Blockchain Meets Regulators Half Way To Satisfy Both Compliance & Privacy

Blockchain’s immutable ledger is a core element of crypto, enabling transactions to be verified by network participants so that everything works without any intermediaries. But this transparency means sensitive transactions and financial information can be viewed by anyone. This doesn’t just concern individuals, but also financial institutions, who need to keep their dealings confidential. Governments, on the other hand, want to ensure that crypto isn’t used as a conduit for fraud, money laundering and other illicit activities. 

So is there a way to balance the inherent desire for anonymity with regulator’s demands for transparency and auditability, so that crypto becomes acceptable to both businesses and governments? You bet. Projects like COTI, Midnight and Zama demonstrate that privacy and transparency can in fact co-exist quite peacefully. All it takes is a little innovation. 

Compliance With Consent

The vast majority of blockchain privacy protocols today rely on some kind of implementation of zero-knowledge proofs, but these can be extremely resource-intensive and it’s not certain they can scale effectively. That’s why COTI is focused on a different approach, utilizing an alternative cryptographic technique called Garbled Circuits 

The biggest advantage of Garbled Circuits is that it uses far less resources. The technique makes it possible for two independent parties to work together to compute a function, without revealing their private inputs. The concept is not new, but COTI was the first project to implement it in a blockchain-based payments infrastructure. 

COTI’s Garbled Circuits ensure that sensitive transaction details remain encrypted while stored on a public ledger, and support verifiable computations on that private information. In other words, it enables anyone to prove certain properties about encrypted data are true, without actually seeing what that data is. As a result, COTI supports secure and verifiable multi-party transactions that cater to the privacy demands of individuals and businesses alike. 

In order to satisfy regulators, COTI enables selective information disclosure, where users can control what private data they want to share, and who they share it with, meaning they can satisfy any compliance requirements without exposing their sensitive financial data. 

In an interview with MPost last year, COTI Chief Executive Shahaf Bar-Geffen explained that few people realize that privacy and anonymity are not the same thing. Whereas anonymity means everything is anonymous, privacy gives users the right to decide what details they want to share. “For instance, I might share certain information with my wife but not my boss, and definitely not on social media,” he said. “Similarly, in a business, the CEO might know some details, and HR might know others, but not the security guard at the entrance.”

In addition, COTI has developed a trust score system in lieu of traditional credit scores, where individual wallets are assigned a score based on their verified identities and previous behavior to support risk assessments for lending and other use cases. COTI’s blockchain also enables application builders to implement KYC and AML checks, and share information with regulators when it’s requested to do so. 

COTI says its payments infrastructure offers “privacy by design” and “compliance with consent”, making it well suited for businesses and investors who require both privacy and the ability to satisfy regulatory requirements. 

Selective Disclosure

A different approach to compliance comes from Midnight, which has built a Cardano-based sidechain focused on data protection. It’s an approach that recognizes how some blockchain data must be made public, while some should always remain private, and offers developers flexibility in how they can selectively disclose information to satisfy regulators. 

Midnight’s Layer-2 sidechain utilizes ZK-proofs to shield smart contract and transaction data from prying eyes. As opposed to Garbled Circuits, where two parties work together but only see some of the data, ZK-proofs allow one party to prove they know a certain value, without revealing what that value is. Using this technique, it’s possible to verify transaction details without exposing the amounts sent and the wallet addresses involved. 

What’s especially useful about Midnight’s privacy protocol is it supports more than just transaction data. For instance, it can be used by an anonymous individual to prove they’re old enough to use a certain service, without revealing their identity or their birth date. 

Midnight satisfies compliance rules because its architecture enables data to be made visible when required. For instance, developers can design their application so that some data remains private while other information can be used for regulatory reporting, but visible only to authorized government agencies. As such, individual user’s transaction details would be private, but aggregated and anonymized data can be seen by regulators. Midnight calls this approach “programmable privacy”, because the degree of confidentiality is determined by the application developers building on its network, so they can tailor them to specific regulatory requirements. 

It’s an optimum balance that maintains individual privacy while allowing applications to support regulatory oversight through carefully controlled information disclosures. The goal is to enable developers to build apps that satisfy both sides of the privacy/compliance debate. 

Verifiable Yet Private Data

Another alternative is being pursued by Zama. It’s using a technique known as homomorphic encryption or FHE, where encrypted data can be processed without decrypting it first. With this approach, computations can be processed securely in untrusted environments such as blockchains, without exposing the underlying data. 

Zama doesn’t operate a blockchain network itself, but makes its FHE tools available to developers using existing protocols, such as Ethereum, Cardano and Solana. It’s extremely versatile, and can be used to create a blockchain-based voting system that ensures voters can cast their votes with full anonymity, preventing fraud and manipulation. Alternatively, it might be used by a blockchain-based healthcare application to support medical research, enabling analysis of anonymized health records, ensuring compliance with regulations such as HIPAA. 

Because FHE allows for sensitive data to be processed and analyzed without requiring direct access to the underlying information, regulators can verify compliance and audit financial records on private blockchains, without seeing any specific transaction details or user’s wallet addresses. This means compliance without compromising user’s identities or financial privacy. 

Zama still faces challenges around implementing FHE at scale due to the heavy computational requirements, but it has made significant progress that pushes the boundaries of what’s possible in blockchain-based privacy. More importantly, it’s another method that allows developers to create compliant protocols without sacrificing user privacy, paving the way for more institutional adoption of blockchain-based finance. 

The Best Of Both Worlds With Compliant Privacy 

If there’s one commonality to be found with COTI, Midnight and Zama, it’s the recognition that cast-iron anonymity is unlikely to find a place in a global financial system that depends on regulation. Simply put, governments aren’t going to allow an unregulated payments infrastructure to replace traditional fiat systems, as that means they’ll lose control. 

Fortunately, blockchain is adaptable enough to make a compromise with privacy-preserving mechanisms that enable “selective transparency”, where transaction details can be unmasked with the consent of users in order to satisfy the need for regulation. COTI, Midnight and Zama are at the forefront of a new financial ecosystem that prioritizes user privacy while still allowing for oversight, setting the stage for blockchain’s efficiency to shine on a global stage.