A developer known for working on enhancing Bitcoin privacy has set his sights on a new project he hopes will "massively improve" how we keep our transactions private.
Chris Belcher, who also created the technical privacy market JoinMarket, is currently working on putting to the test CoinSwap, an idea first proposed by legendary Bitcoin developer Greg Maxwell in 2013. Belcher has been focusing on CoinSwap rather than JoinMarket because he thinks it will give users better privacy, he told CoinDesk.
"Right now, Bitcoin privacy is not very good at all. Anyone in the world can analyze the blockchain and then can find all sorts of information about users - their balance, their history, who they transact with and in what amounts, when – everything they spend," Belcher told CoinDesk in an interview.
Belcher argues that this is, in some ways, worse than the financial privacy we have in legacy systems today. "The banking system, they know your transactions, but the general public doesn't. With Bitcoin it is the general public -- it is everyone that can see exactly what the user does," Belcher added.
He added it's important to most people that this type of information isn't exposed to the whole world.
"Financial privacy is good for human dignity, [for example], if you don't want your neighbors to see what charities you donate to or that type of thing, or if you're paid in bitcoin you don't want your employers to know what charities you donate to or what other activities you're involved in," Belcher added.
CoinJoins: today's Bitcoin privacy
"CoinJoins" (distinctive from "CoinSwaps," which Belcher is putting to the test) are the privacy transactions that are most popular on Bitcoin today. CoinJoins give users good privacy and are becoming more popular. Thus far, they have been adopted in the Wasabi wallet, Samourai Wallet and JoinMarket.
A CoinJoin takes all inputs from several transactions by different users and mixes them into one big, collaborative transaction. This one big transaction then sends the bitcoins mixed from different addresses out to different addresses. Because no one can tell where the spent bitcoins originally came from, the scent of the trail is obfuscated and the participants in the CoinJoin gain better privacy.
But it’s not perfect. There are still ways for people analyzing the Bitcoin blockchain (namely blockchain analysis companies) to detect when and where bitcoins are being mixed.
For one thing, the transaction sizes of mixed coins are much bigger than normal transactions because they contain so many different inputs.
Also telling is the fact they have outputs that are all the same size. "Equal output CoinJoins are very obvious. If someone sees them on the blockchain they can see that this kind of privacy protocol is happening,” Belcher said.
Why are outputs the same size? If Bob sends 0.8 BTC into the CoinJoin transaction and Alice sends 0.187 BTC and Mary sends 1.2222 BTC, and the resulting outputs are exactly 0.8 BTC, 0.187 BTC and 1.2222 BTC respectively, that coincidence is pretty obvious to anyone who is looking.
In order to preserve privacy, a CoinJoin transaction usually splits the amount of bitcoin dispensed into even pieces, say 0.1 bitcoin. So, if Alice put in 0.3 bitcoin, she will receive three 0.1 pieces sent to three separate addresses that she controls.
Most transactions don't have a bunch of equal outputs like this. That's why CoinJoins are easy to detect.
Indeed, there have been a few instances of cryptocurrency exchanges banning users who have evidently sent their bitcoin through such privacy services.
"They'll be suspicious. If there's someone analyzing the blockchain, they'll see this is a CoinJoin, so they know this person did that. And if they see another transaction, [by comparison] they can see that it's not a CoinJoin," Belcher said.
CoinSwap: an invisibility cloak for transactions
"CoinJoin" and "CoinSwap" have similar names and they both help to preserve privacy, so it's easy to confuse them. But they're different, and Belcher argues CoinSwaps "fixes many of the problems of some kinds of CoinJoins" and "is the next step for on-chain bitcoin privacy."
CoinSwaps can be made to look invisible, Belcher said. If done correctly, a CoinSwap transaction can look just like a vanilla bitcoin transaction.
In a CoinSwap, it looks like two separate people are sending completely separate transactions. But under the hood, something else completely is happening.
Two parties, say Alice and Bob, execute such a swap. In short, Alice sends some bitcoin to a CoinSwap address. Bob sends the same amount of bitcoin to a separate CoinSwap address.
If both send the right amount of money over, the coins are "swapped." The coins Alice sent to the CoinSwap address are sent to a new address owned by Bob, and the coins Bob sent to his own CoinSwap address are sent to a new address owned by Alice.
Under the hood, the CoinSwap address, which is responsible for this swapping, is much fancier than a normal bitcoin transaction. It's a multi-signature transaction, meaning it requires more than one person to sign off on it in order to send the transaction. Usually, these types of transactions stand out on the blockchain since they look different from normal bitcoin transactions. But by including ECDSA-2P cryptography, these multi-signature transactions can be made to look just like normal bitcoin transactions. This is very much Belcher's plan.
With ECDSA-2P in place, "Alice sends a CoinSwap to Bob and it just looks like just a normal transaction. But actually the coins have ended up somewhere else completely," Belcher said.
This component is important. If all of these transactions look the same, people who aren't even using CoinSwaps are getting more privacy too. There's no way to tell if any transaction is a CoinSwap transaction or a normal one, turning bitcoin chain analysis on its head.
Similar technology will expand to the Lightning Network as well, so blockchain watchers can't tell if any single transaction is a CoinSwap, a Lightning Network transaction or just a normal bitcoin transaction.
That's not to say that CoinSwap is perfect, though. The problem with CoinSwap is that it is a much more complicated process to implement than CoinJoin.
'As decentralized as possible'
In his mountain of a post, Belcher describes how to turn the idea of CoinSwap into reality.
A key reason CoinSwaps haven’t taken off since Maxwell described them seven years ago is that they're not as straightforward as CoinJoins. So, Belcher has his work cut out for him in implementing the complexity for the first time.
His first step was just thinking about the best way to do it, outlining a number of different design considerations in the article making up his plan of attack. For one, he plans to use the Rust programming language, since it's potentially more secure than other languages.
"I want to make it as decentralized as possible, so there's no central point of failure that can be switched off or censored," Belcher said. To meet this goal, he wants the "whole thing" to run over the privacy network Tor, which helps to shield IP addresses, which are kind of like a mailing address for a computer exposing where it is located.
"I think that's quite necessary for privacy," he said.
Belcher outlines this and various other considerations in his proposal, such as routing and using PayJoin, yet another bitcoin privacy technology, alongside it. Now that his ideas are out in the public, people can comment and make suggestions.
The next step is actually implementing it. Belcher told CoinDesk he hopes to release a minimum viable product in the next six months.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.