Privacy-Protecting Crypto Airdrops with Zero Knowledge Proofs
The Ethereum blockchain is a public ledger that anyone can inspect.
Generally, all anyone needs to view the entire holdings and financial history associated with a given account is its public address. This makes the technology poorly suited for criminal enterprises, despite a common misconception to the contrary. This also means that crypto airdrops – the distribution of tokens to people’s wallets (that is, public addresses) – commonly expose lots of unnecessary information about the tokens’ recipients.
This is a problem. Crypto airdrops are a popular way for web3 projects to bootstrap network effects by incentivizing contributors, participants, and early adopters with the possibility of rewards. People should be able to airdrop tokens to their communities without asking anyone to doxx their financial histories.
So, I created a tool to enhance consumer protection, increase security, and protect people’s privacy in airdrops using zero knowledge proofs. This is a novel use of advanced cryptography that has practical applications for everyday users. Just because the default mode for blockchains is full transparency doesn’t mean everyone should have to abandon their privacy just to participate. Zero knowledge proofs enable people to selectively reveal specific pieces of information without giving up everything they’ve ever done.
The tool is especially useful in situations where the governors of a protocol wish to airdrop tokens to people according to their off-chain activities. One could imagine using the tool to reward Github open source contributors, Discord community participants, Twitter followers, Patreon patrons, and others – all while respecting the financial privacy of the receivers. Using the tool, an airdropper need not ask anyone to provide a public key – and thereby expose themselves – when participating in an airdrop.
Here’s how the system works. Prospective airdrop recipients can provide a message (known as a “commitment”) over a public channel, like Telegram, Discord, Twitter, or Signal. The airdroppers then construct a Merkle tree by hashing together a tree of these commitments. The prospective recipients can then later claim their portion of the airdrop by providing a zero-knowledge Merkle proof that verifies they are the authors of a commitment within the tree, without revealing which. Claiming tokens in this manner mixes the recipients’ public addresses with those of all other users entitled to an airdrop, thereby protecting their anonymity.
In more detail, the steps are as follows.
- Users create a key and a secret, and concatenate hash(key + secret) to create the commitment.
- The commitment can then be transmitted across a public or private channel without leaking information.
- An admin assembles a Merkle tree of these commitments and deploys the smart contracts.
- Users can then redeem airdrop tokens with a zero-knowledge proof that they belong in the Merkle tree without revealing which commitment is associated with their public key.
Web2 has accustomed people to trading their data and privacy for free and easy-to-use internet services. Web3 offers an alternative. In the new model, people can regain control of their data and selectively reveal details about themselves at their own discretion. This tool more closely aligns the state of the art in airdropping with web3’s core philosophy.
This tool may not be necessary in all cases; indeed, all that privacy-protecting computation can rack up considerable gas fees. If everyone’s public keys are already known, airdropping is a straightforward process. But there are plenty of situations, like the examples of rewarding off-chain contributors while preserving their privacy, outlined above, where the tool’s use is warranted.
You can access the tools here.
Acknowledgements: The Iden3 team has put in some incredible work building out Circom and Snarkjs for the ecosystem to use to build zero-knowledge powered applications. Separately, some of the concepts, methods, tools also come from a simplified version of the original Tornado.cash protocol.