Top Technologies For Protecting Bitcoin Anonymity
Everybody can send Bitcoin without specifying personal data, and therefore it is often called anonymous currency. However, this is an extremely erroneous formulation because bitcoin privacy in practice is in a big question.
The pseudonymity will be more correct definition of bitcoin. Bitcoin transfers are compared to writing of the book where instead of a real name of the author his pseudonym is specified.
In bitcoin, the pseudonym serves as the address to which the user receives coins or from which the funds are sent. Each transaction involving this address is permanently stored in the blockchain, and if the address associates with any user, all other transactions will also associate with him.
In white paper, Satoshi Nakamoto recommends using a new address every time a new transaction is made. This recommendation remains relevant today, but often this is not enough to ensure privacy and anonymity of users. To help this can the technologies offered by bitcoin developers.
From the moment of its appearance, bitcoin never gave real privacy. Although white paper Satoshi Nakamoto says that privacy is the goal of the protocol, government structures, analytical companies and other interested parties have the ability to analyze a public blockchain and p2p network by grouping bitcoins and linking them with IP addresses or other identification information.
Insufficient privacy is a problem. For example, bitcoin users may not want anyone to know what they spend their money on, how much they earn and what they own, and companies may not want information about transactions to get to competitors. In addition, lack of privacy can lead to a loss of interchangeability - a characteristic that means that each monetary unit has the same value as any other monetary unit. This is a fundamental requirement for money. For example, if it can be established that certain coins were at some point used for politically ambiguous purposes, someone may have less desire to accept these "stained" coins as payment, and this damages the interchangeability of all bitcoins.
Fortunately, keeping track of the users of bitcoin is becoming increasingly difficult. Recently, there have been several decisions to increase privacy, some of them will be available until the end of this or the next year.
Development of TumbleBit is conducted nearly two years, and it is one of the most anticipated decisions directed to protection of anonymity of users of bitcoin. TumbleBit is a coin mixing protocol that uses a centralized switch to create payment channels between participants in a mixing session. Using these channels, all participants in the session can send coins and receive the corresponding number of other coins in response. More importantly, TumbleBit uses cryptographic that do not allow even the switch itself to establish a connection between users.
TumbleBit requires two onchain transactions per participant (one to open the channel, the other to close it). This solution works in a non-trustworthy environment, but is associated with higher transaction fees.
TumbleBit was first proposed in 2016 by the research team of Boston University, George Mason University and the University of North Carolina under the direction of Ethan Heilman. In the autumn of the same year, the protocol was presented at the Scaling Bitcoin Milan conference.
The real impetus to the development of TumbleBit was the implementation of the earlier version of the protocol, authored by NBitcoin developer Nicolas Dorier. Later the technology was perfected by Adam Fischer specializing in privacy issues and other developers, and eventually it was integrated into Breeze Wallet from the Stratis team.
The official release of Breeze Wallet took place about a month ago, and this means that TumbleBit is now available to any user, although the level of use of the purse and, accordingly, the tool itself to ensure anonymity, is still not high.
Chaumian CoinJoin and ZeroLink
CoinJoin technology was first proposed by Bitcoin Core developer Gregory Maxwell in 2013. The essence of the method is to merge several transactions into one large transaction, which hides which bitcoins are sent from the sending addresses (inputs) to the receiving addresses (outputs).
A simple example: suppose that Alice, Bob and Carol want to mix coins with each other. With the help of CoinJoin, they can create a transaction that will send money to them by new addresses that are not tied to their identity data. Provided that Alice, Bob and Carol have the same number of coins, spies can not determine to whom exactly these new addresses belong. However, if the number of coins is different, it will be easy to determine which coins and where were sent.
CoinJoin transactions have been available for many years, but for a long time there was one problem: someone - Alice, Bob or Carol - you need to create this transaction. This person should know which old addresses are used to send coins to new addresses, otherwise it will be impossible to create a transaction. If this person turns out to be a spy, which often can not be foreseen, all efforts become meaningless: a spy can establish the ownership of coins.
