Securely Issuing Tokenized Assets Using Zero Knowledge Proofs

As part of a collaboration between Mina Foundation and Mirae Asset Group, a developer release of Security Token Offerings Privacy Extension (STOPE) – a framework for safely sharing privately owned assets into the public world – is now available. As governments worldwide refine their legal frameworks for adopting blockchain technology, financial institutions increasingly use distributed ledger technology to bring Security Token Offerings (STO) to market. Tokenized assets will enhance market efficiency, though regulatory challenges still exist in publishing sensitive financial data into the public data space. STOPE offers a proof of concept (PoC) as the industry works towards adoption.

Introduction

Mirae Asset Financial Group built a proof of concept for the secure tokenization of assets under their management, including issuance and a secondary market. Together with Taiga Labs and the Mina Foundation, they explored using zero knowledge proofs (ZKP) and verifiable computing technology to ensure regulatory compliance.

The project aims to guarantee the data integrity of these STOs without leaking critical information and to assess the feasibility of using proof of asset ownership for additional financial activities, such as loan applications.

Mirae Asset Financial Group is a global investment specialist providing competitive services in sectors such as Global, IB, Trading, WM, and PI. In December 2023, the group’s worldwide assets under management totaled in excess of $600 billion.

An Introduction to the STOPE Framework

STOPE uses zero knowledge proof technology to allow institutions to safely reveal financial data and enable asset owners to generate a zk-SNARK, or proof of ownership, on their holdings. Asset owners then create attestations based on this zk-SNARK. The STOPE framework consists of three core components:

1. The Publisher (STO ZK Bridge)
2. Private/Secure Off-chain Storage
3. User Proof Generator

Publisher (STO ZK Bridge)

The Publisher (STO ZK Bridge) uses Mina’s verifiable off chain computation to iterate over STO records stored in Mirae’s private ledger (or any other data source) and publishes securely transformed data to off-chain storage which has public commitments on the Mina Blockchain.  Executing on premise keeps control over security and privacy in the hands of Mirae Asset Financial Group. 

A Verifiable Program

A verifiable program refers to a series of machine instructions arithmetically constrained to produce a cryptographic receipt. This receipt, more commonly known as a zero-knowledge proof, ensures the correctness of a computation through easy verification without the need to re-execute the computation themselves. The programmable privacy of zero-knowledge proofs allows for the selective disclosure of data, meaning the Publisher only reveals chosen values and ensures continued compliance with local regulations.

o1js

The Publisher uses o1js, a software library that facilitates using zk technology on the Mina blockchain. o1js allows defining arithmetic circuits using one of the most popular languages, TypeScript. This reduces the hassle of learning a whole new domain-specific language (DSL), making it one of the most ready-to-go zero knowledge proof based solutions.

ZK Applications (zkApps)

A computer program arithmetically constrained using o1js can be natively verified on the Mina blockchain. zkApps play a similar role as smart contracts featured in other blockchains. These zkApps are executed off-chain, and the zero knowledge proofs of the computation are verified on-chain. Verification is a relatively low cost on-chain computation.This feature of Mina zkApps’ provides privacy and helps maintain regulatory compliance.

The primary function of the Publisher is an Extract-Transform-Load (ETL) process, which performs cryptographic hashing of each record and creates a vector commitment, or Merkle tree, of the collection. During the computation, the zkApp also calculates metadata over the assets. Metadata can include the number of securities or the total size of assets combined.

Only the vector commitments and the metadata persist in the ledger for others to see. The proof generation (of the Publisher) can be abstracted in the following way:

prove(publisher_program, STOs, …rest) => proof

The point of this operation is to guarantee the validity of the data published, even without disclosing the full details. Zero knowledge proof makes it undeniable that the publisher processed n different asset items, a total size equal to m dollars, where values of n and m are publicly known. The verification logic looks like the following:

verify(proof, number_of_assets, size_of_all_assets, …rest) => { 0, 1 }

Anyone can cross-check whether the metadata Mirae Asset computed is consistent with financial statements, and verification can be quickly executed with a minimal computational cost on any consumer-grade device.

The high-level overview of the Publisher algorithm is as follows:

The process encrypts each STO item, includes the result in the commitment, and updates the metadata. While the vector commitments are made public, all the other values in the computation are hidden by using zero knowledge proofs.

Notice that it uses the user’s public key when hashing an STO item. In elliptic-curve cryptography, a public key is the one-way hash output of a secret value: 

user’s public key = hash(user’s secret)

Using the public key when encrypting each STO item is necessary for authentication when users create a privacy enhanced claim about their assets. We will cover this later in the article.

Ensuring Real-Time Data Accuracy

Proof generation is a large computation, so for this PoC, we decided to run Publisher as a batch process at regular intervals. STOPE runs the process once a day, and the cryptographic proof is verified against the latest commitment published. 

ZKP technology is constantly improving, and with lower proof generation time, we expect this batch process to be run more frequently.

Off-Chain Storage

Although data can be stored in the distributed ledger, the Mina blockchain limits the amount of data that can be stored on chain. Off-chain storage enhances privacy, and any project should carefully consider where and how data is stored.

STOPE stores commitments and metadata on the Mina blockchain. Inserting a record in an immutability guaranteed data space is expensive and exposes the information to all who have access to the blockchain. STOPE stores information in Mirae’s on-premise data storage, allowing Mirae full control over access.

