Progress On Ethereum Privacy Projects Is Slowing
Ethereum's moon math is showing signs of coming back to earth.
Such was the feeling at EthCC, an ethereum developer conference in Paris, Thursday, where a dedicated privacy track struck a somber note compared to years past.
Indeed, despite a software upgrade in October that saw improvements built to pave the way for confidentiality, such methods have been shown to exceed ethereum's processing capacity, with the computationally intense cryptography all but bringing the blockchain to its limits.
So, while developers like Andrew Miller had predicted a rise in privacy-centric ethereum applications just months ago, the conference showcased how an almost eerie silence has followed as scaling and security obstacles have proven more difficult to solve than foreseen.
As evidence, ZoKrates, a programming language aimed to equip average developers with the ability to code private contracts, has struggled to find its way out of the setup phase.
Speaking in a presentation today, the code's creator, Jacob Eberhardt, said that ethereum will need to add more cryptographic variables in a system-wide software upgrade for the concept to work. Still, Eberhardt also bemoaned that, given the controversy that can follow such a suggestion, it's perhaps not one that will be adopted quite so easily.
"We don't want to keep adding new crypto," Eberhardt said.
Matthew Di Ferrante, developer at the Ethereum Foundation and founder of smart contract company ZK Labs, echoed this cautionary tone. In a discussion on the relationship and trade-offs between privacy and scalability on ethereum, Di Ferrante went so far as to warn the audience.
"If you think ethereum isn't scalable now, or that blockchains aren't scalable now, the further you get the more alarming it is. Everyone likes to talk about the magic, but not many people can write the code," he said.
The statement is notable considering the urgency of the ideas at stake.
In particular, zero-knowledge proofs, due to their ability to compress information in a concise format, could eventually work to reduce information on the ethereum blockchain, thus enabling better scaling.
According to Di Ferrante, such achievements are still possible, they're just a little further down the line.
He told the audience:
"Progress is slow but that doesn't mean it's not possible."
Waiting for privacy
As an example, Di Ferrante pointed to blockchain voting to illustrate the problems faced today.
"A vote of a thousand people would require a thousand signatures each a thousand bytes each. You would never be able to check a single signature due to the block gas limit," Di Ferrante explained.
Such a use case is the core emphasis of Di Ferrante's research, which seeks to anonymize proofs through the use of ring signatures - a way of obscuring information in a retrievable way that works by aggregating the data within a group.
Di Ferrante has found that by using bi-linear pairings, a form of elliptic curve that is active within the ethereum virtual machine, various shortcuts in the complex cryptography can be made to minimize the scalability trade-off.
However, while his prototype has a working implementation, Di Ferrante told the audience, "It's just ridiculous, it's way too inefficient, if people started using that as a main service the chain would go down again."
And that wasn't the only sobering note struck at the conference today.
Currently, in order to generate a ZoKrates contract, each individual needs to enact the setup phase themselves, a fact that is perhaps slowing the adoption of zero-knowledge cryptography into businesses built on the ethereum platform.
In the generation of a zk-snark, information is produced that could allow the holder of the information to falsely manufacture transactions, providing the data generated by the zk-snark had not been destroyed.
Whereas zcash corrected this by introducing many participants to destroy the data, thus furthering security, such criteria would be harder to enforce in ZoKrates, as the setup is limited to each individual node.
Light at the end of the tunnel
However, the conference was not without optimism, too.
In another talk, "Silur," a member of the monero research lab, described his work to implement a newly improved ring signature into blockchain-agnostic code, one that could function in monero, ethereum or bitcoin, irrespectively.
Also known as RuffCT, StringCT or RTRS RingCT, these signatures allow for a more complete form of confidentiality compared to their predecessors by hiding, not just transaction amounts, but also destinations and sender addresses.
Crucially, it achieves this in a secure way, without relying on any kind of trusted setup. The work will be explained in more detail in an upcoming white paper, Silur said.
And perhaps propelling the research forward is the necessity for such tools today.
Speaking to CoinDesk, Gregor Zavcer of DataFund, an ethereum-based startup that allows users to reclaim sovereignty of their data, said that, until zero-knowledge cryptography on ethereum become more mature, the company will retain its users' data in a centralized, securely encrypted database.
Down the line, Zavcer hopes that advancements in privacy could "change the interaction paradigm" when it comes to data exchange. "We could design the process so the individual will be really able to share information on a need-to-know basis," Zavcer said.
And the challenges faced by privacy today aren't just technical, he told CoinDesk. When it comes to DataFund, "it's about how we integrate in a way that is frictionless and adds value."
Further, advancements in privacy could change the way that we integrate with the digital world more broadly. Because of the ability for users to be selective regarding the information they reveal online, Zavcer said:
"If we can model interactions online according to the expectations of the physical world, then zero-knowledge proofs would enable a conversation, and not just a data dump."
Image via Rachel-Rose O'Leary for CoinDesk