Telegram Tidbits: Late February
Gitlab, anonAssets, zkAsset transfers, v2 gas fees & more.
February 9th
Regarding the visible progress on Gitlab, community member John asked:
Hey guys I don’t understand why he can’t see the progress. Can someone help me out please? Shouldn’t he see all the V2 development?
Neo:
As we said earlier the Gitlab isn’t dead, we just prefer to work privately for privacy reasons. We are focused on building a first of its kind product, that uses a lot of cutting edge technology rushing out results is never a good decision. It took Ethereum many years to launch and many more years to become what it is now.
Greybeard:
Our working repositories are private, we only push individual releases publicly, usually at the same time as testnet updates.
February 13th
Community member Plutocat asked:
I’m wondering whether anonAssets will have mint/burn functionality directly with v2? This idea has been floated by the team in the past.
Greybeard:
Originally that was the plan and we may still include it at some point, but right now it’s not a good use of our time to develop this since only a few people would benefit.
February 15th
Community member Plutocat asked:
How do zkAsset transfers work? Say I want to send to someone, how do they get my secrets?
Neo:
They don’t get your secret, they send you their address. That’s derived from their secret.
Plutocat:
Ok, and do they need some sort of secret to withdraw or use that?
Greybeard:
All derived shield addresses and spending secrets originate from your seed phrase. As long as you have that you can create and retrieve everything relevant to you from the protocol.
Plutocat:
Oh wow ok, I thought y’all were talking about these secret notes that were like an additional key that user has to manage in addition to seed phrase in order to interact with their zkAssets.
James W:
How do such private addresses look like?
Neo:
They are hashes of 64 characters.
James W:
So like a normal 0x eth address?
Neo:
Kinda. But it doesn’t link to anything on Ethereum.
James W:
Will it support ENS?
Neo:
For privacy reasons that doesn’t seem like a good idea.
James W:
it‘s just a simpler representation of the address - so what‘s your concern? For example, it might be useful for public organizations or projects to receive private donations via Offshift.
Neo:
You will link your real id with a privacy address. Also XFT addresses are one time use.
James W:
There was a discussion some time ago about this. Looks like you‘re going for stronger anonymity.
Greybeard:
We haven’t formally decided to force non reuse at the protocol level I believe, but we will be heavily encouraging it for sure. Much like Satoshi’s advice to not reuse bitcoin addresses.
February 21st
Community member Plutocat asked:
Do you have estimates for the costs of other transactions, like sends and swaps?
Greybeard:
They should be close to deposits kinda. Minus the erc20 transfer cost too.
Plutocat:
Which is about 50k? Wouldn’t that mean transfers and swaps are 1/2 cost of deposit?
Greybeard:
Transfers and swaps are cheaper than deposits, yes. Because all they require is a private state update and 2 storage writes to create a new commitment and nullify the old one (for the base case of 1 in 1 out). And private state update cost is amortized across all transactions via the publisher fee which is set by those proving (and if you don’t want to pay the fee or need an escape hatch, you can always push your own transaction).
We have some major gas optimizations we’ll be doing soon for the publishing function now that the on-chain deposits can be removed which should bring that down significantly as well.
Plutocat:
Gotcha, so when we talk about fees for swaps and transfers, those are just paid by publisher and are fixed cost per batch of <100k gas? And all user pays is fee to publisher?
Greybeard:
All user transactions are now pushed by the publisher so they’re always paying the gas itself and you pay them.
James W:
And that means users are paying all gas fees in XFT and don‘t require any ETH to interact with the protocol? (unless self-publishing)
Greybeard:
Correct.
Plutocat:
So the 100k deposit cost could get amortized as well? Or is that fixed per deposit?
Greybeard:
That’s the cost of 1 user’s deposit, verifying the signature and burning their tokens and creating a commitment. Technically my math was off, it’s ~21k cheaper than I stated in the thread but you’ll pay that extra 21k when you spend/swap because creating and spending a UTXO costs ~21k each.
Plutocat:
So a transfer is only 21K gas?
Greybeard:
There’s a few sources of gas cost. Roughly they are:
Fixed ZK verification cost ~400k gas.
Oracle cost, which is used for swaps and called once per publish always. This will likely be low 6 figures gas.
Commitments/Nullifiers. Basically each nullification/commitment is ~21k, so every UTXO creation and spend is 42k (1 spend to 1 creation). This is the main gas cost added by individual user transactions.
The rest is batch and queue cleanup and contract state handling.
On the current testnet, publishing one transaction on its own that includes a deposit and a withdrawal in one transaction is ~800k gas. 400k of that is the verification (shared cost across all users), and 42k is the UTXO handling (not shared). The rest is roughly state contract updating (also shared), which is going to see some major reductions soon and will likely become a lot cheaper because of the removal of on-chain deposits. We’re targeting low 6 figures gas as the real cost per user, hoping to land around the cost of uniswap or lower as we get close to completion.
With the removal of the on-chain queue we can significantly reduce the amount of processing done on chain so we think the next update will bring significant reductions in gas at publishing time, though we haven’t profiled it yet. We’ll share more exact figures soon. We’re also looking into increasing the amount of transactions per batch soon which will spread the cost over significantly more users. Probably at least 32, maybe 64, but that’s just the upper limit and if someone needs an escape hatch or doesn’t mind eating an increased cost there will always be the option to push a single transaction on its own (for time/censorship reasons).
Plutocat:
Is it up to publisher to decide how long to wait before publishing? Can they wait as long as they want to increase batch size?
Greybeard:
Yeah. Since they will be competing for first submission, once the network is established you can probably expect the market to settle close to the “real” gas cost plus whatever profit the cheapest publisher will tolerate since if they don’t take it someone else might. If you wait too long someone else who will accept less profit can just decide to publish first.
Plutocat:
On that note, if a fresh wallet receives zkXFT, can they use that zkXFT to pay publisher for withdrawal to ETH?
Greybeard:
Yes.
February 22nd
Community member Plutocat asked:
Not familiar with how Chainlink oracles work, could they potentially blacklist Offshift / cut off the oracles?
Greybeard:
None of their price feed infrastructure has blacklist features for fetching price data.
February 28th
Community member Kudeta asked:
Is it true that you completed a shift with less gas than a uniswap tx?
Greybeard:
Yes, with some asterisks. In the context of a batch where multiple people share the cost of the one-time mandatory gas costs it’s true (which means you have to wait for a batch to fill up and be proven before it’s published).
For all the latest developments, make sure to join the official Offshift Telegram and follow us on X !
And keep an eye on our team member’s X accounts as well: Greybeard , n00b and Johnny !