• Stars
    star
    113
  • Rank 310,115 (Top 7 %)
  • Language
    Go
  • License
    MIT License
  • Created almost 2 years ago
  • Updated 6 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This is proof of solvency tool for Centralized exchanges built by Binance. Please raise bugs and security issues to https://bugcrowd.com/binance

zkmerkle-proof-of-solvency

Circuit Design

See the technical blog for more details about background and circuit design

How to run

Run third-party services

This project needs following third party services:

  • mysql: used to store witness, userproof, proof table;
  • redis: provide distributed lock for multi provers;
  • kvrocks: used to store account tree

We can use docker to run these services:

docker run -d --name zkpos-redis -p 6379:6379 redis

docker run -d --name zkpos-mysql -p 3306:3306  -v /server/docker_data/mysql_data:/var/lib/mysql -e MYSQL_USER=zkpos -e MYSQL_PASSWORD=zkpos@123 -e MYSQL_DATABASE=zkpos  -e MYSQL_ROOT_PASSWORD=zkpos@123 mysql

docker run -d --name zkpos-kvrocks -p 6666:6666 -v /server/docker_data/kvrocksdata:/var/lib/kvrocks apache/kvrocks

where /server/docker_data/ is directory in the host machine which is used to persist mysql and kvrocks docker data.

Generate zk keys

The keygen service is for generating zk related keys which are used to generate and verify zk proof. The BatchCreateUserOpsCounts constant variable in utils package represent how many users can be created in one batch. The larger the BatchCreateUserOpsCounts is, the longer it will take to generate zk-related keys and generate zk proof.

We choose 864 as the BatchCreateUserOpsCounts variable. It will take about 6 hours to generate zk-related keys, and 105 seconds to generate zk proof for one batch in a 128GB memory and 32 core virtual machine.

Run the following commands to start keygen service:

// make sure the BatchCreateUserOpsCounts in utils/constants.go is expected

cd src/keygen; go run main.go

After keygen service finishes running, there will be several key files generated in the current directory, like the following:

Total 26G
-rw-rw-r-- 1 ec2-user ec2-user  69M 12月 26 07:49 zkpor864.ccs.ct.save
-rw-rw-r-- 1 ec2-user ec2-user  16G 12月 26 07:51 zkpor864.ccs.save
-rw-rw-r-- 1 ec2-user ec2-user 1.8G 12月 26 07:51 zkpor864.pk.A.save
-rw-rw-r-- 1 ec2-user ec2-user 1.6G 12月 26 07:51 zkpor864.pk.B1.save
-rw-rw-r-- 1 ec2-user ec2-user 3.2G 12月 26 07:51 zkpor864.pk.B2.save
-rw-rw-r-- 1 ec2-user ec2-user  59M 12月 26 07:51 zkpor864.pk.E.save
-rw-rw-r-- 1 ec2-user ec2-user 1.9G 12月 26 07:52 zkpor864.pk.K.save
-rw-rw-r-- 1 ec2-user ec2-user  708 12月 26 07:52 zkpor864.vk.save
-rw-rw-r-- 1 ec2-user ec2-user 2.1G 12月 26 07:52 zkpor864.pk.Z.save

Generate witness

The witness service is used to generate witness for prover service.

witness/config/config.json is the config file witness service use. The sample file is as follows:

{
  "MysqlDataSource" : "zkpos:zkpos@123@tcp(127.0.0.1:3306)/zkpos?parseTime=true",
  "UserDataFile": "/server/data/20230118",
  "DbSuffix": "0",
  "TreeDB": {
    "Driver": "redis",
    "Option": {
      "Addr": "127.0.0.1:6666"
    }
  }
}

Where

  • MysqlDataSource: this is the mysql config;
  • UserDataFile: the directory which contains all users balance sheet files;
  • DbSuffix: this suffix will be appended to the ending of table name, such as proof0, witness0 table;
  • TreeDB:
    • Driver: redis means account tree use kvrocks as its storage engine;
    • Option:
      • Addr: kvrocks service listen address

Run the following command to start witness service:

cd witness; go run main.go

The witness service supports recovery from unexpected crash. After witness service finish running, we can see witness from witness table.

