Comparison of Common Blockchain Privacy Solutions
The goal of this post is to give an insight to blockchain privacy problems and reveal viable solutions to that particular privacy issue. To see the complete chart check conclusion section.
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
– Edward Snowden
Politically speaking, the biggest issue with blockchains is privacy. Blockchains are public data structures, meaning everyone can see what is inside the data structures. We can achieve privacy by using a set of technologies.
Table of Contents
- Deterministic Wallets
- Stealth Addresses
- Ring Signature Mixers
- Ring Confidential Transactions
- Zero-Knowledge Proof
- State Channels
- Hiding IPs
- Solutions in Private Blockchains
- Private Transactions
A deterministic wallet is a system of deriving keys from a single starting point known as a seed. The seed allows a user to easily back up and restore a wallet without needing any other information and can in some cases allow the creation of public addresses without the knowledge of the private key.
Deterministic wallets can generate an unlimited number of addresses on the fly. As the addresses are generated in a replicable way, some clients can be used on multiple devices without the risk of losing funds. Users can conveniently create a single backup of the seed in a human-readable format without the worry of this backup becoming stale.
The problem with deterministic wallets is that although they allow the creation of different public keys, their connection can be deduced. If a user has
- 10 BTC in address A
- and 5 BTC in address B,
- but needs to send 13 BTC,
the wallet will combine the two addresses, sending
- 10 BTC from address A,
- 3 BTC from address B,
- and 2 BTC as change to a new address C (which is again deterministically created).
This problem allows anyone looking carefully to find out that addresses A, B and C belong to the same user.
- Protects the sender or receiver address.
- Public keys created by deterministic wallets can be linked if enough data is present.
Monero has a nice video explaining Stealth Addresses. It works as follows:
The receiver generates an address, a secret and then sends this address to someone who he wants payment from.
The sender uses the address and a nonce to generate the address he/she can send funds to.
Sender communicates the nonce to the receiver. By using this nonce and the secret key generated earlier, the receiver can unlock the address with the funds.
- Protects the receiver address.
- Unlike deterministic wallets, the receiver can publish a single address to receive payments.
- 3rd parties can not know who the receiver is.
- The sender can track which address he/she sent to and see how the what is done with the payment.
The goal of CoinJoin is to hide sender addresses. It makes it harder to map between inputs and outputs. However, CoinJoin has the same problem as deterministic wallets. With enough data, it might be possible to link between addresses.
- Protects sender address, helps to obfuscate payment amount.
- Sender addresses can be linked if enough data is present. It’s harder to link than deterministic wallets.
- There needs to be a CoinJoin server which will know whose coins are joined. If a single party owns enough CoinJoin servers, they might be able to map the transactions accurately.
- Others should be online and available to mix transactions.
Ring Signature Mixers
Monero has a nice video explaining Ring Signatures.
We can think of ring signature mixers as an improvement to CoinJoin. While CoinJoin needs a server who can see the coins before mixing, ring signature mixers do a similar task without the need for a server.
- Protects sender address, helps to obfuscate payment amount
- Unlike CoinJoin, doesn’t need anyone to be online. Mixing can be done locally.
Ring Confidential Transactions
Monero has a nice video explaining Ring CT.
To explain it in simple math terms Ring CT makes sure that
where no one except the sender and receiver knows what a and b are. Even though this is not entirely correct, you get the basic idea.
For a complete explanation check out the paper.
- Hides the payment amount.
- Uses range proofs which is a slow cryptographic algorithm.
I think zero-knowledge proofs are the most exciting technology overall. It’s hard to explain zero-knowledge proofs and it gets more complicated when we include different types such as interactive, non-interactive, zK-SNARKS and zK-STARKS.
The basic property of a zero-knowledge proof is that an entity can verify that they know the answer without revealing what they know using cryptography magic.
To get more information check out Wikipedia.
- Protects the sender address, receiver address, payment amount and contract payload.
- Uses range proofs, thus has similar computational overhead as Ring CT.
State channels are private channels between two or more users. These users exchange the signed transactions between each other without broadcasting to the blockchain. Until an actor broadcasts the signed transactions, everything is private by default.
- Can protect sender address, receiver address, payment amount and total transaction count.
- The nodes need to be online.
- Information is published when a channel is closed or an actor broadcasts.
The most common solution is Tor. There are other ways, such as using VPNs or I2P.
Solutions in Private Blockchains
In public blockchains, the system needs to be open thus more secure. Private blockchains do not have this problem. They make possible privacy solutions that public blockchains cannot.
In Quorum and Hyperledger Fabric, it is possible to hide a smart contract and it’s payload from the ledger by using private transactions. Basically, when calling a contract, one can set who can see the transaction, and only those actors can run the smart contract. The transaction hash is then added to the ledger.
In Hyperledger Fabric, it is possible to use channels. A subset of users can have a private channel between them. Users outside of that channel cannot see any transactions inside the channel. A ledger can have multiple channels with different users in each of them.
Channels are more appropriate for use cases such as supply chains rather than payments.
With privacy, as we see, there is no such magic bullet.
– Vitalik Buterin
There are different technologies each solving different privacy problems. Some have UX overhead, whereas others have computational overheads. Even though there is no magic bullet to solve them all, we can still combine these solutions and achieve privacy to some degree.
Will these solutions be sufficient to protect our privacy and still be usable with their overheads? We don’t have an answer yet; however, we should try our best to keep our data as safe as possible.