Introduction

The Ethereum blockchain allows users to transfer funds and interact with code on the Ethereum Virtual Machine (EVM), publishing all transactions and smart contract interactions to the public ledger. Over the years, as the audience for blockchains has grown, so has the need for privacy on-chain. However, private transfers are not available on Ethereum, forcing users to achieve privacy through other means. Offshift uses zero-knowledge proofs to enable on chain privacy for its users. Additionally, Offshift's synthetic assets allow for private exposure to popular off-chain assets without leaving the comfort and liquidity of the Ethereum blockchain.

Within the crypto space, the 2020s have quickly proven to be the decade of DeFi (Decentralized Finance). However, growing interest in DeFi has relegated cryptocurrency’s privacy-centric origins to the sidelines. Users now must choose between cutting-edge platforms designed to maximize yields and standalone privacy applications whose infrastructure and assets permit limited integration potential in other protocols, thereby limiting yield generation. Others still incorporate elements of centralization by relying on rollups and other Layer 2s for obfuscation and off-chain computation. In short, protecting privacy now comes at the expense of either putting capital to work, or critical infrastructure components that are needed to support decentralized systems. There exists substantial, untapped demand in Ethereum’s DeFi ecosystem for a technology solution that eliminates the financial tradeoffs between privacy and DeFi while remaining true to cryptocurrency’s founding principle of decentralization.

The Offshift Ecosystem is a fully on-chain, non-custodial ecosystem of PriFi Applications designed to provide protections for user privacy without compromising yield potential or decentralization. The Offshift Ecosystem is developed by Offshift Core, the ecosystem's core development team, and powered by XFT, a public ERC20 token that confers access to ecosystem applications via Burn-and-Mint Tokenomics. Users interact with applications through a process called Shifting, whereby XFT is burned to mint synthetics in various protocols, and vice versa.

Tokenomics & Liquidity

The Offshift v2 platform will employ a new synthetic asset system that does not tokenize its assets. Instead, the user will enter and exit through the XFT token or through anonAssets, with the synthetic assets taking the form of unspent commitments. By using commitment-only assets, users can enter and exit the protocol with no liquidity requirements other than that of the native token, XFT, while maintaining the same dollar-to-dollar pricing used in Offshift anon. Price pegging will be done similarly to Offshift anon, where the peg is determined by a time-weighted average price of XFT/ETH, and a Chainlink price for the chosen asset.

As users enter and exit the native token, XFT is burned or minted proportionally to the value of the chosen zkAsset. As usage of the protocol is increased, more of the native token is burned, and the available supply on the open market decreases. Conversely, as users exit the platform, the supply inflates proportionally. This ongoing equilibrium ensures that the native platform asset is algorithmically tied to the platform's actual utility, instead of perceived utility. As usage rises, supply is diminished; as users exit their private holdings, supply is increased. Exit liquidity is provided by the funds available on the decentralized open market.

As users enter and exit the native token, XFT is burned or minted proportionally to the value of the chosen zkAsset. As usage of the protocol is increased, more of the native token is burned, and the available supply on the open market decreases. Conversely, as users exit the platform, the supply inflates proportionally. This ongoing equilibrium ensures that the native platform asset is algorithmically tied to the platform's actual utility, instead of perceived utility. As usage rises, supply is diminished; as users exit their private holdings, supply is increased. Exit liquidity is provided by the funds available on the decentralized open market.

Shifting with the Burn-and-Mint Mechanism

To mint synthetics in the Offshift Ecosystem, users select and open a PriFi Application, and connect an ERC20 wallet. If a user possesses a positive XFT balance and sufficient ETH to cover gas fees, he/she may conduct a Shift and enter the Offshift Ecosystem’s private (anonymous and/or confidential) side via the Burn-and-Mint Mechanism.

The Burn-and-Mint Mechanism burns the user’s XFT and mints one or more synthetics of equal value. At any point, a user may Shift back from his/her synthetics into XFT, and the process reverses: the Burn-and-Mint Mechanism burns the synthetics, and mints new XFT of equal value to the user’s designated ERC20 wallet address. Such a model enables users to mint, store, and exchange synthetics free from collateral requirements and the margin calls and liquidations that come with them, making for a cost-efficient and stress-free trading experience. It should be noted that although such a tokenomic model demands an elastic supply model for XFT, it does not imply or require any propensity toward long-term inflationary or deflationary monetary attributes.

Reward Incentives: Staking Rewards

In addition to providing technical support and advisory, Offshift Core will support Offshift Ecosystem PriFi Applications with native staking features. Offshift Core has allocated 15% of the Genesis Total Supply (1,500,000 XFT) to its Staking Rewards Wallet.

