The following is jointly written by Chain Hill Capital Carrie and Ivy, please contact the Chain Hill Capital official account for reprinting.

By: Carrie & Ivy | Chain Hill Capital

first level title

1. Industry Status

As a trust solution in the digital age, blockchain technology has a certain contradiction between its decentralized transparency and the privacy required in reality. The public verifiability of data on the chain means that transactions and other data are traceable and cannot be tampered with. When we interact with the real world and the virtual world, there will inevitably be information that can be traced from transactions and other information to the real world. Traces of identity information.

All data stored on the chain is publicly verifiable, which is a fatal problem for blockchains and smart contracts. The lack of privacy protection is unacceptable in the real world, because not only individuals want to protect the privacy of their property information and other private information, but any business or organization also wants to keep their sensitive and valuable data private. In addition, privacy regulations such as GDPR (EU General Data Protection Regulation) and CCPA (California Consumer Privacy Act) also indicate that regulation will become increasingly strict on the protection of personal data. Therefore, cryptocurrencies and blockchain cannot achieve mass adoption without addressing privacy issues.

secondary title

1.1 Privacy cryptocurrency

image description

Data source: Feixiaohao, as of November 23, 2020

Bitcoin's Privacy Infrastructure

In fact, Bitcoin was originally designed to achieve anonymity, but Bitcoin uses an asymmetric encryption algorithm, which has relatively weak privacy and anonymity, and users' transactions can still be viewed by all nodes. And with the improvement of the algorithm, the initiator and recipient of the transaction can be traced according to UTXO. Therefore, the privacy infrastructure based on Bitcoin also proposed some improved algorithms in the early stage.

• CoinJoin

The principle of this scheme is relatively simple, that is, multiple transactions of different users are combined into one transaction to cover up the ownership of UTXO. From such obfuscated transactions, others cannot determine that the address is owned by one person, nor can they determine where the money is going. And users can perform Coinjoin operations multiple times to further hide transaction information.

The Coinjoin scheme does not need to change the Bitcoin protocol and is relatively easy to implement. The disadvantage of Coinjoin is that the intermediate server can grasp the input and output addresses of all users, and there is a risk of privacy being exposed to a third party. At the same time, if the intermediate server is attacked, user information will be easily leaked. In addition, among the mixed currency participants, at least one party knows who is involved in the mixed currency, or has access to the mapping between addresses.

Currently there are mainly 3 privacy wallets using the hybrid server tumbler: Wasabi, Samourai and Joinmarket. Users who use coinjoin need to register on the server, and the service aggregator requests participation in the currency mixing step for multiple users. Mainstream service providers such as BTCPay Server have also adopted coinjoin-based privacy technology P2EP. Unlike conventional bitcoin transfers where only the sender initiates transfers from the wallet, P2EP transfers package the input of the sender and receiver together, and the receiver also will send additional bitcoins to itself. Improved privacy performance compared to simple coinjoin.

• TumbleBit

TumbleBit is a decentralized currency mixing service. It uses a decentralized tumbler to create offline payment channels between participants. Users send coins to intermediate tumblers, and receive an equivalent amount of other bitcoins through these channels. The degree of confidentiality of TumbleBit is better than that of coinjoin, because the interaction between individuals and tumbler is independent of each other and will not be affected by other malicious parties, and there is no limit to the size of anonymity. However, to mix coins on tumbleBit, you must advance funds for the mix.

• Coinshuffle

Coinshuffle is an improved currency mixing scheme with the idea of ​​coinjoin. The picketing mechanism is introduced, and malicious nodes can be found every time the currency mixing fails, and users can avoid malicious nodes for the next round of operations. Coinshuffle does not require additional mixing fees, and can picket low-handed players, but the disadvantage is that it cannot customize the mixing amount, and the efficiency is low.

secondary title

1.2 Privacy Smart Contract

For the privacy of smart contracts, the input and output data and network state need to be encrypted so that they are hidden from all parties (including nodes executing smart contracts) except the user himself. With privacy smart contracts, sensitive data and applications can safely run in an open public chain environment, which is required for most practical use cases. For the privacy issues of smart contracts, one is based on the infrastructure of the public chain to solve the privacy problems of the public chain; the other is the basic public chain that focuses on privacy computing and develops vertical segments.

