Month: September 2024

Security strategies within the Bitcoin network are in a constant state of progression, and in this exploration, we will assess how these strategies have evolved from simple digital wallets to complex multi-signature mechanisms.

This includes an overview of the latest advancements in cryptographic technologies, such as Schnorr signatures. In simple terms, we will examine these technologies that help to provide the necessary fortifications that act as the foundation behind Bitcoin’s security framework.

We will also consider some of the major security incidents in recent years and the lessons that were learned. The overall aim of this piece is to emphasize the importance of the Bitcoin community in developing new ways to secure Bitcoin infrastructure and strengthen blockchain technology – this need is further emphasized by the impending threat of quantum computing …

How Has Bitcoin Security Has Evolved Over The Years

Since Bitcoin’s launch in 2009, the world of finance and technology has been completely transformed, moving toward ultimate financial freedom as an ambitious yet noble goal. As a decentralized cryptocurrency, Bitcoin has surged in value and become the 13th major currency in the world. However, this value has also presented a range of security challenges.

To think that, just a decade and a half ago, the most we could do with Bitcoin was to buy a pizza, it’s not hard to see how we ended up with today’s wallet standards.

Bitcoin initially relied on rather basic security solutions such as digital wallets that stored cryptographic keys to facilitate transactions. These wallets, although effective in basic terms, lacked the necessary security to prevent malware threats and cybersecurity threats which quickly became more sophisticated as the years passed – requiring innovations to keep Bitcoin safe.

Software Wallets

Early digital wallets were basic software that sat on a person’s hard drive, storing private, cryptographic keys that allowed users to access and transfer their Bitcoin.

As Bitcoin’s value grew and cybercriminals became aware of its potential, the need for better security became paramount to prevent widespread hacking and theft. Initially, digital wallets were improved with better encryption and dedicated user interfaces but this did little to stem the tide of a growing number of cyber threats.

Improving and maintaining software wallets became a somewhat futile task for developers who were forced to constantly run API penetration tests, stress tests, and various other security exercises to ensure a high level of security. As a result, a new, more practical solution was created.

Hardware Wallets

These hardware devices stored private keys offline and negated a lot of the threats that were linked to software wallets that were connected to the internet. Hardware wallets came in the form of a small device that connected to a computer via USB — two popular hardware examples were Ledger and Trezor.

Although hardware wallets were offline and required a pin code to access, and if lost, recovering these pin codes was a multi-faceted process. This higher level of security led to these devices growing in popularity as they were not susceptible to malware attacks, private keys never left the device, and transactions were completed within the wallet before being confirmed on the blockchain.

Multi-signature Wallets

These advanced wallets required multiple signatures or approvals from multiple users before any transactions could be executed. This drastically reduced the chance of any unauthorized access and this method was favored by businesses and organizations who regularly made large-scale Bitcoin transactions.

To make a transaction, two or more private keys are required to authorize the activity, similar to written contracts that require multiple signatures. This way, even if one private key has been hacked, the Bitcoin within the wallet still cannot be accessed.

Advancements/ Taproot and Schnorr Signatures

Taproot was a significant upgrade to the Bitcoin network that was designed to improve scalability and brought about a series of enhancements. One such enhancement was Schnorr signatures which offered multiple benefits over the previous Elliptic Curve Digital Signature Algorithm (ECDSA) mechanism which facilitated the generation and verification of private keys.

The key benefits of Schnorr signatures were that they allowed for smaller signature sizes, offered quicker verification times, and provided better protection against certain cyberattacks. Key aggregation was the most significant enhancement of Schnorr signatures which reduced the size of multi-sig private keys so they take up less space in a block and incur the same transaction fees as a single-party transaction.

Another important upgrade was the non-malleability feature that prevents cybercriminals from modifying a valid signature to allow them to commit malicious activity. Schnorr signatures also improve the privacy of multi-sig wallets, increasing their complexity significantly when compared to single signatures.

