Editors Note: This article comes fromChain News ChainNewsEditors Note: This article comes from
Chain News ChainNews
(ID: chainnewscom), the original author: Yi Sun, who obtained a Ph.D. An assistant professor in the Department of Mathematics at the University of California, San Jose, compiled by Perry Wang, published by Odaily with authorization.After the whole industry has heatedly discussed and started to solve the scalability problem of blockchain public chain projects, we believe that the next important issue worthy of the attention of the whole industry will be how blockchain technology realizes privacy protection. a problem. Many technology-driven projects that have emerged this year have regarded privacy protection as their core direction, and have begun to explore in-depth in this field.」。
This is a large and complex topic. In fact, many fallacies are common. Thanks to two young scholars in the United States for writing an article on the basics of blockchain and cryptocurrency privacy protection. Lianwen recommends it to readers, hoping to help readers clarify and understand the basic knowledge in this field. For advanced readers, it is recommended to read another in-depth article published by Lianwen:
Read through the blockchain privacy protection technology and the panorama of related projects in one article
Although this article introduces popular knowledge, it is still a hard core technical article that requires time to think and understand. The best way to read is to collect first, and then read carefully. And, welcome to retweet and spread valuable information to more people. Enjoy reading!
In the descriptions of the media, cryptocurrencies often have their own anonymous attributes, but some other articles point out that cryptocurrency transactions can be easily tracked, even easier to be tracked than fiat currency transactions. For these two statements to be consistent, it is important to understand: What exactly does the privacy protection of cryptocurrency mean?
Answering this question is not as easy as it seems, because privacy protection also has many meanings in the blockchain world.
To become a developer, an investor, or a cryptocurrency participant who is well versed in blockchain technology, it is very important to understand what privacy protection really means in the encryption system. We wrote this article to share some of our thoughts and techniques in this regard.
Imagine that Alice opens a Venmo account, a micropayment mobile application in the United States, which has been acquired by Paypal, and she needs to provide and verify her real name. Because the Venmo company knows her real name and potentially shares this information with others, Alice loses some privacy of her identity. If Bob transfers $20 to Alice through Venmo and shares the transaction in her stream, then Alices transaction information is public, but only Venmo knows how much money she has in her personal account so far, and no one else knows. have no idea. Suppose Alice creates a Bitcoin address and asks Bob to transfer her $20 worth of Bitcoin. Compared to a Venmo transaction, Alice gains some privacy protection in terms of her real identity because her Bitcoin address is not tied to her real name. However, the fact that Bitcoin is transferred from Bobs address to Alices address, and the total amount of Bitcoin after Alice receives the Bitcoin transfer, is transparent information to everyone in the Bitcoin blockchain.
Therefore, we can understand that by using Bitcoin, Alice has achieved privacy protection in some aspects, but lost privacy in other aspects.:
This is commonplace when using different cryptocurrencies for transactions.
In the cryptocurrency world, we believe that privacy protection mainly includes three levels of content
Identity information of users who use cryptocurrencies to perform certain operations
Specific transaction data in the users corresponding operation
The overall state of the blockchain that gathers all transaction information
The blockchain protocol can use cryptography, making it impossible or extremely difficult for outsiders to know or calculate different parts of each of the above links. At the same time, attackers who want to mine the characteristics of the blockchain can synthesize different pieces of information to guess or even directly summarize the information they want. The means of privacy protection becomes to expose as little information as possible to potential attackers in specific attribute fields through protocol design.
Importantly, it is not so black and white about whether a specific attribute falls under the privacy protection category. For example, it is already transparent information to some outside observers, but other outsiders are not clear, or outside observers may be able to guess by chance, but not necessarily. This ambiguity means that simple statements such as XX coin ensures privacy, or A coin does a better job of privacy protection than B coin often fail to hold true. And sometimes worded carelessly, such statements can cause confusion and misinterpretation, so some people craft such statements to mislead others.
Later in this article, we will also discuss: In some cases, cryptographic tools such as zero-knowledge proofs can help us quantify such claims and even provide rigorous evidence.
First, lets start with the privacy protections associated with cryptocurrencies.
secondary title
Identity privacy, aka anonymity
When people hear the word privacy, the first thing that comes to mind is anonymity, meaning that a users actions are not tied to who they are in the real world.
One way to achieve this kind of privacy protection is the pseudonym method that is easy to implement; in fact, we have become accustomed to using pseudonyms when receiving various online services, such as registering the email address bitcoinlover2008@gmail.com instead of using real names . In this case, the real/legal name of the owner of bitcoinlover2008@gmail.com, lets say Alice Jones, is not revealed in most interactions in this network protocol.
In most cryptocurrencies, such as Bitcoin, users are signed by a pair of public/private keys, where the public key is similar to a username and the private key is similar to a password. The point is, only if someone knows your exact private key, whether obtained legally or illegally, can you create a message signed by you. In this sense, anyone can use your public key to view the private key. information sent by people. This feature allows users to receive cryptocurrencies such as Bitcoin with one of several public keys or addresses in their possession, and to send cryptocurrencies with their own private keys, all without the intervention of a centralized authority. These ideas form the cornerstone of modern mathematical cryptography. However, having a pair of private/public keys is just one way to use a pseudonym to disguise your real identity in a decentralized environment.
