Ethereum co-founder Vitalik Buterin has revealed that currently there are “large privacy problems” in the Ethereum (ETH) ecosystem.
Per Buterin’s words:
The default behavior is to do everything through a single account, which allows all of a user’s activities to be publicly linked to each other. It seems like this can be improved by using multiple addresses, but not really: the transactions you make to send ETH to those addresses themselves reveal the link between them.
Adding A Mixer To Ethereum Could Enhance Privacy
In order to enhance user privacy on the Ethereum blockchain, Buterin suggested using a “minimal mixer design” which would allow users to send “fixed quantities” of ETH. The crypto address mixer would let users transfer ether from one account to another “without the link being visible on-chain.”
Implementing this type of mixer design on the Ethereum network would “be a great first step in alleviating” or addressing (to a certain extent) the lack of sufficient privacy on the largest smart contract platform, Buterin suggested.
Many Ethereum Applications Don’t Require Large ETH Transfers
He added that even if small amounts of ETH are “targeted” by the mixer, such as a fixed denomination of around 0.1 ether, it might still significantly improve the overall privacy of the nascent Ethereum ecosystem. According to Buterin, there are many different Ethereum-based decentralized applications (dApps) that do not process large volume ETH transactions as they only require small quantities of ETH to “pay for small-scale security deposits and/or application and particularly transaction fees.”
As noted by Buterin in a blog post published on HackMD (on May 23, 2019), a simple version of the minimal mixer design can be implemented by issuing two contracts on the Ethereum mainnet, including a “mixer contract” and a “relayer registry contract.”
Mixer Contract To Perform Deposit And Withdraw Functions
The Russian-Canadian programmer mentioned that the mixer would perform two main functions:
- Deposit (bytes32 commitment) “payable verifies that DENOMINATION ETH (eg. 1 ETH) was sent along with the call, and if so, it adds the commitment to a list of commitments. It also maintains a Merkle tree of all commitments [so] far that uses some SNARK-friendly hash function”;
- Withdraw (address destination, bytes proof) “verifies that (i) proof is a valid ZK-SNARK that proves that destination and some commitment in the tree are related to each other (eg. destination = H(commitment + salt)) but does not reveal which commitment the witness corresponds to, and (ii) destination has not yet been used. Upon success, it pays out DENOMINATION - FEE to the destination and FEE to msg.sender”
Meanwhile, the relayer registry is a simple contract that any user can “publish their IP address for a small fee (note that this could be re-used for other applications and not be mixer-specific)”, Buterin explained.
The Bigger the “Anonymity Set”, the Greater the Privacy
In statements shared with CoinDesk, Buterin mentioned that the “‘anonymity set’ is cryptography speak for ‘set of users that this thing could have come from.’”
For instance, “if I sent you 1 ETH and you can’t tell who exactly it was from but you can tell that it came from (myself, Alice, Bob or Charlie), then the anonymity set has size 4.” He added that the larger the size of the anonymity set, the greater the level of privacy a user may have.