Cryptography Expert Calls for Regulatory Reboot, Says ‘Orange Grove’ Laws Don’t Apply to Crypto

CN
bitcoin.com
Follow
5 hours ago

Zero-knowledge proofs (ZKPs) can provide blockchains with privacy without sacrificing regulatory compliance, according to Nanak Nihal Singh Khalsa, co-founder of Holonym. This capability makes ZKPs a valuable tool for governments seeking to combat cybercrime while protecting citizens’ right to privacy.

Khalsa, an expert in applied cryptography, told Bitcoin.com News that while ZKPs have game-changing potential, their adoption is hindered by several factors. One major limitation is computational power, which restricts ZKP use cases to private transactions and compliance. However, solutions requiring more computational power, such as private artificial intelligence (AI), may not be feasible.

Regarding blockchain regulation, Khalsa argues that current securities laws, designed for a different era, are not ideal for policing the space. He asserts that clearer, more specific rules are needed for the crypto and blockchain industry.

In additional comments, Khalsa discussed the importance of white-hat hackers and the lack of standardized ZKP systems and development tools. His full responses are below.

Nanak Nihal Singh Khalsa (NNSK): Zero knowledge proofs are ways of proving something is true, while revealing as little as possible: simply the truth of the statement and nothing more. For a simple example, say to be eligible for a financial service you want to prove you are a non-US citizen without revealing your identity. Or you want to be a whistleblower so you prove you are an employee of a company without revealing who you are. These are examples of zero-knowledge proofs – you prove only the statement is true, without revealing any more than the statement.

In blockchain they are important because everything is generally public. All transactions are broadcasted to the whole world, so everyone can see what everyone does on a blockchain – whether it’s making payments, collecting NFTs, storing money in DeFi pools – any activity you do, not just financial, can be observed. Zero knowledge gives privacy to blockchains.

Compliance is a growing concern for decentralized technology, and zero knowledge provides a way of adding privacy without sacrificing the ability to comply with international regulations. Criminals can do money laundering slightly more easily with privacy enhancing technologies, so governments want to either ban privacy or ensure they can keep an eye on criminal activity. Most western governments have chosen the latter, showing some concern of privacy but putting national security before it. Zero knowledge says “hey, we don’t need to fight. You can give privacy to all everyday citizens while still having the ability to track a few bad actors.” This can happen through technologies like Holonym’s proof of clean hands or 0xbow’s privacy pools, where ordinary people have privacy but criminals can still be detected.

NNSK: One of the biggest challenges is with compliance – it’s one of the best use cases of ZK, where ZK can preserve the digital right to privacy. But it’s an incredibly risk-averse industry so new technologies such as ZK are scary. It seems like magic to many people and is hard to properly diligence as a solution unless you understand cryptography, which most people do not.

Another challenge for ZK to reach mainstream is computational power. Currently, only a small set of possible use cases of ZK are practical, like private transactions and compliance. Others, such as private AI are far more difficult to render practical since they require much computational power. ZK and consumer devices are rapidly becoming more performant, so we will likely see more use cases…

NNSK: We need both theoretical and practical improvements to increase the adoption of ZKPs. Theoretical improvements typically come first, showing that ZK can be made far more efficient than before and prove new types of things practically. These come in the form of academic papers, and are either published in journals or informally circulated. These are intellectual feats, and without them we would have no practical use cases. Yet even though they often come with an implementation, this is generally a demo to measure performance rather than a marketable product. But sometimes, companies will then turn these papers into products. In order to do so, you need to actually understand the paper well enough to implement it, so this is still out of reach of developers. Only after some kind person or company creates a library such as Noir or Circom or Keelung can regular developers start implementing zero-knowledge proofs. But even then, it won’t be easy.

NNSK: Collaboration is generally best for the industry. And fortunately, most ZK researchers care about collaboration. Most successful ZK projects tend toward open-source. It’s also self-intersted: collaborative and open-source projects attract high-quality community members, researchers, and brand image for highly technical audiences.

NNSK: Your digital rights are being violated. You give your identity and other sensitive data to dozens of sites. Some get hacked. You give your assets to financial institutions. Some go under. It’s not that you want to give up your most valuable items online. It’s that you have to. Human keys enable you to have digital rights. The right to sovereignty, both for finances and identities, lets you have all the benefits of the digital world without risking your assets and identities. This is the vision of human tech and it’s powered by human keys: keys that are only owned by you. Human keys are generated by what you are, what you have, and what you know. This way, your keys are known and recoverable only to you, and you can store funds and identities in them, keeping the right to privacy and security.

NNSK: Our securities laws are from nearly a century ago. And they’re about orange groves. How do they apply to magic internet money secured by math? Nobody knows. So there’s a consensus that we need better securities laws that give clarity to our industry on what is and is not OK. Contrary to popular opinion, most of the crypto industry wants regulation – what we don’t want is unclear regulation from the early 1900s about oranges.

Money laundering rules are also tricky – while the spirit of catching crime is certainly feasible, the implementation details they require aren’t always possible with decentralized technology. We need ways to catch crime without breaking these new systems and introducing centralized chokepoints, and we need to do so without violating the right to privacy, a core value of web3.

NNSK: It is possible to have standardized ZKP systems but not today. ZK is improving so extremely quickly that once you make a new standard, something 10x more efficient comes out within a year. So now, we have libraries as front ends. These libraries, such as Circom or Noir or Keelung make it so that you can easily use ZK proving systems to develop applications. But it’s still not easy – you still have to learn about ZK to use them. Libraries are generally built around new proving systems that don’t have existing tooling, or for a company who is heavily invested in a proving system. This is the best we have in a rapidly evolving landscape too fast-paced to effectively standardize.

NNSK: It’s unfortunate that hackers at a whitehat hacking company were involved in a blatantly unethical attack. Whether this was whitehat was not heavily contested amongst security researchers at all; there is consensus among whitehats that this is not how to conduct whitehat research. It’s only the fact Certik is a multi-billion dollar company and has an …. Interesting … reputation that makes this story so shocking and amusing. By anyone else it would be considered clearly blackhat.

NNSK: It has not shaped the public opinion enough. People still use Certik and hold it as a household name in the crypto industry, widely recognized as reputable despite years of critiques from security research. It shows the asymmetry in auditing perception: companies that get their brand name everywhere must scale, and scaling requires hiring less senior or, in this case, less ethical security researchers. So the reputation increases yet the quality decreases. We also tend to assume security is based on the number of audits, yet equally important is the security model and quality of audits. It would be sad if the takeaway is that all whitehat hackers are unethical, rather than looking at the industry with a critical eye to which whitehats are really legitimate. Whitehat hackers have saved countless users’ savings from criminals and from North Korea.

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To

Related Articles

avatar
avatarbitcoin.com
1 hour ago
Trump’s Tariffs, Sanctions to Speed up De-Dollarization, Economist Says
avatar
avatarbitcoin.com
1 hour ago
Hacked? Donald Trump Launches Memecoin Days Before Inauguration
avatar
avatarbitcoin.com
2 hours ago
Oklahoma Lawmaker Proposes Bitcoin Reserve Act to Protect State Finances
avatar
avatarbitcoin.com
4 hours ago
Russia and Iran Unite to Completely Replace SWIFT With Alternative Payment System
APP

X

Telegram

Facebook

Reddit

CopyLink