Ultimate Resource For Crypto-Currency’s Privacy And Scalability Upgrades (#GotBitcoin?)
Bitcoin’s consensus layer has remained unchanged for over two years now. Since Segregated Witness (SegWit), which activated in August 2017, no hard fork or soft fork protocol upgrades have been deployed at all*, marking Bitcoin’s longest stretch without consensus forks so far. Ultimate Resource For Crypto-Currency’s Privacy And Scalability Upgrades (#GotBitcoin?)
But this stretch may soon come to an end: several backward-compatible soft forks are currently in development. Optimistically, some of them may go live in 2020 — if they gather sufficient support from the Bitcoin ecosystem.
These could be Bitcoin’s protocol upgrades in the new year … or perhaps in the new decennium.
Schnorr signatures are considered by many cryptographers to be the best type of cryptographic signatures in the field. They offer a strong level of correctness, do not suffer from malleability, are relatively fast to verify and, perhaps most interestingly, allow for math to be performed with them. To name one concrete benefit for Bitcoin: Several signatures can be aggregated into a single signature, which could, for example, economically incentivize privacy-enhancing CoinJoin transactions.
Adding Schnorr signatures to the Bitcoin protocol has been a work in progress for some time now. But over the past year, developers working on a Schnorr signatures proposal, like Blockstream developers Pieter Wuille and Jonas Nick and Xapo’s Anthony Towns, revealed even more ambitious plans. Schnorr signatures will be proposed as part of a bigger soft fork protocol upgrade called Taproot, a proposal by Bitcoin Core contributor Gregory Maxwell, which was itself inspired by an older proposal called MAST (Merkelized Abstract Syntax Tree).
(Fractions of) bitcoin can be locked up in such a way that they can be spent under several different conditions, for example requiring timelocks, secret numbers of several participants to agree to unlock the coins. With MAST, all the different conditions are hashed and included in a Merkle Tree: a compact cryptographic data structure. The coins would then essentially be locked up in the final hash of this Merkle Tree, the Merkle Root. To spend the coins, you only need to reveal the condition you end up using. The alternative ways in which the coins could have been unlocked remain hidden forever.
Taproot, then, is based on an interesting realization: No matter how complex, almost any MAST-construction could (or should) include a condition that allows all participants to agree on the outcome and sign off on a settlement transaction together. This “cooperative close” would override all other conditions.
Taproot leverages this realization and utilizes Schnorr signatures to make the cooperative close look like a regular transaction. Simplified, the cooperative close would be done with an aggregated signature, which looks just like a regular signature. In doing so, the MAST-construction remains completely hidden to the outside world! This benefits privacy and efficiency.
Taproot may also come with an updated version of Bitcoin’s programming language, Script, called Tapscript. This would also make it easier to add new features (“OP codes”) to Bitcoin’s programming language later on.
Bitcoin’s Taproot Upgrade Won’t Help Privacy Where It Matters
The activation of Bitcoin’s (BTC) Taproot upgrade is moving forward as official Bitcoin Improvement Proposals (BIP) were submitted for review on Jan. 24. Even though Taproot is often hyped up for its privacy improvements, its true impact is likely to be very minor.
What Is Taproot?
Taproot is the name given to a proposal coined by former Blockstream CTO Gregory Maxwell in January 2018. The actual implementation was later developed by a team of Bitcoin contributors led by Pieter Wuille. Taproot is a proposal that enhances Bitcoin’s scripts, a set of instructions attached to each transaction that explains how the funds can be used.
In its simplest form, a Bitcoin transaction is secured by the recipient’s public key, which guarantees that only he can spend them. Scripts can support more complicated features, like timelocks and multi-signature requirements. The former can restrict money to only be spent after a certain point in time. The latter makes it possible to create wallets with multiple owners.
The conditions can be added together, so that there would be multiple options on how to spend the money. For example, the script might say that the funds can be moved immediately if three people agree, or after five days if only two of them do.
In Bitcoin’s current implementation, the full scope of the smart contract needs to be revealed when its beneficiary wants to use the money. That means that if only one of the conditions was triggered, everyone would know that there were others.
Taproot removes the need to publish the entire script, and only shows the condition that was triggered. In addition, multi-signature contracts where all parties agreed on a transaction can avoid revealing the fact that there was a script at all. To an external observer it would look like an individual wallet-to-wallet transaction, assuming the parties involved are in full cooperation.
This is made possible by a different feature called Schnorr signatures, which is encoded in BIP 340. Schnorr is considered a more secure and efficient version of elliptic curve cryptography, which is what underpins the system driving private and public keys.
The proposal is currently under evaluation, but there are no estimates available for its activation.
Limited Benefits To Privacy
Bitcoin is a fully public ledger, which allows specialized tools to track the flow of BTC from one wallet to the next. Thus, a protocol named CoinJoin (CJ) was developed to help break the chain of transactions and provide anonymity.
As it uses a peculiar transaction scheme, it is easy to prove that a certain wallet mixed Bitcoin through CoinJoin. This has recently started to create problems for users.
As previously reported by Cointelegraph in December, a Binance user was put under investigation for his history of mixing the coins he withdrew from the exchange. A similar case involving Paxos was recently reported by a Twitter user.
Taproot is often mistakenly believed to make CoinJoin transactions harder to see, or even make them indistinguishable from normal payments. In a conversation with Cointelegraph, Pieter Wuille revealed that this is not the case:
“Indeed, it [Taproot] hides scripts and makes multisig (often) indistinguishable. It does not directly do anything for CoinJoin.”
Wuille then added that Taproot is “certainly no silver bullet” for privacy.
The confusion may have arisen due to an initially planned feature called cross-input aggregation. It was later removed from the Taproot proposal due to potential issues from its implementation. Furthermore, Wuille clarified that it would not directly improve privacy:
“Cross-input aggregation won’t hide CJ or anything else. It’s not a privacy improvement, only an efficiency one (which may indirectly encourage CJ by making it cheaper, but even then, it won’t reduce the ability to recognize such transactions as CJ).”
Thus, Taproot only improves privacy in limited aspects and under specific conditions. For a person using Bitcoin to buy drugs from a darknet market, there is no benefit.
Privacy On Ethereum: Aztec Protocol Launches On Mainnet
The Aztec privacy network has officially launched on the Ethereum blockchain on Feb. 1. Using Zcash-based technology, it introduces confidential tokens where all amounts are cryptographically hidden.
The network is currently in limited deployment as it only supports zkDai, a private version of Maker’s stablecoin. Other zero knowledge tokens are set to be released in the coming weeks, while full access to custom token creation will be granted in two months, the company says.
The Aztec protocol, just like Zcash (ZEC), uses Zk-SNARKs to validate encrypted transactions. When generating a transfer, a proof of correctness is generated as the amount gets encrypted.
