Key Insight from Nomadic Labs on zk-SNARKs and the Sapling Protocol

Since we’ve already laid out the background as to what zk-SNARKs and zero-knowledge cryptography detail, let’s take some time to examine a core developer at Nomadic Labs, Marc Beunardeau, and his insights into the new proposed protocol amendment coming soon to Tezos. As questions pertaining to privacy begin to arise, especially in terms of regulation and all the privacy coin delistings we’ve seen thus far, these questions and more, I decided to ask Marc in an interview.

*Below in bold are my questions for Marc, in quotation are his provided responses.

How is Tezos going to utilize zero-knowledge proofs (zk-SNARKs) within the protocol? Will this be implemented in a way where it is an optional feature such as adding an optional message attached to each transaction and adding additional zk proofs to each transaction?

Tezos will provide a new Michelson instruction that allows a smart contract to store and do transaction on a shielded blockchain behaving like sapling (last z-cash update), called shielded pool. Each shielded pool can handle one fungible asset. One of these assets is intended to be the tez, mimicking the functionality of z-cash. Other assets can be anything as long as a smart contract can compute the price of this asset. The intent is not to make Tezos a privacy coin, but rather to give to the user the liberty to exchange privately, while letting him handle it’s own regulatory issues.

What are the pros/cons of adding this feature within the Tezos protocol? Do you think all the existing regulations and privacy coin delistings we’ve seen will affect Tezos as a result of this addition?

The pro’s are a privacy feature, that can be used by anyone, to handle tez or other kind of token. This is different than having first class private transaction, which we chose not to propose. Ethereum has the same capabilities and was not delisted, which makes us think that we would not be either. Note also that a user that did not interact with a shielded pool can easily show that it was the case, and a user that did interact with one can provide viewing keys which unveil its anonymity to the chosen entitie(s). Moreover the total amount going in and out of a shielded pool is public. We think we took the minimal approach to privacy, and that this upgrade is needed for some users, and not dangerous for the others. We hope that in a close future the evolution in techniques, regulation and the public view of privacy will allow us to be more ambitious in terms of privacy while keeping the wide acceptation of the tez as a currency.

In terms of central and commercial usage at banks, how do you see zk-SNARKs technology being adopted? Will this feature provide the “fine-tuned privacy” that entities like the Bank of France have stated they are looking for to deploy protocols such as Tezos for usage at these locations?

The zk-SNARKS technology provides zero-knowledge argument for any program, and can therefore be used for fine-tuned privacy. We could imagine creating “zk-michelson” which would allow any user to define its own privacy requirement. Note however that this is for now theoretical, and rises questions of performances, trusted setup, implementation, engineering, and user-friendliness which will take time to resolve. Nomadic labs will work on these issues as soon as the first step of releasing the sapling protocol is done. We notably hope to come out with a solution for zero-knowledge permissioned shielded pools. Interacting with those requires an authorization by an authority. However you do not have to reveal your identity while proving that you are indeed authorized.

Through some of Marc’s responses, one can glean and understand zk-SNARKs and the upcoming implementation on Tezos directly from a development team working on sapling integration. Through the sapling protocol upgrade, usage of its privacy features will not seek to make Tezos (XTZ) a privacy coin, rather provide liberty to the user and enable them to utilize the privacy feature as something optional.

Additionally, in terms of adoption and real-world applications for zk-SNARKs and zero-knowledge cryptography, many large-scale institutions such as the Bank of France have expressed interest in utilizing and deploying the Tezos protocol at its commercial and central locations with the ability of “fine-tuned privacy” as a pre-requisite — all of which zk-SNARKs and the sapling protocol will provide.