Watch / Hodor - open source zkSTARKs library by Matter Labs
Duration: 01:20:31
Speaker: Konstantin Panarin, Alexander Vlasov
Type: Breakout
Expertise: Advanced
Event: Devcon 5
Date: Oct 2019
Zcash + Ethereum = ❤
This presentation focuses on how Zcash uses zero-knowledge proofs to add private transactions to a public blockchain, and how Zcash and Ethereum will grow together. Zcash is a new cryptocurrency that provides private transactions — the sender’s and receiver’s addresses are not publicly visible in the blockchain, nor is the amount transferred. Zcash posts that private information to the blockchain in encrypted form, and uses zero-knowledge proofs to cryptographically guarantee the validity of transactions without exposing the private information. This results in “Selective Transparency”. It’s not all-dark-all-the-time — it’s that each encrypted transaction in the blockchain can be revealed by its creator to selected third parties. Zcash is developed by a VC-funded, highly skilled development team and a widespread and active open source community. There are three paths forward for integrating Ethereum’s programmability with Zcash’s privacy. The Zcash team is actively contributing to all three paths. 1. Programmable Zcash — add Ethereum-style programmability to the Zcash blockchain 2. Private Ethereum — add Zcash-style privacy to the Ethereum blockchain 3. Project Alchemy — interoperation between the Ethereum and Zcash
Zooko Wilcox
Cryptography on the Blockchain
I have a LocalCrypto.sol library (i.e. all in solidity) that supports El Gamal Encryption, One out of Two ZKP (i.e. either yes or no is encrypted), Pederson Commitments, Inequality proof (i.e. two commitments DO NOT commit to the same data), Equality proofs (i.e. two commitments DO commit to the same data), Discrete log equality proofs, and publicly verifiable secret sharing. I’m currently organising the code for public release (let others experiment with cryptography on the blockchain) – i’d like to present the library, its capability, some projects I have used it in and how people can start using it today.
Patrick McCorry
Protecting your Privacy within the Blockchain Ecosystem
Robertas Visinskis gives their talk titled, "Protecting your Privacy within the Blockchain Ecosystem"
Robertas Visinskis
Whisper: Achieving Darkness
Vlad Gluhovsky & Guillaume Ballet give their talk titled, "Whisper: Achieving Darkness"
Vlad Gluhovsky, Guillaume Ballet
Enigma: Privacy-preserving Smart Contracts for Ethereum
Enigma is a privacy protocol to enable privacy preserving smart contracts on Ethereum. Enigma utilizes secret contracts - smart contracts that let you use private and sensitive data in decentralized applications. Enigma is building a network for privacy preserving computations. Nodes in the Enigma network that execute secret contracts never see the data that is used in their computations. In this talk, we would like to give an overview of the first version of Enigma network, which is currently on testnet, and present the roadmap with specific focus on privacy preserving cryptographic methods including Multiparty Computation (MPC) and Zero Knowledge Proofs. Computing over private data is considered one of the “holy grails” of computer science. With secret contracts, Enigma focuses on building blocks for the Ethereum network, such as voting / governance and auctions, in the short term. Longer term, Enigma enables applications on Ethereum that work with sensitive user data to compete with centralized solutions such as Uber. Enigma can also harden the privacy and resiliency of popular solutions like on-chain voting and sealed-bid auctions. Without privacy, applications and users must turn to centralized solutions or accept severe trade-offs.
