Crypto-privacy advocates land a legal haymaker

From projectglitch xyz

Greetings, glitchy friends! We are gearing up for lots more publishing again soon, but in the meantime we had a couple of new items we wanted to send your way. Watch out for at least one more issue before an end-of-year break, then we’ll be back in your inbox on the regular starting in January. Now onto the good stuff…

Photo by  Joel Muniz  on  Unsplash

A win for crypto in the Tornado Cash fight. Over the last two years, a prize fight has been playing out between the US government and crypto-privacy advocates. The two sides have gone back and forth over the definition—and therefore legal status—of Tornado Cash. Last month, those in crypto’s corner landed a huge blow, and it all boils down to the interpretation of a couple of key words in the law.

The match began in 2022, when the US Treasury’s Office of Foreign Assets Control (OFAC) announced that it had designated the group of blockchain-based software programs known as Tornado Cash as national security threats. The Tornado Cash programs, which are known as smart contracts, anonymize crypto transactions by pooling user funds and using advanced cryptography to hide users' identities when they withdraw.

OFAC alleged that the Lazarus Group, a sanctioned North Korean state-sponsored hacking group, had used Tornado Cash to launder more than $455 million worth of stolen digital money. The sanctions, the first ever against smart contracts, made it illegal for Americans to transact using the software.

In response, Tornado Cash users who say they use the software for legitimate purposes—like donating money to support the Ukrainian war effort without revealing the transaction to Russian hackers—sued the Treasury Department. In two separate cases in federal district court, these users argued that OFAC has no authority to sanction the Tornado Cash software.

The court initially sided with the Treasury in both cases. The judges said Tornado Cash is an entity that North Korea has an interest in, and that the software is “property” that can legally be blocked under the relevant law, which is known as the International Emergency Economic Powers Act (IEEPA). The word property is critical here, because IEEPA very clearly gives the executive branch power to block “any property in which any foreign country or a national thereof has any interest” in the name of national security.

Both groups appealed and now we have another decision. Just before Thanksgiving, the Fifth Circuit Court of Appeals  agreed  with the appellants in one of the cases that the district court had given too much “deference” to OFAC’s definition of property.

So now we have two pivotal words to examine. We’ll get to “property,” but “deference” is doing a lot of work here too. As the Fifth Circuit judges noted in their decision, the case fell under a new legal tenet established in June in the Supreme Court’s decision in a case called  Loper Bright v Raimondo . That decision overturned a 1984 decision (Chevron v. Natural Resources Defense Council) that established a legal doctrine known as the Chevron deference. The doctrine called on the courts to defer to a government agency’s interpretation of a law when the wording of the law is ambiguous—as long as the interpretation was reasonable. This is important because agencies draft rules and regulations to implement the laws that Congress passes.

Overturning the Chevron deference shifted the balance of power away from federal agencies. The onus is now on the courts to “decide whether the law means what the agency says,” Chief Justice John Roberts wrote in his  opinion . In the Tornado Cash case, what’s relevant here is that the wording of IEEPA did not define the term “property.” OFAC felt that the definition encompassed Tornado Cash’s software. On the contrary, “property” must be ownable, the appeals court judges wrote. Ownership includes “the right to exclude everyone else from interfering with it.”

The court concluded: “The immutable smart contracts at issue in this appeal are not property because they are not capable of being owned.”

Time to analyze yet another word. An “immutable” smart contract “cannot be altered or removed from the blockchain,” the court explained. “They remain available for anyone to use”—including the Lazarus Group hackers. Since immutable software can’t be owned and thus is not “property,” OFAC “exceeded its statutory authority,” the judges said.

It’s an enormous win for crypto and privacy advocates. But as the court noted, it’s just interpreting the law. And the law can be changed. “Perhaps Congress will update IEEPA, enacted during the Carter Administration, to target modern technologies like crypto-mixing software.” —Mike Orcutt

Today’s SNARKs are “riddled with bugs.” That’s according to Justin Thaler, a research partner at a16z and a leading researcher in the field of applied zero-knowledge (ZK) cryptography. That’s as bad as it sounds, he writes in a recent  blog post . “The slightest bug in a SNARK can lead to catastrophic security failures.”

