Kristov Atlas is a network security and privacy researcher who studies cryptocurrencies. He is currently a security engineer for Blockchain and co-founder of the Open Bitcoin Privacy Project. He is the author of "Anonymous Bitcoin: How to Keep Your Ƀ All to Yourself", a practical guide to maximizing financial privacy.
As long as a system requires technical expertise for operation, it will be relegated to use by a small group of technologists.
If every person who walked onto an elevator was presented with a keyboard and DOS-style command line terminal, most of us would be looking for the stairs. The nerds among us may eagerly seek out the proverbial programmable elevators, but the average person just wants to push a button to get from one floor to the next, not master gravity-defying vehicles.
Bitcoin addresses have long been a point of confusion for new users introduced to the technology. It's difficult explaining a bitcoin address through analogy, because none of the comparisons quite match. They're kind of like email addresses – free to create and unlimited in number – but they're randomly assigned, and difficult to memorize, more like a phone number. But bitcoin addresses are not always bidirectional like a phone number.
Suppose you receive money from a friend, and later you want to send some money back to him. The address you received funds from initially may belong to your friend or just the bitcoin service he uses. Funds sent to the address may arrive to your friend – assuming he has backed up his wallet – or they may just line the bitcoin service’s pockets, never to be refunded.
Also, the mere receipt of a payment, unlike a phone call or email, rarely helps identify individual payers or explain why the transfer was made, since there are no area codes or analogues to caller ID, nor invoice numbers. The small number of users who investigate the details of bitcoin’s inner workings will come away with a vague impression that sending funds to the same address multiple times (referred to as "address reuse" by the bitcoin community) is somehow dangerous.
This vague impression, linked to poorly understood privacy implications and the seemingly distant threat of cryptographic attacks on reused private keys, may not ward users off from the very real dangers of address reuse.
When it comes to addresses, bitcoin resembles the Internet before DNS. Today, we visit websites through user-friendly domain names like 'Google.com', but early Internet adopters directed their computers to connect to other networks by referencing inscrutable-looking IP addresses like '220.127.116.11'.
IP addresses remain a core part of the protocols that help devices connect, but system designers and engineers have since succeeded in hiding this from users by tying domain names to IP addresses behind the scenes. In doing so, they’ve allowed users to interact with recognizable identities, like the Google search engine.
Promise and pitfalls
As bitcoin services mature and seek to include new audiences, they will also need an address resolution system that ties user-unfriendly bitcoin addresses to the identities of individuals and businesses that users have financial relationships with.
However, as we abstract bitcoin addresses away from the user interface, we must take caution.
The goal is to make it easier for users to pay each other, while dealing with the fundamental technical challenges related to address reuse. Tempting as it may be to build traditional third-party lookup systems, this naive approach will turn into a security and privacy quagmire of personal information disclosure and theft. They would be the kind of high-value databases that blackhat hackers seek out as reconnaissance for subsequent attacks on individuals.
Whenever possible, we must not ask users to give up on expectations of security and privacy in order to gain the software usability they require.
While consumer demands for security and privacy vary, businesses are rarely willing to disclose their income and expense data – which may contain trade secrets – to business partners, competitors or the world at large. Likewise, we should not expect individual users to divulge their income and spending habits to their friends, preferred service providers and unfamiliar analytic companies.
Making this disclosure a prerequisite for bitcoin use would have dire implications for adoption. If it all possible, we should seek easy-to-use payment identifiers that meet business and individual expectations of security and privacy without the inherent pitfalls of trusted third parties.
Learning from history
Bitcoin developers have addressed other user pain points in the past by repurposing old cryptographic research for bitcoin applications.
In 2013, bitcoin developers addressed the headache of wallet backups by applying concepts such as key-derivation functions and hierarchical key management, dating back to the 1990s and early 2000s. Whereas old bitcoin wallets required users to constantly create new wallet backups, a user could backup a hierarchical wallet once when she first created the wallet, while still yielding a virtually unlimited number of bitcoin addresses to cover future transactions.
The most promising path to a user-friendly bitcoin addressing system dates back even further in the annals of cryptography to the 1970s. This decade marked a groundswell of research on crucial technologies that underpin today's Internet.
“This is like being able to conduct a loud conversation with a friend in a room of spies without any risk of being overheard.”
Many of the cryptographers of this era were ethically motivated, and saw their work as pivotal in creating an Internet that promoted free speech and secure global commerce, rather than one dominated by government surveillance and corporate control.
In the mid-to-late ’70s, three of the era's most prominent cryptographers – Whitfield Diffie, Martin Hellman, and Ralph Merkle – jointly produced one of these key technologies.
Computers that want to communicate securely and privately must first exchange keys used to encrypt and decrypt messages. Diffie, Hellman, and Merkle developed a way for two computers with no prior interaction to create shared keys. The seemingly magical product of this protocol – now known as Diffie-Hellman-Merkle key exchange – is a set of keys known only by the two parties involved, regardless of the presence of any eavesdroppers.
This is like being able to conduct a loud conversation with a friend in a room of spies without any risk of being overheard, a seeming impossibility created through the brilliance of asymmetric cryptography.
Bitcoin developers have been working to create Diffie-Hellman-Merkle-derived addressing schemes for months now, but a mobile-friendly version was recently codified in Bitcoin Improvement Proposal (BIP) 47 by Justus Ranvier, who refers to these new addresses as Reusable Payment Codes.
Major bitcoin wallets, software library authors and exchanges are currently working to deploy Reusable Payment Codes in their businesses in 2016. These will allow businesses to better protect user privacy on the blockchain, while retaining the ability to identify their customers when such identification is required.
Bitcoin users will soon be able to look up their friends through social networks and other familiar identifiers such as email addresses. Businesses that implement Reusable Payment Codes will be smoothing over the bitcoin user experience, and set the peer-to-peer finance ecosystem up to invite its next several million more users.
Vintage telephone image via Shutterstock