Ironically, we were just talking about this last month with the whole staked voting issues. In some side conversations, this was actually one approach I brought up for shielded staked voting, but the issue that was brought to my attention is that if folks count their own notes then there isn’t a mechanism to prevent someone from counting their notes more than once. So, the ZKP could be created, but in the context of Zcash there’d need to be an additional verification that notes were only used once.
I was directed to this post for one possible solution, but it seems like this would require a hard fork (and work/buyin from core devs): Publicly Verifiable Anonymous Voting
My high-level understanding of the proposal is: users would create a transaction per normal (ie shielded notes that they were authorized to spend) except there would basically be a flag on this transaction saying it’s officially a dryrun (ie to be verified as spendable but not really executing the transfer).
So, again I think that bigger topics like this would need to be resolved, fleshed out, and implemented before an airdrop related to shielded stakes could actually work.
I’m not trying to be contrary I just honestly don’t know. What does the community gain from having a bunch of old wallet, exchange, and hardware users transfer their ZCash to an orchard address (and maybe transfering the back)?
While I think it’s important to use the latest pool size as a metric in ZCash adoption and utilisation I think that metric is only useful as an indirect measure of UX, exchange adoption, hardware wallet adoption, etc. If latest pool adoption is low it might be a reflection something is wrong with the UX or ecosystem preventing them from using the latest pool. Thats when things like unified addresses happen and exchanges/hardware wallets get encouraged/funded to support the latest pools which makes a huge difference.
On the other hand this kind of initiative might be a great way to encourage and market ZSAs when they come out.
…the issue…is that if folks count their own notes then there isn’t a mechanism to prevent someone from counting their notes more than once.
Sure the problem is double-including a stake into different airdrop claims. It was initially suggested to let the entity running the airdrop to calculate stakes having viewing keys, implying solving this double-inclusion.
We have nullifiers already, so we might tweak it into a total amount spent while some period, in case the community would consider it fair enough and private.
Technically his would require proving that a specific nullifier was included into the only (just one, single) subset, airdrop-wide. Please let me remind polynomial set representation, as a part of an alternative Sudoku solution verification (from Naor playing cards).