The Hidden Flaw in Every Privacy Solution: A New Privacy Model

--

Press enter or click to view image in full size

Introduction

Blockchain technology is rapidly becoming the infrastructure for financial transactions and settlements. The technology is pioneering different financial applications and instruments, also covering other real-world assets. With the speed at which different blockchains, companies, and large institutions are launching stablecoins, there is no doubt that the world is already shifting to adopt blockchain as the technology that will power the future of finance. However, some bottlenecks have hindered the growth and adoption of blockchain technology, such as blockchain trilemma issues, among others. While early blockchain protocols focused on increasing the speed of their chains (TPS), a major problem was sidelined: the privacy issue. This article aims to conceptualize the privacy problem, to articulate some major attempts at resolving the problem along with the loopholes in each attempt, and to provide an alternative solution that remedies and resolves the loopholes of the previous solutions.

Conceptualizing the Problem

Privacy has been a major bottleneck that hinders the growth and adoption of blockchain technology because transactions are publicly verified. This means that every transaction can be viewed by anyone, and because of that, the person who performed that transaction can be identified through one means or another. Although the public address in a transaction makes it appear that a user cannot be identified, it is very clear that there are ways in which people can connect the dots and discover who owns the transaction. Unlike other infrastructures that power financial activities, blockchain keeps users’ data and transactions visible rather than private. The major issue is that not everyone can afford or is willing to have all their financial transactions visible because of the many risks it poses. This has hindered the adoption of blockchain technology because the financial applications people use do not reveal their data publicly, but keep it private. The question to be answered has been, “How do we make transactions on the blockchain private instead of public?”

The problem of privacy as it relates to blockchain has persisted for so long because of the way the problem has been conceptualized. The previous question does not accurately describe the privacy problem. Hence, the attempted solutions have been targeted at a question that does not fully describe the issue in detail. The question can be refined as, “How do we make transactions private on a public blockchain?” The reason for reframing this problem is that privacy is not really a major issue for private blockchains that are controlled by a few participants who do not necessarily need to share their ledger with the public. The major problem of privacy lies with public blockchains. Many solutions have been proposed to resolve this issue, but they all leave one loophole or another.

Three Categories of Privacy Solutions

Privacy solutions can be categorized into different groups.

1. The first set of privacy solutions was designed to make transactions fully private. Early privacy solutions attempted to make transactions completely private. Monero, Dash, Zcash, and other attempts to make transactions entirely private without any trace available to the public. This is privacy by default, where the transaction is not visible at all.
2. The second set of privacy solutions is those that do not completely make transactions private but ensure that they cannot be linked to the owner. That is, we can see where the transaction comes from but not where it ends. An example is Tornado Cash, which serves as an intermediary. Users send tokens to Tornado Cash and withdraw them from a different wallet. It is therefore impossible to link the sending wallet and the withdrawing wallet together.
3. The third set of privacy solutions is those that make transactions private to the public but still allow transaction data to be shown for compliance purposes. In this case, transactions are verified using zero-knowledge proof, but the data is not shown to the public. The data is only available to regulators, auditors, and for proving compliance with laws and regulations. One example is Cloak from Scroll. Cloak is an auditable privacy solution that makes transactions visible to regulators or necessary parties but does not reveal information to the public except that something occurred. Another example is Iron Fish, which has been acquired by Coinbase.

The problem with the first set of privacy solutions is that by making transactions fully private, auditing and compliance become impossible, making them unsuitable for the ongoing regulation in the Web3 and blockchain industry. The second set faces a similar issue. Since transactions cannot be linked together, it is impossible to verify and prove compliance with regulations such as anti-money laundering rules. While the third set of solutions aims to provide privacy and solve compliance issues by making transactions auditable and visible to necessary parties, it makes transactions invisible to the public by only showing that something happened without revealing what happened. The question we need to ask, therefore, is, “What part of the transaction should be shown to the public? Is it nothing or everything?”

It seems that removing the verifiability of transactions from the public on a public blockchain undermines the essence of the public blockchain itself. Otherwise, every blockchain would have become private and would not need to share its data publicly. Nevertheless, there is still a need to protect the privacy of users on public blockchains. Our question can now be fully refined as follows: “How do we make transactions private on a public blockchain in such a way that the information remains verifiable, auditable, and compliant with regulatory rules, without revealing too much or too little to the public?” This leads to another question: “What kind of information should be made private in a transaction on a public blockchain?” In other words, what should be revealed and what should not?

Resolving the Issue of Privacy in Public Blockchain

The answer is simple. What needs to be kept private in a transaction on a public blockchain is the identity of the sender and the receiver. If the identity of the sender cannot be linked to the transaction, then the record on the chain will reveal what happened but not who performed it. The transaction amount, time, and other details do not mean much if the identity of the sender or receiver cannot be attached to the transaction. While the identity of the sender and receiver can be hidden from the public, it can still be visible and auditable to regulatory bodies and necessary institutions, making compliance with laws and regulations possible.

For example, if the public address in a transaction can be replaced with a random number instead of the actual address, the chain will show that participant A sends $50 to participant B, but it will not reveal the identity of either the sender or the receiver. At every instance, a random number will be generated to replace the public address, ensuring that it does not reveal who sends what or who receives what.

Public verifiability of transactions is a major design feature of public blockchains, and removing it by keeping transactions private amounts to shifting from a public blockchain to a private blockchain. Disclosing nothing to users may lead to a lack of trust in the system, even if all transactions are correct, because they cannot be verified publicly. To maintain user privacy and comply with regulatory laws, the solution lies in answering the crucial question of which information should be revealed to the public in a way that still allows them to verify the validity of transactions and the state of the chain without knowing the identity of the sender and receiver in each transaction.

Conclusion

This article does not intend to explore the technical possibilities of the solution presented. The aim is to provide a theoretical solution that can address the privacy problem in public blockchains. Often, it is necessary to conceptualize both the problem and the solution before examining the technical feasibility of different approaches.

Regardless of the technical feasibility of the solution presented, any adopted privacy solution must align with the need for compliance and public verifiability, revealing neither too much nor too little. If nothing is revealed to the public, the system risks becoming a private blockchain. If everything is revealed, the adoption of blockchain technology will be hindered.

Between these two extremes lies the ultimate solution.