In a paper published 6 September 2023, the Ethereum co-founder Vitalik Buterin, along with four industry leaders and academics, introduced a new smart contract-based protocol named ‘Privacy Pools’. Proposed as an alternative to the sanctioned cryptocurrency mixer Tornado Cash, Privacy Pools leverage advanced cryptographic techniques, including zero-knowledge proofs, to verify the legitimacy of funds, without needing to expose the whole transaction history for a user. Through the new Privacy Pool protocol for Ethereum, users are able to ‘generate a brand new Ethereum address that is completely unlinkable to any prior transaction history’. The Protocol is described as:
A first step towards a future where people could prove regulatory compliance without having to reveal their entire transaction history.
The paper acknowledges the inherent privacy concerns arising from the easily accessible and transparent nature of transactions on the public blockchain, which share significant metadata in a permanent and very public way. Privacy-enhancing protocols have previously sought to address this by breaking the link between a ‘particular deposit and its withdrawal counterpart’ but the way that has occurred has created opportunities for bad actors to also use those tools. The paper identified the ‘critical issue with Tornado Cash’ as:
Legitimate users had limited options to dissociate from the criminal activity the protocol attracted.
In contrast, Privacy Pools offer ‘membership proofs’ and ‘exclusion proofs’ functions, which allow users to confirm whether or not their withdrawals come from the pool of ‘good’ deposits. This is said to be designed with an aim of enabling users to fulfil their ‘desire for privacy’ as well as their ‘desire to avoid suspicion’. By pooling honest transactions together, users are able to confirm the legitimacy of their transactions by proving that their transactions came from the 'good' deposits. As good actors are incentivised to distinguish themselves from the ‘bad’ deposits, bad actors will face difficulties with proving their membership in a "good"-only association set.
This approach is aimed at maintaining separation between the pools. However, the paper recognises that in reality, due to societal perspective and jurisdictional differences, there may be cases where there is 'no global consensus' on which funds are 'good' or 'bad'. In such cases, users are able to exclude withdrawals that are non-compliant with their jurisdiction or issue a membership proof against the 'intersection' of both association sets to demonstrate compliance with numerous jurisdictions. The protocol is 'very flexible' in this way and 'censorship resistant'.
Privacy Pools come at an important time where ongoing data breaches highlight the need to ensure greater baked-in privacy for users and less exposure of personal information, but with governments historically used to using the collection of personal information as a means of tracking down bad actors and prosecuting law breakers.
The paper makes a bold prediction about Privacy Pools:
In many cases, privacy and regulatory compliance are perceived as incompatible...this does not necessarily have to be the case.
To realise this vision of a 'potential future' where 'financial privacy and regulation can co-exist', the paper requests for cooperation from 'practitioners, academics...policymakers and regulators', and if this vision can be brought to reality, perhaps users can truly have the benefits of strong privacy protection without the stigma of bad actors also using those same tools.