Ultimate Resource For Crypto-Currency’s Privacy And Scalability Upgrades (#GotBitcoin?)
Bitcoin’s consensus layer has remained unchanged for over two years now. Since Segregated Witness (SegWit), which activated in August 2017, no hard fork or soft fork protocol upgrades have been deployed at all*, marking Bitcoin’s longest stretch without consensus forks so far. Ultimate Resource For Crypto-Currency’s Privacy And Scalability Upgrades (#GotBitcoin?)
But this stretch may soon come to an end: several backward-compatible soft forks are currently in development. Optimistically, some of them may go live in 2020 — if they gather sufficient support from the Bitcoin ecosystem.
These could be Bitcoin’s protocol upgrades in the new year … or perhaps in the new decennium.
Schnorr signatures are considered by many cryptographers to be the best type of cryptographic signatures in the field. They offer a strong level of correctness, do not suffer from malleability, are relatively fast to verify and, perhaps most interestingly, allow for math to be performed with them. To name one concrete benefit for Bitcoin: Several signatures can be aggregated into a single signature, which could, for example, economically incentivize privacy-enhancing CoinJoin transactions.
Adding Schnorr signatures to the Bitcoin protocol has been a work in progress for some time now. But over the past year, developers working on a Schnorr signatures proposal, like Blockstream developers Pieter Wuille and Jonas Nick and Xapo’s Anthony Towns, revealed even more ambitious plans. Schnorr signatures will be proposed as part of a bigger soft fork protocol upgrade called Taproot, a proposal by Bitcoin Core contributor Gregory Maxwell, which was itself inspired by an older proposal called MAST (Merkelized Abstract Syntax Tree).
(Fractions of) bitcoin can be locked up in such a way that they can be spent under several different conditions, for example requiring timelocks, secret numbers of several participants to agree to unlock the coins. With MAST, all the different conditions are hashed and included in a Merkle Tree: a compact cryptographic data structure. The coins would then essentially be locked up in the final hash of this Merkle Tree, the Merkle Root. To spend the coins, you only need to reveal the condition you end up using. The alternative ways in which the coins could have been unlocked remain hidden forever.
Taproot, then, is based on an interesting realization: No matter how complex, almost any MAST-construction could (or should) include a condition that allows all participants to agree on the outcome and sign off on a settlement transaction together. This “cooperative close” would override all other conditions.
Taproot leverages this realization and utilizes Schnorr signatures to make the cooperative close look like a regular transaction. Simplified, the cooperative close would be done with an aggregated signature, which looks just like a regular signature. In doing so, the MAST-construction remains completely hidden to the outside world! This benefits privacy and efficiency.
Taproot may also come with an updated version of Bitcoin’s programming language, Script, called Tapscript. This would also make it easier to add new features (“OP codes”) to Bitcoin’s programming language later on.
Bitcoin’s Taproot Upgrade Won’t Help Privacy Where It Matters
The activation of Bitcoin’s (BTC) Taproot upgrade is moving forward as official Bitcoin Improvement Proposals (BIP) were submitted for review on Jan. 24. Even though Taproot is often hyped up for its privacy improvements, its true impact is likely to be very minor.
What Is Taproot?
Taproot is the name given to a proposal coined by former Blockstream CTO Gregory Maxwell in January 2018. The actual implementation was later developed by a team of Bitcoin contributors led by Pieter Wuille. Taproot is a proposal that enhances Bitcoin’s scripts, a set of instructions attached to each transaction that explains how the funds can be used.
In its simplest form, a Bitcoin transaction is secured by the recipient’s public key, which guarantees that only he can spend them. Scripts can support more complicated features, like timelocks and multi-signature requirements. The former can restrict money to only be spent after a certain point in time. The latter makes it possible to create wallets with multiple owners.
The conditions can be added together, so that there would be multiple options on how to spend the money. For example, the script might say that the funds can be moved immediately if three people agree, or after five days if only two of them do.
In Bitcoin’s current implementation, the full scope of the smart contract needs to be revealed when its beneficiary wants to use the money. That means that if only one of the conditions was triggered, everyone would know that there were others.
Taproot removes the need to publish the entire script, and only shows the condition that was triggered. In addition, multi-signature contracts where all parties agreed on a transaction can avoid revealing the fact that there was a script at all. To an external observer it would look like an individual wallet-to-wallet transaction, assuming the parties involved are in full cooperation.
This is made possible by a different feature called Schnorr signatures, which is encoded in BIP 340. Schnorr is considered a more secure and efficient version of elliptic curve cryptography, which is what underpins the system driving private and public keys.
The proposal is currently under evaluation, but there are no estimates available for its activation.
Limited Benefits To Privacy
Bitcoin is a fully public ledger, which allows specialized tools to track the flow of BTC from one wallet to the next. Thus, a protocol named CoinJoin (CJ) was developed to help break the chain of transactions and provide anonymity.
As it uses a peculiar transaction scheme, it is easy to prove that a certain wallet mixed Bitcoin through CoinJoin. This has recently started to create problems for users.
As previously reported by Cointelegraph in December, a Binance user was put under investigation for his history of mixing the coins he withdrew from the exchange. A similar case involving Paxos was recently reported by a Twitter user.
Taproot is often mistakenly believed to make CoinJoin transactions harder to see, or even make them indistinguishable from normal payments. In a conversation with Cointelegraph, Pieter Wuille revealed that this is not the case:
“Indeed, it [Taproot] hides scripts and makes multisig (often) indistinguishable. It does not directly do anything for CoinJoin.”
Wuille then added that Taproot is “certainly no silver bullet” for privacy.
The confusion may have arisen due to an initially planned feature called cross-input aggregation. It was later removed from the Taproot proposal due to potential issues from its implementation. Furthermore, Wuille clarified that it would not directly improve privacy:
“Cross-input aggregation won’t hide CJ or anything else. It’s not a privacy improvement, only an efficiency one (which may indirectly encourage CJ by making it cheaper, but even then, it won’t reduce the ability to recognize such transactions as CJ).”
Thus, Taproot only improves privacy in limited aspects and under specific conditions. For a person using Bitcoin to buy drugs from a darknet market, there is no benefit.
Privacy On Ethereum: Aztec Protocol Launches On Mainnet
The Aztec privacy network has officially launched on the Ethereum blockchain on Feb. 1. Using Zcash-based technology, it introduces confidential tokens where all amounts are cryptographically hidden.
The network is currently in limited deployment as it only supports zkDai, a private version of Maker’s stablecoin. Other zero knowledge tokens are set to be released in the coming weeks, while full access to custom token creation will be granted in two months, the company says.
The Aztec protocol, just like Zcash (ZEC), uses Zk-SNARKs to validate encrypted transactions. When generating a transfer, a proof of correctness is generated as the amount gets encrypted.
The system hinges on Aztec’s Cryptography Engine smart contract, which can be used to validate the transactions. The contract is based on a system of “notes,” which are generally used in a Bitcoin-like structure of inputs and outputs. Unlike Zcash, however, Aztec currently does not hide the money’s sender and recipient.
Like Zcash, Aztec needed to conduct a trusted setup ceremony. This is a key requirement for all zk-SNARK implementations, as it generates a set of common parameters to ensure efficient computation.
Future Developments Would Make Smart Contracts Private
Aztec’s goal is to deliver its “Triptych of privacy,” which would completely hide a particular portion of the Ethereum blockchain. The next step is to hide senders and recipients, while the final achievement is making smart contracts completely private.
Aztec’s CEO Thomas Walton-Pocock revealed to Cointelegraph that this may occur as early as this year:
“Our priority is to deploy PLONK to ACE in 2020. PLONK is the superfast Universal SNARK developed by AZTEC CTO Zac Williamson and AZTEC Chief Scientist Ariel Gabizon, which will eventually allow private smart contracts to execute with just one trusted setup.”
Authorities Arrest Ohio Man For Laundering $300M In Crypto On The Dark Web (A Good Case For Built-in Bitcoin Privacy)
Authorities recently took an Ohio local into custody recently for accusations of running an unlawful money laundering outfit on the Dark Web.
The alleged operator of an illegal business called Helix, Larry Harmon faces accusations of money laundering and running a money transference venture without proper licensing, the Department of Justice, or DoJ, detailed on Feb. 13.
Harmon Ran Helix For Years
The 36-year old Ohio native reportedly started up Helix in 2014, taking the endeavor all the way to crypto’s hay day in 2017.
The DoJ explained:
“Helix functioned as a bitcoin ‘mixer’ or ‘tumbler,’ allowing customers, for a fee, to send bitcoin to designated recipients in a manner that was designed to conceal the source or owner of the bitcoin.”
Per the allegations, Harmon attracted users by touting the ability to hide fund transfers from the government’s watchful eye. As part of his dealings, Harmon also operated a Dark Web search tool called Grams.
The Ohio Man Was In Deep
Harmon’s supposed endeavors naturally tied him to other Dark Web illegalities. “Helix allegedly laundered hundreds of millions of dollars of illicit narcotics proceeds and other criminal profits for Darknet users around the globe,” Assistant Attorney General for the DoJ’s Criminal Division Brian Benczkowski said in the statement.
IRS Criminal Investigation Head Don Fort Added:
“The sole purpose of Harmon’s operation was to conceal criminal transactions from law enforcement on the Darknet, and because of our growing expertise in this area, he could not make good on that promise. Working in tandem with other sites, he sought to be the ‘go-to’ money launderer on the Darknet, but our investigators once again played the role of criminal disrupters, unraveling the interlinked web from one tentacle to another.”
Charges include that Harmon’s Helix outfit transferred more than 350,000 Bitcoin — worth upward of $300 million at the time. The illegal entity also powered money laundering activities for users of AlphaBay, a highly trafficked Dark Web vendor, the DoJ detailed.
The DoJ pointed out, however, that the charges provided are still considered alleged activities until definitive guilt is proven.
Privacy Altcoin Beam To Execute Second Hard Fork In June 2020
After successfully completing its first hard fork in August 2019, privacy coin Beam plans to execute its second hard fork in June 2020.
Privacy-focused altcoin, Beam (BEAM), will soon execute its second hard fork. This fork will upgrade its Proof-of-Work (PoW) algorithm and activate new network features.
According to an April 22 blog post, Beam’s second fork will occur at block 777,777, shifting the network’s PoW algorithm from BeamHash II to BeamHash III.
The new PoW algorithm is expected to be a major improvement to the Beam mining network, and will enable fuller GPU card capabilities. Additionally, the firm said that the hard fork is designed to unlock some new features like confidential assets, one-sided payments, and the support of privacy protocol, Lelantus Mimblewimble.
Users Need To Upgrade Beam Software Before The Fork In Late June
Beam’s second hard fork is expected to take place on June 28, 2020. The testnet fork is anticipated to happen a few weeks earlier, Beam advisor, Guy Corem, noted in the Beam Telegram channel. Corem elaborated that the testnet fork date depends on block times.
According to the announcement, the hard fork will not require any other actions beyond a software upgrade from Beam users. As such, Beam is planning to release the node and desktop wallet binaries by the end of May, providing users with about 30 days to upgrade to the latest version. Compatible releases of node, wallet, and miner will be versioned Eager Electron 5.0, Beam noted.
Specifically, Beam wallets earlier than version 5.0 will stop working after the hard fork is completed. However, users will still be able to upgrade the wallets to the new version to access their funds, Corem said.
Beam’s First Hard Fork Took Place In August 2019
As officially announced, Beam successfully completed its first hard fork on August 19, 2019. This fork changed the mining algorithm from Beam Hash I to Beam Hash II at block 321,321. After the hard fork occurred, the Beam team reported a significant drop in mining difficulty. This was caused by some miners not performing a timely upgrade.
The Beam mainnet was launched on Bitcoin’s (BTC) tenth birthday, Jan. 3, 2019. Beam is a privacy-oriented cryptocurrency, like Monero (XMR) or Zcash (ZEC), and is based on a privacy protocol known as Mimblewimble. As reported in late 2019, Dragonfly Research analyst, Ivan Bogatyy, believes that the Mimblewimble protocol should not be considered a “viable alternative to Zcash or Monero when it comes to privacy” due to an unfixable privacy breach.
In March, Litecoin (LTC) and Grin (GRIN) developer, David Burkett, predicted that Litecoin will launch its Mimblewimble testnet before the end of summer.
Zcash Fully Shielded Transactions Jump 70% To New Record In April
The Zcash network has recorded a 70% jump in fully shielded transactions, marking a new record for April of over 8,700. This compounds gains of 100% made in March.
The number of fully shielded transactions recorded on the Zcash (ZEC) network leaped up almost 70% in April to hit a new record of over 8,700.
According to a May 1 tweet from the ZcashCommunity account, this represented 6% of the total transactions, which was also a record proportion historically.
April’s gains followed an equally impressive March, which itself saw a 100% increase in transactions over February. In total, the jump from February’s 2,430 fully private transactions to the 8,721 in April represents an increase of over 250%.
