Vitalik Buterin Unveils Roadmap for Improving Privacy on Ethereum

Ethereum co-founder Vitalik Buterin has outlined a nine-step roadmap to improving privacy on the world’s second most valuable blockchain.

In an April 10 blog post, Buterin suggested what he calls “a maximally simple L1 privacy roadmap” containing ways to “practically improve the state of privacy experienced by Ethereum’s users in a way that is very light on Ethereum consensus changes.”

It starts with incorporating privacy tools such as Privacy Pools and tools like the ones used by the Railway Private DeFi Wallet into existing wallets.

“Wallets should have a notion of a shielded balance, and when you send to someone else, there should be a ‘send from shielded balance’ option, ideally turned on by default,” he wrote. These should be simple to use and not require the download of a separate privacy wallet.

The goal is to reach a world in which “a large portion of sends are private, and private sends are default in many cases,” and the activity inside individual applications is public, but the link between a user’s activity in separate applications is private, Buterin said.

Significant sacrifice

Buterin suggested moving the ecosystem to a “one address per application” standard by default, saying he knew it would “entail significant convenience sacrifices.”

But, he added, it is the most practical way to remove public links between a user’s activity across different applications. It works well with in-application wallets, and the workflows needed look very similar to what’s already needed for cross-chain interoperability, like depositing funds to a chain from one of a group of sources, he said.

This would require making send-to-self transfers privacy-preserving by default, he noted.

Short and long-term privacy

Buterin also suggested incorporating trusted execution environment (TEE) security module-based RPC privacy into existing wallets. RPC nodes are servers that provide an interface allowing apps and users to interact with the blockchain.

That said, he also noted that this is a short-term solution as TEEs should be replaced with private information retrieval (PIR), as PIR is much stronger cryptographically. PIR is not yet efficient enough on large data sets, thus the halfway step with TEE.

Beyond that, wallets should connect to multiple RPC nodes with the option of going through a mixnet. This would, ideally, use a separate RPC node for each DApp.

Buterin also suggested implementing several proposals designed to make it easier for privacy protocols like Railway and Tornado Cash to be developed, operated and maintained.

Finally, Buterin suggested working on ways to allow more than one privacy protocol transaction to share a single onchain proof, and to work on privacy-preserving keystore wallets.

Another overall goal is to create privacy guarantees that hold “against adversaries operating RPC nodes,” Buterin said.