Overview of Compliance

Labyrinth ensures compliance and regulatory adherence through a framework called Selective De-Anonymization (SeDe). This framework is designed to address the challenge of balancing privacy protection with compliance in blockchain applications, particularly in cases where illicit activities may be involved. Here's an overview of how Labyrinth achieves this:

Background: Public blockchains like Bitcoin and Ethereum are transparent by nature, and while they offer pseudonymity, modern analytics techniques can potentially identify users. Privacy-preserving applications using techniques like zero-knowledge proofs (ZKPs) have been developed to enhance privacy. However, malicious actors can misuse these privacy features for illicit activities, raising compliance and regulatory concerns.

Problem Statement: Privacy-preserving applications can be used for money laundering and mixing legitimate funds with illicit ones, leading to regulatory challenges and discouraging honest users from adopting blockchain technology.

Previous Attempts: Several approaches have been attempted to address this issue, including deposit limits, sanctioned address lists, blockchain analysis tools, view-only access, and association sets. However, these solutions have limitations and provide only partial solutions.

Example Use Case:

An example demonstrates how the SeDe framework can be used to trace and de-anonymize transactions conducted by a malicious actor who initially deposited illicit assets into a privacy-preserving application. The revoker and guardians collaborate to progressively de-anonymize transactions, linking them to reveal the entire subgraph of illicit activity.

Example Scenario:

In this example, Eve seeks to launder a large sum of illicitly obtained assets through a private channel to avoid detection by external observers. She uses a privacy protocol or application built upon the SeDe framework. Here are the key details of the example:

  1. Eve's Accumulated Assets: Eve has acquired a significant amount of a specific asset through illegal means, such as DeFi protocol hacks.

  2. Public Transactions: Traditional blockchain transactions are public, making it difficult for Eve to use her ill-gotten assets without exposing herself.

  3. Depositing Illicit Assets: To start the laundering process, Eve initiates a deposit transaction (T1) from her known address to the application's smart contract address. This initial transaction is public but essential to proceed with private transactions.

  4. Private Transactions: Once the deposit is made, Eve can conduct private transactions within the application, making it challenging for external observers to link these transactions to T1.

  5. Multiple Transactions: Eve performs several transactions within the application, including sending some assets (v_t) to another account (A2) in transaction T2 and withdrawing a portion of the assets (v_w) in transaction T3 to a regular wallet. None of these transactions can be easily linked to T1 by external observers.

  6. Revoker's Intervention: At some point, a revoker entity becomes aware of the illicit activity and initiates the process of de-anonymization.

  7. De-Anonymization Steps: The revoker follows these steps to de-anonymize Eve's transactions: a. Identifies T1 and retrieves its details, including any encrypted data. b. Sends a verifiable message publicly requesting de-anonymization of T1 to the guardians (entities responsible for overseeing privacy in the application). c. Guardians vote and reach a quorum for granting permission to de-anonymize T1. d. With permission, the revoker decrypts the transaction data, allowing them to link T1 to T2 by examining the expenditure of assets in T2. e. The revoker repeats this process for T2 and T3, revealing transfer amounts and recipient accounts. f. Finally, the revoker can de-anonymize any further transactions (e.g., T4 and T5) recursively to expose the entire subgraph of illicit transactions, including T1, T2, T3, T4, and any others.

This example illustrates how the SeDe framework and a revoker entity can be used to de-anonymize a sequence of transactions and link them together, ultimately revealing the illicit activity conducted by Eve.

Last updated