The Aleph Zero Shielder is a smart contract on Aleph Zero (not yet deployed at the moment of writing) that uses the technology of zk-SNARKs to enable private payments and private interactions with Defi. This is in contrast to the fully transparent nature of a regular blockchains which allow to track all interactions of a single user with on-chain contracts and other users. The Shielder improves privacy by making it impossible for a 3rd party chain observer to link different actions of the same user.
It is perhaps the simplest to explain the Shielder by discussing the two most basic interactions it offers:
withdraw. These are quite basic (at least conceptually) and allow to understand the basic idea behind the Shielder. All other, more complicated functionalities and interactions with other contracts (for instance DeFi protocols) are built on the foundation of
withdraw. Note that in the below description we try to stay high level and carry mostly intuitions via (sometimes crazy) metaphores, without diving deep into the technical intricacies. If you would like to learn the technical details, feel free to skip this section and proceed straight to Specification and Tutorial.
Any user can deposit any amount of PSP22 tokens (akin to ERC20 tokens on Ethereum, but adjusted to smart contracts on Aleph Zero) to the Shielder. For concreteness, suppose that Alice deposits
100 USDTto the Shielder. What does it mean and how is this activity manifested on chain (from the perspective of 3rd party observers):
- Alice calls the
depositmethod of the
100 USDTalong the call.
- What a 3rd party observer sees, is that Alice's account is making an on-chain deposit of
100 USDTto the Shielder.
- After the
100 USDTbecomes what we call a
noteinside the Shielder. As part of the interaction, Alice generates special cryptographic keys that make it possible for her to later access the note. Nobody else, except Alice is able to use the note.
The above description of a
notedoes not make the Shielder interesting yet. After all, this just looks as if Alice sent funds to some new account, only she has keys for. However, what zk-SNARKs allow us to achieve here is truly marvelous. Imagine Shielder to be a huge box with notes, with each note being a sealed envelope that has three pieces of information on a slice of paper inside of it:
- Token type,
- Amount of tokens,
- Who owns the note.
What happens upon
depositis that a user, in our example Alice, approaches the box, places
100 USDTin a huge piggybank that's standing next to the box, and creates a note (writes
USDT, 100, Aliceon the piece of paper, and seals it in an envelope). She then places her note (envelope) in the box, and gives it a solid mix! The mix is so thorough, that even though numerous parties are watching the box carefully (from a distance), none of them is able to figure out which envelope came from Alice. That's how Alice hides her note!
A few days after Alice deposited 100 USDT in the shielder, she figures she needs to withdraw some part of it: 20 USDT. To this end, Alice creates a new, fresh account on Aleph Zero, and performs the following steps:
- Alice (using the new account) calls the
withdrawmethod of the
- The contract sends
20USDT to Alice's new account.
- The old note with
100USDT is destroyed, and a new one with
80USDT is created.
- A 3rd party observer only sees that some unknown account just withdrew
20USDT from the shielder. It has no idea that the
20comes as a part of some previously deposited
100USDT, and most of all, the observer has no idea, that it's Alice who is withdrawing USDT now, because it's a completely new account she is using! There is no way to link the deposit transaction to the withdraw transaction.
To explain the above using the metaphore with a box full of envelopes we will need to use some real magic! First of all, Alice approaches the box, disguised! Basically, she has to change her dress, or so, so that nobody watching the box is able to tell that it was her who deposited a note before. Then she stands next to the box, and... uses a magic spell! The magic spell, instructs the box (which is also magical, obviously) to reveal (among all, perhaps millions of envelopes) the envelope that belongs to Alice, and put it in Alice's hand. At this point, Alice is able to change what's in the envelope, by decreasing the amount, and then put it back in the box (and mix the box, of course). If Alice descreased the amount in the note by
20(as in our example), the piggybank (magical -- as you have guessed) allows her to take
20USDT and leave. Note that there are some serious defensive spells involved to keep all of this safe. For instance Alice can't just increase the amount in the note, or decrease it by
20tokens from the piggybank. The magic would not allow for that!
As already mentioned, the "magic" in the above metaphorical description comes mostly from zk-SNARKs (but also from the sole fact that smart contracts on chain are impossible to manipulate). We refer the reader to numerous great articles on zk-SNARKs that are available on the internet. For more details on the Shielder it's best to take a look at Specification first, and then at the Tutorial.