What is the Deal with Privacy?

Privacy is increasingly a rare commodity for us on the internet. The fundamental design of the internet was never designed in its original form to carry financial transactions, support payment networks and even underlying cryptographic security. These features gave rise to layered security built on top of core internet protocols, virus and anti-virus warfare and the leech that is targeted advertising as the primary funding mechanism of the internet.

 

As a result, monopolistic technology companies like Facebook, Google and Amazon have made unnaturally large business cases from exploiting peoples digital identities to sell products, advertising material and data to you and third parties. Of the most exploitative of these corporations are Visa and Mastercard who sell data on every single financial decision you make via their services. 

 

It is an unfortunate reality we find ourselves in.

 

Many folks when asked about the importance of digital hygiene and online privacy seem somewhat disinterested. ‘I have nothing to hide, I do nothing wrong’ is a common response. However the tone of such discussions shifts when you explain what is really going on.

 

People start to treat privacy seriously when faced with the harsh reality that these corporations have built a behavior profile on you. They know you so well from the data you ‘freely/unknowingly’ give away that algorithms predict your actions before you make on them. These systems push advertisements and direction at you based on past history which actually starts to influence you decisions before you make them. Your sub-conscious behavior is tweaked into the direction they want and you don’t even know it. 

 

You give away your edge. It’s social and behavioral engineering at its finest. Incredible technology, Orwellian as sin and it brings forward images of rats in a lab.

Cryptocurrencies

Cryptocurrencies are the first time that a native digital financial stack has be built on top of the internet. The foundation is cryptographically secure system and creates a digital identity owned by a private key rather than by a centralised database. Nobody can interact with addresses owned by that key unless the key explicitly authorizes it. For the first time in a long time, the user is now back in control of their digital self. Whats more, you don’t even need to link you real world identity to the address to prove your ownership.

 

However a major problem is that the public address of a cryptocurrency protocols, whilst pseudonymous, still expose the past, present and future balance and activity to anyone who knows the address. If you send me coins, I will forever see the activity on that address and any address that you send coins to from that point onwards.

 

As this technology becomes increasingly adopted and underpins financial stacks around the world, this problem needs to be solved. It is both from the perspective of the individual and corporations who must protecting their right to private transactions and accounts to retain their edge and competition in the market.

 

As such, we need some solution that preserves personal transaction privacy whilst enables a functional financial stack and digital identity to exist on the internet.

Privacy coins 

There is a spectrum of privacy coins and solutions in the market today and the degree to which they solve this problem is worthwhile examining. As with all cryptocurrency solutions, we must think about trade-offs that come with the solution and what it means in the long term. In order to obfuscate transactions and balances there tends to come at a cost in terms of transaction cost, block size and most critically, auditability of both the total supply and personal transactions.

 

As chain analysis and KYC becomes increasingly real in this industry, there is no doubt in my mind that there is a role for privacy coins or privacy technology of some form in the future.

 

A recent review of various privacy implementations was undertaken by Jake Yocom-Piatt, project lead of Decred who did an excellent job assessing the pros and cons of the major privacy coin implementations. I have reproduced the summary table below, shown my view on the spectrum and put green boxes around the implementations I feel have the strongest legitimacy.

https://blog.decred.org/2019/08/21/Surveying-the-Privacy-Landscape/

The not so goods

Mimblewimble as deployed in Beam and Grin are completely confidential transactions. All transactions are private by default and this results in a very different blockchain structure to Bitcoin by aggregating signature forms. The major trade off here is that the total supply is hard to impossible to audit. It is possible for a bug to exist where coins are minted in secret without affecting the aggregate auditable supply. Interesting tech, however limited in scripting capacity and I estimate unlikely to achieve a sound monetary premium.

 

Dash implements a ‘private send’ function which is an opt-in privacy method. Masternodes act to coin-join other private transactions however unfortunately these masternodes can deanonymize anyone within the anonymity set. It may be possible to bribe and gain access to private transactions so the question is, how private are they really?

