The Sapling Protocol is Coming to Tezos

William McKenzie
Oct 22, 2019 · 6 min read

The sapling protocol is a proposed protocol amendment from Nomadic Labs coming soon to Tezos

TLDR: The sapling protocol is the new proposed protocol amendment from Nomadic Labs following the recent activation of the Babylon protocol amendment. Through sapling, as enumerated on in greater detail within the post, it will provide the “fine-tuned privacy” that central and commercial banks like Bank of France can use and deploy the Tezos protocol within these entities. Additionally, in this upgrade, it will provide a new Michelson instruction that allows a smart contract to store and do a transaction on a shielded blockchain behaving like sapling.

Amending Tezos

Tezos is a self-amending cryptographic ledger capable of amending itself and implementing new features onto the protocol through a formal on-chain amendment process. The established, well-practiced governance process offers everyone a fair, uniform way to make changes, and legitimize those changes by direct community voting.

The process can be detailed in further length below, showing how Tezos’ governance structure works:

  • A dev team injects the hash of a tarball file as a proposal into the Tezos Protocol with an invoice attached.
  • The injected proposal goes through 4 phases.
  • The first phase, known as the initial voting period, is where bakers will vote and decide if the proposal is best for the protocol. There can be a maximum of 20 proposals per baker in this phase.
  • The second phase, known as the exploration voting period, is where another vote is made to move forward. During this phase, 80% Quorum is needed to vote “Yay” and proceed with a testing period of the proposed changes. The Quorum adjusts accordingly and won’t always 80%. This phase also requires to meet supermajority to proceed.
  • The third phase, known as the testing phase, is where a temporary blockchain is formed for testing purposes. If things run smoothly and there are no significant problems, a final promotional period will begin.
  • The final phase, known as the promotional period, is where a final vote is cast on the proposed changes. During this final phase, if voted through, the new protocol will be added automatically with the new code and the protocol mints the tokens attached as an invoice in the proposal. If it does not go through, it goes back to the proposal phase.

*This process can also be more deeply explored on Tezos Agora.

Background on Zero-Knowledge Cryptography and zk-SNARKs

The sapling protocol introduces privacy features of which zk-SNARKs are one among many ingredients. There are different “flavors” including zk-STARKs which are more “transparent” than zk-SNARKs and lastly, zk-SHARKs. For the purpose of this post, we will engage in a basic overview of zero-knowledge cryptography, go over some of zk-SNARKs key features and provide additional commentary from a developer working on sapling integration for Tezos.

In a nutshell, zk-SNARK or, Zero-Knowledge Succinct Non-Interactive Argument of Knowledge, refers to a construction of a proof where one can prove possession of certain information (e.g. private key) without having to reveal that information to another party and have any interaction. These proofs allow two parties to prove that a statement between a prover and verifier is true — without revealing any other information beyond the validity of the statement itself.

For instance, let’s say you want to prove that you have enough money to pay for something, but you obviously don’t want to disclose the exact amount of your total holdings/account balance. Through a Zero-Knowledge proof, this information can be obtained and proven to be true without any interaction and revealing any other information beyond the validity of the statement itself.

Key Insight from Nomadic Labs on zk-SNARKs and the Sapling Protocol

Since we’ve already laid out the background as to what zk-SNARKs and zero-knowledge cryptography detail, let’s take some time to examine a core developer at Nomadic Labs, Marc Beunardeau, and his insights into the new proposed protocol amendment coming soon to Tezos. As questions pertaining to privacy begin to arise, especially in terms of regulation and all the privacy coin delistings we’ve seen thus far, these questions and more, I decided to ask Marc in an interview.

*Below in bold are my questions for Marc, in quotation are his provided responses.

How is Tezos going to utilize zero-knowledge proofs (zk-SNARKs) within the protocol? Will this be implemented in a way where it is an optional feature such as adding an optional message attached to each transaction and adding additional zk proofs to each transaction?

Tezos will provide a new Michelson instruction that allows a smart contract to store and do transaction on a shielded blockchain behaving like sapling (last z-cash update), called shielded pool. Each shielded pool can handle one fungible asset. One of these assets is intended to be the tez, mimicking the functionality of z-cash. Other assets can be anything as long as a smart contract can compute the price of this asset.

The intent is not to make Tezos a privacy coin, but rather to give to the user the liberty to exchange privately, while letting him handle it’s own regulatory issues.

The pro’s are a privacy feature, that can be used by anyone, to handle tez or other kind of token. This is different than having first class private transaction, which we chose not to propose. Ethereum has the same capabilities and was not delisted, which makes us think that we would not be either.

Note also that a user that did not interact with a shielded pool can easily show that it was the case, and a user that did interact with one can provide viewing keys which unveil its anonymity to the chosen entitie(s). Moreover the total amount going in and out of a shielded pool is public. We think we took the minimal approach to privacy, and that this upgrade is needed for some users, and not dangerous for the others. We hope that in a close future the evolution in techniques, regulation and the public view of privacy will allow us to be more ambitious in terms of privacy while keeping the wide acceptation of the tez as a currency.

The zk-SNARKS technology provides zero-knowledge argument for any program, and can therefore be used for fine-tuned privacy. We could imagine creating “zk-michelson” which would allow any user to define its own privacy requirement. Note however that this is for now theoretical, and rises questions of performances, trusted setup, implementation, engineering, and user-friendliness which will take time to resolve. Nomadic labs will work on these issues as soon as the first step of releasing the sapling protocol is done. We notably hope to come out with a solution for zero-knowledge permissioned shielded pools. Interacting with those requires an authorization by an authority. However you do not have to reveal your identity while proving that you are indeed authorized.

Additionally, in terms of adoption and real-world applications for zk-SNARKs and zero-knowledge cryptography, many large-scale institutions such as the Bank of France have expressed interest in utilizing and deploying the Tezos protocol at its commercial and central locations with the ability of “fine-tuned privacy” as a pre-requisite — all of which zk-SNARKs and the sapling protocol will provide.

Conclusion

Zero-Knowledge cryptography poses several privacy benefits and real-world applications for Tezos. In the midst of regulatory concerns and privacy coin delistings, usage of the privacy feature is going to optional within Tezos, providing liberty for those wishing to utilize the privacy features zk-SNARKs and the sapling protocol offers — without insinuating XTZ as a “privacy coin” . This upgrade and many more to come, represent the nature of Tezos’ ability to evolve and port the best-in-class technology and implement it onto the protocol through a formal on-chain amendment process.

Tezos Commons

Updates and insights from the global Tezos community

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store