Preface

In November 2024, the Fifth Circuit Court ruled that the sanctions imposed by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on the mixing service Tornado Cash violated the International Emergency Economic Powers Act (IEEPA). The Fifth Circuit Court held that the smart contract of Tornado Cash is decentralized, self-operating, and uncontrollable code that cannot be owned, is not property, and should not be included in the OFAC sanctions list, and that OFAC's sanctions exceeded its statutory authority.

Although the Fifth Circuit Court's ruling on the Tornado Cash case is seen as a victory for the crypto industry, the undeniable fact is that North Korean hackers and coin theft criminal organizations are indeed using Tornado Cash for money laundering to evade regulatory enforcement sanctions. So, can we ensure on-chain privacy for crypto users under the premise of legality and compliance in the crypto world? Today, I will share how the mixing protocol Railgun complies with regulations to protect user on-chain privacy.

Operational Model of Railgun Protocol

Railgun is a privacy protocol based on smart contracts that guarantees user on-chain privacy payments through zero-knowledge proofs and Merkle trees. It employs a 'Private Proofs of Innocence' methodology to ensure the safety and compliance of on-chain funds flowing into the protocol, achieving a balance between on-chain privacy payments and regulatory compliance.

Grayscale's parent company DCG Group has currently invested $10 million in the Railgun protocol token RAIL and has donated over $7 million in stablecoins to Railgun DAO, as well as allocated resources through its subsidiary Foundry Labs to ensure the backend resilience of the Railgun protocol.

Operational Mechanism

1. Token Privacy

Users use Railway Wallet to hide the tokens in their 0x address into Railgun's 0zk address, and after one hour, the token balance in the 0zk address can be used for transfers between 0zk addresses and privacy interactions on DeFi, with transfers between 0zk addresses being real-time without waiting. Railway Wallet supports the privacy of ERC20 tokens, ERC-721, and ERC-1155 NFTs.

2. Use Broadcasters to interact with the underlying chain on behalf of protocol users, ensuring transaction privacy.

After token privacy, users perform on-chain interaction operations through Broadcasters in the Railgun protocol. Broadcasters refer to public 0x addresses that replace protocol users to pay gas to the underlying blockchain, completing on-chain interaction operations. Therefore, throughout the entire on-chain interaction, users do not need to spend ETH/MATIC/BNB as GAS.

In theory, any 0x address can serve as a Broadcaster, and users can choose Broadcasters based on gas and availability. Broadcasters do not control the tokens in the user's address; they only relay interaction information and cannot access detailed information such as the sending address, amount, receiving address, and token types, ensuring transaction privacy and security. Broadcasters can earn a total GAS fee of 10%.

3. Lift privacy after completing on-chain interaction.

After users designate Broadcasters to complete privacy transactions on their behalf, they can input any 0x address to initiate the lifting of privacy interaction to withdraw their remaining tokens from the Railgun protocol. In the operations of token privacy and lifting privacy, the Railgun protocol smart contract will charge a fee of 0.25%, which will be sent to the treasury address of Railgun DAO. These protocol earnings will be distributed to protocol governors and stakers.

Railgun uses zero-knowledge proofs to ensure on-chain privacy.

Zero-Knowledge Proof (ZKP) is a cryptographic technique that allows the prover to demonstrate the authenticity of information without revealing details about the source of that information to the verifier. In the Railgun protocol, users can prove they have the right to use tokens without disclosing the types and amounts of tokens, ensuring privacy for the sending and receiving addresses through Broadcasters and liquidity pools.

For example, Railgun users are like senders of letters, ZKP is responsible for verifying the content of the letters, the Railgun protocol's smart contract acts as a sealed envelope, and Broadcasters are the mail carriers. Only the fact that the letter has been sent can be seen on the public blockchain, but they cannot determine the content of the letter or the sender and recipient.

Railgun uses Merkle Tree to prevent double spending and ensure transaction security.

Merkle Tree, also known as a hash tree, is commonly used to verify the integrity of transaction data on-chain. Each block header contains the root hash value of the Merkle tree to verify whether the transaction data in the block has been tampered with. Since the incident of FTX misappropriating user assets, mainstream centralized exchanges have adopted Merkle tree verification to ensure the custody security of user assets and prevent misappropriation.

