Why ‘Setup’ Matters for Cryptocurrency Privacy

Published at: March 17, 2020

Privacy is a core characteristic of cryptocurrencies. Despite mainstream conception, however, it is not the primary goal of cryptocurrencies like Bitcoin (BTC) or Ether (ETH), and is more of an ancillary benefit of using cryptography. The situation is altogether different for cryptocurrencies that seek to maximize anonymity when transacting on the network.

Networks like Monero (XMR) and ZCash (ZEC) have soared in popularity, making up part of the handful of leading cryptocurrencies by market cap based on strong guarantees of privacy. Both blockchains offer users virtually complete privacy assurances — Monero with the CryptoNote technology suite, and ZCash deploying the powerful cryptographic primitive zk-SNARKs, offer users virtually complete privacy assurances.

Related: What Are Zk-SNARKs and How Do They Affect Digital Privacy?

But privacy is more than a technology that obfuscates transaction details. In particular, one of the tricky parts of bootstrapping a network with zero-knowledge proof privacy like ZCash was the problem of the setup.

Related: DeFi Can Now Choose to Run Trustless Zero-Knowledge Proofs

Known as a “trusted setup,” this process is the initial key parameter generation ceremony for a network that taps zk-SNARKs or other ZKPs for its privacy assurances. Many users of networks that have trusted setups, including ZCash and Zcoin (XZC), are entirely unaware of the vulnerability that trusted setups create. As a consequence, they have gone overlooked.

Let’s revisit the trusted setup and how efforts to move beyond it are succeeding.

Introduction to trusted setups

A trusted setup, or what ZCash calls the “Parameter Generation Event” is a process at the launch of a network where an explicit group of figures tinkers with random numbers that function as the public parameters for creating private transactions on the network. In the case of ZCash, these public parameters are used by anyone sending shielded transactions to construct and verify a zk-SNARK.

The reason a setup phase is necessary is because of the powerful anonymity of zk-SNARKs themselves. The finalized public parameters, determined by a group of participants, serves as the standard from which users extract the privacy assurances of the network. Observers in ZCash cannot view any transaction details, so auditing the initial supply and parameter setup requires a trusted setup as the original launch point.

However, there is a critical problem.

The word “trust” conveys a notion of trusting a group of participants (i.e., a third party) to not act maliciously during and after the ceremony. During the ceremony, the parameters are decided upon, but the “toxic waste” that encompasses the random numbers used must be destroyed by each participant. If not, the party retaining the toxic waste can covertly print counterfeit tokens of the network without raising any eyebrows because it would be entirely anonymous.

Notably, the network (e.g., ZCash) would continue operating as normal, and privacy wouldn’t be sacrificed. However, a worse outcome would ensue: The network’s monetary policy would be subject completely to the caprices of a malicious party. Devalued tokens would result due to outsized inflation, and the network’s token price would crash.

Crypto as a whole runs contrary to the notion of trust in a third party because they are security holes. As you can see, the idea of trusted setups is a Black Swan lurking beneath what seems like calm waters, potentially capable of disrupting the network’s legitimacy at any point — even if it has cutting-edge privacy guarantees. As Nassim Taleb said:

“Never cross a river if it is on average four feet deep.”

Networks that have strong privacy assurances (e.g., zk-SNARKs) yet use a trusted setup can have negative convex events hidden beneath a facade of calm and steady supply issuance. Should a ceremony participant discover a way to furtively manipulate a key parameter from other participants, he can print the native token with impunity and nobody would know.

No matter the degree of privacy, this characteristic of trusted setups makes them irreconcilable with the ethos of cryptocurrencies.

Moving beyond the trusted setup

Early privacy networks attempted to gloss over the significance of trusted setup ceremonies. They would publicly feign a resolute stance while advocating stories about key generation participants coming up with clever methods for ensuring nobody would steal the key parameters during the ceremony.

Some ceremony participants took public transport out of their cities all day during the ceremony, then burned USB drives holding the keys. Such strange tactics only distracted from the crux of the issue — trust.

Now, the narrative is changing.

Once users and developers became more acutely aware of the incompatibility of a trusted setup with the long-term viability of a cryptocurrency, research to uncover an implementation of zk-SNARKS without the setup became a top priority.

To this end, Networks like Zcoin designed the Sigma protocol, and after its implementation in July 2019, trusted setup is no longer required. Suterusu created constant-sized zk-ConSNARKs with no trusted setup and an efficient key parameter generation. Moving beyond the trusted setup returns accountability and auditability assurances back to privacy-oriented cryptocurrencies. A Black Swan no longer lurks around the corner, waiting to crash the token into obscurity.

