Table of Contents
ORIGINAL SPEECH TITLE: How to make privacy convenient
SPEAKER: Max Hillebrand
CONFERENCE: BTC PRAGUE 2023
We have a big problem in Bitcoin, and that is that Bitcoin anonymously is very difficult, expensive and slow. That was the founding mission of Adam Ficsor in 2015 when he tried to address the problem of Bitcoin privacy. Why is that the case?
Bitcoin is open by design
That also means that it is free and open-source software where we can all verify what each other is doing. In order to ensure that we have the money that we actually have agreed to, all of the coins must be verified by every single participant of the network, and that is really not good.
Bitcoin Privacy is hard
It is great that we can have a base money system without a single trusted third party, but it’s also really hard to use this system privately. That is because there’s a litany of lists of things that you need to take care of in order to ensure that you are actually staying private with your money. Let’s be honest, none of us actually knows what all of these things mean and why they are important and how exactly we should optimize to improve these things.
Bitcoin’s UTXO model is really great. It’s a very efficient way to establish a global consensus over the base money. However, it’s also very terrible because it enables everyone to get a peek into your financial transactions. The same trades, the same fundamental aspects that make bitcoin so verifiable also make it very traceable. This is something that we will inherently have to deal with.
When you have confidential transactions, for example, in a banking system, only the sender and the receiver and the trusted third-party bank know about the inner details of what’s going on. That’s cool, right? We can do a lot of things here. That’s what we were all used to for many years. But in Bitcoin, every transaction is public. Everyone can see what’s going on, especially when we are doing bitcoin peer-to-peer trades.
It will lead you to being the fish in the glass bowl. Just imagine what would happen if someone can type in your name into Google and you see exactly when and how much money he received from whom and where he’s spending it. That is a big problem.
Why is that the case? Because this is fundamentally what a Bitcoin transaction looks like. We have inputs on the left side; those are the coins that are being spent, and we have outputs on the right side; those are the coins that are being generated, the addresses that receive new money. When we have a small transaction like this, it is quite easy to see what is going on. In this case, someone is spending three of his coins. These coins might have been to different addresses, so in the past, nobody knew that they belonged to the same person. But now, because you spend it all together in one transaction, it’s clear that all these belong to one person. And you can also see that in the future, there are two outputs, and one of them goes back to the person who made the payment. Now you can follow his future transaction history as well.
In a case like this one, that might be an exchange making a batched payout to all of the people who have stacked sats and want to withdraw it. But now, if you’re one of those users of the exchange, you can see exactly how much bitcoin other users of the exchange have bought. That’s just not great.
Sending bitcoin leaks personal data
It is just really difficult to use Bitcoin without leaking sensitive personal information, like your total wallet balance, like the time and the amount that you received in the past, and who was sending that money to you, how long you held on to it, and where you’re gonna spend it next.
All this information is shared by default in the background without you even knowing.
If there are no good privacy best practices by default, it means that unnecessary information is linked all over the place.
Without changing Bitcoin a single bit, we have a system that is completely trustless, meaning that nobody can steal from you. It’s fully non-custodial, and nobody can spy on you, not even the service provider or the other participants of this protocol. It works with any amount of bitcoin, well, basically a minimum of five thousand satoshis and a maximum of 40,000 bitcoin. If Satoshi is in the audience, he can come back now and spend his bitcoin privately.
It’s also extremely fast. The really cool thing about a coinjoin is that it’s a single transaction model. Every 30 minutes or so, we have a successful transaction to increase users’ privacy. And if you’re not that paranoid and you just want to have a minimum decent level of privacy so that it’s at least not trivial to find out all of the stuff about you, then one round is totally enough. So very fast, you can get a substantial amount of privacy.
Throughout the entire project, we’ve optimized for the block space efficiency. We really want to have a system that is very efficient and cheap to use. We don’t want to use much more block space than other regular Bitcoin users would want to use. That is Coinjoin.
Coinjoin transactions look big; they have many inputs and many outputs.
Coinjoins are collaborative Bitcoin transactions.
Instead of you alone making a transaction, you get together with your friends, everyone here in the room, and we build a gigantic transaction where we send money right to ourselves along with others at the same time. That’s the basic gist of a coinjoin. Again, you can’t lose money with it, and nobody can spy on you here.
Coinjoin inputs and outputs
Coinjoin transactions have inputs just like any Bitcoin transaction, but they’re not just from you; they’re from many different people. They also have outputs, not just from you but from many people. The idea here is that we want to prevent these three things from happening. We want to prevent that an attacker can find out which different inputs belong to the same user. That means here we have a list of inputs, all with different amounts and different addresses, but which of these hundreds of addresses belong to the same guy? I really don’t know.
We also want to prevent the attacker from knowing which inputs go to which outputs. How is the money flowing here? Who is paying whom, so to say? That is the core aspect; we want to transact privately. When you look at the list of addresses, it’s very difficult to say which of the outputs belongs to whom.
Of course, we also want to make sure that multiple outputs belonging to the same person are not tied together. Basically, you want to make multiple payments without telling someone that you make multiple payments at the same time. Coinjoin then removes fundamentally the public transaction history of your UTXOs. Then to these questions of where did you get your coins, how long did you hold on to your coins, and where are you spending your coins, and how many coins do you have left? Well, I don’t know; I can’t know, and I really don’t care.
