Renegade is a new type of decentralized exchange that utilizes a dark pool to provide MEV resistant private transactions. This is a write up of my personal research, is not a sponsored post and I currently hold no stake in Renegade.
What Is Renegade?
The Renegade whitepaper was authored by Christopher Bender and Joseph Kraut. The paper describes a non-custodial, decentralized exchange that functions as an on-chain dark pool.
Renegade raised $3.4m in a round led by Dragonfly to solve issues associated with non-custodial trading by hiding all information about the state of the exchange with zero-knowledge proofs.
Renegade is functionally equivalent to a CLOB DEX (central limit order book decentralized exchange), but with an encrypted and distributed order book. Matches between users’ orders are inferred via a cryptographically secure multiparty computation. If you’ve used a centralized exchange like Binance then you should be familiar with the bid/ask prices which form the order book.
Settlements of swapped tokens are done via zero-knowledge proofs to hide all trade information while maintaining consistency of the system. Renegade maintains complete anonymity during the entire lifecycle of a trade, and no third party can learn any information about any user’s token balances, pending orders, or trade history.
Renegade provides efficient execution of trades on large blocks of equities without significant price impact and cross-exchange arbitrage, which is typically seen in traditional finance market structures. By executing within a darkpool environment the orders are resistant to MEV such as sandwich attacks.
Dark pools are a privacy focused trading platform that allow traders to place and match orders anonymously without revealing their trading strategies to the wider market. The order book is not publicly visible, which means traders can only see their own orders and matches on those orders. This type of trading is suitable for large traders who want to move large blocks of equities without alerting the wider market to their activity.
In the context of decentralized crypto exchanges, dark pools are even more useful as they help to mitigate the problem of information leakage. Unlike traditional finance, the blockchain makes all exchange state public, which exposes traders to even worse forms of information leakage. For example, market makers can see the past trades of any wallet address, making it easier to draw statistical patterns about every trader’s strategy and profitability. Additionally, anyone can see the token balances of any wallet, making copy-trading particularly easy.
Understanding MPC & ZKP
Renegade is a solution to these problems. It uses multi-party computation (MPC) to determine order matching and zero-knowledge proofs (ZKP) to settle matched orders. This allows Renegade to maintain end-to-end privacy, both before an order is filled and after it is settled on-chain. By using the idea of local private state combined with the building blocks of MPC and ZKPs, Renegade guarantees complete privacy for traders.
MPC, or multi-party computation, is a cryptographic primitive that allows multiple parties with private data to jointly compute a function output without revealing their inputs to each other. In the traditional setting, multiple parties send their private data to a trusted evaluator who computes the function output and sends it back to each party. However, the actual MPC protocol does not require a trusted intermediary.
There are two main classes of MPC algorithms: garbled circuits and secret-sharing algorithms. Secret-sharing approaches involve using “somewhat homomorphic” MPC calculations on Shamir Secret Shares of individual private inputs. MPC algorithms on their own do not have any guarantees about the validity of the inputs of each party.
In the context of a dark pool, MPC can be used to match traders’ orders anonymously without revealing their orders in-the-clear. This provides full dark pool functionality, with no trusted dark pool operator. However, to ensure consistency of balances and orders with respect to on-chain state, MPC is combined with zero-knowledge proofs in the MPC-ZKP Architecture.
Zero Knowledge Proofs
Zero-knowledge proofs (ZKPs) are used in cryptography to enable one party to prove to another party that a particular statement is true, without revealing any additional information beyond the statement’s truthfulness.
This is accomplished by breaking down the proof into a series of steps, where each step only reveals a small amount of information. The receiving party can then use these steps to verify the truthfulness of the statement, without ever learning any additional information.
Zero knowledge proofs are used in Renegade to maintain full wallet privacy and state consistency while protecting against double-spend attacks. Wallet addresses are never revealed in plaintext, but only wallet commitments or a hash of a wallet combined with some randomness are posted on-chain.
When a trader wants to perform an operation on their wallet, they must send three pieces of information to the smart contract: the commitment to the new wallet, two “nullifiers” of their old wallet, and a zero-knowledge proof. The zero-knowledge proof ensures that the commitments and nullifiers are properly computed, the old commitment exists somewhere in the global Merkle tree, and that the changes from the old to new wallet are valid.
Renegade consists of a peer-to-peer gossip network of independent relayers that perform MPC computations with each other as new orders enter the system.
Collaborative SNARKs are used to ensure the validity of input data and to solve the atomic settlement problem. By wrapping zero-knowledge proof generation inside an MPC algorithm, collaborative SNARKs allow for relayers to collaboratively prove a particular NP statement, VALID MATCH MPC, which essentially claims that given the publicly-known commitments to order information and a public commitment to a matches tuple, both traders do indeed know valid input orders.
Thus, Renegade’s MPC-ZKP architecture enables full anonymity, privacy, and security for its users.
There’s a few routes that Renegade could take in terms of product market fit when they get to production level code. A bearish scenario might involve the protocol being used in a similar way to TornadoCash to obfuscate the transfer of questionable funds by hackers. A more optimistic scenario is that the darkpool infrastructure offers enough core benefits to everyday users that it becomes a viable alternative to Uniswap.
Perhaps in the future there could even be a trading platform that uses tokenized future products and something like Renegades DEX on the backend to provide a seamless user experience similar to a centralized exchange but with many benefits in the underlying tech.
- Censorship resistant
- MEV resistant
- Copy trading resistant
- Private transactions
There is definitely potential here and I think that due to the regulatory uncertainty it’s something that Uniswap can’t build so there is potential for another team to come up with a viable and compelling product.
I’ll be following Renegades progress closely to see if they are able to capture this opportunity.