zCloak Space Script: Privacy-Preserving Transactions, Will It Rise Again?
zCloak Network organized an online panel at 8 p.m. Beijing time on August 1, 2023, titled “Privacy-Preserving Transactions, Will It Rise Again?” The founder of zCloak Network, w3tester, and the community contributor of PortalGate, Jemma, attended this online panel. The following is a documentary transcript of it.
Cassiel: Hello everyone, good to see you again and this is Cassy. Welcome to today’s AMA, I’ll be the host of this panel and today we have two guests to be with us who are the founder of zCloak Network, w3tester, and Portal Gate project, Jemma. For today’s panel, 3 parts will be involved in total. Firstly, we will have two general questions for tester and Jemma to discuss, which are mainly about the background of privacy-preserving transactions so that you can have a general idea about this topic. Then it’s the second part and I will ask a few detailed questions to each guest related to Portal Gate and zCloak to help you better understand them. Lastly, if you have any ideas or questions for tester and Jemma, just please feel free to ask them. Then we will invite one to two audiences here to discuss together. Okay. Before that, let’s welcome our guests to give us a brief introduction about themselves and their projects. Um, how about we start with tester? Can you just say hello to the community?
w3tester: Hello everyone. Thank you for taking the time to be here. Great pleasure to be with you. I’m the founder of zCloak Network, zCloak is a privacy-preserving DID infrastructure. What we do is very simple: We help people to gain control of their own data. We help them to use this data without sending them to centralized servers. We use technologies such as verifiable credentials and zero-knowledge proof to help people prove attributes about themselves without showing their raw data. So this is what we do at zCloak Network. It’s our great pleasure to be here today with Portal Gate to talk about privacy on Web3 in general. Thank you.
Cassiel: Okay, thanks a lot. Thanks for the tester’s introduction, then how about Jemma? Would you mind just saying hello to the community?
Jemma: Sure, hi everyone, great to be here. My name is Jemma, and I’m one of the founding contributors to PortalGate. We are a relatively young project, started the building of this project around the end of last year. For me, I’ve been in the crypto industry for probably six years now. The idea of PortalGate came from myself and many of my peers, who value on-chain privacy a lot. So at the end of last year, we decided it was time to really build out a compliant and Decentralised and private DeFi infrastructure to really support individuals as well as larger participants on-chain with privacy protection. So our main product is a decentralized dark pool, which I’ll go into in more detail later.
Cassiel: Okay, thanks Jemma, thanks for your introduction, I believe the community has already had a general idea about what PortalGate is. Let’s move into the first part. As we all know, the sanctions against Tornado Cash caused an uproar in the crypto world, the legal world and even the traditional financial industry, putting on-chain privacy-preserving transactions into a really controversial position. So with Tornado Cash’s influence, what do you guys think of the current development of privacy-preserving transactions? Let’s also get started with Jemma. Hi Jemma, would you mind sharing some of your opinions on that?
Jemma: Sure, I would say Tornado Cash is like the OG of privacy-preserving infrastructure, the product was working well, but the problem is the users. In general, I think the view is just like that if something bad happens on the Internet, should we ban the Internet? We should put ways to ensure that these bad things no longer happen, or minimise the risk of that by blocking out or by filtering out users who shouldn’t be using the Internet in this way. And I think that is the same concept for our privacy-preserving transactions. Based on that, I think the majority of the users are normal and behaved users, and we cannot stop them from using a decentralised manner to transact on-chain. Without Tornado Cash at the moment, I guess the most popular way people would use to perform a transaction is the centralized exchange. So there is a clear demand for privacy-preserving transactions and that demand will only continue to grow as we get more adoption. If you talk to any non-crypto users and tell them that if you make any transactions on-chain currently it will be all public, everyone can see where you’re sending to, who you’re sending to, and what you’re sending. This can’t be imagined in the traditional finance industry. So that’s why we putting up with this in the Web3 world. I think that’s probably just my initial thought of that.
Cassiel: I totally agree and just like what Jemma mentioned before, for any services, a few bad elements shouldn’t be an obstacle for other regular users to interact with those services, and we cannot totally ban all the possibilities just because of that bad elements. So thanks a lot and that’s very insightful, Jemma. How about tester? Would you mind sharing some of your ideas on that?
w3tester: Yeah, definitely. I think it’s a great introduction from Jemma. For me, privacy is something that people really need nowadays, it’s a basic human right, and Blockchain is a very special technology. It makes all these transparent transactions on-chain possible. We have a smart contract doing things that have been written as logic. This is all great and nice. But there is something missing when people enjoy the convince of blockchain, that is privacy. Imagine this, when you trade and when you buy things, the whole world knows that at a certain moment, you as a person at a certain place buy a certain thing. This is inconvenient to us and even sometimes it means danger.
