▲▲▲

Paralelní Polis is a one-­of-­a-­kind nonprofit organization that brings together art, social sciences, and modern technologies. The ideas of liberty, independence, and innovative thinking and development of society are the main underlying foundations the whole project is built upon.

The project intends to remain state-free as it operates entirely without support from the government, and most of the funds come from voluntary contributions of our donors and partly from commercial activities such as running a unique co­working space and the world’s first bitcoin-­only cafe.

It was founded by members of a contemporary-­art group Ztohoven, and Slovak and Czech hacker­spaces. Its main goal is to promote economic, social, and digital freedom. We try to be a vocal voice of freedom in order to shape the public discourse, and ultimately work towards a freer future.

Welcome to my speech on privacy in Web3, why should you care and how do we improve privacy protocols to prevent hackers and criminals.

First a bit about me, Hard to tell there, but my name's Daniel Lumi.

I'm a Web3 consultant and researcher specializing in L2, ZK, privacy, and DAOs.

So today we'll be talking about why should you protect

How do we improve privacy protocols to prevent hackers, and what steps can you take to protect your privacy?

And this is the most common thing that I hear honestly for privacy, is if I didn't do anything wrong, then why should I care?

And I like what Edward Snowden said about this that essentially arguing that

you don't care about privacy because you have nothing to hide is no different than saying you don't care about speech because you have nothing to say, right?

And here's examples of where you would want privacy.

Maybe you buy something like a Playboy or a very stupid JPEG.

Maybe you don't want your employer to know that because it might not be a

great signal about your professional capabilities, right?

you buy something very stupid like Solana.

Or like you donate to a polarizing cause or charity, right?

So the example of this is I gave money to Ukraine Dow, right?

I did it actually purposely in public, because fuck you.

I don't think I can ever go back to Russia.

And now I'm, what is it considered, a war criminal or something, right?

Or maybe you support abortions or you want to free Edward Snowden, right?

These are actually things that some governments might determine you as a risk.

Someone has your account information, now they see every single transaction you have, where you are, what you're doing, that's a bad situation to be in.

Should they have your entire financial history because you bought some gas or a Snickers bar and Like the the general question is like would you give your bank statement to every single person you ever met?

Just because you wanted to join a party or bought something.

It's not something we would actually do, but this is actually how blockchains work right now.

if crypto at some point achieves mainstream, which, right, every single bank, every single institution, Facebook, everyone can farm your data.

And they can target you a lot more specifically than just what things you're clicking like on, right?

It's not a situation we actually want to be in.

Because I think that's the number 1 concern that people have for privacy protocols.

I don't want to help hackers or criminals.

I just want to retain my personal right to privacy.

Like, if we actually made payments private, how do we continue tracking terrorists, for example?

And first of all, I don't support hacking.

But honestly, the sort of Philosophical argument that we have for this is throughout human history, money was always private.

Nobody tracked you at all for anything, right?

It wasn't until the 60s that we started actually tracking financial information, right?

So my argument is if we restore privacy in cash, we're just going to

We just remove this data extraction paradigm that we've been in in the last like 60 years, right?

And a lot of things are reliant on privacy.

The internet today, everything is encrypted, right?

And that's a good thing, because if you make payments over the internet, if you search something random, you can't be tracked, and you can't have your bank account stolen from.

And the way that we do this in the current world is you don't regulate the transport layer.

You don't regulate HTTPS and be like, oh you're transmitting data and money, like you get to the, like you regulate the banks, the front ends, and like eBay, you make sure that someone's not listing crack on eBay, right?

We don't need to regulate it at the privacy protocol level.

We can regulate it on off-ramps, on-ramps, you know?

And so here's actual examples we can improve privacy protocols to prevent hackers.

So essentially this is called proof of exclusion of membership.

Essentially you can have a list of OFAC individuals or known hackers, known criminals, and before you deposit into the privacy protocol and after you deposit, you essentially make a proof and you show that your address is not 1 of the addresses on this list, right?

And that benefits us because privacy protocols inherit security by how long you keep your money there.

