Introduction:
This episode of the PGP for Crypto podcast features a special discussion with Vitalik Buterin, co-creator of Ethereum, and Zuko Wilcox, founder of Electric Coin Company and co-creator of Zcash. The discussion centers around the recent development of Privacy Pools, a technical solution proposed in an academic paper co-authored by Buterin, Amin Soleimani, and others.

Background:
The discussion assumes that listeners are aware of industry and government concerns about the illicit use of cryptocurrencies, including the U.S. Treasury Office of Foreign Asset Control (OFAC) Tornado Cash sanctions, arrests and charges against Tornado Cash developers, and the Coin Center litigation against OFAC.

Opening Remarks:
Host Paul Brigner expresses appreciation for the substantial contributions of Buterin and Wilcox to the cryptocurrency industry, highlighting their pioneering spirits and forward-thinking approaches that have shaped the industry and influenced the global financial landscape.

Josh Swihart’s Introduction:
Josh Swihart, former Senior Vice President at Electric Coin Company, joins the podcast as co-host. He emphasizes the importance of privacy and human freedom as fundamental principles in the development of cryptocurrency technology and regulation.

Privacy Pools Paper Summary:
Buterin summarizes the Privacy Pools paper, explaining that it proposes a technical solution to achieve a balance between blockchain privacy and regulatory compliance.

Motivation for the Paper:
Buterin explains that the motivation for writing the paper stemmed from the increasing interest in privacy-preserving transactions and the need to address concerns about the illicit use of cryptocurrencies.

Privacy Pools Concept:
Buterin outlines the concept of Privacy Pools, describing it as a system where users can send privacy-preserving transactions by combining their transactions with a large pool of other transactions, making it challenging for observers to identify the origin or destination of individual transactions.

Benefits of Privacy Pools:
Buterin highlights the potential benefits of Privacy Pools, including enhanced privacy for users, reduced risk of censorship, and improved fungibility of cryptocurrencies.

Challenges and Trade-Offs:
Buterin acknowledges challenges associated with Privacy Pools, such as increased computational costs, potential scalability limitations, and the need to strike a balance between privacy and regulatory compliance.

Regulatory Considerations:
Buterin emphasizes the importance of considering regulatory requirements and the need for ongoing dialogue between industry stakeholders and policymakers to develop effective regulations that protect both privacy and security.

Conclusion:
The discussion concludes with a recognition of the significance of Privacy Pools as a potential solution to address concerns about illicit cryptocurrency use while preserving user privacy and fostering human freedom.

Privacy Pools: A Novel Approach to Cryptocurrency Privacy:
Privacy Pools allow users to prove they are not associated with known hackers, preserving anonymity while minimizing suspicion. These pools help separate legitimate users from hackers, allowing exchanges and other entities to accept funds without suspicion. The design is flexible, allowing for various criteria to determine pool membership. The goal is to strike a balance between maximum privacy and the acceptance of digital assets in the wider economy.

Motivating Use Case: DeFi Hacks and Privacy:
DeFi hacks often involve stolen funds being laundered through mixers like TornadoCash. Privacy Pools offer a solution by allowing non-hacker users to prove their funds are not connected to hacks. This enables exchanges and others to accept funds from Privacy Pools without suspicion.

Challenges and Criticisms:
Zooko Wilcox, a freedom maximalist, expressed concerns about the paper and its presentation. He dislikes the suggestion that users who disagree with Privacy Pools should simply not use them. Wilcox argues that such a response is dismissive and fails to address legitimate concerns. He emphasizes the importance of open discussion and critique in developing privacy solutions.

Balancing Privacy and Transparency:
Vitalik Buterin acknowledges the need to balance privacy with the ability to boycott assets from specific transactions. Privacy Pools aim to achieve this balance by providing meaningful privacy while allowing for some degree of transparency. The goal is to protect privacy without sacrificing the acceptance of digital assets in the wider economy.

Conclusion:
Vitalik Buterin’s Privacy Pools present a novel approach to cryptocurrency privacy that balances the need for anonymity with the need for transparency in the digital economy. By allowing users to prove their funds are not associated with hacks or illicit activities, Privacy Pools aim to create a system where legitimate users can enjoy privacy without compromising the wider acceptance of digital assets.

