Scalability is often touted as the main bottleneck when it comes to the mainstream adoption of blockchain technology. And yes, scalability has been a thorn flesh. Multiple projects have been working on various blockchain scaling solutions, such as Sharding and Plasma. New architectures have also been developed, such as Block Lattice and Tangle,
which offer greater scalability.
which offer greater scalability.
However, an often over-looked factor when it comes to this discussion is Privacy. In the words of Vitalik Buterin,
“When I and others talk to companies about building their applications on a blockchain, two primary issues always come up: scalability and privacy.”
Who needs Privacy on Blockchain?
Well, Buterin provides the answer again:
“As seductive as a blockchain’s other advantages are, neither companies or individuals are particularly keen on publishing all of their information onto a public database that can be arbitrarily read without any restrictions by one’s own government, foreign governments, family members, coworkers and business competitors.”
Imagine a scenario where a nation is ruled over by a totalitarian government. Whistle-blowers or rebels might need to keep their financial transactions outside the purview of the government. Now this may seem to be a bit drastic example, but think of nations torn by strife, and you will understand the gravity of the situation.
Even in our personal lives, we would want to keep personal information such as identity data or medical records away from the prying eyes of others. If such information is hosted on a blockchain, then there is definitely a necessity for it to be private, allowing only a permissioned few to access such sensitive data.
There has been significant research and development on the privacy aspect of blockchain as well. In this article, we will go over some of the past research, and take a look at some upcoming projects which are trying to solve the privacy problem.
Bitcoin and CoinJoin
The idea of CoinJoin was proposed by a developer by the name of Gregory Maxwell in 2013. A CoinJoin transaction essentially involves the combination of inputs by multiple users into a single transaction. If multiple users want to send BTC to multiple addresses, they can combine their transactions with one merged signature.
Each user can publish a particular piece of the transaction, but the combined transaction can go through only when all the pieces are put together. For an observer, it becomes ‘almost’ impossible to deduce with certainty as to which output has been initiated by which user.
Unfortunately, as the MIT Technology Review published in a report, CoinJoin isn’t 100% failproof. Having said that, the success of a CoinJoin operation increases with the number of participants, which makes the technique encouraging from a scaling perspective.
Monero and Ring Signature
Monero is a cryptocurrency which ensures privacy and anonymity by employing the technique of Ring Signature – a digital signature created by a participant in a specified group. If the signature and public keys of all the group members are available, then anyone can verify if one of the participants provided the signature, but that particular participant
can’t be identified.
can’t be identified.
Every time a user sends a Monero (XMR) transaction, the Monero wallet inserts keys from other users in the blockchain to form a ‘ring’. To an observer, anyone in the ring could have signed the transaction, and so the true identity of the sender remains obscured. Similar to CoinJoin, higher the number of participants in a ring signature group, greater is the degree of anonymity.
Monero also introduced the concept of Stealth Addresses to hide the destination of funds. For every transaction, the sender generates a one-time address based on a public address used solely for that transaction.
Every time XMR is sent, it’s sent to a new address, and these addresses cannot be linked together.
Every time XMR is sent, it’s sent to a new address, and these addresses cannot be linked together.
ZCash and Zero-Knowledge Proofs
The concept of zero-knowledge proof (or ZK proof) was first described in 1985 by Shafi Goldwasser and Silvio Micali. In cryptography, a ZK proof is a method by which one entity (the ‘prover’) can prove to another identity (the ‘verifier’) that they have the knowledge of a particular information without revealing the information itself.
ZK proofs are the fundamentals on which various privacy techniques have been developed. ZCash, another privacy-focussed cryptocurrency, uses a type of ZK proof known as zk-SNARK to maintain the privacy of transactions. Zk-SNARKs ensure that transactions in the network can remain encrypted but still be verified as valid.
The privacy features in Zcash are not active by default, but are dependent on an initial trusted setup between a prover and verifier. So, a set of public parameters is required to construct ZCash’s ZK proofs, and thus, the private transactions.
Recent Developments
Ethereum, which still remains the foremost platform for deploying smart contracts, has integrated zk_SNARKs as part of the Byazntium update in 2017. Apart from Ethereum, a spate of recent projects have been working with ZK proofs and other privacy preserving techniques on the blockchain.
Keep Network is using Multi-Party Computation (MCP) to develop a new privacy primitive for deploying smart contracts on public blockchains. Similar to ZK proofs, MCP enables a set of participants, each of whom
hold a private input to a computation, to jointly learn the output of the
computation without revealing to each other any information about the private inputs.
hold a private input to a computation, to jointly learn the output of the
computation without revealing to each other any information about the private inputs.
Findora, a global DeFi network for creating and using confidential assets and smart contracts, uses both ZK proofs and MCP to support privacy-preserving features. This allows operators to verify the validity of transactions without observing the transactions’ private contents even in a private ledger.
Beam, a cryptocurrency focussed on scalable and confidential transactions, is based on a protocol known as MimbleWimble. Introduced in mid-2016 by pseudonymous Tom Elvis Jedusor, MimbleWimble obfuscates transaction data such that it appears as random data to observers, while the actual details are only visible to the participants.
Parting Thoughts
With scalability grabbing the major portion of the limelight, privacy has often been treated as a foster child by blockchain developers. However, privacy is directly tied to the security of a blockchain, which forms one of the 3 pillars of blockchain technology along with scalability and decentralization.
Encouragingly, there seems to have been a shift in the mindset of developers in recent years, as they have gone about implementing new techniques to ensure that transactions remain confidential. As blockchain powered enterprises such as DeFi and asset tokenization continue to flourish, there is bound to be a greater demand for privacy in the cryptosphere.
P.S. – The author has no vested interest in Monero, ZCash, Keep, Findora or Beam.
(The author, obviously, holds both Bitcoin and Ethereum.)