TL;DR: Penumbra is a private blockchain that uses innovative approaches like composable state model, actor model, zero-knowledge proofs, and NFTs for off-chain execution to offer privacy in financial transactions.
In the last couple of years, we have followed Penumbra’s progress in becoming the shielded DEX for the Interchain. In this article, we will go over some of the notes we have gathered after listening to the various interventions from the Penumbra team on the Zero Knowledge Podcast Youtube channel, including Henry de Valence’s participation in our event Privacy in Cosmos: Live in Amsterdam.
Sign up for our quarterly State of ZK report
Penumbra is a private proof of stake L1 built on Tendermint that aims to provide useful functionality on a private ledger. However, the biggest challenge in building a useful private system is not the type of zk cryptography or the proof system used, but the fundamental state model.
In a traditional blockchain, you have a global mutable state, but in a shielded blockchain, you need a state model that’s built on composable state. The solution is to create a new state model that’s composable and that can be used to build useful private systems. The challenge of shielding value flows arises when there is a public, shared state in a blockchain system, and transactions cause value to flow between different parts of the system. The goal is to hide information about individual transactions while still revealing information about the overall state of the system.
Penumbra has proposed an actor model for blockchains as a cleaner and more efficient way to achieve concurrency. This model involves using independent actors that control or are responsible for a particular piece of state. These actors can communicate with each other through message passing, which eliminates the need for explicit data synchronization.
Instead of each transaction acquiring a global lock on the whole state and performing a synchronous function call, a transaction can pass a message to a contract. Each contract can execute once per block on the input of all the messages sent to it in that block. This allows the contract to perform batch processing, sort messages by bid or some other criterion, and execute arbitrary application logic.
To execute the user state asynchronously off-chain, the Penumbra team suggests using zero-knowledge proofs. This solves most of the monopolist extractable value (MEV) problems. However, the user needs to have some way to take their private inputs, send a message to the contract, and wait for the result of the contract execution.
The team proposes using an NFT that records the intermediate state of execution. The user mints this state NFT, which models the future computation, and sends a message to the contract. The user can’t continue executing or preparing the pre-sealed state transition until they receive a message back from the contract. After the user receives a message from the contract, they consume the state NFT and use the message from the contract to mint the private outputs they were supposed to get.
The Penumbra team faces a challenge in building a shielded DEX, which requires a coordination fabric that allows for private interaction with public shared state. This fabric would allow users to interact with a decentralized exchange without revealing their private information or interfering with the shared state.
This requires finding a way to securely verify the validity of state transitions without exposing private information. To address this challenge, there are two fundamental strategies: splitting flows into little chunks or batching flows into bigger chunks. The second strategy involves grouping multiple transactions together in a single proof of correctness, thereby creating a single transaction that moves value between multiple parties. The batch transaction is then verified as a whole, without revealing the individual details of each transaction.
Penumbra’s cross-chain shielded pool allows users to take any asset from any IBC compatible chain and shield that asset, and a private DEX allows people to do on-chain trading in a private way. Trading is a use case where privacy has a concrete, quantifiable near-term financial value that gives people a positive reason to use Penumbra.
Since their emergence, zero knowledge proofs remain an active area of research in the field of cryptography. As a result, many different variations and applications have been developed. Today zero knowledge proofs are used in various contexts including secure transactions, identity verification, and privacy-preserving data analysis.
The trade-off of using the NFT model is that the execution is now potentially spread over multiple blocks, but the user can have private interaction with the public shared state. This model allows for private batch swaps on Penumbra, a decentralized exchange that uses the private input amounts to compute the aggregate flow into a trading pair in a block.
Undoubtedly, Penumbra is a promising project that is addressing the challenge of building a useful private blockchain system. Their focus on a composable state model and an actor model for concurrency, as well as their use of zero-knowledge proofs and NFTs for asynchronous off-chain execution, demonstrates a thoughtful and innovative approach to solving these challenges. The development of a shielded DEX and cross-chain shielded pool further highlights the potential of Penumbra to offer real-world value to users seeking privacy in their financial transactions.
It will be interesting to see how Penumbra evolves and how it is adopted by the blockchain community. The challenges they are addressing are not unique to Penumbra, and their solutions could have broader applications beyond the specific use cases they are targeting. As blockchain technology continues to mature, projects like Penumbra are essential for pushing the boundaries of what is possible and building a more decentralized and private future.