Cloaked Transactions: Unraveling the Compliance Quandaries of Privacy Preserving Technologies

Introduction 

Most people think of anonymity as a binary: either a person is identifiable and known, or they are unidentifiable and unknown. While this dichotomy may hold true in other fields, cryptocurrency features a unique gray area: pseudonymity. 

Let’s take a step back and examine two of the most popular coins by market capitalization, Bitcoin and Ethereum. These cryptocurrencies maintain the pseudonymity of their users because user identities are entirely anonymous unless they go through an exchange or other service that requires a know-your-customer (KYC) process, but individuals are associated with their cryptographic addresses. Therefore, any activity linked with their Bitcoin or Ethereum addresses, including both inflows and outflows, is affiliated with the unknown person. Individuals who find themselves in these circumstances are simultaneously known and unknown. They are pseudonymous. 

Pseudonymity is a double-edged sword. There are many legitimate use cases for which pseudonymity is beneficial, such as unbanked individuals who do not have the formal documentation to open a bank account or citizens in countries where the currency is experiencing rapid inflation. In both these examples, cryptocurrencies present a way to securely obtain and transfer value without compromising individuals’ identities and safety. 

Unfortunately, criminals are also leveraging inherent pseudonymity to their advantage. Hacking organizations and other criminal groups are running all sorts of scams and schemes where the conduit is cryptocurrency. 98% of ransomware attacks demand that the ransom is paid in Bitcoin, for example. It is much harder, after all, for authorities to track the flow of funds across pseudonymous wallets than bank accounts linked to real people. Criminal groups are playing to the privacy strengths of cryptocurrency by utilizing a constellation of privacy-preserving technologies (PPTs) that further obscure the trail, and in turn, themselves.

Examples of PPTs include the following: 

• CoinJoin - A play on the term conjoin, CoinJoin is a process that offers a similar benefit: by combining Bitcoin transactions from multiple users, it becomes harder to track both the sender as well as the recipient of the cryptocurrency. 
• CoinSwap - The CoinSwap protocol creates the illusion of independent transactions when in actuality coins are swapped between users, obscuring any transaction trail. 
• Zero-Knowledge Proofs (ZKPs) - Also known as a zk protocol, this method enables a prover to show the verifier that they have certain information, all without revealing the information or their identity. Zk protocols can enable secure and private transactions.
• Ring signature - With this cryptographic protocol there are a group of users each holding a key capable of making the signature, rendering it difficult to determine who the actual signer is. 
• Mimblewimble protocol - This blockchain protocol merges multiple transactions into a single block and other best practices derived from other privacy-focused protocols to enhance privacy, confidentiality, and scalability. 
  
  

The Mechanics of PPTs

CoinJoin and CoinSwap 
In both CoinJoin and CoinSwap protocols, cryptocurrency inputs and outputs are mixed to enhance anonymity, though they achieve this goal in different ways. For CoinJoin, multiple users participate in a smart contract that combines their Bitcoin transactions into a single transaction, making it difficult to trace which input corresponds to which output, even though each user is left with the same number of coins. This method is also known as coin mixing. 

Given that some exchanges refuse to accept transactions from wallets with recent coin mixing, some users elect to engage in a CoinSwap. In a CoinSwap there are independent payments, even though users swapped coins with one another through the use of two or more transactions. Because these transactions may look like genuine payments, it is harder to identify them on-chain, both for exchanges as well as authorities. This further obfuscates the flow of funds. 

For both protocols, third-party facilitators play an essential role by coordinating the mixing of inputs and outputs. Typically, these facilitators run servers or platforms that bring together users who wish to mix their transactions, such as WabiSabi. By facilitating the mixing process, these third-party facilitators ensure that the sender and recipient cannot be easily determined. 

Stealth Addresses and ZKPs

When internet users want to sign-up for a product trial, they sometimes turn to a temporary email provider, which will generate an address they need to verify a free account. Stealth addresses work on a similar principle by enabling users to generate a one-time address for each transaction. 
The use case for stealth addresses is simple: when a sender wants to send funds to a recipient but does not want their two accounts associated with one another, they will first generate a stealth address that is linked to the recipient’s actual address. The sender then sends the funds to the stealth address, making it more difficult to link them with the recipient’s main address. That way, the transaction is linked neither to the pseudonymity of the sender, nor the recipient. 

Vitalkin Buterin, the inventor of Ethereum, described how this process works on his blockchain in a 2023 post. The target recipient generates the stealth address, which encodes how to pay them, and then sends it to the payor, either directly or via the Ethereum Name Service. After performing a computation, the payor transfers the asset to the recipient, who can spend the value, all without others knowing it was sent to them. 

