ZSL on Quorum
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jay B Payne b2860cff85 Added in references to golang and the version required for branch (#9) 4 years ago
contracts ZSL Update (#6) 5 years ago
docs Adding TDD (v1.3pub) 6 years ago
util Import ZSL. 6 years ago
zsl-golang/zsl Import ZSL. 6 years ago
LICENSE Import ZSL. 6 years ago
README.md Added in references to golang and the version required for branch (#9) 4 years ago


ZSL on Quorum


This proof of concept (POC) is intended to demonstrate how ZSL can complement Quorum, and provide a platform for experimentation and exploration of different use cases. It implements a simplified, stripped-down version of the Zerocash protocol to enable rapid prototyping. There is no formal security proof for the protocol, and it should not be considered “production-ready”.


The contents of this repository are licensed under the Apache License 2.0.


This repository contains:

  • Solidity contracts to provide access to ZSL functionality added to Quorum. Currently these have been written with Solidity 0.3.6 to be compatible with Quorum 1.5. In future, they are likely to be updated to Solidity 0.4.0 for Quorum 1.6.
  • Example contracts using ZSL to demonstrate an example use-case of a private trade of two different assets.
  • Zsl-golang library which adds ZSL functionality to Quorum. Currently developed with go version 1.7.3.
  • Utility to create custom parameters for use with ZSL.


Quorum with ZSL provides a JavaScript API accessible under the zsl.* namespace in the Quorum terminal.

  • zsl.getRandomness() returns buffer
  • zsl.getNewAddrses() returns keypair
  • zsl.debugShielding() returns bool
  • zsl.debugUnshielding() returns bool
  • zsl.debugShieldedTransfer() returns bool
  • zsl.loadTracker(filename) returns json
  • zsl.saveTracker(filename, json) returns bool
  • zsl.getCommitment(rho, pk, value) returns hash
  • zsl.getSendNullifier(rho) returns hash
  • zsl.getSpendNullifier(rho, sk) returns hash
  • zsl.createShielding(rho, pk, value) returns proof
  • zsl.createUnshielding(rho, sk, addr, value, treeIndex, authPath) returns proof
  • zsl.createShieldedTransfer(rho1, sk1, value1, treeIndex1, authPath1, rho2, sk2, value2, treeIndex2, authPath2, outrho1, outpk1, outvalue1, outrho2, outpk2, outvalue2) returns proof
  • zsl.verifyShielding(proof, send_nf, commitment, value) returns bool
  • zsl.verifyUnshielding(proof, spend_nf, root, addr, value) returns bool
  • zsl.verifyShieldedTransfer(proof, anchor, spend_nf1, spend_nf2, send_nf1, send_nf2, commitment1, commitment2) returns bool

Zsl-golang library

This library provides a Golang API for Quorum to create and verify shielded transactions. Internally, the library makes use of the C++ libsnark library.


System requirements for building are openssl and boost.

  • Ubuntu: sudo apt get install libboost-all-dev libssl-dev
  • Fedora: sudo dnf install openssl-devel boost-devel

Build using a Makefile:



Testing the library require proving and verification keys, also known as parameters.

Example parameters can be downloaded from zsl-q-params.

Custom parameters can be generated by using the createparams.go tool found in the util folder of the repository.

To create parameters:

go run createparams.go

Copy the parameter files into the current directory, and test the library with:

go test

Using ZSL on Quorum


To use ZSL with 7nodes, one of the Quorum examples, clone the following repositories into a folder, e.g. $HOME/projects/

Setting Up

For running locally, to build quorum the installation of golang is necessary. Branch zsl_geth1.6 requires go version 1.7.X.

Build quorum and copy binaries into a folder in the quorum-examples project:

mkdir ~/projects/quorum-examples/zsl-tmp/
cd ~/projects/quorum
make all
cp build/bin/* ~/projects/quorum-examples/zsl-tmp/

Download the parameters found in the Github Release tab of zsl-q-params and copy into the quorum-examples folder:

cp shielding.pk ~/projects/quorum-examples/
cp shielding.vk ~/projects/quorum-examples/
cp unshielding.pk ~/projects/quorum-examples/
cp unshielding.vk ~/projects/quorum-examples/
cp transfer.pk ~/projects/quorum-examples/
cp transfer.vk ~/projects/quorum-examples/

Next, follow the set of instructions depending on whether you want to run 7nodes inside a VM or locally on your machine.

