Hinkal: On-chain Privacy With Compliance Guarantees

Georgi Koreli

Jan 26, 2024 — 7 min read

Private On-Chain Transactions with Reusable KYC(B) Attestation to Exclude Illicit Parties

This article was originally posted on Stanford Blockchain.

Introduction

In Traditional Finance (TradFi), privacy is taken for granted. Your transactions are only known by you and the participating parties. When opening a bank account, only you and the bank have knowledge of the account. Government authorities may gain access upon request.

In order to open a bank account, the customer has to pass a KYC(B) (Know Your Customer/Business) check. This ensures that no illicit parties are allowed to use the bank’s services and no illegal activities can be facilitated through it.

In short, in TradFi, KYC(B) verification and privacy co-exist. Information about transactions is invisible to anyone except the participants and the facilitators (banks).

The same approach can be applied to on-chain transactions, but more importantly, users can achieve this with less friction - providing attestations i.e. reusable KYC(B) layer. In this article, we are going to examine how privacy can be provided in the crypto space while making sure no illicit parties can benefit from it. [1]

Privacy in DeFi

Privacy in decentralized finance (DeFi) transactions is more complex. Transactions in crypto are not anonymous, but rather pseudonymous, meaning they can all be traced back to your wallet address.

Let’s take as an example a user who on-ramps through a Centralized Exchange (CEX). After buying USDC, they move them to the self-custodial wallet. The history of that wallet address and its transactions from now on are all publicly accessible. An average user, unless Arkham or Nansen researchers found a way to label them, stays pseudonymous with the wallet address being their pseudonym.

But here is the issue - although the actual identity of the user is hidden, all their transactions remain publicly visible. As a result, all significant token holders are traced and soon copy-traded, front-runned or become targets of hackers [2].

Who suffers from this mostly?

Active DeFi traders whose main job is to make a profit on-chain. Suddenly they are followed by hundreds of other wallets just repeating their actions which diminishes their yields. Why does the yield go down? The law of diminishing returns applies to all token transactions. So if you are providing liquidity (LP) on Curve - more people do LP, yields go down. The same law applies to staking, borrowing/lending, and in most cases for swaps with some exceptions in each category.

If no one can link your history or assets, running your strategies stays profitable. That’s where the meaning of economic privacy is derived from.

Fund managers using managed accounts. How can we ensure that there’s no immediate visibility of all transactions, so they can run their strategies without immediately disclosing positions to their LP/account holders? Here privacy comes with a different flavor of justifying performance fees that is possible with smart contract privacy and viewing keys to show transactions at the end of the trading sessions.

Crypto VCs liquidating vested tokens from the projects they invested in. It always provides bad market signals even if the VCs just need liquidity - so they use CEXs or OTC (Over the Counter) markets. Here, privacy is needed to have an option to liquidate tokens on DEXs without having a market impact.

Other use cases include investment strategies such as buy-and-hold of illiquid tokens on DEXs and CEX-DEX arbitrage, but also payroll or B2B payments. They are smaller in scale but still very relevant and growing use cases.

Solving Privacy in DeFi

The solution to this problem comes in the form of a ZK-privacy protocol utilizing shielded addresses and stealth addresses, relayers, and KYC(B) attestations.

This way, users can execute transactions without:

a) any link to their actual wallet

b) any history of previous transactions, while maintaining full custody over the assets.

Instead of transacting directly from their wallets, users pass their transactions through a relayer, utilizing ZK technology to prove ownership over the funds without revealing the identity of the owners. The relayer then executes the transaction on their behalf, returning exchanged assets back to private addresses inside the smart contract. Assets remain in the user’s full custody while they can interact privately with major dApps within a single UI and SDK [3].

Users transact confidentially through Hinkal

To ensure only legitimate parties can benefit from on-chain privacy, KYC(B) attestation is necessary. It is a common misconception that KYC(B) verification equals loss of privacy and pseudonymity. If we revisit the TradFi example with the bank accounts, we can see that there is a way to preserve privacy while passing through the verification process.

