From the perspective of technological development and evolution, we discuss the development of technical implementation solutions related to privacy transactions.
Are you willing to disclose your wallet address and let everyone know how much money you have? Would you like to let everyone know your investment preferences, every spend? I think a lot of people don’t want to. To achieve the privacy protection of these data, a privacy protocol is required.
There have always been digital currencies with privacy as a selling point in the market, including DASH, XMR, Zcash, Grin, Rose (Oasis Network), FRA (Findora), PHA (Phala network), SCRT (Secret Network), etc. For several years now, the privacy sector has had its place.
If the privacy track is further subdivided, it can be divided into four categories: privacy computing networks, privacy transaction protocols, privacy applications, and privacy coins. Among them, the development of privacy coins is the earliest, Tornado in privacy applications is currently widely used, and privacy transaction protocols and privacy computing networks are currently the most concerned.
This article is limited in space, and only discusses the development of technical implementation solutions related to private transactions from the perspective of technological development and evolution.
Four types of technical solutions for realizing private transactions
CoinJoin: CoinJoin is a currency mixing mechanism that acquires tokens from different senders and combines them into a transaction. The third party packages the tokens and sends them to the recipient. On the user side, each recipient gets his/her tokens in an address that has never been used. This reduces the likelihood of a particular transaction being tracked.
DASH coin is a typical case of using CoinJion technology to realize private transactions. DASH coin was born in 2014, not for the sole purpose of privacy, but to provide users with private transactions as an option. Users can choose to use the PrivateSend function for private transactions, or they can choose normal transactions.
In terms of mechanism, the DASH network encourages miners to act as master nodes through higher reward income, and each master node miner has 1,000 DASH coins as buffer funds. Each user who initiates a transaction can use these buffer funds to achieve the effect of “mixing currency”. Due to the existence of mixed coins, transaction information is disrupted and difficult to track, thus achieving the effect of privacy protection.
2. Stealth Address + Ring Signature
Stealth Address: Creating a stealth address means creating a new address every time you receive cryptocurrency. It ensures that outside parties cannot link the paid address to the permanent wallet address.
Ring Signature: Blockchain transactions require digital signatures to verify that the signer is the sender, and since each user’s signature is unique, it is not difficult to trace back to the transaction with the signer when the user signs. The ring signature strategy is to combine signatures with the signatures of other ring members: the greater the number of ring members’ signatures, the more difficult it is to directly link the signer to their transaction.
Monero XMR adopts the combination mode of hidden address + ring signature to achieve privacy protection. Monero is not selective privacy, but complete privacy. Monero provides each wallet owner with a new private view key, recipient address, and a private spend key. Moreover, XMR mining can be completed with a general computer CPU, without the need for professional mining machines, which makes XMR more decentralized to a certain extent.
In order to further improve the effectiveness of privacy protection, Monero has also undergone several technical upgrades during the development process. In order to hide the transaction amount, RING-CT (Ring Confidential Transaction Tool) came into being; after using RING-CT, the privacy performance of the Monero blockchain was improved, but the scalability was sacrificed, so it was later used. The introduction of Bulletproofs, a zero-knowledge proof protocol, increases the transaction size of XMR and reduces verification time by 80%.
Mimblewimble The word Mimblewimble comes from the incantation “Confusion Curse” in “Harry Potter”, and two main projects, Grin and Beam, use this privacy protocol. The technologies used in Mimblewimble include Confidential Transaction, CoinJoin and Cut-through.
The Mimblewimble protocol is a tradeoff solution between anonymity and scalability. It is a design solution that provides cryptocurrency privacy for public ledgers based on the output model. It does not involve a consensus layer, so it can be used in almost any consensus rule. .
Mimblewimble was originally proposed to provide privacy to Bitcoin. After using this technology, the account ownership, transaction association and transaction amount can be hidden; it can also be “washed”, some coins in Bitcoin will be marked as “dirty money”, and many institutions will refuse to accept these coins, through MimbleWimble technology The effect of money laundering can be achieved.
Zero-Knowledge Proof (Zero-Knowledge Proof) means that the prover can make the verifier believe that a certain assertion is correct/true without providing the verifier with information that exceeds the validity of the statement itself .
Zero-knowledge proofs were first theorized in 1989 by Goldwasser, Micali, and Rackoff. At present, zero-knowledge proof is mainly used in two aspects in the blockchain industry: privacy protection and scalability. This paper mainly introduces the application of zero-knowledge proof in protecting privacy.
Zero-knowledge proof is used for privacy protection. It was first practiced on Zcash. Later, many projects such as Aztec, Manta Network, and StarkWare adopted the zero-knowledge proof mechanism and evolved many new technologies.
