Silent Protocol: Enabling Confidential DeFi on Ethereum

    Matthew Fiebach

    Key Takeaways

    • Silent Protocol aims to bring privacy to Ethereum dApps without sacrificing application composability or UX.
    • The protocol achieves this through implementing the EZEE framework, a novel solution that uses an anonymity set, asset transfer channels, zk-SNARKs, and secondary wallets dubbed “stealth addresses” to interact with smart contracts privately.
    • A committee of trusted members can decrypt transactions to reveal the sender, recipient, and amounts involved to circumvent potential sanctions.
    • Silent Protocol is currently live on testnet. The technology is highly experimental, and there are potential risks associated with using it.

    Subscribe to 0xResearch Daily Newsletter

    Despite common misconceptions, blockchains are transparent systems that don’t offer privacy by default. A user's transaction history, including their assets and counterparties, can easily be tracked with a simple address. Traditional finance offers some degree of privacy-preserving transactions, whereas DeFi transactions are immutably ingrained in the chain's history for anyone to uncover.

    If a person is buying a coffee with USDC, it is required to reveal their net worth, income, and spending habits. There is a good chance they would prefer to make that payment on TradFi rails to retain privacy over that information. Therefore, privacy is required for crypto to reach mass scale. Silent protocol aims to bring privacy to Ethereum dApps without disrupting functionality through its EZEE framework.

    Background On Blockchain Privacy

    Many attempts have been made to improve privacy on blockchains, but these solutions often come with limitations. For instance, zCash achieves privacy for simple transactions but cannot support a dApp ecosystem. This type of constraint is referred to as data privacy, and zCash is considered a monostatic system. In a monostatic system, the functions that can be called are predefined and fixed, and users can only interact with the system in a limited way.

    Functional privacy, which preserves confidentiality during the execution of arbitrary smart contract functions, is an essential prerequisite to creating a vibrant concealed blockchain ecosystem beyond a single use case such as digital currency.

    In 2018 a team of researchers, including some members of the zCash team, released the ZEXE whitepaper. ZEXE is a framework based on zCash that aims to achieve functional privacy for use cases such as decentralized exchanges or borrowing and lending protocols. Some L1s, like Mina and Aleo, have created blockchains using the ZEXE framework. Although these L1s achieve functional privacy, they do so at the cost of composability.

    The challenge of achieving both composability and privacy arises from the use of zero-knowledge (ZK) proofs. This predicament, known as "State Denial," requires sharing data to allow inter-function calls where one application interoperates with another. However, this data sharing compromises privacy.

    Other privacy frameworks besides ZEXE, such as zkHawk, smartFHE, and zether, also achieve functional privacy. Still, all suffer from the problem of dApp isolation, where facilitating privacy is a tradeoff with onchain composability and shared state. Given the success of “DeFi Legos” and the value proposition of interoperability, this unacceptable tradeoff between privacy and composability has led to low adoption of privacy-preserving protocols.

    Functional privacy implementations may offer opt-in dApp composability, where data is shared with an off-chain prover to enable interoperability. However, in such scenarios, most privacy assurances are lost.

    Zether and the EZEE Framework

    EZEE is a novel framework aiming to achieve data and functional privacy while retaining dApp composability. The structure is inspired by the Zether “deposit and freeze” model, where a user deposits ETH into the Zether smart contract, and an equal amount of ZTH (concealed ether) is minted, which they can control. The user can then call on the smart contract to transact ZTH within a closed loop. This assures confidentiality, meaning that the number of tokens sent is obfuscated.

    The user can also give other smart contracts, such as a DEX, control of the ZTH, freezing the ZTH so that they may interact with smart contracts confidentially. Notably, this privacy framework can be applied to any account-based chain, such as Ethereum, Solana, and Binance Chain. Unfortunately, dApps built compatible with Zether cannot communicate with one another.

    With the EZEE framework, similar to Zether, the user locks their ETH into a smart contract. This is known as the encryption layer. EZEE Signals, the main innovation, then enable the creation of asset transfer channels and utilizes new secondary wallets (application-specific stealth addresses) at the base layer that can interact with a smart contract on behalf of the user.

    Under EZEE, a single user can have many secondary wallets with obfuscated ETH split between them. This layer is known as the execution layer and should mean the original user and the end smart contract execution actions remain extremely difficult to link. The secondary wallets can interact with DeFi applications like ordinary wallets, so composability is preserved.

