Resolving the Dichotomy: Defi Compliance under Zero-Knowledge

Opinion from Dr. Andreas Freund. 21 August 2024

TL/DR

There are level solutions for DeFi protocols to integrate regulatory compliance without compromising decentralization. Using blockchain exertion and cryptographic protocols, DeFi protocols tin guarantee unafraid and transparent transactions that conscionable regulatory standards portion maintaining idiosyncratic privacy. Such protocols enforce compliance rules connected integer assets and their holders. Therefore, they tin supply a robust and flexible strategy to assistance DeFi protocols navigate the analyzable regulatory landscape, contributing to a safer and much reliable decentralized fiscal ecosystem.

Introduction

Decentralized Finance (DeFi) has taken the fiscal satellite by tempest (at slightest successful the OpEd pages of Bloomberg and Fortune), offering a permissionless and transparent alternate to accepted fiscal institutions with a full locked worth (TVL), arsenic of this writing, of astir $100Bn. However, this precise decentralization creates a large hurdle: compliance. Unlike accepted institutions with cardinal control, DeFi protocols are often governed by self-executing codification and deficiency a azygous entity liable for enforcing regulations. This raises a captious question: however tin these innovative protocols integrate compliance rules into their DNA without compromising their halfway principles of decentralization and autonomy? This situation lies astatine the bosom of DeFi’s future, arsenic regulators grapple with uncovering the close equilibrium betwixt fostering innovation and protecting consumers since astir each the ~ $100Bn successful TVL and billions of dollars regular trades connected Decentralized Exchanges (DEXs) according to DeFi Lama person not undergone immoderate due compliance checks. Sadly, and precise recently, regulators person resorted to ineligible enactment against the likes of Uniswap, Tornado Cash, and different DeFi protocols.

After thumbing their noses astatine regulators for galore years, the organizations gathering DeFi protocols are present realizing 2 things:

1. The words decentralization and No-Control bash not support against costly ineligible actions.
2. DeFi wide adoption requires amended UX and compliance enforcement — some fiscal and information privacy, and astatine the aforesaid time.

Even if DeFi protocols wanted to instrumentality compliance checks immediately, it would not lone upset their champion client’s pome carts but would necessitate protocol rewrites. In different words, wholly caller versions of the protocol with older versions inactive operating without immoderate compliance checks. That is not a tenable situation, since, precise likely, the foundations oregon DAOs governing DeFi protocols would inactive beryllium held to relationship for non-compliant versions of their protocol since “smart contracts are forever” — yes, Marilyn Monroe pun punctuation intended.

Luckily determination is simply a mode guardant for these protocols. Leveraging blockchain-native compliance mechanisms – a operation of astute contracts, and blockchain-verifiable zero-knowledge proofs, representing assertions that a idiosyncratic and submitted plus transaction are compliant with the applicable instrumentality successful a jurisdiction, yields a broad model to guarantee regulatory compliance, hazard management, and transaction reporting for immoderate integer asset. The suggested model extends the enactment primitively done by Azgad-Tromer et. al (2023) that combines robust regulatory compliance actions with privateness protection, enabling, for example, the instauration of compliant versions of integer assets that enforce jurisdictional policies portion being privacy-preserving. The archetypal model by Azgad-Tromer et al. preserves integer assets’ economical worth and technological capabilities portion ensuring that delicate accusation is selectively disposable lone to authorized instrumentality enforcement authorities – Fincen, SEC, OFAC, etc. This enhances the information and integrity of integer plus transactions portion maintaining privateness for morganatic users. Moreover, the framework’s compatibility with antithetic types of integer assets specified arsenic fungible and non-fungible integer assets makes it a versatile solution.

In short, the model augments blockchains with further accusation astir actors’ identities and plus provenance successful a privacy-preserving mode and was archetypal implemented by Sealance. This innovative attack enables the model to code the challenges posed by the decentralized quality of integer assets. Attaching Compliance-Relevant Auxiliary Information (CRAI) to transactions involving integer assets successful encrypted signifier ensures that captious compliance data, specified arsenic idiosyncratic identities, credentials, transaction history, and money provenance, remains unafraid and tamper-proof – spot FinCen guidance connected Anit-Money-Laundering arsenic an example. The model incorporates cryptographic protocols that tin automatically enforce compliance policies assigned to integer assets — what holders tin and cannot bash with specified a integer plus — and integer plus holders — what assets individuals tin and cannot clasp and/or trade. It tin besides update CRAI during the signaling of transactions connected the blockchain. This integration allows real-time compliance monitoring and reporting, enhancing transparency and accountability successful the integer plus ecosystem.

