A Proposal for Shielded Assets (ZSA/UDA) for DeFi on Zcash

Hey @GGuy, I just saw this discussion and it is great.

We have not yet fleshed out all the challenges associated with a 2-step issuance, but we are also considering a 1-step issuance (currently the preferred option).

Essentially we are thinking about

  • issuance through an “output-only” note using the sapling or orchard structures, while ensuring that the encryption keys are always some 0 vector, known to all, or the viewing keys are provided (tbd what is more efficient / robust / easier to implement)
  • burning mechanism through a “spend-only” note in a similar fashion as the issuance. This would be very elegant in my opinion, but there is also the simpler version of just sending the tokens through a usual transfer to a pre-determined burn address that no one has the keys for.

In general I tend to agree with your pros/cons list, except that

  1. Even if a two-step issuance is more complicated to implement, it may allow for more flexibility in the future in terms of extending the issuance functionality (i.e.: describing issuance schedules, auctions, etc…), so we are also evaluating the extensibility
  2. Even if two-step issuance requires more consensus rules (i.e.: two transaction structures and the second one must match the first, etc…), the two-step would probably provide a more “secure” issuance mechanism as the first transaction would essentially register the tokens, sort of committing to them. In this respect, I am not sure what you mean by

Why would a two-step issuance imply easier leakage?

  1. I actually believe that the two-step issuance may be easier to track for explorers / wallets, as there is even more information that can be provided (e.g.: amount of assets in circulation vs the amount of assets to be put in circulation)

Regarding the ZSA addresses, we were also playing with the idea, and though it is in principle out of scope for the project, it is one of the use-cases that I am personally most excited about.
Having “contract-like” addresses in Zcash would not only enable DAO-like structures for funds to be controlled by some specific trigger or other, but also things like non-interactive atomic-swaps, fund locking mechanisms for DeFi, as liquidity providers / custodian addresses.

And regarding this

In fact, the first step issuance may be used to enable the ZSA-address to issue tokens as a DAO structure, whereas the one-step issuance may not.

8 Likes