51 minute read

Welcome to the twenty-second issue of ‘This Month in Bitcoin Privacy’ newsletter. Enjoy!

White Satin Moth (Leucoma salicis)

"White Satin Moth (Leucoma salicis)" by @naturebftb is licensed under CC BY-NC 2.0 .

Table of Contents

  1. Overflow
  2. Electrum UTXO Privacy Analysis
  3. BTCPay Server and Trezor Add CoinJoin
  4. The Fog of Analysis, Continued
  5. Tornado Cash Update, Continued


This section is for stories that would have been included for the months of December, January, February, and March:

:sparkles: Happy 30th Anniversary :sparkles: to “A Cypherpunk’s Manifesto” by Eric Hughes! (TMIBP02)

Eric Hughes’ definition of “privacy” in his 1993 Cypherpunk’s Manifesto restores individual agency; it is “the power to selectively reveal oneself to the world”. Justice Murphy similarly explained the importance of privacy in a 1942 dissent [Goldman v. United States, 316 U.S. 129] rejecting the warrantless use of eavesdropping technology, opining “the spiritual freedom of the individual depends in no small measure upon the preservation of that right”, and that “[i]nsistence on its retention does not mean that a person has anything to conceal, but means rather that the choice should be his as to what he wishes to reveal”.

— “Autonomy Through Anonymity: Reconceptualizing Privacy-Enhancing Tools Under the U.S. Constitution” by Aaron Daniel (2023)


In TMIBP21, we saw the ‘NoLooking’ project code their way to the final shortlist of the six-week Legends of Lightning online global development tournament, with the goal of making both opening and funding Lightning channels cheaper, easier, and more privacy-preserving using PayJoin. On December 7th, the tournament winners were announced. ‘NoLooking’ received third place in the Global Adoption track.

Our mission was clear: onboard new makers into the ecosystem, innovate on bitcoin and lightning, and help new or existing projects incubate their ideas and turn dreams into a reality. With 260 makers and 73 projects entered across 2 prize tracks (61 🧡 + 12 🌍), we believe we got pretty close.

On December 15th 2022, developer Dan Gould added “Challenge 6: Private purchase” to the Bitcoin Design Guide’s (TMIBP07, TMIBP13, TMIBP21) list of ‘Design Challenges.’ Yashraj Deshmukh began drafting “PayJoin User Flow” in response. In February, Gould shared and praised his work for “identif[ying] the key areas it should improve and continues to push for their evolution.”

Separately, Samourai Wallet’s own PayJoin implementation called Stowaway (TMIBP02, TMIBP03, TMIBP04, TMIBP09) has been adopted as a new ‘swap’ option by the Lightning and Tor onion-based peer-to-peer bitcoin exchange RoboSats (TMIBP20, TMIBP21), with the release of v0.3.4-alpha on February 12th. The project had celebrated its one-year anniversary on December 31st 2022.

On January 22nd, Gould wrote to the mailing list that he had just published a proposal for “Serverless Payjoin,” that is, PayJoin “without hosting a secure endpoint” as in the dominant Pay-to-EndPoint (P2EP) model.

Instead of a peer-hosted endpoint, this scheme allows an HTTP client to act as a server as in long-polling4, relays reqests via proxy, and symmetric cryptography for security. Without a replacement for secured networking, the relay could steal funds. Aside from a pre-shared secret and relayed networking, the protocol takes the same form as the existing BIP 78 spec.

On March 24th 2023, Gould launched payjoin.org to “send and receive payjoin from the static website using [the] new Payjoin Software Development Kit” (SDK). On April 4th, the Guide was updated with Deshmukh’s case study on “The PayJoin Experience.” It includes that “maintaining an always-online endpoint seems to be the biggest hurdle for payjoin implementation.”

:information_source: Check out Bitcoin Optech Newsletter #236 for more and other recent technical developments beyond Bitcoin privacy.


The European Commission announced “an amendment to the Directive for Administration Cooperation (DAC)” that would require both EU-based and non-EU based crypto-asset service providers (CASPs) serving EU residents to provide more information on those customers to the relevant authorities. They note that these “new tax transparency rules” will “complement the Markets in Crypto-assets (MiCA) Regulation and anti-money laundering rules,” and is “consistent” with the intergovernmental Organisation for Economic Co-operation and Development (OECD)’s “initiative on the Crypto-Asset Reporting Framework (CARF) and the amendments to the OECD Common Reporting Standard (CRS)” released in October 2022 (which the ‘Leaders of the G20’ “consider to be integral additions to the global standards for automatic exchange of information”).

Today’s proposal will improve Member States’ ability to detect and counter tax fraud, tax evasion and tax avoidance, by requiring all crypto-asset service providers – irrespective of their size or location – to report transactions of clients residing in the EU. The Directive also aims to establish a common minimum level of penalties for situations of serious non-compliance, such as the complete absence of reporting despite administrative reminders. Moreover, the Commission suggested extending both reporting obligations of financial institutions to cover e-money and digital currencies and the scope of the automatic exchange of information to advance cross-border rulings used by high net-worth individuals.

I have previously covered proposed crypto-related revisions to E.U. anti-money laundering policy in TMIBP14, TMIBP19, TMIBP20, and TMIBP21. Through their initiative roadmap, you can read all feedback on Commission adoption, including from Blockchain for Europe (BC4EU). “It is foreseen that the new reporting requirements with regard to crypto-assets, e-money and digital currencies would enter into force on 1 January 2026.”

On March 22nd 2023, the same day that they advertised a job opening for “Supervision Officer Crypto-assets/MiCA,” the European Banking Authority (EBA) published “findings from its assessment of competent authorities’ approaches to the anti-money laundering and countering the financing of terrorism (AML/CFT) supervision of banks.” “Over the course of 2020 and 2021” they reviewed “how competent authorities in this period’s sample apply the risk-based approach set out in international standards, Directive (EU) 2015/849 andAML/CFT guidelines issued jointly by the European Supervisory Authorities and the EBA.” The report makes no specific mention of bitcoin or ‘crypto-assets,’ though in the executive summary of their earlier 2021 Annual Report, they claim to have “identified risks related to virtual currencies” through subsequent “monitoring,” and that these represented “the most significant risks.”

In this context, to further strengthen its monitoring and assessment capacity in view of the broadening and deepening of markets in crypto-assets, in mid-2021 the EBA established a Network on Crypto-assets comprising representatives from the NCAs represented on the EBA’s Board of Supervisors and observers from the Commission, ECB, EIOPA and ESMA. The Network enables a structured exchange of views on market developments, supervisory experiences and regulatory perimeter issues, including taking into account emerging activities such as crypto lending and staking, and new business models, notably decentralised finance. It also supports the aggregation of the results of monitoring activities at the EU level.

To this end, their new European Reporting System for Material CFT/AML Weaknesses (EuReCA) will likely be involved. “EuReCA will not start to collect personal data until the approval of the draft RTS by the European Commission.”

The EBA aims to use EuReCA to gather, structure and share information on financial institutions’ AML/CFT material weaknesses, as identified by competent authorities, and the measures that such authorities have taken to rectify these material weaknesses.

EuReCA was launched on 31 January 2022. The EBA has since then provided dedicated training to supervisors, followed by regular weekly meetings with users submitting directly to the platform. We have also provided users with a series of supporting materials such as FAQs and user guides.

Throughout 2022, EBA will continue to support EuReCA’s users in meeting their reporting obligations via FAQs and more in-depth training. The joint controllership arrangements for personal data are also set to be finalised and signed in 2022. As the information reported to EuReCA is expected to grow as time goes on, more time will have to be dedicated to analysing and sharing the information.

Regarding the “data protection aspects of EuReCA,” they state:

One important step also entailed drawing up, together with data protection experts and for the first time at the EBA, a draft data protection impact assessment (DPIA) that first identified and evaluated the risks of processing personal data and then established the necessary controls to mitigate these risks. This also required informal consultation with the European Data Protection Supervisor (EDPS) on both the draft RTS and the draft DPIA, as well as on drafting a memorandum of understanding on joint controllership of personal data by both the EBA and the various relevant authorities concerned.

On March 28th, members of Parliament in the committees on Economic and Monetary Affairs (ECON) and Civil Liberties, Justice and Home Affairs (LIBE) “adopted their position on three pieces of draft legislation on the financing provisions of EU Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) policy.” This included the 6th Anti-Money Laundering Directive – succeeding AMLD5 (TMIBP01, 06, 07, 10, 14) – and establishment of the Anti-Money Laundering Authority (AMLA) (TMIBP14, TMIBP20).

To restrict transactions in cash and crypto assets, MEPs want to cap payments that can be accepted by persons providing goods or services. They set limits up to €7000 for cash payments and €1000 for crypto-asset transfers, where the customer cannot be identified. Given the manifest risk of misuse by criminals, MEPs want to ban any citizenship by investments schemes (“golden passports”) and impose strong AML controls on residence by investment schemes (“golden visas”).

On March 29th, the EBA opened a public consultation on “amendments to its Guidelines on risk-based anti-money laundering and countering the financing of terrorism (AML/CFT) supervision. The proposed changes extend the scope of these Guidelines to AML/CFT supervisors of crypto-asset service providers (CASPs). The consultation runs until 29 June 2023.” During this period, they will also hold “a virtual public hearing” about the consultation paper on June 7th. “The EBA invites interested stakeholders to register using this link by 5 June 2023 at 16:00 CEST.”

On April 20th, MEPs approved the Markets in Crypto-Assets (MiCA) regulation and the application of the Funds Transfer Regulation (FTR) / Transfer of Funds Regulation (TFR) to crypto-assets. As reported by Bloomberg, “European Financial Services Commissioner Mairead McGuinness said on Wednesday that she expects the legislation to come into force in July after it’s formally approved by the bloc’s 27 member states. Specific requirements will take effect progressively, with rules governing stablecoins, for example, set to apply from July 2024.” For a more detailed breakdown of this decision and the MiCA framework, see Patrick Hansen’s post and this three-part overview by law firm K&L Gates.


In TMIBP01, 02, 04, 05, 16, and 20, I have followed Coinbase’s contractual relationships with, and data disclosures to, government agencies. In TMIBP02, 04, 05, and 06, I covered the Electronic Frontier Foundation’s calls for more transparency from financial technology companies, in addition to challenging the use of the third-party doctrine with financial records. Coinbase chief legal officer Paul Grewal (TMIBP05, TMIBP21) has published their fourth “Transparency Report 2022,” which concerns “data about requests for their information that we receive from government agencies and law enforcement” during “the period from October 1, 2021 through September 30, 2022.” Their first, second, and third transparency reports since 2020 are linked respectively.

Compared to the last period, Grewal states that they have seen “a ~66% increase” in the total number of requests. American law enforcement and government agencies had sent over 4,700 requests. “As in years past, the overwhelming majority of requests we received both globally and in the U.S. were from law enforcement agencies in connection with criminal enforcement matters.” Within the “~57% of requests” that were “from outside of the United States,” the top three countries with more than 1,000 requests each were the U.K., Germany, and Spain.

On January 4th, the New York State Department of Financial Services (NYDFS) announced in settlement that Coinbase would “pay a $50 million penalty to New York State for significant failures in its compliance program that violated the New York Banking Law and the New York State Department of Financial Services’ (DFS) virtual currency, money transmitter, transaction monitoring, and cybersecurity regulations.”

Coinbase has been licensed by the Department to conduct a virtual currency business and money transmitting business in the State of New York since 2017. Following an examination and subsequent enforcement investigation, the Department found that Coinbase’s Bank Secrecy Act/Anti-Money Laundering program — including its Know Your Customer/Customer Due Diligence (“KYC/CDD”), Transaction Monitoring System (“TMS”), suspicious activity reporting, and sanctions compliance systems — were inadequate for a financial services provider of Coinbase’s size and complexity.

According to the consent order, “the Department conducted a safety and soundness examination” in 2020, and subsequently “required Coinbase to hire an independent consultant” to access their BSA/AML and OFAC compliance. Following the completion of the consultant’s report in February 2021, “the Department began an enforcement investigation” involving a mandated ‘Independent Monitor’ who provided a further report in August 2022. They concluded that “Coinbase’s KYC/CDD program, both as written and as implemented, was immature and inadequate.”

In direct response to the Department’s findings and the findings and recommendations of the Independent Consultant and Independent Monitor retained at the Department’s direction, Coinbase has invested very substantial time and resources in an effort to remediate its issues and strengthen its Compliance Program more generally. With regard to KYC/EDD issues, for example, Coinbase, among other things, has implemented for all new accounts a dynamic risk rating model for both retail and institutional customers, is undertaking a KYC Refresh of all customers onboarded before the risk rating system was implemented, and has instituted new periodic review procedures. Likewise, with respect to transaction monitoring and SAR reporting, Coinbase has, among other things, upgraded its investigations portal to streamline the process of reviewing transaction monitoring alerts and filing SARs.

One may notice that since the creation of the ‘BitLicense’ regulation in 2015, NYDFS has published three enforcement actions in the category of ‘Virtual Currency,’ all within the last year. According to the New York Times’ reporting on this Coinbase settlement, “To date, the state has issued roughly 30” licenses.

Meanwhile, Coinbase continues to support and profit from blockchain surveillance (TMIBP20). Based on public procurement records, the Landeskriminalamt Nordrhein-Westfalen (state bureau of investigation) in Düsseldorf recently extended their licenses for Coinbase Tracer, valued at €485,000, and Chainalysis’ ‘Reactor’, valued at €1,108,800. Similarly, in February, the Komenda Główna Policji (Polish national police headquarters) in Warsaw purchased a Chainalysis license valued at €139,786.

