top of page
  • Tiena Sekharan

Railgun (RAIL) - Regulated Privacy on Blockchain

Blockchain has a privacy problem

Public blockchains are completely transparent - If you send me some tokens, you’ll reveal your wallet address. That is all I need not only to know how much money you currently hold in that wallet but also details of every single time you’ve received or paid funds.

This could be a barrier to blockchain adoption.

There are many genuine reasons to want financial privacy:

  • I don’t want my neighbors to know my salary

  • I don’t want strangers to know my net worth

  • I don’t want a busybody to copy investment strategies I’ve meticulously designed using skills honed over years of study

  • I don’t want the world to know which charities I support. Partly because I don’t want people I support to think that they owe me, and partly because I don’t want to be on the firing line if the causes I support are unacceptable to certain powerful factions.

I understand that privacy tools are attractive to people engaging in illegal activities but that does not give anyone the right to take away my privacy. 

Businesses also need privacy:

  • A trillion-dollar asset manager who has decided to build a billion-dollar position in a particular token needs privacy. If others get to know that they’re interested in a specific token, they’re likely to front-run.

  • Data protection regulations in several countries require firms to protect consumer and employee information. Companies are required by law to protect customer transactions from prying eyes.

Several tools have therefore been built to bring privacy to blockchains. The most well-known among which is Tornado Cash, whose developers Roman Storm, Alexey Pertsev, and Roman Semenov have been charged with money laundering and sanctions violations. Tornado Cash is known to have been used by terrorist organizations including North Korea’s Lazarus Group.

The intractable question remains - How can blockchains provide privacy to law-abiding citizens while being unavailable for illicit purposes?

One solution discussed by the Federal Reserve Bank of St. Louis in collaboration with Vitalik Buterin in the paper “Tornado Cash and Blockchain Privacy” is “Privacy Pools” where one uses mixers for privacy but voluntarily discloses required details to entities like regulated banks, governments and auditors. You can read about it here.

Railgun may be the answer to the privacy problem

Railgun is a privacy protocol with the endorsement of Vitalik Buterin who has publicly transferred funds to Railgun.

In addition to offering more functionality than Tornado Cash, Railgun also has a mechanism for sharing transaction details with auditors. Thus it affords both privacy and adherence to the law.

How is Railgun superior to other privacy protocols?

The basic architecture of most privacy protocols to obfuscate the source of funds is quite simple. Users deposit funds into a pool from wallet addresses associated with their identity and withdraw funds to a completely different wallet address. No one, including the developers who build and/or maintain the protocol, knows which withdrawal is associated with which deposit.

So if you want to donate to a charity promoting women’s reproductive rights, you can deposit funds in say USDT into a mixer and withdraw USDT to a wallet of said charity. This way no one else can know that the charity received funds from you. 

While useful, this is a limited use case. Railgun goes beyond this. Railgun makes the following also possible:

  1. Deposit token A into the pool and withdraw Token B out of the pool. Eg: deposit wETH with your known wallet and withdraw USDT into an unconnected wallet

  2. Transfer additional token standards like ERC721 and ERC1155. This means that Railgun can be used to anonymously transfer NFTs or provide liquidity privately to Uniswap V3 who’s LP tokens are NFTs in the ERC721 format.

  3. Interact with complex smart contracts privately. Eg: Execute transactions like swapping tokens on Uniswap or lending on Aave without revealing your identity.

  4. Pay gas fees in your preferred token. You don’t need to go through the extra step of acquiring native tokens of the underlying blockchain to pay gas fees.

  5. Provides a special viewing key for entities like auditors to prove the legality of your transactions

How does one use Railgun?

Generate Railgun Wallet - To use Railgun, one needs to generate a Railgun wallet address. The process is very similar to generating any normal Ethereum wallet address. The main difference is that, unlike a normal Ethereum address that starts with 0x, a Railgun address starts with 0zk.

Transfer funds to your Railgun Wallet - Transfer funds from your external wallet to your Railgun Wallet. This step is called “Shielding”. Funds move from a wallet associated with your identity to the Railgun Pool or “Anonymity Set”. Only those with the Railgun wallet keys can see balances or transactions in the wallet. For everyone else, the funds are part of a pool associated with all Railgun users.

Actions within Railgun - While funds are in Railgun, you can:

  • Transfer funds to other Railgun addresses anonymously

  • Execute DeFi transactions like Swaps on DEXes and lending and borrowing on liquidity protocols anonymously.

Withdraw funds from Railgun - Transfer funds to an external address through “unshielding”. While the external wallet will be fully visible, only those with the sending wallet’s keys can know which Railgun wallet the funds came from. For everyone else, the source of funds will be a Railgun Broadcaster’s wallet address and can belong to anyone who has contributed to the Railgun Pool.