Guy Zyskind, Isan Rivkin
IDEN3: Scalable distributed identity infrastructure using zero-knowledge proofs to guarantee privacy
IDEN3 is NOT an ICO. It has no token at all. It is an open source permissionless identity layer built on top of Ethereum that we expect many projects will be able to use as a foundational layer for their own identity solution. It is a simple system that allows any identity to make a claim about any other identity. Our talk at DevCon4 will cover these topics: - We will introduce the idea of a decentralised identity management system and the challenges and needs for this solution. We will explain how IDEN3 can deploy millions of identities on blockchain without almost any expenditure of gas, allowing the system to scale to become a global solution with Ethereum as it is today. We will show how the claims are managed off-chain and validated on-chain and off-chain. We will explain how to generate proofs to validate claims that are valid only for a specific recipient and not reusable. We will show how to create proofs of those claims anonymously without revealing unnecessary data by using zero knowledge proofs. Finally we will talk about the status of the current development, our roadmap, milestones, the team, etc.
Jordi Baylina
LibSubmarine - Temporarily hide transactions on Ethereum
LibSubmarine is a modular implementation of the Submarine Sends framework proposed by the team at IC3. While a standard commit-reveal scheme allows users to temporarily obfuscate data included in their transaction, Submarine Sends allow users to completely hide their transaction until revealed in a later block. Notable use cases include preventing frontrunning on DEXs, working sealed-bid auctions, and private voting with public tally. This is an open source and gas efficient implementation which anyone can add to their project. Built by the community, for the community. Slides: https://goo.gl/ncn3xG
Stephane Gosselin, Shayan Eskandari, Tyler Kell, Lorenz Breidenbach
New hash functions for Ethereum, SNARKs, and STARKs
Traditional cryptographic hash functions such as SHA-256 are well known in the Ethereum community and are well regarded for security and performance. However, they are not quite suited for SNARKs and STARKs as their circuits are too complex and slow in SNARK/STARK-friendly fields. That's why Zcash proofs originally took more than 40 seconds to create. In this talk we present and call for new designs that will make all the SNARK/STARK crypto much faster and thus bring better privacyto Ethereum. In particular, we cover: -Existing algebraic hash functions such as MIMC. -Merkle tree enhancements: wide functions and trees with feedback; -improved algebraic function design using ideas from AES and SASAS schemes. -performance overview; -how new designs will affect EVM and smart contract programming. We will also present other directions and potential research bounties that can be offered to motivate the hash research, crucial for SNARKs, STARKs, and Ethereum.
Dmitry Khovratovich
P4: Private Periodic Payments Protocol
P4 aims to solve the problem of subscription services offering end-to-end private cryptocurrency payments. This protocol introduces periodicity to cryptocurrency payments through an ongoing relationship between the merchant and the customer without unintentionally disclosing personally identifiable information. We are creating this protocol to allow us to offer a truely end-to-end private subscription data storage solution built with Tahoe-LAFS. By sharing it, we hope that other subscription services will implement our protocol and further the adoption of cryptocurrency payments in real world retail use cases. Although this protocol is currently a work in progress, we have already specified some design decisions. For periodicity, we are avoiding a payment pre-authorization design to keep the user in control of their keys. And for privacy we are utilizing Zcash shielded transactions and the coming improvements in the Sapling release. This protocol is being created by the Least Authority team with support from the Zcash team.
Liz Steininger
Plugging the metadata leaks in the Ethereum ecosystem
Current generation blockchains are by definition public... but how much public is too public? There is ample research going into making transactions private, hiding users' balances and computing verifiably off chain. However, nobody really focuses on the alarming amount of metadata we leave behind us with every one of our chain, explorer and/or dapp interactions. Even running our own nodes can expose a lot more about us to the world than most people realize or would feel confident with. In this talk I'd like to highlight some of the issues I see around metadata privacy within the Ethereum ecosystem, how those seemingly innocuous data leaks could be amassed and abused by aggregating actors and what we collectively might try to do to protect our users and the safety of our community members in the coming years.
Péter Szilágyi
Privacy for Everyone
Zooko Wilcox speaks about Zcash & recent advances in Privacy.
