Cryptocurrency: Privacy

[grarpamp]

Main menu

Wikipedia The Free Encyclopedia

    Create account
    Log in

Personal tools

Privacy and blockchain

    Article
    Talk

    Read
    Edit
    View history

Tools

>From Wikipedia, the free encyclopedia
	
This article has multiple issues. Please help improve it or discuss
these issues on the talk page. (Learn how and when to remove these
template messages)
This article needs additional citations for verification. (December 2018)
This article contains weasel words: vague phrasing that often
accompanies biased or unverifiable information. (June 2019)

A blockchain is a shared database that records transactions between
two parties in an immutable ledger.[1] Blockchain documents and
confirms pseudonymous ownership of all transactions in a verifiable
and sustainable way.[2] After a transaction is validated and
cryptographically verified by other participants or nodes in the
network, it is made into a "block" on the blockchain.[1] A block
contains information about the time the transaction occurred, previous
transactions, and details about the transaction.[1] Once recorded as a
block, transactions are ordered chronologically and cannot be
altered.[1] This technology rose to popularity after the creation of
Bitcoin, the first application of blockchain technology, which has
since catalyzed other cryptocurrencies and applications.[3]

Due to its nature of decentralization, transactions and data are not
verified and owned by one single entity as they are in typical
systems. Rather, the validity of transactions are confirmed by the
form of majority-rule in which nodes or computers that have access to
the network, if the network comes to a consensus of the new
transaction then it is added.[4] Blockchain technology secures and
authenticates transactions and data through cryptography.[5] With the
rise and widespread adoption of technology, data breaches have become
frequent.[6] User information and data are often stored, mishandled,
and misused, causing a threat to personal privacy.[5] Advocates argue
for the widespread adoption of blockchain technology because of its
ability to increase user privacy, data protection, and data
ownership.[5]
Blockchain and privacy protection
Private and public keys

A key aspect of privacy in blockchains is the use of private and
public keys. Blockchain systems use asymmetric cryptography to secure
transactions between users.[7] In these systems, each user has a
public and private key.[7] These keys are random strings of numbers
and are cryptographically related.[7] It is mathematically impossible
for a user to guess another user's private key from their public
key.[7] This provides an increase in security and protects users from
hackers.[7] Public keys can be shared with other users in the network
because they give away no personal data.[7] Each user has an address
that is derived from the public key using a hash function.[7] These
addresses are used to send and receive assets on the blockchain, such
as cryptocurrency.[7] Because blockchain networks are shared to all
participants, users can view past transactions and activity that has
occurred on the blockchain.[7]

Senders and receivers of past transactions are represented and
signified by their addresses;[7] users' identities are not
revealed.[7] Public addresses do not reveal personal information or
identification;[7] rather, they act as pseudonymous identities.[7] It
is suggested by Joshi, Archana (2018)[7] that users do not use a
public address more than once;[7] this tactic avoids the possibility
of a malicious user tracing a particular address' past transactions in
an attempt to reveal information.[7] Private keys are used to protect
user identity and security through digital signatures.[7] Private keys
are used to access funds and personal wallets on the blockchain;[7]
they add a layer of identity authentication.[7] When individuals wish
to send money to other users, they must provide a digital signature
that is produced when provided with the private key.[7] This process
protects against theft of funds.[7]
Peer-to-peer network
Shows a Physical replica of bitcoin. There are no physical bitcoins
that have actual value.

