# Privacy and Scaling Explorations guest post For the purpose of this post let's define three levels of identity. 1. Fully identified. e.g. That's John, he lives on Fig Street and works at the bank 2. Pseudonymous. e.g. That's trundleop, he writes posts about bridges and trolls. 3. Anonymous. e.g. Identifier 0x219fa91a9b9299bf wrote a post about bees. This identifier will never be seen again. It's very hard to go from lower levels of identity to higher levels of identity. If I see John spraypaint a scythe on the back of the bank he works at, he's going to have a hard time convincing me it was someone else. Conversely, it's very easy to go from higher levels to lower levels (if we're using ZK proofs). If I control identifier 0x219fa91a9b9299bf I can always make a ZK proof showing control, linking it to a pseudonym, identity, or another anonymous identifier. Because identification is basically a trapdoor it makes sense to build primitives that are _anonymous by default_. Users, or even applications, can choose to operate at lower levels of identity. But to support anonymity everything must be anonymous by default. ## Physical Security Imagine a sphere with a radius of 100 meters, with the following layers - layer 1: 20 meter depleted uranium - layer 2: 30 meter steel - layer 3: 5 meter platinum - layer 4: 5 meter aluminum - layer 5: 20 meter gold Imagine this sphere is dropped in New England in the year 1700. Assume every human on the planet is aware of the composition of the sphere. What year might humans be able to access the gold? Physical items can only be secured by physical means. Information can be secured by mathematics. Mathematics offers exponentially better security than any physical material. If instead we encrypted an Ethereum private key using 4096 bit RSA the key would not be be seen until humans have a working quantum computer that can calculate the prime factorization of a large number. If the same text were encrypted with 256 bit SALSA20 it would not be accessed until either: - Binary computers can search 2^256 - Quantum computers can search 2^128 The security of information is defined in terms of what information systems can do. Information security is physical because it requires a physical device to exist/breach. e.g. you probably can't search 2^128 using pen and paper, even if every human participated. ## Universal Reputation UniRep use a combination of cryptographic primitives to allow applications to store user data for anonymous entities. Users can then prove facts about data that is stored for them, without revealing their identity. Thus websites can build robust experiences for anonymous users like: - Tracking what movies you've watched - Tracking what movies you like - Tracking what products you buy - Tracking which humans you are friends with - Tracking what information you often need e.g. - email - calendar - documents The data in each of these cases can only be accessed by the user. ## Example I log on to dniester.com; a website that sells goods. My web browser connects to an Ethereum node and constructs my user data. It then generates a proof that I am approved to make purchases and requests a list of products from dniester.com. I now am able to browse products sold by Dniester. I can locally calculate which products I have bought in the past. This is calculated using data from an Ethereum node. The website is then able to show things like - recently purchased - similar items When I want to make a purchase I send the following: - 100 DAI - Proof that I am approved to make purchases - Proof including a current **epoch key** I control - Asymmetrically encrypted purchase list and delivery address All of this can be included in a single ZK proof. A purchase request. When I click "buy" this proof is generated and then sent to dniester.com. dniester.com validates the proof, decrypts the purchase info, and checks their inventory; then creates an order in their database. They also attest to the **epoch key**, with the purchase data symmetrically encrypted for the user. The user is able to see their purchase history using only public data sources. The user may anonymously request updates from dniester.com by proving ownership of a purchase in ZK. The user may anonymously leave a rating for a product by proving ownership of a purchase and generating a nullifier. The user or dniester.com can make proofs about encrypted data. e.g. to reveal information from a purchase request, or purchase. ### Symmetric Encryption You may have noticed in the above example the application symmetrically encrypts some data for the user. Symmetric encryption requires knowledge of a single secret/password to encrypt/decrypt. So how can the website encrypt the data for the user without knowing the password? This can be achieved using an interactive ZK scheme. The application sends the plaintext data to the user, then the user generates a ZK proof that they encrypted the data using a ZK friendly cipher like chacha. ## Non-Profit Systems Information systems that are bound to businesses must, as a product of their existence, create **maximum** profit. To achieve the maximum profit requirement they generally rely on selling attention to external actors. Public/anonymous systems can be built without this maximum profit requirement. A good example is the operation of an Ethereum node. Participation is public/pseudonymous, and a fixed profit is taken based on participation. A fixed cost is incurred for hardware, internet access, and Ether collateral. Using UniRep we can build pub/anon systems with robust non-profit economics. For example, a grocery delivery service could be built using UniRep. A user makes an order and pays $100. This $100 is split like - $90 cost of groceries - $9 payment to shopper - $1 payment to system operation fund In this contrived example, the shopper, the person doing the work; takes \~90% of the profit. The system itself takes 10% profit to cover transaction fees and cost of operating web services. Contrast this to something like Instacart where the bulk of the profit is taken by the company while the people doing the work rely on tips. Such non-profit systems are hard to build because they require an upfront investment of engineering resources. This cost can be recuperated as a temporary fee on each order until the full cost has been repaid. **Behavioral pattern changes, not a difference in realtime interaction.** ## Conclusion In UniRep 2.0 all user facing proofs takes < 5 seconds, even on mobile devices. Try {{ insert demo app link }} for {{ insert demo app functionality }}. You can also read more about the UniRep protocol [here](https://developer.unirep.io).