RESEARCH: Privacy in the SDK

#1

Research: Privacy in the SDK

The Cosmos SDK currently doesn’t support any form of a private transactions.

This is appropriate for the Cosmos Hub whose purpose to track the integrity of assets from other chains.

Zones should have options for introducing private computation and private value transfers.

Sapling

Zcash’s SNARK based Sapling Protocol is the gold standard for privacy preserving value transfer. Unfortunately it’s a single asset system and Cosmos is natively multi-asset and it would additional protocol design work to develop a multi asset version of sapling. If you want to accept the constraint of a unique shielded pool for every asset, then binding the librustzcash . I also expect to need some kind of new store for opaque bytes for accumulator of nullifiers.

Cloak

Interstellar’s Cloak protocol and Spacesuit hides both the amounts of transfers and the assets involved using Pedersen commitments and Bulletproof based range proofs.

It seems like a good fit for the Cosmos SDK.

Downsides

  1. Cloak has never been deployed in production.
  2. We move from a model where accounts contain balances to lists of input and output commitments but this seems to be minimal work to adapt.
  3. Cloak hides amounts and denoms but not the transaction graph.

Aztec protocol

Single asset and based on Sigma protocols so faster provers. Trying to build transaction primitives for more use cases than just value transfer. Single asset shielded pools but hides the denoms.

4 Likes