LogoLogo
  • WELCOME TO ALEPH ZERO
  • EXPLORE
    • About Aleph Zero
    • AlephBFT Consensus
    • The Economy of Aleph Zero
    • Where to Buy AZERO
    • Decentralized Governance on Aleph Zero
    • Ecosystem
    • Aleph Zero Foundation Treasury Management
    • Community
    • Glossary
    • Audit & Research Papers
  • USE
    • Wallets
    • Explorer
    • Ledger
    • Telegram Notifications
    • Aleph Zero Signer
      • General introduction
      • What does Signer do?
      • What are Sub-accounts and Sub-account paths?
      • Why is it critical to store your Secret Phrase in a safe place?
      • How to forget and restore accounts?
      • What are Networks?
      • What are Trusted apps?
    • Dashboard
      • Dashboard basics
      • Overview
    • Stake
      • Staking Basics
      • Staking Menu Overview
      • How to Start Staking with the Aleph Zero Dashboard
      • How to Start Staking With the Developer Wallet
      • How to start staking using Ledger hardware wallet
      • How to Change Nominations
      • How to Stop Staking
      • Staking Rewards
      • Validators
      • Commission and Foundation Nodes
      • Proxy Accounts
    • Validate
      • Validating Overview
      • Hardware requirements
      • Running an Aleph Node on Testnet
        • Downloading and running the node
        • Verifying your setup
        • Customizing your setup
        • Building and running from source [advanced]
          • Building from source
          • Set environment variables
          • Download DB snapshot
          • Running the binary
        • Appendix: Ports, addresses, validators, and archivists
      • Running an Aleph Node on Mainnet
        • Running the node
        • Building and running from source [advanced]
      • Setting your identity
      • Making the node validate
      • Securing your validator
      • Troubleshooting
      • Elections and Rewards Math
      • Testnet Validator Airdrop
      • Foundation Nomination Program
    • Using the EVM-layer
    • Governance
      • Token
      • Multisig Accounts
  • BUILD
    • Aleph Zero smart contracts basics
      • Setting up a Testnet account
      • Installing required tools
      • Creating your first contract
      • Deploying your contract to Aleph Zero Testnet
      • Extending your contract
    • Cross contract calls
      • Using references
      • Using dynamic calls
    • Migrating from Solidity
    • Writing e2e tests with ink-wrapper
    • Aleph Zero Signer integration
    • Front-end app: smart contract interaction
    • Security Course by Kudelski Security
      • ink! Developers Security Guideline
      • Lesson 1 - Getting started with ink!
      • Lesson 2 - Threat Assessment
      • Lesson 3 - Integer Overflow
      • Lesson 4 - Signed-integer
      • Lesson 5 - Role-Based Access Control
      • Lesson 6 - Address Validation
      • Lesson 7 - Smart Contract Control
    • Development on EVM-layer
  • PROTOCOL DETAILS
    • Shielder
      • Overview
      • Design against Bad Actors
      • Preliminaries - ZK-relations
      • Notes and Accounts
      • ZK-ID and Registrars
      • Anonymity Revokers
      • PoW Anonymity Revoking
      • Relayers
      • Deterministic Secret Management
      • SNARK-friendly Symmetric Encryption
      • SNARK-friendly Asymmetric Encryption
      • Cryptography
      • Token shortlist
      • User Wallet
      • Versioning
      • PoC
      • Version 0.1.0
      • Version 0.2.0
    • Common DEX
      • Common Whitepaper - Differences
      • Dutch Auctions
  • FAQ
  • Tutorials
    • Withdrawing coins from exchanges
      • How to withdraw your AZERO coins from KuCoin
      • How to withdraw your AZERO coins from MEXC Global
      • How to withdraw your AZERO coins from HTX
  • Setting up or restoring a wallet
    • How to set up or recover your AZERO account using Aleph Zero Signer
    • How to set up or recover your AZERO account using the official mainnet web wallet
    • How to set up or recover your AZERO account using Nova Wallet
    • How to set up or recover your AZERO account using SubWallet
    • How to set up or recover your AZERO account using Talisman
  • Staking
    • How to stake via a direct nomination using the Aleph Zero Dashboard
    • How to stake via a nomination pool using the Aleph Zero Dashboard
    • How to destroy a nomination pool via the Aleph Zero Dashboard
Powered by GitBook
On this page

Was this helpful?

