Singularity's Architecture

Metamask/Web3 Integration

In the current version of The Singularity, traders engage with the protocol directly via any web3-enabled web browser. All notes are formatted human-friendly and are stored and backed up by users locally. In order to maximize the privacy of the user, all proofs are generated locally on-device within the browser.

On-chain Singularity

The Singularity is an on-chain smart contract that pools together assets of all types from all traders. It is named this because to outside observers all protocol transactions appear to come from this one smart contract. In this way, it provides anonymity to its users, where more users mean greater anonymity.

The Singularity uses a multi-asset UTXO model. This means that assets of different types share anonymity with each other, helping to increase overall privacy for low-liquidity assets.

Notes

To participate in the protocol, traders must first deposit assets into the singularity. During this process, the trader creates a zero-knowledge note that contains all the information about their deposit: the asset type, quantity, and the owner. These key pieces of information are only known to the trader.

Like normal UTXO based models, traders can use multiple notes as inputs to transactions, or even merge multiple notes into one.

The total balance of the trader in the protocol is represented by the sum of all their unspent notes (see below for details on spending). Since only the trader knows the details of their notes, their balances are fully private. In this way, the singularity can be used for mixing.

Note that because deposits necessarily come from a standard on-chain address, they should not be considered anonymous or hidden. A similar argument exists for withdrawals. While deposits and withdrawals should not be considered private, all interim transactions can be considered private.

Notes and 1—1 affiliated note footers are defined as follows:

Footer = H(H(rho), pub_key)
Note = H(asset, amount, Footer)

And nullifiers are defined as follows:

Nullifier = H(rho, pub_key)

for MiMC hash function H and some randomly generated field value rho. The pub_key is a Schnorr public key where the corresponding private key is used to authorize transactions.

When creating notes, the note is appended to an append-only Merkle tree and the root of the new Merkle tree is stored permanently.

When spending a note, the user must reveal the corresponding nullifier, and prove in zero-knowledge that (a) the nullifier is related to the note and (b) the note is in the Merkle tree. The smart contract will check that the nullifier is unique and that the proof is valid.

Any of these stored Merkle roots can be used (allowing for writes to happen concurrently with reads) but users should prefer the latest Merkle root for their own privacy.

New user capabilities are onboarded with the accompaniment of new verifier contracts. These verifier contracts are generated from the Noir ZK circuits and are used to handle the proofs submitted by users ensuring that only funds/notes they directly own are capable of being spent by the contract on their behalf.