[Draft] Verifiable, Secure, and Reliable Oracle Solution with zkTLS by Reclaim Protocol

Integrating zkFetch: A zkTLS-Powered Oracle Solution for Comet

Executive Summary

This proposal introduces zkFetch, a novel oracle solution leveraging zkTLS infrastructure, for integration into Comet. zkFetch aims to enhance Compound’s data integrity and security while offering greater flexibility in data sourcing. Key benefits include cryptographic verification of data, protection of sensitive information, and the potential to expand to other market indicators, ultimately improving Compound’s oracle reliability and adaptability. We propose a phased implementation, starting with key asset price feeds, to demonstrate zkFetch’s capabilities and value to Compound’s ecosystem.

Preamble

  • Type: Oracle Enhancement
  • Title: Integrating zkFetch: A zkTLS-Powered Oracle Solution for Comet
  • Author: Rohit Goswami - DevRel at Reclaim Protocol (by the Questbook Team)

Proposal Introduction

We propose the integration of zkFetch, a zero-knowledge proof-based oracle solution, into Comet. This integration aims to enhance data integrity, security, and flexibility of Compound’s oracle system.

zkFetch Overview

zkFetch is an innovative oracle solution built on the Reclaim Protocol’s open-source zkTLS infrastructure, designed to enhance data reliability without sacrificing security or flexibility:

  1. Universal Data Sourcing: zkFetch can retrieve data from any HTTPS endpoint, expanding potential data sources beyond pre-integrated oracles.
  2. Cryptographic Integrity: Each data fetch generates a zero-knowledge proof, ensuring data hasn’t been tampered with from source to on-chain representation.
  3. Privacy Preservation: Enables use of sensitive data sources without exposing confidential information like API keys.
  4. Developer Friendly: Seamless integration with existing smart contract infrastructure, requiring minimal changes to Compound’s current system.
  5. Decentralization & Security: Our DataDAO allows for decentralized contribution of verified price feeds, enhancing the robustness of the oracle system.

Reclaim Protocol’s zkTLS infra have seen significant adoption since its public launch:

  • 20+ projects integrated in production like zkMe, zkP2P, Showdown, VeridaID, Stormbit and many.
  • Integrated with 30+ chains, including top Layer 1 and Layer 2 Blockchains.
  • Zero major security incidents reported
  • Successful audit by zk Security (report available at: Public report of Reclaim protocol's ChaCha20 circuit - ZKSECURITY)

Comparison with Current Oracle System

  1. Enhanced Data Integrity: zkFetch provides cryptographic proofs for each data point, offering a higher level of verifiability.
  2. Flexible Data Sourcing: Can integrate any HTTPS endpoint, allowing for more diverse data sources.
  3. Privacy Preservation: Zero-knowledge proofs allow for data verification without exposing sensitive information.
  4. Cost-Effective Solution: Flat rate of $100 per oracle per month with predictable pricing, significant savings over usage-based models, no hidden fees for custom data, and scalable as Compound expands into new markets.
  5. Simple Integration: Seamless integration with Compound’s smart contracts, minimal changes with a developer-friendly solution.

Pricing Model

We propose a competitive pricing model of $100 per oracle per month. This flat-rate pricing offers predictability and potential cost savings compared to usage-based models.

Implementation and Next Steps:

  1. Community Engagement: Open discussion to gather feedback and gauge interest.
  2. Testnet Proof of Concept: Deploy 5 zkFetch oracle feeds on testnet for key assets like ETH, BTC, USDC, WBTC, USDT.
  3. Development: Build integration smart contracts.
  4. Auditing: Conduct a third-party security audit and publish results.
  5. Governance and Deployment: Submit proposal for mainnet integration and, if approved, roll out gradually starting with one asset.

This approach ensures thorough evaluation and community involvement at each stage of the zkFetch integration process.

Here’s the user flow diagram to understand the integration of zkFetch:

We defer to the community, Compound labs, and other stakeholders to determine optimal parameters and specifications for deployment.

Security Considerations

While zkFetch significantly enhances data integrity and security, there are considerations:

  1. The proof generation process is initially centralized, with plans for progressive decentralization.
  2. The system relies on the security of the underlying zkTLS infrastructure.
  3. As with any new technology, there may be unforeseen challenges in production environments.

More information about our codebase and security considerations can be found in our GitHub repositories: Reclaim Protocol & zkFetch

Next Steps

  1. Community discussion and feedback on this proposal
  2. Testnet deployment and thorough testing
  3. Security audit of the integration (in addition to existing audits)
  4. Phased mainnet rollout.

We’re eager to engage with the Compound community on this proposal. We welcome your questions, feedback, and insights on how zkFetch can best serve Compound’s needs.

Team

zkFetch is built on top of Reclaim Protocol, which is built by the team at CreatorOS Inc. We are a 35+ member engineering and web3 product development & research team including ZKP researchers and with previous affiliations to Stanford, Microsoft, Meta and Google. We have also built - Questbook.app, an industry leading on-chain grants management tool that is used by some of the major L1/L2s including Polygon, Solana, Compound, Arbitrum, TON, among others. CreatorOS is a YC W21 company.

  • Madhavan Malolan: CEO

    • Building in crypto since 2016.
    • Among first 5 contributors to Plasma (ethereum scaling solution) specifications.
    • Open source contributor.
    • ex-Microsoft, Computer Science IIIT-H.
    • LinkedIn | Github
  • Max Allman: Mechanism Design Researcher

    • PhD from Stanford in Mechanism Design and Game Theory
    • Co-author of the Reclaim Whitepaper
  • Kirill Kutsenok: Cryptography & Security Researcher

  • Adhiraj Singh: Lead Developer

  • Aleksai Ermishkin: Lead Blockchain Developer

Resources

1 Like