Vitalik's Privacy Pools vs Galactica Network Compliant Privacy Design

Nov 21, 2023

Introduction

In September 2023 Vitalik Buterin and his colleagues published a paper titled 'Blockchain Privacy and Regulatory Compliance: Towards a Practical Equilibrium [1].' The paper presents Privacy Pools as a way to balance user privacy with the need for regulatory compliance when transacting via the blockchain. These pools would combine compliance proofs with other legitimate transactions, while guaranteeing that participating protocols actively meet regulatory requirements.

Quoting from the article's abstract: 'The core idea of the proposal is to allow users to publish a zero-knowledge proof, demonstrating that their funds (do not) originate from known (un-)lawful sources, without publicly revealing their entire transaction graph. This is achieved by proving membership in custom association sets that satisfy certain properties, required by regulation or social consensus. The proposal may be a first step towards a future where people could prove regulatory compliance without having to reveal their entire transaction history.' [1]

From the angle of privacy preserving regulatory compliance, this has been the vision behind Galactica Network's design since the start.

This article is an attempt to illustrate both the parallels and contrasts between Galactica.com's approach and the ideas encapsulated in Buterin's paper. We will primarily focus on the realm ofcompliant privacy, and explore how both sides envision the future of private yet compliant transactions in the blockchain space. Note that we have released a number of articles pertinent to this matter such as the 'Regulatory Trinity', 'At the Intersection of Compliant Privacy' and the 'Galactica zkKYC Framework [2][3][4].'

Approach to Compliant Privacy

Compliant privacy may be the defining challenge of the current Web3 landscape. Privacy is essential for the existence of permissionless blockchains, as all transactions are, by default, public. Without pseudonymity integrated into their design, it's hard to imagine their widespread adoption.

Meanwhile, compliance is the necessity to adhere to established regulatory frameworks, ensuring that transactions meet legal and ethical standards. One cannot have compliance without some sort of Know-Your-Customer procedures in place; to some extent in fintech these terms are synonymous.

On one hand, it is the inherent right of individuals to keep their transactions and data concealed from unwanted eyes, preserving their anonymity and safeguarding sensitive information. On the other, failure to comply with regulations leads to legal intervention. This brings us to the fundamental contradiction that has defined the schism between regulators and blockchain advocates: how can a system built on privacy also ensure compliance?

Any attempt to merge these two ideals is confronted with the challenge of providing users with the privacy they deserve while ensuring that malicious actors can't exploit the same tools to engage in illicit activities. Therefore, a delicate balance must be struck to satisfy both regulatory and user demands [3][5].

Albeit the vision of global libertarianism with emphasis on individual freedoms and private enterprises is convincing to many cypherpunk enthusiasts, the history of the Web3 industry has demonstrated that many principles shaping TradFi (traditional finance) regulations can and should be integrated into the Web3 DeFi (decentralized finance) stack for at least two reasons:

1. The mass adoption of the Web3 stack would have progressed much further were it not for the notoriety that the crypto space has acquired as a result of the lack of retail investor protection.

2. The symbiosis of TradFi and DeFi can produce a system that is vastly superior to either of these concepts alone, all while offering a sound alternative to CBDCs.

If we hope to ever fully integrate decentralized technologies into our daily lives, it is essential that we as an industry design and build solutions for this issue. While both Galactica Network and Buterin's Privacy Pools aim for similar outcomes, the methodologies and paths proposed to achieve these objectives differ.

Buterin et al.

Buterin's Privacy Pools would influence the direct link between the sender and receiver of funds, a feature pivotal for ensuring transactional privacy. The cryptographic technique proposed for the Privacy Pools functions by pooling all deposits together, with each token evaluated binarily on whether it islow-riskorhigh-risk(i.e., whether the funds come from a good source or one with a record of illicit activities [6]). When users aim to withdraw, they must provide a ZK proof that demonstrates the withdrawn funds originate from unspent deposits in their custody. This proof can be established without revealing any specific details about the connection between individual deposits and withdrawals. Technically, the association of coins used in privacy pools are at the coin level, tracked by its coin ID, and not at the user level. Coins owned by a user that are unrelated to certain malicious transactions remain untainted [1].