Zooko Wilcox’s Perspective:
Concerned about the implication that cryptocurrency people are okay with the principle of guilty until proven innocent. Views the paper as premature and not a viable product yet. Likes the idea of exploring more nuanced approaches to privacy and disclosure.

Vitalik Buterin’s Perspective:
Acknowledges the criticism of “guilty until proven innocent” and agrees that the term “proof of innocence” is problematic. Suggests that there are multiple kinds of actors and outcomes related to privacy systems. Emphasizes the need to avoid intermediate fates, such as exchanges freezing funds or closing accounts based on suspicion. Believes that we should not expect zero suspicion without ironclad evidence. Draws parallels to situations where people are treated with varying levels of suspicion based on their characteristics. Proposes that providing good information can decrease motivation for treating people differently based on bad information. Highlights the blurry line between government and private actors in the context of crypto policy.

Privacy is About Anonymity Sets, Not Just Size:
The most important aspect of privacy is having an anonymity set of X thousand versus one, rather than 10,000 versus 5,000.

Privacy Pools Offer Robustness to Disagreement:
Privacy pools have an advantage over other alternatives, such as system-wide whitelisting, in that they are robust to disagreement about who should be associated with and who shouldn’t.

Example of Controversy and Association:
If there is something controversial to associate with, people from one group might boycott it, while people from another group might support it as an act of civil disobedience.

What is Privacy Pools:
Vitalik Buterin discusses a new concept called “Privacy Pools”, which aims to enhance privacy in cryptocurrency transactions.

Privacy Pools vs Mixers:
Zooko Wilcox expresses confusion about the distinction between privacy pools and mixers. Vitalik clarifies that privacy pools are not limited to mixers and can exist in various contexts, including Zcash-style shielded pools.

Use Case Example:
Zooko presents a scenario where a DAO might require proof that a donation does not originate from known hacker addresses. Vitalik acknowledges the validity of this use case and expresses support for privacy-preserving solutions in such contexts.

Challenges with Disclosure:
Vitalik addresses the inadequacy of disclosure tools like the one offered by Tornado Cash. He emphasizes that criminals are unlikely to voluntarily use such tools, rendering them ineffective in reducing the anonymity sets of criminals.

Benefits of Privacy Pools:
Vitalik highlights the potential of privacy pools to help users avoid bad outcomes, even if it may not lead to a perfect solution.

UTXO vs Balances:
Vitalik shares his experience with UTXOs while developing a Bitcoin wallet and explains why he decided to replace UTXOs with balances in Ethereum. Zooko acknowledges the advantages of UTXOs in the context of privacy and highlights the influence of Vitalik’s decision on subsequent developers.

Understanding the Problem:
Vitalik Buterin discusses the challenge of reducing the anonymity sets of criminals in a way that minimizes the burden on legitimate users. The Tornado Cash anonymity tool was ineffective in encouraging widespread usage, resulting in limited impact on anonymity set reduction.

The Solution:
Creating tools that impose lower costs or even provide benefits to legitimate users can incentivize them to use the tool and thus increase the number of people dissociating from criminals.

Addressing Two-Hop Transfers:
A simple approach is to require a two-week waiting period before spending funds to allow time for flagging suspicious transactions. In a two-hop transfer scenario, the intermediate object cannot exclude the hacker from its association set, preventing it from being added to legitimate association sets.

Threat Model:
A hacker steals funds and sends them to an intermediate address (Y) controlled by the hacker. The hacker then sends the funds from Y to a final destination (Z) controlled by a DAO. The hacker’s goal is to obscure the connection between the stolen funds (X) and the DAO, making it appear legitimate.

Easy Solution:
Require a two-week delay before an address can be added to an association set. This prevents the hacker from immediately laundering the stolen funds through the DAO.

Challenges:
If the hacker waits more than two weeks before moving the funds, the stolen address (X) will not be added to the association set. As a result, the intermediate address (Y) cannot prove its legitimacy and cannot be used to join the DAO.

Coin IDs and Nullifier:
In the full privacy model, each coin has a coin ID and a nullifier. Coin IDs are public and nullifiers are published when the coin is spent. The coin ID of a coin is known when it is published.