This problem, however, can be solved using a device that, in the same 2013, was mentioned by Gregory Maxwell. It's called Chaumian CoinJoin (in honor of the blind signature scheme developed by David Chaum - see Genesis-archives: eCash by David Chaum and the birth of the dream of cipher).
With this method, Alice, Bob and Carol connect to the central Chaumian CoinJoin server, whose operator can act as a purse provider. First they provide all their sending addresses, as well as receiving addresses cryptographically signed by the server. After that, Alice, Bob and Carol disconnect from the server to reconnect via a hidden connection (for example, Tor) and provide already unmasked addresses. Using the technology of blind signatures of Chaum, the server can verify that these unmasked addresses correspond to the disguised addresses, that is, to confirm that the addresses really belong to Alice, Bob and Carol, and not to the attacker. In this case, the server still does not know which of the addresses belongs to whom.
After its appearance, Chaumian CoinJoin's proposal was still on the shelf for about four years. However, about a year ago, while working on TumbleBit for Breeze Wallet, Adam Fitchor opened the proposal anew and decided to tackle its implementation.
In particular, this method was built into the ZeroLink framework, which was also developed by Adam Fitchor, and is now implemented in the user-oriented purse of Wasabi Wallet, recently released in beta mode. Developers Samourai Wallet meanwhile announced the mobile implementation of ZeroLink called Whirlpool. In addition, the work on the implementation of ZeroLink is led by another new wallet team called Bob Wallet.
Despite the fact that the technology CoinJoin, and then Chaumian CoinJoin, was proposed several years ago and all this time was available, it really never was realized. CoinJoin-transactions require a certain level of technical sophistication and give few benefits to those who do not particularly care about privacy, and none of the popular wallets have offered it.
Schnorr signature, a technology that the developer of Bitcoin Core and Blockstream Peter Welle recently introduced as an official proposal to improve bitcoin, can give these advantages.
Named in honor of their inventor Klaus-Peter Shnorr, the signatures of Shnorr are considered by many cryptographers to be the best cryptographic signatures available. Their practical advantage for bitcoin is the ability to combine many signatures into one. This means that the transaction requires only one signature, regardless of how many sending addresses are included in the transaction.
CoinJoin-transactions also include multiple sending addresses, at least one for each participant. Schnorr signatures thus offer an additional advantage when using CoinJoin: they give all participants not only the ability to combine their transactions into one, but also to combine all the signatures in this transaction. This makes the CoinJoin transaction size smaller than for all individual transactions combined, and as a result leads to a decrease in transaction fees charged by the miners.
Thus, Shnorr signatures give an economic benefit when using this anonymity-oriented option, and this may be a sufficient incentive for her to implement wallets, making it available to a wide range of users.
In addition, the mathematical properties of Shnorr's signatures will promote the development of such solutions in the style of smart contracts, like scriptless scripts, Taproot and Graftroot.
Another technology related to CoinJoin and a privacy-oriented technology called STONEWALL was presented by the developers of Samourai Wallet in May 2018. The essence of the method is that, without using CoinJoin, it creates the impression that this is actually happening.
In essence, STONEWALL-transactions are usual transactions: with their help, one user sends bitcoins to another. The trick is that they include an optional number of sending addresses and change the receiving addresses. Thanks to this, the CoinJoin-transaction visibility is created, although in reality it is not.
The idea of STONEWALL-transactions is to prevent spies from making any conclusions when analyzing the bitcoin blockade. If spies can not reliably determine whether they are dealing with CoinJoin transactions or not, any conclusion that is based on this data is useless.
Samourai Wallet also prepares the release of 2-wallet STONEWALL - genuine CoinJoin-transactions between two users who trust each other in matters of privacy. It is expected to take place within the next month or two.
A completely different method of de-nominating users of bitcoin is to analyze the p2p network-spy nodes can monitor the network in an attempt to determine the origin of transactions, since the first node that transmits the transaction most likely created it.