Privacy Layer - Momiji

The original platform uses zkSNARKS and MiMC-hash Merkle trees to implement anonymity sets and set membership proofs to allow for anonymous "shifting" from the platform's native token, XFT, into price pegged "anonAssets". The values committed into the anonymity set include a randomly generated 31 byte "secret" - used as a blinding factor, and a randomly generated 31 byte nullifier. When a withdrawal is carried out on the platform, the concatenated secret and nullifier is used to generate a proof of membership for that particular commitment, without revealing the contents of the commitment or its location in the tree. To prevent double spending, the Keccak256 hash of the nullifier is then "spent" on-chain, making it unusable for any future deposits or for re-spending the same commitment.

The Offshift v2 platform will function similarly to the anon platform, using a Merkle tree implementation for note deposits and zero knowledge proofs to perform withdrawals. This way, a user can access funds inside the protocol without revealing the contents of the original deposit or its location in the Merkle tree. But unlike the anon platform, the values committed are not constrained to a secret and nullifier. By encoding the note's value into a commitment, as well as the asset and oracle price, users can commit this value into the Merkle tree when creating a deposit. This way, users can prove ownership of the assets encoded within while proving set membership of the deposit. This will allow users to carry out shielded transfers within the system, as well as partial asset withdrawals instead of requiring fixed denominations. The Offshift v2 platform will again use zkSNARKS to implement the proving scheme for this protocol, aiming to take advantage of advancements in proving times while maintaining constant-time verification for on-chain verifier contracts.

Offshift v2 will take advantage of recent developments and improvements in the privacy space. Utilizing the new Noir domain language, written by the developers and cryptographers behind Aztec, Offshift v2 will introduce a complete solution for synthetic asset exposure while protecting its users from having their privacy compromised. Its cryptographic primitives include the BN254 curve, upon which Pedersen hashes are calculated, as well as the MiMC and Poseidon hashing algorithms for Merkle tree implementations. In addition, Noir programs can be used in conjunction with Typescript interfaces. This means that testing and version control can be streamlined with packages such as Hardhat, making for easier open-source development on top of Offshift v2. But, perhaps more importantly, Typescript integration allows for direct implementation in browser-based applications, so that user experience can go hand-in-hand with the latest advancements in the zero knowledge space. Using Noir, the development team can construct a full UTXO style transactions system (e.g. Zcash; Monero), allowing for full privacy preservation.

Synthetic Assets

Unlike private cryptocurrency protocols which only allow for transfers of their native tokens, Offshift employs a synthetic asset model, which mints an amount of assets corresponding to the value of XFT burned in the shift. This means that for each Wei worth of XFT burned, the protocol mints one Wei worth of the selected asset, and vice versa when burning the synthetic asset to mint XFT. In effect, this allows the user to enter a position in the synthetic asset in a way resembling an over-the-counter (OTC) trade, with virtually no market slippage encountered. Additionally, the Offshift anon platform employs a "flex fee" mechanism, which scales down the amount of XFT minted if the chosen anonAsset is trading below 97.5% of its asset's market price. The introduction of a flex fee removes the incentive to "death spiral" the protocol, and increases incentive to restore the price peg as quickly as possible. Since trades are OTC-like, pegging the price also introduces incentive directly to market makers.

Protocol Migration

Zero knowledge assets will serve as a standalone addition to the Offshift protocol and ecosystem. While the privacy element of the anonymous assets' mint and burn mechanism (through the original denominated privacy pools) will never cease to function, the new recommended method of preserving privacy will be through Offshift's new global anonymity set - Momiji. The new protocol will allow users to shield amounts and enable completely private transfers to other users within the platform. By extending the anonAsset mint capability to v2, users will also be able to enter and exit tokenized synthetic asset positions either through the anon platform or through a confidential shielded asset platform.

Alongside continued support of the original protocol, the anonAsset ERC20 tokens will be fully compatible with the v2 platform. Users will have the ability to enter and exit the new protocol using anonAsset tokens in addition to the native XFT token.

Token Allocations

From the Genesis Total Supply of 10,000,000 XFT:

• 1,500,000 XFT were sold between the seed and private investment rounds.

• 250,000 XFT were deployed in the Uniswap liquidity pool.

• 1,750,000 XFT comprised the Circulating Supply as of our August 3, 2020 Uniswap launch.

• The remaining XFT allocations are illustrated in the graphics below.

Tracking Offshift