On-chain Privacy Protection: Never Absent

Published in

Phala Network

7 min readAug 4, 2020

Translated from https://mp.weixin.qq.com/s/OlEXIAaDL56ADwkP7T-amg Author: Jinghui Liao

Blockchain offers a decentralized and trustless digital solution to protect our data, which, to some extent, is making our pursuit of complete privacy protection come true.

One reason is that blockchain is a decentralized system, where on-chain information can be seen throughout all of the nodes on the network; further, the consensus algorithm requires all the transactions to be public and verifiable.

Based on the above, all information submitted on-chain is completely transparent, from the transactions to the contracts, even the details are traceable as well. Moreover, since the blockchain is tamper-proof, the information will be recorded permanently.

Someone argues that the accounts on the blockchain are all created personally, so the address won’t reveal the identity of their owner, which makes users’ personal data secure even if being traced. The truth is, we will have to interact with our real identity more or less when using blockchain accounts. Others can still trace you through your on-chain transactions.

For instance, Kim Nilsson, a talented hacker at Mt.Gox, cost 3 years to investigate and finally found the coin thief based on clues from massive transaction records, as blockchain transactions are trackable and accounts won’t be changed quite frequently for most of people.

Mixer

Bitcoin Mixer may be the first solution against privacy issues in the blockchain.

For example, the main hero in a gangster movie would often gather and walk with a group of people wearing similar clothes with him to escape from tracking. Similarly, if a mixer were applied in transactions, it would transfer coins through multiple accounts (dozens or hundreds) to largely weaken the possible relation between the sender and the recipient, which causes much difficulty on asset traffic tracking.

Mixer is simple and easy to understand and implement. However:

A user has to transfer his asset into the Mixer first, which means if something goes wrong, they may lose their asset permanently.
Still, transactions can be traced despite the huge difficulty which is already gradually decreasing with the development of high-tech analysis methods and algorithms.

Zero-Knowledge Proof

A better solution, in addition to the Mixer, is to create a new chain in allusion to privacy, which is adopted by many blockchain projects. Among them, Zero-knowledge proof is most popular.

Zero-knowledge proof, as the name implies, is a proof process in which additional knowledge information cannot be obtained. A common example is the Sudoku puzzle: here’s a sudoku question. If you wonder whether it can be resolved, I would have to prove that the answer exists without revealing it. How? I’ll show you 9 disordered numbers in the column or row which you randomly pick. There’s clearly an answer when you see each number is here. And so on, the more columns and rows you verify, the more you believe the answer exists. However, in such a process, you didn’t get any information related to the answer.

Problems exist. First, the amount of data that requires verification is huge. Starting with Zk-Snark[2] to bulletproof, it is drastically reduced but the verification is still not efficient; Secondly, the process of generating proof is computationally intensive and time-consuming. Furthermore, Zero-knowledge proof requires a special circuit for each specific logic, which means there is no universal circuit and the technical threshold is relatively high.

Stealth Address and Ring Signature

Both the stealth address and ring signature are used in technologies in Monero[3]. We know that ,. at present, most of transactions and accounts are linked in the majority of blockchain projects such as Bitcoin, Neo, ETH, etc..

But the stealth address technology embedded in Monero conceals a transaction’s actual destination address. Since the transactions are not related to the accounts, each transaction itself is a separate account.

As an example, the common transaction is: I transfer 50 cents from my account to you, and you sign and receive. With stealth address, the transaction mode will be: I created an account within 50 cents, and only your private key can enter this account.

While the stealth address can hide the destination address, the ring signature can hide the source address. It consists of a group of digital signatures from various users that come together to form a ring. From the output, ring signatures protect the actual signer by obscuring the input side of a transaction. As a result, all ring members are plausible signers and the sender’s identity can not be detected.

The problem is obvious as well. It’s so hard to search your block info for anyone, even yourself. If you wonder which transactions should be sent to you, you have to try every transaction with your private key. Without trying, you won’t even know whether the transaction is yours or not.

Homomorphic Encryption

Homomorphic encryption is mainly used in Smart Contracts, in which other technologies mentioned above cannot be adopted. The logic is written by the users, and you don’t know the exact form, implicating there’s no verification circuit written in advance. But homomorphic encryption can protect privacy to some extent.

Simply put, it performs computations over encrypted data.

A simple case, if I have 2 kg of pear, 1 dollar per kg, then I have pears worthy of 2 dollars. This proves a corresponding relationship between pears and their value. You can figure out the value from the weight, and vice versa.

Homomorphic encryption computes on ciphertexts, and generates an encrypted result which, when decrypted, matches the result of the operations as if they had been performed on the plaintext. In this way, the privacy and the correctness of the computation result both can be guaranteed, implementing privacy protection in the smart contract.

Trusted Execution Environment (TEE)

TEE is a secure area of a chip, which is protected by the hardware in the most direct way. Only the secure system process has access to the data and code loaded inside TEE, thus to guarantee confidentiality or sensitivity.

In fact, TEE is very common in our daily life. Whether iOS or Android, Qualcomm, A13 Bionic, or Kirin, they all embed TEE to protect our personal information locally.

Many researchers are working on methods to combine TEE with blockchains as well. A blockchain system supported by TEE can not only implement privacy-protecting transaction processing and contract execution, but also add execution possibilities for projects without smart contract such as Bitcoin.

Sidechain and Channel

In addition to the above schemes that directly work on the program, the solutions of the second layer can also address well the privacy issues encountered by blockchain.

The sidechain is attached to the main chain using a two-way peg and only interacts with the main chain when key assets are transferred. Other ordinary transactions are merely managed by the sidechain without synchronization, thus avoiding privacy breaches.

The sidechain solution theoretically solved the problem faced by most of the blockchains yet with itself a sacrifice of decentralization. As side chains can run and maintained in an organized way, a blockchain applying such solution would lack of security cus it’s fully centralized.

Currently, the channel system is mainly based on the Bitcoin Lightning Network. The user creates a multi-signature account on the main chain with only two parties. During this period, the two participants can initiate unlimited times of balance allocations off-chain, and they just need to submit the final result without other data to the main chain, thus avoiding the leakage of transaction information. This structure, although simple, is very inconvenient. the user needs to lock a part of the assets inside the channel in advance. Additionally, there is a risk of an Eclipse Attack in the dispute settlement.

To Sum It Up

Research on the privacy protection of blockchain is in the ascendant. New technologies and solutions are emerging one after another. I believe that one day, there will be a perfect scheme to implement on-chain confidentiality. We are all looking forward to that.

About Phala

A Substrate-based confidential smart contract blockchain on which you can develop confidential-preserving and privacy-first blockchain apps. Member of Substrate Builders Program starting lineup. Recipient of Web3 Foundation Grant.

Website | Twitter | Github | Telegram | Discord