This article is from:Chain News ChainNewsThis article is from:
Chain News ChainNews
Chain News ChainNews
(ID: chainnewscom), Author: Richard Chen, Compiler: Zhan Juan, forwarded with authorization.
I think of privacy as a way of preventing outsiders from judging what we say and do, and creating a space where we can optimize ourselves and create our own happiness - happiness that belongs to us and nobody else opinion of us. — Vitalik Buterin, founder of Ethereum
There is a lot of experimentation and research on blockchain privacy protection, but we have yet to see a comprehensive overview of this category.
In this post, we cover the latest experiments and research in four areas of privacy:
secondary title
Bitcoin's Privacy Concerns
image description
Each node in the above diagram represents an address, and each edge represents a transaction; many nodes such as Mt. Gox, Silk Road, and Satoshi Dice have their names hidden from the transaction model
In 2013, Meiklejohn et al. successfully identified clusters belonging to online wallets, merchants, and other service providers. Today, services like Chainalysis and Elliptic Blockchain can detect money laundering, fraud, and irregularities.
In the example above, an outside observer can see that {Alice, Bob} sent bitcoins to {Carol, Ted}, but cannot tell exactly who sent the money to whom; repeat several times for different users In this process, the anonymity set will increase
In response to the erosion of Bitcoin privacy, mixer services tumbler such as CoinJoin emerged to improve the anonymity of Bitcoin. On CoinJoin, users collectively create transactions that exchange ownership of their tokens, allowing each user in a group to remain anonymous. This process can be repeated between different users to keep growing the anonymity set. Criminals have been using such mixers to scramble identifiable bitcoins with other funds in order to obscure the original origin of the funds.
However, CoinJoin also has its flaws. CoinJoin wants to maintain privacy, and the anonymity set must be as large as possible. But in reality, each CoinJoin transaction averaged only 2-4 participants, so the researchers were able to deanonymize 67% of CoinJoin transactions. Later improvements on CoinJoin inspired better cryptocurrency mixing designs such as TumbleBit, but it also had limitations.
secondary title
privacy coins
Due to Bitcoin's lack of privacy and no current plans to improve it at the protocol level, a number of new cryptocurrencies that support private transactions have emerged.
One such example is Zcash, whose founding team has a strong academic background in cryptography and uses zk-SNARKs technology. As early as 1985, Goldwasser, Micali and Rackoff first proposed the pioneering idea of "zero-knowledge proof". By 2015, Eli Ben-Sasson et al. developed zk-SNARKs technology, which improved zero-knowledge proofs, allowing people to succinctly and non-interactively prove that they know something without revealing specific information. zk-SNARKs power many privacy-related projects and can compress the size of blockchains using a technique called recursive composition.
Monero is another privacy coin that uses ring signatures instead of zk-SNARKs. The Monero team is currently building Kovri to support privacy-preserving packet routing so that users can hide their geographic location and IP address. Anonymizing user network traffic will greatly increase the security of the Monero network and ensure that users cannot be arrested or physically harmed for using Monero.
People often compare Zcash to Monero. Both communities are led by big names on Twitter, Zooko Wilcox leads Zcash, and Riccardo Spagni, nicknamed "The Fluffy Pony," leads Monero, but the difference is that Zcash is led by a company and a foundation. support, while Monero is just an organic community of core developers. The anonymity of both projects was flawed, which has been corrected. Previously, researchers were able to link 69% of Zcash's protected transactions to founders/miners, and were able to deanonymize 62% of Monero's transactions.
However, the two projects have fundamentally different approaches to privacy and make different trade-offs, and so far I can't see either project potentially outperforming the other in the future. In my opinion, Zcash and Monero will continue to coexist like Coca-Cola and Pepsi.
image description
Mimblewimble originally meant the spell in Harry Potter, Tom Elvis Jedusor is Voldemort's French name, and Ignotus Peverell is the original owner of the invisibility cloak
"Mimblewimble" is a new privacy-focused blockchain project built on the design of Bitcoin. On July 19, 2016, "Tom Elvis Jedusor" dropped the white paper on a Bitcoin research website and disappeared. Later, "Ignotus Peverell" started a GitHub project called Grin and started to turn Mimblewimble's white paper into reality. Andrew Poelstra of Blockstream presented their work at the Stanford BPASE conference in 2017, and since then Grin has started to receive a lot of mainstream attention. Grin's third testnet has been released, and the mainnet is expected to debut in early 2019.
Mimblewimble/Grin has improvements to Confidential Transactions and CoinJoin. Key features include no public addresses, complete privacy and a dense blockchain. The mining of Grin coins has attracted widespread attention recently. Like Bitcoin, Grin coins can only be mined through the PoW mechanism. Grin uses the Cuckoo Cycle PoW algorithm, which has an ASIC-resistant design and prevents centralized mining like Monero.
Unlike Bitcoin, Grin's overall supply is not capped, and its monetary policy follows a linear supply schedule, which means inflation is very high early on, but tends to approach rather than reach zero over time. Early inflation can stimulate consumption rather than encourage speculation after the network goes live. While constant inflation makes Grin an unlikely ideal store of value, it avoids this instability in Bitcoin once its block reward disappears and miners only earn transaction fees.
