February 2022

13 minute read

Welcome to the eighteenth issue of ‘This Month in Bitcoin Privacy’ newsletter. Enjoy!

“Red-line Quaker, Agrochola lota” by Patrick Clement is licensed CC BY 2.0

OVERFLOW

“Imagine, a newsletter so private, it doesn’t even hit your inbox for three months.” This section is for important stories that would have been included in newsletters during my November-January hiatus.

Address Ownership Proof Protocol (AOPP)

As I covered in the last TMIBP17, the Financial Action Task Force (FATF) finalised and published their updated guidance for virtual asset service providers (VASPs) at the end of October. Back in November 2020 (TMIBP06), I also covered the emergence of KYCC polices in the Netherlands and Switzerland that required customers of such obliged entities to somehow confirm the ownership of deposit or withdrawal addresses. Meanwhile, the Swiss-based “compliance and data protection” company 21 Analytics has written about the various ways to perform “non-custodial address ownership proof,” given inconsistent compliance between countries. On January 18th 2022, they published a similar blog post, but with heavier emphasis on and promotion of their new Address Ownership Proof Protocol (AOPP) for Bitcoin and Ethereum addresses, which they claimed was “already supported by BitBox, BlueWallet, Sparrow, and others. Work is underway to add AOPP support to Trezor and Ledger.” (Interestingly, two days later, they also wrote about development of their OpenSanctions product.)

Two weeks earlier, Trezor had explained how to use their ‘Sign & Verify’ feature to “send [a] message, address and signature to whomever requested proof of ownership,” though this was not identified as AOPP or even marketed as a compliance tool. Indeed, in and of itself, the ability to create and verify digitally signed messages is a basic function of public key cryptography systems, and could be used for integrity checks in a pure peer-to-peer context. However, on January 19th, they confirmed that the AOPP-specific proof format had been integrated into the Suite, “saving time when dealing with some jurisdictions’ regulations.”

Following this explicit association with Travel Rule compliance, Samourai Wallet and others argued that “by buying into this system you are legitimizing the concept that self custody requires permission & compliance.” Trezor initially defended the decision, pointing out that “the message for signing is composed of information already available to the exchange.” On January 28th, they and a couple other wallets reversed the changes:

As a proudly independent company, our decisions are always made in support of individuals. In this case, AOPP benefits only a small number of customers, while many more customers are concerned that its inclusion amounts to ideological signalling in favor of regulators. This is not and will never be the case. We staunchly oppose the rollout of regulation that infringes on privacy. It is a flawed system, and we are working to help Bitcoin evolve to a point where it is no longer relevant with privacy-focused features like CoinJoin. In the meantime, we are also looking for solutions that maximize access to bitcoin.

The creators of AOPP disdainfully attribute this to “fear of the cancel-culture.” Their consultant, Leah Callon-Butler of Emfarsis, which also lists the blockchain surveillance company Elliptic (TMIBP01, TMIBP05, TMIBP07, TMIBP11) as a customer, described it as a “storm-in-a-teacup.” These events were discussed on episode #4 of Streetside Sessions and episode #53 of Citadel Dispatch.

Anti-Money Laundering Ineffective

On November 2nd 2021, Stephan Livera published an interview with Dr Ronald F. Pol (@ronaldpol), an anti-money laundering (AML) researcher and former lawyer. They discussed his paper, “Anti-Money Laundering: The World’s Least Effective Policy Experiment? Together, We Can Fix It,” from February 2020 (TMIBP05). He argues that “the modern anti-money laundering experiment unwittingly enables, protects and supports terrorists, drug, human, arms and wildlife traffickers, sex and labor exploiters, and corrupt officials, fraudsters and tax evaders on a global scale.”

There is an underlying assumption that KYC is good, that we need identification, we need all sorts of identification… And certainly there are privacy people who are putting up a good argument in a number of areas, but what’s often missing from that is — it’s a belief that KYC is good. Let’s test that assumption. Do we need all of this KYC, or could we do some of it that actually has an impact?