For the uninitiated, succinct non-interactive arguments of knowledge (SNARKs) are systems that allow a user to prove, for example, that they are over 18 or have a certain amount of money in their bank account without revealing their actual age or bank account balance. Zcash, which uses SNARKs to keep blockchain transaction data secret, was the first implementation in 2016. Since then, the research field has exploded.

Early SNARK designs were limited to proving small things, like that a user holds a secret key that controls the crypto wallet behind a given blockchain transaction. More recent designs can prove the user ran a computer program on that secret information—that makes it possible to compute a transaction offchain and then send proof to the blockchain that the computation was done correctly. This has been a big step forward, allowing decentralized computing platforms like Ethereum to handle more transactions per second.

For a16z, Thaler has been working on the most advanced kind of SNARK, also called a zero-knowledge virtual machine (zkVM). In April, his team released the first version of their zkVM, called Jolt, and they’ve since made incremental progress on improving its performance. But Thaler remains seriously concerned about Jolt’s security. “Until we have confidence that our toolchains are completely bug-free, projects using SNARKs cannot really be secured by the SNARK itself,“ he writes. Finding bugs in SNARKs requires PhD-level expertise, so it’s unlikely many people will be able to find them. But that doesn’t mean they’re not there. “At best, they are secured by obscurity,” he says in the post.

To account for potential security holes, SNARKs are just one of many security layers in today’s systems, which can include “semi-centralized” layers like whitelists, trusted hardware, and security councils with the authority to step in and reverse transactions. “The very worst case scenario is that we think our SNARK toolchains are bug-free,” Thaler argues. Then teams might stop relying on those other layers.

The long-term goal, according to Thaler, should be to develop formal verification methods, the way the traditional software industry uses established mathematical methods to prove the “correctness” of a software system relative to a separate mathematical description (called a “specification”) of how it is supposed to behave. “But formal methods are not some magic wand that can be waved at any piece of software and magically make all the bugs go away,” Thaler writes. “Major technical challenges will have to be overcome to get any kind of guarantee that zkVM toolchains are end-to-end correct and secure.”

Thaler notes that the Ethereum Foundation is investing in  a project to develop zkVM formal verification methods . But the goal remains years away, he says. “In fact, I consider it a distinct possibility that in five years’ time, we still don’t have strong confidence that any performative zkVM toolchain is actually bug-free.” —Mike Orcutt

(Interested in learning more about the science of SNARKs? Check out  my fireside chat with Justin Thaler at the DC Privacy Summit , Project Glitch’s first in-person event, which explored the novel legal and policy questions raised by Tornado Cash and crypto-privacy generally.)

HEADLINE WATCHER

How crypto insiders turned “debanking” into a political storm.  The New York Times examines crypto companies' difficulties maintaining bank accounts in the US—a phenomenon most crypto folks now call “Chokepoint 2.0.”

US officials urge Americans to use encrypted apps amid unprecedented cyberattack. During a recent “news call,” these officials wouldn’t say how long it might take to be sure major telecom providers including AT&T, Verizon, and Lumen Technologies are free of alleged Chinese hackers in the wake of the “Salt Typhoon” cyberattack. “Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication,” Jeff Green, executive assistant for cybersecurity at the Cybersecurity and Infrastructure Agency (CISA), said,  according to NBC News .

Why ‘open’ AI systems are actually closed, and why this matters. “At present, powerful actors are seeking to shape policy using claims that ‘open’ AI is either beneficial to innovation and democracy, on the one hand, or detrimental to safety, on the other,” write three co-authors, including Signal’s Meredith Whittaker,  in the science journal Nature . The authors argue that the “rhetoric around ‘open’ AI is frequently wielded in ways that exacerbate rather than reduce concentration of power in the AI sector.”

Ukraine asks if Telegram, its favorite app, is a sleeper agent. The messaging app has become a “lifeline for millions of Ukrainians,” but in recent months officials “have become more alarmed by the country’s dependence” on it as “worries that the app was used as a vector of disinformation and a spying tool for Russia have mushroomed,”  reports the New York Times .

The number of (zero knowledge) related (smart) contracts used grew from 47 in 2020 to 680 in 2024. Though still a nascent field, the use of zero-knowledge cryptography in blockchain applications is ballooning, according to  Electric Capital’s annual Crypto Developer Report .