News
Anonymity of crypto currency, what coins really provide privacy?
Privacy is an important topic in the field of crypto currency. Neither companies nor individuals want to publicize all their information in a public detachment that can be read without any restrictions by the local or foreign government, family members, colleagues or competitors.
"I view privacy as a way to stop growing fears about any of our activities and create spheres that we are free to optimize in the interests of our own happiness – and only it! – without thinking about the opinion of other people, " – Vitalik Buterin .
At the moment, there are many experiments and studies of various approaches to achieving privacy in the detachments, but a thorough review of this problem has not yet been presented.
In this article, we discuss the latest experiments and studies of privacy in four areas:
- private koin,
- the privacy of smart contracts,
- infrastructure of privacy,
- research of privacy.
Privacy (or lack thereof) in Bitcoin
Bitcoin was originally developed as a pseudonymous (unlike anonymous) crypto currency, which supported the privacy of users only insofar as there was no way to connect the real-world entities to addresses in the Bitcoin network.
However, due to the public nature of Bitcoin's detective, it quickly became clear that users could be identified based on the patterns of their use of certain addresses and related transactions. In addition, network nodes, spreading information about transactions, even open IP addresses.
Each node represents an address, and each line represents a transaction. Many nodes, such as Mt. Gox, Silk Road and Satoshi Dice, were de-anonymized on the basis of regularities of their transactions.
In 2013, Sarah Meikljon and others successfully identified clusters belonging to online purses, sellers and suppliers of other services. Today, services like Chainalysis and Elliptic deanonimize blockrooms to detect money laundering, fraud and abuse.
In this example, the observer can see that the group {Alice, Bob} has sent the bitcoins to the {Carol, Ted} group, but is not in a position to determine exactly who and to whom the funds were directed. If you repeat this process several times with different users, then the total anonymity will increase.
In response to the decrease in the level of privacy Bitcoin services were created so-called mixing cryptocurrency like CoinJoin , to increase the anonymity of using blokcheyna.
In CoinJoin, users jointly create transactions that mix their own currency, which anonymizes the user within that set of coins. This process is then repeated between different users to improve the overall anonymity of the participants. Such mixing services have historically been used for criminal purposes to mix identifiable bitcoins with other means and make it difficult to track their primary source.
And yet CoinJoin has its drawbacks. Privacy is achieved here due to the large size of the "anonymity set" of coins. But in practice, in the average CoinJoin transaction only 2-4 users participate, which allows deinonizing 67% of CoinJoin transactions . Further improvements to this service have inspired the creation of more advanced "mixers" – like, for example, TumbleBit – but they also have their limitations.
Private coins
In view of the lack of privacy in Bitcoin and the absence of any plans to increase it at the protocol level in the foreseeable future, several new crypto-currencies have appeared, aimed at supporting anonymous transactions.
Zcash was created by a strong team of crypto scientists using zk-SNARK technology. The original breakthrough idea of evidence with zero knowledge was offered in 1985 by Goldwasser, Mikali and Rakoff . The zk-SNARK technology developed by Elay Ben Sasson and others in 2015 is an improvement of evidence with zero knowledge, which allows you to concisely and non-interactively prove that you know something without revealing what it is. zk-SNARK is at the heart of many privately-related projects and can also reduce block sizes using recursive composition techniques.
At the moment, the Zcash team is working on Sapling, improving the network, which will increase the performance and functionality of secure (encrypted) transactions and the release of which is scheduled for October 2018. The creation of encrypted transactions requires large computational costs – and about 85% of Zcash transactions are still sent openly. Sapling is expected to increase the number of secure transactions.
Monero is another private koin, instead of zk-SNARK using ring signatures. At the moment, the Monero team is working on Kovri technology, which will enable packet routing, so that users can hide their geographic location and IP addresses and thus maintain privacy. Anonymizing the network traffic of users will significantly improve the security of the Monero network, protecting its users from arrests or potential physical harm.
Zcash and Monero are often compared. Both communities are headed by extremely popular characters in cryptovitter – Zuko Wilcox in the case of Zcash and Ricardo "fluffypony" Spagny in the case of Monero. However, if Zcash is supported by its own company and the fund, Monero can boast only the organic community of key developers. In both networks, vulnerabilities were identified that allowed users to be identified-the researchers were able to associate 69% of Zcash secure transactions with the founders or ministers and deallocate 62% of all Monero transactions – but they were later eliminated.
And yet both projects initially use very different approaches to privacy – as a result, the compromises they are compelled to go through are different – and so far nothing has happened that would clearly show the advantage of one project over another in the long term. In my opinion, Zcash and Monero will continue to co-exist, like Coca-Cola and Pepsi.
Mimblewimble is a new blockbuster project, created on the basis of Bitcoin's design and focused on the privacy of users. July 9, 2016, someone under the pseudonym Tom Elvis Jedusor published his whitepaper in the research channel Bitcoin and disappeared. Later, a certain Ignotus Peverell launched a Github project called Grin and started the implementation of Mimblewimble. Blockstream employee Andrew P.Pelstra presented the project at BPASE's 2017 conference in Stanford, after which Grin began to gain popularity. The third test version of the network has already been released, and the main release is expected in early 2019.
Mimblewimble / Grin is the improvement of confidential transactions and CoinJoin ideas based on Bitcoin. Among the key features of the project are the lack of public addresses, complete privacy and small size of the detachment. Recently, many enthusiastically discuss the mining of Grin, because Grin-koins, like bitcoins, can be created only on the basis of PoW (proof of work). Grin uses the Cuckoo Cycle algorithm, designed to protect against ASIC mining and to prevent the centralization of mining, as in Monero .
In general, Grin combines socially attractive features that give such power to Bitcoin – an anonymous creator, a development team without a leader, a PoW-consensus, the lack of ICO and some hard-coded block management tools – with technical improvements like those used in Zcash and Monero.
However, unlike Bitcoin, the total volume of Grin coins is not limited, and their monetary policy is a linear schedule for the release of coins. This means that inflation is very high at the beginning of mining, but eventually gradually tends to zero (not reaching it). At the same time, early inflation encourages the spending of coins, rather than their speculation after the launch of the crypto currency. And although such "perpetual" inflation makes Grin not the best asset for investments, it avoids Bitcoin's instability , which will come when miners stop receiving compensation for blocks and will be able to rely only on commissions for transactions.
Such a monetary policy also allows to avoid the controversial idea of "Founder's reward", when within 4 years 20% of the created ZEC tokens are paid to the developers of the project. Finally, the size of the MimbleWimble blocker is scaled in proportion to the number of users, and not the number of transactions, which also solves the problem of scaling the UTXO array, which is typical of Monero ring signatures.
Among other interesting private coins, which are still at an early stage of development, we can distinguish MobileCoin and BEAM .
Privacy in smart contracts
Privacy in smart contracts is different from the privacy of payments, because smart contracts contain publicly available software code. Unfortunately, obfuscation of such a program is objectively impossible , as a result of which, in their current form, smart contracts also lack confidentiality (concealment of amounts for payment), and anonymity (concealment of identification data of senders and recipients).
I am convinced that the demand for the privacy of smart contracts will increase when corporations are ready to build large-scale decentralized applications and realize the need to hide the activity of their customers.
Now nobody particularly worries about the public availability of data on the use of decentralized applications like CryptoKitties. This situation is similar to the one that occurred at the time of the Internet's inception, when the underlying sites used the HTTP protocol, and only later was HTTPS developed, which allowed to encrypt traffic and use the web for purposes such as e-commerce.
As there is no privacy in Ethereum, the statistics of the use of decentralized applications is available to all comers on DappRadar.
In the case of Ethereum, we have the Zether project of Benedict Bünz from Stanford – the fully Ethereum-compatible private payment mechanism, which ensures both confidentiality and anonymity of smart contracts. Zether will itself be implemented as a smart contract in Ethereum and consume a minimum amount of gas. This is a flexible tool that allows you to guarantee the privacy of many applications – for example, payment channels.
Keep is another project of creating a kind of "privacy layer" for Ethereum, which uses containers outside the chain for private data. This approach also allows you to manage private data and use it without disclosure in the blockroom.
And although at the moment privacy is second only to Casper, Ethereum Foundation is slow with the implementation of the latter, which means there is a risk that we will have to wait for Ethereum privacy for a long time "by default". If, in the near future, the crypto community begins to feel an acute need for the privacy of smart contracts, then this vacuum will be filled by newly appeared platforms with support for smart contracts – both Zcash and Monero did this with private payments that were not in Bitcoin. Such platforms – like, for example, Enigma , Origo and Covalent – are already trying to ensure the native privacy of their blockboys.
