paint-brush
Zkp2p: The End of Centralized Exchangesby@thebojda
1,058 reads
1,058 reads

Zkp2p: The End of Centralized Exchanges

by Laszlo FazekasNovember 26th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Zero-knowledge-proof technology can be used to verify transactions using email. Payment solutions such as Venmo send emails when a transaction takes place. Using zkSNARK, we can prove off-chain that the signature in the email is valid. The outcome of this process is a zero-knowledge proof, that can be cheaply verified on the smart contract.
featured image - Zkp2p: The End of Centralized Exchanges
Laszlo Fazekas HackerNoon profile picture


One of the most important features of blockchain technology is decentralization, yet there are plenty of centralized components involved in operating the ecosystem. One such component is the centralized exchanges.


Actually, creating a decentralized on-chain exchange is not a big deal. You need a smart contract that the seller can use to lock up their assets and publish their prices. Once someone pays the asset price to the smart contract, the smart contract transfers the asset to that person and transfers the asset's price to the seller. This works great when the transaction can be made on-chain, but what if we want to buy assets using fiat currency like USD? In that case, you need some kind of off-chain component, an oracle or exchange, to facilitate the transaction (of course, for a fee).


Azkp2p provides a solution to this problem. Payment solutions such as Venmo send emails when a transaction takes place. These emails contain a DKIM signature, thus proving that the transfer has taken place. zkp2p takes advantage of this. The process is very similar to the on-chain exchange mentioned earlier. The seller places the asset they wish to transact on a smart contract and specifies its price in USD, as well as the account number. If someone wants to buy the asset, they can lock it on the smart contract for a certain period. By the deadline, they must pay the amount to the given account number and prove the payment with an email validated by the DKIM signature. If the proof is successful, the smart contract will transfer it to them. The process, in essence, is simple, but the implementation is far from trivial.


Verifying a DKIM signature on-chain with a smart contract would be very expensive. It would involve uploading the entire mail, computing the hash, and verifying the RSA signature. Furthermore, the mail might contain sensitive information. Fortunately, there is a solution to this problem: zero-knowledge-proof technology, more specifically, zkSNARK. Using zkSNARK, we can prove off-chain that the signature in the email is valid and that the data being shared publicly with the smart contract (typically amount and target account number) is also valid. The outcome of this process is a zero-knowledge proof that can be cheaply verified on the smart contract. With this solution, email verification can now be efficiently achieved.


zkp2p is built upon thezkemail package, which is a general library for validating emails via DKIM signatures. With the help of their demo project, for example, we can validate our Twitter account by its password reminder email and mint ourselves a Twitter Badge on-chain. zkp2p takes it one step further and extracts the necessary data from the Venmo email using regular expressions, thus proving the payment.


The solution is simply genius, and there are plenty of possibilities with it. In the long run, it may make centralized exchanges meaningless since we can send money directly to the seller and verify the transfer on-chain with the help of zkSNARK derived from email. It should be noted, however, that this solution is a hack. The email format and digital signature public key may change at any time, causing the solution to malfunction as the regexp will not work properly, and the signature will not be legitimate. There could be a very simple solution, but this requires payment services to recognize the potential of the crypto market and issue Ethereum-friendly receipts instead of DKIM-signed emails.


The simple solution would be for the payment provider to include a JSON file in the e-mail attachment containing the necessary data (recipient account number, transferred amount, unique transaction ID, etc.) and anEIP-712 signature. The data and signature can be easily and affordably validated with a smart contract, and any payment provider could easily implement it (you can find a full tutorial in my article).



Hopefully, in the future, more and more payment service providers will support payment confirmation either through the way I described above or through DKIM-signed emails, making the crypto ecosystem even more decentralized and free.



If you're interested in zero-knowledge-proof technology, here are a few more of my articles on the topic: