Bitcoin can be anonymous, but it is not private by default. Every transaction and address balance is publicly visible to everyone on the distributed ledger known as the blockchain. While this is good for decentralized auditability, it is bad for privacy.

There are two types of financial privacy within the scope of this article: transaction privacy: concealing the source or destination and balance privacy, concealing someone’s net worth. The equivalent of privacy on Bitcoin was originally intended to be achieved through the assumption that bitcoin addresses are not associated with any identity. But in reality, bitcoin addresses are commonly or easily associated with identities. Many people get bitcoins from a source that complies with overreaching government regulations known as KYC (know your customer) requirements. Bitcoins that are obtained from a KYC source are tagged to your identity.

Even if you obtain your bitcoin from an anonymous source, it can be tied to your identity the moment you purchase something from a business that needs to collect your information for something as simple as shipping information or email address. If the business you are paying is using a 3rd party payment processing service that complies with KYC, then your bitcoin can no longer be considered anonymous. Even if the business you are paying is using a self-hosted payment system, your information could still be leaked if the business gives up your data intentionally, unintentionally, or via government coercion. Even if you do achieve transaction privacy, you still have to worry about balance privacy. You might not want people you do business with to know your entire net worth.

Various Solutions to Bitcoin Privacy

Fortunately, there are ways to use Bitcoin privately. The methods to use bitcoin with privacy include coinjoins, coinswaps, The Lightning Network, state chains, off-chain physical transactions (such as opendimes) and WabiSabi, A method recently introduced in Wasabi Wallet 2.0.

Explanation of Coinjoins

For transaction privacy, a coinjoin conceals a bitcoin’s future post-coinjoin activity from the past and conceals the past pre-coinjoin activity from the future. The coinjoin acts as an opaque wall in a timeline that transactions pass through. If a sender of bitcoin coinjoins, the recipient is unable to determine how the sender obtained the funds. If a recipient of the bitcoin coinjoins, the sender is unable to determine what the recipient does with the funds.

There are what I consider two types of common coinjoins, a mixing coinjoin and a spending coinjoin. A “mixing coinjoin” is used for the sole purpose of making bitcoin anonymous for future use. A “spending coinjoin” is when a coinjoin is used at the time of making a transaction to someone else, in which a recipient receives bitcoin from a sender directly as an output of a coinjoin.

For balance privacy, a coinjoin can also conceal someone’s full net worth. One way to do so is for a sender to pay a recipient directly from a coinjoin, via a “spending coinjoin”. Another way is to use a coinjoin to break up someone’s balance spread across multiple addresses that are not associated with each other. This is how it is often done with a “mixing coinjoin”.

The post How CoinJoins Fix Bitcoin Privacy appeared first on Wasabi Wallet - Blog.

Bitcoin uses what’s known as the blockchain to record the history of bitcoin transactions. A copy of this blockchain is stored on the nodes which make up the bitcoin network. When a new transaction occurs and has been broadcasted to the network, nodes and miners reference the blockchain to confirm the validity of the transaction to confirm that it is a valid coin, spent by the actual owner, and has not been double-spent. If it is a valid transaction, the nodes will propagate it across the network and a miner will include it in a new block of transactions which is then appended to the blockchain. Any new blocks are also confirmed by the nodes.

Dimensions, State Machines, and Time

Think of the bitcoin network as a state machine. A state machine is something that enforces the laws, hosts and stores the status or the state of something at any given time. Multiple states chained together form a timeline. A dimension is a state or timeline which is hosted on the state machine.