Another interesting privately-related project belongs to Oasis Labs . They are building Ekiden , a new platform for smart contracts that separates the execution of contracts from the consensus mechanism. Smart contracts are performed inside isolated hardware (for example, Intel SGX), which is called a "secure enclave".
This enclave acts like a "black box", keeping the calculations secret from other applications. It also generates cryptographic evidence that the program was executed correctly, and this evidence is then stored in the blockroom. Due to the division of the execution of contracts and consensus, Ekiden is compatible with various blockboys, including Ethereum.
Privacy Infrastructure
In addition to private coins and smart contracts, there are other important privacy projects for the Web 3 stack , which are also worth mentioning.
Orchid is an attempt to build an improved version of Tor, in which users receive tokens, leasing their bandwidth and acting as repeaters within the Orchid network. Tor's problem is that there are only about 6000 relay nodes and less than 2,000 bridges , so the same Chinese government can easily make all repeaters and bridges blacklisted, thus cutting off access to the Tor network for its citizens.
Using an economy based on tokens will encourage more people to become repeaters, which means that the Orhid network will be more difficult to block without blocking a significant percentage of the world's Internet.
BOLT is building a private payment channel that uses blind signatures and evidence with zero knowledge to hide information about participants when they open channels, move funds over them and close them. The first such channels are built on top of Zcash, but will also allow you to interact with Bitcoin and the Etherium.
NuCypher builds a decentralized key management system that uses proxy-deciphering technology to provide the same functionality as HTTPS. Proxy-decryption is a type of public key encryption that allows you to transform encryption keys from one public key to another without recognizing anything from the encrypted message.
Starkware implements zk – STARK in various block systems , including Ethereum. The advantage of zk-STARK technology before zk-SNARK is that it does not require trust in the existing network, although cryptographic evidence becomes much larger.
Study of privacy
It is the study of cryptography at the academic level that generates innovations in the field of privacy. The study of privacy itself is mainly concerned with zero knowledge, multilateral computing and completely homomorphic encryption.
In addition to zk-SNARK and zk-STARK, we have Bulletproof – a new form of short non-interactive evidence with zero knowledge. Like zk-STARK, Bulletproof does not need to trust the existing network, however the verification of such evidence requires more time than zk-SNARK.
The evidence of Bulletproof is designed in such a way as to provide effective confidential transactions of crypto currency, while reducing the size of evidence from 10 KB to 1-2 KB. If all the accumulated transactions in Bitcoin were confidential and used Bulletproof, the total size of the UTXO array would be only 17 GB – in comparison with 160 GB with the evidence now used.
Assignments inevitable when using different systems of evidence with zero knowledge.
Multilateral calculations allow a group of people to jointly calculate a function with its input data, in which each of them is not forced to disclose this data. For example, Alice and Bob could find out who owns more bitcoins, without having to disclose how many bitcoins belong to each of them. Unfortunately, at the moment the main limitation of multilateral computing is their extreme inefficiency in practice.
Completely homomorphic encryption allows you to perform calculations on encrypted data. For several decades this problem remained open until in 2009 Craig Gentry , Ph.D. from Stanford, built the first scheme of homomorphic encryption based on grids.
An example of the application of this technology may be the situation when Bob wants to perform some calculations, for example, tuning the machine learning model, on Alice's data, and Alice does not want to disclose her original text data. Completely homomorphic encryption, like multilateral computing, is still a very theoretical field and too inefficient to use in practice.
What in the end?
In general, privacy is one of the most interesting areas of current cryptographic research, and much more needs to be done in terms of optimization so that these theoretical techniques become effective enough for real practical application.
Research laboratories, such as the Stanford Block Research Center , are actively moving forward in this direction, and will be very curious to see what breakthroughs await us in the coming years.
The advantage of crypto currency is that they allow you to directly apply the latest developments in the privacy card. Many privacy techniques used in koinas, smart contracts and infrastructure were invented only a few years ago. Given how quickly this area develops, the privacy of user data and actions will continue to become an increasingly integral part of crypto projects.