1.2.1 Public chain privacy scheme

1. The underlying architecture supports the basic public chain of privacy smart contracts (or privacy dapps).

Such projects include Horizen and Particl launched in 2017, and Zerocoin in 2018. The overall market value of this segment is about 900 million yuan. Compared with purely anonymous coins, projects that incorporate the concept of privacy smart contracts receive several orders of magnitude less funding attention. On the one hand, this may be different from the maturity of development. On the other hand, it may indicate that this project positioning has not been recognized by the market.

Additionally, there are projects like AOS and Origo that are not privacy coins per se. Origo is a distributed privacy application platform that supports both private transfers and private smart contracts. Its investment institutions include Polychain Capital, Consensus Labs, NGC and a series of well-known institutions, as well as Lide Capital, which also invested in Zcoin. However, the project is not favored by the market. Compared with IEO, the price has dropped -89.86%, and the highest increase during the period is less than 100%.

image description

Data source: Feixiaohao, coingecko as of November 23, 2020. For the sake of comparison, the vertical axis here is the same as that of the pure privacy coin project

2. Self-upgrade of the existing public chain.

Ethereum has been exploring scalability and privacy issues for a long time. A solution that the current team values ​​very much is the ZK Rollup technology based on zero-knowledge proof, and its engineering implementation such as ZK Sync looks very promising. In terms of expansion, ZK Sync can bring thousands of transactions per second (TPS) throughput, high audit resistance, and ultra-low latency to Ethereum. In terms of privacy, Ethereum will establish a programming framework and virtual machine environment specially designed for smart contracts based on zero-knowledge proofs, which can greatly reduce the technical threshold for developers to develop privacy smart contracts.

3. Privacy tools and protocols for existing public chains.

This type of project does not have an independent main network and focuses on serving other public chains. For example, Phala Network, Polkadot's private smart contract platform, will become Polkadot's parallel chain in the future, providing applications such as private computing, confidential smart contracts, defi and data services for any blockchain through cross-chain protocols. The protocol now supports functions such as transaction transfers in a private environment and one-click release of private assets. With the support of Polkadot, it can become a confidential smart contract network with composability and interoperability.

There are also many privacy tools around Ethereum. For example, the privacy protocol project Aztec adopts the ZK-ZK rollup scheme to achieve hundreds of private transactions per second on the Ethereum mainnet, while reducing the cost of each private transaction. The Aztec protocol uses a "zero-knowledge ticket" system to track hidden assets. These notes (including the owner of the note) are published on the Ethereum network, but unless you are the owner of the note, you have no way of knowing the amount in each note; Zkopru, the second layer privacy technology of Ethereum, combines Zk SNARK and Optimistic rollup technology that supports low-cost private transfers and atomic swaps within the two-tier network; "Nightfall" released by Ernst & Young's blockchain team, one of the Big Four accounting firms, uses zero-knowledge Anonymous transactions are enabled on-chain.

After iterations, Nightfall can be widely applied to game items and collectibles; through the open source mixer Hopper, mobile devices can conduct private transactions on the Ethereum blockchain, and users can trade in private accounts without revealing any public account addresses. Deposit or withdraw ETH, it also uses zero-knowledge proof to verify the recipient of private transfers; Quorum makes it possible to build private contracts and private transactions based on Ethereum, which allow specifying which nodes in the network can access the contract and execute it , other nodes cannot see the code or data of the contract, nor can it be queried or executed, and transactions are only visible to authorized participants.

1.2.2 Privacy computing public chain

1. The underlying architecture supports the basic public chain of privacy smart contracts (or privacy dapps), but its native tokens are not anonymous coins.

Representative projects are projects based on privacy encryption technology, generally known as privacy computing public chains, such as Enigma, ARPA, PlatON, and Oasis Labs. On the one hand, as independent public chains, they can directly develop privacy-compatible smart contracts on the main chain; on the other hand, they can serve as Layer-2 solutions for other public chains, providing any public chain with Privacy Computing Capabilities. In addition, the vision of these projects is to combine with big data and AI industries, and the prospects are very broad.

The tokens of the Oasis Labs and PlatON projects have not yet entered the secondary market, so it is temporarily impossible to make a market value comparison. However, these two projects, as representative high-quality projects abroad and domestically, have received a lot of capital attention in the primary market. Oasis Labs has raised a total of US$45 million through private placement so far, and its investment institutions include 36 investment institutions such as Polychain, a16z, Binance Labs, and other well-known institutions in the industry. PlatON has raised a total of more than 50 million US dollars in two rounds. The latest round of financing is led by Alpine Capital and Hash Global Capital, with the participation of Singapore's OUE Group, Asia's leading insurance asset management institutions and other family offices. These two projects are still relatively early, the main network has not yet been officially launched, and the tokens have not yet been listed on the exchange. However, their teams are strong and focus on the technical development of the projects. They have been widely praised by the community and highly regarded. It is believed that both are likely to become projects with the greatest development potential in this field in the future.

image description

first level title

text

text

text

text

text

text

text

text

text

text

text

text

first level title

text

Based on the above pain points, different projects have chosen different technical solutions. So far, a variety of privacy and anonymity protection technologies have been proposed, and they are constantly evolving and improving.

