Why privacy is needed in Web3
Privacy is a fundamental human right for all people as defined in the UN Declaration of Human Rights. The right to be left alone and the right to control the flow of personal information allows a person to have more confidence in expressing his/her personal social and political ideas and in spending their money. Privacy is a way to reduce what can be known about us and is essential in protecting ourselves against bad actors who might abuse our private information to interfere with our lives. In our current modern society, the issue of privacy is becoming extremely important as advancements in technology are enabling more surveillance on our private lives while at the same time creating more effective tools to hide our information.
The fully transparent public ledger and censorship resistance of the blockchain are some of the key innovations of blockchain technology which enable Web3 to disrupt the normally closed walled ecosystems of traditional web2 apps and enable groundbreaking new applications. This transparency however makes it possible for anyone to see the sending address, receiving address and amount of tokens sent once the transaction has been added to the blockchain. Therefore, it is very hard to maintain financial privacy in Web3 even though financial privacy is an enforced fundamental right in many countries.
A person’s social and political beliefs are often linked with their financial transaction history through donations, purchases and memberships. While people in developed countries might not have to worry about having their financial history leaked or exploited, there has been an alarming increase in authoritarian governments weaponizing financial information to crack down on their opposition. As a result, people living under these oppressive regimes have increasingly turned to crypto to preserve their wealth and transact freely outside of the controlled financial system. It is also not hard to imagine that one day these governments will eventually start cracking down on their opposition through crypto by abusing the transparent nature of the blockchain to track down and prosecute people.
We typically associate people who need blockchain privacy with malicious activity like money laundering because of the various headline making multi million dollar hacks of various crypto bridges and DeFi protocols. The powerful ability of web3 privacy tools to completely protect the sender and the astronomically high amounts of stolen funds laundered by notorious hacker groups like the Lazarus group has forced authorities like the US Treasury to sanction the Tornado cash smart contracts and all associated addresses in an attempt to stop criminal activity.
We completely disagree with the recent actions taken by authorities in sanctioning a neutral entity like a smart contract platform along with innocent users who used the platform for legitimate use cases or were dusted. According to the EFF, open source software like Tornado Cash are vital to the research and development of essential software which improves human society and therefore needs to be protected under Article 13 of the American Convention of Human Rights which guarantees the rights to freedom of expression.
However, due to the extremely damaging effects of criminal activity on the early Web3 industry, we do feel there needs to be collective action taken by the industry to develop practical and fair AML solutions to dissuade criminals from engaging in on-chain crime.
In spite of all these headline making problems, there is still a fundamental need for crypto privacy as web3 goes mainstream. Users will start to perform more transactions on web3 native applications like DeFi protocols, DAOs and social networks and expose more and more of their personal information on chain. These transactions can contain information like personal net worth, social connections, shopping history and media consumption which can all be negatively exploited by malicious parties. The issue becomes critically important once crypto addresses start to get associated with real world identities through KYC or wallet linking services.
Therefore, software which protects privacy is absolutely essential to protect user rights. Privacy in Web3 will require innovative new products and technologies to provide users a way to hide their identity while making it hard for criminals to hide their activity.
Landscape of privacy solutions in Web3
Currently, there are many different projects which are offering privacy solutions in Web3. Even though many of them rely on underlying ZK technology, each of them implements the core ZK technology in different ways to provide privacy. Through our research, we have mapped the ecosystem of privacy solutions based on the underlying blockchain technology used and the usability level of the private transactions.
- Monero uses mixer technology which uses decoys along with your signature to hide source, destination and amount, while Zcash and Manta Network uses zk-SNARK proofs to shield transactions within its own chain. Monero and Zcash require users to transact in their native volatile token and have no smart contract functionality.
- Secret Network has a full privacy-preserving blockchain, enabled by its secret contracts which utilize hardware-based TEEs to verify data within a block without knowing the contents of the data.
Secret Network supports all types of generalized transactions such as NFTs and games with private metadata and ownership and all deFi apps are automatically MEV resistant due to the private transactions
Users need to bridge tokens into Secret Network using the ETH/BSC Secret bridge to use the network.
- For all these projects both the sender and receiver need to be on the same blockchain to transact which means levels of interoperability with other chains are limited.
- Aztec Network is the leading roll up based privacy solution on Ethereum.
- Aztec pioneered a ZK proof solution called Plonk to reduce costs and increase speed on Ethereum.
- The Aztec connect bridge which is a scaling solution on ETH which enables private transactions in certain DeFi use cases like staking and earning yield but plans to support shielded swaps soon.
- Aztec offers almost 90% cost savings over Ethereum for simple transactions and up to 99% improvement for complex transactions.
- Tornado Cash is the most well known smart contract level mixing service and uses zk-SNARKs to break the link between the sender and transaction.
