Opt-in or Opt-out Privacy, that's the Question!Clarifying our stance on Particl's privacy setup and the reasons for it.
Every once in a while, the question of why PART, Particl’s native currency, isn’t anonymous by default comes up. As you can imagine, this topic can rapidly lead to fiery debates on the level of privacy certain protocol implementations offer and as to why a certain currency was designed the way it is.
We’d like, today, to clarify our position on this topic and detail why we’ve decided to follow this particular path.
Note: In this article, we often refer to RingCT transactions as “anon transactions". These are used as synonyms.
Table of Contents About Particl's Native Currency; PART
What are Particl Distributed Apps
The Need for Public Balances
About Particl’s Privacy
How Does RingCT Work?
Leveraging Particl Applications to Boost Privacy
New Privacy Boons Abound
So, Should PART Become Private-by-Default?
Particl Desktop Privacy Improvements on the Way!
Synergy and Collaboration, not Tribalism and Exclusion
About Particl’s Native Currency; PARTBefore we get into the nitty-gritty details as to why PART uses an opt-in privacy setup rather than mandating all transactions to be private, it’s important to understand the context of PART's existence and know what is its purpose within the wider Particl ecosystem.
Taken at face value, PART is a proof-of-stake privacy coin that uses the same privacy protocol as Monero (RingCT) but uses the Bitcoin codebase instead of the more rigid Cryptonote one.
This difference in codebases makes a world of differences. Indeed, leveraging the Bitcoin codebase enables PART to benefit from the sheer strength of the entire Bitcoin ecosystem and developer community. That means more developers auditing and contributing to the code (Taproot, LN, etc), more stability, and more products and releases to benefit from (Copay, Electrum, etc). But perhaps more importantly, that also means much more flexibility.
And that’s where PART shines uniquely and really sets itself apart from other privacy coins. While it uses the proven-effective but typically rigid RingCT and CT protocols, it possesses all of Bitcoin's flexibility; massively expanding its utility as more than just a private currency.
This added flexibility makes it possible to use the coin in simple Bitcoin-style smart-contracts and multi-signature contracts. But don’t get fooled by the word “basic”, what can be done with “simple smart-contracts” is pretty astonishing in itself as demonstrated by distributed apps like Particl Marketplace (decentralized e-commerce) and the recent Taproot developments. More on that shortly.
What is PART’s Real Intended Purpose?When we, the Particl team, first envisioned and designed the Particl project, we had a very clear mission in mind: building an ecosystem of distributed applications that respect your rights and freedoms. This is our primary focus and all further design decisions follow that guiding line.
We are building these applications for everyone—freedom seekers, the persecuted and censored, big and small online sellers, online shoppers, the “typical internet user”, and, among many other types of people, privacy enthusiasts too.
In that sense, building a privacy coin that only serves as a medium of exchange isn’t our objective. PART is a multi-purpose, privacy-focused currency that is more akin to a tool than only a currency. By design, it needs to be flexible enough to accomplish various functions within the Particl ecosystem, which is achieved by leveraging the benefits of the Bitcoin codebase.
It is with this need for both multi-purpose flexibility and privacy that we’ve designed PART’s privacy setup and why we’re confident that it’s doing exactly what we intended it to do in the first place.
What are Particl Distributed AppsTo give you a better idea of our vision, let's take one of the distributed applications of the Particl ecosystem. Particl Marketplace is a decentralized and private-by-default online marketplace that lets you buy and sell anything online with no restriction. Think of it like an eBay, but without any middleman, data mining, restriction, or sales fee/commission.
This marketplace is made possible thanks to many pieces fitting together: the flexibility of the Bitcoin smart-contracts, the use of a custom and unique P2P messaging layer (SMSG), the privacy benefits of the RingCT protocol, a distributed governance system, the anonymity of the Tor network, and the smart-contract capabilities of the Bitcoin-based CT protocol.
As PART itself directly powers some of these functions (i.e., content moderation), its multi-purpose nature becomes clearer. And as some of these functions cannot work using anon balances and transactions, the debate on whether we should mandate private transactions or not suddenly becomes more nuanced.
