Scalable Privacy on Ethereum

Published on
February 16th, 2021
Duration
59 minutes


Scalable Privacy on Ethereum

The Interview - Crypto ·
Featuring Thomas Walton-Pocock and Sebastian Moonjava

Published on: February 16th, 2021 • Duration: 59 minutes

Thomas Walton-Pocock, CEO and co-founder of Aztec, joins Sebastian Moonjava, Real Vision associate crypto editor, to discuss Aztec, financial privacy, and the different privacy solutions built on Ethereum. Walton-Pocock describes Aztec as a layer 2 privacy protocol, meaning that it is built on top of Ethereum as opposed to building directly in Ethereum mainnet. This allows for greater scalability for Aztec privacy as it verifies or checks in with only the main chain periodically, which also reduces the burden to Ethereum. He contrasts Aztec’s approach with Tornado Cash, explaining that Aztec makes the smart contract logic private whereas Tornado Cash is more of a mixer for transactions. Walton-Pocock urges blockchain users to be aware that every transaction ever made is public, and all of one’s financial history can be consumed by anyone. He believes that eventually privacy on blockchains may be required by regulators. Filmed on February 3, 2021.

Key Learnings: Blockchains are public and expose all of one’s financial history to anyone with the desire to look. Privacy is important to the widespread adoption of crypto because many large institutions will not want to reveal their positions and activities publicly to their competitors. Privacy will become increasingly important as more people utilize blockchains for their financial activities, and eventually regulators may require privacy solutions to protect users.

