The Holy Grail of Crypto | Part 3/4: #private
Today, in part 3 of our 4 part series on the Holy Grail of Crypto, I define the term "private transactions", explain their importance, and describe how they will be implemented in Stealth.
What is a private transaction?
A private transaction is one where (a) the sender, (b) the recipient, or (c) the amount can not be determined. Cryptocurrency privacy systems typically do not hide all three of these aspects of a transaction. For example the ring signatures used by Bytecoin, Monero, XDN, and others, hide only sender and receiver. This is the same level of privacy as found in the zerocoin system, although zerocoin and ring signatures differ fundamentally. Zerocoin is used by Zcoin, PIVX, and a few others.
The only system that claims to hide all three of sender, receiver and amount, is zerocash, which is used by Zcash. Zerocash has a couple of issues. The most critical issue may be considered both a feature and a potential problem. Because zerocash hides the transaction amount, there is no way to verify that someone isn't secretly creating illegitimate coins, meaning the real coin supply could vastly exceed the specified supply. If the zerocash protocol works as expected, then no illegitimate coins should be created. However, the zerocash protocol is based on novel cryptographic theory that has yet to stand the test of time. Additionally, zerocash requires a special setup step for which there is no verifiable way to protect against corruption. By design, the protocol makes it impossible to verify the money supply, which is a problem compounded by the fact that the protocol is not well vetted.
Why are private transactions important?
For most people, the privacy of any isolated transaction has little significance. But some transactions are very important. For example, tax payments or payments to debtors can reveal sensitive financial information that could compromise individuals. We have precedence for this need for privacy even at the highest levels of society. Most recently, the current President of the United States made an argument that his tax returns – and consequently his tax payments – should be private.
Even seemingly trivial payments might reveal sensitive information that could compromise one's finances, relationships, or even survival. For example, imagine an individual had a heart condition and his medical insurer discovered this person had a history of eating at a particular restaurant suspected of using excessive salt. The insurer could conclude that the individual elevated their risk with this suspected dietary pattern, and perhaps raise their insurance rates or even cancel their policy altogether. It could be argued that insurers don't presently make policy adjustments based on dining habits. However, insurers don't presently have access to dining information because that information is private.
How will private transactions work in Stealth?
Stealth will achieve privacy using the zerocoin system, which works with a native currency (XST) and zerocoins. Sending XST reveals the sending address, receiving address, and the amount. To create private transactions in Stealth, users will convert XST to zerocoins in a reversible process. Zerocoins are sent without revealing sender or receiver. Zerocoin has an excellent level of privacy, but has one caveat. Because the amount is known, it is susceptible to a timing analysis. If conversion to zerocoins is closely correlated in time with their use, then the zerocoins can be associated with their source XST, destroying the privacy of the zerocoins. The solution is that users should create zerocoins ahead of their use. For small transactions, the lead time could only be a few hours. Larger transactions require more time. We feel like this one user requirement is a reasonable compromise. Our greatest concern is that the Stealth privacy system must be convenient, dependable and vetted. Zerocoin has all of these properties.
–––––
Hondo