Privacy Perps DEX thread. Tldr: *The only* viable solution uses ZK, encryption + central operator. Scales to 200M users, easily Subtext: I’m *the* expert on this shit (see Fine Print). ALPHA: at THE END >>

The liquidation of @JamesWynnReal on Hyperliquid led him, @cz_binance and others ask “wen privacy on perps DEX?” Do they mean it? NO. How do I know? (1) I’m *the* expert on this. (2) They didn’t reach out nor answered my DMs. But you're curious, so let's carry on. >>

@JamesWynnReal @cz_binance As *the* expert I’m telling you the only viable way for privacy perps DEX is Central operator and encryption (like bank/CEX). DEX differs from bank/CEX in that You Own Your Assets, DEX operator CANT take your $. >>

@JamesWynnReal @cz_binance Why can’t DEX operator take your $ ? ZK enforces integrity. We (StarkWare) built this for many a Perps (over $1.3T settled), starting with @dYdX v3. But so far all our Perps were transparent. With shielding, operator can drain your funds in a new way: >>

@JamesWynnReal @cz_binance @dYdX The problem: Operator gets to decide who to liquidate. You, trader Joe, can’t see who aint liquidated though should. This is a new problem, with transparent DEX you’ll notice and run for your life. >>

@JamesWynnReal @cz_binance @dYdX The attack: Operator creates one account per market and longs it to the max. If asset goes up – cash out. Goes down? No one sees, so don’t liquidate. Thus operator can drain the funds “legitamitely”. ZK can stop this. >>

@JamesWynnReal @cz_binance @dYdX How? Demand operator *ZK prove* that all bad accounts are liquidated, before any further trades are processed. This blocks the attack. Details >>

ZK *forces* the DEX operator to operate with integrity according to a published audited smart contract. The shielded DEX smart contract demands: “to update state, show (1) no accounts need liquidation, and (2) state is valid based on orders signed by users.” (2) is easy by now. We’ve processed over $1.3T in past 5 years using this. (1) is new and heavier. Let’s dig in. >>

@JamesWynnReal @cz_binance @dYdX To ZK prove all (encrypted) accounts are good the operator needs to calculate the weighted position of each and every account. Recall that the operator is the *only one* who gets to see *all* positions, so how do we prevent it from cheating, say, by skipping some accounts? >>

The state of accounts is committed by a cryptographic hash of *all* positions of *all* users (using a Merkle tree). So operator needs to go over all this data (tree) and for each user (1) compute the balance, (2) show the data comes from the Merkle tree. The heavy lifting is hasing (2). Computing the balance is comparatively negligble (10x less work). >>

@JamesWynnReal @cz_binance @dYdX Lets do the numbers: With N accounts and an average of K open positions per account, we’re looking at roughly (N x K) hashes. Hyperliquid has N~200K and K~5, giving ~1M hashes to be ZK proved. With our new ZK prover, this is ~ 1 sec on a 16-core machine. >>

@JamesWynnReal @cz_binance @dYdX Scale it up 1000x: N=200M users, K=5 positions on average, total of N x K = 1B hashes. This takes 1000 seconds (17 minutes) on 16-core machine. Or 1sec with 1,000 machines. A small price to pay for servicing 200M users. >>

@JamesWynnReal @cz_binance @dYdX Summary: Only viable Privacy Perps DEX uses encrypted data to centralized operator. Integrity by ZK. It can service 200+M users. Tech is battle tested. Sub-text: I’m *the* expert on this, DM. Alpha: Perps on Starknet: @tradeparadex , @extendedapp THE END.

@JamesWynnReal @cz_binance @dYdX @tradeparadex @extendedapp Fine Print: “I’m *the* expert” uses the “CEO singular” (cousin of “royal plural”): The real experts are @StarkWareLtd team and founders of ZK DEXes like @AntonioMJuliano (dYdX v3), @fiddybps1 (Paradex), @rf_extended (Extended) and others.