However, their provision of this service is not mentioned at all in their transparency report. Since blockchain surveillance tools affect the financial privacy of their customers (as well as non-Coinbase customers), and the goal of their report is supposedly to provide “a view into how government policies and actions intersect with customer privacy,” I would argue that including a list of the agencies and offices subscribed to Coinbase Tracer is more than appropriate. As you have seen in my newsletter, these records are often public record anyway!


On December 14th, Senators Elizabeth Warren (D-Mass.) and Roger “Doc” Marshall (R-Kan.) introduced their “Digital Asset Anti-Money Laundering Act of 2022” bill during a hearing of the Committee on Banking, Housing, and Urban Affairs. They claim that it will “crack [down] on crypto money laundering by closing loopholes in the existing anti-money laundering and countering of the financing of terrorism (AML/CFT) framework, bringing the digital assets into greater compliance with the rules that govern the rest of the financial system.” The bill demands, among other things, that:

The Financial Crimes Enforcement Network shall promulgate a rule classifying custodial and unhosted wallet providers, cryptocurrency miners, validators, or other nodes who may act to validate or secure third-party transactions, independent network participants, including [Miner/Maximal Extractable Value] MEV searchers, and other validators with control over network protocols as money service businesses.

… the Financial Crimes Enforcement Network shall promulgate a rule that requires United States persons engaged in a transaction with a value greater than $10,000 in digital assets through 1 or more accounts outside of the United States to file a report described in section 1010.350 of title 31, Code of Federal Regulations, using the form described in that section, in accordance with section 5314 of title 31, United States Code.

… the Secretary of the Treasury shall promulgate a rule that prohibits financial institutions from (1) handling, using, or transacting business with digital asset mixers, privacy coins, and other anonymity-enhancing technologies, as specified by the Secretary; and (2) handling, using, or transacting business with digital assets that have been anonymized by the technologies described in paragraph (1).

… the Financial Crimes Enforcement Network shall issue guidance requiring digital asset kiosk and automated teller machine [ATM] operators and administrators to (1) verify the identity of each customer using a valid form of government-issued identification or other documentary method, as determined by the Secretary of the Treasury; and (2) collect the name, date of birth, physical address, and phone number of each counterparty to the transaction.

The bill defines a ‘mixer’ as “a website, software, or other service designed to conceal or obfuscate the origin, destination, and counterparties of digital asset transactions.” This would clearly contradict FinCEN’s guidance published in May 2019, which distinguishes between “anonymizing service providers” versus “an individual or entity that merely provides anonymizing software” (TMIBP01, TMIBP05, TMIBP20). They explicitly determined that “an anonymizing software provider is not a money transmitter,” and therefore not subject to Bank Secrecy Act (BSA) obligations. Regarding so-termed ‘unhosted wallets,’ this currently appears to be a more extreme position than those taken by either U.K. (TMIBP20) or E.U. regulators (TMIBP19, TMIBP20). Coin Center immediately responded that this “is the most direct attack on the personal freedom and privacy of cryptocurrency users and developers we’ve yet seen.”

The intended result is to forbid Americans from having any technological guarantees of personal privacy or individual agency when making transactions online, irrespective of whether those transactions have anything to do with crime. To the extent cryptocurrencies could even continue to exist in a world where this bill becomes law, Americans’ ability to use them would be limited to a fully permissioned and surveilled environment.

… this bill would effectively outlaw the very form of self-custody of digital assets that prevents the kind of counterparty risk to consumers exemplified in the FTX collapse.

… It forces these speakers to hobble the privacy and security of their own software and data with backdoors, much in the way the FBI attempted to force Apple to hobble their own iOS security by compelling them to publish backdoored software.

… Unfortunately, the bill cannot be improved; it can only be opposed in its entirety. Coin Center will do everything in its power to protect the rights of Americans and defeat this unwarranted attack on individual privacy and autonomy.

Meanwhile, on December 23rd 2022, the Internal Revenue Service (IRS) announced that “calendar year 2022 will be regarded as a transition period for purposes of Internal Revenue Service (IRS) enforcement and administration with respect to the implementation of the amendments made to the de minimis exception for third party settlement organizations (TPSO).”

As a result of this delay, third-party settlement organizations will not be required to report tax year 2022 transactions on a Form 1099-K to the IRS or the payee for the lower, $600 threshold amount enacted as part of the American Rescue Plan of 2021.

… Under the law, beginning January 1, 2023, a TPSO is required to report third-party network transactions paid in 2022 with any participating payee that exceed a minimum threshold of $600 in aggregate payments, regardless of the number of transactions. TPSOs report these transactions by providing individual payee’s an IRS Form 1099-K, Payment Card and Third-Party Network Transactions.

Cato Institute Center for Monetary & Financial Alternatives (CMFA) policy analyst Nicholas Anthony (TMIBP20, TMIBP21) commented:

In fact, the real confusion has been centered around just how this style of surveillance can be considered constitutional. Many have been left asking, “Why don’t Americans have stronger financial privacy rights?

Unfortunately, laws, regulations, Supreme Court decisions, and even inflation have consistently chipped away at financial privacy for over 50 years. As I explained in a recent paper, even a law titled the “Right to Financial Privacy Act” failed to really deliver the level of privacy Americans should have — notably, the level most Americans thought the Constitution provided.

Americans may have a year to relax, but Congress should take this time to fix the issue. Not only should the reporting requirement be repealed to lessen the burden on Americans, but also more fundamental reforms should be enacted to establish financial privacy protections that Americans should have had from the beginning.

On February 27th 2023, they hosted a panel discusson focused on “Bank Secrecy Act Reform: Restoring the Fourth Amendment.” The introductory speaker, Representative John Rose (R‑TN-06), had introduced the “Bank Privacy Reform Act” back in October 2022. “This bill keeps intact sections of the Bank Secrecy Act that require financial institutions to maintain customer records but repeals those that require them to report to government agencies without a showing of probable cause.” On April 28th 2023, together with Representative Donald Payne Jr. (D-NJ-10), he would also introduce a House Resolutionwhich expresses the sense of the House of Representatives that maintaining cash is important and a robust and viable payment option.” Regarding the “non-bank ATM industry,” which would naturally include those focused on Bitcoin and cryptocurrency, he said:

Last year, I met with the acting director of FinCEN, Himamauli Das, and I asked him for data on the number of successful prosecutions that have been brought against ATM operators over money laundering concerns, and the total number of cash withdrawals from the independently owned ATMs in a given year, that they could verify represented laundered funds. Now, remember: they labelled this entire industry as ‘high risk.’ He couldn’t provide me with any of that information, not even one instance. In fact, no one in the federal government seems to have access to this information. So this begs the question: What is the point of the current system? All of this to say, our anti-money laundering regulations are undoubtedly out-of-whack and have real-world consequences, including when it comes to our personal privacy.