Preparing For Future Threats To Bitcoin

The rise of quantum computing poses a significant threat to Bitcoin, as these machines can solve extremely complex problems that standard computers cannot. This can include deciphering cryptographic keys. Should this technology become more accessible and fall into the hands of cybercriminals, the risk of unauthorized access to all types of wallets becomes significant and could lead to the complete collapse of the cryptocurrency market if there is no solution.

The Bitcoin community has been busy conducting ongoing research to assist in the development of quantum-resistant cryptographic algorithms.

The hope is that the development of these advanced algorithms will provide sufficient protection against this impressive computational power but the key challenge is the successful implementation of them into the Bitcoin network. This process will be extremely complex, requiring a precise orchestration of all users, from developers to miners.

Creating algorithms that even a quantum computer cannot crack is a monumental task and is described as post-quantum cryptography. Although the development of these cutting-edge algorithms is still in its early stages, more and more developers are lending their hand to the cause and things are expected to accelerate in the next few years.

High-Profile Bitcoin Security Incidents

Let’s consider two recent Bitcoin security incidents that have caused major disruption and helped to change the way we think about securing cryptocurrency.

Ronin Network breach – In March 2022, the highest-value cryptocurrency attack was the breach of the Ronin Network which powered the extremely popular Axie Infinity blockchain gaming platform. By breaching this network, cybercriminals stole around $625m worth of cryptocurrency.

North Korean state-backed hackers, Lazarus Group are thought to be the culprits and It is believed they obtained five of the nine private keys held by transaction validators that were required to access Ronin Network’s cross-chain bridge (a decentralized application that facilitates transactions).

Binance Exchange hack – Back in October 2022, one of the world’s biggest cryptocurrency exchanges, Binance was hacked, with $570m stolen. Hackers targeted the BSC Token Hub, a cross-chain bridge, and exploited a bug in a smart contract to extract Binance coins.

As well as high-profile cases such as this, the countless number of individuals that cybercriminals have targeted is an even bigger concern. Some people can become complacent when it comes to securing their Bitcoin keys, while various platforms can employ outdated processes or need to provide more security. For example, If a wallet, platform, or application has a QR code for registration, this can be a significant security flaw, especially given that hackers have already targeted features like this.

Conclusion – What Have We Learned?

These high-level cybercrime cases show that even the most advanced and high-profile cryptocurrency institutions struggle to keep up with the latest cybercrime techniques. In addition to vast and complex blockchain networks and secondary-level, third-party applications, the resources needed to secure Bitcoin and other cryptocurrencies are substantial.

Although multi-sig wallets provide impressive protection, they are not ironclad. This is why developing advanced algorithms, such as those created to fend off quantum computing attacks is the key focus to ensure the future of cryptocurrency. 

This is a guest post by Kiara Taylor. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Mastercard has partnered with Bitcoin and crypto payments provider Mercury to launch a euro-denominated debit card allowing users to spend Bitcoin and crypto directly from non-custodial wallets, as per Cointelegraph. 

JUST IN: 🇪🇺 Mastercard launches euro non-custodial #Bitcoin and crypto debit card.

They have over 100 MILLION merchants 🚀 pic.twitter.com/xpASRDrhVx

— Bitcoin Magazine (@BitcoinMagazine) September 5, 2024

The card enables European Bitcoin holders to spend from their self-hosted wallets at any of Mastercard’s over 100 million merchants globally without needing to custody funds with an intermediary.

Mastercard is a payments titan serving nearly 1 billion customers in over 210 countries. This latest integration reflects the company’s growing efforts to bridge Bitcoin with its sprawling traditional payments infrastructure.

“We are providing consumers who want to spend their digital assets with an easy, reliable, and secure way to do so, anywhere Mastercard is accepted,” said Christian Rau, Senior Vice President of Mastercard’s crypto unit.