The performance: about 850 users witness generation per second in a 128GB memory and 32 core virtual machine.

Generate zk proof

The prover service is used to generate zk proof and supports running in parallel. It reads witness from witness table generated by witness service.

prover/config/config.json is the config file prover service uses. The sample file is as follows:

{
  "MysqlDataSource" : "zkpos:zkpos@123@tcp(127.0.0.1:3306)/zkpos?parseTime=true",
  "DbSuffix": "0",
  "Redis": {
    "Host": "127.0.0.1:6379",
    "Type": "node"
  },
  "ZkKeyName": "/server/zkmerkle-proof-of-solvency/src/keygen/zkpor864"
}

Where

  • MysqlDataSource: this is the mysql config;
  • DbSuffix: this suffix will be appended to the ending of table name, such as proof0, witness0 table;
  • Redis:
    • Host: redis service listen addr;
    • Type: only support node type
  • ZkKeyName: the key name generated by keygen service

Run the following command to start prover service:

cd prover; go run main.go

To run prover service in parallel, just repeat executing above commands.

Note: After all prover service finishes running, We should use go run main.go -rerun command to regenerate proof for unfinished batch

After the whole prover service finished, we can see batch zk proof in proof table.

Generate user proof

The userproof service is used to generate and persist user merkle proof. It uses userproof/config/config.json as config file, and the sample config is as follows:

{
  "MysqlDataSource" : "zkpos:zkpos@123@tcp(127.0.0.1:3306)/zkpos?parseTime=true",
  "UserDataFile": "/server/data/20230118",
  "DbSuffix": "0",
  "TreeDB": {
    "Driver": "redis",
    "Option": {
      "Addr": "127.0.0.1:6666"
    }
  }
}

Where

  • MysqlDataSource: this is the mysql config;
  • UserDataFile: the directory which contains all users balance sheet files;
  • DbSuffix: this suffix will be appended to the ending of table name, such as proof0, witness0 table;
  • TreeDB:
    • Driver: redis means account tree use kvrocks as its storage engine;
    • Option:
      • Addr: kvrocks service listen address

Run the following command to run userproof service:

cd userproof; go run main.go

After userproof service finishes running, we can see every user proof from userproof table.

The performance: about 10k users proof generation per second in a 128GB memory and 32 core virtual machine.

Verifier

The verifier service is used to verify batch proof and single user proof.

Verify batch proof

The service use config.json as its config file, and the sample config is as follows:

{
  "ProofTable": "config/proof.csv",
  "ZkKeyName": "config/zkpor864",
  "CexAssetsInfo": [{"TotalEquity":219971568487,"TotalDebt":9789219,"BasePrice":24620000000},{"TotalEquity":8664493444,"TotalDebt":122580,"BasePrice":1682628000000},{"TotalEquity":67463930749983,"TotalDebt":16127314913,"BasePrice":100000000},{"TotalEquity":68358645578,"TotalDebt":130187,"BasePrice":121377000000},{"TotalEquity":590353015932,"TotalDebt":0,"BasePrice":598900000},{"TotalEquity":255845425858,"TotalDebt":13839361,"BasePrice":6541000000},{"TotalEquity":0,"TotalDebt":0,"BasePrice":99991478},{"TotalEquity":267958065914051,"TotalDebt":501899265949,"BasePrice":100000000},{"TotalEquity":124934670143615,"TotalDebt":1422964747,"BasePrice":34500000}]
}

Where

  • ProofTable: this is proof csv file which can be exported by proof table;
  • ZkKeyName: the key name generated by keygen service;
  • CexAssetsInfo: this is published by CEX, it represents CEX's liability;

You can get CexAssetsInfo using dbtool command after witness service run finished. Run the following command to verify batch proof:

cd verifier; go run main.go

Verify user proof

The service use user_config.json as its config file, and the sample config is as follows:

