Graph Privacy

A cryptographic method allowing one party (the prover) to prove to another (the verifier) that a statement is true without revealing any information beyond the validity of the statement itself. This is foundational for privacy-preserving transactions and scalability solutions.

• Types: zk-SNARKs (Succinct Non-Interactive Arguments of Knowledge) and zk-STARKs (Scalable Transparent Arguments of Knowledge).
• Use Case: ZK-Rollups bundle transactions off-chain and submit a validity proof to the main chain, hiding details while ensuring correctness.

A cryptographic protocol that allows a user to commit to a chosen value while keeping it hidden, with the ability to reveal it later. The commitment is binding (cannot change the value) and hiding (does not reveal the value).

• Example: A Pedersen commitment used to hide transaction amounts or asset types in protocols like Mimblewimble.
• Function: Enables private balances and selective disclosure, forming a building block for more complex privacy systems.

A type of digital signature where a signer from a group can produce a signature on behalf of the entire group, making it computationally infeasible to determine which member's key was used. This provides anonymity within a set.

• Primary Use: Obscuring the origin of a transaction. Used in privacy coins like Monero.
• Mechanism: A transaction is signed with a set of possible signers (a ring), making the true signer indistinguishable from decoys.

A privacy technique that generates a unique, one-time address for each transaction sent to a recipient. This prevents transaction graph analysis by breaking the link between the recipient's public address and on-chain transactions.

• How it works: The sender uses the recipient's public view key and a random nonce to compute a unique destination address on the blockchain.
• Outcome: All payments to the same recipient go to different addresses, making it impossible to cluster funds by destination.

A form of encryption that allows computations to be performed on ciphertext, generating an encrypted result which, when decrypted, matches the result of operations performed on the plaintext. Enables private computation on encrypted data.

• Application: In blockchain, it can allow for private smart contract execution or confidential decentralized finance (DeFi) operations without exposing input data.
• Challenge: Currently limited by significant computational overhead compared to other techniques.

A cryptographic protocol that distributes a computation across multiple parties where no single party can see the others' private inputs. The protocol ensures the output is correct and the inputs remain confidential.

• Blockchain Use: Private key management (distributed key generation and signing), enabling secure, non-custodial wallets and cross-chain bridges without a single point of failure.
• Benefit: Enhances security and privacy for institutional-grade custody and decentralized governance.

A transaction graph is a network model where nodes are addresses and edges are transactions. Analyzing this graph can reveal sensitive patterns, such as:

• Clustering: Linking multiple addresses to a single entity (e.g., an exchange or whale wallet).
• Flow Analysis: Tracing the movement of funds to identify sources, destinations, and mixing patterns.
• Behavioral Fingerprinting: Inferring user activity (e.g., DEX trading, NFT minting) from transaction metadata and timing.

The pseudonymous nature of blockchain addresses is compromised by address linking techniques. Common methods include:

• Common Input Ownership Heuristic: If multiple inputs are used in a single transaction, they are likely controlled by the same entity.
• Change Address Identification: Identifying output addresses that return 'change' to the sender.
• Off-Chain Data Correlation: Matching on-chain activity with known information from centralized exchanges (KYC data), social media, or IP addresses.

Several cryptographic protocols aim to enhance graph privacy by obfuscating transaction graphs:

• Zero-Knowledge Proofs (ZKPs): Used in zk-SNARKs (Zcash) and zk-Rollups to prove transaction validity without revealing sender, receiver, or amount.
• CoinJoin & Mixers: Protocols that combine multiple payments from multiple spenders into a single transaction to break direct on-chain links.
• Stealth Addresses: Generate a unique, one-time address for each transaction to prevent address reuse and linking (e.g., Monero, ERC-5564).

Privacy features create a fundamental tension with regulatory requirements for Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF). Key challenges include:

• Travel Rule Compliance: The FATF's Travel Rule requires VASPs to share sender/receiver information, which is incompatible with strong privacy protocols.
• Surveillance and Blocking: Regulators may pressure protocols to implement backdoors or view keys, undermining trustless guarantees.
• Protocol Design Choices: Teams must navigate whether to build permissioned privacy (with compliance features) or permissionless privacy, each with different adoption and regulatory risks.

Even advanced privacy systems have inherent limitations and potential vulnerabilities:

• Metadata Leakage: Timing, transaction fees, and gas usage patterns can leak information.
• Network-Level Attacks: Eclipse attacks or traffic analysis can correlate transaction broadcasts with IP addresses.
• Trusted Setup Requirements: Some ZK systems (e.g., early zk-SNARKs) require a trusted setup ceremony, introducing a potential point of failure.
• Adversarial Machine Learning: Sophisticated clustering algorithms can sometimes break privacy guarantees by analyzing residual patterns.

Blockchain systems exist on a spectrum from full transparency to strong privacy, each with trade-offs:

• Transparent Ledgers (Bitcoin, Ethereum): Enable auditability and trust minimization but expose all financial data.
• Optional Privacy (Tornado Cash, Aztec): Provides privacy as a user-activated feature, but can stigmatize users of these tools.
• Default Privacy (Monero, Zcash shielded pool): Privacy-by-default offers stronger guarantees but faces greater regulatory scrutiny and potential exchange delistings.
• Institutional/Enterprise Privacy: Often uses private channels (channels, sidechains) or MPC for confidential transactions among known participants.

A protocol or smart contract that obscures the link between a transaction's sender and recipient by pooling and redistributing funds. It increases transaction graph anonymity by breaking the direct on-chain trail.

• Also known as a coin mixer or tumbler.
• Operates by taking inputs from multiple users and outputting funds to new addresses after a randomized delay.
• Provides a weaker, heuristic form of privacy compared to cryptographic methods like ZKPs.

A one-time address generated by a sender for each transaction to a recipient, preventing the public linking of all payments to the recipient's static address. It enhances recipient privacy.

• The recipient uses a view key to scan the blockchain for transactions intended for them.
• A spend key is required to move the funds.
• This mechanism ensures that outside observers cannot determine if two payments were sent to the same entity.

A transaction protocol that hides the transacted amount using cryptographic commitments and range proofs. It protects financial privacy by encrypting the value field on the ledger.

• Relies on Pedersen Commitments to create a cryptographic commitment to the amount.
• Bulletproofs or other range proofs are used to prove the committed amount is non-negative without revealing it.
• Prevents chain analysis based on transaction values.

A secure, isolated area within a main processor that guarantees code and data loaded inside are protected with respect to confidentiality and integrity. Used as an alternative hardware-based approach to privacy.

• Examples include Intel SGX and AMD SEV.
• Sensitive computations (like private smart contracts) are executed within the TEE, with only encrypted inputs and outputs visible on-chain.
• Provides privacy but introduces a trust assumption in the hardware manufacturer.