Zooko Wilcox
Privacy Preserving Smart Contracts
An overview of the privacy-preserving smart contract landscape. Examines the 3 main approaches: trusted execution environments (TEE), secure multi-party computation (sMPC), and zero-knowledge proofs (ZKP), and their respective tradeoffs to achieving computation over private data. I talk about the different companies doing each approach and I propose a way to synthesize all 3 approaches coherently. There is a full blog post about the topic here: http://juliankohtx.com/privacy-preserving-smart-contracts/
Julian Koh
Privacy-preserving Smart Contracts at Scale
In this talk we'll describe Oasis, a platform for privacy-preserving smart contracts at scale. Oasis addresses two critical issues of today's platforms: poor scalability and a requirement that all data is public. These platforms cannot support many exciting use-cases which have complex application logic (e.g. machine learning) or require protection of user or application secrets (e.g. data markets). Oasis is a layer 1 blockchain platform that scales to complex workloads such as machine learning and protects data via secure computing techniques. Oasis's scalability stems from the novel separation of computation and consensus in a layered design. This design allow transactions to execute in parallel before validation by the consensus layer, thus alleviating a major source of congestion and enabling new verifiable computing techniques that dramatically reduce replication needed to ensure integrity. Oasis uses a proof-of-stake consensus algorithm tailored for this architecture and supports multiple secure computing models (trusted hardware, multi-party computation, zero-knowledge proof) based on security and performance requirements. We'll summarize the Oasis protocol and discuss real-world applications built on Oasis in as credit scoring, medical data sharing, and blockchain-based games. We'll describe how Oasis enables these exciting applications to run directly on-chain, avoiding the need for off-chain computation.
Noah Johnson
Satoshi Has No Clothes: Failures in On-Chain Privacy
Payments in Ethereum and Bitcoin are, by default, transparent. Transactions are conducted between pseudonyms with the sender, recipient and value exposed. While this transparency enhances auditability and decentralization, it is a major privacy issue. A growing volume of research shows that these pseudonymous identities are easily linkable. This is a major issue for privacy, fungibility, and a free market. A variety of techniques have been proposed to alleviate these issues. These include but are not limited to Confidential transactions + Conjoin, RingCT/Cryptnote, Zerocoin, Zerocash, Hawk, and Solidus. These techniques span a large multidimensional performance envelope in terms of transactions generation and validation time, size, as well as a range of cryptographic assumptions and data retention requirements. At the same time, these protocols offer markedly different levels of privacy against various threat models. Which one should we use? If performance were the sole issue, then systems without such enhancements would likely be preferred. Clearly some amount of privacy is necessary and the cost of getting it acceptable. The question is thus, which approaches provide sufficient privacy, in what contexts, and at what cost?
Ian Miers
The Entire History of You Is Being Sold
Every moment, servers are logging, cataloging, and selling your personal, private information. Your utility bill payments, cell phone records, insurance payments, auto history, court records, credit score, identity information, social security records, address history and hundreds of other pieces of information are amassed into giant data warehouses where it’s packaged and sold to data farms, lenders, and banks. A Blockchain Solution: The data industry is a murky one. With the right direction, businesses are ready to adopt Blockchain technology TODAY as Blockchain can offer practical solutions to GDPR and Data privacy. Riddled with scams, dark markets, and illegal underground sources of data, the problem is getting worse. 10,000+ different companies report information about you to major bureaus. Analysts’ figures show that number climbing to more than 30,000 in the next 10 years. This is where Blockchain is needed. Developing the Future: In the past, consumers had little recourse, calling central data collection firms are a “necessary evil”. Blockchain gives users the power to own their own data, and decide how it’s used, how it’s sold. How you can develop systems that get adoption today? What businesses are ready to integrate now? Simple solutions to big problems.
Jesse Leimgruber
The State of Whisper
Whisper is the Ethereum Foundation's secure communications protocol. It has been designed to ensure darkness, i.e. guarantee that neither a message's content nor its metadata can be captured by an attacker. With the release of version 6 last spring, it is now also used to prototype the switch of the P2P stack from DevP2P to libp2p. This talk will start with a summary of the protocol, followed by in-depth coverage of two upcoming features that will improve its usability: 1) insights into the libp2p switch, and 2) compiling it to WASM to run directly inside a browser, thus bypassing the confusing RPC interface.
