Zero Knowledge Proofs and Blockchain Privacy

 

 

Instructor:           Andreas Park
 

 

Transaction Processing

  1. Self-custody of assets
  2. Access to financial infrastructure
  3. Conceptually non-custodial services
  4. Value management layer = common resource
  5. Platform approach to commerce

Revisit: What makes blockchain-based finance different from TradFi?

{

{

features

consequences

assets ownership by accounts

Transaction Visualization

transactions

decentralized applications

tokens




The
"Mem-Pool"



 

Key Insight: there is no built-in privacy!

Blockchain has no privacy

Example:

  • you buy something online using a stablecoin and ship it to your home address
  • the merchant can now
    • link your name and address to your account
    • knows everything you ever did with this account
    • knows everything you ever will do with this account
    • can use data analytics to map you and other contact
  • intrinsic feature of public blockchains is that information gets stored by public addresses.
  • logic of smart contracts is visible to all
  • => firms have need of secrecy, individuals have rights to privacy

Root problem

Solutions

  • large numbers of wallets/addresses
  • coinjoin
  • ring signatures
  • zero knowledge proofs

     

Blockchain has no privacy

So no privacy. So why is everyone concerned about money laundering and crime?

But KYC for AML/CFT is all abound

  • criminals are real and they are using blockchains 
  • tax evasion, ransomware payments, ransom payments (real kidnappings!)
  • for tokenized assets firms need to know
    • their shareholders for communications
    • avoid politically exposed persons

How can we have compliance that keeps criminals out?

Basic FINTRAC/FINCEN Rules for Money Services Businesses

  • Basic rule: for any virtual currency transaction money services businesses need to verify and record the identity of the person involved
     
  • Transactions over $10,000 need to be reported
     
  • lots of smaller rules surrounding suspicious activties

\(\Rightarrow\) the rules are "tight"

Tornado cash: a privacy Solution

Banned addresses (usually by OFAC order)

August 8, 2022: OFAC sanctions Tornado Cash

The Common View

The Reality

  • no evidence that Hamas has received significant volumes of crypto donations.
     
  • full understanding of blockchain analysis and context is needed
     
  • Elliptic: Wall Street Journal [must] correct misinterpretations of the level of crypto fundraising by Hamas.
     
  • in discussions with Senator Warren to ensure parties have a proper appreciation of the complexities and nuances of analyzing these wallets.

 

Zero Knowledge Proofs

Basic Premise

A mechanism that proves to one party (the VERIFIER) that another party (the PROVER) possesses some knowledge, without revealing the knowledge itself or any other information that can be used to re-construct it   

This is a probabilistic statement not a math proof  

I was born between 1976 and 2000

Range Proofs

Examples

I am an EU citizen

Set Membership

Formal Technology:

  • STARK = Scalable Transparent Argument of Knowledge (Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev 2018)
  • SNARK = Succinct Non-interactive Argument of Knowledge (Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer 2012)

WHY?

Computational

Integrity

I performed the computation

you asked me to

Toy example #1 for a zero knowledge proof

Verifier Victor

Prover Peggy

How? Toy Example 2

Toy example #2 for a zero knowledge proof

  • Note: these examples are interactive.
  • SNARK = Succinct Non-interactive Argument of Knowledge

Privacy solutions

Current Compliance Solutions

Approach Objective Problem
deposit limits at off-ramps block illicit funds blocks some bad actors but frustrates regular people
sanctioned addresses block bad actors whack a mole
data analytics risk scoring significant type I and type II errors
view-only access let regulators see transactions relies on cooperation, including from criminals
association sets proof of innocence slow to detect, concern about criminals sneaking in
KYC of addresses/whitelisting verify identify of account no privacy towards KYC provider _ honeypots
selective de-anonymization proof of innocence with stick currently works only in L2s/rollups

Decentralized Compliance Networks

Underlying Idea

  • user onboards with public address
  • performs compliance checks etc
  • obtains private address(es)
  • does business privately

Compliance violation occurs 

  • Users:

    • Choose their revokers.

    • Users have full control over their privacy.

  • Revokers:

    • Initiate requests for de-anonymization based on suspicious activity.

    • Must post verifiable public requests to trigger the process, ensuring transparency.

    • Can be entities like Chainalysis, TRM Labs, or other trusted individuals decided through the public governance portal.

  • Guardians:

    • Vote to approve or deny the de-anonymization request.

    • Operate with a threshold mechanism (e.g., 6 of 10 must agree to proceed).

    • Guardians cannot see the transaction details themselves. Only Revoker can see it after receiving threshold permission from Guardians.