From Huang Lin
Transactional privacy is an issue that has lasted almost as long as Bitcoin has been around, despite many misconceptions in the early days that blockchain offered anonymity. The reality, however, is that even in the Bitcoin whitepaperSatoshi Nakamoto recognized the public nature of blockchain transactions. Knowing which bitcoin addresses belong to Satoshi is widely recognized in the blockchain community.
Once the lack of privacy at Bitcoin became apparent, developers have worked with varying degrees of success to come up with solutions. In general, the goal is to allow users to transact with at least the same level of relative privacy that they enjoy with their fiat bank accounts, while maintaining trustworthiness.
The most widely used data protection technology is the Zero-Knowledge Succinct Non-Interactive Argument of Knowledge, also known as zk-SNARKs or Zero-Knowledge-Proofs. They allow a party to prove a statement about certain information without revealing the information itself by using a secret key that is generated prior to the transaction.
An incomplete solution
Some projects are now using zk-SNARKS, including Zcash, Monero, Grin, and Tornado Cash. However, like so many implementations in blockchain, developers have made compromises comparable to the famous debate about scalability and decentralization. With zk-SNARKs there is a compromise between scalability and security of the data protection solution.
Zcash, a privacy coin, and Tornado Cash, a private transaction log, both chose an implementation that compromises security while preserving scalability. Your zk-SNARKs require the secret key used for the transaction to be generated using a trusted setup.
This essentially means that one party must be entrusted with the secret keys that they can use to launch a double-expense attack. Without undermining the popularity of both projects, the solution goes against the blockchain’s pursuit of trustworthiness and security against double-spend attacks.
The other option is the knowledge-free proof scheme, without the need for a trustworthy setup, but which makes the proof size so large that blockchain becomes bloated. Monero and Grin have both gone for this side of the compromise, which means that their data protection solutions create a sub-optimal user experience while offering a better security guarantee at the same time.
As with the other famous blockchain debate, iterations on the same problem eventually lead to a solution. Now in 2020 are projects begin to emerge That solved the compromise and offered anonymous payment protocols for intelligent contract platforms using an innovation called zk-ConSNARKs. This provides a nearly constant proof size while eliminating the need for a trustworthy facility and thus the security risk of a double-spend attack.
The idea of “mining” or “liquidity” incentives fueled the DeFi revolution, and privacy protocols are no exception to this rule. Projects like Tornado Cash and, more recently, Lightening Cash have introduced token-based rewards to users of their protocols to increase adoption.
However, not all incentives are created equally. Tornado Cash has been very successful in generating a large total blocked value. around $ 1 billion at the time of writing. In addition, rewards are offered that are linked to transaction values. Hence, the average value of a deposit at the time of writing is over $ 23,000.
This situation poses two problems. First, it suggests a problem that is becoming endemic to DeFi as a whole. The high transaction fees at Ethereum are driving everyday cryptocurrency users out of the market. Positioning itself as “Open Finance”, DeFi is closed to those who don’t have to spend thousands on a single transaction.
The second problem is that an incentive model like Tornado Cash, based on the value of transactions or total blocked value, is geared towards those who need to invest thousands. This means that it serves to limit the value of the privacy protocol itself.
Hide in sight
Think of it that way. If you’re in a city and want to hide, are you more likely to be identified with few other people on a relatively quiet street to disguise your presence? Or would it make more sense to disappear into a crowd of tourists in the busiest square in town?
A value-based incentive model will attract high-quality transactions from high net worth individuals that count less than those with lower investment value. In addition, there is inevitably a greater interest in who is behind high-quality transactions.
A data protection protocol with a high volume of transactions offers more options to hide. It therefore makes sense to tailor the incentives accordingly. Offer rewards to people only for the number of transactions they make through a privacy protocol, and not for the value of their money. This gives you the blockchain equivalent of a city square crowded with tourists – a privacy protocol that allows users to be attracted in sufficient quantities to create critical mass stimulated by the promise of rewards for privacy mining.
Additionally, it makes the base of a low-fee platform like the Binance Smart Chain more appealing to the masses, who are likely to be put off by Ethereum’s high fees.
In an industry that wants to offer Open Finance, data protection should not lead to compromises between users. By providing incentive models designed to attract more users and close security loopholes, privacy can be democratized for the benefit of all participants.
Huang Lin currently serves as CTO of Suterusu Project. Huang is a trained cryptographer. Huang holds a Ph.D. Degree in applied cryptography and data protection distributed systems from Shanghai Jiao Tong University and the University of Florida. He worked as a postdoctoral fellow at the Swiss Federal Institute of Technology (EPFL) and then as an Associate Principal Engineer at ASTRI, Hong Kong. He has published over 20 articles with over 1000 citations on applied cryptography and information security.
The views and opinions expressed are those of the author and do not necessarily reflect those of Nasdaq, Inc.