The system hinges on Aztec’s Cryptography Engine smart contract, which can be used to validate the transactions. The contract is based on a system of “notes,” which are generally used in a Bitcoin-like structure of inputs and outputs. Unlike Zcash, however, Aztec currently does not hide the money’s sender and recipient.
Like Zcash, Aztec needed to conduct a trusted setup ceremony. This is a key requirement for all zk-SNARK implementations, as it generates a set of common parameters to ensure efficient computation.
Future Developments Would Make Smart Contracts Private
Aztec’s goal is to deliver its “Triptych of privacy,” which would completely hide a particular portion of the Ethereum blockchain. The next step is to hide senders and recipients, while the final achievement is making smart contracts completely private.
Aztec’s CEO Thomas Walton-Pocock revealed to Cointelegraph that this may occur as early as this year:
“Our priority is to deploy PLONK to ACE in 2020. PLONK is the superfast Universal SNARK developed by AZTEC CTO Zac Williamson and AZTEC Chief Scientist Ariel Gabizon, which will eventually allow private smart contracts to execute with just one trusted setup.”
Authorities Arrest Ohio Man For Laundering $300M In Crypto On The Dark Web (A Good Case For Built-in Bitcoin Privacy)
Authorities recently took an Ohio local into custody recently for accusations of running an unlawful money laundering outfit on the Dark Web.
The alleged operator of an illegal business called Helix, Larry Harmon faces accusations of money laundering and running a money transference venture without proper licensing, the Department of Justice, or DoJ, detailed on Feb. 13.
Harmon Ran Helix For Years
The 36-year old Ohio native reportedly started up Helix in 2014, taking the endeavor all the way to crypto’s hay day in 2017.
The DoJ explained:
“Helix functioned as a bitcoin ‘mixer’ or ‘tumbler,’ allowing customers, for a fee, to send bitcoin to designated recipients in a manner that was designed to conceal the source or owner of the bitcoin.”
Per the allegations, Harmon attracted users by touting the ability to hide fund transfers from the government’s watchful eye. As part of his dealings, Harmon also operated a Dark Web search tool called Grams.
The Ohio Man Was In Deep
Harmon’s supposed endeavors naturally tied him to other Dark Web illegalities. “Helix allegedly laundered hundreds of millions of dollars of illicit narcotics proceeds and other criminal profits for Darknet users around the globe,” Assistant Attorney General for the DoJ’s Criminal Division Brian Benczkowski said in the statement.
IRS Criminal Investigation Head Don Fort Added:
“The sole purpose of Harmon’s operation was to conceal criminal transactions from law enforcement on the Darknet, and because of our growing expertise in this area, he could not make good on that promise. Working in tandem with other sites, he sought to be the ‘go-to’ money launderer on the Darknet, but our investigators once again played the role of criminal disrupters, unraveling the interlinked web from one tentacle to another.”
Charges include that Harmon’s Helix outfit transferred more than 350,000 Bitcoin — worth upward of $300 million at the time. The illegal entity also powered money laundering activities for users of AlphaBay, a highly trafficked Dark Web vendor, the DoJ detailed.
The DoJ pointed out, however, that the charges provided are still considered alleged activities until definitive guilt is proven.
Privacy Altcoin Beam To Execute Second Hard Fork In June 2020
After successfully completing its first hard fork in August 2019, privacy coin Beam plans to execute its second hard fork in June 2020.
Privacy-focused altcoin, Beam (BEAM), will soon execute its second hard fork. This fork will upgrade its Proof-of-Work (PoW) algorithm and activate new network features.
According to an April 22 blog post, Beam’s second fork will occur at block 777,777, shifting the network’s PoW algorithm from BeamHash II to BeamHash III.
The new PoW algorithm is expected to be a major improvement to the Beam mining network, and will enable fuller GPU card capabilities. Additionally, the firm said that the hard fork is designed to unlock some new features like confidential assets, one-sided payments, and the support of privacy protocol, Lelantus Mimblewimble.
Users Need To Upgrade Beam Software Before The Fork In Late June
Beam’s second hard fork is expected to take place on June 28, 2020. The testnet fork is anticipated to happen a few weeks earlier, Beam advisor, Guy Corem, noted in the Beam Telegram channel. Corem elaborated that the testnet fork date depends on block times.
According to the announcement, the hard fork will not require any other actions beyond a software upgrade from Beam users. As such, Beam is planning to release the node and desktop wallet binaries by the end of May, providing users with about 30 days to upgrade to the latest version. Compatible releases of node, wallet, and miner will be versioned Eager Electron 5.0, Beam noted.
Specifically, Beam wallets earlier than version 5.0 will stop working after the hard fork is completed. However, users will still be able to upgrade the wallets to the new version to access their funds, Corem said.
Beam’s First Hard Fork Took Place In August 2019
As officially announced, Beam successfully completed its first hard fork on August 19, 2019. This fork changed the mining algorithm from Beam Hash I to Beam Hash II at block 321,321. After the hard fork occurred, the Beam team reported a significant drop in mining difficulty. This was caused by some miners not performing a timely upgrade.
The Beam mainnet was launched on Bitcoin’s (BTC) tenth birthday, Jan. 3, 2019. Beam is a privacy-oriented cryptocurrency, like Monero (XMR) or Zcash (ZEC), and is based on a privacy protocol known as Mimblewimble. As reported in late 2019, Dragonfly Research analyst, Ivan Bogatyy, believes that the Mimblewimble protocol should not be considered a “viable alternative to Zcash or Monero when it comes to privacy” due to an unfixable privacy breach.
In March, Litecoin (LTC) and Grin (GRIN) developer, David Burkett, predicted that Litecoin will launch its Mimblewimble testnet before the end of summer.
Zcash Fully Shielded Transactions Jump 70% To New Record In April
The Zcash network has recorded a 70% jump in fully shielded transactions, marking a new record for April of over 8,700. This compounds gains of 100% made in March.
The number of fully shielded transactions recorded on the Zcash (ZEC) network leaped up almost 70% in April to hit a new record of over 8,700.
According to a May 1 tweet from the ZcashCommunity account, this represented 6% of the total transactions, which was also a record proportion historically.
April’s gains followed an equally impressive March, which itself saw a 100% increase in transactions over February. In total, the jump from February’s 2,430 fully private transactions to the 8,721 in April represents an increase of over 250%.
In contrast, it took three years for fully shielded transactions to break through the 2,000 per-month level, which only happened in November last year.
15% of Zcash Transactions Had Some Element Of Shielding
While 6% of the total transactions may not seem like an awful lot, this only includes those which were fully shielded. When considering all transactions with some shielded component, this goes up to 23,676, or 15% of the total.
