Here is a summary for Online Meetup on Reddit, Augst 22nd, 9:00pm-10:00pm(EDT). We are happy to have Husen Wang, Chief Cryptologist at Ultrain, answer and feedback those questions that from Ultrain community.
Q1:Is there any good way to implement the storage and execution of privacy smart contracts ?
Husen:
- Data on-chain can be stored losslessly, encrypted, with symmetric key or asymmetric key. Symmetric encryption provides almost the same ciphertext size as plaintext,and when data sharing is necessary, the symmetric key can be asymmetrically encrypted and transmitted to the receiver.
- Data can also be stored off-chain and committed with digest or Merkle tree on-chain, such as Factom.
- On-chain execution involves homomorphically ciphertext execution, which is easy to achieve for simple ones such as addition or multiplication, but very costly for both (see fully homomorphic encryption for details). TEE such as Intel SGX provides alternative way for privacy protection execution and remote attestation, but it requires trust in Intel and also has potential weakness in side-channel attack. Zero knowledge proof provides off-chain execution and on-chain verification.
Q2:About transactions on blockchain, how to keep the privacy for identities(sender/receiver) and behavior?
Husen:
Transaction on blockchain, such as money transferring, involves the identities of sender and receiver, the behavior, the data storage.
For hiding the identities, mixing multiple transactions is simple and efficient, but requires central party, such as Monero and more advanced techniques such as coin shuffling. Besides, it also works when identities are hidden in historical transactions, such as ZeroCoin and Zcash.
For hiding behavior, either perform the execution off-chain with SGX or zero knowledge proof, or just commit intermediate execution process. Other ways such as obfuscation is too costly for Blockchain.
For data privacy, as mentioned above, encryption or commitment can be used.
Q3:How to balance privacy and regulation?
Husen:
Regulations such as AML(anti money laundry) and KYC(know your customer) require detailed transaction information. It’s possible to require every transaction including encrypted message to regulator, with/without costly zero knowledge proof.
Regulation prior to transaction submission, is used in Hyperledger, requires all transactions include regulator’s signature. But this add additional delay to transaction.
Regulation post transaction, can be done off-chain.
Q4:Some comments on UTXO-based blockchain system such as bitcoin, and Account-based system such as Ethereum/EoS, and How to protect the privacy.
Husen:
The bitcoin privacy protection scheme can be well illustrated with Monero and Zcash.
- Monero combines low cost, simple solution, with mixing and homomorphic encryption and range proofs, but sacrifices transaction size and verification cost.
- Zcash use zero knowledge proofs with pool hiding, provides perfect privacy. The only problem is costly proving process and trusted setup. But it’s more friendly to blockchain.
Account-based blockchain system such as Ethereum and EOS, are designed with purpose of reusing addresses, which is against identity hiding. One time address or stealth address may be useful and potentially bring huge burden to state Merkle root. Pool-based hiding with zero knowledge proof can be used. But for data hiding, homomorphic encryption and zero knowledge proof will still be useful.
Q5:Hi, could you please analyze zksnark?
Husen:
The most famous application of zksnark is Zcash, which proves good security and privacy after such as long time operation. With the adoption of libsnark in Ethereum, it further proves its usefulness.
The existing problem is the costly proving process and hardness in circuit design, verification gas cost. We will soon release a middleware for Ultrain, which solves such issues.
Other solutions such as ZKSTARK or zkboo+ claim no trusted setup, but has larger transaction size (means less transactions for fixed block size ) and longer verification time, which are less friendly to Blockchain nodes.
Q6:Hi Husen, What’s the main technical difference between ultrain and other public blockchain especially in the privacy protection side?
Husen:
Today, we only focus on privacy protection issues in Ultrain business solutions. Soon we will release our middle layer for zero knowledge proof, and Multiparty computation + homomorphic encryption in the near future. With these, we will also support users for design suitable business schemes.
Here I got an Article for your reference. More details pls check: https://medium.com/@ultrainchain/introduction-to-the-worlds-top-tier-blockchain-3-0-project-4c1071af4f01
Q7:Hi, Husen, Thank you so much for your sharing! I got a question and hope you can help on this. Thanks! Within ETH, whenever a deal transaction is made, we can clearly see the From and TO address easily, as well as checking historical transaction, account balance and other information. This will results in a leakage of sensitive information. Is there any cryptography solution to resolve such an issues and protect historical transaction and information?
Husen:
This is equivalent to the identity hiding in account-based system, please see the comments above. Mixing/Pool can help hide the identity and cut the connection between multiple transactions. Account balance can be protected with homomorphic scheme/zkp.
One time address/stealth address is also useful, but not suggested for account-based system. And the link is still there.
Q8:Hi Husen, Is there any statistical data that can show the security of Ultrain more intuitively?
Husen:
Security & privacy are two different aspects of a blockchain system.
Security guarrantees consistency and liveness, can be achieved with economical incentives and BFT/PoW algorithms.
Privacy is about data secrecy, that one user’s data is only known to himself/herself. This is guarrantteed with crypto security level, such as big number factorization and discrete log problem, say 128-bit, will last may years to be broken.
Q9:Thank for your sharing. It’s pretty cool. I have a concern:privacy protection should be done through all aspect, an attack launched towards a single node will results in significant damage. In addition the publick chain is transparent to all participants, which magnify the damage of the attack. Is there anyway we can fix such issue after an attack is launched ?
Husen:
- In public blockchain, all nodes store exactly the same information, so there is no single point failure, which means that breaking a single node doesn’t matter too much to the system.
- Since all nodes can access the data, the private data should be kept secret from all nodes, only known to the user. As long as the user is hard to be reached and hacked, it’s fine. We assume that it’s hard to reversely tracking user’s information through transactions.
- No way to fix broken privacy, the leaked data is leaked. So well-designed system is important.
Q10:Can blockchain transaction benefit from smart contract by using it to handle privacy issue? such as using the contract to encrypt private transaction data?
Husen:
No, it’s not possible.
Any encryption needs access to private key and plaintext. Since all computations are transparent in smart contract execution, it will leak all information to encrypt on-chain.
However, TEE such as SGX may be possible, since all executions are in a black box. But as mentioned, it requires specific hardware and trust in Intel.
Original Link:
Welcome to subscribe us, post there and ask us questions!
Ultrain Team
The founding members of Ultrain own the world-class top-notch background of IT, cryptology, computer security, blockchain and finance, possess notable and international resources, hold abundant community operation experience.
Join Ultrain community
Telegram
Link:https://t.me/ultrainchain
@UltrainB
Link:http://fb.me/Ultraincommunity
-END-
