

The interoperability between ZKP-based token protocol and TEE-based Confidential Trading Engine is feasible. It's a common practice to encrypted the transactions on the blockchain in a ZKP-based token protocol. To interoperate with the TEE-based subsystem, an ephemeral wallet in the TEE can be generated as the deposit address. Then the dark pool contract watches the blockchain and knows when it receives any incoming transactions. To withdraw from the dark pool, it simply creates a regular transaction and post it back to the blockchain.

Confidential Trading Engine

Confididential Trading Engine is similar to a decentralized exchange. Assets can be deposited or withdrawed from it. It maintains an order book. Whenever a user puts an order in the exchange, it's added to the order book and the pool will try to match it with the existing orders. The difference is that everything except your orders are confidential – you cannot get the other order history, the order book, or the historical price in any way.

Why Kusama?

1. Kusama is a great place to hack with cross-chain composiability.

   Being a part of Kusama ecosystem, it gets access to all the assets on Kusama. Not like Ethereum who can only trade ERC20 tokens, on Kusama we can access coins (BTC), native token (KSM), external tokens (ERC20 from ETH bridge), and parachain native tokens (ACA, PLM).

   Our design requires a subsystem to manage all the assets (Private Assets). It's supposed to be a pallet, and then deployed as a parachain. Having a single place to manage all the assets can benefit not only this specific use case, but even more developers who want to integrate their DeFi projects with Kusama. A simple scenario: suppose a multi-chain custodial wallet wants to accept assets in Kusama, instead of integrating with all the parachains, it can just connect to this single "assets hub". The pallet can even be deployed to Kusama relay chain in theory.

   Comprate with Polkadot, Kusama is a better place to experiment innovation ideas. The parachains are not so expensive, and new community-driven pallets can also be added to the relay chain potentially.

2. We want to explore a novel collaborative pattern

   We described a roadmap to build a dark pool, and truly believe that it can only be done in Kusama ecosystem. However, it doesn't mean we can or should build it end-to-end. Phala team is good at devleoping TEE-based infrastructure and applications, but that's just a part. To make the final product a success, there are a few other necessary conditions:

   • Kusama parachains to offer rich native or bridged assets
   • ZKP-based private asset protocol to offer higher security
   • Teams with DEX experience to offer domain knowledge, community and operation

   So here we call for the community developers to join the effort to make the first-ever dark pool a real product.

3. Support from the Kusama community

   Of course, we would like to apply for Kusama tresury. In return, the Private Assets pallet will be built as a parachain (or a relay chain pallet), and it will be the unique assets gateway of the dark pool.

   Note that the dark pool is built on Phala Network, which could be a standalone Substrate blockchain, a Kusama parachain, or a Polkadot parachain. Phala Network provides the basic security of TEE environment, but it's irrelevant to the dark pool business logic. The dark pool will always commit to Kusama as the assets are on Kusama.

Progress

See the proposal application on Hackmd document for details.

Cybex team has developed a dex demo. The dark pool trading engine and Web UI will be based on this:

• Pallets for basic exchange functionalities, including account creation, order placing, order matching
  • Repo with doc: https://github.com/CybexDex/substrate-dex
• DEX web frontend
  • Repo with doc: https://github.com/CybexDex/Cybex.Dot
• Live demo: https://dot-uat.cybex.io/

Phala Network team has devleoped a confidential contract testnet. Phala is the infrastructure layer for confidential computation:

• Confidential smart contract testnet: https://app.phala.network/

Development roadmap

The following milestones are listed in a rough order. Some of them can be done in parallel, and some depend on other tasks. Depending on the progress of ZKP-based Private Assets module, the path might be different.

• M1-1: Private Assets

  • [$10k] 2 eng month; 1 runtime eng + 1 TEE eng
  • Basic functionalities
    • Lock the native token, relay chain token (KSM), and parachain tokens
    • User issued token for assets gateway
    • Assets withdraw
    • Transfer between the pallet and the trading engine
  • Will first implement the naive TEE-based version

• M1-2: Private Assets (ZKP)

  • [$40k] 4 eng month + 2 specialist eng month; supposed to be done by a specialized team (leave for a capable team)
  • Same functionalities as naive Private Assets, but whenever possible, switch to ZKP-based version
  • Integrate with ZKP wallet SDK
  • Receiving / sending ZKP token in TEE

• M2: Basic dark pool exchange in confidential contract

  • [$30k] 6 eng month; 1 runtime eng + 1 TEE eng + 1 exchange specialist
  • Implement the dark pool Confidential Trading Engine as confidential contract
  • Interoperable deposit / withdraw with naive Private Assets module
    • Migrate when a ZKP Private Assets module is ready
  • Overall tests of the trading engine

• M3-1: Cross-chain assets integration

  • [$5k] 1 eng month; mainly focus on runtime developement
  • Deploy Private Assets pallet as a parachain
  • Integrate with XCMP for relay-parachain and parachain-parachain assets transfer

• M3-2: Assets custody gateway integration

  • [$5k] 1 eng month
  • Integrate with centralized gateways and asset custody module to enable external token deposit and withdrawal.
  • Basic front-end for assets management and deposit / withdraw.

• M4: Productionalize ($10k)

  • [$10k] 2 eng month; TEE core developer
  • Secure TEE setup: implement replicated confidential contract in Phala Network
  • Liquidity sharing: open source service to provide liquidity between Cybex Dex and Bitcloak dark pool.
  • Documentation and deployable code.

Info about Cybex & Phala Network

• https://cybex.io
• https://phala.network
• Twitter: https://twitter.com/PhalaNetwork
• Kusama DEX proposal group: #KusamaDEX:martix.org