This article is more than six months old

Can a Vitalik-backed privacy idea stop cyber criminals? One Tornado Cash dev says he’ll test it out

Can a Vitalik-backed privacy idea stop cyber criminals? One Tornado Cash dev says he’ll test it out
The co-authors of the new paper on Privacy Pools. From left to right: Matthias Nadler, Ameen Soleimani, Vitalik Buterin, Fabian Schär, and Jacob Illum.
  • A new academic paper co-authored by Vitalik Buterin studies Tornado Cash alternative Privacy Pools.
  • Privacy Pools lets users create a cryptographic proof that shows money didn’t come from illicit activity.
  • One Tornado Cash dev says he will "test their implementation in the near future.”

A new academic paper co-authored by Ethereum’s Vitalik Buterin explores a novel way to ensure privacy for blockchain users without the drawback of letting criminals hide their tracks.

The September 6 paper studies Privacy Pools, an open source project attempting to fix the most critical flaw in Tornado Cash: honest users wanting privacy can’t prove their funds didn’t come from an illicit source.

“The importance of this paper is difficult to overstate,” Ameen Soleimani, an Ethereum developer and one of the paper’s five co-authors, said in an X post.

He said it will serve as “the intellectual cornerstone” for future discussions about privacy on public blockchains.

Stay ahead of the game with our weekly newsletters

NOW READ: Asian crime gangs turn to human trafficking to expand ‘pig butchering’ crypto scams

The paper is gaining traction among experts.

“In general, I am positive about this idea and will test their implementation in the near future,” Theo, a pseudonymous Tornado Cash developer, told DL News.

It comes with a big if, though, he said:

Join the community to get our latest stories and updates

”Each user, when withdrawing, will have to prove that he is not related to a huge pool of deposits, which can potentially be fraudulent,” he said, explaining that doing so might be more complex than the paper suggests.

In other words, will these ideas work at scale?

Tornado Cash is a privacy protocol that lets users break the traceability of crypto funds. It’s been hit with sanctions in the US and is facing legal battles on several fronts — US watchdogs say it helped process North Korean cybercrime money.

Privacy Pools tries to solve the issue with Tornado Cash using zero-knowledge proofs — an advanced cryptographic technique that allows blockchains to prove that something is true, without revealing anything about it.

Tornado Cash already uses zero-knowledge proofs to connect deposits and withdrawals.

But Privacy Pools goes one step further, letting honest users create a cryptographic proof that shows the money they put into the protocol didn’t come from wallets associated with stolen funds or illicit activity.

The hope is that if all honest users generate these proofs, bad actors attempting to launder money through the protocol will be the only ones left without them, letting crypto exchanges and law enforcement identify and exclude these users.

Along with Buterin and Soleimani, Chainalysis chief scientist Jacob Illum, DeFi researcher Matthias Nadler and Fabian Schär, professor of blockchain technology at the University of Basel, also contributed to the paper.

Others also say they’re optimistic.

Mariana de la Roche Wills, a board member at the International Association for Trusted Blockchain Applications said Privacy Pools “provides authorities with a valuable means of investigating and verifying specific transactions, aiding in the identification of trustworthy transactions, wallets, and users up to a certain level.”

While Privacy Pools could “generate a second later of trust” to improve risk management, De la Roche Wills said that it’s not inherently compliant with existing regulatory frameworks.

Anti-money laundering provisions, including know-you-customer rules on the transfer of crypto funds, would still need to be addressed separately.

Privacy Pools “should be viewed as a tool to enhance privacy while also supporting the assessment of risk. As I see it, they will need to work in parallel with other solutions,” she said.

NOW READ: Stake co-founder says wallet keys ‘not compromised’ in crypto casino’s $41m hack

De la Roche Wills said she was unsure if Privacy Pool’s cryptography could have changed the course of the Tornado Cash legal case if it was implemented at the time.

“You never know,” she said. “There is a big chance that this could have helped to easily detect the presence of malicious actors.”

Financial privacy as a right

The ability to preserve one’s privacy is a key issue among crypto die-hards, who argue that financial privacy is a fundamental right.

While Tornado Cash can be used to protect privacy on public blockchains like Ethereum, it’s also invaluable to criminals looking to launder stolen funds.

In August 2022, the US Department of the Treasury’s Office of Foreign Assets Control sanctioned Tornado Cash, saying it helped launder more than $7 billion worth of cryptocurrency since its launch in 2019.

Last week, the US Department of Justice charged Tornado Cash founders Roman Storm and Roman Semenov with money laundering and sanctions violations.

NOW READ: Tornado Cash founders agonised over KYC almost a year before sanctions, prosecutors say

Tornado Cash developer Alexey Pertsev, who was arrested shortly after the Treasury sanctions, faces a hearing next week ahead of his trial in the Netherlands.

Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out to him with tips at tim@dlnews.com.

Disclosure: Tim holds over $1,000 worth of Ether, Swell staked Ether, Redacted Cartel, and GMX. He also holds an insignificant amount in NFTs.