Privacy and Public Transparency: Can a DEX Provide Both?
DEX traders live in a strange world of transparency via publicly distributed ledgers and the desire for privacy to protect from exploitation
Maria Vonotna/Shutterstock modified by Blockworks
When it comes to personal cryptocurrency investments, privacy should rank pretty highly on the priority list of traders.
That’s typically especially the case for decentralized exchange — or DEX — users who don’t want to be the victims of frontrunning or other sorts of nefarious tactics that eke out value from their order flow over time.
Setting aside the moral principles of privacy, the practical side of the equation is certainly important.
A lack of built-in privacy mechanisms has resulted in significant losses to DEX users over recent months, especially when it comes to traders falling victim to MEV attacks.
DEX traders live in a strange world, stuck somewhere between the transparency of distributed ledgers and the desire for privacy to guard against related potential exploits.
The founder of Penumbra Labs, Henry de Valence, spoke to Blockworks about the dichotomy between the public and private side of things on the Bell Curve podcast on Tuesday.
Building a privacy-focused DEX in the Cosmos ecosystem, de Valence says that Penumbra “looks quite different” than other chains.
“It has this extra dimension of which data is private and which data isn’t.”
“What does it mean to build a private DEX?” de Valence asks. “Does that mean, make literally everything private, run everything inside of Snarks, don’t disclose anything at any time to anyone? No, because it turns out, that’s not actually useful.”
The reason any blockchain is useful, he says, is because of its shared public state. For example, the reason Ethereum is so useful, he says, is because “it has this accumulated mass of users and state that can all be interacted with.”
The same privacy story as TradFi
The challenge then, de Valence says, is determining how to manage interactions between the public shared state and the private per-user state. The goal is to replicate “the same privacy story as TradFi or traditional finance, “where somebody can’t log on to my brokerage account.”
The fact that, unlike traditional finance, it’s entirely possible in DeFi to build a dashboard that publicly discloses personal information like profit and loss performance is “insane,” de Valence says.
One of the challenges of maintaining the benefits of DeFi, like real-time transparency of the system, is “how do you keep that for the aggregate pieces but retain privacy for each individual user’s contribution to that overall shared state?”
Penumbra’s architecture, de Valence says, has “a pretty explicit segmentation” between the public aggregate state and the private per-user state.
The DEX runs on a “frequent batch auction-style model,” de Valence explains, for interactions between the public and private state.
“It’s a lot easier if you do that as part of a batch,” he says. “The way that you achieve privacy on a blockchain is by moving all of the execution off-chain, onto the end user device and having them submit like, ‘Here’s a proof of this new state that I’ve constructed.’”
This results in an asynchronous model, de Valence says, whereby the swap exists in a sort of frozen state, after which the chain figures out the execution price to resume the computation.
“Once you’re in that kind of async model, it’s just much easier to think about it in a batched way.”
Future possibilities for on-chain privacy
De Valence talks about future possibilities for improving privacy with “flow encryption,” which, he says, is a way to encrypt parts of a transaction while interacting with the public state.
“Like, I want to make a trade, right?
Flow encryption, de Valence explains, allows for “sorts of flows of value between different parts of the system.”
“Here’s value that’s flowing into a batch swap or here’s value that’s flowing into delegations to some validator or so on,” he says. “We want to be able to have the system see only the aggregate, but not be able to see any individual user’s contribution to that flow.”
A trader can prepare an encrypted contribution to a batch swap in a transaction. “Once all of those transactions get included in a block, the validators can sum up all of the encrypted contributions of everybody’s batch swaps, and then decrypt only the batch total.”
Everyone in the same batch enjoys “much stronger long-term privacy, because the only data that’s publicly revealed is the aggregate of all of our user intent.”
In this manner, de Valence says, the service provides “private coordination between all the users of the system without even them having to interact with each other.”
Privacy limitations on Ethereum
On Ethereum as opposed to Cosmos, de Valence explains, privacy mechanics described as ‘threshold encryption’ allow for a transaction’s contents and effects to be concealed up until the point where it’s included in a block. “And then at that point, you decrypt it and the whole system can see exactly what the transaction does in order to execute it.”
“And so as a user, that threshold encryption is not giving you any long-term privacy. It’s only giving you privacy up until the point that your transaction is included in a block.”
On Penumbra, de Valence points out that the amount any malicious actor can learn by illicitly decrypting transactions is much less. “You don’t get to learn like, ‘Hey, here’s exactly this particular account that’s doing stuff.’ You don’t get to see any other details other than like, this is the contribution.”
De Valence says current MEV exploits, such as rearranging blocks to exploit excess information disclosure, are “just the tip of the iceberg of possible kinds of adversarial behavior that you could do on-chain.”
“If I can see your entire history of your trading strategy, I can probably get a lot of information to use against you.”
Get the news in your inbox. Explore Blockworks newsletters:
- The Breakdown: Decoding crypto and the markets. Daily.
- 0xResearch: Alpha in your inbox. Think like an analyst.
