Skip to main content

28 March 2022 - Misha Volkhov


Misha Volkhov



Zswap: zk-SNARK Based Non-Interactive Multi-Asset Swaps



Privacy-oriented cryptocurrencies, like Zcash or Monero, provide fair transaction anonymity and confidentiality, but lack in important features compared to fully public systems, like Ethereum. Specifically, supporting assets of multiple types and providing a mechanism to atomically exchange them, which is critical for e.g. decentralized finance (DeFi), is challenging in the private setting. By combining insights and security properties from Zcash and SwapCT (an atomic swap system for Monero), we present a simple zk-SNARKs based transaction scheme which is carefully malleable to allow the merging of transactions, while preserving anonymity. Our protocol enables multiple assets and atomic exchanges by making use of sparse homomorphic commitments with aggregated open randomness, together with Zcash friendly simulation-extractable non-interactive zero-knowledge (NIZK) proofs. This results in a provably secure privacy-preserving transaction protocol, with efficient swaps, and overall performance close to that of existing deployed private cryptocurrencies. It is similar to Zcash Sapling and benefits from existing code-bases and implementation expertise.



Misha Volkhov is a PhD Student in the School of Informatics at the University of Edinburgh. He holds a Master's degree in computer science and cryptography (MPRI, Paris). His interests include proofs of knowledge, multiparty computation protocols, and formal verification.