Delivering Practical Privacy in Blockchain and DLT Applications

Alex Broudy


In the early days of crypto, privacy was a critical focus in blockchain development but difficult for the average user to achieve. From 2011–2014, creating multi-signature transactions was considered a cutting-edge technique that provided advanced users more privacy and security than executing standard peer-to-peer transactions alone. Now multisig is standard and more user friendly than ever. So, what’s changed in the last 5 years? And when can we expect blockchains to deliver practical privacy for non-technical users and businesses?

New Privacy-Preserving Protocols

Bitcoin executes pseudo-anonymous transactions, meaning that transaction records are slightly obfuscated but can be figured out by analyzing the public blockchain ledger. While early onlookers of Bitcoin heralded it for anonymous transactions, this was never really the case. When all transactions are public and immutable, time will tell all.

What this means for businesses is that Bitcoin is currently impractical from a privacy perspective but there’s hope at the end of the tunnel. Fortunately, Bitcoin Improvement Proposals like BIP 56 and the Schnorr BIP are being developed to increase privacy and scalability.

BIP 56 implements individual anonymity guarantees using the new Dandelion protocol. Like a dandelion floats aimlessly through the air before randomly spreading its seeds, the Dandelion protocol follows a similar function, hiding where and when a transaction originated from before broadcasting the transaction publicly. Rolling out BIP 56 as a soft fork would improve Bitcoin privacy guarantees and permit other privacy and scalability BIPs like Schnorr signatures to complement the improvement at a later date.

Schnorr signatures are shorter than ECDSA signatures found in Bitcoin and Ethereum, saving space in each block added to the blockchain and solving practical business needs like scalability. What’s more, Schnorr signatures can perform multi-signature transactions much more efficiently than ECDSA. In Schnorr multisig, m-of-n signatures can be consolidated into one round of signing, instead of requiring each private key holder to sign the public key over multiple rounds. This means that it takes less time to execute each multisig transaction because there are fewer public keys to sign and transactions records are more opaque due to the nature of key consolidation.

Keeping financial transactions private is essential to businesses in many industries and verticals because financial records can reveal company status, progress, and intent. If your competitors can see what you’re purchasing and investing in, they have a competitive advantage over you. As Bitcoin improvements like the Dandelion protocol and Schnorr signatures go live, businesses will benefit from private transactions that scale more efficiently than public transactions today. And other cryptocurrencies are following suit.

Blockchain Privacy Cuts Both Ways

Privacy appeals to parties at both ends of the spectrum. For instance, cypherpunks are interested in privacy for the sake of online independence and self-sovereignty. And businesses are interested in anonymizing protocols for the purpose of keeping business transactions private. This is particularly true for the highly transactional private sector where poor security can lead to exposed user privacy and sensitive, personally identifying information (PII) like in the case of Equifax, Yahoo, or more recently, Marriott / Starwood Hotels.

This broad spectrum of users and use cases makes privacy-focused cryptocurrencies and decentralized applications a center for continued development. Privacy-preserving protocols like Schnorr signatures, zkSNARKS, and MimbleWimble that obfuscate and anonymize transactions by design are being explored in various capacities. I believe we’ll continue to see the advancement of privacy-enhancing blockchain solutions in the short- to long-term future.

An emerging consideration for businesses developing privacy coins is their approach to developing open source vs. permissioned protocols. For instance, the MimbleWimble protocol, which uses ECC primitives to fully anonymize transactions, is being developed by both open source communities (seen in the Grin implementation), and private companies, like Israeli startup, Beam, which is trying to blend regulatory considerations and business best practices in a more controlled manner. Beam is implementing permissioned, confidential transactions that can be selectively audited by a 3rd party and has intentions to open source their code at a future date. Appealing to both cypherpunks and regulated businesses can be a risky business proposition. But in the world of crypto, experimentation leads the way. And, so far, both Grin and Beam are finding early success with their privacy coins.

Striking a Regulatory Balance

Achieving a balance between anonymity and regulatory compliance will take the focus of blockchain projects in the next few years. As regulations and copyright directives like GDPR, Article 13, and the California Consumer Privacy Act continue to roll out worldwide, cryptocurrencies that focus on compliance will fare well in practice, while those which try to deliver fully anonymous, open source solutions will find their niche outside the scope of regulated business practices.

Recently, we saw JPMorgan release its own B2B stablecoin called JPM Coin focused on remittances. JPM Coin uses a private ledger based on its own permissioned implementation of enterprise Ethereum, Quorum, which restricts access to compliant businesses by design.

This strategy of developing a crypto-asset using a private distributed ledger technology (DLT) sidesteps a lot of technical hurdles that need to be overcome by public & open source cryptocurrencies. However, JPM Coin does not play nice with other banks, financial institutions, or startups developing their own crypto-assets. At least, yet.

This sandbox limits the scope and utility of JPM Coin for clients. When client needs change and businesses evolve in new directions, clients using JPM Coin and consortium-based cryptocurrencies will be left shortchanged. The on-boarding costs for special-purpose DLTs are low and can solve niche use cases in the short-term but the costs to change tack towards a more interoperable, public blockchain infrastructure in the future could be prohibitive. Forward-looking firms should take time to weigh their options wisely.

Privacy-as-a-Service Timeline

In the short-term, bank and consortium-based cryptocurrencies will fulfil very specific needs like inter-bank SWIFT transactions, which can reduce the intensive margins of costly international payments and remittances. This first wave will be executed using proprietary, niche technologies that are designed to meet big business realities like regulatory and consumer protection compliance at the cost of minimal interoperability.

In the mid-term, private cryptocurrencies like Beam will catch up in order to fulfil compliance considerations like AML & KYC as well as provide opt-in audit trails for otherwise confidential transactions. This tactic will appeal to smaller businesses that can’t afford the overhead cost or exclusivity requirements of large enterprises like JPMorgan.

In both the short- and the long-term timelines, cypherpunk-endorsed privacy coins like Grin and Zcash will appeal to individuals in countries like Venezuela where self-sovereignty and anonymity are critical considerations to using cryptocurrency over local fiat currency.

As more industries and verticals like travel & hospitality, supply chain management, and IoT are attracted to the benefits of blockchain and distributed ledger technology, I believe we will see privacy being developed as a core component of future applications in the next 3–5 years. Once privacy, scalability, and interoperability are solved for in the private sector, public blockchain technology will begin to serve as the new modus operandi for a new, decentralized business architecture and make a world-wide impact in the next 5–10 years. Slowly but surely, the building blocks for a private and secure decentralized future are stacking up.