A Closer Look at Efforts to Extend Bitcoin Privacy

In its current iteration, the Bitcoin (BTC) blockchain can be considered pseudo-anonymous and can be likened to writing an article under a pseudonym. While writing under the pseudonym, your real identity remains hidden. However, as soon as your real identity becomes linked to your pseudonym, anything written under your alias becomes linked to you — rendering the pseudonym itself useless.

A Flaw to Many

While it is technically possible to use Bitcoin (BTC) anonymously, actually doing so is more challenging than it might seem due to the vast number of forces conspiring against you. Cookies and other web-tracking elements can be used to link a Bitcoin wallet address with the identity of its owner since this information can be transmitted to a variety of third parties — including search engines, data scrapers, and analytics companies. As it stands, the major way that real identities are associated with a Bitcoin address is the through repeated use of each address. The more times an address is used, and the more addresses each address is associated with, the more privacy is lost, and hence the higher the chance your real identity will be unraveled. The lack of privacy and fungibility in Bitcoin’s design has led to the proliferation of dozens of altcoins looking to correct this flaw, many of which claim to tout a novel solution to the problem. However, some of these so-called privacy coins have come under fire for having their own privacy woes. Others are merely selectively anonymous — allowing users to choose if they wish to make private transactions. With the implementation of Bitcoin Improvement Protocol 32, Bitcoin users are able to store their funds in Hierarchal Deterministic (HD) wallets that eliminate the need to reuse BTC addresses by generating a new address for each transaction — making it much more difficult to link identity with any single Bitcoin address. The feature was modified slightly with Bitcoin Improvement Protocol 44, which defines a specific way of generating a private key tree — allowing millions of address to be generated per chain. While this is not a completely bulletproof solution to the privacy issue, wallets implementing any privacy-oriented BIPs are certainly a step in the right direction if privacy is a concern. [bctt tweet=”Hierarchal Deterministic (HD) wallets are used to improve Bitcoin transaction privacy, while solutions including XMR.to and Wasabi wallet take this a step further, attempting to fully anonymize Bitcoin!” username=”beincrypto”]

Who Cares About Anonymity?

Since Bitcoin operates on a public ledger, anybody who knows your wallet address can check your current balance by simply using a blockchain explorer. From here, they can check which other addresses you interacted with, how much was sent, and exactly when the transaction was made. While on the surface this information might seem like a problem, the issue becomes more apparent when you consider that thieves now have an easy way to determine how wealthy you are and, perhaps, choose their next target. Besides this, anybody could track exactly where you spend your money and, in some cases, determine what that money was spent on — potentially exposing even sensitive purchases. For companies paying their employees in Bitcoin, this essentially exposes all the incoming and outgoing payments, allowing you to determine how much money is in company accounts and how much it pays each of its employees. (Would you want your colleagues to know exactly how much you earn?)

Blockchain Intelligence

One of the major challenges to the anonymity of cryptocurrencies are so-called blockchain intelligence agencies, such as Elliptic — a company that uses data analysis to link real-world identities with particular transactions and wallet addresses. At the moment, Elliptic mostly directs its attention towards those using cryptocurrency for nefarious and criminal purposes. This goal set is also shared by Chainalysis, a blockchain analysis firm based in New York that looks to detect interactions between different blockchain entities for the purposes of crime prevention. Blockchain Intelligence Group is another firm looking to sever the anonymity of blockchain-based cryptocurrencies. Its main clientele including law enforcement agencies and financial regulators. Blockchain Intelligence Group employs a combination of data analytics, research, and market intelligence to develop solutions for its clients. It is clear that, as time goes on, blockchain analysis techniques are becoming increasingly sophisticated while the blockchain surveillance industry is becoming continues to boom — with more players entering the industry regularly. Although almost all blockchain analysis work is targeted towards the prevention of money laundering, fraud, and other criminal acts, it is unlikely that this investigative process will be precise enough to target users at the individual level — meaning numerous innocent people will also have their privacy compromised as a result.

