How to create an on-chain poker game using zkSNARK?
On public blockchains, due to the openness and transparency of on-chain data, it is difficult to construct games with incomplete information. However, through zero-knowledge proof technology, players can publicly submit verifiable valid actions while maintaining their privacy.Author: Mandalorian, Manta Network Protocol
In the past year, more and more people have realized the power of ZK (Zero-Knowledge Proof) as a cryptographic tool, and we have also seen the rise of many zero-knowledge proof applications, such as privacy social networks, privacy voting, privacy DAOs, and so on. In fact, the applications of zero-knowledge proofs are very broad, and any application with on-chain privacy needs may utilize zero-knowledge proofs.
During the recently concluded ETHSanFrancisco 2022 ETHGlobal hackathon, the Manta Network cryptographic development team created a poker game based on zkSNARK in just 36 hours and won awards in four competition categories hosted by ApeCoin, ENS, SKALE, and Optimism.
The well-known Dark Forest is a real-time strategy (imperfect information) game based on zkSNARK. An imperfect information game is one where players do not have access to all states of the game; for example, in poker, the cards in a player's hand are private information, and the process of drawing cards is also completely private. The interesting aspect of imperfect information is that it can give rise to a series of complex game strategies.
On public blockchains, due to the transparency of on-chain data, it is difficult to construct imperfect information games. However, through zero-knowledge proof technology, players can publicly submit verifiable valid actions while maintaining their privacy.
In this hackathon, Manta Network built an on-chain poker shuffling and dealing system based on zkSNARK. This system mainly addresses two issues in on-chain poker games: how to shuffle fairly and how to deal cards discreetly among players (otherwise, the game may not proceed due to MEV issues).
Essentially, on-chain poker based on zero-knowledge proofs decentralizes the dealing entity, preventing the dealer from controlling the game by manipulating the card distribution.
When playing poker in a centralized Web2 client, you might encounter situations where a highly unlikely card is dealt to you, while the cards you are likely to receive do not appear.
The goal is to manipulate the game through card dealing, allowing your opponent to win against you online when their chances of winning offline are very low.
This is why we need decentralized poker.
The ZKShuffle system has three functions:
ZKShuffle.setup: Each player generates a key pair and combines everyone's corresponding public keys to create an aggregated public key.
ZKShuffle.shuffleencrypt: During the shuffling process, each player must sequentially call shuffleencrypt.
To ensure that encryption and decryption can occur in any order, we use a homomorphic encryption scheme. For example, in this game, if there are three players, after one round of encryption, each card will have three encryption locks: Card{Alice, Bob, Charlie}.
ZKShuffle.decrypt: If a card needs to be dealt to a specific player, each player must call the decryption function. For instance, if the game logic requires dealing cards to Charlie, the correct sequence should be: Alice receives the encrypted card Card{Alice, Bob, Charlie}, decrypts it using her key, and then submits the decrypted card Card{Bob, Charlie} on-chain, along with a zero-knowledge proof to verify the validity of the decryption.
After Bob receives the partially decrypted card Card{Bob, Charlie} submitted by Alice on-chain, he decrypts it using his key and submits the card Card{Charlie} along with a zero-knowledge proof verifying the validity of the decryption. Finally, Charlie receives Card{Charlie} and can view his card by decrypting it with his own key.
The Manta Network cryptographic development team built a poker demo using ZKShuffle, which is a decentralized application based on Solidity, React, and Ether.js. In this demo, whenever a new game round starts, all players must go through a setup round to ensure that the deck of cards on-chain is fairly shuffled. Then, each player must go through a decryption round to receive two cards. With this, players can play poker on an EVM blockchain.
Manta has currently deployed this DApp on Optimism Goerli, Ethereum Goerli, and Skale blockchains.
Implementation Principle
The entire project consists of three parts:
ZK circuit;
Smart contracts for verifying decryption and shuffling, including the ZKShuffle contract and game logic contract. The DApp frontend is built using React and Ether.js along with the Circomlib JS library;
Circomlib cryptographic JS library.
In the Circom implementation, the ElGamal encryption scheme is used, along with existing Circom libraries such as poseidon hashes.
The encryption circuit has 87,308 R1CS constraints, with a proof generation time of 4.5 seconds in the DApp. The decryption circuit has 1,522 R1CS constraints, with a proof generation time of 0.1 seconds in the DApp. SnarkJs is used to generate zero-knowledge proofs in the DApp.
The smart contract consists of two parts: the ZKShuffle framework contract and the poker game logic contract. The ZKShuffle contract encapsulates the ZKP verification logic and the two circuits. The logic contract deploys a state machine that obtains the current stage of the game and the order of which player’s turn it is from the RPC node.
The DApp is implemented using the React framework and Ether.js, displaying the poker table and animations of each player's actions. When a player needs to take an action, they simply click the button in the UI and use Metamask to sign the transaction.
About Manta Network
Manta Network is dedicated to building a better Web3 world through privacy protection. Manta's product design starts from first principles, providing end-to-end privacy protection for blockchain users through leading cryptographic architectures such as zkSNARK. While ensuring privacy, Manta also offers interoperability, convenience, high performance, and auditability, allowing users to conduct private transfers and transactions between any parallel chain assets. Manta's vision is to provide more convenient privacy protection services for the entire blockchain world.
The founding team of Manta consists of several senior cryptocurrency professionals, professors, and scholars, with experience from Harvard University, MIT, and Algorand. Manta's investors include Polychain, ParaFi, Binance Labs, Multicoin, CoinFund, Alameda, DeFiance, and Hypersphere, among others. Manta is also a recipient of funding from the official Web3 Foundation of Polkadot, a member of the Substrate Builder Program, and a member of the Berkeley Blockchain Accelerator.