Discussion:
The speakers discuss the concept of association sets, which are used to prove that an address is not on a blacklist or is part of a known-not-to-be-bad set of addresses. They also discuss the challenges in creating a system that prevents hackers from laundering funds through DAOs while still maintaining privacy.

Zooko’s Concerns:
Zooko expresses his strong negative reaction to the idea of using zero-knowledge proofs and shielded pools as a solution to regulatory and law enforcement concerns. He believes that this approach is potentially misleading and may give the impression that technology can provide a perfect solution to all their needs, which is not realistic. Zooko worries that this could lead to a guilty-until-proven-innocent society, where individuals are presumed guilty until they can prove their innocence.

Vitalik’s Response:
Vitalik acknowledges Zooko’s concerns and agrees that it is important to be cautious about the potential implications of using zero-knowledge proofs and shielded pools. He emphasizes that these technologies are not a perfect solution and that they do have limitations. Vitalik proposes a more nuanced approach, where the specific conditions for using these technologies are carefully considered to minimize the potential risks.

Discussion on Freedom of Association:
Zooko emphasizes the importance of freedom of association and his practice of dissociating from individuals who have engaged in shady or harmful behavior. He sees the potential of zero-knowledge proofs and shielded pools to facilitate freedom of association by allowing individuals to engage with others without revealing their identities.

Zero-Knowledge Proofs and Private Worlds:
Zooko expresses his interest in exploring the application of zero-knowledge proofs in a private world. He believes that this technology has the potential to be used in a way that respects individual privacy and autonomy.

Critique of Zero-Knowledge Proofs as a Solution to OFAC Compliance:
Zooko argues that zero-knowledge proofs are not a solution to the challenge of complying with OFAC regulations. He believes that there are better and more practical approaches that can be used to address this issue.

Arguments for and against OFAC’s Ban on TornadoCash:
Zooko Wilcox argues that the ban on TornadoCash is a wrong response to the issue of privacy protocols used by foreign enemies. Wilcox asserts that OFAC lacks the authority to ban U.S. citizens from using protocols based solely on their use by foreign adversaries.

Comparison of TornadoCash and Zcash:
Vitalik Buterin questions why TornadoCash was banned while Zcash, another privacy protocol, has not faced the same fate. Buterin points out that Zcash is technologically superior to TornadoCash in terms of privacy protection. Buterin acknowledges that Zcash has faced challenges, such as temporary bans on exchanges in various countries, but has ultimately been able to overcome these obstacles.

Wilcox’s Perspective on Zcash’s Resilience:
Wilcox suggests that Zcash’s resilience may be due to its strong community and its ability to adapt to regulatory changes. Wilcox emphasizes the importance of building privacy protocols that are robust and flexible enough to withstand regulatory scrutiny.

Conclusion:
The discussion highlights the complex interplay between technology and policy in the field of privacy protocols. It underscores the need for protocols that strike a balance between privacy and regulatory compliance.

Principles of Cryptocurrency and Government Regulation:
Zooko emphasizes the importance of upholding the rule of law and limited government, especially in the context of cryptocurrency regulation. He believes that the U.S. government lacks the authority to dictate which protocols Americans can use, and any attempt to do so would be a grave mistake.

Privacy and Anonymity:
Zooko recognizes the potential for privacy-focused cryptocurrencies like Zcash to be used by bad actors, but he highlights the fact that governments have not yet successfully adapted to the existence of Bitcoin and Ethereum. He emphasizes the importance of learning from past experiences and points to the slow adoption and regulatory responses to Bitcoin, Ethereum, Monero, Tornado Cash, and Zcash.

Zcash’s Resistance to Government Control:
Zooko emphasizes that the North Korean government has not attempted to steal Zcash, unlike other cryptocurrencies like ETH. He attributes this to Zcash’s inherent privacy features, which make it difficult for governments to track and seize funds.

Historical Example of Zcash Usage by a Russian Spy Group:
Zooko narrates an incident where a Russian anti-USA spy group used Zcash to sell stolen hacking tools from the NSA in exchange for $10,000 worth of Zcash. This incident highlights the potential for privacy-focused cryptocurrencies to be used for illicit activities, even in their early stages of development.