The card allows spending Bitcoin and other crypto simply by connecting a non-custodial wallet. Users avoid selling Bitcoin and crypto on an exchange before spending, maintaining full ownership. However, Mastercard’s card does have fees, including a €1.6 issuance fee, €1 monthly maintenance fee, and a 0.95% transaction fee. 

Nonetheless, by supporting non-custodial wallets, Mastercard addresses a major pain point and grants users the flexibility to directly control their Bitcoin and crypto. The move caters to a growing audience preferring self-hosted wallets over centralized exchanges.

Today, Blockstream opens the series 3 round for its second Mining Note — the BMN2.

The note will be available to eligible non-US investors and has been repriced from the series 1 and 2 rounds, which occurred on July 18. This round of the BMN2 is priced at $31,000 petahash per second (PH/s), or a hash price of $21.23. Investors who purchased the BMN2 in the series 1 and 2 rounds, during which the note sold at a higher price, will be awarded extra BMN2 to make up for the difference in price between the first two rounds and the third.

The issuance of the BMN2 comes on the heels of the success of the first Blockstream Mining Note, the BMN1, which provided a 32% return over BTC.

Details of the BMN2

The BMN2 will be a hashrate-backed security token offering (STO) issued on Blockstream’s Liquid Network by Luxembourg-based virtual asset service provider (VASP) Stokr. The note offers 1 PH/s at Blockstream’s North American mining operations for four years.

“Hashrate contracts are typically 30 days up to six months,” James Macedonio, Senior Vice President of Global Sales at Blockstream, told Bitcoin Magazine, highlighting how the duration of Blockstream’s note differs from other financial products like it. “Rarely do you see [contracts] even go to 12 months.”

Blockstream is offering the note in 1 PH/s increments because petahash has become the industry standard for measuring hash price, and the contract’s duration corresponds with the four-year Bitcoin halving cycle.

“We wanted to lock in a hash price for customers for four years, which will basically run until the next halving,” he said.

The minimum investment for professional investors is $10,000, while non-professional investors have a $115,000 minimum investment threshold. Shares of the STO will be fungible and will be available for trading, in both full and fractionalized form, on secondary markets including Bitfinex, SideSwap and Merj Exchange. Macedonio explained that Blockstream’s pricing is competitive, as the note will sell for a 50% discount to the current spot hash price.

“If you’re looking to buy hashrate, this is going to be a lot cheaper than buying a hashrate contract on the open market,” he said.

The Success Of BMN1

The BMN1, which offered 2 PH/s over a 36-month term, mined 1,242 bitcoin, delivering up to 103% cash-on-cash returns and the aforementioned 32% return over BTC. Blockstream is aiming to provide similar returns to investors with the BMN2.

“We priced the BMN2 to a level at which we feel investors will get the same type of return,” said Macedonio.

“We sold BMN1 at about a 60% discount to what would have been the hash price at the time. With the BMN2, we’re selling at about a 50% discount to the current spot hash price. Future series pricing will be dependent on what the hash price is at that time,” he added.

Blockstream will reward investors who roll over from BMN1 to BMN2 with a 3% bonus in additional BMN2 securities.

BMNs Stand Apart From Similar Products

Blockstream Mining Notes offer investors looking to gain exposure to bitcoin mining a unique value proposition.

“We get really cheap energy rates and we get good pricing on equipment, as well,” said Macedonio. “So, we can offer a hashrate at a really cheap price compared to other folks.”

Macedonio highlighted that the BMN2 is priced at the equivalent to hosting mining equipment at 4.5 cents per Kilowatt hour (kWh), whereas large customers currently pay upwards of 6.5 cents/kWh for hosting arrangements.

He also noted that, with BMNs, investors don’t have to buy machines, nor do they have to worry about machine failures or power curtailment. Plus, investors don’t experience a lag in putting the money down for their investment and machines going online when they purchase BMNs.

“I don’t think there’s another product out there that competes with it,” said Macedonio.