Once users use the Railgun protocol to mask their address, the tokens will be added to the privacy pool. The token balance in the Railgun protocol's privacy pool is built through a UTXO-like registry similar to BTC, and the entire list of Railgun UTXOs forms a Merkle tree data structure used to verify the balance state during transactions. All tokens within the Railgun protocol share the Merkle tree, and each operation of token privacy updates the state of the Merkle tree, generating a new Merkle root/leaf. This ensures that users have sufficient tokens for sending privacy transactions, preventing double spending and ensuring transaction security.

How Railgun Protocol Achieves Regulatory Compliance

The reason for the sanctions against Tornado Cash is primarily due to its use by the North Korean hacker group Lazarus Group and coin laundering criminal organizations to mix coins and evade tracking investigations by regulatory enforcement agencies like the FBI.

Private Proofs of Innocence

As mentioned when introducing the operational mechanism of the Railgun protocol, there is a one-hour waiting period when users mask their 0x address. During this waiting period, Railgun will conduct on-chain anti-money laundering checks on the tokens in the user's address to ensure that the funds in the user's address do not originate from high-risk crime or sanctioned addresses.

The Railgun protocol's on-chain anti-money laundering does not require users to provide KYC information like centralized exchanges or institutions, thus avoiding the risk of privacy exposure. Instead, it uses on-chain tag data verification. Users can choose the applicable jurisdiction's corresponding verification tag library; for example, U.S. users can select the list of U.S. regulated addresses. During the waiting period, users retain ownership of the tokens and can lift the token's privacy at any time, retrieving the tokens through their original 0x address.

After completing the on-chain anti-money laundering verification of tokens, users will obtain Private Proofs of Innocence. Subsequently, any tokens sent to public blockchain addresses will carry this proof to demonstrate that those tokens have been verified.

Currently, the default on-chain anti-money laundering tag list data for the Railgun protocol consists of a publicly available free library from Chainalysis and publicly available OFAC sanctioned addresses.

Chainalysis is a U.S. blockchain analysis company established in 2014. In May 2022, Chainalysis announced the completion of a $170 million Series F funding round led by GIC, with a valuation reaching $8.6 billion. Chainalysis's anti-money laundering system has become a compliance essential for exchanges, stablecoin issuers, NFT trading platforms, and crypto banks. Chainalysis has also collaborated with U.S. government departments such as the IRS, immigration services, and the FBI.

For the Railgun protocol, when tokens enter the protocol's privacy pool, they undergo anti-money laundering detection using Chainalysis's address tagging library, which is akin to wearing an amulet. Token receiving addresses, transaction addresses, and institutional addresses no longer fear on-chain transfer transactions sourced from the Railgun protocol for violating anti-money laundering regulations, fearing sanctions and penalties for aiding criminal organizations in money laundering.

Cryptocurrency Tax Calculation (Koinly Tax Exports)

The privacy transactions of the Railgun protocol may lead to difficulties for users when calculating their crypto asset tax obligations. Therefore, Railway Wallet supports exporting users' interaction records with the protocol for tax software Koinly to calculate their tax amounts.

Summary and Reflection

In the public blockchain, every on-chain interaction is transparent and traceable. To protect the privacy of on-chain transactions, privacy public chains and mixing protocols like Tornado Cash have emerged, but they also provide opportunities for criminal organizations to transfer illicit funds using virtual currencies. The emergence of the Railgun protocol has achieved a balance between ensuring on-chain privacy and combating cryptocurrency money laundering crimes, allowing on-chain addresses to conduct privacy payments safely and compliantly without violating anti-money laundering regulations.

Ethereum founder Vitalik Buterin's address has conducted privacy transactions worth millions of dollars using the Railgun protocol address for 260 ETH from December last year to May this year. However, this method only means that anti-money laundering verification is conducted before the tokens enter the protocol. What should be done if regulatory agencies discover issues with this transaction after it has passed verification and exited the protocol? After all, criminal techniques often outpace crime prevention measures, and Chainalysis's address tagging library data is always behind the latest addresses used by criminal organizations.

#TornadoCash. #ZEN/USDT #RAIL #RAILGUN #灰度提交Horizen信托文件