Zcash and the War on Drugs:
Zcash, a cryptocurrency with privacy features, has been used by individuals and groups that have engaged in illegal activities. The war on drugs and the transparency of Bitcoin and Ethereum have influenced how policymakers approach privacy-focused cryptocurrencies.

The Importance of Data Points:
Zcash serves as a real-world data point that can help policymakers understand the implications of privacy technology. The existence of Zcash, with its significant user base and lack of detectable illegal activity, challenges the notion that privacy coins are inherently used for illicit purposes.

Policymakers and Hypothetical Situations:
Zooko Wilcox cautions against relying solely on hypotheticals and vaporware when educating policymakers about privacy technology. Concrete examples, such as Zcash, are more effective in conveying the nuances and complexities of privacy technology to policymakers.

The Coin Check Hack and its Impact on Zcash:
Following the Coin Check hack in 2018, Zcash was effectively banned in Japan despite no Zcash being involved in the incident. This highlights the tendency of policymakers to resort to broad bans on privacy-focused cryptocurrencies as a knee-jerk reaction to negative events, even when the technology itself was not implicated.

Privacy-Protected Technologies and Regulation:
The case of Japan illustrates the broader challenge of regulating privacy-protected technologies, as regulators often face pressure to take visible action, even if it involves oversimplified or ineffective measures.

The Evolution of Regulators’ Understanding:
Josh Swihart acknowledges that regulators’ understanding of privacy-protected technologies has improved over time, leading to more nuanced approaches to regulation.

Government Requests for Backdoor Access:
U.S. government departments have approached Zcash to request a backdoor for accessing information. Some specific actors within the government have officially made this request. However, this idea is a non-starter for many policymakers in D.C. working on policies related to digital cash. These policymakers want access to digital cash but oppose any measures that would allow regulators to have similar access.

Varied Perspectives within the Government:
The government’s stance on backdoor access is not uniform. There are opposing views and values among different actors and departments. Some senators, congressmen, and other departments hold opposite strategies and desired policies regarding backdoor access.

Zcash’s Response to Government Requests:
Zcash has faced pressure to comply with government requests for a backdoor. The company has resisted these requests, maintaining its commitment to privacy and self-custody. Zcash’s stance aligns with the values of many policymakers who oppose backdoor access.

Historical Context: BitLicense and Educational Efforts:
In the past, Zcash provided education and tutorials to the New York Department of Financial Services regarding BitLicense requirements. This engagement demonstrates Zcash’s willingness to engage with regulators while upholding its core values.

Challenges in Privacy for Cryptocurrency Transactions:
Zooko Wilcox shares his experience with regulators and their concerns about protecting consumers from potential privacy risks associated with cryptocurrency transactions. He highlights the complexity and nuances involved in balancing privacy and consumer protection, acknowledging the challenges in communicating these concepts to regulators.

Critique of Tornado Cash Paper:
Wilcox admits to initially reacting emotionally to the Tornado Cash paper due to its high stakes and implications. He later acknowledges that he missed significant content upon a more thorough reading, emphasizing the importance of understanding the paper’s context and details.

Understanding Coin ID Sets:
Wilcox initially expressed skepticism about the paper’s claims, questioning its applicability to real-world scenarios. However, after Vitalik Buterin’s explanation, he recognizes the significance of the coin ID set as a known universal set, enabling certain privacy mechanisms.

System-wide Effects and UX Concerns:
Wilcox raises concerns about the user experience and potential downstream effects of implementing the proposed privacy solutions. He questions the practicality of expecting users to understand and navigate complex privacy-enhancing mechanisms.

Geopolitical Considerations:
Wilcox brings up the issue of national pride and independence, wondering how countries like India might react to subscribing to a blacklist maintained by entities like the FBI. He emphasizes the need to consider the diverse perspectives and priorities of different countries in designing privacy solutions.

Network Effects and Robustness:
Vitalik Buterin acknowledges the risk of network effects solidifying around a single blacklist provider, leading to potential biases and vulnerabilities. He expresses hope that the system can be robust to different entities maintaining diverse blacklists.

Balancing Automated UX and Compliance:
Wilcox and Buterin discuss the need for automated mechanisms to simplify the process of choosing association sets for privacy. They draw parallels to existing token list subscription models in decentralized exchanges.

