Findora at the Zero Knowledge Podcast

October 2, 2020 inEventsby Findora

Findora CTO Ben Fisch and Head of Research Benedikt Bünz recently returned to the Zero Knowledge Podcast, hosted by Anna Rose and Fredrik Harrysson, to talk about Findora and the underlying technology empowering the system. To start off the podcast, Ben and Benedikt spoke about some of their recent focus in research and at Findora.


Ben and Benedikt are both a part of Dan Boneh’s Ph.D. research group at Stanford. They mention that it’s a great environment for researching many areas of cryptography. Many interesting topics are being worked on within the group, ranging from zero-knowledge systems and authenticated data structures to post-quantum signatures to adversarial machine learning.

Benedikt has been working on new cryptography tools. Most notably, he’s been researching two new zero-knowledge proof systems. The first one is called Supersonic. Supersonic is similar to Bulletproofs, one of Benedikt’s earlier inventions, in that it doesn’t rely on a trusted setup and has reasonably small proof sizes. However, similar to a SNARK, Supersonic is very fast to verify. The second system is called Halo, a proof system invented by Sean Bowe and others of the Electric Coin Company. Benedikt has been working alongside UC Berkeley Ph.D. students Pratyush Mishra and Nick Spooner, and Professor Alessandro Chiesa on formalizing and improving Halo. With Halo, you can make recursive proof composition very practical. What this means is that you can efficiently prove another proof is correct, and then prove that proof is correct again, basically like a proof aggregator. For example, this allows you to prove the state of a blockchain is correct with a single proof. In other words, a user only needs to check one small proof rather than the entire blockchain to verify it’s correctness.

Benedikt added: “One of the great things about the academic community, especially in cryptography, is how we so rapidly evolve our ideas and share them with each other. Right away people will start experimenting and building with them. This allows us to isolate issues that may have seemed tiny during research, but in practice turned out to be a big deal. This then often leads to an entirely new wave of innovation to solve the issues at hand and create new implementations based on that. What you end up with is a giant positive feedback loop, and that’s a big part of what’s been driving these massive technological improvements within cryptography, and especially zero-knowledge proofs.”

As CTO at Findora, Ben has a leading role in the engineering team at Findora, which currently stands at 15 engineers and growing. Ben has also been putting a lot of effort into launching the testnet for Findora’s partners. The testnet is launching in August and provides partners with an early version of Findora to start testing some of its capabilities. Ben has also been continuing his research into zero-knowledge proofs and authenticated data structures. In the summer of 2019, Ben released a paper on Supersonic, alongside Benedikt and others, which is a major development in trustless zero-knowledge proofs. Since then, Ben has done work on improving Supersonic even further. In addition, Ben has been working on other improvements to polynomial commitment schemes, which is a major tool that underlies many of the modern ZKP and verifiable computation systems.

Ben said: “Many of the ZKP systems you might have heard of, say, Marlin, Sonic, PLONK, STARKS, etc., can be separated into two components. There’s an information-theoretic component, that forms the backbone of the system, and then a polynomial commitment scheme with which the information-theoretic component is compiled. In the DARK paper, we tried to make this modularity between those two components clear. For example, combining the information-theoretical component of PLONK with the DARK polynomial commitment scheme gives rise to Supersonic.

Findora’s beginnings

Following the introductions, the focus shifted over to Findora. Ben was asked about how Findora began. Ben explained that during the summer of 2018, he met with co-founders Lily Chao, who would turn out to be the initial seed investor, and John Powers, who was the former CEO of the Stanford endowment fund. Shortly after meeting with them, they brought on Benedikt and Charles Lu. Charles was a Ph.D. student in Dan’s group but left to take the role of CEO at Findora. Ben believes that bringing together people with diverse experience and knowledge is at the heart of successful projects.

Benedikt remarked: “The initial momentum behind founding Findora was really the decades of experience in finance between Lily and John, who knew first hand many of the current pain-points in finance. Tools like blockchain and zero-knowledge proofs had true potential to solve many of the issues they had faced during their careers. They decided to combine their knowledge of finance with our expertise in cryptography to build a platform that solves real-world problems, and that is still the driving motivation behind Findora.”

Ben went on to give some more information about the current state of Findora: “We currently have a technology development company and the Findora Foundation. The development company is building a multi-purpose transactional system that has many similarities to a blockchain, but with a focus on privacy. We can call it a blockchain-based system. Multi-purpose means that it can be used for issuing assets of any nature, including cryptocurrency. It can work with any consensus algorithm, or without any consensus.

A bank could replace its current infrastructure with Findora, thereby gaining much privacy and efficiency. Findora can also be used as the backbone for a decentralized network similar to Ethereum, but with built-in privacy guarantees at the base layer. The focus of the Findora Foundation is to provide such a public service that can run on a decentralized consensus algorithm. To summarize, Findora allows for the same properties of public accessibility and auditability of other blockchains, yet also retains privacy to the greatest extent.”

Benedikt added: “Beyond the modularity and confidentiality features of Findora, what really differentiates Findora is the ability to enforce custom rules and really combine privacy and compliance. For example, you can have a confidential asset on Findora, where the issuer attached a policy that the asset can only be transferred between EU citizens. The ledger can enforce these types of rules without having to even reveal what the rule exactly is, much less that the parties involved in the transaction are EU citizens. Users can still verify the rule is being followed correctly, even though everything about the transaction is confidential. So, in Findora, companies can easily follow regulations laid out in their jurisdiction without having to compromise on privacy.”

Using Discret, a domain-specific language developed for Findora, users can write policies and set up smart contracts that are built for predictability and static analysis. It’s not as comprehensive as Solidity, instead Discret primarily focuses on covering the functionality needed for financial applications. One of the design goals of Discret is to incorporate zero-knowledge proofs, as it is the foundation for most of the privacy and compliance guarantees in Findora. To do this policies are directly compiled to circuits, which, in combination with the zero-knowledge compilers, creates the confidential policies and smart-contracts. Simply put, you start out with the Discret language, which compiles into circuits, which compiles into the zero-knowledge proof system, which can then be verified by the public.

Comparing Findora with other projects

The question came up if Findora is similar to any existing projects. Ben explained that there are a number of projects built on top of Ethereum that utilize zero-knowledge proofs, but they are limited to the Ethereum virtual machine. Findora was built as a stand-alone system in order to have better performance than any protocol built on top of Ethereum can achieve. As mentioned earlier, another factor was the modularity necessary to support many use cases, ranging from banking services to decentralized blockchains and cryptocurrencies.

Findora can also easily be interoperable because of modularity. For instance, by plugging in a consensus protocol like Tendermint, you can create a network of blockchains similar to Cosmos. We could also create a version that is interoperable with Polkadot or Ethereum. In the end, interoperability comes from systems speaking the same language. Findora is in principle compatible with all these languages, so it just comes down to putting in the effort of hooking the systems together.

Benedikt expanded on the comparison to the Ethereum smart contracts: “Sometimes we get asked, ‘why didn’t you build Findora as an Ethereum smart contract?’. Part of it is that there’s been a lot of work into making zero-knowledge proofs more performant. But in order to handle real-world systems, we need to squeeze out all the optimizations we can. We need to handle many transactions and retain flexibility in our system. It’s a lot more feasible to do this as a base layer protocol instead of trying to work within the constraints of the EVM.”

Zero-knowledge proofs in Findora

Earlier in the podcast Bulletproofs and Supersonic briefly came up, Benedikt took this opportunity to tell the listeners a bit more about how these types of tools are used in Findora:

“What we are aiming to achieve in Findora is a balance between privacy and transparency. Zero-knowledge proofs are one of the key tools we use for this. Systems like Bitcoin have all the inputs and outputs to transactions transparently published on-chain. Similarly, in Ethereum, all the inputs to a smart contract are in plain sight for everyone to see. In Findora, we can hide everything, the sender, receiver, transaction details, and contract data, inside zero-knowledge proofs. We use different tools for different kinds of transactions.

For simple transactions, such as basic confidential asset transfers, we use Bulletproofs. If things become more complex, then verifying a Bulletproof will be too expensive. For high complexity transactions, we need something that is like a SNARK, meaning it remains easy to verify, even with a highly complex statement. This is where Supersonic shines. It remains easy to verify, even when proving complicated statements, like specific rules added to assets through Discret. And like Bulletproofs it doesn’t need a trusted setup to function.”

Ben added: “We also use other tools that can be used for special cases, and they are specifically tailored to be as efficient as possible for those use cases. So these are not just generic proof systems like Supersonic, Bulletproofs, or STARKS, etc. Instead, we develop tools that outperform the state of the art generic systems, but have a more limited scope of applicability.”

Highlights and upcoming developments in Findora

To wrap things up, Ben was asked about some of the milestones and upcoming releases in Findora. Ben answered:

“A couple of major milestones from the past year was the release of our Supersonic system, which will soon be open-sourced. We closed our first round of funding led by Polychain Capital in December of 2019. In June 2020, we announced our partnership with Tencent Cloud to offer a cloud product that will allow services to operate without requiring direct access to customer data.

Upcoming in August is our first testnet. This will run on a Tendermint consensus algorithm and support many of the basic functionality needed for confidential asset issuance and transfers. We’re excited to have our partners and developers look at that and play around with it. We’re also really ramping up on our hiring. Anyone who is interested should take a look at our open roles at