So it gives time for organizations to track down the wormhole hacker, for example, before they move their funds.

Maybe your bank or your government attests to the fact that this is a real person, they pay their taxes, they have X amount of money, and then you can use tornado cash if you're on this list.

Another thing that is already true in most privacy protocols is you have this thing called a viewing key.

Your data is encrypted, your transactions are encrypted, but if you want to show this transaction list for like you're being audited, or they have a warrant for your arrest.

then the IRS can actually make sure you pay your taxes on it.

We can also do daily deposit limits, and this greatly limits how much money can be put through.

Like you or me, we're not gonna send, well maybe some of you, tens of millions, hundreds of millions, right?

So we can institute deposit limits both on a per-account basis as well as a total protocol basis.

So if Wormhole gets hacked for 300 million, you can only push X million through this protocol in 1 day.

And then it takes them a very long time to push money through and

it gives devs time to essentially block their accounts again with proof of exclusion of membership or something.

There is something called a travel rule as well.

In the US and Europe, if you send over X amount of money, the bank needs to collect those transactions and report them, right?

It's trivially easy to make it so if I send over 10k it's not private anymore, that data doesn't get encrypted, it becomes public.

But if I send under 10k a day, it stays private, right?

And 10k sounds like a lot, but honestly, like the amount of money that people are laundering or criminals are trying to get through is tiny.

It would take you hundreds of days to move 1 million, right?

And again, gives you time to institute like lists.

Here's some random, just completely random other examples of how privacy could actually help blockchains besides just like you believing in your own privacy right?

We could fully eliminate MEV and all censorship if we did something called threshold encrypted transactions right we talk about MEV it's a huge issue easy like like there's like the reality is this is actually not that hard to do, right?

You have the same validators you have on Ethereum and essentially if a certain threshold of them don't collude, you have fully private transactions.

They get inserted at block N, and then they only get revealed N plus

So at that point, the transaction's already there, they can't front run you, they can't sandwich you.

Osmosis is working on that Also, there's some ETH proposals for that as well, like ETH research proposals.

Vitalik has been talking about this idea of

to your friends, you don't want to burn your main accounts because those cost a lot, right?

So you could actually hold an NFT, no 1 would know who actually belongs to you, just have it in a private account.

We could actually have private accounts directly on ETH L1.

a slide, there's another new concept of how to do private accounts directly on L1 or L2.

You've probably heard of account abstraction, right?

The idea is that you don't actually know who's signing the account's abstracted wallet, right?

You see the address there, but you don't know who the signer is, right?

So if you combine that with a dark pool, like essentially this sort of contract that sends out money in batches, you don't know whose wallet is whose wallet, right?

So it just becomes harder to track you, right?

And this way we could interact directly with L1, with L2, without actually even having like a layer 2 system.

Here's steps that you can take to protect your privacy or just considerations for privacy protocols.

So You might be able to use a centralized exchange like that might actually help hide your assets a bit at least from your friends or Colleagues of course coinbase or whoever is gonna know where it's going, but it's a good step The problem is most exchanges don't shuffle addresses right like crackin for example do not deposit there from 2 addresses.

Some other exchanges like Coinbase at 1 point at least shuffled all their deposit and withdraw addresses.

So that's a good first step to take to just try to segregate your funds a bit.

And the better answer for what you can do is a privacy protocol.

Whether it's a layer 2 privacy protocol, it's an account abstracted dark pool, right?

And essentially a privacy protocol just lets you send funds without actually showing who it's going to

It depends a little bit on how they configure it, right?

And essentially in a ZK privacy protocol, you generate the proof locally on your computer that you're not double spending, that you have enough money to spend, and then the networks on the nodes on the network just verify that.

They don't actually execute the transaction for you.

And Currently there are some other methods to do it like fully homomorphic encryption or Intel SGX or MPC for privacy protocols.

Right now ZK is the best and in the future maybe fully homomorphic encryption with ZK will be the best.

And tracking in a privacy protocol is really just a game of mathematical probability, right?