:warning: If you are American and/or reside in the U.S., check out Fight For The Future’s (FFTF) campaign: “Privacy is a fundamental human right and essential to democracy. Everyone deserves protection from surveillance, as well as the freedom to build tech tools that preserve privacy by design.” For non-financial data privacy activism, also see here.


In TMIBP05, TMIBP07, TMIBP08, and TMIBP16 I have followed the Tor v3 transition and the importance of network privacy. Since June 2022, the Tor network has been under a distributed denial-of-service (DDoS) attack that remains unresolved (TMIBP20, TMIBP21).

On February 7th, Tor Project executive director Isabela Bagueros wrote that they are “working hard to mitigate the impacts and defend the network,” though it’s still “not possible to determine with certainty who is conducting these attacks or their intentions.” She thanked community members and the Onion Services Resource Coalition, a group of organisations “who are helping us right now in all sorts of ways.” (Disclosure: I am a board member of Open Sats). In TMIBP04, TMIBP06, and TMIBP21, I highlighted that the Tor Project has been considering “a token-based approach,” and on March 31st they shared that the two newly hired network team developers were “implementing a dynamic Proof of Work mechanism and resolving the Circuit Build Time-out issue.” On April 3rd, “to give users the privacy protections of Tor Browser without Tor,” the Mullvad Browser was launched; the VPN service has accepted bitcoin since July 2010! On April 5th, the Tor Project published the following status update:

The DDoS has significantly reduced in volume over the last month, although there are intermittent spikes that can still affect the performance of relays that get hit by them. Overall performance has improved, but can occasionally be slower when using affected relays. We are making significant progress on implementing our Proof of Work defense, which should eliminate the incentive for much of these attacks. Other, more general DDoS defense work will happen after that.

On April 10th, they announced that the Tor network was approaching 2,000 exit relays for the first time in its history. If you are interested in running a relay or learning more about what they do, there are virtual meetings for relay operators every couple months.


In TMIBP05, 08, 12, 14, 17, 19, 20, and 21, I have followed exploration, promotion, and criticism of central bank digital currencies (CBDCs). In the last newsletter, I highlighted a fellowship offered by the Human Rights Foundation (HRF) to build an online resource that tracks CBDCs around the world “and flags their risks for civil liberties.” I’m very pleased to share that a team composed of myself, Matthew Mežinskis, and Nick Anthony was awarded this fellowship. Matthew recently gave extensive interviews about his research on central banking and financial history for Tales from the Crypt (TFTC) and in episode #645 of What Bitcoin Did (WBD). We will be able to share more about our work on this project in the coming months, and there may be a special announcement at this year’s Oslo Freedom Forum! :purple_heart:


In the first quarter of 2023, two more wallets have integrated BIP-47 PayNyms (TMIBP03, 06, 09, 10, 20) that are compatible with Samourai Wallet. On February 24th, the mobile multi-coin Cypher Stack Wallet (Android and iOS) announced that after the completion of an internal audit, “PayNyms have now been released for ALL platforms,” and “we’re the ONLY app to have PayNyms on iOS!

On March 5th, BlueWallet indicated that they would be adding a “Reusable and shareable code (BIP47)” option. On March 16th, this was merged into the wallet repository. The next day, co-founder Nuno Coelho tested their payment code sharing publicly.

:information_source: Don’t understand how PayNyms work? Check out this explainer by Otto.


In TMIBP19, TMIBP20, and TMIBP21 I have followed Ruben Somsen’s ‘Silent Payments’ proposal, “a new scheme for private non-interactive address generation without [extra] on-chain overhead.” On March 9th, this was released by Somsen and Bitcoin Core contributor Josie Baker as a draft Bitcoin Improvement Proposal (BIP). As of this writing, it has not been assigned a BIP number.

:information_source: Check out Bitcoin Optech Newsletter #220, #231, and their audio recap discussions for other recent Bitcoin technical developments beyond privacy.

March 27th - MUSIG2 BIP DRAFT

In TMIBP01, 03, 04, 05, 06, 09, 11, 13, and 18, I have followed development of the Schnorr-based multi-signature scheme MuSig and its variations. In April 2022, Jonas Nick, Tim Ruffing, and Elliott Jin published a draft of the MuSig2 BIP, with a reference implementation written in Python. On March 27th 2023, after nearly a year of further improvement, the draft was merged as BIP-327.

The on-chain footprint of a MuSig2 Taproot output is essentially a single BIP340 public key, and a transaction spending the output only requires a single signature cooperatively produced by all signers. This is more compact and has lower verification cost than each signer providing an individual public key and signature, as would be required by an n-of-n policy implemented using OP_CHECKSIGADD as introduced in (BIP342). As a side effect, the number n of signers is not limited by any consensus rules when using MuSig2.

Moreover, MuSig2 offers a higher level of privacy than OP_CHECKSIGADD: MuSig2 Taproot outputs are indistinguishable for a blockchain observer from regular, single-signer Taproot outputs even though they are actually controlled by multiple signers. By tweaking an aggregate public key, the shared Taproot output can have script spending paths that are hidden unless used.

:information_source: Check out Bitcoin Optech Newsletter #222, #231, #238, #246, and their audio recap discussions for other recent Bitcoin technical developments beyond privacy.


Route blinding allows a recipient to provide a blinded route to potential payers. Each node_id in the route is tweaked, and dummy hops may be included. This is an alternative to rendezvous to preserve recipient anonymity. It has a different set of trade-offs: onions are re-usable, but the privacy guarantees are a bit weaker and require more work (e.g. when handling errors).

Since at least April 2020, software developer Bastien Teinturier (TMIBP10, TMIBP18) and others have been working to implement route blinding in the Lightning Network. On March 28th, his pull-request was finally merged into the BOLTs. The next day, Teinturier shared that there was already a proposal for combining blinded and trampoline routing (TMIBP10), once the latter’s pull-request has been reviewed and merged as well.

René Pickhardt commented: “Often there is a trade-off between privacy and reliability but this work by @realtbast is one of the surprising cases where increased privacy may also lead to improvements in reliability! (assuming we move forward with [friend-of-a-friend] sharing of x bits of liquidity information),” referring to his pull-request on BOLT14.

:information_source: Check out Bitcoin Optech Newsletter #245 for more and other recent technical developments beyond Bitcoin privacy.


On March 15th, the Electrum wallet developers announced that the next release “will include UTXO privacy analysis tools.” The code had already been committed to the wallet repository on February 25th. The preview of the coin analysis interface displayed a given UTXO’s parent transactions, with the option to provide a descriptive label, and highlighted any address reuse in pink.

On April 18th, Electrum 4.4.0 was released. Under ‘privacy features,’ they include the new basic privacy analysis tool: “this dialog displays all the wallet transactions that are either parent of a UTXO, or can be related to it through address reuse.” They also introduced more coin control through a new “menu that lets users easily spend a selection of UTXOs into a new channel, or into a submarine swap.”


