In order to reconcile anonymity and regulatory compliance, a developer has proposed an update to Tornado Cash embodied by the Privacy Pools blender. How does this service work
A solution to make Tornado Cash compliant with regulation
The pretext that led regulators to attack Tornado Cash last summer was the fact that the blender was being used to launder money from stolen funds. We are thinking in particular of the various hacks of decentralised finance protocols (DeFi) by the Lazarus group, leading the Office of Foreign Assets Control (OFAC), to place the addresses of Tornado Cash’s smart contracts on its blacklist.
On the other hand, Alexey Pertsev, one of the developers of the blender, was arrested in the Netherlands on charges of facilitating money laundering through the tool he created, and will remain in prison until at least the end of April.
However, while it is a fact that such services are sometimes used for illegal purposes, this is not a general rule. The notion of privacy is also an important motivating factor, and Vitalik Buterin himself does not hide the fact that he has used it, in particular to anonymise certain funds sent to Ukraine.
It is therefore to make Tornado Cash “compatible with regulation” that the developer Ameen Soleimani presented an update allowing, in a way, to separate own funds from those coming from illegal activities. This version 2.0 of the protocol has been launched on Optimism’s Goerly testnet, under the name Privacy Pools:
1/ We fixed @tornadocash
v0 of https://t.co/Nt4b2Tgx1D is live on @optimismFND
test out the demo, but please note:
– this is experimental code
– it has not been audited
– the trusted setup is untrustedread the full story anon https://t.co/9nAU3RrgpN
– ameen.eth (@ameensol) March 4, 2023
How Privacy Pools work
For the basic functioning of Privacy Pools, we find the same mechanics as on Tornado Cash: the deposited funds are pooled in a liquidity pool, and thanks to a kind of ticket, it is possible to retrieve one’s deposit from a blank address.
As far as the upgrade is concerned, it is a matter of adding the possibility of withdrawing mixed funds from a subset of deposits considered as good.
Let’s take a very simple example: A, B, C, D and E each deposit 10 ETH, the pool will then be composed of 50 ETH, but E’s ETH come from a hack. If A wants to withdraw these 10 ETH, he will be able to do so from the subset of deposits comprising his funds and those of B, C and D, but not those of E.
In the end, only funds considered bad will remain in the pool, because conversely, E will not be able to withdraw his funds from the subset of deposits of A, B, C and D.
Here, zero-knowledge proof (ZKP) comes into play. This means that it is possible to prove that the commingled funds are legitimate, without having to reveal the source of the funds.
For the moment, the application is still in the testing phase and its code has not been audited, but Privacy Pools could be the solution to reconcile compliance and anonymity.
