Author: Turan Vural, Researcher at Fenbushi Capital
As cryptocurrencies continue to grow, the need for seamless and secure fiat-to-crypto onboarding solutions has become more pressing. zkP2P is an innovative peer-to-peer fiat-to-crypto onboarding solution that not only mitigates centralization issues in the onboarding process, but is also one of the few consumer-facing ZK applications that does not require the complexity of Web3.
zkP2P is a peer-to-peer fiat-to-crypto on-ramp that leverages multiple foundational ZK packages to add new utility on top of existing internet infrastructure. Instead of convincing global payment platforms like Venmo, Alipay, and Revolut to switch to crypto, zkP2P leverages the signatures already in their Web2 infrastructure to make crypto more accessible to existing fintech platforms. When making deposits, users can continue to use the online payment systems they are familiar with and trust. You can confidently say, “Give me crypto with Venmo.”
zkP2P Specific Process
The specific flow of a zkP2P example transaction of exchanging U.S. dollars (USD) for a cryptocurrency stablecoin (USDC) through Venmo is as follows:
The user requests to send a certain amount of USDC.
The system matches users with a liquidity provider at their requested exchange rate and trades through Venmo.
The liquidity provider’s on-chain funds are escrowed by a zkP2P smart contract, while users send U.S. dollars (USD) to the provider via Venmo.
The user submits an email receipt of the Venmo transaction to zkP2P (this can be done automatically if the user is logged into zkP2P via a Google account).
This generates two proofs:
The first proof uses zkEmail to verify that the signature of the Venmo email server matches the signature of the receipt email. This ensures the authenticity of the email.
The second proof uses zkRegex to extract relevant information from the receipt email, confirming that the correct amount was sent from the correct user to the correct recipient.
Eventually after all checks are completed, the escrowed funds will be released to the user.
Why is zkP2P important?
zkP2P demonstrates the many possibilities of bringing existing Web2 infrastructure into the blockchain space. It further demonstrates how ZK can enable new consumer-facing tools in a variety of sectors without having to establish new relationships.
Trustworthy deposit method
This is a topic that needs no introduction for anyone in the Web3 space. zkP2P solves the difficult problem of attracting the next wave of future users while being compliant with regulatory requirements. For new users’ onboarding needs, zkP2P not only reduces the risk of users being defrauded by fraudulent onboarding channels, but also allows users to complete the process with their preferred online payment provider. zkP2P works even if regulation is not immediate: all major payment providers are already compliant with regulatory requirements and conduct KYC (know your customer) processes (even in the case of Venmo, which provides protection for certain transactions). This allows zkP2P to truly leverage regulation to the benefit of users, which is a rare case in the Web3 space.
Old friend IETF (Internet Engineering Task Force)
This is a topic that isn’t often covered in Web3 articles. Revisiting the steps above, we’ll see that, aside from having a wallet (which is changing with support for account abstraction), users never leave their secure Venmo environment. This is because of the foundational work of the IETF (Internet Engineering Task Force, the open governance body for the Internet founded in 1986) in guiding the Internet. RFCs (Requests For Comments, the inspiration for ERCs) govern the Internet in a similar way to ERCs, with a similar open governance process. ERC 6376 defined DKIM in September 2011, which made email authentication signatures, which zkP2P relies on, an Internet standard. As a result, every email server signs their emails; thanks to zkEmail, we can provide proof of email authenticity, and now, thanks to zkP2P, we can use these signatures, originally used to prevent eavesdropping, as a useful trust tool.
It is worth mentioning that there is now a newer RFC, RFC 9421, which proposes a REST API signature similar to email signatures. This will allow proof of any API execution; if the industry adopts this RFC, zkP2P and other aspiring ZK teams will be able to verify any semantically meaningful data sent through an API endpoint without relying on email.
Consumer-oriented ZK in production
There are currently few consumer-facing ZK applications outside of zkRollups. This can be attributed to a variety of reasons, each equally valid: a lack of ZK builders, a lack of ZK development tools and methodologies, or simply a lack of use cases that make sense for consumers. zkP2P shows a case that even if ZK is not meaningful to consumers, it promotes the convenience of Web3 for consumers. Without the public key infrastructure and signatures that underpin the Internet, and the privacy-preserving authentication proofs, there is no way to provide an onboarding path that allows existing payment systems to be agnostic.
The Future of zkP2P
zkP2P is under active development. It is currently in public beta (alpha) and supports USD through Venmo, INR through HDFC, TRY through Garanti, with plans to add support for more currencies and payment providers (EUR and USDC through Revolut were added on May 31st). The team is funded by the Fenbushi@fenbushi Research Fund and the Ethereum Foundation, and is led by Sachin (0xSachinK on X). Sachin previously worked at Set Protocol, built smart contracts with over $500M TVL, and received funding from the Ethereum Foundation to develop ZK applications. His team started the zkP2P project at ZKHack and supported the series as a judge.