Privacy Pools is both a theoretical framework and an implemented protocol that addresses the fundamental tension between transaction privacy and regulatory compliance in blockchain systems. Proposed in a September 2023 paper co-authored by Vitalik Buterin, Jacob Illum, Matthias Nadler, Fabian Schar, and Arnold Milchior, Privacy Pools introduces the concept of association sets — subsets of deposits that users can prove membership in (or exclusion from) without revealing which specific deposit they’re spending. The core insight: a user can generate a ZK proof that “my withdrawal comes from this set of deposits, none of which are from sanctioned/criminal sources” without revealing which specific deposit is theirs. This allows privacy (the specific withdrawal-deposit link remains hidden) while providing a compliance signal (the depositor is demonstrably not from the OFAC blocklist). The paper directly responded to Tornado Cash’s OFAC sanctions — arguing that a well-designed privacy protocol can separate legitimate privacy from criminal use via ZK cryptography, not by removing privacy. An implementation called privacy-pools.com was deployed in late 2023.
The Core Innovation: Association Sets
Standard Tornado Cash:
- Every deposit is anonymous
- Withdrawer proves they have a valid deposit but reveals nothing else
- Compliance departments can’t distinguish legitimate and criminal deposits
- Result: anyone using the tool is suspected of illicit activity
Privacy Pools:
- Same ZK deposit/withdrawal mechanism
- Additionally: prove membership in a specific association set
- Association sets are curated lists of “clean” deposits (e.g., verified exchange withdrawals)
- User proves: “my deposit is in this clean set” → compliance signal without deanonymizing
How Association Sets Work
Association set construction:
- Blockchain analytics providers or community DAOs curate lists of “known good” deposits
- Examples: “all deposits from Coinbase withdrawal addresses” or “all deposits not from OFAC-listed addresses”
- These sets are published as Merkle trees
User’s proof:
- Generates standard withdrawal nullifier proof (Merkle membership in all-deposits tree)
- Additionally generates: membership proof in “clean set” Merkle tree
- Combined proof: “I have a valid deposit AND my deposit is in the clean set”
- Verifier learns: depositor is in the clean set; nothing about which deposit specifically
Protocol Architecture
“`
All Deposits Tree (Merkle)
├── Deposit₁ (exchange withdrawal)
├── Deposit₂ (direct wallet)
├── Deposit₃ (sanctioned address ← excluded from clean set)
└── Deposit₄ (exchange withdrawal)
Clean Association Set (subset Merkle):
├── Deposit₁
├── Deposit₂
└── Deposit₄ (Deposit₃ excluded by curator)
User’s proof:
“I am in All Deposits AND I am in Clean Set” → private + compliant
“`
Comparison to Tornado Cash
| Feature | Tornado Cash | Privacy Pools |
|---|---|---|
| Base privacy | ✅ | ✅ |
| Fixed denominations | ✅ | Optional |
| Compliance signal | ❌ | ✅ (optional) |
| OFAC blocklist | ❌ | ZK exclusion proof |
| Regulatory risk | High (OFAC sanctioned) | Moderate |
Related Terms
Sources
- “Blockchain Privacy and Regulatory Compliance: Towards a Practical Equilibrium” — Buterin, Illum, Nadler, Schar, Milchior (2023). The original Privacy Pools paper — formally defining the association set construction, proving privacy properties, and demonstrating how ZK membership proofs in curated subsets enable compliance signals without deanonymization.
- “Tornado Cash: Technical Architecture and Cryptographic Design” — Pertsev, Semenov, Storm / Independent (2019). Original Tornado Cash whitepaper — describing the fixed-denomination ZK mixer architecture, nullifier/commitment scheme, and Groth16-based withdrawal proof that Tornado Cash popularized and Privacy Pools builds upon.
- “OFAC Sanctions and Open-Source Privacy Protocols: Legal Analysis” — Coin Center / Coincenter.org (2022). Legal analysis examining whether OFAC’s sanctions of Tornado Cash smart contracts are constitutional — and what legal framework should govern open-source privacy-preserving code.
- “Privacy Pools Implementation: From Paper to Protocol” — 0xbow.io / Privacy Pools Community (2023). Documentation of the deployed privacy-pools.com implementation — covering the smart contract architecture, association set management, circuit design, and deployment decisions.
- “Transaction Privacy and Financial Surveillance: The Policy Debate” — Brookings Institution / Coincenter Analysis (2023). Policy analysis examining the legitimate policy arguments for and against blockchain transaction privacy — covering FATF Travel Rule implications, financial surveillance effectiveness, and whether ZK privacy tools undermine AML regimes.