Railgun (RAIL)

From CryptoWiki

RAILGUN can generate a verifiable report of actions and balances (for an auditor or compliance officer, for example), with a privacy preserving Zero Knowledge method.

Basics

History

"In July 2021, a (mostly doxxed) group of contributors released open-source code for the RAILGUN Privacy System. A month later, the RAIL token was airdropped, and governance code was deployed, creating the RAILGUN DAO. Shortly thereafter, the RAILGUN DAO’s first vote was to launch the RAILGUN Privacy Contract on Ethereum.

Since then, RAILGUN DAO contributors have continued to develop the RAILGUN Privacy System,  releasing the RAILGUN Privacy System 1.0. Additionally, RAILGUN began its multichain expansion, launching on BNB Chain and Polygon. In late-June 2022, RAILGUN was tested for the first time by partner project Railway, a privacy-focused wallet that uses the RAILGUN SDK. In November 2022, the rollout of RAILGUN 2.0 began."

Audits & Exploits

  • Bug bounty program can be found here. Highest payout is $250k (8-11-2022).
  • From their website (8-11-2022):

"Audit companies that have examined RAILGUN’s code include Trail of Bits, ABDK and Zokyo. ABDK are domain experts in cryptography and zero-knowledge proofs. They invented the Poseidon hash system, an essential part of the RAILGUN system."

Bugs/Exploits

Governance

Admin Keys

"There is no admin key or single API that the RAILGUN protocol depends on.

The long answer is that there are no admin keys whatsoever – all contracts are owned by the governance contract so only the voting process can change anything. As for APIs, all data needed for the protocol to function is available on-chain. State change data is emitted as events and all transaction validation happens in-contract. Individual frontends may pull data from APIs (such as a quick sync API to speed up initial load or something like coingecko to fetch prices) but none of these are required for the protocol to function.

As long as a user has access to a frontend and can connect to the Ethereum/Polygon/Binance/etc network they can unstoppably submit transactions. Relayers can be considered as an API if you stretch the definition enough but nothing in the protocol specifies how a relayer should run or who can be a relayer. The current set of relayers use the Waku network to obfuscate IPs and have a certain format they use to validate payment of transaction fees, however anyone can come along and build a relayer that runs on tor/i2p/smoke signals and there isn't anything in place that would prevent them from functioning. Obviously most frontends would try to remain interoperable with the most used systems that are currently in play (RAILWAY + Waku relayers) but the system doesn't lock out other approaches and so preserves decentralization."

DAO

  • From their docs (10-2022):

"All RAIL Token holders automatically become members of the RAILGUN DAO. By staking their RAIL tokens, DAO members earn the ability to vote on RAILGUN Governance proposals, allowing anyone to shape the direction of the RAILGUN Project. What kind of things would the DAO vote on?

For example:

  1. Which ERC-20 tokens are available for use within the RAILGUN system
  2. Deploying RAILGUN on additional blockchains that allow for smart contracts
  3. A system for earning an annual yield for staking RAIL, with funds drawn from a treasury accumulated from fees for using RAILGUN
  4. Launching the RAILYSWAP system for advanced trading tools within RAILGUN."
  • RAILGUN Privacy Project’s governance system is inspired by OpenZepplin’s governance system (23-8-2022).
  • Process for governance and voting is explained here (29-7-2022).

Treasury

Token

Launch

Token Allocation

  • From their docs (10-2022):

"RAIL had a fair, stealth launch with initial circulating supply being airdropped to Ethereum addresses which had donated to privacy focused organizations such as the TOR Project, the Right to Privacy Foundation, or the Free Software Foundation.

The Right to Privacy Foundation funded the initial development of RAILGUN through a grant and was allocated 25% of RAIL to support the long-term benefit of the project. The Right to Privacy Foundation is a registered charity with no profit motivations. RAIL held by the Foundation is strictly for promotion and development incentives for the RAILGUN platform only. The Foundation will not sell tokens for at least the first year of the DAOs operations.