The innovation in Buterin's paper is the introduction of a second ZK proof for compliance. This proof allows users to demonstrate that their withdrawal stems from a compliant subset of deposits. In essence, as long as the pool is sufficiently large, a user's withdrawal is as compliant as the chosen set of deposits. This allows the user to maintain their privacywithinthe pool [1].

This approach is anchored in the world of smart contracts, wielding the power of ZK-SNARKs - a technique Galactica Network also implements. Drawing inspiration from existing solutions, Privacy Pools would integrate components of the Tornado Cash-like mixer model, using UTXOs to enhance its functionality [7].

Likewise, Buterin's model requires a certain amount of trust to be placed upon pool providers. These entities play a decisive role, categorizing and labeling pools based on varied compliance criteria. This dependency on third-party providers, while functional, adds another potential point of failure - a risk any breed of centralization brings with it.

The scope of Buterin's model is, in its current form, somewhat narrow. It primarily focuses ontransfers, sidelining broader interactions like voting or social engagements. This specificity, while serving its purpose, may not cater to the diverse needs of a rapidly evolving decentralized world. Hence, the authors have expressed the need for further research into the robustness of this proposal across areas of privacy, user experience, and legal compliance.

Galactica Network

Galactica Network employs the CosmosSDK, Ethereum Virtual Machine (EVM) smart contracts, and ZK-SNARKs specifically for private compliance proofs, with the use of ZK-SNARKs for private compliance proofs being a shared feature with Buterin's model [4].

To be precise, any solution delivering upon the promise of compliance in decentralized permissionless systems must at some level introduce centralization and reliance on third parties. Any comparative analysis between such solutions, thus, must be nuanced. The critical design considerations are:

a. Who is entitled to fine tune the risk profile - is it up to the user, dApp or is it forced by one of the parties on to the other?
b. What is the process over which privacy is eroded when it needs to be: is it ultimately up to the user to disclose or can the disclosure be forced upon him or her?
c. What is the scope of forced disclosure? Is it account based, transaction based or some other method?
We shall revisit this comparative framework in later works.

A key differentiator is Galactica's utilization of off-chain trust for onboardingarbitrarytypes of real-world data: not only zkKYC, but also zkCertificates on things like education diplomas, proof of attendance, memberships, etc. Privacy pools, on the other hand, are limited to the compliance of mixer deposits. Real-world trust in this case would be placed on, for example, a CEX labeling transfers of KYC'ed users into the mixer as compliant. In the case of Galactica, it'd be the Guardians or notaries. Instead of relying on external pool providers, Galactica leans on Guardians who review real world documents before issuing a zkCertificate on-chain. This process ensures a verifiable on-chain record, even as the KYC process remains confidential to protect user privacy – i.e. KYC documentation is kept off-chain (Fig. 1).

Importantly, it is up to the DApp to decide which Guardians they trust and it is up to the user to choose whether to use that DApp or not (thereby passing KYC or not).

_{Fig. 1: KYC record creation, verification, and DApp interaction [}₈_]

Additionally, the timing for compliance proof submission in Galactica is adaptive, depending on the specific use case of a given DApp. This contrasts with Privacy Pools, where compliance proofs are primarily needed at the point of withdrawal. One of Galactica's notable features is the possibility for retroactive fraud investigations. The decision rule to 'reveal' a user's solitary transaction in question – and not their entire history – is designed by the particular DApp and is, of course, public making it ultimately up to the user to decide one's own desired privacy profile.

While some DApps may choose a more elaborate and democratic fraud investigation scheme that necessitates multiple signatures (ex. given anm/nthreshold wheremis the number of required signatures andnis the total possible number), others may opt in for unilateral decision rules (i.e. 1/1 signatures required). In such a scheme, the DApp effectively would gain access to a KYC provider in possession of personal identifiable information (PII) of a user who has made a given transaction. On the privacy level, a DApp with 1/1 decision rule is analogous to a regulated centralized finance institution that records its users' PII data and reports them to regulatory bodies when obliged. More information can be found in the Galactica's zkKYC Design paper [4].