{
  "AccountIndex": 9,
  "AccountIdHash": "0000041cb7323211d0b356c2fe6e79fdaf0c27d74b3bb1a4635942f9ae92145b",
  "Root": "29591ef3a9ed02605edd6ab14f5dd49e7dbe0d03e72a27383f929ef3efb7514f",
  "Assets": [{"Index":7,"Equity":123456000,"Debt":0}],
  "Proof": ["DrPpFsm4/5HntRTf8M3dbgpdrxq3Q8lZkB2ngysW2js=","G1WgD/CvmGApQgmIX0rE0BlSifkw6IfNwY9z2DnRazM=","HZm8N563lDMrx//oMjejlXKLzLrZQRqKZKyXwpDnT+I=","A+wqmnw0NfdgAyEieZRqKlczF48VOROxME36YBwLhmY=","BaLA62VkWlLE/FZTxnvx/lwU7WNfDxgdM2cBw27MAog=","EvkbbZF7Y/W8AxPc+49lmzzFNdyPl1QWRu1ZQB/gmz8=","EJzsNkrzgcB6LIctzoqWAetzLHO57vx00FxIlLKhwqg=","D3kGOz1Xcsi5hGXr02LOSC23L+lCOhq6FlXGiPYcYig=","DSAmcCy6GEl1DlRNpP05e4I9ScMCz/4DtJCKpserVL8=","L16LdkqEmjI/4uVNETm4ScZ5uA/Cho59zjbgN1OgI+k=","CaRuyDB3b3JeZlItZw8Txi7MSP5vyRpco0OtHRuO6RQ=","CkfKeaCV6rLcskjWE91vCAxTPKEymsDtJvc4r8aWytw=","JfAF+uLGIBAJklZrWRPjxmJ3lFHyau9oNL5dOwQ72kQ=","JKQm66yeIFuPJcm5OkTUDyohsL5CWFF+fFpW/NiS2O0=","KXs+zCQELaQRJzQoCnYm+G2lr5eKLqmWd3G0xeSPWgc=","AFL9l/1p5puhKsCtS7WTT/hExtl3hmRfXnTofVY9+3s=","A2lctbb1mGsAgbERpnu4/RKX/OkcU06dhU9l4wS7e8k=","AIB1T+2rEytbSyMLfyp1rNhS0RCmPYwITdjhb/34FVQ=","GQmXAAvuoPUvt4zDrQ9qaAcRV5t8TPFXAIAIuwv0vr0=","J8pP9A0l54qj9UfumcTXn3hVBYEh+iBH03newr296io=","LD/99JpY8ZZupXaoRt6p6wKDmQepQyVMsJ3s5rX+Q9g=","EOqvnEUbpnzF0HeEv0PdB/R3KMbNU15jYqwNaBJ/j7M=","KLZwBqvYBNFPBFVPQQOipuYd9bYdLEme+Y5UiDRV5Z8=","IXgr/ZWOF/rduJvkSjOABCUtj5C1+tXjHJ/AwR+f7MM=","MFzAvInNDNdT4+6kp2YKAUT4+sb8fdrha9BxXnwHR1Q=","DdvOYaMZDO/di7mBvQdEocS2CE8BH2bGmIDuSGBaHa8=","MEa67EULCikf5rusfcsUb/kWUfx7NPpHjzHKEo3imho=","KLRU4kqn5Fd3FtjapW9MTJBgWdMtAGKgt3OVLQNHh14="],
  "TotalEquity": 123456000,
  "TotalDebt": 0
}

Where

  • AccountIndex: account index used to verify;
  • AccountIdHash: account hash id which contains user info
  • Root: account tree root published by cex;
  • Assets: all user assets info;
  • Proof: user merkle proof which uses base64 encoding;
  • TotalEquity: user total equity which is calculated by all the assets equity multipy its corresponding price
  • TotalDebt: user total debt which is calculated by all the assets debt multipy its corresponding price

Run the following command to verify single user proof:

cd verifier; go run main.go -user

dbtool command

Run the following command to remove only kvrocks data:

cd src/dbtool; go run main.go -only_delete_kvrocks

Run the following command to delete kvrocks data and mysql:

cd src/dbtool; go run main.go -delete_all

Run the following command to get cex assets info in json format:

cd src/dbtool; go run main.go -query_cex_assets

Check data correctness

check account tree construct correctness

userproof service provides a command flag -memory_tree which can construct account tree in memory using user balance sheet.