Recently, the industry has been talking about the mass adoption of blockchain technology, not just for our crypto world, but also for regular people’s right to do shopping on all sorts of e-commercial and entertainment, gaming platforms. And we can see a trend of cryptocurrency being adopted by normal companies. For example, in international trading, when these companies use cryptocurrency to perform a trade, they definitely don’t want their competitors to see who they are transacting with, how much money they have spent on what and when these things are happening, right? This is all about the business secret. You don’t want to disclose it to the whole world. However, basically, all the on-chain information is transparent, public, and open to everybody. So when it comes to the development of privacy-preserving technology, we can see clearly see two paths. One path will be mentioned later, which is the things people do in Ethereum. But I also like to mention that there are some chains which are purposely made for privacy, these chains are made for private transactions specifically. But we spot some problems here, most of the liquidity TVL are in the Ethereum ecosystem. For normal users, maybe the only thing they know is ETH, USDC or USDT. So in this sense, we think that for privacy-preserving transactions is really important for us to have some stable infrastructure in Ethereum like Tornado Cash. But there was a problem, regular people want to use this tool to protect their privacy, but there were also bad guys and hackers and maybe drug dealers, using this for money laundering. So we have seen the sanctions made by the USA against the founder of Tornado Cash.
On the one hand, we want to protect the privacy of users, on the other hand, we really do not want those bad guys to take advantage of this tool. So we need something that can help people to preserve privacy, as well as to filter out the bad guys. Then we’re seeing from Portal Gate that is such a tool in the Ethereum ecosystem, maybe in layer 2 in the future that you can use to have privacy and compliance at the same time. So that’s a very good developing trend and based on this, a lot of interesting scenarios can be developed. And we can’t wait to hear more from Jemma.
Cassiel: Okay, thanks for your information, tester. Surely, privacy is the most basic human right and blockchain tech enables us to hold it again. The same for the on-chain transactions, especially for companies, they don’t want their trade data to be totally public. And probably that’s the main reason why we need a privacy-preserving transaction. Besides that. Roman Storm, the Co-founder of Tornado Cash used to say that there is no DAPP that is truly decentralized and even in the crypto world, 100% freedom and privacy is just an illusion. Compliance is the only optional path, so how do you two value this point? Let’s also get started with Jemma.
Jemma: It’s a very big question. In short, it’s very hard to be truly decentralized. I think Web3 native users see compliance and privacy as mutually exclusive. When you want to use Portal Gate’s service, you need to go through KYC or KYB which are done off-chain but you remain anonymous on-chain. So that you still have that level of privacy and without giving up your identity. Given the macro environment, the main regulatory environment, as Web3 matures, more and more DeFi applications will have to have some level of compliance. And that’s why we love zero knowledge technology because that precisely solves the dilemma. So I tend to agree with Roman, the path forward is to be to become more and more compliant by leveraging technology.
Cassiel: Okay, thanks very much and I totally agree with you that we may not need 100% privacy and maybe half complaints as well as privacy. Preserving is also a great choice. So with the development of our DeFi industry, more and more possible solutions is coming up. So let’s just wait for it. And that’s very insightful. So how about tester?
w3tester: Yeah, I think I also kind of agree with Roman that it’s definitely difficult to achieve 100% decentralization and privacy. If you look at the tools that we’re using right now, the biggest stablecoin that we’re seeing today are USDC and USDT. They are centralized, stablecoins issued by private companies. Then if we look at the wallet that Web3 users are using every day, MetaMask which has tens of millions of users, and most of them are hooked up to the interior RPC, which is also somehow a centralized thing. Surely you can change it to your own RPC, which is possible. But that’s not what most people do. So as I just mentioned, privacy is a great thing. We want privacy because it’s a basic human right, but somehow it’s a relative term for me. So I think in the crypto space, personally, what I value most is verifiability instead of 100% decentralization because when you have verifiability, that means when people do something, there is some way for you to verify whether that thing is correct or not. And that has a consequence, that’s for people who want to act evil, they will have to think twice before doing that. And that is a very important power different from Web2, where all the servers are basically black boxes, and you have no idea what is going on inside, and there’s definitely no way for you to verify anything that is going on there. But in Web3, we had this option and the same goes with the stablecoin I just mentioned.
