Ethereum users may soon be getting a much-needed privacy boost.
Long a shortcoming for all public blockchain networks, the world’s second-largest blockchain is nonetheless aiming for big improvements in its upcoming Byzantium release. For most buy-and-hold users, these limitations might not be apparent, but that’s not to say there aren’t potential implications that could affect the wide variety of users the network is trying to attract.
As an example, the software upgrade comes at a time when regulation is putting a strain on the network – at least one government has already taken aim against what has emerged in 2017 as its biggest use case. In the past month, China issued not only an all-out ban on ICOs, but ordered exchanges (including those that buy and sell ether) to hand customer data to the authorities.
This added attention is just one of the things that has shone a light on the limitations of the network. Currently, every transaction is permanently visible on the ethereum blockchain, meaning that investments made by individuals – including those that might be illegal – can be widely observed. Not quite a bug and not quite a feature, this availability of user information is still something that many developers have set about to correct.
While zcash helped pioneer the use of zk-snarks and monero popularized ring signatures and stealth addresses, ethereum has perhaps struggled to find a similar value-add when it comes to anonymity.
But the upcoming Byzantium hard fork, currently expected to occur in October, will introduce two new cryptographic procedures which should eventually pave the way for increased privacy.
Ethereum’s first major upgrade since 2016, Byzantium is actually one-half of a much larger upgrade designed to enhance the usability of the platform, named Metropolis. It will also be the first major technical upgrade since the network has been valued in the billions, a development that could add drama to the proceedings.
Looking ahead, the second part of Metropolis, Constantipole, has been postponed indefinitely, meaning users will have to wait before they can enjoy maximum privacy on the platform.
Still, that’s not to say there aren’t substantial efforts toward that goal.
Where are we now?
Privacy on ethereum is a notoriously complex endeavor, as it contradicts some basic methods of how a blockchain functions.
Transparency on a blockchain is vital such that it protects its users from the risk of double spending, which is when a malicious user sends the same coin to two different places at once. This risk is resolved by rendering the details of each transaction visible and storing them in a widely distributed ledger.
As this procedure is fundamental to the technology, rewriting it requires high-level mathematics which have never before been attempted.
As such, ethereum’s developers are taking that attempt seriously and are reaching out to peers in other blockchain platforms for new ideas and features. For example, ethereum’s team has been working togetherwith the privacy-centric currency zcash on zk-snarks, which could make it possible for ethereum users to make their transactions more private.
By using that technology, a statement can be verified without requiring any information to be revealed beyond its validity. As an encryption method, zk-snarks work by translating what you want to prove into an equivalent form – without anyone knowing the solution to the algebraic equations that produced it.
Notably, the upcoming Byzantium hard fork introduces new elliptic curve primitives and a pairing function for a specific curve which will make the cryptography possible and toughen the security of a zk-snark computation. The larger the curve, the more secure it is, but it does bring higher costs for each operation.
As a result, these heavy mathematical procedures are now far too expensive to run on the ethereum platform.
In principle, prior to Byzantium, a zk-snark could be completed by the ethereum virtual machine, but it would be too expensive to fit inside a single block. However, the Byzantium hard fork will introduce a gas-subsidized pairing check that makes a zk-snark less costly to compute. If you’re unsure, “gas” is a unit used to measure the computational effort that goes into a transaction and is used to calculate fees.
What needs to be done?
Due to this new feature, the first zk-snark transaction was verified on the Byzantium testnet earlier this week. The transaction, which is viewable on the test network here, cost a total of 1,933,895 gas. To put this in some context – a non-private transaction currently costs far less, around 21,000 gas.
Still, aside from this costliness, and beyond the verification itself, there’s nothing in ethereum that today can support the tech.
As explained by ethereum’s lead zk-snark researcher, Christian Reitwiessner, the “missing piece” is the part of the system that would communicate with the ethereum virtual machine, which translates instructions and relays them to network nodes.
“We need practical implementations of all the other components of a zk-snark system (apart from the verification),” he told CoinDesk.
Some of these features might be figured out soon. For example, work needs to be done to translate a computational task from source code into the form required by a zk-snark. Reitwiessner said this is currently in heavy development, and will likely be released by the ethereum developer conference in November.
However, other milestones still need extensive research before they can be reached.
At present, regardless of whether an ether transaction is private, it will always be visible to the person who pays for the gas.
Eventually, new features released in the second ethereum upgrade, Constantinople, will aim to provide a newly flexible ether wallet, allowing users the option to pay for gas in tokens instead of ether. According to Reitwiessner: “This could include paying for gas with tokens which might be zk-SNARK tokens.”
Postponing this feature until Constantinople also gives ethereum developers some time to tease out other complex challenges.
For one, ethereum must counter a security problem within zk-snark tech itself, known as the trusted setup. When zcash launched its zk-snark-powered currency back in October 2016, it corresponded with an elaborate performance, whereby each member of the z-cash development team set fire to the computers they had used to bring z-cash to life.
This was to prove that there was no backdoor into the technology that could potentially allow developers the ability to manipulate the network. The catch now is that ethereum must develop something equivalent to this, but one that can scale to thousands of participants.
Alongside this, solutions need to be developed so that mathematical proofs are generated alongside a zk-snark. And, more programming is needed to establish the possibility of zk-snarks occurring off the blockchain.
In light of this, it could be that a smoother alternative to zk-snarks is developed in the meantime.
Reitwiessner hinted at this, adding:
“Furthermore, we are not tied to a specific zk-snark or even zk-snarks themselves.”
As such, his statements hint that, for ethereum, the privacy conversation is only just beginning.