Shaping Multichain Privacy

Feb 23, 20237 min read

Namada gives the privacy landscape a different shape, by providing the largest possible unified privacy set in the multichain, and complementing other chains by seeding/retrofitting privacy shielded actions

Privacy-preserving protocols and applications in the space are rapidly growing, but this horizontal growth doesn’t lead to better privacy for users in the multichain ecosystem. This article explains what’s missing, how Namada’s architecture can change the landscape and facilitate significantly better multichain privacy.

Questions, feedback, discussions more than welcome on the Namada forum.

Privacy sets are fragmented

Privacy today is fragmented by tokens, applications, and platforms. In cryptocurrency protocols like Zcash or Monero, the Zcash privacy set is disjoint from the Monero privacy set. This is a result of privacy being bound to a specific currency, ZEC and XMR – individuals cannot use their respective privacy features without using their native currency. Plus, the size of the privacy set is limited to the interactions of individuals that want both the privacy guarantees and the monetary policy that Zcash or Monero offer.

On platforms like Ethereum (L1s and L2s), where individuals use privacy dApps (Tornado Cash or ZK Money) that support different fungible tokens (ETH, USDC, DAI), the privacy sets are fragmented by application and by asset: there's a private ETH-ZK Money set and an ETH-Tornado Cash set. Users of both dApps would obtain strictly better privacy if the sets were combined. Privacy sets are also bound to the platforms: private USDT on Ethereum cannot be combined with private USDT on Near (or any platforms on which Tether is issued). This also applies to L1s with private execution environments like Aleo or Espresso, where the applications within these private platforms share a privacy set, but not across platforms, for example, between Aleo and Espresso, or Aleo and Ethereum.

Privacy in the multichain world is fragmented by currency, platform, and application

As the sets are fragmented, the privacy guarantees are limited to the size of their respective user base. The smaller the size, the easier it is to correlate identities and interactions to and from the set. So the larger the privacy set, the stronger the privacy guarantees for every interaction. However, as visualised above, privacy sets in the multichain are fundamentally isolated (they cannot be combined), not to mention that the privacy sets are limited to fungible assets and not combinable with non-fungible assets.

What if there was a way of "combining" all privacy sets?

Unifying privacy sets

A key feature of Namada is that all currencies, fungible, and non-fungible tokens share a single unified set:

On Namada, all tokens, fungible and non-fungible, share one shielded set

Namada is designed to solve the segregation of privacy sets. First, it creates a single asset-agnostic shielded pool for any token fungible and non-fungible token. Second, the fragmentation by platforms is removed by decoupling the assets from the platforms and enabling them to move to a unified privacy set.

The unified shielded set is enabled by the MASP/CC circuits
Users can move assets into the shielded set through IBC and custom bridges such as Namada’s native trustless Ethereum bridge

Seeding & retrofitting privacy

On programmable settlement platforms that support both transparent and private dApps, users need the native asset to pay for fees and gas. In these cases, Namada can be used to seed new accounts on Ethereum, which can later on be used to interact with the diverse dApps and pay for the necessary fees and gas.

Even if the ETH is seeded from the Namada shielded set, they should be sent to new addresses and use distinct new addresses to interact with each dApp.

Using ETH from the Namada shielded set to pay for fees and gas on Ethereum dApps

Namada can also seed privacy to users who want to use an asset originating from one base chain on another chain, without losing privacy.

For example: a user needs ETH (currently on transparent Ethereum) to use a dApp on Aleo (with private execution). To do this privately, the user can first transfer the ETH from Ethereum to Namada’s unified shielded set, and then use it to seed the ETH on Aleo, breaking the linkability between the ETH on Ethereum and the ETH used in Aleo so the transfer cannot be linked.

