The sapling protocol is a proposed protocol amendment from Nomadic Labs coming soon to Tezos
TLDR: The sapling protocol is the new proposed protocol amendment from Nomadic Labs following the recent activation of the Babylon protocol amendment. Through sapling, as enumerated on in greater detail within the post, it will provide the “fine-tuned privacy” that central and commercial banks like Bank of France can use and deploy the Tezos protocol within these entities. Additionally, in this upgrade, it will provide a new Michelson instruction that allows a smart contract to store and do a transaction on a shielded blockchain behaving like sapling.
Tezos is a self-amending cryptographic ledger capable of amending itself and implementing new features onto the protocol through a formal on-chain amendment process. The established, well-practiced governance process offers everyone a fair, uniform way to make changes, and legitimize those changes by direct community voting.
The process can be detailed in further length below, showing how Tezos’ governance structure works:
- A dev team injects the hash of a tarball file as a proposal into the Tezos Protocol with an invoice attached.
- The injected proposal goes through 4 phases.
- The first phase, known as the initial voting period, is where bakers will vote and decide if the proposal is best for the protocol. There can be a maximum of 20 proposals per baker in this phase.
- The second phase, known as the exploration voting period, is where another vote is made to move forward. During this phase, 80% Quorum is needed to vote “Yay” and proceed with a testing period of the proposed changes. The Quorum adjusts accordingly and won’t always 80%. This phase also requires to meet supermajority to proceed.
- The third phase, known as the testing phase, is where a temporary blockchain is formed for testing purposes. If things run smoothly and there are no significant problems, a final promotional period will begin.
- The final phase, known as the promotional period, is where a final vote is cast on the proposed changes. During this final phase, if voted through, the new protocol will be added automatically with the new code and the protocol mints the tokens attached as an invoice in the proposal. If it does not go through, it goes back to the proposal phase.
*This process can also be more deeply explored on Tezos Agora.
Background on Zero-Knowledge Cryptography and zk-SNARKs
The sapling protocol introduces privacy features of which zk-SNARKs are one among many ingredients. There are different “flavors” including zk-STARKs which are more “transparent” than zk-SNARKs and lastly, zk-SHARKs. For the purpose of this post, we will engage in a basic overview of zero-knowledge cryptography, go over some of zk-SNARKs key features and provide additional commentary from a developer working on sapling integration for Tezos.
In a nutshell, zk-SNARK or, Zero-Knowledge Succinct Non-Interactive Argument of Knowledge, refers to a construction of a proof where one can prove possession of certain information (e.g. private key) without having to reveal that information to another party and have any interaction. These proofs allow two parties to prove that a statement between a prover and verifier is true — without revealing any other information beyond the validity of the statement itself.
For instance, let’s say you want to prove that you have enough money to pay for something, but you obviously don’t want to disclose the exact amount of your total holdings/account balance. Through a Zero-Knowledge proof, this information can be obtained and proven to be true without any interaction and revealing any other information beyond the validity of the statement itself.
Key Insight from Nomadic Labs on zk-SNARKs and the Sapling Protocol
Since we’ve already laid out the background as to what zk-SNARKs and zero-knowledge cryptography detail, let’s take some time to examine a core developer at Nomadic Labs, Marc Beunardeau, and his insights into the new proposed protocol amendment coming soon to Tezos. As questions pertaining to privacy begin to arise, especially in terms of regulation and all the privacy coin delistings we’ve seen thus far, these questions and more, I decided to ask Marc in an interview.
*Below in bold are my questions for Marc, in quotation are his provided responses.
How is Tezos going to utilize zero-knowledge proofs (zk-SNARKs) within the protocol? Will this be implemented in a way where it is an optional feature such as adding an optional message attached to each transaction and adding additional zk proofs to each transaction?
Tezos will provide a new Michelson instruction that allows a smart contract to store and do transaction on a shielded blockchain behaving like sapling (last z-cash update), called shielded pool. Each shielded pool can handle one fungible asset. One of these assets is intended to be the tez, mimicking the functionality of z-cash. Other assets can be anything as long as a smart contract can compute the price of this asset.
The intent is not to make Tezos a privacy coin, but rather to give to the user the liberty to exchange privately, while letting him handle it’s own regulatory issues.
What are the pros/cons of adding this feature within the Tezos protocol? Do you think all the existing regulations and privacy coin delistings we’ve seen will affect Tezos as a result of this addition?
The pro’s are a privacy feature, that can be used by anyone, to handle tez or other kind of token. This is different than having first class private transaction, which we chose not to propose. Ethereum has the same capabilities and was not delisted, which makes us think that we would not be either.
Note also that a user that did not interact with a shielded pool can easily show that it was the case, and a user that did interact with one can provide viewing keys which unveil its anonymity to the chosen entitie(s). Moreover the total amount going in and out of a shielded pool is public. We think we took the minimal approach to privacy, and that this upgrade is needed for some users, and not dangerous for the others. We hope that in a close future the evolution in techniques, regulation and the public view of privacy will allow us to be more ambitious in terms of privacy while keeping the wide acceptation of the tez as a currency.
In terms of central and commercial usage at banks, how do you see zk-SNARKs technology being adopted? Will this feature provide the “fine-tuned privacy” that entities like the Bank of France have stated they are looking for to deploy protocols such as Tezos for usage at these locations?
The zk-SNARKS technology provides zero-knowledge argument for any program, and can therefore be used for fine-tuned privacy. We could imagine creating “zk-michelson” which would allow any user to define its own privacy requirement. Note however that this is for now theoretical, and rises questions of performances, trusted setup, implementation, engineering, and user-friendliness which will take time to resolve. Nomadic labs will work on these issues as soon as the first step of releasing the sapling protocol is done. We notably hope to come out with a solution for zero-knowledge permissioned shielded pools. Interacting with those requires an authorization by an authority. However you do not have to reveal your identity while proving that you are indeed authorized.
Through some of Marc’s responses, one can glean and understand zk-SNARKs and the upcoming implementation on Tezos directly from a development team working on sapling integration. Through the sapling protocol upgrade, usage of its privacy features will not seek to make Tezos (XTZ) a privacy coin, rather provide liberty to the user and enable them to utilize the privacy feature as something optional.
Additionally, in terms of adoption and real-world applications for zk-SNARKs and zero-knowledge cryptography, many large-scale institutions such as the Bank of France have expressed interest in utilizing and deploying the Tezos protocol at its commercial and central locations with the ability of “fine-tuned privacy” as a pre-requisite — all of which zk-SNARKs and the sapling protocol will provide.
Zero-Knowledge cryptography poses several privacy benefits and real-world applications for Tezos. In the midst of regulatory concerns and privacy coin delistings, usage of the privacy feature is going to optional within Tezos, providing liberty for those wishing to utilize the privacy features zk-SNARKs and the sapling protocol offers — without insinuating XTZ as a “privacy coin” . This upgrade and many more to come, represent the nature of Tezos’ ability to evolve and port the best-in-class technology and implement it onto the protocol through a formal on-chain amendment process.