Anonymity and privacy in crypto
The evolution of Web3, along with tightened regulation, are bringing greater focus to the issue of privacy and anonymity in crypto.
Privacy and anonymity are related but still different. While anonymity intentionally keeps a user’s identity hidden, privacy implies that their personal data should not be available to the general public. However, authorities might have the right to access the information under reasonable circumstances.
Key issues in anonymity and privacy
By design, blockchain technology offers privacy, while remaining legally compliant and increasingly transparent. Public blockchains’ design implies that all transactions are accessible to users while personal information is never revealed. The data is public only in the sense that everyone can see a transaction’s status and other details, such as transaction time or sending and receiving addresses. Transparency ensures security in terms of tracing hacker activity but, at the same time, guarantees regular users’ privacy.
In other words, most blockchains are essentially pseudo-anonymous rather than fully anonymous. Nevertheless, blockchain addresses reveal their owners’ identity only if the owner has passed KYC, a verification process employed by centralized exchanges. However, certain blockchain networks and privacy coins use specific technologies to conceal transaction details and users’ identities, such as Monero or Zcash.
The most common anonymizing strategies
Zcash ensures the privacy of transactions through shielded addresses. It also harnesses the cryptography-based ZK-SNARK proof system, which allows for transaction verification without revealing many details, like sender and receiver addresses, as well as transaction amounts. However, if needed, a user can share some of that information.
Monero employs Ring CT (Confidential Transactions) based on ring signatures. Multiple users are combined in a group called a ring, thus mixing the signers, which makes it challenging to determine a link between each subsequent transaction. Possible signers are randomly chosen from the blockchain. A sender then creates a ring signature using other ring members’ private and public keys (outputs). Everyone can verify if a ring member created the signature. Still, no one can establish whose specific private key was used to generate the signature since all possible signers are equal and valid.
However, online transaction anonymizing is possible with various similar strategies. Like, for example, CoinJoin mixes addresses and involves users in making joint transactions. Some mixers hide transaction traces by splitting the user’s deposits into tiny denominations to combine them with their other funds. The difference between the two anonymizing workarounds is that the first implies a server, and the latter is a service. However, since such services can be used for tax evasion, money laundering and other illegal activities, they are often the subject of increasing crypto regulations. For example, last year, the US Treasury sanctioned Tornado Cash mixer while banning anonymous cryptocurrencies includes some crypto regulation proposals.
Another option for achieving improved privacy is using stealth addresses - one-time addresses generated every time a user receives a cryptocurrency. They serve as a proxy and rely on dynamic public and private keys, as well as a special spending key for accessing transactions. With stealth addresses, the transfer of an asset is visible, but the recipient’s identity is not undisclosed. In early 2023, Vitalik Buterin, Ethereum’s co-founder, published a post explaining stealth addresses and their potential for boosting the Ethereum network’s privacy.
Meanwhile, a more widely adopted for increasing privacy is used in HD wallets. They generate a unique new address for every transaction, thus avoiding address reuse and reducing the ability to link multiple transactions to the same user. The hierarchical structure of HD wallets allows for the creation of an infinite number of derivation paths (public addresses) under the same master seed phrase.
Privacy protection in Web3
Anonymity and privacy have become yet more essential topics in the era of Web3, where decentralized digital identities could offer users more control over their personal data.
NFT technology has enabled the emergence of more anonymous types of identification in addition to KYC. Existing digital identity systems adopt centralized or federated approaches in the sense that they can handle sensitive information, including biometrics. The difference is that NFT-based identity systems, like, for instance, Unstoppable domains are not available in some centralized storage but allow users to control their data, ensuring anonymity while still linked to real-world identities. At the same time, they enable users to navigate across various dApps using a single digital “passport” - a key to the Web3 space.
Other emerging technologies allow users to manage identities by deciding who to share personal data with and when to revoke access. Meanwhile, verifiable credentials serve as secure digital versions of identity documents, like driver’s licenses or employee certificates, which can be used to authenticate user identities. Similarly, the technology of decentralized identifiers (DIDs) enables users to prove their identities without revealing personal data.