Vitalik's recent blog post, "An incomplete guide to stealth addresses," lays out a list of privacy-enhancing tools for the future of crypto. He focuses mainly on stealth addresses: how they enable private transactions, the cryptography behind them, quantum resistance, and social recovery challenges. Considering the current state of the TornadoCash lawsuit and the fear with which exchanges approach privacy-focused cryptocurrencies such as ZCash and Monero: how do we move forward? Towards the end, we find a future direction:
it is my view that wallets should start moving toward a more natively multi-address model (eg. creating a new address for each application you interact with could be one option) for other privacy-related reasons as well
In this response blog post, we wanted to dig deeper into the implications of this and the technical challenges to solve. Today, most crypto applications pick an L1 ecosystem and build on its infrastructure. This means depending on the L1 for many important security decisions: cryptography, consensus, community, etc. For applications focusing on privacy, the fork in the road is to either build on top of a privacy-focused L1 or to pick the L1 based on adoption and add a layer of privacy. Recent advances in zero-knowledge/zk proofs technology have driven a lot of advancement and speed of execution for the latter, including us. However, zk tech raises many technical challenges. In a previous blog post, we described how privately verifying ECDSA signatures to prove that you own one of the addresses in a group can be computationally expensive but now possible. Similarly, there are a lot of exciting developments in proving facts about one of your addresses: for creditworthiness, social graph applications, access gating, KYC, and many more.
In this realm, there are a lot of dangers to worry about. A single, high-value address is an excellent target for any adversary. Historically, wallets' UX has not helped prevent scams and fraud. One signature on a wrong message can drain all your funds. Further, as Balaji points out in this talk, humans portray different versions of their identity depending on the social situation. In an ideal world, our digital identity should emulate this variety. Clearly, a single do-it-all address has many downsides. Luckily, the recent advances set us up to take a step further.
Let us now increase the complexity of the technical challenges by moving to a world supporting a multi-address digital identity. The key feature of this world is the modularity of identity. Perhaps you want to combine your high-value social credentials (think Reddit karma, old Twitter blue tick) with your creditworthiness to convince your lending agency to lower interest rates. Or you want to combine your academic credentials (alma mater, expertise, etc.) with your high net worth on a privacy-preserving dating app. Regardless of the social connotations, the technology supporting such modularity is highly desirable.
So what are the challenges we face? Following are some high-impact engineering and cryptography challenges worth solving:
- Wallet UX: Existing wallet solutions leave something to be desired. Smart(er) wallets that prevent scams, wallet draining, and multi-address functionality are much needed. The complexity of generating new addresses whenever sending or receiving tokens should be completely hidden from the user.
- Batch-(private)-verification of signatures: This problem has many layers. The first layer is batching signatures from the same address. Then you can batch signatures from multiple addresses owned by the same individual. Batching signatures from multiple addresses owned by different individuals adds another layer of complexity. Luckily, existing work on batching zk proofs should come in handy in solving these issues. Solving this problem has many levels: first, develop a cryptographically secure solution, implement the same solution and then optimize the heck out of it!
- Compliance: Filing taxes is hard enough without crypto being involved. Those playing around every day with multiple addresses daily are truly playing this game on hard mode.
- Richer social interactions: When modularity, privacy, and verifiability combine, inhibitions and hesitation in social interactions are eliminated. We believe this would unlock a new digital social experience that does not exist out there today.
Why should you care? A philosophical response to this is that privacy is a human right. We mean this very concretely: in its absence, you are truly at the whim of your government. The recent hubbub in the space on CBDCs has many implications. Your financial freedom can be encroached upon at any point if all you have is digital money controlled by your government. On a different note, this crypto winter should build products and experiences that were the key pain points in the past cycles. We look forward to better wallets, privacy, interoperability, compliance, and social 🫖 platforms.
Thank you, Vitalik, for another excellent blog post!