At the beginning, CryptoNote, a protocol aimed at the privacy of digital tokens, was proposed, which uses hidden addresses and ring signatures to protect the anonymity of the addresses of both parties to the transaction. In 2013, the "coin mixing" technology was proposed for the privacy of Bitcoin. The coin mixing technology only increases the difficulty of tracking, but it can still be tracked. In order to improve the shortcomings of third-party participation and lack of anonymity in currency mixing, anonymous coins represented by Zcash and Monero appeared later, and they used anonymous technologies such as zero-knowledge proof and ring signature to protect the encryption privacy of native coins. During the same period, the second-layer solutions of side chains and channels have also been proposed one after another.

These solutions are all focused on anonymity at the transaction level and cannot be extended to Turing-complete smart contracts. Therefore, since 2018, projects on privacy computing have been launched one after another. Privacy is not only based on user transaction privacy, but should also be extended to smart contracts to protect any confidential data in smart contracts from being leaked and realize the interaction of smart contracts. For example, Arpa uses cryptography-based secure multi-party computation (MPC), Enigma and Oasis use hardware-based secure executable environment (TEE), and Ethereum uses zk rollup to solve the problems of expansion and privacy.

The following table shows the application and comparison of advantages and disadvantages of each privacy and anonymity technology:

Comparison of mainstream privacy technology details

The first three solutions in the above table are more based on transaction anonymity, and it is difficult to achieve good security and 100% anonymity. In privacy computing, cryptography-based technologies include fully homomorphic encryption (FHE), multi-party secure computing (MPC), and zero-knowledge proof; hardware-based solutions mainly include trusted execution environment (TEE) and other technologies.

The security and credibility of multi-party secure computing MPC is based on cryptography, and its security is verifiable. Its implementation is mainly concentrated in small scenarios, and it processes sensitive data with specific algorithms and high security requirements. However, its calculation flexibility is limited, and the calculation efficiency will further slow down as the number of participants increases, and there is a problem of communication burden in practical applications. The current multi-party secure computing single operation can reach the millisecond level, but in the big data scenario, a data application or model training involves tens of thousands of data samples, and the computing efficiency and communication burden are the bottlenecks hindering the development of MPC. Moreover, for application scenarios that need to perform complex computing tasks, MPC is currently not competent, and it will take several years to optimize.

Fully homomorphic encryption is still based on the theoretical stage. It is relatively backward in terms of reliability, flexibility, and efficiency. In practice, the efficiency is too low, and the construction method and implementation technology are complicated, so it cannot be used in large-scale commercial applications. Existing FHE schemes mainly use homomorphic decryption technology to reduce the problem of ciphertext expansion, which can indeed overcome the problem of computational boundaries in theory, but it is very complicated from the perspective of implementation.

In addition, the issues of security and applicability must also be considered. At present, most homomorphic encryption algorithms cannot effectively resist the attack of adaptively chosen ciphertext, and the highest security level can only resist the attack of chosen plaintext.

Trusted execution environment TEE has actually been applied on a large scale, such as fingerprint unlocking on mobile phones, biometrics, etc. TEE is based on trusted hardware facilities, and relies on trusted hardware environments and centralized hardware manufacturers for security. It needs to make trusted assumptions about the hardware and may face side channel attacks (SCA). password attack method to obtain secret information in the device). Its advantage is that it is more flexible, more friendly to general computing, and faster. The technical construction is relatively mature. Compared with other privacy computing solutions, the comprehensive strength of TEE is the closest to practical scenarios.

Zero-knowledge proof is the most reliable and can achieve complete anonymity, but some protocols also need to be trusted, relying on the generation of special random numbers. Flexible data calculation interaction and cross-validation can be realized, but the implementation is still difficult. At present, the efficiency of generating proofs is about 7 seconds, and a large amount of computing power is required to increase the calculation rate.

