Can Privacy and Compliance co-exist?
Layer 1 transparency: A feature or a bug?
When the Bitcoin blockchain’s genesis block was mined in January 2009, the network’s transparency was its unique selling point. It still is — except that it is a USP that is not appropriate for all use cases. The ability to track transactions from wallet to wallet, check out a wallet’s entire transaction history and to be able to potentially identify the pseudonymous owners of these wallets is quickly becoming a double-edged sword at best.
On one hand, the ability of blockchain forensic specialists such as Chainalysis and Elliptic to identify the individuals behind certain wallets and their transactions has provided mitigation against arguments from Bitcoin’s detractors that cryptocurrencies are used primarily for nefarious purposes; and crypto’s early champions see this transparency as a necessary component in creating the fair and equitable future that decentralization promised.
On the other hand, it is culturally and pragmatically very strange to know how much money people who sent you a transfer hold in their wallet. That level of transparency, when translated to real-world standards, is creepy, to say the least. At institutions — both at the custodial and corporate levels — that level of transparency becomes a powerful deterrent to mass adoption.
Institutional adoption of digital assets and DeFi
Over the last year to eighteen months, one of the big stories has been the institutional adoption of digital assets. Several companies have hit the headlines with their decision to add Bitcoin to their balance sheets, while Ethereum is seen as a likely additional target, having also been bought as a reserve asset by the app-development company Meitu.
Additionally, the earlier announcement by the Office of the Comptroller of the Currency in the US that banks should now be permitted to run stablecoin nodes and to offer custodial services to retail customers opens the doors to a whole new world of financial services aimed at customers who may not want to deal themselves with the complexity and security issues of holding their own keys.
The growth of the DeFi ecosystem, with frictionless access to financial instruments and potential gains that outstrip many traditional investments, is inevitably poised to lure more and more conventional investors, both corporate and retail.
One feature likely to be demanded by these mainstream — and often high net-worth investors, is the ability to keep transactions private — and this is, in fact, something that is a potential benefit to investors at all levels.
Why privacy is important
There is often confusion when privacy is discussed:
At one extreme end of the spectrum, there are those who chant the mantra: “If you’ve done nothing wrong, you’ve got nothing to hide” — making the inference that somehow every transaction should always be fully public, at least at a pseudonymous level.
On the other end, there are users who opt to use Bitcoin’s most privacy-centric features, such as mixers, and privacy currencies such as Monero, on the basis that they prefer to keep all their transactions private from everyone — including the jurisdiction of the state in which they live. While it is possible that such transactions are entirely legitimate, state authorities do not look kindly on undisclosed transactions, both on the suspicion that the cash being transferred could be the product of illegal activities, and also on the suspicion that taxes may be being evaded.
To those who would argue that every transaction should always be transparent and public, it is important to ask the question: would you be happy to show the world your bank statements?
This applies to both individuals and institutions. Individuals may wish not to disclose certain payments — for example, where it implies a link to a particular person or organisation where discretion may be preferred, or simply because they do not want their friends and neighbours to know how much money they have.
Institutions acting on behalf of customers may need to obfuscate transactions from the general public to provide their clients with the degree of privacy to which they are accustomed. And institutional trading desks may have thousands of entirely valid reasons for not wanting to open up their activities to the scrutiny of competitors — the risk of being front-run, for example.
Alpha erosion is real and happens very quickly in DeFi.
Privacy of transactions is important in auction settings as well. Sealed bid auctions are omnipresent. In blockchain environments, however, often both the bids and sometimes deposits are public information, which gives rise to undesirable behaviour of the auction participants.
It is important to remember that privacy need not equal secrecy. The concept of privacy is the ability to choose the people or organisations to which we are happy to entrust certain matters. And that is why privacy on public blockchain networks has always been such a difficult topic.
Privacy and compliance
As digital asset investment and trading fall more and more under the spotlight of regulators, it is important to realise that while a certain amount of regulatory arbitrage may be possible by moving from one crypto-friendly jurisdiction to another, at some point, globally agreed rules on money laundering and asset transfer will mean that there is nowhere else to run.
Sensible investors recognise that in order to reside in a law-abiding and safe country, it is necessary to abide by certain regulations and tax rules, whether your assets are digital or more traditional — and this is where compliance comes in.
The great thing is that while compliance would seem at first glance not to be at all compatible with privacy, they are in fact two sides of the same coin, and we believe through the use of privacy-enhancing technologies on blockchain we can have the best of both worlds.
Panther Protocol’s approach
Panther Protocol provides DeFi users with interoperable, fully collateralized privacy-enhancing digital assets, leveraging zkSNARK technology and offering a novel price discovery mechanism for privacy.
