Tahm-Kench is a Sealed-Bid Auction platform built using SP1 zkVM and Aligned. The project aims to facilitate secure and private auctions by leveraging zero-knowledge proofs (ZKPs) to determine the highest bidder without revealing individual bid amounts. This ensures both privacy and fairness in the bidding process.
Additionally, Tahm-Kench serves as a reference model for developers interested in building decentralized applications (dApps) using Aligned and ZKPs.
- Team Members: Part of SotaZK Labs, a team dedicated to pioneering zero-knowledge solutions that enhance security and privacy in the decentralized world.
- Number of Members: 7
- Contact Information:
- Name: Steve Nguyen
- Email: zk.steve.nguyen@gmail.com
- Telegram: @zk_steve
- Prior Work/Research:
- ZKP Documentation: A repository exploring ZKP technologies such as KZG, GKR, FRI, Plonk, DARK, Groth16, lattice-based commitment schemes, sum-check protocols, Nova, EIP-4844, and more.
- ZKP Implementation: Implementations of ZKP protocols, including KZG, FRI, and Plonk.
- Apstark: A Layer-2 ZK rollup blockchain built on the Aptos network using the Starknet tech stack.
Bidders submit encrypted bids to a smart contract, which only the auction owner can decrypt using their secret key. At the conclusion of the auction, the owner publishes the winner. ZKPs ensure the auction owner processes all bids and selects the highest one without revealing their private key or any bid details.
Key components of the project include:
- Proving Service: Powered by SP1, this service generates a zero-knowledge proof from the execution trace of a program that decrypts bids and computes the winner, ensuring the confidentiality of bid amounts and the owner's private key.
- Smart Contract: Manages the auction lifecycle (setup, bidding, and settlement) and verifies the ZK proof.
- Smart Contract: Solidity
- Circuit: Rust, SP1
- Encryption Scheme: secp256k1, AES-256-GCM, HKDF-SHA256
- Verifier: Aligned Layer
Watch our workflow demo video here.
Tahm-Kench's core logic operates on-chain, while off-chain processes handle winner calculation and proof generation. The auction process has four main phases:
- Initial Setup: The auction owner creates the auction, sets a deposit amount, transfers assets to the smart contract, and defines the start and end times.
- Bidding Phase: Bidders submit encrypted bids and deposit the required amount.
- Opening Phase: After the bidding window closes, the auction owner calculates the winner and generates the corresponding ZKP.
- Verification Phase: The winner and proof are submitted to the smart contract for verification, concluding the auction.
- Initial Setup:
- Bidding Phase:
- Opening Phase:
- Verification Phase:
We initially used the ecies crate to encrypt and decrypt bids. However, proving time and proof size were problematic: 6 minutes to generate a proof for 2 bids, resulting in a 21MB proof size on a system with 64GB RAM and an i5-13500 CPU. This large proof size was incompatible with the Aligned layer, requiring compression and thus further increasing proving time.
To improve performance, we rebuilt the encryption scheme using SP1's patched secp256k1 crate. This reduced proving time to **1 minute
** and proof size to 1.5MB. However, verification on SP1 failed due to the error
Core(Invalid shard proof: Out-of-domain evaluation mismatch on chip CPU). The code is available in
the feat/ecies branch.
We compared performance of the original and patched secp256k1 crates on a Core i5-13500 CPU with 64GB RAM.
Uses sp1-sdk v1.0.1, compatible with Aligned verification.
| Number of Bidders: 10 | Compressed Mode | Uncompressed Mode |
|---|---|---|
| Proof Generation Time | >30 mins | ~15 mins |
| Proof Size | 15MB | 50MB |
Uses sp1-sdk v3.0.0, optimized for off-chain proof verification but incompatible with Aligned verification. Code available here.
| Number of Bidders: 10 | Compressed Mode | Uncompressed Mode |
|---|---|---|
| Proof Generation Time | 7 mins | 2.5 mins |
| Proof Size | 1.2MB | 16MB |
Future developments include optimizing performance of the prover, introducing auction types like Unique Lowest Bid Auctions and * Dutch Auctions*, and exploring partnerships with other dApps, such as DeFi platforms, for automated asset management based on auction results.
- Create a Local Keystore
First, create a local keystore using the cast tool. If you already have one, you can skip this step.
cast wallet import --private-key <YOUR_PRIVATE_KEY> <WALLET_NAME>
# Example: cast wallet import --private-key 0x... wallet- Clone the Repository
Clone our repository and navigate to the project directory:
git clone https://github.com/sota-zk-labs/tahm-kench
cd tahm-kench- Run Commands as the Owner (if applicable)
If you are the owner, execute the following commands:
# Deposit $AMOUNT ETH to Aligned layer to verify the proof
make deposit-to-aligned KEYSTORE_PATH=<KEYSTORE_PATH> AMOUNT=<AMOUNT>
# Example: make deposit-to-aligned KEYSTORE_PATH=~/.foundry/keystores/wallet AMOUNT=0.001
# Generate a public-private key pair
cd crates/sp1-prover && make gen-keyAfter this, you should find the elf folder, encryption_key and private_encryption_key in the sp1-prover
directory.
- Install the CLI
Finally, install the CLI from our source:
make installTo view all available commands, run:
tahken -hYou can watch our demo video here.