Welcome to the sixteenth issue of ‘This Month in Bitcoin Privacy’ newsletter. Enjoy!
"68.001 BF1643 Emperor Moth, Saturnia pavonia, male." by Patrick Clement. is licensed under CC BY 2.0
Table of Contents
- Wasabi Wallet 2.0 Update, Continued
- El Salvador’s Chivo Privacy Concerns
- Mastercard Acquires CipherTrace
- HRF Grants to Chaincase, Umbrel Bounty
- Coinbase on ICE
- Bisq Transitions to Tor V3
- Chainalysis Behind Block Explorer
- Samourai Like-Type Change Outputs
- Moral Landscape of Monetary Design
AUGUST 31st - WASABI WALLET 2.0 UPDATE, CONTINUED
Wasabi published another progress update regarding the major revamp of their wallet software, with details about various changes they planned to include, such as: a send fee chart, send optimisation options (like avoiding round numbers), a QR code reader, automated CoinJoin, and of course WabiSabi (see TMIBP01, TMIBP03, TMIBP06, and TMIBP09). On September 15th, they conducted a WabiSabi transaction on testnet. On September 18th, Ádám “Nopara” Ficsór wrote further about the “privacy guarantees of Wasabi Wallet 2.0.”
Dynadenomination Coinjoins utilize not only multiple denominations, but also multiple denomination systems, randomly and dynamically… The Dynadenomination Coinjoin algorithm started by breaking down each and every input into denominations and took the most frequent ones. This was not only helpful in achieving probabilistic equalities on the output side, but these are also great numbers to increase their combinations such as they add up to many input combinations. In other words the final outputs end up adding up to more valid sub-mappings (sub-transactions) than if they were to be chosen randomly.
On September 21st, Johann Stockinger, Bernhard Haslhofer, Pedro Moreno-Sanchez, and Matteo Maffei published ‘Pinpointing and Measuring Wasabi and Samourai CoinJoins in the Bitcoin Ecosystem,’ the “first paper to provide a comprehensive picture of the adoption of distributed CoinJoin.” They concluded that there has been “a somewhat steady adoption of these services and found a growing trend with a total amount of 190,777.11 mixed BTC with a value of ca. 3.02 B USD,” after devising detection heuristics for coins mixed through each service.
For privacy-seeking end users, wallets like Wasabi and Samourai are a practical, low-entry barrier solution to Bitcoin’s anonymity problem. While it is, to the best of our knowledge, hardly possible to de-mix CoinJoins produced by these wallets, users should be aware that the use of such services is visible on-chain and that cryptoasset tracing and tracking solutions can detect them. Also pre-mixed and post-mixed addresses can be tracked, effectively reducing the anonymity guarantees provided by these mixing wallets.
September 7th - EL SALVADOR’S CHIVO PRIVACY CONCERNS
El Salvador’s adoption of bitcoin as legal tender, following congressional approval back in June, made international headlines and remained a hot topic of discussion throughout the month. The activation of the “Bitcoin Law” coincided with the release of their official Bitcoin hot wallet app, Chivo. I was none too pleased to read the following in Forbes:
For months, El Salvador has kept many of Chivo’s details under wraps, with the nation’s 40-year-old president, Nayib Bukele, teasing the wallet’s launch on Twitter just last week. However, Forbes has learned El Salvador appears to have tapped cryptocurrency unicorn BitGo to provide Chivo’s wallet infrastructure and security platform, making the Palo Alto, Calif-based startup the nation’s exclusive hot-wallet provider in a historic moment for cryptocurrency adoption.
… At least for now, the Chivo wallet will only support bitcoin and USD, and users won’t incur fees when transacting with others using the wallet — a point President Bukele has stressed on Twitter. Funds withdrawn from the wallet, however, will incur fees. BitGo has worked out a “small commercial relationship” with El Salvador’s central bank, Belshe says, but financial terms weren’t disclosed.
And my concern was quickly justified. Bitrefill head of research Matt Ahlborg, in his early evaluation of Chivo, noticed that the Lightning invoices “contain the full legal name of the creator of the invoice.” At least within a day or two, the issue was “fixed.”