Users are able to mint zero-knowledge zAssets by depositing digital assets from any blockchain into Panther vaults and using these zAssets across a full range of DeFi applications.
We believe zAssets will become an ever-expanding asset class. Stablecoins, utility tokens and NFTs will all become infused with privacy. Institutional DeFi and Web3 require privacy to scale and disrupt legacy systems.
Panther Protocol provides users with a customizable level of privacy at the transaction level. Importantly, the end-user is in complete control of their privacy and their data.
Between fully public and fully private, there will be different levels of disclosures available:
Zero-knowledge disclosures: Users can prove compliance without providing any underlying data — meaning they provide the financial institutions what they need (to know you did everything in accordance to a certain rules engine), without having to disclose anything about the transaction itself (sender, receiver, amounts, metadata — all of that remains private).
Full disclosure to a specific counterparty: Here the user allows the transactional data to be shared with the financial institution or the regulator, but that’s already much better than having all of your transactions fully public/transparent for anyone to see, in perpetuity.
The key things to take into consideration here is that a) the users are in control to interact with whoever they want and disclose whatever they want, and b) any selective disclosure method is already much better than fully public transactions.
Selective disclosures are the future of compliance and the game-changer institutional users have been waiting for as it puts them in control, providing unstoppable privacy and freedom to share data with whomever they decide.
Users will be also able to provide complete details about their transactions, when requested by the counterparty, but again, at their complete discretion. We believe that this is the perfect middle ground between privacy and compliance. If we advance society to a level where compliance is verified through zero-knowledge proofs, Panther will have fixed one of the largest challenges of the privacy problem. The ultimate goal of the protocol is to provide users with freedom and sovereignty.
Some more on zero-knowledge proofs: in cryptography, a zero-knowledge proof or zero-knowledge protocol (ZKP) is a class of method by which one party (the prover) can prove to another party (the verifier) that they know a value, without revealing the value itself or any other information
Interactive ZKPs require interactions between the prover and the verifier when validating the proof, whereas non-interactive zero-knowledge (NIZK) proofs allow the prover to generate and publish a proof that can be validated by any verifier at any time with no further interaction. For this reason, non-interactive ZKPs are particularly useful in the blockchain setting.
In smart contract-based solutions, privacy is achieved by operations performed in the smart contract layer. The user deposits assets into a smart contract which in turn performs operations such as mixing. At the end of the operation, the smart contract makes the anonymized asset available to the user to be withdrawn to a fresh, unused address.
Learn more about selective private disclosures
Another key element here is the use of Service Providers and Trust Providers. Panther can serve as a transport layer for data representing attestations about users originating from Trust Providers, together with tools for both off-chain and on-chain verification of those attestations, which can then be voluntarily disclosed by those users to Service Providers with which the users wish to interact.
These selective private disclosures establish a trust relationship of a Service Provider towards a user of their service, and also the trust of the user towards a service provider (or even between 2 p2p users), allowing them to interact privately whilst reducing the risk exposure of the Service Provider.
In other words, a Service Provider might be more inclined to tolerate — or even encourage — private transactions if they are able to prove to regulatory authorities that the transactions have been verified in this way.
Trust Providers are publicly visible and reputable organizations. They could be banks, specialist KYC providers, certification authorities, government departments, notaries or a partner working on their behalf such as an electronic signature provider.
In our permissionless model, anyone can become a Trust Provider, and it is up to the Service Providers to decide which Trust Provider(s) they will trust. If a Service Provider announces that they will accept equivalent attestations from multiple Trust Providers, then a user wishing to transact with that Service Provider also has some freedom in which of those Trust Providers to use.
Trust Providers are incentivized, to be honest, and provide true attestations about users, by receiving payments from Service Providers or Users in Panther Tokens.
Panther will make it easy for the users to receive and securely store these attestations in a decentralized manner, and to later retrieve those attestations and pass them to any Service Providers which need them. The attestations can be provided and verified either off-chain or on-chain; in the latter case, zero-knowledge proofs are required in order to avoid public disclosure of confidential data.
We will follow up with a deeper dive into Panther Protocol’s technology components in further posts, but we hope that this will serve as an overview of why privacy is so important, even when set against a backdrop of the regulatory need for compliance and oversight.
Panther is a decentralized protocol that enables interoperable privacy in DeFi using zero-knowledge proofs.
Users can mint fully-collateralized, composable tokens called zAssets, which can be used to execute private, trusted DeFi transactions across multiple blockchains.
Panther helps investors protect their personal financial data and trading strategies, and provides financial institutions with a clear path to compliantly participate in DeFi.