Guilaume Ballet
A trustless Ethereum mixer using zero-knowledge signalling
Since Ethereum transactions are fully visible on-chain, it is possible to trace value transfers and surveil users' financial activity. This state of affairs deprives users of privacy beyond mere pseudonymity. Some workarounds, like using a centralised exchange wallet or a custodial mixing service, however, introduce a high degree of counterparty risk. The Ethereum ecosystem needs a noncustodial mixer which works through strong cryptography, rather than blind trust. To solve this, we present a trustless mixer for Ether and ERC20 tokens. It builds upon Semaphore, a zero-knowledge signalling system by Barry WhiteHat and Kobi Gurkan. Additionally, it employs a burn relay registry which incentivises third parties to pay gas fees on behalf of mixer users. In this presentation, I will show a high-level architectural overview of the mixer, dive into its underlying zero-knowledge circuits, and discuss other applications of zero-knowledge signalling.
Kobi Gurkan, Wei Jie Koh, Barry WhiteHat
An introduction to privacy and anonymous communication: A hands-on workshop
This workshop will go over the basics of privacy, starting with anonymity and unlinkability. We'll show that privacy is a 'holistic' systems-level concept, and not just an application of zkSNARKs on-chain. Various types of privacy notions (unlinkability, undetectability), and threat models, will be explored, as well as the various levels where privacy leaks happen (layer 0 on the network level, layer 1 on the chain, and layer 2 application issues). The workshop will then invite coders to describe their own privacy problems, and we'll offer advise and hands-on work through with systems like mix-networks (Loopix), anonymous credentials (Nym), and other systems.
Dave Hrycyszyn, Jedrzej Stuczynski
David Chaum
David Chaum gives a brief history of his experience in Cryptography, and presents Elixxir and Praxxis.
David Chaum
Decentralizing Ethereum Data with VulcanizeDB
Ethereum is a robust platform for decentralized applications, but the same data structures and encodings that make it effective and trustless also complicate data accessibility and usability. How do you know token balances were updated correctly after you sent your transaction? Is an address authorized to seize your assets? How have system parameters changed over time? To answer these questions, we’ve traditionally depended on centralized APIs and block explorers to capture and serve historical data in a performant way. But what if those services shut down or returned modified results? VulcanizeDB has been working hard to address this problem - aiming to make it easier for anyone to set up, maintain, and query their own data directly. The good news: it is possible to keep track of the historical state of smart contracts without storing petabytes of data! The tricky part: you need to be intentional about how you track information, and you need to aggregate data from disparate sources to provide a holistic view. This workshop will provide a demo and hands-on experience walking through how VulcanizeDB simplifies the process of developing and interacting with smart contracts while keeping our applications and data independent of centralized third parties.
Rob Mulholand
Decentralizing Transaction Abstraction for On Chain Privacy
Transaction abstraction (or meta transactions, if you prefer) isn't a new idea in Ethereum. The idea, roughly, is that users sometimes want a 3rd party, called relayers, to pay gas for their transactions for them. To support on-chain privacy apps like the MicroMix mixer, we've designed a decentralized transaction abstraction system with 2 particularly novel ideas:a transaction simulation engine that allows anyone to run a relayer with minimal configurationa trustless reputation/spam-prevention system for relayers, that we call the 'burn registry' In this talk, I'll:present the design space of transaction abstraction and some of the crypto-economic challenges in building such a systempresent the solution we've built for MicroMix and finally, share software that you can run today to be a relayer on our network.
