Go to DBLP homepageHurricane Mixer: The Eye in the Storm - Embedding Regulatory Oversight into Cryptocurrency Mixing Services
Abstract: While transaction transparency is fundamental, it introduces privacy vulnerabilities for blockchain users requiring confidentiality. Existing privacy mixers, intended to mitigate the issue by offering obfuscation of transactional links, have been leveraged to evade emerging financial regulations in DeFi and facilitate harmful practices within the community. Regulatory concerns, driven by prosocial intentions, are raised to ensure that mixers are used responsibly complying with regulations. The research challenge is to reconcile privacy with enforceable compliance by providing designated-only transaction traceability, blocking sanctioned actors and preserving honest-user anonymity. We tackle this challenge by introducing the Hurricane Mixer, the mixer framework that embeds compliance logic without forfeiting privacy of regular transactions. Hurricane comes in two deployable variants: Cash for fixed-denomination pools and UTXO for arbitrary-amount transfers. Both variants share the key components: a sanction list mechanism that prevents transactions involving sanctioned entities, and a mechanism that allows for possible regulatory access to encrypted transaction details for compliance purposes. We implement the full stack: Gnark Groth-16 circuits for deposit/withdraw proofs, contracts maintaining an on-chain sanction list, and dual public-key encryption for bidirectional tracing. The comprehensive evaluation illustrates the efficacy of Hurricane Mixer in ensuring privacy preservation, regulatory conformity, and cost efficiency. Experiments show that the Cash variant is more economical when the payment amount matches the denomination, the UTXO variant is better suited for large or fractional payments, and the framework overall sustains competitive gas efficiency without compromising regulator traceability.
External IDs:dblp:journals/iacr/LiNZLSCLZQR25
Loading