# Meeting Notes - Sandscreener ###### **Notes migrated from: https://docs.google.com/document/d/1dyGqvWF_vF_0F6L6x_hQb-NOws5fxAokLNiKQlYSvZM/edit on june 18* ### Sug 30, 2023 - How to move forward with Sandscreener - Based on the news last week solutions in the future will just block all addresses from TC, nobody will seek POI - Build zk into exclusion list- can prove anon by creating zk proof within the circuit. Sandscreener did it in a specific way with TC, this would be more general purpose. In most cases you are screened by your addy which is already exposed so no use case there. - Makes sense to build an exlist inside of the system (like pp or zkrollup), not always possible with existing systems. - Contact Aztec about exlist - Can build on https://app.sismo.io/ - Exlist is an open source chainalysis - Exlist proj is more data analysis than zk - - Progcrypto Speaker submission - Apply as Hodlon only - RG Proposal: https://hackmd.io/e661yIK4SIG0iDau2QphUg - M: do other projects need zk person re-allocate to that project - ZK circuit engineer - Alex talk to W and M - Hodlon talk to legal about what to do with Sandscreener stuff like the repo ### Aug 21, 2023 - Alex can sit in on RG meeting, will happen in 2-4 weeks. - Hackathon at DevConnect - focus on the tracking, analysing and understanding of the Exlist data. analytics seeding addresses, cross chain analytics. Dune analytics for our app. - Entering into hackaton would benefit Project. - Opportunity to integrate with zkrollups and apps, ensure on deposit stage that they are "clean" - - Breaking out Explist from Sandscreener - Technically can easily separate the blocklist into a separate smart contract from Sandscreener - - Asian confs in Oct - Figure out with catsnacks what best way to apply as joint presenters is - Where are the leaves being stored? - Concern comes from IPFS, as it's decentralised and data needs to be pinned. Not there forever necesarrily. Our leaves are ephemeral. If someone deletes blocklist from ipfs would be very hard to verify the root. - Worst case we can write the list (entire merkle tree) to the smart contract - - Can prover check again multiple lists at once? - UI can generate different proofs for different lists under the hood - Can integrate now - Folding proofs can save us gas-- write only once, don't have generate a proof for every exlist every time. - Would take some more work to develope - Alex will explore - Can github repo be used to manage blocklists (as a place to submit and manage before committing to IPFS) - How centralised is it, how easily could it be taken down - Use as management of the Exlist - The exlist is used on github like source code of any project - People can make comments, pull requests, etc - Can add transparency and credibility - Leaning on existing infrastructure that other decentralised projects already use #### Action Items - Alex: investigating arweave - Alex: Aggregating proofs for a Prover ### August 7, 2023 - UF meeting - Guilty until proven innocent - Legal clarity - https://www.circle.com/en/verite - - What is the state of Sandscreeners special project status? - Hodlon QA app - Alex will work on technical docs, and UI uploading - anti-spamming IPFS - IPFS uploading not related to smart contracts so can't gate uploads based on user roles (such as Editor) - Put ipfs API key in front end for now - We should focus on building an anti-fragile system to combat spam - Arweave is maybe a good alternative? - Alex will research arweave and further IPFS solutions - Does EF run an ipfs node or gateway? - App can check signature - orrr maybe pinata uploads can be gated by domain settings. - Improved user experience by allowing Editor to submit addresses directly into the app UI. ### July 31, 2023 - July Accomlishments - Onchain verification of the exclusion tree root that is used for the proof - Basic UI improvements - - Demo - Hodlon will demo on own and document and give feedback - (secret note = commitment [find deposit] + nullifier [invadiate the withdrawal so it can’t happen twice]) - Smart contract will verify nullifier is just used once - Define valid and invalid proofs - The "Auditor" role is better than calling it "verifier" becayse of other verification systems within - UF meeting - Initial meeting on Thurs, if want to see demo or more can scheudle a follow-up with Alex incl. - Questions for UF - How does a tool like Sandscreener benefit the UF/Uni? - How would Uni want to use a tool like this? - What level of trust/authenticity do you require for blocklists? - Would prefer to check against all pools, or choose which pool to check exclusion tree against? - Willing to participate in the exclusion list governance? - Axiom ### July 24, 2023 - SBT's - Verify the root of the xclusion tree - Submit IPFS hash and the root at the same time - Assumption: hacker doesn't move