On-chain privacy has always been framed as a binary. Either you expose everything - wallets, balances, transaction histories - or you go fully dark, accepting the risk that your privacy tools become a haven for stolen funds and sanctioned actors.

This framing is wrong. And a system called Private Proofs of Innocence (PPOI) is proving it.

PPOI is a decentralized bad-transaction prevention system built using zero-knowledge proofs. Its job is straightforward but powerful: stop exploited, stolen, or sanctioned funds from entering the RAILGUN privacy system - without revealing anything about the user's identity, balances, or history.

This is not a centralized blacklist. It is a cryptographic mechanism that enables privacy with accountability, and it may represent the most important architectural shift in on-chain compliance to date.

The Problem With Privacy Today

Blockchain privacy protocols have long operated under a fundamental tension. Users who want financial privacy - a perfectly legitimate need - are forced to share infrastructure with bad actors who exploit that same privacy to launder stolen funds.

This creates a reputational and regulatory problem. When a protocol like Tornado Cash is used to move proceeds from hacks, the entire tool gets sanctioned. Legitimate users lose access, and the broader ecosystem loses a critical piece of infrastructure.

The standard compliance response has been heavy-handed: require identity documents, implement centralized intermediaries, build backdoors into privacy systems. But this defeats the entire purpose. If a privacy system requires you to reveal your identity to use it, it is no longer a privacy system.

What has been missing is a mechanism that can filter out bad funds without filtering out good users. That is exactly what Private Proofs of Innocence does.

How Private Proofs of Innocence Works

At a high level, PPOI monitors tokens entering the RAILGUN smart contract and verifies that they are not associated with known malicious transactions or sanctioned actors. When a user shields tokens into the privacy system, a zero-knowledge proof is automatically generated confirming the tokens are clean - without exposing any information about the user.

The Shield and Standby Process

The process begins when a user shields tokens into RAILGUN. At that point, a one-hour standby period is enforced. During this window, the only permitted action is an unshield - returning the tokens back to the original wallet without any privacy benefit.

This standby period exists for a critical reason: it gives List Providers enough time to update their datasets. Without it, a bad actor could shield stolen funds and immediately move them through the privacy system before forensic data catches up. The one-hour delay creates a buffer that makes address-hopping attacks impractical.

List Providers

List Providers are the entities that supply the datasets of known bad transactions and malicious wallets. They contribute only public, non-personal, on-chain data. No identity documents. No KYC. No backdoors.

The current List Providers include some of the most respected names in blockchain forensics:

  • Chainalysis Sanctions Oracle - industry-standard sanctions screening
  • Elliptic - blockchain analytics and compliance data
  • SlowMist - security incident tracking and threat intelligence
  • ScamSniffer - phishing and scam detection
  • PureFi - on-chain compliance verification

Critically, anyone can choose to publish their own lists and become a List Provider. The system is open and decentralized. Wallets send no Private POI data to List Providers, and providers cannot log IP addresses or gain any insight into user activity.

Zero-Knowledge Proof Generation

Once the standby period passes and List Providers have had time to update, PPOI generates a blinded proof stating that the shielded tokens are not part of any List Provider dataset. This proof is a zero-knowledge proof of non-inclusion - it demonstrates that the tokens do not appear in the set of flagged transactions, without revealing which specific tokens are being checked.

The underlying cryptography leverages RAILGUN's existing UTXO-based architecture. Each balance in RAILGUN is composed of encrypted UTXOs (unspent transaction outputs) organized within a private Merkle Tree. Every transaction generates a zk-SNARK verifying that the sender has sufficient UTXOs to complete the transfer. PPOI adds an additional recursive proof on top of this - a proof that the underlying proofs of a user's balance are not part of the bad transaction list.

These recursive SNARKs can prove the entire flow of funds from the initial shield interaction through all intermediate transfers, ensuring that the Merkle proof of non-inclusion is satisfied at every step.

Proof Inheritance

An elegant property of PPOI is that proofs carry forward through subsequent transactions. When Alice shields 100 USDC and generates a PPOI proof, that proof attaches to those specific tokens. If Alice later sends those tokens to Bob through a private transfer, Bob inherits the proof. He does not need to generate a new one. This keeps the system efficient and avoids redundant computation.

What Happens When Funds Are Flagged

If a token is flagged - meaning it matches an entry in one of the List Provider datasets - it cannot enter the privacy pool. The token can only be returned to the original wallet via an unshield transaction.

This is a crucial design decision. PPOI does not freeze funds or seize assets. It simply prevents contaminated tokens from mixing with legitimate users' balances in the privacy set. The bad actor retains their tokens but cannot use RAILGUN to obscure the trail.

Key Distinction

PPOI does not deanonymize users or create backdoors. It prevents bad funds from entering the system in the first place, preserving privacy for everyone who passes the check.

Private POI Nodes and Verification

Private POI Nodes sync proof data and make it available for anyone interested in verifying checks. The architecture is similar to IPFS - anyone can run a Private Proofs of Innocence node, ensuring that verification is decentralized rather than reliant on any central actor.

This means that compliance verification happens transparently and publicly. Anyone can audit the system, verify specific flagged transactions, and confirm that the filtering mechanism is working correctly. The verification portal at ppoi.info provides a public interface for this purpose.

Broadcasters

Since RAILGUN's private addresses (0zk addresses) cannot broadcast transactions directly, Broadcasters serve as intermediaries that submit interactions to the Ethereum network. Broadcasters receive private compensation for this service, and they must verify that completed Private POI checks are in place before broadcasting a transaction.

During the standby period, users can still self-broadcast unshield transactions - the one action that remains available before full proof generation completes.

