The Breakdown - Jonathan Wu on Why Technology Might Be a Better Solution to Privacy Than Public Policy
Episode Date: November 12, 2022This episode is sponsored by Nexo.io and Circle. Jon Wu works on growth with Aztec Network and is a deep thinker when it comes to the challenges of privacy in a digital age. In this conversation..., he and NLW discuss privacy from a principle and ethics standpoint, zero-knowledge proofs and whether technology could solve problems that many think only public policy holds an answer for. Find out guest on Twitter: @jonwu_ - Nexo Pro allows you to trade on the spot and futures markets with a 50% discount on fees. You always get the best possible prices from all the available liquidity sources and can earn interest or borrow funds as you wait for your next trade. Get started today on pro.nexo.io. - Circle, the sole issuer of the trusted and reliable stablecoin USDC, is our sponsor for today’s show. USDC is a fast, cost-effective solution for global payments at internet speeds. Learn how businesses are taking advantage of these opportunities at Circle’s USDC Hub for Businesses. - “The Breakdown” is written, produced by and features Nathaniel Whittemore aka NLW, with editing by Rob Mitchell and research by Scott Hill. Jared Schwartz is our executive producer and our theme music is “Countdown” by Neon Beach. Music behind our sponsors today is “War” by Enoch Yang. Image credit: Camerique/Getty Images, modified by CoinDesk. Join the discussion at discord.gg/VrKRrfKCz8.
Transcript
Discussion (0)
So I think that we're in the second inning of helping regulators understand that because number one,
it's a big mind shift to go from centralized to decentralized systems and then to go from totally
public systems where all information can be accessed to private systems where you have to trust
the cryptography. I think this is like a key here. Rather than trusting an intermediary, we're trusting
math. And I think getting regulators to like really understand that is going to be a bit of a leap.
I have faith that we're going to get there there. Otherwise, you know, I wouldn't be working at
Welcome back to The Breakdown with me, NLW.
It's a daily podcast on macro, Bitcoin, and the Big Picture Power Shifts remaking our world.
The breakdown is sponsored by nexo.io and circle and produced and distributed by CoinDesk.
What's going on, guys? It is Friday, November 11th. And today, we have a breakdown interview with John Wu.
But before we get into that, however, if you are enjoying the breakdown, please go subscribe to it,
give it a rating, give it a review, or if you want to dive deeper into the conversation,
come join us on the Breakers Discord. You can find a link in the show notes or go to bit.ly slash breakdown
pod. All right, folks, today I am excited to welcome John Wu to the show. John Wu runs growth
at Aztec Network. Astec built itself as the privacy layer for Web3 and is a private by default
smart contract platform secured by Ethereum. In this conversation, we discuss zero
knowledge proofs, the right to privacy, and why the regulatory discussion,
of privacy is just beginning.
All right, John, welcome to the breakdown.
How are you, sir?
Thanks, doing well.
Thanks for having me.
Yeah, no, I'm super excited.
So whenever I do kind of an interview series, there's always inevitably something
about privacy, and it's always a topic that people want to hear more about, dig deeper
into.
And so I kind of have my eye to invite you on for a while now.
I'm glad that we can make it work this time.
And, you know, I really want to get into kind of, you know, the work that you're doing,
but also just kind of how it reflects your broader understanding of privacy and its application in crypto.
But I think before we start, for people who aren't familiar with you and your work, can you give just kind of a little background?
Yeah, so I'm John Wu, head of growth at Aztec.
Aztec Network is a privacy for ZK rollov on Ethereum.
I've been here for about a year and had a very wide-ranging career before that, did consulting, private equity, business school, real estate, food tech.
So I've done it all, fell into crypto down the rabbit hole about 18 months ago.
go just writing tweets on Twitter. And that's, you know, a huge entry point into the space. And here I am.
And it's been a fun ride so far. Yeah, I would say a huge number of people more or less got their start
writing tweets on Twitter. Certainly, I mean, this show came out of a thing that I did on Twitter called
Long Read Sunday, which is now obviously morphed into a different form. So I always love to hear that.
So I guess maybe by way of kind of extending the introduction, did you, before you got into this space,
did you know you wanted to focus on the privacy aspect of it? Or was that something that,
that you sort of fell into as you explored it more?
