Shielded transactions on Ethereum layer 1 now a reality

The Railgun project ( just did a soft launch release of their application, it allows you to make fully shielded transactions on Ethereum. There is still a fair bit of testing to do so be careful. I have used it myself with no issues so far and its really cool… This could be game changer for DeFi. We now have the ability to shield ANY ERC-20 token on layer 1. Unlike competitors such as Tornado Cash that have high gas fees and require the user to deposit in set amounts, Railgun is cheaper and allows users to shield any amount of coin they would like.

They will be integrating with Matcha in the coming months, and have much more planned. Here is their current roadmap:

You can play around with the app here:


It does not appear to be legit IMHO. There are other more legitimate projects out there.

Check out what Aztec Network are doing

1 Like

It’s legit I wouldn’t have posted some shit coin here. DYOR.

Their Chief Scientist just did an interview. Was quite interesting.

Interesting, does this use zcash tech?

Is there a trusted setup needed?

1 Like

Yes they are using Powers of Tau set up. I participated in it.

Another update was just posted to their telegram:

“The launch of RAILGUN 1.0,

with a full DEX aggregator trading system, which will be usable via the wallet, will take place during CONSENSUS 2022, June 9th.

Some contributors and community spokesmen from the RAILGUN DAO will be in Texas at Consensus to demonstrate the new functionality and celebrate the launch.”

1 Like

I’m glad you don’t think it will cause ethereum to be a competitor to zcash (you mentioned that on the other thread).

Maybe it helps that they aren’t using Orchard yet.

I’m just worried if people can get zcash’s superior privacy on ethereum, they won’t feel drawn to zcash itself or ZSAs if there is shielded zcash on ethereum.

do you know anything about starkware? I just found out that ECC helped fund them and they are working on zk-starks.

I read that dydx is already using starkware, does this mean that all the trades on there are private?

Yes dYdX is using zk starks but not for privacy…more for scalability/efficiency. I believe everything you do there is public…

“StarkWare zkSTARKS technology is a form of ZK-Rollup technology that significantly increases dYdX’s trade settlement capacity, while still basing its security on the underlying Ethereum blockchain. It combines STARK proofs for data integrity with on-chain data availability to ensure a fully non-custodial protocol. Trades are settled on a Layer 2 system, which publishes Zero-Knowledge Proofs periodically to an Ethereum smart contract in order to prove that state transitions within Layer 2 are valid.”

1 Like

thanks for explaining! Do you know if the zcash developers have ever discussed use of zk-starks or why they chose zk-snarks over it? I’ve been looking for info on it and came across a small thread or two on starkware when it was initially funded by ECC, but not much info since

Afaik Starks didn’t exist when Zcash was conceived, so practically speaking snarks were the only option

1 Like

That makes a lot of sense (and it is still groundbreaking tech).

It just seems zk-starks have made a lot of bounds in development recently, and ECC helped fund starkware, so I am wondering what their relationship is currently and what their plans are together

are zk-starks from starkware a newer technology than zk-snarks? Do you know if there was a reason that we chose snarks over starks back in 2016?

It looks like now starkware has developed zk-starks that are more workable than 3 years ago?

They seem to be developing layer 2 solutions for ethereum. Are there talks about partnerships with the ECC, or what is the ECC’s and starkware’s working relationship after the ECC helped fund them?

@nullius @Voluntary @den @santacruz123 @Blazin8888

The principal problem with zk-STARKs is that their proof sizes are orders of magnitude larger than zk-SNARKs. That is a big problem on a blockchain, where scalability is already a major issue. Imagine if the Zcash mainnet with moderate use suddenly were to blow up to terabytes, and nodes needed large amounts of bandwidth simply to gossip txes and blocks!

L2 rollups on Ethereum amortize the cost of zk-STARKs across numerous transactions. That is, after all, the purpose of a rollup: A single transaction on L1 proves the validation of many transactions on L2.

In Zcash, each and every shielded transaction needs to pay that cost. zk-SNARKs have tiny proofs; and both proving and verifying are very CPU- and memory-efficient with Halo2.

An historical note: In 2013, the original Zerocoin proposal for Bitcoin needed impractically large proofs, albeit (IIRC) not as big as zk-STARKs. It used an earlier generation of RSA-based ZK proof technology—neither SNARKs nor STARKs. Zerocoin for Bitcoin was superceded by the Zerocash altcoin concept, with zk-SNARKs. Zerocash evolved into Zcash.

It goes to show how important proof sizes are in practice: zk-SNARKs were what made zero-knowledge privacy realistic for implementation and widespread usage.

So as for the present, and the immediate future. As technology advances, I do dream of someday seeing more practical usage of a proof system where both soundness and zero-knowledgeness reduce to the security of a hash.

1 Like