In the bitcoin dimension, the state machine is the bitcoin network made up of physical computers called nodes. In bitcoin, the present state is the ownership of bitcoins and balances, determined by the record of transactions. The state is also known as a block and this chain of states together, the timeline, is known as the blockchain. Whenever there is a new transaction, that transaction is included in the next block and is then appended to the blockchain. Each block added to the blockchain is a bundle of new transactions. The history of each transaction, its timeline, is the chain of blocks relevant to that specific transaction and is unique.

state machine = bitcoin network

state = blocks

timeline (chain of states) = blockchain

dimension = layer

In the bitcoin reality, the blockchain is the 1st dimension also known as layer 1. There are higher up and parallel 2nd dimensions that utilize the 1st dimension as its host. State machines inside of state machines. Dimensions inside of dimensions. There may eventually even be layer 3 dimensions as more development continues.

Smart Contracts

When a node verifies it was “spent by the actual owner” of that coin, that is just a very simple explanation. To be a valid transaction, the coins being spent actually need to satisfy the predefined rules and conditions of the bitcoin address that they are coming from. Many transactions are simply being sent from one person to another and just need to satisfy the condition of having a valid signature of the sender. However, a transaction can have many more spending conditions that open up many possibilities, thanks to Bitcoin’s smart contract language called Script. A smart contract is a contract in the form of computer code that self executes and is self-enforced to carry out a predefined action when predefined conditions are met.

Layer 1 and Layer 2

With developments that have been applied to bitcoin building on top of the capabilities of smart contracts, the blockchain has come to be known as Layer 1. Smart contracts have enabled transactions to take place on higher up layers outside of the blockchain, yet still be enforced or settled by the blockchain as necessary. The ability to facilitate transactions outside of the blockchain has enabled the ability to transact off-chain with high transaction volume, cheap or no transaction fees, fast or instant transactions, and high privacy. All without sacrificing the security or decentralization that layer 1 offers. It is layer 1 which higher up layers are built upon and used as their foundation. With higher up layers, layer 1 the blockchain is optionally used as a store of value and settlement layer. A blockchain is a very inefficient database, as it stores a historical copy of every single transaction that is shared with every node. This inefficient design is what enables decentralized auditing and verification of transactions. But to remain decentralized the blockchain must be kept as small as possible and not grow exponentially in size. Otherwise, it would be impossible for nodes to download, share, and audit the entire blockchain from the genesis block to the current block. And so it makes sense to have a majority of transactions take place off-chain if possible. Higher up layers enable this possibility.

There are multiple layer 2 solutions that exist, and even more which will be developed over time. Here are various layer 2 solutions for bitcoin transactions.

Lightning Network

The Lightning Network is a decentralized mesh network of computers (including mobile devices) that have lightning channels open with each other to relay transactions amongst each other off-chain. A lightning channel is a bitcoin smart contract where some bitcoin funds are locked up between the two owners of that channel. A lightning channel can be opened with bitcoin funds contributed by either side of the channel, or funds can be contributed by both sides in what is known as dual funded channels. When someone opens up a channel to the lightning network, a virtually unlimited number of bitcoin transactions can take place within the lifespan of that channel until either side of the channel closes it. When a lightning channel is closed, the smart contract will settle the balance of the latest transaction between the two computers. And because the computer on either side of the lightning channel may have more than one connection with the rest of the lightning network, transactions are able to travel across the connected meshnet of lightning nodes from the source to its intended destination. The lighting network truly makes Bitcoin the “internet of money”. In this way, a significant number of transactions can take place off-chain within the footprint of just two on-chain transactions. One bitcoin transaction to send bitcoin funds into a smart contract upon opening a lightning channel. Then a second transaction to close the lightning channel (if it ever is closed) and send the final settled bitcoin balance to each side. The lightning network uses onion routing to transfer bitcoin payments across the lightning network so that no single computer along the route knows the complete path of the source and destination. This gives a privacy advantage to payments done on the lightning network.

Side Chains, (Liquid)

A side chain is a layer 2 blockchain, where bitcoin funds can enter from layer 1 (main Bitcoin blockchain) into the side chain via a peg-in. Whenever bitcoin enters back into layer 1 from layer 2 this is called a peg-out. There can be more than one side chain, but I will discuss one that currently exists which is known as the Liquid sidechain by Blockstream.

