MASP integration on Tezos

Introduction

The Sapling integration is one of the main features included in the recently announced release of the Tezos Edo protocol proposal. At Metastate, we have recently announced the release of the MASP (multi-asset shielded pool) project, which is an extension of Zcash’s Sapling circuit.

Background & Motivations

It is a common misperception that public blockchains are anonymous. This is why several technologies have been proposed to improve their anonymity – the most prominent ones among them being ring signatures (as in Monero), ZK-SNARKs (as in ZCash), and CoinJoins (as in Bitcoin). Whilst some of these provide stronger privacy properties, they are all concerned only with a single asset (e.g. the ZCash protocol only supports transactions in ZEC). Multi-asset networks, such as Tezos, enable the development of new assets and transactions involving them. For these multi-asset networks, it is desirable to provide strong privacy guarantees for each asset.

One possible solution would be to apply a separate instance of the cryptographic protocol for each asset. However, the degree of anonymity correlates very strongly with the number of participants and transaction throughputs. Thus, it is better to create an instance of the cryptographic protocol shared by as many compatible assets as possible to increase the degree of privacy. Such is the motivation for the MASP (Multi-Asset Shielded Pool).

The State of Privacy on Tezos

The Edo Tezos protocol proposal includes the Sapling integration. Should this proposal be adopted by the community via governance, the Tezos protocol will be able to support single-asset privacy (see here) via the Sapling circuit, thereby making private transfers of any asset on the Tezos network possible. However, the Sapling integration on Tezos require to maintain a single Sapling state for each asset, which as mentioned above, can hinder privacy guarantees for certain assets.

What is the MASP Project?

The MASP project is a standalone cryptography library developed by Metastate, which was recently announced. The MASP is an extension of the Sapling circuit developed by the Electric Coin Company for the ZCash protocol, modified such that inputs and outputs of a transaction may represent distinct assets. Learn more about the MASP by visiting this website.

The Integration of the MASP Project on Tezos

With the MASP, the degree of privacy for an asset in a MASP instance would be improved even by participants in the pool that are not related in any way to that asset. In this sense, assets on Tezos could benefit from a network effect, as every additional user of the pool has the potential to increase the transaction throughput and thereby increase the pool’s overall anonymity set (which is beneficial to all its users).

This feature enables zero-knowledge private transactions for arbitrary assets. A single MASP instance on Tezos could handle all assets of any particular asset standard (FA1.2, tzip-12, tzip-13), or combination thereof. No additional development is required to support privacy for a newly launched asset; provided that the contract supports an existing standard for which MASP support is available. Note that it would also be possible for the developer of an asset-issuing contract to preclude private transactions, should they find reason to do so.

In other words, if there is an existing MASP instance for tzip-12 contracts, and a third party deploys a tzip-12 contract, then their new asset will be compatible with a MASP. The third-party developing this new contract doesn’t have to change anything in order to have their asset be compatible with a MASP.

Upgrade & Implementation

Metastate’s MASP integration on Tezos is available together with other features under research and development on the Astrolabe Tezos test network and is ready to be tested (stay tuned for the upcoming Astrolabe test network announcement and article). At the time of writing, the MASP is simply another feature under research & development and is currently not considered to be included in an upcoming protocol upgrade. As the MASP is an extension to Sapling, it provides an intuitive upgrade path for any multi-asset blockchain that has already adopted sapling-based privacy features.

Summary & Concluding Remarks

The Sapling integration is one of the main features included in the recently announced release of the Tezos Edo protocol proposal. Metastate recently announced the release of an extension of Zcash’s Sapling circuit named MASP. This project is an intuitive upgrade path for the Sapling protocol implemented by Edo.

For multi-asset networks such as Tezos, it is desirable to provide strong privacy guarantees for each asset. Although the Tezos protocol was recently extended to support single-asset privacy, the degree of privacy would be stronger if the assets were grouped together. This is the goal of the MASP project. A single MASP instance on Tezos could handle all assets of any particular asset standard (FA1.2, tzip-12, tzip-13), increasing their privacy guarantees.

Image credits: European Tree Frog - By Andrei Daniel Mihalca (Histria 2006).

Metastate has ceased its activities on the 31st of January 2021. The team members have joined a new company and working on a new project. If you're interested in distributed systems research and engineering and systems engineering in Rust, checkout the open positions at Heliax.

If you have any feedback or questions on this article, please do not hesitate to contact us: hello@heliax.dev.