_{Fig. 2: The third sub-process of the fraud investigation process, structured by the request, decryption, and the subsequent reveal [}₉_{]. This particular setup mandates a ⅔ scheme.}

Thus, this provokes the core thesis underlying Galactica's vision on the matter of compliant privacy, which is that the discussion of privacy vs. compliance in the Web3 space can be articulated as a simple economic trade-off: slippage is the cost of privacy. Let us explain. A DApp that is less focused on prioritizing privacy also can contend to have less slippage. Inversely related, slippage decreases with increased liquidity as a market with high liquidity has sufficient volume to match orders without significantly impacting the asset's price. Higher liquidity often will attract institutional capital (i.e. large volumes of trade), which are usually subject to higher regulatory compliance requirements imposed by governments or regulatory bodies. Stricter regulations equate to greater transparency which generally comes at the expense of privacy. A lower privacy guarantee stipulates a lowernvalue in the aforementionedm/nthreshold. Summarily, institutional capital favors high liquidity DApps that prioritize complying with regulatory standards over privacy. Thus, slippage is the cost of privacy.

In essence, Privacy Pools is a commendable step towards a more private and compliant blockchain world, but as per Buterin, it is prudent to note that the concept requires further research into application and iteration given that the proposed computational theories are subject to change as the feasibility of the technical implementation remains to be seen.

It is worth considering that Privacy Pools exhibit a distinct characteristic that can be described as a 'melting pot' of transactions; the previous history of those transactions are noted but only to the extent of determining whether they are accepted either into the pool with whitelisted or malicious users.

The idea ofcontingent transactionsproves valuable within the context of creating user approval criteria based on their transaction history [10].

Insofar as the RRC allows users to autonomously create proofs of an identity, contingent transactions thereby enable a dynamic yet permissionless whitelisting of participants that DApps can modify on the app layer according to jurisdictional compliance regulations.

In terms of standardization, both Privacy Pools and Galactica Network offer significant advantages for compliant privacy in the ecosystem. Privacy Pools offer a protocol for compliant and private funds transfers between accounts. Such a protocol requires sufficient adoption. On the one hand, regulators and the projects (following the regulation) need to accept the form of compliant proofs. On the other hand, a sufficient number of providers have to label compliant deposit sets so that user's deposits can be covered by those sets. The adoption for both requires a comprehensive solution andstandardization. Galactica Network offers thestandardizationof onboarding off-chain data, such as KYC data in a private manner, and proving of compliance statements about that data.

The proposed Privacy Pools design and Galactica Network are compared across various dimensions in a table format, at the end of this article.

Zooko Wilcox-O'Hearn's Take

Recent discussions of this topic have brought to light the multifaceted challenges and potentials inherent in the proposed solutions. Zcash founder and privacy advocate Zooko Wilcox-O'Hearn took a critical perspective of Buterin's paper, contending that Privacy Pools might inadvertently foster a 'Guilty Until Proven Innocent' principle. In a podcast episode with Buterin, Wilcox-O'Hearn raises concerns over the implications that cryptocurrency users inherently accept the principle of proof of innocence [12]. The political undertone is particularly of note, as the insinuation is that the burden of proof would fall on the user, a decidedly inciting sentiment when perceptions of illicit activity already exist around crypto use.

Galactica Network's take on this is nuanced; depositing funds into a mixer should not necessarily imply guilt. In fact, every transaction should have the option to be mixed for privacy purposes. However, while prioritizing privacy, it's crucial that compliance proofs be automatically

_{Some definitions:}
_{1. "contingent transactions" = "dynamic whitelisting" meaning that smart contracts and accounts receiving assets can define criteria others have to satisfy to be able to interact with them. Example: Only allowing interactions with KYCed people from Dubai.}
_{2. The source data considered in contingent transactions can be a ZKP of some statement (see example above) or a reputation score according to some reputation function.}
_{3. A reputation function has a user's transaction history (= "web3 footprint") as input. Example: Only users who voted 5 times can create new proposals.}
_{4. Though contingent transactions, dApps and users can define and check their own compliance criteria by setting what reputation score or ZKP disclosure a user needs.}
_{Please, refer to developer documentation available on}_Galactica_{website for details.}

generated and available at any point for regulatory scrutiny. This would effectively transfer the investigative burden onto the authorities interested in Anti-Money Laundering (AML) compliance. This contrasts the current СeFi compliance model, wherein the system does not require the custodians to specify how a user's innocence can be proven, a rather arduous process that could be supplanted by a more autonomously compliant paradigm. Of course, less than perfectly honest players tend to abuse these practices rendering it practically impossible for users to prove their 'innocence.' An inquiring reader is encouraged to scan through hundreds of such cases across popular social media websites.

