Authors: David Sverdlov & Aiden Slavin
Compiled by: Shenchao TechFlow
The emergence of new technologies—from telegraphs and telephones to the internet—has always been accompanied by anxieties about the imminent demise of privacy. Blockchain technology is no exception, and discussions about blockchain privacy often involve misunderstandings: either believing it will bring excessive transparency that threatens personal privacy, or that it will become a breeding ground for crime.
But the real challenge is not choosing between privacy and security, but how to build tools that support both privacy and security—both technically and legally. From Zero-Knowledge Proof systems to advanced encryption technologies, privacy-preserving solutions are gradually expanding. Blockchain privacy is far from limited to the financial sector; it also opens doors for applications in identity verification, gaming, artificial intelligence, and many other fields, truly benefiting users.
With the formal signing of U.S. stablecoin legislation, the demand for blockchain privacy has become more urgent than ever. Stablecoins present an opportunity to bring a billion people into cryptocurrency. However, for users to be willing to use cryptocurrencies to pay for everyday expenses—from coffee to medical bills—they must be assured that their on-chain activities are private. Now is not the time for misunderstandings, but rather the time to take action to build solutions.
The debate about privacy has a long history, and its answers are not new: insisting on innovation and rejecting misunderstandings and misapprehensions is key to shaping the future of privacy.
Misunderstanding 1: The internet is the main culprit of modern "privacy issues".
Truth: Long before the internet appeared nearly a century ago, the communication revolution of the late 19th century propelled the development of privacy rights in the U.S. Entrepreneurs developed many technologies that enabled unprecedented information transmission, including the first commercial telegraph, telephone, commercial typewriters, microphones, and other media. The emergence of these technologies significantly changed the way information was disseminated. Historian and professor Sarah Igo notes that the privacy conflicts in America at that time evolved alongside new communication methods, raising many new privacy issues: Could the media use someone else's name, likeness, or photograph for commercial purposes? Could law enforcement wiretap phone lines to listen in on conversations or use photography and fingerprint technology to establish permanent records or criminal identification registries?
Shortly after these technologies emerged, legal scholars began to tackle the privacy challenges they posed. In 1890, future U.S. Supreme Court Justice Louis D. Brandeis and lawyer Samuel D. Warren published The Right to Privacy in the Harvard Law Review. Subsequently, privacy law gradually evolved through legislation, tort law, and constitutional law throughout the 20th century. However, more than a century after Brandeis and Warren published their article, the launch of Mosaic, the first widely available commercial web browser in 1993, led to a surge in internet-related privacy issues.
Misunderstanding 2: The internet can operate normally without privacy.
Truth: The early lack of privacy protection on the internet severely hindered its broader adoption. Overall, people enjoyed a higher degree of privacy before the internet emerged. As Simon Singh noted in The Code Book, early pioneers of cryptographic research, such as Whitfield Diffie, pointed out that at the time of the Bill of Rights, "any two people could have an absolutely private conversation by walking a few meters to the side of the road and confirming that no one was hiding in the bushes—an extent of privacy that no one in today's world can enjoy." Similarly, people could conduct financial transactions with goods or cash, enjoying the privacy and anonymity that is lacking in most digital transactions today.
Advances in cryptographic research have alleviated concerns about privacy, giving rise to new technologies that facilitate the confidential exchange of digital information and ensure data protection. Cryptographers like Diffie predicted that many users would demand basic privacy protections for digital activities, leading them to seek new solutions that could provide such protections—namely asymmetric public key cryptography. The new encryption tools developed by Diffie and other researchers have now become the foundation of e-commerce and data protection. These tools have also paved the way for exchanging other confidential digital information, which is now also applied in the blockchain field.
The development of the HyperText Transfer Protocol Secure (HTTPS) is a classic example of a privacy tool that has driven the prosperity of the internet. In the early days of the internet, users (clients) communicated with web servers using the HyperText Transfer Protocol (HTTP). This protocol allowed data to be transmitted to web servers, but there was a significant flaw: data transmission was not encrypted. Malicious actors could read any sensitive information submitted by users to websites. Years later, Netscape developed the HTTPS protocol for its browser, adding a layer of encryption that could protect the transmission of sensitive information. As a result, users could securely send credit card information over the internet and engage in private communication more broadly.
With encryption tools like HTTPS, internet users are more willing to provide personal identification information such as names, birth dates, addresses, and social security numbers through online portals. This increased sense of security has made digital payments the most commonly used payment method in the U.S. today. At the same time, businesses have accepted the risks associated with receiving and protecting such information.
These changes in behaviors and processes have given rise to many new applications, from instant messaging to online banking to e-commerce. Today, internet activities have become an essential part of the modern economy, bringing unprecedented communication, entertainment, social networking, and other experiences.
Misunderstanding 3: Transactions on public blockchains are anonymous.