Grin's novel monetary policy is also a far cry from Zcash's controversial founder reward system, which states that 20% of newly minted ZEC will be supplied to project developers in the first 4 years. The size of the MimbleWimble blockchain is proportional to the number of users rather than the number of transactions, thus avoiding the UTXO set scaling problem that occurs with Monero's ring signature.
There are also some interesting privacy coins that are still in the early stages of development, including MobileCoin and BEAM.
How smart contracts focus on privacy protection?
Privacy in smart contracts differs from privacy in payments because smart contracts openly contain program code. Unfortunately, program obfuscation has proven impossible, so smart contracts currently lack both confidentiality to hide the payment amount, and anonymity to hide the identity of the sender and receiver.
In my opinion, there is a strong need for smart contract privacy when enterprise businesses are ready to build DApps at scale and need to hide their customers' activities; currently, everyone can see the use of DApps like CryptoKitties , which is no problem. This is a bit like when the Internet first launched basic websites, it used HTTP. Later, for e-commerce and other websites that require encrypted network traffic, it is necessary to further introduce HTTPS.
image description
There is no privacy on Ethereum, everyone can see the usage of DApps on DappRadar
In the case of Ethereum, Benedikt Bünz is leading research at Stanford University on Zether, a private payment mechanism that is fully compatible with Ethereum and can provide confidentiality and anonymity to Ethereum smart contracts. Zether is implemented as an Ethereum smart contract and consumes extremely limited gas. Zether also has multiple uses, adding provable privacy to common applications such as payment channels.
While privacy is currently the second-highest priority in Ethereum after Casper, the Ethereum Foundation has been slow to implement Casper and risks that it will be years before privacy becomes a core feature of Ethereum .
If privacy smart contracts become something that the crypto community desperately needs during this period, then new privacy smart contract platforms will emerge to fill this gap. The same situation, when Bitcoin lacks in privacy payments, Zcash and Gate Robi was able to emerge. Enigma, Origo, and Covalent are also new smart contract platforms that attempt to implement privacy including functionality in the blockchain.
Oasis Labs, another exciting privacy-focused project, has built a new smart contract platform, Ekiden, that separates the execution of smart contracts from the underlying consensus mechanism. Smart contracts run inside an isolated piece of hardware called an enclave such as Intel SGX. This enclave acts like a black box, keeping the computation private from other applications. It also generates a cryptographic proof that the program was executed correctly, storing the proof in the blockchain. By separating the execution of smart contracts from consensus, Ekiden is compatible with different underlying blockchains including Ethereum.
secondary title
Privacy-focused blockchain infrastructure
In addition to privacy coins and privacy-focused smart contracts, there are other important privacy-focused infrastructure projects in the Web 3 stack worth mentioning.
BOLT is building a private payment channel using blind signatures and zero-knowledge proofs to hide the identities of participants when opening, transacting, and closing payment channels. The initial payment channel is built on top of Zcash, but will be able to interoperate with Bitcoin and Ethereum.
NuCypher is building a decentralized key management system using proxy re-encryption to provide the same functionality as HTTPS. Proxy re-encryption is a type of public-key encryption that allows users to transform ciphertext from one public key to another without knowledge of the underlying message.
Starkware is the implementation of zk-STARKs in various blockchains including Ethereum. The advantage of zk-STARKs over zk-SNARKs is that it does not require a trusted setup, although the size of the cryptographic proof will also be much larger.
secondary title
Academic research in cryptography drives innovation in the field of privacy. Privacy research mainly involves fields such as zero-knowledge, multi-party computation, and fully homomorphic encryption.
In addition to zk-SNARKs and zk-STARKs, Bulletproofs are another new type of short-lived non-interactive zero-knowledge proofs.
Similar to zk-STARKs, Bulletproofs do not require a trusted setup, but verifying Bulletproofs is more time-consuming than verifying zk-SNARKs proofs. Bulletproofs are designed to enable efficient confidential transactions in cryptocurrencies and reduce the size of proofs from 10 KB to 1-2 KB. If all Bitcoin transactions were kept confidential and Bulletproofs were used, the total size of the UTXO set would be only 17 GB, compared to 160 GB for the proof files currently used.
Pros and cons of various zero-knowledge proof systems
Multi-Party Computation (MPC) allows a group of people to perform joint computations based on their input without requiring everyone to reveal the value of their input. For example, if Alice and Bob want to know who owns more bitcoins, this can be done without requiring them to disclose how many bitcoins they own. Unfortunately, the current limitation of multi-party computation is that it is extremely inefficient to use in practice.
Fully homomorphic encryption allows people to calculate on encrypted data. This was an unsolved problem in cryptography for decades until 2009, when Stanford PhD student Craig Gentry built the first fully homomorphic encryption scheme using an "ideal lattice" . Ideal lattice encryption comes in handy if Bob wants to perform arbitrary computations on Alice's data, such as training a machine learning model, without asking Alice to reveal the plaintext data. Fully homomorphic encryption, like multi-party computing, is still basically at the theoretical stage, and its efficiency in practice is too low.
secondary title