funds - Would have to generate a new token for every change to the exclusion list when the merkle tree changes - - Putting blocklists onchain - In order to submit IPFS hash, must submit root of merkle tree (exclusion tree with bad committments) - Commitments in the tornado contract - IPFS hash of the json file that contains addresses, then merkle tree computation done off chain based on that hash. - Verification of the root is done on the FE - This functionality can be added in a few days of work - The reason we're generating the merkle tree with the bad committments is to put the committments on chain can be proven to be the correct data/addresses. - IPSF hash is the human readable source, it's the way to view the source of the data. The way to prove what data is in the merkle tree. It's the single source of truth. - Editor > IPFS hash > Merkle tree - Issue 1: - nullifier hash is generated when withdrawaling from TC. Sandscreener can then associate the null hash with a withdrawal address. - Can store null hash and With addy in contract when user proves their innocence. - The chain doesn't contain the data about which address the null hash is sending to - Verifier finds the nullifier via an offchain method (like looking on etherscan) and plugs that into Sandscreener. - (We could proactively record the null hash and with addy in sandscreener, not feasible) - Sandscreener UI can run script to give null - 1) user puts secret note into UI which writes that nullifier was proven clean to smart contract. 2) verifier comes to UI and puts in address which grabs nullifier hash and verifies that the note is clean ### July 10, 2023 - SBT discussion (https://hackmd.io/@sandscreener/SJaAm_HF3) - Anyone can mint an SBT with a fake blocklist in 100% decentralised system - Blocklist is not verifiable onchain - The only check we can do is that it's from a TC pool - pick committments out of the deposits and check against those. It's not final state. Tehcnologically more demanding, solution could be recursive ZKP's as you're folding things into the proofs. - Can mint SBT, cannot check real state of blocklist data to ensure it's not fake. Mint SBT and record root of blocklist tree. - Create a federated system? Deploy server to do the offchain checks. - Need a crosschain oracle in order to do this on Polygon. More broadly - Sandscreener should be deployed to every chain where Tornado is deployed, if anyone is interested in proving for that chain. - The conclusion on SBTs: - We need to record the state of the blocklist together with the proof for anyone to validate it in the future (the structure in the contract can look like **{proof, blocklistTreeRoot, timestamp}**). Minting the SBT together with that is optional and serves more like an "achievement badge", e.g., "First time I used Sandscreener was on {that day}!", because any SBT would still need the validation of the blocklisted commitment Merkle tree (MT) root; - It is possible to prevent "spamming" the registry with invalid proofs. For that, a trusted party should calculate and sign the blocklist MT root. This way, the Sandscreener contract would only allow the proofs with valid signed exclusion tree root to be recorded. The open question is **who's the trusted party**. It can be the "Sandscreener DAO", and then the auditors (and probably users) would later re-verify the blocklist roots used for the proof. It can also be Auditors, and then the users would want to re-verify the roots (**TBD**). - The situation of proving for a wrong address (i.e., not using the address that actually received the withdrowal from TC) goes against user's best interest so it's unlikely that someone would do that intentionally, but it's nice to have a validation in the frontend and prevent the user from "spending" the proof on a wrong address. - Tap into RaidGuild freelance network? - ### July 3, 2023 - This week: - Alex: Soulbound tokens this week, update readme. - Hodlon: Post Project Updates, work on speaker applications, work on blocklist proposal - Conference Presentation - Title ideas - Sandscreener: Proof of Innocence for Tornado Cash - Devconnect flights - June Project Updates - https://hackmd.io/xuuOKaxkQzGmRLc7AmnA_w - UI dev update - wallet connect TXT record worked - Events: https://docs.google.com/spreadsheets/d/1LMALB6a9DOTmkyvZkgWVSIetwELKNws_lzocVOLlzLo/edit#gid=0 - Create a tutorial for people to try out the software - ### June 26, 2023 - Graph - Chainway using TC graph - Works really well with no need to write a lot of code - commitments (POI) vs addresses (sandscreener) - Chainway using recursive ZKP for TC Nova as well as classic, Sandscreener for classic TC only right now - Roadmap to hard launch - basic app UI - no need to add extra repo - have the monorepo - Hodlon make ticket for Alex to map sandscreener repo to subdomain - Hodlon Delete