Obtaining Privacy on a public Blockchain – A small Primer

This little article aims to get the reader an intuition of how privacy on a public Blockchain based infrastructure like Ethereum can be achieved. This topic has been intensively discussed in the literature and several solutions on application (i.e. smart-contract) level have been developed and explored – most well-known the Tornado Cash Application. Completely decentralized privacy approaches rely on a concept called „Zero-Knowlegde Proof“. Regarding this aspect we found three recently published papers well worth reading which we have referenced below for further detailed reading.

The Challenge with Privacy

On well-known blockchains like Ethereum every transaction triggered by an external owned account via its corresponding private key in terms of transfer of a native crypto currency transfer to another address or via functional interaction with a smart-contract based address results in state changes of the EVM memory which becomes visible to all participants in the network. This visibility is tied to the core structure of a blockchain as all transactions need to be verifiable in the network. As a result the entire history of all transactions becomes traceable and analyzable. The ongoing discussion revolves around finding non-interactive ways to address privacy needs at the decentralized application level without modifying the underlying technological base layer.

„Wo ist Walter?“ – The Concept of Zero-Knowledge Proofs

The core idea of a Zero-Knowledge Proof (ZKP) is that someone wants to proof a certain statement without revealing details what the input data where and furthermore about how he achieved that proof. For a so-called verifier it must be possible without much effort to validate that the proof effectively was conducted by the proofer (so-called „succinctness“) without knowing how he conducted it („zero-knowledge“).

To explain the base concept of a ZKP let’s consider a basic example – the game is known as „Wo ist Walter / Where is Waldo?“. Suppose I want to prove that I have identified a small detail within a large picture without revealing the precise location of it. What I can do is place a large invisible layer over the entire picture and create a small hole in that layer exactly where the detail becomes visible. Now it can be easily validated that I conducted my proof in effectively finding this detail. Verification can be done without knowing the exact location because it remains covered (zero knowledge“. For more details on the concept we refer the reader to this well readable article.

What are ZK-SNARKS?

A notion which has gained attention in this concept are so-called „ZK-SNARKS“ – which is the abbreviation for: „Zero-Knowledge, Succinct, Non-Interactive Argument Of Knowledge“. A ZK-SNARK ensures that someone can prove the knowledge of a secret value without revealing that secrete value. In other words, a ZK-SNARK proves that, in addition to a publicly known input x, the prover possesses knowledge of a secret w, such that the function f(x,w) equals true. The term „non-interactive“ indicates that the proof does not require direct interaction between the verifier and the prover. Instead, it suffices to provide a simple message to the verifier.

Crypto Mixers – Unlink the Transaction History

The fundamental idea behind a so-called „Mixers“ is to enhance your address-based identity by generating multiple addresses under your control. The advantage is that every new address you use will start with a „zero history“ of transactions such that you will be able to unlink your actual transaction history by just switching to another address. One solution to achieve this is to introduce a central instance in between, which manages multiple addresses for one party. This approach inherently comes with a risk and a single point of failure.

For a decentralized solution the referenced papers mention the most well-known smart contract based solutions known as a „Crypto Mixer“. The core concept involves several actors who wish to conceal their transfers depositing their assets into a contract-based pool. These deposits get locked within the contract. In case of a crypto mixer, the withdrawing party – by using a specific ZK-SNARK – can prove that it has deposited that amount previously, without revealing the details of that deposit transaction. When a party wants to withdraw its deposited amount, it will call that smart contract by providing a proof, that the balance she wants to withdraw was previously deposited by her. The smart contract can just easily validate that the provided proof was conducted correctly.

Deposit and Withdraw – Smart-Contract based Interaction

The referenced paper series dives deeper into the concept explaining how the deposit transactions are stored in a so-called Merkle Tree which keeps track of its own history, and which will play a central role int the withdrawal process, as the withdrawer proofs that he is able to generate the root hash of the tree by starting with his secret only known by him, on which the coin id of its deposit transaction is generated from. Effectively a party who wants to hide that some tokens are owned by her just deposits the tokens to a pool together with a so-called Coin ID which is generated only by her. When it comes to a withdraw the party approaches the contract with a new address and proves to the contract that only she is able to generate the coinID and a corresponding Nullifier, with which it can be identified anonymously as the original depositor. In essence the Zero-Knowledge Proof breaks the linkage between the deposit transaction – which is transparent – and the withdrawal to the new address, which does not have a transaction history. The following sequence diagram shows roughly the interaction with a Crypo Mixer Contract (like Tornado Cash) as it is roughly explained in [1].

Application to „Traditional Finance“?

This little article on ZKP and privacy concepts on public blockchains just scratches the surface on this very interesting but also very technical concept. The referenced papers show that there is a discussion going on whether those concepts can make their way to be applied in Traditional Finance world where privacy of transactions plays a very crucial role. The core concept of multiple addresses for one party seems a very charming feature as the smart-contract code and the core infrastructure do not need to be changed. In a realistic future scenario for Traditional Finance where some transactions will be conducted on a public blockchain network, interacting financial instituions will still rely on (bilateral) offchain communication channels and interacting over their wallet providers. So it remains an open discussion point whether we could combine the best of both worlds to achieve a practial and lean solution to address privacy needs.

Further Reading:
[1] An Introduction to Zero-Knowledge Proofs in Blockchains an Economics (2023)
[2] Blockchain Privacy and Regulatory Compliance – Towards a Practical Equilibirum (2023)
[3] Tornado Cash and Blockchain Privacy – A Primer for Economists and Policymakers (2023)

Disclaimer: The opinions and statements expressed in this article are those of the author and do not necessarily represent the views of DZ BANK AG.