This article is featured in Bitcoin Magazine’s “The Privacy Issue”. Subscribe to receive your copy.

Privacy is a fundamental issue in using a public blockchain system like Bitcoin. Numerous projects and proposals have been made over the years to either build privacy preserving tools on top of Bitcoin, or fundamentally add privacy at the protocol layer itself. Satoshi himself discussed briefly the idea of zero knowledge proofs being a mechanism to enable greater privacy before he left.

This is all the original whitepaper had to say on the topic of privacy:

10. Privacy

The traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party. The necessity to announce all transactions publicly precludes this method, but privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous. The public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone. This is similar to the level of information released by stock exchanges, where the time and size of individual trades, the “tape”, is made public, but without telling who the parties were.

As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.

——————-

That’s it. That is the only consideration Satoshi gave in releasing Bitcoin to the transactional privacy of its users. Don’t reuse addresses, and carefully think through when you spend a coin together with another one because it will create transparent ownership links on the blockchain. Fifteen years later we have a comprehensive enough body of knowledge and experience to know that this section in the whitepaper is woefully incomplete.

It was nothing more than an abstract description of the model within which private, or non-private, use of Bitcoin would evolve over the coming decade. His advice to avoid spending coins together is no more practical than someone advising you to never spend more than a single cash note when buying something for the rest of time. It was inevitable that in the course of using Bitcoin as a currency people would regularly have to spend multiple coins together, inextricably linking their funds together over the time in the course of successive transactions.

Basic heuristics such as spending coins together form the basis of blockchain analysis, and the unraveling of people’s transaction history. If multiple coins are spent together in a single transaction, it’s a good assumption that all of those coins are owned by the same person. If an address is used to receive multiple coins from different people, those are all owned by the same person. When large groups of coins get spent together and connected over time, this forms a cluster. All of these, and other, basic heuristics are why Bitcoin’s blockchain are not private. You can watch transactions on-chain and apply these heuristics to them.

Now before I go any further, that was a critical point to make early on to ensure people could reason about it correctly, but it prescribed no reasonable or useful models for how to proactively maintain your privacy as a user. This is one of Bitcoin’s fundamental shortcomings. The protocol itself does not provide any tool or architecture to inherently protect the privacy of its users, that is left entirely up to them.

Choosing Privacy

Many protocols have been designed over the years to try to address this problem:

Coinjoins: Protocols where users collaborate to spend their coins together, allowing them to send the same amount of coins to each of their addresses in the same transaction, confusing observers as to who’s coins went where. Coinswap: Protocols where users can privately perform a swap involving two transactions where they exchange their coins with each other. As long as both parties cooperate with each other, no connection is visible on the blockchain between the two transactions. Chaumian Ecash Mints: Protocols allowing a centralized issue to mint cryptographically blinded tokens structured in a way that they cannot tell which token is which when a user goes to redeem them. It facilitates centralized yet highly private transactions. Confidential Transactions: One of the components that is critical to Monero, it was originally developed by a developer working on Bitcoin. It obscures the amounts cryptographically blinding them, and providing a proof that the outputs to a transaction are equal to or less than the inputs without showing them. It was highly inefficient at the time it was proposed, and would have exacerbated Bitcoin’s scaling issues. It also allows a quantum attacker to secretly inflate the Bitcoin supply without being detected, or unravel everyone’s transaction history, if they can break the cryptographic assumptions Bitcoin depends on, depending on which types of cryptographic commitments it uses. Zerocoin: A scheme created to allow depositing coins into a single “escrow pool”, withdrawing later with no connected on-chain history to before verified by a zero knowledge proof. It was never implemented because the scheme was very computationally intensive to use at the time.

The first two of these proposals are application layer proposals, they are things that can be built on top of Bitcoin right now. No changes are necessary, and anyone can build software and tools allowing users to utilize either protocol. The second two are fundamental upgrades to Bitcoin at a protocol level. They cannot just be done now, and require convincing people to upgrade Bitcoin in a way that comes with non-negligible trade offs. In my opinion those upgrades will most likely never happen.

