FC-GUARD: Enabling Anonymous yet Compliant Fiat-to-Cryptocurrency Exchanges
Shaoyu Li, Hexuan Yu, Md Mohaimin Al Barat, Yang Xiao, Y. Thomas Hou, Wenjing Lou
TL;DR
FC-GUARD tackles privacy risks in fiat-to-cryptocurrency exchanges by decoupling real identities from cryptocurrency addresses, using verifiable credentials ($VC_{pu}$, $VC_{bu}$) and non-interactive zero-knowledge proofs (ZKPs) to create $VP_{pu}$ and $VP_{bu}$ that allow anonymous authentication and fiat transfers. A trusted auditing authority enables selective de-anonymization to enforce Know-Your-Customer (KYC) and tax reporting, while probabilistic encryption ensures bank details remain confidential. The paper details a three-phase system (registration, anonymous exchange, auditing) and presents a desktop and mobile prototype with modest overhead relative to a baseline. This work contributes a practical path to privacy-preserving, regulation-compliant fiat-to-cryptocurrency exchanges with real deployment implications.
Abstract
With the rise of decentralized finance, fiat-to-cryptocurrency exchange platforms have become popular entry points into the cryptocurrency ecosystem. However, these platforms frequently fail to ensure adequate privacy protection, as evidenced by real-world breaches that exposed personally identifiable information (PII) and crypto addresses. Such leaks enable adversaries to link real-world identities to cryptocurrency transactions, undermining the presumed anonymity of cryptocurrency use. We propose FC-GUARD, a privacy-preserving exchange system designed to preserve user anonymity without compromising regulatory compliance in the exchange of fiat currency for cryptocurrencies. Leveraging verifiable credentials and zero-knowledge proof techniques, FC-GUARD enables fiat-to-cryptocurrency exchanges without revealing users' PII or fiat account details. This breaks the linkage between users' real-world identities and their cryptocurrency addresses, thereby upholding anonymity, a fundamental expectation in the cryptocurrency ecosystem. In addition, FC-GUARD complies with key regulations over cryptocurrency usage, such as know-your-customer requirements and auditability for tax reporting obligations by integrating a lawful de-anonymization mechanism that allows the auditing authority to identify misbehaving users. This ensures regulatory compliance while defaulting to privacy protection. We implement our system on both desktop and mobile platforms, and our evaluation shows its feasibility for practical deployment.
