On the challenges of enhancing blockchain privacy

Abstract

Most blockchain and smart contract platforms store transactions publicly on the ledger. User accounts in these systems rely on public keys to prevent direct identification of the parties. However, various de-anonymization techniques have been used to disclose users’ data, highlighting the weakness of this approach. As a result, the implementation of certain decentralized applications is challenging, especially those involving personal and financial data. In this context, several solutions have been proposed to provide privacy for users of blockchain and smart contract applications. Nonetheless, implementing these solutions is not trivial and introduces additional challenges related to performance, transaction costs, and application complexity. This article describes the practical implementation of Miles2Coins, a blockchain application for buying and selling tokenized airline miles, and details the intricate process of integrating it with Anonymous Zether, a solution designed to provide privacy and anonymity for the parties involved in these transactions. The challenges faced during this integration are explored, revealing key limitations and highlighting the ongoing need for improved privacy approaches in this scenario.

Keywords

Blockchain smart contracts privacy

Get full access to this article

View all access options for this article.

References

Nakamoto

. Bitcoin: A peer-to-peer electronic cash system. Bitcoin 2008; 1: 1–9.

Buterin

. A next-generation smart contract and decentralized application platform. Ethereum Project White Paper 2014; 1: 1–36.

Wood

. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 2014; 151: 1–32.

Ivanov

Yan

, et al. Security defense for smart contracts: A comprehensive survey. ACM Comput Surv 2023; 55: 1–37.

Kosba

Miller

Shi

, et al. Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. In: 2016 IEEE symposium on security and privacy (S&P), 2016, pp.839–858. San Jose, CA, USA: IEEE.

Sunny

Hajek

Munk

, et al. A systematic review of blockchain applications. IEEE Access 2022; 10: 59155–59177.

Androulaki

Karame

Roeschlin

, et al. Evaluating User Privacy in Bitcoin. In: Financial cryptography and data security, 2013, Vol. 7859, pp.34–51. Berlin, Heidelberg, Germany: Springer Berlin Heidelberg.

Bernal Bernabe

Canovas

Hernandez-Ramos

, et al. Privacy-preserving solutions for blockchain: Review and challenges. IEEE Access 2019; 7: 164908.

Biryukov

Tikhomirov

. Deanonymization and Linkability of Cryptocurrency Transactions Based on Network Analysis. In: 2019 IEEE European symposium on security and privacy, 2019, pp.172–184. Stockholm, Sweden: IEEE.

10.

Lee

Chew

Liu

, et al. Medical blockchain: Data sharing and privacy preserving of EHR based on smart contract. J Inform Sec Appl 2022; 65: 103117.

11.

Bünz

Agrawal

Zamani

, et al. Zether: Towards Privacy in a Smart Contract World. In: Bonneau J and Heninger N (eds.) Financial Cryptography and Data Security, 2020, Vol. 12059, pp.423–443. Cham, Switzerland: Springer International Publishing.

12.

Jensen

Von Wachter

Ross

. An introduction to decentralized finance (defi). Complex Syst Inform Model Quart 2021; 1: 46–54.

13.

Atlantic Council. Central bank digital currency tracker – Alantic Council. https://www.atlanticcouncil.org/cbdctracker/, 2024.

14.

Jahan

Loukoianova

Papageorgiou

, et al. Towards central bank digital currencies in Asia and the Pacific: Results of a regional survey. 2022 https://www.imf.org/en/Publications/fintech-notes/Issues/2022/09/27/Towards-Central-Bank-Digital-Currencies-in-Asia-and-the-Pacific-Results-of-a-Regional-Survey-523914.

15.

Banco Central do Brasil. Drex – Real digital. https://www.bcb.gov.br/estabilidadefinanceira/drex, 2023.

16.

Ben Sasson

Chiesa

Garman

, et al. Zerocash: Decentralized Anonymous Payments from Bitcoin. In: 2014 IEEE symposium on security and privacy, 2014, pp.459–474. San Jose, CA, USA: IEEE.

17.

Zcash. Zcash: Privacy-protecting digital currency. 2024 https://z.cash/.

18.

Noether

. Ring confidential transactions. Cryptol ePrint Archive 2015; 1: 1–18.

19.

Cachin

. Architecture of the hyperledger blockchain fabric. In: Workshop on distributed cryptocurrencies and consensus ledgers, 2016, Vol. 310, pp.1–4. Chicago, IL, USA: IBM Research.

