hey kai get to see you man
hey Alan just set both you guys up with speakers with mics do you guys want to
bring in the railgun Twitter to co-host or do you want to keep it us three uh yeah
let's see if we can get them to join this bad boy should be fun I'm excited is
kai on here ready yeah it looks like it nice yep um gm kai freshly out of bed gm
hi when's the last time we all saw each other not probably down and down in beers
and Prague or Amsterdam right yeah that must've been it huh yeah must've been
either Amsterdam or were you at Rome I missed Rome okay yeah Amsterdam Wow been a
bit are both you guys gonna be in Denver I'm gonna be in Denver I don't think I's
gonna be in Denver you're always in Denver hey I mean it's hard not to go
you know I just I like going we have like you know contributors there it's a yeah
you know like I like going to honestly from like a it's fun perspective you know
I don't really I had a really terrible time at the conference last year let me
tell you that was not fun but yeah meeting people you know for like different
one-on-one meetings and stuff like that that was great it's kind of like you
go not because like the conference is good because just so many people go to
it and you know you want to sell your friends yeah I would say Denver 2023 was
good despite all of the despite Denver 2023 it was there was just so many
people there everybody was at Denver it felt like even there even though the
event itself was kind of like a good grift it just felt like real salesy you
know yeah you know which just boo I agree with them open source software yeah yeah
yeah I think I think it'll be good this year I'm hopeful bullish bullish yeah no
I am too I think it's gonna be a good time Kyle you know you think you'll be
able to make it or maybe undetermined no I'm not going I'm pretty sad I'm just
just going to European conferences now yeah an American conferences are too base
I don't know I enjoy the I enjoy the like smaller conferences and like I don't
know the city is a better yeah no and I figure it's just such a haul for you you
know coming from across the world to make it all the way to the states like
that oh yeah travel travel times not not fun right all right well I'm gonna send
this out to a couple people see who we can get it's kind of at the edge of
both of our time zones where it's pretty late here and pretty early for you Kai so
we'll see you who comes in yeah see Nate is in here fellow token economist yeah so
Kai's yeah Kai's having a coffee and I'm having a let's see this is a coffee
porter nice brewery called full steam called coffee is for closers which I
think is great it's the main amazing fun nice love it yeah see a couple people
filtering in here now so hopefully we can get a couple people in space if
nothing else everyone will enjoy the recording but by the way whoever's got
the real gun account I invited to co-host so it'll show up like that on the
recording and I'll clip everything to fast forward through our our small talk
here but you guys want to give it another minute and then get going
you guys want to kick this off Alan Kai you guys ready yep yeah cool cool all
right well welcome everyone thanks Kyron and Alan for joining today super excited
to talk to you guys about what you've been working on at railgun and yeah
just really stoked to get to talk to you guys anytime we can chat about privacy
tech or what's going on in defi or the novel cryptographic schemes that you guys
have cooking out there railgun it's a it's a good day how are you guys doing
dude TGI Thursday at least in my neck of the woods at this time yeah thanks for
going great dude what about you Kai yeah Alan I guess just reminded me it's
Friday here so that is good for me yeah let's go we're doing we're doing well
we're doing well still still grinding away awesome yeah glad to hear it I'm
glad to hear you guys aren't completely burned out I know you've been working on
a ton of stuff and are getting ready to ship some some big improvements to the
protocol that I'm sure we'll cover today but um yeah really really excited
to get to talk about what you're doing at railgun and maybe as an intro we
could talk a little bit about you guys maybe you could give introductions for
yourselves because I know you just you know we've got years of history and yeah
well go go pretty far back Kyron and I I guess both being in the Bitcoin cash
ecosystem have a bit of history and then Alan you and I go back to I guess
we met for the first time in person that you've done this year so yeah
maybe you guys could give a bit of a background on yourselves and your
involvement in the space leading up to railgun and and what you're doing at
railgun now yeah so hello I'll chime in first here yeah I guess uh yeah I got my
start in crypto in about the 2017 timeframe and yeah I ended up starting
to get really interested in crypto just from a trading perspective really is how
it happened and then just kind of went down the rabbit hole of you know DeFi
you know basically saw a bunch of tokens getting all the gains and they weren't
on the centralized exchanges and so I had to learn how to how to get out of
you know and you know that lead led me into DeFi but you know getting a bit
of a a soft docks in like a private telegram group is what led me to you
appreciate that privacy it's like a big concern for the space and yeah the the
relevant project you know started coming together I guess it was early 21 how
you can correct me if I'm wrong there I guess it's yeah 2021 which feels like an
eternity in DeFi but yeah relevant got together started coming together as a
project in early 21 there was a beta released which you know basically allowed
you to take in shield funds into a private was it just a Z address or is it
something else there's no R or something but anyway it's fine to say you know the
beta started there's been a v1 there's been a lot of improvements to the
protocol over the years and yeah I'm excited to talk about that stuff but
not before Kai energies himself yo so I'm Kai I mostly just do tech stuff and
then anything non-tech gets shoved over towards Alan's desk when I got with
crypto well I found out about about Bitcoin through certain other communities
that I was involved in and yeah made my way over to reading a white paper and
things like that eventually started like mining on a CPU then GPU I think it was a
4950 or 5850 radio that I had at the time and then I guess like I've been
involved in just random crypto stuff since then in my 2016 2017 I took a look
at it again and was like well you know I kind of dismissed all of this is just
some like this is just gonna be my hobby projects you know they're not
really gonna go anywhere I welcome them because they're interesting but like 2016
2017 I kind of flipped and I was like oh this is yet to stay maybe I should take
this I should take this more seriously and I've pretty much been full-time doing
something crypto related since then that's yeah I think and I know you're
understanding it because I know a little bit more of your story but that's quite a
history and so that can sort of lead us into our next topic how did you get
into actually I want to start by defining what railgun is but then I want
to ask each of you guys how you how you decided on railgun I know Alan
mentioned he saw the importance of privacy for DeFi D gen type
transactions but Kyron I'm interested in that from your perspective as well like
what drew you to build a privacy project but maybe first we can talk about like
what is railgun how would you guys define this yeah so railgun is
essentially a protocol that adds a new address type to smart contract chains so
you've got your standard like 0x address which anyone can look up on a block
explorer and then see how much you have and then see like what kind of random
NFTs you bought in the past and then you know someday you go on a date and
then your date looks at your ether scan and then sees that you bought that Trump
NFT and then you suddenly no longer have a date anymore or you know something like
that so what rogan does is it gives you a 0zk address which is private so only you
as like the holder of your private keys so like don't give you a seed frames
away and all of that good stuff if you if you like wanna keep your your coins
but you as a holder of your private keys can see your 0zk address but that data by
default is not published to like everyone in the world to stoke you I don't know
maybe Alan's got like some some things to fill in with what I missed but yeah
hopefully that's a good overview no I think you really hit the nail on the
head dude I mean that's basically what railgun is you can you can think of it
as like an extension to your yeah to your wallet that allows you to have like
an incognito mode for which you can you know from which you can transact with so
you can send tokens to other people you can interact with other smart contracts
you can keep tokens you know as a safe store within your your 0zk address
the the list goes on and you know it's kind of like anything a 0x address can do
a 0zk address can do but private I think that's really cool right and you know I
guess to answer you know a bit of your question mate about like why it was just
really it was just like it became kind of obvious like as I was like trading
more and more in the space that like I was like interacting with like more
people you know so like you'd have like these like silly little like you know
feel free to like throw up some reacts everybody who's listening like if you're
if you've been in some of these groups where it's like they'll have like token
allocation deals or like you know maybe they'll have something where it's like oh
we got like this super you know new token that we're really all excited about or
like maybe they're like token gated by way of lab land bot or something like
this right and so you kind of like narrow down like who you are in like these
these chats right you know over time you know so like you're in your favorite
group and like you think your friends are awesome online and you're like
dude I just got into shit coinx right and you're like oh man I'm long
um fill in the blank uh token and you know I really like the lady tip tip
you know and you know before you know it you've given up enough like heuristics of
your wallet that like someone can very readily find you on chain right and so
but that became like a problem you know so like for me personally you know like I
had a guy you know who um will say um who you know DM man was like dude how
did you get into fill in the blank token right and it was like um
how did you know that was like me you know or you know it's like why are you bullish on this
this position that you have and I'm like how does you know I have that because it's not
something I've you know really been talking about you know the old adage and crypto is
um fill then chill right you know you want to fill your bags first and so um yeah I
hadn't really told anybody about it and uh you just sent me my ether scan and that was like
kind of like I think you have like these three different moments in like your crypto experience
the first one is like whenever you realize that like you can like have your own like
like yeah you can like custody your own tokens right uh you learn that whole like not your
keys not your crypto thing and then maybe you learn that like you can do like DeFi stuff um
and then you learn that it's not like private I mean we all do it right I mean Nate let's be honest
like whenever you do a transaction with somebody else on chain let's say it's for beers somewhere
or whatever don't you go to their ether scan and proceed to like judge them harshly for like
the last couple of years yeah well me and all my friends use railgun when we're
transacting and paying each other back on arbitrary polygon for the uh the minimal gas but um
yeah but it's like this it's like this voyeuristic thing that like we kind of take for granted as being
like really abnormal right that like we can live see what someone has in their wallet just because
like we transacted with them like that's a very very abnormal thing when it comes to the state
of finance right for sure it's like like you know the original uh it's worse than the original
version of venmo like regular ethereum address user experience like before venmo started to hide
things you could go see some of your friends past transactions and and some of your um you know
some random people's past transactions you just clicked on a profile on that home timeline if
you remember allen being uh oh yeah i do statesman um you know that was that was a nightmare for
privacy but ethereum is even worse because before railgun you couldn't meaningfully hide
your account balances from any kind of prying eyes whether those are friends or co-workers or
criminals there's a lot of different threats uh as it relates to privacy but um that's a really
interesting problem that you pointed out that kind of triangulation of someone's identity
their on-chain address using just a couple of data points right it's like um
when i'm describing privacy and and like uh the nature of of cell phone networks the way i describe
it is you know you can see someone's metadata and see who they're calling and triangulate
pretty quickly who they are because you are the only person that knows your mom your best friend
your childhood best friend and your third grade teacher or whatever or maybe it's you know a
combination of three people that are close to you right that you can identify if somebody is
making calls to those or if somebody's making calls to those three people it's likely you or
you know whoever is in the scenario um and that's kind of what you're describing
from uh people picking out in discords or in telegram chats seeing that you tipped off
your bags in a few different ways and then all they have to do is look at the chain and find an
address that matches that holds those three things well it's even worse today man it's worse now
than it was before right i mean we could talk about like pervasive data collection in crypto
right that's a very obvious thing to talk about right um you know there's companies that get
paid you know millions upon millions upon millions of dollars to collect collate and sell
your data to you know their customers um i mean there's even like like docs for pay type services
like arkham and things like this like it's really kind of gotten dark but like even like just like
simple like individual choices like um taking and putting like you know i don't know token dynamics
dot eth on your like you know address or something you know and uh or like italic dot eth like you
definitely know who it is right um and so like ens is and this sort of thing of like you know made it
i think it's made it even worse like i think we've kind of like like we've taken like the
pseudonymity of like ethereum and like you like shit on it and then like with like the the network
effect like we've made it you know even worse so it's like ironic that like we kind of have to
recognize that with adoption with the network effect privacy will not get better it'll get
worse it'll get worse the more that people use it and interact with each other the worse the
privacy will be and so like we have to build things that like yeah that make it more private otherwise
it's it's i don't think it'll actually get like true mainstream adoption otherwise everyone would
know everything about each other in that whole you know financial sector and i just don't think
that that's something that most people want yeah i think that financial panopticon is probably
the worst possible scenario for crypto and the idea that everybody sees what everybody else has
and does uh with their finances except the people that are using privacy chains so maybe people
that are using monero or whatever which would end up being criminals and politicians so criminals
but um yeah that's that's kind of like a nightmare scenario would be everybody's finances are public
to everybody else so you're making a pretty compelling case for something like railgun
kai do you want to well i wonder like yeah i was gonna ask i was like kai i don't think kai you
