How is Privacy provided for in Blockchains? What are the Various Technologies Used?
Definition and Introduction
Introduction to Privacy on Blockchain
There are several mechanisms and technologies being implemented by blockchain-enabled systems to provide users with the privacy they expect. Transparent computing is possible by making use of a public ledger and a peer-to-peer decentralized network. Blockchains are essentially distributed ledger systems. The database is not centralized, but divided into several parts and stored in an infinite number of places (potentially). This ensures that a blockchain environment is not a single point of failure. All transactions are written into this ledger and these environments ensure that no manipulation takes place. While other forms of technology may not provide the privacy we seek, blockchain environments may finally be able to allow users to be in control of their own information, and ensure its security. There are still several security breaches and privacy issues, but the future is bright.
Permissioned/Public Blockchains
There are two different blockchain models implemented today. Permissionless blockchain models are those which can be used by anyone. The Bitcoin and Ethereum networks are two common examples. Anybody can interact with the network and a transaction fee is cut per transaction made. The tokens associated with permissionless blockchains can be used to authenticate a physical item when paired with it. Tokens essentially bind the physical world of entities with the digital world. It finds its application in fraud detection, anti-counterfeiting and supply chain management.
Permissionless blockchains also serve as a system of record. Self-sovereign identity provides people with the assurance they need. The identity of a person or an organization can be kept safe on their own devices. They need not rely on a central repository to store and share personal data. Information can be shared by a user as per his/her wish. A public key address (identity) can be proven by an owner by signing the data of the associated private key.
Some public blockchains use smart contracting to support complex legal agreements. A smart contract is a self-executing computer program that controls the transfer of tokens between concerned parties. It defines a set of rules and enforces them as an obligation. Hackers cannot manipulate this code and the concerned blockchain ledger replicates the agreement (the smart contract document) and stores it. This provides for additional security. The problem with smart contracts is that a minor bug in a contract can compromise the situation of all those associated with it. Parity is a company that provides smart contracts to Ethereum users. A bug was discovered that allowed a user to become the owner of contracts. This was exploited by a mischievous person and around 300 million USD worth of Ethereum was deleted. A contract is only as good as its developer.
Permissioned/Private Blockchains
For business partners making continuous transactions, a transaction fee will be cut per transaction. This makes the process very expensive. Permissioned blockchain models designate the access of participants on the basis of their need. It is a closely monitored ecosystem that creates a set of rules governing transactions to suit the need of an organization. This model is designed to meet business requirements. Ripple is an example of a permissioned blockchain environment. Private blockchains find their application is environments in which parties wish to transact together, but do not completely trust one another.
They are used as an access-restricted inter-bank settlement layer for securities and currencies. They are used as a private tracking tool for liquid agreements, debt and private equity. They also find their application as an access-restricted platform for issuing gift cards, loyalty points and discounts by major commercial organizations. Private blockchain environments has its fair share of flaws. The establishment of a structure by which parties must abide may make the process of adding changes in later stages difficult, as the structure is rigid. It may be difficult to counter a situation which exploits the nature of the blockchain or the funds of parties.
Macro Level Regulatory Concerns around Privacy
There is no regulatory committee to govern blockchains. Noders, miners and developers have a lot of power in their hands. Manipulations can take place to suit their need and this may not necessarily help users. Some blockchain environments like ZCash are untraceable. Since blockchain systems are extensively distributed, in a case of fraud or an erroneous transaction, pinpointing the exact location within the blockchain could prove to be difficult. Provisions must be made to limit the nodes accessing and joining a network. Only trusted nodes must be allowed into a system. Due to the lack of regulatory oversight, several market manipulations and scams take place as well. Users must be careful when choosing an exchange to buy from or a wallet to store their coins in. Untrusted service providers may abscond with your coins and there will be no way to recover them.
Technology
Underlying Concepts and Holy Grail Solutions
The holy grails of blockchain privacy ensure that data is encrypted in a manner such that the underlying meaning of the information remains unchanged, yet its appearance and outlook is completely different. They deliver their promise of converting arbitrary applications into complete, privacy-preserving applications. The most powerful technology of the holy grails is obfuscation.
Obfuscation is the process of encrypting a program into a program which performs the same functionality as the original code. This is done by scrambling the code using an algorithm. The problem is that reverse engineering can be used to decrypt this code. Perfect obfuscation is not possible as well. A weaker standard called indistinguishable obfuscation can be used to solve this purpose. Indistinguishable obfuscation is the process of putting multiple program codes performing the same functionality through an indistinguishability obfuscator and creating new programs. This process makes it difficult to understand which part of which code comes from which program. The problem of implementing this in blockchain environments is the overhead generated. The overhead generated by this process coupled with the overhead of hundreds of nodes on the network renders it pretty inefficient.