Taproot Activated

I have covered the development of the Taproot/Schnorr soft fork in nearly every issue of this newsletter (TMIBP01, TMIBP02, TMIBP03, TMIBP04, TMIBP05, TMIBP06, TMIBP07, TMIBP08, TMIBP09, TMIBP10, TMIBP11, TMBIP12, TMIBP13, TMIBP14, TMIBP15). On November 14th 2021, it was activated on schedule at block 709,632. Samourai Wallet added ‘send to taproot address’ functionality with v0.99.98 in December 2021, as did JoinMarket with v0.9.5 recently; Sparrow Wallet already supported it as of July 2021 (TMIBP14); Casa (TMIBP12) and Nunchuck are working on it for multi-sig setups, with the goal of testing Taproot’s threshold signatures. Chainalysis, predictably, did not highlight ‘privacy’ as a benefit.

Check out Bitcoin Optech Newsletter #173, #174, and #175 for the wrap-up of their “weekly series about how developers and service providers can prepare for the upcoming activation of taproot,” as well as #178, #179, #180, #181, #183, and #184 for post-activation news.

Lightning Network Privacy

In the area of Lightning Network privacy, ACINQ software developer Bastien Teinturier was interviewed in SLP319 about its shortcomings and opportunities for improvement, such as Taproot/Schnorr, MuSig (TMIBP01, TMIBP03, TMIBP04, TMIBP05, TMIBP06, TMIBP11, and TMIBP13), route blinding, payment decorrelation, and Trampoline routing (TMBIP10). Teinturier also spoke on these topics, independently and on a panel, for the Adopting Bitcoin (AB21) conference in El Salvador. Starting in November, Wasabi offered a grant – eventually increased in collaboration with the MAGIC non-profit and developer Dan Gershony – for “researchers and teams of researchers to design, (not implement), the best possible privacy-focused Lightning Network light client.”

On December 10th, Chainalysis announced that they were “the first blockchain analysis company to offer customers a transaction monitoring solution for the Lightning Network,” a capability that has been requested by the IRS (TMIBP02 and TMIBP04). The news was discussed at length in the Lightning Junkies podcast on December 17th. You can explore Chainalysis’ public government contracts here.

On January 31st 2022, relating to the AOPP controversy, it was suggested that BOLT11 invoice descriptions/ memos be similarly re-evaluated from a privacy perspective, especially given use cases like BottlePay which require users to include personally identifying information for verification. Developer Martin Habovštiak replied that the “biggest real problem” is “the fact that invoices leak txids of private channels even though they shouldn’t have to,” and suggested that node IDs should be rotated to avoid reuse.

Diary Of A Non-KYC Bitcoiner

On December 31st 2021, a pseudonymous individual declared that their New Year’s resolution was to “buy Bitcoin through non-KYC methods for the duration of 2022,” and so began their “Diary of a Non-KYC Bitcoiner.” As of this writing, they have published three entries. If you live in a country where it is becoming more difficult to buy KYC-less, their experience may be helpful.

February 10th - WABISABI AUDIT REPORT

In TMIBP01, TMIBP03, TMIBP06, TMIBP09, TMIBP14, and TMIBP16, I have followed development of WabiSabi, a variable-amount CoinJoin protocol that will be introduced in the next major iteration of Wasabi. On October 22nd 2021, the Cryptoeconomic Systems (CES) Journal, housed by MIT’s Digital Currency Initiative (DCI) published their second issue with ten review summaries of various papers, including the WabiSabi paper. Criticisms noted that the paper “requires considerable pre-knowledge on the topic,” therefore limiting the “audience,” and there was “no rigorous evaluation or security proof.”

On February 10th, Wasabi announced that a new Swiss-based security auditor Inference AG had assessed their WabiSabi cryptographic codebase in January for “security defects (incorrect implementation, software bugs, randomness issues, data leaks, etc.).” The published report includes six recommendations.