Blockchain technology arose from the creation of Bitcoin.[8] In 2008,
the creator or creators who go by the alias Satoshi Nakamoto released
a paper describing the technology behind blockchains.[8] In his paper,
he explained a decentralized network that was characterized by
peer-to-peer transactions involving cryptocurrencies or electronic
money.[8] In typical transactions carried out today[when?], users put
trust into central authorities to hold their data securely and execute
transactions.[5]

In large corporations, a large amount of users' personal data is
stored on single devices, posing a security risk if an authority's
system is hacked, lost, or mishandled.[5] Blockchain technology aims
to remove this reliance on a central authority.[8] To achieve this,
blockchain functions in a way where nodes or devices in a blockchain
network can confirm the validity of a transaction rather than a third
party.[8] In this system, transactions between users (such as sending
and receiving cryptocurrency) are broadcast to every node in the
network.[8] Before the transaction is recorded as a block on the
blockchain, nodes must ensure a transaction is valid.[8] Nodes must
check past transactions of the spender to ensure he/she did not double
spend or spend more funds than they own.[8]

After nodes confirm a block is valid, consensus protocols such as
proof of work and proof of stake are deployed by miners.[8] These
protocols allow nodes to reach a state of agreement on the order and
number of transactions.[9] Once a transaction is verified, it is
published on the blockchain as a block.[6] Once a block is created, it
cannot be altered.[1] Through blockchain's decentralized nature and
elimination of the need for a central authority, user privacy is
increased.[5] Peer-to-peer networks allow users to control their data,
decreasing the threat of third parties to sell, store, or manipulate
personal information.[5]
Cryptographic methods for Privacy using Blockchains
Zero-knowledge proofs

A zero-knowledge proof (known as ZKP) is a cryptographic method by
which one party (the prover) can prove to another party (the verifier)
that a given statement is true, without conveying any information
apart from the fact that the statement is indeed true. The "prover"
does not reveal any information about the transaction. Such proofs are
typically introduced into blockchain systems using ZK-SNARKs in order
to increase privacy in blockchains.[10] In typical "non-private"
public blockchain systems such as Bitcoin, a block contains
information about a transaction, such as the sender and receiver's
addresses and the amount sent.[10] This public information can be used
in conjunction with Clustering algorithms to link these
"pseudo-anonymous" addresses to users or real-world identities. Since
zero-knowledge proofs reveal nothing about a transaction, except that
it is valid,[10] the effectiveness of such techniques are drastically
reduced. A prominent example of a cryptocurrency using ZK proofs is
Zcash.
Ring signatures

Another method of obfuscating the flow of transactions on the public
blockchain are Ring signatures, a method used by Monero.
Mixing

Cryptocurrency tumblers can also be used as a method to increase
privacy even in a pseudoanonymous cryptocurrency. Additionally,
instead of using mixers as an add-on service, the mixing of public
addresses can be built-in as a method in the blockchain system, as in
Dash.

The popular mixing service Tornado Cash was sanctioned by the US
Department of Treasury in early August 2022, who accused it of
laundering $455 million in stolen cryptocurrency by the Lazarus Group.
The sanctions made it illegal for US citizens, residents and companies
to use the service.[11]
Comparison of blockchain privacy systems
Private blockchains

Private blockchains (or permissioned blockchains) are different from
public blockchains, which are available to any node that wishes to
download the network. Critics of public blockchains say because
everyone can download a blockchain and access the history of
transactions, there is not much privacy.[9] In private blockchains,
nodes must be granted access to participate, view transactions, and
deploy consensus protocols.[9] Because transactions listed on a
private blockchain are private, they ensure an extra layer of
privacy.[5] Because private blockchains have restricted access and
nodes must be specifically selected to view and participate in a
network, some[who?] argue that private blockchains grant more privacy
to users.[9] While private blockchains are considered the most
realistic way to adopt blockchain technology into business to maintain
a high level of privacy, there are disadvantages.[8] For example,
private blockchains delegate specific actors to verify blocks and
transactions.[7] Although some[who?] argue that this provides
efficiency and security, concerns have arisen that because control and
verification of transactions are in the hands of a central entity,
private blockchains are not truly decentralized.[7]
Hybrid blockchains

