Agoric Privacy Aspirations: How do we get there?

You can’t have freedom, you can’t have human dignity, you can’t have ownership of your own stuff, without privacy. – zooko Feb 2022

Zooko and the Agoric founders have been collaborating on privacy technology for decades. Investment from ZCash was instrumental to launching Agoric.

The Agoric blockchain launched with a decentralized validator set in 2021 and added the Hardened JavaScript VM last fall. But it remains essentially completely public. Architecturally, the JavaScript Framework for Secure Distributed Computing supports smooth interoperation between public blockchains and private compute infrastructure, but that’s a fairly limited form of privacy support.

Meanwhile, proof-of-stake is on the ZCash roadmap as well as research on bringing privacy to the Cosmos ecosystem. Note the recent Call: Overview of Tendermint/IBC/Cosmos - Zcash Community Forum.

There’s all kinds of cool Zero Knowledge stuff going on - efficient proof techniques, programming language integration… I wish I could keep track of more of it. What cool / promising stuff have others seen lately, I wonder?

By way of inspiration, in a March 18 Office Hours session on Agoric Foundations, discussion with Mark Miller included this bit on privacy:

Privacy Aspirations, Xanadu, and the Web

MarkM: One of the things that was an essential part of the Xanadu architecture was for nobody to be able to know what you’re reading. That’s the thing that I found most bizarre about the hypertext system that the world that then took over the world, the web, which is, with the web architecture, not only can the server that serves the document know what document you’re reading, but with, you know, the web 2 architecture, they can know where you are in the document, how much time you’re spending, looking at which paragraph, how your mouse is moving… The the degree of violation of privacy of people reading things to take in information is just something that just not in my wildest nightmares would I ever have thought that masses of public would have accepted that kind of loss of privacy.

So in any case, I very much absorbed from Ted. This notion that we’re at a choice point, that that humanity is at a choice point, that these electronic networks are coming, and it could be a 1984-style nightmare, or it could be a great liberating force. And I also very much took up the idea that it was our responsibility to figure out how to build the great liberating force; that that how it turns out, depends on what we build.

Thomas Greco: How do you think we… you said never in your wildest dreams would you imagine the current state of web 2, because you guys had such such great visions right for building this private
infrastructure. Where do you think things went awry?

MarkM: So part of why it went awry was actually, I’ll say my fault, or primarily my fault… which is in 1989, Dean and I both left Xerox Park to form the newly funded Xanadu – Xanadu had been going on unfunded on a shoestring all of this time until 1989, when Autodesk decided to fund it. We then formed this really wonderful startup to build out to to really build the Xanadu a hypertext system. And there were 2 things we got wrong.

One was: we had a notion of what features you needed simultaneously to have a hypertext system that will create good social emergent effects. There were basically 7 fundamental requirements… and this is laid out in my paper, The Open Society and Its Media, is what those 7 fundamental requirements were. And we built a system that that did those, but it took us longer than was expected. We kept having these triage meetings where we tried to figure out if we could drop something in order to get to market faster. And we kept talking ourselves into the fact that well, if you drop these things you get social pathologies. So you really need all 7 in order to get the kind of beneficial emergent social effects on the evolution of society’s knowledge that we were looking for that were motivating us. And as a result, the project went long enough that Autodesk, our funder, ran out of patience. Well, partially due to a management change at Autodesk. We were already in Beta with the with the product. It was, it was not well, not not in Beta. We already had the features working. We were demonstrating. We had the features working, all 7 features… but it was quite a long way from something that was a a commercially viable system at that time, by the time we ran out of funding.

The other thing we got wrong is: none of us appreciated what we would now call open source, which was then called free software, because Richard Stallman’s way of explaining the virtues of free software just didn’t make sense to us. It wasn’t until later, with the open source movement that we really came to understand the power of it.

But the result of those 2 things is that we built something where the technology itself was quite intricate and needed a bunch of work before it could be used commercially. And it was proprietary. So, without funding, it was hard to figure out how to to continue to advance the system.