  1. PROTOCOL DETAILS

Shielder

The Aleph Zero Shielder is a smart contract on Aleph Zero that uses the technology of zk-SNARKs to enable private payments and private interactions with Defi. This is in contrast to the fully transparent nature of a regular blockchains which allow to track all interactions of a single user with on-chain contracts and other users. The Shielder improves privacy by making it impossible for a 3rd party chain observer to link different actions of the same user.

High Level Idea

It is perhaps the simplest to explain the Shielder by discussing the two most basic interactions it offers: deposit and withdraw. These are quite basic (at least conceptually) and allow to understand the basic idea behind the Shielder. All other, more complicated functionalities and interactions with other contracts (for instance DeFi protocols) are built on the foundation of deposit and withdraw. Note that in the below description we try to stay high level and carry mostly intuitions via (sometimes crazy) metaphores, without diving deep into the technical intricacies. If you would like to learn the technical details, feel free to skip this section and proceed straight to and .

Deposit

Any user can deposit any amount of ERC20 tokens to the Shielder. For concreteness, suppose that Alice deposits 100 USDT to the Shielder. What does it mean and how is this activity manifested on chain (from the perspective of 3rd party observers):

  • Alice calls the deposit method of the Shielder contract, sending 100 USDT along the call.

  • What a 3rd party observer sees, is that Alice's account is making an on-chain deposit of 100 USDT to the Shielder.

  • After the deposit call, Alice's 100 USDT becomes what we call a note inside the Shielder. As part of the interaction, Alice generates special cryptographic keys that make it possible for her to later access the note. Nobody else, except Alice is able to use the note.

The above description of a note does not make the Shielder interesting yet. After all, this just looks as if Alice sent funds to some new account, only she has keys for. However, what zk-SNARKs allow us to achieve here is truly marvelous. Imagine Shielder to be a huge box with notes, with each note being a sealed envelope that has three pieces of information on a slice of paper inside of it:

  • Token type,

  • Amount of tokens,

  • Who owns the note.

What happens upon deposit is that a user, in our example Alice, approaches the box, places 100 USDT in a huge piggybank that's standing next to the box, and creates a note (writes USDT, 100, Alice on the piece of paper, and seals it in an envelope). She then places her note (envelope) in the box, and gives it a solid mix! The mix is so thorough, that even though numerous parties are watching the box carefully (from a distance), none of them is able to figure out which envelope came from Alice. That's how Alice hides her note!

Withdraw

A few days after Alice deposited 100 USDT in the shielder, she figures she needs to withdraw some part of it: 20 USDT. To this end, Alice creates a new, fresh account on Aleph Zero, and performs the following steps:

  • Alice (using the new account) calls the withdraw method of the Shielder contract, requesting 20 USDT

  • The contract sends 20 USDT to Alice's new account.

  • The old note with 100 USDT is destroyed, and a new one with 80 USDT is created.

  • A 3rd party observer only sees that some unknown account just withdrew 20 USDT from the shielder. It has no idea that the 20 comes as a part of some previously deposited 100 USDT, and most of all, the observer has no idea, that it's Alice who is withdrawing USDT now, because it's a completely new account she is using! There is no way to link the deposit transaction to the withdraw transaction.

To explain the above using the metaphore with a box full of envelopes we will need to use some real magic! First of all, Alice approaches the box, disguised! Basically, she has to change her dress, or so, so that nobody watching the box is able to tell that it was her who deposited a note before. Then she stands next to the box, and... uses a magic spell! The magic spell, instructs the box (which is also magical, obviously) to reveal (among all, perhaps millions of envelopes) the envelope that belongs to Alice, and put it in Alice's hand. At this point, Alice is able to change what's in the envelope, by decreasing the amount, and then put it back in the box (and mix the box, of course). If Alice descreased the amount in the note by 20 (as in our example), the piggybank (magical -- as you have guessed) allows her to take 20 USDT and leave. Note that there are some serious defensive spells involved to keep all of this safe. For instance Alice can't just increase the amount in the note, or decrease it by 10 and claim 20 tokens from the piggybank. The magic would not allow for that!

As already mentioned, the "magic" in the above metaphorical description comes mostly from zk-SNARKs (but also from the sole fact that smart contracts on chain are impossible to manipulate). We refer the reader to numerous great articles on zk-SNARKs that are available on the internet. For more details on the Shielder it's best to continue with Overview and subsequent sections.

PreviousPROTOCOL DETAILSNextOverview

Last updated 1 month ago

Was this helpful?