On the Liquid blockchain, instead of the consensus being controlled by miners via hash rate and proof-of-work, Liquid is controlled by a federation of members. Members of the federation take turn proposing new blocks. Right now the Liquid Federation is made up of 15 members each of whom has a key. The Liquid side chain is secured by an 11-of-15 multisig setup. Because of this setup, in order for the Liquid side chain to act dishonestly, over two-thirds of the federation would have to collude. It is possible the number of federation members with control over Liquid may increase from 15 in a future upgrade.

On Liquid, the block times occur on an average of 1 minute apart, with 2 confirmations being considered safe for transactions. Liquid also features confidential transactions, which conceal the balances being sent, making chain analysis significantly harder to trace the flow of funds.

Physical Transactions

Layer 2 bitcoin transactions can also be in physical form. Specialized devices can be used for physical off-chain bitcoin transfers. Devices that currently exist to serve this function are OpenDimes. OpenDimes are tiny circuit boards with the form factor of and act as a USB drive. When plugged into a computer the bitcoin address and balance of the device can be viewed. These devices contain a security chip that generates a private key and keeps it concealed within the chip. OpenDime does not expose the private key contained within the security chip until it is unsealed. So long as the device remains sealed, the device can be passed around to different owners with confidence that only the one who has physical possession of the OpenDime, has possession of the bitcoin balance loaded onto it. No physical transaction using such devices touches the blockchain. Another advantage to physical transactions is that they can be done with no internet connection, so long as each party in the transaction has a copy of the blockchain. Another similar device that will enable physical off-chain transactions is called SatsCards, which are cards that interface with devices through NFC.

State Chains

A state chain acts similarly to physical transactions, in which the ownership of the UTXO (unconfirmed transaction output) containing funds is what’s transferred. Except instead of the transfer of the UTXO being sent physically, it is sent digitally. Think of a statechain as like a digital OpenDime.

A State Chain is defined as:

“A Bitcoin second-layer protocol in which instead of spending an old UTXO and creating a new UTXO as in a base layer transaction, ownership of coins can be transferred by directly handing over the information necessary to spend a UTXO through some other communication channel, while ensuring that the sender becomes unable to spend the UTXO themselves once the transfer is complete. Thus transferring value on Bitcoin without an on-chain transaction for every transfer of ownership.” [1]

In a state chain, the ownership of the state itself is what’s transferred between owners. A current state chain implementation is Mercury Wallet which also supports CoinSwaps to increase the privacy of bitcoins.

Summary

Higher-up layers built on top of Bitcoin enable high transaction volume without sacrificing security or scalability. Layer 2 solutions also offer privacy benefits along with transaction speeds and costs. While the Lightning Network is the primary used layer 2 at this time, there are other layer 2 solutions that complement and continue to improve bitcoin’s capabilities. Bitcoin is surely the most advanced, most secure, most decentralized digital money. Technological progression is layered, and bitcoin’s blockchain is a solid foundation for other layers built upon it.

References:
[1] https://blog.commerceblock.com/introducing-mercury-statechain-bb06c6064746

The post A Comparison of Bitcoin Layer 2 Solutions appeared first on Wasabi Wallet - Blog.

There are different pillars that make up security; consisting of confidentiality, integrity and availability. This is known as the Security Triangle.  The focus of this article is on confidentiality, specifically anonymity.

How Bitcoin Anonymity Degrades

Historical and future activity of transactions and KYC

Every past and future transaction on the bitcoin base layer, the blockchain, is permanently recorded and viewable by anyone anywhere at any time. This can be problematic when bitcoin is obtained in a way that is linked to your identity. Such as when bitcoin is obtained from a KYC (“know your customer”) source which requires logs, and presumably, shares your information. As a result, that bitcoin no longer has real anonymity when used in future transactions. Even if bitcoin was obtained anonymously without disclosing any identity, that anonymity can be undone in a future transaction if you expose your information to the recipient. One example of this would be if you order something online, pay in bitcoin and then give the recipient your name and address for shipping purposes. Another way your information could be leaked is if who you are sending bitcoin to is using a KYC payment processing service for receiving bitcoin in lieu of taking bitcoin directly.

Another way in which anonymity on bitcoin can be impacted is if you combine anonymous coins with non-anonymous coins in the same transaction. Anonymity of bitcoin can be degraded if your identity gets tied to it in past or future transactions. In either case, you have to trust that the source of your bitcoin and the recipient of your bitcoin do not share or leak your information whether intentionally (voluntarily, or through coercion) or unintentionally.

Network level threats to anonymity

You could do everything right with maintaining both backwards and forwards anonymity, yet fail to protect your information at the network level. Everything you do online, every website you visit, every data packet that enters the internet is scooped up by state surveillance agencies, logged and analyzed. If you send a bitcoin transaction or even look up a transaction or bitcoin address on a block explorer, that activity is bound to your IP address by either the state adversaries logging your internet traffic (if you are not using https encryption) or by the block explorer itself. Or when your computer broadcasts a transaction to the rest of the bitcoin network, these are usually unencrypted and the origin of that transaction can be seen by adversaries monitoring the internet. Your IP address is exposed and your data can get exposed the moment it hits the internet. IP addresses are associated with your identity if you are using a network connection associated with you. Even if such network connection is not registered to your identity, it can potentially be correlated to you from your other activities.

Address leakage

Another way that bitcoin anonymity can be harmed is if your addresses or extended public key of your wallet gets leaked. This would leak all your addresses together, undoing coin control and coinjoins. If the extended public key of your wallet gets leaked, all your bitcoin addresses, from both the past and future can be derived from it.

Compromised software

If you are using backdoored wallet software, it could spy on and leak your confidential financial activities and other information.

Blockchain heuristics

There are various blockchain heuristics which can also degrade the anonymity of bitcoin transactions. Blockchain heuristics is a large topic in its own right. What follows are just touching on some heuristics used in chain analysis.

Common Input Ownership Heuristic:

By default, it is commonly assumed that all inputs of a transaction belong to the same owner.

Change Address Heuristics:

There are ways to detect which output was the change address, thus deducing which of the outputs was the payment and which output is still under the sender’s control. One such way is if the payment is using a rounded number as payment. Or if it is known that the payment is the smaller amount.

Or if the recipient is known or identified in its on-chain behavior as being a business, then this is another way that the change output and the recipient output of a transaction can be identified.

Address Type Heuristics:

There are different types of bitcoin addresses. The different address types as of this time are bech32 addresses, P2SH (Pay to Script Hash) addresses, P2PKH (Pay to Public Key Hash) addresses, and now taproot addresses. Bech32 addresses begin with “bc1”, P2SH addresses begin with “3”, and P2PKH addresses begin with “1”. Different wallets and services may use different types of addresses, this is another way that the recipient and change output can be identified. If a wallet that uses bech32 sends a payment to something using a P2PKH or P2SH address, this becomes very obvious.

Custodial Wallets

Custodial bitcoin services, including custodial wallets, are also detrimental to privacy. The custodian has all the information of your bitcoin activities and addresses under your control.

In summary, there are many ways that your bitcoin anonymity can be undone or degraded. Even if you get one or most things right, you can fail to maintain your anonymity by getting one thing wrong. But hope is not lost, there are ways that these pitfalls can be avoided. Well designed software has safeguards in place to help protect users. Much like how a properly designed web browser should use TLS encryption by default on an otherwise cleartext internet, a properly designed bitcoin wallet should also have security and privacy functionalities as the default.

