December 2020
Welcome to the seventh issue of ‘This Month in Bitcoin Privacy’ newsletter. Enjoy!
"Cinnabar Moth" by Doolallyally is licensed under CC BY-ND 2.0
Table of Contents
- Privacy Enhancing Technologies Symposium
- Taproot Ring Signatures
- Privacy in Cross-Layer Interactions
- Comply First, Think Later
- CoinSwap on Testnet
- The PATRIOT Act: Share It All
- Wasabi Wallet 2.0 Update
- User Experience Research Grant
- Coinkite Bitcoin School: JoinMarket
- Ledger Data Dump
- Financial Cancel Culture
- Release Candidate Testing
- Farcaster: Atomic Swaps with Monero
- Merry Mixmas
- “A Best Guess”: BitBargain Closes
December 1st - PRIVACY ENHANCING TECHNOLOGIES SYMPOSIUM
The third submission deadline for the upcoming 21st Privacy Enhancing Technologies Symposium (PETS 2021) has now passed. If you would still be interested in publishing your research here, the final issue submission deadline is set for February 28th 2021. This open-access journal and conference has been accepting papers regarding “blockchain technologies applied to privacy / blockchain privacy” since their 19th symposium.
December 2nd - TAPROOT RING SIGNATURES
Developer Jonas Nick published a proof-of-concept ring signature scheme for Taproot outputs. Ring signatures are a type of digital signature “which makes it possible to specify a set of possible signers without revealing which member actually produced the signature.” Ring confidential transactions (RingCTs) have been mandatory in Monero since 2017.
In TMIBP06 I covered discussion about the privacy benefits of the upcoming Schnorr / Taproot soft fork. Alejandro De La Torre and journalist Aaron van Wirdum have been tracking miner support for activation; around 90% of the global hashrate has signalled support in some way. On December 10th, Braiins, operator of the oldest Bitcoin mining pool, published a “not overly-technical description of how blockchain analysis works and the implications of Taproot on Bitcoin user privacy.” The first half of the article breaks down UTXOs and clustering.
A great start would be exchanges using Taproot in mass, which they are incentivized to do considering that they are likely the most active users of multi-sig transactions which are made cheaper by Taproot. If exchanges do their part, it’s up to wallet service providers to also implement Taproot for their users, so that multi-sig exchange withdrawals to single-sig users are not distinguishable on-chain.
This all starts with education. Most new adopters of Bitcoin will likely never know or care about address types and other technical aspects of the network. But we are the early adopters, the vocal and powerful minority in the future Bitcoin ecosystem. It is up to us to follow best practices, educate others, and support service providers who help move Bitcoin forward.
For a summary of Schnorr and Taproot progress, see Bitcoin Optech’s special edition year-in-review newsletter.
December 3rd - PRIVACY IN CROSS-LAYER INTERACTIONS
Notifications for paper submissions to next year’s 25th annual Financial Cryptography and Data Security (FC21) conference were sent out. One of the accepted papers concerns “the first quantitative analysis of the security and privacy issues opened up by cross-layer interactions” on Bitcoin, published back in July. It was authored by Matteo Romiti, Friedhelm Victor, Pedro Moreno-Sanchez, Bernhard Haslhofer, and Matteo Maffei.
On the same day, co-author Haslhofer also shared that the Austrian Institute of Technology (AIT) and the Vienna Complexity Science Hub were “joining forces and aim at building an interdisciplinary team of scientists focusing on the analysis of Decentralized Finance (DeFi) protocols and services.” They are looking to fill part-time PhD and partner scientist positions.
István András Seres, a co-developer of WabiSabi, has been working on the security and privacy page of ‘Mastering the Lightning Network.’ As I previously covered in TMIBP01, TMIBP03, and TMIBP05, many have been critically examining the Lightning Network’s privacy guarantees.
December 7th - COMPLY FIRST, THINK LATER
ComplyFirst launched this month as a new “online resource for anti-money laundering (AML) and other digital assets-related compliance professionals,” with contributions from Tari Labs, DV Chain, Stoic Capital, and the blockchain surveillance firm CipherTrace.
We aim to educate and support various members of the cryptocurrency ecosystem, including exchanges, wallets, custodians, developers, researchers, and more on supporting these valid, valuable and rapidly emerging technologies in a responsible manner that satisfies their compliance obligations.