Hybrid blockchains allow more flexibility to determine which data
remain private and which data can be shared publicly.[12] A hybrid
approach is compliant with GDPR and allows entities to store data on
the cloud of their choice in order to be in compliance with local laws
protecting users' privacy. A hybrid blockchain contains some of the
characteristics of both private and public blockchains, though not
every hybrid blockchain contains the same characteristics. Bitcoin and
Ethereum do not share the same characteristics, although they are both
public blockchains.[13]
Use cases for privacy protection
Financial transactions

After Satoshi Nakamoto spurred the creation of blockchain technology
through Bitcoin, cryptocurrencies rose in popularity.[8]
Cryptocurrencies are digital assets that can be used as an alternative
form of payment to fiat money.[1] In current[when?] financial systems,
there exists many privacy concerns and threats.[8] Centralization is
an obstacle in typical data-storage systems.[8] When individuals
deposit money, a third party intermediary is necessary.[8] When
sending money to another user, individuals must trust that a third
party will complete this task.[8] Blockchain decreases the need for
this trust in a central authority. Cryptographic functions allow
individuals to send money to other users.[8] Because of Bitcoin's
widespread recognition and sense of anonymity, criminals have taken
advantage of this by purchasing illegal items using Bitcoin.[14]
Through the use of cryptocurrencies and its pseudonymous keys that
signify transactions, illegal purchases are difficult to trace to an
individual.[14] Due to the potential and security of blockchains,
many[which?] banks are adopting business models that use this
technology.[8]
Health care records

In recent years,[when?] more than 100 million health care records have
been breached.[5] In attempts to combat this issue, solutions often
result in the inaccessibility of health records.[6] Health providers
regularly send data to other providers.[5] This often results in
mishandling of data, losing records, or passing on inaccurate and old
data.[5] In some cases, only one copy of an updated health record
exists; this can result in the loss of information.[6] Health records
often contain personal information such as names, social security
numbers and home addresses.[6] Overall, it is argued by some[according
to whom?] that the current[when?] system of transferring health
information compromises patient privacy to make records easy to
transfer.[6]

As blockchain technology expanded and developed in recent
years[when?], many[according to whom?] have pressed to shift health
record storage onto the blockchain.[6] Rather than having both
physical and electronic copies of records, blockchains could allow the
shift to electronic health records (EHR).[6] Medical records on the
blockchain would be in the control of the patient rather than a third
party, through the patients' private and public keys.[6] Patients
could then control access to their health records, making transferring
information less cumbersome.[6] Because blockchain ledgers are
immutable, health information could not be deleted or tampered
with.[6] Blockchain transactions would be accompanied by a timestamp,
allowing those with access to have updated information.[6]
Legal

The notarization of legal documents protects the privacy of
individuals.[8] Currently[when?], documents must be verified through a
third party or a notary.[8] Notarization fees can be high.[8]
Transferring documents takes time and can lead to lost or mishandled
information.[8] Many[who?] are pressing for the adoption of blockchain
technology for the storage legal documents.[8] Documents cannot be
tampered with and can be easily accessed by those who are granted
permission to access them.[8] Information is protected from theft and
mishandling.[14] Another possible use of blockchain technology is the
execution of legal contracts using smart contracts,[14] in which nodes
automatically execute terms of a contract.[14] By using smart
contracts, people[who?] will no longer rely on a third party to manage
contracts, allowing an increase in privacy of personal
information.[14]
Shipping and logistics

Businesses and individuals may purchase goods which need to be shipped
from the seller to the buyer. Shipment of goods is normally
accompanied by shipping documents like a bill of lading. Smart bill of
lading relies on blockchain technology and buyers do not need to spend
more on the issue of these documents. Also with the blockchain
technology, goods can be tracked anytime and the data is updated
regularly ensuring real time management of shipments. The buyer and
only the party given the shipping contract can view the real time data
related to the shipment increasing the privacy of the process.[15]
Legality of blockchain and privacy
GDPR