On January 16th, the BTCPay Server project (TMIBP01, 02, 03, 05, and 06) began adding code for ‘WabiSabi’ (TMIBP01, 03, 06, 09, 14, 16, 18, 19) to their plugin repository. On February 27th, maintainer Andrew Camilleri aka ‘Kukks’ announced “the beta release of the Coinjoin plugin for @BtcpayServer. After many months of hard but exciting work, this opt-in plugin makes BTCPay Server one of the most extensive privacy-oriented Bitcoin tools around.” Wasabi’s announcement and explainer video emphasize that while “a highly liquid coordinator provided by zkSNACKs” would be the “default” server for CoinJoins, “all BTCPay Server admins can spin up their own coinjoin coordinators using their own terms.”

Any BTCPay Server merchant can activate the optional coinjoin plugin instantly for their stores. BTCPay Server stores that activate the coinjoin plugin will be able to automatically coinjoin all the bitcoin they receive. This protects the privacy of all their incoming and outgoing transactions by preventing sensitive information about their store’s payment history from leaking to unconcerned parties.

In addition to auto-coinjoin, the BTCPay Server plugin also offers an unprecedented payment batching in coinjoin feature. Utilizing BTCPay Server’s scheduled payouts, users are able to pay addresses directly within a coinjoin transaction, which saves block space and provides greater privacy compared to making a payment in two steps.

… In addition to the default zkSNACKs coordinator server, merchants are able to discover alternative coinjoin coordination servers via the Nostr protocol and can easily run their own coinjoin coordination servers.

… If users choose to run their own coordinator, the BTCPay Server Plugin offers an optional revenue sharing feature that by default donates a percentage of proceeds to the HRF and OpenSats foundation to further Bitcoin development. In addition, the plugin allows users to participate in different coinjoin rounds across multiple coordinators at the same time.

(Disclosure: I am a board member of Open Sats).

On March 6th, Wasabi also published an interview and hosted a Twitter Space with Camilleri and zkSNACKs CEO Max Hillebrand to discuss the new plugin.

On March 13th, the one-year anniversary of Wasabi announcing that “the zkSNACKs coordinator will start refusing certain UTXOs from registering to coinjoins” (TMIBP19), contributor Karo Zagorus marked the occasion by sharing more about their decision, as well as the consequences [note: minor edits for readability]:

.. November 2021, a letter comes from the [Gibraltar Financial Services Commission] that asks zkSNACKs Ltd. to register as a [Money Services Business] in the State of Gibraltar. A response was made to the regulator disagreeing with their view that zkSNACKs Ltd. should even register in the first place. The company’s lawyer in Gibraltar (who is a total pro) was asked for further help and replied to the GFSC that they are not required to register. The messages were sent for deliberation to the GFSC.

.. December 25th Christmas Day, a letter arrives from the GFSC demanding zkSNACKs Ltd. to immediately register as a [Money Services Business] and to immediately begin performing KYC/AML processes on its customers who are participating in its mixing services, or face having the company shut down by the regulator in the state of Gibraltar. This shocked people in the office and people turned on the panic mode for the next few months to come.

The company started challenging the decision of GFSC and had multiple options to counteract the request of the GFSC. Since the regulator has now declared the company ‘persona non grata’ in Gibraltar, they felt that they have to leave the State of Gibraltar with the company. Other options on the table were that the company would have sued GFSC to not have to register as a [Money Services Business] and have them stay in Gibraltar, but upon winning the lawsuit the government would have retaliated against the company eventually. Multiple regulators in the government were asked for feedback and zkSNACKs Ltd. was suggested to leave effective immediately since the company wasn’t employing anyone in Gibraltar physically and wasn’t even paying any taxes at all, ever. Little to no importance was the operation.

The issue became that zkSNACKs Ltd. now had a little grace period for changing legal domain where it was operating, therefore looking for a new state was commenced. Every state that “the lawyers” asked about refused cooperation or even to allow a move of the company. It was important for the company to be able to move because Greg and [Bálint Harmat] didn’t want to shut down the company or have it shut down by the regulators in Gibraltar, because later someone could have argued that the company was just a forefront to Criminal Money Laundering. And this would have been a disaster for the company’s legal operation that went unchallenged ever since it was created. Therefore it became a low-key issue for the company to start figuring out how to start fixing its grey legal area of where it is operating, to remain in state.

They made every possible attempt to remain in Gibraltar due to the easier regulatory approach there and options they had, but it have become impossible as the negative news kept coming. Their goal was to now appease the regulators to attempt to stay.

… The company later managed to move to a different jurisdiction and were able to continue operations uninterrupted. But it has become more restrictive in what they are allowed to do and how to conduct continued business in the long-term.

On March 12th, a company meeting was held by @nopara73 to ask questions from @HillebrandMax, @BTCparadigm, and myself to assess the potential damages of a @FinancialTimes article that could impede upon the company’s operational safety. The article was damaging to the image of the company, yet they had to approach it carefully … A decision was made that day that would lead to why the blacklist was needed, how it would affect the future operation of the company, how it would protect it against unwanted government interference and potential shutdown by it. By the 13th, things got very serious as the situation was portrayed as critical due to the journalist intervention at @FinancialTimes, therefore it was put to a vote whether or not we should implement blacklisting, and it passed.

.. The immense damage was imminent; after just one day of being employed @yeg0rpetrov then resigned. The community response was daunting and damaged the company’s image for up to 6 months. Wasabi’s account barely got any new followers until September 2022.

.. The scope of information at that time was only related to risk status of addresses that were assessed in order to prevent legal damage happening to the company in case of potential funds arriving from someone with a criminal background going through the Wasabi Coordinator. But for Bitcoiners the damage was already done as the most sacred taboo of bitcoining have been broken, that you shall never ever blacklist a transaction. All of Wasabi’s sponsors except one @TheVladCostea have fled. @BTCsessions bailed the next day, and @MemeFactoryTM also resigned from their sponsorship. The avenues for advertising were greatly impacted.

It was not until September when @Trezor’s cooperation with @wasabiwallet was announced that the company’s image started getting a “restoration”.

.. But over all the blacklist remains. And governments and journalists continue to attack open-source bitcoin privacy projects. As of now, the great bump was again achieved for Wasabi by having new sponsorships and finally, @PeterMcCormack @WhatBitcoinDid on as a sponsored podcast.

Where the future will head, we do not know, but for sure we are out of options. Nobody else is working on new centralized coordinators and every attempt to put Wasabi out of business has failed so far. Nobody has became efficient enough to compete so far. There are still many nuanced details that I have not put out yet, which I consider would shed a different light on what really happened back on that day at Wasabi, but I guess it will have to wait a little while more.

… Privacy as we can see is constantly now under attack from all fronts, even within our space. But developers are not a-plenty and it is not likely that we are going to see more projects coming around to start developing privacy solutions for us. It might be little too late already.

