Vitalik Buterin and friends may have found a genuine solution to blockchain's privacy-leaking problem. Or at least a new way to build cryptocurrency mixers that maybe won't get their operators thrown in jail.
In case you didn't see it last week, there's a new theoretical paper floating around co-written by Buterin that explores a way of combining a few existing technologies like buzzy zero-knowledge proofs and lesser known "Privacy Pools" to build something wonderfully unique.
In essence this is both a technological technology and a social technology, a way of joining a crypto washing pool to hide your own blockchain history while also having the right to dissociate from criminals or bad actors who would want to abuse a privacy tool for money laundering.
Of course, not everyone is happy about this happy medium between compliance and privacy. A few cypherpunks worth admiring have found the notion of picking and choosing who to interact with in a smart contract a nonstarter given that digital technologies are meant to level the playing field by treating everyone equitably.
Also, isn't the idea of "compliant privacy" a bit oxymoronic in the age of the Bank Secrecy Act?
Jacob Illum, a co-author and Chainalysis researcher, appeared on CoinDesk TV on Monday to talk about the research and address some of the controversy. (His co-authors besides Buterin include early Tornado Cash contributor Ameen Soleimani as well as two academics from the University of Basel Fabian Schär and Matthias Nadler.)
"The main idea is how do we achieve some sort of financial privacy on the blockchain," Illum said.
Blockchains are by default transparent – it's part of the whole deal. Nodes need to be able to validate transactions and the system can only be "trustless" insofar as everyone can independently verify the same data. This is a revolutionary idea in terms of establishing relationships between counterparties and settling transactions, but presents an obvious problem if the blockchain's built-in pseudo-anonymity is ever cracked.
And cracked it has been.
It is possible to use Bitcoin or Ethereum today privately, airgapping your alts from your "government name," but it is insanely difficult and is like taking up a part-time job to do right, making sure you control your own dependencies and on a long-enough timeline you're either going to slip up or Chainalysis is going to build a tool to break through.
Advancements like Tornado Cash, the now-sanctioned Ethereum-based crypto mixer, allowed for a little more flexibility by giving people the option to disrupt their blockchain histories. Think of Tornado Cash like a big communal washing machine that never stops running – people may see you drop off your dirty socks and pick them up later, but if you leave your clothes in for long enough and there's enough liquidity everyone will probably lose sight of who owns what (in this example everyone's socks are the same because all ethers are interchangeable).
But Tornado Cash is totally off limits if you don't want to risk facing sanctions violations. Not all laundromats are the haunts of bad actors, of course, but at this point all crypto mixers should be assumed to be illegal. Good intentions and civil rights be damned. Blame the Hermit Kingdom.
The "main innovation" the privacy researchers found is something called an association set, which essentially lets a group of trustworthy crypto users run their own crypto mixers. Zero knowledge proofs are layered in to weed out tainted funds and bad actors as well as boosting everyone's privacy by allowing users to only reveal the information necessary to prove they're above board.
It's important to note that although Soleimani is currently working on coding a minimum viable product, it isn't clear yet whether such a system would work in the real world or even be legal. Illum noted that this could be compliant in some regions and not others, and that he and his co-authors may need to consider adding or removing features.
"I'm a technologist. I'm not a policy maker," Illum said on CoinDesk TV.
Being able to give yourself a cloak of anonymity sounds like something all crypto people could get behind, but it's not without controversy. For instance, Zcash co-creator Zooko Wilcox disapproved of the "Guilty Until Proven Innocent" mentality behind a tool that allows people to simultaneously prove their funds are clean while also disassociating from riskier addresses.
Zooko also raised concerns about mixers in general, which "can never provide real privacy for humans" no matter how they're built because mixers can almost always be compromised simply by observing them for long enough. Ahem, "humans are pattern-generating creatures," he said. Fair enough.
It's worth saying that – again, at this low, low, low point in crypto's lifecycle where we've seen the U.S. government sue a computer for failing to register as a money transmitter – there really shouldn't be complaints against "over-compliance." Zooko criticized Privacy Pools because they allow people to disassociate from bad actors, even if that isn't entirely necessary.
I'm with Ameen Soleimani when he responded saying that choosing to avoid some people is as fundamental a cypherpunkian ideal as being free to associate with whomever. Not all conversations are worth having, silence is a form of expression and while we may live in a society where you're technically "innocent until proven guilty" doing what you can to stay safe shouldn't be demeaned. Crypto users are already some of the most loathed individuals on the planet.
The rest of Ameen and Zooko's debate devolved into an argument over Zcash, with Zooko saying it works and Ameen pointing out even if that's true no one is using it as intended. Which I think is a roundabout way of getting at the real heart of the issue, anyway, but not in those terms.
Crypto should be private. Privacy and censorship-resistance is just about all crypto is good for, apart from running weird economic and technological experiments. To some extent it doesn't matter whether crypto is used at all, considering the amount of people "privacy and censorship-resistance" appeals to is a very small niche. And so it's nice to know something like Zcash exists for those who need it.
But for most people in the world, Ethereum is crypto. And today there's no way to, say, pay for a meal on-chain without revealing your entire financial history, and that's a bad thing. At some point Ethereum will need a workable solution for privacy, if only because it's an expectation everyone already has for "crypto." Naked blockchains don't work, and neither do privacy cloaks like Tornado Cash.
Or as Illum says: "I believe that individual users that want to use blockchain safely, and should have access to do that in some way."
Read this article on the web.
– D.K.
@danielgkuhn
daniel@coindesk.com