Uncategorized

How to protect crypto privacy in the age of regulation

It’s a myth that crypto transactions are anonymous, writes Warren Paul Anderson of Discreet Labs. Confusing anonymity with privacy is what causes trouble.

Privacy has long been considered a critical element in crypto, but it is also one of the most misrepresented and misunderstood of all blockchain core principles. As the crypto industry continues its incredible growth, and as regulators begin marching in, a big focus for 2022 should be about defining what financial privacy means for crypto, and how to best manage it with innovative solutions that use advanced cryptography. Privacy in crypto must evolve from being a “nice-to-have” feature into a “need-to-have” foundation.

Pay no attention to the man behind the curtain

There’s a myth in the media that crypto transactions are anonymous. They are not. This means that many people have been actively engaging the crypto market under the false premise that their transactions are secret, while simultaneously, outsiders have been disparaging and avoiding crypto because they think it is some sort of purposefully obscured, illicit activity. As blockchain network analysis tools become more sophisticated and as regulators put official compliance checks and balances in place to make sure users and exchanges report every single buy, sell, transfer, and gain or loss, the lack of privacy increases exponentially. So when does privacy become important enough to make it a priority?

Privacy is a fundamental right of every citizen in any democratic society, but privacy does not equal anonymity. Privacy should be seen as protecting details about ourselves that are not necessary for anyone to know in order to engage in a system or practice, while anonymity can be seen as being able to engage in those systems with no link at all back to your physical identity. Let’s use a quick example that helps differentiate privacy and anonymity while showing why privacy is important and how anonymity can lead to trouble in financial systems.

Bob is a general contractor and Alice wants to hire him to renovate her kitchen. Bob offers Alice a discount if she pays in Bitcoin. So Alice puts a deposit down with Bob in Bitcoin. At that point Bob looks up Alice’s Bitcoin address on the blockchain and finds that Alice is a bona fide whale, hodling a significant amount of Bitcoin. At this point Bob decides to triple his price and grossly overcharge Alice for her kitchen renovation. Now, Alice is a smart cookie (of course she is, she bought Bitcoin early!), and she balks at Bob’s price. She asks for her deposit back so she can go find another contractor. At this point Alice’s privacy has been violated, because as it stands anyone that knows her wallet address can use a simple block explorer and find out how much Bitcoin her wallet contains. This is why privacy is important. If Alice had decided to do the renovation herself and she went to buy materials at a store with cash or a credit card, the store wouldn’t be able to figure out how much she has in the bank. So the next time she returned, she wouldn’t fall victim to price-gouging.

Now, let’s pretend that the Bitcoin transaction was fully anonymous. After Alice paid her deposit in Bitcoin, Bob could still assume she was a whale and try to overcharge her anyway. If she asked for her deposit back, Bob could tell her to go kick rocks. What recourse would Alice have to prove she was the one who paid Bob and that he owes her that deposit back? If the transactions were fully anonymous, she would have no way to reveal her transaction with Bob.

We need sophisticated transactional privacy, to ensure our financial information is protected, while still being able to prove its provenance. Privacy is a key enabler if we hope to genuinely support self-sovereign, decentralized identity. As the digital economy expands, our digital identities are becoming more integrated with our physical identities. So the risk of privacy exploitation continues to increase as more people are able to tie our digital assets to our physical lives. We expect, and usually demand, that our physical privacy is respected, so it is high time that we demand the same standards be applied to our digital lives through financial privacy on the blockchain.

As these scenarios increase in number, demand for financial privacy in crypto will continue to rise in 2022. The industry needs to respond to this growing demand with solutions that will help the market grow while adjusting to the new regulatory landscape that’s taking shape.

Fix the Future

Since the latest Financial Action Task Force (FATF) guidelines were published for crypto, it will be a waiting game to see how different countries around the world transpose those anti-money laundering (AML) guidelines into laws. In 2022, expect to see new guide rails put into place, which may change how users interact with the crypto market. It is important to ensure the right building blocks are put in place to welcome this change. Public blockchains need privacy first in order to support decentralized identity, which will give users more control over who they share their personal information with. But that won’t come easy.

The classic trilemma in blockchain development occurs when developers have to prioritize a choice between two of the following three categories to focus on: security, decentralization, or scalability. As you can see privacy is not one of the main factors developers even consider at the onset. But that’s okay, because privacy isn’t mutually exclusive of any of the three. So why not make it a default decision to include privacy as a tier-one priority? 

The Bitcoin whitepaper is the magnum opus of the crypto industry. It inspired thousands of other blockchains to be forked and/or developed after it. However, the Bitcoin whitepaper barely delves into the topic of privacy and only briefly suggests workarounds to achieve more privacy that are too complicated for the vast majority of users. Part of this was likely due to the fact that in 2008-2009 privacy-preserving technologies, such as zero-knowledge proofs (ZKP), had not yet achieved a level of efficiency to be considered for use at scale in a decentralized system such as Bitcoin. It took half a decade after Bitcoin was first published in order for there to be blockchains purpose-built for transactional privacy. But now as the crypto industry evolves to include more programmability, via smart contracts, we are once again at a loss for more privacy due to the inefficiencies of confidential computation. However, we’ve come a long way since Satoshi published the original Bitcoin whitepaper. The industry is standing upon decades of cryptographic research and funding new research that is being implemented into blockchain projects at a faster rate than ever before. 

Programmable privacy finally has a way forward

ZKP technology is one of the hottest sectors of research and development being implemented in public blockchains to ensure there’s more secure, scalable and private-yet-compliant transactional volume. A ZKP is a method by which one party can prove to another party that something is true, without revealing any additional information. This is important for supporting use cases that require personal identifiable information to prove statements of truth, without revealing information that isn’t relevant to that truth. For example, if an exchange needs to audit a specific transaction or a range of transactions, one can generate a proof to reveal that transaction set without revealing the entire transaction history. This specific type of ZKP helps retain compliance without giving up financial privacy. 

But in order for technology such as ZKP to reach its full potential, there needs to be more education and engagement at the regulatory level to showcase the benefits of it. So while the crypto industry evolves through new regulatory guidance, it’s important for governments not to throw the baby out with the bathwater. Financial privacy is a right, and there are tools that are being researched and developed to ensure this right also applies to crypto. The industry simply needs to make it a priority before it’s too late.