Ethereum is transparent to the core.
Much like bitcoin, the platform uses this transparency as part of its security – with it in some ways ensuring that users cannot fake transactions. However, new anxieties are emerging regarding this transparency and the potential problems that such data exposure might have for businesses.
In the past, these privacy concerns have gotten sidelined for other pressing issues, such as scaling, but signs are emerging that the subject is now receiving a fair amount of developer attention.
Indeed, last month, ethereum creator Vitalik Buterin came forward to state his newly evolved perspective on the topic.
“I’m considerably more pro-privacy than I was a few years ago,” Buterin wrote.
And it’s not just Buterin; several other developers and the businesses they work for have been building technology that could obfuscate some of the information that currently gets blasted over the network that some users might want to conceal.
“From a blockchain perspective we always say privacy but it’s more like data security,” said Can Kisagun, co-founder of Enigma, a startup building privacy-enhancing technology for the ethereum network.
In fact, it’s perhaps become an even more pressing issue since the European data protection law, GDRP, took effect in May. And while it’s still unclear how GDPR will impact companies operating on ethereum, beyond that certain applications are simply non-feasible if all information is exposed.
According to Kisagun, countless ethereum projects, such as those dealing with voting, location data, social media and identity, will likely be restricted by the radical transparency of the blockchain.
Jutta Steiner, the CEO of Parity Technologies, ethereum’s second-largest software provider, echoed that, stating that without a privacy layer ethereum will not achieve its goal of becoming a decentralized world computer.
Steiner told :
“I believe blockchain is in itself powerful, but it becomes even more interesting when you combine it with other cryptographic technologies that allow you to build this eventually perfect anonymous computer, global computer, that you can rely on, that’s fast.”
The secret store
Parity is one of the company’s at the forefront of developing privacy-enhancing tech for ethereum.
Just last month, Parity released “Secret Store,” a software that encrypts information while distributing keys to selected authorities who can access it. In this way, the software allows permissioned clients to create and manage cryptographic secrets on ethereum.
“It encrypts both the storage and the actual code of the smart contract, so in that way, under the assumption that you trust the authorizers not to collude, it provides privacy of any transaction that the contract models and implements,” Steiner explained.
While Steiner emphasized Secret Store is still in its early phase and has yet to be scrutinized by third-party auditors, the software is already being tested as part of the company’s partnership with a global pharmaceutical company.
“They use it in order to enable the sharing of data between parties that don’t trust each other in the supply chain,” Steiner said.
And while Steiner said using the software on Parity’s permissioned clients is a perfect fit, in the future, Parity hopes to release the tech to run on the ethereum mainnet as well. Because in the case of proper data protection, Steiner said, there’s been a lot of innovation that remains to be released –decentralized technologies that have been prohibited due to the risks that ethereum’s transparency might pose to sensitive data.
Secret Store and other privacy tools “would lead to a lot of innovation in the space that we haven’t seen because of strict privacy limitations,” Steiner said. “Medical data, for example, should not sit on a centralized server, I should be in charge of it, I should be an authority that is required to retrieve the data.”
And as it relates to GDPR compliance, there might be even more complications ahead.
Indeed, Parity has already shut down an identity tool – the Parity ICO Passport Service that registered identities with ethereum addresses to allow companies to comply with Know Your Customer (KYC) requirements – due to the legislation.
Still, Steiner said that in some ways, the GDPR is aligned with Parity’s privacy vision. She told :
“As a tool, [the Secret Store] implements similar goals to the GDPR. In our perspective we share the same goals, but in principle blockchain is fundamentally not complicit.”
Another privacy project, Enigma’s “secret contracts,” looks to provide decentralized application (dapp) developers with some flexibility in concealing some data.
In an upcoming release, secret contracts will provide a trusted execution environment for dapp developers to spin up ethereum smart contracts without publishing that information on-chain. That trusted execution environment will be private storage facilities that Enigma secures the data in.
As such, even the nodes that have performed the computation are blind to its contents.
The verification of that computation, though, is fed back to the ethereum blockchain, so there is some kind of immutable, transparent record of the transaction.
“We’re starting with trusted execution environments, simply because it gives a much better developer experience for our customers, which are developers building applications on ethereum,” said Kisagun, one of several MIT graduates that founded Enigma.
Going forward, the startup intends to implement a more decentralized approach, using multi-party computation as a way of securing complex data sets. And while this approach may have performance tradeoffs, Kisagun said, it’s more reliable when it comes to highly sensitive data.
While Enigma plans on taking its technology to other smart contract platforms in the future, the team is currently focused on solving ethereum privacy problems first.
“Ethereum obviously has the most vibrant community right now, it has the most mindshare synced into it, and we want to tap into this vibrant developer ecosystem,” Kisagun told , adding:
“I think in crypto it’s fair to say you’re as strong as your ecosystem and that’s why we’ve chosen this initial trajectory.”
Built at a 36-hour ethereum hackathon in Argentina last month, Kimono is a privacy project that seeks to combine encryption with game theory.
Conceived by four developers from San Francisco-based software startup Hill Street Labs – Paul Fletcher-Hill, Feridun Mert Celebi, Graham Kaemmer, and Daniel Que – the project aims to solve a problem long discussed within blockchains, that of the time-locked secret.
Kimono works by combining a type of algorithm called Shamir’s Secret Sharing, that splits up data into parts, and uses an incentive scheme to ensure participants reveal the data at the agreed time. If users try to game the system, by falsifying data or publishing it too early, they’ll be penalized as a result.
While other similar methods, like commit and reveal schemes, already exist, Kimono seeks to improve the user experience of time-locking by outsourcing the effort to a network of incentivized participants.
“We see the concept of time locking as an important primitive and we would like to improve it and get it to a level where it’s actually truly decentralized and trustless,” Celebi said.
Going forward, Celebi theorized the incentive scheme could be extended, so that time is not the only variable that releases a secret.
“We could have a way to structure that, that it’s revealed after a certain event happens – not only relying on the function of time as a variable but maybe other conditions being met on the blockchain,” he told .
Currently, the software is live on ethereum’s Rinkeby testnet, and will eventually be integrated with an upcoming project by Hill Street Labs.
Speaking about the benefit of the technology, Celebi told :
“Time locking is a pretty useful primitive for decentralized networks because as more and more more people move onto ethereum there will be more use for privacy and anonymity.”
Finally, while still in the proposal phase, a code change called EIP 1024 designed by developer Tope Alabi seeks to introduce a simple encrypt-decrypt function on the ethereum blockchain.
Explaining the proposal, Alabi told , “EIP 1024 allows you to generate an encryption key pair using your ethereum private key. This new encryption key pair can then be used to securely send data to any other ethereum address.”
Again, while similar technologies exist already, such as those advanced by Parity and communication protocol Whisper, EIP 1024 dictates a standard that would work across the entirety of ethereum.
“This means app developers don’t have to worry about building for multiple encryption implementations and can just focus on building their app,” Alabi told .
According to him, the standard, which would work to secure messaging and data transfer, will become increasingly important as newcomers join blockchain technology.
“Privacy may very well be the catalyst that onboards the next billion users onto the blockchain,” Alabi said, adding:
“In a blockchain world where your public and private keys are basically your digital identity, we need a way to pass around sensitive private information in a way that cannot be censored by any central body.”
EDIT (14:30 UTC June 11, 2018): An earlier version of this article incorrectly stated Parity has a partnership with a global farmer company. It is in fact a global pharmaceutical company. This has now been corrected.