On Namada-Zcash alliance: shielded airdrop to Zcash holders

Dear Zcashers,

We at Heliax, team working on Anoma and Namada, are investigating how to execute a shielded airdrop of NAM (native token of the Namada chain) to ZEC holders. We are developing airdrop tooling for users holding assets on the Sapling chain value pool, and investigating the legal requirements for including Orchard pool as well. We aim to design a process that requires a low-effort UX from the ZEC holder side.

The Sapling protocol is the original basis of our Multi Asset Shielded Pool (MASP) design, and as a result of this the two protocols are quite compatible. A Sapling note and a MASP note differ only in the presence of a note type in the latter. The presence of types in MASP notes allows for a burn-and-mint like process, in which notes type can be effectively changed. This conversion is carried on by the convert circuit, which operates as a generalization of the balance check done in the Sapling protocol. The convert circuit can take a Sapling note value commitment as input, and be used to transform a Sapling note into a MASP note.

The process flow of the airdrop would be:

1. ZEC holders would input in the Namada airdop tool information about their ZEC holdings.
2. The airdop tool would help the ZEC holder craft a transaction that has a Sapling spend description and a MASP output description (which involves generating Namada keys).
3. This transaction would be submitted to and validated by the Namada chain (or some offchain host process which would aggregate and later submit to the chain).
4. Users would receive they NAM reward in their new Namada wallet.

We would like to discuss with the Zcash community about how to go about step 1 above. The effort from the Zcash user point of view can increase on a spectrum:

• ZEC holders input their Incoming Viewing Key and nullifier deriving key nk. From that, the airdrop tool can perform a blockchain scan (as described in the ZCash specs on 4.21) to obtain all the unspent notes that have the relevant address as recipient.
• ZEC holders input their Full Viewing Key and the transaction description that they know has them as recipient. The airdrop tool would then decrypt according to zcash specs 4.19.3.
• ZEC holders input all the information needed to create an Spend Description about a note they are in possession “by hand”.

The first approach is more user-friendly for the Zcash users, but requires an expensive blockchain scan. The second approach is more heavy on the UX, but more efficient. The third approach is the most expensive for the Zcash UX, and we could use for a proof of concept prototype, but do not envision for a product.

Given the current Zcash wallet ecosystem, which approach makes more sense to you?

Best wishes,
Carlo Modica
Anoma/Namada/Heliax

Which ever method is selected, @ZecHub can make a tutorial video to help educate! I’m thinking option 2 might work, but I’ll let the more technical users chime in

id say de one wifout needing to sync.
but im not sure i understand exactly. i hope de airdrop tool wud haf gud security and no bugs or information leakin in dat case?

I got here from Twitter, I’m been following Zcash for a while. And not only that, this becomes a semi-long-semi-rant. Summary: can you even conceive of saying that in English.

This seems like a request for “usable security” ideas. I think usable security is one of the most important and most difficult issues these days.

On the question of a shielded airdrop UX: my first thought is, if you can describe the problem in English (for instance), you are making progress towards a usable UI. For instance, that would mean making sense of the word “airdrop” in the title. It seems key to the whole goal, and I don’t even know what an airdrop is (I mean you can’t literally mean the f’ing Apple wifi-file-copy thing, not literally). The same goes for every fifth word in the text that follows: Sapling, multi asset shielded pool, note, note type, burn-and-mint, convert circuit, balance check, note value commitment, Namada (sorry, but clueless), spend description, nullifier deriving key, blockchain scan, unspent notes.

I’m a techie, I know this is a conversation between techies. I also know that this particular tech is building a new reality from first principles by sheer mind-power and revolutionary zeal. Despite the joke, I mean: I don’t mean to be glib or to handwave.

If this is a UI to be used only by, e.g., people on this forum, then it’s just a matter of discussing among yourselves and coming up with something you all could do with the fewest clicks and swipes, followed by eventually trying to explain it to the users.

But if you’re thinking of (let’s not mince words) humans, imagine describing just the goal here to a human. How many ideas would you have to get the poor shmuck up to speed on before you even had a chance of saying what this new capability is? And then, what confidence would you have in the user’s problem-free use of the thing?

So what I mean is, no really: if you force yourself through the thought experiment of explaining the OP above to a human, you might get clues about how to start thinking about a decent UI to transactions like this. The top paragraph says “We aim to design a process that requires a low-effort UX from the ZEC holder side,” but the goal isn’t just low-effort, nor just for a total techie, is it? One would kinda like the user to have a clue what they’re committing to with whom, and maybe even why and to what extent to trust the process that ensues. (E.g., how are you going to compete with the E-corp/Treasury Department ripoff that makes E-drop sound equivalent, or worse yet, even easier?)

Better still would be conducting design discussions in human terms. (As in, think a technical thought, then pause and do the translation in your head and see how many words and grammar constructs you have to use.) Spelling out the final implications or meanings. When talking about the individual technical details and tradeoffs. Because it’s instructive how continuously perspective (or awareness of the tunnel depth you’re at) can drift away.