The following table compares the details of the four privacy encryption technologies:

first level title

secondary title

4.1 The dilemma of anonymous coins

The privacy projects in the early stage focus on the privacy currency scene. Monero is a well-deserved leader in this field, and it is the first choice for users of privacy transactions. For example, privacy and privacy coins such as Monero and Zcash can achieve functions that are more difficult to track than Bitcoin, but their privacy use cases are limited. Most of their use cases are centered around things like illicit transactions, and a transaction base needs liquidity and acceptance, and lots of people to use it. This works for Bitcoin, which is more liquid.

Indeed, in the application scenarios of gray areas such as hacking incidents, illegal transactions, and extortion, the use of Bitcoin is still far beyond that of Monero. Therefore, privacy coins may never surpass or replace Bitcoin, and as Bitcoin's own privacy improves, privacy coins may lose more market share. Therefore, for anonymous coins, only top projects have room to survive, such as Monero, which is the most practical and well-known, and Zcash and Dash, which are more powerful in technology. The competitive landscape for privacy currencies has largely taken shape. It is difficult for the privacy coins at the tail to break through the situation, either die out, or have to find another way out.

For example, Beam has recently launched a new function for mortgage issuance of stablecoins with private transaction attributes. Exploring the diversification strategy of defi is the way Beam must take to survive, but the chances may still be slim. In addition, regulatory risks have also greatly restricted the market space of anonymous coins. According to Chainalysis, a well-known blockchain analysis agency, the interest and demand for blockchain investigative technology from law enforcement agencies and government agencies around the world is growing.

In June 2019, FATF (Financial Action Task Force) issued a cryptocurrency regulation bill requiring exchanges to collect and transmit customer information during transactions. This information includes the transaction initiator's name, account number and address information, as well as the recipient's name and account information. This is equivalent to hitting the lifeline of anonymous coins directly. Once the G20 adopts the same new FATF regulations in its member countries, exchanges in most mainstream countries may delist anonymous coins. Recently, the company signed a controversial contract with the government agency IRS to help the IRS agency track Monero. The CEO of Chainalysis sees a limited future for privacy coins like Monero.

secondary title

4.2 The continuous growth of Ethereum

secondary title

4.3 Development of Vertical Segmentation

In addition to the continuous development and improvement of the public chain itself, privacy computing also has a place in the segmented field. In 2018, a number of projects focusing on privacy computing emerged successively: arpa, oasis labs, PlatON, phala network, etc. They use cryptography or use trusted hardware to provide privacy protection for blockchains. The use cases of these projects are no longer limited to the privacy protection of data on the chain. Their emergence has filled the gap in data privacy issues in the computing link, creating the possibility of more usable use cases for the real world. At present, the commercial value of privacy computing is highlighted in the global data market. There are many vertical segments in the data market, such as data transactions, AI, big data, cloud computing, etc.

In the current encryption market for data transactions, most projects are chanting the slogan of breaking data silos, but this is actually a false proposition. The premise that data can be traded is that the data has a clear division of ownership and use rights, and users' information can be at their own disposal. If there is no clear direction or permission for the source and use of the data, the data can be reproduced and reproduced at will, resulting in data redundancy or forgery at will. Therefore, when building a data market with good positive incentives, it is first necessary to build a trustworthy privacy protection mechanism to standardize data collection, clarify ownership, make information private, and make transactions transparent. In this way, data can become the user's asset rather than an accessory, and data islands can be truly resolved.

The AI ​​industry is one of the industries with the most data exposure in existing commercial applications, but at present the entire AI market has encountered a big bottleneck: the data is scattered, and in order to improve the accuracy of the entire model, it is necessary to obtain as much data as possible; however, due to data Privacy issues make it increasingly difficult to obtain user data. The problems brought about by this "contradiction" have been highlighted in the entire AI industry. Privacy computing can largely alleviate the "contradiction" in the current AI market, so there will be a larger emerging market.

At present, the general business model of the Internet industry is to collect costs at a relatively low cost, and then use big data analysis and sorting to create and realize data. For example, if you click on a product on social media, Mobao and Dododo will promote this product on the homepage. Undoubtedly, the user's data is "passively" stripped of ownership at the beginning of using the product. These data are stored on the third-party platform to continue to generate profits for the platform, but users are subject to the risk of information leakage. Blockchain privacy computing can be well cut into it. Privacy computing can first encrypt the user's original data before performing big data calculations. At the same time, provide economic incentives to users who provide data. Data demanders can purchase data and construct A data market with positive circulation and incentives.

secondary title

first level title

5. Overview

Privacy security technology has gained great attention and development in the blockchain field, and many projects have chosen different directions and paths according to their own characteristics and technical capabilities. Theoretically, all three of HE, NIZK, and MPC can achieve good privacy protection, but there is still a lot of room for optimization in terms of efficiency and cost. At the same time, the development of these technologies is also difficult. For example, Enigma, which originally planned to use secure multi-party computing, although it listed MPC as its core technology in the white paper, has adopted TEE technology in practice so far. Although TEE temporarily leads in terms of efficiency, it compromises security and privacy.

