Vitalik Buterin’s September paper about privacy pools touched on an idea that could revolutionize cryptographic privacy. Most people in the cryptocurrency community have heard about Privacy Pools, a project created this year by Ameen Soleimani, a well-known developer and creator. Soleimani, a former Tornado Cash developer, intended to “fix” the popular open-source solution for anonymizing Ethereum transactions in order to make it more regulator-friendly.
The first teaser, released in March, was based on a proposal first proposed by Ethereum co-founder Vitalik Buterin in 2022. However, it failed to capture the interest of the crypto-hive mind. It was only a few weeks ago, after Buterin published an academic study on the issue, that it became more extensively circulated on social media.
Why? There is nothing like combining “blockchain privacy” with “regulatory compliance” to enrage certain cypherpunks. And to leave the rest of the community wondering if authorities would even be interested in legitimizing the usage of non-custodial crypto-asset mixers, which are vital to the on-chain economy but are frequently misunderstood.
The future is definitely a more digitally altered society in which zero-knowledge (ZK) proofs become commonplace.
Let’s talk about whether privacy pools are now compliant. Can they meet the community’s basic ethos—or, at the very least, the part of the community concerned with avoiding the illegitimate use of tokens, as the Pretty Good Policy for Crypto podcast recently phrased it? And how do we overcome one of the paper’s most serious flaws: the narrative? To begin, even if the suggested implementation is good, users may only prove their innocence by demonstrating that their original deposit comes from a set of presumably legitimate sources or does not come from a set of known illegal sources. These are known as association sets, and their implementation is still up to the ecosystem. However, compliance involves more than just avoiding addresses on OFAC’s SDN list or avoiding known harmful actors.
Yes, if a protocol is hacked or an indicted criminal’s wallets are found and they attempt to shift cash to new addresses, these might be immediately added to an association set from which honest users can disassociate.
However, criminal actors can remain undetected for a long time before being identified, which makes regulators concerned that coins associated with illegal conduct may rejoin circulation. In the traditional finance world, actual currency accounts for an increasingly tiny proportion of payments, and illicit funds deposited at banks are easily apprehended. Regulators have grown accustomed to the doxing that extensive KYC processes enable.
Second, even if this is sufficient to satisfy current regulators, it is equally critical to assess whether the crypto community is satisfied with the solution, or else it will not be embraced. This includes not only hardcore cypherpunks but also users from oppressive governments and political activists from less-than-healthy democracies. That is a particularly difficult scenario.
These pools can only improve transaction privacy if there is a trusted environment surrounding them. Association sets can be completely automated. Even still, it all comes down to the oracles and which public and private institutions come to control these lists, thereby judging who is a bad actor and who is not—perhaps without a mandate. Soleimani stated that the protocol “doesn’t necessitate sacrificing cryptographic ideals.” Even honest actors who are naturally inclined to establish their innocence, however, can only do so to the extent that their jurisdictions recognize large and relevant enough association sets for the proofs to operate, or if designated association set suppliers can be trusted. Finally, the proposal’s aims are plainly positive, and its design is versatile and effective.
Such a possibly compliant protocol will not address the problem by itself, as it establishes a distinct regulated environment into which users (and governments or politicians) might opt-in. It’s certainly a positive approach, and self-regulation is admirable, but the crypto policy discourse requires more, or else the chasm will widen while privacy is attacked on both sides.
After all, we can only design something that will succeed if we agree on its conditions and it fits the needs of customers and stakeholders. If we disagree with such rules, we need the entire community to mobilize behind the change—in this case, to push for improved privacy safeguards and education.
Change begins with you. Have you been donating to your local crypto advocacy groups? Do you understand what they stand for? Have they done thorough research on the subject? (Even if they haven’t been as vehement as Coin Centre, which sued the US Treasury Department when it approved the usage of Tornado Cash last year.) If not, now is the time to become involved. Let us work together to create a better future, or it will never arrive.