However, privacy is still an issue for many critics of Bitcoin as transactions are recorded on a public and open ledger. And there is no shortage of projects designed to iterate this transparency.
Enigma Secret Contracts
Enigma is building a general protocol that allows for privacy to be maintained when interacting with smart contracts. In short, Enigma consists of a decentralized supercomputer run by multiple nodes, which are capable of running private computations. The nodes are, in return, rewarded with ENG tokens.
For example, the data contained by a particular smart contract on the Ethereum network can be encrypted and sent to the Enigma network. The nodes running the so-called supercomputer are in charge of running computations on the encrypted data to verify the validity of the transaction without compromising security.
Nodes are incentivized to act honestly by being rewarded with ENG tokens upon correctly verifying data. The benefit of this approach is that any blockchain that supports the Enigma protocol can provide an extra layer of security for its smart contracts.
A zero-knowledge proof (ZKP) adds a considerable layer of privacy to a public blockchain. It is foremost intended to hide the transaction history for a specific account. With ZKP, nodes are capable of verifying a transaction without seeing the actual amount being transacted.
ZKP is based on a game in which a “prover” tries to demonstrate to a “verifier” that a secret or statement is true, without revealing the secret itself. The verifier can ask questions in order to reduce the chance the prover is lying. By asking the same, simple A or B questions over and over, the verifier is able to reduce that chance from 50 percent to less than 0.00001 percent.
It is an interesting concept to imply privacy; however, verifying all of these questions requires a lot of computational power and time. Adding to that, a slightly custom algorithm may be needed every time depending on what you want to prove.
Even in an anonymized network, it is possible to figure out step-by-step where transactions are coming from, compromising a user’s identity. It is possible to operate a “spy node” that, over time, would involve noting all transaction details that pass the node. Using this information, the node can gradually build up a picture of where coins were located in obscured networks.
For the Bitcoin network, it is even possible to analyze the timing of each block being broadcasted and trace back with high probability to a transaction’s source node. From here, the spy node has high odds of gleaning the IP address of the transaction sender.
The Dandelion protocol works by sending transactions on a random path through the network, diffusing the transaction data across the network. This would make it nearly impossible to follow the breadcrumb trail.
Ring Confidential Transactions (Ring CT)
Monero implemented the concept of Ring CT as a privacy feature in its protocol. Using Ring CT, users can obfuscate the amounts they are transferring but also allow miners to verify their transactions without knowing the exact amounts.
For example, Bob wants to send Alice Monero (XMR). When transferring Monero, a transaction secret is shared between Bob and Alice, encrypted through Alice’s public key. This secret key is used to encrypt the transacted amount. Also, this secret can be decoded by Alice with her private key so she can verify that Bob is sending the correct amount of XMR.
But how are the miners able to verify the transaction? Third-party observers like miners won’t be able to decrypt the transacted amount. However, a Pedersen commitment is part of the Ring CT concept.
A Pedersen commitment is some cryptographic range proof that is added to the transaction. Miners are able to use the range proof to compute if the transacted output is greater than zero and smaller than a random number. It is a complex mathematical computation that allows miners to verify the transaction.
Stealth addresses are used by multiple blockchains, including Bitcoin, Verge and Monero. However, the Bitcoin blockchain does not support this natively, so both sender and receiver must take part in this process.
A stealth address requires the sender to create a random one-time address per transaction based on the recipient’s public address. The address is created using the so-called “public view key” and “public spend key” scrambled with random data.
The wallet addresses will not be publicly exposed during the transaction process. The one-time address is unlinkable to the original transaction but also unlinkable to any other one-time addresses that have been created for the recipient.
After the funds have been sent to the one-time address, the recipient can derive the secret key associated with this address and retrieve the funds. Only the sender and receiver will know a transaction occurred between them as no wallet addresses were made public.
Stealth addresses are a clever mechanism to retain privacy. Monero supports this feature by default for basic transfer transactions.
Other interesting privacy concepts include Mimblewimble, zk-SNARKs, and coin mixing and change addresses.