So you are relying on this privacy or anonymity set, right?

So If you're sending idiosyncratic amounts like

in and then you send it somewhere else, it's pretty obvious who you are.

And typically, this example of tornado caches, anonymity set before they actually like got sanctioned for whatever reason.

So if you send 1 ETH or less than 1 ETH, you're protected by this whole privacy set, right?

It just becomes harder to figure out who exactly owns the 0.1 ETH.

Because this is actually how we figured out who the Ronin hacker was, North Korea by the way, was they were really dumb about it.

They sent 300 million to, I think it was 300 million at once, the whole hack was 600 million to Tornado Cash And then

they withdrew it a couple of hours later.

It's like, OK, well, there aren't many people that have $300 million.

The longer you wait, a few days, weeks, months, the more you get mixed into this anonymity set.

The more likely it could be someone else's too.

Any privacy protocol that supports inter-transfers, like for example, Aztec Connect back in the day, would let you do essentially swaps through L1 and then it deposits it back into L2.

So the more swaps you have, the more like lending inside the protocol, you have the more shuffles

Normally I would say to try Aztec Connect.

It's by far my favorite of the privacy protocols.

It's coming out sometime next year, so that's a good option in the future.

Right now here's some other privacy protocols.

I'm not vouching for any of these, by the way.

I'm just saying, like, if you're on ETH, preferably you'd have an L2, but there aren't many L2s.

There is Railgun, but again, I'm not even vouching for them I don't know how legit that is You could use secret network.

You could use polygon might in in the future Zcash, but good luck doing safe cross-chain bridging.

able to scan that QR though, so just go on my Twitter you'll find it.

There's also the issue of when we don't use L2 and we have funds on Ethereum there's a lot of security risks of moving funds to other chains.

The next generation of safer bridges and how they all fucking suck.

I'd like to go back to crypto advocacy because honestly if you believe in privacy, if you believe in some of these rights, nobody's gonna do it for us.

It's not like Joe Biden's gonna sit there being like, yeah, yeah, privacy, that's a good thing.

Coin Center, Blockchain Association, and they'll fight on your behalf.

Thanks for caring about privacy, not just for you but for everyone in the world.

Also Tadeo has a lot of shirts that he needs to give out that he can't get out.

They're a bit plasticky, but they look cool, so

You talked a lot about privacy of payments, what about privacy

Do you mind repeating the question so the audience hears it?

You talked a lot about privacy of payments.

Yeah, privacy of data in the blockchain setting means privacy of payments, right?

I strongly believe, like, there isn't much data you're storing on

a blockchain that's not directly related to finances, right?

And if you want true privacy of your data I recommend not uploading it to a cloud including a blockchain.

It's just waiting to be like extracted from there.

Of course I'm a huge advocate of privacy for data.

You can have in the future something like secret networks working on a fully homomorphic encryption protocol.

And essentially, well I won't go into explaining FHE right now, but the

blockchain applications right now are fairly limited for data storage.


Speaker 0: Welcome to my speech on privacy in Web3, why should you care and how do we improve privacy protocols to prevent hackers and criminals. First a bit about me, Hard to tell there, but my name's Daniel Lumi.

Speaker 1: I'm a Web3 consultant and researcher specializing in L2, ZK, privacy, and DAOs.

Speaker 0: So today we'll be talking about why should you protect

Speaker 1: your privacy. It's cutting off a bit. How do we improve privacy protocols to prevent hackers, and what steps can you take to protect your privacy?

Speaker 2: So why privacy? And this is the most common thing that I hear honestly for privacy, is if I didn't do anything wrong, then why should I care? It's fine. And I like what Edward Snowden said about this that essentially arguing that

Speaker 1: you don't care about privacy because you have nothing to hide is no different than saying you don't care about speech because you have nothing to say, right? And here's examples of where you would want privacy. So let's say you get paid in crypto. Maybe you buy something like a Playboy or a very stupid JPEG. Maybe you don't want your employer to know that because it might not be a

Speaker 2: great signal about your professional capabilities, right? Or maybe

Speaker 1: you buy something very stupid like Solana. I mean ass rocket

Speaker 0: 69.

