Inspiration
-
Tornado is a great product providing assets privacy for users. However Torn is also a complete anonymous tool, which makes everyone invisible, honest users are mixing with hackers and criminals, who are using Tornado for crime.
-
How to make Tornado regulatory without sacrificing any anonymity? If there a way to create a new coins shielding protocol preventing hackers outside but serves those really need privacy.
Technical Scheme
Asymmetric Encryption
-
Consider the effect of
nullifier, it’s something mapping with the deposit position in Merkle Tree, which must be used in withdrawal. -
Create a
public keyand aprivate keyfor asymmetric encryption, we could call them regulatory keys. Use the public key to encrypt the nullifier to anullifier-cipher, which must be filled as an argument in deposit progress transaction. -
Zk-snark could enforce users to encrypt nullifier correctly. So there should be a circuit especially for asymmetric encryption at deposit stage, and nullifier-cipher should be a public input of the circuits and nullifier is a witness variable.
-
Besides, deposit users should encrypt nullifier with random paddings, like
nullifier_cipher = ENC(nullifier | paddings). Then no one could convert nullifier back to nullifier-cipher but himself. -
Only those who own the private key could decrypt nullifier-cipher to get the nullifier, and establish the relationship between deposit and withdrawal progress.
Who owns the private key
-
The private key is the only way to reveal the relationship between deposits and withdrals. To avoil abusing, it must be stored safely enough and decentralized.
-
A effective way is to generate and store the private key in a enclave of privacy contract, such as phala network, nucypher, etc. The enclave should implement following functions:
-
Generate the regulatory private key on the enclave, and export the public key outside.
-
Decrypt ciphers with the private key.
-
Decryption is Controlled by a multi-sig signer
-
