A new paper co-authored by Ethereum’s Vitalik Buterin highlights the use of zero-knowledge proofs as a tool for regulatory compliance and on-chain privacy.
Ethereum co-founder Vitalik Buterin has published a research paper diving into privacy pool systems as a tool to achieve more privacy in financial transactions, allowing users to prove dissociation from illicit funds through zero-knowledge-proof technology.
The document initially discusses one of the most popular privacy-enhancing protocols, Tornado Cash, which allows users to deposit and withdraw cryptocurrencies without creating an identifiable link between the two addresses. Recently, United States authorities filed criminal charges against its founders, alleging extensive use by bad actors.
“The critical issue with Tornado Cash was essentially that legitimate users had limited options to dissociate from the criminal activity the protocol attracted,” reads the paper, co-authored by Jacob Illum, Matthias Nadler, Fabian Schar and Ameen Soleimani.
The analysis then elaborates on an extension of Tornado Cash’s approach that would enable users to publicly prove the source of funds on-chain by allowing membership proofs (“I prove that my withdrawal comes from one of these deposits”) and exclusion proofs (“I prove that my withdrawal does not come from one of these deposits”).
According to the authors, the concept could provide a balance between honest and dishonest protocol users, potentially enabling financial compliance on-chain in the future:
“The core idea of the proposal is to allow users to publish a zero-knowledge proof, demonstrating that their funds (do not) originate from known (un-)lawful sources, without publicly revealing their entire transaction graph. This is achieved by proving membership in custom association sets that satisfy certain properties, required by regulation or social consensus.”
With privacy pools, users can exclude themselves from anonymity sets that include addresses related to illegal activities based on zero-knowledge proofs — a method of proving a statement without disclosing the statement’s details.
The underlying idea presented in the document asserts that instead of simply using zero knowledge to prove that a “withdrawal is linked to some previously-made deposit, a user proves membership in a more restrictive association set.”
The association set can include all previously made deposits, only the user’s own deposits, or anything in between. As a public input, the user specifies the set by providing its Merkle root. “For simplicity, we do not directly prove that the association set actually is a subset of the previously-made deposits; instead, we just require the user to zero-knowledge-prove two Merkle branches.”
To illustrate it in a law enforcement context, the authors provide a simple example:
“Suppose that we have five users: Alice, Bob, Carl, David and Eve. The first four are honest, law-abiding users who nevertheless want to preserve their privacy, but Eve is a thief. Suppose also that this is publicly known.”
In the example, when one of the users wants to withdraw funds, the individual can specify which association set to be a part of, meaning users are incentivized to make their association sets larger to safeguard privacy. However, to avoid their funds from being perceived as suspicious by merchants or exchanges, the users do not include Eve in their association set. Eve, however, cannot exclude her own deposit and will be forced to make an association set equal to the set of all five deposits.
Source: cointelegraph.com