Speaker 1: That's not

Speaker 2: a great signal either, right?

Speaker 1: Or like you donate to a polarizing cause or charity, right? So the example of this is I gave money to Ukraine Dow, right?

Speaker 2: I did it actually purposely in public, because fuck you. I don't think I can ever go back to Russia. It's pretty obvious. And now I'm, what is it considered, a war criminal or something, right? Or maybe you support abortions or you want to free Edward Snowden, right?

Speaker 1: These are actually things that some governments might determine you as a risk.

Speaker 2: Being abused or harassed, right? Someone has your account information, now they see every single transaction you have, where you are, what you're doing, that's a bad situation to be in.

Speaker 1: Right? Or you pay or use something,

Speaker 2: you go to a gas station,

Speaker 1: Should they have your entire financial history because you bought some gas or a Snickers bar and Like the the general question is like would you give your bank statement to every single person you ever met? Just because you wanted to join a party or bought something. Like it's, it just seems dystopian. It's not something we would actually do, but this is actually how blockchains work right now.

Speaker 0: And the point is,

Speaker 1: if crypto at some point achieves mainstream, which, right, every single bank, every single institution, Facebook, everyone can farm your data. And they can target you a lot more specifically than just what things you're clicking like on, right? It's not a situation we actually want to be in. So how do we improve privacy protocols? Helping hackers or criminals.

Speaker 2: Because I think that's the number 1 concern that people have for privacy protocols. It's true for me too. I don't want to help hackers or criminals. I just want to retain my personal right to privacy. And

Speaker 1: yeah, that's part of it. Like, if we actually made payments private, how do we continue tracking terrorists, for example? And first of all, I don't support hacking. Don't do hacking. Not a good thing.

Don't do crimes. Be good, guys. But honestly, the sort of Philosophical argument that we have for this is throughout human history, money was always private. Nobody tracked you at all for anything, right? It wasn't until the 60s that we started actually tracking financial information, right?

So my argument is if we restore privacy in cash, we're just going to

Speaker 2: the old paradigm. We just remove this data extraction paradigm that we've been in in the last like 60 years, right?

Speaker 1: And a lot of things are reliant on privacy. The internet today, everything is encrypted, right? And that's a good thing, because if you make payments over the internet, if you search something random, you can't be tracked, and you can't have your bank account stolen from. And the way that we do this in the current world is you don't regulate the transport layer. You don't regulate HTTPS and be like, oh you're transmitting data and money, like you get to the, like you regulate the banks, the front ends, and like eBay, you make sure that someone's not listing crack on eBay, right?

We don't need to regulate it at the privacy protocol level. We can regulate it on off-ramps, on-ramps, you know? And so here's actual examples we can improve privacy protocols to prevent hackers. So essentially this is called proof of exclusion of membership. Essentially you can have a list of OFAC individuals or known hackers, known criminals, and before you deposit into the privacy protocol and after you deposit, you essentially make a proof and you show that your address is not 1 of the addresses on this list, right?

And that benefits us because privacy protocols inherit security by how long you keep your money there. So it gives time for organizations to track down the wormhole hacker, for example, before they move their funds. Another 1 is the opposite of membership. Maybe your bank or your government attests to the fact that this is a real person, they pay their taxes, they have X amount of money, and then you can use tornado cash if you're on this list. Another thing that is already true in most privacy protocols is you have this thing called a viewing key.

Your data is encrypted, your transactions are encrypted, but if you want to show this transaction list for like you're being audited, or they have a warrant for your arrest. You can give the actual viewing key, and

Speaker 2: then the IRS can actually make sure you pay your taxes on it.

Speaker 1: We can also do daily deposit limits, and this greatly limits how much money can be put through. Like you or me, we're not gonna send, well maybe some of you, tens of millions, hundreds of millions, right? Someone else might, right? So we can institute deposit limits both on a per-account basis as well as a total protocol basis. So if Wormhole gets hacked for 300 million, you can only push X million through this protocol in 1 day.

