The MPC-ZKP Architecture

The core difference between Renegade and all other exchanges (both centralized and decentralized) is that state is kept locally. Instead of balances and orders being maintained by a centralized server (e.g. Binance) or on many thousands of distributed servers (e.g. Uniswap), all Renegade state is maintained by individual traders.

Some terminology:

  • A wallet is a list of orders and balances for a trader. Each trader's wallet is kept private to each trader, and only wallet hashes (technically, "hiding and binding commitments") are posted on-chain.

  • A relayer is a node in the Renegade network. Each individual relayer manages one or more wallets (meaning they can view the unencrypted wallet) and are responsible for performing MPC computations with other relayers.

  • A cluster (also called a "relay cluster") is a logical group of relayers that all manage the same wallets. Clusters are fault-tolerant replicated groups of relayers, and allow for automatic failovers and parallel MPCs.

As previously mentioned, individual wallets are never revealed in plaintext. Instead, traders post "commitments" of individual wallets on-chain, where a commitment to a wallet is essentialy a hash of a wallet combined with some randomness. Just knowing a wallet commitment does not tell you anything about the underlying wallet data.

The Commit-Reveal Scheme

When a trader wants to perform an operation on their wallet (depositing tokens, settling a match, etc.), they must know their old and new wallets and send three pieces of information to the smart contract:

  • The commitment to the new wallet.

  • Two "nullifiers" of their old wallet, which serve to prevent double-spends of the old wallet.

  • A zero-knowledge proof that: The commitments are properly computed, the nullifiers are properly computed, the old commitment exists somewhere in the global Merkle tree, and that the changes from the old to new wallet are valid (e.g., the user hasn't arbitrarily increased their balances).

The smart contract maintains a global Merkle tree of all previous commitments, plus a set of nullifiers that have been used to reveal previous wallets.

By using this commit-reveal scheme, we allow for full wallet privacy (i.e., no information about the wallet is leaked on-chain), while maintaining full state consistency and protection against double-spend attacks.

Network Architecture

Fundamentally, Renegade simply consists of a p2p gossip network of many independent relayers that constantly handshake and perform MPCs with each other as new orders enter the system. Relayers never custody assets, and are merely given view access to the wallet in order to compute pairwise MPCs.

PreviousWhat is MPC?NextPrivacy Guarantees

Last updated