First of all, most users first buy bitcoins with fiat currency on exchanges. Fiat currency transactions usually need to be associated with the current banking system, which needs to verify the real identity in the real world. Because all transaction data in Bitcoin is completely public, as mentioned in the previous section, this means that everyone can see the exchange database, linking specific addresses with real-world identities. To illustrate with an example: if Alice withdraws 0.1 bitcoin from Coinbase to an address she controls, such as 36n452uGq1x4mK7bfyZR8wgE47AnBb2pzi, then Coinbase will associate her real name with this address. If she withdraws 0.2 BTC from an illegal online sports betting site, an outside observer may infer, and provide immutable public evidence, that Alice is involved in illegal online gambling.
Companies such as Chainalysis have used such techniques, known as blockchain analysis, to link public addresses to the identities behind them and analyze where transactions are going.
image description
Second, conducting a cryptocurrency transaction requires some information to be sent over the internet. In some cases, interaction metadata can be used to track the IP address that the user used to initiate these transactions, even if the user uses a so-called safe browser such as Tor.
The combination of the above two reasons means that it is almost an impossible task to use metadata to conduct anonymous transactions based on the pseudonym nature of cryptocurrencies.
secondary title
Privacy protection of transaction data
When people talk about so-called privacy coins, they usually mean that transactions in these coins are private in some way.
Broadly speaking, a transaction is an action taken by a user to modify the state of the blockchain. Say, Alice sends X tokens from an address she controls to an address Bob controls. From Gods point of view, this extremely simple example also contains multiple data:
An address of Alice, such as 36n452uGq1x4mK7bfyZR8wgE47AnBb2pzi
Alices link to Bobs address
An address for Bob
Number of Tokens Sent
More complex transactions include other types of information, such as smart contract code in Ethereum. Different blockchains display transaction data in different ways, some of which allow certain links to be invisible to third parties, and third parties can only see the raw data of the blockchain. Therefore, we named this section Privacy Protection of Transaction Data instead of Privacy Protection of Transactions, because different types of transaction data can obtain corresponding privacy protection to different degrees.
For example, if Alice purchased Monero with this technical feature from the exchange Binance and withdrew it, Binance would not be able to link this withdrawal to what Alice did with the Monero afterwards. Likewise, if Bob receives Monero from Alice, he has no way of knowing that Alice bought those Monero from Binance.
But to complicate matters further, whether or not transaction data is private is not a black and white issue. For example, take Alices address as an example, which can be measured by the size of the anonymity set, which refers to the smallest set of transaction sender addresses that can be identified based on blockchain data. The larger the anonymity set, the less information about the sender in the blockchain transaction data. For example, the anonymity set size of Bitcoin is 1, while the anonymity set size of Monero is much larger.
secondary title
state privacy
In the Bitcoin blockchain, all transaction data is public, meaning that an outside observer who sees all the blocks in the blockchain can recover the ledger and find out the account amounts for these addresses even though these amounts may have been distributed Enter different unused transaction output UTXO, which is what we call the overall state of the blockchain. However, if some parts of the transaction are secret, even having the information of the entire blockchain will not let the user know the overall state. This information is shared among different users, and the blockchain ensures the consistency of user information.
Although a users knowledge of a particular property in the blockchain state depends only on the protocol and on the information about the transaction that triggered the formation of that state, the link between the two triggers complex interactions. Thus, different qualities of the state can be privacy-preserved to some extent.
Here are a few examples:
all address lists
The account balance of a specific address, for example, 0x2569C92345013F55CFb47C633c57F2f5756B9acA has 1 ETH
Smart contract code at a specific address, such as the CryptoKitties contract at address 0x06012c8cf97BEaD5deAe237070F9587f8E7A266d
To give a simple deduction example: the amount of each ZCoin transaction is public, but the addresses of the sender and receiver are secret, which means that the balance of the user account is still secret information. On the other hand, in Mimblewimble, a privacy-preserving blockchain format, the exact amount of each transaction is private, but the sender and receiver are public, which provides another way to protect the privacy of user account balances. Users in Mimblewimble must keep information about their account balances, because the blockchain only stores limited information to ensure that users do not overspend.
secondary title
Privacy Preserving Traits in Some Existing Blockchain Protocols
secondary title
Different Privacy Protection Methods
Our focus thus far has been on whether certain information is public or private. In addition, it is also helpful to sort out the privacy protection methods of technologies adopted by different blockchains. We roughly sorted out these different privacy protection methods.
For specific details about the development of the Second Layer protocol, it is recommended to refer to the previous article published by Lianwen:
Hybrid
zero-knowledge proof
The hybrid method is to adopt different privacy protection strategies at the input and output of the transaction, integrate them into a large transaction, and deliberately blur the address connection between the sender and the receiver. This includes some of the oldest privacy protection strategies in the crypto world, such as tumblers, CoinJoin, Mimblewimble, and Monero.
For knowledge about zero-knowledge proof, it is recommended to refer to the article published by Lianwen:
A tragedy caused by Sudoku: What is Zero-Knowledge Proof?
Best Practices for Users
Even with cryptocurrencies that don’t have any privacy features attached, users have a degree of protection against cybersecurity threats and blockchain analysis techniques. In order to prevent malicious parties from using network metadata to anonymously attack users, users can use Tor or I2P to cover up the original IP of their transactions. In order to resist blockchain analysis, users are generally advised to change to a new address for each payment received. Cryptocurrencies such as Monero and Verge offer this functionality as a native option, although in some cryptocurrencies these addresses can still be associated with the users subsequent actions.
Regarding the specific development of Oasis Labs, a blockchain project based on a trusted execution environment founded by Professor Song Xiaodong, it is recommended to refer to Lianwens previous reports: