From 5cbd0042b43867fa7e3dac3d2b964da6b292a173 Mon Sep 17 00:00:00 2001 From: squirrel <47972284+JJ-Rogers@users.noreply.github.com> Date: Sat, 12 Aug 2023 19:15:44 +0100 Subject: [PATCH] Update and rename ZK vs Decoy-Based.md to zkvsdecoy.md --- site/guides/ZK vs Decoy-Based.md | 67 ----------------------------- site/guides/zkvsdecoy.md | 72 ++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 67 deletions(-) delete mode 100644 site/guides/ZK vs Decoy-Based.md create mode 100644 site/guides/zkvsdecoy.md diff --git a/site/guides/ZK vs Decoy-Based.md b/site/guides/ZK vs Decoy-Based.md deleted file mode 100644 index 820bb014..00000000 --- a/site/guides/ZK vs Decoy-Based.md +++ /dev/null @@ -1,67 +0,0 @@ -There's definitely no doubt that ensuring user privacy remains a top priority for various Cryptocurrency projects and they achieve this through the implementation of diverse technological tools and algorithms to safeguard user data from public exposure. This can also be observed in the words of Ian Miers at [Devcon4 Conference](https://youtube.com/watch?v=9s3EbSKDA3o&feature=share9) when he stated that "Cryptocurrency exposes all your spending activities to the public since it's just like a twitter to your Bank account and this is a great issue that must be solved by adopting on chain privacy. - -Additionally, certain crypto projects have gained recognition for their privacy-centric approaches. For instance, Zcash is renowned for employing Zero Knowledge Proofs (ZK) to protect user privacy effectively, while Monero stands out for its utilization of a Decoy-based algorithm to maximize user privacy on the blockchain. - -In today's discussion, we will delve into the advantages of Zero Knowledge Proofs and Decoy Based Systems in protecting user privacy. Both methods have proven to be highly effective in ensuring confidentiality and security. To facilitate a better understanding, we will use Zcash with its adoption of ZK proofs and Monero with its Decoy-based algorithm as case studies to illustrate their respective capabilities in safeguarding user privacy. - -***Understanding The Concept of Zk Proofs and Decoy Based System*** - -Certainly, let's start by gaining a proper understanding of both "Zero Knowledge Proofs" (ZK proofs) in relation to Zcash and the "Decoy-based algorithm" in relation to Monero. - - -Zero Knowledge Proofs (ZK proofs) are cryptographic protocols that allow one party (the prover) to demonstrate to another party (the verifier) the validity of a statement without revealing any underlying information about the statement itself. In the context of Zcash, ZK proofs are employed to verify the correctness of a transaction without disclosing any sensitive transaction details such as the sender, receiver or transaction amount. This ensures that user privacy is preserved as the transaction remains confidential while still being validated. This technology is designed to ensure the confidentiality of financial transactions on the Zcash network. - - -On the other hand, the Decoy-based algorithm used by Monero is designed to enhance privacy on the blockchain. In this algorithm, multiple transactions are combined making it challenging or difficult to trace the actual source and destination of funds. The algorithm introduces decoy inputs and outputs in transactions making it difficult for observers to determine the true origin and recipient of funds. This approach significantly enhances privacy for Monero users as it obfuscates the transaction trail. The use of decoy inputs makes it challenging for anyone analyzing the blockchain to identify the real sender, receiver, or transaction amount, thereby providing a high level of transactional privacy on the Monero network. - - -By comprehending these fundamental concepts, we can now explore the differences and advantages of Zero Knowledge Proofs and the Decoy-based algorithm in protecting user privacy for both Zcash and Monero. - -***Advantages of ZK Over Decoy Based Systems*** -Both Zcash and Monero are privacy-focused cryptocurrencies, but they achieve privacy in different ways. Here are some advantages of Zcash's zero-knowledge proofs (ZK) over Monero's decoy system: - -1) Selective Disclosure: With Zcash's ZK technology, users have the option to reveal transaction details to specific parties as explained by Paige Peterson on [ECC Blog](https://electriccoin.co/blog/viewing-keys-selective-disclosure/). In Zcash, shielded transactions' encrypted contents allow individuals to selectively reveal data from a particular transfer. Additionally, a viewing key can be provided to disclose all transactions associated with a specific shielded address.This feature allows for regulatory compliance and auditability without compromising the overall privacy of the network. - -In contrast, Monero's decoy system does not offer this level of selective disclosure. While Monero's decoy algorithm (ring signature) helps in providing privacy, it does not offer selective disclosure in the same way as Zcash's viewing key. This means that, by default, all transaction details remain private in Monero, and it is not possible to selectively disclose specific transaction information to a third party. - -2) Opt-in Privacy: Zcash allows users to choose between transparent (non-private) and shielded (private) transactions. This connotes that Zcash offers users the flexibility to either keep their financial