In my humble opinion, 95% of the existing DeFi ecosystem will need to go up in flames to give way to the rise of a new DeFi ecosystem. Much of it has to do with the “get rich fast” culture. But I will digress. The catalyst of this post is that earlier this month, Vitalik Buterin published a paper addressing blockchain privacy and compliance.
This is my first attempt to write on this topic with potentially multiple revisions to follow as I continue to gain better (technical) understanding of this very topic.
Like any novel idea, what we embrace at first might come back to haunt us. As DeFi grew from sub-$1 billion to $200 billion TVL at its peak, we see plenty of issues with broadcasting your financial data (e.g. transactions) publicly on-chain. Some notable ones:
Front running and sandwich attacks
When submitting your transaction to a public mempool, the MEV bots can front run/sandwich attack which results in higher slippage of your transaction. For example, instead of receiving 100 eth from your buy order, you receive 99 instead due to slippage. This is most common with DEXs.
In the PoW era, a private transaction can be submitted to Flashbots who will then pass it on to the miners to avoid the bot attacks. After the famous Ethereum merge, in the new PoS era, a user need to go through the block builder marketplace for the private transactions to be passed on to miners. (e.g. submit transactions to multiple builders/builder aggregators). The reason is that before the merge, Flashbots have 90% of block space, now it is fractionalized by the block builder marketplace.
According to Blocknative, the number of private transactions more than doubled in Q2 2023 compared to the quarter previous.
Yet the current solutions don’t seem to provide the benefits expected by going private. As the private transactions become second citizens behind bundles and users end up experiencing higher slippage. More on this here.
Become a target of hackers and scammers
Debank is a popular digital tool in the crypto space that provides valuable alpha to retail investors by tracking whale accounts. And we see more intelligence tools emerge every day. However, aside from alpha intelligence, the publicity of financial transactions also make the large value transfers incredibly vulnerable to hackers and scammers. Aside from technical exploits, we also see social engineering on the rise lately. (Fortress Trust $15 million hack)
Tornado Cash was a tool that was created to protect your financial privacy by breaking the connection between the deposit address and the withdrawal address. It is a decentralized privacy-preserving tool for Ethereum that allows users to send and receive ETH and ERC-20 tokens anonymously. It is an open-source project that uses zero-knowledge proofs (zk-SNARK) to ensure that transactions remain completely private. Unfortunately it was used for illicit activities and eventually banned by OFAC. Both developers were arrested on charges including money laundering by US prosecutors.
To summarize, multiple attempts have been made to preserve privacy for on-chain activities yet none has been proven to be particularly effective or scalable.
The trending privacy technology: Zero-knowledge Proof
The zk narrative reached its peak in 2022, many predicted it will go mainstream in 2023. However, the adoption has been lagging to say at least, potentially affected by the long crypto winter. I am particularly surprised by the lack of traction of zkRollups compared to optimism Rollups. Despite massive funding rounds, zkRollups are falling behind in terms of both TVL and active users compared to optimism giants OP and Arbitrum.
What is Zero-knowledge Proof (ZKP)? Zero-knowledge proof is a method of proving the validity of a piece of information without revealing the information itself. In other words, verify the proofs of the information is true rather than the actual information. ZKP can happen at transaction level, smart contract level or protocol level. Currently, four types of ZKP system in development are zk-SNARK, zk-STARK, zkRollup and zkApp. Let’s dive in.
zk-SNARK vs. zk-STARK
If you have been following the space, you probably have come across STARKs and SNARKs multiple times. They are two type of zk technology with respective pros and cons. The main advantage of zk-SNARKs is that the proofs are small in size thus efficient to calculate. This is especially important when bandwidth is scare resource. The key disadvantage is that it relies on a trusted setup that involves a handful of users, so is easier to compromise. Advantages of zk-STARK is that it does not require a trusted setup and less susceptible to quantum computers. However, its proof size is significantly larger (10x – 100x larger) than zk-SNARKs. This made it an expensive system to transact. Notable projects have chosen zk-SNARK include Tornado Cash (ceased to exist), ZCash, zkSync, polygon Zero and Aztec. Notable projects that adopted zk-STARK include StarkWare.
zkRollups
zkRollups are Layer 2 chains that utilise ZKP (either zk-SNARK or zk-STARK) to proof transaction history rather than upload all the transactions data onchain. How it works? they conduct the computations off-chain, bundle the proofs, and upload them onchain for verification. The off-chain computation significant reduces the demand for onchain resources. So that the chain/ecosystem can accommodate considerably more users/transactions and continues to grow. This is especially relevant for Ethereum where congestion is often experienced (high gas fee, low throughput). I have written a separate post on various Ethereum zkRollups which you can find here.
zkApps
zkApps are zk-enabled smart contracts, or in shorter term, private contracts. zkApps perform general purpose calculations offchain, and then send proofs onchain, so that user data never leave local devices. For example, a trader can share his or her *verified* P&L outcome without revealing their balance sheet or/and trading strategies. Remember how $GME celebrity Roaring Kitty published his stock portfolio balance sheet on Reddit every day? He won’t need to do it with zkApps.
Notable projects in privacy and security
While privacy and security is such an important part of DeFi or the broader blockchain ecosystem. It is puzzling that not many projects work in the space. According to Alliance DAO at least. Here we briefly discuss a few notable ones.
ZCash
Do you still remember Digital Currency Group? Yes, I know. It has been a while since we last heard this name. Barry from DCG shilled ZCash hard on Crypto Twitter during the 2021/22 ZK rally. ZCash is an open-source, Layer one chain that uses zk-SNARKS to ensure transactions remain anonymous. ZEC is the native token to the ZCash blockchain. ZCash is very much focused on payment. You can think of it as privacy-enabled bitcoin blockchain. As of the time this blog post is written. ZEC has a market cap of $372.3 million with a transaction volume of $35 million in the past 24 hours.
Mina
Mina Protocol is a layer 1 blockchain that provides a fast, efficient, and secure way to transfer value and information across decentralized networks. The uniqueness of Mina Protocol is that the size of the blockchain remains constant while users continue to interact with it. This means that unlike other blockchains, Mina Protocol does not require expensive hardware or require large amounts of energy to run. Mina is also the first to introduce zkApps. One of the most powerful features of zkApps is recursion. With recursion, you can realize composability between zero knowledge proofs. This enables many powerful technical abilities, such as creating high-throughput applications, creating proofs of large computations, and constructing multi-party proofs. However, as of now zkApps programmability is not live on mainnet.
Aztec
Aztec Protocol is a Layer 2 that enables private transactions on the Ethereum blockchain. It is one of the zkRollups and it uses zk-SNARKs to ensure that transactions are secure and confidential, while still being verifiable and valiId on the blockchain. It is designed to enable developers to create applications that enable secure transactions with privacy protection. A few days ago Aztec announced Aztec Sandbox, a local developer testnet for smart contract privacy.
It is hard to imagine mass adoption before web3 cracks privacy and security issues. The old stigma is hard to shake off. Fortunately, the culture is changing. Increasingly, developers are focusing on creating solutions that can protect user data from malicious actors and ensure that privacy is maintained. Mass adoption can only begin when more people become comfortable with the security offered by web3.