Zero Knowledge is a dangerous thing.
We started this crypto journey with hifalutin ideals about #transparency. Blockchain, we said, would eliminate the need for #trust, make everything more efficient, and do away with corruption and fraud, because everything would be visible to anyone on-chain.
Well, turns out we don’t want that much transparency. We have known for some time: even in supply chain there is a need for privacy. Having all your bills of lading on-chain is an invitation to steel your latest shipment of widgets from Kunshan.
Sparked by the CBDC discussion after China launched its surveillance tool, the eCNY, #privacy soon became the number one issue to solve. Even in blockchain, one should have a reasonable expectation of privacy. Companies don’t need their business transactions discovered on-chain. Everyone has a right to privacy, within limits of course. Law enforcement demanded access to transactions. The millions flowing on the blockchain to arm Ukraine, the discovery of NFTs used for human trafficking, and the collapse of LUNA, Celsius and FTX all pointed to one thing: we don’t have a good framework that combines privacy and crime fighting. Only anarchists and crooks demand complete, unassailable privacy ie anonymity.
We just don’t know what that reasonable level is and how to program it. You see: we live in a digital world, we don’t give a damn about GDPR and we freely share our data just by picking up an electronic device. We trust the behemoths of the Internet implicitly, and we trust blockchain even more because let’s face it. Most of you don’t have the faintest idea how it actually works.
Privacy for Dummies
Enter the zero-knowledge solution. It’s flawed. It’s incomplete. It’s technically cumbersome and resource intensive. It’s mostly limited to #Ethereum which is turning into an unmanageable patchwork of hodgepodge solutions that fail to deliver. What’s more: it don’t solve jack. zk tech is at best a piece of the puzzle. It’s not the holy grail of privacy.
I shall abstain from me from giving you the complicated formulae and lines of code that make zkproof, zkSNARKS and all its cousins (the latest one being zkML) so brilliant — and so useless. I won’t even mention with work on quantum-resistant zkproof.
Here is the problem in a colorful analogous nutshell.
Imagine you are at the supermarket. You can either be the 17-year-old needing to buy a pregnancy test, or an alcoholic hiding his booze purchase from the wife. They don’t sell pregnancy tests at Aldi so let’s use the boozy version.
Now you have two objectives: you want to buy the forbidden item and you don’t want ANYONE to know what you bought without affecting the purchase process. Nobody can know who you are and what you bought, but you have to buy the items on the list Camilla wrote for you, plus the six-pack of beer that keeps your real six pack from ever seeing the light of day.
What do you do?
[take a minute now to ponder this question while I grab the Merlot]
I’m back. Couldn’t find the wine (she’s hiding it somewhere!) so coffee it is.
There is only one solution. Did you find it?
First of all, you want to hide the purchase from everybody else in the shop, form the young kid with the dirty sneakers to the old geezer choosing sausages all the way to the grumpy old hag touching every peach on the shelf to check for bruises, thereby inflicting more damage for the next customer to bitch about. Maybe even don’t want anybody to know you are shopping at Lidl (like me, it’s so ahem … you know) or Sainsbury’s (too posh and so overpriced what with inflation being what it is). Choose your local equivalent for entertainment purposes. Your Walmart or Target maybe vs. Trader Joe’s. Any establishment will do.
Anyway. You go in, clad in black with a face mask and a hoodie so nobody knows you are there. You switched off the phone so they can’t track you (you think, they still can!) No better yet: you left the phone at home! All you have is your paper money and credit card wallet. And an insatiable thirst for Krug.
What you need is a sack. A gunny sack, also known as hessian or tow sack, made from burlap, jute, hemp, or sisal. Very crude, very thick, definitely no way to see what’s in it. Preferably black and with a huge Uphold logo and a red ink stamp “I need my privacy!”
A sack!
You need to put the sack in the trolley as you make your way through the aisles, you add milk and eggs, strawberries, ham, baked beans, and whatever else Camilla partner scribbled on that list in that neat handwriting of hers. You need to be fast: open sack, bring it close to shelf and make sure the item slips in without anyone seeing you. Then, surreptitiously, first pretending to look for gerkins, you pass by the booze section and quickly stuff the Bombay Gin bottle into same-said sisal sack. Nobody saw you, you are in camouflage, and the sack is really really thick and black.
As you add some toast, a token low-fat yogurt for pretense, and some bananas (on sale, plus the calcium is good for your bones) you make your way to the cashier. So far the transaction has been private and you are safe. Now there is one last hurdle: you need to pay.
Cashier number 4 please!
The store relies on bar codes and you need to show the items to the lovely lady with the long fingernails and the no ubiquitous vacant stare of the underpaid. She too should NOT clock what you are buying.
Well bar codes are a bit of a problem. You could have a little spyhole in the hemp sack, or we could switch to RFID, obviously, so the items can remain in the magic sack in the trolley while Amita the cashier rings them up and then briefly stops chewing her Hubba Bubba to ask: kesh or cahd? Of course, you use your Uphold card with the XRP cash back, and out you go with your addiction satisfied and your privacy intact.
This is #zeroknowledge proof. The transactions has been successfully completed, and nobody but the store’s computer system knows what you bought.
Aha!
There is the problem: the burlap bag just hid the buying, not the bloody bill. The colossal flaw of zero-knowledge is exposed: it isn’t zero. It only zero as long as you don’t commit to the chain, encryption or not. The computer knows! In other words, the blockchain is aware.