• Storage contains:
  • General information about the securities
  • Cryptographic auxiliary data
• Blockchain contains:
  • Cryptographic commitments and proofs

Cryptographic auxiliary data refers to the values, such as a Merkle witness, used to calculate proof. Details of an asset issued include the owner’s information. This information generally needs to be kept private. The need for privacy to ensure compliance led to a decision to store this data in an access-controlled off-chain data store.

For the PoC, STOPE uses a traditional relational database system (Postgres) as on-premise off-chain storage, though each implementation can choose an appropriate data store. An important consideration is whether the data should be accessible to the general public. In a scenario where public storage is used, encryption should be considered. Note that off-chain storage does not guarantee data immutability, and theoretically, the storage owner can modify the inserted data at any time. However, a commitment stored on-chain is immutable and deters data tampering.

For information, o1js is experimenting with an out-of-the-box, off-chain storage solution. It has powerful characteristics, such that zkApps have direct access to the storage space, meaning the verifiability guarantee does not end in the computation aspect, but can also extend to storage operations.

Cryptographic Commitments as the State of an App

After each publishing operation, cryptographic commitments are computed and persist as the application state. Like other blockchain records, an application state is accessible by anyone and is mutable only via a verified state change through a blockchain transaction.

The Mina blockchain allocates 8 units of 32-byte storage slots for a zkApp. In those, STOPE stores the cryptographic commitment, a 255-bit random-looking number (the size of the o1js finite field). This commitment compresses and encapsulates all the records of STO items consistent with the calculated metadata. A slight modification of one of the records will create a drastically different value as commitment.

STOPE Data flow

User Proof Generator

User proof generator creates a privacy-protected claim of ownership. The prover decides what data to reveal about the owned underlying asset. For this PoC, STOPE defines a zkApp that reveals only the range of amount of a particular asset holding without disclosing the specific security.

Given a tokenized security:

security_instance = { owner, size, issuer, ticker, … }

And there are many of these securities tokenized by the financial institution:

securities_issued: { security_instance_1, security_instance_2, … }

The proof asserts that the security instance has an amount in range a and b:

a < size_of_some_security_instance < b

A high-level algorithm overview is as follows:

The operation verifies that: 

1. the prover has chosen one element from the set of assets managed by Mirae Asset (we do not know which security instance that is)
2. the prover is the owner of the asset since the computation is correct only with the knowledge of the user’s secret
3. the asset amount is in the range bounded by two values – upper and lower bounds

Potential Use Cases

Imagine a scenario where the asset owner visits a bank and wants to make a loan application. The loan manager asks for permission to query her financial standing. Traditionally, there is a protracted process of collecting and handing over relevant documents, revealing your entire financial history. These documents then undergo a comprehensive assessment, possibly including multiple financial institutions.

Using proof of asset ownership, the client is no longer required to hand over a full set of financial statements. The client proves ownership of an asset of a certain size, which can be collateral to raise capital. An attestation of the proof of ownership can then be digitally conveyed to any location.

The two user experiences are noticeably different. It not only saves time but also removes the hassle of disclosing one’s data to someone you have never met.

Authentication and the User Secret

User proof generator is executed on the client’s device so the secret is never revealed beyond the device. This makes even Mirae Asset, the finance service provider, let alone anyone on the internet who can verify the proof, unable to deduce the exact details of proof without the knowledge of the user’s secret. Verifiers cannot successfully associate which specific asset item the proof is about. 

all_asset_issued = { a1, a2, a3, … }

P(assoc(a1, proof)) – P(assoc(a*, proof)) = negligible

We observed proof generation times of 4-5 seconds on consumer-grade machines running within a browser. The program runs as Web Assembly (WASM) and utilizes Web Worker for parallelization. 

Applicability to Various Forms of Upcoming RWAs

STOPE on Mina aims to demonstrate a generic framework that may be applied to various upcoming real-world asset projects, including STOs. 

Data-source Agnostic

For the PoC, the data source used by Mirae Asset was Hyperledger Besu. However, other data sources could be easily added. STOPE can process, for instance, data stored in a database or other blockchains. If inbound internet access to the data is restricted, which is the case for most financial institutions, the library can run inside the on-premise infrastructure. As long as it can send the result of the cryptographic operation to the Mina blockchain, the system can function.

Secure and Private

Most financial products are subject to rigid legal scrutiny to protect customers. Any business-specific logic is arithmetically constrained by o1js generated circuits, making the operation verifiable and private, an approach that addresses diverse regulatory problems. For a project that promotes public data availability like RWA, STOPE is an ideal solution.

Ryu Ji Hae, Head of the Digital Asset Solution Team at Mirae Asset Group, stated:

“The POC project conducted with Mina Foundation provided an opportunity to test the interoperability of public blockchains while maintaining the anonymity of sensitive data such as personal and transaction information, as well as preserving the data security of financial institutions’ private blockchains that comply with the guidelines provided by Korean regulators. This project allowed us to explore the potential between privacy and public accessibility in blockchain technology.”

Standardization of a (ZK) RWA specification

While designing the framework, we noticed that the upcoming RWA projects including STOs are likely to go through a similar decision-making process to establish a strong safety guarantee. 

Aside from using a powerful technology such as zero-knowledge proofs, projects must consider:

• Data specification of the underlying asset
• Processes and steps in which the operation will publish the data
• What will be open data or closed (permissioned) data 
• Which locations to persist the different types of data
• An interval at which to update the state of the assets

For more information, please have a look at the STOPE reference implementation in the repository.