Preserving Privacy in Smart Contracts

Preserving Privacy in Smart Contracts

A group of academic researchers has unveiled a new first-of-its-kind protocol designed to provide confidentiality and anonymity to account-based smart contract platforms such as Ethereum.

The Problem

Creating systems where privacy is preserved for users has long been a foundational value in the cryptocurrency world. In the early days, it can that Bitcoin’s pseudonymity was adequate to preserve transactional privacy. However, following the rise of blockchain analytics firm, this erroneous belief was quickly debunked. 

A number of privacy-focused protocols have since been developed. Many of these protocols have laid the foundation for the creation of privacy-centric cryptocurrencies. Examples of these include Monero, PIVX, and Zcash. Additionally, some developers have attempted to include privacy-preserving protocols in more popular digital currencies, as is the case with Bitcoin Private.

While these privacy-focused digital currencies have served to provide transactional privacy, there has been a gap in creating the same opportunities for account-based platforms. Many of the privacy-centric protocols currently in existence are only implementable in UTXO transaction models.

UTXO stands for unspent transaction output. This is the transaction tracking model used in Bitcoin as well a majority of privacy-focused cryptocurrency networks. This model differs from how balances are tracked in conventional banking as it follows what is not spent. While the UTXO model is elegant and can power many of Bitcoin’s unique abilities, it has its disadvantages in that it is unable to support more complex systems built on top of it.

In contrast, the Ethereum network utilizes an account model. This transaction model is similar to what is witnessed in the traditional banking system in that it resembles a balance sheet. This simpler and more conventional model can support complex scripting languages like Solidity. Furthermore, it can provide operational support for the smart contracts for which the Ethereum network is known.

Unfortunately, privacy-centric protocols have focused on the UTXO model, essentially rendering them unusable on the Ethereum network as well as other account-based blockchain-based networks.

Enter Zether

In a new paper called “Zether: Towards Privacy in a Smart Contract World,” four researchers have unveiled a new protocol designed for use in account-based networks. The Zether protocol is ready for deployment on the Ethereum network and does not require any extensive changes to the underlying software. It is also implementable on any other account model regardless of the consensus mechanism utilized in the network.

Developed by Benedict Bunz, Shashank Agrawal, Mahdi Zamani, and Dan Boneh, Zether is a fully-decentralized, confidential payment mechanism compatible with Ethereum and other smart contract platforms. Zether takes the form of a new smart contract that can obscure the balances left in accounts while also hiding the identity of the people using the protocol to transact.

In this way, the Zether protocol is able to support both confidentiality and privacy. Confidentiality in crypto refers to the quality of a transaction where amounts transferred are hidden. This also relates to the balances retained post-transaction. Anonymity refers to the quality in which the parties involved, i.e., the sender and recipient, are obscured. Zether utilizes cryptographic proofs to preserve transactional privacy.

As mentioned earlier, Zether is actionable in the form of a smart contract. On the Ethereum network, it is called the Zether Smart Contract (ZSC). To power the movement of funds from one party to another, the smart contract has a token called Zether token (ZTH). These tokens are transferred between users through accounts created and held in the smart contract. The wallet addresses take the form of ElGamal public keys.

How it Works

To turn ether to ZTH, users send funds to the wallet associated with the smart contract. The ETH is then held in the smart contract, but the user receives the same amount of ZTH. To get ETH back, the user executes the burn function which then destroys their ZTH and credits them with the same amount in ETH. It is also possible to bind ZTH to a smart contract as is possible with ETH in smart contracts. The converse is also true.

To demonstrate, user A with an Ethereum address creates an ElGamal key pair. The key pair includes a public and secret key. User A will then commit a transfer of funds, depositing ETH in the Zether smart contract, while enclosing his public key. 

The Zether smart contract then creates an account with user A’s public key and credits it with the same amount of ZTH that they sent in their initial funding commit. User A is now able to transfer ZTH to other accounts on the Zether smart contract while preserving their privacy. Obscuring the amounts is done through encryption.

To provide anonymity, user A must include their transaction in an anonymity set. This is a group of  Zether accounts which are also transacting on the network. However, an observer will be unable to identify from where the transaction came. It will simply be visible that an account from the anonymity set made a transaction where the amounts were hidden.

As is common in some privacy-centric digital currencies, Zether relies heavily on zero-knowledge proofs. The Zether protocol also makes use of a modified version of the innovative Bulletproof protocol. The new ZK-proof mechanism is called Σ-Bullets. As explained in the white paper, the modification “allows us to efficiently combine Bulletproofs-based range proofs with ElGamal encryptions.”

While Zether applies to any account-based model, the researchers have already had success implementing it on the Ethereum network. At the time of print, confidential ZTH transactions cost 0.014 ETH in gas. Additionally, the researchers believe that “Zether is practical today and with already-planned enhancements to Ethereum will become even more efficient.”

The Zether protocol represents a step in the right direction for account-based models and if it takes off, will likely power more engagement with Ethereum and the other blockchain networks that adopt it.

Source link