February 2021

Welcome to the ninth issue of ‘This Month in Bitcoin Privacy’ newsletter. Enjoy!

"Dicycla oo - Heart moth - Совка двойное О" by Cossus is licensed under CC BY-SA 2.0

Table of Contents

1. FinCEN Proposed Rulemaking Update
2. Taproot Activation Meetings
3. Join the Wasabikas
4. SIM Swapping Conspiracy Charges
5. Fourth Amendment Lawsuit Against IRS Update
6. New BIP-47 Draft and PayNym Torch
7. Teleport Transactions
8. The Nym Network Whitepaper

February 1st - FINCEN PROPOSED RULEMAKING UPDATE

In TMIBP07 and TMIBP08, I’ve followed the proposed rulemaking from the Financial Crimes Enforcement Network (FinCEN) regarding personal and financial information of cryptocurrency users. Jerry Brito, and Peter van Valkenburgh from Coin Center gave an update in episode #25 of their Tangents podcast. Though they planned to file some comments on the currency transaction report (CTR) aspect, they do not see it as equally contentious.

The arguments we were making about substance were all about the counterparty thing, exclusively. That includes the constitutional law arguments. If there was not a counterparty identification requirement here, it would be difficult to come up with Fourth Amendment or First Amendment, free assembly, donations to non-profits -type arguments that just the CTR requirement, on its own, is somehow unconstitutional. It would be very hard to come up with those. Back when we were talking about the counterparty stuff, [we thought], ‘Coin Center is going to set up, and has, self-custodied (I hate using these terms)… bitcoin addresses that we control. People are going to donate to us. The counterparty rule would say that financial institutions need to know all the people donating to Coin Center and report that for transactions over $10,000. They would be compiling a list of our donors.’ Then we would argue that, according to old Supreme Court precedent, you can’t force non-profits to divulge lists of their memberships. That violates First Amendment rights to free assembly. We can’t make those arguments merely about currency transaction reports, which are just the financial institution [saying], “Hey, my customer moved more than $10,000. I don’t know what happened after this.”

… It’s hard to get too upset over equal treatment with what banks already have to do when their customers withdraw cash. You can get a little upset because it’s one of these markers of how much we’ve accepted the surveillance state in this country since the 1970s, that all of this data just gets reported to the government without a warrant. But again, we’re not going to necessarily start an armed rebellion, as it were, against the Bank Secrecy Act that would affect the entire financial ecosystem writ large. We’re just interested in crypto, and in crypto being treated equally.

February 2nd - TAPROOT ACTIVATION MEETINGS

In TMIBP08, I covered the release of Bitcoin Core v0.21, which included “the proposed Taproot consensus rules (BIP341 and BIP342).” Adam Gibson and Kristaps Kaupe performed “the first joinmarket coinjoin on signet,” which was recently supported in Bitcoin Core v0.21. On February 2nd, with almost 90% of global hashrate loosely signalling support for Taproot, there was an IRC meeting to discuss activation methods on mainnet.

The Bitcoin Wiki currently details six distinct variations of activation. For the most part, those who participated in the chat voted for BIP-8 (false, 1y), which will “provide eventual flag day activation after a reasonable time (recommended a year), as well as for accelerated activation by majority of hash rate before the flag date.” During the meeting, pull-requests #1020 and #1021 on the BIP-8 specification were merged.

The next day, CoinDesk journalist Colin Harper covered Taproot, MuSig2, CoinSwap, and point time lock contracts (PTLCs), which I’ve highlighted in TMIBP03. Folkson shared a summary of the meeting, an outline of the various arguments, with comments from Greg Maxwell, and announced the scheduling of another meeting on February 16th.

Yesterday (February 16th) we held a second meeting on Taproot activation on IRC which again was open to all. Despite what appeared to be majority support for LOT=false over LOT=true in the first meeting I (and others) thought the arguments had not been explored in depth and that we should have a follow up meeting almost entirely focused on whether LOT (lockinontimeout) should be set to true or false.

Harper summarised key points of the second meeting. ‘ZmnSCPxj,’ Matt Corallo, Adam Back, Anthony Towns, Jeremy Rubin and others participated in follow-up discussion.

the code for the fully primed-and-ready Taproot upgrade will be deployed sometime between March 17 and March 31 (or April if necessary), but the actual signaling that kick-starts the activation process probably won’t start until July.

