Sep 11, 2023

Vitalik Buterin, co-founder of the Ethereum network, and four co-authors published a research paper last week, detailing a new technological feature called "privacy pools" and how it can be applied to blockchain protocols to distinguish honest users from criminals.

Video transcript

Let's talk about a new evolution on the privacy front that begs the question, can Blockchain protocols distinguish between honest folks and criminals? A recently published paper authored by the co-founder of Vital Bitter and four others say that they can by using a new technological feature called privacy Pools. Joining us now is one of the authors of the paper called Blockchain privacy and regulatory compliance towards a practical equilibrium analysis. Chief scientist Yacob Ilo, welcome to the show, Yacob. Thank you and thanks for having me. Thanks for being here with us. Now we're talking about this paper, it studies privacy pools which is a smart contract based privacy enhancing protocol that separates, like I said in my intro, honest users, good actors from bad actors explain to us like we're five years old, how this works. So the main idea here is to how do we achieve some sort of financial privacy on the Blockchain, right? The the Blockchain or many blockchains anyway are inherently um transparent. Um And there's been attempts for that uh for trying to achieve that if you have something like tornado cash, right? But um what happened with tornado cash was that it all of a sudden started allegedly being used for large amounts of money laundering, right? And so you have all these users that are using this to achieve some level of privacy and now they have no way of saying, hey, I'm not these actors that are sending funds to launder money through this protocol. And so what privacy pools can do is that it can actually allow you when you are pulling funds out of this smart contract, you can dissociate from any kind of activity that you want. So you can actually pick and choose and say, hey, I'm pulling out funds and I'm doing it with some degree of um anonymity and privacy, but I am not what some of these funds over here. And that's the main uh innovation that's here. So the, the part that I I I'm trying to grapple here is of course that we've always been told that crypto the whole thing is it's not anonymous, it's synonymous. Um So why would one need to have all of this? Uh you know, is it, what's the necessity, isn't, isn't there enough privacy already built in that? We don't need this extra layer? I think, I don't think so. I think, you know, it's, it's kind of like if you want to interact with your web banking, you also use encryption on the network, right? You're not just sending all your details when you're interacting with your bank so anybody can read what you, um, what you're doing and it's similar on the Blockchain, right? Even though we have the pseudonym, pseudonym that we have on the Blockchain. Um, like, let's say that you go, I'll take an example, like we use in the paper. Like, let's say you go to a restaurant and you decide to, to pay for some food. Right? You might take a picture of what you are eating. People can see kind of what that meals cost. And so if you already know the address of the restaurant on the Blockchain, you can actually go and do some kind of analysis and figure out well, what, what likely wallet did actually pay for your meal. And now all of a sudden somebody has access to all the financial transactions that you have ever done. And I don't think that that's a good space to be. I don't think that's what we are. Uh that's what we want. So we want some, some way of achieving some level of like privacy while you're, you know, uh shielding your financial transactions. Note to self, don't take photos of food and restaurants. Lawrence. Lawrence has a secret food blog somewhere that we'll, we'll find at some point. All right, before you do. Yes. Yeah, I, I want to talk about the, how this actually works because when we read the paper, it sounds like you need large sets of users who actually care about preserving their privacy for this to work. So how like is how do you are those people out there already? Are there people who care enough about this to participate in the pools to provide that anonymity for the group? I I believe so. I think that, you know, you can see there were a lot of users if you look at the activity of tornado cash ever since it got placed on the O A sanctions list, like the activity has gone down tremendously. I think there's a lot of people that wanted uh some kind of privacy but are now shying away from that kind of technology and are looking for alternatives. And so I do think that those users are there and I think that if there is some kind of technology that that gives you that way you can still dissociate from activity that you don't want to be associated with, then I think more people will pick it up. And that's mainly the goal is to try to bring forward technologies that can bring more people into the Blockchain space. Um So can you can you kind of walk us through exactly what, what, how this is implemented or how it will be implemented the time frames? Uh you know, how far along are people when it comes to this? And you know, what, what kind of timeline are we expecting? But I think first off, what exactly is it, how does it work? Yeah. So the technology is already around the technology relies on zero knowledge proof, which is like instrumental in many Blockchain technologies to try to achieve some level of privacy. So what that means is that basically in, in, in ordinary English, a zero knowledge proof means that you can prove something that everybody can verify is correct without actually revealing the information for people to know how, how you how you could make that proof. So basically what you are saying is that you're withdrawing funds, you are depositing funds into a protocol