Yesterday I tweeted about a #ChivoWallet privacy issue where the users’ full legal name was being leaked in the LN invoice metadata. It appears to be fixed, and what’s in its place is “Thanks Matt Ahlborg”, which I guess is to show that they saw my tweet.
The Lightning Junkies podcast released episode LNJ049, an interview with Galoy co-founder Nicolas Burtey regarding the adoption of Bitcoin / Lightning in El Zonte, El Salvador. At one point, Burtey stated that privacy is not “the top of their mind” at this stage. This was also the first topic for a group discussion hosted by Bitcoin Magazine.
September 9th - MASTERCARD ACQUIRES CIPHERTRACE
Mastercard announced “an agreement to acquire CipherTrace, a leading cryptocurrency intelligence company with insight into more than 900 cryptocurrencies.” They note that the “terms of the agreement were not disclosed, and the transaction is anticipated to close before the end of the year, pending certain conditions.”
As digital assets, including cryptocurrencies and non-fungible tokens (NFTs), become more intertwined with everyday activities — from the way people pay and get paid to how they invest — trust and security will be critical enablers to ensure broad adoption and scale. These new technologies will require new solutions and more powerful intelligence to ensure that the crypto economy is instilled with the same trust and peace of mind that consumers currently experience with more traditional payment methods.
The integrated offering will build on CipherTrace’s suite of digital assets and Mastercard’s cyber security solutions to provide businesses with greater transparency to help identify and understand their risks and to help manage their digital asset regulatory and compliance obligations.”
In an interview with CoinDesk TV host Christine Lee, CEO Dave Jevans shared that the acquisition agreement “came about through many months of work,” after assuming that Mastercard would remain either a customer or investor. While he did not reveal the acquisition amount, Lee noted that their competitor Chainalysis had recently been valued at $2 billion. He claimed that they feel “very strongly about privacy, and I think Mastercard feels the same way. This is not in any way about exploiting privacy; this is really, like, increasing it.”
In a later interview with Cointelegraph reporter Rachel Wolfson, Jevans said that they offered “unique products, like ‘Armada’ for example, which integrates intelligence around crypto and banking transactions.” According to promotional documents on Armada, which launched in April 2020, it is “tightly integrated with leading AML tools including Nice Actimize, Caseware Alessa, BAE, Worldsys and Featurespace to identify VASP payments,” and “visually displays VASP risk profiles based on KYC effectiveness, risky transactions, illicit activity.” He anticipates that “all major payments companies will have to either acquire or partner with crypto intelligence firms to ensure digital asset development.”
CipherTrace has previously been mentioned in: TMIBP03, regarding their development of tools for the U.S. Department of Homeland Security (DHS) to track Monero; TMIBP05, regarding their membership in the U.S. Travel Rule Working Group (USTRWG); TMIBP07, regarding their contributions to a new online resource for anti-money laundering (AML) and compliance professionals; and TMIBP11, noting their partnership with digital forensics firm Cellebrite.
Update: Mastercard announced they had completed the acquisition on October 19th.
September 14th - HRF GRANTS TO CHAINCASE, UMBREL BOUNTY
In TMIBP01, TMIBP03, and TMIBP10, I have covered grants from the Human Rights Foundation (HRF) toward “making the Bitcoin network more private, decentralized, and resilient.” This month, they announced another gift of 3.75 BTC, distributed among ten developers, including Chaincase (see TMIBP11, TMIBP12, and TMIBP13).
The second round of 0.25 BTC is being gifted to Chaincase, a mobile and open-source iOS bitcoin wallet that allows users to use features such as CoinJoin, coin control, and Tor. The money received will be spent on supporting the addition of PayJoin, which is a peer-to-peer (P2P) CoinJoin transaction that helps restrain Bitcoin surveillance even for users who do not use PayJoin.
