blockchain privacytls ‣deploy public key crypto (1990s) ‣nakamoto (2009) zcash ‣deploy zero-...
TRANSCRIPT
BLOCKCHAIN PRIVACYZooko Wilcox 9-10 April 2018
Part 1: A History of CryptographyZooko Wilcox 9 April 2018
Crypto discoveries & deployments
Symmetric Key Encryption
Public Key Cryptography
Zero-knowledge proofs Blockchain
‣ Julius Caeser (50 BC)
‣ Alan Turing (1940s)
‣ Merkle‣ Diffie & Hellman‣ Rivest, Shamir &
Adleman (1970s)
‣ Goldwasser, Micali et al.
(1980s)
TLS
‣ Deploy public key
crypto (1990s)
‣ Nakamoto (2009)
Zcash
‣ Deploy zero-
knowledge proofs (2016)
‣ Cocks & Ellis (1960s)
From Caesar to Turing..
In the 60s & 70s...
In the 70’s...
In the 80’s...
Crypto discoveries & deployments
Symmetric Key Encryption
Public Key Cryptography
Zero-knowledge proofs Blockchain
‣ Julius Caeser (50 BC)
‣ Alan Turing (1940s)
‣ Merkle‣ Diffie & Hellman‣ Rivest, Shamir &
Adleman (1970s)
‣ Goldwasser, Micali et al.
(1980s)
TLS
‣ Deploy public key
crypto (1990s)
‣ Nakamoto (2009)
Zcash
‣ Deploy zero-
knowledge proofs (2016)
‣ Cocks & Ellis (1960s)
Part 2: Cryptography FundamentalsZooko Wilcox 9 April 2018
Symmetric Encryption
Symmetric Encryption
Public Key Cryptography
Public Key Cryptography
A A
Hash function
a76fb6813c70bbf4d2fa...
a76fb6813c70bbf4d2fa...
Hash function
a76fb6813c70bbf4d2fa...
b1a65f0d9cd2b85fa71c...
Digital signatures
a76fb6813c70bbf4d2fa...
a76fb6813c70bbf4d2fa......A
Zero-knowledge proofs
TLS/HTTPS
https://blog.cryptographyengineering.com/2012/09/06/on-provable-security-of-tls-part-1/
End-to-end encryption (client-client)
https://heimdalsecurity.com/blog/wp-content/uploads/end-to-end-encryption-comparison.png
‣ Demo:
Signature verification
https://commons.wikimedia.org/wiki/File:Digital_Signature_diagram.svg
‣ Demo:
Crypto discoveries & deployments
Symmetric Key Encryption
Public Key Cryptography
Zero-knowledge proofs Blockchain
‣ Julius Caeser (50 BC)
‣ Alan Turing (1940s)
‣ Merkle‣ Diffie & Hellman‣ Rivest, Shamir &
Adleman (1970s)
‣ Goldwasser, Micali et al.
(1980s)
TLS
‣ Deploy public key
crypto (1990s)
‣ Nakamoto (2009)
Zcash
‣ Deploy zero-
knowledge proofs (2016)
‣ Cocks & Ellis (1960s)
Part 3: Blockchain HistoryZooko Wilcox 9 April 2018
Crypto discoveries & deployments
Symmetric Key Encryption
Public Key Cryptography
Zero-knowledge proofs Blockchain
‣ Julius Caeser (50 BC)
‣ Alan Turing (1940s)
‣ Merkle‣ Diffie & Hellman‣ Rivest, Shamir &
Adleman (1970s)
‣ Goldwasser, Micali et al.
(1980s)
TLS
‣ Deploy public key
crypto (1990s)
‣ Nakamoto (2009)
Zcash
‣ Deploy zero-
knowledge proofs (2016)
‣ Cocks & Ellis (1960s)
Before 2009...
‣ eCash (David Chaum, 1983), then DigiCash (1995)
‣ Bit gold (Nick Szabo, 1998)
‣ Hashcash (Adam Back, 1997)
In 2009...
‣ The Times 03/Jan/2009 Chancellor on brink of second bailout for banks.
In 2009...
Building blockchains beyond bitcoin...
Crypto discoveries & deployments
Symmetric Key Encryption
Public Key Cryptography
Zero-knowledge proofs Blockchain
‣ Julius Caeser (50 BC)
‣ Alan Turing (1940s)
‣ Merkle‣ Diffie & Hellman‣ Rivest, Shamir &
Adleman (1970s)
‣ Goldwasser, Micali et al.
