This article is more than one year old

How crypto’s zero-knowledge proofs could hit the regulation-privacy ‘sweet spot’

US regulators and politicians are cracking down on crypto, eliciting fears and triggering debate about a looming threat to users’ privacy. Enter zero-knowledge proofs, or ZKPs – a type of cryptographic technique that could soon make regulating the world of decentralised finance a whole lot easier, and less of a privacy concern.

ZKPs are designed to let one party prove to another that something is true, without revealing any information apart from the fact that the statement in question is true. It’s like proving someone is an adult without revealing their exact age. They could prove handy in DeFi, a suite of financial applications built on blockchains like Ethereum, which has long operated outside the purview of financial regulation. It’s difficult, if not impossible, for protocols to comply with existing financial regulations – such as know your customer and anti-money laundering checks – even if they wanted to.

“Since the early days of the crypto industry, there has been some tension between traditional financial regulation, which sees KYC as a critical process for AML compliance, and the protection of financial privacy of users,” Federico Ast, co-founder of the digital identity platform Proof of Humanity, told DL News.

“These two elements seemed impossible to make compatible. But the implementation of new cryptographic technology such as ZKPs in combination with a deeper understanding by regulators on how these work could result in us reaching a sweet spot.”

Tension between DeFi and regulators

Most governments are yet to regulate DeFi, in equal parts due to the fear of stifling innovation and the difficulty of doing so. A recent consultation from HM Treasury laid out plans to regulate centralised crypto companies, but notably refrained from ruling on DeFi due to the “rapidly evolving nature” of the industry.

But the issue of anti-money laundering compliance is pressing. In August last year, the US Treasury’s Office of Foreign Assets Control, sanctioned DeFi privacy protocol Tornado Cash due to its popularity among cyber criminals like North Korea’s Lazarus Group, who reportedly laundered millions through the protocol. Tornado Cash advocates contend the protocol serves an important purpose by helping crypto users maintain privacy.

Deploying zero-knowledge proofs relating to digital identity presents the opportunity for a ‘financial passport.’

Instead of sweeping bans, regulators could use ZKPs to regulate the DeFi wild west while still ensuring financial privacy for users.

Join the community to get our latest stories and updates

Sean Kiernan, CEO of UK-based merchant banking startup Greengage, sees the potential of ZKPs in crypto regulation playing out in real time. “Those in the industry are working towards best practice around compliance,” he told DL News. “For example, deploying zero-knowledge proofs relating to digital identity presents the opportunity for a ‘financial passport’ to comply with AML / KYC requirements and also better facilitate transfers between DeFi, CeFi and traditional financial services firms.”

“Greengage is watching the evolution of ZKPs closely and we are keen to be an early adopter of the likes of ‘financial passports’ once these have been tested,” he said.

But while ZKPs are sound in theory, implementing them at scale and convincing governments to adopt them may prove difficult.

“I don’t think [governments] are ready now,” said Marco Cora, head of business development at Matter Labs, a company working to scale the Ethereum blockchain using zero-knowledge proofs. “But history is full of examples of them taking time but arriving; 20 years ago, thinking of interacting with the government via email was already science fiction, now it’s zkKYC.”

Tornado Cash co-founder Roman Semenov also has reservations about a ZKP-based AML system. He told DL News he doubted that governments would be able to understand the potential of ZKPs and highlighted problems around multiple jurisdictions ruling on internationally accessible DeFi protocols. “It’s more complicated than it sounds,” he said.

Scalability will be dealt with first and ease of use things like account abstraction at scale, and privacy-oriented themes will appear later.

Those actively building with ZKPs also point out the technology itself needs more time to mature.

According to Eli Ben-Sasson, Co-Founder and President of StarkWare, another company developing scaling solutions for Ethereum using ZKPs, companies like his need to prove ZKPs can reach sufficient scale before they can start addressing issues like KYC and AML compliance. “Scalability will be dealt with first and ease of use things like account abstraction at scale, and privacy-oriented themes will appear later,” he said.

Currently, most ZKP-based blockchains, including those developed by Matter Labs and StarkWare, are in early testing phases ahead of a full launch later this year.

Although ZKP-based solutions to KYC and AML compliance are still very early in development, Ben-Sasson is confident of their potential. “This is a problem very close to my heart,” he said. “I have no doubt that at later stages, as this picks up, zero-knowledge will be very important.”

“If it has value, you really, really need to have privacy,” he said. “It’s part of what human dignity demands.”