Bitcoin can’t provide strong privacy guarantees, which is becoming a problem for widespread adoption of it and other crypto-currencies, which has implications for even the blockchain consortiums of financial institutions.
Howard Wu, co-portfolio manager at Dekrypt Capital in California, says most development in digital currencies has focused on scale and improving transaction times. “It’s like everyone’s been playing offense, trying to go for the touchdown. But there hasn’t been so much attention on playing defense – and defense is mainly about privacy,” he said, speaking at a Garage Academy lecture.
Dekrypt Capital is the venture arm of Blockchain at Berkeley, a university-based ecosystem for research, education and consulting, to which Wu also serves as an advisor.
Satoshi Nakamoto’s white paper introducing Bitcoin had promised it would be private, with transaction identities unconnected to real-world ones, Wu says. But that hasn’t turned out to be the case, and government investigators have been able to trace Bitcoin transaction histories to incriminate criminals behind the Silk Road website that had been used for facilitating drug and other transactions.
The problem with transparency is that it makes data about user’s spending habits and account balances knowable, while issues of tainted Bitcoins don’t allow them to be freed of their history – unlike cash, whose market value isn’t distorted even if the bills passed through criminal hands.
In other words, says Wu, Bitcoin needs to be allowed to become fungible if it is to fulfill its purpose as a currency.
Regulators, initially keen to expose crypto-currency movements, have come around to a more nuanced view of efforts to improve privacy, however. They have come to realize Bitcoin isn’t as private as it was advertized; there exist companies that can trace crypto transactions to real-world identities; and it’s increasingly difficult for anyone to trade large amounts of digital assets for fiat money.
Bank blockchains also at risk
This is also an issue for financial instituitons’ blockchain consortiums, Wu says. Although these consortiums favor private and permissioned access, rather than being open to anyone who wishes to participate, they too are struggling with privacy concerns. Networks, particularly in the B2B world, have the potential to release information to fellow participants that banks don’t want to disclose, such as transaction or sales volumes.
“There’s been a natural gravitation to privacy issues” in bank-backed programs, Wu said, noting that last year J.P. Morgan added a privacy function based on zero-knowledge security layer to its Quorum blockchain (see below).
Blockchain at Berkeley consults on blockchain implementation at Fortune500 companies, and is finding privacy a major impediment, Wu adds. “Companies fear leaking trade secrets and [intellectual property],” he said.
Exposed on the blockchain
Bitcoin transactions become “deanonymized” in several ways. Coins sent to fresh addresses ultimately have to return to the spender’s wallet or be forwarded to other recipients, creating associations among addresses. These associations can be clustered on a graphic analysis of exchanges, which can form a picture of a person or company’s activity.
Coins tainted by association with criminal deeds can always be traced back, no matter how many times they are forwarded to fresh addresses. Time stamps can lead investigators to figure out the origin of chains of transactions. And the biggest reveal comes when the crypto world is (inevitably) linked to real-world companies, services and people: by netting user names and addresses, a good portion of a blockchain can be exposed.
Working on defense
Developers such as Wu are working on ways to improve privacy. There are “mixing” services that essentially wash tainted coins until they become clean, by entrusting them to a commingled pool and releasing equivalent values back to owners. Mixing requires trust in the mixer, however, who could disappear with the coins; it also is slow. Developers have come up with decentralized versions, but the volume sizes remain public.
Another project makes transactions confidential, so that only participants know the amounts they are transacting, but it’s costly (it eats up a lot of computer memory) and it doesn’t mask the addresses.
Now developers are trying to combine these two projects so that addresses and volumes are hidden, and funds can’t be stolen by a centralized player.
A third project is called zk-SNARKs, a version of which has been adopted by J.P. Morgan. The zk stands for “zero knowledge”, in which mathematical proofs to validate a transaction don’t reveal the nodes doing the validating. SNARK stands for Succinct Non-interactive ARguments of Knowledge, which boils down to making verifications fast, automatic, and secure.
This protocol is behind zCash, one of several crypto-currencies designed to address privacy concerns (Monero and Dash are others). In theory it meets a lot of the challenges to establishing privacy, but it’s expensive to compute and hard to implement in practice, Wu says.
“You have to acquire these coins from somewhere, from someone,” Wu said. That’s always going to give regulators, thieves and competitors the chance to glean information. But fingering people to specific activity also requires a lot of resources. It’s the job of developers playing defense to make it too expensive and time-consuming for troublemakers to use users’ digital histories against them.