Wasabi Wallet

With the growing concerns that Bitcoin isn’t as anonymous as it was originally thought to be, a number of solutions have been developed that look to improve this aspect of the cryptocurrency. One of these solutions is Wasabi wallet, a non-custodial Bitcoin wallet that improves the fungibility and privacy of Bitcoin (BTC). To do this, the wallet uses a method known as “CoinJoin” to obfuscate transaction details by combining numerous individual payments into a single transaction before distributing these funds to the intended recipients. Developed by Gregory Maxwell — a Bitcoin Core developer and Chief Technology Officer at Blockchain — CoinJoin requires that all participants in the mixing process send the exact same amount. Otherwise, it is possible to determine which output is associated with which input. Recently, the largest transaction every sent using CoinJoin was conducted by Adam Ficsor, one of the developers for Wasabi Wallet, along with several other participants who successfully transacted 14.8 BTC in a single transaction — demonstrating the potential for the technique to obfuscate even large sums under very specific conditions.

Since August 1, 2018. @wasabiwallet made over 7500 BTC fungible!
Over 1350 successful mixing rounds! pic.twitter.com/1Mqt4yL5fA

— Gergely Hajdu (@gergely_hajdu) January 25, 2019

Since August 2018, Wasabi Wallet has mixed over 7,500 BTC over more than 1,350 mixing rounds. In today’s value, that is equivalent of making over $25 million fungible. It should be noted, however, that the CoinJoin technique has frequently been criticized for being vulnerable to Sybil attacks and requires that several people send the exact same amount at the same time — making it impractical for large sums and often challenging for even small sums.

XMR.to

One of the major ways used to break the identity chain is by exchanging cryptocurrencies to a fully-fungible cryptocurrency such as Monero (XMR). Typically, this process works by directly exchanging Bitcoin from a new (untainted) address with a Monero supplier — so long as your Bitcoin address has not been previously linked with your identity, this is an anonymous way of obtaining Monero, which can then be used to make truly-anonymous payments. Services have begun appearing that work in the reverse direction — converting Monero payments into Bitcoin ones and allowing those with Monero to essentially make anonymous Bitcoin payments. XMR.to is one such service provider. It offers to automatically convert truly-confidential Monero payments to a Bitcoin payment sent on your behalf to a recipient of your choice. To do this, you simply create an order and specifying the amount of BTC you would like to receive (or send to someone else), after which you will be provided a Monero address to send the equivalent amount of Monero to, based on the exchange rate used on the website. Once the XMR has been received by the site, the selected amount of BTC will be sent to the address you provided — essentially allowing you to create a Bitcoin payment with no links to yourself. They do admit, however, that your IP address is logged while using the site — supposedly only for support and maintenance purposes — while recommending that you use TOR or I2P to fully protect your privacy when using their service.

TumbleBit

TumbleBit is another potential solution to the Bitcoin privacy problem. It uses a different approach to CoinJoin while avoiding the challenges of low liquidity. Designed as an untrusted and anonymous Bitcoin-compatible payment hub, TumbleBit was first proposed in 2016 by a group of researchers from Boston University. Among these researchers is Ethan Heilman — a blockchain researcher and founder of Arwen, a crypto startup that aims to ensure users retain control over their private keys even when trading on exchanges. To anonymize Bitcoin transactions, TumbleBit implements an untrusted tumbler, which is used to establish off-chain payment channels between a number of users involved in a mixing session. Off-chain cryptographic protocols are used to anonymize the funds before the cash-out phase, which sees each participant claim his or her coins from the tumbler escrow. According to the research paper, TumbleBit also acts to increase the velocity of Bitcoin payments — allowing payments to be transferred in as little as 1.2 seconds, compared to the 10-minute latency the Bitcoin blockchain currently suffers. Since TumbleBit operates off-chain, it can also serve as a method to scale Bitcoin and other blockchains — helping them achieve higher throughput than currently possible — similar to the lightning network. Additionally, TumbleBit is resistant to timing attacks and other attempts to deanonymize transactions, thanks to the possibility of implementing several successive mixing cycles. TumbleBit has been implemented into the Stratis Breeze Wallet, which includes a feature known as the Breeze Privacy Protocol that combines TumbleBit with Stratis blockchain technology to anonymize Bitcoin transactions — using Stratis master nodes as the tumbling service in exchange for the one percent tumbling fee. Which technique do you think is the best for maintaining privacy when using Bitcoin? Are there any better alternatives in the works? Let us know your thoughts in the comments below!