Vitalik Buterin asserts that financial privacy and regulation can coexist with zero-knowledge proofs.

Vitalik Buterin, a co-founder of Ethereum, has released a research paper exploring privacy pool systems as a means to enhance privacy in financial transactions, enabling users to demonstrate dissociation from illicit funds through zero-knowledge-proof technology.

The paper begins by examining one of the most well-known privacy-enhancing protocols, Tornado Cash, which permits users to deposit and withdraw cryptocurrencies without establishing a recognizable link between the two addresses. Recently, U.S. authorities have brought criminal charges against its founders, citing significant misuse by malicious actors.

"The primary concern with Tornado Cash was that legitimate users had few options to dissociate from the criminal activities associated with the protocol," states the paper, co-authored by Jacob Illum, Matthias Nadler, Fabian Schar, and Ameen Soleimani.

The analysis then expands on an enhancement of Tornado Cash’s methodology that would allow users to publicly verify the source of funds on-chain by facilitating membership proofs (“I prove that my withdrawal comes from one of these deposits”) and exclusion proofs (“I prove that my withdrawal does not come from one of these deposits").

The authors suggest that this concept could create a balance between honest and dishonest users of the protocol, potentially allowing for financial compliance on-chain in the future:

“The fundamental idea of the proposal is to enable users to publish a zero-knowledge proof, demonstrating that their funds (do not) originate from known (un-)lawful sources, without disclosing their entire transaction graph. This is accomplished by proving membership in custom association sets that meet specific properties required by regulation or social consensus."

With privacy pools, users can distance themselves from anonymity sets that contain addresses linked to illegal activities through zero-knowledge proofs — a technique for validating a statement without revealing the details of the statement.

The core idea presented in the document posits that rather than merely using zero knowledge to demonstrate that a “withdrawal is connected to some previously-made deposit, a user proves membership in a more selective association set."

The association set can encompass all previously made deposits, solely the user’s own deposits, or anything in between. As a public input, the user defines the set by providing its Merkle root. “For simplicity, we do not directly prove that the association set is indeed a subset of the previously-made deposits; instead, we merely require the user to zero-knowledge-prove two Merkle branches."

To exemplify this in a law enforcement scenario, the authors present a straightforward example:

“Imagine that we have five users: Alice, Bob, Carl, David, and Eve. The first four are honest, law-abiding users who still wish to maintain their privacy, while Eve is a thief. Let’s assume this is publicly acknowledged."

In this scenario, when one of the users intends to withdraw funds, they can specify which association set to join, incentivizing users to expand their association sets to protect their privacy. However, to prevent their funds from being viewed as suspicious by merchants or exchanges, users do not include Eve in their association set. Conversely, Eve cannot exclude her own deposit and will be compelled to create an association set that includes all five deposits.

Visual representation of participants’ association set selection. Source: Buterin et al., 2023

“[W]e assume that Alice, Bob, Carl, and David include all other ‘good’ deposits in their respective association sets and exclude deposit 5, which comes from a known illicit source. Eve, on the other hand, cannot generate a proof that disassociates her withdrawal from her own deposit."

The authors indicate that this example demonstrates one potential application of association sets in privacy pool protocols. "It is important to note that the system does not depend on altruism from Alice, Bob, Carl, and David; they have a clear incentive to prove their disassociation."

The paper also presents several additional use cases for zero-knowledge proofs, allowing users to show that their funds are not associated with illicit sources or to confirm that funds come from a specific set of deposits without disclosing any further information.

“In many instances, privacy and regulatory compliance are viewed as incompatible. This paper proposes that this does not necessarily have to be the case if the privacy-enhancing protocol allows its users to prove certain properties regarding the origin of their funds."

Protocols utilizing zero-knowledge solutions are gaining traction, with the Ethereum network leading significant developments, according to recent research. The findings indicate that scaling ZK-proof solutions are poised for substantial growth in the next 12 months as global regulations evolve and users seek to maintain their privacy.

Magazine: Recursive inscriptions — Bitcoin ‘supercomputer’ and BTC DeFi coming soon