Note, that earlier enactment successful this country was conducted by Kaira et al. successful 2021 for the lawsuit of a centrally managed Hedge Fund. While complementary to this discussion, it does not interaction connected KYC/AML compliance, which is the cardinal question we are discussing successful this paper.

How to marque DeFi Protocols Regulatory Compliant

So however does specified a model run successful the discourse of DeFi protocols, fixed that astir assets connected these platforms are not natively regulatory compliant?

Fig. 1: High-Level DeFi (ZKP) Compliance Architecture arsenic an hold of Azgad-Tromer et al.

The cardinal penetration successful the hold of the Azgad-Tromer et al. model is that a astute declaration wallet used, for example, successful Account Abstraction (see EIP-4337) arsenic a typical of 1 oregon much Entity Owned Accounts (EOA) has importantly much flexibility owed to its programmability than an EOA. If a astute declaration wallet is combined with different astute contracts that enforce compliance rules and interact with a DeFi protocol we person each the ingredients we need. Think of a astute declaration wallet arsenic functionally equivalent to a accepted Broker-Dealer, a regulated and registered entity, that places trades for their clients, and a DeFi protocol with 1 oregon much compliance enforcing astute contracts arsenic a registered banal oregon commodity speech with its trading and compliance functions. Note that a Broker-Dealer is simply a *registered entity* that is simply a *legal delegate* of a regular capitalist to spot trades connected the investor’s behalf and enforce commercialized compliance rules. The banal speech is different *registered entity* – registered with regulatory authorities specified arsenic the SEC oregon Fincen – and its compliance and trading functions are abstracted by plan — separation of concerns is simply a important compliance rule.   

With this analogy successful mind, we tin present conception a regulatory-compliant DeFi protocol stack integrated with a compliance model specified arsenic the 1 pioneered by Sealance done argumentation manager contracts with associated compliance policies, and a compliance argumentation and compliant relationship registry. The astir straightforward implementation is done “smart declaration hooks” successful DeFi protocols arsenic they let customized compliance enforcement extensions to the protocol, for example, Uniswap V4 oregon Seaport. However, this does not lick the contented for DeFi protocols that bash not person specified capabilities; presently inactive the majority.

There is simply a wide harmless signifier to interact with DeFi protocols that bash not person declaration hooks for compliance checks erstwhile a idiosyncratic receives a yield-bearing instrumentality specified arsenic the Compound output token (YT) e.g. cDai. In our statement below, we implicitly presume that DeFi protocol contracts specified arsenic the Uniswap Router oregon Position Manager are registered contracts specified that the compliance argumentation enforcement mechanics embedded successful “compliant” assets tin place them arsenic compliant and not necessitate an further zkp compliance assertion to beryllium embedded with, for example, a transportation function. 

Fig. 2: Example zkp-Compliance Stack exertion with Unsiwap and compliant astute declaration wallet

A compliance-safe DeFi enactment signifier is described beneath utilizing the illustration of adding liquidity to a Uniswap Liquidity Pool for specificity:

1. A idiosyncratic (EOA) calls a DeFi Protocol compliance (wrapper, besides known arsenic a logical abstraction) declaration straight oregon done the user’s Smart Contract Wallet successful an relationship abstraction scenario.
   Note: the astute declaration wallet has already been fixed a Power-Of-Attorney certificate done an approved KYC/AML provider, specified arsenic a slope oregon an exchange. This certificate is utilized successful the aforesaid mode arsenic a real-world Power-Of-Attorney works; it marks the astute declaration wallet arsenic capable to usage the zero-knowledge impervious (zkp) assertions of compliance that the zk-based compliance level creates for a user’s plus transactions.
2. The DeFi (wrapper) declaration verifies the submitted zkp compliance assertions utilizing the zk-based compliance stack – a astute declaration strategy spot Fig 1 – routing compliance assertions successful the signifier of zk-proofs to (compliance) argumentation enforcement points (PEP) – astute contracts arsenic portion of the zk compliance stack) wherever proofs are verified and actions aka transactions are either allowed oregon denied. If the compliance checks are successful, liquidity is added to a excavation — either a excavation of compliant oregon uncompliant assets — connected behalf of the idiosyncratic by the DeFi (wrapper) contract. Let’s presume for the pursuing a compliant plus pool

1. The DeFi compliance (wrapper) declaration receives the YT and creates a compliant YT plus utilizing 1 of the zkp assertions provided by the user.
2. The DeFi compliance (wrapper) declaration past transfers the present compliant YT to the EOA oregon the astute declaration wallet — this besides requires a zkp compliance assertion. 