In TMIBP11, 13, 18, and 21, I have followed hardware wallet company Trezor’s addition of privacy-focused features into their Suite. On February 8th, they hosted a testing session of their upcoming CoinJoin feature. On April 19th, Trezor and Wasabi launched the feature. “Trezor is the first hardware wallet with coinjoin, completing its suite of free privacy tools.” In their announcement blog, they include a section on ‘Avoiding risk with coinjoin’ that warns:

The coinjoin process uses a coordinator, run by zkSNACKs, which is in charge of selecting which pieces of bitcoin (UTXOs) to include in a transaction and ensuring there is enough liquidity for the coinjoin to provide the required level of privacy.

In rare cases a particular set of UTXOs may not be included if it was present in a previous round and caused the coinjoin to fail because the user disconnected their device. In this case, the UTXOs would be unable to participate in a coinjoin for 6 hours.

Some users may also have UTXOs which are known to be high-risk due to where they originated from. The coordinator may decide not to include UTXOs which are likely to result in other users’ UTXOs inheriting that risk. Owning a high-risk UTXO will not prevent other UTXOs in your wallet from being coinjoined.


Companies like Chainalysis in the budding blockchain analysis industry will make their real money, [Sarah Meiklejohn] speculates, not from contracts with the IRS or the Justice Department but from banks and exchanges who are using their services to “de-risk” their transactions, ranking a certain sum of money’s cleanliness and regulatory liability based on algorithms the public will never see. “Then it gets much sketchier, right?” she says. “That looks much more like surveillance. Your bank is basically spying on you and judging you based on where your money came from. That stuff is not as nice, and it’s not going to make headlines.”

… Like Gladstein, she points to the same potential for dictatorships to abuse Chainalysis-like services, tracing the finances of protesters, for instance.

— “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency” by Andy Greenberg (2022)

In TMIBP20, I highlighted the case of Roman Sterlingov, accused of creating and operating Bitcoin Fog, a centralised proto-mixing service. He was arrested two years ago (as of this month) on April 27th 2021 at Los Angeles International Airport, and has already spent over 700 days in pre-trial detention. According to his defense lawyers, Tor Ekeland and Michael Hassard, his trial is scheduled to begin on “September 14, 2023 in the Federal District Court for the District of Columbia. We expect it to last a month.” In the meantime, there will be a hearing in June with “a Daubert challenge.” The potential sentence is 50 years to life in prison.

In October, I gave a presentation on “the overlap between blockchain analysis companies, private spyware firms, and government intelligence agencies” for the annual Hackers Congress at Paralelní Polis (TMIBP21). On November 15th, “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency” by Wired senior technology writer Andy Greenberg was published. As I anticipated, there were a couple chapters of backstory, more than forty chapters on glorified automated apophenia-fueled ‘blockchain whisperers’ assisting – or even initiating – cyber-hunts with the IRS and various other three-letter agencies, and at best a couple chapters (mainly ‘Chapter 49: Gray Zones’) with criticism regarding the risks of Chainalysis’ methods. Greenberg’s conversation with CEO Michael Gronager and head of communications Maddie Kennedy – who insist that their board would “take all sorts of things into account, like human rights records,” to determine if an interested government or agency “would be an appropriate customer” – is reminiscent of assurances made by the now-defunct Hacking Team.

So, which countries’ law enforcement agencies? Any country that can pay?

“No. No, we can’t do that,” Gronager said. “We are a U.S.-based company. And that means that certain countries we can’t work with and we don’t want to work with.” He cited China, North Korea, and Russia.

But what about the Middle East? “The Middle East is a big mix, right?” Gronager responded. “Like, Israel, it’s fine. Let’s take Abu Dhabi, it’s another.”

At Gronager’s mention of Israel, I could have asked about whether the country is using blockchain analysis to surveil the finances of people in the occupied territories of the West Bank and Gaza. Instead, at the mention of Abu Dhabi, the capital of the United Arab Emirates, my thoughts jumped to the case of Ahmed Mansoor, the Emirati human rights activist and father of four whose phone was targeted by the U.A.E. government using tools from the Israeli hacking contractor NSO. Following that surveillance, Mansoor was arrested and sentenced to ten years in prison, then held in isolation ever since. Despite its close ties to the U.S. and the global economy, the U.A.E. has an abysmal human rights record, of which Mansoor is just one tragic example.

So, I asked, is the U.A.E. a customer? “We can’t say that,” Kennedy cut in, with the recognizable tone of a PR person who has identified a red flag.

“No, we can’t say that,” Gronager agreed, sounding almost disappointed, as though he wished he could share more. “The Middle East — there’s a lot of things that are important there and good activity. And some of it is gray zones. That’s just how it is.”

Those gray zones, Gronager tried to explain, don’t just break down cleanly across national borders, but also cover different uses within a single government. “We want to understand how our products are being used, right? What is the use case here?” Gronager said. “We have a pretty high bar. There has never been a problem.”

‘Chapter 47: Open Season’ rather briefly summarises the Bitcoin Fog case, with obvious deference to the U.S. prosecution’s narrative. Greenberg casually includes that Matthew ‘Matt’ Price, one of the two main IRS-CI special agents behind the allegations against Sterlingov, had “joined the D.C. unit after a stint at the CIA.” (The CIA’s not-for-profit venture capital firm, In-Q-Tel Inc., gave Chainalysis $1.675 million in 2021.) As always, the revolving door spins ‘round and ‘round! (TMIBP02, TMIBP08) In September 2021, Price and Tigran Gambaryan, the star agent, joined Binance as ‘Global Head of Intelligence and Investigations’ and ‘Head of Financial Crime Compliance’ respectively. Less than a week later, Chainalysis announced that they had acquired Excygent – the analysis company listed first as providing “essential support” in Sterlingov’s arrest – for an undisclosed sum. Since early April, Price and Gambaryan have both been featured in “a six-part video series that highlights our compliance experts and their views on how the company invests in this space.”

For example, our law enforcement team responds to law enforcement requests from around the world. In 2022 alone, Tigran says his team responded to over 50,000 law enforcement requests. It’s an incredibly important job that has a direct impact on human lives around the world.”

‘Chapter 32: Advanced Analysis’ (an altered version was published by Wired) focuses on “the hideously vague term ‘advanced analysis’” by which Chainalysis and their partners referred to their method of linking cryptocurrency activity to IP addresses, since around the spring of 2017. “Neither Levin nor Gambaryan has revealed a word of how their method works. (In fact, in our conversations, they never treated any piece of cryptocurrency-tracing tradecraft with more secrecy.)” However, further along in ‘Chapter 50: Rumker’, Greenberg identified this tool in the leaked Chainalysis presentation to Italian police (TMIBP16):

Within the DarkLeaks collection, one slide deck immediately caught my eye. It was a presentation from Chainalysis. It described, in Italian, a remarkable set of surveillance capabilities and tricks that Chainalysis offered to law enforcement but that had never before been publicly revealed.

… But amid all these revelations, it was another slide that finally offered the most elusive answer I’d been looking for: a possible solution to the mystery of the “advanced analysis” trick that Chainalysis had used to locate the AlphaBay server in Lithuania.