Just like transactions per second are meaningless (throughput) for security as compared to blocks per second (speed), the real question of privacy isn’t transaction privacy, but how to keep secrets from the chain itself.
How do you buy the booze without the supermarket’s owner knowing it was you who bought the booze?
[Have another think, while I get a refill and get some nibbles]
The answer is that we don’t have a solution. There are trusted execution environments relying on specific hardware chips. Ever since Ledger insulted their customers last week by claiming not to have access to the seed phrase whilst offering seed phrase recovery, we can’t trust any company or any piece of hardware to offer any sort of privacy.
Privacy by committee
The other option is multi-party computation or privacy by committee. Aleph ZeroZero and OASIS protocol are just two examples of #MPC solutions.
Now do explain this in layman’s terms: what you need to do is take several shopping carts with several sisal sacks, then pay for your items one by one at different cashiers at different times. You do the eggs in aisle one at 15:45, the fruit and veg at 16:06 cashier number seven please, the booze or pregnancy test at 16:21 … cashier number four please, and so on. You also need to use a different card, preferably from different people. There are people who will lend you their credit card for the purpose. Or, if you want to embarrass yourself and reveal your Luddite tendencies or your real age, you just use cash. Either way, there now is no way for the store to know that it was you who bought all the items on your list, plus the Jamaican Rum you wanted privacy for in the first place.
(Oasis layer is slightly different: you could compare it to a gaggle of your mates taking each trolley to different cashiers while you wait outside. Together, Hank, Henry, and Hillary form the ‘MPC privacy layer’). But let’s leave the technical minutiae to the geeks.
Now that the store doesn’t know Frankie loaded up on Frizzante, that sort of privacy is almost acceptable. But it’s not perfect either. Firstly, the store has cameras, so they can see you talking to Hillary and handing over the trolley to Hank and Henry. Ie, the blockchain knows you are employing a privacy layer, and so does the hacker. There are cameras in the parking lot too, and they saw your face before you put on the hoodie, so they have your license plate AND your face before entering said store in which sad alcohol procurement took place at the indicated time. (That’s how law enforcements solves crypto crimes by the way, and why we call blockchains “pseudoanoymous”)
Secondly, you may do this every Tuesday and Friday, being a functional alcoholic with regular habits and only a half hour to spare as you juggle career, kids, gym and AA meetings. An on-chain sleuth would then know that this address does the exact thing at the exact time twice a week, with the sum involved always being $26.80. From all that data, over time, a good FBI agent will be able to identify you and your nefarious consumption. He will also know you are trying to kick the habit because you used the same address to pay for your therapist and your gym membership.
Long story short: we don’t have an acceptable solution for privacy on the blockchain. Of course, most people don’t care if Mrs. Pennypiddle sees them buying the weekly Stolichnaya (or Stoli, as you affectionately call it). Most people don’t even notice the cameras. And absolutely nobody can be arsed to use seven trolleys or bring black burlap sacks to Walmart.
Unless of course, we are talking about #CBDCs. Suddenly everyone is paying attention to the evil government wanting to control your spending. ECB’s Panetta said a #digitalEuro will never be programmable, but a) we don’t have a definition of ‘programmable’ (the SEC, CFTC, ECB, Digital Pound Foundation, Singapore’s MAS and the Bank of International Settlements all have different definitions of ‘programmable money” on their web sites) and b) no sane citizen will believe the government when it claims it’s not programmable. And since you are a registered alcoholic, your crypto #CBDC card will not allow you to pay for the Kentucky Bourbon. Or the cigarettes. Or eggs when there’s an outbreak of bird flu. Or meat, because the neoliberal party in power wants everyone to become a bloody vegetarian. Now the hoi polloi suddenly care about privacy: what do you mean the card don’t work for fags, govnor?
A cunning cryptic conundrum.
We have yet to solve this conundrum. On the one hand, we want privacy on-chain, and that’s not a thing yet — unless you employ computationally complicated solutions. Companies in particular don’t want their schemes for world domination exposed on the chain. On the other hand, we want respite from hackers, no way data miners can discover our identity, and we most certainly don’t want the government to curtail our spending habits. Buying stuff whenever and wherever we want is an enable human right enshrined in the Declaration of Compliant Consumers and the Shopaholics Freedom Charter!
It is a conundrum because MPC isn’t all sunshine either. Ultimately you have to whitelist participating validators, and that is a form of central control. The other option is to use a relay network, which is why I am spending my bank holiday ploughing through the #Marlin Protocol’s white paper. It’s fascinating stuff, full of cool formulae, and a penetrating smell of centralization crypto degens abhor but governments and business love. Let’s face it: the decentralization debate is being lost as we speak.
So yes, privacy. Give it some thought. How do you take yours? Full-fledged? Skimmed? Oat milk or almond? Large, medium, or small? How much privacy is enough, and how much is too much? Can someone come up with a better solution than zkproof which is expensive and time-consuming, while being mostly garish window dressing pushed by Polygon and friends?
The solution to all of this is painfully obvious. I’ll let you discover it yourself and comment below while I’m off to Amazon’s automated store where privacy is even more fiction than in any other supermarket. Maybe I’ll pay in Worldcoin for which they scanned my eyeballs. Or I’ll issue my own coin, needing a DNA test and an implant in your brain before you can spend it.
The Blockchain Futurist 