Category: privacy-preserving withdrawal protocol / compliance-conditioned anonymity set middleware / zero-knowledge pool / mixer-adjacent cryptographic infrastructure
Summary: Privacy Pools is worth cataloging not just as another mixer-adjacent privacy app, but as a distinct attempt to split withdrawal privacy from anonymity-set neutrality. Its public materials describe a Tornado-style deposit/withdraw pool where private withdrawals are conditioned on proving inclusion in an approved label set maintained by an Association Set Provider (ASP), while excluded deposits retain a public ragequit path back to the original depositor. That makes it a useful comparison point for mixer-style systems, stealth-address infrastructure, and shielded-intent systems because the real control surface is explicitly split across pool contracts, zero-knowledge circuits, ASP root updates, postman permissions, and the fallback exit path that prevents ASP policy from becoming outright confiscation.
What it does:
Lets users deposit ETH or ERC-20 assets into asset-specific privacy pools and later withdraw them without publicly linking deposit and withdrawal addresses
Uses commitments, nullifiers, and Merkle-tree state to support private withdrawals and prevent double-spending
Routes deposits through an Entrypoint contract that collects vetting fees, manages pool registry/configuration, and tracks the latest ASP root used for withdrawal validation
Requires a withdrawal proof to validate not only pool state but also inclusion of the deposit label in the ASP-maintained approved set
Preserves a public ragequit flow that allows the original depositor to reclaim funds if their label is not approved or later removed from the approved set
Exposes a monorepo with contracts, Circom circuits, SDK, and relayer tooling, which makes the implementation split between contract layer, ZK layer, and policy layer unusually legible
Key claims:
Privacy Pools clears the bar because it exposes a reusable mechanism, not just a privacy-product surface: pool custody, commitment/nullifier accounting, ASP-managed approval roots, authorized postman updates, and public fallback exit are all separate layers with distinct governance implications.
The strongest reusable insight is that the project tries to make anonymity-set policy explicit instead of pretending every privacy pool is socially neutral. Private withdrawal eligibility depends on an externally curated approved-label set, but the project also constrains that policy power with ragequit, which keeps label exclusion from becoming direct fund seizure.
This makes Privacy Pools analytically different from stealth-address systems like Umbra or ERC-5564, where recipient privacy is the lower-layer primitive, and different from shielded-intent systems like SIP Protocol, where privacy is attached to routed execution rather than to pool withdrawal eligibility.
It is also different from a flat mixer with compliance description because the docs show several distinct chokepoints: the Entrypoint owns fee and registry policy, authorized postmen publish ASP roots, ASP operators decide which labels remain privately withdrawable, and users fall back to a public original-depositor recovery path when approval disappears.
The GitHub design materials are useful because they preserve the underlying conceptual frame behind the product docs: arbitrary subsets of deposits, proof of inclusion or exclusion against curated subsets, and social consensus around which subsets count as licit or illicit.
The protocol’s trust story is therefore not simply privacy with KYC or privacy without KYC; it is better understood as a constrained-policy privacy pool where the censorship boundary is moved from deposit admission to withdrawal privacy eligibility.
This entry belongs in the active corpus because it gives the library a concrete comparison point for privacy systems that try to remain non-custodial while still importing external policy into the anonymity set.
Whitepaper: ../whitepapers/privacy-pools-whitepaper.pdf (https://privacypools.com/whitepaper.pdf) plus implementation docs collected in ../whitepapers/privacy-pools-primary-sources-2026-05-12.md.