Truth: Transactions on public blockchains are transparently recorded on publicly shared digital ledgers, which makes them "pseudonymous" rather than truly anonymous. This distinction is crucial. The practice of pseudonymity dates back centuries and played an important role in early American history: Benjamin Franklin published early works under the pseudonym "Silence Dogood" in the New-England Courant, while Alexander Hamilton, John Jay, and James Madison used "Publius" as the byline for The Federalist Papers (Hamilton used multiple pseudonyms in his writings).
Blockchain users transact through wallet addresses, which consist of unique alphanumeric characters (i.e., keys) generated by a series of algorithms, rather than using real names or identity information directly. Understanding the difference between pseudonymity and anonymity is crucial to recognizing the transparent nature of blockchain: While the alphanumeric characters of wallet addresses cannot be immediately associated with specific user identity information, the degree of privacy protection for key holders is far lower than people imagine, let alone true anonymity. A cryptographic address functions similarly to a username, email address, phone number, or bank account number. Once a user interacts with others or entities, the counterpart can associate the pseudonymous wallet address with a specific user, thereby exposing the user's entire on-chain transaction history and potentially revealing their personal identity. For instance, if a store accepts cryptocurrency payments from customers, the store's cashier can see those customers' previous shopping records elsewhere and their cryptocurrency holdings (at least the wallet balance on the blockchain network used for that specific transaction, as skilled cryptocurrency users often possess multiple wallets and tools). This is akin to making your credit card usage history public.
The Bitcoin whitepaper initially mentioned this risk, noting that "if the identity of the key owner is revealed, the correlation could expose other transactions belonging to the same owner." Ethereum co-founder Vitalik Buterin has also written about the challenges of "making a significant portion of one's life publicly viewable and analyzable," proposing solutions such as "privacy pools"—using Zero-Knowledge Proofs, users can prove the legitimacy of the source of funds without disclosing the full transaction history. For this reason, many companies are developing solutions in this field, not only to protect privacy but also to hope to create new application scenarios that combine privacy with the unique attributes of blockchain.
Misunderstanding 4: Blockchain privacy fosters rampant crime.
Truth: Data from the U.S. government and blockchain analytics firms show that the proportion of illegal financial activities conducted with cryptocurrencies remains lower than that of fiat currency and other traditional financial methods, with illegal activities accounting for only a small fraction of total blockchain activity (see related data here, which we will discuss in detail below). This data has remained consistent over the years. In fact, as blockchain technology has evolved, the proportion of on-chain illegal activities has been declining.
Undeniably, illegal activities accounted for a significant proportion of the Bitcoin network in its early stages. As David Carlisle pointed out, citing researcher Sarah Meiklejohn's observation, "There was a time when the main Bitcoin addresses used by Silk Road accounted for 5% of all existing Bitcoins, and that site accounted for a third of Bitcoin transactions in 2012."
However, following this, the cryptocurrency ecosystem successfully introduced effective mechanisms to reduce illegal financial activities, while the overall volume of legitimate activities significantly increased. According to the latest report from TRM Labs, it is estimated that in 2024 and 2023, the volume of illegal transactions accounted for less than 1% of the total cryptocurrency transaction volume (based on the dollar value of funds stolen by cryptocurrency hackers and the dollar value flowing to blockchain addresses associated with illegal entities). Chainalysis and other blockchain analytics firms have also released similar estimated data (including data from earlier years).
Similarly, government reports, particularly those from the Biden administration's Treasury, have revealed the advantages of cryptocurrencies in terms of illegal financial risk compared to off-chain activities. In fact, recent discussions by the Treasury regarding cryptocurrencies—including its 2024 National Risk Assessments, Illicit Finance Risk Assessment on Decentralized Finance, and Illicit Finance Risk Assessment of Non-Fungible Tokens—have pointed out that the majority of money laundering, terrorist financing, and proliferation financing still occurs in fiat currency or more traditional financial methods, based on transaction volume and amounts.
Moreover, many of the transparent characteristics of blockchains (such as those discussed in Misunderstanding 3) make it easier for law enforcement to catch criminals. Because the movement of illegal funds is visible on public blockchain networks, law enforcement can track the flow of funds to "cash-out points" (i.e., points where cryptocurrency is converted to cash) and blockchain wallet addresses associated with wrongdoers. Blockchain tracking technology has played a significant role in combating illegal markets, including the takedown of illegal platforms such as Silk Road, Alpha Bay, and BTC-e.
For this reason, many criminals recognize the potential risks of using blockchain to transfer illegal funds, choosing instead to continue using more traditional methods. While enhancing blockchain privacy may, in some cases, make it more challenging for law enforcement to combat on-chain criminal activities, new cryptographic technologies are continually evolving to protect privacy while meeting law enforcement needs.
Misunderstanding 5: Combating illegal finance and protecting user privacy cannot coexist.
Truth: Modern cryptographic technologies can simultaneously meet the privacy needs of users and the information and national security needs of regulatory and law enforcement agencies. These technologies include Zero-Knowledge Proofs, homomorphic encryption, multiparty computation, and differential privacy. Among these, Zero-Knowledge Proof systems may hold the most potential to achieve such a balance. These methods can be applied across various fields, curbing crime, enforcing economic sanctions, and preventing the monitoring of citizens while ensuring the blockchain ecosystem is not used for theft or money laundering.
