Related research papers: 1. Systematizing “Accountability” in Computer Science - 2012 - https://www.cs.yale.edu/publications/techreports/tr1452.pdf 2. Accountable warranties - 2014 - https://freedom-to-tinker.com/2014/04/02/secure-protocols-for-accountable-warrant-execution/ - https://www.cs.princeton.edu/~felten/warrant-paper.pdf 3. Accountable Privacy for Decentralized Anonymous Payments (extended Zcash) - https://eprint.iacr.org/2016/061.pdf - The paper looks quite sketchy and not too rigorous. - Basic ZCash + some different simple ideas on accountability, such as policy compliance (but only naive examples -- taxes, spending limits), coin tracing, and user tracing. Suggests how to solve the technical problem of maintaining accounts on top of UTXO (parallel Merkle tree). 4. PRCash: Fast, Private and Regulated Transactions for Digital Currencies - https://eprint.iacr.org/2018/412.pdf 5. zkledger: Privacy-Preserving Auditing for Distributed Ledgers - https://eprint.iacr.org/2018/241 - https://dci.mit.edu/zkledger - https://github.com/mit-dci/zksigma (last commit 3 years ago) - Limited scalability since transactions are O(#participants), mostly targeted at banks are not too many? Requires /interactive/ auditing protocol between auditor and the user. So it's "audit by consent" for non-trivial audits. 6. Fully Auditable Privacy-preserving Cryptocurrency Against Malicious Auditors - https://eprint.iacr.org/2019/925.pdf 7. Privacy-preserving auditable token payments in a permissioned blockchain system - https://eprint.iacr.org/2019/1058.pdf - Permissioned is probably not interesting. - Evaluation based on hyperledger fabric. Each tx has encryption of data under auditor's PK. Auditor needs to decrypt all ledger to trace the user. 8. Anonymous Transactions with Revocation and Auditing in Hyperledger Fabric - https://eprint.iacr.org/2019/1097.pdf 9. A Hybrid Blockchain Architecture for Privacy-Enabled and Accountable Auctions - 2019 - https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8946198 10. Toward Privacy and Regulation in Blockchain-Based Cryptocurrencies - 2019 - https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8642798 11. [DGK+20] Balancing Privacy and Accountability in Blockchain Identity Management - https://eprint.iacr.org/2020/1511.pdf - Identity-level auditing: identity verifiers, anonymity revocation. - This is what Concordium blockchain is based on: - https://www.concordium.com/ 12. [BG20] Achieving privacy and accountability in traceable digital currency - https://eprint.iacr.org/2020/1565.pdf - Similar to [DGK+20], also identity-level. 13. SoK: Auditability and Accountability in Distributed Payment Systems - https://eprint.iacr.org/2021/239.pdf - Special attention to: Table 2, Tables 3,4 (second half in both). - According to table 4, the most interesting solutions are (1) (2) (7) (8) (9) --- these are permissionless and fully private. (7) only allows organization audits which is not desirable? - zerocash ext: does it require communication with verifier before transaction is submitted? Or it can be done non-interactively? 14. Policy-Compliant Signatures - https://eprint.iacr.org/2021/1234.pdf - Not directly blockchain-related, maybe can be used in research? The primitive they build allows sign a message with a secret key of Alice and public key of Bob, if their credentials jointly satisfy a predicate. NIZK-based. See abstract + Fig.8. - By Christian, Hendrik,.. and Christian Matt from Concordium. 15. PEReDi: https://eprint.iacr.org/2022/974.pdf 16. VeriZEXE / CAP protocol / Espresso - 2021/2022 - https://github.com/EspressoSystems/cap/blob/main/cap-specification.pdf - https://www.espressosys.com/blog/veri-zexe-decentralized-private-computation-with-universal-setup 17. *TODO* look more on non-academic works, e.g. startups like Espresso or Concordium. Or anything with private SCs. 18. *TODO* Hyperledger? not confidential? 19. *TODO* smart contracts, generally? private smart contracts? Less related research papers: 1. Provisions: Privacy-preserving proofs of solvency for Bitcoin exchanges - https://eprint.iacr.org/2015/1008.pdf - Solvency 2. Distributed Auditing Proofs of Liabilities - https://eprint.iacr.org/2020/468 - Solvency Cryptocurrency companies/companies: 1. Findora - Compliant/auditable + confidential by design. Oriented towards the "real" financial world, attempts to capture complex financial instruments, and focuses on tools that can allow centralised issuance and control over certain tokens within their platform. Uses BFT consensus, selective disclosure credentials, customly issued tokens. Has two parallel private token design: (1) "confidential assets", also called "Maxwell design", which is basically UTXO+commitments, so hides amount and type, but not which coin it is, so quite traceable still; (2) fully anonymous zcash-like txs. Has smart contracts support, but not fully private or as powerful as Kachina. Talks quite a lot about regulation compliance, but all solutions are quite simple. - Litepaper https://findora.org/wp-content/uploads/2020/12/Findora_Litepaper_3.2_Final_Clean.pdf - Quite detailed, but still very vague in terms of their compliance promises (which there are many). Does only mention "Maxwell construction", but not zcash, so I guess zcash was added later. The paper promises regulation compliance tools such as traceability for asset issuers, - Auditable privacy-preserving assets (APPA) / FIP-2: - https://medium.com/findorafoundation/the-findora-improvement-proposal-that-could-bring-auditability-to-privacy-a21952ca4f55 - https://github.com/FindoraNetwork/FIPs/blob/main/FIPs/fip-2.md - The idea is to attach a ciphertext to every transaction ("Auditor's memo") and to prove its correctness. Only applies to UTXO transactions, and not to the EVM chain. Correctness is proven using a sigma protocol (for one, less private type of their transactions), and with SNARK-friendly encryption inside the TurboPLONK SNARK in their zcash-like transactions. 