Blockchain Insider: Matthew Green
Dr. Matthew Green, a cryptographer and security technologist, has twenty years of industry experience in computer security. Dr. Green is an Assistant Professor of Computer Science at the Johns Hopkins Information Security Institute. He specializes in applied cryptography, privacy-enhanced storage systems, and anonymous cryptocurrencies. Dr. Green led the team that developed the first anonymous cryptocurrencies, Zerocoin and Zerocash. His research team has exposed flaws in more than one third of SSL/TLS encrypted web sites as well as vulnerabilities in encryption technologies, including RSA BSafe, Exxon/Mobil Speedpass, EZpass, and automotive security systems.
1. What is Zcash and how is it different from Bitcoin?
When my students and I started looking at Bitcoin a few years back, we were enthusiastic about the technology. However, we say one crucial weakness: Bitcoin isn’t very private. The problem is the blockchain. Every time you send bitcoin to someone, the details of the transaction get recorded publicly on Bitcoin’s blockchain where the entire world can see them.
Now, these transactions don’t reveal your name — they only give Bitcoin addresses — but those can sometimes be tied back to names. That means if Bitcoin ever does take off and replace today’s payment systems, we’d be telling our friends and neighbors about every single purchase we made. I don’t think anyone thinks that’s a great idea.
To fix this, my students and I designed a system called Zerocash, which later was used in Zcash. It’s based on the same code as Bitcoin, but it adds a new type of transaction called a “shielded transaction”. These transactions are, essentially, encrypted. That means that even if someone reads the blockchain and obtains those transactions, they won’t know who you are, who you’re paying, or how much you’re paying them. Even the person you pay doesn’t learn who you are.
Not every single Zcash transaction is shielded. You have to opt-in to this feature, although we’re working on making it easier to use this for all of your transactions.
2. Can you please explain what is zkSNARK?
I mentioned that Zcash’s “shielded transactions” are encrypted. If you think about this, you’ll realize it poses a problem. If the transaction data is unreadable, how can the network make sure you’re spending money that you actually have? How can it keep you from spending too much money, or spending the same money twice?
The answer to this problem is a pretty amazing piece of cryptography called a “zero knowledge proof”. Zero knowledge proofs allow us to prove some mathematical statement is true, without revealing anything else /except/ for the fact that the statement is true.
So in Zcash, we need to prove that the encrypted transaction actually refers to real coins that I own, and that the amount of money I’m spending is correct, and that I haven’t spent the coins before. Zero knowledge proofs let us prove to the whole world that these facts are true, but without actually revealing which money I’m spending. This proof is implemented using a mathematical technique called a zkSNARK that proves all of these things, without requiring me to decrypt my transaction. (zkSNARK stands for “Zero Knowledge ARgument of Knowledge”.)
It’s worth pointing out that this is pretty fancy technology, but it’s not something that we just made up. Zero knowledge proofs were invented in the 1980s at MIT, and the zkSNARKs we use were invented by cryptographers at Microsoft, IBM and MIT among other places.
3. How did you initially become interested in cryptography?
I’ve been interested in the idea of codes and ciphers since I was a kid. But one of the books that really caught my interest in the field was a fiction book called “Cryptonomicon” by Neal Stephenson. Ironically it tells the story of a group of people trying to build an anonymous cryptocurrency, even though it was written about ten years before Bitcoin came along.
From there I got interested in actually learning about cryptography, and found out that it’s about more than just sending secret messages. I realized you could build systems that move money and perform computation, securely and privately — so that nobody could tamper with the system, or learn what you were doing. For some reason that idea really appealed to me.
After that I read pretty much every crypto book I could get my hands on, starting with Bruce Schneier’s “Applied Cryptography” (which is a bit out of date now, unfortunately). And I started writing code.
4. Can you recommend some websites, articles, or books a person could read if they want to learn the basics of cryptography?
A great book that just came out is J.P. Aumasson’s “Serious Cryptography”. It’s a no-nonsense book aimed at programmers and practitioners, not at mathematicians. (And I’m not just saying this because he invited me to write the foreword!)
If you want a non-technical book that’s just fun to read, “The Code Book” by Simon Singh is pretty good.
If you like programming challenges, Thomas Ptacek and others put together a set of challenges called “cryptopals” (https://cryptopals.com/) that takes you through cryptographic attacks and defenses from the beginning.
In a shameless plug: I have a blog (https://blog.cryptographyengineering.com) where I write about cryptography. You can find detailed posts about zero-knowledge proofs (https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/) and Zerocoin, which is a precursor to Zcash (https://blog.cryptographyengineering.com/2013/04/11/zerocoin-making-bitcoin-anonymous/).
5. What is a common misconception people have about cryptocurrencies?
Well, sticking to my theme of privacy, I think the biggest misconception people have is that (most) cryptocurrencies are anonymous. They’re definitely not. There are entire companies, like Chainalysis and Elliptic, that are devoted to tracing the flow of money on the blockchain. We don’t really know how well they do at this, but I’d bet they’re pretty good.
Going back to general misconceptions, I think there are two related views out there. One is that the current craze over cryptocurrencies is going to go on and on forever with no interruption, and cryptocurrencies will take over the world within a few years. The other is that cryptocurrencies are just a fad, or “flash in the pan” and will fizzle out and go away.
I think both of these are wrong.
I think that long term we’re definitely going to see some kind of correction to the craziness that’s happening now. Things will cool down at some point. But I also think that this will actually be good for the field, because it will make people re-trench and focus on improving the best systems, rather than investing in fifty new coins per day. That will make the whole field stronger, and it will pave the way for cryptocurrency to actually start getting real adoption. That’s when things are going to get interesting.