Calamari
Last updated: September 3rd, 2021 10:50 PM CDT
The Technology
Calamari is a decentralized anonymous exchange/payment network where users can mint private coins derived from public ledgered coins like KSM or BTC. These private coins can be transferred and exchanged for other private coins while leaving no traceable record of the addresses involved. Calamari is intended to be the Kusama-native canary network of Manta which will launch on Polkadot after Calamari is launched on Kusama. Its purpose is to be a testing ground for products and services that may eventually launch on the more deliberate and stable network, Manta. The network will offer two products after launch: Mariswap and Maripay. These will be the first use-cases of zkSNARK powered private exchange and payment in the Kusama ecosystem. Calamari will provide the ecosystem an exciting solution to blockchain’s inherent lack of privacy.
zkSNARK (zero-knowledge succinct non-interactive argument for knowledge) is a protocol that essentially allows for an entity to prove that they know something without actually revealing the contents of that knowledge. If you’re confused about how this is possible, allow me to offer a simple example of a zero-knowledge proof:
Let’s say I am a diamond expert who can tell, at a glance, the difference between a cubic zirconia gem (fake diamond) and a real diamond. You come to me with one cubic zirconia gem and a diamond, both cut identically such that you cannot tell the difference. My goal is to prove to you that I can tell the difference without actually teaching you how to tell the difference, after all if I taught everyone the secrets to my trade I would be out of a job! So I tell you to show me the gems, one in each hand, and then put them behind your back. Then I let you choose, without my knowledge, whether or not to swap them between your hands behind your back. I then ask you to show me the gems in your hands again at which point I would be able to tell whether you swapped them or not. If I’m correct about whether or not you swapped them you’d know with 50% certainty that I can distinguish the gems. However, if we repeat this exercise 100 times and I’m correct after each instance, then you can be virtually certain that I can distinguish the gems.
If you’re still curious about zero-knowledge proofs, here is a great video explaining it more fully.
**WARNING, HIGHLY TECHNICAL LANGUAGE INCOMING**
Calamari achieves privacy through a complicated process of minting private coins and publishing specific information to the blockchain to facilitate zero-proof balance transfers and exchanges. Here is a schematic of a minting transaction followed by a transfer transaction:
MINT
The process starts with the user holding CoinA1:
- the ‘A’ indexes the type of token, e.g. KSM;
- the ‘1’ subscript indexes the public address PAddrA1 and the quantity being deposited.
Note that CoinA1 is a singular token defined by the public address of the user and the number of the public coins being deposited, in this case 20.
The user pays for a private and secured random sample which gives the user a secret address. This secret address then derives three pseudorandom functions (PRF) who at their cores share the same function: PRFaddr(·), PRFvn(·), and PRFpk(·). The abbreviations mean address, void number, and proving key. We are only going to look at the first two functions in this article for the sake of brevity but in case you are curious the last function is necessary in generating hashes to claim public tokens from private tokens. The user also sets a public proving address (i.e. your single-use Calamari public address) defined by PRFaddr(0) effectively creating a key pair between their secret address and their proving address.
The user then deposits 20 of CoinA and generates some information as follows: the user pays a fee to securely sample a random number, ⲣ, used to derive the soon-to-be minted private coin’s void number. This void number is defined by PRFvn(ⲣ) — the pseudorandom function evaluated at ⲣ. The user then creates a non-interactive commitment scheme by sampling a random value r used to “hide” their proving address and ⲣ inside artifact k such that when r is presented with either the proving address or ⲣ, k becomes “open” (i.e. the commitment is verified and the hidden information is exposed). Then the user creates another non-interactive commitment scheme by sampling a random value s used to “hide” the deposit amount, artifact k, and the asset id. inside artifact cm1 that can be opened when s is presented with any of the hidden information. Finally, the private token pCoin1 is defined by the proving address, the asset id. “CoinA,” the deposit amount (i.e. 20), ⲣ, r, s, and cm1.
Once this information is generated, the user publishes a minting transaction from their public address that contains:
- the asset id. “CoinA;”
- the number of public coins deposited;
- the commitment scheme k;
- the cm1 seed s; and
- the commitment scheme cm1.
Note that the commitment scheme k cannot be opened with the information in the transaction alone effectively concealing the proving address and providing the user with privacy. The Calamari blockchain reads this transaction and updates the chain state accordingly:
- CMList is a ledger of all non-interactive commitment schemes which is updated to include cm1;
- VNList is a ledger of all published void numbers which prevent any double spending;
- #pCoinA is the sum of all A-type private coins in the ledger.
