Privacy on Blockchain
Expectations vs Reality
No more banks, no more centralisation, no more personal information shared with untrusted third-parties who can seemingly do whatever they want with it. Blockchain and cryptocurrency is the solution to many problems in the financial and data storage worlds, including privacy, right? Well, not exactly.
While blockchain creates a safe and secure environment for making transactions and storing information, it’s not necessarily the most private way to store that information. In this article we’re going to have a look at what we mean by privacy, what blockchain offers in the way of privacy, where it falls short, and finally, what we can potentially do to better secure our privacy on the blockchain.
What is privacy and why is it important?
Firstly, a brief overview of what we mean by privacy. There are generally three types of privacy: physical, surveillance and information. When we talk about privacy in the cryptocurrency or financial space, we are mostly referring to the last two. When we say surveillance privacy, we’re talking about your ability to control who can identify you, see what you are doing and record information about you. Information privacy is then about controlling who has access to and who can use your personal information.
Being surveyed and having your information shared can bring a lot of convenience in the form of products and services. Having “somebody” know what you are doing and what you want or need can be helpful in bringing you those products and services easily. The downside, however, is that whoever is surveying you or processing your data can also use it for their own benefit and can share that information with others without your knowledge. Unfortunately, this is usually not in your best interest.
What is the current state of information and financial privacy on the blockchain?
The misconception about privacy on the blockchain is as follows: I have a cryptocurrency wallet; my wallet has a private key and a public key; when I want to access my funds and make transactions, I use my private key (or phrase or 2FA, whatever); and when I want to transact with another wallet, I share my public key. Private key is private, public key is public. Right? Simple? Not really.
Most blockchains, at their core, are giant databases which are distributed around the globe and open to the public. Whenever you make a transaction, that information is stored on the blockchain in a block. That block contains certain information which makes the transaction itself very secure protects it from being tampered with, including information about the previous block in the chain. However, the most important information, is the information about your transaction, including your public key. So, every time you make a transaction, your public key is stored in a block alongside that information, permanently and irreversibly.
In a truly decentralised setup, anyone can access the blockchain network at any time and view that information. So, anyone who knows your public key, and anyone they share it with, can see all the information about every transaction you have made and will make with that wallet.
“But what does it matter if people can see my transactions? I’m just buying and selling crypto.”
At this stage, mostly yes. The overwhelming majority of transactions on the blockchain and in the crypto space are people trading crypto assets for other crypto assets to make a profit, or just as a hobby. But not all of them.
Terra Money is a blockchain technology that uses stablecoins which are algorithmically-tethered to their respective fiat currency, such as TerraUSD (UST), TerraKRW (KRT) and many more. At this stage, most of them are still being traded as said above. However, KRT, tethered to the Korean Won, is quickly being adopted and used like a traditional currency. Terra Money has teamed up with CHAI Finance, a blockchain-based online payments system which has integrated Terra’s KRT into its application.
CHAI operates similarly to PayPal, in the sense that users can simply add their bank account or wallet address and start making transactions. The biggest difference is that CHAI uses blockchain technology, which makes its transactions faster, with lower fees and most importantly, decentralised.
What makes this such a game-changer in terms of crypto-adoption and mainstream use is that users have no need to know about the intricacies of blockchain technology or fancy finance terminology. It is a plug-and-play type application which allows consumers the ability to use cryptocurrency for everyday purchases, and there are already more than 100,000 daily transactions with some of Korea’s most reputable merchants, including CU, which has 13,500 stores around the country.
But this is where we need to get back to the main point of this article, privacy. With real-world use and mainstream adoption actually happening right now, the transactions that people can see on the blockchain are no longer just random crypto trades between BTC, ETH and any of the thousands of other altcoins. Anybody who wants, with your public address, can now see exactly where you shop, at what time, and how much you spend there. This data can obviously be used for reasonably benign purposes, such as marketing and advertisement, if corporations start processing it all together, but it can also be used in much more malicious ways.
Access to payment locations and times gives anyone the ability to track another, either by analysing patterns and anticipating where they might be at a given time, or real-time, by watching a person’s most recent transactions. This can also have quite benign or even pleasant consequences if a friend or family member is using it. The harsh reality, however, is that this information could be used by less savoury characters to conduct illegal or immoral activities.
What can be done to fix the problem?
Private Blockchains
One of the biggest hurdles to get over when it comes to privacy on blockchain is centralisation. There is a type of blockchain called a private blockchain, in which certain authorised nodes validate transactions, therefore access to the data is restricted and transactions are private. However, this requires a central entity that controls the network and authorises the nodes, making this type of blockchain more centralised.