In contrast, it took three years for fully shielded transactions to break through the 2,000 per-month level, which only happened in November last year.
15% of Zcash Transactions Had Some Element Of Shielding
While 6% of the total transactions may not seem like an awful lot, this only includes those which were fully shielded. When considering all transactions with some shielded component, this goes up to 23,676, or 15% of the total.
Zcash supports two types of address: z-addr, which are shielded, and t-addr, which are transparent. Transactions between t-addr types are fully transparent, and can be viewed on the blockchain in the same way as Bitcoin (BTC) transactions.
Transactions between two z-addresses are fully shielded, and transactions between the two address types can be either shielding (t to z) or deshielding (z to t). It is worth noting that all of these three transaction types with a shielded component add to the privacy of the network.
Why Such A Big Increase Now?
Cointelegraph reached out to Zcash developer Electric Coin Company to see if it had any insight into the latest jump in figures, but had not received a response at press time.
However, it has recently become a lot easier for Zcash users to use shielded transactions. In early April, Guarda released its wallet app for Shielded ZEC. This now joins Zecwallet Lite, which was launched last November, and defaults to sending private transactions by shielding any transparent ZEC sent to it.
Zcash was also added as a perpetual contract option on Binance’s futures platform in February. This coincides with the point at which shielded transaction numbers started to go up dramatically.
Litecoin Mimblewimble Integration Sees Test Build And Codebase Progress
Litecoin and Grin++ developer, David Burkett, has posted an April progress update on Litecoin’s Mimblewimble integration, claiming that a testing framework has been built and codebase integration has started.
The lead developer on the Litecoin Mimblewimble (MW) project, David Burkett, has now built a functional testing framework and started to integrate the development work done so far into the Litecoin codebase.
According to a May 1 report on the Litecointalk forums, the project to implement the MW privacy enhancements into Litecoin has reached an important milestone with the build of a test-bed. Burkett claims that he has also run some end-to-end validation tests through the framework.
“I’ve built out a functional testing framework that builds valid headers, blocks, and transactions. I’ve now got some (mostly) complete end-to-end block validation tests,” he said.
As Cointelegraph reported in March, Burkett predicted that MW would be running on the Litecoin testnet by the end of the summer. This is a significant step towards that goal.
Burkett has also begun to integrate his work with the Litecoin codebase, initially focusing on the ConnectBlock logic. This part of the code validates blocks before adding them to the chain.
While Burkett was still unsure as to which specific area to tackle next, he did state that his high-level plan involved continued codebase integration and “lots more testing.”
Burkett also gave an update on his other project, Grin++, which has just achieved release candidate v1.0.0 status, marking its “first non-beta version.” Grin++ featured the first implementation of the Mimblewimble privacy protocol, back in January 2019.
Mimblewimble was first revealed in 2016 when its white paper — authored by an individual acting under the pen name Tom Elvis Jedusor — appeared on a Bitcoin research channel.
The protocol aims to improve blockchain privacy, scalability, and fungibility by combining transactions in a CoinJoin. As a result, blocks on the network comprise a list of all input, output, and signature data, which obscure transaction data for any third party monitoring the network.
Taproot doesn’t appear to be very contentious, though developers are still discussing implementation details.
18 Months In, Few People Use, Mine or Buy Privacy Coin Grin
Despite launching with considerable fanfare in early 2019, grin, the first cryptocurrency to test privacy protocol MimbleWimble, is showing no signs of life.
At its launch, professional investors poured funding — by some estimates, $100 million — into mining the cryptocurrency, with some even calling it a sort of “Bitcoin 2.0”.
Privacy without sacrificing scalability is the primary advantage of MimbleWimble, according to grin developers. The first grin coins were also issued via a so-called “fair launch” whereby, similar to bitcoin, all coins are minted by miners instead of being generated prior to the network going live.
“Grin was probably the most crowded venture capital trade of 2019,” said Ryan Gentry, lead analyst at Multicoin Capital.
On-chain data suggests once-eager investors soured on the young cryptocurrency. Grin’s hash power, a measure of computing resources devoted to securing the network, and mining difficulty, which gauges the amount of power required to mine, started to collapse in August 2019. After nine consecutive months of decline, the trend shows no sign of reversing.
Grin’s planned hard forks, or systemwide upgrades, could also be responsible for its declining network activity. Every six months, the network executes these upgrades that change grin’s mining algorithm to deter expensive, specialized mining equipment from dominating its hash power.
After the first fork, grin’s hashrate and difficulty climbed, but the second fork coincided with the steepest hashrate decline in the network’s short history. Grin is preparing for yet another drop in hashrate after a third next fork scheduled for July.
Even grin’s transaction count, a metric that could be easily manipulated to mask the network’s declining use, has dropped roughly 20% year to date, according to Coin Metrics. This smaller drop follows a more than 70% decrease in daily transactions through February and March 2019.
Grin developers say the cryptocurrency isn’t designed to cater to short-term speculative investors.
“Cryptocurrency is mostly a speculation game,” said grin developer John Tromp. “Grin is hurt in the short term by being speculation-unfriendly.”
Adding to grin’s woes, San Francisco-based Dragonfly Capital published research six months ago describing an “attack” that could reveal the identities of 96% of active grin users.
To date, the grin team has not fixed the vulnerability.
Ivan Bogatyy, who wrote the report, said grin’s core developers are “among the strongest engineers in the space.” However, they “faced a very hard cold-start problem with incumbents” such as monero (XMR) and zcash (ZEC) due to grin’s lack of “a robust privacy mechanism” to challenge leading privacy cryptocurrencies.
According to the people behind grin, Bogatyy’s report contains “many logical leaps” and the anonymity exploit is a known and “well-documented” problem.
Traders Are Not Grinning
Traders also seemed to have lost interest in grin. Since last June, the privacy currency’s price — quoted in dollars and bitcoin — has only dropped.
When it first launched, for example, New York City-based crypto fund Iterative Capital briefly supported grin on its over-the-counter trading desk and considered mining. But it didn’t take long for the firm to lose interest.
“Buying demand was so low and the technology was in such an incipient form that we quickly stopped bothering,” said Iterative Capital’s founder and managing partner Chris Dannen.
Grin launched during an “altcoin bear market,” said grin developer David Burkett. That the price has “so far only moved downward” is a “very similar movement to many coins launched at the same time.”
Every new cryptocurrency struggles to gain adoption early on. But for the privacy currency that promised to be the next big thing, replacing speculators with real users has proven to be an uphill battle.
Developers of Ethereum Privacy Tool Tornado Cash Smash Their Keys
Ethereum’s premier coin mixing service is now permissionless.
Tornado Cash, a privacy tool for obfuscating the history of ether (ETH) transactions, completed a cryptographic process known as a trusted setup ceremony on May 10 followed by a contract update on Monday to create perpetually self-executing code.
“With a record 1,114 contributions this was by far the largest Trusted Setup Ceremony to date,” Tornado Cash wrote in a May 13 blog post. “By comparison, all other trusted setup ceremonies had less than 200 participants.”
The ceremony, relying on a cryptographic method known as multi-party computation (MPC), makes Tornado Cash “completely trustless and unstoppable,” co-founder Roman Storm said in an interview with CoinDesk.
Tornado Cash v1 first launched in August 2019 but remained an audited “experimental software” because the developers retained control over user funds through a multi-sig wallet.
With v2, all that is gone. The MPC and Monday’s contract update effectively break up the developer key by creating a crowdsourced smart contract without a private key.
Techwise, Tornado Cash leans on zero-knowledge proofs (ZKP), or mathematical evidence that a transaction occurred without revealing the information within the payment itself.
Tornado Cash joins two other ZKP-based Ethereum systems, Aztec and EY’s Nightfall. As reported by CoinDesk, privacy protocol Aztec launched a network on Ethereum for digital assets, beginning with dai, while EY also released a business-focused privacy solution for Ethereum transactions in October 2018.
Tornado Cash is more readily compared to existing coin mixers on Bitcoin because of its retail focus. CoinJoin developers Samourai and Wasabi have brought mixing to retail bitcoin investors, with Samourai available on Google Play as of February (a feature coming in Tornado Cash’s v3, Storm said).
Of course, there are other cryptocurrencies that only focus on privacy solutions, led by zcash (ZEC) and monero (XMR). The Electric Coin Company (ECC), a for-profit firm behind zcash’s development, is currently working on a bridge between itself and the Ethereum blockchain for enabling private transactions.
Just How Private?
For Tornado Cash, two questions remain: How many people will use it and how will regulators view it?
To the first, Samourai adoption after its mobile launch gives a positive signal. Bitcoin podcaster Matt Odell told CoinDesk the number of mixings on Samourai doubled month-over-month following the addition of mobile support.
That said, bitcoin (BTC) is often presented as a self-sovereign money alternative while ether’s prevailing use case has fluctuated.
Defining what ether is matters, particularly for Tornado Cash. The efficacy of a privacy protocol – from Zcash to Wasabi – is dependent on the number of users, called the anonymity set. Think of a ballpark crowd: If the stands are full of fans, it’s hard to pick out a singular person in the upper deck. Conversely, an empty stadium only helps frame the lone fanatic.
Maddie Kennedy, spokesperson for blockchain analytics firm Chainalysis, said Tornado Cash may not be the solution privacy-focused users may think it is. “While mixers, CoinJoins and solutions like Tornado Cash can make tracing funds more difficult, Chainalysis can often still follow funds through them,” Kennedy told CoinDesk in an email.
That sentiment was echoed by former bitcoin core contributor Gavin Andresen in a November blog post on Tornado Cash, highlighting additional measures such as IP-address masking that most users don’t consider.
“I won’t be surprised if there is a paper at the Financial Cryptography 2023 conference showing that 85% of tornado usage was not private; not because the cryptography is broken, but because it is really hard for mere mortals to use something like tornado (or CoinJoin or other similar technologies) in a way that doesn’t leak information about their wallet,” Andresen wrote.
There’s also compliance concerns, with the verdict still out on whether mixers are money transmitters or not.
In an email, the Financial Crimes Enforcement Network (FinCEN) told CoinDesk that mixers such as Tornado Cash could fall under the definition of a money transmitter, and therefore have “obligations” set by the Bank Secrecy Act (BSA).
For his part, Tornado Cash’s Storm said that now that the trusted setup has occurred, little can be pinned on the developers: self-executing code is self-executing code.
That doesn’t mean Storm and co-founder Roman Semenov are wanting to venture beyond the wake. In fact, Tornado Cash included a compliance feature with v2 to counter some regulatory concerns. The new version will include a cryptographic “note” which can prove to anyone presented the transaction’s history. The feature was added in light of reports of crypto exchanges freezing accounts of users who possessed coins with mixed histories.
Storm also pointed to the ECC’s and Zcash Foundation’s friendly relationship with U.S. regulators despite the cryptocurrency’s focus on privacy.
“We are in a little bit of a different situation [than other mixer wallets]. I think for us it’s very important to become compliant,” Storm said. “We do what we feel is right.”
Researchers Claim 99.9% of Zcash Transactions Are Traceable
A study into the traceability of top privacy coins reveals over 99% of Zcash users fail to utilize the protocol’s privacy features.
Researchers from Carnegie Mellon University have released a study into the privacy features of Monero (XMR) and Zcash (ZEC) — arguably the two most-popular crypto assets purporting to offer users anonymity.
The report finds that Monero’s introduction of strict security and anonymity requirements on its broader ecosystem has maintained the asset’s status as “effectively untraceable.”
Transversely, the report concludes that the lack of utilization of Zcash’s privacy capabilities on the part of more than 99% of users undermines the privacy of the overall network despite ZEC offering “strong cryptographic features.”
Zcash User Behavior Undermines Privacy
The report describes Zcash as a Bitcoin (BTC) fork that seeks “to completely break the link between the sender and the receiver.”
The researchers assert that “Zcash is not widely used” currently, citing a May 2020 survey of darknet markets indicating that “it [, Zcash,] is by far not the preferred cryptocurrency on the dark web.”
Through employing zero-knowledge succinct non-interactive arguments of knowledge, or SNARKs, ZEC is able to prevent any interaction between transaction prover and verifier — creating “a barrier that further impedes efforts to link addresses together.”
However, Zcash offers both anonymous shielded and pseudonymous transparent transactions, with the researchers finding that only 0.09% of ZEC transactions within a 30-day period made full use of the protocol’s privacy features.
“[E]ven though cryptographically Zcash is very well-founded, the users behave in a way that does not take full advantage of the shielded pool, making them traceable. As each user in the shielded pool becomes linked to the transparent pool, the overall anonymity of the ZEC ecosystem reduces as the anonymity set shrinks drastically.”
“[I]t seems that the large majority of Zcash users do not yet understand Zcash’s operating model,” the study finds, concluding that the “minuscule” set of ZEC users utilizing shielded transactions renders Zcash “effectively traceable.”
30% of XMR Transactions Found To Be Traceable
The report notes that an increasing number of altcoins have sought to brand themselves as privacy coins, claiming to offer completely private transactions in contrast to the pseudonymous transactions enabled by nearly all crypto assets.
The researchers observe several features of Monero designed to provide untraceability and unlinkability.
One-time use addresses are employed for every transaction output to prevent linkability, while traceability is addressed with one-time ring signatures — a form of zero-knowledge proof, alongside decoy inputs called mixins.
The paper also examines a number of further upgrades introduced to the protocol from 2017 onwards, finding that less than one percent of transactions carried out using XMR over the last two years were traceable according to most methods of analysis employed.
However, one model was still able to reveal transaction inputs with an accuracy of 30%.
Japanese Firm Unveils New Privacy Feature For Bitcoin Wallets
Japanese crypto firm Freessets has announced a new technology to enhance Bitcoin wallet (BTC) privacy.
According to a June 8 announcement, Freessets has created a system that allows wallets to request their addresses’ Bitcoin balances without revealing it to the servers from which they request the balances or transaction history.
The statement said that conventional Bitcoin wallets explicitly ask servers for the balance of their addresses, which links the balance, transactions and addresses. However, “using the technology Fressets has developed, it is mathematically proven that the servers cannot learn anything from the user’s query.”
The Significance Of The Development
Adam Ficsor, chief technical officer at privacy-enhancing Bitcoin wallet Wasabi told Cointelegraph that he is enthusiastic about the development. His firm’s wallet has a similar feature, but he believes Freessets’ implementation requires less bandwidth and is more suitable for mobile devices.
“Any improvement on making privacy more efficient is significant and needed,” he said, but he said he also has a few reservations. Ficsor expects that the firm’s approach will also mean losing transaction history when recovering preexisting wallets and he said that he is not comfortable with Freessets’ decision to develop its technologies in a proprietary fashion.
Human Rights Foundation Funds Bitcoin Privacy Tools Despite ‘Coin Mixing’ Legal Stigma
On one hand, the bitcoin industry has matured to include traditional brokerages and institutional traders. On the other, bitcoin privacy tech is still shrouded in a legal gray zone.
The Human Rights Foundation (HRF) took a strong stance on bitcoin privacy tech Wednesday by announcing its new Bitcoin Developer Fund. The first $50,000 grant from the fund has been awarded to freelance CoinSwap developer Chris Belcher.
CoinSwap, a mixing technique originally invented in 2013 by Greg Maxwell, is part of a comprehensive suite of privacy tools being developed by bitcoin advocates.
“The fund’s next gift, already earmarked for another developer working on strengthening Bitcoin pseudonymity at the network level, will be announced later this summer,” Alex Gladstein, the HRF’s chief strategy officer, said in an email.
HRF will also crowdsource fundraising for such privacy tech, he added, using both dollars and bitcoin, while making it “possible for activists to more safely receive donations, earn income and continue their important work under increased financial pressure.”
Belcher said he hopes to have a primitive testnet available near the end of the year.
“It will be a bit like Lightning, where there’s never a single day when it’s finished, but it slowly gets more and better features and bug fixes until one day you realize it’s everywhere,” Belcher said of CoinSwap, which he plans to keep as an open source hobby project and not a revenue-producing company.
Theoretically, any wallet provider could use the open source code to add the feature to their mobile app or desktop app. Privacy-focused wallets could even use CoinSwap features as another layer to current CoinJoin offerings.
“The bitcoin ecosystem could end up in a bad situation where it’s impossible to accept bitcoin as payment without consulting some centralized blacklist … so I talk a lot about privacy but fungibility is important too,” Belcher said. “Centralization also makes the privacy of the software worse, so I’m less interested in going in that direction … it’s all about tradeoffs.”
Adam Fiscor, co-founder of zkSNACKs, said the next Wasabi Research Club will examine CoinSwaps, though he said it would be premature to comment on it further.
Both CoinSwaps and CoinJoins are a type of non-custodial mixing, which could theoretically be layered as two privacy tools used in the same transaction. CoinSwaps are comparable to atomic swaps, while CoinJoin options typically pool disparate funds together as part of the transaction.
However, some compliance officers at leading analytics companies and crypto exchanges treat mixed bitcoin as inherently suspicious, which influences how legal authorities view the technology as well. It remains to be seen if CoinSwap features will suffer from the same stigmas as the incumbent method, CoinJoin.
The technologists working with bitcoin privacy tech walk a delicate line, and tend to pay their lawyers accordingly.
Attorney Preston Bryne said he would not advise clients to use CoinJoin transactions, which he said is sometimes wrongly associated with money laundering. Many exchanges and wallet companies choose to be safe rather than sorry when it comes to legal battles.
Yet, lawyer Rafael Yakobi said there’s nothing inherently wrong with using this privacy feature, it’s all about how you report it. In the case of wallet providers, this may be possible in non-custodial scenarios where the intermediating startup never controls the assets.
“I’m quite confident that CoinJoin has not yet been mentioned in any piece of legislation. It’s not even mentioned by name in FinCEN’s guidance,” Yakobi said. “The more appropriate question is whether flagging CoinJoin transactions is implicitly required by the relevant regulations. I’m not sure about Europe, but in the U.S. it’s not an objective yes or no answer. Each business is required to formulate best practices designed to comply with the law.”
Over in Europe, it appears the law enforcement agency Europol is wary of the privacy-oriented Wasabi Wallet, because the analytics firm Chainalysis estimated $15 million worth of illicit transactions used the bitcoin wallet’s CoinJoin feature.
Critics like Reckless VR founder Udi Wertheimer and Jon Matonis of Cypherpunk Holdings, the latter of which invested in both the privacy-oriented Samourai Wallet and Wasabi-maker zkSNACKs, say blockchain analytics firms are overestimating the amount of illicit transactions when they flag mixed bitcoin.
“Exchanges, banks and regulators are being sold a false narrative if they believe that this [analytics] technology provides reliable, or more importantly, actionable results,” Matonis said. “It is purely a dangerous game of probabilities and false positives, disingenuously overstated to peddle more forensic services.”
HRF’s Gladstein recently took Elliptic, another blockchain analytics firm, to task for its “surveillance” work. “The tools you’re building regardless of your intentions will be used for policing bitcoin,” Gladstein said during a panel with Elliptic’s Tom Robinson at an event this month. “At the end of the day what you’re doing is warrantless surveillance against people in other countries.”
For his part, Matonis’s investment thesis revolves around the belief the legal community will adopt compliance norms that don’t restrict or criminalize privacy-tech like mixers.
“The concern around mixing technology, or coin hygiene, stems from the flawed thinking that cryptocurrency transactions are identical to bank transfers using fiat currency,” Matonis said. “This is a grand societal battle that must be won by privacy advocates, not because it is a cute feature or a principled position, but because it is an existential economic necessity. A peer-to-peer value transfer system fails without underlying coin privacy at its core, because the entire system would lack fungibility if all coins were not treated equally the way paper cash is today.”
This is why some bitcoiners continue to work on privacy tech, regardless of exchange policies and other hurdles.
Meanwhile, CoinJoin usage continues to increase, with roughly 13,500 new Wasabi Wallet downloads this year.
So far in June, more than 10,000 fresh bitcoin were used in Wasabi CoinJoin transactions for the first time, the highest record since the all-time peak in August 2019 according to the Wasabi team.
Overall, usage has more than tripled since May 2019, when roughly 9,764 total bitcoin were used in Wasabi’s CoinJoin transactions, compared to 35,697 total bitcoin used in May 2020, they said.
And that’s not even to mention the few thousand bitcoin sent using other CoinJoin tools since the coronavirus began, including Samourai Wallet and JoinMarket. Generally speaking, usage appears to be up across the sector.
Matonis said as long as companies and public individuals focus on non-custodial, open source software, he believes privacy-tech projects will actually bear less compliance costs over time as the tools become normalized. For example, mixing protocols could become a “standard default feature” in bitcoin wallets.
“Both the bitcoin industry and law enforcement need to resist falling for the myth of blockchain forensics as perpetrated by the blockchain surveillance firms,” Matonis said of companies that routinely flag mixed coins as suspicious.
“Law enforcement methods will undoubtedly have to evolve beyond simply using money as an identity tracking device or simply relying on metadata through non-targeted driftnet surveillance,” he added. “This means employing real and sometimes cumbersome police work that doesn’t violate the rights of any individuals.”
Metamask Enhances User Privacy With New Wallet Update
Major Ether wallet service and browser extension, Metamask, introduces newly released version featuring enhanced privacy control.
Metamask, a popular Ether (ETH) wallet and browser extension, has just released a new major application upgrade.
Announcing the news on July 2, Metamask outlined that the new update, Metamask Version 8, offers a number of new features like enhanced privacy control and a new account-login system.
Bitcoin Will Never Be Truly Private Says Andreas Antonopoulos
Andreas Antonopoulos says Bitcoin will probably never have privacy features like those in Monero.
Bitcoin educator Andreas Antonopoulos says he would like to see more privacy features on Bitcoin, but they’re unlikely to happen anytime soon.
In a livestream Q&A on Antonopoulos’ YouTube channel on July 7, he said Bitcoin (BTC) was unlikely to ever implement privacy features similar to those used by Monero (XMR).
Antonopoulos said creating such features on a cryptocurrency like BTC “would create an enormous amount of controversy.” In addition, he said the structure of Bitcoin simply doesn’t allow ring signatures and stealth addresses.
“I think what we’re going to see soon is Schnorr, Taproot, and Tapscript, which open the door to a lot of improvements,” Antonopoulos said, “But they still do not involve zero-knowledge proofs or the types of ring signatures and stealth addresses that are done in Monero. Bitcoin is not a privacy coin.”
Bitcoin Privacy Features Effective?
The features to which Antonopoulos is referring — Schnorr, Taproot, and Tapscript (a scripting update to Taproot) — have been cited by others in the crypto community as having the potential to make Bitcoin more private.
The director of research at blockchain firm Blockstream Andrew Poelstra has referred to Taproot as a system which could possibly render any transaction mostly indistinguishable from one another on the BTC blockchain. However, he noted that “transaction amounts and the transaction graph are still exposed, which are much harder problems to address.”
Multisignature schemes (MuSigs) from Schnorr are another possibility. Poelstra said using this method doesn’t reveal the original set of signers, or even provide the number of signers for MuSig transactions.
Bitcoin can be better thought of as pseudonymous rather than fully anonymous, as many transactions on the BTC blockchain can still be traced even with these privacy improvements.
CoinSwap And The Ongoing Effort To Make Bitcoin Privacy ‘Invisible’
A developer known for working on enhancing Bitcoin privacy has set his sights on a new project he hopes will “massively improve” how we keep our transactions private.
Chris Belcher, who also created the technical privacy market JoinMarket, is currently working on putting to the test CoinSwap, an idea first proposed by legendary Bitcoin developer Greg Maxwell in 2013. Belcher has been focusing on CoinSwap rather than JoinMarket because he thinks it will give users better privacy, he told CoinDesk.
Belcher recently received not just one, but two grants for his efforts, showing just how excited Bitcoiners are about the potential of the project.
Though the Bitcoin network arose from a privacy-minded movement, its privacy is actually pretty thin. Just take a look at any block explorer for a glimpse of how easy it is to pull up any transaction that’s ever happened in Bitcoin’s history – as well as the transaction’s associated history.
“Right now, Bitcoin privacy is not very good at all. Anyone in the world can analyze the blockchain and then can find all sorts of information about users – their balance, their history, who they transact with and in what amounts, when – everything they spend,” Belcher told CoinDesk in an interview.
Belcher argues that this is, in some ways, worse than the financial privacy we have in legacy systems today. “The banking system, they know your transactions, but the general public doesn’t. With Bitcoin it is the general public — it is everyone that can see exactly what the user does,” Belcher added.
He added it’s important to most people that this type of information isn’t exposed to the whole world.
“Financial privacy is good for human dignity, [for example], if you don’t want your neighbors to see what charities you donate to or that type of thing, or if you’re paid in bitcoin you don’t want your employers to know what charities you donate to or what other activities you’re involved in,” Belcher added.
Coinjoins: Today’s Bitcoin Privacy
“CoinJoins” (distinctive from “CoinSwaps,” which Belcher is putting to the test) are the privacy transactions that are most popular on Bitcoin today. CoinJoins give users good privacy and are becoming more popular. Thus far, they have been adopted in the Wasabi wallet, Samourai Wallet and JoinMarket.
A CoinJoin takes all inputs from several transactions by different users and mixes them into one big, collaborative transaction. This one big transaction then sends the bitcoins mixed from different addresses out to different addresses. Because no one can tell where the spent bitcoins originally came from, the scent of the trail is obfuscated and the participants in the CoinJoin gain better privacy.
But it’s not perfect. There are still ways for people analyzing the Bitcoin blockchain (namely blockchain analysis companies) to detect when and where bitcoins are being mixed.
For one thing, the transaction sizes of mixed coins are much bigger than normal transactions because they contain so many different inputs.
Also telling is the fact they have outputs that are all the same size. “Equal output CoinJoins are very obvious. If someone sees them on the blockchain they can see that this kind of privacy protocol is happening,” Belcher said.
Why are outputs the same size? If Bob sends 0.8 BTC into the CoinJoin transaction and Alice sends 0.187 BTC and Mary sends 1.2222 BTC, and the resulting outputs are exactly 0.8 BTC, 0.187 BTC and 1.2222 BTC respectively, that coincidence is pretty obvious to anyone who is looking.
In order to preserve privacy, a CoinJoin transaction usually splits the amount of bitcoin dispensed into even pieces, say 0.1 bitcoin. So, if Alice put in 0.3 bitcoin, she will receive three 0.1 pieces sent to three separate addresses that she controls.
Most transactions don’t have a bunch of equal outputs like this. That’s why CoinJoins are easy to detect.
Indeed, there have been a few instances of cryptocurrency exchanges banning users who have evidently sent their bitcoin through such privacy services.
“They’ll be suspicious. If there’s someone analyzing the blockchain, they’ll see this is a CoinJoin, so they know this person did that. And if they see another transaction, [by comparison] they can see that it’s not a CoinJoin,” Belcher said.
CoinSwap: An Invisibility Cloak For Transactions
“CoinJoin” and “CoinSwap” have similar names and they both help to preserve privacy, so it’s easy to confuse them. But they’re different, and Belcher argues CoinSwaps “fixes many of the problems of some kinds of CoinJoins” and “is the next step for on-chain bitcoin privacy.”
CoinSwaps can be made to look invisible, Belcher said. If done correctly, a CoinSwap transaction can look just like a vanilla bitcoin transaction.
In a CoinSwap, it looks like two separate people are sending completely separate transactions. But under the hood, something else completely is happening.
Two parties, say Alice and Bob, execute such a swap. In short, Alice sends some bitcoin to a CoinSwap address. Bob sends the same amount of bitcoin to a separate CoinSwap address.
If both send the right amount of money over, the coins are “swapped.” The coins Alice sent to the CoinSwap address are sent to a new address owned by Bob, and the coins Bob sent to his own CoinSwap address are sent to a new address owned by Alice.
Under the hood, the CoinSwap address, which is responsible for this swapping, is much fancier than a normal bitcoin transaction. It’s a multi-signature transaction, meaning it requires more than one person to sign off on it in order to send the transaction.
Usually, these types of transactions stand out on the blockchain since they look different from normal bitcoin transactions. But by including ECDSA-2P cryptography, these multi-signature transactions can be made to look just like normal bitcoin transactions. This is very much Belcher’s plan.
With ECDSA-2P in place, “Alice sends a CoinSwap to Bob and it just looks like just a normal transaction. But actually the coins have ended up somewhere else completely,” Belcher said.
This component is important. If all of these transactions look the same, people who aren’t even using CoinSwaps are getting more privacy too. There’s no way to tell if any transaction is a CoinSwap transaction or a normal one, turning bitcoin chain analysis on its head.
Similar technology will expand to the Lightning Network as well, so blockchain watchers can’t tell if any single transaction is a CoinSwap, a Lightning Network transaction or just a normal bitcoin transaction.
“CoinSwap could be said to allow bitcoins to teleport undetectably to anywhere else on the blockchain,” as a description of the technology on the Bitcoin Wiki puts it. For a deeper explanation, check out this post from JoinMarket developer Adam Gibson.
That’s not to say that CoinSwap is perfect, though. The problem with CoinSwap is that it is a much more complicated process to implement than CoinJoin.
‘As Decentralized As Possible’
In his mountain of a post, Belcher describes how to turn the idea of CoinSwap into reality.
A key reason CoinSwaps haven’t taken off since Maxwell described them seven years ago is that they’re not as straightforward as CoinJoins. So, Belcher has his work cut out for him in implementing the complexity for the first time.
His first step was just thinking about the best way to do it, outlining a number of different design considerations in the article making up his plan of attack. For one, he plans to use the Rust programming language, since it’s potentially more secure than other languages.
“I want to make it as decentralized as possible, so there’s no central point of failure that can be switched off or censored,” Belcher said. To meet this goal, he wants the “whole thing” to run over the privacy network Tor, which helps to shield IP addresses, which are kind of like a mailing address for a computer exposing where it is located.
“I think that’s quite necessary for privacy,” he said.
Belcher outlines this and various other considerations in his proposal, such as routing and using PayJoin, yet another bitcoin privacy technology, alongside it. Now that his ideas are out in the public, people can comment and make suggestions.
The next step is actually implementing it. Belcher told CoinDesk he hopes to release a minimum viable product in the next six months.
Six Months Later, Bitcoin Community Finally Debates How To Activate Taproot
The Taproot conversation is continuing with the Bitcoin community having to decide how to begin the months-long activation process.
The Taproot upgrade represents one of the most significant developments for Bitcoin’s mainchain in recent months. Despite seeing very little controversy, the community is still debating on the proper procedure on how to implement it more than six months after the BIPs were published.
The issues stem from the necessity of conducting a soft fork that would be accepted by all relevant stakeholders. According to a Reddit thread pinned in the r/Bitcoin community, “the biggest problem with activating Taproot is PTSD from the previous softfork, SegWit.”
History of SegWit
SegWit consensus in 2017 followed the BIP9 soft-fork procedure, which required 95% of all miners to signal that they upgraded to the new software and were ready to complete the fork. A time-out period existed that automatically rejected a proposal after consensus hadn’t been reached by a certain date.
The very high degree of required agreement meant that a single relatively large miner could stall the upgrade and “hold it hostage.” Allegedly, miner opposition to SegWit was due to “covert AsicBoost,” a mining enhancement technique that the upgrade would have made unusable. However, SegWit was ultimately the culmination of a community debate on block size spanning years, which was mostly resolved with the Bitcoin Cash fork.
To avoid similar controversy, two different techniques for Taproot are being proposed.
Taproot Activation Still Far Away
An alternative to BIP-9 is to codify that the upgrade will be activated after the timeout, instead of being rejected. Since this would effectively lock in the decision to fork before its activation, it is seen as a less ideal measure.
Instead, a “Modern Softfork Activation” procedure proposes a hybrid system where the upgrade would get rejected after failing to reach consensus in a year. After another six months of discussion, the community could decide to begin a two year-long procedure which would activate the upgrade at expiry. The maximum length for this procedure would be 42 months, or three years and a half.
As of right now, the timer is not yet ticking. More than six months have passed since Taproot’s initial formalization as a Bitcoin Improvement Proposal in January. Several code improvements have been pushed to it since, though they do not constitute major changes.
Taproot improves certain aspects of Bitcoin privacy related to complex spending conditions. It allows hiding the conditions that were not triggered, and can make multisig transactions look indistinguishable from single wallet transfers.
The upgrade was previously hyped up, which fueled some misconceptions on its upcoming features. Some believed that it would make the CoinJoin privacy protocol impossible to distinguish from normal transactions, though as Cointelegraph previously reported, CoinJoin is not affected at all in the final version of Taproot.
But despite the relatively uncontroversial and limited set of features, Taproot may take months — if not years — to be activated.
Secret Contracts May Soon Bring Privacy Features To Public Blockchains
Programmable privacy is about to become a reality.
Open-source Blockchain protocol Secret Network announced its intention to add privacy-based secret contracts to its mainnet. The upgrade will take place on September 15 once the proposal is passed by the community.
According to the foundation’s announcement, developers will have the opportunity to build and deploy so-called “secret” smart contracts that use encrypted inputs, outputs, and states.
Secret contracts could enable many different blockchains to utilize private data in decentralized apps without compromising their user’s personal security.
The Foundation Explained:
“Secret contracts allow for programmable privacy, allowing for arbitrarily complex data privacy controls to be implemented inside applications. The flexible encryption capabilities and controls offered by programmable privacy unlock the potential value of the decentralized web.”
Secret Network is focusing on onboarding new secret contract developers, secret node operators, and community members to help to increase the mass adoption of secret contracts among public blockchains.
The foundation will also launch secret tokens, which are privacy-based assets that are programmable like ERC20s, but private like zCash. Secret Network noted that it expects this will strengthen the mass adoption of DeFi as well.
Litecoin Relaunches Mimblewimble Testnet As Europol Targets Privacy Protocols
Litecoin’s privacy feature testnet returns as news emerges that Europe sees privacy and coin mixing technologies as major digital threats.
Litecoin (LTC) has relaunched its MimbleWimble testnet — a protocol designed to enhance privacy and obfuscate the traceability of distributed ledger transactions.
MimbleWimble is a modified implementation of the proof-of-work algorithm underpinning Bitcoin (BTC) in which blocks appear as a single large transaction, preventing the individual inputs and outputs relating to the transactions from being identified.
David Burkett, the lead developer of the MimbleWimble protocol for Litecoin, will now focus making it easier for “non-technical Litecoin users” to begin testing to functionality, in addition to ironing out aspects of the code that are “fragile.”
Burkett is targeting full activation of the protocol sometime next year, noting in a Telegram channel that it will be down to Litecoin’s miners and node operators to decide “when or even if they want to activate.”
LTC’s MimbleWimble testnet was previously launched on September 30, but was postponed due to low community participation.
Litecoin’s MimbleWimble progress comes as regulators increasingly look to crack down on privacy-enhancing crypto asset technologies, with Europol calling out privacy coins and naming decentralized marketplaces, cryptocurrency mixers, and anonymizing wallets among the top online organized crime threats.
In its ‘Internet Organised Crime Threat Assessment’ for 2020, Europol asserts that “privacy-enhanced wallet services using coinjoin [..] have emerged as a top threat,” citing Wasabi and Samurai’s respective wallets as examples. Wallets that use Coinjoin mix the coins of multiple users engaging in separate transactions, effectively providing a decentralized mixing service.
Europol asserts that the operators of darknet marketplaces are increasingly moving to integrate coinjoin wallets onto their platforms.
Europol also notes that while Bitcoin is still the dominant currency across darknet marketplaces, Monero (XMR) is emerging as the most popular privacy coin, followed by Zcash (ZEC), and Dash (DASH). The report identified Litecoin and Ethereum (ETH) as the two most popular altcoins on darknet marketplaces.
The Implementation Of The Schnorr/Taproot Consensus Rules Has Been Merged Into Bitcoin Core
However, the upgrade’s activation method has yet to be determined.
This upgrade has been highly anticipated due to its potential to increase Bitcoin’s smart contract capabilities while simultaneously benefiting its transactional privacy. This is the first major protocol update since Segwit.
Bitcoin’s Next Upgrade Will Support Tor V3 Addresses
The next version of Bitcoin Core will support the latest type of Tor addresses, before they are fully rolled out.
- The next version of Bitcoin Core will support Tor Network’s V3 addresses.
- Tor V3 addresses offer stronger cryptography and enhanced security.
- The old V2 addresses will become obsolete on October 15, 2021.
The next version of Bitcoin Core will support Tor Network’s latest V3 addresses—that will fully become the new standard next year—according to Pieter Wuille, a co-founder and former engineer at Blockstream.
Bitcoin Improvement Proposal (BIP) 155, which contains details of the Tor support, has been merged into the current Bitcoin reference implementation. It will be pushed into Bitcoin Core version 0.21.
The Tor Network is based on open-source software and enables anonymous communication over the Internet. In July, its developers announced that the network’s V2 addresses—that have been in use over a decade already—will be “retired” on October 15, 2021. They will be substituted with the new V3 addresses that have been in development since 2015.
“As humankind’s understanding of math and cryptography evolved, the foundation of version 2 became fragile and at this point in time, unsafe,” said the announcement, adding that “[In 2015], a large scale development effort spanning over 3 years resulted in version 3.”
Bitcoin’s Taproot Is Ready To Go, But It’s Unlikely To Be Included In The Next Release
Developers don’t want to move too fast.
The Bitcoin Improvement Proposals 340 through 342 were merged into the Bitcoin codebase on Thursday, signaling that the anticipated Taproot upgrade is ready.
Taproot and the associated technology of Schnorr signatures are considered to be the most important upgrade for Bitcoin in the past year. It is primarily a privacy improvement for complex spending conditions on Bitcoin like multisig transactions, time locks and other conditions based on Bitcoin Script.
As Cointelegraph reported previously, Taproot hides every additional spending condition beyond the one that was activated. For example, a transaction might be executed immediately if all four multisig signers agree, or it could require a certain amount of time to pass before funds are unlocke if only three out of four signers are present.
Normally, an outsider is able to identify every possible condition, but with Taproot they will see only the one that was eve triggered.
Furthermore, thanks to Schnorr signatures, a pure multisig transaction can be made indistinguishable from normal transfers. It is worth addressing that Taproot makes no changes to mixing protocols like CoinJoin, which will remain easily distinguishable.
While the initial code for Taproot was submitted for review in January, some complications primarily related to Schnorr signatures required an extensive amount of refinement.
The proposals have now been fully reviewed by Bitcoin core developers and are ready to be included in a client release. Pieter Wuille, the lead developer for Taproot, told Cointelegraph that “it’s all done, except activation.”
Cointelegraph previously reported that consensus for activation may require some time to be reached. The process could potentially last for years, though Taproot is generally considered much less controversial than previous upgrades like SegWit.
The process starts as soon as the activation code is included in Bitcoin Core, allowing miners to signal approval for its inclusion. But Taproot seems to have come slightly at the wrong time for immediate activation.
Jonas Nick, researcher at Blockstream and Bitcoin core developer, told Cointelegraph that “Taproot is not ready for activation yet.”
He explained that activation logic is generally not included in a major release, referring to the upcoming 0.21 version. The codebase reached “feature freeze” on Thursday, with the base Taproot code making it just in time. Nevertheless, nly bug fixes will be added from now on. Explaining why developers are cautious, Nick said:
“Major releases can contain changes to dependencies and interfaces (e.g. RPC). Users should be able to run softfork activation logic without the additional work required to be compatible with a new major version.”
The logic to activate Taproot on mainnet is likely to be included in a future minor version, but in the meantime, Nick said that “Taproot could be activated on something like signet or testnet if someone produced the code for that,” as the raw implementation is already present.
Bitcoin Developers Still Divided On Specifics Of Taproot Activation
The code for Taproot, Bitcoin’s biggest upgrade in years, is finalized and has been packaged into a forthcoming update. Only, it’s not ready to be deployed yet because Bitcoin developers have differing opinions on the best route to activation.
Taproot will enhance Bitcoin’s smart contract capabilities by implementing a new digital signature scheme, Schnorr. Implementing the upgrade requires a “soft fork” of Bitcoin’s code, and there are a few competing proposals for how to activate it.
In a bid to expedite implementation discussions, Bitcoin Core contributor A.J. Towns recently surveyed 12 other developers who have been active in the implementation process to glean their thoughts on what activation should look like.
The results of the survey show that, while developers are generally aligned when it comes to the big picture of Taproot’s activation, they disagree on the details. As they debate the finer points, the developer’s conservative, careful deliberation may seem like nitpicking to outsiders.
But it shows that so-called “soft-fork” upgrades like Taproot are not entirely riskless events – and that the specter of the controversial Segwit soft fork has haunted discussions.
Taproot Activation Proposals, Explained
The Segwit transaction load increase was Bitcoin’s last soft fork, or an upgrade that is “backwards compatible,” meaning software running the old version of the code can still interact with the upgraded version.
Segwit’s activation was anything but smooth and relied on tweaks along the way after miners failed to adopt the upgrade in its first year. To keep the upgrade from failing, node operators – those Bitcoin users who run Bitcoin’s software and keep a copy of its ledger – adopted the upgrade and miners followed suit after these node users threatened to reject transactions from the miners.
In a perfect world, both node users and miners would upgrade simultaneously to ensure no conflict would “split” the chain – or result in two rival factions supporting two different versions of Bitcoin’s code.
Even though Taproot is a non-controversial upgrade, the memory of Segwit is making developers cautious when evaluating this latest upgrade.
Two of the leading implementation proposals for Taproot rely on a mix of miner signaling and user activation. BIP 8, introduced in 2017 by Bitcoin developers Luke Dashjr and Shoalinfry, would include a signaling period for miners; if enough miners don’t activate to reach consensus on the upgrade, then a “flag day” for activation would automatically upgrade Bitcoin nodes that have downloaded v0.21 of Bitcoin Core.
These nodes would reject blocks and transactions from miners who do not support Taproot, so in theory, this method would incentivize miners to adopt the new ruleset lest they lose out on profits.
In a second Taproot implementation proposal, Core developer Matt Corallo’s Modern Softfork Activation, fuses BIP 8 with BIP 9 (the latter being the proposal originally adopted to activate Segwit but which proved inadequate).
Corallo’s hybrid model first includes a one-year signaling period for miners. Second, if a super-majority of miners does not update during this timeframe, then the upgrade would be subject to a six-month review to make changes (if any) to the proposal.
The third and final step is a BIP 8-style activation period of two years, with a non-mandatory flag-day for node users to activate the update.
What Bitcoin Developers Think
For the first question in his survey, AJ Towns asks developers what percentage of miners need to signal an upgrade for it to be considered a safe majority. Eight believe that nothing less than 85%-95% would be sufficient. The thinking is that anything less threatens a network “split” where some miners run the older code and some the newer code, which would create two conflicting transaction histories.
Failing a miner-signalled activation, seven respondents think a flag day for node-enforced activation could come as soon as 12-18 months after activation begins. If too few miners adopt the upgrade, this would mean nodes could enforce the Taproot ruleset and only accept blocks from miners who also signaled for the upgrade.
“In a perfect world, both node users and miners would upgrade simultaneously to ensure no conflict would “split” the chain – or result in two rival factions supporting two different versions of Bitcoin’s code. “
Almost all of the developers surveyed want to wait to see if miners and users adopt the upgrade on their own before deciding on a hard date for flag day (if there’s enough early support, a flag day may not be necessary at all).
If activation doesn’t come to pass through voluntary activation, then a flag day activation is the last option on the table. Most respondents were in favor of a mandatory flag day to automatically signal the update. This would mean updated nodes would reject blocks from miners who haven’t signaled for the upgrade.
Disagreements On The Finer Details
So-called forced signaling through the flag day would have the benefit of making Taproot default on any Bitcoin Core node running v.21; in turn, these nodes would only accept block data from miners who have also signaled the update, so in theory this would encourage miners to upgrade lest they lose their business.
But What If The Miners Have Node Users Who Do Accept Their Blocks?
This is one caveat to forced signaling: If too many miners and node users don’t accept Taproot and refuse to update their software, then the network could split into two competing chains. If enough economic interest backs the “old” version of Bitcoin, then the result could be two competing assets.
This outcome is partly why some developers, like Matt Corallo, think that forced signaling is unnecessary.
Since Taproot has been largely uncontroversial, it would be a political risk to force signal the upgrade, he argues. He considers the activation method a relic of Segwit’s “user-activated soft fork,” a proposal to activate Segwit through similar means after miners failed to adopt the upgrade. Segwit was very controversial and political. Taproot is not, but Corallo believes enforced signalling threatens to make it that way.
In his post, Towns writes the mandatory signaling would be a way to definitively enforce Taproot’s network-wide activation after enough consensus has been established through discussion and miner support.
“If you want to maximize the number of nodes that will enforce the rules should a flag day occur, but also only choose the flag day after an initial activation attempt is already widely deployed, then you have no choice but to make signaling mandatory when the flag day occurs,” Towns writes.
What’s The Holdup?
Towns introduces an alternative activation proposal in the survey which features a four-year activation time frame. As ever in Bitcoin development discussion, this, too, received some pushback.
“Once the decision to activate has overwhelming support from developers and users, the longer the timeframe for activation (beyond that practically required for miners to safely upgrade) the more things that can go wrong,” former Bitcoin Core developer Eric Lombrozo said to Towns on Twitter.
Risks aside, if most developers and Bitcoiners think Taproot is a shoe-in for an upgrade, it shouldn’t take four years to activate, especially since it has already been so-long in the making.
After all, if Taproot’s been in the works since 2018, shouldn’t miners and node operators know what to expect?
As Blockstream CEO Adam Back put it on Twitter, “Taproot can’t be a surprise after several years.”
Blockstream Is Working on Simpler, More Private Multi-Sig Bitcoin Transactions
With Bitcoin’s long-awaited Taproot upgrade on the horizon, the engineers at Blockstream are working on a new scheme to improve multi-signature transactions.
These transactions, which require signatures from more than one private key to authorize spends, will stand to benefit from Taproot. This upgrade implements Schnorr signatures into Bitcoin’s codebase, a cryptographic signature scheme that will make creating and executing smart contracts easier on the network.
In a post-election day blog post, Blockstream engineers Jonas Nick and Tim Ruffing lay out a new multi-signature design that would reduce the technical complexity of multi-signature transactions in a way that still preserves privacy.
Nick and Ruffing, alongside French National Security Agency member Yannick Seurin, published a cryptographic e-journal on this MuSig2 design that is currently undergoing peer review.
MuSig2 combines the strengths of the two leading multi-signature designs without sacrificing trade-offs.
Bitcoin’s oldest multi-sig trick, the ‘CHECKMULTISIG’ OP-code, for instance, requires less communication from the signers of a multi-sig transaction but is less private than the MuSig1 multi-signature scheme, which improves user privacy at the expense of adding extra steps to the signing process.
Specifically, MuSig1 requires the parties in a multi-signature transaction to communicate in multiple rounds to approve a transaction.
MuSig2 would retain all the privacy guarantees of MuSig1 while only requiring two rounds of communication between signers to approve a transaction (e.g., Alice generates a 2-of-3 multi-signature transaction she sends to Bob for approval; Bob signs the transaction, sends it back to Alice and the transaction is approved).
“It offers the same functionality and security as MuSig1 but makes it possible to eliminate almost all interaction between signers. With MuSig2, signers need only two rounds of communication to create a signature, and crucially, one of these rounds can be preprocessed before signers know the message that they want to be signed,” the blog post explains.
Besides improving general multi-signature wallets, MuSig2 could stand to benefit Lightning Network privacy and improve so-called threshold signatures that are often used by exchanges and custodians for fund storage.
If Taproot is adopted in the coming months, then Blockstream will replace the MuSig1 standard with MuSig2 in a code library for Schnorr signature schemes. The post also hints that Blockstream’s Liquid sidechain may run the Taproot code early to test the multi-signature scheme before it is ready for deployment on Bitcoin’s mainnet.
Bitcoin Mining Pools Begin Signaling Support For Taproot/Schnorr Activation
Poolin has published a new tracker for mining pools that are signaling for Taproot, and in-development upgrade for the Bitcoin network that aims to boost transaction privacy.
As previously reported, Taproot — and, by extension, Schnorr signatures — are being bundled as part of a soft fork that, if approved and integrated, would represent the first significant update to Bitcoins since the addition of Segregated Witness. Taproot aims to make all transactions appear the same to outside observers, regardless of its composition or style.
According to Poolin’s tracker, three pools are signaling support for the Taproot/Schnorr soft fork. In addition to itself, BTC.com and Slush Pool are doing so.
The code for Taproot was merged into the library of Bitcoin Core last month, representing the final stage before the official deployment. How that process will exactly play out remains to be seen — as noted by Poolin, there are two approaches to activation for node operators (including miners).
As of the time of writing, Poolin accounted for nearly 18 percent of mined blocks in the past 24 hours, according to BTC.com. BTC.com accounted for about 9% of blocks, and Slush for about 2%.
Majority of Bitcoin Hashrate Signals Support For Taproot Scaling, Privacy Upgrade
Bitcoin mining pools representing over 54% of the network’s current hashrate have signaled support for the scaling and privacy protocol upgrade Taproot, merged into Bitcoin Core last month.
Bitmain’s Antpool backed the protocol upgrade Thursday morning in a message sent to Poolin, the pool told CoinDesk, joining five other pools in Poolin’s Taproot Activation initiative and pushing the percentage of hashrate in support of the upgrade over 50%. Antpool plans to publicly express its support in a forthcoming block’s coinbase.
Poolin’s vice president, Alejandro De La Torre, told CoinDesk he is “beyond happy” that most major mining pools have responded affirmatively to their “consensus-built effort” to support Taproot.
Notably, Binance Pool is the only top-five pool to not yet support Taproot.
Taproot aims to improve transaction privacy and enhance Bitcoin’s smart contract functionality. As an added bonus, it’s also designed to keep Bitcoin’s blocks small, with block space as accessible as possible.
“The only uncertainty with Taproot is when and how it will be activated,” said Daniel Frumkin, engineer and technical writer at Slush Pool, in a direct message with CoinDesk.
“In the end it should be a straightforward process with minimal drama,” he added, noting that Taproot is “not controversial.” Frumkin contrasted this proposed upgrade with the heated industry-wide disagreements caused by the 2017 SegWit2X proposal, which many miners also supported.
Seeing any miners opposing the Taproot upgrade would be a shock to Frumkin. “I’d expect the rest of the major pools to signal support in the following weeks,” he said.
Privacy Coins No More? Ciphertrace Files Patents For Tracing Monero Transactions
The firm claims it will be able to identify XMR used for illicit purposes to support criminal investigations.
Crypto analytics firm CipherTrace announced on Friday that it had filed two patents for technology capable of tracing transactions for privacy coin Monero.
In a Nov. 20 blog from CipherTrace, the firm stated that the patents would include forensic tools to explore Monero (XMR) transaction flows to assist in financial investigations, statistical and probabilistic methods for scoring transactions and clustering likely wallet owners, as well as visualization tools and ways to track stolen or illegally used XMR.
“CipherTrace’s Monero tracing capabilities will allow [Virtual Asset Service Providers] to identify when inbound XMR may have criminal origins, allowing them to adequately risk rate customer transactions per any required regulations,” the blog stated. “[Our] goal is to enable the detection of criminal users, therefore increasing the safety and sustainability of privacy coins like Monero in the future.”
While Bitcoin (BTC) is still the preferred medium of exchange for many darknet market users, there has been increasing acceptance for privacy coins like XMR. Law enforcement agencies have not yet determined a reliable way to trace Monero, and firms like CipherTrace have an opportunity — the company has reportedly been working on a means to trace XMR transactions since early 2019.
CipherTrace CEO Dave Jevans told Cointelegraph in August that the firm developed the first tool for tracking Monero transactions. Such a tool could potentially support investigations of crimes and reduce incidents of money laundering.
The company has stated it developed these Monero-tracing tools as part of a project with the U.S. Department of Homeland Security, but the latter isn’t the only government agency looking for a way to identify XMR wallets, transaction dates and times. In September, the Internal Revenue Service announced it would give a bounty of up to $625,000 to anyone who can break Monero.
Capabilities for CipherTrace’s tracing tools have not yet been confirmed. One Monero Outreach representative told Cointelegraph in October that they would be “highly suspicious of any claims that corporations can trace Monero transactions” and any firm that did so would be unlikely to “trace the wallets or amounts for any transaction.”
The price of Monero is $123.37 at the time of publication, having fallen 3.6% in the last 24 hours.
‘Secret’ Bridge Turns ERC-20 Tokens Into Privacy Coins
“Secret Tokens combine the programmability of ERC-20s with the privacy of coins like Zcash or Monero.”
An open-source blockchain protocol called the Secret Network is now offering privacy features for the Ethereum blockchain and 14 ERC-20 tokens.
According to a Secret Network blog post, the protocol launched its Secret Ethereum Bridge on the mainnet today, which is designed to allow Ether (ETH) and all ERC-20 token holders to create programmable versions of their assets with privacy features. The Secret Network compared these “secret” tokens to privacy coins like Monero (XMR):
“Secret Tokens combine the programmability of ERC-20s with the privacy of coins like Zcash or Monero. Interactions with Secret Token contracts are encrypted, viewable only to address owners or holders of their viewing key.”
Secret Network said that it would initially offer these privacy features to 14 ERC-20 tokens, including ETH, Yearn.Finance (YFI), Uniswap (UNI), Band (BAND), Compound (COMP), Chainlink (LINK), Aave (AAVE), Kyber (KNC), Synthetix (SNX), Ocean (OCEAN), Maker (MKR), Dai (DAI), Tether (USDT), True USD (TUSD), and wrapped Bitcoin (WBTC).
The latest Ethereum announcement is part of a broader plan from the Secret Network to bring privacy features to public blockchains. Developers can build and deploy the protocol’s “secret” smart contracts that use encrypted inputs, outputs, and states. These contracts reportedly allow a blockchain to utilize private data in decentralized apps without compromising users’ personal data.
The protocol said it was also planning on launching bridge mining rewards starting in January. Crypto users can earn Secret’s SCRT tokens for keeping their assets locked on the Secret Ethereum Bridge.
Blender Launches Decentralized Privacy Bitcoin Wallet
Launched in September 2020, Blender Wallet by Blender.io, a recognized privacy team, represents a new-gen approach to anonymous Bitcoin (BTC) wallets. It merges an unparalleled level of decentralization and an intuitive user interface.
Why Do You Need A Decentralized Bitcoin (Btc) Wallet With A Built-In Mixer?
A decentralized cryptocurrency wallet refers to a type of service with zero points of centralization. This means that it does not rely on the server, node or website. Users of decentralized wallets are solely responsible for their keypairs.
Don’t Trust; Verify
Decentralized (trustless, noncustodial) wallets eliminate the need for its customers to rely on the service team when storing crypto and authorizing/receiving transactions. Thus, their customers are less vulnerable to the issues typical with CEXs: account restrictions, withdrawal delays, government shutdowns and so on.
It is very difficult for malefactors to hijack users’ data or coins when they are not allocated to centralized storage.
Also, issues of tracking and deobfuscating addresses and transactions are really thorny in 2020. Regulatory watchdogs in many countries are exploring more and more tools to find out how Bitcoiners use their assets and for which purposes?
Even the coins that emphasize their devotion to privacy – Monero and ZCash, for example – are targeted by regulators. Thus, using a mixer, a service that “blends” the transactions to obfuscate their routing, is a must for contemporary crypto users.
Introducing Blender Wallet: When Privacy Meets Powerful Functionality
Blender Wallet is a flagship B2C product by top-tier privacy-focused team Blender.io. It should be referred to as a noncustodial decentralized multi-purpose Bitcoin (BTC) wallet with built-in coin mixer.
Main Functions Of Blender Wallet
First of all, Blender Wallet provides its customers with a safe and secure environment for storing their Bitcoins (BTC). Blender Wallet supports Segregated Witness Bitcoin (BTC) scalability technology and assists users in creating SegWit addresses for fast and cheap transfers.
All Blender Wallet transactions are obfuscated through the in-app Bitcoin (BTC) mixer. Thus, all user activity in the Bitcoin (BTC) network becomes literally untraceable. It is the pioneering product that allows users to reach that level of anonymity without special blockchain skills.
At press time, Blender Wallet is available as a web interface, while the mobile application for Android devices is coming soon.
Useful Features For Retail Payments
Blender Wallet is one of a few wallets that allows all clients to manage multiple Bitcoin (BTC) addresses simultaneously. It may be of crucial importance for freelancers or contractors. On the other hand, employers who decided to pay employee salaries in crypto will enjoy a “one-to-many” transaction feature.
Users can label their transactions in one click to manage their expenses easily. For instance, Bitcoiners onboarded by Blender Wallet can identify payments related to work, recreation and entertainment, digital bank transfers and other categories.
Similar labels can be attributed to addresses as well. Once labeled, the owner of the wallet can search for addresses and transactions using customized keywords.
All transactions authorized and received with Blender Wallet are charged with zero service fees, so clients only pay the miner’s commission to have their transactions included in new blocks.
Setting Up Your Decentralized Bitcoin (BTC) Wallet With Blender Wallet
Since Blender Wallet is a KYC-agnostic platform, it does not require users to disclose their critical personal data, e.g., real name, phone number, email addresses and country of residence, among other things.
It takes five steps maximum to get your Bitcoin (BTC) account set up with Blender Wallet.
1. First, you need to click on the “Create” button on the main page and pass captcha to avoid spam registrations.
2. In the second step, the user creates his/her own encoded mnemonic (like an ordinary password). This will help the user to access funds but will not be sufficient unless he/she inputs a seed phrase (see next step).
3. The third step is a crucial one. Blender Wallet gives the user his/her seed (“mnemonic”) phrase of 24 words. This phrase should be secured in physical storage. Blender Wallet does not store passphrases and mnemonic phrases.
4. The next step just asks the user to verify his/her mnemonic phrase, or four words out of 22.
5. Two-factor authentication is the last step. It is not necessary and can be skipped. If it is important for you, you should prepare a second device through which to authorize your usage of Blender Wallet.
Once this step is completed or skipped, the Bitcoiner can enjoy a seamless anonymous BTC storage and transaction experience with Blender Wallet.
Blender Wallet by Blender.io represents a new type of privacy-focused Bitcoin (BTC) wallet. It merges the benefits of full anonymity and intuitive user experience. Its functionality is enhanced by unparalleled retail payment features.
Also, Blender Wallet offers all of its clients in-app Bitcoin (BTC) mixers to obfuscate critical transactional data.
Bitcoinmix Makes A Difference In Anonymous Cryptocurrency Use
There have been concerns raised about the privacy associated with cryptocurrencies such as Bitcoin and Ethereum.
Many users would want to have a measure of privacy but unfortunately, such features were not incorporated in the codes of these coins. This is why a Bitcoin mixing service, Bitcoinmix.org was established to give people access to this anonymity while using Bitcoin and Ethereum.
The company has taken cognizance of the need for anonymity and developed an algorithm that is resistant to the conventional blockchain analysis, thereby ensuring that clients’ transactions are effectively anonymized.
The company achieves this through the holding of large volumes of bitcoin and ethereum with which it effectively mixes the incoming coins of the customers. This obfuscation ensures that the mixed coins are dissociated from the transaction made using the originating wallet.
The company’s services has been of immense help to users who hold large volumes of coins and would not want to have unwanted attention. Every transaction made on such wallets that are channeled through this service isolates the wallet from the transaction.
Other clients are those who want to keep away malicious players such as hackers. This is even so important for users who have substantial volume of coins in their wallets. Bitcoinmix which started as a service that focused on mixing bitcoin has grown in recent months. The company expanded its blending service to include the mixing of ethereum in addition to its bitcoin mixing for which the company is known.
With the introduction of ethereum mixing service, users of ether can now access the anonymizing service. So sending and receiving of ether can be done anonymously.
Bitcoinmix has been rated as one of the oldest and reliable coin mixing services in the industry as it has built a reputation as a reliable mixer in an industry in which credibility means everything. This is despite the fact that blockchain was invented to exclude third party involvement in transactions and business.
The service does not take away from the concept but ensures that the lapses created by openness of the blockchain are ameliorated. This is why our services have become popular over time.
The company’s services can be accessed at Bitcoinmix.org. The easy to use platform was designed in a way in which the client doesn’t need to input personal details in other to use the service. Essentially, the customer sends their coins which are mixed and then other coins held by the company are sent to the address designated by the customer.
Equivalent volume of the deposited coins meant for mixing are sent to the customer. These coins are just like newly minted and have no history which could be traced through blockchain analysis.
So if you’re thinking of ways to use cryptocurrencies anonymously, the company’s service is what you need. Even though the focus in the meantime is on blending bitcoin and ethereum, there’s hope that this service would be extended to other coins that their users need to conduct more anonymous transactions.
All Major Mining Pools Now Support Taproot, Bitcoin’s Biggest Upgrade In Years
Binance Pool, the mining pool run by one of crypto’s biggest exchanges, is prepared to support Taproot, a good omen for the next major Bitcoin upgrade. The addition of Binance Pool to the “yes” column means that all the major pools are now on board.
Taproot is a scaling and privacy change that will be the biggest upgrade the digital currency has received in years – and it’s far less controversial than the last one.
According to crypto mining pool Poolin VP Alejandro De La Torre, Binance Pool says it will support the Taproot upgrade, clearing up any ambiguity, since the pool was the only one with over 10% of the network that hadn’t said “yes” to the proposal.
Binance Pool represents 11% of the Bitcoin mining hashrate, so its support pushes mining pool support up to about 91% of the hashrate.
Binance did not respond immediately to request for comment.
De La Torre leads Taproot Activation, an initiative to find out if there is agreement on Taproot as a change. According to the website, a few smaller mining pools, including Lubian.com and BTC.TOP, have not responded about whether they support the upgrade or not.
Signaling For Taproot
This support from miners comes in stark contrast to SegWit, Bitcoin’s last major upgrade, which activated in 2017. SegWit was deployed by way of BIP 9, requiring that 95% of mining pools flag support the change before the change would officially activate. To block the change, mining pools simply did not flag,
So far, mining pools have no problem with Taproot. Binance Pool’s support is a bellwether sign that the change could activate soon if no one finds some sort of fatal flaw in it.
This news is particularly consequential because if Taproot is deployed by way of BIP 9, then mining pools will need to flag that they’re ready for the change before it can activate.
But there’s still some debate about this process. The mechanics of Taproot itself are not controversial. Bitcoin’s most active developers all but universally agree it’s a positive change.
Still, how to deploy the change is still up for debate. Over the last several months, developers have been discussing the best way to deploy Taproot. To oversimplify a complex debate, some think BIP 8 would be better because it doesn’t allow mining pools to block the change out of sluggishness or apathy.
Knowing that mining pools, such as Binance Pool, support the change might give BIP 9 a boost.
Bitcoin Miners, Developers Narrow Down How Taproot Will Be Activated
* Bitcoin miners representing roughly 91% of the network’s hashpower have demonstrated support for Bitcoin’s biggest upgrade in years, Taproot.
* These activation methods vary the length of time required and whether or not to include a measure that would force the upgrade through full nodes with a “user activated soft fork.”
* Given miner support, Bitcoin developers believe the upgrade should activate without issue, regardless of the specific proposal chosen.
Now that most all major mining pools have pledged support for Bitcoin’s Taproot upgrade, all that’s left is the actual activation – but the members of Bitcoin’s open-source community have to pick the method first.
There are currently a handful of proposals vying for attention among Bitcoin’s stakeholders. Summing up the differences between them, some of these allot longer activation times than others, and some would allow the upgrade to be “forced” through full node activation if miners don’t put their hashrate where their mouth is when the time comes.