How does Railgun work?

Once funds are within Railgun, the wallet address, the token type, and the volume of tokens are all hidden. 

Similar to Bitcoin, all wallet addresses and balances are represented as UTXOs (Unspent Transaction Outputs) in a Merkle Tree. The difference is that Railgun’s Merkle Tree is encrypted.

Community Broadcasters are the key actors within Railgun. They have a public 0x address. When a Railgun user initiates an unshield transaction to send funds to an external address, internally their 0zk address is debited, but externally it appears as if the the Broadcasters 0x address has sent the funds. 

Even the Broadcaster does not know who’s funds they’re sending as the Merkle Tree recording balances is encrypted. Users prove that they own the funds without revealing details of the funds or any personally identifiable information through the use of ZK-SNARKs, currently the most popular Zero-Knowledge Proof Technology.

Users who want to execute a transaction, select a Broadcaster based on fees, availability, and reputation. Transaction data is encrypted and broadcast with an extra note addressed to the selected Broadcaster using their public key. All broadcasters try to decrypt every message broadcast. The ones they can decrypt with their private keys are meant for them. 

Broadcasters verify, sign, and submit transactions to the blockchain. Post submission, they broadcast the success or failure status which can be decrypted only by the user with the relevant private keys i.e. the original sender of the transaction.

At no point does the Broadcaster take custody of the funds. They simply validate the transaction and act as a conduit to transfer encrypted information to the underlying blockchain.

How do Broadcasters ensure that there’s no double spend?

With the Merkle Trees encrypted, how do Broadcasters ensure that users are not spending the same tokens repeatedly? This is done through the use of nullifiers. When tokens are spent, a Nullifier is generated and shared with the platform. Only the user spending the tokens knows which Nullifier is associated with their tokens but the entire platform can see the Nullifier itself. If the user tries to spend the same tokens again, then they will need to reuse the same Nullifier. When Broadcasters see that a Nullifier is being reused, they will treat the transaction as invalid.

How does Railgun help with Regulatory Compliance?

Railgun wallets have 2 types of keys:

1 Spending Keys - These are similar to keys of regular cryptocurrency wallets that allow one to spend tokens.

2. Viewing Keys - With these keys, one cannot initiate transactions but can view transactions within a specified time range. This can be provided to auditors or used to share transaction information with regulatory bodies to prove the source and/or use of funds.

How can one maximize privacy?

One can use Railgun on Ethereum, Polygon, Binance Smart Chain, and Arbitrum. Among these, the volumes are highest in Ethereum and hence the maximum privacy is on Ethereum.

While platforms like Railgun offer privacy, remember that on-chain analytics tools are becoming more sophisticated. Certain tricks can increase anonymity:

  • Let there be a gap between a deposit and a withdrawal. Withdrawals are more likely to be linked to recent deposits.

  • Withdraw a different value than you deposit. If there’s a deposit of 2.768ETH and withdrawal of 2.768ETH then an outside observer is likely to believe they are connected.

  • Use Railgun to achieve privacy in tokens that are plentiful within Railgun. If you are the only one depositing SmudgeCat, JunkieCat or MoonCat tokens then you’re unlikely to fool anyone when you withdraw them

  • Swapping tokens within Railgun environment increases privacy as you withdraw a different token from the one you deposited.

Why am I excited about Railgun? It can enable regulated financial institutions to deploy on public blockchain

Most blockchain projects undertaken by financial institutions and Central banks use private blockchains. Private blockchains offer greater control and privacy, and protect from the wild west of crypto with its hacks, volatility, and financial crime risks. 

This, however, is leading to siloed innovation, fragmented liquidity, and non-interoperable use cases. The true benefits of blockchain like decentralization, P2P transactions, interoperability, immutability etc can only be achieved in public blockchains.

A Railgun-like solution (Let's call it Railgun(Pvt)) could be an ideal first step in the journey toward public blockchain deployment.

  • One can have whitelisting criteria for the creation of Railgun(Pvt) wallets. This will ensure that transactions within Railgun(Pvt) environment are between KYCed parties.

  • Railgun offers privacy in transactions. While these transactions will not be visible to anyone except for the parties to the transaction, financial institutions who have KYCed the participants can be provided viewing keys for tax, audit, and other regulatory purposes.

  • One of the biggest technical leaps of Railgun over other privacy protocols is the ability to interact with external dApps anonymously. If Railgun Wallets can say execute a swap in Uniswap then they could be transacting with unrecognized wallets. To prevent interaction with non-KYCed wallets, one can make Railgun(Pvt)wallets interoperable only with private liquidity venues (intra-day Repo platforms built by banks, private liquidity pools within Aave). If in the future public blockchains develop further protections, we can consider opening this up to all liquidity pools in DEXes.

1 view0 comments


bottom of page