No, I actually fell into it because my entry point was from Defi.
And in fact, I think it's really hard to fall into crypto privacy first because the default
is public blockchains.
And so I came from a traditional finance background and I was first obsessed with Defi and
then saw all the tradeoffs that we make from having a public blockchain.
And that's how I got into it.
Interesting.
That makes tons of sense.
I think we're going to dig deeper into that.
But I guess let's start with sort of a privacy.
kind of 101. So your perception of first, why privacy is important, second, what's broken about
privacy right now. And you can take that in the context of crypto slash defi specifically,
or you can kind of talk more broadly. And then three maybe is sort of what you think the
tradeoffs are as we currently kind of live within them. Yeah, for sure. A lot there. I mean,
I would first say that a lot of people say things like privacy as a human right. And what that
means to me is that privacy is a fundamental building block for a society that works.
Like, when you record all the things that you expect to be private in a given day, you'll
realize that most of the things that you do are private. And so privacy is a human right means
to me like the right to your own thoughts, the right to your own intellectual property.
What is intellectual property? Something that you created in your own head. But I would say
on blockchain, privacy has three primary values in my mind. Number one, privacy has a mode of
discretion. It's not very comfortable for everyone just to know what you're doing. And we like to say,
like, if you don't care about privacy, then why don't you let people watch you shower? Well, like,
rationally, there's no like really strong reason, right? It's just like, it doesn't feel very comfortable.
We know that privacy is really important from a security perspective because of everyone can see what
you're doing. They know what you own. They can track your transactions. They can front run you. And then
the last thing is privacy is a creative force. Privacy is a mechanism that we use to play a lot of
different games, and people don't really like to think of it that way, but let's say you and I
have a deck of cards and we wanted to play a game. And one of the requirements was that we had
to play only games that were face-up. It's a very small universe of games that we can play only
with face-up cards, right? And the whole deck is face-up. That's basically what public blockchains
are today. And so the introduction of privacy isn't just obfuscation of transactions for
anonymity's sake or confidentiality's sake. It's also introducing a completely new mechanism for
human behavior and coordination.
Two things that I want to follow up on, which are both some combination of either abstract
and rightzy or ridiculous.
The first is that I actually really like that you started from the premise of the default
state of human thought is private.
And one of the core things about being a person in relationships is getting to decide which
of those thoughts we reveal to whom and why and when.
And I think that it's important because.
Because one of the things that has kept me in crypto, and I think keeps so many people here,
is the extent to which it becomes a lens to understand these sort of fundamentals of human behavior,
human experience. And although the, you know, the practical application of privacy may have
nothing to do with that sort of fundamental human truth of sort of the starting point of, you know,
our thoughts being default private, I think that going back to very kind of first principles
thinking about this is super, super valuable, as we articulate.
kind of what the rights regime should be, you know, as it's applied. So I love that you started there.
The second thing, just kind of on the, on the game's front, so, you know, regular listeners will know that
the one game that I love and have always loved is Magic the Gathering. And one of the most powerful
effects in magic is cards that say your opponent reveals their hand, right? Because it gives you
this incredible amount of information. And when done right, that reveal can actually create very
interesting gameplay, right? But done poorly, it totally warps the game in the favor of the person
with the additional information. So I think that the way that you kind of framed it as
introducing new mechanism for kind of coordination and games is actually really interesting as well.
Want to keep more profits when trading? Get the best possible prices and trade with 50% lower fees
on Nexo Pro. The new Spot and Futures trading platform uses aggregated liquidity of over
3,000 order books collected from multiple sources. Utilizing the complete.
Nexo Suite allows you to earn interest and borrow funds as you wait for the next trade setup.
Visit pro.nexo.io. That's PRO. N-EXO.io and sign up today. This episode is brought to you
by Circle, the sole issuer of USDC and a leader in crypto that's held to a higher standard.
