The Zero Knowledge Proof Mirage

Unmasking the Privacy Illusion in Blockchain

Stefano Balla
Coinmonks
Published in
4 min readJun 5, 2023

--

In a world where blockchain privacy is a burning issue, Zero Knowledge Proofs (ZKPs) have emerged as the alleged savior. The buzz around ZKPs has turned them into a catch-all solution, with many, me too, at beginning — naively believing that they offer a foolproof path to privacy. Yet, true privacy encompasses much more than just ZKPs. Let me explain why.

1. Transactional Privacy is not Asset Privacy

Many talk about blockchain privacy only focusing on transactional privacy, with asset privacy taking a back seat. This is a lopsided focus that does not allow for a comprehensive development of privacy in the blockchain field.

When it comes to transactional privacy, it’s important to obscure the network’s awareness of the quantity and source of transactions. However, when discussing non-fungible tokens (NFTs), the privacy concerns are somewhat different. Here, the main interest lies in securing the asset itself, in such a way that only the owner or those with rightful access can view it.

While some cryptographic solutions can be applied to address these concerns, very few actors are currently working on this aspect of privacy.

2. ZKP-NFT doesn’t mean Privacy

Those few players who do discuss asset privacy through ZKPs, don’t provide clear explanations of how the asset itself is kept private. Instead, once again, they focus solely on how NFT transactions are performed privately. This distinction is crucial because, while a transaction might be conducted securely, once the owner posts the NFT on an existing platform, the metadata is revealed, and the asset becomes publicly available on the decentralized storage network.

3. Scalability is not Privacy

ZKPs have become a marketing marvel, with projects touting them as the ultimate privacy solution. However, the truth is that many of these projects actually exploit this technology for scalability, as it’s a tool that ensures high performance, rather than for privacy. By treating ZKPs as a one-size-fits-all panacea, we risk overlooking the double nature of privacy in blockchain.

4. Privacy means all layers not just one

Real privacy in blockchain systems demands a holistic approach. Focusing solely on one cryptographic primitive, like ZKPs, is like trying to build a fortress with just one brick. Privacy leaks at one layer can compromise the entire system, rendering even the most secure on-chain privacy measures useless.

Ignoring this intricate interplay is akin to using an armored car to transport messages between two homeless people: the security measures are pointless if the surrounding environment is compromised. Nym technologies

The OSI model, which defines the different layers of abstraction in networking, serves as an apt analogy. Blockchain privacy should consider all layers, from application to transport and beyond.

5. The Privacy Blind Spot: Network-Level

One of the most overlooked aspects of privacy in blockchain is network-level protection. Powerful adversaries, such as the NSA and Chainalysis, target this layer to de-anonymize on-chain transactions. This side-channel is often disregarded, as projects become fixated on implementing ZKPs without considering the potential network-level leaks.

The reality is that ZKPs do not offer any privacy at the network level, leaving users vulnerable to monitoring and data harvesting. To achieve true privacy, we must adopt a multi-layered approach, encompassing both on-chain and off-chain solutions like mix networks and anonymizing technologies like Tor.

Conclusion

The blockchain community’s fascination with ZKPs as the ultimate privacy solution has led to a narrow focus that overlooks the broader aspects of privacy. Achieving true privacy in blockchain demands a collaborative approach, where companies develop their solutions addressing specific aspects of privacy while maintaining compatibility with solutions offered by other companies working on different privacy layers. Only by doing so can we truly attain comprehensive privacy.

It’s time to broaden our perspective and adopt a holistic strategy that encompasses every layer of the blockchain ecosystem. Companies should work together, developing and integrating diverse privacy-enhancing technologies while tackling potential leaks at all levels. This cooperative effort among companies will pave the way for a new era of secure, private, and decentralized transactions that empower users and safeguard their data.

--

--