 

ZCash uses opt-in shielded transactions via zero knowledge proofs. These are on-chain transactions with very strong privacy preserving features. The anonymity set is effectively every transaction that exists within the shielded pool. However, similar to Mimblewimble, it is extremely difficult to impossible to audit the full supply and a bug has actually been previously discovered by the ZCash team where coins could have been minted in the shielded pool without anyone knowing. This bug was not disclosed by the team for a full year, yet we still don’t know whether it was exploited. The Zcash team are clever engineers, however perhaps not very well executed.

The best in class

There is a common theme in the coins above where trade-offs associated with secret coin inflation or the ability for a trusted setup which can deanonymize the privacy solution come into play.

 

Monero is arguably the premium pure privacy coin. It is extremely robust in design, community driven and has very talented developers building out the protocol. It uses ring signatures and bulletproofs to obfuscate addresses by default. Whilst I don’t understand the technical details, I do understand that there is a lot of complex yet well tested mathematics protecting you from chain analysis. 

 

The biggest drawbacks for Monero is the inability to prune the blockchain (reducing its bloat) and the reliance on centralised exchanges to get in and out. Unfortunately, whilst XMR transactions are private, the acquisition of XMR on an exchange is not and this remains a weakness for all pure privacy coins. It will be an uphill battle for Monero with regulators due to the privacy by default however I do see it existing into the future (albeit its not going to compete with BTC).

 

Bitcoin and Decred both take the stance of fully auditable supply with a decreased magnitude of privacy. The technology for both uses coin-join where a pool of UTXOs (the anonymity set) are sent into a transaction and it becomes very difficult to follow which input becomes which output. All transactions are fully auditable on-chain however Chainalysis recently claimed that they are unable to follow the trail through a coin-join transaction. Both have issues with dealing with change UTXOs from a Coin-Join and there are lots of UI problems where UTXO mixing can break any privacy obtained due to user error.

 

Bitcoin currently relies on third party implementations and centralized servers such as Wasabi and Samouri wallet to coordinate and execute the coin join. These parties take a fee for their services however it is relatively cost effective. Upcoming protocol upgrades like Schnorr Signatures, Taproot and Graftroot will help push Bitcoin along in attaining on-chain obfuscation however this is only the early steps. A true privacy solution is likely many years away.

 

Decred has just unveiled their privacy implementation. This is actually the strongest fundamental news for the project I’ve seen yet. The team engineered a very strong solution that draws on the unique PoS ticket pool as an anonymity set. 

 

Decred makes use of the regular ticket transactions to provide a continually rotating anonymity set. The coordinator is centralised at the moment however over time will become a feature run by all versions of dcrd nodes. This achieves the same privacy strength as Bitcoin Coin Joins however without the rent-seeking third party providers. An advantage of this approach is that it can be built into the Decred wallet and the UI developed to prevent user mistakes that compromise privacy. The drawback is that whilst it is solution part of the core protocol, is there an advantage to having third parties operating these services?

Closing thoughts

Privacy is a human right. For cryptocurrency to make it, the ability to obfuscate your past, present and future addresses is absolutely necessary, for both individuals and corporate entities.

 

Pure privacy solutions like ZCash, MimbleWimble and Monero take the extreme end of the spectrum trading off auditability for confidentiality. From my perspective, Monero is the strongest solution here. ZCash is clever tech however the project has some serious issues with funding, governance and incentives which I think will forever plague the project. I’m just not convinced Mimblewimble is a good idea, the auditability problem is an issue in the copetition as money.

 

Coin Joins strike a sane balance between auditability of supply and sufficient privacy to obfuscate your transactions from observers. Bitcoin is reliant on third parties right now and implementation of a core protocol privacy solution will be complex, slow and likely of lowish strength to maintain Bitcoins conservative governance and prevent a hard fork. Decreds implementation is in my opinion, very strong and really impressed me from an engineering perspective. They make use of their strongest asset (stakeholders) whilst striking a balance between auditability and privacy.

 

If you have any thoughts on privacy coins and what role they play in the future, lets talk in the discord. Its an interesting discussion and there is no doubt it is cutting edge technology with a complex set of trade offs. It is essential technology for a money protocol and the coins that get it right whilst retaining the core principles will see stronger demand over time.