View all on-demand sessions from the Intelligent Security Summit here.
On September 15, 2022, the Ethereum network migrated from a proof-of-work to a proof-of-stake consensus mechanism called the merge. Aside from reducing energy consumption by 99%, the Merge laid the foundation for building a highly secure and scalable blockchain. However, despite the benefits of the Merge, it also marks a decline in privacy, which is a major concern for Ethereum users.
Privacy is generally second to other core blockchain topics such as decentralization and scalability. In fact, blockchain networks’ zeal for data transparency often comes at the cost of compromising the privacy of individuals and businesses. But without a privacy-focused approach — even one that gives users optional privacy — Ethereum decentralized applications (dapps) will repeat the same mistakes as Web2 applications.
But before proposing solutions, it is necessary to understand the importance of privacy for Ethereum, the second largest blockchain ecosystem.
Contents
Analysis of the adverse effects of lack of privacy
In a 2020 paper titled “Blockchain is watching you,” researchers showed that Ethereum’s account-based model suffers from privacy concerns. Ethereum users lack financial privacy as they are susceptible to surveillance by third parties such as analytics platforms, malicious government actors, and hackers. In addition, technologies such as Ethereum Name Service (ENS) make user identification and tracking easier. The lack of privacy affects businesses and users in different ways.
To begin with, companies handle sensitive business data such as production capacities, inventory information, raw material prices and sales figures. If competitors are aware of the aforementioned data points, it can jeopardize a company’s growth strategies. Thus, maintaining privacy for business intelligence is essential. Ethereum smart contracts automate companies’ payment systems and provide transparency to avoid data silos. However, Ethereum compromises privacy as corporate data remains publicly available for smart contract execution.
On the other hand, individual user data is openly accessible in the chain, creating multiple problems. For example, users may provide personal information to calculate credit scores for taking out loans. Likewise, they may provide sensitive private health care information for insurance use. For crypto traders, their trading strategies remain open to public scrutiny, increasing the likelihood of head-on attacks and unwarranted copy trading. Employee wage payments to the chain and transfer of assets are also open to everyone, which can cause infighting between teams.
Ethereum dapps had emerged as alternatives to Web2’s Big Tech companies that non-consensually collect user data. These dapps have the potential to challenge the power of what Shoshana calls Zuboff’surveillance capitalism.’ However, Dapps often fail to ensure user privacy. The cypherpunks of the 1990s believed that a privacy-based digital future was possible. Summarizing the philosophy of the cypherpunks, Stephen Levy wrote in 1993, “…an individual’s informational footprints…can only be traced if the individual concerned chooses to disclose them.”
Developers are now coming up with innovative technology solutions to realize the cypherpunks’ vision of building a privacy-focused Ethereum ecosystem.
A privacy-based approach could catapult Ethereum
At a recently concluded ETH Seoul 2022 technical conference, Ethereum developers came together to discuss improving the privacy and scalability of dapps. Ethereum co-founder Vitalik Buterin inaugurated ETH Seoul by talking about zero-knowledge proofs (zk) as a major boost to Ethereum privacy. Buterin said, “With zk proofs you are able to prove you are human without actually revealing it. You also have reputation systems with which you can demonstrate that you have or have not done something.”
Developers use mathematical zk proofs to determine the truth value of a financial transaction or information without revealing the underlying data. Therefore, zk-proofs maintain network integrity while providing user privacy. More specifically, developers’ use of zk-SNARKs (zero-knowledge concise non-interactive knowledge arguments) to prove statements without exposing sensitive data is becoming increasingly popular due to recent performance breakthroughs. Zk-based systems can provide more confidential and compliant information exchange, helping secure financial transactions for businesses and individual users.
There are multiple use cases of zk technology. For starters, zk cryptography-based decentralized identity management (DID) helps users prove their identity without revealing personal information. zk-DID allows borrowers to share credit scores to complete loans without revealing the actual credit score using zk range proof. Similarly, gamers can prove NFT ownership without revealing which NFT uses a zk proof for set membership. A company can track its products through supply chains without giving away information to competitors by using asset tracking.
Zk proofs can help entities complete payroll privately using crypto and/or stablecoins. Entities can also issue private NFTs with classified information, and DAO fundraisers can raise money without disclosing the identity of the donor. Thus, a zk-enabled Ethereum may emerge as an alternative to payment networks such as VISA and SWIFT.
Privacy on Ethereum represents a paradigm shift for developers to build more mainstream products and services.
If privacy is to become a fabric of Ethereum, it should not be an additional function for existing applications. On the contrary, privacy should become a built-in foundation for Ethereum dapps that improve user experience. To normalize privacy, we need to start with first principles.
Warren Paul Anderson is CEO of Discreet laboratories.
Data decision makers
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.
To read about advanced ideas and up-to-date information, best practices and the future of data and data technology, join DataDecisionMakers.
You might even consider contributing an article yourself!
Read more from DataDecisionMakers
Janice has been with businesskinda for 5 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider businesskinda team, Janice seeks to understand an audience before creating memorable, persuasive copy.