A Casual Discussion on the Evolution of Technology in Privacy Trading

Author: IOBC Capital

Would you be willing to publicly disclose your wallet address and let everyone know how much money you have? Would you want everyone to know your investment preferences and every expenditure? I think many people would not be willing to do so. To achieve privacy protection for this data, privacy protocols are needed.

There have always been cryptocurrencies on the market that emphasize privacy, including DASH, XMR, Zcash, Grin, Rose (Oasis Network), FRA (Findora), PHA (Phala network), SCRT (Secret Network), etc. Over the past decade of development in the crypto industry, the privacy sector has always held a place. https://mp.weixin.qq.com/s/c2rYO5SdlZJ5HXk2ufsFig

If we further subdivide the privacy track, it can be categorized into four types: privacy computing networks, privacy trading protocols, privacy applications, and privacy coins. Among them, privacy coins have developed the earliest, and Tornado in privacy applications is currently widely adopted, while privacy trading protocols and privacy computing networks are the most focused on at present.

This article has limited length and will only discuss the development of technical implementation solutions related to privacy trading from the perspective of technological development and evolution.
Since the development of cryptocurrencies, there have been four main types of technical solutions for implementing privacy trading:

1. CoinJoin

CoinJoin: CoinJoin is a mixing mechanism that obtains tokens from different senders and combines them into a single transaction. A third party packages the tokens and sends them to the receiver. On the user side, each receiver receives his/her tokens in an address that has never been used before. This reduces the likelihood of specific transactions being tracked.

DASH is a typical case of using CoinJoin technology to achieve privacy trading. DASH was born in 2014 and is not solely aimed at privacy; rather, it offers privacy trading as an option for users, who can choose to use the PrivateSend feature for privacy trading or opt for normal transactions.

In terms of mechanism, the DASH network encourages miners to act as master nodes through higher reward yields, with each master node miner having 1,000 DASH as buffer funds. Each user initiating a transaction can use these buffer funds to achieve the "mixing" effect. Due to the existence of mixing, transaction information is scrambled and difficult to trace, thus achieving privacy protection.

2. Stealth Addresses + Ring Signatures

Stealth Addresses: Creating a stealth address means that a new address is generated each time cryptocurrency is received. It ensures that external parties cannot link the payment address to the permanent wallet address.

Ring Signatures: Blockchain transactions require digital signatures to verify that the signer is the sender. Since each user's signature is unique, it is not difficult to trace back to the transaction associated with the signer when the user signs. The ring signature strategy combines the signature with the signatures of other ring members: the more signatures from ring members, the harder it becomes to directly link the signer to their transaction.

Monero (XMR) uses a combination of stealth addresses and ring signatures to achieve privacy protection. Monero is not selectively private but fully private. Monero provides each wallet owner with a new private view key, recipient address, and a private spend key. Additionally, XMR mining can be completed using a regular computer CPU, without the need for specialized mining machines, which makes XMR more decentralized to some extent.

To further enhance the effectiveness of privacy protection, Monero has undergone multiple technical upgrades during its development. To hide transaction amounts, RING-CT (Ring Confidential Transactions) was introduced; after using RING-CT, the privacy performance of the Monero blockchain improved, but scalability was sacrificed, leading to the later introduction of Bulletproofs, a zero-knowledge proof protocol that improved XMR's transaction scale and reduced verification time by 80%.

3. Mimblewimble

The term Mimblewimble comes from the "Confundus Charm" in Harry Potter, and it is mainly used by two projects: Grin and Beam. The technology used in Mimblewimble includes Confidential Transactions, CoinJoin, and Cut-through.

The Mimblewimble protocol seeks a trade-off between anonymity and scalability. It is a design solution that provides cryptocurrency privacy for public ledgers based on an output model and does not involve the consensus layer, so it can be used on almost any consensus rules.

The original purpose of proposing Mimblewimble was to provide privacy for Bitcoin. After using this technology, account ownership, transaction associations, and transaction amounts can be hidden; it can also "mix coins," as some coins in Bitcoin may be marked as "tainted," and many institutions refuse to accept these coins. The MimbleWimble technology can achieve the effect of mixing coins.

4. Zero-Knowledge Proofs

Zero-Knowledge Proof (ZKP) refers to a situation where the prover can convince the verifier that a statement is true without providing any information beyond the validity of the statement itself.

Zero-Knowledge Proofs were first theorized by Goldwasser, Micali, and Rackoff in 1989. Currently, zero-knowledge proofs are mainly used in the blockchain industry for two purposes: privacy protection and scalability. This article mainly introduces the application of zero-knowledge proofs in protecting privacy.

The earliest practical use of zero-knowledge proofs for privacy protection was on Zcash, and gradually many projects such as Aztec, Manta Network, and StarkWare adopted zero-knowledge proof mechanisms and evolved many new technologies.