Zero-Knowledge Proofs are a cryptographic technique that allows one party (the prover) to prove to another party (the verifier) that a statement is true without revealing any information beyond the truth of that statement. For example, to prove whether someone is a U.S. citizen, using Zero-Knowledge Proofs, a person can demonstrate this without showing a driver's license, passport, birth certificate, or other information. Through Zero-Knowledge Proofs, this fact can be confirmed while avoiding the exposure of specific or additional information—such as address, date of birth, or indirect password hints—thus protecting privacy.
Given these characteristics, Zero-Knowledge Proof solutions are among the best tools for helping detect and curb illegal activities while protecting user privacy. Current research indicates that privacy-enhancing products and services can reduce risks in various ways, including:
Deposit screening: Prevent deposits from sanctioned individuals or wallets;
Withdrawal screening: Prevent withdrawals from sanctioned addresses or addresses related to illegal activities;
Voluntary selective de-anonymization: Provide options for individuals who believe they have been wrongly added to a sanctions list, allowing them to disclose transaction details to designated or selected parties;
Involuntary selective de-anonymization: Involves a gateway entity (such as a nonprofit organization or other trusted institution) sharing private keys with the government, where the gateway entity is responsible for evaluating requests from the government to use the private keys to de-anonymize wallet addresses.
Under the concept of "privacy pools," Vitalik Buterin and other proponents have also advocated using Zero-Knowledge Proofs to allow users to prove that their funds do not originate from known illegal sources without disclosing the entire transaction graph. If users can provide such proof when converting cryptocurrencies to fiat currency, then exchange nodes (such as exchanges or other centralized intermediaries) can reasonably ensure that these cryptocurrencies are not criminal proceeds, while users can retain the privacy of their on-chain transactions.
Although critics have often questioned the scalability of cryptographic privacy technologies like Zero-Knowledge Proofs, recent technological advancements have made them more practical for large-scale implementation. By reducing computational overhead, scalability solutions are improving the efficiency of Zero-Knowledge Proofs. Cryptographers, engineers, and entrepreneurs continue to enhance the scalability and usability of Zero-Knowledge Proofs, making them an effective tool to meet law enforcement needs while protecting individual privacy.
Misunderstanding 6: Blockchain privacy only applies to financial transactions.
Truth: Privacy-protecting blockchain technology can unlock a wide range of financial and non-financial application scenarios. These capabilities emphasize how privacy-preserving blockchain technology fundamentally expands the scope of secure and innovative digital interactions, covering various application scenarios. The following are specific examples:
Digital Identity: Privacy transactions enhance digital identity verification capabilities, allowing individuals to selectively and verifiably disclose attributes such as age or citizenship without exposing unnecessary personal data. Simultaneously, in medical applications, digital identity can help patients protect the confidentiality of sensitive information while accurately conveying appropriate test results to doctors.
Gaming: Cryptographic technology allows developers to create more engaging gaming experiences, such as unlocking certain hidden items or levels after players complete specific actions. Without privacy tools, blockchain-based virtual worlds would be entirely transparent to users, diminishing their sense of immersion; when players know everything about the digital world, their motivation to explore it diminishes.
Artificial Intelligence: Privacy-preserving blockchain tools open new possibilities for artificial intelligence, allowing encrypted data sharing and model validation methods without leaking sensitive information.
Finance: In the financial sector, cryptographic technology enables decentralized finance (DeFi) applications to offer more diverse services while maintaining privacy and security. New decentralized exchange designs can leverage cryptographic technology to enhance market efficiency and fairness.
Voting: In decentralized autonomous organizations (DAOs), the privacy of on-chain voting is crucial to avoid negative consequences from supporting unpopular proposals or to prevent groupthink caused by mirroring the voting behavior of specific individuals.
These are just some obvious application scenarios for privacy-preserving technologies; just like the development of the internet, once privacy protection features are realized, we expect to see more innovative applications emerge.
The debate about privacy—who controls privacy, how to protect privacy, and when to give it up—has existed for at least a century before the digital age. Every new technology has sparked similar fears at its inception: telegraphs and telephones, cameras and typewriters have all sparked discussions that have affected generations of society.
Believing that blockchain will only jeopardize privacy or that it is particularly vulnerable to being used as a weapon of wrongdoing is a misunderstanding of both history and technology. Just as cryptographic techniques and protocols enable secure online communication and commerce, emerging privacy-protecting technologies such as Zero-Knowledge Proofs and advanced encryption can also provide practical solutions for achieving compliance goals and combating illegal finance while protecting privacy.
The real question is not whether new technologies will reshape privacy, but whether technologists and society can rise to the challenge by implementing new solutions and practices to adapt to change. Privacy is not lost or compromised; it is adapted to the broader pragmatic needs of society. This technological revolution, like previous revolutions, poses the real question of how to achieve such adaptation.
For the complete cited paper, see here.