Blockchain Technolgy & Decentralized Finance: PRIVACY 

 

Instructors:          Andreas Park & Zissis Poulos
 

 


Rotman – MBA

Concern: Privacy/Secrecy

  • intrinsic feature of public blockchains is that information gets stored by public addresses.
  • logic of smart contracts is visible to all
  • => firms have need of secrecy, individuals have rights to privacy

Root problem

Solutions

  • large numbers of wallets/addresses
  • coinjoin
  • ring signatures
  • zero knowledge proofs

     

Zero Knowledge Proofs

Basic Idea

A mechanism that proves to one party (the VERIFIER) that another party (the PROVER) possesses some knowledge, without revealing the knowledge itself or any other information that can be used to re-construct it   

Basic Premise

A mechanism that proves to one party (the VERIFIER) that another party (the PROVER) possesses some knowledge, without revealing the knowledge itself or any other information that can be used to re-construct it   

This is a probabilistic statement not a math proof  

WHY?

I was born between 1976 and 2000

Range Proofs

WHY?

I am an EU citizen

Set Membership

WHY?

We both have the same

access rights to this account

Comparison

WHY?

Computational

Integrity

I performed the computation

you asked me to

Toy Example

Verifier Victor

Prover Peggy

Types

ZKP

ZKP

SNARKS

STARKS

STIK

NIZKP

Bulletproof

Lattice

DVNIZKP

Graph iso

Pros/Cons

ZKP

ZKP

SNARKS

STARKS

STIK

NIZKP

Bulletproof

Lattice

DVNIZKP

Graph iso

  • Improved privacy
  • Better security
  • Scalability solutions
  • Expensive
  • Trusted setup (for some types)
  • Not always post-quantum secure 

Pros/Cons

ZKP

ZKP

SNARKS

STARKS

STIK

NIZKP

Bulletproof

Lattice

DVNIZKP

Graph iso

  • Improved privacy
  • Better security
  • Scalability solutions
  • Expensive
  • Trusted setup (for some types)
  • Not always post-quantum secure 
  • Trusted setup

: multi-party computation ceremonies (2016-2017-2018)

Pros/Cons

ZKP

ZKP

SNARKS

STARKS

STIK

NIZKP

Bulletproof

Lattice

DVNIZKP

Graph iso

  • Improved privacy
  • Better security
  • Scalability solutions
  • Compute-heavy
  • Trusted setup (for some types)
  • Not always post-quantum secure 
  • Expensive

Vanilla Tx = 21,000 GAS

SNARK = 800,000 GAS

@ $15/Tx

$570 per SNARK proof

Scalability 

ZKP

ZKP

SNARKS

STARKS

STIK

NIZKP

Bulletproof

Lattice

DVNIZKP

Graph iso

Two most popular

  1. Prove computation has been performed according to some rules
  2. Key Point: proofs much smaller than the data they represent!
  3. From many small payloads on-chain we move to much larger payloads off-chain

Scalability 

ZKP

ZKP

SNARKS

STARKS

STIK

NIZKP

Bulletproof

Lattice

DVNIZKP

Graph iso

Two most popular

  1. Prove computation has been performed according to some rules
  2. Key Point: proofs much smaller than the data they represent!
  3. From many small payloads on-chain we move to much larger payloads off-chain

Rollups

Blockchains bundle three things together:

data availability 

settlement

execution

Why rollups?

Monolithic Paradigm

Consensus

Data Availability

Data Availability

Execution

Settlement

  • Limits the capacity
  • Limits transaction throughput
  • Hampers innovation

It's a problem

Why rollups?

Imagine instead of this

Application

Middleware/DB

Operating System

Hardware

We had this

Application

+

Middleware/DB

+

Operating System

+

Hardware

G

o

o

o

b

l

e

How rollups?

Consensus

Data Availability

Execution

Settlement

Merge

Multiple blockchains handle separately:

consensus

data availability 

settlement

execution

Modular Design

How rollups?

Consensus

Data Availability

Execution

Settlement

  • Process Tx outside Ethereum
  • Bundle them + compute new state
  • Publish new state on Ethereum
  • Publish a validity proof (zk)
  • Use Ethereum for settlement 

ZK-rollups

Optimistic rollups

  • Validators process Tx outside Eth
  • They publish blocks
  • Rotate based on PoS
  • Honest reporting: bonding/slashing
  • Other validators can challenge results!
  • Implication: finality is not immediate (week?)

zk-rollups vs. optimistic rollups

Consensus

Data Availability

Execution

Settlement

  • Generally more expensive
  • Cryptographically secure
  • Complex implementation
  • Only support payments and transfers

ZK-rollups

Optimistic rollups

  • Generally more efficient (>100Tx/sec)
  • Cryptoeconomic security
  • Compatible with Ethereum's VM
  • Can run any type of contract
  • Implication: more DeFi-ready

We need several rollups deployed to achieve scalability

Other scaling solutions

  • Payment channels
    • limited applications
  • Sidechains
    • usually sovereign -> have their own consensus
  • Other Layer 1 chains that are EVM-compatible
    • E.g., Avalanche, Cosmos etc.

MYTHS!

Myth 1: consensus is the bottleneck to scalability

Myth 2: EVM rollups can increase scalability by default

 

Debunked: the cost of running a full node is the bottleneck

Debunked: the cost of running a full node is the bottleneck

Then how?

  • Hetereogeneous sharding
    • Parallel execution in every shard
    • Every shard can have different implementations
  • Innovation without hard forks
    • Same hardware requirements but different execution models
      • application-specific models
      • models efficient for payments
      • etc.