With the April 2016 adoption of the General Data Protection Regulation
in the European Union, questions regarding blockchain's compliance
with the act have arisen.[16] GDPR applies to those who process data
in the EU and those who process data outside the EU for people inside
the EU.[16] Personal data is "any information relating to an
identified or identifiable natural person".[16] Because identities on
a blockchain are associated with an individual's public and private
keys, this may fall under the category of personal data because public
and private keys enable pseudonymity and are not necessarily connected
to an identity.[16] A key part of the GDPR lies in a citizen's right
to be forgotten, or data erasure.[16] The GDPR allows individuals to
request that data associated with them to be erased if it is no longer
relevant.[16] Due to the blockchain's nature of immutability,
potential complications if an individual who made transactions on the
blockchain requests their data to be deleted exist.[16] Once a block
is verified on the blockchain, it is impossible to delete it.[8]
IRS

Because cryptocurrency prices fluctuate, many[who?] treat the purchase
of cryptocurrencies as an investment. By purchasing these coins,
buyers hope to later sell them at a higher price. Internal Revenue
Service (IRS) are currently[when?]facing struggles because many
bitcoin holders do not include revenue from cryptocurrencies in their
income reports, especially those who engage in many
microtransactions.[17] In response to these concerns, IRS issued a
notice that people must apply general tax principles to cryptocurrency
and treat the purchase of it as an investment or stock.[17] IRS has
enacted that if people fail to report their income from
cryptocurrency, they could be subject to civil penalties and
fines.[17] In attempts to enforce these rules and avoid potential tax
fraud, IRS has called on Coinbase to report users who have sent or
received more than $US20,000 worth of cryptocurrency in a year.[17]
The nature of blockchain technology makes enforcement difficult.[17]
Because blockchains are decentralized, entities cannot keep track of
purchases and activity of a user.[17] Pseudonymous addresses make it
difficult to link identities with users, being a perfect outlet for
people to launder money.[17]
Blockchain Alliance

Because virtual currencies and the blockchain's protection of identity
has proved to be a hub for criminal purchases and activity, FBI and
Justice Department created Blockchain Alliance.[14] This team aims to
identify and enforce legal restrictions on the blockchain to combat
criminal activities through open dialogue on a private-public
forum.[14] This allows law enforcers to fight the illegal exploitation
of the technology.[14] Examples of criminal activity on the blockchain
include hacking cryptocurrency wallets and stealing funds.[18] Because
user identities are not tied to public addresses, it is difficult to
locate and identify criminals.[18]
Fair information practices

Blockchain has been acknowledged as a way to solve fair information
practices, a set of principles relating to privacy practices and
concerns for users.[5] Blockchain transactions allow users to control
their data through private and public keys, allowing them to own
it.[5] Third-party intermediaries are not allowed to misuse and obtain
data.[5] If personal data are stored on the blockchain, owners of such
data can control when and how a third party can access it. In
blockchains, ledgers automatically include an audit trail that ensures
transactions are accurate.[5]
Concerns regarding blockchain privacy
Transparency

Although blockchain technology enables users to control their own data
without necessarily relying on third parties, certain characteristics
may infringe on user privacy.[19] Public blockchains are decentralized
and allow any node to access transactions, events and actions of
users.[19] Block explorers can be used to trace the financial history
of a wallet address, which can be combined with OSINT research to
develop profiles of criminal actors or potential scamming victims.[20]
Decentralization

Due to blockchain's decentralized nature, a central authority is not
checking for malicious users and attacks.[19] Users might be able to
hack the system anonymously and escape.[19] Because public blockchains
are not controlled by a third party, a false transaction enacted by a
hacker who has a user's private key cannot be stopped.[18] Because
blockchain ledgers are shared and immutable, it is impossible to
reverse a malicious transaction.[18]
Private keys

Private keys provide a way to prove ownership and control of
cryptocurrency.[18] If one has access to another's private key, one
can access and spend these funds.[18] Because private keys are crucial
to accessing and protecting assets on the blockchain, users must store
them safely.[18] Storing the private key on a computer, flashdrive or
telephone can pose potential security risks if the device is stolen or
hacked.[18] If such a device is lost, the user no longer have access
to the cryptocurrency.[18] Storing it on physical media, such as a
piece of paper, also leaves the private key vulnerable to loss, theft
or damage.[18]
Cases of privacy failure
See also: List of cyberattacks
MtGox