information private (shielded) or make it transparent and publicly available similar to most other blockchains as explained on [Zcash official website](https://z.cash/learn/what-is-the-difference-between-shielded-and-transparent-zcash/) . This opt-in privacy allows for greater flexibility and acceptance in various use cases, as some transactions may require less privacy for public scrutiny, while others benefit from enhanced privacy. - -On the other hand, Monero offers privacy transactions through its ring signature and stealth address technology. Ring signatures ensure that the true sender in a transaction remains obscured among several possible participants providing strong privacy and anonymity. In this case, users don't have the ability to select their desired form of shielded or unshielded transaction of their choice. - -3) Shielded Pool Size: The size of the shielded pool in Zcash is typically smaller than the entire transaction pool as seen in [Zcash Metrics](https://electriccoin.co/zcash-metrics/) , which may offer some advantage in terms of scalability and performance unlike Monero's approach, where all transactions are private. - -4) Trusted Setup: Zcash's initial setup, which was conducted during its launch, utilized a multi-party ceremony known as the "trusted setup" which has now been upgraded to NU5 in the year 2022 as explained by [ECC](https://electriccoin.co/blog/nu5-activates-on-mainnet-eliminating-trusted-setup-and-launching-a-new-era-for-zcash/). This is to ensure the integrity of the system and to prevent the creation of counterfeit coins. While controversial, the trusted setup is considered an advantage in that it guarantees a known fixed supply of Zcash coins. - -5) Data Privacy -Zcash is designed with a strong focus on data privacy, offering users the option to conduct shielded transactions to keep their financial information confidential and private. This privacy is achieved through the use of zero-knowledge proofs, specifically zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge).The zk-SNARK technology used in Zcash allows for the creation of "zero-knowledge proofs," which allow network participants to verify the validity of shielded transactions without revealing any sensitive information. This significantly enhances the anonymity of users on the network which shows the high level of efficiency using Zero Knowledge technology. - -Regarding the Monero Decoy system, a software developer from the United States discovered some bugs. These bugs could potentially lead to the identification of the true transaction if a user spends the funds they received in a transaction within approximately 20 minutes according to a report from [Coindesk](https://www.google.com/amp/s/www.coindesk.com/markets/2021/07/27/bug-found-in-decoy-algorithm-for-privacy-coin-monero/%3foutputType=amp). This doesn't justify the fact that Decoy based system isn't efficient when it comes to protecting user information but what really matter the most is to reduce or eliminate the leak of user information and data as explained by Zooko at the [Orchid(priv8) AMA live session](https://youtube.com/watch?v=XpRzKqEfpP4&feature=share9) - - - -Also, Monero's decoy system has its strengths as well, such as being a privacy-by-default solution, not requiring trusted setups and having a larger anonymity set which can potentially provide stronger privacy guarantees. - -Ultimately, the choice between Zcash and Monero depends on the specific use case and the level of privacy desired by the user or organization. Both cryptocurrencies aim to protect user privacy and offer different trade-offs in achieving that goal. - - -***Reference Links*** -https://z.cash/learn/ - -https://www.getmonero.org/get-started/what-is-monero/ - -https://youtu.be/9s3EbSKDA3o - -https://electriccoin.co/blog/nu5-activates-on-mainnet-eliminating-trusted-setup-and-launching-a-new-era-for-zcash/ - -https://youtu.be/XpRzKqEfpP4 - -https://electriccoin.co/blog/zcash-evolution/ - -https://electriccoin.co/zcash-metrics/ -https://electriccoin.co/blog/viewing-keys-selective-disclosure/ - - - - - - diff --git a/site/guides/zkvsdecoy.md b/site/guides/zkvsdecoy.md new file mode 100644 index 00000000..53fc4da2 --- /dev/null +++ b/site/guides/zkvsdecoy.md @@ -0,0 +1,72 @@ + + +## Introduction + +"Cryptocurrency exposes all your spending activities to the public since it's just like a twitter to your Bank account and this is a great issue that must be solved by adopting on chain privacy." - Ian Miers at [Devcon4](https://youtube.com/watch?v=9s3EbSKDA3o&feature=share9). + +Certain crypto projects have gained recognition for their privacy-centric approaches. Zcash is renowned for employing Zero Knowledge Proofs (ZK) to protect transaction amounts and addresses. Monero stands out for its utilization of a Decoy-based sender obfuscation in combination with other encryption schemes to attain user privacy on the blockchain. + +![](https://user-images.githubusercontent.com/38798812/257773807-af8ae27d-0805-4a60-a5ba-749e2fea2490.png) +## Understanding ZK Proofs and Decoy Based Systems + +Zero Knowledge Proofs are cryptographic systems that allow one party (the prover) to demonstrate to another party (the verifier) the validity of a statement without revealing *any underlying information about the statement itself*. In the context of Zcash, ZK proofs are employed to verify the validity of a transaction without disclosing transaction details such as the SENDER, RECEIVER or transaction AMOUNT. + +**This ensures that user privacy is preserved as the transaction remains confidential while still being validated. This technology is designed to ensure the confidentiality of financial transactions on the Zcash network.