Many Chinese users were recently warned and even frozen by FTX (unfrozen after submitting a clarification) because they were transferring money from their FTX exchange accounts to zk.money, the privacy transfer service of the L2 privacy protocol Aztec, in order to earn airdrops.
Below we will briefly describe Aztec, the center of this fiasco, and what you need to be aware of when using privacy transfer DApps so as not to jeopardize your exchange account.
Mechanism
We all know that Ethereum is based on the account model to represent the balance, , and the blockchain will record the balance of each address and add or subtract the balance in both addresses when transferring money. The advantage of this model is that it is easy to program smart contracts, but it is rather inconvenient for privacy transfer because it requires anonymization of both addresses when encrypting and zero-knowledge proof when decrypting, which is a huge workload if the transaction involves more than two parties.
While Bitcoin's UTXO model-based representation of balances is not suitable for programming smart contracts, it has an inherent advantage when it comes to privacy transfers. UTXO can be understood in a simplified way as a note; if you want to transfer a note privately, you can simply secretly change the old owner recorded on the note to the new owner without caring about the change in asset balances between the two addresses, which is a lot less work for the blockchain.
Aztec uses Bitcoin's UTXO model, in which each user transaction is essentially a process of destroying one batch of notes and generating another batch of notes, with the ownership and face value of the new notes being redefined (the total redefined face value must equal the previous total).
Suppose Alice has a note with a face value of 10 ETH and now has to pay 2 ETH to Bob. Alice’s 10 ETH notes need to be destroyed, and two new notes created: an 8 ETH note that stays with Alice, and a 2 ETH note that goes on to its new owner, Bob.
The above is what the UTXO model does, and Aztec's job is to hide the amount and ownership in the process, so it needs to prove that the total face value of the two notes is equal to the face value of the previous one. To prove that the old and new notes are equal in face value, Aztec generates a zero-knowledge proof (ZKP) locally in Alice, using which it is able to prove equal face value without revealing the exact amount and ownership.
This privacy proof is only generated locally, and only needs to be proven true on chain via the ZKP, similar to the process of generating a local private key when creating a wallet.
In summary, the basic privacy architecture of Aztec is:
- Use the UTXO model.
- Destroy the old UTXO and generate a new UTXO when transferring.
- Generate a privacy proof locally for the user, and submit it to the L1 after passing the zero-knowledge proof on chain.
Aztec vs. Tornado
Tornado Cash is currently the most widely used privacy transfer DApp on Ethereum, but its transaction processing capacity is low because it adopts the same account model as Ethereum for bookkeeping as mentioned above, which requires anonymizing the address balances of all parties to the transaction, resulting in higher workload and higher gas fees.
After Aztec has completed the above zero-knowledge proof, multiple transactions are packaged and submitted to the main chain through Rollup technology, so the gas fee is lower. However, since Rollup technology requires a certain number of transactions to be processed in batch, it means that users sometimes have to wait for a long time, especially when there are not enough users in the early stage of DApp launch.
Other than that, Aztec has a major advantage over Tornado Cash in terms of interoperability. Since Aztec migrates privacy transactions to L2, it can still interact with other DApps on L1. This is completely impossible for Tornado Cash.
Currently Aztec has programmed Aztec Bridge, a smart contract in L1, and L2 will pass the same type of transaction package to Aztec Bridge through Rollup, and then trade on other DApps through this smart contract, and finally return the tokens after the transaction is completed through Aztec Bridge to the address on L2.
At present, there are few DApp that have been connected to Aztec Bridge, but you can imagine how great the impact on the Ethereum ecosystem is.
Other privacy transfer DApps
Currently, there are few passwords with privacy transfer capabilities, either Monero or Zcash, both of which also adopt the UTXO model, and Aztec's development has borrowed from them to some extent. However, this type of token is not an DApp and does not enable the privacy transfer of other passes, so it is not part of the discussion.
The only one that currently enables this functionality, besides Tornado Cash and Aztec, is probably Secret Network, which relies on a Trusted Execution Environment (TEE) for privacy-preserving calculations on data, i.e., it requires a secure region in the CPU built through hardware (previously with Intel's SGX). This obviously limits the decentralization of the protocol significantly, and privacy protection for blockchain DApps should rely on mathematics and cryptography rather than hardware.
Regulation
After Tornado Cash, Aztec is also starting to be targeted by regulators. Recently, FTX issued a warning to users who have interacted with Aztec.
Please note that Aztec Connect - Aztec.network / zk.money is identified as a mixed service. Such a source is a high-risk activity and a prohibited use of FTX. Please be aware of future transactions associated with high-risk activities - we strongly recommend that you do not use mixed services in the future as this may jeopardize your FTX account. As a licensed and regulated cryptocurrency exchange, we are required to screen all transactions and perform due diligence when necessary. This is done with the help of industry-leading third-party transaction monitoring tools to ensure the safety of our customers and prevent interactions with impermissible addresses. We look forward to your understanding and cooperation.
While there have been few sub-precedents for exchanges in the past, with the fear caused by the US government sanctioning Tornado Cash and the Dutch government arresting the developer, it is expected to be only a matter of time before centralized exchanges ban customers from interacting with mixed tokens services. Among the rules currently in place for compliant exchanges in Korea, and soon to be in place in the EU, is an important standard called the "Travel Rule", which only supports withdrawals to crypto exchanges that are compatible with the Lambda 256 solution VerifyVASP. When sending funds, it is also necessary to provide various information about the recipient. As a result, all Korean exchanges immediately banned and took down Litecoin after the older Litecoin added privacy features. For a long time, it is expected that products involving privacy, especially "anonymous transfers", will most likely self-censor.
Read more: https://paxful.com/university/travel-rule/
Reference
https://medium.com/aztec-protocol/fully-confidential-ethereum-transactions-aztec-networks-privacy-architecture-274f968b13d4
https://medium.com/aztec-protocol/private-defi-with-the-aztec-connect-bridge-76c3da76d982
https://twitter.com/0xfoobar/status/1502083084052836354
Follow us
Twitter: https://twitter.com/WuBlockchain
Telegram: https://t.me/wublockchainenglish
