Understanding Privacy-Based Protocolsđ
âYour keys, your bitcoin. Not your keys? Not your bitcoin.â â Andreas M. Antonopoulos
The market capitalization and trading volume of cryptocurrencies is growing rapidly. With institutional investors arriving into the cryptocurrency market, the development of alternative trading systems is critical for trading large blocks of cryptographic assets while maintaining minimal price slippage and market impact along with the ability to maintain user privacy. Evidently, privacy is dying online, and the unprecedented transparency of many public blockchains has made this even worse. All of your data is publicly exposed.
Due to the public nature of Bitcoinâs blockchain, it has proven to not be as anonymous as once believed. For the same reasons, Bitcoinâs fungibility has also been affected. The drawbacks of the Bitcoin protocol led to the development of cryptocurrencies focused primarily on anonymity and privacy. Today, we will try to understand the protocols on which these privacy-based cryptocurrencies work.
ZK-SNARK( zero-knowledge succinct non-interactive argument of knowledge)
A zk-SNARK is a zero-knowledge succinct non-interactive argument of knowledge. As many of you know, zero-knowledge proofs are a way to create increased privacy.
A zero-knowledge proof is a protocol between two parties, a prover and a verifier, where the prover, who makes a claim, can convince the verifier that their claim is valid, whilst revealing nothing more than the validity of their claim. Zero-knowledge-proofs were first conceived in 1989 by Shafi Goldwasser, Silvio Micali, and Charles Rackoff in their paper âThe Knowledge Complexity of Interactive Proof-Systemsâ. They were working on problems related to interactive proof systems, where a prover exchanges messages with a verifier to convince them that they have knowledge of a certain truth without declaring what that knowledge is. Sounds a bit confusing? well, it seems so at first and we arenât here to do Ph.D on ZKP đ.
Just knowing these three key properties will help you understand how zero-knowledge proofs work.
- Completeness: If the statement is true then an honest verifier can be convinced of it by an honest prover.
- Soundness: If the prover is dishonest, they canât convince the verifier of the soundness of the statement by lying.
- Zero-Knowledge: If the statement is true, the verifier will have no idea what the statement actually is.
zk-SNARKs are one way to apply zero-knowledge proofs.
In addition to the above ZKP properties, a zk-SNARK needs to be:
- Succinct: The size of the proof needs to be small enough to be verified in a few milliseconds.
- Non-Interactive: Only one set of information is sent to the verifier for verification, therefore there is no back and forth communication between the prover and verifier.
- ARgument: A computationally sound proof: soundness holds against a prover that leverages polynomial-time, i.e. bounded computation.
- of Knowledge: The proof cannot be constructed without access to the witness (the private input needed to prove the statement).
With cryptocurrencies, this means itâs possible to hide all transaction data including the sender address, receiver address, and the transaction amount. zk-SNARKs allow us to hide all of this information, while also allowing the network to confirm and verify the transactions. It maximizes privacy while maintaining consensus.
ZCash was the first example a cryptocurrency using the concepts of blockchain technology with zk-SNARKS.The Resistance DEX (ResDEX) uses zero-knowledge proofs to protect the privacy of transactions on the Resistance blockchain. With zk-SNARKs, itâs possible for RES to have no public record or history, and if users choose to send another coin through a private transaction, its history is essentially erased. As the transaction history exists on the blockchain and is not tied to the coin itself, a coin only needs to go through a single encrypted transaction to obscure its entire history and, in turn, achieve fungibility.
There is no doubt that ZK-SNARKs are going to be a huge game changer in the crypto space, but there are a few underlying issues. Some believe that the trusted setup phase can be compromised, there have been scalability issues, and, as with most blockchain protocols zk-SNARK cryptography is vulnerable to attack from quantum computers.
zk-STARKs (Zero-Knowledge Scalable Transparent ARguments of Knowledge).
zk-STARKs are the latest innovation in zero-knowledge cryptography.
zk-STARKs were proposed by Eli-Ben Sasson in this whitepaper, as an alternative version of zk-SNARK proofs. zk-STARKs are, generally, considered a more efficient variant of the technology , and potentially both faster and cheaper depending on the implementation.
