More and more people are realizing the importance of privacy, particularly in web3. Front-running attacks plague multiple blockchains. Sophisticated users want to hide their financial holdings and trading strategies while still reaping the benefits of the DeFi ecosystem. While there has been an explosion of web3 companies, privacy is needed for the space is to have any real longevity. Without confidential voting, users may feel forced to self censor; concerningly, there's a possibility of tracking and analyzing user behavior across DAOs.
越来越多的人意识到隐私的重要性,尤其在 web3.0 中。抢跑交易攻击困扰着多个区块链。老练的用户希望隐藏其金融资产和交易策略的同时,仍能从 DeFi 生态系统中获益。虽然 web3 公司呈爆炸式增长,但要让这个领域真正长寿,就需要隐私。如果没有秘密投票,用户可能会感到被迫进行自我审查;令人担忧的是,还可能会有跨 DAO 跟踪和分析用户行为。
However, existing privacy solutions are difficult to work with and fall short when it comes to user experience. As we believe privacy should be built into applications from the ground up, our goal is to make it easy for developers to bring privacy to whatever application they envisage. To achieve this, two privacy technologies are needed—fully homomorphic encryption and zero knowledge proofs. With fully homomorphic encryption, anyone can perform computations on anyone else’s private data; no need to delegate access to your unencrypted data and no need to trust some third party with your privacy. Current approaches to privacy treat zero knowledge proofs (ZKPs) as the holy grail; however, ZKPs fall short when it comes to supporting lightweight users and private shared state.[1] Fully homomorphic encryption in combination with zero knowledge proofs will enable the creation of a richer variety of private apps.
然而,现有的隐私解决方案难以奏效,并在用户体验方面存在不足。我们认为隐私应该从头开始构建到应用中,因此我们的目标是让开发人员能够轻松地将隐私引入他们设想的任何应用。为此,需要两种隐私技术——全同态加密和零知识证明。通过全同态加密,任何人都可以对其他人的私人数据进行计算;无需委托对未加密数据的访问权限,也无需将您的隐私托付给第三方。当前的隐私保护方法将零知识证明 (ZKP) 视为圣杯;然而,ZKP 在支持轻量级用户和私有共享状态方面存在不足。完全同态加密与零知识证明相结合,将创建更丰富的隐私应用。
Sunscreen's goal is to turn the above dream into a reality; we're hard at work making FHE usable for web3 applications via an SDK and are lucky to be supported by an incredible group of investors in our mission.
Sunscreen的目标就是将上述梦想变为现实;我们正在努力通过 SDK 使 FHE 可用于 web3 应用,并且很幸运能够在我们的使命中得到一群令人难以置信的投资者的支持。
- For more details, we recommend starting with this paper.
有关更多详细信息,我们建议从本文↩︎开始
我们的线路图 (Our roadmap)
Our mission is to enable the next generation of private applications, starting first with (d)apps as we think privacy is most urgently needed there. However, to support FHE in web3, we need to solve a few major challenges first:
我们的使命是启用下一代隐私应用,首先从 (d)apps 开始,因为我们认为那里最迫切需要隐私。然而,要在 web3 中支持 FHE,我们首先需要解决几个主要挑战:
-
Performance is incredibly important for all sorts of applications but even more so for those related to finance and trading. Unfortunately, FHE is difficult for developers to effectively use–both because there's a steep learning curve and also because it's incredibly hard to set up FHE programs to get good performance.
性能对于各种应用来说都非常重要,对于那些与金融和贸易相关的应用来说更是如此。不幸的是,FHE 很难让开发人员有效地使用——既因为学习曲线陡峭,也因为设置 FHE 程序来获得良好的性能非常困难。 -
One of the tenets of web3 is "don't trust, verify." If the user provides a (d)app with encrypted data, how do we know the user-provided inputs satisfy the conditions of the application and aren’t just some garbage values? Remember that no one else can inspect the inputs since they're always encrypted!
web3的信条之一是“不信任,验证”。如果用户提供带有加密数据的 (d)app,我们怎么知道用户提供的输入满足应用的条件,而不是一些垃圾值?请记住,没有其他人可以检查输入,因为它们始终是加密的! -
While storage is incredibly cheap in web2, the same doesn’t always hold for web3. Fully homomorphic encryption is incredibly fast for certain classes of applications but it’s not very space efficient. How then can we use FHE in web3?