That leaves us with things we can build now. Many tools have already been built, and many more will have to be built, but our path forward is paved with privacy tools that people have to choose to use. If no one makes use of them, they are useless. No one can achieve privacy alone in a public system like Bitcoin, you need other people in order to achieve privacy on a blockchain, you need a crowd to hide in. This is very much an individual choice, yet at the same time each individual’s choice has a profound impact on the whole of everyone using Bitcoin.

It is one of the most important choices there is to make regarding Bitcoin.

If people do not value their privacy enough to act to preserve it, then privacy on Bitcoin will die. It will become verboten, something ostracized at first, then actively penalized and punished as time goes on. Governments will stigmatize it, regulate it away, and relegate it to an obscure minority on the fringes of society. At that point, privacy on Bitcoin will have failed.

Even Eric Hughes, the author of the Cypherpunk Manifesto, coiner of the phrase “cypherpunks write code,” realized later on that code alone was not enough:

“Perhaps the single most important lesson I’ve learned from cypherpunks is that code alone doesn’t cut it. Not code alone, not code widely distributed, not even code widely used. Some measure of toleration in society for activities conducted in private is necessary for long term success. Not convenient, not easier, but necessary.” -Eric Hughes, Cypherpunk Mailing List Mar 14, 1996.

People must choose to value privacy at large. It must be a valuable thing to them, valuable enough that they will act even in the face of coercion and intimidation to achieve it. It must be widely tolerated in society, the same way that free speech is in America, or the right to bear arms. It must be something so widely supported that even in the face of fierce opposition from some segment of society, governments will not act to outright stifle it in the face of the size of its support.

People must disobey such attempts in such large numbers that it is socially and practically intractable to actually enforce them. This decision, and the actions that follow it, is very much a political decision. A political act.

People must act, or this battle is already lost.

Building Privacy

We are going to assume for now that people will act, and in sufficient numbers to be successful. So what exactly do they do? Without fundamental changes to the protocol people have to opt into specific tools in order to preserve their privacy. What tools? How do they work?

We went over a handful of tools above, but we did not really go into a deeper or holistic view of how they work. It’s important to understand how different tools can interact with each other. Seen in a vacuum, it’s easy to walk away thinking that any individual privacy tool on Bitcoin can never be good enough on a technological level, but when you start to look at all of them interacting together it should be apparent that a very strong degree of privacy can be achieved. If users adopt all of these tools together.

Almost everything in Bitcoin is composable, none of the tools people have at their fingertips exist in a vacuum. Different things can be used in synergistic ways, whether that takes the form of being combined outright into single tools or multiple tools being used in tandem. Let’s go through the current state of things from top (upper layers) to bottom (the base layer).

Chaumian Ecash

Chaumian ecash mints are an old idea predating Bitcoin by decades. David Chaum came up with the concept in 1982. Chaumian ecash utilizes blind signatures to create a private payment mechanism. In the scheme, a central mint server acts as a token issuer, facilitating the creation of new tokens backed by deposits and redeeming tokens for new ones to process transactions. The private nature of the transactions it processes are powered by blind signatures.

Each token is essentially just a random value signed by the mint. In the naive case of such a scheme, the mint would be able to track the redemption of each token it signed, correlating the one being redeemed with the one being issued and viewing each token chain’s transactional history. By blinding each token value before submitting to the mint for signing, the mint is unaware of the exact value it signed. After acquiring the mint’s signature, they can unblind it, resulting in a perfectly valid signature from the mint on the plaintext of the token value the user generated.

The mint would only see a plaintext token whenever it was redeemed to be issued a new one, and because the token was blinded when it signed it, it would have no idea when or for who it signed. This allows for centralized, but incredibly private, transactions. The mint will have no idea who is paying who when it redeems tokens for new ones.

