On August 8, 2022, Tornado Cash was sanctioned by the U.S. Treasury for allegedly failing to implement sufficient controls to prevent its use in laundering funds for malicious cyber actors. Consequently, an avalanche of regulations shook the landscape of privacy-focused cryptocurrencies. Tornado Cash became illegal in the U.S., and Zcash and Monero were delisted from many exchanges.
Under regulatory pressure, new mechanisms were developed to preserve the privacy of innocent users while isolating illicit entities. In this post, I will investigate the best practices available at the moment.
Let’s assume there exists a public record of blacklisted UTXOs. An honest user can disassociate themselves from all blacklisted funds by extending their transaction with an exclusion proof [1]. This is simply a zero-knowledge succinct argument proving that none of the transaction's funding UTXOs are on the blacklist.
Monitoring illegal activity on the blockchain is a complex task, but fortunately, projects like 0xbow are already committed to this task, providing up-to-date blacklists and whitelists.
Selective Disclosure [2] is a more complex accountability mechanism. It introduces two additional roles:
A revoker is an entity whose goal is to eliminate illicit financial activities on a blockchain, such as a government institution.
Guardians are independent judges who prevent revokers from abusing their power to inspect blockchain transactions.
Once a revoker detects a suspicious UTXO, they can request decryption of the entire money flow originating from the UTXO. If a sufficient number of guardians approve the request, the transaction subgraph is revealed to the revoker, as shown above. Only the revoker learns the transacted amounts and the links between transactions.
I personally prefer the simplicity and flexibility of Exclusion Proofs. Instead of relying on a consensus about bad actors established by some trusted parties, Exclusion Proofs enable each user to subscribe to the blacklist maintainer they trust most. Exclusion Proofs also support much smaller anonymity sets based on custom criteria (e.g., "anonymize me only among accounts that passed some KYC procedure").
Selective Disclosure (SeDe) scheme was designed for fully private transfer systems like Zcash, while Exclusion Proofs were designed for deposit-withdraw mixers like Tornado Cash. Nonetheless, Exclusion Proofs can be extended to fully private transfers. Using recursive proofs, honest user can prove a statement such as: "None of the UTXOs funding this transaction belong to the blacklist, and each UTXO funding this transaction originates from a transaction that satisfies this condition."
In my opinion, the need for extra roles is a major weakness in the SeDe scheme. I don’t believe that:
Government institutions will seamlessly step into the role of revokers, and
There will be enough incentive to form a large group of guardians who will independently monitor the network and judge disclosure requests.
Nevertheless, what I appreciate about the SeDe scheme is that if a solid, decentralized infrastructure of revokers and guardians existed, then a SeDe-based private blockchain would be equivalent to a transparent blockchain in terms of AML regulations. In other words, there is no reason to ban a SeDe-compliant blockchain just because it supports extra privacy features.
The Quantum Fusion team believes that the lack of on-chain privacy is one of the major weaknesses of currently available blockchains. The fact that all transactions, accounts, and web3 activities of a user are public and linkable is unacceptable to us.
The recent wave of regulations has raised concerns about private transfers. Nonetheless, we already have tools that enable accountable privacy [3]. Furthermore, recent advancements in cryptography are making these protocols reasonably resource efficient.
We believe in, and build for, a future of privacy-by-default blockchains with well-implemented anti-crime tools.
[1]: Blockchain Privacy and Regulatory Compliance: Towards a Practical Equilibrium
[2]: SeDe: Balancing Blockchain Privacy and Regulatory Compliance By Selective De-Anonymization