The remaining 50% is held by the RAILGUN DAO. As of September 2022, 7.5 million/50 million of this allocation has been minted.

RAILPOLY and RAILBSC were distributed via airdrops to RAIL stakers and RAIL liquidity providers."

Utility

"RAIL is the governance token for RAILGUN. It can be staked to gain voting rights on upgrades or changes to RAILGUN. Stakers gain voting rights as part of the DAO. This empowers users to participate in the future direction of RAILGUN. All key decisions for the protocol are made by the DAO. Any DAO member can also make proposals for changes to the system they would like to see, and submit their proposals for voting.

The DAO governs rewards for stakers. For example, the DAO can vote to establish weekly/monthly rewards for staked users, pay grants, vote for fee changes, etc. Staked users have also received airdrops for the governance tokens each time RAILGUN has deployed on a new blockchain."

  • From their docs (10-2022):

"RAIL stakers become Active Governors and receive a slice of shielding/unshielding fees. 2% of the treasury is distributed to the claiming mechanism every 2 weeks. RAILGUN Active Governors then receive a share of this distribution proportionate to the amount of RAIL they have staked."

Other Details

Coin Distribution

Technology

How it works

"When using the RAILGUN Privacy System, wallet addresses are removed from transactions on open-ledger blockchains. Without RAILGUN, wallet addresses are revealed and recorded on the blockchain. Through zero-knowledge proof (zk-SNARKs) technology, RAILGUN users enjoy full privacy. Their identifying information is kept private when making transfers, trading, using leverage platforms, adding liquidity or using decentralized applications (dApps) any way they like. RAILGUN is compatible with all standard ERC-20 tokens by default."

"RAILGUN wallets are made up of two private keys: a spending key and a viewing key. RAILGUN wallet addresses (also known as 0zk addresses) are the two corresponding public keys – spending and viewing.

So if User A (Alice) knows the RAILGUN address of User B (Bob), she can initiate a transaction.

Alice does this by creating a note containing what in cryptography is called a commitment. This contains information about the token and the amount to be transferred. These committed values are encrypted using the information in Bob’s public key.

Next, Alice creates a zk-SNARKs proof, which shows she isn’t spending more than what she has deposited. It also shows that she hasn’t double-spent - also spent her tokens somewhere else.

Finally, Alice sends the proof, commitment, and ciphertext to the RAILGUN smart contract. The smart contract verifies the proof, accumulates the commitment and emits the ciphertext as an event. This means it checks everything is correct and makes it possible for Bob to interact with the transaction.

Only Bob can decrypt the ciphertext using his private viewing key to get the secret information. With the information and his private spending key, Bob can spend this note – meaning that he can transfer or withdraw the tokens."

Fees

  • From their docs (10-2022):

"For Shielding and Unshielding, the protocol takes a 0.25% fee per transaction with a shield or unshield. This fee is then collected by the DAO Treasury and distributed over time to RAIL stakers in the form of Active Governor Rewards.

To use RAILGUN, users must pay a Relayer to facilitate their transactions. Relayers charge a % premium of the overall gas price for the transaction and not the transaction amount. Thus, Relayer Fees do not increase with transaction size. Relayer Fees are up to the individual Relayers themselves, but generally they are 10% of the total gas price added as a premium.

As RAILGUN transactions are gasless (users do not need ETH/MATIC/BNB to send transactions once assets are shielded), Relayer fees also contain the underlying blockchain's gas fee converted to whatever asset users are transacting in. For example, if you are sending DAI on the Ethereum blockchain, then the Relayer Fee (which also contains the blockchain transaction gas fee) is paid entirely in DAI and you do not need to hold/spend ETH in your 0zk address."

