{"id":19390363,"url":"https://github.com/nucypher/sunscreen_public","last_synced_at":"2026-03-19T09:35:55.243Z","repository":{"id":101544687,"uuid":"269173006","full_name":"nucypher/Sunscreen_public","owner":"nucypher","description":"Secure, Private, Flexible Smart Contracts","archived":false,"fork":false,"pushed_at":"2020-06-04T02:54:24.000Z","size":870,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-09-19T18:49:49.501Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nucypher.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-06-03T19:12:08.000Z","updated_at":"2022-06-10T03:28:29.000Z","dependencies_parsed_at":"2023-06-05T10:00:10.890Z","dependency_job_id":null,"html_url":"https://github.com/nucypher/Sunscreen_public","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/nucypher/Sunscreen_public","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nucypher%2FSunscreen_public","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nucypher%2FSunscreen_public/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nucypher%2FSunscreen_public/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nucypher%2FSunscreen_public/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nucypher","download_url":"https://codeload.github.com/nucypher/Sunscreen_public/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nucypher%2FSunscreen_public/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29516172,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-16T18:37:19.720Z","status":"ssl_error","status_checked_at":"2026-02-16T18:36:46.920Z","response_time":115,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-10T10:20:31.928Z","updated_at":"2026-02-16T19:36:45.280Z","avatar_url":"https://github.com/nucypher.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Sunscreen \n:sunny: **Secure, Private, Flexible Smart Contracts** :sunny:\n\nThis repository contains work on privacy-preserving smart contracts (PPSCs). We've included the 2 documents that cover [zero-knowledge proof systems](https://en.wikipedia.org/wiki/Zero-knowledge_proof), [Bulletproofs](https://eprint.iacr.org/2017/1066.pdf), and a rough outline on our vision for secure, private, flexible smart contracts. We wrote these in what we hope is an accessible way.  \n\nPrevious talks on this subject were given at [IEEE S\u0026P 2020](https://www.ieee-security.org/TC/SP2020/program-shorttalks.html) (as a short talk; \"The Marriage of Fully Homomorphic Encryption and Blockchain\"), [ZKSummit](https://www.zeroknowledge.fm/) (\"The Future of PPSCs\"), and  [Devcon](https://devcon.org/) (\"The Future of PPSCs\").\n\nWe include a chart below for understanding what goes into our definitions of efficiency, security, privacy, and flexibility when discussing PPSCs. We call our project \"Sunscreen\" as our work will aim to satisfy 3 out of 4 of the goals defined\u0026mdash;namely security, privacy, and flexibility\u0026mdash;while sacrificing some degree of efficiency.\n\n\n| Efficiency                | Security Assumptions                   | Privacy                  | Flexibility                    |\n| ------------------------- | :--------------------------: | :----------------------: | :----------------------------: |\n|  Communication complexity?  |  Based on cryptography?     |       Confidential?       | Easily adaptable to new environments(i.e. universal reference string)? |\n| Reference string size?       |     Based on hardware?      |             Anonymous?       | Supports arbitrary logic/computation?  |\n| Setup time?                  |      Provable security? |     Based on cryptography?    |  Supports \"stateful\" computation?           |\n| Time to generate transactions?   |   Non-standard assumptions?   |    Using tumblers or mixers?  |             |\n| Time to verify transactions?     |     Post-quantum?  |  Using stealth addresses? |      |\n| Physical resources required?    |    Trusted setup?      |   Function privacy?        |                  |\n| Potential for scalability?          |                       |            |                |\n\n## Background\nWe provide a brief overview of the contents of the 2 documents below. \n\n**Disclaimer: These documents were originally written for internal usage and may no longer reflect up to date information or ideas.