Privacy in Cosmos: DeFi Edition Event Summary

Privacy in Cosmos: DeFi edition is the third Cosmos event hosted by ZKValidator and the second event to be funded by the Cosmos Hub as part of the four-part privacy focused event series. The event took place on 27th September, supported by our media partner Zero Knowledge Podcast. To view the recordings of the event, view the playlist here.

Follow ZKValidator on twitter to hear about our next events and to support us, stake your ATOMs, instructions here, or OSMO, instructions here, with us.

Event Summary

Interesting takeaway messages from the presentations and panel discussions:

• MEV through front running can be prevented utilising transaction threshold encryption, only implementable on chains with BFT consensus, seen in action in Osmosis.
• Other methods of transaction encryption, such as SGX or time-lock encryption, can be implemented but can compromise on security and user experience.
• In a cross-chain world, even with wrapped threshold encryption, inferring the likely outcome of a transaction on one chain by what happened on another chain is difficult to defend against — MEV opportunities increase linearly with the number of chains.
• The bridge used for cross-chain transactions has little bearing on privacy, it is more important how the transaction data is embedded.
• There is a trade-off between latency and privacy with transactions across a bridge, only with transparent bridges can a transaction be executed earlier to improve user experience.
• The concept behind Terra stablecoins, has inspired other projects to be built utilising the game theory incentive structure to create mixers and private stablecoins.
• A recurring theme exhibited in most privacy projects is the notion of trade-offs between elements such as security, user experience, privacy preservation and accountability.

During our June event, two core themes emerged that warranted further exploration, driving the direction for this follow up event. The sentiment that for privacy to be implemented successfully, user experience must be prioritised and the opportunities that the cross-chain Cosmos ecosystem provides for innovation in the realm of privacy. Concurrently, since the gravity DEX and other DeFi boosting innovations went live during the interim period, it seemed fitting to intertwine these themes into a single privacy focused event. To encompass this, the event is split into three themes:

1. Front running and MEV — how privacy preserving technology can combat this with a talk from Sunny Agarwal, Osmosis and panel discussion with Anna Rose and Georgios Konstantopoulos
2. IBC, bridges and the potential of privacy in a cross-chain world — a talk from Henry de Valence, Penumbra and panel discussion, moderated by Anna Rose, with Henry, James Prestwich and Belsy K
3. Stablecoins and privacy — how the technology behind Terra inspired other innovations in the privacy space, featuring SJ Park, Terra, Terrabay, Shade Protocol and Secret Network

This post will provide a summary of the key discussion points raised during Privacy in Cosmos: DeFi Edition.

Front Running and MEV: Prevention through Privacy

— view the video here

Since the dawn of DeFi on the Ethereum blockchain, heightened adoption of protocols such as MakerDAO, Aave and Compound has piqued interest in the space with developers piling in faster than ever. Yet reports highlight that $280M is extracted by front running every month on blockchain networks, with 42% of this value extracted due to trades on Uniswap. More generally MEV, miner extractable value or PEV, proposer extractable value for proof of stake networks, refers to the value that can be obtained by manipulating transactions on a blockchain. DEXs, decentralised exchanges, and AMMs, automated market makers, in the Cosmos ecosystem have an opportunity to do things differently, and such opportunity is underpinned by privacy preserving technologies such as threshold decryption utilised by Osmosis.

During his talk, Sunny Aggarwal highlighted that front running, ordering transactions in a block for a monetary benefit after seeing transactions in the mempool, can be prevented through encrypting transaction data. Mempool encryption is possible with three techniques: 1) Trusted Hardware — software guard extensions (SGX), 2) Timelock encryption and 3) Threshold encryption. Each encryption technique comes with its own pros and cons; generally trade-offs compromise on security or user experience.

An SGX setup provides validators with a private decryption key inside the SGX enclave which is inaccessible. Once a block is committed it is sent to the enclave, decrypted and executed. The main benefit here is that this technique does not require a protocol change to be implemented, however a strong drawback is on security. MEV fundamentally exists due to pure economic rationality which can be extended to the cost of breaking an SGX once this is less than the potential MEV.

Timelock encryption requires work to be done or time to pass before transactions are decrypted. There is a clear trade-off that the longer the delay before transactions are encrypted, the better the security against MEV but the longer the execution delay the greater detriment to user experience. For this encryption method to function, all transactions must utilise this encryption method.

Threshold encryption, applied by Osmosis, is a method that requires byzantine fault tolerance (BFT) consensus adopted in the Cosmos SDK. Transactions in a block are decrypted once a validator obtains ⅔ of decryption shares, the same proportion of votes required for consensus. Therefore transactions are decrypted and executed, and consensus is reached simultaneously. The main drawback to threshold encryption is the increased bandwidth as decryption shares are transmitted alongside consensus votes. User experience is not compromised as consensus is reached after a one block delay and security is equivalent to that of the consensus mechanism.

A summary of the pros and cons of different transaction encryption techniques, format adapted from the presentation given by Sunny Aggarwal.

