For Web3, privacy is the elephant in the crystal store. It is at the same time the greatest strength of cryptocurrencies, going hand in hand with the principles of decentralization and anonymity.
Unfortunately, this is also a widely misunderstood topic, for example many see the “privacy” of cryptocurrencies as simply an excuse to finance terrorists and launder money. The fact that the crypto Twitter is proud of its anon culture (anonymous culture) and that the media often (intentionally or unintentionally) reinforce these prejudices does not help to dissolve these stereotypes.
Because Web3 privacy is an all-encompassing concept, touching on everything from monkey profile pictures to encryption and Zero Knowledge Proofs, it is useless to talk about it in general and make hasty judgments. Instead, we should try breaking the topic into smaller segments.
Let's try to see the Web3 "privacy" infrastructure divided into three distinct levels:
Network-level privacy is where every transaction of a criptovalutaon a given network blockchain, is guaranteed by privacy through underlying consent mechanisms of the blockchain, and network-level design choices.
This conception of privacy has its roots in protocol Bitcoin and in his idea of anonymizing "wallet addresses" as 160-bit cryptographic hashes. While Bitcoin itself has fully transparent transactions, where any user can inspect any transaction on its network, the design principles of decentralization and anonymity of Bitcoin have undoubtedly inspired the driving force behind the development of “network-level privacy” and blockchain focus on privacy.
One of the leading projects to establish network-level privacy is Monero, a blockchain based on privacy created in 2014. Unlike Bitcoin, Monero hides both user wallets and transactions behind “Ring Signatures“, where users within a given “ring” have access to a certain group signature and use that group signature to sign transactions. Thus, for any given transaction on the Monero network, we can only tell that it came from a certain group, but we don't know which user in that group actually signed the transaction. In essence, this is a form of "group privacy," where users join groups to ensure privacy for everyone.
Another project tackling this same space is ZCash, an early pioneer of a form of Zero Knowledge Proofs called zk-SNARKs. The fundamental concept behind Zero Knowledge Proofs is that they are a way to prove that something is true without revealing additional information (which could compromise your security and privacy).
A simple example of Zero Knowledge Proof is a gradescope autograder. You have to “demonstrate” that you have performed the CS tasks correctly, but it is not necessary to communicate to theautograder further details on the implementation of the code. Instead, theautograder check your "knowledge" by running a series of hidden test cases and your code must match the "expected" output of theautograder Gradescope. By matching the "expected" output, you can provide zero-knowledge proof that you've done the tasks without showing the actual implementation of the code.
In the case of ZCash, while the transactions are transparent by defaultdefiFinally, users can choose to use these “Zero Knowledge Proofs” to create private transactions. When a user wants to send a transaction, he creates a transaction message that includes the public address of the sender, the public address of the recipient and the transaction amount, and then converts it into a zk-SNARK proof, which is the only thing sent to the network. This zk-SNARK proof contains all the information necessary to prove the validity of the transaction, but does not reveal any details of the transaction itself. This means that the network can validate the transaction without knowing who sent it, who received it or the amount involved.
Despite their differences in design and implementation, for both Monero and ZCash transaction privacy is guaranteed at the level of blockchain, so that all transactions that take place on the network are automatically guaranteed to be private. This privacy guarantee can easily be abused by bad actors to conduct money laundering, terrorist activities and drug trafficking, and Monero is particularly known for its popularity in the Dark Web [6]. Furthermore, as Monero and other “privacy coins” become synonymous with illicit financial activity, this alienates users who use these “privacy coins” out of legitimate privacy concerns, fueling a negative feedback loop that only results in a most harmful underground economy.
This is the biggest disadvantage of providing network-level privacy: it is an all-or-nothing approach in design, where there is a zero-sum trade-off between the transparency of a transaction and the privacy of this transaction. It is precisely because of this lack of transparency that “network-level privacy” draws the most ire from regulators, and why several major centralized cryptocurrency exchanges, such as Coinbase, Kraken and Huobi have removed Monero, ZCash and other privacy coins in several jurisdictions.
A different approach to privacy is to ensure “protocol-level privacy,” where instead of encrypting private transactions in the consensus layer of the network blockchain, we process private transactions on a "protocol" or an "application" that runs on a blockchain net.
Since the first networks blockchain, like Bitcoin, had limited programmability, creating “protocol-level privacy” was incredibly difficult to do, and it was much easier to fork the Bitcoin network and implement privacy from scratch in the form of a new blockchain and “privacy currency”. But with the advent of Ethereum and the rise of “smart contracts,” this has opened up a whole new avenue for privacy-preserving protocols.
One of the more notable examples of “protocol-level privacy” is Tornado Cash, which is a decentralized application (dApp) on Ethereum that “shuffles” transactions into a pool to ensure transaction privacy – somewhat similar in concept to the Monero “blend in” with the crowd approach.