that everybody can see the funds flowing in. Now, when you pull out funds, you can prove in zero knowledge that you have access to pull some funds out of this pool, but you don't have to reveal exactly which funds the the s knowledge proof just says my funds are actually in the pool and I can pull them out legitimately. And now what we add on with private pools is that you can not just say I have funds in the pool, but you can say I have funds in the pool and they are part of this set. We call them an as an association set. So they are part of this association set or they are dissociated from these deposits over here. Um So all Zero knowledge technology, you know, you run up to it. I'm sorry, in terms of, in terms of uh time to implement like, you know, what, what's the process for, for people who aren't familiar with, with how things get done on Ethereum. Uh What's the, what's the timeline here and how would it work? Like there are already some people that are trying to build at least the technological foundation for then? I mean, who is one of the co-founders is already trying to build out some of this? Um So this, this is technology that could be implemented uh very on a very short time scale. The only thing that we argue in the paper that's required is that some people need to supply these association sets, right? We're not all Blockchain uh forensics experts, right? So we don't know who else is putting funds into these pools where they're coming from. Uh what's the source of those funds? So you need to partner with some either organizations or companies that have access to that kind of information that can build out these sets and say, hey, all these funds that are flowing into this privacy pool here are coming from say these five exchanges or something like that, right? Like, so that's now when you, when you are pulling funds out, you would be associating yourself with, say, hey, my funds did come from one of these five exchanges, but there's no one who can tell who uh which of the five is actually mine. And um so you need, you need to have some kind of collaboration. So that's, that's part of what's going to impact the timeline for rolling this out, this part partnership needs to be established. Um But I think the first point is just to build out the technology like I AM is doing and then, um you know, we can take it from there. You brought up tornado cash. It's also mentioned in the paper, the limitations associated with it are are unpacked. But when we talk about tornado cash, I think we, we think of, of course about the sanctions. We think of course about the subsequent lawsuits. Um, our privacy pools are there any concerns you have when it comes to regulatory compliance across various different jurisdictions? So, yeah. Well, I'm a technologist. I'm not a policy maker, right? So what this is, is a proposal from a technological perspective of things that we think can solve some of the issues that are out there now, whether it actually has these properties that we, we believe they could have is up to the policy maker. So I'll leave that to the experts that are, that know that matter to decide. Like, does this actually have, you know, does this, could this live up to certain regulatory requirements in different, in certain jurisdictions or if not, how do we need to change this technology? Maybe what kind of features do we need to add or remove in order to, to get there? So this is our offer to put something into that conversation. And what's different about this proposal is that we're coming, we're we're a bunch of people coming from different aspects of the Blockchain space to have this conversation, right? We're not people coming from individual silos trying to argue why it should be one way or another. We're trying to have a conversation and say, look, we understand that there are issues. If we want to bring more many people into the Blockchain space, it needs to be safe to operate in there. People need to know that if they use a privacy technology, they can pull out their funds and safely spend them. That's what it's gonna take to take Blockchain to the next level. And so we're saying here's a technology, let the policymakers look at this and assess whether this is something that can uh that can be used. Um at the end of the day. That's, yeah, that's not up to me. So yeah, it sounds like this is more about preserving privacy for the everyday user rather than separating out bad actors. You know, of course, cha analysis works with several different entities, identifying bad actors. We've seen your company do that very well. So is is this actually about finding bad actors or is it about preserving uh privacy for the larger um set of people who are interacting on blockchains? Uh For me, it's all about privacy preservation. I believe that people, individual users that want to use Blockchain safely should have access to do that in some way. And we need technologies to protect that. Just like how I was suggesting before, like if you go to a restaurant and everybody will then know everything about you. Like, nobody wants to live in that world. And I think as if that is the world, I don't think that Blockchain is gonna achieve the kind of adoption that I would like to see. I would like to see uh Blockchain being in the hands of everybody. And I like to say, I, I particularly wanted, I want to see the day where my dad is using Blockchain. Uh Maybe he knows it or maybe he doesn't, but he'll, it'll be part of his everyday life and we're not there. And I think privacy protection is one of those elements that have to be there and we need to keep finding ways of achieving that level of privacy. And that's what this is. Thank you very much for joining the show this morning and unpacking the paper for us. Absolutely. Thanks for having me. That was analysis chief scientist Jacob. I

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.