Cryptocurrency≮anonymity, a detailed explanation of the basics of cryptocurrency privacy protection

Editor's note: This article is in the chain odor ChainNews (Identification: chainnewscom), the initial writer: Yi Sun, 2016 Nian PhD in mathematics from MIT, today the Division of Mathematics in Columbia University scholar Simmons; Yan Zhang, 2013 years at Massachusetts Ph.D. in mathematics from Polytechnic College, now an helper professor in the Department of Mathematics in the College of Ca, San Jose, published by Perry Wang, released with authorization.

After the whole industry has heatedly discussed and started to solve the "scalability" problem of blockchain public chain tasks, we believe that another important issue worthy of the complete industry's attention will undoubtedly be how blockchain technology can perform "privacy protection". A hard problem. Numerous technology-driven tasks that have emerged this year have regarded "privacy protection" because the primary direction and have started to explore comprehensive in this field.
This is a huge and complex topic. In fact, many fallacies are usually widespread. Thanks to two younger scholars in the United States for writing articles on the fundamentals of blockchain and cryptocurrency "personal privacy protection". Link Wen recommends it to visitors, hoping to help visitors clarify and realize the basic information in this industry. For advanced visitors, it is recommended to learn another in-depth post previously released by Lianwen: "Read through the blockchain personal privacy protection technology as well as the panorama of associated projects."
Although the article introduces well-known knowledge, it really is nevertheless a "hardcore" technical article that will require time and energy to think and understand. The ultimate way to read would be to "gather" first and read carefully. And, you are invited to ahead it to spread valuable details to more people. Enjoy reading!
In the description from the mass media, cryptocurrency often has its "anonymity" attribute, but other articles remarked that cryptocurrency transaction activities could be simply traced, a lot more easily than fiat currency transactions. To attain agreement between both of these statements, you should understand: Just what does the privacy safety of cryptocurrency suggest?
This question isn't as an easy task to answer since it seems, because "privacy protection" also offers many levels of meaning within the blockchain world.
To become a developer, an trader, or a participant of cryptocurrency well versed in blockchain technology, you should know very well what "privacy security" actually means within the encryption program. We write this short article to share a few of our own expertise and abilities in this respect.
Suppose Alice opens the Venmo account, a little payment cell phone app in the United States that has been acquired by Paypal. She needs to provide and verify her true title. Because Venmo knows her actual name and may share this information with others, Alice loses part of the personal privacy of her identification. If Bob exchanges $20 to Alice through Venmo and shares the deal in her info stream, then Alice's transaction info has been produced public, but only Venmo knows how much cash she has on her personal account so far. do not know. Suppose Alice creates a Bitcoin address and asks Bob to transfer her $20 worth of Bitcoin. Compared with the Venmo transaction, Alice has obtained certain privacy protection in terms of her genuine identity, because her Bitcoin tackle is not associated with her true name. However, the fact that Bitcoin is moved from Bob's deal with to Alice's tackle and the total amount of Bitcoin after Alice receives the Bitcoin move are transparent info to everyone in the Bitcoin blockchain.
Therefore, we can recognize that using Bitcoin, Alice offers achieved privacy defense in some aspects, but lost privacy within other aspects.
This example is commonplace when working with different cryptocurrencies for transactions.
Within the cryptocurrency world, we believe that privacy protection mainly includes three ranges:

* The identity information of an individual who utilizes cryptocurrency to execute certain operations

