Privacy Is Key to the Next Phase of Ethereum

Ethereum introduced smart contracts to the world and spurred a Cambrian Explosion of innovation, including DeFi, NFTs, DAOs, and a universe of dApps. On July 30, the network will hit its 10 year anniversary.

The past decade of the ecosystem focused on proving Ethereum’s functionality and capabilities as well as enhancing efficiency through upgrades like The Merge, which marked the transition from Proof-of-Work to Proof-of-Stake. The next era requires a pivot to match the more mature ecosystem that it now supports — one that includes not just Web3 natives but financial institutions, governments, corporations, and people who don't know what "yield farming" is but who may want to get a loan for their house with crypto collateral.

Amid increasing government and institutional involvement, the hope that crypto will contribute to creating a "free and open society," an ideal originally expressed in A Cypherpunk's Manifesto, is sometimes lost. For Ethereum to make good on that original promise, privacy must be a core tenet of its future.

Privacy is identity

Some degree of privacy is essential for financial safety and freedom. You wouldn't want to reveal your net worth to the cashier every time you buy a latte or a slice of pizza, but this is essentially how crypto has been operating for the past decade — with the radical transparency of immutable ledgers recording every transaction publicly.

Not only does this level of transparency put individuals at risk for phishing and other attacks, but it also hinders the involvement of institutions that do not want to give their competitors an edge by revealing their activity. Though it is possible to retain pseudonymity through never interacting with a centralized platform, this is not practical for interactions that touch the real world.

People and businesses need to be able to interact with governments and banks through ID-linked accounts, and the key to enabling these types of interactions — without putting personal information in jeopardy to theft and misuse — is programmable privacy.

The solution is ZKP-powered technology

The solution is already here: Zero Knowledge Proof (ZKP)-powered smart contracts give users control over what information to share and with whom. With the programmable privacy enabled by ZKPs integrated into Ethereum at a foundational level, a world of applications are not just feasible but practical.

Products and services must comply with the regulatory requirements of each jurisdiction in which they operate. This includes collecting customer information in accordance with KYC guidelines, Countering-the-Financing-of-Terrorism (CFT) and AML laws. Typical KYC processes involve sharing some form of ID, such as a passport or driver's license, along with personally identifying information (PII) like name, date of birth and address.

If captured by bad actors, this type of information can be used to target people in phishing scams and other types of attacks (see recent Coinbase data breach). Rather than requiring people to reveal their PII and make themselves and their data vulnerable to attack and theft, ZKP-powered solutions allow people to prove they are not operating out of sanctioned countries and to prove eligibility to participate, all without giving the platform their data and contributing to potential honey pots.

The possibilities enabled by ZKPs go well beyond compliance too. Airdrops currently suffer from Sybil attacks where AI bots beat out real human participants to give certain participants an outsized advantage. The same issue applies to decentralized governance. Decision making in a DAO cannot be truly fair and free unless it can be proven that the right number of votes are going to the right number of people — not bots. ZKPs offer a solution with "proof of humanity" via data provenance tools like zkPassport, zkEmail, and zkTLS.

Digital payments must provide the same privacy as cash. Payments in dollars, euros, and other sovereign currencies via stablecoins are another important factor in enabling mass adoption of DeFi applications, but this will never take off en masse without privacy guarantees. The same applies to decentralized mortgages, loans, and essentially any type of legal contract, which all require IDs to execute.

There are many other applications made possible with privacy as a core tenant of the Ethereum ecosystem. These include proving the authenticity of product or restaurant reviews, enabling secure digital voting, decentralized escrow services, carbon offsetting tracking, proving builder status on GitHub anonymously, and employment skill verification — all done in a secure, privacy-preserving way that doesn't involve the sharing of sensitive PII to centralized providers.

Creating a culture that demands privacy

Though the technology exists to implement ZKP solutions today, challenges will need to be overcome before privacy is comprehensively reflected as a core value throughout the Ethereum ecosystem. Technical challenges with implementing ZKP-powered tech include the greater expense of ZKP transactions. Building ZKP-focused applications is also more complicated, posing a learning curve for builders. These are all solvable issues.

Other challenges are cultural: creating universal buy-in from the spectrum of participants in the value of privacy and coordinating the implementation of solutions across the tech stack, from protocol to wallet. There is also the misguided perception hurdle of privacy's associations with illicit activity.

Changing technology is ultimately easier than changing minds, but the core ethos of crypto is, after all, a philosophical one — a technology that underpins a belief in freedom and the privacy of individuals and entities. If in another 10 years, we look back on another decade of Ethereum and can celebrate its role in enabling greater financial freedom, an emphasis on privacy will be key.