The Need for Public BalancesRingCT transactions are, by design, quite rigid as their outputs are not programmable. This prevents anon balances to be used in more complex scenarios, on various platforms, and for certain use-cases. To circumvent this limitation, Particl leverages both public (Bitcoin-like) and CT transactions. This “protocol flexibility” is one of the coin’s most important strengths and expands its utility beyond what it could be if it was working exclusively using RingCT.
What are Public Balances Used for?At this time, here’s a list of some components of the Particl ecosystem that require public balances to function:
The Particl Proof-of-Stake (PPoS) consensus mechanism, including cold staking and cold staking pools. There is, however, an option to receive all staking rewards using RingCT or CT transactions for those looking for that extra layer of privacy. To learn more about how to do this, please refer to this article.
Particl's decentralized treasury which funds community initiatives.
The community governance system which allows stakeholders to vote on important decisions with their stake weight.
The Particl Marketplace community moderation system which lets the users moderate undesirable content off of the marketplace and fight off spam on the platform.
The mobile wallet Particl Copay.
The light wallet Particl Electrum (desktop and mobile) which is expected to power future mobile and web releases.
Hardware devices such as the Ledger Nano S and the Trezor.
And, although Particl Marketplace’s two-party escrow system doesn’t rely on public transactions, it still requires CT transactions to link RingCT outputs together to provide its anonymity. You can read more on how this is done by checking out this article.
As you can see, many critical components of the Particl ecosystem entirely rely on public balances and transactions. Making PART private-by-default or outright mandating private transactions would cause a significant setback and even force the project to abandon some of its core components. This would go in direct opposition of our mission.
What About Exchanges?Another downside associated with having a private-by-default cryptocurrency has to do with the ever-evolving legal landscape of the blockchain industry. As is becoming more evident by the day, regulations are tightening, notably around the use of “privacy coins”. As a result, a lot of leading exchanges have resorted to delisting and/or not entertaining adding privacy coins as a way to protect themselves and ensure that they remain compliant.
With Particl’s relatively precarious presence on exchanges, having the main transaction type be transparent is a definite upside.
And even though exchanges could, in theory, change the type of transactions they accept if Particl were to switch to a private-by-default model, they may not be inclined to do so purely based on the fact that PART itself has relatively low liquidity and volume. The effort involved with implementing that change at the exchange level, coupled with the legal uncertainty of accepting privacy coins, may simply not be worth it for exchanges. This could lead to a delisting and reduction of accessibility to the PART coin; something that cannot be neglected as the coin needs to be as accessible as possible for Particl to accomplish its mission.
Auditing the Circulating SupplyEverything in life has trade-offs. With cryptocurrencies that mandate private transactions like Monero, the added privacy is counter-balanced by the fact that the circulating supply cannot be properly audited with full certainty. And although the reasons that may cause supply inflation are usually considered more theoretical than practical, they are real risks nonetheless.
By having public balances on which people hold funds and stake from, you can determine, with more accuracy, whether or not the total number of coins in circulation is as expected. As the Monero team best wrote it: “(…) the use of transparent fund migration means that an attempt to move enough exploited funds through the transparent Zcash pool could be detected (…)”. On that note, we highly recommend reading Monero’s well-thought-out response on the topic of supply auditability, how it relates to private (“opaque”) cryptocurrencies, and the trade-offs involved with this.
In our particular case, supply auditability isn’t the main reason why we’ve opted against mandating private transactions, but it’s certainly an appreciable benefit.
Transaction SpeedOne non-negligible benefit of having public balances is the faster speed of transaction settlements on Particl. While both public and anon transactions use block confirmation times of 2 minutes, public balances are usable after 1 confirmation (~2 minutes) while anon balances can only be used once the funds it contains have reached 12 confirmations (~24 minutes).
This speed is handy in many situations and straight up required in others, notably in the context of certain Particl applications where the public balance holds a key role (i.e., moderating marketplace content).
