In a recent article this week, I discussed Oasis Labs’ Ekiden protocol as one of the technologies focused on enabling privacy-first blockchain technologies. Based on some of the feedback, I realize that many people have the wrong assumptions about the challenges and opportunities of privacy protocols in the blockchain ecosystem. In that context, today I would like to quickly explore some of the most recent technologies and ideas that are trying to enable privacy preserving computations as a first-class citizen of blockchain technologies.
Security vs. Privacy?
The first mistake to avoid when thinking about privacy in the context of blockchain technologies is to not generalize it to more generic security areas. Conceptually, privacy can be defined as “the individual’s right to keep their data to themselves and not to have their actions recorded or monitored.” Following that definition, we can clearly see the friction with the current generation of blockchain technologies. Blockchains are relatively secure runtimes but can’t be classified as intrinsically private. Quite the opposite, capabilities such as immutability and pseudonymous identity make blockchains vulnerable to all sorts of privacy issues.
The Privacy Triangle
Another important point to realize about privacy-preserving protocols in the context of blockchain technologies is that there is a huge gap between the theoretical advancements of cryptography technologies and what is possible to implement in real world applications. Cryptographic methods such as fully homographic encryption or adversarial neural cryptography guarantee extremely high levels of privacy but they are almost impossible to implement at scale. As a matter of fact, if one of those blockchain platform vendors that claim to leverage homomorphic encryption comes to present their technology to you, I would suggest you run as far away as you can 😉
The challenge with enabling privacy protocols in blockchains has little to do with security itself. Today, we have plenty of cryptographic technologies such as multi-party signatures, some flavors of homomorphic encryption or trusted execution environments that have proven to be able to deliver high levels of privacy and confidentiality in datasets. The main challenge, however, comes from the fact that privacy is often at odds with two other important capabilities of blockchain applications: scalability and usability.
Borrowing some of the ideas from the famous CAP Theorem that was so relevant to unleash the big data space, we can visualize privacy-scalability and usability as the axis of a triangle of conflicting forces. Differently from the CAP Theorem, recent technologies such as Enigma or Oasis Labs seem to have proven that you can enable the three capabilities to a certain degree. However, in most blockchain technologies, any two of those capabilities conflict with the third one. For instance, you can build privacy and usable protocols that are hardly scalable or, as with most cryptocurrencies, scalable and usable protocols that are not private.
Privacy Protocols in the Blockchain
Privacy is rapidly becoming one of the top foundational blocks to enable the next wave of blockchain technologies. From isolated protocols to complete platforms, the blockchain space has been producing a lot of research and innovative ideas to enable privacy-preserving computation in blockchain runtimes. Here are some of the privacy protocols and technologies I think are worth following in the space:
· CryptoNote & Ring Signatures: One of the grandfathers of blockchain privacy, CryptoNote(CryptoNight) is the protocol behind Monero. Conceptually, CryptoNote leverages a cryptographic technique known as traceable ring signatures to obfuscate messages among a group of nodes in a decentralized network. Improvements in the CryptoNote protocol have proven able to produce high degrees of anonymity while operating at scalable levels.
· zk-SNARKS: The protocol behind ZCash, zk-Snarks is a novel form of zero-knowledge cryptography that allows one party (the prover) to prove to another (the verifier) that a statement is true, without revealing any information beyond the validity of the statement itself. Since the launch of ZCash, zk-Snarks have been adapted on different blockchain technologies such as J.P Morgan Quorum
· zk-STARKS: Following our triangle thesis, one of the challenges of zk-Snarks is that is hard to be applied at scale as the complexity of the proofs scale linearly with the size of the database. Earlier this year, professor Eli-Ben Sasson from the Technion-Israel Institute of Technology published a highly-anticipated paper that describes a faster alternative to zk-Snarks which (to keep things confusing) he decided to call zk-Starks. From the paper professor Ben Sasson explains that “zk-SNARKs use public key (asymmetric) cryptography to establish security. zk-STARKs instead requires a leaner symmetric cryptography, namely, collision resistant hash functions, and thus removes the need for a trusted setup. These same techniques also eliminate the number-theoretic assumptions of zk-SNARKs (and BulletProofs) that are computationally expensive and prone to attack by quantum computers. This makes zk-STARKs both faster to generate and post-quantum secure.”
· TEE: Trusted Execution Environments(TEE) have emerged as a popular way to offload confidential computations in blockchain technologies. TEE technologies such as Intel’s Software Guard Extensions (SGX) isolated code execution, remote attestation, secure provisioning, secure storage of data and trusted paths for execution of code. Applications that run in TEEs are securely protected and almost impossible to be accessed by third parties.
· Enigma: Developed by cryptographers at MIT, Enigma is a blockchain protocol that enables the implementation of “secret contracts”. The protocol essentially allows nodes to compute using encrypted fragments of the smart contracts without having to decrypt them, which other blockchains cannot do. Instead of relying proof of possession protocols such as zkSNARS/zk-STARKS, Enigma uses TEEs to isolate cryptographic computations from the rest of the blockchain. I discussed Enigma in a recent essay
· Oasis Labs: A recent addition to blockchain privacy race, Oasis Labs’ Ekiden protocol focuses on enabling high performant, confidential computations in blockchain smart contracts. Ekiden also relies on TEE environments to isolated private computations but leverage blockchain networks for scalability. I reviewed Oasis Labs in a recent article.
As you can see, there are plenty of new and creative ideas to enable privacy in blockchain technologies. In the near future, we should expect privacy-first blockchain such as Oasis Labs and Enigma to become more popular while mainstream platforms like Ethereum adopt some form of privacy protocols. It should be interesting….