---
title: 'Namada : The public goods privacy blockchain #TODO insert relevant catchphrase'
author: Bengt Lofgren, Christopher Goes, Awa Sun Yin, Adrian Brink
fontsize: 9pt
date: \textit{Pre-release, \today}
abstract: |
Namada is the first fractal instance of the Anoma ecosystem. Namada is an IBC compatible blockchain that employs a multi-asset shileded pool. The multi-asset shielded pool allows for users to make private transfers of arbitrary assets and is an extension of the Sapling circuit used by Zcash/Zerocash. Namada uses the Tendermint consensus and implements a canonical and trustless bridge to the Ethereum ecosystem.
urlcolor: cyan
bibliography: namadapaper.bib
classoption:
- twocolumn
header-includes:
- \usepackage{fancyhdr}
- \usepackage{graphicx}
- \usepackage{supertabular}
- \usepackage{booktabs}
- \usepackage{array}
- \usepackage{tabularx}
- \pagestyle{plain}
- \fancyhead[RE,LO]{}
- \fancyhead[LE,Ro]{}
- \fancyhead[CO,CE]{}
- \fancyfoot[CO,CE]{}
- \fancyfoot[LE,RO]{\thepage}
---
Transparency and privacy are two ends of a double edged sword. Transparency enables trust by enforcing easily-verifiable honesty, but fundamentally limits expressiveness. Any activity that cannot be publicised globally and permanently becomes inevitably supressed. Granted, for a subset of activity, this suppression may come as a feature, rather than a bug, as it forces illegal and malicious off the system. On the other hand, an arguably large subset is caught in the crossfire, ranging from medical records and political opinions to everyday transactions. As soon as there exists one party from which information must be withheld (on a global scale), a fully transparent model becomes unviable. We present Namada, an open-source, privacy-focused, blockchain that provides in-built optional privacy for users. Namada inherits the properties of a transparent system in being verifiable, trustless and censorship-resistant at a global scale, without sacrificing expressiveness by guaranteeing privacy by default. In this paper, we first outline the features of Namada. We then outline the stack and architecture in more detail, including high-leveled explanations for the cryptography involved. We conclude with the future roadmap and how we envisage Namada evolving.
As computational power and data storage improves, the world realises that there is a large amount of valuable information we, as people, emit. This information has a lot of different use cases. It can be used to predict and protect us from pandemics, to learn about our biases, help direct more relevant ads, and more. But as we have learnt, it can also be used in order to influence our political decisions, collect and distribute our healthcare data without our consent, and help direct more relevant ads. Our transactions in particular, are being monitored increasingly. We do not believe that this is necessarily a bad thing. However, we do believe that we, as people, should have the discretion of who is able to collect and monitor the information we emit (and what information we emit). This is the primary motivation for Namada. [//]: # (TODO: CITE CITE CITE)
We believe that privacy should be subsidised. We motivate this opinion in the following section.
In contemporary economics, a good is classified as a public good if it is non-rivalrous and non-excludable. Put simply, a good is non-rivalrous if its consumption by one person does not prevent its consumption by another person. A good is called non-excludable if its consumption cannot be prevented by any person once it exists.
Strictly speaking, privacy itself is not a public good because although it is not rivalrous it is excludable. Preventing users from entering the shielded pool is trivial. However, it nonetheless exhibits a property commonly associated with public goods, namely having positive externalities. This occurs when one person's consumption of the good benefits another person, and this positive externality is indeed non-excludable. More concretely, when one user enters the shielded pool, it increases the total privacy for everyone within the shielded pool already, and it is impossible to exclude anyone already in the shielded pool from benefiting from it.
The positive externality can be explained with a toy example (and accompanying diagram).
For the sake of simplicity, assume each "agent" in the economy is identical in terms of their preferences. We assume that the user values the opportunity to exist in a privacy set, and that the value of teh privacy set increases as the privacy set grows in size. Trivially, a privacy set of 0 people is worth nothing. Further, we assume that each additional increase in the size of the privacy set has a "decreasing marginal benefit" property, in the sense that each additional user contributes less to the overall privacy as a whole. As the privacy set grows infinitely large, the additional benefit of having someone enter the set becomes negligible. In economics, we tend to represent this through a "utility" function, that simply exists in order to measure cost and value for the agent. A natural choice for a utility function that exhibits the above properties is given by $$ U(n) = \ln (n) $$, where
Additionally, we assume that there exists some unavoidable "cost"
Because of the positive externality associated with entering the privacy set, there is "unrealised value" that is lost in the economy if users are unable to coordinate. Whilst no other user is in the privacy set, the value of the privacy set is 0, In contemporary economics, this "lost value" (shown by the shaded area between the value and the cost of entering) is referred to as "deadweight loss".
