Hey there! Earlier this month, we held our third in-person event, the Stablecoin Privacy Summit, in Washington, DC. This issue delves into some of the key takeaways.

Stablecoins and privacy: it’s complicated

by Mike Orcutt

Stablecoins are about to go mainstream.

Are they, though? The prediction, prevalent in the crypto world since the United States passed the first-ever regulatory framework for stablecoins last year, faces a challenge.

Blockchain-based financial services have an “inherent potential privacy problem,” Dante Disparte, chief strategy officer and head of global policy at Circle, acknowledged on stage at Project Glitch’s Stablecoin Privacy Summit in Washington, DC, this month.

Enthusiasts hail stablecoins as the future of money, and Disparte engaged with the idea via an oft-used example: payroll, a plausible use case for stablecoins. Imagine you are a payroll provider. “It’s not obvious to you that you want to use an innovation that will permanently and irrevocably record the bilateral transactions of your payroll on a public ledger.” Without privacy, he said, “it is not likely that this future of money is going to reach its full potential.”

Whether that happens will hinge on a number of complex technical and legal dimensions, which we wrestled with at the Stablecoin Privacy Summit. The event revolved around a central question: How private can a stablecoin be?

An opening in Washington

This conversation is timely. Last July, President Trump signed into law the Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act, putting a shiny mainstream gloss on the kind of stablecoin that is backed by dollars held in a traditional bank account. Multiple federal regulators are now developing rules and standards that companies that issue stablecoins must follow. That includes rules for how those issuers should manage the risk of illicit finance, a topic that has pitted crypto privacy advocates against the government since at least the beginning of the Tornado Cash saga.

At the center of the conflict is the Bank Secrecy Act, America’s anti-money laundering law, which, among other things, requires financial institutions to verify the identities of their customers, monitor transactions, and report cash transactions of over $10,000 and any others that appear suspicious to the Treasury’s Financial Crimes Enforcement Network (FinCEN). The developers of and participants in truly decentralized networks are unable to fully comply with these obligations—at least without defeating the purpose of the technical decentralization. Nonetheless, many policymakers still argue that such protocols should be regulated the way traditional financial institutions are. And US prosecutors are aiming to re-try Tornado Cash developer Roman Storm on money laundering and sanctions evasion charges after a jury failed to reach a verdict on those charges last year.

The legal impasse may be shrinking, however, starting at the top. “This moment serves as a valuable opportunity to comprehensively review the [anti-money laundering/countering the financing of terrorism] regime to ensure it protects the financial system from abuse without impeding on the rights of law-abiding Americans,” President Trump’s Working Group on Digital Asset Markets declared in a long report it published last summer. The group added that “updates” to AML/CFT regime would make the sector safer and more resilient.

Congress seems open to the idea, too. The GENIUS Act directed the Department of the Treasury to solicit public comments on “innovative methods to detect illicit activity involving digital assets,” with an emphasis on artificial intelligence, digital identity, blockchain monitoring and analytics, and application programming interfaces.

There are plenty of ideas for what those new methods might be, thanks in part to powerful emerging cryptographic capabilities. Sophisticated tools like zero-knowledge proofs, for example, make it possible to prove facts about one’s identity without revealing any personal information in the process. In decentralized systems where individuals are anonymous but still need to prove they’re not criminals in order to send or receive money, this could be useful.

Such tools might solve another issue as well. Traditional banking, credit, identity, and online commerce systems collect and store people’s credentials in centralized repositories. They’re so tempting to sophisticated hackers—including those backed by nation states like North Korea—that they’re often referred to as “honeypots” and have been the targets of several large data breaches. Credentials protected by zero-knowledge proofs, in theory, could help get rid of the honeypot problem, because they work without ever having to leave an individual user’s device. “The diffuse nature of this type of digital identity may also create fewer large identity targets for illicit actors to exploit,” the Treasury noted in a recently published report to Congress about the findings from last year’s request for public comment.

Why we’re talking about stablecoins

For most of their existence, fiat-backed stablecoins have been far from “innovative,” at least as far as crypto things go. And the vast majority of their utility has been for crypto traders who use them to take their money out of the market without cashing out into fiat currency. But the GENIUS Act paved the way for their broader adoption as a payment method—an alternative to credit cards and wire transfers.

“Peer-to-peer electronic cash” was what Bitcoin was supposed to be. There are many reasons it hasn’t become that, but it doesn’t help that blockchains, as originally designed, are not private. It’s the same problem Disparte flagged. Analytics firms like Chainalysis and TRM Labs crunch public blockchain data to track funds and determine whose real-world identities are hiding behind pseudonymous addresses.

“Crypto has survived not having privacy because nobody uses crypto,” Johns Hopkins University cryptographer Matthew Green said during a later session at the Stablecoin Privacy Summit. Now that there’s mainstream interest in stablecoin payments, something has to give.