On January 12th, as I had mentioned in TMIBP06, Tim Ruffing presented the new “MuSig2: Simple Two-Round Schnorr Multi-Signatures” paper at the Real World Crypto (RWC) conference. Ruffing reiterated that the scheme would require the activation of Schnorr / Taproot on-chain in Bitcoin, in order to build more complex off-chain applications.

If the only data that ends up on-chain is a Schnorr signature or public key, then this is also great for privacy because it hides the fact that we are running our advanced protocols.

Check out What Bitcoin Did #284, Bitcoin Optech Newsletter #134, #135, and #137, the Schnorr Taproot Workshop, and Aaron van Wirdum’s article for summaries on Schnorr / Taproot activation and other developments.

February 6th - JOIN THE WASABIKAS

Wasabi has launched a new podcast, hosted by Max Hillebrand, titled “Join the Wasabikas - a Bitcoin Privacy Podcast.” A short pilot episode was released on February 6th. “The History of Wasabi Wallet,” “From Empty Page to WabiSabi,” and “Nicholas Dorier Is Making Banks Obsolete” were published throughout the month.

Halfway through this month, they indicated that the UI redesign was about three months into development (see TMIBP07). On February 18th, they also published a note about the weekly Wasabi Research Club, which has become a relaxed virtual meeting place for anyone to engage in “meaningful discussions on bitcoin privacy.” The club convenes every Monday at 18:00 UTC.

February 8th - SIM SWAPPING CONSPIRACY CHARGES

In TMIBP01 and TMIBP03, I have covered the threat of SIM swapping for bitcoiners who use phones for mobile wallets and / or as a second factor on their accounts. On February 8th, the U.S. Attorney’s Office in the Eastern District of Louisiana announced that they were charging a former sales representative of a phone company with “conspiracy to commit wire fraud” as a result of “his role in a SIM Swap scam that targeted at least nineteen people” and “cryptocurrency belonging to the customers.” According to the charges:

On or about November 10, 2018, Victim A’s telephone number was swapped to a SIM card contained in an Apple iPhone 8 bearing International Mobile Equipment Identity number 356703087816582 (“the Apple iPhone 8”) that was in the possession of Richard Li. The SIM Swap of Victim A caused, among other things, the transmission of a series of writings, signs, signals, and sounds that traveled in interstate commerce, including between the States of Florida, Louisiana, and California. As a result of the SIM Swap, Victim A’s email accounts and Binance, Bittrex, Coinbase, Gemini, Poloniex, ItBit, and Neo Wallet crypto currency accounts were compromised without Victim A’s knowledge or authorization. Victim A suffered an actual loss of a substantial portion of his cryptocurrency.

If you are vulnerable to this type of breach, I recommend Kraken’s “Security Advisory: Mobile Phones,” Lopp’s “A Home Defense Primer,” “A Modest Privacy Protection Proposal,” and Bazzell’s “Privacy, Security, & OSINT Show.”

February 9th - FOURTH AMENDMENT LAWSUIT AGAINST IRS UPDATE

In TMIBP02, I had highlighted Jim Harper’s lawsuit against the IRS “for violation of my Fourth Amendment and Due Process rights” in relation to the sharing of his financial data by a third party service. On February 9th, CoinDesk privacy reporter Benjamin Powers had published an article summarising the government’s recent response and the case up to this point.

Harper said because he’s active in this area of policy, he knows the law is bad.

“The ‘third-party doctrine’ says that people who have shared personal information with a service provider like Coinbase no longer have a Fourth Amendment interest in the information,” he said. “The third-party doctrine is the death knell of privacy because of the way we use network technology today in every aspect of our lives. Either the third-party doctrine or privacy is going to go away. I hope this case tees up reconsideration of the third-party doctrine in the Supreme Court.”

He also pointed to an older news release from July 2019, in which IRS Commissioner Chuck Rettig stated that they were “expanding our efforts involving virtual currency, including increased use of data analytics.” This corresponds with their ongoing inquiries that I’ve explored in TMIBP01, TMIBP02, TMIBP04, and TMIBP05.

On February 19th, as a visiting fellow at the American Enterprise Institute (AEI), Harper wrote about a “campaign to make the law recognize and stop presumed bad data practices.”

Think of people’s legal rights as forming a bubble around them. When a right is invaded, the law recognizes that as harm and offers appropriate remedies. One dimension of that bubble is the right not to be punched without provocation. The legal doctrine is called battery, and the old saying, “Your liberty to swing your fist ends just where my nose begins,” illustrates the bubble theory in an almost literal way. Other basic rights making up the bubble include things such as the rights not to be defrauded, not to have one’s things stolen, and so on.

