Table of Contents
Fetching ...

FC-GUARD: Enabling Anonymous yet Compliant Fiat-to-Cryptocurrency Exchanges

Shaoyu Li, Hexuan Yu, Md Mohaimin Al Barat, Yang Xiao, Y. Thomas Hou, Wenjing Lou

TL;DR

FC-GUARD tackles privacy risks in fiat-to-cryptocurrency exchanges by decoupling real identities from cryptocurrency addresses, using verifiable credentials ($VC_{pu}$, $VC_{bu}$) and non-interactive zero-knowledge proofs (ZKPs) to create $VP_{pu}$ and $VP_{bu}$ that allow anonymous authentication and fiat transfers. A trusted auditing authority enables selective de-anonymization to enforce Know-Your-Customer (KYC) and tax reporting, while probabilistic encryption ensures bank details remain confidential. The paper details a three-phase system (registration, anonymous exchange, auditing) and presents a desktop and mobile prototype with modest overhead relative to a baseline. This work contributes a practical path to privacy-preserving, regulation-compliant fiat-to-cryptocurrency exchanges with real deployment implications.

Abstract

With the rise of decentralized finance, fiat-to-cryptocurrency exchange platforms have become popular entry points into the cryptocurrency ecosystem. However, these platforms frequently fail to ensure adequate privacy protection, as evidenced by real-world breaches that exposed personally identifiable information (PII) and crypto addresses. Such leaks enable adversaries to link real-world identities to cryptocurrency transactions, undermining the presumed anonymity of cryptocurrency use. We propose FC-GUARD, a privacy-preserving exchange system designed to preserve user anonymity without compromising regulatory compliance in the exchange of fiat currency for cryptocurrencies. Leveraging verifiable credentials and zero-knowledge proof techniques, FC-GUARD enables fiat-to-cryptocurrency exchanges without revealing users' PII or fiat account details. This breaks the linkage between users' real-world identities and their cryptocurrency addresses, thereby upholding anonymity, a fundamental expectation in the cryptocurrency ecosystem. In addition, FC-GUARD complies with key regulations over cryptocurrency usage, such as know-your-customer requirements and auditability for tax reporting obligations by integrating a lawful de-anonymization mechanism that allows the auditing authority to identify misbehaving users. This ensures regulatory compliance while defaulting to privacy protection. We implement our system on both desktop and mobile platforms, and our evaluation shows its feasibility for practical deployment.

FC-GUARD: Enabling Anonymous yet Compliant Fiat-to-Cryptocurrency Exchanges

TL;DR

FC-GUARD tackles privacy risks in fiat-to-cryptocurrency exchanges by decoupling real identities from cryptocurrency addresses, using verifiable credentials (, ) and non-interactive zero-knowledge proofs (ZKPs) to create and that allow anonymous authentication and fiat transfers. A trusted auditing authority enables selective de-anonymization to enforce Know-Your-Customer (KYC) and tax reporting, while probabilistic encryption ensures bank details remain confidential. The paper details a three-phase system (registration, anonymous exchange, auditing) and presents a desktop and mobile prototype with modest overhead relative to a baseline. This work contributes a practical path to privacy-preserving, regulation-compliant fiat-to-cryptocurrency exchanges with real deployment implications.

Abstract

With the rise of decentralized finance, fiat-to-cryptocurrency exchange platforms have become popular entry points into the cryptocurrency ecosystem. However, these platforms frequently fail to ensure adequate privacy protection, as evidenced by real-world breaches that exposed personally identifiable information (PII) and crypto addresses. Such leaks enable adversaries to link real-world identities to cryptocurrency transactions, undermining the presumed anonymity of cryptocurrency use. We propose FC-GUARD, a privacy-preserving exchange system designed to preserve user anonymity without compromising regulatory compliance in the exchange of fiat currency for cryptocurrencies. Leveraging verifiable credentials and zero-knowledge proof techniques, FC-GUARD enables fiat-to-cryptocurrency exchanges without revealing users' PII or fiat account details. This breaks the linkage between users' real-world identities and their cryptocurrency addresses, thereby upholding anonymity, a fundamental expectation in the cryptocurrency ecosystem. In addition, FC-GUARD complies with key regulations over cryptocurrency usage, such as know-your-customer requirements and auditability for tax reporting obligations by integrating a lawful de-anonymization mechanism that allows the auditing authority to identify misbehaving users. This ensures regulatory compliance while defaulting to privacy protection. We implement our system on both desktop and mobile platforms, and our evaluation shows its feasibility for practical deployment.
Paper Structure (15 sections, 6 figures, 1 table)

This paper contains 15 sections, 6 figures, 1 table.

Figures (6)

  • Figure 1: High-level comparison between the current fiat-to-cryptocurrency exchange process and FC-GUARD. In the current process, users submit their User_ID (linked to User_PII in the platform database), User_bank_acc, and User_crypto_addr, all of which are stored by the platform. This allows adversaries to correlate user identity, bank account, and crypto address. In FC-GUARD, each user instead provides only an anonymous identity proof for authentication, an encrypted bank account for fiat transfer, and a plaintext crypto address. The platform cannot link the user’s identity to the bank or crypto account. Only the bank can decrypt the ciphertext to recover User_bank_acc and complete the fiat transfer without learning the crypto address. After the fiat transfer, both designs require the bank to notify both the user and the platform of the transfer status. Once the cryptocurrency is sent, the platform notifies the user to confirm exchange completion.
  • Figure 2: FC-GUARD system architecture. The workflow of FC-GUARD consists of three main phases: registration, exchange, and auditing. Each entity is shown with a surrounding box that lists the information it can access and process during protocol execution. This design ensures that no single entity can link a user's real identity to their cryptocurrency transactions.
  • Figure 3: Credential issuance and verification protocols
  • Figure 4: User registration process
  • Figure 5: Fiat-to-cryptocurrency exchange process
  • ...and 1 more figures