* The specific transaction data in the user's corresponding operation

* The overall condition of the blockchain that gathers all transaction information
The blockchain protocol may use cryptography, rendering it impossible or extremely problematic for outsiders to learn or calculate the various parts of each one of the above links. At the same time, attackers who wish to mine the features from the blockchain can synthesize various pieces of details to guess or even directly summarize the info they need. https://cvplab.org/top-tricks-and-tips-to-improve-your-tron-games-smaking-moneys/ of privacy protection would be to expose only a small amount details as you possibly can to possible attackers in specific attribute locations through protocol design.
The important thing is the fact that whether a particular attribute is one of the group of privacy protection isn't so black and white. Such as, it really is transparent details to some external observers, but some other external observers are not clear, or external observers might be able to guess by chance, however, not necessarily. This ambiguity implies that simple statements such as "XX foreign currency can ensure privacy" or "A foreign currency is better than B foreign currency in privacy protection" are often untenable. And sometimes the wording isn't cautious, this kind of statement could cause misunderstandings and misunderstanding, therefore some people cautiously arrange such a statement to mislead others.
We recommend a more careful statement, such as "Monero's transaction amount is protected as privacy" or even "Because of certain anonymity setting of ZCash, the sender's tackle is protected as privacy".
Later in this specific article, we will discuss: In some cases, cryptographic tools such as for example zero-knowledge proofs might help us quantitatively analyze such states, and even provide strict evidence.
First, why don't we focus on the privacy protection related to cryptocurrency.
Identity information personal privacy, that is, anonymity When people hear the word privacy, the very first thing that involves mind is often anonymity, meaning user behavior isn't related to their real-world identity information.
One way to achieve this privacy protection may be the simple "pseudo-name" method; actually, we are accustomed to making use of pseudonyms when getting various system services, like the registered email name bitcoinlover2008@gmail.com instead of using real titles. . In this case, in most connections in this system protocol, the real/legal name of the owner of bitcoinlover2008@gmail.com, assuming the title Alice Jones, will not be exposed.
Generally in most cryptocurrency systems, such as for example Bitcoin, users get a pair of general public/private key signatures. The general public key is comparable to the username and the personal key is comparable to the security password. The key point is that only if someone knows whether your precise private key is attained lawfully or illegally taken, can you produce the info "signed" by you. In this feeling, anyone may use your general public key to see the private key. Information sent by people. This feature allows users to utilize one of the general public secrets or addresses they need to receive cryptocurrencies such as for example Bitcoin, and make use of their own personal keys to send cryptocurrencies, all without the intervention of the centralized authority. These ideas form the cornerstone of modern mathematical cryptography. Nevertheless, having a personal/open public key pair is just a way to "work with a pseudonym" to disguise your accurate identity inside a decentralized environment.
"Using pseudonyms" is usually a organic attribute from the protocol behind encrypted currencies, making the media and the public mistakenly believe that all encrypted currencies are "anonymous", or at the very least possess stronger anonymity than simply using pseudonyms. Not surprisingly, this misunderstanding pushes users to utilize cryptocurrency for unlawful activities, such as online playing or dark internet transactions. However, the real level of privacy protection may disappoint these customers. They can certainly use open public addresses to send or receive bitcoins, and their true names are not involved in the transaction, but certain actions of customers can link the public addresses making use of their actual identities in the real world.
To begin with, most users buy bitcoins in fiat currencies on the trade. Fiat currency dealings usually need to be associated with the current bank operating system, which must verify the true identity of the real world. Because all deal information in Bitcoin is completely public. As stated in the last section, this means that everyone can easily see the exchange database and associate specific addresses with true identities in the real world. Take a good example to demonstrate: If Alice withdraws 0.1 Bitcoin from Coinbase to an deal with she controls, such as for example 36n452uGq1x4mK7bfyZR8wgE47AnBb2pzi, then Coinbase will hyperlink her real title to this deal with. If she withdraws 0.2 Bitcoin from an illegal online sports activities betting site, external observers may infer, and will provide non-tamperable community evidence that Alice is involved in illegal online playing activities.
Companies such as Chainalysis have got adopted this sort of technologies called blockchain analysis, linking public addresses towards the identification of the owner behind them, and analyzing the direction of transactions.