For the cost of trusting the operator to custody funds, users can realize a level of almost perfect privacy. It also has no requirements for receiving liquidity or other shortcomings protocols like Lightning suffer from. Any user anywhere willing to trust a mint can receive money privately simply by receiving a token from another user and redeeming it for a new one from the mint.

The utility of ecash goes far beyond just private scalable payments as well, ecash tokens can be made programmable. When someone uses a Chaumian mint, they are trusting the operator to process payments honestly and not steal everyone’s money. There is no reason at that point why they can’t also do more than process payments. They can also enforce smart contracts.

The same way that Bitcoin script allows people to program conditions on when their bitcoin can be spent, mints could use script or other programming languages to allow users to program conditional spending requirements into ecash tokens. Rather than just generating a random value to blind for the mint to sign, users could generate a script program to blind. After the mint signs it, when someone comes to redeem that token they will see the script it is programmed with. The mint simply refuses to authorize a redemption unless the script is fulfilled.

There are a few different trust models possible now, with more surely to come as people think more about how they can be built. The simplest and most straightforward is a single operator. This is the same as any custodial system like Coinbase. The next is a federated operator, distributing the trust across multiple parties. This puts ecash on par with many other systems built in this space people consider decentralized. There are even suggested models that invert the entire risk relationship, where the chaumian mint issues tokens backed by its own money, lending them out to users and periodically calling in the debt.

So, even right now, we can achieve an enormous amount of privacy…but at the cost of a loss of sovereignty and control over our own funds. This is far, far from ideal, but it’s a path forward that is open to us now. We just need there to be enough people operating these, and a solution for people using different mints to interact with them.

Enter the Lightning Network. It allows seamless deposits and withdrawals by users interacting with a mint, and a quick settlement mechanism for a receiving user to cash in a mint from one token and transfer it to another mint they prefer using or trust more.

Lightning Network

Lightning is a network of bi-directional payment channels, allowing users to route payments off-chain across this network. Users collaborate with one another to lock funds in a two party multisig address, using pre-signed transactions to ensure each party can claim their funds back without any help if necessary. After being established, the balance of funds can be updated off-chain by signing a new set of transactions and exchanging “penalty keys” that would allow the other party to confiscate the entirety of a cheating user’s funds in the channel if they attempted to use any old transactions on-chain.

Lightning, while far from perfect, is a massive improvement in terms of privacy compared to on-chain bitcoin use purely by virtue of not recording every transaction that occurs on the blockchain. Rather than every transaction a user makes permanently recording the history of where coins came from and where they went, the only visible history on the blockchain is the creation of the payment channel. Nothing about payments made or received is visible to the general public, only the counterparty the channel was opened with.

As far as the off-chain footprint is concerned, things are a bit more nuanced. Receivers for instance currently reveal their Lightning node to anyone paying them. This could be addressed with BOLT 12, a proposal incorporating a scheme called blinded paths which obscures the receiver’s Lightning node from the sender by having them compute the last few hops in the payment route. Senders however currently have excellent privacy, with the receiver learning nothing about their Lightning node or funds.

Lightning has some rough edges for end users to deal with though. Namely the requirement to have liquidity allocated by their channel counterparty to receive money, and the inability to receive more money than their channel counterparties have available to route to them. It functions amazingly as a payment routing network, assuming users have addressed the liquidity issues.

Most users address these by making use of a Lightning Service Provider (LSP). They fill the role of providing liquidity for users to receive money, but the trade off of solving that problem comes with privacy trade offs. The LSP is a large entity serving many users, and in the process learns about a large number of users’ payment activity. In some cases, particularly LSPs that make use of Trampoline Routing (a scheme where the LSP calculates a payment route for you), they even learn the destination of all their users’ payments.