Zcash supports two types of address: z-addr, which are shielded, and t-addr, which are transparent. Transactions between t-addr types are fully transparent, and can be viewed on the blockchain in the same way as Bitcoin (BTC) transactions.
Transactions between two z-addresses are fully shielded, and transactions between the two address types can be either shielding (t to z) or deshielding (z to t). It is worth noting that all of these three transaction types with a shielded component add to the privacy of the network.
Why Such A Big Increase Now?
Cointelegraph reached out to Zcash developer Electric Coin Company to see if it had any insight into the latest jump in figures, but had not received a response at press time.
However, it has recently become a lot easier for Zcash users to use shielded transactions. In early April, Guarda released its wallet app for Shielded ZEC. This now joins Zecwallet Lite, which was launched last November, and defaults to sending private transactions by shielding any transparent ZEC sent to it.
Zcash was also added as a perpetual contract option on Binance’s futures platform in February. This coincides with the point at which shielded transaction numbers started to go up dramatically.
Litecoin Mimblewimble Integration Sees Test Build And Codebase Progress
Litecoin and Grin++ developer, David Burkett, has posted an April progress update on Litecoin’s Mimblewimble integration, claiming that a testing framework has been built and codebase integration has started.
The lead developer on the Litecoin Mimblewimble (MW) project, David Burkett, has now built a functional testing framework and started to integrate the development work done so far into the Litecoin codebase.
According to a May 1 report on the Litecointalk forums, the project to implement the MW privacy enhancements into Litecoin has reached an important milestone with the build of a test-bed. Burkett claims that he has also run some end-to-end validation tests through the framework.
“I’ve built out a functional testing framework that builds valid headers, blocks, and transactions. I’ve now got some (mostly) complete end-to-end block validation tests,” he said.
As Cointelegraph reported in March, Burkett predicted that MW would be running on the Litecoin testnet by the end of the summer. This is a significant step towards that goal.
Burkett has also begun to integrate his work with the Litecoin codebase, initially focusing on the ConnectBlock logic. This part of the code validates blocks before adding them to the chain.
While Burkett was still unsure as to which specific area to tackle next, he did state that his high-level plan involved continued codebase integration and “lots more testing.”
Burkett also gave an update on his other project, Grin++, which has just achieved release candidate v1.0.0 status, marking its “first non-beta version.” Grin++ featured the first implementation of the Mimblewimble privacy protocol, back in January 2019.
Mimblewimble was first revealed in 2016 when its white paper — authored by an individual acting under the pen name Tom Elvis Jedusor — appeared on a Bitcoin research channel.
The protocol aims to improve blockchain privacy, scalability, and fungibility by combining transactions in a CoinJoin. As a result, blocks on the network comprise a list of all input, output, and signature data, which obscure transaction data for any third party monitoring the network.
Taproot doesn’t appear to be very contentious, though developers are still discussing implementation details.
18 Months In, Few People Use, Mine or Buy Privacy Coin Grin
Despite launching with considerable fanfare in early 2019, grin, the first cryptocurrency to test privacy protocol MimbleWimble, is showing no signs of life.
At its launch, professional investors poured funding — by some estimates, $100 million — into mining the cryptocurrency, with some even calling it a sort of “Bitcoin 2.0”.
Privacy without sacrificing scalability is the primary advantage of MimbleWimble, according to grin developers. The first grin coins were also issued via a so-called “fair launch” whereby, similar to bitcoin, all coins are minted by miners instead of being generated prior to the network going live.
“Grin was probably the most crowded venture capital trade of 2019,” said Ryan Gentry, lead analyst at Multicoin Capital.
On-chain data suggests once-eager investors soured on the young cryptocurrency. Grin’s hash power, a measure of computing resources devoted to securing the network, and mining difficulty, which gauges the amount of power required to mine, started to collapse in August 2019. After nine consecutive months of decline, the trend shows no sign of reversing.
Grin’s planned hard forks, or systemwide upgrades, could also be responsible for its declining network activity. Every six months, the network executes these upgrades that change grin’s mining algorithm to deter expensive, specialized mining equipment from dominating its hash power.
After the first fork, grin’s hashrate and difficulty climbed, but the second fork coincided with the steepest hashrate decline in the network’s short history. Grin is preparing for yet another drop in hashrate after a third next fork scheduled for July.
Even grin’s transaction count, a metric that could be easily manipulated to mask the network’s declining use, has dropped roughly 20% year to date, according to Coin Metrics. This smaller drop follows a more than 70% decrease in daily transactions through February and March 2019.
Grin developers say the cryptocurrency isn’t designed to cater to short-term speculative investors.
“Cryptocurrency is mostly a speculation game,” said grin developer John Tromp. “Grin is hurt in the short term by being speculation-unfriendly.”
Adding to grin’s woes, San Francisco-based Dragonfly Capital published research six months ago describing an “attack” that could reveal the identities of 96% of active grin users.
To date, the grin team has not fixed the vulnerability.
Ivan Bogatyy, who wrote the report, said grin’s core developers are “among the strongest engineers in the space.” However, they “faced a very hard cold-start problem with incumbents” such as monero (XMR) and zcash (ZEC) due to grin’s lack of “a robust privacy mechanism” to challenge leading privacy cryptocurrencies.
According to the people behind grin, Bogatyy’s report contains “many logical leaps” and the anonymity exploit is a known and “well-documented” problem.
Traders Are Not Grinning
Traders also seemed to have lost interest in grin. Since last June, the privacy currency’s price — quoted in dollars and bitcoin — has only dropped.
When it first launched, for example, New York City-based crypto fund Iterative Capital briefly supported grin on its over-the-counter trading desk and considered mining. But it didn’t take long for the firm to lose interest.
“Buying demand was so low and the technology was in such an incipient form that we quickly stopped bothering,” said Iterative Capital’s founder and managing partner Chris Dannen.
Grin launched during an “altcoin bear market,” said grin developer David Burkett. That the price has “so far only moved downward” is a “very similar movement to many coins launched at the same time.”
Every new cryptocurrency struggles to gain adoption early on. But for the privacy currency that promised to be the next big thing, replacing speculators with real users has proven to be an uphill battle.
Developers of Ethereum Privacy Tool Tornado Cash Smash Their Keys
Ethereum’s premier coin mixing service is now permissionless.
Tornado Cash, a privacy tool for obfuscating the history of ether (ETH) transactions, completed a cryptographic process known as a trusted setup ceremony on May 10 followed by a contract update on Monday to create perpetually self-executing code.
“With a record 1,114 contributions this was by far the largest Trusted Setup Ceremony to date,” Tornado Cash wrote in a May 13 blog post. “By comparison, all other trusted setup ceremonies had less than 200 participants.”
