Beleaguered: Privacy defenders in trouble

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

Beleaguered: Privacy defenders in trouble

瘾App

2019-09-28 09:28

本文约6322字，阅读全文需要约25分钟

Jointly produced by Tongzhengtong Research Institute × FENBUSHI DIGITAL

Text: Song Shuangjie, CFA; Tian Zhiyuan; Jin Jiahao

guide

Summary

Currently common anonymity technologies (including privacy address technology, ring signature technology, Coinjoin, zk-SNARKs, RING-CT and Mimblewimble) use different strategies to provide privacy protection for digital token transactions. Among them, Coinjoin is relatively the weakest in concealment and is the only technology that requires third-party participation; zk-SNARKs is relatively the strongest in concealment; both privacy address technology and ring signature technology were proposed in CryptoNote, but the transaction amount cannot be hidden , and the subsequent RING-CT solved this problem; Mimblewimble is a relatively new anonymous technology, which is characterized by the fact that no address is required for transactions.

Since the birth of digital tokens, the immutable distributed ledger has brought a new transaction model, which greatly reduces the cost of trust. Unfortunately, however, the transaction model in which information is publicly available cannot be adapted to all transactions, one of which is private transactions. The emergence of anonymous tokens solves this pain point, fills the demand gap for high-privacy tokens, and meets the needs of anonymous transactions.

Overall, the market value of anonymous tokens that provide privacy protection is rising, which is also in line with the trend of the public's increasing emphasis on privacy. Today, anonymous tokens have a relatively high market value in the market. As of July 5, 2019, the total market value of anonymous tokens reached $4.51 billion, accounting for 1.4% of the total market value of encrypted tokens.

Anonymity is the most prominent feature of anonymous tokens compared to other digital tokens, but its untraceability is a double-edged sword. Anonymous tokens are facing severe regulatory pressure. There are difficulties in the compliance of anonymous tokens. It may be difficult to achieve consensus among multiple parties in the short term. An auditable privacy protocol is an effective solution to this dilemma.

Anonymous tokens focus on protecting the privacy of digital token transactions, reaching the level of privacy protection that BTC, the king of encrypted tokens, has not yet achieved, and winning the opportunity for it to occupy the market share of digital tokens. However, as more and more solutions that can be used to enhance the privacy of BTC transactions are proposed, BTC is likely to make up for its privacy shortcomings in the future. At that time, anonymous tokens may be greatly impacted.

Table of contents

1 Anonymous Technology Comparison

2 Privacy Defenders: The Rise and Fall of Anonymous Tokens

3 "There are tigers in the front, and wolves in the back" - an anonymous pass that survives in the cracks

3.1 "Tigers before us" - Severe regulatory pressure

text

secondary title

1 Anonymous Technology Comparison

Among the common anonymity technologies, Coinjoin is relatively the weakest in concealment and is the only technology that requires the participation of a third party; zk-SNARKs is relatively the strongest in concealment; both privacy address technology and ring signature technology were proposed in CryptoNote , but the transaction amount cannot be hidden, and the subsequent RING-CT solved this problem; Mimblewimble is a relatively new anonymous technology, which is characterized by the fact that no address is required for transactions.

Both privacy address technology and ring signature technology are technologies proposed in the CryptoNote protocol. The former provides privacy protection for the data receiver, and the latter provides privacy protection for the data sender. The two are generally used in combination, and the anonymity effect is strong and not Rely on any third party; the disadvantage is that the transaction amount cannot be hidden, and insufficient transaction volume will weaken the anonymity effect.

Coinjoin provides privacy protection for the sender and receiver of data, helping to hide transaction amounts. Coinjoin is characterized by being lightweight, relatively simple, easy to implement, and can run on most digital tokens without a specific consensus; but its shortcomings are also obvious. Coinjoin's anonymity ability is relatively weak, and it needs credible Third-party participation. Although the improved CoinShuffle++ no longer requires a trusted third party, the effect of currency mixing will be affected due to insufficient transaction volume. This method still requires the participation of nodes with relatively concentrated token resources to ensure the effect of currency mixing. In addition, users need to stay online in order to mix coins.