Stealth addresses are often paired with zero-knowledge proofs. With this cryptographic protocol, a prover can demonstrate knowledge of the private key associated with a stealth address to a verifier, all without revealing the actual key itself. 

Ring Signatures and Mimblewimble 

In some states, when a person is set to be executed, there are multiple kill switches in the adjacent room. Only one is real. The rest are fake. The ambiguity helps absolve those pressing the switches of guilt, since no one can identify the actual executioner. 

The premise of the ring signature is similar. A ring is a group of people who all have keys capable of signing a particular transaction. Because they all have keys, one would know that someone from the group signed a transaction, but not precisely which specific member. Each has plausible deniability, given that their signatures are mixed with other possible signers. The true signer remains anonymous among the group.

The downside to ring signatures is that it adds substantial information to each transaction, increasing block size, as is the case of Monero which will be covered in the next section. 

A more scalable but privacy-preserving solution is the Mimblewimble protocol, named after a spell in Harry Potter that keeps those in its effect unable to reveal information about a particular topic. From this vantage, the Mimblewimble protocol is aptly named – it keeps the information that is usually public on other blockchains, such as sender address, recipient address, and transaction value, entirely confidential. 

Mimblewimble accomplishes this through Elliptic Curve Cryptography (EEC) and combining other privacy-focused protocols, including CoinJoin as well as Confidential Transactions, Dandelion, and Cut-Through. In addition to confidentiality, Mimblewimble is also more fungible – since cryptocurrency cannot be associated with crime, which lessens its value – and more scalable since it merges multiple transactions into a single block. 

Privacy Coins: Leveraging Multiple PPTs

Many privacy coins use these technologies individually or in combination with one another, as the below examples demonstrate. 

• Monero uses both ring signatures as well as stealth addresses. The use of ring signatures on Monero makes it impossible to determine which key was used to sign a transaction. By randomly adding multiple signatures from past transactions to each transaction it becomes challenging to trace the transaction back to a specific address. To prevent double-spending, Monero generates unique key images for each transaction, which cannot be reverse-engineered.
• Privacy coins also utilize zero-knowledge technology, such as Zcash's zk-SNARKs. The protocol allows for transaction validation without disclosing the transaction details, such as the sender address, transferred value, and recipient address, onto a public blockchain record. 
• Privacy coin Dash uses mixing protocols, like CoinJoin, to obfuscate transactions by combining multiple payments from different senders into a single blockchain transaction. This way, each transaction will show inputs and outputs that are seemingly unconnected to one another, making it more difficult to know the sender or recipient for each payment.

By employing these technologies and protocols, privacy coins enhance the anonymity of transactions and make it challenging to trace the flow of funds and identify transaction participants.

Illicit Activities and Privacy Coins

While privacy coins offer benefits in terms of enhancing privacy and security, there are concerns regarding their frequent misuse for illicit activities. 

The privacy protocols and technologies that power privacy coins can make it challenging for authorities to trace and investigate illicit transactions. This can be exploited by criminals in a wide variety of illegal activities, including everything from tax evasion and terrorism to money laundering and malware. For example, North Korea is funding many of its activities through the hacker group, Lazarus, which was implicated in the theft of $600 million from Ronin. All dark web marketplaces that trace their lineage to the Silk Road also transact with cryptocurrency. While cybercrime groups, such as ransomware operators, previously operated with prepaid cards, their value exchange of choice is now cryptocurrency, and in particular, Bitcoin. 

Because the flow of funds is obscured, authorities may find it more difficult to track and seize illicitly obtained assets. This can hinder efforts to combat financial crimes and disrupt illicit networks, since - like legitimate organizations - they rely on cash flow to sustain and grow their operations. 

Privacy coins can also pose challenges for regulatory compliance and anti-money laundering efforts. Although financial institutions and cryptocurrency exchanges have obligations to implement know-your-customer (KYC) and AML measures to prevent illicit activities, privacy coins complicate the identification of transaction participants, interfering with compliance efforts. 

Despite these technological challenges, the link between privacy coins and illicit activities has led to increased regulatory scrutiny. Some governments have expressed concerns and have already implemented regulations - or are in the process of doing so - that put restrictions on privacy coins and anonymity-enhancing technologies. For example, the US Treasury Department banned all American customers from using the crypto-mixing service Tornado Cash in 2022. 