i'm very curious like what got you into privacy yeah um i mean privacy well i've always got to be
like fringe associated at the very least with um with certain communities that value their privacy
um but i think like personally it's just like i've had numerous occasions in the past where i've been
like oh yeah well you know whatever xyz has um has control someplace for like data access and all
like i'm i'm fine given my stuff to them and then just like blindly trusting that they're
um that you know those procedures going to be followed right and then like the number of times
that i've had that particular trust in um you know whatever institution that may be
like violated um and i'm like you know like i look at those those things and now i just can't help
but um you know be super adversarial about um like oh well anytime i give out my data
like how can this come back to to bite me right um and you know at the same time like i i really
like crypto right i've been involved in it for a while i want to see it succeed but um you know
like that that adversarial thinking side of me just always comes back and it's like
yeah but you know this is like this is just a treasure trove for anyone that wishes you
like ill will right like this is just this is this is there's not even a barrier to to entry
anymore so um you know if you if you want to like make this this crypto thing actually usable right
um the the privacy question is something that like seriously needs to be tackled
and so like i don't know like railgun is kind of the the latest um and it's specifically evm
um and smart contract chains but there's been like other uh privacy projects in the
past that i've looked at um and like yeah just privacy in in crypto is just something that i
personally would really like to see succeed uh because to me uh like crypto as a whole just
can't succeed at its aims without privacy 100 i think um something we focus on a lot
at token dynamics is censorship resistance and it dawned on me this year that it is impossible
for a protocol to be fully censorship resistant without having privacy built-in at one or more of
the layers so what really hammered this home was tornado cash getting uh offact last year and then
seeing that stark drop off in depositors with jars even relayers and seeing the nodes
that were unwilling to even include tornado cash transactions in their blocks that all comes from a
lack of privacy at various layers of the stack right like if there were a sufficient degree
of anonymity or privacy guaranteed by for those actors i would bet that we wouldn't have seen
even a 20 drop in the usage of tornado cash because people would have that strong private
you know strong privacy that they need to feel confident using this tech and you know if you
extrapolate that out if you look at and take a bigger view of things it's that kind of privacy
that we need for crypto to succeed so one of yeah if you guys wanted to respond to that
go for it no i mean i think you hit the i think you hit the nail on the head man you know like
it has to be i have to be part of it i think of it more from like yet certainly censorship
resistance and like you know threat actor avoidance you know like the security by way of obfuscation
definitely is something whenever you're like trying to keep your attack surface small
at least when it comes to like on-chain activity right because this is pretty important but
i also think about it from like just like the pragmatic like boring business
perspective right let's say you want to use crypto to do payments right let's say you want to
pay for a good or a service or something like this right should they know how much money you have in
your account no no hopefully hopefully not right um and i think that like that basic
like structure should be preserved from you know traditional finance in that like if i go to a coffee
shop and you know swipe my debit card the only thing that they see is approved right and they
hand me my um very simple coffee order and i go about my way right the barista doesn't learn that
you know i have a mortgage or i don't have a mortgage and i rent or um anything else about me
anything else about me right um nor can they follow me into the future and so like this is
this is just like a very basic form of privacy that like is really underappreciated in traditional
finance that like we've grown accustomed to right and i think that you know history doesn't really
repeat itself but it does frequently rhyme in that like we we will need privacy on-chain
in order to be successful just from like a pragmatic business perspective um you know so
for like example i think that like sony very recently has started like investigating like
privacy preserving and like zk-based like uh enterprise uh blockchains and things like
this and so like there's like a clear um like institutional business need for it um or desire
for it um there's like an individual desire for it it's very obvious that we want to have this
kind of privacy it's just a matter of like building it and you know doing it in a way that is
um yeah like where people want it to be and that's kind of like where railgun aims right
it's it's designed to basically just be a piggyback on what you're doing in crypto already so if you
can do it with a public address you know be able to do it with a private address is like a very
admirable goal and that's that's kind of like the the product market fit if you will that
railgun aims for no fun nice nice yeah um that is uh i think that's a really powerful argument
especially when you give the example of just like buying coffee like everybody has privacy
to the degree they need for buying coffee from a coffee shop and we don't think much of it uh
that's my second favorite argument for privacy my third favorite is the idea that in crypto
people's defy strategies can't just be public this is another underappreciated point about
privacy and something that i like that railgun provides is like the ability to execute trades
privately uh and then something that not only individuals need in crypto but institutions
are going to need so it's kind of like um you know it's an interesting dichotomy that i see
that's been painted over the last few years of um you know dichotomy of privacy and institutional
adoption there for some reason people think that institutions aren't going to want privacy
in crypto and i think the opposite is likely true you mentioned dude it's the total opposite
right i mean think about it right if you're charging your clients like a management
and performance fee the classic two and twenty right um there is no way in hell you get to
do that if they can just copy trade you by following your wallets like yeah they are the ones that want
privacy the most right and so like this is they want they want two things right uh maybe there's
like a meme you know like you know funds were one thing and it's disgusting you know privacy
right um they want privacy and liquidity man that's it right more liquid market uh better
alpha preservation like if d5 provided those um you know jamie diamond would eat his hat and
join us and um buying and selling of you know shit coins and jpegs he certainly will at the top
yeah there's no doubt about that he's going to be completely bullish mega bullish all the way at
the the peak of this cycle um yeah i mean those are those are really good use cases and i feel
like they're they're familiar to people they're they're intelligible they make great arguments
for privacy so um you know with the context of like why railgun maybe we can start to talk
a little bit about how railgun works and how railgun does this to recap for the people that are just
joining the the way that railgun sounds like you guys are describing it's like railgun is an incognito
mode for your wallet or for your address and uh so it would appear to outside observers that
it's not the railgun or that it's not your address that's performing in action it's the
railgun smart contract is that accurate or is there more nuance there
i mean it's most certainly the devil is in the details um maybe what i can do is talk about it
from like a surface level and you know kai can you know feel free to get a little bit more into
the weeds of it technically but um you know suffice it to say if you really just take a
step back for a second and think about like the privacy problem um on on chain you have a couple
of things that you have to solve for right um maybe like um a trilima if you will right um the token
data the sender data and the recipient data that's really it right so you want to take and
privatize the person sending the tokens the tokens themselves and then you know the person receiving
them right and so you know with railgun you know the way that works is you can take in you know
deposit funds into the railgun um smart contract which is you know what you're doing is you're
actually taking the depositing and into a a zero zk address as kai mentioned earlier right so you
taking your deposit into this address now this transaction itself is not private right it's coming
from a public address this is a you know pretty public thing you'll see you interacting with the
railgun address but that's where the the anonymity starts right so you actually can take and
from that point forward let's say you know nate you have a zero zk address i can take and send
you tokens from within the contract uh my address to your address and no one be the wiser and the
way that that happens um is you know through the power and uh magic of uh zero knowledge proof
uh you know proof that kai can probably elucidate to a bit better than i but um you know suffice it
to say uh we can take and transfer value in the contract from me to you and i do that by
basically burning my right to that those tokens and reassigning the the right to you and this
all happens in like an encrypted fashion um but we also have like something in uh evm uh you know
gas payer and so you know in order to take an obviously gas you know we need to take and develop
something that allows someone else to pay gas on your behalf and this is where um something called
over layer comes into play right this is a um basically a network where people can take in um
you know broadcast a a fee to take and you know pay for the gas on your behalf and this is a
completely trustless and privacy preserving thing you know shout out to the guys at waku for
building this really really dope uh gossip network uh that's basically like um
muticating over like a mini tour if you will um very abstract for you keep it really simple
for folks right you can kind of think of this like tour you don't really know who's saying what
and why uh all you know is that you're getting a broadcast of fees you can you know agree to
pay this fee to somebody in a privacy preserving way and they'll pay the gas on your behalf and
they'll be none the wiser that it was actually alan sending nate money right or whomever or
somebody sending something right um and that's that's basically the magic right and you know
the other thing that you could do is you can interact with contracts within the ecosystem so
for example if i wanted to from my private balance do a swap through um some sort of
dex aggregator i can you know take tokens from my private address and interact with that um and it
it all just happens um just like you would expect with like a regular transaction so
um that's really it i mean maybe you know kai you can kind of you know talk about it from a bit more
um you know technical perspective yeah um so i mean like the the core
of um everything really is from um ck snarks um so to like probably the best um explanation
of how it works is uh or at least the best one i've heard is um this like where's wally example
right so if i want to like if i want to prove to you that um you know i've got some where's
wally book uh where's waldo or whatever it's called in in your neck of the woods um
yeah i i i want to show that like yes i i know where where wally is right in in this book
or one of the pages this book so i can go and like cut out um from uh from a card right
like this little circle in the middle like just big enough um for like wally um and i've got like
this big big card right and i can put it in front of the book and i can adjust the book
such that um you know like wally is in in this little circle right um and then i can show this
to you and you can look at it and you can say oh yeah well i can see wally um so like clearly
you know where wally is um but you you don't get to know like what's where um wally is in this book
because like the the cards cover in the rest of the book right um so you don't know if it's
like upside down or if it's on the left page right page or like whatever right um and and so like
like the the key um the key like takeaway from that example is um so like what zk snarks let you do
is prove that you know something is correct uh without revealing all of the details of the thing
right um and this can be extended to uh transaction systems um in in kind of a clever way uh so you can
go and show that oh well you know we all have some rules around what constitutes a valid transaction
right um so i should have some coins that i'm spending um i should like own those coins right
so they shouldn't be um from someone else's balance um and i should uh have
like like i shouldn't be able to uh you know spend more coins than i own so like the sum
of all the inputs and some of all the outputs into the turn um into and out of the transaction
uh should be equal right uh so those are like our basic rules that we kind of agree to um
on pretty much every um every crypto system um as to what constitutes a valid transaction
and so i can show you like hey i i can instead of just showing you the transaction directly
um i can just go and say well here's the encrypted like updated balance um
for me here's just like encrypted um balance that newly created for the receiver
and then i can generate a zk proof that um shows uh you know well the chain or the smart contract
in this case uh shows the smart contract that you know these encrypted balances were calculated
correctly according to the rules of the transaction system um without actually revealing the transaction
details itself and so you end up getting like a a very strong level of privacy from this
uh while still like maintaining um all of your security properties and like all your
like transaction correctness uh properties um in your system
kai that's awesome um i think i like that where's waldo explanation of how zk proofs work and i think
it's um i think that makes it very accessible hopefully for everybody in the audience i'm
curious from um you know from your perspective how strong are those privacy guarantees and maybe
if you could compare it to something like zcash monero uh the spectrum of of privacy i know that
there's there there are a lot of factors there and it won't be comparing apples to apples but
um you know how strong are the cryptographic guarantees there are the privacy guarantees there
yeah so there's there's a couple of things that go into um into like actually calculating the
ultimate level of privacy for any given transaction um like there's all of these other things like
timing attacks and and all of that which will affect um like the end result um but
essentially you have um like the privacy of your system um starts with some uh set of inputs
right so these will be like the uh total number of users or the total number of deposits
like the total value locked um the amount of transaction activity things like this right
so you can you can you can imagine there's this a fairly extensive list um of these sort of like
properties of the system that that go in um and those are all effectively just uh tied to uh user
activity right um so that's that's something that you can't really directly affect um when you're
designing the cryptographic properties system right you can't just code in um like on this day there
will be a hundred users right because you don't unfortunately computers don't have the ability to
hold a gun to someone's head and say you must use uh you must use like railgun um at 1 pm on
like friday the 18th i don't know um so uh what you're left with is you take those those things
as your as your inputs uh and then really your your um cryptographic system um like
effectively filters that into your ultimate set of privacy uh so a a poorly designed um
cryptographic system um or your probably the same privacy system i will take all of that and it'll
just give you like doesn't matter what the inputs are you'll always get zero or always get like a
really low value for the actual amount of privacy that you get right um and then you can have like
well-designed um cryptographic systems that will take all of these inputs and it'll give you like
something that's really close to what the actual inputs were right um so close to um if not perfect
right so um and and when you're designing um privacy systems you want to make sure like
you can't affect what the inputs are um like you know you can do marketing and all but like
ultimately that that is out of control um so you need to make sure that this like thing in the
middle um reduces the amount of privacy as little as possible so there's a couple of ways to
uh build privacy systems right um so there's like decoy methods which uh essentially like
take all of your inputs and then it'll like randomly sample a small amount of that and then
you'd start as your output so beyond a certain point your um usage and all and all these inputs
can grow but you end up getting very little benefit to the actual amount of privacy the
actual amount of privacy on the output right um and then you've got uh things which are like
built they generally tend to be built on um on zk um models so zk snark models um but they
essentially have a a global accumulator um that you update um so like a accumulator is
just this kind of data structure um that can like cryptographically show that you know everything
um all of these different things that you want in some like set so for example all the coins
that are in your you know privacy system all of those belong to a certain value um and i mean i
won't go too uh too far in depth but essentially it lets you show that in a cryptographic way and
because it's a cryptographic way uh you can do like zk uh zk snark proofs over it um and um
things which are designed like this where essentially you're you're taking the
entire set of the system and then you're saying here was the state before here's the state after
um that's taking in all of your inputs and then spitting that out as your output right
uh and so that gets you um you know like it's it's never going to be perfect um but it gets you
as close as you can get to like perfectly taking in all the input side of your equation um
and transforming it into the output um the actual results in privacy um so once you get to that
point um there really isn't anything more that you can do to make um the cryptography of the system
stronger to um increase privacy because you're already kind of perfectly transforming the noise
and the input into privacy um so that point it's just like okay well we've got this
very strong cryptographic guarantee um how do you make sure that the the usage um and the kind of
noise that you have on the input side grows so that the output side can like um grow alongside it
um and i mean i guess that's that's probably um in allen's uh realm but i don't know if he
wants to talk about that a bit but um yeah yeah i mean i think it's really just about like
you know composability right you know so like how much how much can you do with the contracts you
know so like railgun beta um you know sort of started out um gosh how did it start it out
basically like no relayer so like no privacy of like gas payment right uh there's just like a
proof of concept that like you can have this you know utxo contract within ethereum land
which is well and good but then um it got a little bit more sensible if you will um and you know such
that like you know v1 came out and then you could start to do um you know a little bit more complex
stuff right um and so i think like the the way to get like really good multi-ferious at least
in a in a deep fly environment right is that you know a way to get like really good multi-ferious
inputs is by like how flexible the contract structure is right i mean which i mean railgun
is pretty it's pretty good right i mean you can basically arbitrarily call any contract that you
would like um you can do multi-sig threshold sig and the list goes on right so you can actually
do a bunch of different things with the contracts um and so i think but like the like the more
malleable and flexible the contracts are to someone you know like someone's use case like
the more likely they are to to use it and keep funds in and this increases um the
like the noise the anonymity set right um yeah i think that like
i think that's getting better with time right you know so like we have like v2 now
uh like these new circuits that make things cheaper to use and then you know v3 coming out which
should make like these d flight interactions even you know even cheaper to use so um it's definitely
like a um a progress bar if you will you know uh not necessarily from a privacy perspective
you know i think the cryptography has been good for a very long time but uh from like the um
you know the usability for it beyond just like a payments infrastructure you know it started out
there was only just swaps and then you know there was an integration with ens and coinly and
unstoppable domains and then um you know beefy and you know now there's different things you could
do like lp and you know as that grows like the the more um yeah the more usable your private
balance becomes the more likely you are to use it the the greater the anonymity set for everybody
using it and yeah you get this like nice piggyback effect with time yeah i mean that metcalf's law
right like the value of the network grows proportional to the square exactly right of its
participants yeah um so this is the kai that was really interesting background and i appreciate
that you went into the different types of privacy systems um i feel like we've given the audience
enough of a breadth of like a background on railgun so i'm going to ask more of the maybe more
technical questions that i'm really interested in because i am curious about um you know you
mentioned your experience starting with just the utxo system and then adding relayers that was one
of my questions that i did want to ask you guys was like how did you uh how did you realize
that you needed this um relay system to provide those privacy guarantees i feel like you've answered
that um you've also hit on the uh modularity of the contracts which is something that i really
admire about railgun and you talked about you've got saw upgrades in v2 and i know you guys are
working on v3 which is also going to be modularly interoperable where the contracts are modularly
interoperable um can you guys talk a bit about what upgrades you're doing and how that's going
to affect the privacy of the network user experience and and things like that um sure um so
i mean if you like really want to be pedantic about things um you know the current v2 architecture
can effectively do everything um that you want um on ethereum but it it's not going to do it
in like the most optimum way right so um the the way that it it does things is um
well the way that interacts with other other contracts is you'll have a let's say you've
got like a multiple contract so like something that can execute multiple arbitrary calls uh sequentially
in a single transaction um so you take this this contract and at the start you send a unshield
transaction to the uh railgun contract uh you fetch out the tokens that you need to use
you then take those tokens and you interact with uh whatever a
uh defi um system you want to interact with and then you take those tokens um like at the end
so let's say you like unshield it and die and you want it to like scale into eat right
so you unshield the die um you take those you're like swap it on uniswap for eat and then you
take the eat at the end of it and you uh reshield those into railgun right um and now you've got
your like new eat balance uh the problem with that is because the uh railgun contract is giving up
control of the um of the transaction to this like external multiple contract um
for security reasons it needs to um like commit all of the state changes every time it gets called
um and the the largest um like consumer of gas within the railgun system is committing the
state changes right so you've got to uh you've got to update a um uh Poseidon Merkle tree so
it's Poseidon because it's uh it's not friendly um but because it is Poseidon right so like if
if you updated a catch act tree um it would be significantly cheaper but because it's Poseidon
um that tends to get a little bit more expensive um on on the EVM um and and so
you end up having to do these um updates each time um and and this cause like you know costs a fair
amount um so when you do your like your initial on shield to get the tokens that's one state
update and then when you do your ratio it's another state update uh so what v3 does is it kind of flips
those um flips the the the like hierarchy of those contracts around um so instead of um
instead of like having a um like an external contract call the railgun contract to fetch
the tokens out and then do whatever um it the railgun contract will say oh well i
get this transaction um i see that it needs me to go and call this external contract
so i'm going to take this tokens and i'm going to call this external contract and supply those
tokens alongside um alongside this call so that it can do whatever it needs to right um so it'll go
fetch the tokens do this call uh when the external contract either like reverts and the
whole transaction reverse or um if it returns right it'll get the resulting tokens back from that
and then only at the end of the transaction does it go ahead and commit the state updates
and because the the state updates like all of them are done in one batch at the end
um you end up like effectively halving uh the cost or close to halving the cost of the state updates
um for that transaction right and so you end up saving like a fairly sizable chunk
um in yeah you end up saving a fairly sizable chunk um of gas um in that um and this there's
some other like interesting um things that you can do um with v3 so uh things like you know like
simulating an um allowance right or like emulating an allowance uh so that uh protocols that would
ordinarily like require a um yeah that ordinarily would require an allowance um like in between
transactions can still uh function uh with railgun without that so um you've got things like
i don't know there's the the myriad of rfq systems um like for example calswap
um so those sort of things could be uh executed um through this through like new kind of verifiers
um so like one of the things v3 does is it introduces kind of application specific verifiers
so you can uh sort of um adjust the transaction flow a little bit to uh better suit your very
specific like if you've got a very specific use case and that could benefit from that
um and there's a couple of other like nice niceties in in there that just generally makes using railgun
um like cheaper um and i think that's like the the cost of um gas right now is
um to me at least the biggest um ux huddle um for using railgun so um like anything that
that brings that down is kind of a big uh a big like benefit in my eyes
so cost of gas is like the most prohibitive um you know hurdle for users and v3 is going to take
that down by do you have figures like are you expecting by half by um 20 30 what's your
intuition on that or is it too early to tell it really depends on the use case that you're using it
for um kind of like napkin map um would say that like the typical like defi interaction for example
uh would come down by about 40 percent um you know probably a bit more
but the 40 percent is kind of like a conservative estimate there um yeah other sort of use cases
should also come down but those are a bit more kind of like unknown um in terms of
gas savings um until we like really have hotter performance numbers yeah i mean 40 percent
big and you said it could be even more than that so that would be phenomenal um that would definitely
you know hopefully that would get uh twice the number of transactions if there's some kind of
elasticity of demand there from the user perspective and i'd imagine there are
some other upgrades that you could do in the future um that might not be possible technically
right now or feasible with the um you know the amount of uh the amount of eyes that you have on
the protocol and people working on it but what are uh what are some of those things that you're
hoping to upgrade to in the future or what technological unlocks could ethereum have that
would um make railgun even better or even easier to use or cheaper to use
let me think i'm i'm i'm gonna bring back the Poseidon precompile EIP
um yeah there's the that's a Poseidon precompile um i think that's that EIP sort of been in limbo a
little bit um the thing that comes to mind for me it's Kai we talked a little bit about this but
um and this is not something that would necessarily directly improve the railgun experience but the
wormhole the zk wormhole for e i think it's EIP 71 something do you want to talk about that
or should we gloss over to the next question um no i can i can talk about that i i was actually
like literally messaging allen she was like yeah i was like yeah let me get my yeah hold on let me
get my popcorn yeah so i i think i mean i i i've had this conversation a few times because uh
people have um brought this up and they're like oh well if like ETH goes private then
what's the point of railgun right um and i my my somewhat unexpected answer is that yes i hope
wormhole goes through um because it's going to be a big benefit to railgun right um so if you think
about the way that wormhole works um you can take some ETH uh you send it to a um to a burn address
right so you randomly generate a burn address and you can you can prove that this address is
a burn address uh but um you can't like an external observer unless you reveal it to them
to them it just looks like a regular address right and so like you you send this this ETH out
it gets burnt and then you generate a um like a zk proof uh to show that like
you mint new ETH to a new address right uh with the zk proof uh that shows that you're minting
from some burnt address right um and because it's a zk proof it doesn't actually reveal which burn
address you're minting from or that it was a burn address in the first place um and and that
effectively makes the privacy set of uh ETH um like not not talking Ethereum i'm talking about ETH
the the asset right um it makes the privacy set of ETH effectively equal to the entire Ethereum
blockchain um with like some caveats on there it's not perfect but um that is that is big news
right that's that's really good for privacy uh but there's there's a couple of drawbacks to this
right so your your um ETH you can't um you can't really use that for DeFi
um so like what do i what do i mean by that right like you you have ETH you send it to a new um
you send it to a new address and then like every time you want to go in and and use it you
effectively need to go in like like oh i've got some position in in like shit coin a right um i
want to maintain that position but like i want to transfer i've got to like convert that down
into ETH and then um hold it over and then like convert it back uh because if i if i go and send
all of my shit coins uh alongside each other then people can kind of match up by looking at like
oh well there was like shit coin a b and c on this side shit coin a b and c on this side well
it's the same person right so even though like the the amounts and the kind of bit in the middle might
be obfuscated and they can still figure it out um by the the endpoints right um and there's
there's ways around it where you like can constantly spin up new addresses and like only
use an address for a particular position and when you're done you spin it back down into ETH
and then you transfer the ETH to another fresh address and then you spin that up into a new
position and it's like it's not it's not easy for position management at all right so like this is
what i mean by it's not um or i should probably just say it's hostile to DeFi because yes
technically you can use it right but it's just not um not a good UX um but but what this does
give you is because ETH is the native gas token on Ethereum right what it does give you is the
ability to have effectively a gas account that is um natively private um and because it's natively
private um like ordinarily you'd effectively have to do like a gas station network style
um transaction where like you've got some output within relgun which goes um to
a relayer and then the relayer goes then um like their ETH balance is deducted in order to pay the
gas um you wouldn't need that anymore you just you have your private gas um account you have all
your DeFi tokens in relgun you take your private gas account you use that to pay um for the gas
to like do relgun transactions like now it's just fully end-to-end private you don't need to worry
about anything um anything else you just you have your own gas account you're done right um
and it's something that you can do within relgun right now um where you effectively you like
shield some ETH um and then you pull it out into a self-relay account right so you can like
send some ETH through relgun into like a freshly generated Theorex address which you then use to
self-relay your transactions um but that's like that's something that um you know more advanced
uses might be more comfortable with but it still requires a like a little bit of manual management
of of these like gas accounts but having something like natively um on Ethereum where it just
privatize uh your gas accounts you're just like that that solves that entire UX problem
um and it's probably just like at that point it's just the end of relays I think um
which um I'm certain a couple of people might be um sad to hear but you know um hey if it if it
makes privacy easier to use then um I'm all for it yeah I think um middlemen don't like
being disintermediated so that's uh you know that's my position on that I think that would
be phenomenal and I know when we spoke about this I think there are a couple um couple
implications of 7503 going through that would that would just mean a lot for for privacy on
Ethereum so I I posted EIP 7503 in the comments it's uh they call it ZK wormholes for ETH
and um you guys should check that out and if the debate comes up please stand this EIP
because um it would be a huge deal I mean we would essentially have privacy on Ethereum
between EIP 7503 and Railgun so um yeah I really appreciate hearing your thoughts on that Kai
Alan do you want to chime in on that or anyone we mentioned Poseidon having like ZK
interoperability native in Ethereum um but anything else you want to chime in on or
no I mean I think Kai really hit the nail on the head on wormhole I think it'd be really
interesting to see like um a like native to ETH way to you know have like a self-signer
for Railgun that'd be really trick um you know I do have like general concerns on like um
making sure like it's truly set up really well to avoid uh any potential like infinite
MITT type uh yeah well that's going to be the Bitcoin maxis uh number one talking point forever
you know will be you can't audit the supply they added this in and it's because they are
bought out by BlackRock and they're just minting infinite ETH or whatever email
well that's well ironic because then they get the ETF first uh yeah I've been uh seeing some
news there might be an Ethereum ETF I think that's going to be the next narrative
yeah um well anyway um go ahead yeah I I do actually find that kind of odd because
I mean there is a very simple way of auditing the supply right like you you um you take the
like all the ETH that exists in the system right minus everything that's been minted through wormhole
and to be frank the um cryptography behind zk systems has actually become very kind of
hardened um especially thanks to to zcash for like pioneering a lot of that cryptography
um so like it's it is actually pretty straightforward to to audit the supply um
yeah I it's not going to stop it from being a point of thought that I just wanted to call that out
oh right yeah that was kind of like my fun fun is very frequently like baseless but
fun nonetheless right for sure for sure um I think Kai in that case it would that would be
assuming that people don't go back out of uh privacy like a private um amount of Ethereum
right or like that they exit back into uh that they unshield so to speak
um so the wormhole the wormhole EIP isn't a like it doesn't designate a separate privacy pool
it it does just literally you burn ETH and then you get um you get the stuff out the other end
um so you burn it somewhere and then you mint it somewhere else
so like because of that there's no like internal transaction so you you you do actually
I'll just go in and out yep right okay yep now that makes sense um cool all right well um
yeah if you guys uh anything else you want to share for the audience anything we didn't hit on
Kai or Alan and then I'll maybe if you guys have a couple minutes
if anyone has questions they can post them underneath this space in the comments there
I think the thing that I'm really excited about in terms of like the
like you know like the railgun ecosystem is like there's been like a big pivot
um and research of contributors to this thing called like railgun connect and so to kind of
set the stage a bit on it um we basically previously you know we're developing like a
really strong SDK that will allow people to build you know incognito modes into wallets or
um private transaction mechanisms into their dApps and this sort of thing right and have this be
like the privacy SDK of DeFi and very admirable um and definitely something that um works in fact
uh you know railgun brought privacy to a lot of different things right you can take and swap and
provide LP and you know do farming through beefy and all these different things NFTs right well
this goes on right um and I think that there's been a bit of a pivot around this new thing
railgun connect uh that I'm actually really really excited about um I'm wondering maybe Kai
you can tell us a little bit about like what the hell is railgun connect it's been like a mythical
beast for people who've followed the project long enough it's been like this mythical beast in the
woods that like has been lurking for years now that might actually come to fruition soon enough
yeah so um og railgun connect was kind of just a a way to connect a railgun wallet to a dap front
end and then uh um but you'd have to get the the dap front end to kind of like implement the
the methods to um work with railgun um the the uh kind of design that's been
um researched a bit more recently and uh you know seems a lot more promising
is um where rather than like relying on on daps to implement railgun specific stuff
the the railgun wallet essentially like or like the the railgun connect extension can
um sit there pretend to be because you know the extensions can sort of arbitrarily pretend to be
um of whatever right we can claim that um it's any um address so if if if you've used
any of the impersonator extensions or um like even frame and just added a watch-only address
yeah i was about to say even frame you know like they're like shout out to those dudes like i
i absolutely love that feature yeah so so like even like you can you can just add an
arbitrary address and then connect to a dap front end right you just won't be able to
sign any transactions with it um so there's there's absolutely nothing stopping from a um
an extension from just going and saying hey i'm the railgun contract right so um what it can do is
it can sit there at all it can um pretend to be the railgun contract right um and then whenever
you go and interact with the dap um there's this there's this thing that um uh called like
uh network talking um that if you've gone and used tools like um i don't know ganache hardhat foundry
any of these sort of like theorem developer tool chains you'll be familiar with it
um and essentially that you go and um take the exact like the current state of the network
um at a particular block height and um you can go and say hey like i'm going to take this state
and then instead of like continuing on with the main chain i'm going to go and like
you know have my own like local network that starts from that block height right um so you
like carry over all of the the state of the the the current Ethereum chain right and because that
network's local um you can kind of do whatever you want with it right like you're the only
validator on it so if you want to like hard fork in like code changes or whatever that's possible
so one of the things that so like the the railgun extension or the railgun extension
rogan connect extension um would like take this um network and um essentially just like simulate
all other calls um locally and like store the results and you know it after there's a couple of
other things that are going to have to sit there and intercept like RPC calls uh from the DAP but
that's you know kind of like implementation details um but because it's in there and simulating all
the calls locally the DAP will like or the DAP front end's like oh yeah there's those transactions
are going through and I'll let you progress through all of the steps right and then once you're done
with um once you're done with like your interaction right so let's say you go onto onto Uniswap right
your first thing would be oh I need to approve this ERC20 for trading um so you hit approve
right I don't know you like let's say you've got your DAI you go underneath right so you approve
your DAI for trading um that'll be the first transaction the second one you like actually
submit it for swap right so that second transaction goes through and you get your um
you get your ETH out of the end right so the railcon connect um extension will capture those two
right and then because all interactions from the railcon contract go through as a multi-call
right it can just take those two two interactions join them together um package them up in this
multi-call that the railcon contract does um and it can go and submit this on chain
as like a single transaction and then you're like your whole interaction
it just gets executed right so you get your Uniswap trade you get your ETH back
and because it's um kind of stubbing out or it's impersonating a regular like ethereum address
so even contract addresses are regular ethereum address and instead they just happen to not have
a private key they have code behind it instead so because it's like impersonating this regular
ethereum address the the like DAP front end is quite happy to go along with it
and now you've effectively like got access to all of these different DAPs
um through their like native front ends without having to build out um you know
like railgun specific integrations for each one you just use the DAPs that you want to
wow so basically for the last couple of years you guys have been trying to get integrations manually
and one by one it's been painstaking and you're working on railgun connect and it seems like
it's in sight once you get that it's just like the holy grail it's all of the integrations
without having to do yeah exactly right yeah all your integrations aren't belong to us you know
that's that's what it becomes you know like and that's what's really cool about it right it really
taps into that like permissionless ethos like relevant connect is really sick and that like
it allows you to yeah like do literally like the the goal for railgun like we talked about it very
early in this nice little space here um is that you know we want to be able to do everything that
a zero x address can do with a private balance this is why people contribute to something like
railgun right and do it privately um and yeah this is this is kind of like the
i don't know like the the cherry on top of like years of work like it's uh
it's it's pretty it's pretty rad dude it really is yeah this would be huge i mean there's a
there's a handful of apps that i can think of that would be awesome to have integrations with
i think umbra is one that's top of my list but um topic maybe yeah dude that'd be really sick
you know like umbra is dope yeah they you know we work with some of those guys on like token
shoulder and things like that the umbra guys are sick yeah they're top notch and um yeah i think i
think an integration getting people to pay through umbra directly into uh railgun would be awesome
and that might be a different type of integration um than uh than the ones that you were talking about
but um yeah railgun connect sounds really extremely bullish um do you guys have a
like a timeline or kind of a a loose idea of when development for that will
will come to fruition or is that still quite a ways off
i don't know kai what do you think um i mean it is like
the the problem of building really cool privacy tech is it's also some of the most like
complicated stuff that you can um build on ethereum right um so i i think like the
what's like just around the corner for us is um very different to what's uh just around the corner
for uh like say um yet another uni-stop clone right um so it's it's definitely like something that's
i think um a high priority for research um and a high priority for for contributors
um and and should be you know something that's that's uh probably ready to to to go out to um
go out to public um like very soon in in the like timeline of of upcoming releases
uh but yeah keep in mind that uh we generally have a lot of like this there's a lot of uh
going back to um the drawing board on certain components uh because of recession pan out and
things like that um that that could uh could mean mean timelines a little bit um or um
a little bit longer than people expect at times yeah definitely it makes sense i mean when you're
solving problems as complex as those that you guys are solving a lot of the time you get
you know three quarters of the way down the idea maze and and you're coming to the end of
of uh a path where you're trying to map out solutions and then it's like nope all of these
are dead ends and then you have to revert backwards and so that can be uh really frustrating
but also is what makes railgun that much more impressive that you guys have gotten this far
and um are are basically you know the the most private uh way to interact with ethereum
and uh really cool to hear that you guys are also um that you're also building ways to make it less
gas intensive so um yeah awesome awesome to hear your progress on that uh any any final thoughts
we're coming up on on you know what i considered time here we've been here for about an hour and a
half um i want to be respectful of both of you guys time do you guys have anything else you want to add
no i'll just say definitely fun chatting again man it's been great catching up
um and i appreciate you having us on
um yeah i mean it's been it's been good uh being on um i don't know what the next uh conference
we're going to catch up on is uh but um yeah let's let's grab a beer
definitely yeah it's it's been my pleasure and thank you guys for coming on and talking about
what you're building um i love staying up on it and uh and i think the audience really
appreciates what you guys are doing at railgun um and i guess a final shout would be to any
contributors who are interested in building privacy tech please please look into railgun reach out
to these guys because railgun in my opinion is the most important project on ethereum
so uh would love if if you guys had extra help in building out railgun connect and these other
features that you're working on um but yeah as far as conferences uh alan i'll see in denver
and kyle i'll see you in europe at some point this summer uh almost definitely and uh hopefully
hopefully crossing paths a few times uh this year so thanks everybody for coming in it was a pleasure
speaking with you too and i'm looking forward to catching up with you in the near future
here's chips see ya later guys