Run the following command:

cd userproof; go run main.go -memory_tree

Compare the account tree root in the output log with the account tree root by witness service, if matches, then the account tree is correctly constructed.

Note: when userproof service runs in the -memory_tree mode, its performance is about 75k per minute, so 3000w accounts will take about ~7 hours

check mysql table consistency

Suppose the number of users is accountsNum, and batchNumber is 864, so the number of rows in witness and proof table is: (accountNum + 864 - 1) / 864. And the number of rows in userproof table equals to accountsNum.

When all services run finished, Check that the number of rows in table is as expected.

More Repositories

1

binance-spot-api-docs

Official Documentation for the Binance Spot APIs and Streams
3,842
star
2

binance-connector-python

Simple connector to Binance Public API
Python
1,848
star
3

binance-public-data

Details on how to get Binance public data
Python
1,430
star
4

binance-api-postman

Postman collection for Binance Public API, including spot, margin, futures, etc.
1,307
star
5

binance-futures-connector-python

Python
762
star
6

binance-connector-node

A simple connector to Binance Public API
JavaScript
543
star
7

binance-connector-java

Java
375
star
8

binance-signature-examples

Examples of generating HMAC and RSA signature for Binance API
Python
238
star
9

binance-connector-dotnet

Lightweight connector for integration with Binance API
C#
204
star
10

binance-websocket-examples

Example code in Nodejs that demonstrate how to subscribe to Binance Websocket server.
JavaScript
151
star
11

binance-connector-go

Go
147
star
12

binance-api-swagger

Swagger for the Binance Public API
HTML
124
star
13

binance-futures-connector-java

Java
116
star
14

binance-spot-connector-rust

Rust
111
star
15

binance-toolbox-python

Some useful scripts that help users to validate
Python
95
star
16

asymmetric-key-generator

This simple tool can be used to generate an RSA PKCS#8 or Ed25519 key pairs.
JavaScript
75
star
17

binance-connector-php

This is a thin library that working as a connector to the Binance public API.
PHP
65
star
18

desktop

Binance desktop application release channel.
55
star
19

ai-trading-prototype

Free open source crypto AI trading bot prototype.
Python
50
star
20

binance-connector-typescript

TypeScript
47
star
21

binance-connector-ruby

a simple connector to Binance Public API
Ruby
34
star
22

websocket-demo

a live demo site for subscribing to websocket server
JavaScript
22
star
23

ai-trading-prototype-backtester

Headline Sentiment Analysis Backtester. Backtests trading strategy from ai-trading-prototype trading bot.
Python
21
star
24

binance-cli

JavaScript
20
star
25

ai-trading-prototype-headlines

News Headlines Fetcher. Outputs headlines intended for use with the ai-trading-prototype sentiment-based trading bot.
Python
17
star
26

binance-pay-signature-examples

Python
14
star
27

binance-pay-connector-python

A lightweight library that works as a connector to Binance pay public API
Python
14
star
28

binance-sbe-rust-sample-app

Rust
12
star
29

binance-pay-postman-collection

Postman collection for Binance Pay API
11
star
30

binance-toolbox-java

Java
10
star
31

binance-futures-connector-node

JavaScript
9
star
32

binance-mp-demo

JavaScript
9
star
33

binance-toolbox-go

Go
8
star
34

binance-toolbox-php

PHP
6
star
35

binance-sbe-java-sample-app

Sample app that decodes Binance "exchangeInfo" endpoint's SBE response to YAML.
Java
5
star
36

binance-sbe-cpp-sample-app

C++
4
star
37

binance-toolbox-ruby

Ruby
2
star
38

binance-toolbox-nodejs

JavaScript
1
star
39

binance-toolbox-typescript

TypeScript
1
star
40

binance-futures-java-toolbox

Java
1
star