Real-World Impact

PPOI is not a theoretical construct. It has been deployed and battle-tested against real attacks.

Inferno Drainer

RAILGUN's implementation of PPOI blocked $530,000 worth of tokens tied to the Inferno Drainer phishing operation. The stolen funds were prevented from entering the privacy set, cutting off the attacker's laundering path through the protocol.

The zkLend Attack

In a more dramatic demonstration, PPOI stopped $9.5 million in tokens linked to the zkLend exploit. The attacker attempted to use RAILGUN to obfuscate the stolen funds, but the PPOI mechanism identified the tokens and blocked them from entering the privacy pool.

This result earned direct praise from Vitalik Buterin, who called it a "solid demonstration of compliant privacy in practice." Coming from the co-founder of Ethereum, this endorsement carries significant weight - it signals that privacy and compliance are not mutually exclusive goals.

Connection to Privacy Pools

PPOI builds on ideas that Vitalik Buterin has been developing since at least 2023, when he co-authored a research paper on Privacy Pools. The core proposal was that users should be able to publish a zero-knowledge proof demonstrating that their funds do not originate from known unlawful sources - without publicly revealing their entire transaction graph.

RAILGUN's Private Proofs of Innocence is the most mature implementation of this concept. Where the Privacy Pools paper described the theoretical framework, PPOI delivers the working infrastructure: curated list providers, recursive proofs, a standby mechanism, and decentralized verification nodes.

The key insight from the Privacy Pools research is that compliance does not require surveillance. It requires proof of non-association. PPOI delivers exactly that.

How PPOI Compares to Legacy Compliance

Traditional compliance in crypto follows the same playbook as traditional finance: collect identity documents, build centralized databases, and maintain the ability to freeze or reverse transactions. This approach has several fundamental problems in the context of decentralized systems:

  • It creates honeypots. Centralized databases of user identities become high-value targets for attackers
  • It requires trust. Users must trust intermediaries with sensitive personal data
  • It breaks composability. Compliance layers that require human intervention do not scale to the speed and volume of DeFi
  • It excludes legitimate users. Anyone who cannot or does not want to provide identity documents - for perfectly valid reasons - is locked out

PPOI takes a fundamentally different approach:

  • No personal data collected. End-to-end privacy with no identity documents required
  • Decentralized assurance. List Providers contribute only public data - no centralized intermediary controls the system
  • Transparent accountability. Anyone can verify flagged transactions and audit the system
  • Jurisdictional flexibility. Users can select which List Provider datasets to validate against, matching their local regulatory requirements

The result is a compliance mechanism that achieves similar outcomes to traditional approaches - blocking known bad funds from entering the system - while preserving the properties that make decentralized finance valuable in the first place.

Jurisdictional Flexibility

One of the more thoughtful design choices in PPOI is its approach to jurisdiction. Rather than enforcing a single global sanctions list, the system allows users to choose which datasets they validate against.

A user in Germany might select addresses flagged by German or EU authorities. An American user might choose lists provided by the Department of Justice or the US Treasury. This flexibility means the system can accommodate different regulatory regimes without imposing one jurisdiction's rules on the entire network.

This is a meaningful advance. Global DeFi protocols serve users across dozens of jurisdictions, each with different compliance requirements. A one-size-fits-all approach inevitably either over-complies (restricting legitimate users) or under-complies (failing to meet local requirements). PPOI's modular design addresses this directly.

Technical Architecture Summary

The full PPOI architecture involves several coordinated components:

  1. List Providers contribute public bad-actor datasets based on on-chain forensic analysis
  2. Shield interaction triggers the one-hour standby period
  3. Blinded proof generation creates a zero-knowledge proof of non-inclusion against List Provider datasets
  4. Recursive SNARKs ensure proofs cover the entire flow of funds from initial shield through all transfers
  5. Proof inheritance carries verified proofs forward through subsequent private transactions
  6. Private POI Nodes sync and distribute proof data for decentralized verification
  7. Broadcasters verify PPOI compliance before submitting transactions to the network

Each component operates independently, with no single point of failure. The system is trustless by design - no party has the ability to deanonymize users, freeze funds, or override the cryptographic guarantees.

Why It Matters for Web3 Security

The significance of PPOI extends beyond RAILGUN. It demonstrates that the compliance-privacy dichotomy is a false choice.

For years, regulators have argued that privacy tools are inherently incompatible with financial compliance. And for years, privacy advocates have argued that any compliance mechanism necessarily compromises privacy. PPOI shows that both positions are wrong - and that cryptography can resolve the tension.

This matters for several reasons:

  • Regulatory engagement. Privacy protocols that can demonstrate concrete compliance mechanisms have a much stronger position in regulatory discussions
  • User protection. Honest users no longer risk having their funds contaminated by sharing a privacy pool with stolen assets
  • Institutional adoption. Exchanges and institutions gain confidence in accepting transfers from privacy-preserving protocols when compliance can be cryptographically verified
  • Precedent. PPOI creates a model that other privacy protocols can adopt and adapt, potentially establishing a new standard for on-chain compliance

Closing Thoughts

Private Proofs of Innocence represents a fundamental shift in how we think about privacy and compliance in decentralized systems. Instead of forcing users to choose between privacy and legitimacy, it uses zero-knowledge cryptography to provide both simultaneously.

The system has already proven itself in real-world conditions, blocking millions of dollars in stolen funds while preserving complete privacy for legitimate users. With endorsements from figures like Vitalik Buterin and a growing list of respected forensic providers, PPOI is not just a proof of concept - it is operational infrastructure.

At Zokyo, we believe that the future of Web3 security lies in systems like this - mechanisms that solve hard problems through better cryptography rather than through surveillance. Privacy with accountability is not a compromise. It is the goal.