We adopt a similar concept in DeFi. The advantage over TradFi is the reusability of attestations. Many users have accounts at institutions such as Coinbase or Binance. Now such attestations can be used to verify that users passed KYC(B) and then allow them to participate in private transactions using Hinkal and integrated dApps. If they don’t have such attestations from institutions or any other KYC(B)/DID protocols, they need to pass KYC(B) only once. They can use this attestation everywhere in the blockchain domain since the minted “Access token” can be used in other dApps. The Access Token maintains full privacy and doesn’t disclose any personal information. What it guarantees is that there’s a way to deanonymize the user and match to off-chain records in case there’s a government request, similar to what reusable attestation does.

This is exactly the concept that Hinkal implements.

Hinkal’s Solution

Hinkal is a zk-protocol enabling end-to-end and secure confidentiality for DeFi transactions. Hinkal allows liquid funds, VCs and retail investors to make confidential transactions on popular dApps (originator wallet and asset value).

How does KYC (B) attestation work for Hinkal users?

Before using Hinkal’s functions, all users must mint an "Access token", obtainable after providing an attestation either with major CEXs/custodians or KYC(B) providers. If there’s no attestation on hand, users can do KYC(B) on partner KYC(B) protocols or Coinbase/Binance, depending on preference and trust.

How does Hinkal utilize cross-chain communication for KYC(B)?

Hinkal integrates Axelar’s secure cross-chain communication to minimize user friction and make the onboarding process seamless. Users can mint all/some of the Access Tokens across networks with a single transaction on their preferred chain.

How does privacy work?

Hinkal uses a combination of a shielded pool, ZK-Proofs, and stealth addresses to balance privacy with cost-efficiency, transforming the way on-chain trading operates.

Let’s dive into specifics.

Shielded Pool

When a user connects their wallet to Hinkal, they generate a shielded address. Only the public wallet that created this shielded address can view its balance and spend it. After the user mints their Access Token, they can deposit their assets into Hinkal’s shielded pool. The shielded pool contains all the assets deposited from users. Every transaction is executed by the relayer on the user’s behalf and uses the assets deposited to the shielded pool. Hence users can transact confidentially - no direct connection between the public address and the executed transactions.[4]

ZK-Proofs

A zero-knowledge proof (ZKP) is a cryptographic method used to prove the validity of a statement, without revealing the content of that statement. [5]

Hinkal uses ZKPs on two occasions:

Proving the ownership of a KYC(B) attestation. ZKPs are used to validate users who completed the process when they provide an attestation.

Every time a user performs a transaction using Hinkal, a commitment of value is created or spent, updating their shielded balance. ZKPs are used to prove that the user has enough funds for the transaction executed and to create new (or nullify) commitments.

Hinkal’s use of ZKPs allows users not to reveal sensitive information, preserving users' privacy.

Stealth Addresses

Stealth addresses are temporary, cryptographically secured addresses generated for each transaction Hinkal users submit. Using stealth addresses, Hinkal can execute transactions with flexible parameters like slippage, cover all associated costs, and refund any difference back to the user. This not only reduces transaction fees but also enhances privacy. Users no longer have to reveal predetermined asset values, ensuring complete anonymity [6].

Conclusion

As DeFi advances, one of the key questions for the industry is how to find the right balance between user privacy, capital efficiency, and regulatory compliance. All this, of course, happens under the backdrop of several large institutional players, such as Blackrock, Fidelity, and Franklin Templeton expanding their presence in the crypto space. However, for these big asset holders to fully embrace DeFi, the industry needs to first solve two important issues:

Users should be able to have on-chain assets privately and transact confidentially. No third party should have the ability to link transactions back to them and see all their assets on a public ledger.

Privacy should be immaculate. Effective mechanisms should be in place to ensure that honest users do not associate themselves with illicit parties and funds.

Hinkal satisfies both, as it allows users to obfuscate their assets and transact privately by utilizing its shielded pool, ZKPs, and relayers. At the same time, the requirement for KYC(B) attestations to use the protocol ensures only legitimate parties can access the provided on-chain privacy. Thus, Hinkal’s solution offers on-chain transactional privacy while staying in line with regulatory requirements. Ultimately it is paving the way for institutional players to enter DeFi that will lead it to its full potential, benefitting the whole ecosystem.