So basically, for everything that happens on-chain, we assume that goes as planned as specified. But if there’s some party who is behaving strangely and we can catch them and this will give them enough pressure that they will have to stay good, otherwise there’s their stake will be slashed. So this is why transparency and verifiability is very important in the Web3 industry. So 100% privacy means that nobody knows who is who, absolutely. But in terms of the law enforcers, for example, if they have identified some bad guys on-chain doing bad things, we should have this possibility to pin down this bad guy and execute a law, right? So as Jemma said, it’s not contradictory to privacy and compliance, sometimes we want both.
Maybe in the original version of Ethereum, this is not possible because if you don’t use a tool like Tornador Cash, everything will be in the public, and everybody can see what you’re doing, and then you lose privacy. So there has to be some kind of middle ground that we want, which will allow us to not break the law, be good people at the same time keep our privacy. So I think this is definitely important and there will be a huge market not only just for individuals but also for companies who want to use blockchain for their business to preserve their business secrets, this is also quite important. Okay, that’s my thoughts.
Cassiel: Okay, thanks very much tester, thanks for your info. Basically, verifiability is quite important that’s for sure. And I believe with the uprising awareness of users’ data self-sovereignty, the privacy-preserving transaction will finally find a position between compliance and privacy protection. As well as the maybe KYC and KYB services and actually that’s also determined to our future contributions and building, making sure it is in the correct development direction. And thanks a lot for both Jemma and tester wonderful ideas. Hope all of this can help our community to have a better understanding of the current privacy-preserving transactions. Then maybe let’s move into the second part. Considering that there may be some of our community members who are not that familiar with Portal Gate so I got a few questions for Jemma that the community might be interested in, speaking of the privacy-preserving transactions, why should we adopt it and what are the benefits of it?
Jemma: Sure. Again, I agree with what tester said, privacy is one of the basic human rights. We expect privacy in traditional finance when you engage with a bank when you’d make transactions in the bank. There’s no reason why we shouldn’t expect the same when we engage with on-chain transactions in the Web3 world. Simple things like for those of us who work on Web3, receiving salaries on-chain, we don’t want everyone to know how much we’re making each month.
What is privacy? I think the market tends to conflate. In our context, we would say privacy is full privacy. So you’re both anonymous on-chain and what you’re doing is also hidden. And that’s probably the ultimate level of privacy. But at the same time, you can be compliant to show that your wallet is your wallet, and it is a good actor without linking it to your ID. That’s why we look forward to working with zCloak who have these leverages of zero-knowledge technology.
Cassiel: Understood, besides that, we usually think that one of the unique features of blockchain tech is transparency. So how does Portal Gate technically make transactions to be privacy-preserving?
Jemma: Sure. We’re building a private and compliant DeFi infrastructure stack. That’s actually a number of products centred around private on-train transactions. So our first product which hopefully will be launching in the next two weeks is the privacy pool, where you can go in and out. It breaks the link between your on-chain wallet, it makes you go in and withdraw with a different wallet. But your wallet has to be compliant. So you have to pass KYC off-chain and then remain anonymous but compliant on-chain. Our second product which is actually the main product is one step above, the first one you can only do transfers, and the second one is actually a dark pool. The dark pool may sound not so good, but in fact, the dark pool is a quite common thing in traditional finance for traders to trade with privacy, particularly for investment banks. So you can do both transfers and swaps in that product.
Cassiel: Okay, thanks for the illustration. And really looking forward to Portal Gate’s new products in the Q4 season. Well, besides that, actually one of the keywords of zCloak Network is also privacy. And what we are trying to do is to return the data ownership tto our users. So what do you think the collaboration between zCloak and Portalg Gate can do for the community?
Jemma: Yeah, we’re very excited about working with zCloak, because we’ve played around with zCloak’s DID products for a while. One of the key things zCloak would help is to be able to verify that a person has particular attributes without disclosing that person‘s raw data. From a product level, there are a lot of synergies and also from even a business development level. I think we’re targeting a lot of similar users. And we’ve actually looked at many other ZK projects but none of them is probably as advanced as zCloak when it comes to actually implementing what we need to do. So we are very excited about this partnership.
Cassiel: Yes, and thanks so much. Surely the upcoming collaboration between us means a lot for both sides. So lastly, would you mind sharing maybe the 2023 roadmap of Portal Gate considering that we are ready to have with through this year in what has been achieved and what is the under the building for Portal Gate except for you the products you just mentioned, are there any other things?