Lakshman Sankar
Ethereum 9¾: MimbleWimble for ERC20 with ZK Snark
Ethereum 9¾ is an entrance to the magical world to send ERC20s privately. It hides the transaction histories using MimbleWimble and ZK Snark. A user enters into the magical world by depositing ERC20 tokens with a valid MimbleWimble output. As Ethereum 9¾ appends it as a coin-base to the Merkle Mountain Range tree, the user becomes able to use MimbleWimble spell to send ERC20 privately. The contract only accepts MW spells which include an unlinkable spent tag, result outputs, and a ZK proof. The proof should pass the ZK-circuit which ensures that the tag is derived from an output which definitely exists in the MMR tree while the sum of spent and resulting outputs satisfies the MimbleWimble equation. Then, the spent tag prevents double-spending and ZK Snark secures deposited ERC20s by proving that the sum of inflow and outflow is zero by MimbleWimble protocol without revealing details. Or the user can go back to the muggle world anonymously and withdraw ERC20s by providing an unlinkable spent tag and a ZK proof. Because MimbleWimble doesn't reveal the value during transactions and we also don't know which output has been spent, it becomes hard to link the deposit and withdrawal.
Wanseob Lim
Hands-on applications of zero-knowledge signalling
Semaphore is a generalised zero-knowledge signalling system which can be deployed to fulfil various privacy use cases, such as a mixer and anonymous whistleblowing. This hands-on workshop will guide participants through a high-level explanation of how Semaphore and zero-knowledge proofs work, and guide them through an anonymous chat app integrated with POAP tokens which can generate and verify said proofs. No programming or zk-SNARK knowledge is needed.
Wei Jie Koh
How scaling impacts privacy
This will be a presentation or panel discussing the positive and negative privacy consequences of scaling to mainstream use. By considering the data stored on blockchains, now, we can speculate about the use of it in the future and how it can be analyzed at scale. We will explore specific data types and common use cases, including data mining. The goal of this session is to help the community know how privacy will be impacted when cryptocurrency reaches mainstream use and explore the societal consequences of personal data collection and decentralization of systems.
Liz Steininger
KeySpace: End-to-End Encryption using Ethereum and IPFS
One of the interesting side effects of the number of developers coming into the blockchain space is that as more engineers come to understand & play with cryptographic tools, they are more likely to come up with solutions to new user experience issues by creatively applying these cryptographic primitives. At AirSwap we wanted to enable conversational, messaged-based trading for users, and support dependable message delivery, without compromising their privacy. Since we knew that all dApp users have access to a persisted public-private key-pair through their wallet, we built a system that allowed them to derive secondary PGP keys which were deterministically tied to their address, and allowed for encryption & decryption of messages, and also signatures and signature verifications. (more detail here: https://medium.com/fluidity/keyspace-end-to-end-encryption-using-ethereum-and-ipfs-87b04b18156b)In this workshop, I’ll help participants walk through the creation of their KeySpace key pairs using their Ethereum wallet of choice (Trust, Coinbase Wallet, Ledger, Trezor, etc) via the functionality provided in the AirSwap.js library (https://github.com/airswap/AirSwap.js). Afterwards they will be able to validate identities in decentralized messaging systems, encrypt & decrypt messages sent over IPFS (via OrbitDB), and build the foundation for permissioned, off-chain applications.Participants will need a laptop, understanding of git, and basic javascript development skills (installing from NPM, writing code in an IDE of choice).
Samuel Walker
Minimum Viable Privacy: Introducing Hopper
Hopper is an Open-Source Mixer for Mobile-friendly private transfers on Ethereum. It allows the private transfer of value from one Ethereum account to another, via an iOS client. Users can deposit notes of 1 ETH into a mixer smart contract and withdraw them later to a different account by only providing a Zero-Knowledge proof (zkSNARK) that they previously deposited a note into the mixer, without revealing from which account that note was sent. Relayers are used to post transactions to the blockchain so that the recipient of a private transfer can withdraw a private note from the mixer without needing any prior ether. This project is based on previous work on trustless Ethereum mixers by @barryWhiteHat and @HarryR. This talk will discuss the development of Hopper, how others can contribute, and the next steps to make it a true utility for the community.
