While bitcoin is often referred to as an anonymous online currency that is used by criminals on the dark web, the reality is that the P2P digital cash system does not offer much privacy to its users at all. Many blockchain analytics companies have popped up over the years, and these observers are able to track the flow of funds on Bitcoin’s public accounting ledger.
Bitcoin’s privacy issues are so severe that alternative cryptocurrencies, such as Monero and Zcash, have gained recognition due to their ability to offer better privacy to users.
Many ideas for better privacy in Bitcoin have been floated over the years, but none of them have been implemented into the core protocol or gained widespread use. However, the way in which enhanced privacy could potentially come to Bitcoin has become clearer over time.
Bitcoin’s Privacy Issues
The key issue with Bitcoin privacy is that all transactions are published on the blockchain. While the identities on the blockchain are pseudonymous, it does not take too much effort to track the flow of funds once real names are attached to Bitcoin addresses at exchanges or other similar hubs of activity.
The most well-known privacy tool in Bitcoin today is CoinJoin, which allows multiple users to come together and mix their bitcoins with each other in a single transaction. The idea is that someone looking at the blockchain can see where the money went into the transaction but cannot tell which Bitcoin address received the funds.
This sounds like a powerful tool at first, but there are two key issues with CoinJoin.
For one, the values involved in these mixing transactions are public, which means anonymity is lost if everyone is mixing different amounts. If Bob is mixing one bitcoin, it’s easy to see where his coins ended up if everyone else is not also mixing one bitcoin. All an observer would have to do is look for the one bitcoin output that resulted from the CoinJoin transaction.
Saarland University’s Tim Ruffing covered the three reasons why Bitcoin mixing sucks at the recent Scaling Bitcoin workshop at Stanford.
Another issue with CoinJoin is that current implementations require a third party to run a mixing server. Although this third party is unable to steal funds, it does have the ability to see where coins are being sent, which means anonymity can be broken at the third party’s discretion.
The Solution Part 1: More Efficient Confidential Transactions
Confidential Transactions has long been viewed as a useful way to mask the amounts associated with Bitcoin transactions; however, a key issue with this solution has been the lack of efficiency that comes with it. According to Litecoin creator Charlie Lee, early versions of Confidential Transactions involved creating Bitcoin transactions that were sixteen times their normal size. Simply put, Confidential Transactions was not scalable in this state.
Recently, a paper has been published that discusses massive efficiency improvements for Confidential Transactions. In the paper, which was co-authored by researchers from Stanford University, University College London, and Blockstream, it is claimed that Confidential Transactions can be brought down to only three times the size of a normal Bitcoin transaction.
Bitcoin Core contributor and Blockstream CTO Greg Maxwell pointed out that the efficiency gains covered in the paper are even greater when combined with CoinJoin in a post to the Bitcoin development mailing list.
“This cuts the bloat factor down to ~3x for today’s traffic patterns.” wrote Maxwell. “Since the scaling of this approach is logarithmic with the number of outputs, use of CoinJoin can make the bloat factor arbitrarily small. E.g., combining 64 transactions still only results in a proof under 1.1KB, so in that case the space overhead from the range proof is basically negligible.”
Other benefits of Confidential Transactions include the fact that it does not involve any substantial new cryptographic assumptions and it requires no trusted setup.
The Solution Part 2: P2P Coin Mixing
With the amounts involved in Bitcoin transactions masked, the only lingering problem is breaking the link between a sender and a recipient in a trustless manner. This is what ValueShuffle, an improved version of CoinJoin, intends to achieve.
As ValueShuffle co-author Tim Ruffing told Bitcoin Magazineearlier this year, “[A] central server wouldn’t need to be trusted with users’ private keys or privacy, and they’re easily replaced if something goes wrong.”
Now that Confidential Transactions can be made more efficient, the probability of seeing ValueShuffle implemented on Bitcoin has improved. Having said that, there is still a long road ahead when it comes to implementing this change.
Recently, Bitcoin Core contributor Pieter Wuille calmed expectations regarding the recent efficiency gains in Confidential Transactions on Reddit. Wuille pointed out that, while Confidential Transactions can now be made smaller, the computational costs of verifying these types of transactions are still one to two orders of magnitude higher than a normal Bitcoin transaction.
“This technology is far too premature to propose for inclusion into Bitcoin,” Wuille commented.
The P2P mixing aspect of ValueShuffle does not require any changes to the Bitcoin protocol, but adding Confidential Transactions to Bitcoin would require a soft fork. It’s likely that Confidential Transactions or MimbleWimble (a relative of Confidential Transactions) will be tried out on a sidechain before being deployed on the main Bitcoin blockchain. In fact, Confidential Transactions has been implemented in Blockstream’s Liquid sidechain.
It’s too early to put together a timeline on adding Confidential Transactions to Bitcoin, but the good news is that there is now at least a clearer path for better privacy avail