About PART’s Privacy
Although PART is a multi-purpose coin that accomplishes different functions within the ecosystem—and, as we’ve just seen, some of these functions cannot work over anon (RingCT) transactions—its privacy is still one of its most important selling points and development priorities.
When debating whether or not PART should be private-by-default, are we asking the right question? Is the entire debate misdirected?
At its most fundamental level, this debate seeks to find out whether or not PART’s current privacy capabilities are good enough to keep people anonymous. Whether or not PART mandates RingCT transactions or not is irrelevant as long as the user privacy is solid enough.
Is Particl private-by-default?Let’s first clear this question out of the way. No, Particl isn’t “private-by-default”, but it is heavily focused on anonymity nonetheless.
Keep in mind, Particl’s mission is first and foremost to provide an ecosystem of applications that respect your rights. The race to the top for the absolute most private cryptocurrency in the space is not our primary focus and purpose. That being said, PART absolutely qualifies for a spot within the top privacy coins as we are just about to find out.
Keeping our mission in mind, PART is not dedicated exclusively to privacy maximalists but also to a much wider range of audiences that also include people that may not care as much about this specific aspect but more about others, like cutting off the middleman from their e-commerce operations, for example.
But is opt-in privacy, rather than mandated, an actual threat to the quality of that privacy? Let’s see how RingCT works in the first place so that we may be able to answer that question after.
How Does RingCT Work?RingCT is a combination of the Confidential Transactions (CT) and Ring Signature privacy protocols. CT keeps transacting amounts private and ring signatures keep the identity of the participants private.
Whenever you make an anon transaction, the transacting anon outputs are pooled up with other anon outputs on the network (ring signatures). These other outputs pose as "fake transaction participants" and merely serve the role of being plausibly deniable decoys to hide amongst.
For an outside party looking into the transaction, it is theoretically not possible to tell, with certainty, which of the “participants” actually participated in the transaction, meaning that neither the value of the amount transferred nor its participants can be traced. And while academic and theoretical attack vectors do exist, as in every privacy protocol, RingCT has proven time and time again to be one of the most robust out there.
What Contributes to Greater Privacy?To keep things simple, more anon transactions on the network mean more privacy, and that privacy gets even better when there’s a constant flow of new legitimate transactions being created. But let's break that down in more detail.
How private a transaction is, at the protocol level, mainly depends on two factors. On one end, the sender of an anon transaction can increase or decrease the level of its privacy by using a greater or lesser number of "ring signatures". More ring signatures means more decoys participating in a transaction and thus, in simple terms, greater expected privacy.
On the other end, the total number and diversity of these decoys matter greatly. Because RingCT's privacy is obtained by hiding among decoys, its effectiveness increases when there are more of them, and more of them coming from different sources, to pick from.
To understand this better, imagine that you are the sender of an anon transaction that contains 8 ring signatures. Out of these, 2 of them are real participants (the sender and the receiver) and 6 of them are decoys. If the identity of 4 of these decoys is known to an outside observer (i.e, an exchange, a blockchain tracing company, etc), that really only leaves you with 2 decoys to hide among, making it easier, in theory, for the real participants to be identified.
That's why having a large number of outputs and transactions on the network improves your privacy. It gives the protocol more decoys to work with, and more diverse ones, effectively reducing your chances of picking up compromised ones.
On the topic of the diversity in the source of these outputs, it is also very important as it reduces the chances of picking up decoys known to third-parties collecting data on large numbers of outputs from a single source (i.e., an exchange keeping tabs on all the Monero outputs of its users). Note that this becomes a much bigger problem if and when these parties start collaborating together and sharing their collected data with each other.
Opt-in Privacy and the Human Factor
At the protocol level, RingCT's privacy isn't directly affected by whether or not it is mandated or the default transaction type of the blockchain.
If, for example, Particl’s RingCT layer had a similar number of transactions per day as Monero, it would have a somewhat comparable level of privacy at the protocol level. But, in practice, it gets a bit more complicated because, as mentioned earlier in this article, everything has trade-offs.
