Taking PlatON as an example to discuss the current status and future development of blockchain + privacy protection technology

Since the rise of the concept of blockchain privacy in 2014, when many anonymous coins appeared, the hot track of cryptocurrency has been changing rapidly. To date, there is no project that can truly implement privacy protection technology. In fact, privacy protection should never be confused with many popular hype tracks. If blockchain wants to truly develop into a virtual parallel world, it is inevitable to create a reasonable economic system in this new world.

Author: Wu Zhuocheng

Since the rise of the concept of blockchain privacy in 2014, when many anonymous coins appeared, the hot track of cryptocurrency has been changing rapidly. To date, there is no project that can truly implement privacy protection technology. In fact, privacy protection should never be confused with many popular hype tracks. If blockchain wants to truly develop into a virtual parallel world, it is inevitable to create a reasonable economic system in this new world.

In the traditional economic system, the only production factors are land and labor; the industrial age adds capital and entrepreneurial talent (Marshall theory); and in the digital age, data has become an important production factor. The market-based allocation of production factors can improve production efficiency, but the special nature of data, "what you see is what you get", means that it does not have a price like other factors. Each of us is the owner and supplier of data, just like everyone provides labor, but we do not receive corresponding compensation for providing data. The root cause is that data has not yet been privatized, which is the significance of privacy protection technology.

Several privacy protection technologies

The China Academy of Information and Communications Technology, based on the China Communications Standards Association Big Data Technology Standards Promotion Committee, released the "Privacy Preservation Computing Technology Research Report (2020)" in 2020, which divides privacy protection technologies into five categories: federated learning, differential privacy, secure multi-party computing, homomorphic encryption, and trusted execution environment. Among them, federated learning and differential privacy are mainly widely used in the field of machine learning, and the encryption complexity of the original data is generally not within the scope of discussion. In addition, there is also a privacy protection technology based on zero-knowledge proof in blockchain.

Secure multi-party computation (MPC) was first proposed by Turing Award winner and Chinese Academy of Sciences academician Yao Qizhi in 1982. Its technical logic is: in a distributed network, there are N mutually untrusted nodes, each node holds data x, and collaboratively executes function f(x), and finally obtains their own results y. If the y values ​​of each node are equal, they can be output as the calculation results. The biggest advantage of MPC is that it achieves 100% privacy protection of data, and the calculation results can also be relatively accurate; the challenge is that the bandwidth requirements are extremely high, and the communication level will be a big test when there are many collaborative participants. At present, a single operation of secure computing can reach milliseconds, but in the big data scenario, a data application or model training involves tens of thousands of data samples. Computational efficiency and communication burden are bottlenecks that hinder the development of MPC.

Homomorphic encryption (HE) is an asymmetric encryption algorithm that allows all participants to encrypt and calculate data, but only the holder of the private key can decrypt the data. The special thing about HE is that it allows calculations to be performed directly on encrypted data, and in theory the calculation results are consistent with the decrypted calculation results. As you can imagine, it is difficult to achieve extremely high accuracy in the calculation results under the HE algorithm, and how to balance encryption complexity and calculation accuracy will be a big challenge. Fully homomorphic encryption is still based on the theoretical stage, and is relatively backward in terms of credibility, flexibility, efficiency, etc. It is too inefficient in actual use, and the construction method and implementation technology are complex, so it cannot be used in large-scale commercial applications.

Trusted Execution Environment (TEE) is the most widely used technology in large-scale commercial applications, such as fingerprint unlocking and face recognition on mobile phones. TEE data encryption must rely on hardware devices, and the computing process is performed in an isolated execution environment based on hardware protection capabilities. Therefore, it is necessary to rely on a trusted hardware manufacturer for security. TEE application projects mainly include Phala Network, Oasis Labs, Enigma, etc., which are closest to practical scenarios compared to other privacy computing solutions.

Zero-knowledge proof (ZKP) is a special interactive proof in which the prover knows the answer to the question and can convince the verifier that his answer is correct without providing any useful information to the verifier. Zero-knowledge proof can realize flexible data computing interaction and cross-validation, but the implementation is still difficult because it is necessary to verify the answer through repeated examples, which requires very high computing power. The efficiency of generating proofs is currently around 7 seconds, and a lot of computing power is needed to increase the computing rate. Ethereum's second-layer chain ZK rollup is an application of zero-knowledge proof, so the significance of ZK rollup is not only in capacity expansion, but also in helping Ethereum achieve off-chain privacy computing.

The biggest challenge facing privacy computing is how to improve the efficiency of privacy protection and achieve large-scale commercial implementation. The above technologies, whether they are HE or MPC based on computing, or ZKP based on verification, all have this problem. The only TEE that can achieve commercial application depends on hardware facilities, and the research and development and production of dedicated computing hardware require huge upfront costs. This is why the concept of privacy computing has appeared since 2014, but there has not been a real implementation project so far. This is more like an industrial blockchain, which is different from the traditional blockchain in our sense. It needs to open up the connection between the virtual world and the real world.

PlatON's privacy protection design combines some of the above technologies, striving to achieve all-round privacy in the network from three perspectives: privacy computing, privacy verification, and dedicated privacy circuits. First, privacy computing is achieved through MPC and HE; then the calculation results are verified through ZKP and verifiable computing (VC); finally, combined with contract computation, the encrypted smart contract is compiled into a circuit, which is split into multiple subtasks in the form of a circuit, and the idle computing power in the network is attracted through an incentive mechanism to calculate the subtasks, solving the efficiency problems common in the above technologies. This idea actually draws on Ethereum's ZK rollup, moving complex calculations off-chain and only transmitting the calculation results back to the main chain. Since smart contracts need to be compiled into circuits, the PlatON team must cooperate with mainstream hardware manufacturers in the industry to further improve computing performance in a hardware manner.

