Privacy please

Gm, everyone. You ever find yourself sipping your Sunday morning coffee and thinking, “wow, this Brazilian dark roast would be even more blissful if I could enjoy it while debating financial privacy with a super smart crypto operator.”

Us too. That’s why we’re bringing you the following interview. Ready? Let’s jump in.

—Vincent

The Costs of Financial Privacy for All

The thing about financial privacy in crypto is that it doesn’t just attract the good guys. It’s the kind of flame that beckons all manner of moth, from average joes to...well, terrorists.

It’s that very reality that drove the U.S. Treasury to sanction code for the first time when the Office of Foreign Assets Control (OFAC) targeted the protocol underlying decentralized crypto mixer Tornado Cash earlier this year. According to the Treasury Department, Tornado Cash—which is designed to obscure fund sources—was a handy tool for hackers including North Korea’s Lazarus Group.

But sanctioning Tornado Cash was a massive decision that did more than just hamper cybercriminals. So…is it possible to protect privacy and prevent illicit activities in decentralized finance at the same time?

To find out, we sat down with Jon Wu, the head of growth for Aztec Networks, which essentially acts as a VPN for users who want to transact on the Ethereum network without leaving a public trail of transactions behind them.

Let’s roll the tape.

The following interview has been edited for clarity.

Coinsider Radar: For people who aren’t familiar, can you tell me a little bit about the goal of a VPN for Ethereum?

Jon Wu: We provide financial privacy for Ethereum users. We’re in a category of businesses called zero knowledge rollups on Ethereum.

What that means is that users’ transactions are encrypted on their machines before leaving their laptops and then they’re sent to an Aztec sequencer, which is not aware of the underlying transactions because they’re all encrypted.

Those transactions are then bundled and submitted on Ethereum for processing essentially. The product has two purposes: the first is privacy and the second is cost savings.

Radar: What has adoption looked like for the Aztec network? How many people want this level of privacy?

JW: We have 150,000 users across two iterations of our protocol. Last year, we started with a payments protocol and then this year we added DeFi functionality.

Previously, it was just creating accounts and sending and receiving transactions. But developers can write a bridge contract that connects our privacy first roll up with any layer one protocol. We've got about 20 of these integrations built so far.

Radar: How would governments or other people use that publicly available Ethereum data to try to track Ethereum addresses and figure out who they belong to?

JW: Ethereum is a fully public blockchain. That means every transaction is available for anyone to view.

There are of course on-chain forensics companies like Chainalysis and TRM Labs that work very closely with centralized exchanges and government entities to ensure the tracking of consumer financial information.

Radar: Can you tell me how zero knowledge proofs might allow privacy to be preserved while also complying with sanctions?

JW: The beauty of zero knowledge proof is being able to prove a secret without revealing it. The goal here is to create compliance tools that allow you to prove legitimacy without having to reveal who you are or what your transaction graph looks like.

One way this could be implemented—which is more theoretical than we’re explicitly going to do—is to create a membership attestation which is privacy preserving.

You would get [a know-your-customer (KYC) check] done which would put you in a membership pool, and then you can furnish a zero knowledge proof that proves you are inside that pool without having to reveal your identity.

You wouldn’t know who I am. You’d just know that I’m carrying a token that affirms that I’ve been KYC’ed.

Radar: Then complying with sanctions would be up to whomever is managing KYC for the membership pool?

JW: Correct. And in a fully permissionless network environment, you can also imagine protocols that do not require the use of furnishing a KYC membership token in order to interact.

In other words, we do not believe privacy should be gated on the network layer. Privacy and KYC should not be mandated on the network layer just like it isn't on Ethereum.

There was an open question as to why OFAC didn't just shut down Ethereum. Like—why did they sanction Tornado but not the entire Ethereum network?

Clearly there is some notion that they are doing some balance of harm calculus. They’re saying that there’s enough legitimate activity on the Ethereum network that we’re only going to sanction a small part of it, this one specific application that we don't believe serves the national security interest in the United States.

Radar: How has the crypto community reacted to this idea?

JW: The crypto community is of two minds. On one hand, 99% of users on- and off-ramp onto crypto using regulated exchanges. So practically speaking, crypto is already compliance gated.

On the other hand, there is an extreme aversion to talking about compliance, talking about KYC, and talking about its implementation despite the fact that it’s already implemented for 99% of users. Unless you earned ETH emissions from being a validator or you do cash for crypto, you’re coming through a KYC portal.

Radar: Do you have any thoughts on where Tornado Cash went wrong in allowing so much illicit activity on its platform? Editor’s note: According to Treasury officials, Tornado Cash reportedly laundered more than $7 billion worth of virtual currency since its 2019 founding.

JW: Rather than saying where Tornado Cash went wrong, I'll just underscore the step that we have taken that we believe to be credibly neutral in order to stop a very massive amount of funds from going through our system.

We have a per deposit limit of $5,000. We have daily deposit caps. We try to restrict the velocity such that we believe only everyday users can use the network rather than terrorist sovereign states.

I can say right now that that's not popular and our users don't like it. We don't like putting limitations on our network either. However, this is what we deemed for the time being to be a practical deterrent for significant illicit use, while also not preventing everyday users from accessing privacy.

And that’s what you need on your radar this weekend in crypto. Want to go down the privacy rabbit hole? Checkout this step-by-step guide to going private from CoinDesk. Let us know what privacy steps you plan to take. See you Tuesday.