That’s fungibility right there, that every individual UTXO can be accepted indistinguishably because there is no longer a transaction history of where does that coin come from. It’s just a coin in a transaction, and it’s as good as any other coin. The coins become mutually interexchangeable and indistinguishable, and that reduces a lot of friction.
Anonymity loves company
The basic idea is this: Can you see the guy here on stage? Pretty obvious. Who’s that guy there in the crowd? It’s not so easy. Anonymity loves company. If you have a crowd to hide in, then it’s very difficult for someone else to point you out. Coinjoins are fundamentally a social idea; we get together and make collaborative transactions. The more people join these transactions, the better the privacy for everyone else. It’s a network effect, just like with the telephone or just like with money, but in this time with anonymous Bitcoin transactions.
Privacy should just work
Privacy, it should just work, right? You should not need to know that there is a problem and all the technical details of how the problem manifests and the different solutions that you could use to make it better. No, you just want to receive and send money. That’s really it. You don’t want that, right?
That’s what it feels when you’re the captain. There’s a lot of instruments; there’s a lot of things that you need to know. What do these clusters mean, and what happens if I press that button? Very difficult. It will take years and a lot of expertise to try to master these. It’s cool when you master them; you feel like a ninja, but it takes a lot of time. If you want to increase the size of the crowd, that’s not how we’re gonna do it. Because then all the difficult privacy scenarios that users have to deal with, they all come back, and the end user mom and dad who just want to receive and send money, they have to find answers to all of these questions, and that’s just not good enough.
Privacy by default
Privacy must be default, and that is what we’re doing with Wasabi Wallet. Let’s run through a really quick demo. The first step that you want to do is to download, verify and install Wasabi.
This is our PGP key. Make sure that you’re getting the right software by verifying signatures. You’ll only have to do it once because for every update, the software checks the signatures automatically. But the first time you do it, it’s quite important. Then what’s next? You receive Bitcoin, you wait, you spend Bitcoin, and that’s it. That’s the demo, that’s all that you need to do in order to do anonymous transactions of the base money that is Bitcoin today, right now.
Why and how do we do this? We want to have the easiest possible default with optional insight and control. We want that if you open the wallet and just send money, and you just want to get it done, it will be done very well and very private. You don’t need to worry about it. But if you want to verify what’s going on and you want to see what the wallet is doing, and maybe want to change some things, you want to customize it because you know what you’re doing, then hopefully that’s still possible, still with a great intuitive way to do. Many people here in this conference will love all the crazy advanced features. But even though most of the time, you just want to receive and send money, and you’re going to use the easiest default most of the time. That’s what we’re building at Wasabi Wallet.
We are building big Coinjoin transactions. Right now, we have a minimum of 150 inputs, that’s quite a lot, and there’s a theoretical maximum of 600 inputs and outputs per transactions. At that point, if we want to go even bigger, we would have to do some changes to Bitcoin core’s mempool policy. The mempool is a big mess, so probably 600 inputs and outputs is somewhere where we’ll have a local top for a while, but it is totally possible. These transactions are getting really, really big, and all of a sudden, it becomes a lot more complex to see what’s going on. Small transactions, quite easy to identify; big ones, very difficult to see what’s going on.
Coinjoin transaction fee
The great thing is, this is quite affordable. You have a little amount of block space that you have to pay for, and then there’s a service fee that you have to pay of 0.3% Bitcoin. However, only for the first round. Whenever you receive Bitcoin fresh, you’re going to have to pay the 0.3% fee, but afterwards, the future rounds are going to be free forever for the coordinator. You will still pay for whatever amount of block space you consume, but the coordinator is not going to charge you anything. The best thing, friends don’t pay. So if you received your money from some exchange and you’ve made sure that you use it with Wasabi to get some privacy, now you make a payment to your friend and your friend is also using Wasabi, he won’t have to pay that coordinator fee anymore. Friends don’t let friends pay for privacy because we like our friends and we want them to be taken well care of.
Coinjoin block space
Right now, we have a tiny amount of block space that is filled with Coinjoin transactions. But what if that’s 10%? What if that’s 60%? What if more and more users come together to build these gigantic collaborative transactions?
This is how Bitcoin was looking a couple of years ago. It’s fundamentally scarce, it’s very durable, it’s portable, divisible, recognizable, and immutable. But the first and the biggest complaint about Bitcoin since their very beginning was this is just not private enough. But now, it might just well be. We have created a fungible base money system. What does that mean?
Bitcoin is fucking perfect
Coinjoin makes Bitcoin private and Wasabi makes privacy usable. That’s our mission with Wasabi 2.0.
The best thing, it’s not just us anymore. There are Cypherpunks all over the place that want to use these technologies. Multiple wallets like Trezor and BTCPay are integrating these types of collaborative transactions so that users across different wallets can use these transactions together and make sure that we have a big, happy party in our Coinjoin pool. If you want to join us on this effort to bringing anonymous-based money to this world, we’re having a blast.
Watch the original content: Click here
Also read: Bitcoin over Tor network: How to reach privacy and anonymity
Disclaimer: Transcripts provided on bitlyrics.co represents solely the opinion of the speaker and is not by any means financial/legal advice or an opinion of the website. The content has been transcribed with maximum accuracy. Repetitions and fill words have been amended in order to enhance the reading experience. The full text may not be confirmed by the speaker. Please, refer back to the above-provided source of content for more certainty. If you are a speaker and wish to confirm/amend your speech please contact us.