The quest for privacy within the blockchain realm, without inadvertently mingling with illicit actors, has long puzzled enthusiasts and experts alike. A recent paper has ignited both criticism and enthusiasm within the industry by proposing a solution to this conundrum.
Vitalik Buterin, co-founder of Ethereum, has been a vocal advocate for bolstering privacy on the blockchain. Notably, he threw his support behind Tornado Cash, a decentralized mixer on Ethereum that leverages zero-knowledge proofs to obfuscate transaction histories. Buterin even confessed to using it for anonymous donations to Ukraine.
However, Tornado Cash, like other semi-decentralized privacy methods in the blockchain space, shares a critical flaw. While it obscures the trail to an individual’s wallet, it associates them with a pool of users, some of whom may have nefarious intentions. This association could inadvertently implicate users in activities such as terrorism financing, sanctions evasion, or money laundering, forcing them into the unwelcome position of proving their innocence when seeking privacy.
Few individuals grasp this issue better than Ameen Soleimani, the creator of Privacy Pools and a co-developer of Tornado Cash. Soleimani employs his platform to forward cryptocurrency donations to Iran through IranUnchained, a mission that demands considerable finesse to avoid association with the Iranian regime, given the financial sanctions in place.
The Price of Privacy
Privacy Pools, developed by Ameen Soleimani, addresses these privacy concerns. While the platform is currently operational only on the testnet, Soleimani, together with Vitalik Buterin and blockchain researchers Fabian Schärf, Matthias Nadler, and Jacob Illum, elucidates the concept in a paper titled “Blockchain Privacy and Regulatory Compliance: Towards a Practical Equilibrium.”
The paper grapples with the issue of “dissociation”: how can users of decentralized mixers distance themselves from criminal actors? Tornado Cash faced a significant problem where legitimate users struggled to disentangle themselves from the criminal elements drawn to the protocol.
For instance, Tornado Cash saw extensive usage by the North Korean Lazarus hacker group, resulting in the addresses associated with the mixer being placed on the U.S. Treasury Department’s sanctions list. Anyone interacting with these addresses risked being implicated in criminal activity, making the cost of privacy exorbitant.
Privacy Pools seeks to remedy this problem by introducing the concept of “association sets.” Instead of merely proving a payout’s connection to a previous deposit through zero-knowledge proofs, users demonstrate membership in a more limited set without revealing specific details, akin to ring signatures. This approach allows users to specify a range of potential sources for their funds, with varying degrees of granularity.
The authors intend to leave the nature of these sets to the discretion of the ecosystem, making it convenient for users to choose association sets aligned with their preferences. Sets could be constructed inclusively, incorporating clean deposits, or exclusively, excluding addresses linked to illicit activities. Users could create these sets manually or automatically, both onchain and offchain.
Crucially, this evidence could be posted onchain, possibly as part of the withdrawal transaction, enabling exchanges and traders to ascertain an address’s legitimacy without resorting to transaction-tracking spy software. Enhanced privacy for users goes hand in hand with bolstered security for platforms.
One intriguing byproduct of this system is that the anonymity set for criminal users contracts, while legitimate users are incentivized to select broader sets. Privacy Pools could potentially reconcile the longstanding tension for privacy advocates: the pursuit of maximum anonymity, but not at the expense of aiding criminals.
A Trojan Horse or a Triumph for Privacy?
Privacy researcher LaurentTM lends support to the fundamental idea behind Privacy Pools, which is empowering users to prove the origin of mixed funds and control what information they share. This inclusivity extends to individuals, often referred to as ‘normies,’ who wish to interact with regulated exchanges.
Nonetheless, Laurent raises concerns about the introduction of Association Set Providers (ASPs) in the paper. The authors propose that users won’t manually select deposits for their association sets but will instead rely on intermediaries known as ASPs to generate these sets with specific properties.
Laurent sees ASPs as a potential Trojan horse for the traditional Know Your Customer/Anti-Money Laundering (KYC/AML) regime, potentially expanding the reach of financial sanctions. Web3 critic Chris Blec echoes similar concerns, suggesting that such a protocol could be used to exclude specific groups, like unvaccinated individuals, as observed during the “Freedom Convoy” of Canadian truckers.
However, the paper outlines a multi-layered system of ASPs, some of which can be constructed on-chain without human or AI intervention. ASPs that become overly compliant with state power risk narrowing their association sets unnecessarily and losing users to ASPs with broader sets. Moreover, since there is no global consensus on which transactions are legal, association sets can vary by location, allowing users to tailor their proofs accordingly. This prevents ASPs from automatically becoming agents of a global sanctions regime.
A more fundamental critique of Privacy Pools comes from Zooko of Zcash, who views it as an attempt to produce evidence of innocence in a society where individuals are often presumed guilty until proven otherwise—a potential own goal for advocates of freedom.
“The Message of the Year”
While the criticism of Privacy Pools is not without merit, it must be understood in the context of our world, where governments impose financial sanctions, criminals exploit the system, and law-abiding users grapple with the dilemma of sacrificing privacy or risking association with illicit actors.
In this real-world scenario, Privacy Pools offers several advantages. It allows users to maintain transaction privacy without inadvertently mingling with criminal elements, and it enables traders and exchanges to receive anonymized coins without concerns about facilitating money laundering.
Unsurprisingly, industry support for Privacy Pools eclipses the criticism. Fred Ehrsam, co-founder of Coinbase, lauds the protocol’s potential, suggesting it could become a vital tool for navigating regulatory challenges while preserving privacy on public blockchains. Brian Armstrong, Coinbase’s co-founder, seems to express his agreement with a retweet.
Furthermore, Finlay, co-founder of the influential wallet MetaMask, extends assistance to the authors in securing funding from MetaMask’s special fund to integrate Privacy Pools directly into the wallet. Ryan Selkis from Messari is equally enthusiastic, hailing Privacy Pools as “the news of the year” and claiming the authors may have found a solution to the long-standing privacy-surveillance dilemma in the crypto space.
If Privacy Pools successfully establishes itself within the ecosystem, it could indeed be the most significant development of the year, striking a balance between privacy and regulation in the blockchain world.