[confidential-extension/appplication] A private escrow protocol with confidential extension

[samkim-crypto]

Suppose Alice holds tokens A in a confidential extension (CE) and Bob holds tokens B also in a CE. The two parties wish to swap the two assets using an escrow.

With the token-2022 abstractions that we have, this could be done similarly to a regular (non-confidential) escrow.

1. Alice creates an escrow account and initializes it with an encryption (under Bob's public key) of the expected number of B tokens that she expects from Bob.
2. Alice creates a temporary CE account (encryption pubkey set to Bob's), transfers her A tokens to this account, and then changes the owner to the escrow PDA
3. Bob decrypts the expected amount in the escrow account and Alice's temporary CE account and makes sure that this is the number that he expects from the swap.
4. Bob creates a tempoary CE account, transfers his B tokens to this account, and then changes the owner to the escrow PDA account. In addition, it submits a zkp certifying that this amount is equivalent to the amount specified in the escrow account.
5. If the zkp checks out, the escrow account initiates the transfers: A tokens to Bob's account and B tokens to Alice's account.

Currently, applications like this cannot be built for two reasons:

• The zkps that are needed for these type of applications (like in step 4 above) already exists in the zk-token-sdk, but they are grouped under token specific instructions like VerifyTransfer or VerifyWithdraw. Exposing these individual zkps in the zk-token-sdk like EqualityProof, ValidityProof, and RangeProof as separate instructions in the zk token verification program would allow people to incorporate these instructions to build custom applications like an escrow.
• A PDA does not have access to an ElGamal private key to generate a zkp needed in a confidential transfer. Therefore, step 5 above is not possible as a PDA cannot initiate a CPI call by itself.

A separate issue will be created to address the two points above.