A private blockchain solution with access control features that leverage the ZKsync Elastic Chain ecosystem's development tools and interoperability.
High-level architecture design for a “Double-Zero” implementation using a Validium
Chain with access control features and scoped data access.
Note
By combining Zero-Knowledge with Zero-Access, it offers a unique value proposition for organizations seeking to maintain privacy and access management while harnessing the benefits of EVM-compatible technologies.
Organizations face a recurring challenge: balancing the need for secure, controlled systems with the advantages of public blockchain integration.
- Private and Controlled Systems: Banks, exchanges and brokers among others require controlled environments for sensitive operations, ensuring compliance with regulations and safeguarding competitive assets.
- Open Ecosystems: Public networks like Ethereum and ZKsync provide rich development tools, liquidity, and access to decentralized applications. However, their transparency often conflicts with privacy requirements.
Caution
This trade-off creates a barrier for organizations that need a hybrid solution combining the benefits of both private and controlled systems in the public blockchain ecosystem.
Double Zero empowers organizations to operate within private blockchain environments while seamlessly connecting to public networks. This is achieved through:
- Validium Chains: Ensures confidentiality by keeping sensitive data off-chain while leveraging zero-knowledge proofs for verification.
- Authorization Layers: Implements granular control over user and transaction permissions.
- Turnkey Deployment: Simplifies setup with ZK Stack technology, enabling fast integration and customizations.
With this approach, organizations maintain control over their data and processes while accessing Ethereum-compatible tools and decentralized applications.
- Problem: Ensuring compliance with KYC regulations for accessing blockchain-based services.
- Solution: Implement Zero-Access principles to restrict blockchain interactions to KYC-verified users.
- Example: A bank allows only verified clients to perform transactions, blocking access for non-clients.
- Problem: Preventing users from interacting with unapproved assets, such as those restricted due to regional compliance.
- Solution: Use YAML-configured permissions to limit access to specific tokens or contract methods.
- Example: An exchange enables trading only for whitelisted tokens based on the user's region or group, ensuring regulatory compliance.
- Problem: Avoiding data breaches by restricting access to other users' balances or transaction histories.
- Solution: Deploy a private block explorer to allow users to view only their own account data.
- Example: A broker ensures clients can securely access their balances and transaction details without exposing other users' trade information.
Double Zero consists of three main components. Below, we'll cover the rationale behind these choices and their implications:
Validium provides the ideal foundation for Double Zero by addressing key enterprise needs: security, scalability, and interoperability. Here's why it stands out:
- Transaction data remains off-chain, ensuring confidentiality and protecting sensitive information.
- Only cryptographic commitments (state roots and proofs) are stored on-chain, validating transactions without exposing details.
- This architecture prevents transaction history reconstruction from on-chain data, further safeguarding privacy.
- Processes thousands of transactions per second, far exceeding Layer 1 and many Layer 2 solutions.
- Off-chain data storage reduces computational and storage demands on Ethereum, enabling:
- Faster processing.
- Lower gas fees.
- Designed for enterprise-grade applications requiring high throughput and cost efficiency.
- Organizations can operate their own sequencers and provers, maintaining full control over:
- Transaction ordering.
- Proof generation.
- Customizable consensus and security models adapt to specific operational needs, reducing reliance on external parties.
- Flexible configurations allow organizations to optimize performance:
- Adjustable block times.
- Tailored gas limits and fee structures.
- Specialized operational rules.
- Seamlessly integrates with Ethereum and the ZKsync ecosystem.
- Bridges assets between private Validium chains and public networks, leveraging Ethereum's liquidity and rich dApp ecosystem.
- Developers can utilize familiar tools, accelerating adoption and reducing the learning curve.
By combining off-chain privacy, high transaction throughput, and seamless integration with public networks, Validium chain configuration empowers organizations to deploy secure, scalable, and interoperable blockchain solutions tailored to their unique requirements.
Tip
For more information on Validium configurations please visit: ZK Stack Validium Chain docs.
The proxy layer enhances security, streamlines access control, and improves usability when interacting with the Validium RPC interface. Designed with simplicity and versatility in mind, the proxy is configurable via a user-friendly YAML file, catering to both technical and non-technical audiences.
- Enforcing Zero-Access Principles: Acts as a gatekeeper, ensuring only authenticated and authorized users can interact with the Validium chain, in line with Double Zero's access control philosophy.
- Enhanced Security: Protects the Validium RPC interface by filtering and validating all incoming requests. This minimizes exposure to potential security risks, such as unauthorized access or malicious actions.
- Streamlined Authentication and Authorization: Integrates robust mechanisms to verify user identities and permissions before granting access, ensuring strict adherence to organizational policies.
Double Zero is a flexible framework, allowing permission management to be tailored to specific organizational needs. The example implementation below showcases one approach, but it can be easily modified to accommodate unique workflows or compliance requirements.
Permissions are defined in a YAML file to simplify configuration and enhance accessibility, especially for web2-oriented teams:
- Groups: Logical collections of users or addresses sharing the same permissions.
- Permissions: Specific contracts or methods that a group is allowed to access.
This flexibility ensures Double Zero can adapt to various industries and use cases, from financial institutions to decentralized platforms.
You can explore an example configuration file in example-permissions.yaml, demonstrating how groups and permissions can be structured in practice.
Double Zero Block Explorer is a customized version of the ZKsync Era Block Explorer that introduces a layer of privacy and access control. This tailored block explorer provides a secure, user-specific view of the blockchain.
By implementing user authentication and permission-based data restrictions, it ensures that users can access blockchain data according to their assigned permissions.
Tip
For more details on this implementation, please refer to the README-blockExplorer file.
Double Zero uniquely combines privacy, scalability, and integration:
- Confidentiality: Keeps sensitive data secure through advanced off-chain storage.
- Integration: Bridges to public chains like Ethereum, providing access to liquidity, decentralized applications and tools.
- Efficiency: High throughput and reduced costs for enterprise-grade applications.
- Ease of Adoption: Intuitive deployment and familiar tools lower technical barriers.
By leveraging Validium technology, zero-knowledge proofs, and tailored access control, Double Zero enables organizations to harness blockchain innovation without compromising control or security.