Regulators are struggling to protect crypto’s privacy features while enforcing sanctions
As much as blockchains look indecipherable to the naked eye, they are very transparent. Every transaction is publicly posted to the blockchain where anyone can see the sending address, receiving address, amount sent, and transaction hash. It is for this reason that many crypto enthusiasts have taken efforts to buttress crypto’s security with additional tools that hide certain data from prying eyes. Common approaches include mixers, zero-knowledge proofs, ring signatures, and stealth addresses.
Of course, with crypto’s longstanding reputation for illicit activity, any further efforts at obfuscation can appear suspicious, leading to crackdowns. It does not help when governments find direct evidence of bad actors making use of these very tools.
Such an event happened on Monday when the U.S. Treasury’s Office of Foreign Assets Control (OFAC), an agency tasked with maintaining the Specially Designated Nationals (SDN) list and enforcing sanction violations, added the non-custodial mixing service Tornado Cash and smart contract wallet addresses to the SDN list. The U.S. Treasury sanctioned Tornado Cash for allegedly helping to launder proceeds from cryptocurrency hacks by the Lazarus Group, a state-sponsored North Korean group tied to the $625 million hack in March of Axie Infinity’s Ronin Network.
This action may be the first time that many readers learned about mixers. So let’s take a quick look at how they and other privacy tools work.
Mixers
To use a mixer like Tornado Cash, users must first connect a Web3 wallet such as MetaMask. They then deposit funds into a smart contract created by the service provider that mingles their funds with those of the other users in order to obfuscate the origins. Users can then withdraw those funds from the mixed pool into a newly created wallet with no on-chain connection to the initial depositing address.
Tornado Cash is only one of many products and services that use mixing.
Zero-Knowledge Proofs and Stealth Addresses
With zero-knowledge proofs, one party can prove a fact without revealing any more information than necessary. For example, you can demonstrate that you validated a transaction without revealing your public key or show that your wallet meets a minimum balance without revealing the entire amount. It is also the staple feature of Zcash
ZEC
Zcash also makes use of stealth addresses A stealth address is a one-time public address that is generated for someone to receive funds. It is not publicly tied to Bitcoin or Ethereum wallet addresses. Therefore, sharing an address does not give a user access to view your transaction history and custodied assets. In fact, Zcash lets users shield the sending and receiving addresses as well as the transaction amount.
Zero-knowledge proofs can play two large roles in the Web3 movement. This first involves ensuring privacy when engaging in certain transactions or votes. The second role involves giving blockchains the ability for higher throughput. Zero-knowledge rollups batch transactions into a single proof. Instead of verifying every transaction, validators verify the proof allowing for faster processing times.
Ring Signatures
This technology is principally used by the privacy coin Monero
XMR
Monero is currently the leading privacy coin with a $2.8 billion market capitalization. It is important to note that with Monero, the use of ring signatures is not optional. While Zcash gives users the choice between regular or shielded transactions, all Monero transactions are required to be private.
Conclusion
A sensible policy towards crypto privacy features will involve a balanced approach from regulators. Privacy features like mixers, zero-knowledge proofs, ring signatures, and stealth addresses can provide an avenue for criminals to obfuscate stolen funds. The link between The Lazarus Group and Tornado Cash makes that clear.
However, use of these tools does not mean that something nefarious is happening. The aforementioned features are necessary to protect privacy in the digital age. Some use cases should be limited, while others should be allowed to flourish. Similar to protecting consumers, preventing illicit activity without stifling innovation is a balancing act.