Dero’s FHE Privacy Paradigm vs the Chain-Analyzable L2 FHE Institutional Scams
Definitions are important, but where do they come from? In a previous article I explained the cardinal definition of full homomorphic encryption and how it applies to Dero. One can mathematically prove that Dero offers FHE grade privacy because all transaction operations are done on El Gamal cyphertext, without ever decrypting any data. This is however a controversial statement in certain crypto circles where tribalism and motivated thinking prevail. The fact that the actors fuelling such controversies have a technical background can make it all the more confusing for an outsider.
In crypto, intellectuals are more prone than elsewhere to transform themselves into influencers in service of narratives that are grist to their mills, perhaps because money is on the line. I’ve previously seen this first hand in Kaspa, where Harvard PhDs would defend the indefensible and try to use their academic background to give credence to outrageous claims on the non-importance of missing transaction data. You can read everything about that story here.
Consequently, when joining a cryptocurrency system, checking its issuance and its decentralization is far more important than checking the historical validity of transactions. — Yonatan Sompolinsky (Kaspa’s Harvard educated lead dev)
For this reason it’s paramount to never trust but verify. So here is my attempt at addressing the points that keep coming up on Dero and FHE.
FHE groundwork by Rivest, Adleman, Dertouzos
Privacy homomorphisms, as they were originally called, were conceived on the idea of delivering user privacy through encryption in information systems where data were operated on.
Encryption is a well — known technique for preserving the privacy of sensitive information. One of the basic, apparently inherent, limitations of this technique is that an information system working with encrypted data can at most store or retrieve the data for the user; any more complicated operations seem to require that the data be decrypted before being operated on. This limitation follows from the choice of encryption functions. (Rivest, Adleman, Dertouzos 1978)
The idea was that if we never decrypt the data then the privacy of the whole process will be encryption grade. In other words, since data is never decrypted at any point, to steal the data one would have to break encryption. Considering that such task is unfeasible, we could state that despite being operated on, the data always remains as private as encrypted.
One might prefer a solution which did not require decryption of the user’s data (except of course at the user’s terminal). […] the encryption function will permit the computer system to operate on the data without decrypting it. (Rivest, Adleman, Dertouzos 1978)
This paper is considered to be the groundwork of FHE because it marked the beginning of a whole new field of exploration: encryption schemes that allow operations on encrypted data.
Privacy homomorphisms provide a novel way of ensuring the privacy of data which must be operated on. (Rivest, Adleman, Dertouzos 1978)
Privacy through encryption
The central idea here is that of privacy through encryption. To understand what this means we must refer to the first sentence in the Rivest, Adleman, Dertouzos paper. Since encryption is commonly used to protect the privacy of sensitive data, the easiest way to visualize privacy through encryption is to think of real life cases of sensitive data. A common example are bitcoin private keys. As any crypto user knows, a private key cannot be derived in any way from the public address unless the encryption algorithm is broken. If one could mathematically derive the private key of a public address in any other computationally feasible way then crypto as we know it would be over.
If we think of encryption like a sphere made of steel that contains data in it, then bitcoin private keys always sit inside said sphere for each user. Bitcoin’s security relies on it. The problem that the pioneers of FHE set to solve was to guarantee the same degree of privacy even when data has to go through operation processes. This is because whenever we need to perform operations that cannot be performed on encrypted data then the data must be decrypted first, ie: taken out of the sphere of steel. And this, for obvious reasons, hurts the data’s privacy.
A common process in crypto where operations are required are transactions. As we know, when it comes to bitcoin transactions, no attempt whatsoever is made to hide sender, receiver or amounts. We can therefore agree that the privacy of bitcoin transactions is null. Now imagine a technology where the privacy of transactions is as strong as that of private keys. In other words, a technology where transactions occur entirely within the sphere of steel and the only way to see where the money goes is to break the wall of encryption. Just like the security of bitcoin private keys is mathematically guaranteed, the privacy of such transactions would also be mathematically guaranteed. If we take a step back to think about it for a moment, a degree of transaction privacy that enjoys the same level of confidence as that of bitcoin private keys would be simply mind blowing since it would mean that all transactions are mathematically guaranteed to be private and visible only to the respective private key holders. Currently, the only cryptocurrency where compromising transaction privacy is as challenging as breaking encryption is DeroHE. This unique quality is what renders Dero exceptionally powerful and a futuristic technology in today’s world.
Current Cardinal Definition of FHE
Now that we are familiar with the notion of privacy through encryption we can start to explore the evolution of the definition of FHE. As previously explained, the purpose of FHE research was to come up with encryption schemes that did not require, at any point, to take the data outside the sphere of steel that is encryption in order to perform operations on them. Since the basic operations performed on data are additions/subtractions and multiplications/divisions, any encryption scheme which allows performing all 4 operations on encrypted data is defined as FHE by the current cardinal definition of FHE given by Gentry (2009). The property of such schemes is that they can bring privacy through encryption to any process that requires operations on data.
It’s always important to not forget that the scope of homomorphisms, as also originally explained by Rivest & Adelman, was to have processes where user’s data stays private through encryption. So privacy is a core feature.
Why Dero offers FHE grade privacy
The reason why Dero offers FHE grade privacy, as a cryptocurrency, is because in Dero user data (account assets, balances, transactions) are always updated in encrypted state and with no addenda whatsoever outside of said homomorphic processes/operations. Every Dero transaction is as private as a bitcoin private key because all operations are done on encrypted data using El Gamal and no additional non-homomorphic operations are required.
The second crypto with the strongest privacy in crypto today is Monero. Monero also uses homomorphisms, however Monero cannot claim to be FHE grade private because Monero relies on other non-homomorphic operations that create openings for deanonymization attacks. In fact in Monero, to prevent double spends, key images are required and key image analysis can reveal information about users. Key images are permanently left onchain and cannot be mitigated. In Monero, even though balances are never decrypted, other attack vectors are possible through key image analysis. On Dero, on the other hand, key images are not required because Dero uses the account model. It’s important to understand that just because Monero’s balances are always in the form of Pedersen commitments doesn’t mean that Monero can also claim to offer FHE grade privacy because there are other attack vectors stemming from other non-homomorphic processes.
‘FHE’ L2s are chain analysable, therefore not FHE
There is a whole new generation of Ethereum L2s claiming to be FHE. Chief among these platforms is Zama. Contrary to what their description suggests, users of Zama and of all services leveraging Zama’s codebase do not enjoy FHE grade privacy since the base layer (Eth) is transparent. A third party can extrapolate the operations on Zama by analyzing L1 activity and entry/exit points. Therefore it would be best to think of FHE L2s as chain-analysable FHE (which is a paradox) and, maybe, compliant FHE (another paradox).
Conclusion
Dero is the only cryptocurrency to date that offers FHE grade privacy and where the only attack vector is to break the encryption wall. While the cardinal definition of FHE refers to the capability of doing all 4 operations on encrypted data, sticking to such definition in crypto leads to a paradox where chain analysable ‘FHE’ L2s are referred to as FHE despite being the antithesis of FHE. That is extremely misleading for privacy savvy users. Dero, on the contrary, is perfectly aligned with the notion of FHE on which the current cardinal definition is based, albeit limited by the fact that blockchains do not require use of all 4 operations. As result, in the realm of blockchains, Dero can claim to be FHE because it is the only blockchain to offer FHE grade privacy by default for all of its users thanks to its reliance on entirely homomorphic operations.