The Italian presentation confirmed that Chainalysis can, in fact, identify the IP addresses of some wallets on the blockchain. It did so by running its own Bitcoin nodes, which quietly monitored transaction messages — the very practice that had led to the blowup on Bitcointalk in the company’s earliest days.

First, the slide explained, some wallets that use tools called Simple Payment Verification or Electrum — designed to avoid storing the entire blockchain — leak certain information with every transaction. Nodes that receive a transaction message from those wallets can see not only the user’s IP address but all of their blockchain addresses and even their wallet’s software version, a tidy bundle of identifying information. Chainalysis had code-named the tool they use to collect that wallet data Orlando.

The next slide was even more revealing. It described a tool called Rumker, explaining that Chainalysis could use its surreptitious Bitcoin nodes for identifying IP addresses not only of individual users’ wallets but also those of unknown services — including dark web markets. “Although many illegal services run on the Tor network, suspects are often negligent and run their bitcoin node on clearnet,” the slide read, using a term for the traditional internet not protected by Tor.

On November 16th 2022, Bitcoin developer ‘0xB10C’ published their observations of “very short-lived P2P connections with fake user agents being made to my Bitcoin Core node in a high succession.” They noted that they couldn’t determine whether this ‘entity,’ which they had nicknamed ‘LinkingLion,’ was “actually malicious” or perhaps “from some misconfigured academic measurements,” and clarified “I’ve seen these connections by this entity as early as June this year. However, it might have been active before.” On March 28th 2023, they published a follow-up speculating that it might be a “blockchain analysis company.”

The entity opens connections to many Bitcoin nodes using four IP address ranges and listens to transaction announcements. This might allow the entity to link newly broadcast transactions to node IP addresses. The entity has been active in some capacity since 2018 and is also active on the Monero network using the same IP address ranges. The entity might be a blockchain analysis company collecting data to improve its products.

… Most Bitcoin P2P anomalies originate from individuals playing around with the open network, companies with profit motives, for example, selling data to other companies and law enforcement, or by (academic) researchers. In this case, it seems unlikely that an individual would sustain this over multiple years. The IP address ranges and servers cost money. An academic experiment is usually shorter, too, as papers eventually need to be published. Academic researchers might not use fake user agents. It makes sense for a company to pay for IP address ranges and servers if they can sell the collected data or enhance an existing product. This could be a company doing blockchain analysis.

Additionally, you may recall that in 2021, it was discovered that Chainalysis was surreptitiously using walletexplorer.com to associate IP data and addresses, which was then fed to law enforcement (TMIBP06).

On March 3rd, in “Exploring Unconfirmed Transactions for Effective Bitcoin Address Clustering,” researchers from Fudan University, Hong Kong Polytechnic University, and the University of Luxembourg state that they began “collecting data on May 1, 2022 and collect[ed] a total of 51,216,932 transactions by December 31, 2022.” While it may indeed be the case that this is the first paper to “apply the unconfirmed transactions in Bitcoin to cluster addresses,” given the behaviour of ‘LinkingLion’ and what Greenberg has written about Chainalysis, I would be very surprised if this hasn’t been practiced for a while elsewhere.

Sterlingov’s defense team has recently been travelling and speaking on podcasts to draw public attention on the Bitcoin Fog case, in the United States as well as Europe. During an appearance on Odell’s hundredth episode of Citadel Dispatch, they asserted that this “multi-million dollar investigation” based on ‘junk science’ has been “one of the cases that [Chainalysis] used to build their relationship with [the U.S. Department of Justice], which has translated into a $330 million revenue stream.” Ekeland pointed out that Aaron Bice appears to have founded Excygent as a private company while he was still part of the IRS-CI-CCU until at least 2019, when his investigation team received the “Secretary’s Unit Award.” Youli Lee, the current senior legal director at Chainalysis since January 2022, had been part of the case team as an assistant U.S. attorney specialising in ‘cyber crime’ in the Washington D.C. area until December 2019. She was briefly associate general counsel at Coinbase from April 2021 until she joined Chainalysis. (Both are named in Greenberg’s book, but I saw no mention of their other roles; in particular, Bice is only described as “Excygent’s Aaron Bice,” an expert data analyst.)

You’ve got careerism and a profit motive creating confirmation bias… There’s no objective standards when it comes to blockchain forensics, and that’s very dangerous because it creates exactly what’s happening here. Roman could be any one of you.

On April 25th, I gave an introduction on blockchain surveillance before Ekeland and Hassard discussed their case at a Bitcoin meetup in Berlin. Preempting any questions about why people in Europe should care about an American criminal trial, I emphasised that U.S. financial surveillance legislation and practices increasingly have international reach. Regarding the broader issue of proprietary digital forensic software and ‘bad science’ in the criminal justice system, I cited Rebecca Wexler’s article “Convicted by Code” and they referenced the recently published book “Junk Science and the American Criminal Justice System” by M. Chris Fabricant, attorney and director of strategic litigation for the criminal justice reform group Innocence Project.

You can read more about the case at: https://www.torekeland.com/roman-sterlingov/


In TMIBP20 and TMIBP21, I covered the designation of Ethereum-based mixer Tornado Cash as a sanctioned entity, the subsequent arrest & pre-trial detention of developer Alexey Pertsev in the Netherlands, and related lawsuits challenging the criminalisation of mixing software. (Note: On November 8th 2022, “OFAC simultaneously delisted and redesignated Tornado Cash under E.O. 13722 and E.O. 13694,” whereas previously it was only designated under E.O. 13694.) Bitcoin developer Sjors Provoost and CryptoCanal chief ‘evangelist’ Eléonore Blanc, who have been attending his court hearings, reported that Pertsev “will be released from pre-trial arrest” on April 26th. While awaiting trial, he is required to wear an ankle bracelet and his home will be equipped with “electronic monitoring devices.”

Although it no longer matters I’m still annoyed by one [of] the grounds the prosecutor use[d] to argue for his pre-trial detainment: risk of repeat offense. The judge did not object to this, the defense did.

First of all we don’t even know if his work was illegal in the first place.

The prosecutor claims he can only make money by building another mixer. That otherwise he’d be homeless. Therefore he’ll be tempted to repeat his alledged crime. This is patently absurd. There’s plenty of other work for experienced smart contract developers, and devs in general. This argument is normally used against drug dealers who have to fall back to working at a supermarket. The fact that a judge goes along with such an absurd claim is worrying, because it demonstrates a complete lack of knowledge about the sector.

Pertsev is scheduled to appear at the ETHDam conference and hackathon in Amsterdam starting on May 20th: “Privacy is normal. Following the arrest of Alex Pertsev, a Tornado Cash developer in the Netherlands, ETHDam 2023 is determined to counter the chilling effect and bridge worlds to discuss the future of privacy and encourage them to build on the shoulders of cypherpunk giants.”

