![](https://cdn.dorahacks.io/static/files/18916b06e4f3b9a0f0240fa407aaaa88.jpg@256h.webp)
ZK Mixuper
![](https://cdn.dorahacks.io/static/files/18e001ad55744383126205a4e99a3af6.jpeg)
![](https://cdn.dorahacks.io/images/hacker-avatar/1.jpg)
![](https://cdn.dorahacks.io/static/files/18e007c3df275ba189acdd64cfcb4f7a.jpeg)
![](https://cdn.dorahacks.io/static/files/18e0080e58861912b4d3a5a4f70b4e27.png)
![](https://cdn.dorahacks.io/static/files/18e008077bfa6b989c882ef4d38a2c3c.jpeg)
ZK Mixuper provides greater privacy when transferring funds on Cardano.
ZK Mixuper is developed to allow users to transfer funds anonymously.
The app user-flow consists of two steps: 1 - deposit to a pool with a specific nominal e.g. 100 ADA from a compromised address, 2 - withdraw you funds using generated on step 1 secret from the same pool to a fresh uncompromised address.
Our service allows users to deposit in ADA. To interact with the app, users need to connect their wallet to the service. At the moment we provide an option to connect all wallets that support CIP-30. After connecting a wallet, selecting a pool and signing the transaction user receives a note which he must save. This note will be required to withdraw funds from the pool. User deposits are stored in a Merkle Tree as "commitments", a commitment is a hash digest of users secret.
The user who has the note can enter it on the website, fill in the address to receive funds and withdraw them. The verification service is based on zero knowledge proof: user wants to proof the ownership of deposited funds by constructing a zk-proof. It makes use of users secret by proving its hash is contained in the Merkle tree of deposits.
Haskell (Plutus, Plutarch), TypeScript (node.js, React, lucid), Aiken, Circom
Our project is inspired by tornado, pairing, cardmix.
We faced with Cardano on-chain limitations:
We plan to do much more script optimization and redesign the user flow, splitting the proof validation and withdrawal process into several steps to help us stay within Cardano's on-chain limitations. Another option is to use new plutus builtin functions for pairing and group operations, when CIP-0381 will be included in new network update (hardfork). In parallel there is an option to deploy existing protocol into a hydra head with changed protocol parameters, that have more generous execution units limits.