The picture shows an early case of blockchain analysis from 2009 to 2012; databases:
Subsequently, to conduct cryptocurrency transactions requires sending quite a few information via the Internet. In some cases, interactive metadata may be used to track the Ip used by an individual to initiate these transactions. Even though the user uses a so-called secure web browser like "Onion Tor", the IP address may be tracked.
The combination of the above two reasons means that the usage of metadata for anonymous transactions in line with the characteristics from the "usage of pseudonyms" of cryptocurrency alone is an "impossible task."
Privacy safety of transaction data When people discuss so-called "privacy coins," they often mean that dealings inside these currencies have privacy protection in some respects.
Broadly speaking, a transaction is an action taken by a user to modify the state of the blockchain. For example, Alice transmits X tokens from an deal with she controls to an tackle Bob controls. From the perspective of Lord, this extremely simple example also contains multiple data:

* An deal with of Alice, such as 36n452uGq1x4mK7bfyZR8wgE47AnBb2pzi

* Hyperlink between Alice and Bob address

* An address of Bob

* The amount of tokens sent
More complex transactions will contain other types of information, such as smart contract codes in Ethereum. Various blockchains display deal data in various ways, some of which enable certain links to become invisible to third parties, and third parties can only see the primary data from the blockchain. For that reason, we named this section "Privacy Security of Transaction Data" rather than "Privacy Defense of Transaction", because various kinds of transaction data can receive corresponding privacy security to different levels.
On the list of data that can be secured by privacy, the main are the addresses of Alice and Bob. If they're protected by privacy, they will not have the ability to identify the real identities of the sender and receiver from the transaction, and will obstruct the blockchain evaluation technology mentioned previously.
For instance, if Alice purchases Monero coins with such technical characteristics in the swap Binance and withdraws the coins, Binance cannot associate this withdrawal with how Alice will dispose of these Monero coins later on. Likewise, if Bob receives Monero from Alice, he'll not know that Alice bought these Monero from Binance.

But to help expand complicate the issue is whether the deal data is secretive is not a monochrome issue. For example, taking Alice's deal with for example, this can be measured by the size of the anonymity set, which refers to the smallest set of deal sender addresses that can be identified predicated on blockchain information. The bigger the anonymity established, the less information regarding the sender within the blockchain deal information. For instance, the anonymity place dimension of Bitcoin will be 1, as the anonymity group of Monero is much larger.
State secrecy. In the Bitcoin blockchain, all deal data is open public, meaning an external observer who views all of the blocks within the blockchain can restore the ledger and find out the account levels of these addresses despite these amounts May be assigned to different "unused deal output UTXO", that is what we call the entire state from the blockchain. However, if some elements of the deal are secret, even though the information of the entire blockchain is mastered, the user will never be able to understand the overall position. This information will be shared among different users, as well as the blockchain guarantees the persistence of user details.

Although the user's understanding of a particular attribute within the blockchain state only depends upon the agreement as well as the transaction information that triggers the forming of this state, the connection between your two will trigger complex interactions. Thus, the different features of hawaii can be covered by privacy somewhat.
Here are a few examples:

* Set of all addresses

* The account balance of a specific address, such as 0x2569C92345013F55CFb47C633c57F2f5756B9acA offers 1 ETH

* The wise contract code in a specific address, for example, the encrypted kitty contract for the address 0x06012c8cf97BEaD5deAe237070F9587f8E7A266d

