• 06 April 2021
  • Announcements
  • 24 Comments

Security Tokens and Shortcomings in Security Protocols

Blog Bild

When it comes to security tokens, privacy and security of data are of paramount importance. Perhaps largely due to the much discussed decentralised aspect of cryptocurrency and the apparent benefits this can bring, we often neglect to properly delve deeper into privacy and security protocols. Instead, the focus has remained focused on other aspects of crypto security.

Security tokens are a thorny subject. There’s a high level of technical difficulty associated with them, making them a challenge for developers. Held under close enough scrutiny, security tokens can mount a red flag against crypto security in general. While many aspects are lacking with the current era of security tokens and their architecture, it’s arguably privacy and security that are the most obvious in their shortcomings.

Comparing security tokens to securitized products

In an effort to understand security and privacy implications in regards to security tokens, it’s worth comparing them to products that are in fact securitized. Take for example, financial securities. In this instance, a comparatively small group of centralised authorities have created trusted boundaries that financial services can operate within. Within this, hundreds upon hundreds of tight regulations are upheld and revised annually to ensure that optimum levels of privacy are achieved and financial security transactions are protected adequately.

In the realm of crypto securities, a foundation premise is disintermediation of such trusted boundaries, while still ensuring activity is both compliant and in line with privacy regulation. In order for this to be achieved, a great swath of current protection and privacy regulations must be tailored to adhere to the decentralized nature of blockchain protocols.

Things become even more complicated when we consider that security tokens use Ethereum and similar blockchain networks, where a tier2 protocol is often the top-tier available in terms of privacy. Worst still, known identities are required in order for security tokens to fall under compliance with standard regulations. Chief among these regulations are KYC (know-your-customer) and anti-money laundering. As such, key draws of cryptocurrencies including anonymity can’t be realised.

The problematic implications of privacy in security tokens

To get a better picture of the kind of privacy challenges relevant to security tokens, it’s worth considering some examples. Case in point, take a token asset issues in one country that is bound by data protection regulation outlining that said asset can only be traded between parties within that same territory. What’s more, the stipulation is that any data relating to this transaction is again bound to the jurisdiction of that territory. Here, there’s a clear conflict between privacy in general and decentralisation.

It’s clear to see that security token architectures by design optimise some capabilities at the expense of others. As a general rule, only two out of three of the key capabilities of security tokens are ever optimised at any one time. These capabilities are decentralization, privacy and compliance.

For example, if a security token scores top marks for privacy and decentralisation, it’s likely to fall short of compliance with regulations. Likewise, decentralisation will suffer if a security token priorities privacy and compliance. The pattern might be simple to predict, but it’s no less frustrating. Nonetheless, this thorn in the side of security token architecture is likely to be a key area of focus and development with the next era of token protocols.

The issue of privacy and security tokens

It’s not going to be a simple path toward first-rate privacy with security token architecture. There are several ideas and speculation on which direction the next generation of privacy solutions for the crypto-security sector will take. It’s possible the solutions that await on the immediate horizon will be off-chain, with centralized authorities to follow. Even later, it’s possible that side channels will be incorporated into privacy solutions, which will handle sensitive data and computations. It’s likely that only after these developments will we witness privacy protocols become a native element of security token architecture.

Privacy protocols in an on-chain context

Accepting that privacy protocols will be a chief part of the construction of security token platforms, we can have a look at privacy protocols that may play a key role in the future of security token architectures.

Take for example, Secure Multi-Party Computations. This is the protocol behind the blockchain known as Enigma. Secure Multi-Party Computations, otherwise known in its abbreviated form of SMC, allows for computations to be executed against inputs while maintaining the privacy of said inputs. It can be utilised in an exchange of security tokens in the context of trade assertions, while ensuring information shared remains private.

CryptoNote is another key area of focus for the future of security protocols. This is a stalwart of blockchain privacy as a whole and perhaps better known as the protocol at work behind Monero. With CryptoNote, traceable ring signatures are used to make messages on a decentralised network unintelligible. Particularly promising about CryptoNote is the success its demonstrated when scaled up, maintaining an impressive level of anonymity. When thinking about security tokens, it can be utilised as a way to ensure privacy during parts of an exchange of security tokens.

ZCash’s protocol, zk-SNARKS, is another one to watch. This protocol is a form of zero-knowledge technique that allows for one party to demonstrate to another that a statement is correct. However, in doing so, no further information is divulged. This protocol has been readily adapted by various blockchain technologies since its launch, while security tokens can effectively incorporate the protocol as a way of protecting data during a security token transfer.

It’s not all been good news for zk-SNARKS, however. In the case of zk-SNARKS, scalability has proven difficult. In short, it has proven hard to scale significantly due to the relative complexity involved. A much quicker alternative to the protocol was suggested in early 2018 instead. This alternative, dubbed zk-STARKS, approaches the perceived issue of zk-SNARKS usuing asymmetric cryptography as a means to establish security. Instead of this, zk-STARKS incorporates symmetric cryptography, a much linear alternative. In particular, it utilises hash functions that are collision resistant, negating the need to have a trusted setup for functionality. What’s more, these techniques remove the incidence of costly assumptions of the protocol and reduce the risk of attack by third-party quantum computers. The result is a protocol that’s not only faster than its predecessor, but also secure against attackers in a post-quantum context.

Looking forward

When looking at the current era of security token platforms, it’s easy to see that privacy and security are secondary concerns. In order to glean a clear idea of where privacy is headed in regards to crypto-securities, one needs to ascertain whether the standard will be tier1 or tier2 protocols. As it stands, the majority of security tokens today run on networks that don’t utilise protocols that put privacy as a priority. As such, these networks, Ethereum being one of them, are arguably going to reveal themselves redundant as a viable runtime for security tokens. It’s of course possible that security token platforms themselves can incorporate privacy protocols themselves in the future, but there’s also the question as to whether tier1 privacy will be a perquisite for a favourable future.