A solution called Dandelion was proposed by a team of researchers from the University of Carnegie Mellon, the University of Illinois and the Massachusetts Institute of Technology (MIT). Professor Carnegie-Mellon University Giulia Fanti presented it at the recent conference Building on Bitcoin in Lisbon.
Dandelion makes it difficult to analyze the network, changing the order of distribution of transactions. Instead of immediately transmitting and transmitting a new transaction to as many nodes as possible, the protocol sends a new transaction to only one node. This node randomly decides whether it passes this transaction on to the next node or not. If a transaction is passed to only one node, this next node takes exactly the same random solution, and so on.
If a transaction does not pass only one node, this node translates the transaction as many other nodes as possible, and all these nodes act in the same way. This greatly complicates the ability to determine the origin of the transaction.
The proposal received a positive response in the community of bitcoin developers, and there is a possibility that Dandelion will be included in Bitcoin Core. However, for the new version 0.17.0, the solution is most likely not ready.
BIP-151 is another older proposal to limit the analysis of the bitcoin network from the developer Bitcoin Core and Shift Jonas Schnelli. To some extent, it is quite straightforward: the method allows bitcoins to encrypt traffic passing between them (transactions and block data).
In its pure form, BIP-151, however, is not a panacea for privacy. Not only is blockcoy bitcoin public, but, more importantly, the nodes can exchange data with the same spies from which they would prefer to hide these data. Nevertheless, BIP-151 can be the basis for countering several types of attacks on anonymity, including the mediator's attack. The p2p-encryption used in this method can also be useful in other scenarios - for example, it becomes impossible to monitor traffic in the bitcoin network via ISP or open wifi networks.
After its appearance, BIP-151 remained in the shadows for several years, but recently Schnelli returned to this proposal, rewriting it for further discussion and potential inclusion in the bitcoin code base. Perhaps, it will happen next year.
Liquid and Confidential Transactions
Liquid became the first commercial sidechine developed by blockchain company Blockstream. Its main task is to provide channels for transactions between exchanges and other high-volume bitcoins (for example, brokers), giving them the opportunity to send each other bitcoins and other assets much faster than the battle of bitcoin allows. In the future, ordinary users (primarily traders) should also gain access to side residents through special Liquid-wallets.
One of the functions implemented in Liquid is Confidential Transactions (confidential transactions). This is a cryptographic method of masking the amount of funds sent and received, in which all Liquid users can verify that the received amounts do not exceed the amounts sent. In other words, not knowing exactly what amounts were sent, they can verify that the coins were not created from the air.
In the context of Liquid, this means among other things that funds can be moved between exchanges and no one will know exactly what amounts are being discussed. Competitors will not be able to know what amounts are kept on exchanges, and traders will not be able to use such information in the trades that they often do today: the public nature of the blockage gives those who have information about the upcoming major operation the opportunity to conclude a deal to profit from price changes .
In addition, when Liquid becomes available to ordinary traders, they will be able to use the protocol to hide their balances from spies, not only when they transfer funds to another exchange, but also when they are withdrawn from the stock exchange to a temporary address in the side client.
In addition to Liquid-wallets, CoinJoin-style solutions can be developed, which will provide particularly powerful combinations of privacy protection technologies. For example, when you combine several transactions into one and simultaneously hide the amounts, it is almost impossible to establish links between addresses.
Moreover, Confidential Transactions can also be implemented in the main bitcoin protocol, and there are already several ideas on how to do this through a backwards compatible softphone. However, despite the development of technologies, such upgrades will still have a negative effect on scalability and, most likely, are still far from reality.
Note that this review does not include older methods such as stealth addresses where the full bitcoin is used as a wallet, CoinControl, JoinMarket and other CoinJoin solutions, Ricochet, PayNyms, Spinx in the Lightning Network, Monero-swapping and centralized mixing services .
Also, this review should not be considered as a recommendation for the use of a particular product or method: users must conduct their own analysis before sending their coins anywhere.