Sapling Integration in Tezos AMA - Nomadic Labs

Sapling Integration AMA : 26th March, 7-8PM (GMT+1)

7 Likes

What would be the first features provided by the sapling integration?

7 Likes

Z-cash made a “Multi-party Computation Ceremony”. Will such a “Ceremony” also take place for the Tezos implementation?

3 Likes

The main feature is the ability to process privacy-preserving transactions in a smart contract. It’s a simple building block that allows to write a privacy-preserving version of a FA1.2 like contract. You can mint, burn and transfer tokens managed by the contract but the amount, source and destination of the transactions is unknown.

8 Likes

No it will not. The same setup than ZCash is going to be used. We are stronly confident in the setup security.

3 Likes

Any update on the status of your work? I see that sapling-integration branch is very active.

3 Likes

As @Danny_Willems said it won’t be necessary for the sapling integration. However the multi-asset shielded pool that we are working on will eventually require another trusted setup.

3 Likes

To use “shielded” tez, there is an initial tx needed (to wrap the normal XTZ into shielded tez) if i understood the concept correct. What’s the idea to also “shield” this initial tx?

Or doesn’t this matter?

2 Likes

Yes, it was very active up to now. This week we have submitted a MR to the current protocol development repository, which is hosted by Cryptium Labs this time. It is a rather large piece of code so the review is done by a team of 5 devs and it will take a while. Now we are focusing on adding more tests and documentation. Once that’s done we planning to write a small service to inject transactions through Tor.

13 Likes

The so called shield (and unshield) operations do not provide anonymity.
The anonymity comes from breaking the link between shielded inputs and outputs.
Therefore this cannot work when the inputs (shield) or outputs (unshield) are transparent, even if they produce shielded outputs (shield)/ inputs (unshield).
Of course a shield operation is necessary to produce a first shielded input to then create a shielded transaction with shielded inputs and ouputs.

8 Likes

Well, this is very interesting! Can you tell us something more?

4 Likes

What’s the latest regarding shielded voting?

2 Likes

How would a transfer of shielded tez look like? Will there be a new address format?

Whenever you interact with a smart contract, even if the transactions that you send are not linkable to an identity, you still need to pay the fees of the contract with a normal tz{1,2,3} address. One way to work around that is to set up an injection service that will send the transaction on your behalf in exchange for a small fee that you can add inside the shielded transaction (so that the service doesn’t learn your tz address).
The service can still learn your IP address, that sometime is even more sensitive than your tz address, so to solve that you can provide the service as a hidden Tor service.
We are planning to build this as simple website to inject the transaction that can be reached through tor.

We are not planning to run the service ourselves but just to provide the tech.

7 Likes

@tezz you can also find more information on this blog post: https://blog.nomadic-labs.com/sapling-integration-in-tezos-tech-preview.html#privacy-considerations

3 Likes

what would be an ideal use case for a shielded pool?

We are currently discussing with an INRIA team behind the development of Belenios voting system (http://www.belenios.org/).
We are investigating something in the same spirit since it is relatively lightweight in terms of cryptography (no zk-SNARK or other heavy tools), and provides good anonymity as well as protection agaisnt vote buying.
However there are still many open questions, this is in a very early stage and is subject to changes.
Any inputs from the community are welcomed.

6 Likes

There won’t necessarily be a shielded tez, any contract can use the new Sapling opcode to create a shielded token. Maybe someboby will provide a contract with a 1 to 1 exchange ratio to the tez.

As for the what it looks like, we have integrated the interaction with a contract inside the tezos-client. It is very easy to adapt our code for different contracts so that for end users it will look very similar to a normal transfer. The only difference is that you have to also specify the address of the contract. And yes there will be a new format for Sapling addresses.

You can have a look at what a full round of shield->transfer->unshield looks like at the end of the doc page, section Sandbox tutorial: https://gitlab.com/cryptiumlabs/tezos/-/blob/sapling-integration/docs/developer/sapling.rst

6 Likes

To us the most interesting case is doing the same as a FA1.2 (or an ERC20) but with a strong privacy guarantee. This is a game changer for many companies that currently cannot use Tezos, or most other blockchains, to offer a financial service and at the same time comply with the law.
Even where the law is not a problem, companies are not very keen in sharing with the world their financial operations.

So we hope that with the integration of Sapling we’ll open the door to many companies that have applications in mind but can’t really deploy them today because of privacy reasons.

On top of that it will provide privacy-preserving transactions for Tezos’ individual users to preserve their financial privacy. That was the main drive of the ZCash project that developed Sapling in the first place.

6 Likes

thats a broad statement, like with this, many things are possible but nothing identified specific as a beachhead market to drive adoption :frowning: