Ethereum co-founder Vitalik Buterin has published a research paper that digs into privacy pool systems as a tool for achieving more privacy in financial transactions, allowing users to prove separation from illicit funds through zero-knowledge proof techniques.
The document originally discussed one of the most popular privacy-enhancing protocols, Tornado Cash, which allows users to deposit and withdraw cryptocurrencies without creating an identifiable link between two addresses. Recently, U.S. authorities filed criminal charges against its founders, alleging that it was widely used by bad actors.
“The key problem with Tornado Cash is essentially that legitimate users have limited options to escape the criminal activity that the protocol attracts,” write the paper co-authored by Jacob Illum, Matthias Nadler, Fabian Schar, and Ameen Soleimani.
The analysis then elaborates on an extension of the Tornado Cash approach that would enable users to publicly prove on-chain by allowing proofs of membership (“I prove my withdrawal came from one of these deposits”) and proofs of exclusion (“I”). Sources of funds. Proof that my withdrawal was not from one of these deposits. ”
The authors suggest that this concept could provide a balance between honest and dishonest protocol users, making it possible to achieve on-chain financial compliance in the future:
“The core idea of the proposal is to allow users to issue zero-knowledge proofs that their funds (do not) come from known (un)legal sources without publicly disclosing their entire transaction graph. This is achieved by proving compliance with regulations Or membership in a custom association set of certain attributes required by social consensus.”
With privacy pools, users can exclude themselves from an anonymity set that includes addresses associated with illicit activity based on zero-knowledge proofs — a method of proving a claim without revealing the details of the claim.
The basic idea presented in the document claims that instead of simply using zero-knowledge to prove that “a withdrawal is associated with some previous deposit, a user proves membership in a stricter association set.”
The association set can include all previously made deposits, only the user’s own deposits, or anything in between. As a public input, users specify the set by providing their Merkle root. “For the sake of simplicity, we do not directly prove that the associated set is actually a subset of the previous deposit; instead, we only require users to zero-knowledge prove two Merkle branches.”
To illustrate this in a law enforcement setting, the authors provide a simple example:
“Suppose we have five users: Alice, Bob, Carl, David, and Eve. The first four are honest and law-abiding users who still want to protect their privacy, but Eve is a thief. Also assume this is known.”
In this example, when one of the users wants to withdraw funds, they can specify which association set they want, which means they are incentivized to expand their association set to preserve privacy. However, to avoid having their funds viewed as suspicious by merchants or exchanges, users will not include Eve in their associated sets. However, Eve cannot exclude her own deposits and will be forced to build an association set equal to the set of all five deposits.
“[…] We assume that Alice, Bob, Carl, and David include all other “good” deposits in their associated sets and exclude deposits from known illegal sources5. Eve, on the other hand, cannot create a proof that she withdraws money from her deposit. ”
According to the authors, this example illustrates one possibility of using association sets in privacy pool protocols. “Note that the system does not depend on the altruism of Alice, Bob, Carl, and David; they have obvious incentives to justify their disengagement.”
The paper also provides several other use cases for zero-knowledge proofs for users to prove that funds are not tied to illicit sources, or to prove that funds came from a specific set of deposits without revealing any further information.
“In many cases, privacy and regulatory compliance are considered incompatible. This paper shows that this does not necessarily have to be the case if a privacy-enhancing protocol enables its users to prove certain attributes about the source of their funds.”
Protocols dedicated to zero-knowledge solutions are on the rise, with the Ethereum network dominating major launches, according to a recent study. The findings indicate that scalable zero-knowledge proof solutions will experience the highest growth over the next 12 months as global regulations evolve and users seek to protect their privacy.
Magazine: Recursive Inscription – Bitcoin ‘Supercomputer’ and BTC DeFi Coming Soon