The web came out with 2 and a half of our 7 elements, and took the world… and was a simple architecture, and was open source… simple enough, with text-based protocols – which is still kind of insane – so that you could, so that people are able to put together web servers on on with very, very little software, which which itself is, you know, quite wonderful that you could do it so simply. But with 2 and a half of the 7 elements, that proceeded to have all of the social pathologies that we were worried about. And in my paper, the Open Society and Its Media, there’s 2 paragraphs in that paper that I would say, really explain pretty damn well what we then later came to call filter bubbles and echo chambers and and all of those things.

So that’s that’s how Xanadu died, and it was in light of the death of Xanadu that Dean and I then left Xanadu and formed, with with Norm Hardy and others, Agorics, in the mid '90s, dropping the hypertext part, but taking forward the liberation goals. The decentralized cryptographic software systems, but now general purpose, computational systems that could support hypertext and other things could support just general purpose decentralized, secure, permissionless programming. If you can support that in general than any particular decentralized application like hypertext, you can, of course, build out of that.

So that was one of the formative elements.

my opinion on privacy in web3 is largely shaped by the regulatory climate we exist in. Unless Coinbase can win this court-battle to overturn the TornadoCash action, there is no legal means of complete privacy.

What I suggest is something similar to tornado cash… in which the user can reveal his transactions (to the IRS, being its main purpose)

However, this idea would allow both the user and network operators (multisig) to expose the transactions.

This would be privacy from the public (what people actually care about), but accessible to court order (and people care about this too, but the govt REALLY cares)

The caveat I make is that if a given transaction or wallet is exposed by the user or the multi-sig, it should leave a visible record on chain and who approved it.

This compromise protects the user from other users spying on their business, but also protects the Agoric Network from legal action.

I have no idea by what means this could be achieved… just something I’ve been mulling over for a while.

the more I think about it, that’s a slippery slope, and then they want ability to freeze transactions.

but if you are going for a fully compliant global solution that can integrate with a regulated financial sector, maybe its necessary.

but again, that could be done with full transparency… and there can be an eventual fork that is tied only to other “dark chains”

What do you think of Zcash-style viewing key and payment disclosure? Users and only users can reveal their on-chain activity. I believe this mechanism is the closest to the current situation we have in regards to cash transactions, and cash is legal.

This ZecHub post mentions “Viewing keys … allow users to selectively disclose information about transactions”.

FYI, the use of Zcash is approved by the NYDFS

Very cool! I was not aware of or didn’t remember about that. I never dove deep into ZCash, personally, but that is a reassuring sign.

I do recall that ZCash has two type of transactions, but that particular detail putting the user in control of revealing, I don’t know if I’ve heard of any other projects with this feature… though it does seem quite similar to tornado-cash.

Only users having ability to reveal transactions make sense, because under court order or other legal request, they can do so… no need for intermediaries

But there is still the issue of TornadoCash getting shut down, even though users had that ability to reveal.

Its a simple attack for a government body to create, fabricate, or otherwise promote illegal activities within a privacy preserving network, and the precedent is grim.

Here is a video from our office hours conversation a few weeks back. YouTube has tried to censor us but we won’t be held back! Kidding, however, we did have to deal with our original channel being taken down for reasons unbeknownst to us.

A really great discussion can be heard in the video below:

And here is a link to our playlist from this session:

Stay tuned as we have some more great content planned for release in the coming weeks.

(cc @JDLorax @dckc)

Interesting: Union uses zk to bridge IBC to ethereum.

The architecture is pretty interesting.

aside: nixos node config is cool

I just watched Harry Halpin’s talk at Cosmoverse: Nym Launching the Nyx Blockchain on Cosmos. (Thanks, @JeetRaut , for the timestamps!)

zk-nyms look cool.

I wonder if Zoe offers would fit as zk-nyms.

I have been thinking about zkOffers and zkZoe. They fit wonderfully with our general security model: contracts/servers don’t know who clients are (message.sender considered evil), they just know that any operation that can be invoked is authorized. So Zoe just needs strong assurance that the underlying assets are escrowed and can be reallocated. It doesn’t have to know anything about who or what client contracts provided them or gets to claim the payouts.