Bitcoin privacy experts are far from impressed with a recently circling slideshow-style privacy report that puts Taproot, a likely upcoming upgrade to Bitcoin, in the crosshairs.
The Taproot upgrade will boost Bitcoin's privacy and scalability. The years-in-the-making upgrade has been applauded by Bitcoin's most active developers, with the community being invited numerous times to test and scrutinize it. Plus, in an unprecedented move for large Bitcoin upgrades, the majority of bitcoin miners are now signaling support for the upgrade.
Against this backdrop comes a new report from blockchain explorer Blockchair’s lead developer Nikita Zhavoronkov, who has released several privacy-oriented tools. He argues that because Taproot introduces a new "script" to Bitcoin – which dictates under which conditions coins can be spent – the Taproot coins will become distinguishable from other bitcoins.
Zhavoronkov, who has developed a reputation for his frequent criticism of Bitcoin, now appears to have one goal: to stop the upgrade.
But Bitcoin privacy experts pointedly disagree with Zhakoronkov's claim that Taproot isn't up to snuff.
"I think the 'research' sucks, to put it bluntly," said Bitcoin privacy expert Chris Belcher, who works on Bitcoin privacy projects CoinSwap and JoinMarket). In an email to CoinDesk, he argued that, ironically, what Zhavoronkov proposes – to stop Taproot – would harm Bitcoin privacy in the long term.
"What Nikita describes is a non-issue," pseudonymous bitcoin educator and privacy guru 6102 told CoinDesk.
Veteran bitcoin developer Greg Maxwell, who invented Taproot, went so far as to go on Reddit and call Zhavoronkov's research an "attack," warning, "Be informed and don't let malicious actors sow FUD in an effort to hurt Bitcoin users."
Let's dive into the details a bit. Taproot will enable new rules, known as scripts, for locking up coins. Bitcoin has many types of scripts. The most common is just the rule that Bitcoin cannot be sent to someone else unless the user uses a private key to sign it and send it along. But there are others, such as the rule that two-of-three specific users need to sign the transaction to move the coins elsewhere.
Bitcoins locked up in these different scripts each look a little different. Remember, Bitcoin's ledger is open for anyone to see. It's possible for busybodies, namely blockchain analysis companies, to peruse Bitcoin's transaction history and pass on what they find to paying customers, such as government agencies, who may then use this information for a variety of reasonsto crack down on criminals.
In short, Zhavoronkov points out that once the new Taproot script is added, Taproot coins will stand out from other bitcoins.
More specifically, he looks at where bitcoin transactions are sent. Bitcoins are stored in chunks called Unspent Transaction Outputs (UTXOs). Say Alice has 3 BTC locked in one UTXO, but only wants to send 1 BTC to Bob. Once she sends the bitcoin to Bob, her 3 BTC UTXO will be split into two pieces: 1 BTC will be sent to Bob, and 2 BTC will be sent back to Alice in what's called a "change address."
If the change address script type is the same as the sending address but different from the recipient address then it's easy to guess where the sender sent their coins. Zhavoronkov argues this is an assumption (known as a "heuristic" in privacyland lingo), that blockchain analysis companies can use to figure out (or at least guess) where funds are going.
Zhavoronkov argues that adding another script for Taproot will increase the likelihood of this privacy hurdle. And he doesn't think this will be a short-term problem.
Zhavoronkov argues that if Taproot gets 100% adoption, then he agrees with other Bitcoin developers that the upgrade will be a "net good." But he doesn't think it will get to that point.
"Taproot shouldn’t be considered as a 'privacy feature' because it’s not like the shielded pool in Zcash or ring signatures in Monero. The advantages are minuscule and applicable to edge cases only," he added.
Devs: Concerns don't hold water
Bitcoin developers argue this is a concern that many have already considered. It's not new information.
"The reality is that this is already a 'problem' and adding a new type will likely have negligible impact, while bringing other significant benefits," 6102 told CoinDesk. He added that the heuristic Zhavoronkov points to can be easily gamed.
Maxwell argued (again, on Reddit) that Taproot was actually designed specifically with the problem Zhavoronkov pointed out.
"This is a fact that was always discussed along with the development of taproot, and it drove a number of design decisions: e.g., not deploying it as multiple features and making sure new extensions can be deployed in leafs where they may not get exposed," he said.
Belcher added there are already many, many script types, each of which can be differentiated from others, and adding one more won't be much of a issue, let alone a catastrophic one as Zhavoronkov describes it.
"Bitcoin today already suffers from the situation described by that PDF, and Taproot improves the situation on balance," Belcher said.
Taproot: A privacy improvement
Further disagreeing with Zhavoronkov, the developers CoinDesk contacted argued the long-term benefits of Taproot far outweigh Zhavoronkov's concerns.
The privacy benefit Taproot brings is actually supposed to be the opposite of what Zhavoronkov describes. With Taproot, Bitcoin users will be able to use different ways of locking up their coins "without being able to be distinguished from each other," as Belcher put it. For example, a transaction used to set up a Lightning channel can be made to look just like a regular bitcoin transaction.
Belcher recently posted a thread on Twitter exploring in more granular detail the ways Taproot will benefit Bitcoin privacy in the long term.
"Taproot is a huge positive for privacy and it should be added to Bitcoin as soon as is safely possible," Belcher said, later adding that "this glossy and charismatic, but dishonest, PDF is an attempt to reduce the privacy of Bitcoin."
Bitcoin developer Lloyd Fournier, who earned a grant from Square Crypto earlier this year, also noted that Taproot transactions are cheaper (contrary to what Zhavoronov said) so users will have an extra incentive to adopt them.
"The immense individual and community effort that went into the specification and engineering around Taproot aims to improve Bitcoin over the coming years and decades. The author's emphasis on very narrow short-term concerns seems to be misaligned with the long-term flourishing of Bitcoin," he said.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.