How Bitcoin Anonymity Can Be Preserved

Wasabi Wallet is one of the well-designed software that promotes user privacy and safeguards users from many of these ways that anonymity can be undone. Aside from this, these aforementioned pitfalls of anonymity can be mitigated in many ways.

Historical and Future Activity of Transactions and KYC

A great way to retain anonymity is to acquire non-KYC bitcoin anonymously and to lower your risk of information leaks by doing business with entities that take bitcoin directly instead of indirectly such as through a 3rd party payment processing service. If you have bitcoin that is linked to your identity or if you want extra privacy, you can coinjoin your bitcoin to break the link of the bitcoin’s past transactions from its future transactions. On the issue of combining anonymous with non-anonymous coins, this can be handled with proper compartmentalization. By labeling your bitcoins based on their associated activities, you can prevent mixing coins together that you would not want to be associated with each other. Wasabi Wallet supports both coinjoins and coin control.

Network Level Threats to Anonymity

To protect your anonymity at the network level, you can use tools such as Tor or I2P. Both of these are networks of computers that enable you to build encrypted layered tunnels across multiple hops to conceal your activities at the network level while also concealing your IP address from the destination server or computer you are communicating with. Tor gives you the benefit of locational and network level anonymity. Wasabi Wallet has Tor bundled in, and makes use of this for receiving block data and transactions from the bitcoin network, and also for broadcasting transactions. The Tor process included with Wasabi Wallet also has support for Tor hidden services as an option for connecting to your own node with end to end encryption. Many bitcoin nodes use Tor hidden services, along with some which are now also using I2P hidden services. For websites and check-out services, you’d want to use something like the Tor Browser.

Address Leakage

You should use a bitcoin wallet that does not leak your extended public key or addresses to others. Wasabi Wallet is one such wallet that does not leak this information. Wasabi Wallet allows you to run a local bitcoin node using built-in functionality, or to connect to your own remote node you may already have. Even if you do not use your own local or remote node, Wasabi Wallet uses what is known as BIP-158 Block Filters to download transaction data without divulging your addresses to anyone.

Compromised Software

To protect yourself from using malicious software which may be spying on you, you should use open-source software. Open-source software means the source code is transparent and can be vetted by anyone to verify that the software is not doing anything malicious. Open-source software is essential for privacy. Wasabi Wallet software is open source with the added benefit of being deterministically built. When software is deterministically built, also known as reproducible, you can confirm that the software was built unmodified (nothing added or removed) from the open-source code it claims to be from, without needing to compile it yourself. Deterministic builds offer both the convenience of pre-compiled software along with the trust of open source.

Blockchain Heuristics

Defeating Common Input Ownership & Change Address Heuristics:

Wasabi Wallet supports not only coinjoins, but also has support for payjoin transactions. A payjoin transaction is like a collaborative coinjoin between a sender and receiver in which both contribute inputs into a transaction. A payjoin transaction can obfuscate the direction of the payment, amount paid, and also confuse and discredit the assumption of the Common Input Ownership heuristic. Payjoin transactions require support by both the sender and recipient in a bitcoin transaction to make use of this functionality.

Address Type Heuristics:

Wallets should strive to use the same address types. Right now bech32 is the standard, which is what Wasabi Wallet uses. Once taproot addresses become widespread in use, bitcoin will have further anonymity as most bitcoin transactions making use of taproot will appear similar to each other.

Custodial Wallets

Self-custody of bitcoin is essential for not just security but also privacy as well. Wasabi Wallet is a self custody wallet and has support for many hardware wallets, further promoting secure self custody.

Lightning Network Transactions

Bitcoin has a new functionality called the lightning network, which enables bitcoin transactions to take place off of the blockchain, yet enforced by the blockchain at the same time. Because lightning transactions do not touch the blockchain and use what is known as onion routing (similar to Tor), payments sent over the lightning network have a high degree of anonymity for senders.

The post How To Prevent Anonymity Degradation Over Time appeared first on Wasabi Wallet - Blog.