In his talk (slides, video), Eran Tromer (Boston University and Sealance Corp.) talks about how as blockchain and cryptocurrency adoption grows, there is an inherent tension between financial regulations requiring visibility into transactions for compliance purposes, and the privacy protections that users demand. Traditional approaches have struggled to strike the right balance in this emerging decentralized landscape.

The Challenges of Regulating Decentralized Finance

Financial regulations exist to combat issues like terrorism financing, money laundering, securities violations, and tax evasion. Regulatory bodies rely on collecting information, surveillance, reporting, and visibility into transactions.

However, there are also important reasons to protect privacy – safeguarding personal and corporate data, preventing discrimination and censorship, and even national security considerations. The traditional financial system attempts to balance these priorities by subjecting licensed intermediaries like banks to regulations, while preserving privacy for individual customers.

In decentralized finance (DeFi) protocols operating on public blockchains, the transparency required for effective regulation becomes a hindrance. DeFi developers can’t reasonably handle collecting and securing users’ sensitive personal data. And regulators lose the ability to influence centralized intermediaries since protocols are decentralized and often pseudonymous.

On-chain analytics that trace transactions suffer from the blockchain transparency problem – too much irrelevant information is publicly visible, while associating transactions with real identities is unreliable. Privacy protections like mixers, rollups, and bridges further impede the effectiveness of these methods.

Fundamentally, the traditional regulatory approach of mandating licensed intermediaries lacks a clear mapping to DeFi’s decentralized, disintermediated, and often anonymous architectures.

A Zero-Knowledge Solution

The key to achieving better compliance in DeFi may lie in leveraging zero-knowledge proofs – cryptographic techniques that enable proving a statement is true without revealing any information beyond the fact that it is true.

The core idea is to embed regulatory compliance rules directly into DeFi protocols and smart contracts. Transactions would only be processed if they satisfy programmable policies around identity, sanctions screening, transaction limits, suspicious activity reporting, the “travel rule” sharing of counterparty data, and more.

Rather than relying on centralized data collection, the protocols can leverage external “regulatory attestation providers” that cryptographically certify identity attributes and screening results about wallet holders. Users would hold certificates encoding this compliant data.

Zero-knowledge protocols then allow users to cryptographically prove their certificates satisfy programmable on-chain policies, without revealing the underlying private data from the certificates themselves. Nodes and smart contracts can efficiently validate these proofs to enforce compliance at the protocol level.

This enables the creation of “compliant asset pools” where all participants satisfy relevant policies, allowing fully private transactions amongst a group who have been vetted for factors like sanctions compliance. Users retain privacy from the public, while protocols have visibility into compliance without raw personal data.

Research Developments

This vision has already seen promising academic advances laying the foundations:

  • The original Zerocash paper introducing Zcash foresaw using zero-knowledge proofs for policy compliance beyond just proving coin ownership.
  • Subsequent works like Zether, Provisions, and Trovato have proposed and built prototypes for privacy-preserving regulation technologies.
  • Eran Tromer’s startup Sealance is commercializing privacy-preserving compliance solutions for both legacy and emerging blockchains.

While technical challenges remain around scalability of zero-knowledge circuits, techniques like PLONK and FRI are rapidly improving capabilities. Integration challenges relate more to settling on the right policies with regulators’ blessing.

Ultimately, getting buy-in from notoriously risk-averse compliance officers requires building confidence that zero-knowledge math can keep funds away from sanctioned entities as effectively as human processes at traditional institutions.

Initiatives like ZKProof and open research are key to establishing consensus around robust cryptography assumptions and threat models. But progress is being made towards balancing privacy and regulation through zero-knowledge protocols tailored for DeFi.