The false choice between privacy and compliance
"Privacy tools are for criminals." We hear this a lot, and honestly, it's frustrating. Your bank doesn't publish your account balance on a billboard. Your employer doesn't announce your salary to everyone. Privacy is normal.
But we get it. Regulators have legitimate concerns. Money laundering is real. Tax evasion is real. And some privacy tools have made it nearly impossible to investigate actual crimes.
So we built something different. Privacy by default, with the ability to prove compliance when needed.
The auditor model: controlled transparency
The core concept is simple: every NixPool has a designated auditor, set at deployment time, who holds a Grumpkin private key. Every transaction in the pool includes ECIES-encrypted data that only this auditor can decrypt.
Think of it like giving your accountant access to your bank statements. They can see everything needed for audits, but they can't move your money. The auditor can decrypt transaction data (sender, receiver, amounts) but has no ability to spend anyone's notes.
The auditor is a single entity (could be a compliance officer, a regulated custodian, or a DAO-controlled multisig holding the key). When a transaction enters the NixPool, the sender encrypts the transaction details using the auditor's Grumpkin public key via ECIES. Only the holder of the corresponding private key can decrypt it.
Four ways companies actually use this
1. Always-on monitoring
Your compliance team holds the auditor Grumpkin key for your pool. They can decrypt and monitor all transactions in real time without being able to spend anything. The board sleeps better, and day-to-day transactions stay private from competitors and the public.
2. On-demand disclosure
Most of the time, everything is private. If a regulator asks questions, the auditor can decrypt exactly the transactions in question and share the details. The rest of the pool remains private.
3. Automatic reporting for large transactions
Since the auditor can decrypt all transactions, they can build automated reporting pipelines. Flag anything above a threshold, say $10,000, for review. Smaller transactions stay in the encrypted log until someone needs to look. This mirrors how traditional banking works.
4. Proving negatives
Sometimes you don't need to reveal anything specific. You just need to prove you didn't do something.
"My balance has never exceeded $1 million."
"I've never transacted with this sanctioned address."
"All my funds came from these whitelisted sources."
ZK proofs let you prove these facts without showing your actual history.
Quick integration example
NixPool pool = new NixPool(
tokenAddress,
auditorGrumpkinPubKey,
merkleTreeDepth
);
Users register with a KYC proof (not the actual documents, just cryptographic proof that valid KYC exists):
function register(
bytes32 kycCommitment,
bytes kycProof
) external;
The NixPool uses three core circuits: deposit, registration, and transact. Each circuit is written in Noir and proved with UltraHonk via Barretenberg.
What we've learned working with compliance teams
-
Start private, add transparency as needed. Easier to grant access than revoke it.
-
Proofs beat full disclosure. If they just need to know you're under a threshold, prove that. Don't dump your entire history.
-
One auditor key per pool keeps it simple. Multi-key schemes add complexity. If you need multiple auditors, deploy multiple pools or use a multisig to manage the auditor key.
-
Log everything. When the auditor decrypts transaction data, record it. Accountability goes both ways.
-
Tell users when their data is accessed. Builds trust.
The takeaway
Privacy and compliance aren't enemies. With the right tools, you give regulators what they legitimately need while keeping everything else private.
Your users don't want their financial lives on public display. Regulators don't need to see everything anyway - they need to verify specific things. We built NixProtocol to handle both.