Some of these issues can be addressed by bolting Chaumian ecash mints on top of Lightning. By having many users “use” a single Lightning node operated by the mint, liquidity allocated so the mint can receive funds can be shared more efficiently by all users. The private nature of ecash also helps shield users from some of the privacy shortcomings of Lightning. Even if the mint, the Lightning node operator, knows where payments it makes across the network are going, it doesn’t know which user(s) made them.

Overall use of Lightning directly by a user is not as private as Chaumian ecash, and does come with the added issues of having to source receiving liquidity and interact with LSPs, but it does not require relinquishing control of your funds. It can’t scale as well as ecash, and is more complicated to use, but it has a far superior trust model.

One thing Lightning doesn’t do however, is completely obscure the ability to track coins moving on-chain. It might hide and obscure individual payments conducted off-chain, but it is still possible to track coins into a channel, and track where they go when that channel is closed.

Coinjoins

Coinjoins are a protocol that enables multiple users to collaborate together to craft a transaction structured in a way to make tracking their coins difficult or impossible. Heuristics like common input ownership and clustering are the basis of tracking people’s funds. Breaking these is how to protect your privacy. Coinjoins accomplish this by structuring the amounts going in and out of a transaction properly.

Assume you have five people who want to obscure their transaction history, by combining their coins together in a single transaction and all creating outputs of the same denomination they create a false positive for common ownership by spending their coins together and create a false cluster. Because the outputs are of the same denomination, no one can be sure when they are spent in the future whose coins they actually are.

Now consider a Lightning user again. Even if realizing the maximum privacy benefits possible with Lightning, they still need to consider the privacy implications of interacting with the blockchain. Imagine a user withdrew coins from a KYC exchange and opened a Lightning channel. He might be able to make thousands of transactions back and forth over Lightning, but when he closes that channel with less funds than he put into it, the exchange can see that he at least spent that much somewhere in his off-chain activity.

When he spends those coins with other coins known to be his, or opens a new Lightning channel associated with his node with them, the exchange can be even more confident they are still under his control. These connections need to be broken and obfuscated. That is the role coinjoins can play.

Coinjoin was the most widely deployed protocol for base layer privacy, the two largest examples being Wasabi by ZKSnacks and Whirlpool by Samourai. Samourai was recently shut down after the founders were arrested, and Wasabi voluntarily discontinued the operation of their coordinator shortly after. Both of these systems depended entirely on a centralized coordinator server to help users actually construct their coinjoin transactions.

Joinmarket is another option that is operational currently, using a decentralized model where “takers” (users) select from a market of “makers” (liquidity providers) to coordinate coinjoins. Joinmarket however is not as well developed or maintained as there is no company behind it. It is a purely open source project.

These are not the only options by any means. People can spin up a Wasabi or Whirlpool server again if they want, people can even design new coordination models for serverless coordination. The coinjoin transaction itself, and how it is coordinated, are very separate things despite being related. There are many different ways the goal of coordinating the creation of the coinjoin can be accomplished. And importantly, it is permissionless to try new ways.

The Holistic Stack

Now that we’ve gone through these pieces, think about how they all interrelate. How they form together to create a holistic synergy at every layer to maximize privacy. Users transacting with an ecash mint have a massive degree of privacy even from the mint operators, those mint operators in using Lightning can themselves achieve substantial privacy for themselves and their users interacting with other mints, and in reorganizing liquidity on the base layer coinjoins can keep even that activity done on a public blockchain obscured.

Even without radical changes to Bitcoin itself, there is a path forward from where we are now to a private and censorship resistant Bitcoin. It is not ideal, it does require either costs and complexity or compromising on the desired goal of trustlessness, but it is possible.

Going forward, it can be made even better with each improvement made to the Bitcoin protocol. Covenant schemes that improve scalability could address some of the issues with systems like Lightning. This would allow more users to be able to interact with Bitcoin in a private way self-custodially, rather than having to delegate control of their funds to a chaumian mint.

