Built-on-DAPP: ZEOS Privacy Coin

The #BuiltOnDAPP blog series continues to spotlight exceptional projects and teams building scalable, decentralized applications which utilize the DAPP Network universal middleware of services. This series showcases some of the most cutting-edge use cases and remarkable projects being built on our platform today.


Today we’re interviewing Matthias Schönebeck. He’s developing a privacy coin using DAPP Network’s technology.

What was your inspiration for creating the product?

As a big proponent of privacy coins and the EOS blockchain I became very excited about the “PEOS” project which was launched in early 2019. The goal of the project was to implement a privacy token based on Monero’s UTXO technology in a single EOS smart contract. I found that was a great idea since EOS as a transparent blockchain is fully traceable and for any smart contracts blockchain to succeed in the long run privacy protocols are crucial in my opinion. PEOS enabling private Monero-like transactions seemed to be a good start in the right direction to create a private dapp ecosystem on EOS. Sure enough PEOS quickly became one of the highest valued projects in the EOS ecosystem.

After the PEOS team basically finished their smart contract it turned out that the elliptic curve arithmetic used by Monero’s CryptoNote protocol would make PEOS transactions on EOS very expensive. The addition and scalar multiplication on elliptic curves involves a lot of arithmetic operations – especially since all of the numbers are gigantic 32 byte values. Since a lot of modern processors provide hardware support for Elliptic Curve Cryptography (ECC) performed over the secp256r1 curve the PEOS team published an EOS improvement proposal to add ECC intrinsics to the EOS Contract Development Toolkit (CDT). That way the EOSVM could make use of the hardware acceleration when executing smart contracts depending on ECC. To not having to wait until those intrinsics would be available for EOS smart contracts the PEOS team decided to start their own EOS sidechain to bring private and untraceable transactions to EOS as quickly as possible.

However, after this last PEOS announcement in May 2020 the team vanished for unknown reasons and was never heard of again. The excitement though about the project among followers and investors was still great. The PEOS telegram channel was still very active and members were already planning to launch their own privacy token project if the PEOS team wouldn’t return until the end of 2020.

I liked the idea of starting something new, if necessary, but waited until May to see if something would happen – either a return of the PEOS team or maybe a new privacy token project I could join. It was more than one year since the last status update from the PEOS team when I finally became active.

So I started to look into privacy coin projects based on zk-SNARKs. I knew that the zk-SNARK approach was far superior to Monero’s tech since no meta or overhead data was needed to obfuscate the actually transparent transactions on chain. With zk-SNARKs nothing but hashes and encrypted data would be stored on chain. I studied ZCash’s shielded transactions and the Nightfall protocol of “EY” who brought shielded ZCash-like transactions to Ethereum. Their very well documented protocol was of great help to me when developing ZEOS. After about a month of research and studying Nightfall as well as ZCash I decided to start my own project since nobody seemed to do anything like that on EOS yet. Knowing what such a protocol would have to look like, and knowing that I had an awesome trustless storage solution with LiquidApps’ VRAM, I was highly motivated to bring such a protocol to the EOS main net.

Describe your technology stack and why you chose to integrate DAPP Network’s tech?

The ZEOS protocol for private and untraceable transactions is based on “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge” or in short: zk-SNARK. It is a mathematical method in which a prover can prove knowledge of a secret to a verifier without having to reveal the secret itself. This method which was already invented in the 80’s experienced a huge revival thanks to blockchain technology and in particular ZCash. The ZCash team was the first to utilize zk-SNARKs for private transactions on a blockchain. Their implementation of the Groth16 proving system as well as the ZCash Sapling implementation form the basis for ZEOS. The ZEOS protocol for private transactions is mostly based on the concept of EY’s Nightfall though.

While the heavy computation is offset to the prover, (i.e. the sender of a private transaction) the verifier (i.e. the smart contract on the EOS network) only has to take little effort to verify the transactions. It turned out, though, that the computational effort for the verification of proofs is still too big for an EOS smart contract. It would take more than 150ms to verify a single zero knowledge proof on chain, which is way too expensive for a productive system. While elliptic curve intrinsics could help a lot to accelerate the verification significantly this option remains unavailable on the EOS mainnet as of now.

This is where the DAPP Network comes into play:

The still relatively new VCPU feature allows for heavy CPU intense processing to be offloaded to DSP nodes. While the proof verification is actually something you would want to have on chain in order for it to be fully trustless, there might be a certain number of DSPs performing the verification simultaneously where it is “trustless enough” for people to feel secure about it. The VCPU service of the DAPP Network is basically what makes the ZEOS protocol on the EOS main net possible at all.

The other DAPP Network service which is of high importance for the ZEOS protocol is VRAM. The ZEOS protocol is basically an anonymous blockchain built on top of the EOS blockchain. Like PEOS, the ZEOS protocol implements its own UTXO model inside an EOS smart contract. Therefore ZEOS comes with three ever increasing data structures: (1) A list containing note transaction data, (2) a merkle tree for note commitments, and (3) a list of note nullifiers. Storing these data structures in the scarce and expensive EOS RAM would make private transactions way too costly for the end user. Thanks to VRAM there is a trustless and unlimited storage solution for on chain data.

The two services, VCPU and VRAM, not only make ZEOS possible on EOS mainnet, but they also help make private transactions as cheap as possible for the end user. The DAPP Network will be a very important part for all private protocols I am planning to develop on the EOS mainnet.

Can you go into more detail about the importance of being multi-chain?