Julien Niset
Mixing based privacy mechanisms are insufficient
Mixing based privacy-preserving mechanisms like trustless coinjoin used by Wasabi wallet and ring signatures used by Monero are noble and might work for the average Joe, but they don't provide privacy required for mission-critical things. The talk will briefly cover some of the attack vectors against such mechanisms and provide tips on improving your privacy within such systems.
Mudit Gupta
Network level privacy with HOPR - fixing Ethereum's Achilles' heel
Multiple projects currently focus on on-chain privacy but at network level, Ethereum utilizes broadcasting of messages in a P2P setting which is known to have inferior privacy-guarantees compared to mixnets. Beyond the core layer, dapps running on top of Ethereum or users interfacing these dapps and communicating with one another need a go-to protocol that allows them to exchange data without leaking private metadata that allows for de-anonymizing them while using a dapp.In this talk we highlight some attacks that collect network metadata in order to de-anonymize senders of a transaction. We then show how a mixnet like HOPR can be used to establish network-level metadata privacy. HOPR is a mixnet that allows participating nodes to earn ETH for relaying messages and thereby provide privacy. As HOPR requires cooperation of downstream nodes to unlock a payment, traditional payment channels would lead to race conditions that allow relayers to exploit the network. We will present an alternative to common payment channel implementations, building on commutative properties of elliptic curves for efficiently closing payment channels.
Sebastian Buergel
Nightfall - The Open Source Privacy Solution for Ethereum
We believe that public blockchain is the future of business to business transactions. However, two issues - privacy and scalability - will need to be solved if this vision is to be fully realised. This talk will explain the motivations behind the open-source nightfall code and how it is intended to tackle the first of these issues. We cover the operation of the protocol, the method by which it provides complete privacy, and how developers can use it to build their own applications by making use of its smart contract infrastructure and the ZoKrates framework. We will also present our modelling of transaction costs, which shows that nightfall can already provide a cost-competitive alternative to private blockchains for many situations and how that will be true for a growing number of use cases in the near future.
Duncan Westland, Chaitanya Konda, Michael Connor, Paul Brody
Off-Chain Trusted Compute Overlay testnet for Blockchain Privacy, Scalability and Adaptability.
During Devcon 4 we introduced potential for Trusted Compute as an option for addressing scalability and privacy challenges faced by blockchains. Since then Enterprise Ethereum Alliance (EEA) has released version 1.0 of Off-chain Trusted Compute specification. As part of the workshop we will introduce an Enterprise Ethereum network connected to EEA compliant Trusted Computing pool; both hosted on Azure cloud. In addition we will demonstrate one sample real-world usage scenario and give examples of more. During the workshop developers will be provided scripts to recreate the setup on their local laptops and guidance on how to create private test setups on Azure cloud. Developers will walk away with background on leveraging Trusted Compute in context of their decentralized applications for addressing privacy, scalability and/or adaptability.
Sanjay Bakshi, Jean-charles Cabelguen, Andreas Freund, Marley Gray, Anand Pashupathy, Yevgeniy Yarmosh, Lei Zhang, Jim Zhang
Path to Seedless Recovery
Private key management is one of the key issues to be solved on the road to mass adoption of blockchains like Ethereum. Smart contract based wallets like the Gnosis Safe are laying the foundation to solve this problem by allowing different types of access control. The talk gives an overview of the different approaches developed to allow account recovery beyond seed backups and explains how to implement social recovery to ensure recoverability without compromising privacy.
Stefan George
Privacy in Ethereum
From mixer to anonDAO, anonSocial media to journalism under authoritarian regimes ethereum offers ways to provide privacy to people who need it most. Come hear what we have done and what we want to do. How *YOU* can help us move forward.