USDC is a fast, safe, and efficient way to send money around the globe. USDC is always redeemable
one-to-one for U.S. dollars and has over $45 billion.
million dollars in circulation as of October 13th, 2022. Plus, Circle posts weekly reserve reports
and monthly attestations of reserve capital, letting users know that USDA is safe, transparent,
and compliant with regulations. Just go to circle.com backslash transparency to see why USDC is a trusted
staple coin. So let's talk about the state of play of privacy discussions in crypto,
you know, over the last couple of years. And maybe, so what I really want to, where I want to land,
is zero knowledge and sort of the stuff that you spent a lot of your time on and how that relates
to privacy. But I think it would be helpful for you to kind of give almost the sort of the
TLDR historical lineage of how privacy has been kind of thought about in this industry, right?
Because if you popped in in 2017, privacy was, you know, Manaro and Zcash and stuff.
So kind of talk us through the evolution of that over the last few years.
Yeah, I think privacy on Ethereum, it's hard to talk about it without mentioning tornado
cache, which is a very simplistic application of zero knowledge proofs. It's basically a Mergel
membership proof, which just says, like, I deposited a note into this tree, and then, you know,
later I withdrew it, and I can furnish some proof, some key that says, like, that note was mine
while obfuscating the input and the outputs. And every single attempt at privacy above and beyond
that, since then, much of which has been pursued by Aztec is about the generalization of privacy
beyond simple obfuscation. And so if you look at what tornado was, it was like a really
really, really, really expensive and non-generalized, like very specific single asset way to, like,
transfer ETH. And then the next evolution of that was turning things into a privacy for a
ZK roll-up, which we did with the first version of ZK money, which allowed you to send funds privately
with multiple assets. It allowed you to do internal transfers. And immediately you can already
see, like, okay, money, the usage of money is already becoming more generalized. And that's why, like,
ASTEC is not a mixer and we don't consider ourselves a purely an automation service because the whole goal is to generalize privacy and create it, make a network that's private by default.
And so the next stage after that was we released something called ASTEC Connect.
Aspect connect, we like to communicate as the VPN for Ethereum.
It allows you to do Ethereum Layer 1 transactions using Aztec as a proxy.
So much in the same way an IP replaces your IP with the VPN's IP.
we replace your ether scan address with Aztec private roll-up.
So if you want to do an element vault entry,
or you want to do a curve swap,
or you want to stake eth into Lido,
you can do so, and Aztec will do it on your behalf.
And at the same time, because it's a ZK roll-up,
save you a bunch of money by batching up that action
with a lot of different users.
Our future state, which we're building toward in the last couple of weeks,
with the announce of Noir,
noir is our domain-specific language
that helps application developers write zero knowledge circuits, aims to be a fully generalizable
smart contract platform, meaning it's Ethereum, but with privacy that you can toggle.
So imagine if, you know, functions, variables, and smart contracts could be toggled public or
private, depending on the type of games you want to play.
So if you and I, for instance, wanted to make a bet about really anything, but let's say
it's about the price of Ethereum, like it would be a financial derivative, we could place that bet,
put the order together, publish it on the blockchain, make sure that it's,
still settles deterministically, but nobody else knows that we've made this agreement. And so that's what
we're building toward is a universe where you can use privacy as a mechanism to build interesting new
features like private exchanges, gaming with privacy components like you alluded to with Magic the
gathering, and simple things like payments and business contracts, which in the default world,
you know, we expect to be private. So super interesting. So I want to put a pin in this,
the separation between how an individual,
Transacting with crypto or blockchain applications has more choice around privacy.
I want to separate that in our discussion from new applications that can be built with different
logic around privacy because fundamentally, that's kind of a different way of looking at this.
And I think most of our privacy discussions are on kind of the former part of that,
which is just kind of how does a person experience individual transactional privacy.
But before that, I guess, just for our listeners who aren't familiar with the idea of zero
knowledge proofs, could you give kind of the most basic, you know, maybe analogy, whatever it is
that helps people best understand it as you're trying to kind of introduce them to this concept?
Yeah, the 101 for zero knowledge proofs is it's a way to prove a secret without revealing it.
And you have to kind of chew over that sentence a couple times before you understand how powerful
it is. And to maybe give a couple analogies, one is for those who are college age, you know,
you're probably very familiar with getting carded at a bar, right? And what are you doing when you get
carded at a bar, you're giving someone a license that says your birth date, among other
revealing personal identity items on it. And what is the bouncer doing? The bouncer is taking today's
year and subtracting it by the date of your birth. And if that resulting number is over 21,
then you get let in. And if it's under 21, you don't get let in. What is the problem here, right?
