Lido Grants - Funding & Exploration of ZK-Proof Trustless Oracles
- Lido DAO (via Lido Ecosystem Grants Organisation) is funding a number of initiatives aimed at reducing possible oracle attack vectors through the use of supplementary trustless zk-proof TVL oracles.
- LEGO council accepted proposals for funding from both =nil; Foundation and Metacraft Labs to explore an additional sanity and correctness check using zkLLVM technology for the TVL accounting oracle. The grants are aimed at building trustless accounting technology and would, if implemented, function as additional oracle checks rather than complete replacements for current accounting oracles.
- Supporting a trustless oracle solution resonates with a key goal of the Lido DAO: reducing dependence on trust within the community and bolstering the decentralization of the protocol, a principle exemplified by the Lido Scorecard.
What’s the idea?
In short, the aim is to report Lido's total value locked plus active and exited validator counts to a dedicated Execution Layer contract (in a verifiable and trustless manner using zero-knowledge proofs).
The current reliance on trusted oracles inevitably introduces additional security risks to the Lido protocol as well as economic overhead to the DAO.
Firstly, the reliance on trusted oracles in liquid staking protocols poses some risk. These oracles have the power to influence token prices within the protocols, potentially favoring certain users and shifting profits disproportionately. This centralized control contradicts the fundamental principles of decentralization and trustlessness that underpin blockchain technology.
Secondly, the oracles in question control a substantial amount of funds within the protocol. To ensure their continued participation and prevent potential defection, it is essential to provide them with adequate compensation.
The proposed zero-knowledge circuits offer a versatile solution that could supplement centralized oracles, providing a fixed-cost approach through proof validation on-chain. This approach has the potential to bolster the security, decentralization, and economic efficiency of the TVL oracle accounting process, and could be expanded to more oracles in the future.
How is a trustless solution more secure than a consensus-based one?
A trustless solution guarantees the correctness of the oracle report by verifying a zkProof and anchoring the report and proof to the blockchain state. This eliminates the need to trust the oracle operator or other involved parties. As long as the report passes all checks, it is considered legitimate, even if the sender is compromised.
Solution 1 - =nil; Foundation
Lido protocol users stake their ETH, receive stETH liquid tokens, and enjoy the rewards generated by their ETH assets while validators from the Lido node network perform their duties.
These rewards are distributed to stETH holders based on the regular accounting report, which contains crucial information such as total value locked in staking, active/exited validator counts, withdrawal and rewards balances, and more.
The ZK check verifies that the computations performed on the data are correct.
The proof includes the expected algorithm encoded in the circuit compiled by zkLLVM, with additional witness data to allow for checking if the oracle utilized the correct data. This ensures that the correct computation was performed on the correct data.
The solution involves three main components: the contract, the oracle, and the proof producer.
- Contract: The contract receives the report and additional witness from the oracle, and orders zkProofs directly from the EVM via the Proof Market EVM Endpoint. It performs necessary checks, such as verifying the zkProof with the zkLLVM verifier contract and comparing the Beacon Block hash against the expected value. If all checks pass, the contract stores the report for future retrieval; otherwise, it rejects the report.
- Oracle: The oracle obtains necessary information from the Consensus and Execution layers, computes the report (including total locked value and validator counts), and produces additional data required for proof generation.
- Proof Producer: The proof producer selected with an algorithm from the distributed network of provers on Proof Market takes the input from the oracle and runs it through a ZK circuit compiled with the use of zkLLVM, generating a zkProof. This circuit replicates the computations performed by the oracle, creating a verifiable trail of operations.
Of particular note, the zkLLVM-based TVL zkOracle (aptly named Lido Validators' Balance zkOracle) focuses on verifying the key part of the accounting report – the total value locked (TVL) It does this by automating in-EVM historical data access and leveraging zkLLVM( with the ultimate goal beinga higher level of security for Lido Protocol oracle accounting).
To facilitate this process, Proof Market EVM endpoint, a recently released gateway interface, enables provable computations composability for all EVM applications. This allows proofs for Lido's zkOracle computations to be ordered directly from the EVM via Proof Market on Ethereum meaning there is no direct hardware cost to the Lido protocol side.
The zkProofs generated by the decentralised network of proof generators on Proof Market will be submitted directly to the Lido Ethereum application for final verification.
Video Demo + Extra Reading
The demo below showcases end-to-end operation of zkLLVM-based oracle+contract computing total value locked (TVL) and active and exited validators in a controlled environment.
- Video: ZKLLVM Oracle Demo
- Description: ZKLLVM Oracle Demo transcript
Implementation and a source code
=nil;’s solution is fully functional, delivered under open source MIT licence and can be deployed or tried out from following repositories:
Solution 2 - DendrETH
The DendrETH project from Metacraft Labs promised two distinct technical avenues.
The first leverages a fixed set of withdrawal credentials within a liquid staking protocol. This approach requires no adjustments to the smart contracts overseeing deposits, and permits DendrETH's zero-knowledge circuits to identify validators linked to specified withdrawal credentials seamlessly.
The second approach involves a Merkle Accumulator for a Validator Set. This caters to liquid staking protocols with multiple operator dynamics. Here, smart contracts governing deposits are modified to monitor operator-specific validator sets. This is achieved through a binary SHA256 Merkle tree (in order to facilitate efficient proofs for specific operators).
The ultimate goal remains a practical iterative computation, striving to merge updates with as little latency as possible.
Importantly, there is a chance gas costs could remain constant under this approach (i.e. not affected by Ethereum validator set size), although the jury is still out on whether this is practically possible. Verification is, though, yet to be designed and implemented.
All components of the system will be fully open source (GPLv3). MetaCraft Labs will strive to provide comprehensive guides for operating instances of our proof generators and relay nodes, as well as easy-to-use packages for most operating systems (i.e. docker images).
Next Steps
By supporting fundamental initiatives focused on decentralization and trust reduction within the oracle accounting process, LEGO showcases a mutual commitment to addressing the challenges posed by centralized oracle accounting.
These grants underscore a collaborative effort to alleviate the trust burden associated with this process, presenting a promising avenue toward resolving these concerns and the greater decentralization and security of the Lido Protocol.
It should be noted that ZK technology is still in its infancy and requires additional experimentation, testing and auditing before feasibly moving to a fully operational ‘stand-alone’ status.
If the utilisation of zk-proof technology proves efficient, secure and beneficial for the operation of Lido Protocol oracle accounting, there is potential to gradually roll out broader functionality throughout the oracle set moving forward.
Improvements to the Lido protocol continue to push the boundaries of trust-minimization, ensuring the utmost security and reliability for its users, shaping a future where trustless data access and verification is the norm, not the exception.