This repo contains a MVP, WASM compatible zkSNARK of barrywhitehat's original Miximus. Details of the construction are as follows.
Miximus is an anonymous cryptocurrency mixer using zkSNARKs. A full implementation allows users to deposit coins into a smart contract as in Ethereum or blockchain runtime as in Substrate, create a leaf in a merkle tree with some secret data, and then withdraw these coins anonymously by providing a zkSNARK over data in the merkle tree. The proof allows a valid depositor to prove they deposited coins into the merkle tree without enforcing that the withdrawer show which leaf they are proving over.
To use Miximus on a blockchain, one must ensure participants cannot double spend/withdraw coins. This is done by using a zkSNARK that proves knowledge of a preimage P for a leaf L in a merkle tree T such that P is the concatenation of a nullifier N and a secret S.
The private inputs of the zkSNARK are:
- The secret S.
- The merkle authentication path PATH.
The public inputs of the zkSNARK are:
- The nullifier N.
- The merkle root T.
The zkSNARK ensures in zero-knowledge that HASH(N|S) is a valid leaf by using it to reconstruct T using an authentication path PATH. Since the nullifier is a public input, this can be recorded in a persistent manner to ensure users can't prove knowledge of deposits more than once as each nullifier is only good for a single leaf. A simple boolean check on a blockchain runtime prevents double spending from occurring.