2. Shyft - Technical documentation is not transparent, even somewhat cryptic. What they do is a public protocol designed to validate identity and power compliance directly into blockchain data. It provides Identity Verification, Creation of Compliant Assets, Credit Scoring. Designed as a opt-in framework for gathering, storing, and sharing user identification data on a need-by basis. Something you can connect to your own blockchain solution? Not sure what their privacy guarantees are. - Very hard to understand what they do technically. My current understanding is that it's an "idea" of adding certain messages/authentication p2p network on top of a cryptocurrency, but maybe with second consensus, to monitor compliance. Too abstract. - Also kind of outdated project. - Whitepaper: - https://assets.website-files.com/619d6b083650f27552fb105a/61f0934cccb99e60d175387d_shyft-network-inc-whitepaper_v4.1.pdf - Too thin/watery. - They design a PoW consensus network ("Shyft Ring"), with a centralised fallback node ("Byfrost"), on top of which there are Shyft Conservators -- parties that monitor the chain for compliance using machine learning. They also have smart contracts. Some parties in the network are "trust anchors" which represent regulation authorities. - Github products: 1. Veriscope: - Quite recent effort (last month) - Implementation of FATF "travel rule" requirement for Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs): - https://www.fatf-gafi.org/media/fatf/documents/recommendations/Updated-Guidance-VA-VASP.pdf - ...several components that together enable VASPs to seamlessly create a "trust anchor" account on the Shyft Network, post attestations to the network, and transfer data peer-to-peer with other VASPs. - https://docs.veriscope.network/docs/main/index.html 2. https://github.com/ShyftNetwork/go-empyrean - 4 years old. 3. Facebook Diem (ex Libra): - Mention AML and regulation compliance as a goal pretty much everywhere, but not privacy focused. However, most of the content that is available online is discussions; I can't see any real compliance code or product. The last news were that meta are collaborating/selling the product with/to Silvergate, and moves to the US from Switzerland. It's not privacy oriented anyway, they build low-latency exchange system with smart contracts. - https://www.riskcompliance.biz/news/the-future-of-the-aml-is-in-cryptocracy/ - Website https://www.diem.com/en-us/ - Code: https://github.com/diem/diem - no mention of regulations, I think no regulation compliance for now. - Whitepaper: https://diem-developers-components.netlify.app/papers/the-diem-blockchain/2020-05-26.pdf - No mention of regulation compliance or accountability. 4. Aleo: - Wants to work on compliance, but has no public data indicating any concrete progress whatsoever. The project focuses on designing an easy-to-use programming language for zero-knowledge proofs; which can, of course, be used for regulation compliance, as any generic ZK language. - Mention regulation compliance several times as their goal - https://www.coindesk.com/tech/2021/04/20/a16z-leads-28m-funding-round-for-data-privacy-platform-aleo/ - https://www.aleo.org/post/zero-knowledge-primitives-by-aleo - https://www.aleo.org/post/aleo-token-economics - Leo: A Programming Language for Formally Verified, Zero-Knowledge Applications - https://eprint.iacr.org/2021/651.pdf - Published May 2021 - Paper does not mention regulation compliance. - https://github.com/AleoHQ - No concrete mentions of regulation compliance as far as I can tell, except [[https://github.com/AleoHQ/ARCs/blob/4cf51d663f0181e63db6c0b5855589d5add659a7/arc-0000/README.md][link]] indicating that they want to consider compliance into improvement proposals in the future. 