The government aims to attain greater control, even going as far as to 'banning the use of privacy-enhancing cryptocurrencies [such as Monero and Zcash] whilst accepting other cryptocurrencies as legitimate by comparison [13].' It is inevitable that privacy systems get accepted by various kinds of actors, so if developers can't regulate which users use them, the next best solution is to create a system that does.

In fact, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) does not have unilateral authority to ban entire privacy protocols based on whether foreign enemies also use them as its focus pertains to regulating entities or activities within the ecosystem [14][15]. This legal boundary parallels the precedent that it is technologically far more practical to regulate apps than to force protocols to comply with every local regulation that may vary [16].

The same way that DNS (a database containing IP addresses) and TLS/SSL (communications security protocol) are conventions that underpin the internet, consensus and peer-to-peer networking protocols facilitate the computational and communication elements of a decentralized network. Such protocols are designed to be global, open and interoperable to allow for innovation and widespread adoption. These characteristics intrinsically render them difficult to regulate by jurisdiction as it could result in systematic and unintended consequences. Conversely, apps are software applications that are more easily adaptable and customizable to comply with local regulations as they are created by discrete entities. On the responsibilities of the government, inadequate regulation may enable risks and abuses, while overregulation can stifle innovation.

Part of the EVM is the smart contract pipeline that is crucial to the permissionless attribute inherent to a blockchain, and as Paul Brigner, who serves as the Head of Policy and Strategic Advocacy at Electric Coin Co. (one of two companies that developed Zcash), had alluded to that the government has hinted at creating a backdoor for smart contracts [12][17][18]. The dilemma that can be summarized as privacy vs. freedom can also be viewed as privacy vs. consent. Smart contract backdoors exist in ERC token contracts as functions that can invoke other accounts without permission. If exploited, users' privacy and funds are at risk [19].

The feedback loop from industry stalwarts helps to position Galactica Network uniquely in the landscape of compliant privacy. While we align with the broader goal of ensuring privacy and compliance, our approach is decidedly more expansive, flexible, and user-centric. Our platform aims to be use-case agnostic, allowing DApps and users to program any compliance/privacy setup they desire without the risks that come from singular points of failure.

Final Thoughts

Rather than prioritizing singular aspects like identity verification or advanced privacy-preserving techniques, Galactica Network seeks to comprehensively integrate many of these elements together at a protocol level using it as a vehicle for standardization.

Privacy Pools and Galactica Network are both powerful protocols when it comes to compliant privacy and they can be combined, setting user privacy on a new frontier.Galactica Network allows users and projects to work with personal, social, and financial data on-chain in a private way. With zero-knowledge proofs, activities can be limited to 'compliant' users. The drawback is that each action of a blockchain account, including zero-knowledge disclosures is public and leading to a risk of users getting tracked. This can be avoided by splitting a user's activity over multiple accounts, and Privacy Pools offers a perfect solution for compliant transfers of funds between user's accounts without being tracked. This is possible by deploying a Privacy Pool on Galactica Network. Multi-account usage of zkCertificates is already part of Galactica Network's protocol. Keep in mind that as of November, 21, 2023, we do have an RFP on the website for designing a similar system for private transfers, which can be found by following this link.

The innovations and discussions surrounding compliant privacy signal a maturing industry, one that is keenly aware of its responsibilities and potential within the regulatory landscape. It is these conversations and innovations that will pave the way as we work to collectively build the future of finance, social governance, and the global digital commons. While the paths taken might differ, the goal remains consistent: a decentralized future that is built upon censorship-resistant privacy-preserving technology that is sufficiently mature for the 'mass adoption' by commons. Closing the gap in User experience between web3 and it's predecessor is one important challenge to resolve. The other one that deserves as much if not more attention is that of compliance - making the system safe to use. This is what regulations are for.

In this journey, Galactica Network remains committed to its vision of an inclusive, transparent, and compliant Web3 ecosystem.

Privacy Pools & Galactica Network Comparative Overview

References:

Share Galactica’s Substack