Association Sets and Compliance:
Wilcox highlights the importance of understanding the implications of subscribing to certain association sets, such as OFAC’s SDN list, for exchanges and users. He emphasizes the need for clear policies and procedures to ensure compliance and protect users’ interests.

Privacy for the Weak, Transparency for the Powerful:
Vitalik Buterin believes that privacy should be accessible to ordinary people, but transparency should be applied to high-value transactions and events.

Blacklist Construction:
A blacklist of suspicious coins can be constructed using a script that automatically adds all coins after a specified delay, except those flagged as fraudulent or fake by reputable sources like Etherscan or MetaMask.

MetaMask’s Role:
MetaMask has a crucial role in user experience by providing warnings about suspicious coins. The Snaps architecture in MetaMask allows users to choose trusted providers of threat intelligence plugins that can warn them about blacklisted coins.

Retroactive Warnings:
Due to the current limitations of communication flows, warnings about tainted coins are often retroactive. Users can either confront the sender, deposit the coins into an exchange that doesn’t bother them, or engage in more effort-intensive processes.

Ideal Privacy:
Vitalik Buterin envisions a form of privacy where ordinary transactions are untraceable, but large-scale events can be subjected to scrutiny.

Creating Tools for Privacy and Transparency:
The goal is to develop tools that enable privacy for the weak and transparency for the powerful.

Zooko and Vitalik’s Perspectives on Privacy and Surveillance:
Vitalik Buterin suggests that if a hacker steals $70 from a bike sale, society shouldn’t be overly concerned, as the hacker can use the money to purchase a bike. He acknowledges the greater concern of North Korea obtaining nuclear weapons rather than bikes. Vitalik recognizes the equilibrium of privacy systems and backdoor systems can lead to unpredictable outcomes.

Zooko’s Question on UX Equilibrium:
Zooko Wilcox raises the concept of a UX equilibrium where all coins cannot be safely spent within seven days. This is due to the need for recipients to verify that the sender is not a blacklisted hacker.

Zero-Knowledge Proof of Transitive History:
Zooko proposes a solution where a zero-knowledge proof is generated to prove the transitive history of coins over the past seven days. This ensures that the coins were not part of a hack. The recipient must provide the providence of the coins up to the seven-day boundary to enable the generation of the proof.

Paul Brigner’s Reflections:
Paul Brigner expresses his fascination with making things work as they should, particularly in the context of cryptocurrency. He emphasizes the importance of avoiding the conclusion that cryptocurrency will inevitably be subject to OFAC regulations. Brigner draws attention to the financial surveillance ecosystem that has evolved since the 1970s, especially since the 1990s. He recommends listening to a Bankless podcast episode with Michael Mosier and Seth Hartling for insights into how things have changed over time. Brigner questions the desire to fit a new financial technology ecosystem into the existing problematic system. He raises concerns about the overwhelming power of network effects witnessed in the policy world, particularly in big tech.

Vitalik’s Closing Remarks:
Vitalik expressed concerns about fracturing cryptocurrencies based on geopolitical boundaries and regulations. He fears that this could lead to cryptocurrencies aligning with authoritarian states, creating a divide in the global cryptocurrency landscape.

Censorship Resistance and the Risk of Authoritarian Exploitation:
Vitalik highlighted his fear that censorship-resistant technologies could potentially become a net negative for the world. He worries about authoritarian states successfully suppressing the use of these technologies internally while simultaneously exploiting the openness of free societies for their benefit.

Balancing Privacy and Freedom in a Digital Age:
Vitalik emphasized the significance of privacy and freedom, especially for individuals in countries like Russia and Iran. He seeks to protect ordinary people from oppressive governments while also preventing these governments from wielding excessive power on a global scale.

The Future of Privacy Technologies:
Vitalik discussed the ongoing debate on privacy-preserving technologies and the potential role of privacy polls within the Ethereum ecosystem. He expects experiments in this area to provide valuable insights over the next few years.

Conclusion and Appreciation:
Paul Brigner thanked the participants for their contributions and acknowledged the importance of this discussion for privacy advocates. He expressed hope that the podcast would help shape future policy development in the cryptocurrency world.