Since all transaction data lives in the DAPP Networks’s VRAM which is blockchain agnostic I am looking into ways to make the whole ZEOS protocol blockchain agnostic as well. However, this is something I need to do more research about first in order to come up with a concept that resistant to double spend attacks.

Can you go into more detail about how users will interact with your products?

For the end user there will be a wallet from which private transactions can be made. The first wallet will be a CLI wallet which is already under development. As a graphical UI wallet I was planning to develop a browser based web wallet using JavaScript. This would have a lot of advantages for me as a developer but also for the users:

1) Web wallets are platform independent. That means there is only one source code which works in all browsers on all platforms – including mobile devices.

2) Updates are easy. Since the JavaScript code is loaded from a web server it can be updated easily without having the user to manually update the wallet.

3) Users can connect to the web wallet using their favorite EOS wallets and don’t have to trust a new and unknown ZEOS wallet with their precious EOS private keys.

Using either the CLI wallet or the GUI wallet each user would have to generate a ZEOS private/public key pair to create an anonymous ZEOS wallet. The wallet address is derived from the private and public keys and will be used to receive funds. The private key is needed to spend funds anonymously. The ZEOS token (and later all assets on the EOS blockchain) can be moved seamlessly between the transparent EOS account and one or more anonymous ZEOS wallets. To achieve full anonymity a second EOS account should be used for all private token transfers using the ZEOS token contract.

Long term I am planning to approach existing wallet providers like Greymass and others who might be willing to add native support for ZEOS’ private transactions. Those wallets are being trusted by the community and users would feel more comfortable if they were able to use those well known wallets from trusted community members. Furthermore it would lower the user experience if a second wallet software would be needed for ZEOS’ private transactions. Since the ZEOS protocol will offer private transactions for all assets on the EOS blockchain in the future private transactions could become a basic feature for all EOS wallets.

How will this initiative tie together DeFi or NFTs and other hot components of blockchain technology?

The ZEOS protocol for private and untraceable transactions will lay the foundation for a private DeFi ecosystem on the EOS mainnet. While I am convinced that privacy coins are the future of money in general it is only natural that I am equally convinced of private DeFi being the future of finance. While the adoption rate of DeFi over the last two years is absolutely incredible what the current DeFi ecosystems – no matter if on Ethereum, EOS or any other blockchain – lack is privacy. With ZEOS I am planning to develop tools and protocols that enable private DeFi which could become a unique selling point for the EOS mainnet.

In addition to private transfers for all assets on the EOS mainnet the ZEOS protocol will also enable private transfers of NFTs. This is a feature which would have not been possible with the PEOS protocol since the Monero approach uses ring signatures to anonymize transactions which can only work with fungible tokens. Using zk-SNARKs however, private transfers of NFTs would be possible as well.

With private transactions for all assets on the EOS mainnet the ZEOS token itself will evolve to  some unique tokenomics. It will become a DeFi protocol on it’s own inspired by the Haven Protocol. The Haven Protocol is a fork of Monero and enables users to create synthetic assets but fully anonymous inside their own wallet. The ZEOS token will enable the same functionality for the EOS ecosystem: Users will be able to use ZEOS to anonymously mint, transfer and burn synthetic stablecoins, precious metals or stocks. Anything is possible as long as there is a reliable oracle available for the specific asset the user wishes to create. This protocol would make use of just another service of the DAPP Network: LiquidOracles.

What does your initial roadmap look like over the next year? What are you most excited about?

I am very close to execute the very first private transaction on the EOS testnet. Over the past months I ported the ZCash implementation of the Groth16 proving system from Rust to C++ to make it compatible with EOS smart contracts. The implementation is already finished and tested. The first iteration of the arithmetic circuits for the zk-SNARKs needed for ZEOS is also finished and tested. I am now in the process of making a ZEOS library which can be used by wallets for easy interaction with the ZEOS smart contract. Until the end of the year I am planning to complete the ZEOS token contract and prepare the multi party computation for the trusted setup needed for the SNARKs. I am also planning to airdrop the ZEOS token to PEOS holders until the end of the year. Also I hope to be able to finally setup the ZEOS website at zeos.one over the coming weeks where the web wallet will be available for users as well.

For 2022 I have several things on the roadmap. The first thing I will try to finish in the first quarter of the year is the update of the ZEOS token contract to version 2.0. This next iteration of ZEOS will enable private transactions for all assets on the EOS blockchain – most likely including NFTs. In addition to that the ZEOS token itself will get the unique tokenomics of the Haven Protocol to enable private offshore banking.

After that I am planning to build a protocol for anonymous atomic swaps of EOS assets. This protocol would enable the development of a private DEX where users could trade with each other based on ZEOS’ private transactions. I already have a concept for private atomic swaps on EOS based on zk-SNARKs as well.

Another thing I find very interesting and am following closely are private smart contracts based on homomorphic encryption. The Dero blockchain is currently building a VM and a toolchain to develop smart contract based on that concept. It would allow for smart contracts to perform arithmetic operations on encrypted data in form of Pedersen Commitments without having to decrypt the data. This could be a game changer for the future of smart contracts in general. Having private transactions and potentially private smart contracts could round up the foundation for a fully anonymous DeFi ecosystem on the EOS mainnet.


Stay tuned for more of our #BuiltOnDAPP Spotlight Series, where we’ll highlight some of the most remarkable projects utilizing the DAPP Network Universal Middleware to scale their decentralized applications.

Follow DAPP Network

Website | Twitter | Telegram