Barry WhiteHat
Privacy by design in a world with universal SNARKs
ZK-SNARKs are an innovative method of verifying that a computation has been performed correctly. They form the backbone of many proposed scaling and privacy solutions for Ethereum. PLONK is a new ZK-SNARK construction, developed by AZTEC and Protocol Labs, that is 'universal'; only one 'trusted setup' is required, and different ZK-SNARK programs do not require additional trusted setups to be performed. This construction is the first universal ZK-SNARK construction that is practical enough for use in smart-contracts. In this talk, we will provide an overview of how ZK-SNARKs can be used to solve Ethereum's scaling and privacy challenges, and how PLONK opens up a world of zero-knowledge dapps.
Zachary Williamson
Private and Reliable Data Sync for Messaging Over Whisper
How do we achieve user friendly data sync in a p2p network for resource restricted devices? In this talk we go over the problem space, do a brief survey of existing work, and propose a solution combining several of the most promising technologies. This talk will include a demo of a data sync protocol being developed. We’ll also cover things such as: - dealing with mostly-offline devices, - dealing with large sync contexts, such as group chats - making the protocol transport-agnostic. Finally, we’ll show how data sync fits into the larger picture, from transport layer to end user applications, and highlight some of the work that still needs to be done, and who is working on it.
Dean Eigenmann, Oskar Thoren
Satoshi Has No Clothes, What About Szabo?: Smart Contracts, Privacy, and Practicality
This talk will explore the possibilities for privacy preserving smart contracts in terms of both cryptography and functionality. It will give an overview of known approaches, including a detailed discussion of zk-proof based schemes such as Zexe (my work) and an overview of other approaches including refereed computation as seen in systems like Truebit and Arbitrum, multi-party computation, secret sharing, and fully homomorphic encryption. More fundamentally, it will explore what a private smart contract really is. Do we need to hide which contract is running? Do we really want privacy in most cases?
Ian Miers
Shrubs - A New Gas Efficient Privacy Protocol
ERC20 tokens that offer high levels of privacy to their users have been a longtime goal in the Ethereum ecosystem. To implement a privacy protocol that offers very strong privacy guarantees such as those of Zcash, it's necessary to maintain a large Merkle tree of commitments. Unfortunately, doing so in a smart contract can be expensive. For example, to support the same number of total transactions as Zerocash (2^64), one would require a tree depth of 64, and thus 64 storage updates per transaction, which is prohibitively expensive gas-wise. In this work, we introduce a new Merkle tree variant, which is defined not by the root, but by the path to the rightmost non-empty leaf node (or frontier), in a tree filled from left to right. This allows commitments to be inserted with O(1) amortized updates, at the expense of a slightly more complicated zk-SNARK proof, used to prove that the commitment is in the tree. We use this new data structure to create ShrubsToken, a new gas efficient privacy token, with Zcash-like privacy. Based on our experiments, we estimate that Shrubs will use around 500,000 gas per transaction, after the next Ethereum hard fork.
Alex Gluchowski, Kobi Gurkan, Marek Olszewski, Eran Tromer, Alexander Vlasov
The Commodification of You
Corporate interests monitor and harvest our every contact and click, exploiting the fact that we rely on the internet for nearly every facet of our lives. They delve deep into our digital selves so that they can commodify our identities. For years, they’ve succeeded with only a whisper of pushback. What can we do to know what is happening to us and take back some control from our digital identities? In this talk, attendees will learn: Recent scandals highlighting the danger of the current collect-predict-sell data monetization model; Where technology can and can’t help us as we navigate our digital lives; What we can do to educate ourselves and others to sway public opinion on privacy.
