Privacy-Enhancing Technologies in the Crypto Industry

Innovation with PETs has created opportunities to provide user protection within the cryptoasset industry while retaining anti-financial crime compliance measures. Due to the continued growth of the industry, there is a need to assess the current state of this technology and identify solutions that support consumers’ privacy needs without stagnating investigations.

For the purpose of the roundtable and this respective report, PETs are defined as methods ‘that allow for information to be collected, processed, analysed and shared while protecting data confidentiality and privacy’. A primary focus of the discussions was on technology that integrates zero-knowledge (ZK) proofs, a solution that enables the verification of mathematical statements without revealing the underlying data that supported the analysis for confirmation. Other methods are detailed later in the second section of this report.

To analyse how to balance privacy and compliance, the following problem statements were considered at the roundtable:

1. What is the appetite for privacy among lawful crypto users? Is there mainstream appetite for the same types of privacy present within the traditional finance sector (rather than total anonymity), or is the appetite even stronger?
2. How are compliance checks built into the financial system/platforms when using privacy protecting technologies? What are the barriers to using this technology?
3. How could infrastructure be designed to allow for enhanced privacy within the crypto ecosystem while limiting financial crime?
4. What would need to happen to implement infrastructure that allows for enhanced privacy while limiting financial crime? What represents each stage of the process for implementation and what challenges may occur (for example, technical barriers and regulatory barriers)?

This paper is structured to align to these four overarching problem statements, starting with an initial overview of the current appetite for privacy. Next, technology is detailed which integrates compliance checks and subsequently limits financial crime, with a focus on solutions highlighted in the conference. After providing an overview of the technology, the paper sets out persisting challenges that create a disadvantage for law enforcement and regulators, and solutions that can support authorities with overcoming these barriers.

Methodology

Participants at the roundtable included representatives from 20 private sector companies, six law enforcement agencies, six financial institutions, seven public sector agencies and seven companies that develop PETs. Unless otherwise indicated, statements in this report reflect points raised during the discussions. None of the statements are attributable to any specific individual or organisation.

Importance of Privacy

Participants had differing perspectives on the origin of increased user demand for privacy. One view is that users are not necessarily interested in personal privacy but want to know that their funds are secure. A private sector representative agreed with this statement, noting that users are willing to sacrifice privacy when overall user satisfaction is enhanced, but prefer systems with enough confidentiality to limit attacks on their cryptoassets. This outlook may stem from illicit actors monitoring funds tied to the addresses of cryptoassets, and targeting the individual(s) believed to be attributed to the address via hacks to siphon the funds.

Further, with the renewed interest in AI, companies are focused on data mining and surveillance to feed information into third-party software solutions. The cryptoasset industry, due to a degree of transparency in the largest deployed networks, offers opportunities for companies to harvest a substantial amount of data on transferred amounts, time stamps and the frequency of transactions. Although companies can benefit from this public information, crypto users want to enhance privacy to ensure that their data will not be collected for unscrupulous reasons, including for common commercial exploitation, and to remain in control of what financial information they reveal to each party.

The need for privacy also stems from multiple reports of high-net-worth individuals being targeted and kidnapped. Private sector participants stated that these kidnappings are due to the level of transactional transparency on prominent blockchains. As noted previously, with such a feature, nefarious individuals can monitor transactions and target individuals believed to be attributed to a certain cryptoassets address. Notably, this view was not uniformly accepted. Some participants argued that these individuals are targeted due to their social media presence rather than illicit actors monitoring transaction amounts.

Another factor that increases the need for privacy is that some crypto companies pay some employees in cryptoassets. Privacy is key for this procedure, as they do not want employees to know the salary of their colleagues. This problem also applies to business operations of competing companies. Within the industry, a competitor could identify the business practices of a crypto company by monitoring transaction flows and use it to its advantage. Similarly, as cryptoassets further integrate into international trade, companies will not want their competitors to know their operations, especially who and how much they are paying providers. Therefore, these companies will most likely use services that offer PETs to limit transparency. This aspect is tied to the growing use of stablecoins for payment use-cases, with large multinational companies deploying and adopting stablecoins as a replacement for existing payment and settlement infrastructure.

Finally, privacy is essential for users who are exposed to increased oversight by an authoritarian state or organised crime groups. With privacy, individuals and entities can reduce the risk that they will be prosecuted for a crime based on unreasonable suspicion, or that their operations will be tracked for malicious purposes.

Overall, participants believed that PET integration into business operations will continue to grow. In particular, ZK proofs will be more widely integrated into business practices to enhance user privacy by the end of 2026, reaching beyond the crypto industry to traditional finance. The growth of PETs, therefore, needs to be coupled with anti-financial crime compliance measures.

Privacy-Enhancing Technology

Privacy-enhancing protocols remove the visible link between deposits and withdrawals. This ultimately disrupts the current practice of authorities relying on transaction-screening tools to investigate cases that integrate cryptoassets. In some cases, the protocols remove unconditional access to all transactional information, disrupting current practices of open monitoring using current analysis tools. Due to this challenge, authorities often perceive that such technology is incapable of integrating compliance measures. However, innovation has led to alternative options for compliance as it relates to PETs. This section lists the solutions identified in the workshop that combine compliance with privacy.

ZK Passports

Where compliance requires the full identification of the transaction parties, ZK Passports can be an opportunity to balance compliance with privacy. Importantly, this technology can theoretically combat the current uptake in the use of generative AI to develop false identification documents while allowing for privacy.