February 15th - INTRODUCING RONINUI 2.0

In TMIBP01, TMIBP03, and TMIBP12, I have followed the release and optimisation of RoninDojo, an installation assistant and interface for Samourai Wallet’s self-hosted full node backend which can automatically sync with their privacy-focused mobile wallet. This month, they released v2.0.0 of the RoninUI. “This release marks the beginning of a huge overhaul of our project, the end of dependence on the command line, and so much more up our sleeves!” In a blog post displaying their newly re-designed cyberpunk aesthetic and outlining their progress, they wrote about what else is coming on the roadmap:

While these are all nice, it’s just a beginning and we will continue to add more features in the near future. To name a few: calculate and display a Boltzmann score for any transaction similiar to KYCP.org, install and uninstall certain apps like local Mempool.space, manage your Whirlpool CLI using Ronin UI or upgrade your RoninDojo and system dependencies via Ronin UI.

February 16th - LIGHTPIR

Chaincode Labs researcher Sergei Tikhomirov has summarised and reviewed a paper published in April 2021 titled “LightPIR: Privacy-Preserving Route Discovery for Payment Channel Networks.” PIR stands for ‘private information retrieval.’

Lightning is currently source-routed. This means that each sender does a local route search on the full network graph. This may become unsustainable as Lightning grows grows. Naively outsourcing route discovery to dedicated servers harms privacy: the servers know who is paying whom.. The authors combine private information retrieval with all-pairs-shortest-path pre-computation with hub labeling, optimized for real LN topology.

… This approach is valuable and underappreciated. Most likely, there are lots of valuable ideas in scientific literature from long before Bitcoin came along, waiting to be applied in modern development. However, at least in the case of LightPIR, more effort is required to turn this protocol into an implementation-ready proposal.

February 17th - JUSTICE DEPARTMENT’S NCET DIRECTOR

In October 2021, the U.S. Department of Justice (TMIBP02, TMIBP05, TMIBP09, TMIBP11, TMIBP12) announced the creation of a National Cryptocurrency Enforcement Team (NCET) “to tackle complex investigations and prosecutions of criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors.”

Under the supervision of Assistant Attorney General Kenneth A. Polite Jr., the NCET will combine the expertise of the Department of Justice Criminal Division’s Money Laundering and Asset Recovery Section (MLARS), Computer Crime and Intellectual Property Section (CCIPS) and other sections in the division, with experts detailed from U.S. Attorneys’ Offices. The team will also assist in tracing and recovery of assets lost to fraud and extortion, including cryptocurrency payments to ransomware groups.

This month, following the “application process seeking an individual with experience with complex criminal investigations and prosecutions, as well as the technology underpinning cryptocurrencies and the blockchain,” they have selected Eun Young Choi as the first director of NCET. Choi is described as “an accomplished leader on cyber and cryptocurrency issues.” The summary of her career includes acting as “lead prosecutor” in the Coin.mx and Panama Papers tax evasion cases, and on behalf of the U.S. government “successfully argu[ing] the appeal before the Second Circuit in the case against Ross Ulbricht.” That appeal, where Choi is listed as the assistant attorney for Preet Bharara, concerned whether Judge Katherine B. Forrest had “erred in denying his motion to suppress evidence obtained in violation of the Fourth Amendment,” “committed several errors that deprived him of his right to a fair trial, and incorrectly denied his motion for a new trial,” and if “his life sentence is both procedurally and substantively unreasonable.”

Exactly two months earlier on December 17th 2021, Ulbricht reached his “3,000th day in prison.” Just two days earlier on February 15th, Ulbricht’s managed account had tweeted: “There’s no such thing as a life sentence. It’s just a death sentence that takes a while.”

February 19th - SAMOURAI BITCOIN PRIVACY SERIES

In collaboration with community member @noisymouse27f, Samourai Wallet published a series of seven explainer videos, exhibiting features of their wallet and OXT blockchain analysis tool (TMIBP03, TMIBP15), by breaking down various subjects relevant to Bitcoin privacy: unspent transaction outputs (UTXOs), change outputs, address reuse, the Change Output Position heuristic, the Largest Output Amount heuristic, the Round Number Payment heuristic, and the Script Type heuristic. The videos include cameo appearances of Bitcoin Q+A and Openoms.