Regarding Joseph Van Loon et al. v. Department of the Treasury, there was a dispute over whether to handle the case in the Waco Division or the Austin Division of the Western District of Texas. The Treasury, among other reasons, motioned for transfer to Austin because “Austin has existing facilities for the review and storage of classified information, while Waco does not.” (They later filed a proposed protective order stipulating the handling of ‘Highly Sensitive Confidential Information’ (HSCI) by parties.)

… Waco lacks a Secure Compartmentalized Information Facility (SCIF) where the Court may view and store classified portions of the administrative record. Reviewing classified material will likely be necessary to resolve Plaintiffs’ statutory and constitutional claims because the administrative record, which memorializes the basis for OFAC’s determination that Tornado Cash is a sanctioned entity, contains classified information.

On November 22nd 2022, the plaintiffs filed an amended complaint to include the redesignation of Tornado Cash, which “also added 53 smart contracts” to the Specially Designated Nationals and Blocked Persons (SDN) list. On December 9th, the Treasury responded to their amended complaint, “respectfully request[ing] that the Court enter judgment dismissing this action with prejudice and awarding Defendants costs.” On January 13th 2023, the Treasury filed a certification from Ripley Quinby IV, the Deputy Associate Director of the Office of Global Targeting in OFAC, that the “list of the contents of the administrative record constitute a true, correct, and complete copy of the unclassified, non-privileged, or otherwise protected documents that were directly or indirectly considered in connection with OFAC’s decision to designate.” Several portions of the certified index are redacted, particularly the final page listing classified exhibits. On February 16th, Judge Jeffrey C. Manske granted the motion to transfer to Austin. On March 20th, Judge Alan D. Albright adopted and ordered the transfer to Austin, and subsequently reassigned it to Judge Robert Lee Pitman. On March 24th, the parties jointly proposed a new case schedule.

On March 28th, Coin Center published a blog about the “Restricting the Emergence of Security Threats that Risk Information and Communications Technology” / RESTRICT Act, introduced to the U.S. Senate on March 7th. They promised to “consider a court challenge if it is ever used to sanction open source crypto technology.”

The RESTRICT Act is conceptually similar to the International Emergency Economic Powers Act (IEEPA), the law that empowers OFAC to block Americans from transacting with sanctioned foreign persons. Indeed, the RESTRICT Act would essentially create a parallel sanctions regime administered by the Secretary of Commerce alongside OFAC’s regime (administered by the Treasury Secretary).

… we are very concerned that an overbroad interpretation of those powers could be exploited in order to ban Americans from using entire classes of technologies, even when no foreign adversary has an actual proprietary interest in the technology as a whole. This concern is exemplified by OFAC adding the Tornado Cash immutable smart contracts to the SDN list.

On April 5th, the Van Loon et al. plaintiffs filed a motion for partial summary judgement, with supporting amicus curiae from the Blockchain Association and DeFi Education Fund, investment firm Paradigm Operations LP, and venture capital firm Andreessen Horowitz (“a16z”). On April 11th, Electronic Frontier Foundation (EFF) senior fellow Ross Schulman and executive director Cindy Cohn wrote that “both cases [Van Loon et al. and Coin Center’s] raise important legal issues. EFF will be watching these cases closely and participating in them where we see a need.” The Treasury opposed an amicus brief filing by the EFF as an “untimely” submission; Judge Pitman disagreed, and the EFF’s brief was then filed on April 27th. They argued that “open source developers must feel confident that they are not risking criminal liability by merely participating in coding for a project.”

EFF has also heard from, and about, developers of other open source projects that concern mixers and other privacy-protecting services who became alarmed at the prospect of severe criminal liability for working on those projects.

… It especially impacted projects developing privacy protective tools both inside and outside of the area of cryptocurrency and decentralized finance.

… Developers of other projects, especially those that increase financial privacy, reasonably worried that their work could be subject to criminal liability under the SDN scheme in a moment’s notice as well.

… As detailed above, courts have uniformly held that the publication of code is speech for purposes of the First Amendment. But no court has yet determined the level of First Amendment scrutiny required when reviewing the inclusion of published open source code on the OFAC SDN sanctions list.

… In short, OFAC’s inclusion of Tornado Cash on the SDN list – which is based upon its function as a privacy-assisting tool – means that the inclusion is content-based and must survive strict scrutiny.

On May 3rd, the Treasury filed a “cross-motion for summary judgement and opposition to plaintiff’s motion for partial summary judgement,” arguing that Tornado Cash is an entity that can certainly be designated and “no incidental limitation on protected speech stems from the designation.”

There is no First Amendment speech right to use a single preferred service to send money… OFAC’s designation does not implicate Plaintiffs’ right to donate money to causes of their choosing or otherwise engage in protected speech, because Plaintiffs remain free to donate money and to interact with the open-source code as they please — and to do so without public disclosure. They merely cannot send funds through Tornado Cash (unless they obtain a license to do so).

… Those who wish to use Tornado Cash may continue to use any other available service to send and receive money lawfully, including the many traditional channels (like bank transfers) that allow them to do so privately.

… Accordingly, even if Plaintiffs had identified any First Amendment–protected interest affected by the designation of Tornado Cash, that designation is appropriately narrowly tailored to the Government’s substantial interest in preventing malicious cyber activities to safeguard national security.

On February 3rd, Professor Dr. Fabian Schär and PhD candidate Matthias Nadler from the University of Basel had shared the pre-print of their paper for the St. Louis Fed, “Tornado Cash and Blockchain Privacy: A Primer for Economists and Policymakers.” They state that their goals are to “provide an interdisciplinary introduction to non-custodial crypto asset mixers, to create a foundation for economists and policymakers, and to enable further research at the intersection of privacy and illicit activity,” and define Tornado Cash as “a smart contract-based crypto asset mixer that uses zkSNARKs to create a decentralized privacy-enhancing protocol.” The fifth section of the paper outlines its “regulatory challenges” and “how Tornado Cash might be usable” through “a regulatory regime built around voluntary disclosure.”

Regulated financial intermediaries will only accept the funds if the customer is willing and able to provide proof of the funds’ origins. Similarly, merchants who sell a good or service above a legal threshold value are legally obliged to file these transactions and have strong incentives to ask for a proof of origin. Otherwise, they might be in violation of the law and face challenges when trying to use the funds for which they cannot provide information about the origin.

:information_source: Check out Foundation Devices’ blog series around Bitcoin privacy topics, including: “Interacting with Bitcoin Privately” (May 2022), “Why We Mix” (November 2022), “What We Protect” (January 2023), “Making Sense of Stealth Addresses” (February 2023), and “Privacy on Nostr” (March 2023). Their online store supports purchases using PayJoin.

:information_source: Are you an open-source contributor to Bitcoin or related infrastructure? Consider applying for a grant at Open Sats, a 501(c)(3) non-profit organization. We want to create a sustainable, independent, and consistent ecosystem of funding for free and open-source software and projects. All gifts and donations are tax-deductible to the full extent of the law.

Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’