What are the Improvements?
First and foremost, zk-STARKs have solved the trusted setup problem. They completely remove the need for multiple parties to create the private key needed for the string. Instead, everything needed to generate the proofs is public and the proofs are generated from random numbers. zk-STARKs actually remove the requirement in zk-SNARKs for asymmetric cryptography and instead use the hash functions similar to those found in Bitcoin mining. zk-STARKs are also considered to be resistant to advances in quantum computing. For example, quantum computers are able to decipher private keys from public keys far faster than outdated computers. This is due to the differences between bits (0 or 1) and qubits (0 and 1 at the same time). Elliptic-curve cryptography is what we typically use to generate private and public keys and itâs not quantum-resistant. zk-STARKs, in contrast, do not use this type of cryptography and are therefore safe from such advances. In other words, zk-STARKs present a simpler structure in terms of cryptographic assumptions.
Currently, The main issue with zk-STARKs is their size. The size of the proofs is bigger when compared to zk-SNARKs. Such a difference in data size may present limitations depending on the context of use. StarkWare Industries is looking to solve some of the challenges with leveraging zk-STARKs (one being the size of the proof) and also commercializing the technology, which can be leveraged across multiple industries, including blockchain implementations.
zk-STARKs are scalable, transparent, have universal applications, and are currently quantum resistant. This allows for the creation of trust in the technology, as it is verifiable. If the problem of block size is solved, we can clearly see many projects adopting zk-STARK technology.
Ring Signature and Ring CT
Image Courtesy: Wikipedia
Monero utilizes Ring Signature technology to protect a senderâs privacy in the input side of a transaction. A Ring Signature is a type of cryptographic digital signature in which a group of possible signers is merged together to produce a distinctive signature that can authorize a transaction. This process was invented back in 2001 by Adi Shamir, Ron Rivest, and Yael Tauman and subsequently introduced at Asiacrypt.
In order to understand what Ring Signatures are and how they help maintain the senderâs privacy letâs take an example. When you are sending someone a cheque, you need to sign it off with your signature, right? However, because of that, anyone who sees your cheque (knowing your signature) can tell that you are the person who has sent it. Suppose, you pick four random people and merge your signatures with these four people to create a unique signature. Nobody will be able to find out whether it really is your signature or not. That, in essence, is how Ring Signatures works.
Ring CT(Confidential Transactions) :
Monero Ring Confidential Transactions, also known as Ring CT, is a privacy feature that was implemented into the Monero protocol. With Ring CT, the transactional privacy of users is improved by making sure that the transaction amount itself is hidden.
Image courtesy: Google Images
Prior to the implementation of Ring CT, Monero required transaction amounts to be divided into denominations like this:
If Bob wanted to initiate a transaction of 12.5 XMR on the blockchain, this output would be denominated into three separate rings of 2, 0.5 and 10. The advantage of this technique is that it ensured that there was always an ample amount of ring members that could be found on the network since a Ring Signature could only ring together outputs that were of the same value. However, the limitation of this technique is that, from the perspective of an outside party, they would be able to see the amounts that were being transacted. To address this issue, Ring CT was implemented based on research done by Gregory Maxwell. What Ring CT does is simple, it hides the transaction amounts in the blockchain. Monero achieves anonymity on all three facets of its transactions through Ring Signatures, stealth addresses, and Ring CT which was implemented later.
âHe who does not move, does not notice his chains.â
Closing Thoughts
There is no doubt that as the future will become more open and decentralized Privacy-based protocols will become more and more alluring for the privacy they offer. Interesting times lie ahead for all the above-mentioned protocols as well as the projects that will implement them. With the staggering growth that these protocols are achieving, the future looks very bright indeed. It will be fascinating to watch the continued development and ultimate end results of these and many more upcoming privacy-focused networks as we move towards mainstream adoption.