Bitcoin, the original cryptocurrency and inspiration for all that followed, runs on a public, decentralised blockchain. Decentralisation is important because it is what allows the network to be so secure. Due to the huge number of nodes in the network which are validating transactions with each other, it is virtually impossible for malicious parties to hack the network. This is why a public blockchain is more favourable than a private blockchain in most cases. With a single controlling entity, a private blockchain is much more susceptible to hacks, data breaches or manipulation. The participants in a private network must also be able to have complete trust in the controlling entity and the authorised nodes, as they would be able to modify blockchain data at their will.
Privacy Coins
Another option to assess is privacy-focused blockchains such as Monero, Dash and ZCash. These cryptocurrencies employ their own privacy protocols such as Monero’s Stealth Addresses, Ring Signatures and RingCT. Within themselves, the privacy aspects of these blockchains function well, preventing simple access to data on the blockchain by your average Joe, however they do come with some setbacks.
Firstly, someone wanting to conduct private transactions is obliged to do so in the currency on which the blockchain is based. For hobby/profit trading this is absolutely fine, but for larger application, it requires the mainstream or widespread adoption of that specific cryptocurrency, and unfortunately for privacy coins, it seems to be going the other way.
Privacy coins tend to attract quite a lot of attention from regulators due to their utility as a means for tax evasion, money laundering and other illegal activities. For instance, privacy coins (including Monero, Dash and ZCash) were completely banned and removed from exchanges by the Financial Services Commission in South Korea in March 2021. And while they may not be banned outright in most places, they risk constant strict regulation which can create extreme volatility in the market. All of this means the chances of real mainstream adoption of these coins is slim.
Mixing Services
Mixing services are third-party protocols, such as Tornado Cash on Eth, Sherpa on Avax and Void Protocol, which divide users’ funds into smaller parts and add them to “pools” to mix randomly with deposits from other users. The withdrawal is then made into a new wallet address and the funds are theoretically unlinkable to the deposit.
However, not all protocols are made equal. If the protocol allows the user to choose the amount they are depositing into the pool, therefore making all deposit amounts different, then the withdrawal of that same amount will be easily traceable to its’ original wallet address. Also, some protocols rely on a third-party intermediary to verify the input and output pairs to ensure that the correct withdrawal amounts are transferred to their respective depositors. This reliance creates a central weak point in a decentralised system, where the users must trust a single third-party with their data.
Coming in Q1 2022, Void Protocol, on the aforementioned Terra Network, provides solutions to these problems for TerraUSD (UST) and LUNA. Void is an opt-in financial privacy service that utilises the mixing model, with some corrections for known security problems. Void is completely decentralised, using Zero Knowledge Proof (ZKP), a cryptographic protocol, to verify the input and output pairs. ZKP is coded so the input and output pairs can match without revealing any information about the pairs themselves, meaning that there is no reliance on a third-party or a centralised database.
Void also resolves the deposit-withdrawal tracking issue by only allowing set amounts to be deposited into the Void Anonymity Pool (VAP), while still allowing users to withdraw whatever amount they choose, leaving the rest in the pool to earn VAP rewards and keep Total Value Locked (TVL) high. With these set deposit amounts, it is impossible to trace a withdrawal wallet to a deposit wallet because all of the input values are the same.
Another huge bonus that Void adds, is that all deposits in UST into the pool will be put into Anchor Protocol (ANC) to earn 20% APY. This is what provides the VAP rewards mentioned above. This helps keep capital productive whilst being held in the pool and reduces opportunity cost. The biggest downside to Void is that to achieve a good level of anonymity, users will have to leave their funds in the pool for weeks or potentially months to allow other transactions to take place. However, once TVL reaches a sufficient level, users will be able to withdraw their funds much more quickly.
Conclusion
To those who are new to the blockchain and cryptocurrency world it may seem that it is the solution to all of our financial woes, but unfortunately, in their current state, blockchain networks are not even close to real privacy, and while some solutions exist, most are far from perfect. Private blockchains create their own security problems and stray from the idea of decentralisation, privacy coins limit users and risk extreme price volatility, and certain mixing services can be very easy to trace. Void Protocol will provide a solid financial privacy option to users of the Terra Network, a network that so far has a whole lot of support and enthusiasm to be adopted for mainstream use not too far in the future.
-Gretskies
Please come and join the Discord and get involved in the discussions! We also love to host giveaways and are always looking for other ways to show gratitude to our amazing community around the VOID 🌑.
Void Protocol Links
🌑 Docs: protocolvoid.gitbook.io/void-protocol/
🌑 Twitter: https://twitter.com/ProtocolVoid
🌑 Discord: discord.gg/U9MXyT6a7K
🌑 Medium: https://voidprotocol.medium.com/
