What if ethereum looked more like monero?
Fusing the privacy features of the latter into ethereum would make many of the platform’s stakeholders, including developers who have been working on privacy-enhancing features for some time, excited. But privacy techniques are rarely utilized because of the serious trade-offs presented – such as larger storage requirements and more expensive transactions.
However, during the Privacy Enhancing Technologies Symposium (PETS) in Barcelona this week, two researchers presented their findings on a technique called Mobius that uses mixing solutions to obscure the payment information of ether transactions.
Detailed by the authors of the white paper, Rebekah Mercer and Sarah Meiklejohn, during the conference, Mobius isn’t bogged down by the weight of typical privacy tech – indeed, using cryptographic primitives that were added to ethereum in October, transactions that use Mobius cost only a little more than a standard ethereum transaction (according to a simulation, around $0.06) and takes mere milliseconds to execute.
And by implementing monero-style tooling into an ethereum smart contract, Mobius promises to not only conceal sender and receiver addresses but do so in a way that is cryptographically trustless as well.
While it’s not yet available for ethereum users, an open source implementation has been published by UK-based distributed ledger startup Clearmatics, and according to Mercer, deploying it to the public ethereum chain wouldn’t be too labor-intensive.
“Clearmatics have all the code so you could literally just push it to the ethereum blockchain. They actually have tutorials as well, so it’s pretty well developed,” she told CoinDesk.
Building the technology into ethereum would have the advantage of functioning not just for ether transactions, also allow projects that built tokens with the ERC-20 standard, or even crypto-collectibles, to take advantage of the tech as well.
“Ethereum already has a huge network of people who hold ETH, and the thing is it’s ERC-20 compatible, so if you have tokens you can use them in this way,” she said, adding:
“The whole idea is reducing friction from what people are already doing into what they ideally would like [to do], which is exactly what they’re doing, but with privacy.”
You don’t have to compromise
According to Mercer, the innovation of Mobius is how it navigates trade-offs between decentralization and efficiency.
While centralized solutions often have the advantage of being more efficient, they come with limitations, such as single points of failure as it relates to hacks and thefts or services going offline. Decentralized mixing services – such as CoinJoin, TumbleBit and XIM – deploy trustless cryptographic solutions, but often require either large amounts of coordination off-chain or many steps taken on the blockchain itself, which can be slow and expensive to orchestrate.
“[There’s a] contrast between the more centralized solutions sitting between participants that risk availability and the more decentralized solutions which compromise in communication to make up for these properties,” Mercer summarized.
As such, the goal of Mobius was to question whether such a trade-off is always necessary.
She told the audience:
“So what we thought: is this a inherent thing, if you do a decentralized procedure do you need to pay for it in terms of communication? And what we found was that using ethereum you don’t actually have to make this compromise at all.”
To work around those trade-offs, Mercer and Meiklejohn built a cryptographic device named a ring signature into an ethereum smart contract, that obscures payment information by mixing it up with the other participants in the Mobius contract. Stealth keys, a type of obfuscated but verifiable address, are also deployed to allow Mobius contracts to securely communicate.
Originally built for Clearmatics to disguise payments in blockchain banking solutions, Mercer said that on top of its affordability, it’s easy to send recurring payments between participants who have already sent money across the device.
But for security purposes, the Mobius smart contracts are one-time use and will need to be regenerated when it comes to sending a new payment, Mercer said.
Still, it’s a notably cheap operation, she continued, telling the audience:
“Mobius achieves great things in terms of availability and theft prevention but without compromising on communication, which hopefully will encourage people to mix more often.”