Inco Network and Circle Research announce the release of a co-authored comprehensive whitepaper, introducing the Confidential ERC-20 Framework.
TL;DR
Inco Network and Circle Research announce the release of a co-authored comprehensive whitepaper introducing the Confidential ERC-20 Framework. This framework transforms standard ERC-20 tokens into confidential wrapped versions that mask balances and transaction amounts, providing users with additional privacy protections while maintaining compliance controls.
The Confidential ERC-20 Framework offers:
- Privacy features: Concealed balances and transaction amounts.
- Risk management tools: Such as viewing and transfer rules for programmatic risk management.
- Diverse applications: From supply chain payments to payroll and peer-to-peer transactions.
- Technological backbone: Utilizes Fully Homomorphic Encryption (FHE) within the EVM context, paving the way for use on public EVM blockchains.
Read the Whitepaper | View the Repo
The Need for Compliant Privacy on Blockchains
Blockchains are designed to be public and pseudonymous, which means that once a wallet is identified, their entire transaction history is visible. This level of transparency provides benefits, such as payment verification and monitoring for illicit activities. However, it can also raise privacy concerns for anyone transacting on-chain. Privacy is vital for the financial system’s integrity, protecting consumers and businesses from misuse, identity theft, and fraud. Additionally, for payments on permissionless blockchains to gain widespread adoption, users need to be able to meet potential legal or regulatory requirements that businesses must comply with in order to secure sensitive information like payroll, vendor payments, and strategic financial data.
Types of privacy
There are two parts of a transaction that could be private. One part is the “who,” e.g. the sender and receiver. Concealing these identities achieves anonymity. Another part of the transaction is the “how much,” e.g. the amount. Keeping this amount confidential upholds confidentiality.
Though anonymity typically provides stronger privacy assumptions than confidentiality, it may also pose greater threats from a risk management standpoint, because bad actors may be able to use anonymity to obfuscate illicit activity. Conversely, confidentiality is sufficient for many use cases in the financial system: employee payroll, supply chain vendor payments (where payment amount should not be revealed to vendor competitors), or even P2P payments (e.g. Venmo).
The Challenge of Balancing Privacy and Compliance
While privacy, or confidentiality, is crucial for many legitimate blockchain applications, it can also provide an opportunity for misuse by bad actors if improperly implemented.
Circle’s Co-Founder and CEO Jeremy Allaire has emphasized the need for regulated financial institutions to fulfill their legal responsibility and combat money laundering, while at the same time the need for balancing these requirements with the commitment to open software and the belief that privacy should be a fundamental design principle in the issuance and circulation of dollar digital currencies.
This framework provides the architecture for good actors to maintain their privacy while having appropriate risk management controls in place to prevent misuse.
Overview of the Confidential ERC-20 Framework
The Confidential ERC-20 Framework allows existing tokens to be wrapped into a secure, confidential form on EVM chains. This new framework includes several key features:
- Encrypted balances: User balances are encrypted, allowing visibility only for authorized parties such as users or appropriate authorities.
- Encrypted transfers: The amount transferred between addresses remains confidential and is not exposed to the public.
- Delegated viewing: Permission to view balances can be granted to specific parties like auditors, regulators, and/or law enforcement without compromising user privacy.
- Programmable transfer rules: Regulatory compliance measures (like anti-money laundering rules, transfer limits, etc.) can be programmed at the smart contract level.
The framework leverages Fully Homomorphic Encryption (FHE), allowing computations on encrypted data without decryption. FHE integrates well within the EVM as a smart contract execution environment, enabling secure and private transactions while maintaining compliance. See the whitepaper for more technical details on how FHE is leveraged in the Confidential ERC-20 Framework.
Benefits of the Confidential ERC-20 Framework
The Confidential ERC-20 Framework offers significant benefits that enhance the functionality and security of financial applications:
- Composability over encrypted data: Enables the integration of confidential data into various applications without exposing sensitive information.
- A modular building block for financial services: The Confidential ERC-20 serves as a fundamental component for privacy-focused DeFi and financial services, similar to how the ERC-20 standard has shaped the existing landscape.
- Compliance controls: Allows for privacy measures to align with regulations while facilitating dynamic integrations.
Composability over encrypted data and the modularity of the framework is partly achieved by being encryption-based rather than commitment-based (such as most zero-knowledge proof-based protocols). With the three benefits above, this unique solution presents a new feature-set for on-chain compliant privacy.
Conclusion
The Confidential ERC-20 Framework marks a step towards ensuring privacy while maintaining regulatory compliance for blockchain transactions. We welcome all feedback and encourage the community to build and improve upon the framework.
For a deep dive into the technical details and features of the framework, check out our whitepaper and explore the open-source repository hosted by Inco Network.
Acknowledgements
We extend our gratitude to Dan Boneh, advisor to Circle Research, and Michael Mosier, the former acting director of FinCEN, for their contributions to this paper.
Disclaimers
The publication of this research does not imply that Circle is productizing or endorsing this framework.