image
* The specific condition of the contract, like the information stored in the encrypted cat contract
To give a straightforward deduction example: the amount of each transaction in ZCoin is public, but the sender and receiver addresses are key, which means that the user balance is still key information. On the other hand, in the privacy protection blockchain format Mimblewimble, the precise amount of each transaction is key, but the sender and recipient are public, which provides another way to protect the privacy of user accounts balances. Customers in Mimblewimble must keep carefully the information of their account balance, because the blockchain only stores limited details to ensure that users won't overspend.
Generally, adding more privacy protection actions to transactions is effective to individual users, but not necessarily good to the entire state of the blockchain. For instance, if the full total issuance of a particular cryptocurrency is personal, users cannot judge specific attributes like the total supply schedule in the blockchain process; in addition, it is difficult to find attackers making use of algorithm vulnerabilities or process backdoors for unauthorized coinage .
Privacy protection features in some existing blockchain protocols
Different personal privacy protection methods. So far, we have primarily focused on whether particular information is general public or secret. Furthermore, it is beneficial to sort out the privacy protection ways of different blockchain technologies. We roughed out these various personal privacy protection methods.
"Layer 2" agreement
"Layer 2" methods built over the underlying technology from the blockchain, such as for example Lightning Network, State Channel Technology, or even Plasma, allow a small number of users to carry out "off-chain" transactions with each other. This means that all intermediate expresses are saved between these customers, and only regular state changes are written on the primary blockchain. So halfway areas are invisible to external observers because they have never already been written to the primary blockchain. Of course, the second layer protocol itself may also possess or choose never to supply different levels of personal privacy protection at the off-chain state for all users, which means this is more determined by the design idea as opposed to the personal privacy protection technology. Thus, we will not further concentrate on the second layer protocol, although within the eye of interested readers, there's a vast array of content that can be excavated.
For specific information regarding the introduction of the "second-tier" process, it is strongly recommended to refer to the article previously published from the string: "Ethereum is not any longer the only option, the second-tier task is facing a battle for the new ecosystem.
Mixed way
The hybrid method is to adopt different privacy protection strategies on the input and output from the transaction and merge them right into a large transaction, deliberately obscuring the address of the sender as well as the receiver. This consists of a number of the oldest privacy protection strategies in the crypto globe, such as for example tumblers, CoinJoin, Mimblewimble, and Monero.
Zero-knowledge proof
Once the agreement user provides the zero-knowledge proof, there's privacy protection in line with the zero-knowledge proof, for example, the data of a particular message is displayed based on not really displaying the message itself. When used properly, this encryption technology can concurrently protect the personal privacy of transactions/areas and the complete functionality from the blockchain.
Regarding "Zero-Knowledge Evidence" related knowledge, it is recommended to refer to the article previously published by String Wen: "A tragedy caused by Sudoku: What's Zero-Knowledge Evidence"
Guidelines for users
Even if they use cryptocurrencies that do have no privacy defense features attached, customers still have ways to reduce the chances of network security threats and blockchain analysis technology to a certain extent. To be able to avoid malicious people from making use of network metadata to assault users anonymously, users may use Tor or I2P to cover up the initial IP of their transactions. To be able to resist blockchain analysis, it is generally recommended that customers change to a new address for each payment received. Cryptocurrencies such as for example Monero and Verge supply this feature being a indigenous option. Of course, in a few cryptocurrencies, these addresses can still be associated with the user's subsequent operations.
Trusted Execution Environment TEE
A trusted execution environment is really a processor, such as for example Intel SGX, which promises to be able to utilize cryptographic technology to protect the integrity and confidentiality of the data and code running on it. Various agreements, including Ekiden's commercialization by Oasis Labs brought by Professor Song Xiaodong, declare that they can adopt a reliable execution environment. For example, user account amounts could be encrypted by a personal key and saved in a trusted execution environment. They are able to only be decrypted and altered in the "trusted execution environment". This in fact delegates the responsibility of ensuring privacy protection towards the trusted execution environment, as well as the trusted execution environment itself could have its weak points. For instance, a side chain attack may be able to break the private essential. Intel SGX broke such a vulnerability earlier. Furthermore, the existing trusted execution environment may require the manufacturer's permission or allow the manufacturer to break the info confidentiality. Of course, Keystone Alternatives such as for example Gradient and Gradient make an effort to solve this problem.
Regarding the specific development of Oasis Labs, a blockchain project based on a trusted execution environment started by Professor Song Xiaodong, it is strongly recommended to refer to the previous report from the string: "Demystifying Oasis Labs: The very best fund platform, which states to surpass Ethereum, the facts?
In short, when considering the privacy protection of cryptocurrencies, usually do not use ambiguous statements such as for example "our coins are more secretive than their coins". We recommend attempting to clarify the next questions as much as possible: What state information about the entire world and when and what degree of personal privacy protection? Who is confidential? This allows us to analyze personal privacy protection technologies as well as the transactions they conduct more specifically.