Over ten years ago Bitcoin was introduced to the world. It’s main innovation was the blockchain, an immutable and decentralized ledger. Such an open and publicly verifiable system can increase efficiency and security, and lower trust barriers for all kinds of transactions.
As the cryptocurrency industry underwent rapid growth, enterprises started to take notice. With information such as user and financial data being more valuable than ever before, a technology that allows businesses to transact and confirm data is priceless. Specifically, the notion of smart contracts as popularized by Ethereum, enables many types of business applications to run on top of a blockchain network.
Despite this innovation, people have started to realize that the radical transparency of blockchain networks is a double-edged sword. To verify the current state of a blockchain, a typical user must have access to the entire history of transactions stored within it. This means that a business using a public blockchain would be posting its data for the entire world to see.
The need for permissioned blockchains
The open nature of networks such as Bitcoin and Ethereum appears to be in stark contrast to some vital interests of enterprises. Where the former systems’ main goals are transparency and remaining permissionless, the latter parties need control over data accessibility and transaction flows. The reason for this is twofold:
- The data owned by enterprises is valuable. Using a public blockchain equates to giving it away to the competition for free.
- Enterprises have to function in a compliant manner. They must follow privacy protection rules such as GDPR and regulations relating to KYC/AML.
Controlling transaction flows on a public blockchain has a rather straightforward solution. A smart contract can create rules which specify requirements for transactions involving certain parties or assets. The owner of the smart contract can set rules that allow them to freeze or revert transactions. These abilities allow enterprises to assist law enforcement even on a public blockchain. Stablecoins like USDC work thanks to these types of functionalities. While this is a crucial aspect on the road towards blockchain adoption by businesses, the lack of privacy remains a glaring issue.
So how can enterprises make use of blockchains without giving up their valuable data? Many large companies have been exploring ways to do this through private or permissioned blockchains. These blockchains allow for strict control over who can access the data stored in the underlying ledger or take part in consensus. JPMorgan uses such a permissioned ledger for their JPM Coin.
Moving toward ZK-Fi
These permissioned networks are a step in the right direction for enterprises. Still, anyone with access can still see all the data stored within. To enable freedom in granting access to permissioned ledgers, more privacy is still necessary. This is where zero-knowledge proofs(ZKP) come in. Enterprises can use ZKPs to prove statements are true, without revealing sensitive data to the blockchain.
Certain developments show the industry is starting to move in this direction. Hyperledger uses ZKPs to enable anonymous credentials through their Identity Mixer protocol. They are also researching other applications such as confidential assets and transactions. Likewise, Deloitte has adopted ZKP into its Eduscrypt platform. This enables organisations to track, share, and validate qualifications of staff without revealing confidential information. ING introduced a Zero Knowledge Proof Notary, which improves the privacy and security of transactions on Corda, an open source blockchain platform. All these examples point towards the power of ZKP to balance privacy and transparency in an unprecedented manner.
The benefits of ZKPs are even more wide-ranging though. Enterprises currently use permissioned ledgers to mitigate privacy and compliance concerns. They are, however, not without their drawbacks. Besides imposing more costs than using a public blockchain, they lack interoperability, thereby creating a bunch of siloed networks. Luckily, applications of ZKP that were developed for permissioned ledgers can also be used on public blockchains. With these, businesses can safely move over to public networks and enjoy a higher level of security and interoperability. In an attempt to speed up ZKP adoption on public blockchains EY released an open-source repository in 2019 called ‘Nightfall’. This is a protocol for privacy-preserving ERC-20 and ERC-721 token transactions on Ethereum.
Combining privacy and control
We now know it’s possible to solve privacy concerns enterprises have on a public ledger by using ZKP tech. But what about the second issue, that of controlling transaction flow and complying with regulations? If all private transactions are indistinguishable from each other, how can an enterprise begin to know which transactions may be suspicious? And even if they could freeze transactions, how could they enforce such policies while retaining privacy? Simple privacy-preserving transactions won’t be enough.
Thus, if we want to remove the need for permissioned ledgers, we need to let enterprises:
1. centrally manage their assets on a public ledger;
2. do so without leaking sensitive information to third parties.
Recent research, such as Zexe, enables that functionality. Zexe and similar constructions apply ZKPs beyond simple transfers to proving execution of arbitrary functions. Enterprises can then create smart contracts that emulate a private blockchain in which they set the rules for state transitions. For example, an enterprise could only allow addresses that have passed KYC onboarding to interact with their smart contract. After a transaction takes place, the enterprise generates a ZKP and publishes it to the blockchain. This proves that a valid state transition has taken place, without revealing any more details. Further techniques such as selective disclosure and tracing keys allow even more fine-grained data access control.
As we have discovered, ZKPs solve the problems of privacy and control which drive enterprises to permissioned ledgers. Adoption of public blockchains will further reduce cost and remove the need for a consortium to handle governance and consensus.
Businesses so far have had a hard time gaining access to DeFi applications. Beyond regulatory concerns, deploying on permissioned enterprise blockchains means they lack the interoperability required to interact with DeFi in the first place. This is no longer the case by launching on a public ledger. And by using ZKPs, they don’t have to worry about leaking sensitive data associated with their transaction activity
DeFi applications have started to take notice of the potential as well. Aave recently revealed a permissioned pool for institutions featuring KYC and AML restrictions. This is a perfect app to apply ZKP to. For example, anonymous credentials could protect the identities of users who have passed KYC. This combination of privacy and control grants entry into the world of DeFi for countless institutions.
Businesses deploying on public blockchains can also take advantage of their inherent composability, both with each other and with the broader world of Dapps and DeFi. Perhaps CZ named this phenomenon most aptly: ‘CeDeFi’. His only mistake was not realizing this would be a global industry spearheaded by zero knowledge, rather than a parochial notion of copying Dapps onto centralized infrastructure.
Instead of fearing privacy as only a weapon for criminals, we should acknowledge the breadth of its uses and embrace it. Thanks to programmable ZKPs, institutions will be able to adhere to regulations without leaking valuable and sensitive data to prying eyes. By enabling privacy without giving up compliance capabilities, dApps built on public blockchains will be able to onboard enterprises on an unprecedented scale. CeDeFi is only the beginning of a monumental shift towards ZK-Fi: a world of ZKP empowered applications open to individuals and enterprises alike.