And then it takes them a very long time to push money through and

Speaker 2: it gives devs time to essentially block their accounts again with proof of exclusion of membership or something.

Speaker 1: There is something called a travel rule as well. In the US and Europe, if you send over X amount of money, the bank needs to collect those transactions and report them, right? So in the US that limit is 10, 000. It's trivially easy to make it so if I send over 10k it's not private anymore, that data doesn't get encrypted, it becomes public. But if I send under 10k a day, it stays private, right?

And 10k sounds like a lot, but honestly, like the amount of money that people are laundering or criminals are trying to get through is tiny. It would take you hundreds of days to move 1 million, right? And again, gives you time to institute like lists.

Speaker 2: Here's some random, just completely random other examples of how privacy could actually help blockchains besides just like you believing in your own privacy right?

Speaker 1: We could fully eliminate MEV and all censorship if we did something called threshold encrypted transactions right we talk about MEV it's a huge issue easy like like there's like the reality is this is actually not that hard to do, right? You have the same validators you have on Ethereum and essentially if a certain threshold of them don't collude, you have fully private transactions. They get inserted at block N, and then they only get revealed N plus

Speaker 0: 1.

Speaker 1: So at that point, the transaction's already there, they can't front run you, they can't sandwich you. Osmosis is working on that Also, there's some ETH proposals for that as well, like ETH research proposals. Vitalik has been talking about this idea of

Speaker 2: private NFTs. So maybe you buy

Speaker 1: a monkey picture and you want to show it

Speaker 2: to your friends, you don't want to burn your main accounts because those cost a lot, right? So you could actually hold an NFT, no 1 would know who actually belongs to you, just have it in a private account. You can do the same with tokens. We could actually have private accounts directly on ETH L1.

Speaker 0: Actually, another thing that

Speaker 2: I didn't have time to put into

Speaker 1: a slide, there's another new concept of how to do private accounts directly on L1 or L2. You've probably heard of account abstraction, right? The idea is that you don't actually know who's signing the account's abstracted wallet, right? You see the address there, but you don't know who the signer is, right? So if you combine that with a dark pool, like essentially this sort of contract that sends out money in batches, you don't know whose wallet is whose wallet, right?

So it just becomes harder to track you, right? And this way we could interact directly with L1, with L2, without actually even having like a layer 2 system. Here's steps that you can take to protect your privacy or just considerations for privacy protocols. So You might be able to use a centralized exchange like that might actually help hide your assets a bit at least from your friends or Colleagues of course coinbase or whoever is gonna know where it's going, but it's a good step The problem is most exchanges don't shuffle addresses right like crackin for example do not deposit there from 2 addresses. You're trying to keep hidden.

They freeze the address. Some other exchanges like Coinbase at 1 point at least shuffled all their deposit and withdraw addresses. So that's a good first step to take to just try to segregate your funds a bit. And the better answer for what you can do is a privacy protocol. Whether it's a layer 2 privacy protocol, it's an account abstracted dark pool, right?

And essentially a privacy protocol just lets you send funds without actually showing who it's going to

Speaker 2: or what amount you're sending. It depends a little bit on how they configure it, right?

Speaker 1: And essentially in a ZK privacy protocol, you generate the proof locally on your computer that you're not double spending, that you have enough money to spend, and then the networks on the nodes on the network just verify that. They don't actually execute the transaction for you. And Currently there are some other methods to do it like fully homomorphic encryption or Intel SGX or MPC for privacy protocols. Right now ZK is the best and in the future maybe fully homomorphic encryption with ZK will be the best. And tracking in a privacy protocol is really just a game of mathematical probability, right?

So you are relying on this privacy or anonymity set, right? So If you're sending idiosyncratic amounts like

Speaker 0: 0.01, 3, 2, 4, 5, 6

Speaker 1: in and then you send it somewhere else, it's pretty obvious who you are. So you should deposit in amounts of

Speaker 0: 0.1, 1, 10.