Namada retrofits privacy to assets that were created and already used in transparent chains. Someone who wants to use ATOM privately can transfer ATOM from the Cosmos Hub to Namada’s unified shielded set and perform the transfers within the shielded set or transfer them back to a new account on the Cosmos Hub – thereby breaking linkability. For application-specific chains, like Penumbra, Namada can act as a private bridge between transparent and private chains, where users keep assets private in Namada, and then bridge them to Penumbra for private DeFi.

Shielded actions

You can use Namada to directly interact with other chains and their respective dApps privately with shielded actions.

On application-specific chains like Osmosis, users can trade ATOM for OSMO privately. On Namada, the user signs a sequence of actions that get triggered automatically:

Transfer ATOM from the shielded account on Namada over IBC to a transparent account on Osmosis.
Trade ATOM for OSMO on Osmosis (this interaction is transparent).
Transfer the OSMO from Osmosis to the user's shielded account on Namada over IBC.

This way, the user has traded ATOM for OSMO privately, as there is no correlation between the identity of the source ATOM from the shielded set and the resulting OSMO to the shielded set.

Shielded Action: Trading ATOM for OSMO on Osmosis privately

Shielded actions are not limited to application chains that are IBC compatible, it works with any chain that is connected to Namada, e.g. Ethereum, and the actions can be generalised to interact with any dApp, such as trading NFTs or staking ETH.

A graph showing how Namada shapes multichain privacy

Start game and end game

Privacy as a public good

To bootstrap the largest unified shielded set in the multichain, Namada’s cryptography has been upgraded to enable shielded set rewards. This is an incentive for users to choose shielded transfers over transparent transfers and to incentivise users to retrofit privacy to as many assets that were created on other chains.

To receive rewards, users must simply transfer to and keep different assets in the shielded set. These assets are not locked in any way – users can freely transfer them around, and as long as they are within the shielded set, they will receive shielded set rewards. The protocol allocates a portion of inflation directly to those shielded accounts, retaining privacy. The rewards in the shielded set compound automatically and can be claimed within the shielded pool (or by unshielding them, if need be). The mechanism requires governance to determine what assets it should reward and the target volume.

At Namada, privacy is treated as a public good and this is why the protocol allocates a portion of inflation directly to subsidise contributions to the shielded set. In addition to shielded set rewards, Namada features retroactive and proactive public good funding mechanisms stewarded by a council elected through targeted liquid democracy.

Economics of privacy as a public good
Opening nominations for the Namada RPGF Program
Specifications of Public Goods Funding mechanisms

Shared privacy: Making privacy anti-rivalrous

Privacy sets are rivalrous in nature – rational users who want privacy will choose the largest privacy set over a smaller one, because the former provides better privacy guarantees. Through private bridges in the future, Namada will provide shared privacy, as the unified shielded set can be shared across many heterogeneous privacy chains – boosting each privacy set. This feature makes privacy anti-rivalrous: the more connected chains, the larger the multichain privacy set, meaning better privacy guarantees for their respective user bases.

A multichain privacy set formed by heterogeneous privacy chains connected via private bridges

In addition to shared privacy, private bridges enhance the privacy and UX across chains, as users no longer need to unshield their assets at any point, so even the interactions through bridges would not leak any sensitive data (e.g. the values of the transfers). Depending on compatibility, private bridges to existing chains such as Zcash and MobileCoin may be possible. Private bridges and private IBC have design challenges, for instance, tracking inflation from Byzantine chains, and we are currently investigating various options.

How is Namada shaping privacy in the multichain

Without Namada, privacy will continue to grow horizontally with more and more L1/L2s deploying privacy-preserving schemes – but due to the segregation of privacy sets, it will not result in better privacy for their user bases.

Namada gives the privacy landscape a different shape, by providing the largest possible unified privacy set in the multichain, complementing other chains by seeding/retrofitting privacy, and enabling shielded actions. This removes their need to make drastic architectural changes to integrate cryptographic schemes in the base layers. By connecting to other privacy chains through private bridges, Namada’s shielded set can be shared and create an even larger privacy set in the multichain.