(1980s)
TLS
‣ Deploy public key
crypto (1990s)
‣ Nakamoto (2009)
Zcash
‣ Deploy zero-
knowledge proofs (2016)
‣ Cocks & Ellis (1960s)
Part 4: Blockchain FundamentalsZooko Wilcox 9 April 2018
Blockchain
Verifying blocks
https://en.wikipedia.org/wiki/Bitcoin_network
‣ Demo:
Syncing the Zcash client
Part 5: Intro to Blockchain PrivacyZooko Wilcox 10 April 2018
The problem with privacy in bitcoin
Block number Sender Recipient Amount
36809 Address A Address B 3 BTC
38223 Address B Address C 2 BTC
98001 Address C Address D 1 BTC
Bitcoin
Comparing different technologies
Technology Sender Recipient Transaction details
Stealth addresses
Confidential transactions
Decoys/mixins
zk-SNARKs
Implementations combining multiple technologies
Implementation Sender Recipient Amount
Confidential Transactions
CryptoNote
Monero with RingCT
Zcash
Types of decoys/mixinsCoinJoin
Mimblewimble
RingSig
Fragility of decoys/mixins
Deanonymizing decoy/mixinshttps://monerolink.com
TXN6 UTXO12
UTXO7 UTXO12
Deanonymizing RingCT
Buyer Seller Exchange
UTXO1
UTXO2
UTXO3
UTXO4
UTXO5
TXN1 (UTXO1)
Deanonymizing RingCT
TXN2 (UTXO6)
Buyer Seller Exchange
UTXO6
UTXO7
UTXO8
UTXO9
UTXO10
Deanonymizing RingCTUTXO1
UTXO2
UTXO3
UTXO4
UTXO5
UTXO6
UTXO7
UTXO8
UTXO9
UTXO10
Buyer
TXN1 (UTXO1)
TXN2 (UTXO6)
Exchange
Part 6: Privacy in ZcashZooko Wilcox 11 April 2018
Transparent & Shielded▸ Forked Bitcoin (v 0.11.2)▸ Transparent addresses: public & verifiable▸ Shielded addresses: encrypted & verifiable (+ memo field)
Blockchain
Encryption
Blockchain + encryption
Zero-knowledge in Zcash (as a spreadsheet)
Block number Sender Recipient Amount
36809 Address A Address B 3 BTC
38223 Address B Address C 2 BTC
98001 Address C Address D 1 BTC
Block number Sender Recipient Amount Proof
36809 Encrypted Encrypted Encrypted hcv5…
38223 Encrypted Encrypted Encrypted m89g…
98001 Encrypted Encrypted Encrypted mv7l…
vsBitcoin Zcash
Selective disclosure‣ Allows either party to a transaction to disclose transaction details to a
third party, while keeping them hidden from everyone elseWhat Deutsche Bank, Citadel, the SEC, and the DTCC see:
Deutsche Bank sells 1,000,000 US912828P469 to Citadel at USD 97.567574
What the trade reporting repository or market data aggregator see:
⌷⌷⌷⌷⌷⌷⌷⌷⌷⌷ sells ⌷⌷⌷⌷⌷⌷⌷ US912828P469 to ⌷⌷⌷⌷ at USD 97.567574
What everyone else sees:
⌷⌷⌷⌷⌷⌷⌷⌷⌷⌷ sells ⌷⌷⌷⌷⌷⌷⌷ ⌷⌷⌷⌷⌷⌷⌷⌷⌷⌷ to ⌷⌷⌷⌷ at ⌷⌷⌷ ⌷⌷⌷⌷⌷⌷⌷
Zerocashrt = Merkle-tree rootcm = note commitmentnu = note nullifierv = note valuer, s = commitment rand.p = nullifier rand.(apk, pkenc) = address public key(ask, skenc) = address secret key
(a) Merkle-tree over (cm1, cm2,...) (b) note
(c) note commitment (d) note nullifier
c = ((apk, pkenc),v,p,r,s,cmrt
CRH CRH
CRH
CRH CRH
CRH CRH CRH CRH
cm1 cm2 cm3 cm4 cm5 cm6 cm7 cm8 ...
CRH
cm
COMMs
COMMr
v
apk PRFaddr 0p
PRFnuask
nu
ask
Sprout zk-SNARKsp apk rt fee
ZKP
Vin1
Vin2
Vout1 Vout2
ZUTXO1
ZUTXO2
ZUTXO1
ZUTXO2
NF1
NF2
SEC2
SEC1
COMM1
COMM2
public
private
Sapling zk-SNARKs
rt NF
NOTE
NOTE
ZKP
V
Input
ZKP
Output
V
Inputs Outputs
V ZKP V ZKP
V ZKP V ZKP
V ZKP V ZKP
Vin = Vout + fee
public
private
commitment
+
+
+
+
Pedersen commitment
GR x HV
Part 6: Privacy Use CasesZooko Wilcox 11 April 2018
Payments with Symmetric Encryption
Payments with Public Key Cryptography
Payments with ZKP & Blockchain
Crypto discoveries & deployments
Symmetric Key Encryption
Public Key Cryptography
Zero-knowledge proofs Blockchain
‣ Julius Caeser (50 BC)
‣ Alan Turing (1940s)
‣ Merkle‣ Diffie & Hellman‣ Rivest, Shamir &
Adleman (1970s)
‣ Goldwasser, Micali et al.
(1980s)
TLS
‣ Deploy public key
crypto (1990s)
‣ Nakamoto (2009)
Zcash
‣ Deploy zero-
knowledge proofs (2016)
‣ Cocks & Ellis (1960s)
Get involved!
Mine Zcash! Pay and get paid in Zcash! Write code! Apply for grants!
‣ Foundation - https://z.cash.foundation
‣ Code - https://github.com/zcash
‣ Chat - https://chat.zcashcommunity.com