- User deposits approved assets to the application (Eth, USDC, DAI, etc), of certain increments (0.1, 1, 10 ETH, etc) — this amount is then mixed with other deposits
- User is given a zk-SNARK generated key (called a private note) which can be used to withdraw the mixed assets to another address
- Available on ETH but also on BSC, Polygon, Avalanche, Optimism, Arbitrum
- Tornado cash becomes less reliable as volumes decrease since it is easier to trace addresses based on the amounts entered and exited through the contracts
- Got banned directly along with Blender.io by the US treasury due to OFAC laws
- Shortly after the announcement of the ban, Aave and UniSwap quickly added a list of addresses targeted by OFAC to a blacklist. Any funds that these addresses kept were frozen. Not as decentralized as we hoped.
- Elusiv is one of the first privacy solutions to use an off-chain solution to provide private transactions on chain.
- Generates a zk-SNARK proofs on the client side within a noncustodial user wallet once the transaction is signed.
- User tokens are deposited into an on chain smart contract to turn them into private tokens.
- The proofs are then grabbed by wardens or off chain light clients and published on chain.
- The on chain smart contract will then decrypt the proofs on chain if there is a valid zk-SNARK proof on chain and execute the transfer of funds on behalf of the user to the recipient.
- Since the transactions are already decrypted and executed by the Elusiv smart contract on chain, there are no trust assumptions for the user outside of the Elusiv smart contract and the funds are sent automatically if a valid proof exists on chain.
- The warden network can choose to reveal but not block the transactions if there is consensus that the transaction was performed by a malicious address.
We believe that existing privacy solutions in web3 have 3 fundamental issues which limit them from gaining mass market acceptance and adoption.
- In order to make transactions on-chain private, many existing solutions use a dedicated blockchain to encrypt the transactions or require the user to bridge funds to another chain or buy a volatile token to enable private transactions. This additional step adds unnecessary complexity, cost and time for the user.
Bad actor abuse and compliance challenges
- Existing privacy solutions need to seriously address the problem of malicious users utilizing their powerful technology for their own benefit.
- The immutable nature of smart contracts and powerful ZK technology which hides the sender’s information makes it almost impossible to reveal transactions which have been made private.
- Dedicated privacy blockchains like Zcash and Monero require transactions to be made in their native volatile tokens and also have no smart contract functionality to support other tokens and dApps
- Mixers like Tornado cash are also just limited to sending a few supported tokens privately and the user is forced to deposit in certain predetermined increments
- No easy solution for web3 users like merchants of crypto payment systems to receive funds anonymously and hide their addresses
How Elusiv provides user-focused and compliance friendly solution to privacy
We invested in Elusiv because of the team’s practical approach to solving for privacy by focusing on the user experience while also remaining compliant. For its Solana mainnet launch, Elusiv will be integrating its private transactions directly into the Solflare wallet, the second largest wallet on Solana, with a dedicated in-wallet widget, vastly improving the experience of transferring funds privately for users. Users will be able to both send and receive cryptographically secured private transactions in seconds while spending less than $0.01 per transaction. This can all be done seamlessly from a non custodial wallet without having to waste time moving funds to a dApp or dedicated private chain.
In light of the recent regulatory scrutiny on privacy solutions in web3, we believe there needs to be a middle ground built into privacy solutions to dissuade criminals and hackers from abusing these services with impunity. Elusiv has come up with a practical solution to these problems by integrating anti money laundering functionality into their technology. This allows the Elusiv network to reveal but not block transactions of addresses which have been flagged as malicious and is an important step in preventing criminal activity on Elusiv.
The underlying ZK technology and light client network which powers the Elusiv private transactions is also highly scalable and can be adapted to enable privacy on any L1. Through the upcoming Elusiv VM SDK, developers will also be able to integrate other generalized private transactions in their dApps to allow users to use private transactions directly in their favorite dApps soon.
We are also confident in the entrepreneurial and technically gifted co-founders from the Technical University of Munich who founded Elusiv after meeting each other at various Solana Hacker Houses and noticed a lack of privacy solutions on the growing Solana ecosystem, especially for Solana Pay.
Our longer-term view on privacy in Web3
Going forward, we believe web3 privacy will only get more important as more institutional and user data starts to get permanently stored on the public ledger with the inevitable increase in adoption of Web3-powered dApps like DeFi, social networks, DAOs, games and metaverses.
As part of our multi-chain infrastructure thesis, we think that privacy will work best as a modular layer on top of existing blockchains and dApps. The modular approach to privacy allows private transactions to be very user friendly by integrating directly into wallets and dApps while also being highly scalable to enable private transactions on multiple blockchains. It also gives the ideal balance of transaction speed/cost while allowing additional functionality like AML features and generalized private transactions to be added.
We are also very excited for the future of ZK technology which is already powering multiple use cases in web3. We might see more advanced functionality once the technology matures enough to allow interoperability between different ZK applications like bridges, scaling solutions and privacy tools.