… The fifth and final recipient of the 0.25 BTC grant will go towards a bounty for developers to add a JoinMarket app to the Umbrel full-node platform. The reasoning for this will be to increase the privacy and fungibility of their bitcoin transactions for Umbrel users. This is estimated to increase JoinMarket usage which will result in bitcoin privacy being much more accessible.
… The third recipient of 0.50 BTC is Bitcoin Core developer Vasil Dimov, who is known for implementing Tor v3, BIP155, and I2P support in Bitcoin Core. The money will be used on implementing CJDNS support, which will improve privacy and the security of the network against partitioning attacks. In addition to this Dimov will work on code review which will improve the testability of the networking code.
September 16th - COINBASE ON ICE
In TMIBP01, TMIBP02, TMIBP04, and TMIBP05, I have followed Coinbase’s contractual relationships with, and data disclosures to, government agencies, many of which can be conveniently viewed through Tech Inquiry’s lobbying and procurement explorer. In August and September, they were awarded two contracts for Analytics from the U.S. Immigration and Customs Enforcement (ICE) branch of Homeland Security, valued overall at $29,000 and $1,365,000 respectively. The smaller contract is categorised under the product/ service code “DA01: IT AND TELECOM - BUSINESS APPLICATION/APPLICATION DEVELOPMENT SUPPORT SERVICES (LABOR),” and the larger contract under “DA10: IT AND TELECOM - BUSINESS APPLICATION/APPLICATION DEVELOPMENT SOFTWARE AS A SERVICE.”
Beyond that, it is not stated how they plan to use the platform. But there are indications that the focus of its use will involve the War on Drugs. In March 2017, during a U.S. House of Representatives subcommittee hearing on the opiod crisis, Investigative Programs assistant director Matthew C. Allen stated:
ICE recognizes that the private sector represents America’s first line of defense against money laundering. Through our Illicit Finance and Proceeds of Crime Unit (IFPCU), ICE partners with the U.S. financial industry, along with state and federal agencies, to combat financial and trade crimes associated with heroin and fentanyl smuggling and distribution. In targeting virtual currency transactions of heroin and illicit fentanyl, ICE uses blockchain analysis to track transactions between criminal parties.
In their budget overview for fiscal year 2021, ICE wrote:
The [Bulk Cash Smuggling Center] BCSC has developed a Cryptocurrency Intelligence Program (CIP) which identifies unlicensed money services businesses in the form of independent cryptocurrency brokers’ use of peer-to-peer (P2P) sites, online forums and classified advertisements, and darknet markets (DNM) to engage in unlicensed money services businesses (MSB) activity. A large portion of these unlicensed MSBs are engaged in laundering narcotics proceeds, including opioid trafficking.
As I explained in TMIBP01, Coinbase Analytics is a re-branding of the blockchain surveillance company Neutrino, which they acquired in February 2019. Former Neutrino CTO and Hacking Team co-founder Alberto Ornaghi described himself as a “Senior Software Engineer” at Coinbase from February to July 2019 in his LinkedIn profile, and is now a technical advisor to Credmark, a tokenised “risk modeling platform in the DeFi space.”
September 19th - BISQ TRANSITIONS TO TOR V3
Since TMIBP13, Bisq has been prompting users to upgrade to Tor v3 addresses. This month, they merged bitcoinj support for Tor v3 as part of release version 1.7.4, which “enables you to connect to a Bitcoin Core node with a Tor v3 address.” They plan to phase out support for Tor v2 addresses after October 15th.
On September 21st, Johannes Kepler University Linz assistant Tobias Höller published a guest post for the Tor Project examining “V3 onion services usage,” on which he had recently co-authored a paper. He also explains the privacy improvements:
For V2 onion services, the data published in the hidden service directory is uploaded in plain text, meaning that the Tor relays with the HSDir flag can learn a lot of information about a small fraction of running V2 onion services (most importantly the onion address) every day.
… V3 uses encryption and key derivation to address this issue. Since the V3 address is itself a public key, all the data uploaded to the hidden service directory can be encrypted. Clients can always decrypt that data with the key embedded in the .onion address. However, clients still need to ask the directory for information about a specific onion address, which would again allow mass collection of onion addresses. With V3 onion services, this is prevented by using key derivation to derive a daily-rotated identifier (“blinded public key”).