The other holy grails of privacy are confidential transactions and homomorphic encryption. The transaction amount in a confidential transaction is hidden from the general public. Only the participants of the transaction can view the amount (and any other authorized people). Oleg Andreev has published a draft that enables its compatibility with Bitcoin (in the form of blind transactions). Funds can be locked with multiple custodians in an M-of-N multisignature transaction. This provides for absolute privacy as the public keys and resulting signature are completely unlinked from signing parties. There is an issue with confidential transactions though. If someone can destroy the binding property of the scheme, coins can be created out of thin air. This will lead to an uncontrollable inflation amount.
Homomorphic encryption is the holy grail of encryption. It provides for the best of both permissioned and permissionless blockchains. Calculations can be performed on encrypted data without having to decrypt them first. Encrypted data can be audited as well. The encrypted form of data can be sent to a smart contract and accessed by many, but only the final authority can view the details in the decrypted form. Homomorphic encryption is used by the Ethereum platform. The problem with homomorphic systems is that they do not provide for a full-service privacy solution. Homomorphic encryption does ensure information security but lacks clear communication regarding the encrypted data. Large amounts of processing power are required. Homomorphic schemes like THFE offer fast computation but are not ready for mainstream use.
Best Available Privacy Solutions
SMPC
SMPC stands for secure multi-party computation. Its privacy is almost as good as obfuscation but with certain limitations. Theoretically, it provides for unlimited computation power. It allows for a group of parties to jointly compute a function on their private inputs. Parties need not rely on a trusted third party to ensure that the transfer of money takes place between concerned parties. This is used by Bitcoin. Honest parties are guaranteed fairness. If one party disrupts the process, money is transferred to honest participants of the secure multi-party computation.
It promotes security of data, correctness of the computed output and outsourcing of computational power. A degree reduction needs to be performed by an SMPC instance every time it carries out an operation. This involves messages being sent across the nodes in the network. This leads to unwanted latency. All in all, this model is perfect and as good as obfuscation if someone can trust other participants, but not so much if not. This model seems to be more suited to private blockchains where incentives can be extracted from outside the protocol.
Zero Knowledge Proofs, zk-SNARKs and zk-STARKs
Zero knowledge proofs validate the transfer of assets without revealing any information regarding the transaction. This is done between two parties, the prover and the verifier. It demonstrates the truth of a particular statement without dishing out any unnecessary information. ZCash implements zero knowledge proof via a technique called zk-SNARKs. A computational statement is represented by an arithmetic circuit. This circuit reveals the truth of data it takes as input by either answering true or false.
Zk-SNARKs requires less computational effort and reduces the size of proofs in comparison to zero knowledge proofs. Transactions can be verified in under 6 milliseconds using this technique. Zk-SNARKs requires a trusted setup to function properly. It could also be compromised for all users using a chip called Intel Management Engine in their computers.
Zk-STARKs is a more secure version of zk-SNARKs. It eliminates the need for a trusted setup and compresses huge amounts of information into smaller proofs called Starks. Zk-STARKs offers a solution to the expense and slowness caused due to the excessive weight of zk-SNARKs. It provides for transparency and an exponential verification speedup.
Ring Signature
Monero makes use of this mechanism to provide for privacy and security. It can be preferred to ZCash’s use of zero knowledge proofs as it provides the same level of anonymity without requiring an initial trusted setup. A ring signature combines the input of several signers with that of the original sender. These signers are part of a group on a blockchain. If a user wants to perform a transaction on a network, he/she provides one input for the ring signature, while other members in the group provide the rest. One of these signatures is genuine while the others serve as decoys. This provides for privacy and uniqueness and makes it very difficult to predict which of the keys was used to generate the signature. Ring signatures are quite practical to use. They can be used to validate votes and for identity applications.
Low Technology Solutions Overview
Coinjoin
Coinjoin refers to the process in which Bitcoin users initiate joint transactions with other users by mixing coins. Coinjoin allows multiple users to combine multiple inputs (address from which Bitcoin is sent) and outputs (address Bitcoins are sent to) into a single transaction. The transaction is recorded as a single transaction and there is no defined way to determine which input or output belongs to whom. Users must sign on an agreement to allow for this mixing to take place.
When used with Coinjoin, Confidential transactions are pretty powerful and this combination must be explored. Coinjoin needs to be non-interactive to improve its scalability and privacy and allow miners to aggregate transactions. Centralized services should be avoided as logs of transactions they negotiate may be kept. The protocol must be implemented correctly to ensure that the level of anonymity provided by Coinjoin remains intact. JoinMarket is a platform that improves the fungibility of Bitcoin by making use of coinjoin transactions (as mentioned above). It is a decentralized implementation of Coinjoin and avoids all issues related to centralized implementations. The platform can run on either Windows or Linux and mixes the transaction information of multiple users to create obfuscation.