The ceremony, relying on a cryptographic method known as multi-party computation (MPC), makes Tornado Cash “completely trustless and unstoppable,” co-founder Roman Storm said in an interview with CoinDesk.
Tornado Cash v1 first launched in August 2019 but remained an audited “experimental software” because the developers retained control over user funds through a multi-sig wallet.
With v2, all that is gone. The MPC and Monday’s contract update effectively break up the developer key by creating a crowdsourced smart contract without a private key.
Techwise, Tornado Cash leans on zero-knowledge proofs (ZKP), or mathematical evidence that a transaction occurred without revealing the information within the payment itself.
Tornado Cash joins two other ZKP-based Ethereum systems, Aztec and EY’s Nightfall. As reported by CoinDesk, privacy protocol Aztec launched a network on Ethereum for digital assets, beginning with dai, while EY also released a business-focused privacy solution for Ethereum transactions in October 2018.
Tornado Cash is more readily compared to existing coin mixers on Bitcoin because of its retail focus. CoinJoin developers Samourai and Wasabi have brought mixing to retail bitcoin investors, with Samourai available on Google Play as of February (a feature coming in Tornado Cash’s v3, Storm said).
Of course, there are other cryptocurrencies that only focus on privacy solutions, led by zcash (ZEC) and monero (XMR). The Electric Coin Company (ECC), a for-profit firm behind zcash’s development, is currently working on a bridge between itself and the Ethereum blockchain for enabling private transactions.
Just How Private?
For Tornado Cash, two questions remain: How many people will use it and how will regulators view it?
To the first, Samourai adoption after its mobile launch gives a positive signal. Bitcoin podcaster Matt Odell told CoinDesk the number of mixings on Samourai doubled month-over-month following the addition of mobile support.
That said, bitcoin (BTC) is often presented as a self-sovereign money alternative while ether’s prevailing use case has fluctuated.
Defining what ether is matters, particularly for Tornado Cash. The efficacy of a privacy protocol – from Zcash to Wasabi – is dependent on the number of users, called the anonymity set. Think of a ballpark crowd: If the stands are full of fans, it’s hard to pick out a singular person in the upper deck. Conversely, an empty stadium only helps frame the lone fanatic.
Maddie Kennedy, spokesperson for blockchain analytics firm Chainalysis, said Tornado Cash may not be the solution privacy-focused users may think it is. “While mixers, CoinJoins and solutions like Tornado Cash can make tracing funds more difficult, Chainalysis can often still follow funds through them,” Kennedy told CoinDesk in an email.
That sentiment was echoed by former bitcoin core contributor Gavin Andresen in a November blog post on Tornado Cash, highlighting additional measures such as IP-address masking that most users don’t consider.
“I won’t be surprised if there is a paper at the Financial Cryptography 2023 conference showing that 85% of tornado usage was not private; not because the cryptography is broken, but because it is really hard for mere mortals to use something like tornado (or CoinJoin or other similar technologies) in a way that doesn’t leak information about their wallet,” Andresen wrote.
There’s also compliance concerns, with the verdict still out on whether mixers are money transmitters or not.
In an email, the Financial Crimes Enforcement Network (FinCEN) told CoinDesk that mixers such as Tornado Cash could fall under the definition of a money transmitter, and therefore have “obligations” set by the Bank Secrecy Act (BSA).
For his part, Tornado Cash’s Storm said that now that the trusted setup has occurred, little can be pinned on the developers: self-executing code is self-executing code.
That doesn’t mean Storm and co-founder Roman Semenov are wanting to venture beyond the wake. In fact, Tornado Cash included a compliance feature with v2 to counter some regulatory concerns. The new version will include a cryptographic “note” which can prove to anyone presented the transaction’s history. The feature was added in light of reports of crypto exchanges freezing accounts of users who possessed coins with mixed histories.
Storm also pointed to the ECC’s and Zcash Foundation’s friendly relationship with U.S. regulators despite the cryptocurrency’s focus on privacy.
“We are in a little bit of a different situation [than other mixer wallets]. I think for us it’s very important to become compliant,” Storm said. “We do what we feel is right.”
Researchers Claim 99.9% of Zcash Transactions Are Traceable
A study into the traceability of top privacy coins reveals over 99% of Zcash users fail to utilize the protocol’s privacy features.
Researchers from Carnegie Mellon University have released a study into the privacy features of Monero (XMR) and Zcash (ZEC) — arguably the two most-popular crypto assets purporting to offer users anonymity.
The report finds that Monero’s introduction of strict security and anonymity requirements on its broader ecosystem has maintained the asset’s status as “effectively untraceable.”
Transversely, the report concludes that the lack of utilization of Zcash’s privacy capabilities on the part of more than 99% of users undermines the privacy of the overall network despite ZEC offering “strong cryptographic features.”
Zcash User Behavior Undermines Privacy
The report describes Zcash as a Bitcoin (BTC) fork that seeks “to completely break the link between the sender and the receiver.”
The researchers assert that “Zcash is not widely used” currently, citing a May 2020 survey of darknet markets indicating that “it [, Zcash,] is by far not the preferred cryptocurrency on the dark web.”
Through employing zero-knowledge succinct non-interactive arguments of knowledge, or SNARKs, ZEC is able to prevent any interaction between transaction prover and verifier — creating “a barrier that further impedes efforts to link addresses together.”
However, Zcash offers both anonymous shielded and pseudonymous transparent transactions, with the researchers finding that only 0.09% of ZEC transactions within a 30-day period made full use of the protocol’s privacy features.
“[E]ven though cryptographically Zcash is very well-founded, the users behave in a way that does not take full advantage of the shielded pool, making them traceable. As each user in the shielded pool becomes linked to the transparent pool, the overall anonymity of the ZEC ecosystem reduces as the anonymity set shrinks drastically.”
“[I]t seems that the large majority of Zcash users do not yet understand Zcash’s operating model,” the study finds, concluding that the “minuscule” set of ZEC users utilizing shielded transactions renders Zcash “effectively traceable.”
30% of XMR Transactions Found To Be Traceable
The report notes that an increasing number of altcoins have sought to brand themselves as privacy coins, claiming to offer completely private transactions in contrast to the pseudonymous transactions enabled by nearly all crypto assets.
The researchers observe several features of Monero designed to provide untraceability and unlinkability.
One-time use addresses are employed for every transaction output to prevent linkability, while traceability is addressed with one-time ring signatures — a form of zero-knowledge proof, alongside decoy inputs called mixins.
The paper also examines a number of further upgrades introduced to the protocol from 2017 onwards, finding that less than one percent of transactions carried out using XMR over the last two years were traceable according to most methods of analysis employed.
However, one model was still able to reveal transaction inputs with an accuracy of 30%.