What we want to do is we want to prove to somebody that we're 21 without actually having them do
the literal math. And so what does zero knowledge proof allows you to do is it allows you to do that
computation essentially without that other person seeing and prove to them with a blob of math
that like for sure you're 21.
And so what would that look like in practice?
It would potentially look like somebody scanning a QR code and being like, okay, I don't
know what age you are, but this just tells me that you're over 21 or furnishing like a
tokenized membership that's like I'm part of the pool of all bargoers that are over 21.
And you can see how that's a really powerful way to preserve privacy while also being able to
furnish things like attestation and identity.
and those are some of the things that we're really excited about. As to like maybe an analogy
for how a zero knowledge proof might be implemented, one popular example is the Where's Waldo
example. So if I were playing a game of Where's Waldo with you and I found Waldo first,
let's say I wanted to prove to you that I knew where Waldo was without actually revealing where it is,
right? I want to prove to you that I won the game, but it wouldn't be very fun if I pointed to it,
because then like I would reveal to you where it was. The way you would do this is you would take a really
big sheet of paper and just cut out a Waldo-sized hole in it. And then I would put the book
underneath this big piece of paper. And I would show you, like, here's Waldo. But you can see
that I know exactly where he is. But because the sheet of paper is so big, it conceals, like,
where on the map he's actually living. That's another example of a situation in which there's a
secret, the location of Waldo. I've proven it to you verifiably. You can see that I definitely for sure
know. And yet, I've hidden from you like a core secret, which is where he actually is.
One of the reasons that I think people have been captivated by this sort of approach to privacy as a path forward is that it feels like it potentially resolves some of the key tensions, particularly with regard to government and regulations, right, in the sense that it's a modality of privacy that does not say you are not entitled to the information that you wish to know to fit in with your regime of making sure that I'm not.
a, a terrorist, or B, laundering this money, while C, not revealing information that gets caught up
in the drag net of acquiring that sort of proof. How much is that sort of a fair depiction of
part of the excitement around this space? That's extremely fair in what we're very excited about.
We're seeing a debate over the regulatory regime that requires censoring certain transactions
and having even like a block list that's maintained by the U.S. Treasury. I mean, for one,
We know that contradicts some of the core principles of blockchain in general, but I would argue that it's also highly inflexible.
If you have a network that only abides by one compliance regime, how about like another compliance regime that disagrees with it?
And then you have network participants having to pick and choose between violating one regime or the other.
Our belief is that the base network should not be censored whatsoever.
And using zero knowledge, things like identity memberships or KYC memberships of apps choose to adopt them is a way for,
applications to determine which jurisdictions rules they want to abide by.
And so an example of this is like you can apply the same Merkel membership proof to KYC
attestation, for instance.
So let's say I went and I decided, hey, there's a set of compliant defy tools, which I'm
sure will exist in the coming years as, you know, regulation increases are in industry.
And I want to be able to furnish this notion that like I have successfully KYC to them
without having to reveal my identity.
Well, I can do so.
I can go to a third party KYC.
provider who furnishes me with a KYC token.
And then that's portable.
And I can take it to each of these providers and be like, hey, you don't know who I am,
just like in the bouncer example.
You don't know who I am.
You don't know my identity.
But you do know that I'm KYC.
You do know that I'm a legitimate user.
And it's up to applications to adopt whatever restrictions they want to adopt in order
to be compliant.
And what's important is the network underlying this is fully programmable, flexible, and
incredibly neutral.
So one of the things that's interesting, I spent a lot of time.
watching the policy and regulation debates.
And one thing that I often feel is the privacy folks sort of trying to, you know, almost
from the back of the room, pointing out that there may be technology solutions rather than
political solutions or that beget political solutions in the sense that sort of the technology
is not at an end state where it needs to be kind of determined with some of these questions,
but that in fact, there could be actual technology answers, which are even kind of beyond
crypto questions, could be different types of regimes for, you know, these sort of government
programs to not infringe so much while still existing.
What is your sense of regulators' understanding of some of this?
I mean, this is such, you know, it's kind of a new field even for people in the crypto space.
I guess maybe a different way to put is, are there regulators who are actually kind of digging in
around this?