The Tornado Cash protocol, in simple terms, involves three main steps:
Unfortunately, in August 2022, Tornado Cash was sanctioned by the US government, as the Office of Foreign Assets Control (OFAC) alleged that North Korean hackers were using the protocol to launder stolen funds. As a result of this crackdown, US users, businesses and networks are no longer able to use Tornado Cash. Stablecoin issuer USDC Circle went one step further, freezing more than $75.000 worth of funds linked to Tornado Cash addresses, and GitHub canceled Tornado Cash developer accounts.
This has triggered a storm of controversy in the crypto sphere, as many have argued that the vast majority of users use Tornado Cash for legitimate privacy-preserving transactions, and that users of the protocol shouldn't be punished for the bad deeds of a small minority. But more importantly, because Tornado Cash is a “protocol-level privacy” on Ethereum, rather than a “network-level privacy” solution, the crackdown and fallout has been limited to just this protocol on the Ethereum network rather than affecting the entire network, unlike Monero and ZCash, Ethereum has not been delisted by Coinbase due to these sanctions.
An alternative approach to “protocol-level privacy” introduced by Aztec Network focuses on “rollups” to protect user funds and support private transactions. Aztec's main product is zk.money , which uses a 2-level deep recursive Zero Knowledge Proof for both scaling and privacy. The first ZKP proves the correctness of the protected transaction, ensuring that the transaction was in fact private and that there was no information leak. The second ZKP is used for the rollup itself, in order to group the computation of transaction batches together and ensure that all transactions have been executed correctly.
While rollup-based “protocol-level privacy” solutions are still in their infancy, they represent the next evolution of “protocol-level privacy” solutions. A key advantage of rollup solutions over dApp-based “protocol-level privacy” solutions like Tornado Cash is their greater scalability, as the heavy computing work is done largely off-chain. Furthermore, because much of the rollup research has focused solely on augmenting computation, there is still ample room for exploration in the application and extension of these technologies in the privacy sphere.
A third approach to conceptualizing privacy in Web3 is to explore “user-level privacy,” where privacy guarantees are provided for individual user data rather than focusing on user transaction data. At both the “network” and “protocol” levels, we see the recurring problem of a minority of bad actors (such as dark web transactions and money laundering schemes) influencing network and protocol use for the majority innocent who is simply concerned for their privacy of personal data.
The crux of “user-level privacy” is that by focusing on individual users of a network itself, we conduct a “targeted” form of filtering where users and benign addresses are free to privately interact with the network blockchain, while malicious users can be quickly filtered out. As you can imagine, this is a difficult task, walking a fine line between transparency and privacy. This user-centric view of privacy also generates an entire debate (and industry) about the role and future of decentralized identity (dID) adjacent and derived from the Web3 privacy issue. For the sake of brevity, I won't discuss the issue of KYC and authentication in Web3.
The fundamental insight of “user-level privacy” is to unbundle and reinvent the relationship between the user himself and his wallet addresses on the chain, since wallet addresses are the atomic identifiers on a network blockchain. Importantly, there is a one-to-many mapping from users to chains: users often control more than one wallet address on each network blockchain with which they interact. This is the idea of “on-chain identity fragmentation”. Therefore, the crux of “user-level privacy” is to find a secure way to map users' personally identifiable information (PII) to all these fragmented on-chain identities.
A key project in this regard is Notebook Labs, which seeks to use Zero Knowledge Proofs to link fragmented identities together with a user's PII, providing the following guarantees:
While the cryptographic specifics of the protocol are beyond the scope of this essay, Notebook Labs demonstrates two core tenets of “user-level privacy”: the importance of addressing the reimagining of the relationship between the multitude of fragmented identities on-chain with human users of the real world, as well as the important role Zero Knowledge Proofs play in aggregating and linking all of these identities together.
Stealth walletsAnother emerging solution to the question of “user-level privacy” is the idea of “stealth wallets“. Again, the idea of “stealth wallets” takes advantage of on-chain identity fragmentation, taking advantage of the fact that a user typically has more than one on-chain identity. Unlike Tornado Cash and other "protocol-level privacy" solutions, which try to obscure the transaction data itself, Stealth Addresses try to obscure who the real people are behind the sender and recipient addresses. This is essentially implemented by finding an algorithm to quickly and automatically generate "single-use wallets" for a user's transaction.
An important conceptual difference between the “stealth wallet” and the privacy solutions discussed above such as Monero and Tornado Cash is that this is not a form of “privacy in the crowd”. This means that unlike Tornado Cash, which can only provide privacy guarantees for traditional token transfers such as ETH, stealth wallets can also provide security guarantees for niche tokens and NFTs, or unique on-chain assets that do not they have a “crowd” to blend into. However, so far the discussion on stealth wallets on Ethereum has remained in the theoretical stage, and the effectiveness of the implementation and the legal repercussions of this new technological solution are yet to be seen.
BlogInnovazione.it
Developing fine motor skills through coloring prepares children for more complex skills like writing. To color…
The naval sector is a true global economic power, which has navigated towards a 150 billion market...
Last Monday, the Financial Times announced a deal with OpenAI. FT licenses its world-class journalism…
Millions of people pay for streaming services, paying monthly subscription fees. It is common opinion that you…