**\n\n### April 2019: \"[Zero-Knowledge Proofs for PPSCs and Transactions](/zk%20thoughts.pdf)\"\n\nWe look at some efficient zero-knowledge proof protocols (i.e. [SNARKs](https://z.cash/technology/zksnarks/), [STARKs](https://eprint.iacr.org/2018/046.pdf), [Bulletproofs](https://eprint.iacr.org/2017/1066.pdf)) to explore which might be the most promising for a private transaction/smart contract scheme. We also evaluate some recent projects in the space including [Zether](https://eprint.iacr.org/2019/191.pdf), [Hawk](https://eprint.iacr.org/2015/675.pdf), [Quisquis](https://eprint.iacr.org/2018/990.pdf), [Aztec](https://github.com/AztecProtocol/AZTEC/blob/develop/AZTEC.pdf), and [Zexe](https://eprint.iacr.org/2018/962.pdf).\n\n### October 2019: \"[The Future of Privacy-Preserving Smart Contracts](/Future_of_PPSCs.pdf)\"\n\nWe outline our design goals for a PPSC scheme and our core beliefs about what a \"successful\" scheme might look like for us. We provide a brief look into the building blocks we might use for such a scheme and the associated challenges around combining efficient ZKPs with FHE.\n\nThe appendix of this document was originally part of a separate internal document titled \"Using Bulletproofs\" from July 2019. In it, we consider two lines of work based on Bulletproofs. The first builds on [Zether](https://eprint.iacr.org/2019/191.pdf) whereas the second argues for the creation of a new PPSC scheme using FHE inspired by some of the work in [Short Discrete Log Proofs for FHE \u0026 Ring-LWE Ciphertexts](https://eprint.iacr.org/2019/057.pdf).\n\n\n## Implementation Work\nThis section includes protyping and benchmarking work for Short Discrete Log Proofs, and BGV. Current prototyping is being done in Julia by [Bogdan](https://github.com/fjarri) for ease of iteration. However, we expect final libraries to be done in C/Rust. \n\n### [Short Discrete Log Proofs](https://eprint.iacr.org/2019/057.pdf)\nA PoC of [Short Discrete Log Proofs](https://eprint.iacr.org/2019/057.pdf) can be found [here](https://github.com/nucypher/LogProof.jl). We provide charts below on the performance of the verifiable encryption/decryption scheme of Section 1.5 of the paper. We stress that our prototype is *not secure* and should *not* be used in production.\n\n**Proof Performance**\n\nRecall that the proofs use discrete logs and thus the performance is dependent on the curve chosen. \n\n[PoC](https://github.com/nucypher/LogProof.jl); Curve25519; Intel i7 @ 2.6GHz\n|     Curve25519                      | 1 thread                  | 6 threads                    |\n| -------------------------  | :----------------------: | :----------------------------: |\n| Prover time                |     34.6s                |     8.2s                      |\n| Verifier time                |     23.7s                |     5.2s                      |\n| Initial proof generation               |     2.15s               |     434ms            |   \n\n[PoC](https://github.com/nucypher/LogProof.jl); secp256k1; Intel i7 @ 2.6GHz\n|     Secp256k1                      | 1 thread                  | 6 threads                    |\n| -------------------------  | :----------------------: | :----------------------------: |\n| Prover time                |     70s                |     14.9s                      |\n| Verifier time                |     47s                |     9.7s                      |\n| Initial proof generation               |     16s               |     3.23s            |   \n\n\n**Encryption Scheme Performance**\n\nThe encryption scheme is solely based on lattices (specifically ring-lwe) and thus not dependent on the curve choice.