It’s the year 1999, and a film critic has just watched The Matrix at a fancy premiere. Next day on the newspaper, his review reads “I really enjoyed how Neo ends up discovering that his world isn’t real, chooses the right pill and unlocks his special powers in the fight against the evil AI that harnesses our energy to keep the system running.”
Anything slightly odd in there? A critic’s job is to prove that a movie is or isn’t worth your time, but without actually revealing much about it. After all, nobody likes a spoiler. “Without” is the keyword. In a movie review, a critic proves a claim about something without revealing much of the object in question. In cryptography, we go a level further with the concept of zero-knowledge proof: this method allows you to prove a claim without revealing anything at all about the object.
Privacy is at the core of a lot of blockchain’s most interesting debates. Yet, it gets confusing damn quickly. How can you claim superior privacy, but also argue that blockchain is all about transparency? In this article, I’ll walk you through some of the different types of privacy out there, what they mean and how they can change the status quo. Along the way we’ll also dispel a bunch of myths and sources of confusion.
Privacy vs transparency
In the media, most debates seem to assume total privacy as the default option. This is deceiving – privacy is rarely about all or nothing. From this strict definition, we understand the opposite as absolutely no privacy. That’s what we’ll assume here for transparency: the total lack of privacy.
When you unpack privacy, you start seeing it in various flavours during your day to day. Opt-in privacy vs opt-out privacy. Either/or privacy vs selective privacy. The latter is very interesting for blockchain protocols. It allows you to select what, how long for and when to share your information.
This gets us into the notion of individual privacy. In the blockchain space, you might have also heard of it as individual sovereignty. It’s all about giving control to the user: you are put in charge of managing your own information. Sometimes you’ll benefit from transparency, other times you’ll prefer to choose privacy.
Here, zero-knowledge proofs come handy in all sorts of scenarios:
- Proving you have enough money in the bank account to take out a mortgage or a car loan, but without showing actual statements
- Proving your weight category as a sports professional is below X, but without revealing the actual weight
- Proving that your profile matches several criteria to be admitted into a specific company bracket, but without having to share your entire life story in the process
In cryptography, this goes back to a secure multi-party computation scenario called Yao’s Millionaires’ problem. The fancy issue at hand is solving how two millionaires can prove who is richer without revealing their actual wealth. Mathematically, you can think of it as solving the inequality a >= b, but without revealing the values of a and b.
Not anonymous, just pseudonymous
When it comes to digital currencies, Bitcoin and several others don’t actually offer anonymity. They might be more anonymous than the digital cash in your bank account, but they’re certainly less anonymous than the physical cash in your pocket.
‘Pseudonymous’ means written under a false name. In cryptocurrencies like Bitcoin, digital cash isn’t attributed to your actual name, but to specific codes that represent your public and private keys. That makes the cash accessible to who’s in possession of the pseudonym.
In the last few years, digital currencies and protocols with a stronger focus on anonymity have emerged. Monero and Dusk Network are good examples. I spoke with Jelle Pol from Dusk about their approach to privacy. He brought up interesting arguments that include confidentiality and accountability: “There is an incorrect assumption in the market that privacy and compliance are opposites. Confidentiality is actually a hard requirement in many markets. That goes for regulators as well as for businesses.”
“Privacy and accountability are both forces of good,” Jelle continues, “and highly sought after by companies and governments. The challenge is to reconcile the two and find the sweet spot for each specific use case.”
Dusk Network is a proponent of zero-knowledge proofs as a way to provide regulatory compliance without having to disclose personal information. This combines confidentiality and compliance into a single solution.
What you know, what you have and who you are
Proving your identity can be done through different methods. In privacy, there are three main buckets: what you know, what you have and who you are.
‘What you know’ is about being able to access the knowledge required for identification. With Bitcoin, that means knowing your public and private keys.
‘What you have’ often falls under two-factor authentication: it’s not enough for you to just know a password, you’ll also need to confirm your identity on your device (which is what you have) and is tied to your mobile number.
‘Who you are’ gets us into the field of biometrics, where several interesting solutions for identification are currently being worked on. In other news, Apple’s fingerprint and face recognition technology are examples of biometric identification.
Privacy as a collective incentive-setting tool
Through the right incentives within a decentralised protocol, participants can come together to contribute towards a common good. The main participants are often miners, who get financially rewarded for their activity on a public blockchain that houses a common good, such as an identity registry or health records.
As discussed in my previous article, offering users the ability to decide what, how long for and when to share their own health records can provide a synergistic scenario to all stakeholders involved. The sovereignty they’re granted on those actions helps removing friction and encourages trust in the system. At scale, it’s a win-win that makes a substantial difference.
Privacy can be a powerful weapon towards a more balanced world. It enhances trust in the collective and its participants. When we think about the various flaws of capitalism and politics, the bucket often stops with… privacy and trust. I can’t help but encouraging more innovation in this space.