20.

Brown

Carlyle

Grigg

, et al. Corda: an introduction. R3 CEV, August 2016; 1: 15.

21.

Valenta

Sandner

. Comparison of Ethereum, Hyperledger fabric and corda. Frankfurt School Blockch Center 2017; 8: 1–8.

22.

Banerjee

Clear

Tewari

. zkHawk: Practical Private Smart Contracts from MPC-based Hawk. In: 2021 3rd Conference on blockchain research & applications for innovative networks and services (BRAINS), 2021, pp.245–248. Paris, France: IEEE.

23.

Baum

Chiang

JHY

David

, et al. Eagle: E?cient Privacy Preserving Smart Contracts. In: International conference on financial cryptography and data security, 2023, pp.270–288. Cham, Switzerland: Springer Nature Switzerland.

24.

Baumann

Steffen

Bichsel

, et al. zkay v0.2: Practical Data Privacy for Smart Contracts. Arxiv.org 2009.01020, 2020, pp.1–44.

25.

Bowe

Chiesa

Green

, et al. Zexe: Enabling Decentralized Private Computation. In: 2020 IEEE symposium on security and privacy (S&P), 2020, pp.947–964. San Francisco, CA, USA: IEEE.

26.

Jiang

Xie

Chen

, et al. RPSC: Regulatable privacy-preserving smart contracts on account-based blockchain. IEEE Trans Netw Sci Eng 2024; 11: 4822–4835.

27.

Kerber

Kiayias

Kohlweiss

. Kachina – Foundations of Private Smart Contracts. In: 2021 IEEE 34th computer security foundations symposium (CSF), 2021, pp.1–16. Dubrovnik, Croatia: IEEE.

28.

Steffen

Bichsel

Gersbach

, et al. zkay: Specifying and Enforcing Data Privacy in Smart Contracts. In: Proceedings of the 2019 ACM SIGSAC conference on computer and communications security, 2019, pp.1759–1776. London, UK: ACM.

29.

Steffen

Bichsel

Vechev

. Zapper: Smart Contracts with Data and Identity Privacy. In: Proceedings of the 2022 ACM SIGSAC conference on computer and communications security, 2022, pp.2735–2749. Los Angeles, CA, USA: ACM.

30.

Xiong

Chen

Zhang

, et al. VeriZexe: Decentralized Private Computation with Universal Setup. In: Proceedings of the 32th USENIX security symposium, 2023, pp.4445–4462. Anaheim, CA, USA: USENIX.

31.

Dahl

Danjou

Demmler

, et al. fhEVM: Confidential EVM Smart Contracts using Fully Homomorphic Encryption. https://github.com/zama-ai/fhevm/blob/main/fhevm-whitepaper.pdf, 2023.

32.

Diamond

. Many-out-of-Many Proofs and Applications to Anonymous Zether. In: 2021 IEEE symposium on security and privacy (S&P), 2021, pp.1800–1817. San Francisco, CA, USA: IEEE.

33.

Guo

Karthikeyan

Polychorniadou

, et al. PriDe CT: Towards Public Consensus, Private Transactions, and Forward Secrecy in Decentralized Payments. In: 2024 IEEE symposium on security and privacy (S&P), 2024, pp.183–183. Los Alamitos, CA, USA: IEEE Computer Society.

34.

Solomon

Weber

Almashaqbeh

. smartFHE: Privacy-Preserving Smart Contracts from Fully Homomorphic Encryption. In: 2023 IEEE 8th European symposium on security and privacy (euroS&P), 2023, pp.309–331. Delft, Netherlands: IEEE.

35.

Steffen

Bichsel

Baumgartner

, et al. ZeeStar: Private Smart Contracts by Homomorphic Encryption and Zero-knowledge Proofs. In: 2022 IEEE symposium on security and privacy (S&P), 2022, pp.179–197. San Francisco, CA, USA: IEEE.

36.

Cheng

Zhang

Kos

, et al. Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts. In: 2019 IEEE European symposium on security and privacy (euroS&P), 2019, pp.185–200. Stockholm, Sweden: IEEE.

37.

Frassetto

Jauernig

Koisser

, et al. POSE: Practical Off-chain Smart Contract Execution. In: Proceedings 2023 network and distributed system security symposium, 2023. Internet Society. ISBN 978-1-891562-83-9.

