Can crypto privacy pools balance privacy and control?
Ethereum founder Vitalik Buterin recently produced a research paper, the main focus of which was integrating privacy features into blockchain transactions and ensuring compliance with various regulatory requirements.
Experts from a variety of backgrounds collaborated on this research project, including early Tornado Cash contributor Amin Soleimani, Chinalysis Chief Scientist Jacob Illum, and researchers from the University of Basel.
The diverse team reflects the interdisciplinary nature of the research, drawing insights from cryptocurrency, blockchain security and academic scholarship.
The paper suggests a protocol known as “privacy pools” as a rule-compliant tool aimed at improving the privacy of users' transactions.
How do privacy pools work?
Privacy pools, Buterin and his team explain in the research paper, aim to protect the privacy of transactions by separating criminal activity from legitimate funds into independent clusters or categories, allowing users to prove to regulators that their funds have not been mixed with them. Illegal funds.
This is done using techniques such as zero-knowledge verifications to demonstrate the legitimacy of the transactions and non-involvement with criminal activities.
Zero-knowledge authentications are cryptographic techniques that allow one party (verifier) to reveal certain information to another party (verifier) without revealing any details about the information.
When users want to withdraw their funds from the privacy pool, they can choose to create zero-knowledge authentication. This verification does two things: First, it verifies that the user's transaction is legitimate and does not include a blockchain address associated with criminal activity. Second – and more importantly for users – it keeps their identity confidential.
Association collections
Another critical part of how privacy pools work is the idea of ”pools of associations,” wallet addresses in a cryptocurrency pool. When withdrawing from the pool, users specify which association is set to use. These sets are designed to include only uncomplicated or “good” depositor wallet addresses, excluding what are considered “bad” depositors.
The purpose of syndicate collections is to maintain anonymity, as disbursed funds cannot be accurately traced back to their source. However, it can still be confirmed that the funds were obtained from non-critical sources.
Association Set Up Providers (ASPs) create these sets and are trusted third parties responsible for analyzing and evaluating the pool's contribution wallets. They are based on blockchain analytics tools and technologies used in anti-money laundering and transaction analysis.
Associations are established by two different processes: inclusion (membership) validations and exclusion validations.
Inclusion, also known as membership, is the process of making a selection based on positive criteria by creating a list of “good” ones. For example, when considering a deposit, they examine different options and distinguish between safe and low-risk securities.
Latest: Many buyers consider buying and resetting ‘irreversible' FTX
Exclusion involves creating a preference by focusing on negative criteria, like compiling a “bad” list. In the context of deposits, ASPs evaluate different options and indicate which ones are risky or risky. Next, they generate a list of all deposits except those classified as risky, thereby removing them from the list.
The paper takes the example of a group of five people: Alice, Bob, Carl, David and Eve. The four are honest and law-abiding individuals who want to keep their financial affairs private.
However, Eve is a thief or a thief, and this is well known. People may not know who Eve is, but they have enough proof that coins sent to an address named “Eve” come from a “bad” source.
When these individuals use the Privacy Pool to withdraw funds, they are grouped by ASPs with other users through association collections based on their deposit history.
Alice, Bob, Carl, and David want to ensure that their transactions are kept private while at the same time reducing the likelihood of them being suspicious. Their deposits are not linked to any risky activity, so ASP prefers that they only be linked to each other. So, a team is formed with only their deposits: Alice, Bob, Carl, and David.
On the other hand, Eve wants to protect her privacy, but her own money – from a bad source – cannot be left. So, she adds her deposit and others to a separate association set, forming a group with the five user deposits: Alice, Bob, Carl, David, and Eve.
Basically, Eve is excluded from the main group of trusted depositors (Alice, Bob, Carl, and David), but is instead added to a separate group that includes her transactions and others. However, this does not mean that Eve can use the privacy pool to mix her funds.
Now, here's the amazing part: Eve is the only one associated with the five accounts in the Exodus, even though she doesn't provide any direct information about herself, so it becomes clear by process of elimination that the fifth Exodus must be from Eve. records (since she was added to a separate group that included the five deposits).
The association creates privacy pools, separating trusted users from questionable ones.