The zero-knowledge proof mechanism is introduced through the example of “Alibaba and the Forty Thieves”:
Alibaba is the prover, and the big thief is the verifier. The robber caught Ali Baba and told him to say the spell to open the cave where the treasure was hidden, or kill him. If Ali Baba said the spell directly, he might be killed because he lost the value of use; if Ali Baba insisted not to say it, the thief would think he didn’t know the incantation and would kill him. Ali Baba thought of a way to ask the thief to stay a stone’s throw away from him. If Ali Baba couldn’t open the stone gate of the cave or escape after chanting a spell, the thief could shoot him with a bow and arrow.
In this way, Ali Baba was able to prove that he did master the spell when he was far enough away from the bandit that the bandit couldn’t hear what the spell was. In this process, Alibaba (the prover) does not directly reveal what the spell is, but it can convince the thief (verifier) that a certain assertion (Alibaba masters the spell) is true.
The full name of zk-SNARK is “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge”, and the Chinese name is “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge”. zk-SNARK was proposed by Ben-Sasson and others from the Technion-Israel Institute of Technology in the Zerocash paper in 2014. It is currently the most widely used zero-knowledge proof privacy technology. Well-known projects that directly deploy the zk-SNARK algorithm include Zcash, Loopring, etc. . It allows people to prove that they possess specific information without revealing the content of the information.
zk-SNARK is a technology that translates zero-knowledge proof mechanisms into computer programming languages. The basic logic is as follows:
What kind of privacy does zk-SNARK achieve? zk-SNARK achieves complete privacy, not only hiding the addresses of both parties and the amount of the transaction, but also the node does not know the content of the transaction. However, the disadvantage of zk-SNARK is that it requires a trusted setup. No matter how this setup is set, there are some potential security risks.
On the basis of zk-SNARK, in order to improve privacy while taking into account the optimization of transaction capacity and transaction cost, new zero-knowledge proofs such as Bulletproofs, zk-STARK, Sonic, PLONK, and Supersonic were derived later.
Compared with zk-SNARK, Bulletproofs do not require trusted initial setup, but verifying Bulletproofs is more time-consuming than verifying zk-SNARK proofs. Bulletproofs are used in the XMR project to increase the transaction size of XMR and reduce its verification time by 80% .
The English language of zk-STARK is Zero-Knowledge Scalable Transparent Argument of Knowledge, “Zero-Knowledge Scalable Transparent Argument of Knowledge”. zk-STARK was developed by StarkWare to enforce the integrity and privacy of computations on the blockchain using novel cryptographic proofs and modern tapes, and StarkEx employs zk-STARK technology. zk-STARKs allow blockchains to transfer computations to a single off-chain STARK prover who then uses an on-chain STARK validator to verify the integrity of those computations.
Compared to zk-SNARKs, zk-STARKs are considered to be a faster and less expensive technical implementation because of the increased computational effort, but the amount of communication between the prover and the verifier remains the same, so zk-STARKs The overall data volume is much smaller than the data volume in the zk-SNARK proof. And zk-STARKs do not require an initial trusted setup, because with collision-resistant hash functions, they rely on cleaner encryption techniques. Overall, zk-SNARKs have made significant progress in refinement and adoption, while zk-STARKs fill many of the shortcomings of zk-SNARK proofs (faster, less expensive, and require no initial trusted setup) and are considered the An improved version of the protocol, but zk-STARK adopts off-chain computing and on-chain verification, which seems to be inferior to zk-SNARK in terms of security.
Sarah Meiklejohn of the University of London, Markulf Kohlweiss of the University of Edinburgh, and Sean Bowe of Zcash have proposed a zero-knowledge proof protocol called Sonic, which is a general-purpose SNARK, that is, requires only one setup, and it can verify any possibility.
The emergence of Sonic has taken a big step forward in the evolution of zero-knowledge proofs. However, the speed of Sonic is reduced, because the proof construction time of Sonic is increased by about 2 orders of magnitude compared to non-generic SNARKs, so there is no well-known privacy project that uses the Sonic technology solution.
PLONK is a highly efficient general-purpose zk-SNARK developed in collaboration with Aztec Protocol CTO Zachary Williamson and Chief Scientist Ariel Gabizon (Protocol Labs and ex-Zcash). Ariel Gabizon and Zac Williamson developed PLONK during a chance meeting at the Binary District workshop in London.
This is a new high-efficiency general-purpose zk-SNARK, PLONK only needs a trusted setup that can be reused by all programs, and this technology has also gained Vitalik forwarding. How fast is PLONK? On completely standard hardware, PLONK is able to go through a circuit of over 1 million gates in 23 seconds. There are no server farms or HPC clusters here – the data comes from Microsoft Surface tablets.
Take Aztec as an example to briefly describe the working principle of the PLONK-based privacy protocol Aztec:
First, Aztec needs a trusted initial setting – Ignition CRS. Initially, Aztec randomly called 200 participants around the world to receive Ignition CRS. All 200 participants create randomness – the basis for Aztec’s proven security. (This is equivalent to 200 people shuffling the cards. As long as all 200 people are not colluding, as long as one of them is an honest participant, the randomness of the cards, that is, the security of the system, can be guaranteed.)