Japanese Firm Unveils New Privacy Feature For Bitcoin Wallets
Japanese crypto firm Freessets has announced a new technology to enhance Bitcoin wallet (BTC) privacy.
According to a June 8 announcement, Freessets has created a system that allows wallets to request their addresses’ Bitcoin balances without revealing it to the servers from which they request the balances or transaction history.
The statement said that conventional Bitcoin wallets explicitly ask servers for the balance of their addresses, which links the balance, transactions and addresses. However, “using the technology Fressets has developed, it is mathematically proven that the servers cannot learn anything from the user’s query.”
The Significance Of The Development
Adam Ficsor, chief technical officer at privacy-enhancing Bitcoin wallet Wasabi told Cointelegraph that he is enthusiastic about the development. His firm’s wallet has a similar feature, but he believes Freessets’ implementation requires less bandwidth and is more suitable for mobile devices.
“Any improvement on making privacy more efficient is significant and needed,” he said, but he said he also has a few reservations. Ficsor expects that the firm’s approach will also mean losing transaction history when recovering preexisting wallets and he said that he is not comfortable with Freessets’ decision to develop its technologies in a proprietary fashion.
Human Rights Foundation Funds Bitcoin Privacy Tools Despite ‘Coin Mixing’ Legal Stigma
On one hand, the bitcoin industry has matured to include traditional brokerages and institutional traders. On the other, bitcoin privacy tech is still shrouded in a legal gray zone.
The Human Rights Foundation (HRF) took a strong stance on bitcoin privacy tech Wednesday by announcing its new Bitcoin Developer Fund. The first $50,000 grant from the fund has been awarded to freelance CoinSwap developer Chris Belcher.
CoinSwap, a mixing technique originally invented in 2013 by Greg Maxwell, is part of a comprehensive suite of privacy tools being developed by bitcoin advocates.
“The fund’s next gift, already earmarked for another developer working on strengthening Bitcoin pseudonymity at the network level, will be announced later this summer,” Alex Gladstein, the HRF’s chief strategy officer, said in an email.
HRF will also crowdsource fundraising for such privacy tech, he added, using both dollars and bitcoin, while making it “possible for activists to more safely receive donations, earn income and continue their important work under increased financial pressure.”
Belcher said he hopes to have a primitive testnet available near the end of the year.
“It will be a bit like Lightning, where there’s never a single day when it’s finished, but it slowly gets more and better features and bug fixes until one day you realize it’s everywhere,” Belcher said of CoinSwap, which he plans to keep as an open source hobby project and not a revenue-producing company.
Theoretically, any wallet provider could use the open source code to add the feature to their mobile app or desktop app. Privacy-focused wallets could even use CoinSwap features as another layer to current CoinJoin offerings.
“The bitcoin ecosystem could end up in a bad situation where it’s impossible to accept bitcoin as payment without consulting some centralized blacklist … so I talk a lot about privacy but fungibility is important too,” Belcher said. “Centralization also makes the privacy of the software worse, so I’m less interested in going in that direction … it’s all about tradeoffs.”
Adam Fiscor, co-founder of zkSNACKs, said the next Wasabi Research Club will examine CoinSwaps, though he said it would be premature to comment on it further.
Both CoinSwaps and CoinJoins are a type of non-custodial mixing, which could theoretically be layered as two privacy tools used in the same transaction. CoinSwaps are comparable to atomic swaps, while CoinJoin options typically pool disparate funds together as part of the transaction.
However, some compliance officers at leading analytics companies and crypto exchanges treat mixed bitcoin as inherently suspicious, which influences how legal authorities view the technology as well. It remains to be seen if CoinSwap features will suffer from the same stigmas as the incumbent method, CoinJoin.
The technologists working with bitcoin privacy tech walk a delicate line, and tend to pay their lawyers accordingly.
Attorney Preston Bryne said he would not advise clients to use CoinJoin transactions, which he said is sometimes wrongly associated with money laundering. Many exchanges and wallet companies choose to be safe rather than sorry when it comes to legal battles.
Yet, lawyer Rafael Yakobi said there’s nothing inherently wrong with using this privacy feature, it’s all about how you report it. In the case of wallet providers, this may be possible in non-custodial scenarios where the intermediating startup never controls the assets.
“I’m quite confident that CoinJoin has not yet been mentioned in any piece of legislation. It’s not even mentioned by name in FinCEN’s guidance,” Yakobi said. “The more appropriate question is whether flagging CoinJoin transactions is implicitly required by the relevant regulations. I’m not sure about Europe, but in the U.S. it’s not an objective yes or no answer. Each business is required to formulate best practices designed to comply with the law.”
Over in Europe, it appears the law enforcement agency Europol is wary of the privacy-oriented Wasabi Wallet, because the analytics firm Chainalysis estimated $15 million worth of illicit transactions used the bitcoin wallet’s CoinJoin feature.
Critics like Reckless VR founder Udi Wertheimer and Jon Matonis of Cypherpunk Holdings, the latter of which invested in both the privacy-oriented Samourai Wallet and Wasabi-maker zkSNACKs, say blockchain analytics firms are overestimating the amount of illicit transactions when they flag mixed bitcoin.
“Exchanges, banks and regulators are being sold a false narrative if they believe that this [analytics] technology provides reliable, or more importantly, actionable results,” Matonis said. “It is purely a dangerous game of probabilities and false positives, disingenuously overstated to peddle more forensic services.”
HRF’s Gladstein recently took Elliptic, another blockchain analytics firm, to task for its “surveillance” work. “The tools you’re building regardless of your intentions will be used for policing bitcoin,” Gladstein said during a panel with Elliptic’s Tom Robinson at an event this month. “At the end of the day what you’re doing is warrantless surveillance against people in other countries.”
For his part, Matonis’s investment thesis revolves around the belief the legal community will adopt compliance norms that don’t restrict or criminalize privacy-tech like mixers.
“The concern around mixing technology, or coin hygiene, stems from the flawed thinking that cryptocurrency transactions are identical to bank transfers using fiat currency,” Matonis said. “This is a grand societal battle that must be won by privacy advocates, not because it is a cute feature or a principled position, but because it is an existential economic necessity. A peer-to-peer value transfer system fails without underlying coin privacy at its core, because the entire system would lack fungibility if all coins were not treated equally the way paper cash is today.”
This is why some bitcoiners continue to work on privacy tech, regardless of exchange policies and other hurdles.
Meanwhile, CoinJoin usage continues to increase, with roughly 13,500 new Wasabi Wallet downloads this year.
So far in June, more than 10,000 fresh bitcoin were used in Wasabi CoinJoin transactions for the first time, the highest record since the all-time peak in August 2019 according to the Wasabi team.