In the case of opt-in privacy, the trade-off is the human factor. Having the ability to switch back and forth between public and anon balances opens the door to human errors and sub-optimal protocol usage. As with all cryptocurrencies, including private-by-default assets like Monero, there are some considerations and best practices to keep in mind to maintain a good level of privacy.
Note: The risks typically associated with the human factor are mostly applicable to normal peer-to-peer anon transactions between two users. Using Particl applications, like the marketplace, significantly reduces the risk of human error by automatically applying some of the recommended best practices.
Leveraging Particl Applications to Boost PrivacyAs previously mentioned, the Particl project is much, much more than just a cryptocurrency. It's an ecosystem of distributed apps that respect your rights, with one of these rights being the right to privacy. And that's precisely where lies Particl's mind-blowing privacy potential; in its apps!
To understand why that is, let’s take the Particl Marketplace app as an example once again. It lets you buy and sell anything online with no restriction. It is private by default, meaning that all payments for goods and services have to use RingCT. For sellers, there's the option to pay for their listing fees (listing an item for sale on the marketplace) using anon transactions.
And thus, each item listed on the marketplace generates at least one transaction, meaning that a seller who wants to list 100 items will generate 100 unique anon transactions alone plus two other anon transactions per sale (as both the buyer and the seller have to make an anon transaction to complete the escrow private smart-contract).
As is self-evident, simple usage of the Particl apps like the marketplace dramatically scales the number of real, "high-quality" anon transactions per day on the network up. To get an idea, simply think of how many e-commerce transactions happen every day on the web. How many items are listed online. Sure, that's an unfairly large segment to compare Particl to, but just think of how many transactions happen just within the still-very-niche decentralized marketplace segment (i.e., OpenSea).
"To hide the signal, you must generate noise" - Kewde, Particl developer
As a reference, Monero does around a solid 16,000 transactions per day at the time of writing this piece. Could usage of Particl Marketplace general similar numbers? The jury is still out but one can speculate.
And the cherry on top? Particl Marketplace, and all future Particl applications like the upcoming BasicSwap DEX, is entirely decentralized and trustless. There's no central party able to collect any data about you, your anon outputs, or those of other participants on the network; a very unique advantage of Particl over other privacy coins.
In other words, using Particl applications not only increases the number of anon transactions and outputs on the network, but it also does so in a way that improves the quality and effectiveness of available decoys. As current and future Particl applications gain more adoption, so does the the level of on-chain privacy as well.
New Privacy Boons AboundParticl is fortunate to be built on the Bitcoin codebase. Indeed, contrary to what many think, the Bitcoin codebase is evolving rapidly and is going through a particularly innovative phase. That is especially true of recent progress made on the Lightning Network and Taproot, both of which innovations are available on Particl and enhanced by an extra RingCT bridge for added anonymity.
Not mandating RingCT transactions gives us the ability to leverage and combine these breakthrough developments from the Bitcoin community to massively improve Particl's privacy and make its applications better for all.
Complex and Private LN-based Smart-Contracts
Indeed, recent developments have made it possible to run complex smart-contracts on the Lightning Network. These smart-contracts can even be deployed using CT to keep the amounts transferred confidential. This is a significant development for the Bitcoin community as it dramatically improves your privacy and opens the coin up to even more use-cases. But there is a small caveat; blinded smart-contracts don't hide the identities of people using them; only the transacted amounts remain confidential.
If that smart-contract was powering the escrow of some hypothetical marketplace, it could be possible to tell the identity of the seller and the buyer of a given transaction. On Particl, the additional layer of RingCT would keep both the buyer and the seller private by letting them enter and exit the Lightning Network without leaving a trace.
Taproot ScriptsWith Taproot now being enabled on Particl, new on-chain scripting options have become available. Taproot enables more advanced, but also more private, complex transactions by combining multiple keys and signatures into one. With it, you can pre-emptively program payments within a group of people and trigger them following a set of pre-defined conditions. The resulting transactions look just like any other regular transaction on the blockchain and neither the conditions nor the identities of the participants are exposed.
