While bitcoin is the most popular and valuable decentralized digital currency in the market today, it is not without its issues. One of the main challenges that the Bitcoin network faces is a lack of transaction privacy.
To address this, a number of altcoins with a focus on privacy have been introduced into the market. The largely positive market response to privacy-centric coins such as Monero (XMR) and Zcash (ZEC) reiterates the gap that exists in the cryptocurrency space in this regard. Additionally, hard forks such as Bitcoin Private (BTCP) are aiming to provide transactional privacy to users while still capitalizing on the brand recognition held by bitcoin.
While privacy coins are a great addition to the crypto universe, many in the bitcoin community believe it would be best if the Bitcoin network was able to facilitate a greater amount of privacy.
To this end, there are a number of Bitcoin Improvement Proposals (BIPs) that seek to improve the ability of the Bitcoin network to preserve user privacy. BIPs are suggested amendments to the software upon which the network is built.
In this article, you will be introduced to the proposed changes that are designed to better privacy in the Bitcoin network.
The idea of Confidential Transactions was first proposed by Adam Back on the Bitcointalk forum. The computer scientist initiated this discussion in 2013. In his proposal, Back suggested adding “homomorphic commitments instead of explicit amounts in place of values in transactions.” This would facilitate greater privacy levels as the values would be obscured from public view.
While the suggestion was received positively by members of the bitcoin community, the idea lay dormant for some time until bitcoin developer Gregory Maxwell turned his focus on it. Building on Back’s suggestions, Maxwell named this approach “Confidential Transactions” (CT).
Maxwell employs a cryptographic tool called a Pedersen Commitment to make it possible to hide the values in a transaction:
“The basic tool that CT is based on is a Pedersen commitment. A commitment scheme lets you keep a piece of data secret but commit to it so that you cannot change it later. A simple commitment scheme can be constructed using a cryptographic hash: commitment = SHA256( blinding_factor || data ) If you tell someone only the commitment then they cannot determine what data you are committing to (given certain assumptions about the properties of the hash), but you can later reveal both the data and the blinding factor, and they can run the hash and verify that the data you committed to matches. The blinding factor is present because, without one, someone could try guessing at the data; if your data is small and simple, it might be easy to just guess it and compare the guess to the commitment.”
Additionally, CT utilizes two additional cryptographic techniques. These are Elliptic Curve (EC) signatures and ring signatures. They enable the Pedersen Commitment to work effectively to promote confidential values.
In the initial stages of research, CT was deemed unworkable and ineffective because the transactions were too large and would have clogged the network needlessly. They were four times larger than regular transactions. However, with continued research, developers have been able to continuously reduce the transaction sizes. The latest research has succeeded in reducing the size to only a third of regular transaction. “The exciting recent update is that Benedikt Bünz at Stanford was able to apply and optimize the inner product argument of Jonathan Bootle to achieve an aggregate range proof for CT with size 64. [This] cuts the bloat factor down to ~3x for today’s traffic patterns.”
While there have not been further announcements made since November 2017 on the Confidential Transactions front, Maxwell indicated that testing is an advanced stage. The BIP would come into effect through a soft fork. The Blockstream scientists involved with the project published a paper with all technical details on the subject matter here.
The Dandelion project is the brainchild of Andrew Miller who has previously worked on the privacy-centric coin Zcash. In collaboration with three research scientists from the University of Illinois, Miller believes this project will help redefine the anonymity parameters within the Bitcoin network.
In a paper titled “Dandelion: Redesigning the Bitcoin Network for Anonymity,” the researchers explain their goals stating: “We aim to address the Bitcoin P2P network’s poor anonymity properties through a ground-up redesign of the networking stack. We seek a network management policy that exhibits two properties: (a) strong anonymity against an adversarial group of colluding nodes (which are a fraction p of the total network size), and (b) low broadcasting latency.”
This project aims to reduce the vulnerability witnessed within the Bitcoin network when it comes to uncovering the identities behind transactions. There are a number of companies that have managed to successfully compromise the pseudo-anonymity of bitcoin users, such as Chainalysis and Bitfury.
The Dandelion project explains: “There have been several attacks on the anonymity of Bitcoin, most of which harness the public nature of the blockchain [40, 35, 42]. Transaction patterns can be used to link user transactions over time, and in some cases identify the human owner of a public key. More recently, authors have demonstrated deanonymization attacks on Bitcoin’s networking stack. These attacks typically use the first-spy estimator, and achieve surprisingly high accuracies. The Bitcoin community has responded to these attacks with ad hoc changes to its networking stack for improved anonymity.”
While it is true that many changes have been implemented within the Bitcoin software to reduce the threat of these attacks, many are of the opinion that there needs to be a rework of Bitcoin’s underlying protocols. Dandelion is taking this approach.
Dandelion is simply a tool through which it becomes more difficult to ascertain the origin of a transaction:
“Dandelion is a new transaction broadcasting mechanism that reduces the risk of eavesdroppers linking transactions to the source IP. Dandelion transaction propagation proceeds in two phases: first the “stem” phase, and then “fluff” phase. During the stem phase, each node relays the transaction to a *single* peer. After a random number of hops along the stem, the transaction enters the fluff phase, which behaves just like ordinary flooding/diffusion. Even when an attacker can identify the location of the fluff phase, it is much more difficult to identify the source of the stem.”
The stem phase of a transaction is the one that holds the user’s private data while the fluff phase refers to the processes through which the network tries to obscure these details. By sharing this information with only one user, it becomes more difficult to ascertain its origins. This results in a greater degree of privacy for users.
The Dandelion project submitted its proposals on Github in May 2018, a year after it was first announced. While this BIP has yet to be assigned a number, it is likely to better the privacy on the Bitcoin network, if it is implemented.
Numerifides Trust Consensus Protocol
Numerifides is a proposal set forth by developer Tyler Hawkins. Disseminated through the bitcoin developers mailing list, his proposal details a system through which it is possible to include secure, decentralized, and human-readable names, as well as other data, on the Bitcoin network. These three variables are referred to as Zooko’s triangle. Hawkins explains the following: “I have been working on a proposal called Numerifides which would provide a general method to register human-readable names and arbitrary data (such as username->GPG key, domain->IP address, Lightning node Alias-> URI, etc.).”
Further explaining the motivations behind the pull request on Github, Hawkins states:
“Rather than deriving justice and authority from a system that’s not supposed to look but too often does, I propose a DECENTRALIZED CONSENSUS PROTOCOL that enables a system of decentralized authority, whereby a user or actor can assert identity, existence, and authority on a public piece of data, on an open blockchain and any independent, skeptical user or actor operating the consensus protocol can verify any other actor’s statement of authority in a decentralized, fair and privacy-protective manner.”
This proposal has privacy implications as it allows users to create aliases through which they can transact on the network. The creation of secure data through the Numerifides proposal involves two actions. First, a user must lock up a certain amount of bitcoin. Also, they must provide proof of work (PoW) confirmation. The larger the time-locked bitcoin and PoW, the more secure the data.
This is an interesting approach to providing secure and private data on Bitcoin’s blockchain. The proposal was uploaded onto Github only a month ago and is still in the early stages. However, it may have promising implications if it goes through the necessary steps before it is implemented into the network.