Dan Boneh, Professor of Computer Science and Electrical Engineering at Stanford University, his PhD Student Benedikt Bünz, and research sientists Shashank Agrawal, Mahdi Zamani from Visa research, propose a new private payment mechanism, called Zether, that is compatible with Ethereum and other account-based payment systems. According to the research scientists and project developers, Zether can provide both confidentiality and privacy by hiding payment amounts and the identities of senders and recipients. Zether strives not just to make transfers confidential but also to prevent accidental loss of funds.
Rescently published paper, Zether: Towards Privacy in a Smart Contract World, outlines and questions privacy issues arising from the use of smart contracts technology.
“Blockchain-based smart contract platforms have great promise to remove trust and add transparency to distributed applications. Ethereum is a prominent example of such a platform. It provides high-level powerful programming languages like Solidity to build decentralized applications (DApps) with ease. Unfortunately, there is no easy way to add some meaningful level of privacy to these applications,” say developers.
The paper also questions confidential transfers mechanism:
If there was a way to send ether confidentially on Ethereum, perhaps we could leverage it to add confidentiality to important applications like auctions and payment channels. Unfortunately, almost all known ways to transfer confidentially are in the unspent-transaction-output (UTXO) model (popularized by Bitcoin), where the inputs to a new transaction are the unspent outputs of previous transactions. UTXOs are not well-suited for applications that need to maintain some state, so smart-contract platforms like Ethereum operate in the account-based model.
Another drawback of UTXO-based mechanisms is that though they have been proposed to fix privacy issues with Bitcoin, they actually require major changes to Bitcoin’s design and have spun off into separate crypto-currencies. An important benefit of powerful platforms like Ethereum is that the platform’s core capability itself can be enhanced by deploying new applications. Payment channels, for instance, can be deployed to improve throughput. So perhaps we can deploy a new payment application to improve confidentiality of not just payments but potentially other applications too.
It is still conceivable that one of the UTXO-based mechanisms could be implemented over a contract. However, this approach suffers from multiple issues including storage cost, lower confidentiality, interoperability with other contracts, and adoption.
What is Zether?
Zether is a fully-decentralized confidential payment mechanism in the account-based model, which does not require any changes to the design of the underlying smart contract platform like Ethereum. Developers describe Zether as a smart contract that can be executed either individually or by other smart contracts to exchange confidential amounts of a token, denoted by ZTH. The techniques used in Zether can apply to other account-based cryptocurrencies, completely independent of their consensus mechanisms.
Zether is designed to be inter-operable with arbitrary smart contracts to support applications such as sealed-bid auctions, private payment channels, stake voting, and confidential proof-of-stake. Zether uses an extension to Bulletproofs called Sigma-Bullets which combines Bulletproofs with Sigma protocols.
Core principles of Zether technology
In their paper, Zether: Towards Privacy in a Smart Contract World, the developers summarise their contributions and explains core principles of Zether technology:
Transactions on Zether are confidential by design. Account balances are kept encrypted at all times and users provide cryptographic proofs to spend ZTH.
Zether uses zero-knowledge (ZK) proofs as an important building block. To efficiently instantiate Zether, we propose a new ZK-proof mechanism, called Σ-Bullets, which enhances the interoperability of Σ-protocols and Bulletproofs. This allows us to efficiently combine Bulletproofs-based range proofs with ElGamal encryptions.
We implement Zether as an Ethereum smart contract and measure the gas amount required for executing it. We show that Zether is practical today and with already-planned enhancements to Ethereum will become even more efficient. As part of our implementation, we provide an efficient implementation of Bulletproofs on Ethereum which is of independent interest.
Zether provides a way to lock funds in an account to a smart contract, making it easy to add confidentiality to several important applications. We show how Zether can be used in a natural way to build four applications: sealed-bid auction, confidential payment channel, confidential stake-voting, and private proof-of-stake.
We describe an extension to Zether that can also hide the sender and receiver involved in a transaction among a group of users chosen by the sender. Though the overhead associated with anonymity scales linearly with the size of the group, no trusted set-up is needed and no changes to the underlying smart contract platform are required. Thus, Zether anonymity guarantee is more similar to Monero than Zcash, but in the account model.
There is a big bull market coming in privacy crypto sector, as shown by the recent price rally of cryptocurrencies like Grin or Beam. Could Zether add a new layer of privacy and anonimity to Ethereum and other smart contract blockchains? Only time will show.