GhostPool

GhostPool is an admission-layer protocol for encrypted mempools. Encrypted mempools can hide transaction contents, but admission still needs dynamic checks such as authorization, nonce validity, and solvency. If sender and nonce remain public, the mempool leaks account-level activity; if they are hidden without a replacement, admission becomes blind and vulnerable to DoS.

GhostPool replaces public (sender, nonce) checks with a root-bound zero-knowledge admission proof plus a nullifier for the hidden nonce slot. Because the proof is tied to a specific state root, a pending encrypted transaction would otherwise go stale as the chain advances. The nullifier turns that stale-proof problem into slot tracking: the proof remains usable while its anchor is fresh and the slot has not been consumed, and plaintext Ethereum transactions can join the same slot namespace through a lightweight DLEQ certificate.

Protocol Path

flowchart LR
    Enc[Encrypted transaction]
    Proof[Root-bound ZK proof]
    Nullifier[Hidden-slot nullifier]
    PrivateAdmission[Private admission]

    Plain[Plaintext transaction]
    DLEQ[DLEQ certificate]

    Shared[Shared nullifier namespace]
    Pool[Mempool]
    Builder[Builder]

    Enc --> Proof
    Enc --> Nullifier
    Proof --> PrivateAdmission
    Nullifier --> PrivateAdmission
    PrivateAdmission --> Shared

    Plain --> DLEQ
    DLEQ --> Shared

    Shared --> Pool
    Pool --> Builder

Loading

Workspace Layout

• crates/primitives: protocol data types, suite IDs, digest newtypes, and canonical encoding
• crates/commitments: GhostPool-owned public commitment suite implementations
• crates/crypto: secp256k1 hash-to-curve, Gamma derivation, signing scalar handling, and DLEQ primitives
• crates/statement: deterministic native leaf statement checker
• crates/proof-types: proof backend manifests, journal schemas, proof envelopes, and protocol-binding metadata
• crates/verifier: backend-neutral leaf verifier trait, errors, and reports
• crates/verifier-backends: fixture, native reference, SP1, and RISC Zero verifier adapters
• crates/prover: backend-neutral prover trait and witness input boundary
• crates/prover-backends: concrete prover host adapters and zkVM guest programs
• crates/client: user-side witness, proving, encryption, and submission boundaries
• crates/chain: public chain provider traits, mock/Reth adapters, and Ethereum plaintext DLEQ adapters
• crates/opening: scheme-neutral payload opening and transcript verification
• crates/mempool: admission checks, nullifier lifecycle, opening application, and builder-safe handoff
• crates/validator: sidecar node assembly, config, verifier backend selection, and HTTP RPC server

Features

• ghostpool-chain/reth: read public anchor data from a Reth MDBX database
• ghostpool-chain/ethereum-plaintext: verify visible Ethereum transactions with plaintext DLEQ certificates
• ghostpool-verifier-backends/native-reference: execute the native statement checker as a non-ZK reference backend
• ghostpool-verifier-backends/sp1: enable SP1 Groth16/PLONK verifier adapters
• ghostpool-verifier-backends/risc0: enable RISC Zero verifier adapters
• ghostpool-validator/mock: run the validator with mock chain and fixture verifier support
• ghostpool-validator/verifier-sp1: wire the SP1 verifier backend into validator startup
• ghostpool-validator/verifier-risc0: wire the RISC Zero verifier backend into validator startup
• ghostpool-validator/reth: enable the validator's Reth chain provider path
• ghostpool-client/json-rpc: enable HTTPS JSON-RPC witness access through reqwest/rustls

Development

cargo fmt --check
cargo check --workspace --all-targets
cargo clippy --workspace --all-targets -- -D warnings
cargo test --workspace --all-targets