Have you seen any meaningful problems?
in that area?
Yeah, I do think we have to give regulators a little bit of credit here and they're not totally
irrational actors, right?
Like they're doing some balance of harms calculus where they're like, hmm, we could just ban
all of Ethereum, right?
We could ban all hosting of Ethereum nodes in the United States.
Like they could have easily done that.
And they decided not to, why?
Because they looked at the Ethereum balance of harms and they're like, okay, some tiny amount
of the total activity here is illicit.
But then they looked at Tornado and they're like, okay, there's this subset over here where
like 40% of the use is illicit.
And so that's why we think it's really important.
to have privacy at the base layer. But I'll just say that regulators aren't that dumb.
It's just that ZKs and the concept of being able to prove something without revealing it is
really hard to wrap your mind around. And, you know, Aztec are, we're very, very focused on
trying to initiate that conversation with regulators around the technology and what it enables.
But the other thing that I will add is that regulators have grown up in a kind of centralized
financial economy. And in a centralized financial economy, and in a centralized financial
economy, compliance is very legible, right? Like, if you look at the word itself, it has the word
comply in it. It implies that there's like a neck to choke, right? I can go to you or I can go to me,
and I can be like, hey, comply. Do the thing that we ask you to do. It's very hard to square that
understanding of a regulatory environment with fully decentralized censorship-resistant networks.
And so I think as a space, what we're trying to do is to say, hey, look, the networks should remain
incredibly neutral. And the neck to choke actually is the service provider. It's the application
developer. It's the neobank. It's the D5 protocol that builds on top. So I think that we're, you know,
in the second inning of helping regulators understand that because number one, it's a big mind
shift to go from centralized to decentralized systems and then to go from totally public systems
where all information can be accessed to private systems where you have to trust the cryptography.
I think this is like a key here. Rather than trusting an intermediary, we're trusting math. And I think
getting regulators to really understand that is going to be a bit of a leap. I have faith that we're
going to get there there. Otherwise, you know, I wouldn't be working in it. So obviously the regulatory
dimension of private by default blockchains and sort of privacy services is a key piece. You brought up
the tornado cash sanctions. Obviously, that has fundamentally shaped the discourse around how we're
thinking about regulations. Had that not happened, I think it would be potentially in a very different
place, you know, within the industry. Now, I think you could probably argue that the fact that that did
happen maybe is going to lead to us better defending certain types of outcomes that might have
kind of happened by default or by accident had it not happened. But outside of the regulatory kind of
questions, what do you see as other barriers to adoption of some of these new privacy technologies,
particularly thinking about user apathy is something that's come up a lot in the past?
Yeah, I think there are a couple things here. Number one, to the user apathy component.
If we're still convincing people to care about privacy in five years, then we've utterly failed
as a segment because it's very hard to get users to care about privacy unless their functionality,
which is why we think it's so important to create a privacy for a smart contract platform, right?
It's very different to say, hey, I'm going to go through all this UX headache in order to adopt
a private network versus, oh, actually this private network, which hopefully in a couple of years
will just be a network, right? Most smart contract platforms will be privacy first, ideally.
It won't be about adopting necessarily privacy for its own right, but because there are
entire services and games that are not available on public blockchains.
John, super, super interesting stuff.
This is definitely a conversation that I could have a lot deeper.
So we'll have to have you back.
Super excited to keep hearing about what you guys are doing in this space and how you're
thinking about it.
And really appreciate you hanging out today.
Thanks for having me.
What stands out to me from this conversation is the idea that there may be technology
solutions for regulatory compliance issues.
When we talk about regulation normally, particularly with areas like AML,
KYC, Bank Secrecy Act stuff, we normally just think in terms of political compromises.
But what if there were technology answers that would allow users to prove that they were the thing
that the government required them to be, i.e. not terrorists, not laundering money, etc.,
without actually having to give any other personally identifiable information.
Now, there are, of course, tons of barriers to this.
To hold aside technology entirely, even John expressed how difficult it is to explain ZK
roll-ups to people and it's his whole job to do so.
Still, I think this idea of exploring where technology could solve problems that politics can't easily has a lot of promise.
For now, I want to say thanks again to John for being on the show and to you guys for listening.
Until tomorrow, be safe and take care of each other.
Peace.