This prevents users from trading non-compliant YTs unless the idiosyncratic manually unwraps the asset. Note that each the output present accumulates to the compliant YT. A variant of this attack is utilizing DeFi compliance room contracts with the aforesaid functionality arsenic a compliance wrapper declaration portion not requiring spot successful the archetypal wrapper declaration deployment.

For DeFi protocol transactions of compliant assets (e.g. lending, swaps) oregon compliant assets with non–compliant assets (e.g. swaps), determination is an further pattern:

1. A User (EOA) tin utilize an authorization delegation argumentation expressed arsenic a PEP for its astute declaration wallet specified that the astute declaration wallet tin interact with a compliant plus without being required to nutrient a zkp compliance assertion. This tin beryllium achieved by the idiosyncratic creating a delegating zkp compliance assertion (delegation to astute declaration wallet) and submitting it to the zk-based compliance stack to beryllium validated and past registered with a circumstantial Power-Of-Attorney argumentation wrong a PEP. Power-of-attorney-type policies tin beryllium astatine a jurisdictional level, by plus category, oregon adjacent astatine the level of idiosyncratic assets.
   Key Point: An authorization delegation argumentation to beryllium utilized successful a transaction is astatine the plus level, not the level of a payee, a payer, oregon an authorizer level. This allows an plus to place if a payer oregon payee is permitted to interact with it, without being required to nutrient a zkp compliance assertion.
2. Known DeFi protocol astute contracts e.g. Uniswap Router, oregon an Aave Lending Pool manager can, therefore, besides utilize a Proof Delegation argumentation arsenic described above. The superior quality is that successful this discourse the entity creating the delegation zkp compliance assertion (regulatory whitelisting of a Defi protocol astute contract), and the registration is done by an authorized argumentation creator oregon registrar specified arsenic a KYC supplier wrong the zk-based compliance ecosystem.
   Key Point: As successful the lawsuit of an EOA, this registrar-proof-delegation argumentation is astatine the level of the asset, and tin differentiate jurisdiction, plus category, and adjacent idiosyncratic asset. However, it is of a antithetic authorization delegation argumentation benignant due to the fact that the requester has different ecosystem role. Therefore, the compliant plus indispensable person some types of authorization delegation policies attached to it due to the fact that some a astute declaration wallet, a Defi protocol compliance wrapper, and a Defi Protocol astute declaration volition interact with the compliant asset.

Conclusion

In summary, to guarantee the longevity and acceptance of DeFi protocols by mainstream users, these protocols indispensable determination towards regulatory compliance. The described compliance platform, an hold of the model projected by Azgad-Tromer et al. and implemented by Sealance, offers a applicable solution allowing DeFi protocols to incorporated compliance measures portion maintaining decentralization. It uses blockchain exertion and precocious cryptographic protocols for transparent, unafraid transactions that conscionable regulatory requirements, each portion preserving idiosyncratic privacy. It enforces compliance rules connected integer assets and their owners, providing a coagulated and flexible system. The cardinal benefits of the described compliance model for DeFi protocols are:

• Regulatory Compliance: The model enables DeFi protocols to adhere to regulatory standards without compromising their decentralized quality (though KYC is needfully inactive done by centralized entities).
• Risk Management: The model enables mechanisms for effectual hazard absorption and transaction reporting for assorted integer assets.
• Privacy Protection: The model incorporates cryptographic privacy-preserving features specified arsenic zkps ensuring that delicate idiosyncratic accusation utilized successful compliance credentials and successful creating zkp compliance argumentation assertions remains confidential, with idiosyncratic accusation stored and accessible lone by KYC/AML oregon different compliance credential providers specified arsenic banks oregon exchanges
• Security: Leveraging harmless cryptographic protocols, the model tin heighten the information and integrity of integer plus transactions by enforcing analyzable concern rules.
• Versatility: It is compatible with antithetic types of integer assets, including fungible and non-fungible tokens, making it a versatile solution for the DeFi ecosystem.
• Transparency and Accountability: The model promotes transparency and accountability successful the DeFi abstraction done real-time compliance monitoring and reporting (through onchain submitted, afloat encrypted reports).

Such a model tin assistance DeFi protocols successful navigating the intricate regulatory environment, contributing to a safer and much trustworthy decentralized fiscal ecosystem.

Dr Freund tin beryllium contacted via email astatine [email protected]