Overall, usage has more than tripled since May 2019, when roughly 9,764 total bitcoin were used in Wasabi’s CoinJoin transactions, compared to 35,697 total bitcoin used in May 2020, they said.
And that’s not even to mention the few thousand bitcoin sent using other CoinJoin tools since the coronavirus began, including Samourai Wallet and JoinMarket. Generally speaking, usage appears to be up across the sector.
Matonis said as long as companies and public individuals focus on non-custodial, open source software, he believes privacy-tech projects will actually bear less compliance costs over time as the tools become normalized. For example, mixing protocols could become a “standard default feature” in bitcoin wallets.
“Both the bitcoin industry and law enforcement need to resist falling for the myth of blockchain forensics as perpetrated by the blockchain surveillance firms,” Matonis said of companies that routinely flag mixed coins as suspicious.
“Law enforcement methods will undoubtedly have to evolve beyond simply using money as an identity tracking device or simply relying on metadata through non-targeted driftnet surveillance,” he added. “This means employing real and sometimes cumbersome police work that doesn’t violate the rights of any individuals.”
Metamask Enhances User Privacy With New Wallet Update
Major Ether wallet service and browser extension, Metamask, introduces newly released version featuring enhanced privacy control.
Metamask, a popular Ether (ETH) wallet and browser extension, has just released a new major application upgrade.
Announcing the news on July 2, Metamask outlined that the new update, Metamask Version 8, offers a number of new features like enhanced privacy control and a new account-login system.
Bitcoin Will Never Be Truly Private Says Andreas Antonopoulos
Andreas Antonopoulos says Bitcoin will probably never have privacy features like those in Monero.
Bitcoin educator Andreas Antonopoulos says he would like to see more privacy features on Bitcoin, but they’re unlikely to happen anytime soon.
In a livestream Q&A on Antonopoulos’ YouTube channel on July 7, he said Bitcoin (BTC) was unlikely to ever implement privacy features similar to those used by Monero (XMR).
Antonopoulos said creating such features on a cryptocurrency like BTC “would create an enormous amount of controversy.” In addition, he said the structure of Bitcoin simply doesn’t allow ring signatures and stealth addresses.
“I think what we’re going to see soon is Schnorr, Taproot, and Tapscript, which open the door to a lot of improvements,” Antonopoulos said, “But they still do not involve zero-knowledge proofs or the types of ring signatures and stealth addresses that are done in Monero. Bitcoin is not a privacy coin.”
Bitcoin Privacy Features Effective?
The features to which Antonopoulos is referring — Schnorr, Taproot, and Tapscript (a scripting update to Taproot) — have been cited by others in the crypto community as having the potential to make Bitcoin more private.
The director of research at blockchain firm Blockstream Andrew Poelstra has referred to Taproot as a system which could possibly render any transaction mostly indistinguishable from one another on the BTC blockchain. However, he noted that “transaction amounts and the transaction graph are still exposed, which are much harder problems to address.”
Multisignature schemes (MuSigs) from Schnorr are another possibility. Poelstra said using this method doesn’t reveal the original set of signers, or even provide the number of signers for MuSig transactions.
Bitcoin can be better thought of as pseudonymous rather than fully anonymous, as many transactions on the BTC blockchain can still be traced even with these privacy improvements.
CoinSwap And The Ongoing Effort To Make Bitcoin Privacy ‘Invisible’
A developer known for working on enhancing Bitcoin privacy has set his sights on a new project he hopes will “massively improve” how we keep our transactions private.
Chris Belcher, who also created the technical privacy market JoinMarket, is currently working on putting to the test CoinSwap, an idea first proposed by legendary Bitcoin developer Greg Maxwell in 2013. Belcher has been focusing on CoinSwap rather than JoinMarket because he thinks it will give users better privacy, he told CoinDesk.
Belcher recently received not just one, but two grants for his efforts, showing just how excited Bitcoiners are about the potential of the project.
Though the Bitcoin network arose from a privacy-minded movement, its privacy is actually pretty thin. Just take a look at any block explorer for a glimpse of how easy it is to pull up any transaction that’s ever happened in Bitcoin’s history – as well as the transaction’s associated history.
“Right now, Bitcoin privacy is not very good at all. Anyone in the world can analyze the blockchain and then can find all sorts of information about users – their balance, their history, who they transact with and in what amounts, when – everything they spend,” Belcher told CoinDesk in an interview.
Belcher argues that this is, in some ways, worse than the financial privacy we have in legacy systems today. “The banking system, they know your transactions, but the general public doesn’t. With Bitcoin it is the general public — it is everyone that can see exactly what the user does,” Belcher added.
He added it’s important to most people that this type of information isn’t exposed to the whole world.
“Financial privacy is good for human dignity, [for example], if you don’t want your neighbors to see what charities you donate to or that type of thing, or if you’re paid in bitcoin you don’t want your employers to know what charities you donate to or what other activities you’re involved in,” Belcher added.
Coinjoins: Today’s Bitcoin Privacy
“CoinJoins” (distinctive from “CoinSwaps,” which Belcher is putting to the test) are the privacy transactions that are most popular on Bitcoin today. CoinJoins give users good privacy and are becoming more popular. Thus far, they have been adopted in the Wasabi wallet, Samourai Wallet and JoinMarket.
A CoinJoin takes all inputs from several transactions by different users and mixes them into one big, collaborative transaction. This one big transaction then sends the bitcoins mixed from different addresses out to different addresses. Because no one can tell where the spent bitcoins originally came from, the scent of the trail is obfuscated and the participants in the CoinJoin gain better privacy.
But it’s not perfect. There are still ways for people analyzing the Bitcoin blockchain (namely blockchain analysis companies) to detect when and where bitcoins are being mixed.
For one thing, the transaction sizes of mixed coins are much bigger than normal transactions because they contain so many different inputs.
Also telling is the fact they have outputs that are all the same size. “Equal output CoinJoins are very obvious. If someone sees them on the blockchain they can see that this kind of privacy protocol is happening,” Belcher said.
Why are outputs the same size? If Bob sends 0.8 BTC into the CoinJoin transaction and Alice sends 0.187 BTC and Mary sends 1.2222 BTC, and the resulting outputs are exactly 0.8 BTC, 0.187 BTC and 1.2222 BTC respectively, that coincidence is pretty obvious to anyone who is looking.
In order to preserve privacy, a CoinJoin transaction usually splits the amount of bitcoin dispensed into even pieces, say 0.1 bitcoin. So, if Alice put in 0.3 bitcoin, she will receive three 0.1 pieces sent to three separate addresses that she controls.
Most transactions don’t have a bunch of equal outputs like this. That’s why CoinJoins are easy to detect.
Indeed, there have been a few instances of cryptocurrency exchanges banning users who have evidently sent their bitcoin through such privacy services.