… Thanks to these improvements, V3 onion services leak much less sensitive information.
September 21st - CHAINALYSIS BEHIND BLOCK EXPLORER
CoinDesk writer Danny Nelson reported that “according to leaked documents reviewed by CoinDesk, Chainalysis, the largest of the blockchain tracing firms, owns and operates” the blockchain explorer website walletexplorer.com. The documents, supposedly from a “Chainalysis presentation to Italian police investigating the dark web,” claim that the site “‘scrapes’ the IP addresses of suspicious” visitors, which is then used to “provide law enforcement with meaningful leads related to the IP data associated with an address.”
The website’s creator didn’t exactly hide his association with the company. Both the homepage and FAQ are credited to Aleš Janda, a Prague-based researcher whose website and LinkedIn note that he is a graduate of the Czech Technical University in Prague (ČVUT) and has worked for Chainalysis since September 2015, around the time that he gave a presentation at a Paralelní Polis meetup. He describes the explorer as “a deanonymization tool… [but] since I’ve been at Chainalysis, it hasn’t been maintained much.”
If you are not interested in running your own block explorer to avoid such snoops, the least you can do is look up your addresses through services that work over Tor or even host an onion, such as blockstream.info (TMIBP02).
September 23rd - SAMOURAI LIKE-TYPE CHANGE OUTPUTS
Samourai Wallet released version 0.99.97a with at least two relevant privacy-related improvements. First, the “like type” change output feature for post-mix spends will make it harder for analysts to distinguish between payment and change following a CoinJoin. Second, they have enabled “local receive address indexes to help prevent unintentional address reuse during high network latency or interruption.” While it is not cited, this may be related to a vulnerability disclosure from last year (TMIBP02), which found “a lack of error handling… where the client receives malformed data or any network connection disruption occurs” and recommendeded “persist[ing] the relevant wallet indexes locally in the same manner the Whirlpool desktop client does.”
On the same day, Sparrow Wallet released version 1.5.0. In addition to incorporating pre-send privacy analysis tips and Belcher’s anti-fee-sniping protection (TMIBP13), it also includes STONEWALL-type transactions, which will be “the default for postmix sends,” and a compatible implementation of Whirlpool to do CoinJoin, for which there is a detailed setup guide (also translated by Egge into German).
If you are new to Samourai Wallet and Bitcoin privacy, check out the new four-part series on wallet basics, the suite of spending tools, Whirpool, and the Dojo, produced by Bitcoin Q+A and ‘Brother Rabbit.’
September 28th - MORAL LANDSCAPE OF MONETARY DESIGN
Assistant professors Andrew M. Bailey, Bradley Rettler, and Craig Warmke, who form the Bitcoin-focused research collective Resistance Money, published two articles on the “philosophy, politics, and economics of cryptocurrency.” The first part, ‘Money Without State,’ serves as an introduction to Bitcoin and cryptocurrencies, and questions among other things “the orthodox status of the view that issuing money is a critical state function.” The second part, ‘The Moral Landscape of Monetary Design,’ expands on the remaining three of four “key design dimensions along which cryptocurrencies differ – privacy, censorship-resistance, and consensus procedure.”
Despite widespread agreement on the value of privacy, financial privacy – that is, privacy with respect to buying, selling, and storing value – is not widely discussed or defended. As we’ll see, though, it deserves renewed attention, especially in relation to cryptocurrencies.
CoinJoin, ring signatures, and zero-knowledge proofs are mentioned as ways to “transact… more privately.” They also acknowledge that “the very privacy-enhancing features of cryptocurrencies that distinguish them from traditional forms of money could simultaneously help them fulfill traditional money roles,” especially fungibility.
No Taproot stories this month, but: check out Bitcoin Optech Newsletter #164, #165, #166, #167, and #168 for their “weekly series about how developers and service providers can prepare for the upcoming activation of taproot.”