This way, transactions from trusted sources will remain private, while anything shady or suspicious will be more visible and easy to spot.
In this way, malicious actors can be tracked, which meets regulatory requirements because malicious users cannot use the pools to hide their activities.
What do others say about the proposals?
Buterin's paper sparked discussions and gained attention from the blockchain community and industry experts. Ankur Banerjee, co-founder and CEO of Checked Technology – a privacy-preserving payment network – believes that the decentralized nature of privacy pools makes it easier to identify bad actors.
Banerjee told Cointelegraph, “The proposed approach would make this kind of money laundering analysis more democratized and potentially applicable to DeFi protocols as well. In fact, in crypto hacks it is very difficult to prevent hackers from trying to impersonate what they have stolen via DeFi protocols – only centralized exchanges can be easily caught/stopped.
Seth Simmons (Seth For Privacy), who hosts the privacy-focused podcast Opt-Out, told Cointelegraph, “The concept is technically interesting, but it asks and answers the wrong question because it reduces the amount of information available to data subjects. ‘What privacy are we allowed to have?' He asks the question. ‘What kind of privacy should we have?'
Siemens continued, “For years there has been no balance between consumer anonymity and regulatory compliance, with current governing forces having almost zero visibility into the actions we take and the ways we spend our money.
“Instead of trying to reduce privacy to please regulators, privacy pools should seek to redress this imbalance by providing the maximum privacy possible for today's users.”
Banerjee said he was concerned about the built-in delays in adding deposits to the association's collections, saying, “Tokens cannot be immediately put into a ‘good' or ‘bad' collection because it takes some time to determine whether they are ‘good'.” Or ‘bad'. The paper suggests a similar delay of seven days before inclusion (this may be higher or lower).
Banerjee continued, “But what is the right time to wait? Sometimes, like a crypto hack, it's pretty obvious soon after the hack that the coins might be bad. But in the case of complex financial transactions, it can take weeks, months or even years before tokens are identified as bad.
Despite these concerns, the paper says deposits are excluded if they are linked to bad behavior such as theft and hacking. So, as long as no malicious behavior is detected, this shouldn't be a concern.
Additionally, people with “good” deposits can verify that they belong to a trusted group and earn rewards. Those with “bad” money can't prove their credibility, so they don't get any benefits if they store it in a common pool. People can easily realize that these bad funds are from questionable sources when they log out of the privacy enhancement system.
Recent regulatory measures
Recent developments in the blockchain space have emphasized the importance of privacy and compliance solutions. In a notable development, the United States government imposed sanctions on the Tornado Cash cryptocurrency mixing service.
The move comes in response to allegations that Tornado Cash facilitated transactions for the North Korean-linked Alazar hacking group. These sanctions effectively signaled the US government's increased scrutiny of privacy-focused cryptocurrency services and their misuse for illegal purposes.
Chris Blake, host of the Chris Blake Discussions podcast, told Cointelegraph, “It's an easy way to just look at the latest news and decide if you should start building government specs, but unfortunately, that's what a lot of devs react to. They are here for principle, not profit. My advice to people who are concerned: build a technology that doesn't stop and separate it from your real-world identity as much as possible.
Magazine: Slumdog Billionaire 2: ‘Top 10… not satisfying,' says Polygon's Sandeep Nilwal.
As adoption of cryptocurrencies and decentralized applications grows, governments and regulatory bodies will strike a balance between enabling innovation and protecting against illegal activity.
Simmons believes it's better for governments to have tools they can't shut down: “Regulators will continue to push the privacy and surveillance imbalance further in their direction, unless we actively seek to build tools that give power back to the individual.”
He continued, “Tornado Cash is a good example of this, because they were occasionally going and complying with regulators as much as technically possible, but that wasn't good enough for ‘them'. Even after they are said to be compliant, they remain targets of the US government because governments don't want a balance between compliance and privacy – they want total surveillance, which leads to total power.
“The tools we need to build in space (like Tornado Cash) are tools that are resistant to state-level attacks and cannot be blocked or censored, because that's the only way to make sure we have the tools at our disposal to protect our freedoms and control governments. Civility or chaos.”
