Shielder

The Aleph Zero Shielder is a smart contract on Aleph Zero (not yet deployed at the moment of writing) that uses the technology of zk-SNARKs to enable private payments and private interactions with Defi. This is in contrast to the fully transparent nature of a regular blockchains which allow to track all interactions of a single user with on-chain contracts and other users. The Shielder improves privacy by making it impossible for a 3rd party chain observer to link different actions of the same user.

High Level Idea

It is perhaps the simplest to explain the Shielder by discussing the two most basic interactions it offers: deposit and withdraw. These are quite basic (at least conceptually) and allow to understand the basic idea behind the Shielder. All other, more complicated functionalities and interactions with other contracts (for instance DeFi protocols) are built on the foundation of deposit and withdraw. Note that in the below description we try to stay high level and carry mostly intuitions via (sometimes crazy) metaphores, without diving deep into the technical intricacies. If you would like to learn the technical details, feel free to skip this section and proceed straight to Specification (Legacy, not up-to date) and Tutorial (Legacy, not up-to date).

Deposit

Any user can deposit any amount of PSP22 tokens (akin to ERC20 tokens on Ethereum, but adjusted to smart contracts on Aleph Zero) to the Shielder. For concreteness, suppose that Alice deposits 100 USDT to the Shielder. What does it mean and how is this activity manifested on chain (from the perspective of 3rd party observers):

• Alice calls the deposit method of the Shielder contract, sending 100 USDT along the call.

• What a 3rd party observer sees, is that Alice's account is making an on-chain deposit of 100 USDT to the Shielder.

• After the deposit call, Alice's 100 USDT becomes what we call a note inside the Shielder. As part of the interaction, Alice generates special cryptographic keys that make it possible for her to later access the note. Nobody else, except Alice is able to use the note.

The above description of a note does not make the Shielder interesting yet. After all, this just looks as if Alice sent funds to some new account, only she has keys for. However, what zk-SNARKs allow us to achieve here is truly marvelous. Imagine Shielder to be a huge box with notes, with each note being a sealed envelope that has three pieces of information on a slice of paper inside of it:

• Token type,

• Amount of tokens,

• Who owns the note.

What happens upon deposit is that a user, in our example Alice, approaches the box, places 100 USDT in a huge piggybank that's standing next to the box, and creates a note (writes USDT, 100, Alice on the piece of paper, and seals it in an envelope). She then places her note (envelope) in the box, and gives it a solid mix! The mix is so thorough, that even though numerous parties are watching the box carefully (from a distance), none of them is able to figure out which envelope came from Alice. That's how Alice hides her note!

Withdraw

A few days after Alice deposited 100 USDT in the shielder, she figures she needs to withdraw some part of it: 20 USDT. To this end, Alice creates a new, fresh account on Aleph Zero, and performs the following steps:

• Alice (using the new account) calls the withdraw method of the Shielder contract, requesting 20 USDT

• The contract sends 20 USDT to Alice's new account.

• The old note with 100 USDT is destroyed, and a new one with 80 USDT is created.

• A 3rd party observer only sees that some unknown account just withdrew 20 USDT from the shielder. It has no idea that the 20 comes as a part of some previously deposited 100 USDT, and most of all, the observer has no idea, that it's Alice who is withdrawing USDT now, because it's a completely new account she is using! There is no way to link the deposit transaction to the withdraw transaction.

To explain the above using the metaphore with a box full of envelopes we will need to use some real magic! First of all, Alice approaches the box, disguised! Basically, she has to change her dress, or so, so that nobody watching the box is able to tell that it was her who deposited a note before. Then she stands next to the box, and... uses a magic spell! The magic spell, instructs the box (which is also magical, obviously) to reveal (among all, perhaps millions of envelopes) the envelope that belongs to Alice, and put it in Alice's hand. At this point, Alice is able to change what's in the envelope, by decreasing the amount, and then put it back in the box (and mix the box, of course). If Alice descreased the amount in the note by 20 (as in our example), the piggybank (magical -- as you have guessed) allows her to take 20 USDT and leave. Note that there are some serious defensive spells involved to keep all of this safe. For instance Alice can't just increase the amount in the note, or decrease it by 10 and claim 20 tokens from the piggybank. The magic would not allow for that!

As already mentioned, the "magic" in the above metaphorical description comes mostly from zk-SNARKs (but also from the sole fact that smart contracts on chain are impossible to manipulate). We refer the reader to numerous great articles on zk-SNARKs that are available on the internet. For more details on the Shielder it's best to continue with Overview and subsequent sections.