“They’ll be suspicious. If there’s someone analyzing the blockchain, they’ll see this is a CoinJoin, so they know this person did that. And if they see another transaction, [by comparison] they can see that it’s not a CoinJoin,” Belcher said.
CoinSwap: An Invisibility Cloak For Transactions
“CoinJoin” and “CoinSwap” have similar names and they both help to preserve privacy, so it’s easy to confuse them. But they’re different, and Belcher argues CoinSwaps “fixes many of the problems of some kinds of CoinJoins” and “is the next step for on-chain bitcoin privacy.”
CoinSwaps can be made to look invisible, Belcher said. If done correctly, a CoinSwap transaction can look just like a vanilla bitcoin transaction.
In a CoinSwap, it looks like two separate people are sending completely separate transactions. But under the hood, something else completely is happening.
Two parties, say Alice and Bob, execute such a swap. In short, Alice sends some bitcoin to a CoinSwap address. Bob sends the same amount of bitcoin to a separate CoinSwap address.
If both send the right amount of money over, the coins are “swapped.” The coins Alice sent to the CoinSwap address are sent to a new address owned by Bob, and the coins Bob sent to his own CoinSwap address are sent to a new address owned by Alice.
Under the hood, the CoinSwap address, which is responsible for this swapping, is much fancier than a normal bitcoin transaction. It’s a multi-signature transaction, meaning it requires more than one person to sign off on it in order to send the transaction.
Usually, these types of transactions stand out on the blockchain since they look different from normal bitcoin transactions. But by including ECDSA-2P cryptography, these multi-signature transactions can be made to look just like normal bitcoin transactions. This is very much Belcher’s plan.
With ECDSA-2P in place, “Alice sends a CoinSwap to Bob and it just looks like just a normal transaction. But actually the coins have ended up somewhere else completely,” Belcher said.
This component is important. If all of these transactions look the same, people who aren’t even using CoinSwaps are getting more privacy too. There’s no way to tell if any transaction is a CoinSwap transaction or a normal one, turning bitcoin chain analysis on its head.
Similar technology will expand to the Lightning Network as well, so blockchain watchers can’t tell if any single transaction is a CoinSwap, a Lightning Network transaction or just a normal bitcoin transaction.
“CoinSwap could be said to allow bitcoins to teleport undetectably to anywhere else on the blockchain,” as a description of the technology on the Bitcoin Wiki puts it. For a deeper explanation, check out this post from JoinMarket developer Adam Gibson.
That’s not to say that CoinSwap is perfect, though. The problem with CoinSwap is that it is a much more complicated process to implement than CoinJoin.
‘As Decentralized As Possible’
In his mountain of a post, Belcher describes how to turn the idea of CoinSwap into reality.
A key reason CoinSwaps haven’t taken off since Maxwell described them seven years ago is that they’re not as straightforward as CoinJoins. So, Belcher has his work cut out for him in implementing the complexity for the first time.
His first step was just thinking about the best way to do it, outlining a number of different design considerations in the article making up his plan of attack. For one, he plans to use the Rust programming language, since it’s potentially more secure than other languages.
“I want to make it as decentralized as possible, so there’s no central point of failure that can be switched off or censored,” Belcher said. To meet this goal, he wants the “whole thing” to run over the privacy network Tor, which helps to shield IP addresses, which are kind of like a mailing address for a computer exposing where it is located.
“I think that’s quite necessary for privacy,” he said.
Belcher outlines this and various other considerations in his proposal, such as routing and using PayJoin, yet another bitcoin privacy technology, alongside it. Now that his ideas are out in the public, people can comment and make suggestions.
The next step is actually implementing it. Belcher told CoinDesk he hopes to release a minimum viable product in the next six months.
Six Months Later, Bitcoin Community Finally Debates How To Activate Taproot
The Taproot conversation is continuing with the Bitcoin community having to decide how to begin the months-long activation process.
The Taproot upgrade represents one of the most significant developments for Bitcoin’s mainchain in recent months. Despite seeing very little controversy, the community is still debating on the proper procedure on how to implement it more than six months after the BIPs were published.
The issues stem from the necessity of conducting a soft fork that would be accepted by all relevant stakeholders. According to a Reddit thread pinned in the r/Bitcoin community, “the biggest problem with activating Taproot is PTSD from the previous softfork, SegWit.”
History of SegWit
SegWit consensus in 2017 followed the BIP9 soft-fork procedure, which required 95% of all miners to signal that they upgraded to the new software and were ready to complete the fork. A time-out period existed that automatically rejected a proposal after consensus hadn’t been reached by a certain date.
The very high degree of required agreement meant that a single relatively large miner could stall the upgrade and “hold it hostage.” Allegedly, miner opposition to SegWit was due to “covert AsicBoost,” a mining enhancement technique that the upgrade would have made unusable. However, SegWit was ultimately the culmination of a community debate on block size spanning years, which was mostly resolved with the Bitcoin Cash fork.
To avoid similar controversy, two different techniques for Taproot are being proposed.
Taproot Activation Still Far Away
An alternative to BIP-9 is to codify that the upgrade will be activated after the timeout, instead of being rejected. Since this would effectively lock in the decision to fork before its activation, it is seen as a less ideal measure.
Instead, a “Modern Softfork Activation” procedure proposes a hybrid system where the upgrade would get rejected after failing to reach consensus in a year. After another six months of discussion, the community could decide to begin a two year-long procedure which would activate the upgrade at expiry. The maximum length for this procedure would be 42 months, or three years and a half.
As of right now, the timer is not yet ticking. More than six months have passed since Taproot’s initial formalization as a Bitcoin Improvement Proposal in January. Several code improvements have been pushed to it since, though they do not constitute major changes.
Taproot improves certain aspects of Bitcoin privacy related to complex spending conditions. It allows hiding the conditions that were not triggered, and can make multisig transactions look indistinguishable from single wallet transfers.
The upgrade was previously hyped up, which fueled some misconceptions on its upcoming features. Some believed that it would make the CoinJoin privacy protocol impossible to distinguish from normal transactions, though as Cointelegraph previously reported, CoinJoin is not affected at all in the final version of Taproot.
But despite the relatively uncontroversial and limited set of features, Taproot may take months — if not years — to be activated.
Secret Contracts May Soon Bring Privacy Features To Public Blockchains
Programmable privacy is about to become a reality.
Open-source Blockchain protocol Secret Network announced its intention to add privacy-based secret contracts to its mainnet. The upgrade will take place on September 15 once the proposal is passed by the community.
According to the foundation’s announcement, developers will have the opportunity to build and deploy so-called “secret” smart contracts that use encrypted inputs, outputs, and states.