One of their first resources, published on December 7th, is “Example Privacy Feature Enhanced Due Diligence Questionnaire,” intended to be sent to customers and counterparties that “may be involved with privacy-enhancing activities such as mixing services, shielded transactions, or other unusual privacy-enhancing behaviors.” Some of the questions include:
Describe your process of using a privacy-enhancing feature to the best of your ability:
Describe why you are using a privacy-enhancing feature:
What cryptocurrency addresses did you use before/during/after (as applicable) the privacy-enhancing feature?
If the privacy-enhancing process was interactive, did you conduct due diligence (eg: collect IDs,physical addresses, etc.) or otherwise know any of the counterparties you interacted with to use this privacy-enhancing feature? If so, provide as much information as possible, including names and wallet addresses:
Do you intend to use these or similar privacy-enhancing features in the future? If so, why?
Honestly, this questionaire is far too long. I laughed so hard that I struggled to even read it. If they would like a more succinct version, keeping the original spirit of the document, I would re-write it as: “Hey there! I see that you want to preserve your financial privacy. Do you mind if we just strip it away completely? Please keep in mind that if you answer incorrectly, you might never get your money back. ”
Ask me for the identities of relay operators along my Tor onion circuit, why don’tcha?
December 8th - COINSWAP ON TESTNET
In TMIBP01 and TMIBP03, I covered the early development of a working CoinSwap protocol. Chris Belcher has since conducted “the first ever multi-transaction CoinSwap on bitcoin testnet.” On December 14th, he also published a Rust implementation “for developers to play around with,” including a detailed list of tasks and goals.
December 10th - THE PATRIOT ACT: SHARE IT ALL
The Financial Crimes Enforcement Network (FinCEN) published a news release titled “Director Blanco Emphasizes Importance of Information Sharing Among Financial Institutions.” These prepared remarks for the ABA’s annual Financial Crimes Enforcement Conference were accompanied by a fact sheet on Section 314(b) of the USA PATRIOT Act:
Section 314(b) of the USA PATRIOT Act provides financial institutions with the ability to share information with one another, under a safe harbor that offers protections from liability, in order to better identify and report activities that may involve money laundering or terrorist activities. Participation in information sharing pursuant to Section 314(b) is voluntary, and FinCEN strongly encourages financial institutions to participate.
In TMIBP02 and TMIBP05, I covered the development of an inter-VASP customer data sharing system for compliance with the Bank Secrecy Act (BSA) Travel Rule, and how FinCEN was seeking to lower the threshold (a proposal for which they received “roughly 2,900 comments”); in TMIBP02, TMIBP04 and TMIBP06, I’ve followed challenges to the use of the third-party doctrine regarding financial records; in TMIBP05, I also highlighted how the effectiveness of anti-money laundering policies came under scrutiny with the release of the ‘FinCEN Files’, and interest in identifying ‘crypto-exposed persons.’
According to the fact sheet, financial institutions “need not have specific information indicating that the activity… relates to proceeds of [specified unlawful activities] SUA… nor must a financial institution or association have reached a conclusive determination that the activity is suspicious.” Furthermore, the “regulations impose no limitations on the sharing of personally identifiable information.” In an interview with CoinDesk, associate law professor Nizan Geslevich Packin, author of a pending paper on “data aggregators’ relationships with banks, tech companies, and consumers,” said this is “a major concern.”
This has led to what one compliance officer called an “avalanche of data” because financial institutions have been filing more and more to FinCEN.
“Many questions about the safety of the information collected by FinCEN, as well as the bureau’s failure to provide clear guidelines regarding how and when it eventually deletes the data it has, remain unanswered,” Packin said. “This is concerning … in an era in which cybersecurity [has] become a major concern.”
On December 18th, Director Kenneth Blanco filed a notice of proposed rulemaking “to require banks and money service businesses (‘MSBs’) to submit reports, keep records, and verify the identity of customers in relation to transactions involving convertible virtual currency (‘CVC’) or digital assets with legal tender status (‘legal tender digital assets’ or ‘LTDA’) held in unhosted wallets” when the transaction is valued “above the equivalent of $3,000.” The document notes that they would be limiting the notice-and-comment period to fifteen days “because this proposal involves a foreign affairs function of the United States” and must not have “undue delay in the implementation.” Coin Center commented that “rushing this rule” was “problematic,” and “time constraints of the so-called midnight period should never be an acceptable justification for imposing rules on Americans and innovative American businesses.”
Make no mistake, CTRs are a form of warrantless search and seizure of private financial records. Fifty years ago, the Supreme Court narrowly upheld the constitutionality of these reporting requirements, arguing that Americans lose their right to a warrant with individual suspicion when they hand their private information over to third parties. We’ve written extensively why the continued constitutionality of these policies is in doubt.