The anonymity ability of zk-SNARKs is relatively strongest, and it can provide privacy protection throughout the transaction process, including the privacy protection of the data sender, data receiver and transaction amount. The verification data is small, takes up less storage space, and does not require any third-party participation; however, zk-SNARKs rely on credible initial settings and the total amount of circulating tokens cannot be checked. If there is a trust problem, tamperers can generate digital tokens indefinitely and cannot Detected. In addition, complex mathematical calculations are required when using zk-SNARKs for anonymous transactions, and the transaction generation time is relatively long (especially for private computers with poor configuration).

As a supplement to CryptoNote, RING-CT has the ability to hide the transaction amount. At the same time, RING-CT optimizes the ring signature technology and improves the speed of digital token transactions using the ring signature technology. The anonymity effect is strong and no third party is required to participate ; The disadvantage is that it takes up a large storage space and insufficient transaction volume will weaken the anonymity effect. In addition, after the transaction amount is hidden, the total amount of circulating tokens cannot be checked, and it is impossible to detect whether there are counterfeit tokens.

secondary title

2 Privacy Defenders: The Rise and Fall of Anonymous Tokens

The total market value of anonymous tokens has continued to rise since July 15, 2013. The total market value of anonymous tokens and digital tokens is highly correlated, and the trends of the two are very similar. In 2017, anonymous tokens were affected by the upward traction of the digital token market as a whole, and then their market value fell below $2 billion. In 2019, the market value of anonymous tokens has entered a relatively stable upward stage. Overall, the market value of anonymous tokens that provide privacy protection is rising, which is also in line with the trend of the public's increasing emphasis on privacy.

Note: The total market value of anonymous tokens is calculated based on the 58 anonymous tokens currently on the market counted by Cryptoslate.

Bytecoin is the earliest anonymous pass, but it was originally run on the deep network, so there is a lack of relevant data. On July 15, 2013, Anoncoin entered the market and became the only anonymous token officially circulated in the secondary market at that time. In the following years, anonymous tokens such as Dash, Dreamcoin, Monero, Cloakcoin, and Bytecoin appeared one after another.

Dash was the representative token at that time. After being circulated in the secondary market, the market value of Dash rose rapidly, reaching 98.0% at the peak. Dash is still one of the top three anonymous tokens. But at that time, both the total market value and the number of anonymous tokens were very small.

Since 2016, various anonymous tokens have emerged in the market (Zcash, one of the current anonymous token giants, was founded in October 2016). Since Monero was supported by AlphaBay (an online darknet market) in August 2016, it once accounted for 66.7% of the total market value of anonymous tokens, and it still dominates the anonymous token market.

As of July 5, 2019, the total market value of anonymous tokens has reached $4.51 billion, accounting for 1.4% of the total market value of encrypted tokens. At present, the common anonymous tokens on the market include old tokens such as Monero, Dash, and Zcash, as well as emerging tokens such as Komodo, Grin, and Beam.

secondary title

3 "There are tigers in the front, and wolves in the back"——an anonymous pass that survives in the cracks

3.1 "Tigers before us" - Severe regulatory pressure

Anonymity is the most prominent feature of anonymous tokens compared to other digital tokens, but its untraceability is a double-edged sword.

On the one hand, anonymous tokens help to solve many practical problems, such as companies do not want their transaction flow to be controlled by competitors, and investment information for national security technology development is not suitable for disclosure. At the same time, anonymous technology can ensure that personal privacy information is not abused. In the Internet age, it is a consensus that user data has huge commercial value, and behaviors such as accurately delivering advertisements or conducting telemarketing or even telecom fraud based on user habits are often disturbing. Anonymity technology can effectively solve these problems, allowing privacy to belong to users themselves.

On the other hand, it cannot be denied that the emergence of anonymous tokens also facilitates illegal transactions. BTC used to be the "official token" circulating on the darknet market, but its limitations in anonymity restricted its scale expansion on the darknet. Anonymous tokens provide another option. Criminals can use anonymous tokens to carry out illegal activities such as money laundering and drug trafficking, which poses new challenges to regulators and law enforcement agencies.