Some of these scaling improvements might even reduce the need for on-chain privacy schemes such as coinjoins. Having more people share custody of a single coin in a trustless manner would introduce natural ambiguity as to who is doing what when withdrawals are made from that coin.

We have a path forward even now, and that path will get brighter with each improvement made to the Bitcoin protocol. People just have to choose to actually walk down it.

A Future With Privacy, Or A Future Without

Privacy might seem to some like a thing not worth caring about, or not that important. “What do you have to hide anyway?” I think those people simply don’t appreciate the implications of having no privacy. Look around at the world today, look at how quick people are to ostracize and shame someone publicly for innocuous things. Holding the wrong opinion, saying the wrong thing, voting for the wrong politician.

More and more the lack of privacy in regards to personal life is causing disastrous and traumatizing consequences for people. It is vitally important that people actually have control over what information about themselves is or is not made available to the public. This is not just a matter of criminals wanting to hide nefarious or horrific things, it is about everyday people being able to protect themselves from the whims of the mob.

Going even further than that, people living under totalitarian or oppressive governments around the world have much more to lose than a job or social standing if they are not able to maintain privacy. They can literally lose their lives.

Privacy can be the difference between physical safety and danger even for people living in a safe and free jurisdiction. Imagine if in the course of transacting with someone you revealed that you own a sizable amount of bitcoin, you have now in a very real sense opened yourself up to the possibility of physical danger. There are numerous documented cases of kidnappings, physical assault, even torture by criminals attempting to steal bitcoin from individuals who have revealed themselves to be wealthy.

Even domestic violence is an example of a situation where privacy is of utmost importance. One of the biggest reasons people do not leave abusive relationships is the financial inability to. How can someone in that situation attempt to work their way towards financial independence to leave without privacy? Without the ability to save and earn money without their partner discovering it?

Privacy is important.

To come back to Bitcoin, one of the chief properties it is valued for is its censorship resistance. The ability to transact however and whenever you want, without permission, without someone else having the ability to stop you. Transactions have two parties though, a sender and a receiver. A buyer and a seller.

If governments, regulators, the mob of the public, all can track your payments and coins in public, how can you have censorship resistance? How can that exist when any government or mob can coerce and threaten people to not transact with you? How can Bitcoin be censorship resistant when everything you do can be followed, and when you become persona non grata, the weight of government and social pressure can prevent others from interacting with you? Remove that choice from the individual of whether to transact with you or not, and impose a decision on them? When a merchant has to worry that if they receive “the wrong coins” the government will track them down and seize them, resulting in them losing money? It can’t.

If coins can be distinguished from each other in any meaningful way, and tracked as they move around, Bitcoin starts breaking down and not even functioning properly as a money. Money has to be fungible, i.e. two coins must be indistinguishable from each other from a merchant’s point of view. To be fungible, it has to be private.

Privacy, fungibility, and censorship resistance are all facets of the same thing. They can only exist together.

People have to choose to value privacy, or Bitcoin will lose its censorship resistance. Most people won’t choose privacy over purely ideological grounds, or political grounds, they will need to be shown it is actually useful. They need to actually see and use something that lets them donate to a cause important to them without being shamed or attacked for it. They need to see that people in a totalitarian state can actually use it to accomplish something meaningful. They need to actually see the eerie and creepy omnipresent ads online disappear or become wildly inaccurate as they make purchases privately, out of sight of the big data fishing net.

This is the most important battle Bitcoin will ever face, and we are at an inflection point in that fight right now. The outcome of this fight will shape Bitcoin for the rest of its existence. Will it be a tool for sovereignty and freedom, or one for surveillance and oppression? That is up to us to decide.

I do not want to live in a world where I have no privacy of thought, of interaction, of transaction. Where every action I take, every thought I utter, or even think, is put under the scrutiny of the government and the mob of the public. Where the slightest misstep leads my life to ruin, with no room for dissent or dialogue or debate.

I choose privacy. I choose censorship resistance. I choose freedom.