Thus far, solutions to prevent front running have focused on transactions within a chain, yet the growing interoperable Cosmos ecosystem motivates the need for cross-chain protections. During the MEV panel discussion between Sunny Agarwal, Anna Rose and Georgios Konstantopoulos, the notion of wrapped threshold encryption was introduced. This concept requires only the subset of data required for transaction execution on one chain to be decryptable on that chain, and the remaining data to stay encrypted until it reaches the next chain. However, inferring the likely outcome of a transaction on one chain by what happened on another chain is difficult to defend against. For instance, one asset could be borrowed on a chain and if there is an AMM on another chain, one could infer this asset will be sold, thus opening up a front running opportunity. A relayer that is taking transactions from one chain and proving they happen on another chain could claim to forget to relay transactions in order to place their own transactions ahead of the forgotten transactions. This so-called “relayer extractable value” grows in proportion with the number of connected chains. Such a problem is present in the Cosmos ecosystem where Tendermint BFT consensus means there is instant finality, this raises the question of how much bigger this issue could be for blockchain networks with reorgs, such as Eth 2.0 where reorgs can take place up to 2 epochs previously.

IBC, Bridges and the potential of Privacy

— view the video here

With IBC transactions alive and thriving in the Cosmos ecosystem, it is important to consider whether this interoperability can be detrimental to user’s privacy. Henry de Valence gave an introduction to private zone Penumbra during his talk. Penumbra enables private trading of crypto assets from within Cosmos and also to bridge outside of Cosmos. Penumbra consists of:

• Private transactions: Zcash style private transactions that record transaction value in notes. Every user has a private fragment of the chain state and users add honest updates to private state fragments with zero knowledge proofs.
• Private staking: made possible with liquid staking and delegator tokens, PEN and PENb respectively.
• Private swaps: the swap value is burnt and encrypted so that individual trade amounts are not disclosed. Validators decrypt batch totals and clear the amounts, they then privately mint output funds.
• Private market making: using the same concentrated liquidity mechanism from Uniswap v3 with anonymous trading functions so that active market makers can protect their strategies.

But having a private zone provides privacy protection for on chain transactions but what about interchain transactions? During the panel discussion, it was established that there are two broad categories of concern for privacy in a cross-chain world, namely considerations around credentials and cash. For each of these subsets, there is different information to reveal or exchange and there is a trade-off between privacy and public accountability — leaking information about individuals compared to aggregated data.

Illustration of bridges and IBC within the Cosmos ecosystem.

Most bridges will be broadly speaking equivalent in terms of transactional privacy, with small variations in latency and security. What is of greater importance is how the data is embedded in the cross-chain transaction than the bridge being used. Fungible token transfers along bridges can retain privacy to a different extent dependent on the conditions of the transfer. For example, a transfer between two private zones may publicly show the transfer amounts but remove the addresses of the transfer. To add a layer of privacy, multiple transactions can be batched together with homomorphic threshold cryptography so only the batch amount is visible. However, this approach introduces latency during the batching process and is only possible when there are multiple users so that the anonymity set can exist.

The trade-off between latency and privacy preservation in bridge transactions provides both advantages and disadvantages. In transparent bridges, a liquidity provider can see a user’s high latency transaction and pay it out early, not to compromise on the user experience. With a private bridge, this would not be possible but if a user requires privacy, it is unlikely that this higher cost of capital would be a sufficient deterrent. Transparent bridges put the burden of responsibility on the user to retain privacy. A motivated attacker will be able to deanonymize someone but as panelist James Prestwich suggested, we should strive to ensure the average user is safe to prevent mass data collection.

Stable coins

— view the video here

In keeping with the event theme, quintessential to DeFi, the humble stablecoin could not be forgotten. SJ Park from Terra, a layer 1 chain built with the Cosmos SDK, gave a brief overview of the UST LUNA pair, where UST currently stands as the fifth largest stablecoin by market cap. Terra stablecoins are algorithmically pegged, with the peg maintained by game theory incentivisation — 1 UST can always be minted for $1 of LUNA and 1 UST burnt for $1 of LUNA. The logic behind the algorithmic peg is that fiat pegged stablecoins are susceptible to centralisation so this solution remained true to the core premise of decentralisation in DeFi. Moreover, the Terra team has the same ambition to follow the path of Shapeshift and Maker DAO, with the current team setting the foundations for the future of the ecosystem. Terra is on the brink of enabling IBC transfers, which will mean that UST will soon also be usable within the larger Cosmos ecosystem, and as well in the emerging Cosmos DeFi projects. Although, Secret Network are already able to bridge UST to their private zone using the Columbus 5 bridge.

Active in the wider Terra ecosystem, after SJ’s talk we heard from privacy projects Terrabay, Shade protocol and Secret Network. Terrabay is a mixer, utilising Terra’s incentive structure. Shade protocol, built on Secret Network, is building an algorithmic stablecoin with privacy by default based on the Terra Luna model.

Event Metrics and Feedback

From 234 signups, 155 people attended with peak attendance at a given time of 101, An increase of 61 attendees since the previous event. The event feedback was also positive with all survey respondents rating the event 4 or 5 stars out of 5.

In terms of the budget for the event, the table below shows the spend using a 90 day average price, up to 30th September for ATOM of $18. The total spend for the event was 512 ATOM.

Conclusion

Within the Cosmos ecosystem, the implementation of privacy preserving technology has been an opportunity to improve user experience, evident in threshold encryption used in Osmosis or enabling market makers to keep their strategy private in Penumbra. In cross-chain transactions, in general it is difficult to avoid trade-offs between security and user experience, or privacy and accountability but the choice to compromise to preserve privacy should be available to users. Through discussion and interrogation of these themes, enabled through platforms such as this online event, the profile and importance of privacy can be elevated in the Cosmos ecosystem. We hope to see you at the next event!

Don’t forget to follow ZKValidator on twitter to be informed of upcoming events and feel free to reach out directly to events@zkvalidator.com with any questions you may have.