xBull Mixer: Compliant Privacy Pools on Stellar
xBull Mixer brings ZK privacy pools to Stellar. Deposits unlink from withdrawals via Poseidon2 hashes and Ultrahonk proofs. The key differentiator: Know-Your-Transaction monitoring tracks and filters bad funds, letting legitimate users access privacy without the regulatory paranoia of pure-privacy tools. Now in testnet; mainnet pending compliance.
The Stellar network is famous for being lightning-fast, incredibly cheap, and highly scalable. However, like most blockchains, it is completely transparent. For enterprise use cases, confidential payroll, or even basic user safety, this transparency can be a roadblock.
That's why we started working on xBull Mixer, a privacy pool users can use to break the link between their Stellar accounts and thus protect their privacy from the eyes of the network. With tools like this one (and those we make in the future) a user won't leak all their financials once they do something common like buying a piece of bread at the corner store (something extremely dangerous in the places where blockchain is needed the most).
What's under the hood?
We are not trying to reinvent the wheel here and thus we decided to base our design in what has worked in other chains,
the xBull Mixer contracts use the classic h(s, n) method to generate the commitment users will need to prove they
know how to build once they try to withdraw funds.
Hashes are generated with the Poseidon2 hash function (a hash function introduced in the Stellar Protocol 25) and proofs are verified with an Ultrahonk public implementation. This combination allows that deposits are fast and cheap for users, because these ZK-Friendly don't need the computation overhead classic hashes like SHA256 or Keccak256 do.
Abstracting the Complexity
One of the difficult parts of using these types of pools, is the management of secrets, nullifiers and their pairings. To help users with this task, our UI removes that task from the user and it abstracts everything thanks to the derivation of both values (s and n) directly from a per-deposit user defined password. This way users only need to care about a single password per deposit instead of managing multiple secrets and nullifiers for all their deposits
We are also considering removing the password need so users don't even need to think about that and let the UI take care of everything
How's the privacy achieved?
Privacy pools are normally fixed-amount pools that allow users to deposit funds by providing a "commitment", and once they want to withdraw their funds they just need to prove they know how to generate that commitment without revealing the details of it. With this approach, there is no way to link a deposit with the account who withdraws it.
But this magical process isn't enough alone, because if you're the only one who deposited funds in the pool, once the funds are withdrawn we will know it was you... Privacy is built with time and volume, the more people using the pool the harder to link a deposit with a withdrawal.
The elephant in the room: Accountability
Privacy is a human right and we all need to defend it, but unfortunately a tool that can be used for the good, can also be used for the bad. The main consequence of having pure decentralized privacy tools, with no checks built in, has been the bad publicity those kind of tools have received all these years, tools that legitimate users want to use but might put them in a position where crypto services will prefer to avoid interacting with them if they use them (which is no different to being unbanked).
Our business (The xBull Corp) is registered in Panama, and currently there is no license for crypto activities in the country, but the lack of defined obligations doesn't mean we can't implement them on our own with the goal of keeping bad funds out of the pool.
By implementing Know-Your-Transaction (KYT) processes, monitoring deposits and being able to act in those cases where bad funds might entered the pool, we make sure the reputation of privacy pools doesn't get affected and thus legitimate users can safely use them without being marked as criminals. This becomes specially evident by the fact that our design allows us (the pool operator) to de-anonymize a deposit and track to where the funds where sent, eliminating the appealing for possible criminals who would want to use the pool to launder their funds.
But just like a tool that was designed for the good could be used for the bad, these processes designed to keep bad funds out of the pool, can also used by legitimate users to prove others their funds are clean.
Why build this now?
This year we incorporated xBull's own business with the goal of moving from a simple open source wallet designed for developers, to a full ecosystem of apps Stellar users can benefit from. These privacy pools are part of our roadmap of apps we plan to deploy, xBull Mixer is currently in Testnet and we are still making changes to the protocol/UI, but we plan to move to mainnet once all the compliance processes we are voluntarily adopting are finished.
Now that the Stellar blockchain has been updated with multiple privacy-focused features, it allows us to think of more apps that put users' privacy at the forefront.
