Ethereum co-founder Vitalik Buterin outlined an extensive plan to enhance the privacy of the network he helped create.

In an April 11 roadmap, Buterin argued for incorporating privacy tools into Ether (ETH) wallets and implementing privacy-enhancing norms and features in the Ethereum ecosystem and protocol. He explained that the roadmap in question is a short-term solution that requires limited changes to the base protocol along with supplemental long-term updates.

Buterin recommends adopting privacy-enhancing systems such as Railgun or Privacy Pools by existing wallets, according to the plan. When funds are sent with those wallets, he argues that users should be greeted by an option to “send from shielded balance,” which anonymizes the transaction, and should be “ideally turned on by default.” He wrote:

“Users should NOT have to download a separate ‘privacy wallet.’“

Major changes recommended for DeFi

Buterin further recommended profound changes in how decentralized finance (DeFi) and broader decentralized applications (DApp) are implemented. He argued that those systems should be limited to “one address per application.”

The Ethereum co-founder acknowledged that this would require “significant convenience sacrifices, ” but it “is the most practical way to remove public links between all of your activity across different applications.” He also highlights that the user experience would be “very similar” to depositing funds to one chain from another in crosschain interoperability systems.

Buterin also highlighted that to enjoy the benefits of this change, developers would need to ensure that user withdrawal functions are privacy-preserving by default.

Ethereum protocol changes needed

Other changes included are the implementation of fork-choice enforced inclusion lists (FOCIL) and the Ethereum improvement proposal (EIP) 7701. The latter is an improvement to Ethereum account abstraction, and the former is a censorship-resistance improvement.

EIP-7701 ensures that privacy protocols can operate without needing relays or public broadcasters. This, in turn, simplifies the development and maintenance of this kind of protocol.

Relays, in this context, are intermediaries or nodes responsible for accepting and forwarding transactions. On the other hand, broadcasters are responsible for publishing transactions to the public blockchain.

EIP-7701 divides Ethereum transactions into phases, natively allowing third parties to step in and pay the fees in the right phase. This means there is no need for a relay to accept users’ private transactions to be anonymously broadcast by a separate entity.

FOCIL, on the other hand, prevents the censorship of transactions, including privacy-preserving ones. The relevance is presumably that anonymized transactions are at a significantly higher risk of falling victim to censorship attempts.

Infrastructure changes are required

A short-term solution to address the privacy limitations of current remote procedure call (RPC) systems used to interact with the blockchain, as proposed by Buterin, is the implementation of a trusted execution environment (TEE).

TEE is a secure area within a processor that ensures code and data loaded inside it are protected. Buterin explained that “this allows users to interact with RPC nodes while getting stronger assurances that their private data is not being collected.”

As a long-term solution, TEEs should be replaced with a private information retrieval (PIR) system. PIR is a cryptographic protocol that allows users to retrieve a specific item from a database without revealing which item was retrieved.

This would allow users to retrieve data concerning blockchain contents without the provider knowing which data is being shared. Buterin highlighted that it is superior because it provides “cryptographic guarantees.”

The Ethereum co-founder also argued that wallets should be connected to multiple RPC servers. They should also use a separate RPC per DApp and potentially a mixnet — a privacy-enhancing technology designed to obscure metadata.

Other recommendations include the development of proof-aggregation protocols for privacy-preserving protocols. This would result in significantly lower fees for using such systems.