Instead, these types of networks are much more robust than their predecessors. Users can be assured of both their transactional privacy and the notion that the monetary policy is ingrained in the protocol — not subject to the vagaries of malicious generation event participants. Those assurances go a long way in attracting user adoption.

As we prepare for the next wave of crypto users, it is important to be transparent about the flaws and advantages of cryptocurrencies. When it comes to privacy-oriented networks, the setup matters. If there’s a trusted setup, users cannot be guaranteed that high rates of inflation are churning away in the dark.

Just like they can’t be sure that the Fed isn’t doing quantitative easing in the repo market when it’s clearly doing so, solely because of its public effacement of the ongoing process.

Trusted setups are antithetical to the primary reason people adopt cryptocurrencies, specifically Bitcoin, as a viable alternative to the legacy financial system.

Don’t trust — verify. Don’t invest in trusted setups.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Dr. Huang Lin is the co-founder of Suterusu, a project developing trustless privacy technology. He holds Ph.D. degrees in applied cryptography and privacy-preserving distributed systems from Shanghai Jiao Tong University, and the University of Florida. He has worked as a postdoctoral researcher at Ecole Polytechnique Federale de Lausanne on applied cryptography for genomic privacy and blockchain-based data monetization.

Tags
Related Posts
Growing list of billion-dollar crypto ‘unicorns’ suggest the best is yet to come
In the traditional investing world ‘unicorn’ is a term used by venture capitalists to describe a privately held startup valued at more than $1 billion. Typically these startups have strong fundamentals and oftentimes a first-mover advantage that helps them rapidly rise in value to become prized investment opportunities for yield-seeking funds. Some of the best-known unicorns include Elon Musk’s SpaceX, a private rocket and spacecraft manufacturer with a valuation of $46 billion, and Coinbase, the largest U.S.-based cryptocurrency exchange with a current valuation of $8 billion. While the world's attention has been focused on the Coronavirus pandemic, the outcome of …
Technology / Feb. 6, 2021
New Privacy Coin Says It Solves Problem With Monero and Zcash
A new coin is hoping to provide stiff competition to rivals such as Monero and Zcash by delivering “the first fully private hybrid chain with staking.” DAPS, which stands for Decentralized Anonymous Payment System, says it has developed ground-breaking technology that properly addresses the issues seen in other privacy coins, resulting in a truly trustless setup. A trustless setup occurs when a user can create a wallet or node without any exchange of information with another user or node. Some privacy coins require you to “trust” the setup information given to you — and trust that the giver of that …
Blockchain / March 11, 2020
Government Tracking of Crypto Is Growing, But There Are Ways to Avoid It
Much noise has been made about the untraceable qualities of Bitcoin and other cryptocurrencies. Bitcoin "can be used to buy merchandise anonymously" said early primers on crypto, it offers users the kind of financial privacy that was previously available only from a "Swiss bank account," say more recent commentators. And given its ability to provide people with a layer of anonymity and privacy, it has been smeared by politicians, experts and mainstream journalists alike as a hiding place for almost any hacker, drug dealer, gang member, terrorist or despot you could possibly name (even if cash is still the preferred …
United States / Oct. 7, 2018
Bitcoin Seals Further Gains in a Mostly Green Market as Ethereum Fails to Break $300
Tuesday, September 4: crypto markets are largely green today, with Bitcoin (BTC) inching upwards yet further, and several large-market-cap alts seeing solid gains, as Coin360 data shows. Market visualization from Coin360 Bitcoin (BTC) is trading at around $7,374 at press time, up over 1 percent on the day as it continues boost its newly won gains, according to Cointelegraph’s Bitcoin Price Index. Having reclaimed the $7,000 price point August 31, Bitcoin has seen a solid upwards trend and is now pushing $7,400. The top coin is trading an impressive $550 higher than its low on its weekly chart, with its …
Blockchain / Sept. 4, 2018
‘Tracers in the Dark’ presents a fun crime story — and lesson in privacy
On its surface, Andy Greenburg’s new book, Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, is a standard crime story. Fans of true crime podcasts will enjoy the crypto version and get a seat in the Federal Bureau of Investigation van as United States federal agents track down criminals through their crypto transactions. The first story recounted is that of a crooked Drug Enforcement Agency agent who stole funds from the online drug market Silk Road. It also addresses the hunt for Dread Pirate Roberts, aka Ross Ulbricht — Silk Road’s founder. Ross’ operational security …
Blockchain / Jan. 2, 2023