Cat and Mouse

Privacy is dying.

But all hope is not lost.

As cold hard cash gets rapidly replaced by traceable transactions, a catalogued web containing all financial interactions of every citizen is constantly being built.

A surveillance state’s wet dream.

Cryptocurrency’s countercultural origins may have been borne of a variety of inspirations, but the preservation of privacy in an ever more connected world has been a leading use-case for everyone, from ordinary users, hardcore cypherpunks, political activists, and even state-sponsored hacking groups.

The tug of war between crypto-enabled privacy and regulatory oversight has been on-going for years.

But the issue was kicked into overdrive with last year’s sanctioning of Tornado Cash by the US Treasury.

Since the initial sanctions, things have gone from bad to worse for blockchain privacy.

Developers have been arrested (first Alexey Pertsev, then Roman Storm last month), and address screening was implemented across many front-ends (including for griefed addresses dusted with Tornado ETH).

Even Tornado’s protocol governance came under attack via a hidden ‘metamorphic contract’ snuck into a proposal in May.

Other blockchain-based privacy tools exist, but none has had the impact of Tornado Cash. Even post-sanctions, there has been no clear successor, likely due to the sheer simplicity and familiarity of ETH’s OG mixer.

Now, a group of devs, researchers and privacy advocates have proposed a tweaked version of the model; a compromise protecting the privacy of legitimate users, while ensuring bad actors are kept from contaminating the tool’s reputation.

But the question still remains…

Who decides the ‘good’ actors from the ‘bad’?

The new Privacy Pools0, announced Wednesday, allow users to “provably dissociate from illicit funds” via zk-proofs.

The docs state that:

This design aims to be a crypto-native solution that allows the community to defend against hackers abusing the anonymity sets of honest users without requiring blanket regulation or sacrificing on crypto ideals.

Inspired by an idea Vitalik described in the wake of the Tornado Cash sanctions, the project has been coded by RAI’s Ameen Soleimani, and presented in collaboration with two researchers at Basel University.

Privacy Pools were teased by Soleimani back in March, but the paper goes into detail on the mechanisms, as well as exploring potential applications which could ensure compliance while preserving privacy.

When withdrawing funds, users will be able to create an accompanying zk-proof that the funds are sourced from a sub-set of pool deposits (i.e. excluding any flagged addresses).

These proofs can then be referenced by existing transaction screening tools, which currently tend to flag mixers as blanket ‘tainted’ funding sources, with knock-on effects for legitimate users.

The protocol would allow for custom association/exclusion sets, effectively allowing US users to prove compliance with US regs, EU with EU regs, any user to comply with both, etc.

Other examples given in the paper include a network of banks maintaining an association set which proves KYC/AML compliance, or being able to prove a link between sources of funds (i.e. an association set of 1:1), without linking between individual accounts.

Not only does the protocol allow users to prove that their funds have been sourced from clean deposits but, with time, legitimate use will decrease the appeal for bad actors:

Over time as communities curate deposit lists, the anonymity set for hackers actually shrinks to include only those bad deposits, naturally hindering even the possibility of money laundering to occur.

Win-win?

The only trouble is… who decides who’s compliant and who’s not?

If there is a perfect consensus on which funds are “good” and which are “bad”, the system will lead to a simple separating equilibrium

That’s a big ‘if’.

While the use of custom association sets ensures that the tool itself is credibly neutral, users choosing is not a workable/scalable solution.

Ultimately, users will have to rely on lists being maintained by third parties, and given a co-author is Chainalysis’ Chief Scientist, no prizes for guessing who that might be.

The authors acknowledge the difficulty that integrating mixed funds into a regulated poses, and present their tool as a flexible solution that could be used in a variety of ways.

What that looks like in practice, however, is still up for debate.

On-chain proofs seem the most versatile, though would increase transaction fees, and a low barrier to entry is key for maintaining a sufficiently large anonymity set.

Having the proofs readily available on-chain, introduces additional transaction costs, but reduces the coordination effort, levels the playing field and mitigates the risk that screening tool providers could have a quasi-monopoly due to their knowledge of non-public proofs.

Some may argue that the likes of TRM and Chainalysis retaining the power to choose, whilst being instructed by state authorities, is against crypto ethos.

In the wake of the OFAC sanctions, the rush to ‘block first, ask questions later’ seems a worrying precedent for compliance organisations to perpetuate for the future.

But, while hardcore cryptolibertarians might complain of gatekeeping, the model seems a good and workable compromise for the vast majority of users who just want to maintain privacy on the network without being branded a hacker or terrorist.

Essentially, the project boils down to the following quote, one that seems a good summary of the threat crypto is currently facing:

In many cases, privacy and regulatory compliance are perceived as incompatible. This paper suggests that this does not necessarily have to be the case

As middlemen become obsolete, states will blindly clutch at any perceived negatives of new tech, in an attempt to retain power over a system that has already outgrown them.

Innovations like Privacy Pools will give them less ammo to come after a technology they do not understand.

this is barbarbism and technological ignorance, pure and simple

But, as we saw just yesterday, even attempting to comply gets you nowhere.

We will continue to build the tools, let them decide if they want to participate.

Why even play by their rules anymore?

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C

disclaimer:

REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.