Comments

Transcript

  • TD
    Thibault D.
    17 February 2021 @ 16:37
    Welp, this is quite disappointing... Optional privacy on transparent chains is generally very bad privacy as has been proven time and again, e.g. here: https://electriccoin.co/blog/new-research-on-shielded-ecosystem/ It leaks metadata and makes it prone to all kinds of analysis like timing, amounts and certain usage heuristics... Moreover, optional privacy doesn't make a cryptocurrency actually fungible... Since there's still a tx-history AND more important, certain 'privacy-behavior' might actually get you into serious trouble, as demonstrated here: https://bisq.community/t/dirty-btc-coins-on-the-xmr-market/7798 and ad nauseam in numorous other cases where this happened... Why RealVision choses to kick off the crypto privacy-debate on here, which is bound to to get more and more attention, with this inferior solution botched on a transparent chain is really beyond me... There's a crypto out there, that has been built from the ground up to be default opt-out private and thus fungible, it's called Monero, and it's making way in the places where privacy is needed the most. It'd suit a quality platform like RV to have at least someone from the most important non-surveillance crypto on, before anything else... I'd suggest Dr. Daniel Kim which can be heard here (https://www.youtube.com/watch?v=aC9Uu5BUxII) with a very interesting presentation about sound money (which should be fungible) or Riccardo Spagni who has been the lead maintainer of Monero for several years... I truly hope you guys go deep into the privacy debate and really consider what digital cash should be like. Because transparent chain with optional privacy on top has proven to not work very well...
    • TW
      Tom W.
      17 February 2021 @ 21:04
      Hello Thibault - a few corrections; Aztec isn't optional privacy. It is of course optional to leave the network and go public again. An asset created natively on Aztec would have absolute and full privacy - confidential amounts, and non-linkability of notes via state and nullifier trees of full depth and without cutting any corners on choice of hash functions (despite verifying them recursively inside SNARKs - this was hard to achieve, but our Plookup system for reducing circuit sizes has allowed us to contract these prover times). Of course, for those who already hold ERC-20 assets (note that they are holding these already; for their economic exposure, not their privacy status), they have indeed lost privacy by simply holding them or exchanging them on Ethereum. We allow them to deposit into Aztec's L2 to provide them with strong privacy going forward. We can provably not apply surveillance to Aztec's users: + viewing keys are held locally in the user's machine + the PLONK paper provides peer-reviewed proofs of zero knowledge + network relayers only validate the correctness of PLONK proofs; they don't construct private transactions
    • TD
      Thibault D.
      18 February 2021 @ 12:29
      I actually want to reply to Tom W., but I'm not able too... Anyway, how would something created on Aztec suddenly become money... surely you'll agree that quasi the only use will be to hop in and out, it also seems to be standard user behavior... But anyway, as I read from here sender and recipient aren't even hidden? https://cointelegraph.com/news/privacy-on-ethereum-aztec-protocol-launches-on-mainnet AND it also inherited what I find to be Zcash's biggest flaw: the trusted setup... Trust is totally antithetical to what cryptography should be imho... Anyway, I applaud every step in the right direction for privacy, so I applaud what Aztec is doing, however, there is already a privacy solution here, and right now it's miles ahead and the best there is and it should be center stage in a first thorough discussion about privacy in cryptocurrencies heren on RealVision, it's Monero and it's being used on the places where Bitcoin got started because it's the best at what it does and it has the biggest network effect in that...
    • DW
      Dean W.
      21 February 2021 @ 17:00
      Monero doesn’t do smart contracts so Aztec isn’t competing with Monero, it’s bringing privacy to Ethereum
  • DW
    Dean W.
    21 February 2021 @ 16:58
    One of the most thought provoking interviews I’ve seen lately. Great questions asked and very insightful comments on L2 solutions. Privacy solutions sound like they’ll be among the earliest “killer apps” going forward. Phala is doing a similar privacy layer for the DOT ecosystem.
  • MR
    Michael R.
    20 February 2021 @ 20:18
    Please interview Tor Blair of the Secret Network. They have achieved ETH to SCRT (Cosmos based) cross chain bridge. Recently opened SecretSwap AMM DEX. Exactly what you guys are discussing on the tail end of this interview. Thank you! Privacy matters in this space, more guests like these. Love the interview!
  • RP
    Raoul P. | Founder
    16 February 2021 @ 15:17
    Tom is brilliant and its great to get him on RV... hopefully we will see more of him.
    • TD
      Thibault D.
      18 February 2021 @ 14:28
      Since this seems to kick off the privacy-in-crypto debate, which I applaud, would you have someone from the biggest privacy cryptocurrency, Monero, on? It's making way where Bitcoin got started... It's default opt-out private and thus fungible (which good money should be). I would recommend dr. Daniel Kim who can be seen here (https://www.youtube.com/watch?v=aC9Uu5BUxII) or Monero's former lead maintainer Riccardo Spagni who recently did an interview here: https://www.youtube.com/watch?v=G98JFz1wmBY Monero has more to it than default privacy and fungibility though: - dynamic blocksize, so able to scale up when needed and thus no blocksize debate or exuberant fees - RandomX: ASIC-resistant mining algorithm which prevents mining centralisation, once CPU one vote - tail emission: after bootstrap-emission a perpetual inflation of 0.8%/year will keep miners incentivised - no premine and no devtax but voluntarily community funded with the monero CCS system: https://ccs.getmonero.org/ - third crypto in developers on github - ... Would be nice to have it covered here on RealVision! thanks in advance, best regards,
  • JG
    Jonnie G.
    16 February 2021 @ 10:53
    An amazing interview and Sebastian always does such a great job. Usually when you guys put up a crypto video I have always seen that technology price rise soon after which tells me you guys don't put any old person here. I believe that this is no exception as anonymity in this space can go a long way. My only question is would governments who like to know everything like this technology for the little guy?
    • TW
      Tom W.
      18 February 2021 @ 11:31
      It's a matter of making governments realise they can't afford for their citizens to be without it - Zcash has already done a lot of excellent education work with regulators, and we're starting to do the same. The SSL certificate in Web2 is excellent precedent for how we think policymakers will approach Aztec encryption in Web3.
  • BL
    Brian L.
    17 February 2021 @ 23:28
    Sounds like the aztec master nodes are computing the zk proofs, so your transactions are not hidden from the aztec nodes. Probably a fine trade-off for users who don't want to spend the compute time themselves. Is there any reason they couldn't operate their L2 platform on more than one public chain, or possibly even a Bitcoin RGB contract on lightning? Good interview, sounds like an interesting project.
    • TW
      Tom W.
      18 February 2021 @ 10:29
      Hello Brian - no actually we use proofs in two distinct ways: + Private transactions, computed locally on the user's device + Rollup transactions, computed by relayers to aggregate 100s of private transactions into 1 single rollup (proof-of-correctness) The entire architecture is built to guarantee 100% privacy from the rollup provider. The rollup provider has private transactions as inputs (i.e. users send the relayers already-encrypted transactions), and creates a single 'rollup' transaction as an output - that single transaction is then validated by Ethereum. The really tough thing about building Aztec has been to make this first collection of proofs - the private transactions - fast enough for users to compute locally on their computers - i.e. ensuring zero data leakage to Aztec nodes, or anyone else. If we computed these proofs remotely, we could simply have deployed massive FPGA resources and the research overheads would have been vastly reduced. However, this would undermine user privacy, which is unacceptable to us. That's a good point about the opportunity to go multi-chain. Like any capital-constrained company, there's a trade-off between the operational costs of setting up an L2 on another blockchain, versus continuing to improve the cryptography and functionality on the existing structure. Aztec would easily be able to serve other blockchains, and likely will do in due course.
  • SA
    Sanne A.
    18 February 2021 @ 07:02
    Thank you for giving an early insight into Aztec and putting it on my radar.
  • TP
    Tom P.
    16 February 2021 @ 22:42
    So much information here. Very interesting. However, I needed a definition book to go with this video. So many terms went over my head. I'm involved in crypto, but I needed a second hit of Ritalin to stay on top of everything.
  • MB
    Malcolm B.
    16 February 2021 @ 21:59
    I see that Thomas has a Cambridge maths degree and is clearly brilliant. He's onto to something that is going to be huge I think and I wish him well. I really enjoyed this interview. BTW great job Sebastian!
  • SB
    Steve B.
    16 February 2021 @ 21:47
    I am very new to the Crypto / Blockchain world and I found this interesting and educational. Thank you both.
  • JP
    John P.
    16 February 2021 @ 16:40
    Really good one.
  • KW
    Kris W.
    16 February 2021 @ 09:03
    Brilliant interview. Thank you so much.