Jemma: Yeah, let me give a quick overview of what we’ve built around since the end of last year. In fact, we just closed our seed round a few months ago led by a number of reputable institutions globally. The compliant privacy pool have been launched in probably a couple of weeks so please keep tuned to our Twitter to see that announcement. Then our dark pool testnet will be there in Q4, which will only be available for a few whitelist tests because we want feedback from our users. Besides, we are working very hard on a lot of other activities. I can’t talk about too much here, but surely there will be a lot of benefits for early adopters.
Cassiel: Okay, thanks for Jemma’s introduction and again congratulations on the success of Portal Gate’s seed round fundraising. Hope we can experience more services of Portal Gate just in the quite near future. I believe the community must have already had better knowledge about Portal Gate, so if you want to know more about Portal Gate, just follow their official Twitter account. Then let’s get into the zCloak time. So I also have a few questions for tester. First of all, most of our community members are actually familiar with zCloak about the Web3 solution to trust issues and RWI infrastructure. But in terms of privacy-preserving transactions, they may get curious about how does zCloak’s infrastructure help with the privacy-preserving transactions process? What role does the ZKP tech play there? So could tester please share some ideas on this?
w3tester: Yeah, thank you. So it’s a very important task for zCloak to support a project like a Portal Gate to help people to gain their privacy for on-chain activities at the same time be compliant. So how do we do that? I think most of us heard about KYC, that’s what you do when you open a bank account at a certain bank or some people have even done that for getting into the whitelist. In short, that’s how we make sure you’re a good person who is allowed to use financial services. That’s a traditional but useful way. And we have to admit that there are problems with the traditional KYC process.
First of all, it takes a lot of time and you take a great risk of leaking privacy in this process. And the most bothering part lies in that you need to repeat this process every time you need to interact with certain services. There’s a chance that your privacy can be leaked and especially when the project or the party that’s handling your personal information is just a small party that is not bonded by strict regulations. So that’s a problem. So how does zCloak help with this part? As we have introduced, we provide several ways for you to collect data about yourself as data cards, and these data cards are stored in your local data wallet. So basically, we make you the owner of your own data. We want to prove something about you to a project or verifier. And you can do that in a ZK way.
One thing that we need to note here is that there are a lot of details in this process. There are many more detailed questions a verifier may ask. Like is this person from a certain region of the world or not? What is the range of age that they fall into? What is the complaint level of this person? What is the risk level that they are in? And it’s gonna be a lot of trouble for the users if they have to do KYC for certain types of examination before they can use a service. So that is how zCloak can help with zero-knowledge proof. Users have already got their data in their own hands-their data wallet on their local device. Each time a verifier needs users to prove something about themselves, what users can do is run a very simple zero-knowledge proof computation in their wallet and generate results with the proof, then send this proof to the verifier on-chain, who will then know whether you are qualified. The good part here is that you do not need to go to a centralized party each time you need to prove something about yourself. So this saves a lot of time and effort and also prevents the unnecessary leakage of your data.
The other part is how you can make your KYC result on-chain. zCloak has provided our own smart contract that’s written to mint something that we call the zk-SBT for people. I think a lot of people know the Soul-bound token, short as SBT, is something that is attached to our own Ethereum account which represents things about you, but they are made in a way that you can get this SBT out of ZKP that is computed in your wallet. We can mix and match all sorts of criteria on the same account to prove certain facts about this person without disclosing their real name or their address. So these are infrastructures that zCloak is providing to help privacy-preserving applications. And here I think it fits very well with the scope of Portal Gate, so people can prove their legitimacy that they are a qualified user of this service.
Cassiel: Okay, thanks for tester‘s explanation and that’s very clear. But to be honest, I totally support what Portal Gate and zCloak are trying to reach. However, how can we actually balance the trade privacy and the regulation policy to avoid another Tornado Cash tragedy?
w3tester: Yeah, definitely. So I think we have already touched on the topic a little bit. The key is the zero-knowledge proof. In traditional business, when you want to show something about yourself, you have to show a lot of raw data. Let’s take an example here, if you want to go to a bar and you need to prove that you are an adult, you have to give your ID card maybe to the bartender to check your age. But besides your age, your name, your address and your birthday, which is not supposed to be shared with this person will also be leaked. And it applies the same for regulatory requirements on-chain. So when we are doing business transactions on the blockchain, what you need to prove to the verifier or to the regulatory party is that you are a qualified investor. Actually, if nothing goes wrong, they are not really interested in who you are really. The only thing they want to know is that you are a good person and you are doing things in a good way. When bad things happen, if there’s a hack or if that leads to money laundering, it is important for them to identify exactly who you are, which is possible with our infrastructure because all data has been attested by a KYC company or by some trusted parties like government agencies. So that is necessary and that is good for the order of society, but in normal cases, people will not be able to link a transaction to a specific party so you will be able to preserve your privacy.
