When was the last time you thought about the Roman Empire?
SPQR is a proof-of-concept of privacy payments on Starknet, utilizing STARKs and native account abstraction for integrity and confidentiality.
SPQR is implemented as a single Starknet contract that interacts with the following contacts:
- ERC20 token (or multiple tokens) that is to be shielded (in this repo we use STRK)
- Integrity fact registry, for abstracting STARK proof verification
It is envisioned to use fee subsidization to break the link between Starknet accounts and crypto notes, however the current PoC does not implement this logic.
- Read more about SPQR contract
- Check Sepolia deployment
UTXO model is used for shielded accounts. Shielded transactions are created and stored on the client and not broadcasted to keep the information about the sender, receiver, and amount private. A proof of validity is generated (also on the client) and submitted onchain to prevent double spending. The smart contract only stores the hashes of crypto notes (UTXOs) and relies on proofs to enforce integrity.
- Read more about SPQR program
- Check out registered facts
cairo1-runrunner copies all inputs to the output segment which leads to the privacy leak. This is a known issue, which is resolved with the new version ofcairo-executorthat is able to produce execution trace (for proving).- Proofs that are generated with Stone leak some bits of the trace because polynomial randomization is not implemented. Read more in starkware-libs/stone-prover#8 (comment) also https://eprint.iacr.org/2024/1037
- Nullifiers are not used (for simplicity) and hence some information about spent notes is leaked.
- Transaction fees are not subsidized (but it is envisioned) so submitting a proof/private transfer might leak a connection between a Starknet account and a particular note.
- Transactions are not encrypted (but they are note stored onchain either).