Technical RFC: ZEC-NAM shielded airdrop mechanism

Hello Zcashers,

The Heliax team (developing Anoma & Namada) would like to reach out to you again for an update on the shielded airdrop, previously discussed here. In the time since that post, we have come up with a more detailed protocol design and a small demo to proof-of-concept the most important aspect of the airdrop transaction, and we would like to show it to you and collect feedback.

Both the protocol details and the demo can be found in this GitHub repo.

We would be enthusiastic about any technical feedback you wish to discuss with us concerning protocol correctness, privacy-preservation, and ease of integration into wallets etc. If you wish to discuss the airdrop program please reply to the former post - let’s keep this thread to technical details and discussions only.

Best wishes,
Carlo

21 Likes

This looks like a great solution for the Namada airdrop to Zcash holders.

I’m surprised nobody who has the technical knowledge has chimed in?

CC: @hanh @daira @nuttycom

3 Likes

I’m intending to review the protocol in detail next week.

Sorry, I’d answered on Twitter and didn’t see this thread.

4 Likes

Thank you for working so hard to support shielded airdrops

I think you could set a good example for other developers (and Zcash users) by working equally as hard to exclude any support for non shielded airdrops.

Specifically, I think any support of non shielded t address airdrops are a net harm to the community by enabling those that don’t support the core principle of Zcash. Privacy

until now there has been no hardware wallet support to keep ZEC in the shielded pool.
+there’s different reasons why someone holds their ZEC in the transparent pool at a certain point in time.

1 Like

I reviewed this today with @str4d and @nuttycom.

A brief summary: we have some concerns about the assumption of a private channel between the Zcash and Namada wallets to send \mathsf{rcv^{Sapling}}, and a suggestion that would remove reliance on that.

It should also be noted that the protocol relies on \mathsf{nsk} being private (or else it is not secure against a full viewing key holder). This would prevent it from being applied straightforwardly to Orchard which does not have \mathsf{nsk}.

I’ll clean up our notes and post them tomorrow on Monday.

8 Likes

Thanks - really looking forward to read your notes!

3 Likes

Sorry I got derailed from finishing this earlier!

8 Likes

Thank you (and @str4d and @nuttycom) for the comprehensive and clear feedback! :blush:

We will go through this internally and make sure we understand and address all the points (which may take a bit of time), then follow up again here.

4 Likes