Therefore, if the protocol can incentivise a number of users (with ample sizes of assets) to enter the privacy set such that there is sufficient value in entering the privacy set, the coordination problem is solved. If the "social planner" was in full knowledge of exactly the amount of users needed in order to achieve this value $n^$, she could offer exactly the correct amount of subsidy to incentives the first $n^$ users to use the protocol and nothing more.
We suggest an alternative approach, whereby we can claim that:
If the subsidy
The above subsidy is not sufficient in incentivising users to join the network, although it does lower the threshold slightly. In the above example, the size of the privacy set would increase from 0 to ~0.6. In order to reach the critical mass, we need to incentivise for a privacy set of at least size
If we increase the incentive to be exactly proportional to the cost for the user, it suffices. An additional nice property with desigining the subsidy in this way is that the subsidy becomes easily interpretable; the total subsidy is exactly the cost to any single user, distributed across all users.
Now the point minimising the areas between the curves is given by $ \ln(x+1) - c + \frac{k}{x} = 0$ (The derivative of the integral).
This gives a set of valid points. Now, additionally, ideally, the solution is tangential to the utility curve at the intersection.
These two simultaneous equations can be solved for
Validity Predicates are the backbone of Anoma-based blockchains. In general, validity predicates specify which state changes relevant to state that it "owns" are valid in the blockchain. "Ownership" in this sense is an overloaded term, and is borrowed from its use in programming languages, where a variable can be "owned" over the runtime of a program. Validity predicates generally have "ownership" over state that it has created. For User Validity Predicates, this involves all the references to the Validity Predicates address.
In Namada, a user can modify their validity predicate in order to have control over:
- Account addresses that are allowed to be involved in asset transfers with the user
- Token addresses that may attach a balance to the user's account address
- TODO: More functionality?
*Note that unlike Anoma-based blockchains in general, all Namada validity predicates are transparent.
Validity predicates grant users functionality that is usually unavailable in other blockchains due to fundamental design choices in the VM. This functionality allows users to easily blacklist and whitelist both users and tokens. An important and relevant use case for this functionality is complying with regulatory requirements.
The Multi Asset Shielded Pool (MASP) is the primary feature that Namada offers. The MASP is inspired by the work produced by the Electric Coin Company, and implements the ideas of the Sapling Circuit directly. We acknowledge the importance of this work and therefore propose to offer the ECC team tokens of appreciation at our genesis block.
At a very high level1, the MASP works in the following fashion:
There exists two separate pools:
- The shielded pool
- The transparent pool
From a user perspective, all tokens held in the transparent pool are equivalent to holding tokens in any other transparent ecosystem. The functionality available to users are transfering assets from one address to another address, as well as bridging assets across the bridges deployed on Namada.
Assets are minted into the shielded pool from a valid zero knowledge proof that produces a "note". The zero knowledge proof is meant to prove a set of things:
- The base currency in which the note will be denominated
- The value of the currency
- The address to which the note is owned
- The epoch in which the note was minted 2
The underlying asset is sent to escrow.
Notes are transferred by constructing zero knowledge proofs that are able to nullify notes and mint them under the ownership of the receiver.
The user unshielding assets publicly reveals the information used in the minting process, in addition to its nullifier. Once this information is verified, the user is able to take ownership of the equivalent asset in the escrow contract, in addition to any allocated awards from the Convert Circuit 3.
See the relevant section for more information on the Convert Circuit
The Convert Circuit is a special feature added to the Sapling Circuit, which is handled by a native Validity Predicate.
The CC comes into action at the withdrawal of shielded assets. At the time of withdrawal, the user reveals the epoch in which the underlying note was minted. This is used in order to calculate the relevant NAM tokens that are distributed as part of Namada's subsidy for holding assets in the privacy set.
#TODO: Add Formula
We recognise that having secure, isolated bridges is a vital component in paving the way towards a multi-chain future. Given the risks associated with Bridges, we believe that users should not need to place additional trust assumptions when interacting with them. Unlike when using third-party bridges, the user will only need to trust the validators on Namada as well as the Namada on the originating chain of the asset. These are unavoidable trust assumptions. Because of the lack of additional trust assumptions, we call these briges trustless.
Trust assumptions when using bridges in general:
More specifically, take Ethereum bridge as an example. Validators on Namada will be running Ethereum full nodes, and will be tasked with listening for relevant events on the governance-specified bridge contract. The block proposer will then include the relevant transaction on the Namada consensus process. Once consensus threshold has been reached on validating the deposit, the block proposer is incentivised to include a transaction that will allow the user to "mint" a corresponding value of equivalent asset on the Namada side.
Similarly, the reverse process will allow for withdrawals of deposits on the Ethereum side, whereby validators are tasked with initialising the transaction that allows the user to withdraw the correct amount of asset from the Ethereum bridge contract.
In partnership with Osmosis-Labs, Namada will allow for private swaps between assets.