Shroud Protocol

Documentation

Everything you need to understand and build with Shroud Protocol.

Introduction

Shroud Protocol is a privacy-preserving mixer built on the Casper Network. It allows users to deposit CSPR into a smart contract and withdraw it later to a different address, effectively breaking the on-chain link between the depositor and the recipient.

This is achieved using Zero-Knowledge Proofs (ZK-SNARKs) powered by Groth16 and MiMC hashing, ensuring that the protocol is secure, non-custodial, and trustless.

How It Works

1. Deposit (The "Locking" Phase)

When you deposit CSPR, the protocol generates a digital "secret note" for you.

  • Secret Generation: Your browser generates two random numbers: a secret and a nullifier.
  • Commitment: These two numbers are hashed together to create a Commitment. Think of this as a sealed envelope containing your secret.
  • On-Chain Transaction: You send the Commitment and funds to the smart contract. The contract adds your commitment to a Merkle Tree but never sees your secret.
  • User Action: You receive a Secret Key. You must save this to withdraw later.

2. Withdraw (The "Unlocking" Phase)

When you want to withdraw, you use your Secret Key to prove you own one of the deposits without revealing which one.

  • Proof Generation: You paste your Secret Key and enter a Recipient Address. The frontend uses snarkjs to generate a Zero-Knowledge Proof.
  • ZK-SNARK: This proof mathematically demonstrates that you know a secret/nullifier pair for a valid commitment in the Merkle Tree, without revealing which one.
  • Nullifier: The proof includes a Nullifier Hash to prevent double-spending.
  • On-Chain Verification: The smart contract verifies the proof and sends funds to the recipient, breaking the link between depositor and recipient.

Architecture

Smart Contracts

Written in Rust using the Odra framework. Handles deposits, manages the Merkle Tree state, and verifies ZK proofs to authorize withdrawals.

ZK Circuits

Written in Circom. Defines the constraints for the ZK proof, ensuring that the user knows the secret corresponding to a valid leaf in the Merkle Tree.

Frontend & CLI

Interfaces for users to interact with the protocol. The frontend performs client-side proof generation using snarkjs.

Developer Guide

Prerequisites

  • Node.js v18+
  • Rust v1.70+ (for contracts)
  • Casper Wallet Extension

Installation

git clone https://github.com/yourusername/shroud-protocol.git

cd shroud-protocol

./scripts/install_dependencies.sh

Running Locally

cd frontend

npm install

npm run dev