Ethereum co-founder Vitalik Buterin recently authored a research paper with a primary focus on integrating privacy features into blockchain transactions while ensuring compliance with a range of regulatory requirements.
Experts from diverse backgrounds collaborated on this research project, including early Tornado Cash contributor Ameen Soleimani, Chainaanalysis chief scientist Jacob Illum, and researchers from the University of Basel.
The diverse team reflects the interdisciplinary nature of the research, drawing insights from cryptocurrency, blockchain security, and academic scholarship.
The paper proposes a protocol called a “privacy pool” that can serve as a compliance tool aimed at improving the confidentiality of user transactions.
How does a privacy pool work?
As Buterin and team explain in the research paper, privacy pools are designed to keep transactions private while separating criminal activity from legitimate funds by organizing them into segregated sets or categories, allowing users to prove to regulators that they of funds are not commingled with legitimate funds. Illegal funds.
This is achieved by using techniques such as zero-knowledge proofs to prove that transactions are legitimate and do not involve criminal activity.
Zero-knowledge proof is a cryptographic technique that allows one party (the prover) to demonstrate knowledge of specific information to another party (the verifier) without revealing any details about the information itself.
When users want to withdraw money from the privacy pool, they can choose to build a zero-knowledge proof. Proof does two things: First, it confirms that the user’s transaction is legitimate and does not involve a blockchain address associated with criminal activity. Secondly, and more importantly for users, it protects their identity privacy.
association set
Another key part of how privacy pools work is the concept of “association sets,” which are subsets of wallet addresses in a cryptocurrency pool. When withdrawing money from the pool, the consumer specifies which set of associations to use. These sets are designed to include only wallet addresses from non-critical or “good” depositors, while excluding those considered “bad” depositors.
The purpose of the association set is to maintain anonymity, as withdrawn funds cannot be precisely traced to their origin. However, it is still possible to prove that the funds came from non-critical sources.
The Associated Set Provider (ASP) creates these sets and is a trusted third party responsible for analyzing and evaluating the contributing wallets in the pool. They rely on blockchain analytical tools and technology used in anti-money laundering and transaction analysis.
Association sets are formed through two different processes: proofs of inclusion (membership) and proofs of exclusion.
Inclusion, also known as membership, is the process of selecting based on positive criteria, like creating a “good” list. For example, when considering a deposit, you examine various options and identify those that have clear evidence of safety and low risk.
Recent: Multiple buyers are considering purchasing and re-launching “unrepairable” FTX
Elimination involves shaping choices by focusing on negative criteria, like compiling a “bad” list. When it comes to deposits, ASPs evaluate different options and identify those that are clearly risky or unsafe. They then generate a list of all deposits except risk deposits, thereby excluding them from the list.
The paper takes a group of five people as an example: Alice, Bob, Carl, David and Eve. Four of the individuals were honest, law-abiding individuals who wished to keep their financial activities private.
However, Eve is known to be a thief or hacker. People may not know who Eve actually is, but they have enough evidence to know that tokens sent to addresses labeled “Eve” come from “bad” sources.
When these people withdraw money using the privacy pool, the ASP will group them with other users based on their deposit history through the association set.
Alice, Bob, Carl, and David want to ensure that their transactions remain confidential while reducing the chance that their transactions will look suspicious. Their deposits have not yet been linked to any potentially malicious activity, so ASP has chosen to link them only to each other. Therefore, a group is created with only their deposits: Alice, Bob, Carl and David.
Eve, on the other hand, also wants to protect her privacy, but her own deposits (from bad sources) cannot be excluded. Therefore, she is added to a separate associated set that includes her deposits and the deposits of others, forming a group containing the deposits of all five users: Alice, Bob, Carl, David, and Eve.
Essentially, Eve is excluded from the original group with trusted deposits (Alice, Bob, Carl, and David) and is instead added to a separate group that contains her transactions and other transactions. However, this does not mean that Eve can use the privacy pool to commingle her funds.
Now, here’s the fun part: Even though Eve didn’t provide any direct information about herself, it’s clear through the process of elimination that the fifth withdrawal had to come from Eve, since she was the only one associated with all five accounts in the withdrawal associated one. record (because she was added to a separate group containing all five deposits).
Affinity sets help privacy pools by separating trustworthy users from suspicious users.