Generally speaking, the development of privacy and security technologies for each project is still in the stage of continuous research and development and engineering implementation, and requires continuous iteration and testing. There is still a long way to go before the real implementation and a lot of work to do. Combined with the pain points of privacy issues mentioned above, we need to pay attention to the development of each project in the following aspects: 1) How to better connect privacy technology with the underlying protocol, so that privacy protection becomes the default complete protocol feature; 2) Continuously Optimize efficiency and cost to achieve practicality; 3) Support programmability, be more friendly to developers, and promote a wider range of business scenarios.

The race to privacy is still ongoing. Although it is still unknown which technical solutions and projects will win in the end, at present, PlatON, Oasis Labs and Ethereum are the most promising.

In the end, the competition on the privacy track still falls on general privacy. Among the three development directions and strategies mentioned above, the most promising is the private computing public chain with core encryption technology and the self-upgrade of the existing head public chain. The reason analysis is as follows:

• Possessing core encryption technology, on the one hand, means that the project adopts the most cutting-edge encryption technology, but more importantly, the core team must have relevant technical strength. At present, PlatON and Oasis Labs meet this condition. Through privacy computing, these projects can meet the computing resource requirements of high-intensity computing and solve data sharing problems, thereby empowering the AI ​​and big data industries and making them vertical public chains that deeply cultivate these two fields. Their strategy not only does not need to directly compete with the existing public chains, but can also be used as a second-tier solution for other public chains, exporting privacy computing capabilities to other public chains, which makes their competition more flexible and diverse.

• The privacy computing public chain starts from the core encryption computing technology to explore more special and general application scenarios, while Ethereum adopts another strategy. For a long time, Ethereum has adopted a gradual protocol upgrade route to solve key problems step by step. In the initial stage, it has accumulated first-mover advantages and ecological advantages based on security and smart contracts as its core competitiveness, and has become a well-deserved leading basic public chain; in subsequent iterative upgrades, it will slowly solve scalability questions and privacy concerns. Currently, Ethereum has found a breakthrough in scalability and privacy issues through ZK Rollup. If it can be successfully iteratively upgraded in the future, then, for most public chains, the winner-take-all situation will be inevitable.

• Compared with the leading public chains and privacy computing public chains, the technical capabilities of the core teams of other privacy smart contract public chains are slightly weaker, and project planning is more at the conceptual stage; and it is even worse in terms of developer and user ecology. With a competitive advantage, due to the strong network effect of the basic public chain, it is difficult for these tail projects to attract developers in the mature public chain ecosystem and outside the ecosystem, and it is extremely difficult to stand out.

• As for other privacy tools and protocols, they are more like transitional solutions, which may have certain practicality and value at a certain stage, but will be replaced in the long run.

Supported by a professional team with multicultural backgrounds, members of the core departments - Investment Research Department, Trading Department, and Risk Control Department are all from well-known universities and institutions at home and abroad. They have a solid financial background, excellent investment research capabilities, and a keen sense of the market Sensitive ability, highly awe of the market and risks. The investment research department combines rigorous basic research with mathematical and statistical models to obtain investment strategies such as "Pure Alpha" and "Smart Beta".

About Chain Hill Capital

Since its establishment in 2017, Chain Hill Capital (Qianfeng Capital) has focused on the value investment of global blockchain projects. It has created early-stage and growth-stage equity investments and encrypted digital asset investment matrices of Alpha Strategy and Beta Strategy. Global resource relationship network, strategic layout of Chicago, New York, Tokyo, Beijing, Shanghai, Shenzhen, Hong Kong, Xiamen and other city nodes. With a wealth of overseas investment institutions and a global high-quality project resource pool, it is an international blockchain venture capital fund.

Supported by a professional team with multicultural backgrounds, members of the core departments - Investment Research Department, Trading Department, and Risk Control Department are all from well-known universities and institutions at home and abroad. They have a solid financial background, excellent investment research capabilities, and a keen sense of the market Sensitive ability, highly awe of the market and risks. The investment research department combines rigorous basic research with mathematical and statistical models to obtain investment strategies such as "Pure Alpha" and "Smart Beta".