Privacy-preserving solutions for decentralized permission-less blockchains

Abstract

Permissioned blockchains have established themselves as the solution of choice in applications requiring some form of decentralized trust and privacy preservation. The old school of centralized solutions made permissioned access a natural choice in safeguarding privacy, and the same design models have been brought over to the blockchain context. However, blockchains are a major disruptive innovation, requiring rethinking such solutions. Privacy technologies running on top of decentralized permission-less blockchains are attracting significant research and development. This dissertation investigates the key challenges, in implementing privacy preservation in this context. This theme is explored by tackling a specific problem, for which a design based on permissioned blockchains is already available. The selected case study enables users to provide and withdraw data usage consent. The need for such functionality arises from the General Data Protection Regulation and has broad applicability. The dissertation redesigns the solution to satisfy the original case study requirements. However, it does so for the decentralized permissionless context by applying tokenized privacy and Zero Knowledge Proofs. The new design and its partial implementation enabled investigating whether such solutions can be effectively implemented on a permissionless blockchain. Specifically, a measure of the resource levels required by ZKP-based applications, in terms of storage, processing time and transaction fees is presented. Through this use-case it was demonstrated that mixers provide a good starting point for a wide range of solutions. Results showed the correlation between ZKP complexity, proving key sizes and proof generation times. Comparisons between PGHR13 and Groth16 showed how the ZKP scheme choice impacts applications and why Groth16 is considered an efficiency benchmark. PGHR13 produced, proving keys up to 50% larger, a verification key 97% larger, and a verification cost rise of 220%. However, the two schemes only registered marginal differences in proof generation times. The results for on-chain verification costs were especially interesting. ZKP verification was estimated to only consume 18% of the total cost. Groth16 ZKP verification on Ethereum for November 2021 was estimated to cost €104, whereas the total smart contract cost averaged at €590. Finally, this exercise identified practical challenges that privacy-preserving solutions must solve for them to move to the permissionless context. These include, the challenges arising from representing real world assets using private tokens, financial feasibility, application security, the need for a holistic approach to privacy, the challenges of dealing with spam and malicious transactions, and the application of various decentralization vectors.