In 2014, MtGox was the world's largest Bitcoin exchange at the time;
it was located in Tokyo, Japan.[21] The exchange suffered the largest
blockchain hack of all time.[21] During 2014, MtGox held an enormous
portion of the Bitcoin market, accounting for more than half of the
cryptocurrency at the time.[21] Throughout February, hackers
infiltrated the exchange, stealing $US450 million in Bitcoin.[21] Many
in the blockchain community were shocked because blockchain technology
is often associated with security. This was the first major hack to
occur in the space.[18] Although analysts tracked the public address
of the robbers by looking at the public record of transactions, the
perpetrators were not identified.[18] This is a result of the
pseudonymity of blockchain transactions.[18]
DAO Hack

While blockchain technology is anticipated to solve privacy issues
such as data breaching, tampering, and other threats, it is not immune
to malicious attacks. In 2016, the DAO opened a funding window for a
particular project.[5] The system was hacked during this period,
resulting in the loss of cryptocurrency then worth $US3.6 million from
the Ether fund.[5] Due to the ever-changing price of cryptocurrencies,
the amount stolen has been estimated at $US64-100.[5]
Coinbase

Coinbase, the world's largest cryptocurrency exchange that allows
users to store, buy, and sell cryptocurrency, has faced multiple hacks
since its founding in 2012.[18] Users have reported that due to its
log-in process that uses personal telephone numbers and email
addresses, hackers have targeted the numbers and emails of well-known
individuals and CEOS in the blockchain space.[18] Hackers then used
the email addresses to change the users' verification numbers,
consequently stealing thousands of dollars worth of cryptocurrency
from Coinbase user wallets.[18]
By North Korea
See also: Lazarus Group

In January 2022 a report by blockchain analysis company Chainalysis
found that state-backed North Korean hackers had stolen nearly $400
million in cryptocurrency in 2021. A UN panel also stated that North
Korea has used stolen crypto funds to fund its missile programs
despite international sanctions.[22][23]
Privacy vs. auditing in blockchains

The introduction of "private" or "anonymous" cryptocurrencies such as
ZCash and Monero, highlighted the problem of blockchain auditing, with
exchanges and government entities limiting use of those
currencies.[24] Therefore, as the notions of privacy and auditing in
blockchains are contradictory, auditing blockchains with privacy
characteristics has become a research focus of the academic
community.[25]
References

