Privacy Pools: Bridging Digital Assets and Traditional Finance

Thomas Mueller
5 min readOct 24


Photo by Malaya Sadler on Unsplash

In the ever-evolving landscape of decentralized finance (DeFi), innovation is the key to progress. Recently, Vitalik Buterin, in collaboration with Jacob Illum and other co-authors, introduced a concept that has sparked intense debates within the crypto community — Privacy Pools. These Privacy Pools have the potential to bridge the gap between the traditional financial system and the world of cryptocurrencies and digital assets. In this article, I will delve into the significance of Privacy Pools and explore whether they could pave the way for DeFi adoption on a massive scale.

Privacy Pools: A Solution to the Privacy Challenge

Blockchain technology, the backbone of cryptocurrencies, has often been hailed for its transparency. However, this transparency is a double-edged sword, as it can expose sensitive financial information to prying eyes. Every transaction conducted on a blockchain is recorded and can be analyzed, leading to concerns about privacy and security.

Privacy pools, akin to mixers like Tornado Cash, address this issue. They allow users to obscure the origin of their transactions, enhancing privacy in an otherwise transparent ecosystem. Instead of direct transfers between wallets, users deposit their assets into a pool and then withdraw from it. This process effectively conceals the transaction trail, making it significantly more challenging for outsiders to trace the funds’ source.

The Privacy Dilemma

Basically, privacy pools work like mixers, as we already know from Tornado Cash, for example. Mixers exist because a blockchain offers much less privacy than many believe. Every transaction that is signed with a private key (your wallet) is permanently recorded in the blockchain and can thus be analyzed by everyone with some basic technical skills. So, if we were to use blockchain-based tokens as a means of payment in the “real world,” for example, anyone who once received payment from your wallet would be able to track with whom you exchanged payments in the past and in the future. They will also know exactly what total assets are (and were) managed by your wallet. Since transactions can of course be easily analyzed over several tiers, it is also of little use to have multiple wallets and move the tokens back and forth between them.

All in all, a privacy disaster, which is certainly also a reason why the “real-world adoption” is not really progressing. This is where mixers come into play. Put simply, they work like this: A bunch of people put their tokens into a pool. In return, they get permission to take them out of the pool. This means that I can now move assets from one of my wallets into the pool, and then distribute them in smaller quantities to various “fresh” (i.e. new) wallets. I can now make different trades with these. The analysis is always possible only up to the pool. The larger the amount of people that deposit into the pool, the more difficult it is to trace the assets back to their actual origin. The problem is that mixers were not (only) used to avoid disclosing to the baker from which butcher I buy how much. Rather, they were used to blur the origin of larger amounts of capital. This is, of course, a no-go from the point of view of combating money laundering and terrorist financing. And quite rightly so, in my opinion.

What are Privacy Pools?

Privacy pools take up the mixer concept and extend it by a certain degree of transparency. This is to be done via so-called Association Sets. An Association Set is a subset of all wallet addresses deposited into the pool. This must be specified for each withdrawal from the pool. The Association Set is cut in such a way that only non-critical wallet addresses are included. Thus, “good” depositors can be separated from “bad” depositors. Provided that the Association Set has a certain size of wallet, the mixer rationale is still granted. So it is not possible to determine where exactly the funds taken from the pool come from. However, one can use it to prove they come from a source that is not considered critical.

Association Set Provider play a key role

Now we come to the exciting point. Where do the Association Sets come from and who ensures that they are trustworthy? This role falls to the so-called Association Set Providers (ASP). ASPs are trusted third parties that can analyze and assess the depositing wallets and create different Association Sets for the overall pool. The source for this will primarily be blockchain analytics tools and other technologies known from the AML and transaction analytics environment. In the simplest case, this ASP may be an algorithm that analyzes the transactions entering the pool and generates Association Sets in an automated fashion. More likely, at least when it comes to real-world adoption, trusted institutions will perform this task. These could be banks, for example, which would then assume the role of attestation provider.

Privacy Pools and Regulatory Challenges

While Privacy Pools offer a promising path forward, they also raise significant regulatory questions. I see the following two points in particular as critical:

  1. Current regulatory demands often require a thorough examination of funds’ origins, which contrasts with the core principle of Privacy Pools — protecting transaction privacy. Proving that funds do not come from “critical sources” may not align with regulators’ demands for precise fund origin documentation. The trustworthiness of ASPs and their regulatory framework will likely be central to solving this issue.
  2. Furthermore, the association set process is based on blacklisting, which may not be sufficient to address regulatory concerns. Anyone can deposit into the pool, but only if a source is considered uncritical, will it be included in the association set. The challenge here, of course, is to solve the problem that knowledge of a critical source can also come downstream for deposit. If association set providers can be held liable for their function in regulatory terms, it is to be expected that blacklisting will not be sufficient, and whitelisting with intensive KYC pre-screening will be required. This would mean that only authorized and known users can deposit into the pool. These KYC’ed pools would come along with a lot of additional privacy and data protection questions. A role that could only be fulfilled by really well-trusted intermediaries.

Banks as Trust Provider?

The DeFi community has often touted the notion that banks are unnecessary in the world of cryptocurrencies. However, as the DeFi ecosystem matures, the need for trusted parties becomes evident, particularly in ensuring compliance. Traditional banks, experienced as trust parties in traditional finance, can step into this role in digital asset-based finance, whether within DeFi or a more decentralized TraFi (Traditional Finance) setting.


Privacy Pools represent a significant step towards making DeFi accessible to a broader audience. While challenges remain, especially in satisfying regulatory demands, the concept holds immense promise. As we navigate the evolving landscape of decentralized finance, the role of traditional financial institutions in ensuring trust and compliance could become increasingly vital. The DeFi adoption journey is far from over, but with concepts like Privacy Pools, the path to more compliant Digital Asset-based finance is brighter than ever.

This article was originally published on LinkedIn



Thomas Mueller

Initiator of the and CEO of evan GmbH. Passionate about holacracy, self-sovereign identity and the web of trust. All opinions are my own