banner
Privacy with zk-SNARK in Ethereum
Privacy with zk-SNARK in Ethereum
Ethereum

Privacy with zk-SNARK in Ethereum

By Aneta Karbowiak - 17 Jul 2018

Chevron down

Zk-snark-in-Ethereum: The privacy of blockchain is not an imperative feature, but it becomes increasingly important. The blockchain is transparent and public by nature and an address is not linked to real identity.

Nevertheless, it is easy to find out who is carrying out a transaction if you analyse the different addresses over time.

Often specific patterns can arise because addresses provide more and more information and you get a so-called process of “deanonymization”, especially if it is done by a person that follows transactions through KYC and AML processes.

Losing your privacy also means that a transaction must be made by a user whose address is known.

It is evident that whoever analyzes the blockchain, is able to locate both the funds and the user quite quickly. But many privacy advocates believe that this should be prevented by strengthening security measures.

Too much transparency

Transactions on the Bitcoin or Ethereum blockchain reveal the sender, the recipient and even the amount. Some people think that this transparency of the blockchain is not always necessary and in some cases can even be harmful.

This is because from the analysis of the history of transactions one can also arrive at the location of the individual. Just look at the location of the merchant who accepts payments. Criminals may use this information to steal from you or follow you.

From a company’s BTC or ETH transaction history, competitors may obtain information about suppliers, sales, expenses, etc.

The payment of a particular medical service could be used by insurance companies to increase the instalment or even to refuse medical cover.

There are so many scenarios and so many privacy risks.

The privacy of a blockchain can be improved

There are ways to strengthen privacy by using new addresses or exchanging funds with other users to mix transactions, but these practices always leave a trace while analysis methods improve.

There are cryptocurrencies such as Monero, Zcash, Dash that implement specific technologies to ensure anonymity and Ethereum uses zero-knowledge proof or zk-SNARK which means that nothing is revealed except the “truth of the statement”.

zk-SNARK is Zcash’s core technology and implies that between two parties of a transaction, each is able to prove to the other that it has a specific set of information, without however revealing what that information is.

This system is different from other systems where at least one party needs to know all the information.

With zk-SNARK it is possible to prove the possession of a password through a mathematical test without ever having to reveal it.

Vitalik Buterin enthusiastic about zk-SNARK in Ethereum

But while Zcash uses zk-SNARK as a fixed feature, Ethereum only included this technology in the blockchain in January and does not use it for all transactions.

Vitalik Buterin was enthusiastic about this type of privacy protection at the TC Sessions in Zug recently, admitting that he also participates in and supports zero knowledge technologies “including tutoring on SNARKs and STARKs”.

“Personally I’ve written some tutorials about STARK and I’m thinking about doing a lot more about STARK in the future. I’m trying to see what it would take to make Ethereum’s blockchain friendly with the STARKs, so that it includes, for example, support for final field operations and other things involved in the STARK verification,” said Buterin.

The developer wants to focus on creating an ecosystem of smart contracts that protect privacy and are easy to use.

Buterin believes that privacy is necessary and useful in many cases. According to him these smart contracts “personally can be used by various types of applications and constructions on the blockchain to try to minimize access to market manipulation. They can be used to improve various types of mechanisms such as auctions.”

Legitimate use of coin privacy is therefore possible and desirable, but Vitalik says that “enthusiasm for this technology is not only because of privacy but also because of scalability. More than half of the excitement around zk-SNARK and zk-STARK isn’t even because of the privacy angle but it’s because they allow you to prove arbitrarily complex computations and a single proof they can be very compact and verifiable in a few milliseconds.”

Decentralized Ethereum Mixer with zk-SNARK

The application that implements zk-SNARK on Ethereum is Miximus. The dapp is currently on the testnet and is still in development, but its operation is simple.
It must hide the sender, the recipient and the amount of the transaction. BarryWhiteHat, the developer who developed Miximus, works on this technology that could be implemented in voting, governance or an anonymous social network.

This may be possible because the identity in Miximus is also anonymous. A user can try to be part of a group by remaining anonymous. For this specific feature, we assume the use of the login with GitHub would transfer the reputation, but not the identity. The use of biometric data has also been proposed, although this approach may be riskier as the identity would be publicly disclosed to everyone who would come into possession of these data.

Miximus also prevents that there may be the possibility of linking multiple identities.

Challenges to overcome

The prospects seem interesting, but there are also challenges regarding reputation, trial time and gas price.

The system only supports binary reputation, but this could be hacked if you add a given user to the Merkle tree several times. “So user 1 would have reputation 1 and user 2 who has two entries in the merkle tree has reputation 2,” writes BarryWhiteHack on the GitHub repository.

The limit in this anonymous social network proposed by the developer would be that there is no possibility of burning and risking reputation.

Developers of other blockchains have especially criticized zk-SNARK for the test times that are quite long. In Zcash it amounts to one minute and in Miximus to 7 minutes and it is not possible on the mobile phone, but the next update to Zcash should reduce it drastically. Added to this, if verification times take only milliseconds, as confirmed by Buterin, it might make sense to spend so much time trying something out.

Making a single Miximus transaction is quite expensive because the price of gas on Ethereum is high and the transaction requires about 1 million gas, but this problem is likely to be solved when gas costs are resumed. See Ethereum / EIP no. 1187 and EIP no. 1108.

Aneta Karbowiak
Aneta Karbowiak

Graduated in Biology from the University of Genova, she was soon interested in the development of mobile applications and chatbots. She entered the publishing world as manager of an English sports website where she managed a team of ten people. Passionate about blockchain technology and cryptocurrencies, she began writing for Qubithacker.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.