Shroud ProtocolShroud Protocol

Documentation

Everything you need to understand and build with Shroud Protocol.

Introduction

Shroud Protocol is a privacy-preserving mixer built on the Casper Network. It allows users to deposit CSPR into a smart contract and withdraw it later to a different address, effectively breaking the on-chain link between the depositor and the recipient.

This is achieved using Zero-Knowledge Proofs (ZK-SNARKs) powered by Groth16 and MiMC hashing, ensuring that the protocol is secure, non-custodial, and trustless.

Usage Guide

1. Deposit (The "Locking" Phase)

Deposit Interface

When you deposit CSPR, the protocol generates a digital "secret note" for you.

  • Secret Generation: Your browser generates two random numbers: a secret and a nullifier.
  • Commitment: These two numbers are hashed together to create a Commitment. Think of this as a sealed envelope containing your secret.
  • On-Chain Transaction: You send the Commitment and funds to the smart contract. The contract adds your commitment to a Merkle Tree but never sees your secret.
  • Persistence: Your commitment is stored on the Casper blockchain and can be recovered by the protocol even if you clear your browser cache.

2. Withdraw (The "Unlocking" Phase)

Withdraw Interface

When you want to withdraw, you use your Secret Key to prove you own one of the deposits without revealing which one.

  • Automatic On-Chain Sync: The protocol automatically fetches all historical commitments from the Casper Explorer API to rebuild the Merkle Tree.
  • Recipient Derivation: You enter a Casper Public Key. The protocol derives the AccountHash to ensure consistency between the ZK proof and the contract transaction.
  • ZK-SNARK Proof: Your browser generates a proof that you know a secret/nullifier pair for a valid commitment in the tree, without revealing your identity.
  • Break the Link: The smart contract verifies the proof and sends the funds to the new address, effectively breaking the on-chain link.

Architecture

Smart Contracts

Written in Rust using the Odra framework. Handles deposits, manages the Merkle Tree state, and verifies ZK proofs to authorize withdrawals.

ZK Circuits

Written in Circom. Defines the constraints for the ZK proof, ensuring that the user knows the secret corresponding to a valid leaf in the Merkle Tree.

Frontend & CLI

Interfaces for users to interact with the protocol. The frontend performs client-side proof generation using snarkjs.

Developer Guide

Prerequisites

  • Node.js v18+
  • Rust v1.70+ (for contracts)
  • Casper Wallet Extension
  • Casper Wallet Extension

Protocol Error Codes

1
InvalidAmount: Deposit amount mismatch.
2
DuplicateCommitment: This deposit has already been processed.
3
AlreadySpent: This secret has already been withdrawn (Double Spend prevented).
4
UnknownRoot: The Merkle Root in your proof is not in the contract's history.
Fix: Clear browser cache and refresh to sync the latest tree.
5
InvalidProof: The ZK-SNARK verification failed.

Installation

git clone https://github.com/yourusername/shroud-protocol.git

cd shroud-protocol

./scripts/install_dependencies.sh

Running Locally

cd frontend

npm install

npm run dev