Monero-Style Privacy Is Ready for Ethereum – Who Will Implement It?

Screen-Shot-2017-10-17-at-8.47.44-AM-e1508244553627
28 July 2018

What if ethereum looked more like monero?

Fusing the privacy features of the latter into ethereum would make many of the platform’s stakeholders, including developers who have been working on privacy-enhancing features for some time, excited. But privacy techniques are rarely utilized because of the serious trade-offs presented – such as larger storage requirements and more expensive transactions.

However, during the Privacy Enhancing Technologies Symposium (PETS) in Barcelona this week, two researchers presented their findings on a technique called Mobius that uses mixing solutions to obscure the payment information of ether transactions.

Detailed by the authors of the white paper, Rebekah Mercer and Sarah Meiklejohn, during the conference, Mobius isn’t bogged down by the weight of typical privacy tech – indeed, using cryptographic primitives that were added to ethereum in October, transactions that use Mobius cost only a little more than a standard ethereum transaction (according to a simulation, around $0.06) and takes mere milliseconds to execute.

And by implementing monero-style tooling into an ethereum smart contract, Mobius promises to not only conceal sender and receiver addresses but do so in a way that is cryptographically trustless as well.

While it’s not yet available for ethereum users, an open source implementation has been published by UK-based distributed ledger startup Clearmatics, and according to Mercer, deploying it to the public ethereum chain wouldn’t be too labor-intensive.

“Clearmatics have all the code so you could literally just push it to the ethereum blockchain. They actually have tutorials as well, so it’s pretty well developed,” she told CoinDesk.

Building the technology into ethereum would have the advantage of functioning not just for ether transactions, also allow projects that built tokens with the ERC-20 standard, or even crypto-collectibles, to take advantage of the tech as well.

“Ethereum already has a huge network of people who hold ETH, and the thing is it’s ERC-20 compatible, so if you have tokens you can use them in this way,” she said, adding:

“The whole idea is reducing friction from what people are already doing into what they ideally would like [to do], which is exactly what they’re doing, but with privacy.”

You don’t have to compromise

According to Mercer, the innovation of Mobius is how it navigates trade-offs between decentralization and efficiency.

While centralized solutions often have the advantage of being more efficient, they come with limitations, such as single points of failure as it relates to hacks and thefts or services going offline. Decentralized mixing services – such as CoinJoin, TumbleBit and XIM – deploy trustless cryptographic solutions, but often require either large amounts of coordination off-chain or many steps taken on the blockchain itself, which can be slow and expensive to orchestrate.

“[There’s a] contrast between the more centralized solutions sitting between participants that risk availability and the more decentralized solutions which compromise in communication to make up for these properties,” Mercer summarized.

As such, the goal of Mobius was to question whether such a trade-off is always necessary.

She told the audience:

“So what we thought: is this a inherent thing, if you do a decentralized procedure do you need to pay for it in terms of communication? And what we found was that using ethereum you don’t actually have to make this compromise at all.”

To work around those trade-offs, Mercer and Meiklejohn built a cryptographic device named a ring signature into an ethereum smart contract, that obscures payment information by mixing it up with the other participants in the Mobius contract. Stealth keys, a type of obfuscated but verifiable address, are also deployed to allow Mobius contracts to securely communicate.

Originally built for Clearmatics to disguise payments in blockchain banking solutions, Mercer said that on top of its affordability, it’s easy to send recurring payments between participants who have already sent money across the device.

But for security purposes, the Mobius smart contracts are one-time use and will need to be regenerated when it comes to sending a new payment, Mercer said.

Still, it’s a notably cheap operation, she continued, telling the audience:

“Mobius achieves great things in terms of availability and theft prevention but without compromising on communication, which hopefully will encourage people to mix more often.”

Hurdles to implementation?

Still, while the tech is technically viable, Mercer said she is unaware of any attempts to implement it on public ethereum itself.

According to Mercer, that’s a surprising metric considering that on bitcoin, the demand for payment mixers is quite high.

“I actually have no idea why [it’s not implemented], because like if you look at CoinJoin and CoinMarketCap the order book always has people broadcasting their intention to mix bitcoin anonymously,” she told CoinDesk.

As detailed by CoinDesk, several ethereum businesses are seeking solutions to conceal sensitive information on decentralized applications, as well as providing tooling to anonymize the data in smart contracts. And while this contrasts with a low interest in Mobius, according to Mercer, it’s perhaps indicative of ethereum’s broader-than-payments scope.

“I think it’s just like how ethereum is used these days. It’s not what people expect, people don’t expect to use ethereum for privacy-sensitive transactions. It’s just not its selling point, it’s for decentralized apps, companies, traders and CryptoKitties,” she told CoinDesk.

And there’s other hurdles as well- while pushing Mobius onto public ethereum wouldn’t be too complex, there’s plenty of work to be done to make the technology more accessible to users, as currently, participating in a Mobius contract would be a prohibitively complex task.

“For mass adoption I guess you’d need some sort of user interface that’d literally just pick an anonymity set, and the back-end would just check if you were doing anything weird, and then you could just click through and make the transaction,” she told CoinDesk.

According to Mercer, there’s also work to be done in educating users on the benefits of mixing technologies, as well as continued research into the possible limitations of such techniques as well.

“I think the thing is, people really need to better understand what anonymity guarantees mixing is going to give them, and this is a problem on the research end. We need to make better definitions and have a better understanding, and better inform people,” Mercer said, adding:

“It’s not like people are stupid users who don’t know anything.”

Privacy image via CoinDesk