To illustrate the zero-knowledge proof mechanism, consider the example of "Alibaba and the Forty Thieves":

Alibaba is the prover, and the thief is the verifier. The thief captures Alibaba and demands that he reveal the incantation to open the cave where the treasure is hidden, or he will kill him. If Alibaba directly reveals the incantation, he may be killed for losing his utility; if he insists on not saying it, the thief will think he does not know the incantation and will kill him. Alibaba devised a plan, asking the thief to stand an arrow's distance away. If Alibaba recites the incantation and cannot open the stone door of the cave or escapes, the thief can shoot him with an arrow.

In this way, Alibaba can prove that he indeed knows the incantation from a distance where the thief cannot hear what the incantation is. In this process, Alibaba (the prover) does not directly reveal what the incantation is, but he can convince the thief (the verifier) that a certain assertion (Alibaba knows the incantation) is true.

zk-SNARK

zk-SNARK stands for "Zero-Knowledge Succinct Non-Interactive Argument of Knowledge." It was proposed by Ben-Sasson et al. from the Israel Institute of Technology in the 2014 Zerocash paper and is currently the most widely used zero-knowledge proof privacy technology. Well-known projects that directly deploy zk-SNARK algorithms include Zcash and Loopring. It allows people to prove that they possess specific information without revealing the content of that information.

zk-SNARK is a technology that transforms the zero-knowledge proof mechanism into a computer programming language. The basic logic is shown in the following diagram:

What kind of privacy does zk-SNARK specifically achieve? zk-SNARK achieves complete privacy, hiding not only the addresses and transaction amounts of both parties but also the content of the transaction from the nodes. However, the downside of zk-SNARK is that it requires a trusted setup, which, regardless of how it is set up, always has some potential security risks.

Based on zk-SNARK, to enhance privacy while also optimizing transaction capacity and costs, new types of zero-knowledge proofs such as Bulletproofs, zk-STARK, Sonic, PLONK, and SuperSonic have emerged.

Bulletproofs

Compared to zk-SNARK, Bulletproofs do not require a trusted setup, but verifying Bulletproofs is more time-consuming than verifying zk-SNARK proofs. Bulletproofs have been applied in the XMR project to increase the transaction scale of XMR and reduce its verification time by 80%.

zk-STARK

zk-STARK stands for Zero-Knowledge Scalable Transparent Argument of Knowledge. It was developed by StarkWare and uses novel cryptographic proofs and modern literature to enforce the integrity and privacy of computations on the blockchain. StarkEx employs zk-STARK technology. zk-STARK allows the blockchain to transfer computations to a single off-chain STARK prover and then use an on-chain STARK verifier to validate the integrity of these computations.

Compared to zk-SNARK, zk-STARK is considered a faster and cheaper technical implementation because while the computational load increases, the communication volume between the prover and verifier remains unchanged, resulting in a much smaller overall data size than that in zk-SNARK proofs. Moreover, zk-STARK does not require an initial trusted setup, as they rely on simpler cryptographic techniques through collision-resistant hash functions.

Overall, zk-SNARK has made significant progress in refinement and adoption, while zk-STARK fills many of the shortcomings of zk-SNARK proofs (faster, cheaper, no need for an initial trusted setup) and is considered an improved version of the protocol. However, zk-STARK adopts an off-chain computation and on-chain verification approach, which seems to be less secure than zk-SNARK.

Sonic

Sonic is a zero-knowledge proof protocol proposed by Sarah Meiklejohn from University College London, Markulf Kohlweiss from the University of Edinburgh, and Sean Bowe from Zcash. Sonic is a universal SNARK, meaning it only requires one setup to verify any possible statement.

The emergence of Sonic has made a significant leap forward in the evolution of zero-knowledge proofs. However, Sonic's speed has decreased, as the proof construction time has increased by about two orders of magnitude compared to non-universal SNARKs, so currently, there are no well-known privacy projects that adopt Sonic technology.

PLONK

PLONK is an efficient universal zk-SNARK co-developed by Zachary Williamson, CTO of the Aztec protocol, and Ariel Gabizon, chief scientist at Protocol Labs and former Zcash. PLONK was developed during a chance meeting between Ariel Gabizon and Zac Williamson at a workshop in London's Binary District.

This is a brand new efficient universal zk-SNARK that only requires one trusted setup, and all programs can reuse this setup. This technology has also been endorsed by Vitalik. How fast is PLONK? On fully standard hardware, PLONK can pass circuits with over a million gates in 23 seconds. There are no server farms or HPC clusters involved—this data comes from a Microsoft Surface tablet.

Taking Aztec as an example, here’s a brief description of how the PLONK-based privacy protocol Aztec works:

First, Aztec needs a trusted initial setup—Ignition CRS. Initially, Aztec randomly gathered 200 participants globally to obtain the Ignition CRS. These 200 participants create randomness, which is the basis for Aztec's proof security. (This is akin to 200 people shuffling cards; as long as not all 200 collude, as long as one person is honest, the randomness of the cards—and thus the security of the system—is guaranteed.)

