Introducing Zescrow

By |
zescrow-blog-banner-normal-transparent

In traditional, centralized settings, an escrow is a contractual mechanism where a trusted third party––the “agent”––holds funds or assets from party A (the sender) until predefined conditions are met, then releases them to party B (the recipient). A classic example is online marketplace escrows, where a neutral stakeholder holds money until both sides complete their obligations.

In a decentralized setting, a smart contract (code deployed on a blockchain) verifiably acts as the trusted third party, thereby minimizing trust assumptions. Funds are released after a timestamp or block-height (time-lock escrows), released after the fulfillment of some agreed-upon conditions (conditional escrows), or both.

Zescrow (short for zero-knowledge escrow) takes it one step further. It offers an escrow solution in which trust is minimized (like regular escrow smart contracts, eliminating the need for trusted agents), and zero-knowledge cryptography is leveraged to preserve the privacy of sensitive escrow conditions.

At its core is the RISC Zero zkVM, a virtual machine that allows us to prove the correct execution of escrow conditions. When an escrow is subject to cryptographic conditions, funds release only when the RISC Zero receipt (the zero-knowledge proof) is verified.

Goals

  1. Privacy-preserving: Reveal only necessary transaction details to counterparties, by leveraging zero-knowledge proofs (ZKPs).
  2. Chain-agnostic: Deploy same escrow logic via lightweight agents on different blockchains.
  3. Dispute minimization: Preemptively prove condition fulfillment via verifiable computation, reducing human disputes.

Core Features

  • Off-chain ZK proving/verification of conditions. Zescrow supports conditions like hash-locks (a preimage “witness” is provided as fulfillment), Ed25519 and Secp256k1 signatures over arbitrary messages, and threshold conditions, all proven and verified inside the RISC Zero zkVM.
  • Multichain agents. There are smart contracts or programs (called agents) deployed on various blockchains that implement the time-lock mechanisms for releasing and/or cancelling escrow transactions.
  • Off-chain conditions generator. Zescrow has a client that provides CLI commands for generating any of the supported conditions, in addition to the other commands for creating, finishing, and cancelling escrow transactions.

Key Terminology

  1. Zero‑knowledge proof (ZKP): A cryptographic protocol where the prover convinces the verifier a statement is true without revealing its details.
  2. zkVM: A zero-knowledge virtual machine (here, RISC Zero) that runs code deterministically and generates a proof of execution you can verify elsewhere.
  3. Receipt: A cryptographic blob/artifact emitted by the RISC Zero zkVM. It certifies that the code executed correctly, proving required conditions hold, without disclosing private data.
  4. Time‑lock escrow: Funds are locked until a specific UNIX timestamp or block height is reached.
  5. Conditional escrow: Funds release only when a cryptographic condition is met, e.g., revealing a secret preimage (hash‑locks), providing a Secp256k1/Ed25519 signature, or meeting some threshold criteria.

Architecture

zescrow-escrow-program-arch
Project Structure
  • agent/: chain-specific escrow programs/smart contracts
  • client/: the RISC Zero guest and host (our ZK execution environment), conditions generator, and mechanisms for executing on-chain agent actions
  • core/: main library that exposes types and functionality for the client, published as zescrow-core on crates.io
  • demos/: detailed guides for testing Zescrow end-to-end in local environments (e.g., Solana via the solana-test-validator, and Ethereum via Hardhat).
  • templates/: declarative JSON files for specifying escrow parameters/inputs, and optional cryptographic conditions
High‑Level Flow (Testing in Local Environments)

  1. Build & deploy the agent
    Compile your chain-specific escrow smart contract under /agent and deploy it on your target network (Solana, EVM, etc.).

  2. Set escrow parameters
    In /templates/escrow_params.json, define parties, assets, timeouts, and optional conditions.

  3. Specify (optional) cryptographic conditions
    If your escrow is subject to conditions, define these conditions in /templates/escrow_conditions.json. You may invoke an appropriate client command to help generate the file if you’re unsure what goes where.

  4. Create escrow
    Use the client‘s create command to initialize an escrow on‑chain, setting up an escrow account holding the funds.

  5. Finalize in zero‑knowledge
    Run the client‘s finish command to release the escrow to the intended beneficiary. If conditions were specified, the client will invoke the prover/verifier (RISC Zero zkVM) to generate and verify the receipt, before sending the transaction.

  6. Cancel or refund
    If conditions fail or the escrow is timed out, run the client‘s cancel command to refund the sender.

Future Work

There are many directions in which Zescrow can evolve. We’re exploring a few key ones:

  1. On‑chain receipt verification

Currently, the Zescrow client verifies RISC Zero receipts off‑chain, which still leaves some trust placed in off‑chain infrastructure. We plan to deploy on‑chain verifier smart contracts for RISC Zero receipts, using patterns provided by the RISC Zero team. This would allow blockchains to verify escrow conditions natively, eliminating off‑chain trust assumptions.

  1. Off‑chain event triggers via ZK attestations

We’re researching how to initiate escrows based on real-world events using confidential ZK attestations. For example, a confidential proof that an email‑signed invoice has been paid, or that a fiat transaction succeeded, could automatically trigger the escrow release. This bridges on‑chain logic with off‑chain reality in a privacy-preserving way.

  1. Advanced conditions and proof types

Next-generation escrow logic may include multi-party escrows where funds are released only when a quorum of parties agrees. We also want to enable the generation and verification of Groth16 proofs, since RISC Zero already provides support for that.

  1. Rollup and Layer‑2 integration

We aim to wrap Zescrow agents in ZK‑verifier-friendly formats deployable on Layer‑2 networks and rollups. By leveraging RISC Zero’s universal verifier model, escrows could be seamlessly deployed on rollups, with receipts verified on-chain for minimal cost and maximum interoperability.

  1. Formal verification and security audits

Finally, we want to formally verify our escrow agents, and provide a comprehensive third-party security audit of the codebase before deploying Zescrow in production environments. This effort will culminate in the release of v1.0 of the application.

Next Steps

You’re invited to take Zescrow for a test drive! Clone the repo, explore the core/ library and other modules, and run through the demos/. Your contributions are also welcome!

Scroll to Top