Running inside VM

Launch the VM.

vagrant up
vagrant ssh

When launching, vagrant/bootstrap.sh will automatically run and copy geth and bootnode from the zsl-tmp folder into the VM path `/usr/local/bin'.

Symbolic links should already exist to the parameters, but if not, create them manually:

cd quorum-examples/7nodes
ln -s /vagrant/shielding.pk shielding.pk
ln -s /vagrant/shielding.vk shielding.vk
ln -s /vagrant/unshielding.pk unshielding.pk
ln -s /vagrant/unshielding.vk unshielding.vk
ln -s /vagrant/transfer.pk transfer.pk
ln -s /vagrant/transfer.vk transfer.vk

Running on local machine

Set up the Constellation Transaction Manager. The prerequisites are listed here and the precompiled binaries can be found here.

When running the example locally and not in a VM, in the folder quorum-examples/examples/7nodes:

  • delete symbolic links: rm *.pk *.vk
  • move the parameters into the folder to replace the deleted symbolic links.
  • ensure the quorum and constellation binaries can be found in your local $PATH i.e. copy the quorum binaries into /usr/local/bin/ or add ~/projects/quorum/build/bin to your $PATH.

Launch 7nodes

In folder quorum-examples/examples/7nodes enter:

geth attach qdata/dd1/geth.ipc

Now that you have the 7nodes example environment running, you can try out some of the examples below.

Troubleshooting Tip: Increase the sleep time in the ./raft-start.sh script if errors stating the transaction manager isn't running appear.

Javascript Functions

Some of the examples use the ZSL API, a set of Javascript functions added to Quorum and available under the zsl.* namespace. You can list them in the Quorum terminal by entering zsl. and pressing the TAB key.

The examples also make use of ztracker.js which is a file containing a collection of helpful functions, some of which are grouped under the zdemo.* namespace.


  • ztracker.shield(ztoken, value)
  • ztracker.unshield(note_uuid)
  • ztracker.list(ztoken, optional filter amount)
  • ztracker.balance(ztoken)
  • ztracker.load(filename)
  • ztracker.save(filename)


  • zdemo.create_ztoken(tokenName, initialSupply)
  • zdemo.get_ztoken(address)
  • zdemo.create_zprivatecontract(tracker, bid_constellation_address, bid_token, bid_amount, ask_constellation_address, ask_token, ask_amount)
  • zdemo_create_zprivatecontract(tracker, bid_constellation_address, bid_token, bid_amount, ask_constellation_address, ask_token, ask_amount)
  • zdemo.get_zprivatecontract(address)
  • zdemo.accept_bid(tracker, zprivatecontract)
  • zdemo.submit_payment: function(tracker, ztoken, zprivatecontract, noteId)
  • zdemo.submit_settlement: function(tracker, ztoken, zprivatecontract, noteId)
  • zdemo.watch_events: function(zprivatecontract)

Example 1 - Shield and unshield z-contract funds

Create the ztoken:

ztoken = zdemo.create_ztoken('ACME', 100000)

Explore the ztoken:


Generate a keypair:

keypair = zsl.getNewAddress()
pk = keypair['a_pk']
sk = keypair['a_sk']

Generate some randomness:

rho = zsl.getRandomness()

How much do we want to shield from our funds?

value = 30000

Generate proof for shielding:

result = zsl.createShielding(rho, pk, value)

proof = result['proof']
cm = result['cm']
send_nf = result['send_nf']

Let’s verify this proof manually (the ztoken will automatically perform this step)

zsl.verifyShielding(proof, send_nf, cm, value)

Let's ask the ztoken contract to add this proof and update balances.

ztoken.shield(proof, send_nf, cm, value, {from:eth.accounts[0], gas:54700000})

Once the transaction has been mined, verify the zcontract has been updated.