Upgrades

Staking

  • Staking rewards are not yet live, but will go live end of November, 2022: "Rewards are paid out largely in stables and WETH, which brings RAILGUN into the Real Yield narrative currently taking hold amongst the crypto community."
  • Unlocking stakes takes 30 days to complete (8-11-2022).

Validator Stats

Liquidity Mining

Scaling

Interoperability

  • From this Twitter thread (27-9-2022):

“With the RAILGUN SDK, you can theoretically interact with any smart contract with your private balance. Meaning you can swap, trade, and earn on your favourite chain's dApps with the same UX and liquidity as before, just now with complete privacy. Other project devs still have to integrate the RAILGUN SDK, but it is simple and painless with only a few contract specific parameters required to support RAILGUN. After that, you can offer your users anonymity without needing to fracture TVL or user base.“

Other Details

Privacy Method

  • From the docs (9-2022):

"Users initiate shielding by sending a shield transaction which contains public data (the asset, the amount, and other values called) from their public wallet. The RAILGUN smart contracts then take these values and computes a commitment (called a note). Notes are a hashed value of the public data sent by the user at the start of the shielding process. The hashed value of a note (a circuit output) cannot be reversed to uncover the original value (an input). Inputs and outputs in this context are the transaction/asset data which a RAILGUN user wishes to obscure.

Once assets are shielded by the cryptographic methods described above, they get added to an anonymized pool held by the RAILGUN smart contract. The RAILGUN system contains an internal efficient implementation of a batch incremental Merkle Tree. Each shield transaction generates a new note which takes the form of a new Root/Leaf on the Merkle Tree and all assets within the RAILGUN system share the same Merkle Tree. Every transaction that updates the state of the Merkle Tree will generate a new Merkle Root/Leaf hashed and secured by the zk-SNARK circuits.

Once the appropriate proofs and notes have been added to the RAILGUN smart contract Merkle Tree, privacy is achieved. Transactions appear to originate from a Relayer, and they theoretically can have come from anyone in the private pool who has sufficient funds to send the UTXO associated with the transaction. What’s more, all identifying information such as amount of transaction is obfuscated in block explorers."

"RAILGUN operates on a (U)TXO (unspent transaction output) model, (U) is in brackets as transaction outputs are completely hidden from outside observers. Each UTXO is an encrypted note of a public key that establishes who can spend the underlying asset, amount, token ID, and a randomness field to maintain encryption."

Oracle Method

Their Other Projects

Roadmap

  • Can be found [Insert link here].

Usage

Projects that use or built on it

Competition

  • Aztec, from a Railgun blog comparing itself with them (28-6-2022):

"Here’s how RAILGUN compares with another privacy solution, Aztec:

  1. RAILGUN has no risk of changes from a centralized entity [Aztec has a centralized operator], meaning no risk of a rug-pull or changes that put privacy at risk
  2. RAILGUN does not use vulnerable bridges that take custody of tokens and risk expensive hacks
  3. RAILGUN has open-source, audited code
  4. RAILGUN is compatible with all standard ERC20 tokens, and also has NFT compatibility
  5. RAILGUN allows users to build up a private balance with multiple assets or NFTs
  6. RAILGUN executes transactions as the user requests them, with no need to wait for batched transactions. Trading in real time!"

"Other solutions like mixers lack in functionality and ease of use. For example, mixers often do not allow for internal shielded transactions or interactions with smart contracts. They may also require users to send and receive set amounts like 1 or 10 ETH. Mixers do not allow for simple, efficient use of protocols while preserving privacy. They also do not allow users to maintain private balances in their wallets. RAILGUN, however, brings users privacy at rest – meaning user privacy is maintained even when no transactions are taking place."

Pros and Cons

Pros

Cons

Team, Funding and Partners

Team

  • Full team can be found here.
  • Has a RAILGUN DAO Project Team and a separate Railway Wallet dev team.

Funding

Partners

(:

Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!

Making these free wiki pages is fun but takes a lot of effort and time.

If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.

ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31