Check out all the on-demand sessions from the Intelligent Security Summit here.
On September 15, 2022, the Ethereum network migrated from a proof-of-work to a proof-of-stake consensus mechanism called the Merge. Apart from reducing energy consumption by 99%, the Merge laid the foundations for building a highly secure and scalable blockchain. However, despite the benefits of the Merge, it also marks a regression in privacy, which is a significant concern for Ethereum users.
Privacy generally takes a backseat to other core blockchain topics such as decentralization and scalability. In fact, blockchain networks’ zeal for data transparency often comes at the cost of compromising individual and enterprise privacy. But without a privacy-focused approach — even one that gives users optional privacy — Ethereum decentralized applications (dapps) will repeat the same mistakes of Web2 applications.
But before proposing solutions, it is necessary to understand the importance of privacy for Ethereum, the second-largest blockchain ecosystem.
Analyzing the detrimental effects of lack of privacy
In a 2020 paper titled ‘Blockchain is Watching You,’ researchers demonstrated that Ethereum’s account-based model suffers from privacy issues. Ethereum users lack financial privacy, as they’re prone to surveillance from third parties like analytics platforms, malicious state actors, and hackers. Moreover, technologies like Ethereum Name Service (ENS) make user identification and tracking easier. The lack of privacy affects companies and users in different ways.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
To begin with, enterprises handle sensitive business data like production capacities, information about inventories, raw material prices, and sales figures. If competitors know about the aforementioned data points, it can jeopardize a company’s growth strategies. Thus, maintaining privacy for business intelligence is key. Ethereum smart contracts automate companies’ payment systems and provide transparency to prevent data silos. However, Ethereum compromises privacy as company data remains publicly available for smart contract execution.
On the other hand, individual user data is openly accessible on-chain, creating multiple problems. For instance, users may provide personal information to calculate credit scores for taking out loans. Similarly, they may provide sensitive private healthcare data for availing insurance. For crypto traders, their trading strategies remain open for public scrutiny, increasing the chances of front-running attacks and unwarranted copy-trading. On-chain employee salary payments and asset transfers are also open-for-all, which can cause infighting among teams.
Ethereum dapps had come up as alternatives to Web2’s Big Tech companies that non-consensually harvest user data. These dapps have the potential to challenge the power of what Shoshana Zuboff calls ‘surveillance capitalism.’ However, dapps are often falling short of guaranteeing user privacy. The 1990s cypherpunks believed that a privacy-based digital future was possible. Encapsulating the cypherpunks’ philosophy, Stephen Levy wrote in 1993, “…an individual’s informational footprints…can be traced only if the individual involved chooses to reveal them.”
Developers are now coming up with innovative technological solutions to materialize the cypherpunks’ vision for building a privacy-focused Ethereum ecosystem.
A privacy-based approach can catapult Ethereum
In a recently concluded ETH Seoul 2022 technical conference, Ethereum developers congregated to discuss enhancing dapps privacy and scalability. Vitalik Buterin, cofounder of Ethereum, inaugurated ETH Seoul by talking about zero-knowledge proofs (zk) as a major boost for Ethereum privacy. Buterin said, “With zk proofs, you are able to prove you are a human without actually revealing it. You are also able to have reputation systems where you can prove you have done or did not do something.”
Developers leverage mathematical zk proofs to determine the truth value of a financial transaction or information without revealing the underlying data. Therefore, zk proofs maintain network integrity while simultaneously providing user privacy. More specifically, developer use of zk-SNARKs (zero-knowledge succinct non-interactive arguments of knowledge) to prove statements without exposing sensitive data is becoming more popular due to recent breakthroughs in performance. Zk-based systems can provide more private and compliant information exchange, which helps to secure financial transactions for enterprises and individual users.
There are multiple use cases of zk technology. To begin with, zk cryptography-based decentralized identity (DID) management helps users prove their identities without disclosing personal information. With zk-DID, borrowers can share credit scores to take out loans without revealing the actual credit score using a zk range proof. Similarly, gamers can prove NFT ownership without revealing which NFT using a zk proof for set membership. An enterprise can track its products through supply chains without giving away information to competitors using asset tracing.
Zk proofs can help entities complete payroll privately using crypto and/or stablecoins. Entities can also issue private NFTs containing classified information, and DAO fundraisers can collect money without revealing donor identity. Thus, a zk-enabled Ethereum can emerge as an alternative to payment networks such as VISA and SWIFT.
Privacy on Ethereum represents a paradigm shift for developers to build more mainstream products and services.
If privacy is to become a fabric of Ethereum, it must not be a bolt-on feature to existing applications. Rather, privacy should become a built-in foundation for Ethereum dapps that enhances the user experience. To normalize privacy, we must start with first principles.
Warren Paul Anderson is CEO of Discreet Labs.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!