TRANSFER
Let’s say the user would like to privately transfer their newly minted private coin to their friend. This is accomplished through a little offline collaboration between the two parties. First the receiving party creates a new key pair to generate a proving address and preemptively mints the private coin that will hold the value currently stored inside the sender’s private coin. The receiver generates two commitments: k-new from a random seed r-new, and cm2 from a random seed s-new. k-new hides the receiver’s proving key and a randomly sampled ⲣ-new; cm2 hides the asset id., the amount to be transferred (20 in this case), and the commitment artifact k-new. The receiver then shares with the sender s-new, k-new, and their proving address — all done offline and privately (note that the information shared with the sender is non-identifying and single-use so privacy is maintained without trust). With the provided information, the sender publishes a transfer transaction that contains the following:
- the ledger state;
- the void number associated with the sender’s private coin;
- cm2; and
- a non-interactive zero-knowledge (NIZK or zkSNARK) proof that ensures the sender knows necessary information to submit such a transaction.
The ledger is updated to include cm2, vn1, and the transfer proof effectively committing the funds to the receiver’s proving key without exposing it, voiding the sender’s private coin, and proving to everyone that the transfer is sound and valid. When the receiver is ready to spend the new private coin, they simply generate its void number using PRFvn(ⲣ-new) generated by their new secret key. Since the new coin is configured for the receiver’s proving key which is paired with their secret key, this function generates the correct void number ensuring that only the receiver can spend the new private coin.
Calamari has similarly complex protocols in place for exchanging one type of private coin for another and for forfeiting a private coin for its public coin counterpart. For the sake of brevity I will not elucidate these protocols, but you can be certain that they are well engineered and ensure the utmost privacy. If you would like to see the exact mechanisms you can always read the white paper.
One last thing to mention is that Calamari is partnered with Crust Shadow to provide users privacy in storage thus making Calamari more private and more decentralized.
The KMA Token
KMA is Calamari’s utility token that powers its governance, block security, and privacy products. The parachain plans on minting a massive 10,000,000,000 KMA, none of which will be sold to private investors. The team will not take an allocation and the fair drop will favor early participants. Calamari’s strategy is to focus on the community to provide a robustly decentralized token economy — very much like Moonriver’s strategy.
Much like any parachain in the Kusama ecosystem, KMA will be used to secure the Calamari network by paying collators and validators rewards from transaction fees. Additionally, KMA will be used in governance to guide the technology. Beyond these typical uses, you will be able to spend your KMA to generate the complex configurations required to mint, transfer, exchange, and forfeit private coins. Mariswap and Maripay will be the products that will provide an easy-to-use user interface for these privacy functions.
Since there is no inflation mechanism KMA will be a fundamentally deflationary token. While this is good for early adopters, it does not ensure validators get consistent payment for their services. Nonetheless, as more people use the network rewards for validators will become more stable.
The Crowdloan Reward
- Up to 30% of the total token supply, i.e. 3 billion KMA
- 10,000:1 KMA to KSM ratio
- 1 billion and 100k KSM loan cap for slot 6 (will not win)
- 2 billion and 200k KSM loan cap for slot 7 (likely the case)
- 3 billion and 300k KSM loan cap for slot 8 or later
- 34% of crowdloan rewards liquid upon launch, remaining 66% will be vested every 8 weeks linearly until end of lease
Calamari has ensured crowdloan participant 10,000 KMA per KSM contributed. Since they are poised to win the 7th slot, we can be sure that up to 2 billion KMA will be distributed for this PLO. The remaining 10% will be locked up and used in future bids after the lease expires — a sort of perpetuity fund. Let’s examine some possible price outcomes and trade-offs from staking:
So even if KSM’s price skyrockets, anything over a penny per KMA will be a positive trade-off from staking. However it is possible that KMA stays under a penny for quite some time, only time will tell.
Overall Evaluation
Risk: Low
Reward: High
Novelty: High
Utility: High
In my honest opinion, Calamari is my favorite parachain to come to the Kusama ecosystem so far. The need for privacy in transferring and exchanging assets is absolutely huge especially in a world where governments are trying everything they can to tax and regulate cryptocurrencies. Calamari’s technology is mathematically and logically proven and the team is dedicated to bringing privacy solutions to Kusama. That is why I believe it is a low risk project with little chance of failure. 20% of the token supply will be rewarded during this auction and 10% more will be rewarded in future auctions after their initial lease expires. This is a very healthy proportion of the token supply making me give it a high reward ranking. Nothing like Calamari exists in Kusama making it novel and useful since no other parachain will offer privacy like this. Calamari is an incredible technology that uses cutting edge protocols to protect your Kusama native assets.