How to build a privacy token compatible to ERC20
- Alexander Mochkin
- Blockchain , Privacy
- December 4, 2022
Creating a privacy token similar to an ERC20 token (a standard for creating tokens on the Ethereum blockchain) involves various technologies and methodologies, especially if you want to enhance the privacy features, which typical ERC20 tokens don’t inherently have.
Here’s how you can go about it:
Smart Contract Platforms (like Ethereum) — While ERC20 tokens are specific to the Ethereum blockchain, there are other smart contract-enabled platforms suitable for creating custom tokens; some of these include:
- Ethereum ➲ : Despite being the platform for ERC20, you can create modified tokens with privacy features.
- Tron ➲ , EOS ➲ , or NEO ➲ : These are other platforms that support smart contracts and have their own token standards.
- Binance Smart Chain ➲ : Offers similar functionality to Ethereum but with different trade-offs in terms of centralization.
- Cardano ➲ , Polkadot ➲ , or Solana ➲ : These are newer platforms that support smart contracts and may offer different advantages over Ethereum, such as lower fees or faster transaction times.
Privacy Technologies — To infuse privacy features in your tokens, you might consider integrating established privacy technologies; these could be:
- zk-SNARKs/zk-STARKs ➲ : Zero-knowledge proofs allow transaction validation without revealing information about the transaction’s amount, sender, or receiver. These are used in privacy-focused cryptocurrencies like Zcash.
- Ring Signatures ➲ : This technology, used by Monero, provides privacy by ensuring that transaction outputs are untraceable.
- Mimblewimble ➲ : A protocol that fuses transactions together to obscure the original inputs and outputs, used by cryptocurrencies like Grin and Beam. In 2022 MimbleWimble extension blocks was added to Litecoin.
- Tornado Cash (for Ethereum tokens): A mixing service that uses zero-knowledge proofs to break the on-chain link between sender and receiver addresses.
Smart Contract Development Languages: You’ll need to write smart contracts for your privacy token. Languages include:
- Solidity ➲ (most common for Ethereum and Binance Smart Chain)
- Vyper ➲ (alternative to Solidity for Ethereum)
- Other languages specific to the blockchain you’re developing on if you’re not using Ethereum.
Development Tools: Tools and environments for development and deployment of your smart contracts, such as:
- Truffle ➲ : A development environment, testing framework, and asset pipeline for blockchains using the Ethereum Virtual Machine (EVM), simplifying the development process.
- Hardhat ➲ : A more recent tool that also allows for smart contract development with Solidity and testing.
- Remix ➲ : An online IDE for smart contract development and testing, easy to use for beginners.
- MetaMask ➲ : While primarily a wallet, it’s also essential for testing the user’s experience of interacting with your smart contracts.
Legal Compliance and Auditing: If you’re planning to release a token, especially one that handles privacy, you should:
- Ensure legal compliance with global and local regulations regarding cryptocurrencies, privacy, anti-money laundering (AML), and know your customer (KYC) requirements. This often involves consulting with legal experts.
- Get your smart contracts audited by professional auditing firms to catch security issues before deployment. This step is crucial, as smart contract bugs can be exploited and result in significant financial losses.
Community and Documentation: Lastly, establish a strong community and clear documentation. These are crucial for the adoption, proper use, and development of your token, as seen by numerous successful crypto projects.
Ring signatures in a Solidity smart contract
Implementing ring signatures within a Solidity smart contract is a non-trivial task due to the complexity of the cryptographic operations involved and the limitations within the EVM (Ethereum Virtual Machine) concerning computational resources. Ring signatures require advanced elliptic curve cryptography and, typically, implementations of such complex cryptographic procedures are done off-chain due to gas cost and practicality. However, here we can describe how you might approach this and provide a very simplified pseudocode representation of what this might look like.
Firstly, it’s important to understand what a ring signature is: A ring signature is a type of digital signature that can be performed by any member of a group of users that each have keys. Therefore, a message signed with a ring signature is endorsed by someone in a particular group of people, but you can’t tell which one. It provides anonymity for the sender.
Here’s a conceptual overview of what you would need to do, in Solidity-like pseudocode, with extreme simplification:
pragma solidity ^0.8.0;
import "elliptic-curve-solidity/contracts/EllipticCurve.sol";
contract RingSignature {
// This struct represents a public key on an elliptic curve
struct PublicKey {
uint x;
uint y;
}
// This struct represents a ring signature
struct RingSig {
uint c0; // Initial hasher
uint[] sValues; // Array of 's' values
}
// Function to verify a ring signature. This is a VERY simplified version of the verification algorithm.
function verifyRingSignature(bytes32 message, PublicKey[] memory publicKeys, RingSig memory signature) public pure returns (bool) {
uint numMembers = publicKeys.length;
// The verification algorithm would go here.
// A proper implementation would require a significant amount of elliptic curve
// math to calculate various points and check their properties, including lots of hashing and point multiplication.
//
// Pseudo-code:
// 1. Compute the key image
// 2. Validate the key image
// 3. Iterate over the ring, computing e and s values and the total e-value hash
// 4. Check that the computed e-value matches the starting e-value in the signature
for (uint i = 0; i < numMembers; i++) {
// ... perform elliptic curve operations and hashing
}
// In a real scenario, the following operations would involve complex calculations and comparisons
// involving multiple points on the elliptic curve and the key image. This is just a placeholder.
bool valid = /* ... result of ring signature verification algorithm ... */;
return valid;
}
}
In reality, the math involved in these elliptic curve operations is far beyond what’s practical to represent in a smart contract, and the actual steps of the ring signature algorithm are more complex than shown here. Typically, one would perform these operations off-chain in a more suitable environment and then publish the results to a smart contract. This is because of the high computational complexity and the consequent gas costs associated with performing such operations on-chain.
For real cryptographic assurance, it’s crucial to use well-reviewed cryptographic libraries and potentially leverage precompiled contracts that handle some aspects of the heavy elliptic curve calculations. It’s also highly recommended to have any cryptographic code audited by professionals.
To pursue an actual implementation, you might need to dive into cryptographic engineering, specifically around the use of elliptic curve operations in the context of Ethereum, and consider an off-chain approach for practical use.
You could also contact Professional Products to discuss your project and see if we can help you with your implementation.
References
- Photo by Matthew Henry ➲ on Unsplash ➲
- University of Maryland CS Department Whitepaper: Ring Signatures: Stronger Definitions, and Constructions without Random Oracles ➲
- CISPA Helmholtz Center for Information Security Saarland Informatics Campus & Stanford University: Ring Signatures: Logarithmic-Size, No Setup — from Standard Assumptions ➲
- Wikipedia: Ring Signature ➲
- Wikipedia: Elliptic Curve Cryptography ➲
- Wikipedia: Elliptic Curve Digital Signature Algorithm ➲