Secret contracts could enable many different blockchains to utilize private data in decentralized apps without compromising their user’s personal security.
The Foundation Explained:
“Secret contracts allow for programmable privacy, allowing for arbitrarily complex data privacy controls to be implemented inside applications. The flexible encryption capabilities and controls offered by programmable privacy unlock the potential value of the decentralized web.”
Secret Network is focusing on onboarding new secret contract developers, secret node operators, and community members to help to increase the mass adoption of secret contracts among public blockchains.
The foundation will also launch secret tokens, which are privacy-based assets that are programmable like ERC20s, but private like zCash. Secret Network noted that it expects this will strengthen the mass adoption of DeFi as well.
Litecoin Relaunches Mimblewimble Testnet As Europol Targets Privacy Protocols
Litecoin’s privacy feature testnet returns as news emerges that Europe sees privacy and coin mixing technologies as major digital threats.
Litecoin (LTC) has relaunched its MimbleWimble testnet — a protocol designed to enhance privacy and obfuscate the traceability of distributed ledger transactions.
MimbleWimble is a modified implementation of the proof-of-work algorithm underpinning Bitcoin (BTC) in which blocks appear as a single large transaction, preventing the individual inputs and outputs relating to the transactions from being identified.
David Burkett, the lead developer of the MimbleWimble protocol for Litecoin, will now focus making it easier for “non-technical Litecoin users” to begin testing to functionality, in addition to ironing out aspects of the code that are “fragile.”
Burkett is targeting full activation of the protocol sometime next year, noting in a Telegram channel that it will be down to Litecoin’s miners and node operators to decide “when or even if they want to activate.”
LTC’s MimbleWimble testnet was previously launched on September 30, but was postponed due to low community participation.
Litecoin’s MimbleWimble progress comes as regulators increasingly look to crack down on privacy-enhancing crypto asset technologies, with Europol calling out privacy coins and naming decentralized marketplaces, cryptocurrency mixers, and anonymizing wallets among the top online organized crime threats.
In its ‘Internet Organised Crime Threat Assessment’ for 2020, Europol asserts that “privacy-enhanced wallet services using coinjoin [..] have emerged as a top threat,” citing Wasabi and Samurai’s respective wallets as examples. Wallets that use Coinjoin mix the coins of multiple users engaging in separate transactions, effectively providing a decentralized mixing service.
Europol asserts that the operators of darknet marketplaces are increasingly moving to integrate coinjoin wallets onto their platforms.
Europol also notes that while Bitcoin is still the dominant currency across darknet marketplaces, Monero (XMR) is emerging as the most popular privacy coin, followed by Zcash (ZEC), and Dash (DASH). The report identified Litecoin and Ethereum (ETH) as the two most popular altcoins on darknet marketplaces.
The Implementation Of The Schnorr/Taproot Consensus Rules Has Been Merged Into Bitcoin Core
However, the upgrade’s activation method has yet to be determined.
This upgrade has been highly anticipated due to its potential to increase Bitcoin’s smart contract capabilities while simultaneously benefiting its transactional privacy. This is the first major protocol update since Segwit.
Bitcoin’s Next Upgrade Will Support Tor V3 Addresses
The next version of Bitcoin Core will support the latest type of Tor addresses, before they are fully rolled out.
- The next version of Bitcoin Core will support Tor Network’s V3 addresses.
- Tor V3 addresses offer stronger cryptography and enhanced security.
- The old V2 addresses will become obsolete on October 15, 2021.
The next version of Bitcoin Core will support Tor Network’s latest V3 addresses—that will fully become the new standard next year—according to Pieter Wuille, a co-founder and former engineer at Blockstream.
Bitcoin Improvement Proposal (BIP) 155, which contains details of the Tor support, has been merged into the current Bitcoin reference implementation. It will be pushed into Bitcoin Core version 0.21.
The Tor Network is based on open-source software and enables anonymous communication over the Internet. In July, its developers announced that the network’s V2 addresses—that have been in use over a decade already—will be “retired” on October 15, 2021. They will be substituted with the new V3 addresses that have been in development since 2015.
“As humankind’s understanding of math and cryptography evolved, the foundation of version 2 became fragile and at this point in time, unsafe,” said the announcement, adding that “[In 2015], a large scale development effort spanning over 3 years resulted in version 3.”
Bitcoin’s Taproot Is Ready To Go, But It’s Unlikely To Be Included In The Next Release
Developers don’t want to move too fast.
The Bitcoin Improvement Proposals 340 through 342 were merged into the Bitcoin codebase on Thursday, signaling that the anticipated Taproot upgrade is ready.
Taproot and the associated technology of Schnorr signatures are considered to be the most important upgrade for Bitcoin in the past year. It is primarily a privacy improvement for complex spending conditions on Bitcoin like multisig transactions, time locks and other conditions based on Bitcoin Script.
As Cointelegraph reported previously, Taproot hides every additional spending condition beyond the one that was activated. For example, a transaction might be executed immediately if all four multisig signers agree, or it could require a certain amount of time to pass before funds are unlocke if only three out of four signers are present.
Normally, an outsider is able to identify every possible condition, but with Taproot they will see only the one that was eve triggered.
Furthermore, thanks to Schnorr signatures, a pure multisig transaction can be made indistinguishable from normal transfers. It is worth addressing that Taproot makes no changes to mixing protocols like CoinJoin, which will remain easily distinguishable.
While the initial code for Taproot was submitted for review in January, some complications primarily related to Schnorr signatures required an extensive amount of refinement.
The proposals have now been fully reviewed by Bitcoin core developers and are ready to be included in a client release. Pieter Wuille, the lead developer for Taproot, told Cointelegraph that “it’s all done, except activation.”
Cointelegraph previously reported that consensus for activation may require some time to be reached. The process could potentially last for years, though Taproot is generally considered much less controversial than previous upgrades like SegWit.
The process starts as soon as the activation code is included in Bitcoin Core, allowing miners to signal approval for its inclusion. But Taproot seems to have come slightly at the wrong time for immediate activation.
Jonas Nick, researcher at Blockstream and Bitcoin core developer, told Cointelegraph that “Taproot is not ready for activation yet.”
He explained that activation logic is generally not included in a major release, referring to the upcoming 0.21 version. The codebase reached “feature freeze” on Thursday, with the base Taproot code making it just in time. Nevertheless, nly bug fixes will be added from now on. Explaining why developers are cautious, Nick said:
“Major releases can contain changes to dependencies and interfaces (e.g. RPC). Users should be able to run softfork activation logic without the additional work required to be compatible with a new major version.”
The logic to activate Taproot on mainnet is likely to be included in a future minor version, but in the meantime, Nick said that “Taproot could be activated on something like signet or testnet if someone produced the code for that,” as the raw implementation is already present.
Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,