Bitcoin Upgrade: Multiple Paths To One Destination
Bitcoin’s biggest upgrade in half a decade, Taproot will enrich Bitcoin’s smart contract scripts, making it easier to execute highly complex transactions on the Bitcoin blockchain. Among other things, this will improve multi-signature software and privacy for the network.
Bitcoin developers have proposed multiple ways to bootstrap the upgrade, but they all rely on some version of Bitcoin Improvement Proposal 8 or Bitcoin Improvement Proposal 9 (BIP8 and BIP9, for short). Each proposal is similar but offers slightly differing approaches to activating the upgrade, which will require cooperation from both Bitcoin miners and node operators to go smoothly.
There are two primary versions of BIP8 vying for attention: one version, called BIP8 (true) includes a “flag day,” at which point the update will be forced via full node activation, even if miners fail to adopt it; and one version, called BIP8 (false), wherein the upgrade simply fails if miners don’t adopt it.
“True” designates that the BIP includes forced activation, whereas “false” designates a version of the BIP that doesn’t have forced activation.
Why the addition of the forced activation, you might be wondering? One apprehension going into activation discussions has been whether or not mining pools would adopt the upgrade, considering miner reluctance stymied SegWit’s activation in 2016 and 2017.
Mining pools that represent roughly 91% of Bitcoin’s hashrate, though, have announced their support for the upgrade as part of an initiative spearheaded by Alejandro De La Torre, a VP at bitcoin mining firm Poolin.
Torre said Poolin’s takeaway from the survey is that “BIP9 is the most favorable choice” for activation.
Bitcoin cannot tell time, so BIP9 allots a signaling period that is gauged by Bitcoin’s block time (whereby a pre-defined period of time is measured via Bitcoin’s block schedule, which can be erratic). If enough miners adopt the upgrade during this timeframe, it is locked in and considered successful; if this threshold is not reached, then the upgrade fails.
Bitcoin Miner Support Could Mean Easier Activation
With miners behind the upgrade, BIP9 could provide the quickest and easiest route to activation, Ben Carman, a Bitcoin developer who has helped review Taproot’s code, told CoinDesk.
“In the beginning I was in favor of BIP8 because I was worried about miners being able to block the upgrade. However, with things like taprootactivation.com I have moved to being in favor of BIP9. It seems we have basically everyone on board to do the upgrade and BIP9 would be the simplest, as well as only require a couple lines of code to be started. Other methods would require larger code changes to implement new activation logic.”
The other activation methods Carman mentions, BIP8’s differing versions, are similar to BIP9 sans a crucial tweak: BIP8 includes an option to force the update through a “flag day” if miner signaling fails (this option would be employed with the BIP8 [true] activation method). Additionally, a smaller change measures activation time by block height instead of BIP9’s use of block times.
This change means that if miners don’t adopt Taproot, the update can be forced through full node activation at a certain date with BIP8 (true), or the upgrade can be paused per BIP8 (false) and resumed later.
If enough miners don’t adopt the upgrade during the signaling period for BIP9, though, the process fails and must be started over from the beginning.
‘BIP9-Style Activation’ Could Come From BIP8
BIP9 has been used in the past for Bitcoin soft forks (upgrades that are compatible with previous software versions). It was originally used to activate the SegWit upgrade, but not enough miners signaled for the update so other means were required. Under this scheme, if not enough miners support an upgrade the signaling period for it merely expires and the process can be repeated.
Jonas Nick, a Bitcoin Core developer who has been one of the leads on Taproot, told CoinDesk that “BIP9 style activation is the least disruptive path and therefore a reasonable choice,” but that it would most likely come from BIP8, hence why this route is called the “BIP9 equivalent.”
Assuming the upgrade will be adopted during the signaling period, the upgrade would be adopted as outlined in BIP9 (i.e., via complete miner support), but using BIP8’s activation logic, which measures the activation window through block times and which can easily be tried again if the upgrade fails.
That’s why, while “no one can say for sure,” Nick believes that fellow Taproot development lead AJ Townes’ proposal (a slight modification of the so-called “gently discourage apathy” route), could win out.
Taproot ‘Flag Day’
Under this scheme, miners would have a year to signal for the upgrade. If miners representing 95% of Bitcoin’s hash power signals for the upgrade during this period, Taproot activates without further action. If not, the update undergoes a reviewal period during which developers and miners cooperate to iron out the kinks.
After this period ends, a “flag day” would be coded into the update to force the upgrade through mandatory signalling, whereby node operators would only accept blocks from miners who support Taproot.
This would effectively be a “user-activated soft fork” (UASF), the same method proposed to activate SegWit, though the method proved unnecessary because miners adopted the update after the UASF proposal gained traction. This method is known as “forced activation.”
By giving miners plenty of time to upgrade but also maintaining a flag day just in case, the proposal is meant to discourage miners from “not updating out of laziness,” KoinKeep Bitcoin wallet developer Dustin Dettmer told CoinDesk.
Townes has sketched out what this proposal would look like, but the code for it has not been included into Bitcoin’s software. The method includes BIP8 (false), so this code would need to be reviewed and inserted into Bitcoin Core first, Nick said.
Taproot: Rooted In Risk?
Even as Nick and Townes put their weight behind the modified BIP8 implementation, Matt Corallo, another reviewer of the Taproot code, believes the activation method is too risky, even if miners are largely on board.
“The forks in Bitcoin, for better or for worse, define the process and benchmark by which future changes are made and evaluated,” he told CoinDesk. The SegWit block size wars, he continued, set “an incredibly high standard” for how “on-its-face simple change[s]” are made to Bitcoin’s software – namely, with conservative deliberation that takes as few risks as possible.
Corallo believes the mandatory flag day activation method proposed in other methods is unnecessarily brazen and indicates too much influence from Bitcoin’s developer community, unless all other activation methods have been exhausted.
“Some of the proposed activation methods being discussed throw [the lessons learned from SegWit] away, setting a visible precedent that Bitcoin can be changed with almost only developer buy-in and with coercive and marginally riskier activation, opening the door to re-litigating years-settled debates.”
Corallo “doubts activation [will] be an issue,” but he concluded by saying, “I see no reason to take that risk unless all other options have been tried.”
Offering his alternative, Corallo’s own Modern Activated Soft Fork (MASF) takes bits and pieces of both BIP8s. This activation path involves a year-long signaling period for miners. If enough miners do not update during this timeframe, then the upgrade would pause per BIP8 (false) to be subject to a six-month review to make changes (if any) to the proposal.
If, after this point, Taproot still doesn’t have enough support, then a two-year period begins wherein node operators can push the update through an opt-in, non-mandatory flag day.
As opposed to a mandatory option, which would force activate Taproot on all nodes running the latest version of Bitcoin on the flag day, this opt-in flag day would get Taproot up and running only on nodes whose operators chose to upgrade, not the entire network.
Opponents of the MASF proposal say the long activation timeline could result in apathy among users, where the time-lapse has them losing interest in the upgrade so they don’t adopt the code. Still others say that it’s an unnecessarily lengthy process, especially for an upgrade that would benefit multi-signature and privacy technologies waiting for Taproot to bring their projects to fruition.
Bitcoin Miners’ Preferences
Only one of the respondents to Poolin’s miner poll, BTC.com, favors Corallo’s method. Slush Pool and Ant Pool both responded in favor of the original BIP 8. Poolin itself and NovaBlock want the BIP9 equivalent wherein BIP8 (false) is used sans the flag day, while Luxor is putting its chips on BIP9.
Regardless of which proposal wins out, Jonas Nick conservatively estimates that Taproot’s activation will kick off sometime this year. Given that the upgrade is non-controversial and miners support it, the actual difference between each activation method could be of little consequence, Nick said.
“In my perception, because Taproot has overwhelming support many developers would be fine with any reasonable proposal,” he concluded.
Tor-enabled Bitcoin Nodes Are Back After Bug On Network
Anonymous Tor-enabled Bitcoin nodes normally make up as much as 25% of totally reachable Bitcoin nodes.
The Bitcoin (BTC) network has been steadily recovering in terms of running BTC nodes after a major outage on the Tor network.
According to the latest data from node monitoring resource Bitnodes, Tor-enabled Bitcoin (BTC) nodes are back to normal following almost a full-swing crash in early January 2021. As of Jan. 13, the number of reachable Tor-based BTC nodes amounted to 2,581, up from as few as 122 nodes on Jan. 9.
Based on Bitnodes data, Tor-enabled Bitcoin nodes make up a significant part of the Bitcoin network, normally accounting for about 25% of totally reachable running nodes. According to the latest recorded data, Tor-based nodes made up over 23% of total BTC nodes on Jan. 13.
According to Bitnodes, the current number of Bitcoin nodes amounts to 11,190 nodes, up from around 8,300 on Jan. 7.
A Bitcoin node is a computer connected to other computers to host and synchronize a copy of the entire Bitcoin blockchain and essentially keep the entire network running. Tor-based Bitcoin nodes are a type of node implemented privately using the Tor anonymous network.
The latest dip in Tor-enabled BTC nodes is likely to be caused by a recent crash on the Tor network. On Jan. 10, Tor Project officially announced that the Tor network was experiencing instability due to an implementation bug in its v3 onion service. Tech-focused news agency TechNadu reported that the outage was likely due to a hacker attack.
The downtimes in the Tor network subsequently affected a large number of Tor-enabled or so-called “onion” websites including private Bitcoin wallets and exchanges like Wasabi and Bisq. On Jan. 11, Wasabi reported that it managed to keep its services intact using a fallback system. “If the Tor onion service of the backend becomes unavailable for the user, the wallet falls back to communicating with the backend’s clearnet endpoint, still over Tor,” Wasabi wrote.
A spokesperson for Tor Project told Cointelegraph that there is no evidence that the Tor Network was under an attack but was rather triggered by traffic overload. “The outage may have come from a poorly written custom Tor client requesting directory information too often,” the person said. There is also no evidence that the traffic overload was actively trying to hurt v2 onions, the representative noted.
According to the spokesperson, the network “was always fully intact” but the traffic overload “destabilized v3 onions” due to a bug. As a result, v3 onion services were inconsistently reachable for a few hours on Jan. 9 and again for a few hours on Jan. 10, the person stated. A fix for the underlying bug is now in an alpha release on the Tor Project website.
Taproot Update: Bitcoin Users Home In on Activation Plan
The meeting ended with rough consensus in favor of BIP8 (false), as well as with approval of two possible methods to put this BIP into motion.
Many of Bitcoin’s most active stakeholders have just about nailed down the activation method for Taproot, the Bitcoin software’s biggest upgrade in years.
In a public meeting on Internet Relay Chat (IRC) Tuesday, Bitcoin developers, miners, business professionals and enthusiasts hashed out the specifics of how to package the Taproot upgrade into an update – and how to activate it once the code has been shipped.
The most active of the 200 or so participants on the chat (mostly, but not all, developers) seemed to agree on the Bitcoin Improvement Proposal (BIP) that would be used to activate Taproot. To prep the BIP for shipment, they also voted to “merge” two “pull requests” (PRs) on GitHub that outline the rules for Taproot’s activation logic into Bitcoin’s source code when the time comes to push the upgrade.
One of these, PR #1021, includes a measure to allow users to force activate the upgrade should miners not support it, while PR #1020 only “recommends” this forcing but does not enable it by default.
Since most all participants support BIP 8 without forced activation, as meeting leader and Bitcoin Core developer Michael Folkson noted in the chat, further discussion will pinpoint a date to begin activation – and further discuss the extent to which a “flag day” to force activation is necessary.
Why A Taproot Flag Day (Probably) Isn’t Needed
Not that miners blocking the upgrade should be an issue for Taproot, which has some 91% miner support, according to a survey run by F2Pool VP Alejandro De La Torre.
The survey provides crucial feedback from miners for Bitcoin’s decentralized organization, which cannot unilaterally coordinate updates the way a centralized software provider can.
Upgrades like Taproot require painstaking coordination between miners, full-node users (those running Bitcoin’s open-source code) and other stakeholders to ensure nothing goes wrong (like introducing a bug or splitting the Bitcoin network into two incompatible versions).
Because miners have shown no resistance to Taproot, most participants voiced a preference for BIP8 (false), with the (false) referring to the exclusion of a “flag day” to force activation through full nodes should the upgrade fail through lack of miner activation.
BIP8 as currently devised would give Bitcoin miners and full-node operators a year to adopt the upgrade, after which point the upgrade would be “locked in” with enough support. In one version of this, BIP8 (false), the update simply fails without enough support. In another, BIP8 (true), a “flag day” would force miners to signal for the upgrade when the activation time frame expires if they did not do so beforehand.
Technical note: There are a few ways to upgrade Bitcoin, the easiest being through miner activation where mining pools upgrade and begin mining blocks under the new rules. Failing this, node operators can upgrade and choose to reject blocks from miners who have not signaled support for an upgrade.