    One way of thinking about EZEE is through a “mixer” framework. Many users deposit ETH into a smart contract which acts like a mixer, pooling the ETH together. The smart contract then enables the creation of new wallets controlled by the primary wallet that deposited into the encryption layer. This creates privacy in a similar manner to mixers like Tornado Cash, though it enables far more use cases. This mixer concept is more commonly called an anonymity set or a ring. The EZEE framework can also be implemented on many account-based chains, not solely on Ethereum.

    Silent Protocol

    Silent Protocol on Ethereum is the first implementation of EZEE, which is live on testnet and still under development. Silent Core is the encryption layer, a smart contract on Ethereum where users deposit ETH and ERC20s. zk-SNARKs are used to maintain end-user confidentiality, enabling users to prove their transactions' correctness without revealing any transaction details.

    Users will be able to anonymously call the “toezeeid” function on the Silent Core contract, which creates an EZEE signal (anonymous transfer channel) and a subsequently funded application-specific stealth wallet. Calling toezeeid and creating the stealth address just requires the sender to prove that they have knowledge of their secret key, that their balance is sufficient for the amount, and that the amount is correctly subtracted from their balance.  

    “Fromezeeid” works very similarly, it utilizes the asset transfer channel for closing the stealth wallets and sending all assets back to the Silent Core contract. Anonymous transfers can be made to other users within the contract, and tokens can always be unlocked back to a mainnet address through Withdrawal. One very notable aspect of Silent Protocol is users can withdraw to a separate wallet than the primary wallet that deposited, including a newly created one.

    0dapps are simple UIs that facilitate the toezeeid and fromezeeid processes. No technical changes are necessary and there is no permission required for their deployment. The project’s (such as Uniswap or Aave) frontend must be modified with the 0dapp, which will be achievable with Silent Protocol’s SDK.

    The Silent Core Committee

    To remain compliant and not end up like Tornado Cash, Silent DAO has a compliance committee. To use Silent Core, users generate two sets of key pairs (spending and viewing) and encrypt their “viewing” keys with the compliance committee public key. In the case of suspicious activity, the committee can decrypt transactions to reveal the sender, recipient, and amounts involved, effectively circumnavigating the privacy services provided by the protocol.

    Decryption requires multiple committee members’ approval and leverages verifiable secret sharing and zero-knowledge proofs. The risks of this approach include intentional abuse by the compliance committee or the case in which members of the committee are compromised. Information about the committee has yet to be shared. This is a significant attack vector that must be noted, though it is important to hopefully circumvent potential sanctions.

    Low-Level Tech [Trigger Warning]

    Silent Core is the protocol’s implementation of a Multi Asset Shielded Pool that functions as the encryption layer, pooling users’ funds to create privacy. The Silent Core contract allows users to make anonymous transfers, deposits, and withdrawals using additive ElGamal encryption on the Baby JubJub curve along with zk-SNARKs. These technologies allow end users to prove they have encrypted their data correctly, such as that they actually have enough funds in the Silent Core to do a toEZEEID call. In other words, the technology is used to verify the zk-SNARK proof. Each transaction updates the states of accounts that are included in the randomly generated anonymity set.

    Upon calling fromEZEEID and properly proving the access to the private key and its associated balance, an EZEE signal message passing protocol creates a channel between the encryption and execution environments. More technical details can be found here.

    Risks and Concluding Thoughts

    EZEE and Silent Protocol are still in development and are highly experimental. While they offer promising solutions to the challenges of privacy and composability, they still need to be battle-tested in a mainnet environment. As with any emerging technology, there are inherent risks involved, including potential smart contract vulnerabilities, protocol bugs, and the possibility of unforeseen attack vectors.

    Additionally, the governance structure of the protocol, which relies on a compliance council, raises questions around centralization and the potential abuse of power. Therefore, caution should be exercised when using Silent Protocol, and users should be aware of the risks involved.

    Privacy is often overlooked in the crypto space, but it is a crucial component for the sustainability and adoption of blockchain technology. Ethereum's co-founder Vitalik Buterin has acknowledged the importance of privacy and has proposed a similar solution to Silent Protocol himself. The development of privacy infrastructure is essential for enabling secure and private transactions and attracting a wider user base, including businesses and institutions.

    Silent Protocol Sponsorship Disclosure

    This report was made free thanks to a sponsorship from the Silent Protocol team but maintains a 100% unbiased nature. The sponsorship's sole influence was on the scope of the report.