Ethereum co-founder Vitalik Buterin published A research paper takes an in-depth look at privacy pool systems as a tool for achieving more privacy in financial transactions, allowing users to prove separation from illicit funds through zero-knowledge proof techniques.
The document originally discussed one of the most popular privacy-enhancing protocols, Tornado Cash, which allows users to deposit and withdraw cryptocurrencies without creating an identifiable link between two addresses. Recently, U.S. authorities filed criminal charges against its founders, alleging that it was widely used by bad actors.
Contributed by Jacob Illum, Matthias Nadler, Fabian Schar and Ameen Soleimani “The key problem with Tornado Cash is essentially that legitimate users have limited options for decoupling from the criminal activity the protocol has attracted,” reads the paper.
The analysis then elaborates on an extension of the Tornado Cash method that would enable users to accept proof of membership (“I certify that my withdrawal came from one of these deposits”) and one of these deposits”).
The authors suggest that this concept could provide a balance between honest and dishonest protocol users, making it possible to achieve on-chain financial compliance in the future:
“The core idea of the proposal is to allow users to issue zero-knowledge proofs that their funds (do not) come from known (in)legal sources without publicly revealing their entire transaction graph. This is done by proving that regulations or social consensus are satisfied required by membership in a custom association set for certain attributes.”
With privacy pools, users can exclude themselves from an anonymity set that includes addresses associated with illicit activity based on zero-knowledge proofs — a method of proving a claim without revealing the details of the claim.
The basic idea presented in the document claims that instead of simply using zero-knowledge to prove that “a withdrawal is associated with some previous deposit, a user proves membership in a stricter association set.”
The association set can include all previously made deposits, only the user’s own deposits, or anything in between. As a public input, users specify the set by providing their Merkle root. “For simplicity, we do not directly prove that the association set is actually a subset of previous deposits; instead, we only require users to zero-knowledge prove two Merkle branches.”
To illustrate this in a law enforcement setting, the authors provide a simple example:
“Suppose we have five users: Alice, Bob, Carl, David, and Eve. The first four are honest and law-abiding users who still want to protect their privacy, but Eve is a thief. Also assume this is known.”
In this example, when one of the users wants to withdraw funds, that individual can specify which association set to join, which means users are incentivized to expand their association set to preserve privacy. However, to avoid having their funds viewed as suspicious by merchants or exchanges, users will not include Eve in their associated sets. However, Eve cannot exclude her own deposits and will be forced to build an association set equal to the set of all five deposits.
“We assume that Alice, Bob, Carl, and David include all other “good” deposits in their respective association sets, and exclude deposits from known illegal sources5. Eve, on the other hand, cannot create a proof that she withdraw money.”
According to the authors, this example illustrates one possibility of using association sets in privacy pool protocols. “Note that the system does not depend on the altruism of Alice, Bob, Carl, and David; they have obvious incentives to justify their disengagement.”
The paper also provides several other use cases for zero-knowledge proofs for users to prove that funds are not linked to illicit sources, or to prove that funds came from a specific set of deposits without revealing any further information.
“In many cases, privacy and regulatory compliance are considered incompatible. This paper shows that this does not necessarily have to be the case if a privacy-enhancing protocol enables its users to prove certain attributes about the source of their funds.”
According to recent research, protocols dedicated to zero-knowledge solutions are on the rise, with the Ethereum network dominating major launches. The findings indicate that scalable proof-of-ZK solutions will experience the highest growth over the next 12 months as global regulations evolve and users seek to protect their privacy.
Magazine: Recursive Inscription – Bitcoin ‘Supercomputer’ and BTC DeFi Coming Soon
Svlook
