By Huang Lin
Transaction privacy is a problem that’s existed for almost as long as Bitcoin has been around, despite many wrong assumptions in the early days that blockchain offered anonymity. However, the reality is that even in the Bitcoin white paper, Satoshi Nakamoto acknowledged the public nature of blockchain transactions. The knowledge of which Bitcoin addresses belong to Satoshi is generally accepted public wisdom among the blockchain community.
As soon as Bitcoin’s lack of privacy became apparent, developers have been working with varying degrees of success to find solutions. In general, the aim is to allow users to transact with at least the same degree of relative privacy they enjoy with their fiat bank accounts while preserving trustlessness.
The most widely-used privacy technology is the Zero-Knowledge Succinct Non-Interactive Argument of Knowledge, also known as zk-SNARKs or zero-knowledge proofs. They allow one party to prove a statement regarding certain information without actually revealing the information itself, using a secret key that’s generated before the transaction happens.
An Imperfect Solution
Several projects now use zk-SNARKS, including Zcash, Monero, Grin, and Tornado Cash. However, like so many implementations in blockchain, developers have made trade-offs comparable to the famous scalability versus decentralization debate. With zk-SNARKs, the compromise is between scalability and the security of the privacy solution.
Zcash, which is a privacy coin, and Tornado Cash, a private transaction protocol, both opted for an implementation that compromises on security while preserving scalability. Their zk-SNARKs require that the secret key used for the transaction is generated using a trusted setup.
Essentially, this means that a party has to be trusted with the secret keys that could enable them to launch a double-spend attack. Without undermining the popularity of both projects, the solution flies in the face of blockchain’s strive for trustlessness and security against double-spend attacks.
The other option is the zero-knowledge proof scheme without the need for a trusted setup, but in a way that makes the proof size so large as to cause blockchain bloat. Monero and Grin both opted for this side of the trade-off, meaning that their privacy solutions create a sub-optimal user experience while offering a better guarantee of security.
Like the other famous blockchain debate, iterations on the same problem eventually lead to a solution. Now in 2020, projects are starting to emerge that have solved the trade-off, offering anonymous payment protocols for smart contract platforms using an innovation called zk-ConSNARKs. This provides a near-constant proof size while removing the requirement for a trustless setup and thus the security risk of a double-spend attack.
Misaligned Incentives
The idea of introducing “mining” or “liquidity” incentives has spurred the DeFi revolution, and privacy-preserving protocols are no exception to this rule. Projects such as Tornado Cash, and more recently, Lightening Cash have introduced token-based rewards to users of their protocols as a means of increasing adoption.
However, not all incentives are created equally. Tornado Cash has been highly successful at achieving a large total value locked, around $1 billion at the time of writing. It’s done this by offering rewards linked to transaction values. Therefore, the average value of a deposit is above $23,000 at the time of writing.
This situation comes with two issues. Firstly, it speaks to a problem that’s becoming endemic in DeFi as a whole. The high transaction fees on Ethereum are pricing everyday cryptocurrency users out of the market. DeFi, which positions itself as “open finance,” is closed to those who don’t have thousands to spend in a single transaction.
The second issue is that an incentive model like the one used by Tornado Cash, which is based on the value of transactions or the total value locked, is targeted towards those who have thousands to invest. This means that it serves to limit the value of the privacy-preserving protocol itself.
Hide in Plain Sight
Consider it this way. If you’re in a city and you want to hide, are you more likely to get identified on a relatively quiet street with only a few other people to cloak your presence? Or would it make more sense to disappear into a crowd of tourists on the busiest square in town?
A model that incentivizes based on value is attracting high-value transactions from high-net-worth individuals, who number fewer than those who have lower values to invest. Furthermore, there’s bound to be more interest in who is behind high-value transactions.
A privacy protocol with a high volume of transactions offers more opportunities to hide. Therefore, it makes sense to align the incentives accordingly. Provide people with rewards exclusively for the number of transactions they put through a privacy protocol, rather than the value of their funds. In doing so, you have the blockchain equivalent of a city square crowded with tourists – a privacy protocol that can attract users in sufficiently high volumes to create a critical mass, incentivized by the promise of privacy mining rewards.
Furthermore, basing it on a low-fee platform such as the Binance Smart Chain makes it more attractive to the masses who are likely to be deterred by Ethereum’s high fees.
In an industry striving to deliver open finance, privacy shouldn’t be something that users are forced to compromise. By providing incentive models aligned to attracting more users and removing security gaps, privacy can be democratized for all participants’ benefit.
Author Bio:
Huang Lin currently serves as CTO of Suterusu project. Huang is an applied cryptographer by training. Huang holds Ph.D. degrees in Applied cryptography and privacy-preserving distributed systems from Shanghai Jiao Tong University and the University of Florida, respectively. He worked as a postdoctoral researcher in Swiss Federal Institute of Technology (EPFL), and then as an associate principal engineer in ASTRI, HongKong. He has published over 20 papers with over 1000 citations on applied cryptography and information security.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.