app.sandscrenner.io repo - blocklists - Hodlon cont to write the proposal - Start with centralized list, create roadmap to decentralize - Make blog post / writeup - Need to create a technical solution for funds that re-entered into TC - documentation - Hodlon cont to work on getting this up. - Graph integration - Alex working on now - Soulbound tokens - Alex can get done in July - Job/grant description - App UI - Website (JS, CSS) - Can get funds for posting small bounties on gitcoin or similar web3 bounty platform, report how money was spent - Hodlon follow up to see if this is possible - Events - EthCC Paris, July 17-20 - ETH Toronto, Aug 15-16 - ETH Montreal, Sept 18-21 - Goal is to get adoption by Protocols and CEX's but also primarily to get acceptance by general ecosystem - We can be proactive about finding events to speak at - look at previous year speakers, videos, etc - Hodlon: follow up with Chainway - Project updates - https://hackmd.io/xuuOKaxkQzGmRLc7AmnA_w - technical and non-technical - monthly - Go out on blog ### June 19, 2023 - Alex updates - Graph is integrated into the backend by Alex - SBT work next - Non-technical feedback - Need more people for contributing and boucing ideas off each other - Gitcoin started as a bounty program - People wanting to contribute to blockchain projects - Figure out how to setup grants - We need to be sure about what we need exactly, well defined bounties. - How do we find events to attend? - Asking - Current key management of smart contract? - .eth wallet (for web3 apps like mirror) - owner = auditor, can grant role to someone else. initial deployer can make someone an owner and auditor by revoking from themselves. - Built for centralized, each deploy - owner and auditor not distrinquised in contract right now. - Find - Blocklists - how are they managed? - Wiki - Snapshot - SBT for contributors, build reputation - Find/indentify parties, they form multisig (represented by one address), then we deploy contract and in same tx assign their address as multisig - Multisig can add and remove, and address will stay the same - Change "auditor" to "admin" or some other name. - Admin approves proposals from community - Proposal system people can contribute to that adds or removes addresses from the contract - Anybody can create a blocklist hash via 3rd party service like Pinata. - Migrating project description to this HackMD team space - They will all be consolidated into docs anyway Website: - Review copy: "Sandscreener is an open source tool that allows its users to prove that cryptocurrency withdrawn from Tornado Cash is not associated with hacked or illicit funds, without revealing the source of those funds." - "It does this using Zero Knowledge Proofs" or - It does this using Zero Knowledge technology" or - "It does this using Zero Knowledge Proofs and a combination of community managed blocklists and soulbound tokens." <-- this one - What is Sandscreener - see icon sheet - What are the "features"? - Uses Graph protocol to index - Can be run within a centralized - ready to integrate into a fully decentralized system or centralized - Mints soulbound tokens to - Proves against specified blocklist in anon way - License - Delete this ### June 12, 2023 - Various community members have noted that Sandscreener is unique from a technical perspective, appreciation for implementation. - Events/hackathons - We should go to as many events as we can - Dystopia Labs https://dystopialabs.com/ - Check with EF to see what they can/will support - Currently built for centralized services - if built in a decentralised way then can integrate with everyone - Can build a simple switch to tell which backend to use (graph or own indexer) - Hodlon to make github ticket for graph switch <<< - UI: step one prove innocence on chain (can choose which blocklist via dropdown they want to check against, choose pool 0.1-1-10-100 ETH etc, also can choose to check against all), step two switch to L2 to record address to smart contract, step three mint soulbound NFT that corresponds (one of these two, most likely SBT) - Decentralized smart contract should be governed by community – but how? - Can deploy smart contract and then xfer ownership (editor) to a multisig and invite anyone to participate in the multisig - Sandscreener currently built for supporting multiple editors/blocklists that are created independently by community. Can choose against which blocklist - The smart contact right now is used to keep track of all the blocklists. It’s storing ipfs hashes of each blocklist - Every time a new blockist is submitted, hash changes, and user needs to re-check to get updated soulbound token, like expired drivers license - Hard Launch - Landing page - App page - Docs page - Graph integration - Soulbound token minting - Hodlon post follow-up to this meeting in Tg and Discord <<< -