I think a very good point that was just discussed was that sometimes we need to take a step back and think about what really is privacy. What does it mean for us to have privacy? I would quote the cyberpunk manifesto, that was published some years ago. They talk about privacy and they think privacy is the power of a person that can selectively reveal themselves. In other words, I will be able to have the right to review myself and tell people who I am, only when I choose to and the attributes that I show to the world are the attributes that I want to share. So when people have this kind of capability, we say that they have their privacy and that is the goal of zCloak to help people to preserve their privacy as much as possible at the same time to help them to stay in the range of laws. Yeah, that’s basically what we can help here.
Cassiel: Okay, that’s very clear to me and I totally agree with what tester just mentioned. Sometimes we may need to take a step back and KYC may be a possible way to avoid another Tornado Cash tragedy mainly because we can control the eligibility of our users by KYC in a ZKP way, that’s really remarkable. And lastly, I feel the community must have already realized that zCloak has collaborated with a lot of projects for launching the anti-fraud and phishing movement, and the first and second round of it has already been successfully finished. So will there be any um upcoming event between Portal Gate and zCloak in the near future? Can you spoil us a little bit about that, tester?
w3tester: Yeah, definitely. We look forward to having some marketing and community events together with Portal Gate. I think there are a lot of things we can do together, especially with our identity cards. So as we mentioned on one hand, we can use it totally for privacy-preserving and compliant applications that fit the need of Portal Gate. On the other hand, these tools can also be used to organize our community to somehow measure the contribution of certain members in this community. And currently, there’s a gap between the real on-chain product and the community, thus, you may be very active in the projects’ discord channel; you may have helped answer questions to help other members to get familiar with this product; maybe you get promoted, you get a special title in the discord channel. But when you want to use this product, all the benefits, reputation, class and text that you have gained on the discord channel are not reflected.
Then if we look at this question from the opposite perspective. For example, if you’re on a white list for a DeFi project, and you spend a lot of money on it. You enjoy the product very much, so you performed a lot of transactions. You helped with the TVL a lot. People in the community do not necessarily know your contribution to this project. So apparently we’re seeing a gap here between the real use of the product and the community. These parts are separated somehow. That’s also where zCloak can help with the membership card that we’re about to release very soon, and we’d like to use it with the Portal Gate community, and basically, it’s a card that the founders and the founding teams can issue to the community members. Then the member’s contribution can be recorded and marked with these cards. And they will not disclose your identity in the discord channel with its on-chain form — zk-SBT.
Based on this, the protocol can give a very active member of the community some discount to award the contribution. So these are the things zCloak will very soon provide for Web 3 projects, and we’d very much like to try it out with our partner, Portal Gate to see how we can help the community and help grow the protocol with tools like this. Yeah, that’s what I think.
Cassiel: Yeah, okay, that sounds really great. And let’s look forward to the upcoming collaborations between Portal Gate and zCloak Network. And then I think it will be the final part of this panel, which is the QNA section if any of our community members have any questions or ideas on today’s topic. Please feel free to ask and you can just click on the bottom left corner button to apply to be a speaker. Or you can just type your questions in the chat box below. Maybe we have covered a lot today, and our community members need some time to consider all of those things. Um, so is there anything that tester and Jemma want to add?
w3ester: Yeah I think a lot of information today for the community to digest. I think that’s good that people are staying this long to hear our discussion and potential collaboration between these two projects. Appreciate that. Jemma, do you have any thoughts?
Jemma: I think we have covered a lot in this Twitter space, again, thank you, everyone, for joining and staying this entire time, and I encourage everyone to follow zCloak and Portal Gate’s Twitter accounts to see our future collaborations and to get involved in both of our communities. Thank you.
Cassiel: Okay, so I guess we will just stop here, and for all of our audiences, if you need more info about zCloak and Portal Gate, please kindly follow the Twitter accounts to find more information. Lastly, thank you all for attending this panel and thanks to tester and Jemma’s wonderful sharing and many thanks to our community’s patient listening, so maybe see you next time and please stay tuned to our channel. Bye.