In November 2024, the U.S. Fifth Circuit Court ruled that the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC)’s sanctions against the currency mixer Tornado Cash violated the International Emergency Economic Powers Act" (IEEPA). The Fifth Circuit Court held that Tornado Cash’s smart contract is decentralized, self-running, uncontrollable code that cannot be owned, is not property, and should not be included in OFAC’s sanctions list. OFAC’s sanctions exceeded its legal authority .

Although the Fifth Circuit Court’s ruling in the Tornado Cash case is seen as a victory for the encryption industry, the fact that has to be acknowledged is that North Korean hackers and criminal organizations that steal money Tornado Cash is indeed being used to launder money and evade sanctions from regulatory law enforcement agencies. So in the encryption world, can the on-chain privacy of encryption users be guaranteed under the premise of legal compliance? Today we will share how the currency mixing protocol Railgun protects users’ on-chain privacy in compliance with regulations.

Railgun protocol operating mode

Railgun is a privacy protocol based on smart contracts. It uses zero-knowledge proofs and Merkle trees to ensure private payments on the user chain, and adopts The "proof of innocence" approach ensures the security and compliance of on-chain funds flowing into the protocol. This approach achieves a balance between on-chain privacy payments and regulatory compliance.

Grayscale parent company DCG Group has currently invested in the Railgun protocol token RAIL worth 10 million US dollars, and donated more than 7 million US dollars in stable coins to Railgun DAO as well as through Foundry Labs, a subsidiary, has invested resources to ensure the backend pressure-bearing capacity of the Railgun protocol.

Operating mechanism

1. Token privacy

Users use Railway Wallet to 0x their addresses The tokens in are hidden in Railgun's 0zk address. After waiting for an hour, the token balance in the 0zk address can be used for transfers between 0zk addresses and interactions on privacy chains such as Defi. 0zk Transfers between addresses do not need to wait and arrive in real time. Railway Wallet supports privacy for ERC20 tokens, ERC-721 and ERC-1155 NFTs.

2. Broadcasters replace protocol users to interact with the bottom layer of the chain to ensure transaction privacy

After the token is privatized, users interact on the chain through Broadcasters in the Railgun protocol. Broadcasters refer to the public 0x address, which replaces protocol users with the underlying blockchain payment gas to complete on-chain interaction operations. Therefore, users do not need to spend ETH/MATIC/BNB as GAS in the entire on-chain interaction operation.

Theoretically any 0x. Addresses can be used as Broadcasters, and users can select Broadcasters based on gas and availability. It does not control the tokens in the user's address, but only transmits the interaction information, and cannot obtain the sending address, amount, receiving address, token type and other detailed information of the interaction on the chain, ensuring the privacy and security of the entire transaction. You can get 10% of the total GAS fee

3. Release the privacy after completing the on-chain interaction

;">User-specified Broadcasters After completing the privacy transaction on your behalf, enter any 0x address to initiate the privacy release interaction to withdraw your remaining tokens in the Railgun protocol. In the operation of token privacy and privacy release, the Railgun protocol smart contract will charge a fee of 0.25%. These protocol benefits will be distributed to the treasury address of Railgun DAO.

Railgun uses zero-knowledge proof to ensure on-chain privacy.

Zero-Knowledge Proof (ZKP) is a cryptographic technology that allows the prover to prove the authenticity of the information to the verifier without revealing the details of the source of the information. In the Railgun protocol, users can prove You have the right to use the tokens without revealing the type and amount of the tokens. Broadcasters and fund pools can keep the generating and receiving addresses private.

For example. , Railgun users are similar to letter writers, ZKP Responsible for verifying the content of the letter, the smart contract of Railgun protocolAppointments are sealed envelopes, Broadcasters are postmen. From the public chain, they can only see that the letter was sent, but they cannot determine the content of the letter or the sender and recipient.

Railgun uses Merkle Tree to prevent double spending and ensure transaction security

Merkle Tree (Merkle Tree) is also called a hash tree and is often used to verify transaction data on the chain. of integrity. Each block header contains the root hash value of the Merkle tree to verify whether the transaction data in the entire block has been tampered with. Since the FTX misappropriation of user assets, currently mainstream centralized exchanges have adopted Merkle trees to verify the custody security of user assets and prevent them from being misappropriated.

When a user makes their address private using the Railgun protocol, tokens are added to the privacy pool. Token balances in the Railgun Protocol privacy pool are constructed from a BTC-like UTXO registry, with the entire list of Railgun UTXOs forming a Merkle tree data structure used to verify the balance state during transactions. All tokens in the Railgun protocol share the Merkle tree. Each token privacy operation will update the status of the Merkle tree and generate a new Merkle root/leaf. This ensures that users have sufficient tokens when sending private transactions, prevents double spending, and ensures the security of transactions.

How the Railgun protocol achieves regulatory compliance

Tornado Cash was sanctioned mainly because the North Korean hacker organization Lazarus Group and the money laundering criminal group used it to mix coins and evade Supervisory law enforcement agencies such as the FBI track and investigate.

Private Proofs of Innocence

When introducing the operating mechanism of the Railgun protocol above, it was mentioned that there is a one-hour waiting period when users make the 0x address private. . During the waiting period, Railgun will conduct on-chain anti-money laundering on the tokens in the user's address to ensure that the funds in the user's address do not come from high-risk criminal or sanctioned addresses.

Railgun protocol's on-chain anti-money laundering is not like centralized exchanges or institutions that require users to provide KYC information, which risks exposing privacy. Instead, it uses on-chain anti-money laundering. Tag data validation. Users can select the verification tag library corresponding to the applicable jurisdiction. For example, US users can select the US regulatory address list. During the waiting period, the user has ownership of the token and can release the privacy of the token at any time by passing the user’s original 0xAddress to retrieve tokens.

After completing the on-chain anti-money laundering verification of the token, the user will obtain Private Proofs of Innocence and subsequently send the token to the public zone The blockchain address will carry a certificate of innocence to prove that the tokens have been tested and verified.

Currently, the Railgun protocol’s default on-chain anti-money laundering tag list data is disclosed by Chainalysis of free libraries and publicly available OFAC sanction addresses.

Chainalysis is an American blockchain analysis company founded in 2014. In May 2022, Chainalysis announced the completion of a US$170 million Series F round led by GIC. financing, with a valuation reaching US$8.6 billion. Chainalysis's anti-money laundering system has become a compliance necessity for exchanges, stablecoin issuers, NFT trading platforms, and crypto banks. Chainalysis also cooperates with the U.S. Taxation Service, Immigration Service, FBI and other departments.

For the Railgun protocol, when tokens enter the protocol privacy pool, Chainalysis's address tag library is used for anti-money laundering detection, which is equivalent to wearing an amulet and receiving tokens. Addresses, exchanges, and institutional addresses are no longer afraid of on-chain transfer transactions originating from the Railgun protocol. They are worried about violating anti-money laundering regulations and being sanctioned and punished for helping criminal organizations launder money.

Crypto-asset tax calculation (Koinly Tax Exports)

Private transactions of the Railgun protocol will cause users to encounter difficulties in calculating taxes on crypto-asset transactions, so Railway Wallet supports Export the user's interaction records with the agreement and use it for the tax software Koinly to calculate the user's tax amount.

Summary and Thoughts

In a public blockchain, every on-chain interaction is transparent and traceable. In order to protect the privacy of on-chain transactions, there is It has eliminated privacy public chains and currency mixing protocols such as Tornado Cash, but it has also given opportunities to criminal organizations that use virtual currencies to transfer stolen money. The emergence of the Railgun protocol has reached a balance point between protecting privacy on the chain and combating cryptocurrency money laundering crimes, allowing addresses on the chain to not violate anti-money laundering regulations.Under such circumstances, private payments can be made safely and compliantly.

The address of Ethereum founder V God has used the Railgun protocol address to conduct 260 ETH privacy transactions worth millions of dollars from December last year to May this year. trade. But this method only means that anti-money laundering verification is carried out before the token enters the protocol. Once the token is transferred out of the protocol through verification, what should the subsequent regulatory authorities do if they find that there is a problem with the transaction and need to investigate? After all, criminal technology often stays ahead of crime prevention measures, and Chainalysis' address tag library data always lags behind the latest addresses used by criminal groups.