虽然 web2 的存储非常便宜,但 web3 并不总是如此。完全同态加密对于某些类别的应用来说速度非常快,但它的空间效率不是很高。那么我们如何在 web3 中使用 FHE?
At Sunscreen, we're working to solve these problems in phases. Our priority so far has been to tackle the first point; in doing so, we've built an FHE compiler tailored to the needs of web3 developers. We're now turning our focus to solving problems #2 and #3; to do that, we've been working on a zero knowledge proof compiler that is compatible with our FHE compiler (so that we can prove things about encrypted data), as well as an integration with a decentralized storage system that can be used to store larger ciphertexts off-chain.
在 Sunscreen,我们正在努力分阶段解决这些问题。到目前为止,我们的首要任务是解决第一点;为此,我们构建了一个专为 web3 开发人员的需求量身定制的 FHE 编译器。我们现在将注意力转向解决问题 #2 和#3;为此,我们一直在研究与我们的 FHE 编译器兼容的零知识证明编译器(以便我们可以证明有关加密数据的事情),以及可用于存储更大链下密文的,与去中心化存储系统的集成。
全同态加密编译器 (Fully homomorphic encryption compiler)
So you want to use FHE? Awesome! Let’s see what the current experience is like as a developer looking to integrate FHE into your application.
所以你想使用 FHE?太好了!让我们看看作为希望将 FHE 集成到您应用中的开发人员的当前体验。
As hinted at in challenge #1, existing FHE libraries expect that you as the developer have a deep understanding of the underlying cryptography and mathematics. To compound the problem, runtime can vary by orders of magnitudes depending on how well the developer selected the FHE scheme parameters for their particular application. As a result, it’s difficult for anyone but experts to get good performance out of FHE.
正如挑战 #1 中所暗示的,现有的 FHE 库希望您作为开发人员对底层密码学和数学有深刻的理解。但运行时间可能会相差几个数量级,则会让问题复杂化。具体取决于开发人员为其特定应用选择的FHE 方案参数的(复杂)程度。因此,除了专家之外,任何人都很难从 FHE 中获得良好的性能。
To solve this problem, we've built an FHE compiler. The idea here is that a developer only needs to know the very basics of public key cryptography (e.g. key generation, encryption, decryption). Behind the scenes, our compiler transforms a normal Rust function into an FHE equivalent with privacy. It figures out the best parameters for optimal performance, inserts special FHE-specific operations in automatically, generates all the circuits, and even parallelizes the program for you if it can!
为了解决这个问题,我们构建了一个 FHE 编译器。这里的想法是开发人员只需要了解公钥密码学的基础知识(例如密钥生成、加密、解密)。在幕后,我们的编译器将普通的 Rust 函数转换为具有隐私的 FHE 等价物。它计算出最佳性能的最佳参数,自动插入特殊的 FHE 特定操作,生成所有回路,如果可以的话,甚至可以为您并行(运行)程序!
Initially, we support the BFV fully homomorphic encryption scheme. However, we have designed our compiler so that we can swap out the backend FHE scheme in the future. If you've already tried out our compiler, you likely suspected this after typing:
最初,我们支持 BFV 全同态加密方案。但是,我们设计了编译器,以便将来可以调整后端 FHE 方案。如果您已经尝试过我们的编译器,您可能会在键入以下内容后仍有怀疑:
[fhe_program(scheme="bfv")]
We believe BFV is one of the most suitable FHE schemes for web3 use cases. BFV is one of the few FHE schemes that supports 32+ bit computation without a severe degradation in performance, provides fast arithmetic, and has relatively small key sizes. Sounds too good to be true? Check out our playground or read more about how our compiler measures up to existing attempts.
我们相信 BFV 是最适合 web3 用例的 FHE 方案之一。 BFV 是为数不多的 FHE 方案之一,它支持 32 位以上的计算而不会严重降低性能,提供快速算法,并且具有相对较小的密钥大小。听起来好得令人难以置信?查看我们的游乐场 或阅读更多,了解我们的编译器如何衡量现有尝试。
We're also exploring support of FHE extensions like multi-party FHE and multi-key FHE. These extensions make it easy to combine and perform computation on multiple users' encrypted data.
我们还在探索对 FHE 扩展的支持,例如多方 FHE 和多密钥 FHE。这些扩展使得对多个用户的加密数据进行合并和计算变得容易。
零知识证明编译器 (Zero knowledge proof compiler)
Next, let’s look at how we might address challenge #2.
接下来,让我们看看如何应对挑战#2。
Zero knowledge proofs to the rescue! The user can prove that their encrypted inputs satisfy the conditions of the application without actually revealing their data.
零知识证明来救场了!用户可以证明他们的加密输入满足应用的要求,而无需实际透露他们的数据。
While there are quite a few ZKP libraries out there, it can be difficult to combine these off the shelf with FHE. FHE relies on a special type of cryptography using lattices whereas the most efficient ZKP constructions don't. Combining such proof systems with FHE often leads to poor performance in practice.
虽然有很多 ZKP 库,但很难将这些现成的库与 FHE 结合起来。 FHE 依赖于一种特殊类型的使用格的密码术,而最有效的 ZKP 结构则不需要。将此类证明系统与 FHE 相结合通常会导致实践中表现不佳。
We’re currently evaluating a few proof systems to determine which offers the best tradeoffs with regards to space and time. If necessary, we will implement a lower level library with the proof system ourselves. As our goal is to make privacy easy for developers, we will also provide a compiler to work with ZKPs. With so much interest and innovation within the ZKP space, our focus is on designing a compiler in which the backend proof system can be swapped out further down the line. We plan to package the ZKP compiler with our existing FHE compiler for developer ease of use. In terms of API, we will try to keep it consistent with that of our FHE compiler.
我们目前正在评估一些证明系统,以确定哪一方在空间和时间方面提供最佳权衡。如果有必要,我们将自己实现一个带有证明系统的较低级别的库。由于我们的目标是让开发人员更容易保护隐私,我们还将提供一个编译器来使用 ZKP。由于 ZKP 空间内有如此多的新奇和创新,我们的重点是设计一个编译器,在该编译器中,后端证明系统可以被进一步替换。我们计划将 ZKP 编译器与我们现有的 FHE 编译器打包在一起,以方便开发人员使用。在API方面,我们会尽量和我们的FHE编译器保持一致。
去中心化存储系统 (Decentralized storage system)
The last puzzle piece requires addressing where to store large FHE ciphertexts. In integrating FHE into decentralized applications, we want to avoid massively blowing up the underlying blockchain's size. However, if we store FHE ciphertexts elsewhere, we need to ensure users and validators can quickly and easily retrieve these off-chain ciphertexts. There are a few interesting decentralized storage systems out there (arweave, IPFS, etc.) that could serve as a potential solution for us. Our efforts here are still at the earlier stages and we're hoping to share more about this piece in the coming months.
最后一块拼图需要解决存储大型 FHE 密文的位置。在将 FHE 集成到去中心化应用中时,我们希望避免大量破坏对应区块链的大小。但是,如果我们将 FHE 密文存储在别处,我们需要确保用户和验证者可以快速轻松地检索这些链下密文。有一些有趣的去中心化存储系统(arweave、[IPFS](https://ipfs.tech/ 等)可以作为潜在的为我们解决。我们在这方面的努力仍处于早期阶段,我们希望在未来几个月内分享更多关于这件作品的信息。
推出我们的技术 (Rolling out our tech)
We expect to deploy our technology in phases–starting first with support of private transactions in a testnet, then with support of pre-determined private programs, and finally allowing developers to author arbitrary private programs using our FHE and ZKP compilers. The ambition is to make private programs easy for web3 (and eventually web2) developers to create via Sunscreen's SDK.
我们希望分阶段部署我们的技术——首先支持测试网中的隐私交易,然后支持预先确定的隐私程序,最后允许开发人员使用我们的 FHE 和 ZKP 编译器编写任意隐私程序。目标是让 web3(最终是 web2)开发人员可以通过 Sunscreen 的 SDK 轻松创建隐私程序。
If you'd like to get involved, you can join our Discord or follow us on Twitter for updates. To learn more about what we're doing, check out our Github or come say hi to us at ETHDenver!
如果您想参与,可以加入我们的 Discord 或在 Twitter 上关注我们以获取更新。要了解有关我们正在做的事情的更多信息,请查看我们的 Github 或来 ETHDenver 向我们问好!