On December 1st, Elliptic had published the ‘takeaways’ from a conversation between their CEO Simone Maini and Blanco. He claimed that FinCEN “has received 96,000 crypto-related SARs since 2013.” Maini warned that “it’s best to stay on FinCEN’s good side and be proactive in following their guidance.”
“If you do business in whole or in substantial part in the United States, you fall under our regulations. Period,” Director Blanco said. “If you’ve got to think about it, that means you fall under our regulations and we expect not only that you’re going to register, but that you’re going to comply with all the AML/CFT obligations in the United States.”
Director Blanco’s message was clear: crypto businesses need to ask for permission, not forgiveness, when expanding into new markets and business lines.
“Asking for forgiveness is going to be a big problem,” he said.
Of course, the original American patriots who protested general searches of private property and invasions of privacy by the British asked neither for permission nor forgiveness. Permissionlessness is the reason that Bitcoin, and the United States, came to exist at all. Even Chainalysis’ regulatory team, while still engaging in some ass-kissing, commented that “efforts to improve enforcement should be driven by what would actually improve the effectiveness of the system, not by adding box-checking compliance requirements.”
The proposed requirements go beyond the level of reporting and verification that exists in traditional financial services. The collection of large amounts of personal data on citizens transacting normally will not further the fight against illicit proceeds, as demonstrated by the use of unhosted wallets. It places an undue burden on regulators and the industry to collect and manage this data when there are more urgent vulnerabilities in cryptocurrencies, which can be addressed using the power and transparency of the blockchain.
On December 9th, U.S. congressmen Warren Davidson, Tom Emmer, Ted Budd, and Scott Perry wrote a letter to U.S. Treasury Secretary Mnuchin “regarding reports that the Treasury Department is considering issuing regulations that would restrict the use of self-hosted wallets.” Update: Emmer and seven other members of Congress, including Tulsi Gabbard, sent an additional letter on New Year’s Eve “requesting an extension of the truncated 15 day comment period” to 60 days.
The contemplated regulation would not meaningfully support law enforcement, while it would raise privacy concerns and place impractical regulatory burdens on digital asset users and companies… Eliminating the middleman through the use of self-hosted wallets means that consumers can maintain privacy and transact freely, which is critically important as individuals increasingly conduct their financial lives digitially. Such freedom stands in stark contrast to China’s digital yuan, where citizens’ transactions are surveilled and transactions involving disfavored individuals or activities can be censored.”
On December 21st, Bitcoin developer Matt Corallo, the Electronic Frontier Foundation, and Kraken published similar objections to FinCEN’s proposed rulemaking, focusing on the detrimental effects to financial privacy and inclusion:
Twenty-five percent of the U.S. population is currently unbanked or underbanked. Sadly, existing requirements do indeed prohibit financial institutions from opening accounts for homeless people, refugees and others in this 25% who do not have enough money to afford a mailing address.
Existing requirements do, however, permit them to receive money from those who can afford to pay account maintenance fees and live in neighborhoods that attract physical branches. The proposed rule would go beyond existing requirements to literally outlaw people sending money to the less fortunate using their financial institutions.
The proposed rule does not just reserve today’s financial system for the wealthy. It also seeks to wall off tomorrow’s financial system from the poor. Beyond just prohibiting transactions with humans without home addresses, the proposed rule would prohibit financial institutions from sending virtual currency to smart contracts, which have no name or physical location to begin with.
On the same day, it was reported by Senator Ron Wyden that the Treasury Department had “suffered a serious breach, beginning in July, the full depth of which isn’t known” – though at least “dozens of email accounts were compromised,” including those of “the most senior officials.” Wyden noted that this should “put an end to any plan that weakens encryption.” Andrea O’Sullivan also wrote for Reason: “Now that we see the Treasury Department is apparently riddled with cybersecurity holes, we have even greater reason to resist the expansion of its financial surveillance programs.”
Fight For The Future launched a campaign for easily sending comments to FinCEN. Compounding the reported cybersecurity breach and midnight period time constraints, lawyer Jake Chervinsky discovered that “on Tuesdays & Thursdays,” the government’s website “redirects to a new beta site & breaks existing links in the process.” The notification message indeed reads:
Regulations.gov will redirect users to beta.regulations.gov on Tuesdays and Thursdays for 24 hours starting at 8am ET. Please note that all comments submitted through Beta, both during the redirect and regular operations, are provided to agencies.
For legal discussion on these policy changes that may affect Bitcoin privacy, see episode #292 of the What Bitcoin Did podcast with Jerry Brito and Peter van Valkenburgh from Coin Center.
