MGP: Privacy Pools - v0.1
Past MolochDAO Privacy Grants


  • $45K (40 ETH; +15% volatility buffer) for shipping a demo of permissioned privacy pools v0.1
  • includes circuit code, smart contracts, JS libraries/scripts, and a demo UI
  • target deployment to testnet + optimism, eta before EOY 2023
  • ameen.eth to help transfer funds → 0x297BF847Dcb01f3e870515628b36EAbad491e5E8


Vitalik explained on a recent podcast that it is possible to create a privacy pool where withdrawing users can optionally provide a ZK proof-of-exclusion that their deposit was not part of some subset of deposits. So as a user, if there are bad deposits that have been made from other bad addresses that I would prefer not to share an anonymity set with, I can opt to provide a ZK-proof along with my withdrawal that shows that my depositing address was not among those bad addresses. This is helpful because it allows users to share a ZK-circuit and smart contracts, without being forced to share an anonymity set.

To demonstrate the feasibility of this approach, we aim to ship an experimental research version on a production EVM (probably Optimism).

For further discussion, please see our eth research forum post


Circuit Code Walkthrough (1.5h)
  • ameen learns how zkp circuit programming works in this guided tour of the repo

Lead Dev


  • finish tests in privacy pools repo
  • make basic JS libs for zkp
  • refactor privacy pools to use new JS lib
  • design & dev on UI
  • write docs
  • testnet deployment
  • L2 deployment


  • circuits
  • withdraw_from_subset.circom → main withdrawal merkle proof circuit
  • verifier_templates
  • withdraw_from_subset_verifier_template.sol → generates solidity verifier contract
  • contracts
  • verifiers
  • ProofLib.sol → updated solidity base proofilb
  • MerkleTree.sol → rewritten merkle tree, uses poseiden hash
  • PrivacyPool.sol → deposit & withdraw