In around a total of 30 minutes watch time you should have a basic understanding of bitcoin transaction composition, heuristics that can be applied to surveil transactions, tools to conduct your own blockchain analysis research, and methods to protect yourself from these threats.

February 22nd - SPARROW WALLET SUPPORTS PAYNYMS

In TMIBP03, TMIBP06, TMIBP09, and TMIBP10, I have covered adoption of the BIP-47 specification. In TMIBP16, Sparrow Wallet released a compatible implementation of Whirlpool to do CoinJoin. On February 22nd, lead developer Craig Raw also committed support for “linking, sending to and receiving from” BIP-47 PayNyms, which will likely come with the next code release. On the same day, BTC Sessions host Ben Perrin published a tutorial for this feature in Samourai Wallet, the only wallet to have implemented it so far.

Update: On March 3rd, Sparrow Wallet published v1.6.0 with “linking, sending to and receiving from PayNyms on Legacy, Nested Segwit and Segwit addresses.” Raw writes that “this functionality is useful for a variety of applications, including crowdfunding, repeat payments, auto-withdrawal from exchanges etc.”

Last year in July 2021, Habovštiak published a draft proposal for reusable Taproot addresses, based on the BIP-47 scheme but also trying to improve on some of its issues. So far it has notably received interest and suggestions from Laurent, Ruben Somsen, and JoinMarket contributor Adam Gibson.

In December 2021, Janey Gak wrote about why PayNyms were useful for helping her fellow Afghans receive bitcoin; her translation, educational, and fundraising efforts had previously been featured by CNBC in August.

The reality is that many good hearted people do not want to take the risk of sending donations to a sanctioned country like Afghanistan. So for those who want to donate privately, PayNyms offers an easy solution.

Make no mistake: the need is not limited to civilians in countries under sanction, economic distress, or at war. If your so-called democratic government has recently been expanding the definitions of “foreign and domestic threat actors” to include those sharing information “based on fact,” or has decided to pursue financial surveillance and censorship against those who participate in or support non-violent protest, then you too may soon see how authoritarianism is not limited to Over-There-Land, and “we must defend our own privacy if we expect to have any.”

If you have never set up or used a pseudonymous identity before, check out Blockchain Commons’ Pseudonymity Guide. If you are vulnerable to these circumstances, I recommend Kraken’s “Security Advisory: Mobile Phones,” Lopp’s “A Modest Privacy Protection Proposal,” and Bazzell’s “Privacy, Security, & OSINT Show.”

February 28th - COINSWAP ALPHA RELEASE

In TMIBP01, TMIBP03, and TMIBP07, I covered the early development of a working CoinSwap protocol. At the end of the month, Chris Belcher announced that he has released an alpha version of the project as “Teleport Transactions.”

The project is almost completely decentralized and available for all to use for free (baring things like miner fees). So far it is only really usable by developers and power-users to play around with. It doesnt have all the necessary features yet, but from now on I’ll be doing new releases very often as soon as every new feature gets added. It is possible to run it on mainnet, but only the brave will attempt that, and only with small amounts. I’ve personally made many coinswaps on the testnet and signet networks, and I’ll be running market makers on signet which will be available for anyone to create coinswaps with.

Right now it just uses 2of2 multisig for the coinswap addresses. Those address types are rare on the blockchain so the coinswaps stand out a fair amount (although protocols like lightning also use 2of2 multisig). However the next really big task on my todo list is to use ECDSA-2p which would make these multisig addresses look like regular single-sig addresses, which are overwhelmingly common out there and so provide an enormous anonymity set.

My aim is that the Teleport project will develop into a practical and secure project on the bitcoin mainnet, usable either standalone as a kind of bitcoin mixing app, or as a library that existing wallets will implement allowing their users with the touch of a button to send bitcoin coinswap transactions with much greater privacy than as possible before.

Check out Bitcoin Optech Newsletter #185, #186, #187, and #188 for recent technical developments beyond privacy.

Thanks for reading! Feel free to bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’

That One Privacy Girl