Privacy in Tezos: are zk-SNARKS there yet?
In 2019, Tezos' core developers discussed including zk-SNARKS, a solution for fully anonymous transactions, in the protocol. A third party does not see the sender and recipient addresses or the transaction volume.
How does zk-SNARKS work? Why do transactions need to be private? How to send tez to Tezos anonymously? Keep reading, and we’ll explain it all.
How zk-SNARKS work
Zk-SNARKS is short for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge,” or, in simple terms, zero proof of knowledge.
These proofs allow one party to prove the truth of an event to another without disclosing information about the event itself. For example, Alice can prove to Bob that she has solved Sudoku without revealing the solution itself.
In the Zcash blockchain, whose developers implemented zk-SNARKS, the sender proves the following:
- they own a private key and control the address;
- they own tokens that they can send;
- the shielded transaction is signed so that only the sender can change it.
With this proof, validators can ensure that the transaction, whose contents they know nothing about, is valid and can be included in the blockchain.
Two keys are needed to work with zk-SNARKS: one to send confidential transactions and one to view them. A viewing key could, for example, be used to show transaction histories to auditors without revealing them to other users.
The Zcash transaction model is similar to Bitcoin. Tokens exist in the form of commitments, similar in principle to Bitcoin’s unused transaction output (UTXO). When a user sends such a commitment to another address, the user immediately sends a so-called nullifier to all nodes, which makes the sent commitment used.
Why we need transaction privacy
Public blockchains are pseudo-anonymous. Wallet owners are hidden behind addresses, but they cannot obtain cryptocurrency legally and anonymously at once. This requires a fiat gateway like an exchange, which will ask for personal information or store a bank card number. From this information, interested parties can determine the identity of the wallet’s owner.
Also, not all users like the fact that the history of their blockchain transactions is open. For example, anyone could find out how much an NFT artist has earned or keep track of whale transactions, as @whale_alert does.
In addition, privacy could be helpful in other tasks, such as anonymous voting in DAOs, investing in liquidity pools, or buying NFTs.
Are there private transactions on Tezos
Yes, there are, although they are not called zk-SNARKS but Sapling. Sapling is an update to the Zcash protocol with an improved version of zk-SNARKS: faster and with new types of hidden addresses. However, Sapling refers to the same zero proof of knowledge.
The Nomadic Labs team announced the integration of Sapling into the Tezos protocol back in 2019. Commitment creation is handled by smart contracts that keep the balance of commitments and nulls. The user sends tez to the smart contract, which turns them into commitments (hides) and returns the commitments to the user’s separate sapling address. Commitment transactions are hidden, and with some precautions, the sapling address cannot be associated with the user’s primary address.
Tezos’ Gitlab has a small tutorial on deploying a sapling contract, generating spending and viewing keys, hiding tez, sending a private transaction, and turning the received hidden tokens back into tez. This can be done in the Tezos Client.
On November 3 this year, the AirGap wallet team published a post saying they would not be adding support for Sapling transactions for Mainnet for now due to a discovered vulnerability in the protocol. But on the Ghostnet network, it’s already possible to send tez anonymously via AirGap. Everything is as it should be: creating a separate sapling address, hiding and revealing the tez via a smart contract.
Subscribe and never miss updates from the world of Tezos: