Private Airdrops – A Framework for Zero-Knowledge Privacy

Crucial to the development of early projects, airdrops grant a promise that’s as old as civilization itself: start early and invest in us, and we’ll grant you unbridled wealth. 

After the Uniswap retroactive airdrop in 2020, the industry was flooded with people looking for the next hot thing and matured as a result. This led to a dramatic rise in the increasingly complex nature of airdrop infrastructure and strategy, such as the LooksRare airdrop vampire attack on OpenSea. 

Given the rising complexity, mistakes are bound to occur. Combine that with airdrops commonly exposing information about the token’s recipient, and the present state of airdrop infrastructure, security, and strategy looks grim, at best. 

Though, as per usual, all is not lost. In this piece, I show a system that incorporates use of zero knowledge proofs in airdrops. This novel combination of cryptography allows users to interact and participate in projects, get rewarded via airdrops, and not have to worry about their personal information being exposed. 

An airdrop is a method of promoting and distributing a project’s token to help bootstrap and provide capital, as well as increase security through decentralization. Usually, airdrops are given to whitelisted addresses who have interacted, built, or generally participated in the project during early development. There are a few different types of airdrops, which I detail below:

Airdrops are an essential part of tokenomics, and are key to catalyzing rapid development of a project. Take, for example, the accelerated growth of DEXs in the past couple of years; a study evaluating the role of airdrops and governance tokens came to find that DEXs that do airdrops have a 87% higher market capitalization. In addition, exchanges that conduct airdrops have a 7.3% higher growth rate of volume. So, it’s safe to say that airdrops positively affect the growth in volume and in market capitalization, particularly when it comes to DEXs.

Alas, airdrops contain crucial problems within their structuring, allowing for scams, privacy invasion, and increased costs for all parties involved. 

Various scams surrounding current airdrop systems include, but are not limited to: 

A recent case-study in cross-blockchain analysis revealed the sharing of addresses between chains is a serious privacy risk. In order to claim an airdrop, the recipient must reuse their private keys. The reusing of wallet addresses maps a relation between transactions across chains, inadvertently disclosing information about the recipient to third parties. This particular study looks at the case of a blockchain airdrop and its impact across three different blockchains  via address clustering to develop one-to-one mappings.

Above, we have the co-cluster graph for 3 different blockchains. Each ellipse is a vertex and represents an address cluster in a blockchain. The edges between each of the vertices represent the maximum set of addresses shared between the corresponding address clusters (squares with the same color). If there does not exist an edge, there is no sharing of addresses. These results demonstrate the impact of address clustering and moreover, show how unknowingly, participants in airdrops disclose information about their address ownership on one chain, via their activities on another.

In light of the negative exposure airdrops cause for recipients, there is a clear need for a system that: 

The solution comes in the form of zero-knowledge proofs. By integrating ZK proofs, recipients will have the ability to share pertinent information, while restricting the reveal of extemporaneous info. We call this integrated system, private airdrops. 

So what makes the integration of ZK proofs and airdrops “private”? According to the private airdrop protocol, prospective airdrop recipients will provide a message, known as a commitment, over a public channel (Discord, Telegram, Signal, etc.), very much like traditional airdrop whitelisting methods. A commitment is created when the recipient concatenates their public key and a secret integer into a hash. As a result, the prospective recipient can secure their position in a planned airdrop without having to reveal themselves publicly. 

The airdrop sender will then create a Merkle tree by hashing together commitments into a tree. Upon the airdrop date, recipients are able to claim their airdrop by giving a ZK proof verifying that they are the creator of the commitment in the tree, without having to reveal the public key associated with their commitment. In this regard, recipients are entitled to receive all the benefits of traditional airdrops, while also protecting their identity and other sensitive personal data. 

In order to make the verification possible, the Prover needs to prove knowledge of factorization in an RSA system, given the commitments. The relationship is illustrated below; c being the statement and (n,p,q,s) being the witness.

This proof establishes that the Prover will send the Verifier two commitments, c_p and c_q to p and q, respectively. Subsequently, proving that p · q = n and p ∉ {±1, ±n}. Though the latter requires quite a large proof, work has been done to circumvent this by executing the proof in a much smaller group of a known prime order (like an elliptic curve). Below, we have a fully interactive ZK proof of knowledge for a modified version of the relationship above. This protocol makes use of three sub-protocol’s, defined here. The validity and zero-knowledge of the Protocol are derived from those three sub-protocol’s.

The computation behind deriving the protocol and modified factorization relationship can get quite technical, so we leave it to the reader to investigate further.

Although we are frequently admonished of the threat of data security, the traditional internal mechanisms of airdrops infrastructure today do little to heed that warning. By supplanting the current structure with one that incorporates a novel cryptographic architecture, we can create private airdrops: this allows users to participate in early projects, be rewarded for their loyalty via airdropped tokens, and not have to worry about revealing their credentials to an unscrupulous third party.  

The private airdrop protocol caters to everyday users as well as token issuers, permitting them to bootstrap their new token via private genesis airdrops. Though the computation costs are higher, I believe that given the current accelerated development of scaling solutions, this is a justifiable trade-off. More importantly, private airdrops will go a long way to secure the crypto ethos: security and anonymity for all.

Big thanks to the work done by Riad S. Wahby, Dan Boneh, Christopher Jeffrey, Joseph Poon, and Sam Ragsdale, for whom without, this analysis wouldn’t have been possible. 

This report is for informational purposes only and is not investment or trading advice. The views and opinions expressed in this report are exclusively those of the author, and do not necessarily reflect the views or positions of The TIE Inc. The Author may be holding the cryptocurrencies or using the strategies mentioned in this report. You are fully responsible for any decisions you make; the TIE Inc. is not liable for any loss or damage caused by reliance on information provided. For investment advice, please consult a registered investment advisor.