December 12th - WASABI WALLET 2.0 UPDATE
In TMIBP06, I covered Wasabi’s announcement of their next-generation wallet software with “a complete UI redesign and significant UX improvements.” This month, Ficsór provided more information on the status of the work and a preview of the new interface, still estimating that the release will be ready in 8 to 9 months.
We’re currently trying to come to consensus on just how many of our ideas we should include in the first version. But what I can already say, is that our starting results are miraculous: we are already able to create coinjoins that are both orders of magnitude cheaper and faster than Wasabi 1.0 coinjoins. Red changes will rarely be created, nor will there be a need to have a minimum amount to coinjoin anymore. At last, the UTXO set of wallets will be more diverse and coinjoins won’t inflate the number of coins in wallets anymore.
Regarding WabiSabi, they are “still awaiting peer review from the Academic community.” Ficsór talked more about these “UI and protocol changes” in Wasabi, as well as base layer changes coming to Bitcoin, on episode #112 of the Unhashed podcast. Yuval Kogman, another co-developer, spoke on a panel about UX design for the Advancing Bitcoin podcast.
On December 28th, Wasabi also published a year-end review.
December 14th - USER EXPERIENCE RESEARCH GRANT
Square Crypto announced their 20th grant to UX designer Patrícia Estevão, to “help answer fundamental questions about how bitcoin is used to guide future design and development decisions.” Estevão has previously published several infographics and videos related to Bitcoin privacy, including ‘Privacy and UTXO,’ ‘Privacy and Light Wallets,’ and ‘Wasabi Wallet.’ The results of her research will appear in the Bitcoin Design Guide.
In November, software engineer Conor Okus had interviewed Johns Beharry for the fourth episode of the Advancing Bitcoin podcast. He spoke about his personal experience in the Caribbean with bitcoin, in comparison to wire transfers and PayPal. Beharry had also received a grant to work on the design guide, focusing on the payment protocols section and making it easier “to grapple with on-chain, layer 2, CoinJoins, PayJoins, and PSBTs.”
Why is it important to look at the user experience of privacy, also in the context of bitcoin? So that those people can have a choice in the matter. It is about choice, being able to choose how private [I want to be].
December 16th - COINKITE BITCOIN SCHOOL: JOINMARKET
Coinkite, in collaboration with ‘Keep It Simple Bitcoin,’ published another installment in their educational video series: “How To Use JoinMarket - Bitcoin Privacy Software.” It covers installation via the command line, setup, participating in CoinJoins, and the yield generator.
December 20th - LEDGER DATA DUMP
In TMIBP02, I covered the discovery of a data breach from the e-commerce and marketing database(s) of hardware wallet company Ledger. At the time, they asserted it consisted “mostly of email addresses, but with a subset including also contact and order details such as first and last name, postal address, email address and phone number.” While it is not known whether they obtained it firsthand or secondhand, a hacker has since dumped over one million email addresses and 272,853 shipping orders on RaidForums, claiming that the dataset had been selling for 5 BTC. To help customers check whether they were affected by the breach, it was mirrored on HaveIBeenPwned.
Ledger soon tentatively confirmed that this was real customer information. They claimed to have “hired a new Chief Information Security Officer (CISO),” “thoroughly reviewed our data policy,” “executed penetration tests and forensic analysis with external security firms,” and “are continuously working with law enforcement to prosecute hackers and stop these scammers.” In the days that followed, they shared advice about what to do, acknowledging that “some of you are being personally threatened.” CEO Pascal Gauthier published a letter to customers and spoke on episode #290 of What Bitcoin Did. While he blamed tax reporting regulations as the cause of why they held on to such data long-term, he admitted that they could have stored it offline instead.
If you know or suspect that you were impacted by this breach, I recommend reading Kraken’s “Security Advisory: Mobile Phones,” Jameson Lopp’s “A Home Defense Primer,” and “A Modest Privacy Protection Proposal.”
December 21st - FINANCIAL CANCEL CULTURE
I gave a one-hour presentation for the Bitcoin Munich meetup on “Financial Cancel Culture,” a term that I used while covering the growing interest of traditional financial surveillance and compliance businesses in blockchain analysis. My slides are available here. The second half of the meetup consisted of questions and group debate.
The focus of the discussion will be financial censorship: how and why people are being “cancelled” from having bank accounts, often without due process or allegations of illegality, and whether Bitcoin may be of help. We will also discuss resisting regulatory capture, the emergence of “blockchain analysis” aka blockchain surveillance companies, and much more.