38.

Luo

Xue

, et al. EtherCloak: enabling multi-level and customized privacy on account-model blockchains. IEEE Transactions on Dependable and Secure Computing 2024; 22: 771–786.

39.

Secret Network. Secret network: A privacy-preserving secret contract & dapp platform. 2020 https://scrt.network/graypaper.

40.

Yuan

Xia

Chen

, et al. ShadowEth: Private smart contract on public blockchain. J Comput Sci Technol 2018; 33: 542–556.

41.

Kalodner

Goldfeder

Chen

, et al. Arbitrum: Scalable, private smart contracts. In: Proceedings of the 27th USENIX security symposium, 2018, pp.1353–1370. Baltimore, MD, USA: USENIX.

42.

Maxwell

. Coinjoin: Bitcoin privacy for the real world. 2013 https://bitcointalk.org/?topic=279249.

43.

Zhang

Xue

Liu

. Security and privacy on blockchain. ACM Comput Surv 2019; 52: 1–34.

44.

Almashaqbeh

Solomon

. Sok: Privacy-preserving computing in the blockchain era. In: 2022 IEEE 7th European symposium on security and privacy (EuroS&P), 2022, pp.124–139. IEEE, Genoa, Italy: IEEE.

45.

Clifford

. Intro to blockchain: Utxo v’s account based — by Jordan Clifford — medium. https://jcliff.medium.com/intro-to-blockchain-utxo-vs-account-based-89b9a01cd4f5, 2019.

46.

Consensys. Thoughts on Utxos by Vitalik Buterin. https://medium.com/@Consensys/thoughts-on-utxo-by-vitalik-buterin-2bb782c67e53, 2016.

47.

GDPREU. Gdpr archives. 2018. https://gdpr.eu/tag/gdpr/.

48.

Wang

Zhu

, et al. Security enhancement technologies for smart contracts in the blockchain: a survey. Trans Emerg Telecommun Technol 2021; 32: e4341.

49.

, et al. SoK: privacy-preserving smart contract. High-Confidence Comput 2024; 4: 100183.

50.

Intel Corporation. Intel software guard extensions. 2024 https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/overview.html.

51.

Unterweger

Knirsch

Leixnering

, et al. Lessons Learned from Implementing a Privacy-Preserving Smart Contract in Ethereum. In: 2018 9th IFIP International conference on new technologies, mobility and security (NTMS), 2018, pp.1–5. Paris, France: IEEE.

52.

Zhang

Yuan

, et al. A Privacy-Preserving Voting Protocol on Blockchain. In: 2018 IEEE 11th International conference on cloud computing (CLOUD), 2018, pp.401–408. IEEE.

53.

Palanisamy

. Scalable and Privacy-Preserving Design of On/Off-Chain Smart Contracts. In: 2019 IEEE 35th International conference on data engineering workshops (ICDEW), 2019, pp.7–12. Macao, Macao: IEEE.

54.

oagcagov. California consumer privacy act (ccpa). 2023 https://oag.ca.gov/privacy/ccpa.

55.

Oasis Labs Team. Towards an open-source secure enclave. 2018 https://medium.com/oasislabs/towards-an-open-source-secure-enclave-659ac27b871a.

56.

Advanced Micro Devices I. AMD Secure Encrypted Virtualization (SEV) — AMD. 2023. https://www.amd.com/en/developer/sev.html.

57.

Limited

. TrustZone for Cortex-A - Arm. 2024 https://www.arm.com/technologies/trustzone-for-cortex-a.

58.

Belles-Munoz

Baylina

Daza

, et al. New privacy practices for blockchain software. IEEE Software 2022; 39: 43–49.

59.

Fei

Yan

Ding

, et al. Security vulnerabilities of SGX and countermeasures: A survey. ACM Comput Surv 2021; 54: 1–36.

60.

Georgia Institute of Technology. Sgx.fail. 2022 https://sgx.fail/.

61.

Muñoz

Ríos

Román

, et al. A survey on the (in)security of trusted execution environments. Comput Sec 2023; 129: 103180.

62.

Secret Network. Notice: Successful resolution of xapic vulnerability. 2022 https://scrt.network/blog/notice-successful-resolution-of-xapic-vulnerability.

63.