“Stablecoins, in theory, are a thing that could make crypto useful for actual applications,” Green said. “And the minute you do that, you have to confront the fact that you’re running around putting all your data on a blockchain.”

Zero-knowledge proofs could help here, too, by keeping blockchain data secret. That’s how Zcash, which Green helped invent, works. It’s also how private chains like Aztec and Aleo work. In fact, there are already stablecoins on Aleo (Green is also an advisor at Aleo). One, called USDCx, is backed by Circle’s USDC stablecoin. Another, called USAD, works similarly and is backed by Paxos’s USDG stablecoin.

How private are these stablecoins, though? Getting to an answer requires first wading into the legal and policy weeds, and, from there, into the technical weeds. Regulators have come to expect crypto exchanges, stablecoin issuers, and other entities to monitor transactions and report suspicious activity and even deactivate or “freeze” wallets when there is evidence they’ve been engaged in criminal activity. That’s not possible if the transaction data isn’t visible. So the USDCx and USAD systems on Aleo include a component called a view key, which allows whoever holds the key to decrypt all the transaction data associated with the asset if necessary. (For a more detailed explanation, watch this Stablecoin Privacy Summit panel featuring Yaya Fanusie of Aleo, Nick Gersh of Paxos, and Nikhil Raghuveera of Predicate.)

The view key capability raises big legal questions that don’t yet have clear answers. Just to name a few: Who should hold the view key? What exactly is the view key holder’s legal responsibility? How should a holder comply with law enforcement requests for information, keeping in mind that such requests may originate from foreign jurisdictions?

So how private can a stablecoin be?

From a technical standpoint, the tools exist to make stablecoins as private as you want. Shielded transactions? No problem. Full user anonymity? Sure thing. The difficulty is in coming up with a system that will work in the real world, where all the messy aspects of crafting workable regulation, and then enforcing the law, come into play. That’s what policymakers must wrestle with. They need to decide whether the risks arising in blockchain-based financial systems should be managed using tactics similar to those the law requires of traditional financial institutions, or whether to turn to new approaches more tailored to decentralized networks.

For now, it seems unlikely that law enforcement will be happy to give up visibility into blockchain transactions, whether that be via public blockchain data or a view key. But what if novel methods for detecting illicit activity in decentralized protocols could achieve better outcomes than the established system? The effectiveness of the traditional AML/CFT regime is hard to quantify due to a lack of unbiased data. But there is plenty of anecdotal evidence that know-your-customer (KYC) regimes can be gamed, and that sort of thing seems bound to get easier as AI gets better at forging traditional credentials, for example.

Anonymous identity credentials that can be verified using zero-knowledge cryptography, combined with blockchain smart contracts, offer an alternative direction, Ian Miers, a cryptographer at the University of Maryland, said at the Stablecoin Privacy Summit. Miers, also an advisor to Aleo, was Green’s co-panelist in a lively session moderated by Coin Center’s Peter Van Valkenburgh.

In theory, a system could automatically calculate dynamic “risk scores” for individual users and take actions, like freezing wallets, based on those scores. “These are programmable systems,” Miers said. “You can come up with pretty much any policy, risk scoring metric, behaviors you want, and implement it.” But this raises three questions, he said. First, what are those policies? Second, do they work? And third: “Will regulators let you try them for a while?”

“We have really good techniques for identity, for reputation,” Miers said. In theory, they could be used to make even more private stablecoins. But we can’t know if they really work and how effective they are until they can be tested. At the moment, however, developers are hesitant to experiment in this area due to uncertainty around legal liability.

So the answer to the question of how private a stablecoin can be may depend on another question Miers posed: “Can we get an experimental place to try these things?”

ICYMI: The Stablecoin Privacy Summit videos

1. Why privacy matters for stablecoins

Circle’s Dante Disparte in conversation with Michael Mosier of Arktouros

2. Getting real about the business demand for stablecoins

Privy’s Kaili Wang in conversation with Michael Reilly of Project Glitch

3. How private can a stablecoin be?

A panel featuring Matthew Green of Johns Hopkins University and Ian Miers of the University of Maryland. Moderate by Peter Van Valkenburgh of Coin Center

4. What I learned about crypto privacy while working at the Treasury

Julie Lascar of Digital Asset

5. Where crypto policy meets national security

A panel featuring Kyle Bligen of the Decentralization Research Center, Jessi Brooks of Ribbit Capital, and Isaac Patka of the Security Alliance (SEAL). Moderated by Mike Orcutt of Project Glitch

6. WTF is zkTLS? And why should you care?

Hersh Patel of Opacity

7. Where the rubber meets the road for private stablecoins

A panel featuring Yaya Fanusie of Aleo, Nick Gersh of Paxos, and Nikhil Raghuveera of Predicate. Moderated by Mike Orcutt of Project Glitch

Follow us on Twitter or get corporate with us on LinkedIn.