Privacy Protocols Are Not All Created Equally

Privacy is at a premium in the modern digital world, and cryptocurrencies are helping to pioneer the advance of several prominent cryptographic primitives in the battle vs. digital surveillance. At the core of the race for the flagship privacy protocol in the world of cryptocurrencies is the ongoing debate of which approach provides optimal anonymity assurances.

Primarily, there are three camps:

1. Ring signatures (and Bulletproofs) deployed by Monero.
2. ZK-SNARKs used in ZCash
3. Mimblewimble deployed by BEAM and Grin

Out of the three camps, the general consensus is that ZK-SNARKs provide the highest assurance of anonymity on a public blockchain network, although they come at the cost of being the most cumbersome. Mimblewimble recently emerged onto the scene as a more flexible, scalable privacy method, and ring signatures have been a reliable, and evolving standard on Monero for years.

However, for users, it is critical to understand the pros and cons of each, and specifically, which are more practical for certain applications and use cases.

Fundamental Advantages and Disadvantages of ZKPs vs. The Field

A sentiment articulated extensively by Digital Asset Research (DAR) in their formal review of ZCash is that ZK-SNARKs, an implementation of zero-knowledge proofs (ZKPs) exhibit unmatched privacy guarantees out of any competing privacy coin using a public blockchain.

ZKPs are an innovative method that severs any link between sender, recipient, and amounts transferred — only showing a completely opaque blockchain when deployed. They are incredibly powerful privacy tools, where shielded transactions on ZCash provide near-perfect fungibility of the native ZEC token.

However, ZKPs, especially the non-automatic use of them on ZCash, have their downfalls, which is where some projects have capitalized on improving the ZK-SNARK design.

For example, constructing ZK-SNARKs is exceptionally cumbersome — as in not possible on mobile devices and many laptops. The ZK-SNARK construction time on ZCash before the Sapling efficiency upgrade was more than 40 seconds and required up to 1GB of memory per transaction. Such requirements are precisely why DAR cites only 0.36 percent of ZEC transactions on ZCash as comprising shielded transactions.

The computational burden of ZK-SNARKs also precludes them from being flexibly used in blockchain-based applications, as they are prohibitively expensive, time-consuming, and computationally heavy to construct. Before Sapling on ZCash, some shielded transactions took 7 minutes and roughly 3GB to produce. Additionally, the implementation of conventional ZK-SNARKs requires the feared “trusted setup” where network parameters are generated in a ceremony that could potentially compromise the entire network without much evidence to expose the compromise itself.

Comparatively, ring signatures on Monero do not have as strong privacy assurance as ZK-SNARKs but do not require the trusted setup nor are they as computationally cumbersome. Add in the Bulletproof upgrade that drastically improved the privacy and efficiency of automatic private transactions on Monero, and Monero is clearly ahead in flexibility concerning incorporation into applications. However, the blockchain bloat of Monero remains an issue due to its linear ring signature size.

Similarly, Mimblewimble is designed explicitly to be both private and efficient. Emerging on the scene in early 2019, Mimblewimble relies on Pedersen commitments and blinding factors to remove individual addresses entirely, concurrently pruning unnecessary transaction data in the process.

Mimblewimble underscores both privacy coins Grin and BEAM and is widely considered an intriguing development in the industry, although, regarding overall assurances, it is not as strong as ZK-SNARKs. However, the scalability of Mimblewimble is widely appealing to several types of parties compared to the likes of ZCash.

This is where some tinkering with ZK-SNARKs and emerging projects are making an impact.

Suterusu has developed ZK-ConSNARKs which remove the requirement for a trusted setup in ZK-SNARKs for confidential payment schemes while simultaneously crafting an (almost) constant sized transaction and verification. As a result, with Suterusu, you get the privacy advantage comparable to that of ZK-SNARKs without the cumbersome construction requirements and loathed trusted setup vulnerability.

Exploring Suterusu’s ZK-ConSNARKs is relevant as a prism for evaluating why all privacy protocols are not created equally — specifically their application to real-world use cases.

Extended Power of ZKPs and ZK-ConSNARKs

The ZK-SNARK implementation provides the anonymous foundation for building more efficient versions, which can subsequently be integrated into real-world applications. Other privacy protocols, like Monero’s ring signatures and Mimblewimble either do not scale well or provide comparable privacy guarantee.

Such a difference is critical to understand when the primary goal is privacy and subsequent applications beyond that are secondary to the value proposition of anonymity itself.

Suterusu even takes the concept of improving ZK-SNARKs further with ZK-ConSNARKs and its platform for other blockchains to coexist and interoperate.

For example, the modular structure of Suterusu is comprised of the main chain with technical modules for non-cryptography developers to build around. Similarly, the network has its own VM, SuterVM, which can be used to construct and transfers assets between blockchain networks.

A liquid ecosystem of anonymous assets that can translate across financial mediums is an unprecedented value proposition — even for existing privacy-oriented cryptocurrencies.

Add in a deflationary supply schedule and on-chain governance mechanism via liquid decentralized meritocracy, and the privacy assurances of ZK-ConSNARKs are fused into an interoperable, adaptable framework for the creation, issuance, and transfer of private financial assets.

But the applications of ZK-ConSNARKs do not start and end with crypto either.

Suterusu envisions its platform extending into areas like anonymous web identities, large-scale payment schemes, and enterprise data exchange and protection. Even beyond Suterusu, the fact that ZK-ConSNARK is undergoing the type of evolution that they are has critical downstream consequences on the broader tech market.

Past indiscretions of major tech firms expose a willingness to consistently abuse user privacy. With ZKPs, user data can be completely obfuscated, even on a firm’s own applications running on their own servers. Their integration into mainstream platforms and applications relies heavily on the further development of ZK-ConSNARKs into more efficient schemes, but that work is clearly making meaningful progress.