Zcash, ZKPs & the ECC: Privacy Scales Better
The US Federal Reserve just released its long-awaited Central Bank’s Digital Currency Report (CBDC). Not surprisingly Privacy is one of the Fed’s main concerns. The report says: “initial analysis suggests that a potential U.S. CBDC, if one were created, would best serve the needs of the United States by being privacy-protected, intermediated, widely transferable and identity-verified”
The Fed’s concerns are indeed valid. While blockchains such as Bitcoin or Ethereum are censorship resistant and free from any central intermediation, they are nonetheless public. It is the very fact that they are Public that renders them Trustless.
While no third party is in control of one’s data, as is the case with a traditional bank, all transactions are public from the get-go. Even though they are linked only to a wallet address, and not an identity, behavioural patterns can quickly be established. Even sophisticated hackers using technology such as mixers will always leave an electronic money trail. Just ask the perpetrators of the infamous Colonial Pipeline ransomware attack. Within days the FBI recovered the Bitcoins from the ransom payment. Information leakages when using blockchains are inevitable just as they are on the internet. While interested parties might not find your identity, they will certainly have you profiled.
In 2016, Zooko Wilcox and Zcash used Zero Proofs Knowledge (ZKPs) to try and remedy the Privacy Paradox. ZKPs are a cryptographic method by which a prover can convince a verifier that a given statement is true, without conveying any additional information to the verifier (Wikipedia). While ZKPs’ Proof of Concept appeared in the 80s, they were highly inefficient due to their size.
Zcash was implemented on the Bitcoin’s codebase and shares many similarities, from its capped monetary supply to its Proof of Work (POW) consensus mechanism. The main difference was the implementation of ZKPs, more precisely ZKsnarks which allowed for transactions to be either fully shielded or partially disclosed.
While Zcash succeeded in making ZKPs small and efficient enough to allow transactions to be fast, cheap, and private simultaneously, there still exists one major flaw in their implementation: Toxic Waste.
Toxic Waste refers to a set of random numbers generated during the set-up phase to build the Public Parameters which later allow users to construct and verify private transactions. Think of it as a Private Key, albeit for the whole network. Anyone in its possession would essentially be able to make counterfeit Zcash, thus taking us back to square one on the Double-Spending problem.
To circumvent this flaw the team underwent what they referred to as multi-party computations ceremonies. Participants, each in isolation around the world, performed computations used to generate the so-called Public Parameters. The Toxic Waste generated by those computations was then destroyed. The first ceremony occurred at the initial launch and a second one at a later network upgrade. The rationale is that all parties would have to be dishonest for the protocol to be compromised. Systematic risk however remained…What if they all colluded?
Fast forward a few years, the Electric Coin Company (ECC), which launched and supports the development of Zcash, introduced Halo. Halo not only removes the need for a trusted setup and the resulting Toxic Waste but also makes ZKPs recursive thanks to Amortization Schemes. In other words, one can prove that they ran ZKPs that verify other ZKPs and so on... One cryptographic proof can verify an infinite amount of accumulated past proofs. This will allow nodes for example to verify a whole chain in a matter of seconds. It could also help arbitrary smart contracts to be more confidential by running the contract itself off-chain and only proving that a particular and identifiable set of conditions has been met. Only the resulting state transition is then run on-chain. Miners engaging in front-running activities such as MEV will have to reassess their business models.
While yet to be implemented, Halo is available to everyone as open source, and it is no wonder ZKPs are also at the centre of Ethereum’s scalability solutions. They will allow for most of the large computation and data to be kept off-chain… If implemented at Layer-1 like the ECC intends to do with Zcash, Privacy and Scalability would both be made available to everyone (Vitalik Buterin).
Whether Halo, Nested Amortization or other ZK technologies go beyond Proof of Concept and become an industry standard, remains to be seen. AMENDED: HALO IS GOING LIVE. More importantly, the ECC is proving that Privacy and Scalability are in all logic highly correlated and demonstrates the importance of long-term governance in blockchains that are often too static.
Despite much initial criticism, the ECC has recently taken the decision to break the industry norm and reward its own and other development teams with 20% of every block reward. While many crypto projects have fallen victim to the Tragedy of Commons which is unfortunately omnipresent in an Open-Source and decentralized world, the ECC has not. It has proved that the self-funding of key resources like governance and development might be a necessary evil in a world where technology is little defensible.