Why Monero Uses a Trustless Setup Unlike Zcash

By Diego Salazar

Few ideas in the cryptocurrency space receive as much attention and discussion as the concept of trust, and not without reason. After all, the entire point of a blockchain is to eliminate trust in third parties.

For those who don’t fully understand the idea, here’s a light primer. In the traditional financial system, third parties are generally used for various tasks. Banks are used to secure money on your behalf from theft, arbiters. Escrows are used so business deals can operate between two parties that don’t trust each other. Credit card companies pay out money for goods and services on your behalf, assuming the risk that you might not pay them back.

Each of these instances requires trust. For the banks and escrow agents, you are trusting that they themselves will not run off with your money, and for credit card companies, you trust they will not pay out money in your name without your consent, all of which are very possible. We do what we can to ensure these things do not occur. We only work with trusted companies and individuals, and we legislate to make the above scenarios illegal and try to ensure consequences to offenders, but that doesn’t always stop them from happening anyways.

Furthermore, these services do not come for free. Escrow agents and banks may charge for their services, and credit cards charge interest on loaned money.

Blockchain was made to eliminate these middle men, and the trust and fees that come along with them. Through the power of consensus, users can themselves enforce the state of the ledger, without trusting anyone to tell them how much money they have, and without any trusted third parties to potentially run off with your funds.

So much emphasis is placed on this trustlessness, that any change or technological addition that adds an element of trust back into the blockchain is met with great skepticism and criticism, and some projects reject all such notions outright. It’s interesting then that the same consideration is not given to privacy.

Once again, we look at the rest of the world and we see that too often, our privacy is at the mercy of ‘trusted’ third parties. When we give our physical addresses for an item we want shipped to us, we are trusting that the store in question will not use this info for nefarious purposes, or sell it to others. The same is true of our personal thoughts or photos that we post on social media. It even applies to our finances, as several hacks within the accounting industry, or finance apps that flat out post to an internal public board what people are spending money on (i.e Venmo).

Monero sees this commitment to trustlessness on the blockchain, and applies a similar standard to how we approach privacy. Our privacy should not depend on a third party promising to keep it safe any more than our finances should depend on others promising us they won’t run off with them. To this end, Monero ensures that all privacy technologies implemented are trustless.

There are other privacy technologies floating around. Trusted ones, and, admittedly, they are not without their strong points. Zcash uses certain types of proving systems as building blocks in its confidential transaction protocol which have very strong privacy guarantees, with large anonymity sets and, used correctly, could be a powerful way to ensure your privacy. The drawback to this approach however, as part of the initial setup of this technology, there needs to be a parameter set that must be chosen and subsequently forgotten. If anyone retains this parameter, they would have the ability to create false SNARK proofs, effectively printing money without anyone being the wiser because it’s hidden. But does this affect privacy? Some theorize yes, while others no, and in the end, more research needs to be done to come to a definitive answer.

Regardless, this process of minimizing trust sounds just like the scenarios we discussed in the beginning of this article. The traditional world. The one we’re trying to move away from. Blockchain itself doesn’t reduce trust in third parties, but rather eliminates it. The Monero community thinks the same standard of elimination rather than reduction should be applied to our privacy technologies also. Just because it is not definitively proven that trusted setups can or cannot compromise privacy doesn’t mean we should be lax about allowing trust back into the system in this regard.

Of course, any progression in the privacy space is an improvement, and often trusted privacy is merely a stepping stone to trustless privacy, and in these cases we are happy to see the space moving forward. And yet, at the same time, the Monero community just cannot, in good conscience, deploy privacy technology on our blockchain that would weaken the very purpose of our revolution.

We often get asked the question of when Monero is going to implement this or that new privacy tech. These questions often come from the uninformed, who don’t understand the trade-offs, and are merely parroting the new privacy buzzwords of the day. The answer to these questions is simple. Monero is constantly looking at, reviewing, and researching new privacy protocols that would strengthen the privacy guarantees on the Monero chain, but we are unwilling to delve into the world of trusted privacy to achieve this goal, even if the guarantees are theoretically stronger.

Some say this approach will prove to be outdated, but we think such people have lost the story of why we are here to begin with.

Further reading