Projects and Privacy at ETHWaterloo

Building a full dapp in under 36 hours, working with industry-level professionals and learning from the movers and shakers of the industry; ETHWaterloo was an Ethereum-focused hackathon at University of Waterloo, where Vitalik Buterin first began thinking about Ethereum. You can find some of the major takeaways from my experience at ETHWaterloo below.

All over Reddit, this hackathon has been hailed as one of the most productive hackathons in terms of immediately usable products. I’ll start with a rundown of the top eight winners, all of which I would highly recommend looking up. Following that is an introduction to privacy on the blockchain — the keynote speaker’s topic of choice to open the weekend.

Top Eight Projects

Rufflet: Cryptokitties built a smart contract analytics tool that highlights which methods are being called over time

Metamask + Brave Integration (Live currently): allows the Brave browser to support MetaMask

Happy ENS: a DNS server resolving .eth addresses (shoutout to Collin Chin)

ThirdEye: crowd auditing platform for developers to help audit smart contracts (bug bounty)

TrustUs: wizard-like smart contract design tool for non-developers

Pocket: mobile-first gamification platform to educate children about the value of currency on ethereum

Provt: easier way to safely validate document integrity and proof of existence tool using ethereum

Congruence: a health services decentralized marketplace on top of 0x allowing for the exchange of service tokens for healthcare

Privacy on the Blockchain

At his opening speech, Buterin focused on a more problematic aspect of the blockchain: privacy. Used to preface a weekend of hacking, this is valuable high-level information to be thinking about as we navigate the blockchain space, whether that is as a developer or on the business side.

While the blockchain is often advertised as a fully anonymous immutable record, those who are more familiar with the infrastructure recognize that blockchain is only psuedo-anonymous. Blockchain is a fully transparent system, which gives it incredible potential to prevent corruption and track supply chains and create decentralized voting systems — but, transparency also means that you can track how someone spends their money. With Alice’s address, one can garner data about Alice’s spending habits. With data about Alice’s spending habits, and some extra information about where Alice likes to shop, one could easily identify someone else’s address as well. As Buterin said, in short: “privacy is contagious.”

As you build decentralized applications and move forward in reading the whitepapers of new companies, then, it can be very useful to think about the data we’re putting on the blockchain. Recording sequential/repeated behaviors can be dangerous, but this is also the reason we have mixers.

A cryptocurrency mixer is a centralized entity that takes in cryptocurrencies from various addresses, and one-to-one maps them back to the addresses after having mixed the coins together. This can solve the problem of contagious privacy and working with tainted coins if you regularly participate in a mixer, but this does subject the blockchain to participation in a centralized system. Like most other centralized entities, participants have to trust that the mixer is not keeping a record of how the coins were mixed, and even more importantly, participants have to trust that the mixer will return the money.

To give one example of a way we can solve this privacy concern using cryptography, I’ll have to explain what a ring signature is. It uses cryptographic signatures to prove membership in a subset of people, without revealing any information about which member you might be. To give a brief description of the underlying mathematics, one would start with a number, and sign with every participant’s public key. If you have the public key, you can only compute forwards, but with your own private key you can compute backwards. This place where you can compute backwards with your own private key is known as the “trapdoor.” When you sign with the public key of the last participant, you get the original back, hence the “ring” nomenclature. The ring signature itself, however, reveals nothing about where the trapdoor is.

With a linkable ring signature, two signatures from the same person will be identified as being from the same person. In the context of voting, linkable ring signatures can prevent people from voting twice. And in the context of mixers, participants in a mixer would instead trust the cryptographic ‘magic’ of a ring signature, rather than a centralized entity.

So if you’re looking for some direction after having nailed the basics of the React.js dapp and Solidity smart contracts, I recommend exploring these ideas and looking into the ‘god particles’ of blockchain: zkSnarks, fully homomorphic proofs and indistinguishability obfuscation. Also look out for more in-depth articles I plan to publish on each of those topics! In the meantime, perhaps you can think about what other problems exist with blockchain, and how can we might be able to solve those problems.