Enlightening the spectrum of privacy with Obscuro
I will start with a little story about decentralization. Back in 2020 we had the so called “Defi summer” which kickstarted a massive crypto bullrun. It took its roots on Ethereum with protocols like Uniswap, Yearn finance, Aave, Balancer, Compound and so on. For the Ethereum enthusiasts, myself included, it seemed obvious that Defi would continue to strive on Ethereum and Ethereum only, because that’s where it was born. Ethereum was the home of Defi. And even when gas fee rose to ridiculous amounts I was not so worried, because there was a roadmap for scaling so everything was fine. And when Binance launched a fork of Ethereum with 21 validators I laughed because it sounded ridiculous.
But soon after, in early 2021, the Binance Smart Chain trumped Ethereum on every metrics: number of transactions, number of active wallets, volume, liquidity. It was overwhelming. Activity had moved from Ethereum to BSC. I was in denial, I just didn’t get it.
But maybe I was the idiot for thinking about decentralization in absolute terms. Maybe BSC was just the right amount of decentralization for the purposes people used it for i.e. gambling on dog money, making low effort clones of every Ethereum apps, and most importantly, getting rugged in any and every possible way. It was a giant permissionless casino. And at that time, BSC was just the right blockchain for this. People enjoyed the permissionless aspect where anyone could deploy any app, much like on Ethereum, but it was faster and cheaper.
On the other hand, people who valued decentralization, censorship resistance and immutability would still use Ethereum despite the high gas fees. To each their own. Different level of decentralization for different use-cases.
And what if I told you, you can also think about privacy like this. Different levels of privacy for different use-cases. This may seem odd because privacy in crypto is usually seen as a monolithic idea, either black or white, either private or transparent. But I think there’s some nuance to it.
The value of privacy over time
One of these nuances is how the value of secrets usually erodes over time. In many countries, states secrets are automatically declassified after a period of 20 or 25 years and are considered to be of historical significance. There are many examples like this in the physical world. In blockchains too, there is an ephemeral form of confidentiality where it’s only required for a given period of time. To prevent MEV, privacy is needed for a couple blocks to make sure a transaction is not front-runned. In the case of gaming, privacy may only be needed for the duration of a game.
After that period of time, privacy becomes irrelevant. Not only that, but transparency may actually become very valuable, because it makes everything auditable. It allows everyone to check whether a game was played in a fair way, or it builds trust in Defi applications.
Obscuro (now known as Ten) came up with the idea of a revelation period: the developer of an application chooses the length of privacy for the app. After that duration, data becomes automatically readable. This is privacy tailored to the need of each application.
The duration of privacy will never be infinite. It might be arbitrarily fixed at one year maximum. This is done as a regulatory tradeoff, more on that topic later. Certainly, some use-cases like health information or other sensitive data would need privacy in perpetuity, and may not be suited for Obscuro. And that’s fine, because the market Obscuro is targeting — gaming, trading, corporations, global banking — is large enough already.
To be exhaustive, there’s also a technical reason why a one-year revelation period makes sense with regards to the underlying technology used by Obscuro, the trusted enclaves such as SGX. A common critique against the Secret Network, which also leverages trusted hardware, is to say that SGX are frequently hacked.
First, Intel is still developing SGX, but the rest is fair. And no doubt, Obscuro will suffer from the same critique. So I might as well front-run the FUD with a quote from Obscuro developer Tudor Malene:
There is one other concern which has to be kept in mind when thinking about unlimited or very long revelation periods. That is the privacy guarantee that the SGX technology itself can offer. As long as the CPU is updated and considered secure by Intel, it is very unlikely that data can leak out of it. Likewise, as long as the network is constantly updated to keep up with the latest fixes, it will maintain the privacy of the current data. On the other hand, this guarantee is no longer applicable for encrypted information dating before the vulnerability fix. This is because an attacker might be able to use a compromised CPU on an old snapshot of the network and attempt to extract some data. While this attack is not easy by any means, it is at least possible in theory. Keeping this in mind, guaranteeing that data will remain private for the next ten years is optimistic. Obscuro does not fight against this fact but embraces it and leverages it in the design. Our main goal is to guarantee the ledger integrity (user funds) under all attack situations. Fundamentally, an SGX hack reduces the revelation period and partially compromises privacy, which is ephemeral anyway but cannot lead to the theft of user funds.
The revelation period pioneered by Obscuro is one of many aspects which define a broad spectrum of features and tradeoffs in blockchain privacy.
Enter the spectrum
Let’s keep adding some granularity to where Obscuro stands on this spectrum.
Computational privacy: With Obscuro, smart contracts can hold secrets. This is a new primitive in crypto, something that can’t be achieved using ZKPs for example. Computational privacy unlocks new use-cases on blockchains like on-chain games with incomplete informations.
Composability: The result you get after a zero-knowledge calculation is a proof, which is not greatly composable. Obscuro does private computation on the actual data, resulting in full composability between applications, just like on Ethereum L1.
User experience: The UX is very close to a usual rollup solution like Arbitrum or Optimism: users will access the Obscuro network with Metamask and enjoy fast, cheap and private transactions. Privacy is not a hindrance to UX or scalability in Obscuro.
Developer experience: While scalability is handled at the protocol level, application designers have to think about the particular privacy needs for their application. They can select which part of a smart contract they want to obfuscate and for how long. This is an easy process with Obscuro as it is an EVM compatible network; changes in the code are minimal.
Regulatory compliance: This is a hot topic after the OFAC sanctions towards Tornado Cash and Aztec. One of the main challenges to building a blockchain privacy solution is not technical but philosophical: how do we reconcile privacy and illegal activities? It is undeniable that privacy is fostering criminal activities. However Obscuro is not meant to be a criminality haven, but a safe harbor for retail and corporations. While corporations need confidentiality for their day-to-day operations, they also need regulatory clarity around the solutions they use. Being compliant is simply cardinal if we want a chance to onboard this trillion dollar market on permissionless blockchains. With the revelation period, Obscuro deters bad actors by sending them a signal that law will eventually catch up with them. This is an important step towards adoption: users can sleep well knowing their assets on Obscuro won’t be frozen the next day.
In essence, the technology used by Obscuro compromises on the hardness of privacy to offer an unparalleled level of usability. On the other end of the spectrum, zero-knowledge solutions can provide a mathematically-secure level of privacy by sacrificing flexibility. As I said in the introduction, different type of privacy for different use-cases.
Outro
Would it be possible to have both unbreakable and flexible privacy? The answer may lie in the realm of fully homomorphic encryption (FHE).
Although it is not ready to be used today, the Obscuro team is closely monitoring FHE libraries. Obscuro is ultimately tech-agnostic and its flexible architecture can allow it to integrate FHE when it becomes practical.
Today however, Trusted Execution Environments are deemed to have the best set of tradeoffs to build a privacy solution which maximizes usability, thus fostering its adoption. Obscuro is a nimble spaceship to navigate the spectrum of privacy on Ethereum.
Find out more
To learn more about Ten, dive into the whitepaper, chat with the community on Discord, and follow us on Twitter.