This way, transactions from trusted sources remain private, while any suspicious or questionable transactions become more visible and easier to detect.
In this way, malicious actors can be tracked, which satisfies regulatory requirements because bad users will not be able to use pools to hide their activities.
What do others think of these proposals?
Buterin’s paper sparked discussion and attention from the blockchain community and industry experts. Ankur Banerjee, co-founder and chief technology officer of privacy-preserving payment network Cheqd, believes that privacy pools can make it easier for decentralized entities to identify bad actors.
Banerjee told Cointelegraph, “The outlined approach could democratize such money laundering analysis and could be used on DeFi protocols as well. In fact, in the case of cryptocurrency hacks, it would be difficult to prevent hackers from trying to launder money through DeFi protocols. What they steal – only centralized exchanges make it easier to catch/stop them.”
Seth Simmons (aka Seth For Privacy), privacy-focused podcast host opt out, told Cointelegraph, “While the concept is technically interesting in that it does minimize the data provided to regulated entities, it raises and answers the wrong questions. It raises the question: ‘Can we What kind of privacy do you have? ” rather than ‘What privacy do we need to have?'”
Simons continued, “For years there has been no balance between user anonymity and regulatory compliance, and current adjudicators have almost complete knowledge of the actions we take and how we use our funds.”
“Privacy pools must redress this imbalance by providing users with maximum privacy, rather than trying to reduce privacy to please regulators.”
Banerjee expressed concern about the inherent delay in adding deposits to associated collections, saying: “Tokens cannot be immediately included in a ‘good’ or ‘bad’ collection because it takes some time to determine whether they are ‘good’ or not.’ The paper suggests a delay similar to 7 days before inclusion (possibly higher or lower).”
Banerjee continued: “But how long is the right time to wait? Sometimes, as is the case with cryptocurrency hacks, soon after the hack it becomes clear that the coins may be bad. But in complex money laundering cases , it may take weeks, months, or even years before a token is deemed bad.”
Despite these concerns, the newspaper said it would not include deposits if they were linked to known bad behavior such as theft and hacking. Therefore, there is nothing to worry about whenever malicious behavior is detected.
Additionally, people with “good” deposits can prove they belong to a trustworthy group and receive rewards. Those with “bad” funds cannot prove their trustworthiness and therefore receive no benefit even if they deposit them into the shared pool. When these bad funds are withdrawn from privacy-enhancing systems, it is easy to see that these funds come from suspicious sources.
Recent regulatory actions
Recent actions in the blockchain space have highlighted the urgent need for privacy and compliance solutions. One notable incident involves the U.S. government imposing sanctions on cryptocurrency mixing service Tornado Cash.
The move comes amid allegations that Tornado Cash facilitated transactions for Lazarus, a hacker group linked to North Korea. The sanctions effectively signal increased U.S. government scrutiny of privacy-focused cryptocurrency services and their potential misuse for illicit purposes.
Chris Black, host chris black conversation podcast told Cointelegraph, “It’s an easy way to just look at the recent news and decide you need to start building to government specifications, but unfortunately, that’s how many developers react. They’re not here for the principles, It’s about profit. My advice to those who care is: build unstoppable technology and try to separate it from your real-world identity as much as possible.”
Magazine: ‘Slumdog Billionaire 2’: ‘Top 10… doesn’t bring any satisfaction,’ says Polygon’s Sandeep Nailwal
As the adoption of cryptocurrencies and decentralized applications continues to grow, governments and regulators around the world are trying to balance supporting innovation and guarding against illegal activity.
Simmons believes it’s better to have tools that governments can’t shut down: “Unless we actively seek to build tools that return power to individuals, regulators will continue to push the imbalance of privacy and surveillance further in their direction.”
He continued, “Tornado Cash is a perfect example because they even go above and beyond the regulators and comply with them as much as technically possible, but that’s not enough for ’em.” Even after allegedly After compliance, they remain a target of the US government because the government doesn’t want a balance between compliance and privacy – they want total surveillance and therefore total power. “
“What we need to build in this space are tools (like Tornado Cash) that are resistant to nation-state attacks and impossible to shut down or censor, because that’s the only way to ensure we have the tools we can use to defend our freedoms and keep the government in check . It’s privacy or bankruptcy.”
Svlook