Speaker 1: And typically, this example of tornado caches, anonymity set before they actually like got sanctioned for whatever reason. So 1 ETH was the most common. So if you send 1 ETH or less than 1 ETH, you're protected by this whole privacy set, right? It just becomes harder to figure out who exactly owns the 0.1 ETH. And again, deposit time matters, right?

Because this is actually how we figured out who the Ronin hacker was, North Korea by the way, was they were really dumb about it. They sent 300 million to, I think it was 300 million at once, the whole hack was 600 million to Tornado Cash And then

Speaker 2: they withdrew it a couple of hours later. It's like, OK, well, there aren't many people that have $300 million. So that guy.

Speaker 1: The longer you wait, a few days, weeks, months, the more you get mixed into this anonymity set. The more likely it could be someone else's too. Any privacy protocol that supports inter-transfers, like for example, Aztec Connect back in the day, would let you do essentially swaps through L1 and then it deposits it back into L2. So the more swaps you have, the more like lending inside the protocol, you have the more shuffles

Speaker 2: who it could possibly be.

Speaker 1: Normally I would say to try Aztec Connect. It's by far my favorite of the privacy protocols. The problem is they

Speaker 2: turned it off, right? They're working on Aztec 3.0. It's actually super exciting. It's a public-private blockchain. It's coming out sometime next year, so that's a good option in the future.

Right now here's some other privacy protocols. I'm not vouching for any of these, by the way. I'm just saying, like, if you're on ETH, preferably you'd have an L2, but there aren't many L2s. There is Railgun, but again, I'm not even vouching for them I don't know how legit that is You could use secret network. You could use polygon might in in the future Zcash, but good luck doing safe cross-chain bridging.

Speaker 1: I do have a whole speech on ZK101. We talked a

Speaker 2: lot about ZK today. Actually I

Speaker 1: did the speech earlier today. You can watch it here. You're probably not going to be

Speaker 2: able to scan that QR though, so just go on my Twitter you'll find it.

Speaker 1: There's also the issue of when we don't use L2 and we have funds on Ethereum there's a lot of security risks of moving funds to other chains.

Speaker 2: So I have a...

Speaker 1: The next generation of safer bridges and how they all fucking suck. I'd like to go back to crypto advocacy because honestly if you believe in privacy, if you believe in some of these rights, nobody's gonna do it for us. It's not like Joe Biden's gonna sit there being like, yeah, yeah, privacy, that's a good thing. Like, you need to actually work for it. You can't just passively wait around.

At the very least, you can outsource it. Give it to, like, EFF or

Speaker 2: Coin Center, Blockchain Association, and they'll fight on your behalf. Money matters in this world.

Speaker 1: Thanks for caring about privacy, not just for you but for everyone in the world. You can follow

Speaker 2: me at ZKLumi on Twitter as well.

Speaker 1: Also Tadeo has a lot of shirts that he needs to give out that he can't get out. They're a bit plasticky, but they look cool, so

Speaker 2: talk to him afterwards. It doesn't matter. It looks nice. Cool, are there any questions? You talked a lot about privacy of payments, what about privacy

Speaker 1: of data?

Speaker 2: Do you mind repeating the question so the audience hears it?

Speaker 1: Absolutely. You talked a lot about privacy of payments. What about privacy of data? Yeah, privacy of data in the blockchain setting means privacy of payments, right? I strongly believe, like, there isn't much data you're storing on

Speaker 2: a blockchain that's not directly related to finances, right? And if you want true privacy of your data I recommend not uploading it to a cloud including a blockchain. It's just waiting to be like extracted from there. Of course I'm a huge advocate of privacy for data. You can have in the future something like secret networks working on a fully homomorphic encryption protocol.

You could store data in that protocol. And essentially, well I won't go into explaining FHE right now, but the

Speaker 1: blockchain applications right now are fairly limited for data storage. Any other questions? Thank you

See all Parallel Polis transcripts on Youtube

Privacy in Web3 - Improving Privacy Protocol To Prevent Hackers & Criminals / Daniel Lumi