PlatON's unique PoS consensus algorithm

According to the official white paper, PlatON will launch dedicated computing hardware based on FPGA/ASIC at the right time. This is not a simple PoW mining. PoW is just a consensus protocol. As long as the community reaches a consensus, PoW can be changed to another consensus, such as PoS. Ethereum is moving in this direction. But PlatON separates consensus from computing power, and computing power is only used to perform privacy-preserving calculations. The PlatON public chain serves the functions of computing task distribution, matching computing tasks with computing power, and transaction records. The core computing work all takes place outside the public chain. Of course, you can understand this as a disguised PoW, but privacy computing is not a meaningless puzzle-solving game. Even if it leaves the blockchain, these computing hardware can still be put into the centralized world to provide privacy protection.

From this, the author speculates that PlatON's ecological maintenance method may be divided into two parts: one is to use the PoS protocol to obtain fixed block rewards, and the other is to provide computing power to obtain labor fees from data demanders.

For PoS, let’s first give an overview of the four mainstream models in the industry: Chain-Based, DPoS, VRF and BFT. Chain-Based is the earliest PoS. It selects validators to produce blocks based on the number of tokens held. Ethereum currently uses this model. DPoS is a model in which each token holder entrusts the rights to some representatives, who participate in the production and verification of blocks. EOS currently uses this model. VRF randomly selects verification nodes through a verifiable random function. Currently, the more representative projects include Dfinity, Algorand, etc. BFT is to select verification nodes and then conduct multiple rounds of voting through the Byzantine Fault Tolerance protocol to confirm the final block. Currently, NEO uses this type of consensus algorithm.

According to the official blue paper, PlatON uses a special PoS consensus algorithm - Giskard, which consists of PPoS (PlatON PoS) and BFT. PPoS is essentially a combination of Chain-Based and VRF. First, the node equity is mapped to the binomial cumulative distribution function, and then VRF is used to randomly select verification nodes. The advantage of this consensus is that the selected nodes are random and have no linear relationship with the size of the node equity. After the node is confirmed, each node verifies the generated block through the BFT protocol and finally reaches a block consensus, which can reduce the probability of a block being controlled by a malicious node. The Giskard consensus mechanism can theoretically endogenously suppress the expansion of the mining pool to ensure the decentralization and security of the PlatON public chain.

The second part is to provide privacy computing to obtain labor fees from data demanders. I believe this is the essence of the PlatON consensus protocol. If the consensus effect can meet expectations, the market-based pricing of data will be realized. There are two problems in the data transaction process: one is that the ownership is unclear and it is easy to be used without authorization; the other is that the data structure is diverse and difficult to quantify according to a unified standard.

The method shown in the blue book is to use cryptographic technologies such as HE and MPC to confirm data ownership and determine the owner of the data. In the process of data trading, the principle of data sovereignty is adhered to, making it possible to trade data usage rights without affecting data ownership. There are two methods for data pricing: the first is absolute pricing, which is the price that data users are willing to pay for obtaining data; the second is relative pricing, which is to evaluate the contribution of members of the data set to completing the task given a data set and a common task. Relative pricing uses Shapley value as an important evaluation tool, which is an important concept introduced by the famous economist Lloyd Shapley (2012 Nobel Prize winner in Economics) when studying cooperative games in 1953.

Industry Development Status

There are two main development paths in the privacy protection track. One is anonymous currency, and the other is privacy public chain.

Representative anonymous coins include XMR, DASH, ZEC, XZC, etc. XMR, as the leading project in this field, appeared in 2014. This technology only needs to encrypt information such as the sender, receiver, transaction amount and transaction IP, so that only the two parties involved in the transaction (or authorized third parties) can view the transaction information through the private key. Since there is not much complex information in the circulation of currency, it is not difficult for cryptocurrency to achieve anonymous transactions. This technology is now very mature. In fact, BTC is also upgrading the privacy algorithm through community voting. Technologies such as CoinJoin can merge multiple transactions to cover up the upstream of UTXO.

The privacy public chain technology is more complicated. It is essentially to encrypt smart contracts. It needs to encrypt input and output data and network status to make it hidden from all parties other than the user (including the nodes executing the smart contract). At present, the most promising development prospects are Ethereum's second-layer network ZK rollup and Polkadot's parallel network Phala, but these can only exist as sub-chains or parallel chains, mainly to provide data calculations for the main chain, and the calculation results must be transmitted back to the main chain. If you want to develop an independent privacy public chain, the difficulty is even higher than the above technologies. The current leading projects are PlatON and Oasis. Once completed, their potential will be enormous. The reason is: as independent public chains, they can develop privacy smart contracts directly on the main chain, and can also provide privacy calculations for other public chains as side chains or parallel chains.

Oasis team members include Professor Dawn Song from Berkeley University and many world-leading security experts. It has received $45 million in investment from investment institutions including Binance Labs and a16z. In addition, Oasis has achieved interaction with the Ethereum network, and developers are gradually trying to build NFT projects on the Oasis network. PlatON has currently received $50 million in investment from institutions such as Alpine Capital and Hash Global Capital. The similarity with Oasis is that both realize high-concurrency privacy computing; the innovation is that in addition to the consensus network (main network) and the privacy computing network, the PlatON network also has an independent AI network designed to realize big data model training.