Immutability vs. Privacy: Anonymizing Blockchain Transactions

What is Blockchain?

Blockchain can be defined as a shared, permanent ledger that facilitates the process of tracking and recording anything of value, e.g. personal identifying information (PII). A key characteristic of blockchain is decentralization (unlike traditional book ledgers or computer databases on a single system). The crux of decentralization is that a large network of computers communicate with each other to verify correct inputs, blocks, before being permanently included into the blockchain ledger. This authenticity method makes fraud nearly impossible and gives control to a large network of users.

Blockchains can be public or private. Public blockchains are available to any user who wishes to access them while private blockchains require individual systems/devices (nodes) to be granted access to the blockchain to interact with it and view transactions. The advantages of using a public blockchain include decentralization, transparency, and immutability. Though private blockchains provide users with more privacy, they are centralized which greatly reduces the advantages above. For further explanation of blockchain, click here.

Privacy and Blockchain

Cryptocurrencies (crypto) like Bitcoin and Ethereum use public blockchains to operate. A common misconception is these cryptos are anonymous by default. In fact, they are “probably the most transparent payment networks in the world.” Privacy concerns arise when sharing crypto account numbers since all transactions associated with the account number may be viewed on the permanent blockchain ledger. This transparency makes individuals’ transactions traceable by anyone who desires to view the ledger. Consequently, crypto account holders become subject to revealing themselves and their transactions by sharing their crypto account number. For more information on cryptocurrency, click here.

Early privacy advocates sought to anonymize crypto transactions through “mixers.” Mixers pool crypto funds from multiple inputs to obscure the trail back to the fund’s original source. The funds are distributed at random times and can be difficult to trace. However, through forensics work, the link can be reestablished.

Potential Solutions

· The Bitcoin Improvement Proposal no. 47 (BIP-47) offers “a technique for creating a payment code which can be publicly advertised and associated with a real-life identity without creating the loss of security or privacy inherent to address reuse.” Essentially, using BIP-47 in a crypto wallet allows users to gather payment with a reusable payment code—similar to PayPal and other payment apps. However, the reusable payment code is a decoy address which never reuses the same address. This allows the transaction to be private and avoids transaction traceability.

· A class of cryptocurrencies provide private transactions as a defining feature. Some of these “privacy coins” include Monero, Zcash, and Suter. The different privacy coins have various privacy protocols, each with their own advantages and disadvantages in terms of performance and scalability. Though privacy coins offer more privacy than traditional crypto options, they are imperfect and susceptible to re-identification through forensic work.

· Another solution is to use Suter Shield. Suter Shield allows users to transfer crypto anonymously by processing the transaction through their network. The application uses an updated version of Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (Zk-SNARK), which allows one party to prove it possesses specific information without revealing that information. You can read the technicalities of the updated version, Zk-conSNARK, here.

· Lastly, using a payment processor, like BTCPay, allows organizations and merchants to automate creation of new addresses for every transaction to maintain privacy. The service eliminates crypto intermediaries by routing payments directly to the receiver’s wallet without re-using a payment address. BTCPay also does not require the user’s private key to generate transactions. More information about BTCPay can be found here.

An ideal solution will adequately protect users’ privacy while taking advantage of the benefits of blockchain technology by using a public blockchain. Absolute anonymity must be weighed against illicit uses of crypto, such as money laundering. Real-time auditing can combat criminal activity and support existing regulations.

About Ardent Privacy

Ardent Privacy is an "Enterprise Data Privacy Technology" solutions provider based in the Maryland/DC region of the United States and Pune, India. Ardent harnesses the power of AI to enable companies with data discovery and automated compliance with DPB (India), RBI Security Guidelines, GDPR (EU), CCPA/CPRA (California), and other global regulations by taking a data-driven approach. Ardent Privacy's solution utilizes machine learning and artificial intelligence to identify, inventory, map, minimize, and securely delete data in enterprises to reduce legal and financial liability.

For more information visit https://ardentprivacy.ai/and for more resources here.

Ardent Privacy articles should not be considered legal advice on data privacy regulations or any other specific facts or circumstances.