Most blockchains are pseudonymous networks: we don't necessarily know the entity behind an address, but we can see all the actions and possessions of each address. However, it is possible to push confidentiality further to obtain anonymous blockchains.
On-chain anonymity may be desired for two main reasons:
Protect privacy by preventing everyone from having access to transactions, assets and personal data associated with an address Prevent predatory strategies in decentralised finance, such as front-running in trading or manipulating the price of an asset to force a liquidation Integrating anonymity into a blockchain is complex, as it is a network where participants must synchronise and reach a consensus on its state. This process becomes significantly more complicated when the data on the network is encrypted.
In short, the challenge is to anonymise the activity on the blockchain while allowing anyone to check that this activity complies with the rules of the network.
Projects aimed at providing on-chain anonymity mainly rely on four encryption technologies.
Zero knowledge proofs (ZKP) are proofs that make it possible to demonstrate the veracity of information without revealing its content (for example: proving that a person is of age without disclosing their age). They have the advantage of being succinct, meaning they can be used to quickly verify the result of a long and complex calculation.Fully Homomorphic Encryption (FHE) allows calculations to be performed on encrypted data without ever decrypting it, thus ensuring confidentiality throughout the calculation process.Multi-Party Computation (MPC) enables several parties to perform collective computations on shared data while preserving its confidentiality. Each party only has access to its own data, without knowing what the others have.Trusted Execution Environments (TEE) are secure areas based on computer hardware that allow information to be processed without it being accessible to the rest of the system or to other individuals. Their advantage lies in their low latency and reduced cost compared to other solutions.However, each of these technologies has limitations:
For ZKPs, an entity must have access to the data to generate the proof. This creates a potential trusted third party (unless you generate your proof yourself) and restricts the types of applications possible, as it is not possible to perform operations on the data they encrypt. FHE loses its appeal if a centralised entity has the decryption key. What's more, this technology is still very slow and expensive. In the case of MPC, there is a risk of collusion between the various parties. EEPs, as their name suggests, require trust in their correct operation. There are several cases where the security of TEEs has been compromised in the past. It is nevertheless possible to combine these technologies to overcome their limitations. For example, MPC extends the use cases of ZKs by allowing multiple parties to generate a proof on a common complex function. MPC can also be combined with FHE to split the encryption key, avoiding reliance on a single point of failure.
The use of different encryption methods varies according to use cases and, more importantly, their respective maturity.
Transaction anonymisation In most cases, transaction anonymisation is based on ZK (zero-knowledge) technology. This technology anonymises transactions by giving only the result and proving its validity. In this way, a blockchain can move from one state to another without revealing the details of the transition.
Aztec and Polygon Miden, Ethereum layer 2s in development, aim to enable users to generate a ZKP (zero-knowledge proof) themselves when they perform transactions. This proves the validity of the transaction without revealing the information, since the proof is not generated by a third party. These individual proofs can then be aggregated to generate a new ZKP that is simple to verify.
Their aim is to enable total anonymity of transactions carried out by users. The major challenge will be to also anonymise the details of more complex transactions interacting with smart contracts. Another challenge is to speed up ZKP generation for users.
Payy, an Ethereum layer 2 specialising in payment, is already managing to carry out simple transactions where users generate their ZKP themselves in a few seconds on a phone.
Zcash, a layer 1 also specialising in anonymous payments, already relies on ZKPs and is now looking to enable its users to generate them themselves.
Monero is often compared to Zcash, as it is also a layer 1 specialized in anonymous payments. However, Monero does not use ZK technology, but rather relies on a combination of other technologies: circle signatures that protect the sender's anonymity, stealth addresses that preserve the receiver's anonymity, and RingCT that hides transfer amounts. Unlike Zcash, which leaves the choice to its users, Monero is anonymous by default.
However, these cryptocurrencies are coming under increased scrutiny from regulators. Monero's token, XMR, has been progressively withdrawn from most major exchange platforms.
Anonymising transactions does not always have to be done at the level of the network itself. Some applications make it possible to anonymise transactions on public blockchains. The best known is Tornado Cash, which uses ZKPs to anonymise the issuer of a transaction.
Renegade, an application on Arbitrum, relies on a ZKP-MPC architecture to enable trades to be made within dark pools. This means that two people can make a trade without anyone else being aware of it. What's more, participants' addresses are not revealed to anyone, not even their counterparty.
Anonymisation of address balances Fully Homomorphic encryption (FHE) enables trades to be carried out on encrypted data. This makes it possible to anonymise all the address data on a blockchain while preserving its smooth operation, without ever having to decrypt this information.
Zama is one of the leading companies in this field. The Big Whale conducted an interview with its CEO Rand Hindi (written transcript available here) :
VIDEO
Fhenix, an Ethereum layer 2 in development, aims to create a blockchain where transfer amounts and address balances are fully encrypted.
Circle and Inco, a service built on EigenLayer, have used FHE to add a layer of anonymity to ERC20 tokens on public blockchains. The aim is to anonymise both an address's token balance and the amount of the transfers. However, the addresses involved in these token exchanges remain visible, mainly for regulatory compliance reasons.
Block creation Anonymising the block creation process can help minimise MEV (Miner Extractable Value) and allow a fairer arrangement of transactions within a block.
As part of their collaboration with Unichain, Flashbots has announced "Rollup-Boost": a build aimed at optimising block creation within Layers 2. The architecture relies in particular on a TEE (Trusted Execution Environment) to create an encrypted mempool: user transactions are sent directly to the TEE, where they are then ordered and executed according to a verifiable logic certified by the TEE. These transactions only become public once the block has been produced.
This example clearly illustrates the value of different anonymity methods depending on their use case. In this case, a TEE certainly offers less security for data anonymisation, but it is also the encryption method with the lowest latency. Its use is therefore perfectly suited to a context where data only needs to be anonymised for a short time, namely the time it takes to build a block.
Other projects such as Radius aim to create an encrypted mempool based on ZK (Zero-Knowledge) technology. However, its implementation is less practical, particularly in a setting where blocks need to be produced at high frequency.
Conclusion On-chain confidentiality applies at all levels, with each method offering different trade-offs in terms of performance and security.
ZKPs have seen the most significant evolution in recent years, thanks to the combined work of companies such as Starkware, Polygon Labs, Succinct and RISC Zero. The cost and time required to generate ZKPs have been drastically reduced, making them useful in many applications. This improvement should continue, thanks in particular to the development of computer hardware specially designed for their generation.
On the other hand, FHE still seems far from having reached this level of maturity, which limits its implementations.
The combination of different encryption methods makes it possible to strengthen their security. For example, it is possible to use these methods within a TEE, which then becomes a kind of additional layer of security.
A major challenge for confidentiality remains regulation. Many states have put pressure on exchange platforms to withdraw Monero. In addition, Tornado Cash developer Alexey Pertsev remains in custody on money laundering charges.
