0xbow is essentially a compliant version of Tornado Cash.

Written by: Eric, Foresight News

On November 18, the Privacy Pools development team 0xbow announced the completion of a $3.5 million funding round, led by Starbloom Capital, with participation from venture capital firms such as Coinbase Ventures, BOOST VC, and several angel investors including former Coinbase CTO Balaji Srinivasan.

Privacy Pools is a core component of the Ethereum Foundation's Kohaku project, aimed at achieving privacy in fund transfers under compliance. Privacy Pools is based on research and development regarding association sets, co-authored by Vitalik Buterin, which can be simply described as a "cheat-proof" mechanism for privacy protocols, preventing malicious actors from using privacy protocols for coin mixing while also monitoring suspicious activities.

Privacy Pools is a typical case of a To VB (Vitalik Buterin) entrepreneurial project. The topic of privacy has been an unavoidable subject in the Web3 industry since the inception of Zcash, but the development of zero-knowledge proof (ZKP) technology and support for compliance has finally brought privacy from theoretical discussions to the productization stage.

What is Privacy Pools?

According to the documentation, Privacy Pools achieves private transactions through a combination of ZKP and commitment mechanisms. Users can deposit assets into the privacy pool and later withdraw partially or fully without creating an on-chain relationship between the deposit address and the withdrawal address. The protocol uses Association Set Providers (ASP) to maintain a set of approved deposits, preventing dirty money from entering the system to ensure compliance with regulatory requirements.

It sounds similar to Tornado Cash, and it indeed is quite similar, with the key difference being that Privacy Pools natively implements a compliance mechanism.

After being heavily criticized for providing money laundering tools to hackers, Tornado Cash launched a "compliance tool" that can provide a ZKP when transferring funds from Tornado Cash to an exchange, proving that the funds come from a legitimate compliant address rather than one associated with hackers, but this significantly undermines the level of privacy.

Privacy Pools offers a more superior solution in terms of privacy, namely the aforementioned "association set." An association set is a manually maintained list; when users deposit funds into the Privacy Pool, the protocol adds the deposit information to the "allow list." In the future, withdrawals can be made by proving the relationship with the deposit addresses supported by the protocol through ZKP.

When users deposit into the Privacy Pool, they need to submit a "commitment" via ZKP, promising that the source of the funds is compliant, after which the association set will add the deposit information to the list. For future withdrawals, users can prove the connection between the withdrawal address and a deposit address through ZKP to complete the withdrawal.

The issue here is that the association set may still mistakenly accept illegal funds due to outdated information, and "manual maintenance" plays a role here. After illegal funds enter the pool, the association set can still manually exclude non-compliant addresses from the allow list.

To address such situations, Privacy Pools has designed a "Ragequit" feature, allowing funds to be returned to the original deposit address after being prohibited from withdrawal using other addresses.

Two Ethereum veterans at the helm

0xbow was co-founded by Ameen Soleimani, Nathaniel Fried, and Zak Cole. Although Privacy Pools just launched its mainnet in March this year, the paper on association sets was actually published in September 2023, taking a year and a half from concept validation to actual implementation.

Among the three co-founders, two are "veterans" of the Ethereum ecosystem. CTO Ameen Soleimani led research on state channels at ConsenSys as early as 2016, and after leaving, he participated as a core member in several initiatives aimed at supporting Ethereum public goods, including the non-profit organization MolochDAO, the stablecoin issuer Reflexer Finance, and the DAO IranUnchained, which provides humanitarian aid to Iran.

Zak Cole has an even more extensive background, having served as the chairman of the Enterprise Ethereum Alliance (EEA) in 2018, promoting the application of Ethereum technology in enterprises, and later participating in numerous projects including Whiteblock, Syscoin, DeFi Pulse, Slingshot, and Code4rena.

Nathaniel Fried is relatively less experienced than the other two; before joining 0xbow, he worked at Blacklake, a national security-focused company, and at a UK-based open-source intelligence firm and non-profit organization. Nathaniel Fried's X account description also expresses a strong interest in open-source intelligence.

According to The Block report, prior to this funding round, 0xbow had already received investments from Bankless, Number Group (where Zak Cole serves as co-founder and CEO), Public Works, and founders like Sam Kazemian of Frax and Dan Finlay, who led the development of Metamask.

Ethereum's Kohaku privacy initiative

Vitalik recently showcased the Kohaku privacy tool framework for Ethereum at the Ethereum Developer Conference held in Argentina. We briefly summarized Vitalik's plan in “Vitalik's 'Do No Evil' Roadmap: The New Position of Privacy in Ethereum's Narrative”.

In simple terms, Kohaku aims to package protocols like Privacy Pools and Railgun into composable modules, with plans to expand into network-layer anonymity and zero-knowledge proof-based browsers in the future. In conjunction, the foundation has formed a Privacy Cluster composed of dozens of researchers and engineers and renamed the original Privacy & Scaling Explorations team to "Privacy Stewards of Ethereum," shifting from exploring new technologies to advancing engineering implementations around specific scenarios like privacy voting and anonymous DeFi. The future of Ethereum is moving closer to a combination of "transparent settlement layer + programmable privacy layer," rather than simply oscillating between complete transparency and complete black box.

Kohaku is not a standalone product but aims to be a suite that can be integrated into wallets and other applications. For example, after integrating Kohaku, if Metamask users want to achieve anonymous transfers, they can do so through Privacy Pools in the backend.

For users, 0xbow serves as a privacy tool rather than just a target for airdrop hunting. Especially for users with larger amounts of funds, if their wallet private keys lack security due to frequent copying and other operations, they can safely use this protocol to transfer funds to a new address. However, the protocol also has some underlying logical vulnerabilities: for large holders, if the amount withdrawn is significant, it automatically excludes addresses with smaller deposit amounts from the association.

For example, if there are currently 10 people in the pool, with 9 having deposits less than 1 ETH and 1 person depositing 100 ETH, then if this large holder makes a single deposit exceeding 1 ETH or withdraws too frequently, the association between addresses can be easily tracked. Users are advised to pay attention to the total amount of funds in the pool and the deposit amounts of other users to avoid actions intended to enhance privacy that inadvertently increase evidence for others to understand their activities.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。