I’ll Read It For You, Vol. II.
Yi Sun and Yang Zhan are both PhDs in Math from MIT. They are both currently teaching and researching in various capacities, and in general seem very smart. That shouldn’t discourage you from diving into this essay, however, as they write in a super approachable fashion. If you’re feeling lazy, this is my tl;dr —
Yi and Yang set out to define privacy in the context of cryptocurrencies and blockchains as a set of design tradeoffs that fall along three axes: Privacy of Identity (who owns the addresses specific to a transaction), Privacy of Transaction Data (how much of a given crypto was sent from one address to another, and the very existence of the link between the two addresses), and Privacy of State (how the ledger changed from one transaction to the next). They note that though cryptography can be used to obfuscate each one of these axes, “attackers who want to discover an attribute of the blockchain can combine disparate pieces of information to conclude or guess what they want to know”. Successful protocol design “reveal[s] as little information as possible about specific attributes” while still maintaining the functionality for which is was built.
This being the case, the authors try to use this essay to encourage specificity. They want you to stop saying, “Monero is more private than Bitcoin” and start saying “transaction amounts are private in Monero”.
Yi and Yang go into some detail along each axis, but I won’t do anyone any favors by regurgitating it here. You should read it though. I walked away with a more rigorous mental model for how to evaluate a given crypto’s privacy features.
The authors finish up with a brief overview of how second-layer solutions are helping to increase privacy along some axes, and an even briefer best practices rundown for enhancing your privacy. For the latter, you’re much better off listening in here.
One aspect I hoped for a bit more clarity on was the tradeoffs that must happen as design choices move along the privacy spectrum from totally transparent to totally opaque. Just for example, what did the designers of Monero sacrifice in order to obscure links between sending and receiving addresses? Any recommendations for readings there would be appreciated.