The Denomination of a Latte and the Anonymity of Blocks
By Benjamin Wenger, December 12, 2018.
I’m standing in line at a coffee shop inhaling the delicious aromas of fresh brew, sweet spices, and chocolate and happily contemplating my order. Because I’m wired that way, as I look at the menu above the counter I start thinking about the history and nature of money.
Money has been a cornerstone of human civilization almost as long as civilization has existed, ever since the development of markets necessitated moving beyond barter to a universal medium of exchange. Over millennia, as trade grew, money evolved from tokens like cowrie shells to increasingly standardized coins whose value was determined by the weight of a given scarce metal they contained—copper, silver, gold. With the emergence of a merchant class who made their living by buying and selling, and as monarchic governments needed both to store money and to borrow it, banking developed. But there was also a need to control the amount of coinage in circulation and to guarantee its value, which could be debased by “clipping” coins or adulterating them with other metals. Together with the growth of the money economy as societies urbanized, this problem created a relentless pressure for money’s value to become detached from its physical reality.
The final step in this process of the conversion of money into data was the modern gold standard, whereby the stated value of a paper note had to be backed by the corresponding weight of gold in the holdings of a bank. But in the mid-twentieth century, the gold standard was effectively ended, and the values of currencies worldwide were pegged to the value of the dollar, the global reserve currency. Today, in a bank account, money is entirely disassociated from physical tokens. The institution just stores the amount of money in an individual’s account as numbers that can be added to or withdrawn from what is essentially a central pool of money—the bank’s holdings. The core ideas of the account-based model has been carried over into the cryptocurrency space.
The advantages of account-like systems in the digital world are obvious: they are simple to implement and even simpler to understand. My account has a balance of at least $5.34? I can take out my $5.34 anywhere. It doesn’t have to be the same $5.34, because money, now made of digits, is theoretically 100% fungible. But even so, it turns out that withdrawing that different $5.34 is inherently non-private.
A transaction, like the $5.34 purchase I just made for this delectable large hot vanilla latte (with extra whipped cream), is actually quite unique. Knowing nothing else but where I work in Claremont, the time of day, and the purchase amount, one could figure out with a high likelihood that I purchased a ridiculously overpriced drink.
The underlying problem is that $5.34 is a fairly distinctive number. There are one thousand different amounts between $0.00 and $10.00. As a result, the specific value of a transaction published on a blockchain, even anonymously, leaks information simply due to its uniqueness. How many things cost exactly $5.34?
In a fully coin-based system, there is no uniqueness. A penny is just a penny. You may be able to see that it is the same penny, but that tells you next to nothing because there are millions of identical pennies. Sure, along with 533 other pennies, it will tell you a price; but in a system that dissociates pennies from each other and transfers each one individually, they reveal nothing. As a result, a coin-based system that does not reveal transactions inherently protects many properties of anonymity.
But of course, in the physical world, there is a problem with pennies. If I went to the coffee shop with five hundred and thirty-two individual pennies… well, I probably wouldn't get my latte. Physical currency has solved that problem as well. Denominations—coins worth different standard amounts—allow for simpler and easier transactions. The same applies to the digital world, but even more powerfully. Since they no longer need to be tied to the numbering system that humans can easily manage, more efficient and more anonymous denomination systems can be built.
The king of these systems is base-two denominations: any value can be described with just one of every denomination, resulting in a flatter distribution and more anonymity. In a base-ten system, the five-dollar bill, the quarter, and the nickel are each of a single denomination, while the two pennies are two coins of the same denomination.
This is significant because the more quantitatively skewed the usage of different denominations is, the more statistically unique it is. Within a base-two denomination scheme, though, the same denomination is never used more than once to create a value, ensuring usage properties are flatter and less distinctive. Of course, base two is hard to use for humans in our base-10 world. But for computers? They can take advantage with no trouble at all. In fact, base two has another name: binary.
Coming full circle, though, we can still offer a valuable, easy, and pleasant user experience. Users need not select and manage their individual denominations. They don’t have to figure out the exact denominations to make exact change. In the age of computers, the process of counting and determining transaction contents is a trivial task. Users can experience the simplicity of account-based systems while enjoying the security of coins.
The availability of coin-based digital transactions isn’t just a dream, it is reality—or at least pretty close to it. We released our demo block explorer on September 27, 2018. A mock of my latte purchase is present within block 47. I spent five coins of denomination 3, 0, −2, −4, and −5. The values of the coins are 2 to the power of the denomination:
|−2||2−2||1/4 = 0.25|
|−4||2−4||1/16 = 0.0625|
|−5||2−5||1/32 = 0.03125|
|Total:||5.34375 ≃ 5.34|
These are real coins present within block 47. Their cryptographic properties, and the links to find and validate their presence in the block, are as follows:
Using this data and searching the block allows you to validate that this transaction took place. But without the external data provided by the transactor, none of this information can be understood. The individual denominations within the transaction are completely dissociated, preserving the anonymity of the transaction.
And my latte? I yearn for the day when I can actually purchase it through Elixxir, where no-one can know my embarrassing coffee choices.
VP of Architecture