This opens a ton of opportunities, like for example entering and exiting the Lightning Network more privately, making Particl's treasury entirely decentralized, making BasicSwap DEX swaps with Bitcoin-based currencies look just like a normal transaction, or even making some core components of Particl quantum-proof. And that's just to name a few of the possibilites...
Note: In both the cases of LN and Taproot, it's important to note that RingCT transactions are not directly merged with LN and taproot, but rather run upon entering and exiting the L2 network to break the history.
So, Should PART Become Private-by-Default?Ultimately, there is no right or wrong answer to this debate. With both options, there are pros, cons, and trade-offs. There is no perfect solution; it all depends on the purpose of a specific cryptocurrency and the mission it’s trying to accomplish. However, we are highly confident that Particl's current privacy setup strikes the optimal utility/privacy balance for what it seeks to accomplish and for who it seeks to accomplish it for.
And although PART can be said to be less private than competing privacy coins such as Monero, an obvious statement considering the difference in the number of transactions between the two networks at this present time, its privacy potential is just as solid, if not even better, assuming decent usage of Particl's distributed applications and that best practices are followed by users.
PART's public addresses provide a lot of capabilities that are key to Particl's ecosystem and they cannot be readily dismissed. For this reason, and for the other reasons mentioned earlier in the blog post, the Particl team does not plan to switch to an exclusively private-by-default model of transactional privacy in the foreseeable future. We want to reiterate our strong confidence in our current model and are focusing on building applications that will organically raise the diversity and number of anon transactions and outputs on the network.
That being said, we remain open to adjusting our position on this matter in the future depending on how things evolve.
Particl Desktop Privacy Improvements on the Way!The fact that we embrace an opt-in privacy setup doesn't mean we can't work towards reducing potential mistakes caused by the human factor.
As such, Particl Core contains a few improvements in the RingCT implementation that mitigate some of the risks introduced by the opt-in nature of PART's privacy setup.
Also, in the next few Particl Desktop updates, you can expect new privacy-focused UI additions and improvements that seek to reduce the risk of human errors to a minimum. For example, a simple "churning function" that automatically churns your anon outputs (generates privacy-enhancing transactions (send-to-self) and creates more noise to hide within) to improve your privacy and everyone else's as well. Stay tuned to our weekly development updates for more information.
Synergy and Collaboration, not Tribalism and ExclusionParticl's purpose is to build an ecosystem of apps that respect your rights and is as inclusive as possible. The race to the top for the most private features on a cryptocurrency is something we keep in mind without prime focus, although we fully believe PART can eventually become as such once the adoption of the Particl platform grows.
As part of this vision, we are working on a cross-chain and private decentralized trading exchange (BasicSwap DEX) that lets you swap different cryptocurrencies without the use of any third-party.
That means you can easily enter and exit the Particl ecosystem using your favorite privacy coin such as Monero, for example, and enjoy the benefits of both chains at the same time.
By combining Monero's private-by-default currency-focused approach and Particl's app-focused vision, you can reach strong levels of privacy few people thought were possible. The trade-offs of using an opt-in privacy coin (Particl) can then be offset by using an opt-out one (Monero) on the platform, just like Monero can offset its trade-offs (lack of distributed apps and more rigidity) by bridging into the Particl ecosystem using BasicSwap. A win-win situation for both blockchains and a major victory for the people.
Once the DEX is integrated into Particl desktop client, Particl Desktop, the synergy it creates with other privacy coins will take the entire privacy enthusiast community to the next level. You'll be able to use distributed and private applications without making any security or privacy compromise and by using your favorite coin.
Indeed, synergy, not tribalism, is how we see the privacy coin space evolving to the direct benefit of the people. There are many different approaches to privacy and it’s difficult to say which one is the best because, in part, use-cases and target audiences differ so much. And so, why not combine different options and work in unison towards bringing more privacy to the average joe? That's what we set out to do with Particl, and what we'll keep giving our blood, sweat, and tears to day after day!
Read The Full Blogpost here: https://particl.news/opt-in-or-opt-out-privacy/Particl V3.1 is now Available on Mainnet - Download now from the official Particl website: particl.io