The privacy part of the bubble includes the privacy torts. People in most states can sue someone who offends their privacy by publicly disclosing private facts, intruding upon their seclusion, casting them in a false light, or appropriating their name or likeness. I’m passing over much detail.

The contours of the bubble are not fixed for all time, but they don’t change quickly. In ancient history, battery law may have been all of one’s physical rights against others. But in recent centuries, assault has joined battery to make a well-known pairing and move the bubble out. Battery law bars intentional offensive touching, and the law of assault bars placing one in reasonable apprehension of being battered. (America, stop saying “assault” when you mean “battery”!)

Should people’s privacy bubbles move out so that more things done with personal data are treated as harmful, giving them a right to sue and collect damages or reverse the damage done? Maybe!

February 15th - NEW BIP47 DRAFT AND PAYNYM TORCH

Justus Ranvier published a draft for “Reusable Payment Codes for Hierarchical Deterministic Wallets, version 3,” extending his prior BIP-47 specification from 2015. The proposal recommends using BIP-157 client-side filtering with OBPP-4 Enhanced Selectivity filters for detecting notifications. The only wallet using these Elliptic-curve Diffie–Hellman (ECDH) stealth addresses is Samourai Wallet, which recently celebrated its sixth-year anniversary.

In TMIBP03, I featured the PayNym torch event, inspired by the 2019 Lightning torch event. On February 22nd, ‘EconoAlchemist’ published an article in Bitcoin Magazine about an upcoming torch event, organised by the same Bitcoin Enemies virtual meetup group, using various Samourai Wallet features like Stowaway and Soroban (see TMIBP06).

There is growing interest from the Bitcoin community in privacy enhancing tools like Stowaway, PayNyms and BIP 47. On February 28, 2021, a group of Bitcoin privacy advocates launched operation #GretasFury. Designed to interrupt common input ownership heuristics by passing a payment torch of 1 sat transactions using Stowaway, operation #GretasFury brought together dozens of users from around the world. Each collaborator anonymously participated in the torch passes by using their PayNyms. Each Stowaway transaction that was made utilized Soroban communications over Tor. Participants managed the timing of their transaction with out-of-band communications over applications like Telegram and Matrix.

Graphic designer @artdesignbySF, who also helped with the BTCPay server integration for the Human Rights Foundation (HRF), contributed an animated graphic for a new short video demonstrating these tools. On February 28th, Max and Bitcoin Q+A talked about the campaign, Samourai Wallet’s latest release, and other related topics for the Bit-Buy-Bit podcast.

February 17th - TELEPORT TRANSACTIONS

In TMIBP01, TMIBP03, and TMIBP07, I have followed Chris Belcher’s development of a working CoinSwap protocol. He has since demonstrated “a 5-hop CoinSwap on testnet” using the existing implementation, and written about why fungibility is important in a variety of situations, quoting from Maxwell’s 2013 post on the subject.

The project is still a work in progress. All kinds of attacks are possible right now, so it shouldn’t be used on mainnet with real money yet. Also right now the CoinSwap addresses created by the project appear as 2-of-2 multisignature addresses, but the plan is to use ECDSA-2P which will make them look the same as regular single-signature addresses which is needed before the thing massively improves privacy and fungibility.

February 26th - THE NYM NETWORK WHITEPAPER

In TMIBP04 and TMIBP06, I highlighted the development of the Nym mixnet, which is testing the use of bitcoin as a reward system. This month, associate professor Claudia Diaz, Harry Halpin, and Aggelos Kiayias from Nym Technologies published a whitepaper outlining how it can “serve as the foundation for a vast range of privacy-enhanced applications that defend the fundamental freedoms of people across the globe against traffic analysis by powerful adversaries.”

Incentives work. Bitcoin has demonstrated this. One fundamental premise of Nym is that well-designed incentives can sustain a large-scale privacy infrastructure as a collective public good. This challenges the status quo, making possible a new generation of services and applications that offer privacy as a feature rather than indiscriminately amassing user data. In Nym, incentives ensure that those who provision the core infrastructure are rewarded for their work. A market model for node operators, in contrast to volunteer-driven models, makes it possible for the Nym network to arbitrarily scale up to meet increased demand as the user base grows.

Thanks for reading! Feel free to bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’