Private Airdrops – A Framework for Zero-Knowledge Privacy

Jump to:

Crucial to the development of early projects, airdrops grant a promise that’s as old as civilization itself: start early and invest in us, and we’ll grant you unbridled wealth. 

After the Uniswap retroactive airdrop in 2020, the industry was flooded with people looking for the next hot thing and matured as a result. This led to a dramatic rise in the increasingly complex nature of airdrop infrastructure and strategy, such as the LooksRare airdrop vampire attack on OpenSea. 

Given the rising complexity, mistakes are bound to occur. Combine that with airdrops commonly exposing information about the token’s recipient, and the present state of airdrop infrastructure, security, and strategy looks grim, at best. 

Though, as per usual, all is not lost. In this piece, I show a system that incorporates use of zero knowledge proofs in airdrops. This novel combination of cryptography allows users to interact and participate in projects, get rewarded via airdrops, and not have to worry about their personal information being exposed. 

Airdrops Explained

An airdrop is a method of promoting and distributing a project’s token to help bootstrap and provide capital, as well as increase security through decentralization. Usually, airdrops are given to whitelisted addresses who have interacted, built, or generally participated in the project during early development. There are a few different types of airdrops, which I detail below:

Airdrops are an essential part of tokenomics, and are key to catalyzing rapid development of a project. Take, for example, the accelerated growth of DEXs in the past couple of years; a study evaluating the role of airdrops and governance tokens came to find that DEXs that do airdrops have a 87% higher market capitalization. In addition, exchanges that conduct airdrops have a 7.3% higher growth rate of volume. So, it’s safe to say that airdrops positively affect the growth in volume and in market capitalization, particularly when it comes to DEXs.

The Problem

Alas, airdrops contain crucial problems within their structuring, allowing for scams, privacy invasion, and increased costs for all parties involved. 

Various scams surrounding current airdrop systems include, but are not limited to: 

  • Dump Airdrops – Developers generate short-term buzz in hopes that people will eagerly buy the airdrop when it hits an exchange. After, the developer will dump tokens, and laugh all the way to the bank. Very similar to classical pump-and-dump, bait-and-switch schemes. Example occurrence: Manifold NFTs.
  • Private Key Scams – These airdrops are entirely fake, and are designed to trick users into giving out the private keys of their wallets. This type of scam relies on psychological manipulation, as the scammer will ask participants for their private key, as opposed to their public key.  
  • Information Trolling – Designed to collect personal information. Claim to be giving away tokens with the goal of getting email address, wallet address, social media information, etc. This is a huge problem with airdrops. Inherently, airdrops contain a lot of information about the token recipient. This paper is focused on providing a protocol directed at solving this issue.

A recent case-study in cross-blockchain analysis revealed the sharing of addresses between chains is a serious privacy risk. In order to claim an airdrop, the recipient must reuse their private keys. The reusing of wallet addresses maps a relation between transactions across chains, inadvertently disclosing information about the recipient to third parties. This particular study looks at the case of a blockchain airdrop and its impact across three different blockchains  via address clustering to develop one-to-one mappings.

Above, we have the co-cluster graph for 3 different blockchains. Each ellipse is a vertex and represents an address cluster in a blockchain. The edges between each of the vertices represent the maximum set of addresses shared between the corresponding address clusters (squares with the same color). If there does not exist an edge, there is no sharing of addresses. These results demonstrate the impact of address clustering and moreover, show how unknowingly, participants in airdrops disclose information about their address ownership on one chain, via their activities on another.

Number of addresses on three blockchains and how they are shared. 36,209 addresses are shared between Bitcoin and Litecoin, but not Dogecoin, source

The Solution

In light of the negative exposure airdrops cause for recipients, there is a clear need for a system that: 

  • enhances user protection 
  • eliminates unwanted information sharing
  • ensures a high level of security. 

The solution comes in the form of zero-knowledge proofs. By integrating ZK proofs, recipients will have the ability to share pertinent information, while restricting the reveal of extemporaneous info. We call this integrated system, private airdrops

So what makes the integration of ZK proofs and airdrops “private”? According to the private airdrop protocol, prospective airdrop recipients will provide a message, known as a commitment, over a public channel (Discord, Telegram, Signal, etc.), very much like traditional airdrop whitelisting methods. A commitment is created when the recipient concatenates their public key and a secret integer into a hash. As a result, the prospective recipient can secure their position in a planned airdrop without having to reveal themselves publicly. 

The airdrop sender will then create a Merkle tree by hashing together commitments into a tree. Upon the airdrop date, recipients are able to claim their airdrop by giving a ZK proof verifying that they are the creator of the commitment in the tree, without having to reveal the public key associated with their commitment. In this regard, recipients are entitled to receive all the benefits of traditional airdrops, while also protecting their identity and other sensitive personal data. 

Merkle Tree depicting hashed commitments

In order to make the verification possible, the Prover needs to prove knowledge of factorization in an RSA system, given the commitments. The relationship is illustrated below; c being the statement and (n,p,q,s) being the witness.

Proof of Knowledge Factorization of a commitment, source

This proof establishes that the Prover will send the Verifier two commitments, cpand cqto p and q, respectively. Subsequently, proving that p · q = n and p {±1, ±n}. Though the latter requires quite a large proof, work has been done to circumvent this by executing the proof in a much smaller group of a known prime order (like an elliptic curve). Below, we have a fully interactive ZK proof of knowledge for a modified version of the relationship above. This protocol makes use of three sub-protocol’s, defined here. The validity and zero-knowledge of the Protocol are derived from those three sub-protocol’s.

The computation behind deriving the protocol and modified factorization relationship can get quite technical, so we leave it to the reader to investigate further.

Wrapping Up

Although we are frequently admonished of the threat of data security, the traditional internal mechanisms of airdrops infrastructure today do little to heed that warning. By supplanting the current structure with one that incorporates a novel cryptographic architecture, we can create private airdrops: this allows users to participate in early projects, be rewarded for their loyalty via airdropped tokens, and not have to worry about revealing their credentials to an unscrupulous third party.  

The private airdrop protocol caters to everyday users as well as token issuers, permitting them to bootstrap their new token via private genesis airdrops. Though the computation costs are higher, I believe that given the current accelerated development of scaling solutions, this is a justifiable trade-off. More importantly, private airdrops will go a long way to secure the crypto ethos: security and anonymity for all.


Big thanks to the work done by Riad S. Wahby, Dan Boneh, Christopher Jeffrey, Joseph Poon, and Sam Ragsdale, for whom without, this analysis wouldn’t have been possible. 

This report is not investment or trading advice. Please conduct your own research before making any investment decisions. Past performance of an asset is not indicative of future results. The Author may be holding the cryptocurrencies or using the strategies mentioned in this report.

Stay up to date with our research

Sign up to receive an email when we release a new post

Research Analyst at The Tie | + posts