On December 29th, Matt Odell hosted a similar discussion in the second episode of Citadel Dispatch with analyst Ergo and the creator of the Bitcoin Q+A guides. In addition to reviewing various privacy tools and strategies, they talked about their experience using pseudonyms and why it’s important – as Satoshi originally advised – to keep your identity and financial history separate as much as possible.
KYC is fucking insidious. What we see is, KYC is infecting our whole lives. Bitcoiners don’t realise, they think it’s a ‘bitcoin issue.’ It’s not a ‘bitcoin issue,’ you’ve just come to accept it in every other aspect of your life. Where bitcoin is the one aspect where maybe you questioned it, maybe you think, “Is it wrong?”
For more on the culture of pseudonymity and Bitcoin, see Gigi’s essay “True Names Not Required: On Identity and Pseudonymity in Cyberspace,” inspired by Vernor Vinge’s classic cyberpunk science fiction novel “True Names.”
December 23rd - RELEASE CANDIDATE TESTING
In TMIBP05, I highlighted that Bitcoin Core v0.21 would add support for Tor’s v3 hidden service addresses. On December 23rd, the Bitcoin Core PR Review Club hosted a special edition meeting with Jarol Rodriguez to organise release candidate testers. The second release candidate had been published at the end of November. The final version has not been scheduled for release yet, though it had previously been targeted for sometime this month.
December 24th - FARCASTER: ATOMIC SWAPS WITH MONERO
Monero researcher Joël ‘h4sh3d’ Gugger gave an update via Reddit on the cross-chain atomic swap client and protocol between Bitcoin and Monero, “codename Farcaster,” which I covered in TMIBP03 and TMIBP05. He wrote that a “bitcoin-genie” had encouraged them to work on “how to use Taproot outputs and Schnorr signatures” first instead of ECDSA:
That improves privacy of the swaps: in the most common swap outcome – the successful case – no script, nor the existence of a script hidden behind that pubkey, will ever be revealed to the Bitcoin blockchain, and makes Bitcoin transactions cheaper. Beat that! For more details, visit here. Another benefit: Schnorr adaptor signatures are simple, and easy to get to production-level, audited code – that is harder to accomplish using ECDSA adaptor signatures.
That said, the genie’s wild prediction for Schnorr/Taproot softfork activation on bitcoin is “Q4 2021”.
These changes will influence our list of deliverables: possibly no ECDSA, but instead Schnorr signatures – before it was only ECDSA signatures.
You can follow the project here.
December 25th - MERRY MIXMAS
Samourai Wallet is offering a 50% discount on Whirlpool mixing fees until January 1st 2021.
If you are new to CoinJoins and Whirlpool, see Bitcoin Q+A’s user guide “Whirlpool + Postmix Spending FAQ.”
December 26th - “A BEST GUESS”: BITBARGAIN CLOSES
The U.K.-based marketplace BitBargain ceased to allow trading and deposits, following a previously published closure schedule that aligned with deadlines for registering (or else) according to the fifth European anti-money laundering directive, and the Financial Conduct Authority (FCA) “advising customers of cryptoasset firms which should have applied to the FCA, but have not done so, to withdraw their cryptoassets or money before 10 January 2021.”
In a long goodbye letter published on Christmas Day, the CEO wrote about his experience running the platform since 2012, and why “it did not feel right at all” to continue operating. He also commented on the role and (in)effectiveness of blockchain surveillance companies: “Most of the requests we did not comply with originated from blockchain analysis based information.”
Blockchain analysis is essentially a best guess of a proprietary algorithm which scans the blockchain, the web, the dark web and all kinds of data sources, then tries to connect different addresses, group them into clusters, make a guess as to what entity owns the cluster, then present information about where those wallets sent coins and where they received coins from. Busting down the front door of someone based on such approximations is highly inappropriate and unreasonable in my opinion, though it is an accepted practice in the United States for example. It is important to mention that some of the BA based requests asked for information we did not have. This means that the specific tool they used incorrectly claimed that a transaction or address belonged to us.
Those in power want as much control over crypto as they have over your personal bank account. Some of them want this with good intentions without much consideration about balancing their power against constitutional rights of the people, others need it only to stay in power. They demanded a solution. Predictably, the industry jumped right on it and came up with something that would pass. And it’s good business. Some of these companies ask for tens of thousands of dollars a year to give you access to their database and tools. And they’re not all bad. Most of the time you can figure out the name of the exchange by simply providing a transaction ID. You can check out an exchange and see how much coin is going to dark web suspects. Overall, it’s a good tool to have, but at the end of the day it’s still just a best guess by a computer software.
Thanks for reading! Feel free to bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’