zips icon indicating copy to clipboard operation
zips copied to clipboard

Published 20 hours ago verified publisher icon zcash

Potential ZSA requirements to support RenVM

Open nathan-at-least opened this issue 3 years ago • 1 comments

I'm dumping some unrefined notes here from a call on 2021-09-14 with some ECC & RenVM folks about technical requirements for ZSAs to integrate with the RenVM bridge:

  • RenVM:
    • Source assets
    • Output chains
      • EVM compatible + Solana
      • EVM & Solana mean at least two “output chain” instances are already in RenVM.
    • RenVM can generate an ecDSA signature when conditions are met.
  • ZSA-Zcash could be an output chain.
  • Output Chain Requirements:
    • Minting:
      • Receive an authorized “Mint Message”, signed by renVM, bound to: (selector, user-output-chain-address, amount, app-specific-payload, nonce)
        • Signed w/ ecDSA secp256k1
        • Selector identifies source->destination chains.
        • Nonce - to prevent front-running some chains (?)
      • Output chain must issue X of target asset to destination address.
      • Output chain must ensure the same Mint Message may never be honored more than once (no replay). Ren output contracts track this; in Zcash we might be able to integrate into nullifiers.
      • Output chain must verify the ecDSA secp256k1.
      • Output chain must support ecDSA secp256k1 key rotation system where previous keys sign subsequent addresses.
    • Redemption:
      • User sends X renBTC to the Ren redemption contract, which burns them.
        • Output chain emits EVM event, Solana chain emits a log.
        • RenVM queries full node events/logs.
      • Zcash requirements:
        • Redemption operation must include:
          • Amount of asset to be redeemed.
          • Recipient on destination chain (ex: renBTC redemption destination chain is Bitcoin)
          • “Burn Nonce” (a sequence number) that’s unique for a given asset type on the output chain (and increments)
        • We determined for renvm redemption info must be public (since any renVM node must be able to validate the output and anyone can run a renVM node)
  • Cross-chain asset identification:
    • On Ethereum, there are distinct redemption contracts for each asset type (renZEC, renBTC, etc…) and the contract address is used to identify the asset.
    • How is a user-friendly asset name associated with a new asset type when it is created?
  • Multi-asset <-> multi-asset bridging:
    • Future feature (launch in about 1 week): any ERC20 chain or Solana <-> any ERC20 chain or Solana.

nathan-at-least avatar Oct 20 '21 01:10 nathan-at-least