** + +In the Decoy-based systems such as [RingCT](https://twitter.com/ZecHub/status/1636473585781948416), multiple transactions are combined making it challenging or difficult to trace the actual source and destination of funds. The algorithm introduces decoy inputs and outputs in transactions also employing encryption of the addresses used as inputs & using Range proofs to validate the amount transferred is spendable. + +This approach obfuscates the transaction trail. The use of decoy inputs makes it challenging for anyone analyzing the blockchain to identify the real sender, receiver, or transaction amount. + +**Important Note**: This method of on-chain privacy preserving transaction still explicity reveals (encrypted) inputs to all user transactions. Metadata such as the *FLOW OF TRANSACTIONS* between different users on the network can still be gathered. If an adversary actively participates in generating transactions on the network, it effectively deanonymises the decoy inputs of other users. + + +## Advantages of ZK Over Decoy Based Systems + +Both Zcash and Monero are privacy-focused cryptocurrencies, but they achieve privacy in different ways. + +Here are some advantages of Zcash's zero-knowledge proofs (ZK) over Monero's decoy system: + +1) **Selective Disclosure**: With Zcash ZK feature set, users have the option to reveal transaction details to specific parties [Read ECC Blog on Selective Disclosure](https://electriccoin.co/blog/viewing-keys-selective-disclosure/). In Zcash, shielded transactions' encrypted contents allow individuals to selectively reveal data from a particular transfer. Additionally, a viewing key can be provided to disclose all transactions associated with a specific shielded address. This feature allows for regulatory compliance and auditability without compromising the overall privacy of the network. + +While Monero's decoy algorithm (ring signature) helps in providing privacy, it does not offer *selective* disclosure in the same way. +![](https://user-images.githubusercontent.com/38798812/257793324-2dcc6047-300e-4fa7-a28d-2e6cbbadf1df.png) + +2) **Optional Visibility**: Zcash allows users to choose between transparent (non-private) and shielded (private) transactions. This connotes that Zcash offers users the flexibility to either keep their financial information private (shielded) or make it transparent and publicly available similar to most other blockchains as explained on [Zcash official website](https://z.cash/learn/what-is-the-difference-between-shielded-and-transparent-zcash/). This opt-in privacy allows for greater flexibility and business/organisational relevant use cases, as some transactions may require less privacy for public scrutiny, while others benefit from enhanced privacy. + + +3) **Anonymity Set**: The [anonymity set](https://blog.wasabiwallet.io/what-is-the-difference-between-an-anonymity-set-and-an-anonymity-score/) of zero knowledge shielded pools comprises all transactions that have *ever* occurred. This is significantly larger than most other on-chain techniques for achieving transaction unlinkability. Note: this only applies to transactions within the same shielded pool. + +The use of decoys does increase the anonymity set. However this approach is dependent entirely on the number of *real* users on the network. + +4) **No Trusted Setup**: Zcash's Sprout & Sapling setup utilized a multi-party computation known as the "trusted setup ceremony". The recent NU5 upgrade did not require any Trust in the integrity of the zero knowledge circuit's setup. [Read ECC Blog on NU5](https://electriccoin.co/blog/nu5-activates-on-mainnet-eliminating-trusted-setup-and-launching-a-new-era-for-zcash/). + +5) **Data Privacy**: The [zk-SNARK technology](https://wiki.zechub.xyz/zcash-technology) used in Zcash's shielded pools allows for significantly enhanced security for users. The reduction of metadata leakage on-chain means that users are safe from adversaries such as potential hackers or oppresive state bodies. + +There are a number of instances in which bugs have been identified in Monero's decoy selection algorithm. These bugs had potential lead to reveal user spends according to a report from [Coindesk](https://coindesk.com/markets/2021/07/27/bug-found-in-decoy-algorithm-for-privacy-coin-monero). + + +In summary what really matters the most is to reduce or eliminate the leak of user information and data as explained by Zooko at the [Orchid (priv8) AMA live session](https://youtube.com/watch?v=XpRzKqEfpP4&feature=share9) + +![](https://user-images.githubusercontent.com/38798812/257788813-509f1139-7daa-4f95-bbb4-c535641962f6.png) + +____ + +***Reference Links*** + +https://z.cash/learn/ + +https://www.getmonero.org/get-started/what-is-monero/ + +https://youtu.be/9s3EbSKDA3o + +https://electriccoin.co/blog/nu5-activates-on-mainnet-eliminating-trusted-setup-and-launching-a-new-era-for-zcash/ + +https://youtu.be/XpRzKqEfpP4 + +https://electriccoin.co/blog/zcash-evolution/ + +https://electriccoin.co/zcash-metrics/ +https://electriccoin.co/blog/viewing-keys-selective-disclosure/ + + +