The rush for zero-knowledge proofs, and where it leaves privacy coins

December 11th 2018
Source: g4ll4is

There is currently a surge in popularity among many of the biggest public blockchains around the implementation of zero knowledge protocols, most commonly zk-SNARK, or Zero-Knowledge Succinct Non-Interactive Argument of Knowledge proofs. Zero-knowledge proofs add a considerable layer of privacy to public blockchains, and do not reveal the transaction histories of those sending funds, as public blockchains do currently. As of writing, several of the most prominent currencies are discussing adoption of zk-SNARKs, including Cardano, Tron, Tezos and perhaps most notably Ethereum.

There are any number of reasons one might want to keep transaction histories private. It is a long-established stereotype that privacy blockchains exist to protect transaction histories from law enforcement agencies, but this is not the extent of their utility. Businesses do not want to make a public list of their payments or clients, and individuals with large balances likely do not want this information being made public for fear of being identified for theft, fraud or solicitations. There are numerous ways to achieve this privacy — shortly Viewnodes will publish a comparison between many of those methods including coin mixing and ring signatures (made popular by Monero). Given the enthusiasm behind zero-knowledge proofs, however, this article will shed some light on this technology and address some of its implications if it is adopted by some of the bigger players.

What are ZKPs and zk-SNARKs?

Zero knowledge proofs (shortened to ZKP) as they pertain to their use in blockchains are an extremely elegant solution in securing privacy for the individual sending a transaction. They provide confirmation that a transaction took place without revealing details of the sender, particularly the sender’s transaction history and perhaps more importantly the transaction amount.

The concept was not invented with cryptocurrencies in mind — they were first proposed as a cryptographic process in the 1980s. Zero-knowledge proofs are a way of proving to somebody that you know something, without revealing how you know it. There are many analogies used to demonstrate this idea, such as a game wherein you can prove to a blind person that two snooker balls of different colors are indeed different.

With specific reference to their use in blockchains, ZKPs can demonstrate that a transaction is legitimate, as happens in Bitcoin and (almost) all public blockchains, but can also add considerable privacy benefits. The person sending a transaction (the “prover”) does not reveal any unnecessary information to anybody, including the receiver (or “verifier”), while the verifier can still be satisfied that the transaction was legitimate. The receiver knows the amount of the currency in question, but does not know which denominations or specific coins the sender owned and more importantly, the receiver cannot see the history of the currency, in theory making it completely fungible. This solves the long-feared “blacklisting” problem that has been theorized with reference to Bitcoin — the idea that vendors will refuse to accept tainted bitcoins and so some coins will be worth less than others. Crucially they also prevent third parties from seeing the transaction amount and the trail of transactions up to that point.

To understand what ZK-SNARKs do specifically, one need only break down the name for each individual function. Succinct means that the proofs can be verified quickly, as opposed to alternative zero knowledge proofs which take several rounds of verification. Non-interactive means the sender publishes their proof, then the receiver verifies this independently without interacting with the sender or, more accurately, prover. Lastly argument of knowledge refers to knowledge of the specific computational process which verifies the soundness of the proof.

Currencies already using ZK-SNARKs

Both ZCash and PIVX utilize zero knowledge proofs via ZeroCoin protocols, the chief differences between them being ZCash is based on the proof-of-work consensus mechanism while PIVX is a proof-of-stake currency with masternodes, and ZCash specifically utilizes ZK-SNARKs. Despite being relatively newer projects, both have seen a strong degree of enthusiasm. As of the time of writing, ZCash was in the top 20 coins by market cap while PIVX was around the 90 mark. Monero, the most prominent privacy coin, recently adopted a somewhat similar mechanism based on range proofs, which as the name suggests is a proof that the amount within a transaction fits within the range it is supposed to, again without revealing historical data or specific amounts to the public.

The big projects targeting ZKPs

This year has seen a great many proposals to implement ZK-SNARKs or at least some form of zero-knowledge proofs to existing blockchains. There is a desire to improve privacy in the early stages of cryptocurrency: Andreas Antonopoulos suggests that privacy must be added before scalability because, as was the case with the internet, it could well be impossible to introduce privacy once scalability is achieved.

Ethereum founder Vitalik Buterin announced that ZKPs were on Ethereum’s roadmap back in 2016, and has written at length on the problems and benefits of ZK-SNARKs. Ernst & Young also developed a proprietary zero-knowledge proof-based application for private transactions on the Ethereum blockchain, allowing companies to obfuscate transactions on the public blockchain while maintaining their own private records. All of this points to the likelihood of Ethereum adopting some form of ZKP in the not-so-distant future.

Tron will adopt ZK-SNARKs in early 2019, with founder Justin Sun suggesting senders will have the option of enabling or disabling privacy when making a transaction. Similarly a proposal was submitted to the Tezos public Github to adopt ZCash’s model of ZK-SNARKs to Tezos transactions. Lastly Charles Hoskinson of IOHK has spoken numerous times of bringing SNARKs to Cardano, with a research lab at the University of Edinburgh exploring models which might be brought to the currency.

Implications for extant privacy coins

The point of contention here is a simple one: if established currencies like Ethereum or even Bitcoin adopt zero-knowledge protocols, will there still be a need for privacy coins? We have established that, at present, privacy coins serve an important purpose and offer fungibility in a way BTC and others do not. Should zero-knowledge proofs become the norm, however, it is unclear if they will retain any utility beyond acting as test-cases for newer privacy techniques which might then be implemented more broadly. It is difficult to argue that such coins would remain valuable unless they can also offer other technological benefits. Monero developers have recognized this — their bulletproofs update in October not only increased privacy but also reduced fees by 95%, to an average of about 1–2 cents per transaction.

Due credit must be given to the platforms which designed and tested the privacy protocols which will likely be implemented, albeit in an adapted manner, to many of the larger projects with many more uses besides private transactions. As can be expected of a broad, open-source community of developers, the best ideas will be adapted upon and integrated into any dynamic project for the benefit of end users. Privacy is just one example of this, but a fundamentally important one.

Article by Byron Murphy, Editor at Viewnodes. For information on some of the services provided by Viewnodes, including our Tezos delegate, click here.

More by Viewnodes

More Related Stories