Understanding Privacy and Security Limitations
With the advent of the Internet, the way we use money has changed, with banking and financial services moving online. Along with this ease came a new type of digital money known as cryptocurrency, which uses cryptography techniques to control the generation new units of currency and verify the transfer of funds.
The first successful cryptocurrency, Bitcoin, started in 2009 and has seen a steady, sometimes meteoric, increase in value. Since then, many other cryptocurrencies have launched, some successful, some not.
As with many other aspects of the Internet, cryptocurrencies present new challenges in privacy and security. Weidong ‘Larry’ Shi, associate professor of computer science in the College of Natural Sciences and Mathematics, is researching the limitations of privacy with cryptocurrency transactions.
Cryptocurrencies Rely on Blockchain
“The concept of cryptocurrency is not new,” Shi said. “In the past, everyone was trying to come up with electronic cash systems, and all these attempts failed. Bitcoin was the first cryptocurrency to bypass the bank, instead relying on a peer-to-peer system based on blockchain.”
Bitcoin offers certain advantages, the first being pseudonymity and the second being automated record-keeping. With blockchain, the entire network records and verifies each transaction in an ever-expanding ledger, the idea being that an entire community of peers will ensure the fidelity of these records.
“To have a real working system, there are a lot of challenges,” Shi said. “One of these is the matter of security.”
Cryptocurrencies are Pseudonymous
In theory, cryptocurrency is pseudonymous, with cash being stored in an online wallet identified only by a username that is not directly linked to a person’s real-world identity.
However, since all of the transactions are recorded on a peer-to-peer network, this information is publicly available. If a virtual wallet gets linked to a specific person, then all of their transaction information, such as what they send, when they send it, and how much they spend, becomes public knowledge.
Zero-Knowledge Proofs Used to Protect Privacy
Cryptocurrencies are trying to circumvent this issue by using zero-knowledge proofs, which use intermediaries to mask the connections between buyers and sellers, thus preserving privacy. Shi’s research focuses on establishing the level of privacy offered by zero-knowledge proofs.
“The concept of a zero-knowledge proof is about verifying the truth without revealing what that knowledge is,” said Nour Diallo (’17), a master’s student in Shi’s research group. Also involved in this research is Nolan Shah, an undergraduate student in computer science.
An example of a zero-knowledge proof would be someone proving they know their ATM pin number by withdrawing money. Since this is an action that requires the pin number, the act of withdrawing demonstrates their knowledge without revealing the specific number.
These transactions, known as oblivious transactions, work by pooling funds, with senders depositing and receivers withdrawing payments from this pool. Accompanying these payments and withdrawals are zero-knowledge proofs that establish transactional information without divulging the actual specifics of the transactions, such as who is receiving from whom.
Establishing Probabilities for Zero-knowledge Transactions
However, as with any system, there are guaranteed to be flaws that can reveal the link between a sender and receiver in an oblivious transaction. Shi’s research group is focused on understanding these limitations.
“We are trying to evaluate, from a theoretical perspective, if it is possible to recover information from these oblivious transactions,” Shi said. “This problem can be solvable to a certain extent, if we are not looking for a perfect solution, but rather a probability.”
- Rachel Fairbank, College of Natural Sciences and Mathematics