Kaleido. Dvp demystified: The key to seamless asset exchange in the digital economy. 2024. https://www.kaleido.io/blockchain-blog/delivery-vs-payment-dvp-application-on-blockchain.

64.

Uniswap. Home — uniswap protocol. 2023 https://uniswap.org/.

65.

Curve. Pools - Curve. https://curve.fi/dex/, 2025.

66.

Ethereumorg. ERC-1155 Multi-Token Standard. 2023 https://ethereum.org/en/developers/docs/standards/tokens/erc-1155/.

67.

Ethereumor. ERC-20 Token Standard. 2024 https://ethereum.org/en/developers/docs/standards/tokens/erc-20/.

68.

Ethereumorg. ERC-721 Non-Fungible Token Standard. 2023 https://ethereum.org/en/developers/docs/standards/tokens/erc-721/.

69.

Lisi

De Salve

Mori

, et al. Rewarding reviews with tokens: An Ethereum-based approach. Future Gener Comput Syst 2021; 120: 36–54.

70.

Bolt

Lubbersen

Wierts

. Getting the Balance Right: Crypto, Stablecoin and CBDC. De Nederlandsche Bank Working Paper, 2022.

71.

Musharraf

. Ethereum Token Approvals Explained. 2024 https://www.ledger.com/academy/ethereum-token-approvals-explained.

72.

Rosenberg

. How Do Airline Miles Work? 2024. https://www.nerdwallet.com/article/travel/how-do-airline-miles-work.

73.

ETH - SRI Lab. Github - eth-sri/zkay. https://github.com/eth-sri/zkay, 2022a.

74.

ETH - SRI Lab. Github - eth-sri/zkay at sp2022. https://github.com/eth-sri/zkay/tree/sp2022, 2022b.

75.

Kaleido. Github - kaleido-io/anonymous-zether: A private payment system for ethereum-based blockchains. https://github.com/kaleido-io/anonymous-zether/, 2024.

76.

Szaniecki

. The Dencun upgrade is live: Ethereum’s evolution continues at full throttle. 2024 https://hashdex.com/en-US/insights/the-dencun-upgrade-is-live-ethereum-s-evolution-continues-at-full-throttle.

77.

Elgamal

. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans Inform Theory 1985; 31: 469–472.

78.

Groth

Kohlweiss

. One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin. In: Oswald E and Fischlin M (eds.) Advances in cryptology - EUROCRYPT 2015, 2015, Vol. 9057, pp.253–280. Berlin, Heidelberg, Germany: Springer Berlin Heidelberg.

79.

Diamond

. Anonymous Zether: Infrastructure. https://github.com/kaleido-io/anonymous-zether/blob/hardhat/docs/Infrastructure.pdf, 2023.

80.

Kaleido. Github - kaleido-io/anonymous-zether-client: A client implementation for anonymous zether with a rest interface. 2024 https://github.com/kaleido-io/anonymous-zether-client/.

81.

Banco Central do Brasil. Github - bacen/pilotord-kit-onboarding. https://github.com/bacen/pilotord-kit-onboarding/, 2024.

82.

OpenJS Foundation. Node.js – Run JavaScript Everywhere. 2024 https://nodejs.org/.

83.

Nomic Foundation. Hardhat Network — Ethereum development environment for professionals by nomic foundation. 2024 https://hardhat.org/hardhat-network/docs/overview.

84.

Apache Software Foundation. Apache JMeter. https://jmeter.apache.org/, 2024.

85.

Daniel Almendra. dalmendra/Miles2Coins. https://github.com/dalmendra/Miles2Coins/, 2024.

86.

Wakuorg. Waku is Uncompromising Web3 Communication at Scale — Waku. 2024 https://waku.org/.

87.

Etherscan. Ether daily price (usd) chart — etherscan. 2024 https://etherscan.io/chart/etherprice.

88.

Etherscan. Ethereum average gas price chart — etherscan. 2024 https://etherscan.io/chart/gasprice.

89.

Polygon Labs. PoS - Polygon Knowledge Layer. 2024 https://docs.polygon.technology/pos/overview/.

90.

bnbchainorg. BNB Smart Chain (BSC): Bring Smart Contracts to BNB Chain. https://www.bnbchain.org/en/bnb-smart-chain, 2024.

91.

ZKProof Standards. Zether: Towards privacy in a smart contract world. 2019 https://www.youtube.com/watch?v=Nm0tn0vH194.