Secret Sharing
Secret sharing is the process in which a secret is divided into several portions and distributed among participants. Each participant has a unique portion and the combination of all unique portions reveals the secret. Secret sharing can be used to divide a private key seed into several portions called shards. These shards can then be stored in several places to provide for security. It provides for complete anonymity and could increase the possibility of applications being carried out in a private fashion. If this privilege is being misused the 51% attack can be used my participating members to uncover data under supervision.
Mixers/Tumblers
A cryptocurrency tumbler obscures the path to the original source of funds by mixing these funds with other funds. Tainted Bitcoins can be protected by using the Bitcoin Mixer. Users can deposit funds into a mixer and specify the address to which they want the coins to be sent. The mixer sends an equivalent amount of coins to the specified address without the destination party knowing the wallet address from which the coins were originally sent.
There is a lack of fungibility in Bitcoin. Although it is extremely hard to track coins once they have been mixed, the fact that the mixers are centralized means that anyone can keep a log of transactions. Large volume transactions can easily be tracked
Different Project Comparisons
Bitcoin Approach
Bitcoin developers have created several techniques to provide privacy to their users. SMPC is used by Bitcoin for transactions. Parties do not need to rely on a trusted third-party to initiate and ensure that a transaction takes place between concerned parties. Honest parties are always rewarded and this promotes security of information and outsourcing of computational power. Low technology solutions like mixing and coinjoin are used as well. Coinjoin is applied through the JoinMarket platform. Bitcoin is compatible with hundreds of wallets and hardware wallets can be used to securely store Bitcoin (Ledger Nano S and Trezor are the best available options). Bitcoin networks still have their fair share of worries as scalability issues prevail. Double spending, 51% attacks and selfish mining procedures do the network no good.
Ethereum Approach
Ethereum makes use of smart contracts to support complex legal agreements. These contracts are self-executing and control transactions between parties. Zk-SNARKs is implemented as a hardfork to allow smart contracts to offload data privacy to the users. In turn the contracts must prove that the computations are valid. Smart contracts may have certain loopholes which can be exploited. Konstantinos Karagiannis is a paid hacker and has claimed that he can routinely hack into smart contracts. Ethereum developers are trying to improve the scalability and privacy of the platform and testing of improved ring signature technology, called RuffCT (also known as StringCT or RTRS RingCT). This technology is bound to provide for complete privacy as it will hide both sender and destination addresses.
Monero versus ZCash
Monero specifically addresses privacy issues by implementing confidential transactions and ring signatures. Privacy is provided by Monero as a default. It uses stealth addresses to hide the original destination address. ZCash makes use of two different types of address, shielded and transparent. Transparent addresses have lower transaction fees but provide less privacy. Shielded addresses are untraceable. ZCash uses zk-SNARKs to provide privacy. This validates the transfer of assets between parties without revealing any information related to the transaction.
Privacy on DAG & Tempo
DAG is a blockchain free cryptocurrency structure whose structure is in the form of a directed acyclic graph. There are no fixed blocks and each transaction performs its own proof of work (PoW). All nodes are forward facing and cannot be tracked back. A transaction confirms the transaction in front of it. Tempo is a money transferring platform that released its own cryptocurrency. They do not disclose any information to third-parties when transferring funds from one party to another. Its working is based on a consensus protocol which promotes the organic growth of the network rather than a list of nodes which are accepted unanimously.
Privacy & Scalability — A Two in One Solution
Apart from providing for privacy, zk-SNARKs addresses certain scalability issues as well. Transaction signatures need not be verified individually as a single zk-SNARK can attest all the signatures within a block. Smart contracts can be compressed into a single hash. This obfuscates the storage and underlying code as well. Coinjoin allows multiple users to mix coins and ensue a single transaction. This saves space and improves scalability. If these transactions were conducted separately they would take more space as compared to a single Coinjoin transaction. The focus today is developing technology that can address the privacy and scalability issues hampering blockchain systems today.
Conclusion
A study conducted by Deloitte concluded that of the 26,000 blockchain projects that have been created, 92% of them are now obsolete. Blockchain systems are difficult to create from scratch as one mistake in design can compromise the entire system, and this had led to the demise of the majority of blockchain environments established. As for the blockchain systems currently available, privacy and scalability issues prevail as research is ongoing to solve these problems. While there is no defining technology yet that will solve all privacy and scalability related issues, the future holds great promise. Enigma is a project being developed by the MIT team. The first application to be built on the Enigma protocol is Catalyst. It promises to be the future of decentralized blockchains. It tackles scalability and privacy issues by the building of a second-layer, off-chain network. It makes use of secret contracts instead of smart contracts and will solve both scalability and privacy issues in blockchain. The input data is hidden from the nodes that execute it. These secret contracts allows for truly decentralized applications. They initially intend on tackling privacy issues before heading towards solving scalability issues. Projects like Enigma are sure to change the face of the cryptocurrency world and provide for the security people deserve.
