ZkBob

Unlike general-purpose privacy mixers, ZkBob is designed specifically for stablecoins and compliant assets. This focus allows for optimized performance and built-in compliance features. Key design choices include:

• Pooled Accounts: Users deposit into a shared pool, obscuring individual transaction links.
• Fixed Denominations: Transactions use set amounts (e.g., 1, 10, 100 BOB) to enhance anonymity sets.
• EVM Compatibility: Built to operate seamlessly on Ethereum and other EVM chains like Polygon and Optimism.

The protocol supports two primary user actions that interact with the public ledger. A Direct Deposit allows any user to send funds from a public wallet address into the private ZkBob pool, creating a private note. A Withdrawal lets a user transfer funds from their private balance back to a public address. Both actions generate zero-knowledge proofs to validate the transaction's correctness without leaking private data on-chain.

The core privacy operation is a shielded transfer between users within the ZkBob pool. These transfers are completely private and do not appear on the public blockchain. Users spend their private notes to create new notes for recipients, with the entire process validated by a zk-SNARK. This enables fast, low-cost private payments where only the participants have visibility into the transaction details.

ZkBob incorporates mechanisms for regulatory compliance, distinguishing it from fully anonymous systems. Features include:

• Access Lists: Pool administrators can restrict usage based on jurisdiction or user verification.
• Transaction Limits: Caps on deposit and withdrawal amounts to mitigate illicit finance risks.
• Optional Transparency: In specific, governed circumstances, a viewing key can be provided to authorized parties to audit transaction histories.

The protocol uses the BOB stablecoin (pegged 1:1 to USD) as its primary private asset. To abstract gas fees for users, ZkBob employs a decentralized relayer network. Relayers submit user transactions to the blockchain and pay the gas fees, receiving a small fee in BOB for their service. This improves user experience by allowing private transactions without requiring the user to hold the native chain token (e.g., ETH, MATIC).

ZkBob incorporates compliance mechanisms to align with regulatory frameworks. This includes:

• Deposit limits: Caps on the amount that can be deposited into the pool per address or per transaction.
• Withdrawal limits: Controls on the frequency and size of private withdrawals.
• Address screening: Optional integration with services to screen shielded addresses against sanctions lists, allowing compliant privacy.

Users interact with the pool through z-addresses, which are stealth addresses not directly linked to their public Ethereum address. When funds are deposited, the user's balance is represented as a private note (a cryptographic commitment) stored locally. The protocol's state is represented by a Merkle tree of all unspent notes, allowing users to prove ownership of a note without revealing which one it is.

Unlike general-purpose privacy networks, ZkBob is an application-layer protocol typically deployed for specific stablecoins or assets. This design allows for:

• Optimized circuit design for efficiency.
• Custom compliance features per asset pool.
• A simpler user experience focused on private transfers and payments, rather than arbitrary smart contract interactions.

ZkBob is built on the zk-SNARK-based BOB (Balance Obfuscation) protocol. It uses a pooled account model (or shielded pool) where user funds are deposited into a smart contract. Users prove ownership and transaction validity via zero-knowledge proofs without revealing their balance or counterparty.

• Selective Disclosure: Users can generate viewing keys to share transaction history with trusted parties for compliance.
• Fixed Denominations: Transfers use pre-defined note values (e.g., 1, 10, 100 BOB) to simplify proof generation and enhance privacy.

ZkBob operates as an application-specific layer deployed on multiple EVM chains. The core privacy logic is consistent, but each deployment is a separate pool with its own liquidity. This is enabled by:

• Chain-Specific Pools: Each supported network hosts its own instance of the ZkBob pool contract.
• Native Bridging: A canonical bridge allows users to transfer shielded BOB tokens between supported chains while maintaining privacy, moving from a private state on one chain to a private state on another.

ZkBob is deployed on several major EVM-compatible networks, allowing users to access privacy features where they transact.

• Polygon (Main Hub): The primary and most liquid deployment.
• Optimism: Layer 2 scaling solution for Ethereum.
• Gnosis Chain: EVM chain focused on sustainability and real-world assets.
• zkSync Era: ZK-Rollup on Ethereum.
• Arbitrum: Leading Ethereum Layer 2 Optimistic Rollup.

Support for additional chains is added based on community governance.

The BOB token is a stable-value token pegged to USD, used as the primary asset within ZkBob pools. This design provides amount privacy without price volatility.

• Minting/Redemption: Users deposit stablecoins (like USDC) to mint BOB tokens into the pool, and redeem BOB for the underlying asset.
• Pool Reserves: Each chain's pool holds reserves of the underlying stablecoin to back all minted BOB, ensuring redeemability.
• Transaction Unit: All private transfers are denominated in BOB, shielding the stablecoin equivalent value.

ZkBob incorporates mechanisms to satisfy regulatory concerns while preserving user privacy through cryptographic proofs.

• Viewing Keys: Users can generate a key to decrypt and share their transaction history with auditors or authorities.
• Compliance Assurer: A designated role that can freeze specific pool notes (funds) based on a cryptographic proof of illicit activity, without knowing other users' funds.
• Deposit Limits: Configurable limits on deposit amounts per transaction and time period to mitigate large-scale abuse.

A fundamental operation is shielding (depositing public funds into the private pool) and unshielding (withdrawing private funds to a public address). This two-way bridge allows users to move assets between transparent DeFi ecosystems and ZkBob's privacy pool. The process maintains a constant pool balance, ensuring the total value locked is always verifiable even as individual holdings remain confidential.

ZkBob supports confidential transfers across multiple EVM chains (e.g., Polygon, Optimism, Gnosis Chain) via its interoperability layer. Users can deposit on one network and withdraw on another while preserving privacy. This is facilitated by a messaging system that relays withdrawal requests between chains, allowing the privacy state to be maintained across different ecosystems without exposing the user's path.

Decentralized Autonomous Organizations (DAOs) use ZkBob for opaque treasury operations. It allows DAOs to make grants, pay for services, or manage internal finances without revealing strategic spending patterns or beneficiary details to the public. This prevents front-running of initiatives and protects the privacy of contributors, while still allowing for internal accountability through the selective compliance tools.

ZkBob operates as an application-specific rollup (or appchain). Unlike general-purpose L2s, it is optimized for a single application: private transfers. It batches many transactions off-chain, generates a single ZK proof of their correctness, and posts this proof to a base layer (like Polygon or Optimism) for final settlement. This design provides scalability and low fees while maintaining strong privacy guarantees.

A decentralized network of relayers that submits user transactions to the ZkBob L2. Users sign transactions offline and send them to a relayer, which pays the gas fee on their behalf and submits the batch to the chain. This:

• Preserves privacy by separating transaction origin from settlement.
• Improves UX by allowing users to transact without holding gas tokens on the destination chain.
• Operates in a permissionless, trust-minimized manner.

ZkBob uses Boneh–Lynn–Shacham (BLS) signatures for user identity. A user's spending key generates a BLS public key, which is hashed to create a commitment stored in the pool. BLS signatures enable efficient signature aggregation, allowing the protocol to verify many user authorizations in a single, compact proof, which is critical for the scalability of the privacy pool.

While providing strong default privacy, ZkBob incorporates compliance tools. Key features include:

• Viewing Keys: Users can share a key to allow auditors (or themselves) to view their transaction history.
• Compliance Assets: Issuers can deploy tokens with enhanced regulatory features.
• Direct Deposits: A transparent, non-private deposit method for initial onboarding. This balances privacy with necessary accountability.