Try to add the same proof again, it won't be allowed.

ztoken.shield(proof, send_nf, cm, value, {from:eth.accounts[0], gas:54700000})

Let's create a proof to unshield these funds.

rt = ztoken.root()
witnesses = ztoken.getWitness(cm)
treeIndex = parseInt(witnesses[0])
authPath = witnesses[1]

result = zsl.createUnshielding(rho, sk, eth.accounts[0], value, treeIndex, authPath)

proof = result['proof']
spend_nf = result['spend_nf']

Let's verify this proof manually (the ztoken will automatically perform this step)

zsl.verifyUnshielding(proof, spend_nf, rt, eth.accounts[0], value)

Now ask the ztoken contract to unshield and update balances:

ztoken.unshield(proof, spend_nf, cm, rt, value, {from:eth.accounts[0], gas:54700000})

Once the transaction has been mined, verify the zcontract has been updated.


Try to unshield again, it's not allowed.

ztoken.unshield(proof, spend_nf, cm, rt, value, {from:eth.accounts[0], gas:54700000})

Congratulations, you've just completed your first shielding and unshielding!

Example 2 - Private Contract Trade

Alice and Bob will execute a private trade of two different assets. In this example, Alice will offer 300 USD for 100 ACME.

On both Alice's node and Bob's node:


This will store the address of node account and private constellation address in local variables, as follows:

var alice = "0xed9d02e382b34818e88b88a309c7fe71e65f419d";
var bob = "0xca843569e3427144cead5e4d5999a3d0ccf92b8e";
var alice_constellation = "BULeR8JyUWhiuuCMU/HLA0Q5pzkYT+cHII3ZKBey3Bo=";
var bob_constellation = "QfeDAys9MPDs2XHExtc84jKGHxZg/aj52DTh0vtA3Xc=";

The script zdemo.js will also load ztracker.js to provide helper functions and a lightweight note tracker which acts like a wallet.

On Alice's node, create two z-contracts:

ztoken_usd = zdemo.create_ztoken("USD",100000)
ztoken_acme = zdemo.create_ztoken("ACME",50000)

On Alice's node, create a note tracker:

tracker = new ztracker();

On Alice's node, shield 10000 USD and transfer 5000 ACME to Bob's node.

tracker.shield(ztoken_usd, 10000)
ztoken_acme.transfer(bob, 5000, {from:alice, gas:5470000});

On Alice's node, create a private contract for a trade, 300 USD for 100 ACME.

zprivatecontract = zdemo.create_zprivatecontract(tracker, alice_constellation, ztoken_usd, 300, bob_constellation, ztoken_acme, 100);

On Alice's node, watch for events that update the state of the trade.


On Alice's node, obtain the address of the private contract.

a = zprivatecontract.address

On Bob's node, use this address to reference the private contract.

zprivatecontract = zdemo.get_zprivatecontract(a)

On Bob's node, watch private contract events and reference the z-contracts involved in the trade.

ztoken_usd = zdemo.get_ztoken(zprivatecontract.bidTokenAddress())
ztoken_acme = zdemo.get_ztoken(zprivatecontract.askTokenAddress())

On Bob's node, set up a a note tracker and shield some of the ACME funds received from Alice's node.

tracker = new ztracker()
tracker.shield(ztoken_acme, 1000)
tracker.list(ztoken_acme, 1111)
tracker.list(ztoken_acme, 500)

On Bob's node, accept the bid of 300 USD for 100 ACME.

zdemo.accept_bid(tracker, zprivatecontract)

The trade has now been agreed, so it's time for both nodes to settle the trade.

On Alice's node, select a note to spend by using its identifier (uuid).

uuid = ...

On Alice's node, submit the 300 USD payment to Bob's node.

zdemo.submit_payment(tracker, ztoken_usd, zprivatecontract, uuid)

on Bob's node, settle the trade by sending 100 ACME to Alice's node.

uuid = ...
zdemo.submit_settlement(tracker, ztoken_acme, zprivatecontract, uuid)

The trade should now be settled. Now check balances and unshield funds.

On Bob's node, unshield the USD received.

uuid = ...

on Alice's node, unshield the ACME received.

uuid = ...

Congratulations, you've completed your first private trade!

Example 3 - Tracker Persistence

Continuing example 2 above, on Alice's node, save the tracker to disk.


On Bob's node, create a new tracker from the data on disk.

tmp = new ztracker();

Examine the new tracker to confirm that the data matches that of Alice's node.


The loading and saving of tracker data to disk is for demo purposes only.