    "BlockChain Technology: Beyond Bitcoin" (PDF).
    Iansiti, Marco; Lakhani, Karim R. (2017-01-01). "The Truth About
Blockchain". Harvard Business Review. ISSN 0017-8012. Retrieved
2022-04-27.
    "Blockchain - What it is, and a non-financial use case" (PDF). KTH
Royal Institute of Technology. S2CID 27665746.
    Nofer, Michael; Gomber, Peter; Hinz, Oliver; Schiereck, Dirk
(2017-06-01). "Blockchain". Business & Information Systems
Engineering. 59 (3): 183–187. doi:10.1007/s12599-017-0467-3. ISSN
1867-0202. S2CID 212620853.
    Kshetri, Nir (2017). "Blockchain's roles in strengthening
cybersecurity and protecting privacy" (PDF). Telecommunications
Policy. 41 (10): 1027–1038. doi:10.1016/j.telpol.2017.09.003.
    Dagher, Gaby G.; et al. (2018). "Ancile: Privacy-Preserving
Framework for Access Control and Interoperability of Electronic Health
Records Using Blockchain Technology". Sustainable Cities and Society.
39: 283–297. doi:10.1016/j.scs.2018.02.014.
    Joshi, Archana (2018). "A Survey on Security and Privacy Issues of
Blockchain Technology". Mathematical Foundations of Computing. 1 (2):
121–147. doi:10.3934/mfc.2018007.
    Crosby, Michael; et al. (2016). "Blockchain Technology: Beyond
Bitcoin" (PDF). Applied Innovation Review (2): 6–19.
    Guegan, Dominique (2017). "Public Blockchain versus Private
blockhain". Documents de Travail du Centre d'Économie de la Sorbonne.
    Wang, Yunsen (2018). "Designing Confidentiality-Preserving
Blockchain-Based Transaction Processing Systems". International
Journal of Accounting Information Systems. 30: 1–18.
doi:10.1016/j.accinf.2018.06.001. S2CID 52931003.
    Faife, Corin (2022-08-08). "US Treasury bans Tornado Cash mixer
for role in crypto money laundering". The Verge. Retrieved 2022-08-16.
    Are blockchains compatible with data privacy law?
    Kolb, John; AbdelBaky, Moustafa; Katz, Randy H.; Culler, David E.
(2020-02-05). "Core Concepts, Challenges, and Future Directions in
Blockchain: A Centralized Tutorial". ACM Computing Surveys. 53 (1):
9:1–9:39. doi:10.1145/3366370. ISSN 0360-0300. S2CID 211041743.
    Suzuki, Bryce; Taylor, T.; Marchant, G. (2018). "Blockchain: How
It Will Change Your Legal Practice". The Computer and Internet Lawyer.
35 (7): 5–9.
    "Crucial Factors for Implementing Warehouse Management System -
SIPMM Publications". publication.sipmm.edu.sg. 2021-12-19. Retrieved
2022-10-26.
    Berberich, M.; Steiner, M. (2016). "Blockchain Technology and the
GDPR: How to Reconcile Privacy and Distributed Ledgers?". European
Data Protection Law Review. 2 (3): 422. doi:10.21552/EDPL/2016/3/21.
    Heroux, Mark (October 2018). "Cryptocurrency: Compliance
challenges and IRS enforcement". Tax Adviser.
    Wieczner, Jen (2017). "The 21St-Century Bank Robbery". Fortune.
176 (3): 34–41.
    Primavera De Filippi (2018). "The Interplay between
Decentralization and Privacy: The Case of Blockchain Technologies".
Journal of Peer Production (9).
    "Follow the Bitcoin With Python, BlockExplorer and Webhose.io".
bellingcat. 2017-09-15. Retrieved 2022-08-16.
    Li, X (2017). "A survey on the security of blockchain systems".
Future Generation Computer Systems. 107: 841–853. arXiv:1802.06993.
doi:10.1016/j.future.2017.08.020. S2CID 3628110.
    "North Korea hackers stole $400m of cryptocurrency in 2021, report
says". BBC News. 2022-01-14. Retrieved 2022-02-04.
    "North Korea stole a record $400 million in cryptocurrency last
year, researchers say". NBC News. Retrieved 2022-02-04.
    "Bittrex to Delist 'Privacy Coins' Monero, Dash and Zcash".
    Chatzigiannis, Panagiotis; Baldimtsi, Foteini; Chalkias,
Konstantinos (2021). SoK: Auditability and Accountability in
Distributed Payment Systems. ACNS 2021.
doi:10.1007/978-3-030-78375-4_13.

Categories:

    Blockchains
    Privacy

    This page was last edited on 24 July 2023, at 03:58 (UTC).
    Text is available under the Creative Commons
Attribution-ShareAlike License 4.0; additional terms may apply. By
using this site, you agree to the Terms of Use and Privacy Policy.
Wikipedia® is a registered trademark of the Wikimedia Foundation,
Inc., a non-profit organization.

    Privacy policy
    About Wikipedia
    Disclaimers
    Contact Wikipedia
    Code of Conduct
    Mobile view
    Developers
    Statistics
    Cookie statement

    Wikimedia Foundation
    Powered by MediaWiki