Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Cryptocurrency
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

How we can have our privacy cake and eat it too

(First published September 2022)

 

Last month, the US government added a list of cryptocurrency addresses to its sanctions list — meaning that it’s illegal to send and receive funds to these addresses.

This has created somewhat of a storm (some could even say a tornado) in the crypto sphere, and for good reason.

In this article I’m going to look at:

  • Why the sanctions were put in place
  • Why you should care about this
  • What an alternative solution could look like

What’s the TL:DR on the sanctions?

The sanctioned addresses were related to a mixing service called Tornado Cash, which OFAC deemed was being used by North Korean hackers to launder cryptocurrency that had been stolen in hacks.

Tornado cash uses smart contracts to allow cryptocurrency holders to jumble up their crypto assets with other user’s crypto making it difficult to see where the funds came from originally. It’s like a group of people all putting money from their wallets into an envelope and then taking out the same dollar value they put in, but ending up with notes that have different serial numbers, so that it’s no longer possible to tie the origins of a specific bank note to a specific person.

To learn more about mixing services, this is a really simple explanation of how and why they work.

Why should we care?

Mixing services fill an important function in cryptocurrency, through obfuscating the source of funds. While at first glance “obfuscating source of funds” might sound like a bad thing, it’s not only dodgy people and bad actors that value privacy — we all should.

Most people don’t realise but blockchains are highly transparent. Every transaction on the blockchain is visible to everyone, forever. As soon as someone can link you to an individual transaction, then they can see your full financial history.

Imagine if filling up your car at the petrol station meant the attendant could see all the details of what comes in and out of your bank account. Or if your employer could see exactly where you spent your money. Even those of us who have nothing to hide would likely be uncomfortable with that level of disclosure.

In addition to privacy concerns, the OFAC designation raises broader issues around impacts on free speech, as this move was the first time that software has been sanctioned (as opposed to an individual, country or entity). There is legal precedent of code being designated as speech, so sanctioning code raises some interesting legal and ethical questions.

Is there another way?

The key tension here is between individual privacy (a good thing) and public safety (also a good thing).

But we don’t have to choose between these two outcomes, the magic of blockchain can enable us to have both.

Currently mixing services like Tornado Cash are completely agnostic as to where funds come from. However it would be entirely possible to have a mixing service that would treat funds differently if they were received from illegal sources. For example the smart contract running a mixing service could be set up to not process or mix funds received from sanctioned addresses. Or, the code could enable data to be sent with the mixed funds confirming originating assets were or weren’t from sanctioned addresses.

A further development on this would be to provide a hashed proof of originating address, this would enable users of mixing services to prove the legitimacy of their funds, even if further sanctions are put in place after the mixing was undertaken.

Cryptographic hashes provide a one-way proof, e.g. input A will always generate output B, but with knowledge of B, you cannot reverse engineer the equation to find out what A was.

This type of equation (which is core to how blockchains work) would enable a user of a mixing service to prove that funds did not come from sanctioned or otherwise illegal sources, while still maintaining full privacy of their financial history.

For example:
Address A (sanctioned address) results in Hash B

Address X (non sanctioned address) results in Hash Y

A user of a mixing service who received mixed funds, along with Hash Y, can prove that they did not engage with address A, but will never have to disclose the originating address of their funds, address X.

Where next?

Humans are masters of innovation and blockchain is an incredible tool for enabling creative problem solving. There’s no doubt that the twin outcomes of privacy and compliance can both be met, but we need to actively make that happen. It’s on all of us to realise the importance of privacy and push for this to be architected into digital financial systems, to ensure we live in a balanced and fair future.

 

1358

Channels

Cryptocurrency
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion
Janine Grainger

Janine Grainger

CEO

Easy Crypto

Member since

03 May 2023

Location

Auckland

Blog posts

27

More from Janine

Community
See all blogs »
Cryptocurrency Insights 

Streamlining Operations & Driving Growth: How Payments Companies can aid Crypto Platforms

Jamel Derdour

Jamel Derdour

Cryptocurrency Insights 

A Guide to FCA Cryptoasset AML/CTF Applications for Crypto Firms: PART IV

Rodrigo Zepeda

Rodrigo Zepeda

Cryptocurrency Insights 

A Guide to FCA Cryptoasset AML/CTF Applications for Crypto Firms: PART III

Rodrigo Zepeda

Rodrigo Zepeda

Cryptocurrency Insights 

A Guide to FCA Cryptoasset AML/CTF Applications for Crypto Firms: PART II

Rodrigo Zepeda

Rodrigo Zepeda

Now hiring

See more