Increased regulatory oversight must go hand-in-hand with blockchain analytics, which scrapes publicly-available transactional data to tie crypto wallets back to illicit or criminal behavior. While the use of privacy coins and anonymity-enhancing technologies may make this task a tall order, all hope is not lost. Leveraging increasingly powerful artificial intelligence, these solutions can assign transactions a risk score, similar to lenders considering potential borrowers. 

When a crypto business or financial institution collaborates with a blockchain analytics provider, it can screen transactions and assess the risk associated with a particular crypto wallet. If the score passes a certain threshold, the analytics provider can share the analysis with law enforcement authorities, who may further investigate by matching the anonymous wallet with an individual's identity through a Suspicious Activity Report (SAR). This process creates an end-to-end trail of all transactions associated with the specific cryptocurrency.

Enhancing Anonymity Through PPTs 

PPTs have proven successful so far for three main reasons.

• Pseudonymity and unlinkability - As noted in the introduction, the accounts of most major cryptocurrencies are pseudonymous. While the exact person behind each account is unknown, their wallet becomes a representation for who they are. On the public blockchain, we can track where they send money, where they get money from, and how much cryptocurrency they have. 
  Unfortunately, the advent of these privacy-enhancing technologies is shifting the poles once again, swinging it from pseudonymity back toward anonymity. With the use of coin mixing, stealth addresses, ring signatures, and other techniques, accounts, and activity have been disintermediated from one another. When authorities cannot link the two together, criminals have free reign in committing crimes. There is less fear, for example, that their illicit activity will be traced to their wallet, prompting authorities and exchanges to collaborate in seizing or freezing it. 
• Breaking the link between sender and receiver - Before the emergence of privacy-enhancing technologies, blockchains were not only a record of transactions, but of relationships. If account A sent money to account B, there is a relationship involved. If we know both of these accounts belong to criminals, it is possible to infer the nature of the relationship. If we know that account A belongs to a ransomware operator, and they routinely send 30% of their inflows to account B, we can infer that the latter may be a ransomware-as-a-service provider who requires a certain cut for successful ransoms.
  
  With PPTs such as the CoinSwap protocol, the link between sender and receiver is no longer clear. On an individual level, the lack of a link makes it difficult to determine whether two criminals are in cahoots with one another. In the larger picture, authorities can no longer trace the flow of funds across individual links between one account and another to identify - in a one-by-one, patchwork fashion - a network of criminals, affiliates, and partners. It’s not just the criminal who is anonymous: Now their entire operations are. 
• Prevention against blockchain analysis - Blockchain analysis is predicated on the principle that what the public ledger shows is actually true: account A sent coins to account B, who holds amount C in their wallet. The introduction of privacy-enhancing tools throws a wrench into this equation. When coins are mixed together, one-time addresses are used, and signers become unidentifiable, blockchain analysis becomes much more difficult.  
  The operative word there is difficult. Forensics has always evolved to combat clever subterfuge, such as the use of small businesses to launder money. Blockchain analysis will no doubt evolve in much the same way: beyond just analyzing the digital ledger at the surface level, it will use cutting-edge technologies like artificial intelligence to identify accounts and transactions that have a high probability of being associated with criminals, due to heavy use of privacy-enhancing solutions. For now, however, the trial of digital breadcrumbs is hard for authorities to follow. 

Balancing Privacy and Regulatory Compliance

Balancing the inherent privacy of cryptocurrency and the clear need for regulatory compliance is a contentious topic, one that traces its roots to the very beginning of the technology. The battle has recently come to a head in the United Kingdom, where authorities are putting pressure on coin mixers to comply with AML policies. 

Their main fear is related to the sociopolitical climate of the day: authorities believe that Russian oligarchs can use coin mixing to hide and launder money, thus evading the sanctions imposed on them in the wake of the Russia-Ukraine war. Other criminal groups, terrorist organizations, and bad actors can likewise do the same.

One would assume that solutions founded on the principles of privacy would refuse such pressure, but most of these industry players have complied. The operator of the Wasabi Wallet stated that they would blacklist high-risk transactions that could get them in legal trouble. In the United States, BlockFi agreed to strengthen its registration policies, refuse coins associated with criminals, and pay $100 million for failing to do both previously. 

Such regulatory compliance points to the fact that such players may be protective of privacy, inasmuch as it is used for legitimate purposes. Prosecuted citizens, underbanked consumers, and other groups can freely use their services. Bad actors, however, will be shunned because they invite regulatory scrutiny that may turn authorities against their services in their entirety. From this perspective, compliance is tantamount to survival: by adhering to AML, CTF, and KYC laws, these businesses will live to see another day.