Rethinking Security, Anonymity, and the illusion of Privacy
I’m no cryptography expert so please to correct me if I’m wrong. This post written since I notice web3 users can’t differentiate between the three.
Let’s start with an analogy. I live in a house in a small village. Privacy and Security are easy to understand: Privacy is the tinted wall and curtains to prevent paparazzi to take a peek. Security is the door lock to prevent monkeys to steal my banana.
Now anonymity is a bit abstract. Remember that I live in small village? Actually, my house is very similar with every other houses in the village. The only difference is house number. It means I have pretty good anonymity too.
There is small anonymity set and high anonymity set. The more houses look the same in the village, the higher the anonymity, vice versa.
Do you know what kind of house has great security and privacy, but 0 anonymity? Gru’s House
Both three may overlap but they’re totally different thing. From this analogy it’s obvious that privacy and security are very important, while anonymity is.. kinda important and optional
So security on ethereum is the seed phrase which created with ECDSA signature. Don’t be afraid, I don’t even understand what is that thing. What I can assure you is that ECDSA is possible to break with quantum computer, just like most other common cryptography today
Privacy on ethereum is basically inexistent. This is why dozens of networks and dapps have been developed to solve this. Mina, Aleo, Namada, Aztec, Tornado Cash, Railgun are just a few names
But here’s the thing, all of those protocols I mentioned above are using ZKP to create anonymity and not really privacy. In other word, they give a large anonymity until it overlap with privacy, but they doesn’t really give privacy.
Ah-a, they create a bunch of house dummies around my house in the village thus it’s harder to target surveilance on my house.
For more context, this clearly mentioned in recent blog by Namada team, Size Matters: “ZKP != Privacy”. The blog is about how anonymity set in today protocols above are not concentrated thus on-chain analytic such as TRM Labs and ChainSecurity are able to break the anonymity by making the set smaller and smaller.
Therefore Namada’s solution is by unifying the anonymity set into one huge anonymity set. That’s awesome, I have no problem with that. However, we need security and real privacy, anonymity shall be last. We need our door lock and the curtain, a uniforming the house sahll be last
So how can we have on-chain privacy? It’s through Encryption which scramble every plain data into ciphertext. We fit the curtain on every window so that no one can see us doing some private things
I’m not sure how many true privacy protocols being developed today. So far I found Oasis chain, Secret chain, and Obscuro Rollup. All of them use local data encryption called TEE (Trusted Execution Environment).
I’m not a big fan of TEE since they’re using trusted proprietary hardware, but Secret team wrote this blog that TEE has the best performance to have an encrypted chain, at least for now
The last one is Zama, they’re developing what’s called FHE-EVM. It allows computation of encrypted data. So rather than I give you -1 ETH and you get +1 ETH, on-chain you’d only see * * * * and * * * *
Sometimes I wonder why on earth blockchains are built with cryptography yet after more than 10 years there’s still no way to have true privacy on-chain. Maybe it’s just really that complex to compute ciphertext on blockchain.
Anyway, I believe we’re still very early and I hope this post is helpful ))