Introducing Namada: Shielded Transfers with Any Assets

This article has been deprecated! See the updated version on Namada’s Blog.

What is Namada?

Namada is Anoma’s first fractal instance and it deploys v1 of the Anoma protocol. This protocol version includes a subset of components of Anoma that enables shielded transfers for any kind of asset (fungible and non-fungible ones) independent of the platform they were created on, such as Ethereum or IBC-compatible chains. Using Namada you can transfer your ETH, DAI or any other fungible asset or NFT from Ethereum or your ATOM or OSMO from any IBC chain and send them around privately with a few second transaction latency and near-zero fees.

With the purpose of making privacy-preserving transfers more accessible for end users, Namada is vertically integrated and will be released with user friendly interfaces in 2022.

Why Namada?

My first job in the space of decentralized protocols was not at an organization that worked on a layer 1 or a dApp, but at a company that developed tools to deanonymize user data on blockchains and sold them for profit. It’s crazy how much you can tell by simply looking at addresses, values, time stamps, interaction graphs, usage patterns, or simply by mapping pseudonyms to the OSINT data (trivial, particularly if people use NFTs as their twitter profile). I (considering myself a mindful user) have been in a couple of situations where I almost doxed myself — you’ve gotta be extremely careful and the UX becomes atrocious. And even if you’re careful yourself, your peers could accidentally dox you too.

I’m excited about the growth in the space, specially towards more usage of all kinds of fungible and non-fungible tokens in a multi-chain world. But I’m concerned about the lack of native privacy support in all protocols, even more so when most users have little to no understanding about how much sensitive data they’re leaking on all fronts with every interaction — and how this data can be leveraged by anyone with access to the internet for their own benefit.

If there’s data, it is/will be leveraged by someone. That it hasn’t happened yet is simply an indicator that the data-market fit hasn’t come yet.

I want the decentralized protocols to be an alternative for as many as possible to existing centralized and exploitative financial systems. So every time I look at the work we do, I ask myself: is what we’re building better for users? Does this enable a more equitable power distribution than the existing systems, which impose an asymmetric power relationship upon their users? For the answer to be yes, privacy is a crucial property. For as long as blockchains are transparent, they will provide much worse privacy guarantees than existing systems because anyone with access to a full node can perform basic analysis to deanonymize users.

How have shielded transfers evolved?

Published in 2014, the Zerocash paper pioneered with the idea of deploying zk-SNARKs to enable shielded transfers and providing stronger privacy guarantees than pseudonymous transactions. This protocol was later implemented by the Electric Coin Company, the developers of the ZCash protocol, which went live in late 2016 and through numerous upgrades from Sprout to the recent NU5 — without the ECC, ZCash’s leadership and continuous contributions in the domain, we wouldn’t be were we are today with Namada. For many years, privacy-preserving protocols have coupled shielded transfers with the native asset, so users couldn’t make shielded transfers without using ZEC on ZCash.

In the recent years, there’s been a boom in cryptography research and deployment (specially zero-knowledge proof schemes) on different protocols and platforms like Tornado Cash Nova and Aztec’s ZK Money on Ethereum. The cool thing about them is that they enable privacy-preserving transfers for different kinds of fungible assets: ETH in the case of Tornado Cash Nova and ETH, DAI, renBTC in the case of ZK Money — a step forward in separating privacy from a specific currency.

However, the usage of privacy-preserving protocols hasn’t been normalized yet and is very small compared to the usage of pseudonymous protocols.

I’m thrilled to use Namada myself and to see what users will do with Namada, which allows multi-chain users to make shielded transfers with any kind of asset held by the user, be it fungible or non-fungible assets — and independent to what chain or platform they were created on. One of the key properties of Namada is that all assets will be sharing one anonymity set. This feature allows us to move away from the per-asset shielded pool, which can significantly weaken the privacy guarantees specially when the asset has a low transaction volume and/or high value; it also allows us to create a way larger anonymity set, as any fungible and non-fungible assets across all sovereign chains and platforms can be sharing the same shielded pool.

Shielded transfers with ETH, ERC20, NFTs and ATOM on Namada

Namada is vertically integrated protocol with the purpose of providing a few-second latency and near-zero fees at the protocol level, but also a seamless user experience with an integrated browser-based interface. Namada will also be an experiment on the cryptoeconomics front, as it will come with incentives for users of the shielded pool.

How does Namada’s architecture look like?

This is just an overview peak, you’ll find an up-to-date and specific overview in the Anoma specs, v1.

Namada is a custom layer 1 protocol that deploys Tendermint BFT as its consensus algorithm and proof-of-stake as its sybil resistance mechanism, with advancements such as the reward distribution model via an automatically-compounding variant of the F1 fee distribution and cubic slashing, designed to discourage validators to operate the network with similar configurations and increase the robustness of the network with a validator set with more diversity in infrastructure architecture. To support non-native fungible and non-fungible tokens, Namada is integrated with the IBC protocol and custom bridges to enable interoperability with platforms that do not support deterministic finality (at first, a bridge to Ethereum).

For governance, Namada has two components: an off-chain signaling mechanism and an on-chain voting mechanism. The on-chain voting mechanism is a simple text-based proposal voting system with the particularity that it is implemented as a validity predicate (remember this term, as it will be more and more prominent in later Anoma protocol versions). The off-chain signaling mechanism is designed to act as a coordinator among validators in case there is a proposal that requires a hard fork, so that operators can use it to agree on the next move. In other words, the governance mechanism works off-chain, including the stake based on the last snapshot.

The latest software release of Namada deploys the Multi-Asset Shielded Pool (MASP), a zero-knowledge circuit that enables all assets to share one anonymity set — this property is very important as it allows both fungible and non-fungible assets to share the same shielded pool so the privacy guarantees are not subject to the volume of transactions with that particular asset. In addition, mainnet Namada will come with Burn and Mint (B&M) and its Convert Circuit, which is a modified version of MASP to enable incentives for the shielded pool usage via protocol inflation subsidies without encouraging transactional spam.

A shielded transfer of ETH using Namada

How can you participate in Namada?

There are many things to look out for:

• Participate in the upcoming Namada trusted setup: Namada will need new parameters. I strongly recommend you to participate in the ceremony, specially if you’re excited about using Namada for shielded transfers. The more participants, the better. Get ready to show off your op-sec considerations or unique source of randomness and to prove to other participants that you got rid of the toxic waste (the secret information that you individually used to generate the data that needs to be irrecoverable). The ceremony is planned for mid summer 2022 and might be incentivized.
• Participate in the upcoming Namada public testnets: if you’re thinking of contributing to the security of the network by operating a validator and stewarding the future of the network via governance, you should stay tuned for the upcoming public testnets in summer 2022 which might be incentivized.
• Try Namada as a user: try Namada’s shielded transfers, bridging assets from other chains, staking, voting in governance via the command-line client or the browser-based interface. Before mainnet, even if you’re not participating in the public testnets, early versions of the interfaces will be integrated so we can integrate feedback from users.

An active validator on a Namada testnet

What next?

The best way to stay updated is to follow @namadanetwork, to subscribe to the newsletter on namada.net, sign up for the trusted ceremony and to join the Anoma community on Discord if you haven’t yet.