Japan was the first country to recognize the legality of digital tokens, and it was also one of the first countries to bring encrypted tokens into regulation. However, after the Japanese encrypted token exchange CoinCheck was hacked and stolen about 530 million US dollars worth of encrypted tokens, CoinCheck announced that On June 18, 2018, encrypted tokens with sufficient anonymity were delisted, including XMR, DASH, and ZEC.

After this large-scale theft occurred, the FSA (Japan Financial Services Agency) launched a series of measures, including revising a stricter exchange review system, assisting in the establishment of the Japan Virtual Token Exchange Association (a group of digital token exchanges in Japan) Industry Self-Regulatory Association), etc., and once expressed the attitude of prohibiting the transaction of anonymous tokens. Although there are no clear regulations or industry self-regulatory regulations to restrict the transaction of anonymous tokens, there are strict requirements for listing and trading of tokens in Japan, and from the reality. Look, the major digital token exchanges in Japan do not support anonymous token transactions.

In addition to Japan, some other countries (regions) have also proposed relevant regulations or suggestions for anonymous tokens. In January 2018, the South Korean government issued a law requiring all encrypted token traders to provide identification; in May 2018, the South Korean exchange Korbit removed five anonymous tokens; in March 2019, the head of the Finance Committee of the French National Assembly It is recommended to ban anonymous encrypted tokens.

There are difficulties in the compliance of anonymous tokens, and it may be difficult to achieve consensus among multiple parties in the short term. At present, countries have different attitudes towards digital tokens, and are more cautious about anonymous tokens. The main reason is that anonymous tokens are far beyond the scope of supervision. If anonymous tokens are always closely related to criminal activities and cannot be effectively supervised, it will be very difficult to move towards compliance.

Severe regulatory pressure is ahead, and anonymous tokens designed to protect the privacy of traders are still difficult to obtain official approval from various countries. This is an insurmountable abyss for anonymous tokens to reach the public, and it is also a bottleneck restricting their development and expansion.

A privacy protocol layer could potentially free anonymous tokens from their woes. The privacy protocol layer can expand the interface that can be monitored and reviewed by regulatory and audit institutions on the protocol layer, so as to achieve hierarchical privacy and complete privacy for users, and the privacy protocol that provides audit authority to limited institutions is a solution to regulatory issues. better solution. The protocol layer includes the underlying technology for building the blockchain. In addition to the audit function, anonymous transactions can also be implemented through the protocol layer. The additional encrypted memorandum field containing the identity and address of the sender and receiver, or enables the trader to authorize others to supervise way to ensure its compliance and compliance with the principles of anti-money laundering and anti-terrorist financing. At present, protocol layer expansion is one of the important links in the research and development of blockchain technology.

Monero core technology developer Dr. Duncan S.Wong once said that absolute privacy tokens will no longer be popular, encrypted tokens that achieve complete privacy for the public and individuals, and accountable privacy for regulatory and audit institutions will become Gradually move towards the mainstream. In September 2018, Dr. Wong proposed Abelian Coin (ABE), a privacy classification scheme. The scheme is based on a verifiable encryption system. Users can choose between a full privacy model or an accountable privacy model, which makes user transaction data available for monitoring by specific third-party agencies. ABE integrates a variety of privacy technologies. As the work of the core developer of Monero, ABE inherently integrates Monero's RING-CT privacy technology, and adds an optional accountability function on top of it.

3.2 "There will be wolves in the future" - the challenge of BTC, the king of encryption

Digital tokens that have been widely accepted by the public, such as BTC and ETH, may add privacy protection functions in the future. Coinjoin technology is already one of the optional attributes of BTC. As of April 2019, the transaction volume using Coinjoin in BTC transactions is three times that of a year ago, accounting for 4.09% of all BTC transactions (data from Longhash), and in the future Schnorr Technologies such as signatures, Dandelion++, or MimbleWimble may all be added to BTC to enhance its privacy.

As one of the feasible solutions to improve the performance of the BTC blockchain, the Schnorr signature is compatible with the elliptic curve parameter secp256k1 used by BTC, and has the same security assumptions as ECDSA (Elliptic Curve Digital Signature Algorithm), which can perfectly replace ECDSA. The core purpose of Schnorr signatures is to aggregate multiple signatures into a new signature. Due to the linearity of Schnorr signatures, two or more Schnorr signatures can be combined into a new Schnorr signature, and the new aggregate signature is still only the size of a regular signature. This design can make it impossible for observers to distinguish between aggregated multi-signatures and Conventional signatures, thereby effectively improving the privacy of digital tokens (especially when using Schnorr-based Coinjoin technology), while increasing the transaction capacity of blocks.

Taking a transaction with multiple inputs and one output as an example, the chain needs to record the signature of each input party. The current signature strategy makes the blockchain quite bloated.

Schnorr aggregate signatures can effectively improve the anonymity of BTC transactions, and the newly generated aggregate signatures are only the size of conventional signatures. If every user uses Schnorr, it can increase the transaction capacity of BTC blocks by 10-20%.

Dandelion is a simple and effective technology to improve anonymity, proposed by Giulia Fanti et al. in 2017. Dandelion has modified the behavior of communication nodes so that the original IP address of the transaction is hidden during the broadcast process.

Dandelion divides the transaction process into "trunk stage" and "fluff stage": in the trunk stage, transaction information will be transmitted to another node instead of broadcasting to the entire network; transaction information will enter the fluff stage after passing through some nodes, and change to Broadcast transaction information to the entire network. The normal operation of the initial version of Dandelion relies on three assumptions: all nodes abide by the agreement, each node only generates one transaction, and all BTC nodes run Dandelion.

If the above assumptions are true, the node that broadcasts transaction information to the entire network will no longer be the initial node that publishes transaction information, but a "relay node", and it will be difficult for attackers to track the initial address of transaction information. Unfortunately, in reality, the above three assumptions are not necessarily true. In order to break through the limitations of Dandelion, researchers released Dandelion++ the following year, which optimized the algorithm and enhanced its anonymity, and also allowed nodes to generate multiple transactions.

The anonymity graph designed by Dandelion is a line graph, which is easy to quantify, but cannot effectively evaluate the anonymity ability. Intuitively, changing the line graph frequently will make the attacker not have enough time to master the anonymous graph; in fact, it is very difficult to evaluate the attacker's heuristic learning of the anonymous graph, which makes it difficult to obtain practical guarantees for the anonymity of transactions. The line graph is a 2-regular graph, and Dandelion++ changes the line graph to an approximate 4-regular graph, and the user will randomly forward the transaction information to one of the two surrounding nodes until it enters the fluff stage.

Dandelion++ designs an anonymous graph that is difficult for attackers to learn, providing a guarantee for the privacy of token transactions.

Anonymous tokens are facing the challenge of BTC, the king of encryption. Since the emergence of encrypted tokens, BTC has always dominated the encrypted token market with an overwhelming market value advantage, and is a veritable king of encrypted tokens. BTC, which has survived ten years of ups and downs, has always been the vane of the encryption market, attracting more and more people to pay attention to the encryption market, and also attracting more and more researchers to explore and study the improvement of BTC. In the future, Schnorr Signatures, Dandelion++, and Mimblewimble are all likely to be added to BTC to enhance its anonymity capabilities, and more designs that can be used to optimize the anonymity of BTC may also be proposed and implemented. If BTC integrates a sufficiently powerful anonymous function, it will inevitably affect the anonymous tokens in the market that focus on anonymity.

Due to some reasons, some nouns in this article are not very accurate, mainly such as: general certificate, digital certificate, digital currency, currency, token, crowdsale, etc. If readers have any questions, they can call or write to discuss together.

Note:

This article was originally created by TokenRoll Research Institute (ID: TokenRoll). Unauthorized reprinting is prohibited.

隐私币

瘾App

作者文库