5. Oasis - Compliance via collaboration with Shyft. - https://medium.com/oasis-protocol-project/shyft-network-to-build-opt-in-compliance-primitives-on-the-oasis-network-393388c51f71 - Oasis Dapps can create whitelisted addresses, i.e., a whitelist of items/IP addresses that are granted access to a certain system or protocol, and Anti-Money-Laundering (AML) and GDPR compliant systems, that help comply with AML regulation while protecting user's personal-identifiable information. - I don't see a lot of code on this collaboration. - An efficient confidential smart contract network over PoS consensus, where smart contracts can run in parallel runtimes with different privacy guarantees, using different cryptographic techniques (ZKPs, MPC, trusted execution environment, etc). Seems to not focus on compliance, but want to have this as a secondary selling point. It's possible to build compliant blockchain using TEE, and it can be quite efficient in fact. - https://www.oasislabs.com/ - Papers: https://oasisprotocol.org/papers - Whitepaper does not mention anything on regulation compliance. It focuses on TEEs and how to provide the basic optimal smart contract solution. Their selling point seems to be the optimisation strategy for verifying SCs fast, and TEE for now, but general privacy in the future. - Github: https://github.com/oasisprotocol - No mentions of regulation compliance 6. Aleph zero: - A solution that focuses on efficient consensus, they have their own BFT consensus. They also promise and plan to have privacy and regulation compliance features through their privacy layer called Liminal, but it seems to be not public or not implemented anywhere. They plan to provide KYC/AML by integrating with Gatenox, a decentralised wallet/identity service. - Articles: - https://alephzero.org/blog/blockchain-privacy-compliance/ - "...a protocol that fulfills the desires of both those requiring the utmost privacy while also following the rules governing data storage in the European Union (EU)" - "...transactions should be private, but auditable." - "Aleph Zero uses a solution that treads both paths (MPC and zkSNARKs) at the same time. " - Liminal https://alephzero.org/blog/liminal-multichain-privacy-layer/ - Liminal is their privacy solution that combines SNARKs and MPC, creating one global "private state". - I can't find anything concrete on it anywhere -- code or papers. - Integrate with Gatenox, a decentralized wallet that provides KYC, AML, and CDD processes. - https://alephzero.org/blog/gatenox-privacy-did-aleph-zero/ - "Aleph Zero’s MPC-based privacy technology, Liminal, will allow all users of Gatenox to prove that relevant information is correct without revealing the contents of that information, as well as ultimately provide the security that’s on par with hardware wallets." - Github: - https://github.com/aleph-zero-foundation - Development of the basic node and BFT seems quite active, but I can't find anything on their privacy part -- anything on this "Liminal" framework. - Paper: - https://arxiv.org/pdf/1908.05156.pdf - Focuses on building an efficient BFT consensus, that improves HoneyBadgerBFT, no mention of privacy or regulation compliance. 7. Suterusu - https://suterusu.io/ - https://medium.com/suterusu/regulation-compliance-of-suterusu-625abc752eb9 - Based on this paper: https://maltemoeser.de/paper/blacklisting-regulation.pdf - Analyses how (suspicious)address blacklisting can work in different cryptocurrencies. This should supposedly help with AML. It focuses on public cryptocurrencies, but in Section 6 discusses private (zcash like) as well, in which case they discuss coin tainting. - Collaborations: - Harmony: https://blog.harmony.one/suterusu-will-build-a-privacy-layer-on-top-of-harmony-blockchain/ - Fantom foundation: https://fantom.foundation/blog/suterusu-integration-privacy-transactions-on-fantom-opera/ 8. Manta: - A variant of zcash with custom tokens. Only mention regulatory compliance, also in their paper, not sure they do any. - Paper: https://eprint.iacr.org/2021/743.pdf - Only mentions that regulation compliance is on their list and it's possible to do it "with ZKP". Very little concrete ideas. - https://mantanetwork.medium.com/introducing-zkassets-and-zkaddresses-7b7a8e3e2af3 - Their custom types have access policies, very similar to CAP from espresso team. 9. Iron fish - Built on top of zcash sapling. I think it's a re-implementation that aims to be more lightweight and run on low-power devices, e.g. in a browser. Apparently regulation compliance is achieved by giving away viewing parts of user's zcash keys to the authority. Which trivially works but is not flexible in any way. - Whitepaper: https://ironfish.network/docs/whitepaper/1_introduction - I scrolled through, it looks exactly like Sapling. What's the difference? - https://d-core.net/asset-review-summary-iron-fish/ - https://coinstelegram.com/press-release/iron-fish-the-privacy-platform-for-web3/ 10. Secret network: privacy-preserving smart contracts, but no mention of regulation compliance. 11. Hopr: - Mention regulation compliance. - https://hoprnet.org/Book_Of_Hopr_2021.01_v1.pdf 12. Aztec network: - no mentions of compliance on their website/their mission, but their CEO's interview on Tornado cash is quite popular and foresees the advent of compliant privacy - https://beincrypto.com/regulating-web3-aztec-ceo-future-privacy-tornado-cash-sanctions/ 13. Ruby protocol: - Mention regulation compliance - https://wiki.ruby.xyz/ 14. Panther protocol: - https://medium.com/roundtabledao-project-reviews/panther-protocol-making-privacy-compatible-with-regulatory-compliance-983d178129e - https://blog.pantherprotocol.io/kyc-aml-how-crypto-might-change-a-traditional-finance-standard-forever/ 15. Shade protocol - https://shadeprotocol.io/pdf/Shade_Protocol_Whitepaper.pdf 16. Boring protocol - https://boringprotocol.io/static/files/Boring_LitePaper.pdf