Then, Aztec's regular privacy transactions can be understood as a UTXO (as shown in the diagram below). It operates similarly to Bitcoin, but the difference is that the transaction needs to be encrypted. Therefore, Ethereum will verify whether this UTXO is correct—i.e., checking 60 + 40 = 75 + 25.

How is this checked? First, check if input note = output note; to prevent circular attacks (e.g., 10 = 11 + -1), a Range Proof is set up, so Aztec instead deploys a membership proof—users need to prove that they formed output notes from Codex to obtain approval from the Aztec Cryptographic Engine (ACE). Only after this series of steps can the correctness of the UTXO be successfully verified.

The privacy that Aztec aims to achieve includes three aspects: first, data privacy, where Aztec can encrypt and hide transaction amounts; second, user privacy, where observers on the network cannot determine the sender and receiver IDs; third, code privacy, where the smart contract code of dApps using the Aztec SDK can also be made private. The first aspect has been achieved, while the latter two have yet to be realized.

SuperSonic

SuperSonic technology combines Sonic and DARK proofs, providing a short proof that does not require a trusted setup. Under the premise of one million logical gates, it can compress the proof size to 10-20 KB, with further optimization potential. This technology was first applied in the financial public chain Findora.

The comparison of zero-knowledge proof series technologies in terms of proof size, verification speed, whether a trusted setup is required, and application cases is shown in the table below:

Overall, the emergence of these efficient universal SNARKs allows for the realization of privacy and scalability in Web3 through at most one MPC setup, enabling us to generate privacy transactions on all user devices (phones, tablets, etc.) and effectively execute these privacy transactions on public networks. This significantly advances the development pace in the privacy sector.

Based on the current state of development in the privacy trading field, the following two trends may emerge in the near future:

1. The current stage of privacy trading usage is still low, but it is expected to increase with technological iterations.

The low usage rate of privacy trading is mainly due to three reasons: first, the technical threshold is too high; early privacy trading experiences were not user-friendly for most ordinary users. Although privacy coins like Zcash and XMR have existed for many years, the vast majority of ordinary people have not truly used them; second, the demand for privacy trading has not been popularized. In the past, when privacy trading was mentioned, people subconsciously thought that only illicit transactions required privacy trading. Awareness of hiding one's on-chain transactions, transfers/payments, and amounts is still relatively weak. With the explosion of on-chain transactions like DeFi, people's awareness of privacy protection for on-chain transactions is awakening; third, early privacy protocols did not provide the currencies that users truly wanted to use, such as mainstream on-chain assets like ETH, USDC, and DAI. The probability of ordinary users deliberately choosing to use privacy coins to maintain privacy is low.

2. The deployment of privacy features by mainstream blockchains may be the ultimate trend in the development of the privacy sector.

As an independent existence, privacy coins may no longer be favored and welcomed, especially after the regulatory crackdowns by various countries in recent years. For example, influenced by FATF rules, Coinbase UK delisted Zcash in 2019, while OKEx Korea delisted six cryptocurrencies including Monero, Dash, Zcash, ZCache, Horizon, and SuperBitcoin.

However, the demand for privacy trading is real and will always exist; where there is demand, there is a market. Based on the recent types of privacy projects that have garnered the most attention in the industry, incorporating privacy protection features into mainstream blockchains represented by Bitcoin, Ethereum, and Polkadot may become a trend.

Using CoinJoin technology in Bitcoin transactions, which is currently the most widely used mixer service for hiding transaction information, Mixers are services that obscure the connection between the Bitcoin sender's address and the receiver's address through a third party.

The most prominent privacy solution on Ethereum is the series of zero-knowledge proofs (zk-SNARK, zk-STARK, etc.). Vitalik has stated, "Zero-knowledge proofs are the most powerful privacy solution. Although the technical implementation is the most difficult, it is the most effective in protecting privacy and security on the Ethereum network." Among zero-knowledge proof privacy solutions, Aztec's PLONK technology is particularly well-regarded.

In the Polkadot ecosystem, there is also a notable privacy trading project—Manta Network. It is a zk-SNARK type (Plonk with Lookup) privacy protocol built by P0xeiden Labs, deployed on Polkadot, with its testnet Calamari deployed on Kusama. According to the project's official website, there are plans to deploy corresponding privacy protocols on public chains like Avalanche and Near in the future. Manta Network plans to launch a multi-asset decentralized anonymous payment protocol MantaPay, as well as a decentralized trading protocol MantaSwap supported by zk-SNARK.

In summary, privacy trading is a real market demand, and the development of this sector is worth continuous attention. As the number and volume of on-chain transactions grow, this market demand will also increase correspondingly.