Then, Aztec’s regular privacy A transaction can be understood as a UTXO (as shown in the figure below). Similar to how Bitcoin works, but the difference with Aztec is that transactions need to be encrypted. So, Ethereum will verify that this UTXO is correct – i.e. check 60+40 = 75+25.
How to check specifically? Check input note = output note first; in order to prevent wraparound attacks (for example: 10 = 11+ -1), Range Proof (Range Proof) is set, so Aztec deploys Set Membership Proof instead – the transaction wants to obtain Aztec cryptographic engine (ACE) approval, the user needs to demonstrate that they form the output notes from Codex. After this series, we can successfully verify whether the UTXO is correct or not.
The privacy that Aztec wants to achieve includes three aspects: first, data privacy, Aztec can encrypt and hide the transaction amount; second, user privacy, people watching the network can no longer determine the sender and recipient ID; third, code privacy , the smart contract code of dApps using the Aztec SDK can also be private. The first of which has been implemented, the latter two have not yet been implemented.
SuperSonic technology combines Sonic and DARK proofs. It is a short proof that does not require trusted settings. Under the premise of 1 million logic gates, the proof size can be compressed to 10-20 KB, and there is even room for optimization. This technology is used for the first time in financial companies. Chain on Findora.
The comparison of zero-knowledge proof series technical solutions in terms of verification proof size, verification speed, whether trusted settings are required, and application cases are as follows:
Overall, the emergence of these efficient general-purpose SNARKs allows privacy and scaling of Web3 with at most one MPC setup, allowing us to generate private transactions on all user devices (phones, tablets, etc.) and also effectively on public networks. to execute these private transactions. This has greatly promoted the pace of development in the field of privacy.
Future trends in privacy technology
- The usage rate of private transactions at the current stage is still relatively low, and it is expected to increase with technological changes.
There are three main reasons for the low usage rate of private transactions: First, the technical threshold is too high, and the early privacy transactions were unfriendly to most ordinary users. Although privacy coins such as Zcash and XMR have existed for many years, most Most ordinary people have never really used them; second, the demand for private transactions has not been popularized. When talking about private transactions before, everyone subconsciously believed that only some transactions that are not visible need privacy transactions. The awareness of transactions, transfers/payments and other behaviors and amounts is still relatively weak. With the outbreak of on-chain transactions such as DeFi, people’s awareness of the privacy protection of on-chain transactions is awakening; third, the early privacy protocols did not provide users with real For the currencies that they want to use, such as ETH, USDC, DAI mainstream chain assets, etc., the probability of ordinary users deliberately choosing to use privacy coins in order to maintain privacy is not high.
- The deployment of privacy features on mainstream blockchains may be the final trend in the development of the privacy field
As an independent existence, privacy coins may no longer be sought after and welcomed, especially after the siege and interception of various countries in the past few years. For example, affected by FATF rules, Coinbase UK delisted Zcash in 2019, while OKEx Korea delisted six cryptocurrencies including Monero, Dash, Zcash, ZCache, Horizon and SuperBitcoin.
But the demand for private transactions is real, and there will always be this demand, and where there is demand, there will be a market. According to the types of privacy projects that have received the most attention in the industry recently, it may become a trend to incorporate privacy protection functions into mainstream blockchains represented by Bitcoin, Ethereum, and Polkadot.
Coinjion technology is used in Bitcoin transactions, which is currently the most widely used Mixers service for hiding transaction information. Mixers is a third-party connection between the address of the Bitcoin sender and the address of the receiver. A service that hides transaction information by messing with it.
The most talked about privacy solution on Ethereum is the family of zero-knowledge proofs (zk-SNARKs, zk-STARKs, etc.). Vitalik once said, “Zero-knowledge proof is the most powerful privacy solution. Although the technical implementation is the most difficult, it has the best effect in protecting the privacy and security of the Ethereum network.” And the zero-knowledge proof privacy solution Among the solutions, the most popular one is Aztec’s PLONK technology.
There is also a more concerned privacy transaction project in the Polkadot ecosystem – Manta Network. It is a zk-SNARK type (Plonk with Lookup) privacy protocol built by P0xeiden Labs. Manta Network is deployed in Polkadot, and its test network Calamari is deployed in Kusama. According to the project’s official website plan, it is also planned to be deployed in Avalanche, Near and other public companies in the future. The chain deploys the corresponding privacy protocol. Manta Network plans to launch MantaPay, a multi-asset decentralized anonymous payment protocol, and MantaSwap, a decentralized transaction protocol with AMM mechanism powered by zk-SNARK.
All in all, privacy transactions are a real market demand, and the development of this track deserves continuous attention. As the number of transactions on the chain and the amount of funds grow, the demand for this part of the market will also grow accordingly.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/talking-about-the-technological-development-and-evolution-of-private-transactions/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.