There was something called a “home computer revolution” circa 1974 through 1984, Also an overlapping internet revolution slightly later. Boy those days were… but wait. In both cases the techies intended humanity to be liberated, and in both cases, the public rode the supposed liberation bus in a not quite liberating direction. For some reason they didn’t quite follow the thinking or aspirations of the techies who were trying to liberate them and got off at the wrong stops. I don’t mean the techie-idealists’ ideals were ideal. I mean that the central liberating thing that didn’t happen was people understanding the power of the things, so they took the things but not the power into their own hands. The techies, in retrospect, assumed the power would be obvious to the people.

regards, nonspec

Zancas? Is that you??

It seems odd to me that you don’t require proof of ownership.

Some people have publicly disclosed their viewing key (ex: ZecPages). They will lose their airdrop if someone front-runs them.

that was the techiest way to say “keep it simple”

brilliant

Been holding since Genesis. My zcash is held on trezor. Im not seeing myself transferring all I own to a hot wallet to claim an airdrop.

Hi, thank you for your feedback. This airdrop targets a specific demographic, which is zcash holders that hold their asset in a shielded pool. The airdrop is a protocol that rewards them with Namada tokens, if they have interest in claiming them. We do not assume those people have technical capabilities, but we can assume they are familiar with what zcash is used for, and that they value privacy. And for this we think they would be interested in Namada. I think people belonging to this demographic have different needs, and we have the capabilities to accommodate most of them: we can collaborate with wallets so their users can claim the airdrop with a click and swipe; we can set up a more involved CLI for those who want claim their airdrop reward by themselves, the underling reasoning being that if you want to do things yourself, you have to put more effort into it.
This is a conversation between techies which ambition is to bridge communities.

You are correct, we do need proof of ownership. I have not included that in the topic as there is as much room to decide on how to do implement that

You have described the problem very well. This is one of the problems why it is difficult for the Zcash community to reach the masses and most normal people (not techies) need translators like ambassadors. For example, I closely monitor any topic in Zcash and prioritize the task of describing it in an accessible way. I assure you that when the time comes, a number of “translators from English to English”, as well as into other languages of the world, will make a detailed step-by-step guide.

Proof of ownership is (proof of) possession of the spend authority key. This would be required to create a nullifier. And you will need more than just an incoming viewing key to see the proper balance.

Would it make sense to postpone the air drop until after ZSAs have been deployed to mainnet? That token infrastructure would lend itself to orderly book keeping about which ZEC have claimed their Namada tokens or not.

How will this airdrop be defended against shielded ZEC double-triple-etc demonstration of coins? It seems that an exact snapshot of the ZEC in circulation/ at address XYZ would be necessary because otherwise, savvy ZEC owners will figure out a way to game the airdrop tool (similar to how the CyberPunk NFT airdrop was gamed by a handful of folks).

Is there any thinking around doing this via a central/ trusted point of contact with the Heliax team? (totally bypassing the technical efforts being brainstormed today, in favor of an old school solution)

do I need to do anything to get airdrop namada if I keep zec in trust wallet​:pray:t2:

IMO, you should have mentioned that you were working on it because having so many details about other small stuff and missing such a critical point hurts your credibility…

Anyway, please bear in mind that some users (like me) will be uncomfortable if they have to enter their seed phrase or secret key in a third party tool in order to redeem an airdrop.

@Autotunafish fyi, the nullifier is not a proof of ownership. It can be obtained using the full viewing key.

option 1 is the easiest for users i think

Why not circumvent all proof-of-ownership hoops & just-in-time sybil risks by gating the initial Namada shielded pool farming to bridged ZEC exclusively.
It’d be analogous to a gradual rollout, offering a high reward to people willing to participate in this initially risky (because new) endeavour.

Namada would get:

• UX feedback from fervent privacy supporters
• isolated capital risk in case something unexpected occurs
• potentially very sticky users
• TVL/shielded pool size bootstrap

ZCash would get:

• accelerated bridge development
• initially preferential farm rates (assuming same emissions), better APR
• better support as there are fewer users for the duration of thr gated period (probably)

Hi!

Is there another technical option here where a Zcash wallet exports a bundle of all of it’s unspent notes to the Airdrop Tool, plus perhaps a proof of control-of-spendkey? (Note: I’m not sure this is possible cryptographically yet.)

My thinking with this approach is two-fold:

• If the airdrop tool is compromised, the static set of notes (and a potential proof bound to only that set) would not reveal past or future history (so it would limit privacy impact).
• Zcash shielded wallets already have to have that information, so it may be less overall effort to define this export format (and potential proof) rather than for the airdrop tool to reimplement the scanning logic.

Fun project. Thanks for offering this to Zcashers!

I like this idea.

Why not both?

Haven’t seen any mention of this, but are US-based persons not eligible for this airdrop?