Seven Waterhouse
The Future of Privacy-Preserving Smart Contracts
Ethereum is unable to support the development of privacy-preserving smart contracts in its current state. What do we need from Ethereum 2.0 to build arbitrary privacy-preserving smart contracts? What cryptographic building blocks are required? We’ll begin by diving into recent efforts both in academia and industry towards building PPSCs and some of the fundamental flaws with these approaches. We’ll also cover the trade-offs that need to be considered and the lessons learned from previous attempts in this space. Furthermore, we will discuss the limitations on use cases for each approach.Attendees of the presentation will leave with a better understanding of the state of the art for PPSCs in Ethereum and the wider blockchain space.
John Pacific, Ravital Solomon
You Too Can Build a Ethereum Mixer!
Cryptography is maths, and maths is scary. There's information overload, you don't know where you start, there's smarter people telling you how your solution(s) isn't perfect and how it has a theoretical limit / flaw / weakness, and how it's not "safe" to do xyz.So how can one with no academic background in cryptography start building cryptographic protocols to be then ultilized in higher-level applications? This talk will focus on my anecdotal process of building a Heiswap, Ethereum Mixer, with a Research vs Engineering perspective.
Kendrick Tan
Zero Knowledge: Privacy and Transparency's beautiful co-existence
Zero Knowledge Systems are often imagined as the enabler technologies for a privacy-centric world in which an individual can operate freely, away from public scrutiny. In these proposals, we focus primarily on an individual's right to own and protect their private data. While this is an important topic to us all and a model that is already being explored by projects like Zcash, I believe that the Zero Knowledge paradigm actually offers an opportunity for something even more powerful: that is secure systems providing both privacy and at the same time transparency for individuals and organisations. In this talk, I aim to explore what this balance can look like using zero knowledge systems, how valuable this could be in our personal and business lives, and showcase projects aiming to develop tools in this spirit.
Anna ROSE
Zerochain: Using zk-SNARKs for an account based privacy-preserving blockchain
Zerochain is a privacy-protecting layer on top of any smart contract platforms like Substrate and Ethereum. As a high-level overview, Zerochain is based on Zether protocol(https://crypto.stanford.edu/~buenz/papers/zether.pdf) which is privacy-oriented payment protocol on top of smart contracts. Though this original specification uses Sigma-bullets as zero-knowledge proving systems, instead we use zk-SNARKs for the efficiency reason. I would like to talk about how it works, how we can integrate privacy into the account-based approach.Currently supported for the only Substrate, but it can be supported for Ethereum as well because Zerochain and Zether protocols can be compatible with any smart contract platforms. Here is our GitHub page: https://github.com/LayerXcom/zero-chainand blog post: https://medium.com/layerx/announcing-zerochain-5b08e158355d
Osuke Sudo
ZETH: On Integrating Zerocash on Ethereum
Transaction privacy is a hard problem on an account-based blockchain such as Ethereum. While Ben-Sasson et al. presented the Zerocash protocol [BCG+14] as a decentralized anonymous payment (DAP) scheme standing on top of Bitcoin, no study about the integration of such DAP on top of a ledger defined in the account model was provided. In this paper we aim to fill this gap and propose ZETH, an adaptation of Zerocash that can be deployed on top of Ethereum without making any change to the base layer. Our study shows that not only ZETH could be used to transfer Ether, the base currency of Ethereum, but it could also be used to transfer other types of smart contract-based digital assets. We propose an analysis of ZETH's privacy promises and argue that information leakages intrinsic to the use of this protocol are controlled and well-defined, which makes it a viable solution to support private transactions in the context of public and permissioned chains.
Antoine Rondelet, Michal Zajac
ZoKrates - Privacy for dApps
In this talk, we provide an update on the state, future, and vision of ZoKrates, the programming language and toolbox to bring zkSNARKs to Ethereum developers to enable privacy and scalability of their dApps. We describe the evolution of the ZoKrates language, standard library, and tooling before outlining our view on ZoKrates’ role within the Ethereum ecosystem of the future. To support this vision, we share insights gained from use case implementations where we enhanced the privacy of decentralized applications with ZoKrates.
Jacob Eberhardt, Thibaut Schaeffer