\n\n|   Ring-LWE Encryption Scheme      |       Timing (mean/median)            |\n| -------------------------  |  :----------------------------: |\n| Encrypt               |      1.294ms; 1.235ms                    |\n| Decrypt             |    591.261microsec; 577.905microsec                    |\n\n\n### [BGV Scheme](https://eprint.iacr.org/2011/277.pdf) [WIP]\n\n**Benchmarking from [HElib](https://github.com/shaih/HElib)**\n\n\n## Challenges\n\n**FHE Requisite Knowledge**\n\nEven some of the [nicest FHE libraries currently available](https://github.com/microsoft/SEAL) are challenging to work with\u0026mdash;requiring deep expertise in the scheme to achieve optimal performance. While both proponents and critics of FHE argue that FHE isn't being used due to *efficiency* reasons, we disagree as FHE *can* provide acceptable runtimes for certain use cases. Rather, we believe what's preventing FHE from gaining more traction is the *level of expertise* required to currently use the schemes/libraries.\n\n**Lack of Consistent Benchmarking**\n\nAdditionally, there's a dearth of work in benchmarking some of the recent ZKPs and FHE schemes. It's difficult to incorporate (or even know *if* we should incorporate) these works when we don't know how they perform in practice. The efficiency tables in our PATS repo (such as [this](https://github.com/ravital/pats/blob/master/zether.md), and [this](https://github.com/ravital/pats/blob/master/aztec.md)) have many blanks as the authors have failed to provide important estimates in their papers. Many of the PPSC works also use vastly different machines\u0026mdash;from an [Intel i7-6820HQ throttled to 2.0 Ghz with \u003c100MB of memory and a single thread](https://github.com/ravital/pats/blob/master/zether.md) to an [Intel Xeon 6138 CPU at 3.0 Ghz with 252GB of RAM and 12 threads](https://github.com/ravital/pats/blob/master/zexe.md)\u0026mdash;further exacerbating the problem.\n\n## Future Directions\n\nSome directions of research we'd like to pursue from here include:\n- Tools for making FHE easier to work with\n- Benchmarking ZKPs (possibly an entire project in and of itself!)\n- Benchmarking FHE schemes (i.e. FV, BGV)\n- Development of a user-friendly BGV library\n\n## Comments or Concerns\nFor any comments or concerns, feel free to open issues or ask questions on our [Discord channel](https://discord.gg/7rmXa3S). Otherwise, you can contact Ravital (ravital@nucypher.com) with general questions or for questions w.r.t. the research/documents. Questions about the specifics of the prototype/implementation can be directed to Bogdan (bogdan@nucypher.com).\n\n## Background Reading\nResources that are beginner friendly, we mark with :green_apple:. More technically demanding resources we mark with :apple:.\n\nWe suggest the following resources:\n- [ZKProof Community Reference](https://docs.zkproof.org/assets/docs/reference-v0.2.pdf), a fairly comprehensive document covering zero-knowledge proofs from the academic initiative [ZKProof](https://zkproof.org/) :green_apple:\n- [Bulletproofs notes](https://doc-internal.dalek.rs/bulletproofs/notes/index.html), notes on how Bulletproofs work :apple:\n- [A Decade of Lattice Cryptography](https://web.eecs.umich.edu/~cpeikert/pubs/lattice-survey.pdf), a comprehensive document explaining the basics of lattices, assumptions used in lattice cryptography, and corresponding schemes :apple:\n- [Fundamentals of Fully Homomorphic Encryption - A Survey](https://pdfs.semanticscholar.org/e247/ae732c50b6c04b2aa413c4caa0ca77ed4751.pdf), an accessible but long introduction to FHE :green_apple:\n- [Computing Arbitrary Functions of Encrypted Data](https://crypto.stanford.edu/craig/easy-fhe.pdf), a brief but well-written paper from Craig Gentry covering the basics of how FHE works :green_apple:\n- [A brief survey of Fully Homomorphic Encryption](https://blog.quarkslab.com/a-brief-survey-of-fully-homomorphic-encryption-computing-on-encrypted-data.html), a short and easy-to-read post covering the basic aspects of FHE and some of the challenges associated with it :green_apple:\n- [Microsoft's SEAL library](https://github.com/microsoft/SEAL), particularly the [example sections](https://github.com/microsoft/SEAL/tree/master/native/examples) to see how a FHE scheme works in practice :green_apple:\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnucypher%2Fsunscreen_public","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnucypher%2Fsunscreen_public","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnucypher%2Fsunscreen_public/lists"}