[General] Privacy of data stored by the smart contact

[ranile]

Team or Project

No response

Environment

Testnet

L2 block number

No response

Provide a brief description of the functionality you're trying to implement and the issue you are running into.

From https://docs.zksync.io/zksync-era

In ZKsync Era, computation is performed off-chain and most data is stored off-chain as well. Transactions are bundled into batches before generating a validity proof. As all validity proofs are proven on Ethereum, users enjoy the same security warranties as in the L1.

What exactly does "most data" mean here? Where exactly is it stored? More specifically, is if this data from zk-sync 101 example (especially the address => uint256 mapping) private or visible to anyone who knows how to decode it?

The issue we're trying to tackle is prove that a transaction happened and stored some data for later retrieval without revealing the data that is stored.

In our application, a user would call a function in a smart contract. This function will do some computation and store the results. Another function will, at some later time, use this stored result.

Repo Link (Optional)

No response

Additional Details

I tried to look at block explorer and did not find any answer there. See screenshots below

Smart contact

2025-01-22.23-13-36.mov

Transaction deploying contact

Transaction writing to contact

[sarahschwartz]

Hi @ranile , great question! The data in your contract is never private, even with the private keyword. There are probably several different ways to accomplish your goal using some privacy/ZK-specific tools, but make sure you don't save data that must be private in a contract.

[ranile]

Where is that data stored? What steps would be required to obtain that data?

As an aside: do you have any suggestions for storing data that needs to remain private? What privacy/ZK-specific tools can I use for this?

[sarahschwartz]

Private variables are stored in the same way all contract variables are stored - the main difference there is that they are not visible in derived contracts: https://docs.soliditylang.org/en/v0.8.24/contracts.html#state-variable-visibility.
This data could be decoded from the transaction data on the explorer, although it's not easily readable.

If you want to prove something about the private data (for example, that a certain private number input X resulted in a final calculation Y), you could use something like SP1: https://docs.succinct.xyz/docs/introduction, or another ZK proof-based solution. This way X would stay private but Y would be public.

If you want to be able to access the exact private data, a somewhat complex solution would be launch your own app-chain using the zkstack as a validium, and customizing the RPC layer to allow for privacy.

Otherwise, storing the data offchain is likely your best option.

[ranile]

Can you explain where this data is stored? The docs (as I quoted in the original issue) state that most data is stored off-chain. How does that work?

Is there a way to encrypt the data somehow such that even if it's readable, only the smart contract can decrypt the blob.
As for off chain storage, that is an option but there's an implicit trust in where the data is stored. How would it be proved that data was not changed by anyone during the time it was written/read by the smart contract?

For some additional context here: we're dealing graph data here. The function writing data will append a node to graph and the function reading it will be reading the graph

[sarahschwartz]

Can you explain where this data is stored? The docs (as I quoted in the original issue) state that most data is stored off-chain. How does that work?

@ranile As far as I understand, the data is stored on the network nodes, and in backup snapshot files that are not on chain. The state diffs are stored on Ethereum. For more in-depth docs on this, I would check out our specs.

Is there a way to encrypt the data somehow such that even if it's readable, only the smart contract can decrypt the blob.

Not really. Anything inside the smart contract is public, including what it's able to access during execution.

As for off chain storage, that is an option but there's an implicit trust in where the data is stored. How would it be proved that data was not changed by anyone during the time it was written/read by the smart contract?

This is something that an oracle can help solve. For example, Chainlink is a popular option you can use. You can see more options in the docs ecosystem section.