Confidential Assets (ZK-ElGamal)

[4meta5]

WIP supersedes #420 by replacing FHE with ZK ElGamal as the cryptographic backend for Polkadot Confidential Assets

This work will be moved out of this repository for #421 and does not need to be merged here.

TODO:

• DESIGN.md outlining architecture implementing ZK ElGamal backend for Polkadot Confidential Assets
• pallet-zkhe: implements an on-chain cryptographic backend for confidential transfers mirroring the Solana Confidential Token implementation.
• pallet-confidential-assets: implements the OpenZeppelin Confidential Contracts Standard for multiple assets.
• confidential-assets-primitives: shared types and traits
• zkhe-primitives: shared curves, types, transcripts to keep verifier and prover in sync such that only valid proofs pass verification
• zkhe-verifier: no_std verifiers used at runtime to configure pallet-zkhe::ZkVerifier
• zkhe-prover: std-friendly helpers to construct proofs that pass verification iff valid
• tests between verifier and prover in std environment (verifier pallet unit tests)
• feature: on/off ramp functionality for pallet-confidential-assets (adds verify functions ie mint/burn)
• more tests between verifier and prover in std environment for added verify_{mint, burn, etc}
• minimal runtime, node config
• runtime tests for prover+verifier
• node tests for prover+verifier
• update AUDIT.md and docs to reflect latest organization
• request audit with instructions pointing to AUDIT.md and the README.md

Next Steps

• set up separate repo with CI, permissions, etc
• split this PR into separate repo
• send link for new repo to sub0 organizers that requested it

Demo

• demo/test confidential XCM
• write pallet-confidential-xcm-bridge to streamline user flow for Sub0

Precompiles

Frontier

• frontier-precompile-confidential-assets
• impl callback OnConfidentialTransferReceived for Frontier precompile without introducing reentrancy attack vector (see moonbeam randomness precompile for a frontier example)
• evm-template: configure frontier-precompile-confidential-assets
• evm-template: test frontier-precompile-confidential-assets

PolkaVM

• polkavm-precompile-confidential-assets
• impl callback OnConfidentialTransferReceived for PolkaVM precompile without introducing reentrancy attack vector (TODO find PolkaVM example of reentrancy attack vector mitigation)

[netlify]

✅ Deploy Preview for docs-oz-polkadot canceled.

Name	Link
🔨 Latest commit	24beb96
🔍 Latest deploy log	https://app.netlify.com/projects/docs-oz-polkadot/deploys/68fd59662f2c8100081f77ca

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.03%. Comparing base (a529094) to head (24beb96).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #422   +/-   ##
=======================================
  Coverage   79.03%   79.03%           
=======================================
  Files          19       19           
  Lines        2475     2475           
  Branches     2475     2475           
=======================================
  Hits         1956     1956           
  Misses        420      420           
  Partials       99       99           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.