This so-called “user activate soft fork” (UASF), also used to activate SegWit, would force holdout miners to adopt the new upgrade.
“Completely anecdotal but I’ve not seen any [emphasis theirs] opposition to Taproot,” one willcl_ark said in the chat, referring to whether or not a flag day is necessary. “I think using the lowest common denominator of activation parameters (false) seems like the sensible choice to avoid any purposeful or accidental chain splits in the case miners don’t signal.”
What’s the holdup?
Still others, like prolific Bitcoin Core developer Luke Dashjr, are not convinced the inclusion of a flag day is unnecessary. In fact, it’s a matter of principle to demonstrate that node operators decide software, not miners.
“It doesn’t matter,” he said in the chat in reference to miner support. “Miners do not decide protocol changes,” he continued, intimating that it’s the node operators who decide instead by choosing what software to run.
Further, he espoused that BIP8 (false), “let[s] miners decide” the fate of the upgrade. When the time comes, he said later in the chat, he will configure his node to run the BIP8 (true) version that rejects non-Taproot blocks from miners.
“BIP8 with mandatory [activation] is not an unnecessary show of force,” said hsjoberg, reiterating Dashjr’s belief that the user-choice of a UASF is a necessary check and balance on miner apathy.
Still, a show of force could introduce unnecessary risk and set an unwelcome precedent for future upgrade deliberations, especially when miners have given users no reason to be combative, so go the arguments in favor of BIP8 (false).
“[BIP8 false] is safer than [true], so it’s worth doing [false] first given that we know hashpower is ~90% already pro-Taproot,” Bitcoin Core and CoinSwap developer Chris Belcher said.
Others like Suredbits and Bitcoin Core developer Ben Carman pointed out that you could configure the upgrade later on into activation to include the flag day should miners fail to signal, “making it safer and easy for users to enforce the UASF.”
At the end of the meeting, the participants agreed to merge pull requests on GitHub for both a non-forced activation route (PR #1020) and a forced activation route (PR #1021). With both of these rules in Bitcoin Core’s GitHub, the rules for a forced activation could be used only if necessary.
The chain split scenario that willcl_ark described is basically the bogeyman everyone wants to avoid here. The fear is that BIP8 (true) requires 100% of hashrate to signal for the upgrade after the Taproot activation deadline ends.
Thus, if enough users went this route at the same time that others use BIP8 (false) for non-forced activation (which only requires 95% of hashrate), the two different code versions may create two incompatible histories of Bitcoin’s transaction ledger.
That’s why, if forced signalling must happen at all, it’s best to do so through AJ Townes’ PR #1021, which “makes it safer for the UASF option which is the most ‘dangerous’ scenario,” Carman wrote in the chat.
For now it seems as if those involved in discussions favor BIP8 (false) with the addition of a UASF through PR #1021 if needed, but further discussion is needed to hammer out the exact timeline of the initial activation period (or how long users have to upgrade after the update goes live), as well as what activation date to set.
These “what ifs” and “whens” will be hashed out, among other matters, in a meeting next Wednesday.
How Bitcoin’s Taproot Upgrade Will Improve Technology Across Bitcoin’s Software Stack
Scaling, privacy and custody software will all benefit from Bitcoin’s biggest upgrade in years.
Bitcoin’s Taproot upgrade is (basically) a shoe-in as Bitcoin stakeholders figure out the best way to bring it online.
Digital signatures are created from the private keys that control bitcoin wallets and are required to approve transactions. Taproot addresses will use Schnorr signatures, rather than Bitcoin’s current signature algorithm, the elliptic curve digital signature algorithm, or ECDSA for short.
In terms of data and processing, Schnorr signatures are smaller and faster than ECDSA signatures and also have the added benefit of being “linear,” which means Schnorr-based smart contracts can be optimized for functions that ECDSA signatures cannot.
These differences have made Taproot a highly anticipated upgrade because it will give Bitcoin a boost to transaction privacy and allow for more lightweight and complex “smart contracts” (an encoded contract with self-executing rules).
he tooling and coding improvements Taproot brings will be largely under the hood and will be a boon to developers. Regular Bitcoin users, however, will also benefit from usability, performance, and privacy improvements to multisignature (multisig) technology, privacy software and even scaling tech like the Lightning Network.
Without Taproot, applying the following upgrades to these softwares would either not be possible or not be as viable.
MuSig2: Boosting Privacy And Efficiency Of Multisig Transactions
Bitcoin development hub Blockstream is developing a new multisig software, MuSig2, which will make multisig transactions more efficient, cheaper and more private.
Unlike usual Bitcoin wallets, which only require a single signature from a private key, multisig wallets require at least two or more signatures from different private keys to approve a transaction. The idea is to distribute the risk of a wallet among multiple keys and, if needed, multiple parties.
Under the current design with ECDSA contracts, multisig transactions record the signature of each multisig participant individually.
Schnorr signatures would allow each signature to be recorded as one signature on the blockchain, making the transactions more lightweight in data, and thus cheaper.
“[Taproot] benefits multisig wallets such as Blockstream Green because using MuSig2 is cheaper and more private than current multisig setups,” Blockstream researcher and applied cryptographer Jonas Nick told CoinDesk.
The Bitcoin upgrade will also raise the limit on signers a multisig wallet allows from 15 to a “much higher number,” said Bitcoin developer Chris Belcher.
Schnorr-signature based transactions are more private because, thanks to so-called scriptless scripts, all Taproot transactions have the same digital footprint. That means a single signature transaction and a multisig transaction look the same on the blockchain under Taproot’s rules.
This privacy improvement spills over into other areas of Bitcoin’s development, too.
“MuSig2 also improves efficiency of multi-party contracts such as Lightning Channels, CoinSwaps or discrete log contracts, and improves the privacy of routing in the Lightning Network by enabling ‘scriptless scripts.’ This also means that the anonymity set of regular transactions would become larger because, for a blockchain observer, it could just as well be part of a multi-party contract or multisig wallet,” Nick said.
CoinSwap: Disguising Mixed Coin Transactions
All of the softwares Nick referenced rely on multisig wallets to bind market participants in cryptographically reinforced rules of engagement called smart contracts.
One of these, the privacy protocol CoinSwap, is widely considered to be the best successor to CoinJoin, currently the most popular software for “mixing” bitcoins to obscure their transaction history.
One shortcoming of CoinSwap’s precursors including CoinJoin is such transactions show up as distinctly different from normal ones. This makes it easier for blockchain analysis to pinpoint CoinJoins on-chain, thwarting any privacy benefits.
According To Belcher, Bitcoin’s Taproot Upgrade Will Fix This Problem.
“A good benefit of Taproot is also that it allows scriptless scripts. As you may know, protocols like Lightning Network and CoinSwap depend on so-called hash time locked contracts. Currently these contracts are visible on the blockchain. The thing that scriptless scripts allows is for those contracts to also look exactly the same as a Taproot single-sig transaction.”
Point Time Lock Contracts: Making Lightning More Private
As Belcher points out, Bitcoin’s Lightning Network uses hash time locked contracts (HTLCs) to facilitate transactions. But Schnorr Signatures would pave the way for point time lock contracts (PTLCs), an improvement on HTLCs that allow for more private and efficient smart contracts for Lightning.
The privacy gain comes from a modification to how Lightning Network nodes “route” transactions. Lightning transactions must be sent directly and peer-to-peer on what are called “payment channels.” Otherwise, lacking this direct connection, payments must be routed through peers to which both the sender and receiver are connected.
Lightning Network nodes route transactions by passing on a hash of the payment to each node on that payment’s path. PTLCs alter this hash by adding random info at each hop to make the payment less traceable to any party conducting blockchain surveillance.
Additionally, PTLCs will enable more complex smart contract logic to facilitate unprecedented blockchain escrow conditions and to improve oracles. (Since a blockchain can’t process data outside of its network, an oracle feeds this data to it.)
“Technically, [PTLCs] could be done today with ECDSA but it doesn’t have the same proven security, and if it was implemented it would have to be redone once we get Taproot,” Ben Carman, a developer at Suredbits, told CoinDesk.
Other Taproot improvements
Carman and his colleagues at Suredbits have been working on discrete log contracts (DLCs), a fairly new smart contract logic for Bitcoin that, while working today, will be more flexible and easier to use when Bitcoin’s Taproot upgrade kicks in.
Belcher told CoinDesk that Schnorr signatures will also enable “batched validation” wherein a Bitcoin full node could “validate 1,000 Taproot signatures in nearly the same time it takes to validate one [ECDSA] signature.” This scaling solution would significantly speed the time it takes a node to verify all signatures in a block.
Additionally, Taproot could use “ring signatures” to give users the ability to prove they own certain coins without having to reveal the public key associated with those coins.
“That means someone could prove that they own a certain coin without revealing which exact coin. For example, it would be possible to prove you own at least 1 BTC (or any amount) by doing a ring signature over all the Taproot [unspent transactions] worth more than 1 BTC, and yet it doesn’t actually reveal which is yours,” Belcher said.
This has implications particularly for Lightning Network node operators who want to prove payment channel ownership without sacrificing privacy.
Bitcoin Taproot Upgrade Nailed Down For July, But Some Finer Details Still Aren’t Finalized
The finalized code for Taproot will be shipped in March, but will it house the “user activated soft fork” feature that threatened to activate SegWit?
A release date and activation timeline are set for Bitcoin’s Taproot upgrade, but developers and other stakeholders are still debating the best method to coordinate Bitcoin’s biggest upgrade since SegWit.
Per a public IRC chat discussion, the code for the fully primed-and-ready Taproot upgrade will be deployed sometime between March 17 and March 31 (or April if necessary), but the actual signaling that kick-starts the activation process probably won’t start until July.
If everything goes as planned, then Bitcoin’s “economic majority” (miners and node operators who run Bitcoin’s code) could update within two weeks of the signaling period’s start. Come August 2022, Taproot’s activation period will reach its timeoutheight and signaling will end.
Assuming mining pools reflecting 90%+ of Bitcoin’s hashrate support Taproot before the timeoutheight (as one survey indicates), then the vast majority of support would ensure Taproot is a success, and the other 10% or so (the “economic minority”) can update without consequence afterward.
But what happens if the mining pools don’t signal to activate Taproot? Well, that’s where the hang-up is in discussion right now. But for some of Bitcoin’s stakeholders the hang-up shouldn’t even exist.
True Or False?
First, a quick note about Bitcoin upgrades.
Unlike a centralized network, whose central operators can mandate an upgrade whenever and however they choose, Bitcoin’s network is decentralized, so upgrades require deliberate decision-making and discussion among Bitcoin’s stakeholders (namely, developers, miners, business and power users).
Taproot is a “soft fork,” meaning a change that is compatible with previous versions of the software (unlike a “hard fork,” where newer rule-sets and older rule-sets are incompatible).
Soft fork or not, at the heart of the matter for activating Taproot is whether to give node operators (those individuals running Bitcoin’s source code) an option to force activate the upgrade if a supermajority of miners fail to support it before the timeout.
This would allow node operators to reject blocks from miners who don’t support the upgrade. This sort of measure (a so-called “user-activated soft fork”) was used to prod along the SegWit upgrade activation in 2017 and is believed to have budged the Overton window for miners to accept the upgrade.
The other option is to not include this feature at all. These Bitcoin Improvement Proposal (BIP) options to force or not force the upgrade are referred to respectively as BIP8 (true) and BIP8 (false), also known as LOT=true and LOT=false.
LOT is short for lockinontime, a feature that dictates whether Taproot will be “locked in” if network-wide activation isn’t reached when the timeoutheight is reached; the (true) option automatically mandates the upgrade after the activation window expires, while (false) lets it fail entirely.
Opponents of BIP8 (true) say this aggressive measure is gratuitous because Taproot isn’t at risk of failing. As Bitcoin Core contributor Andrew Chow put it, with the Taproot activation survey sent to miners, “the community has already decided to activate, [so] there’s no need to [do] LOT=true. Miners are part of the community.”
Could Taproot Activation Cause A Bitcoin Chain Split?
Still others in favor of BIP8 (true) believe it is a necessary feature for coordinating the upgrade, which in the rarer circumstance of extreme discoordination, could split the Bitcoin network into incompatible versions if something goes wrong.
“LOT=true does not split the chain. It strictly reduces the likelihood of that,” BIP8 (true) primary proponent Luke Dashjr said in the chat.
Dashjr shares this view with others, like hsjoberg, who noted, “Lot=true would make sure upgraded nodes mandate a specific chain.” This means that node operators who run true would mandate that the Taproot-activated version of Bitcoin is the “real” chain, so theoretically this would help coordinate consensus between actors to avoid a split.
One brg444 contended that “if lot=true activates there will be a network split.” But this would only be if the forced activation went through. Brg444 said they think this is unlikely, because the threat of this very split would be enough to scare miners into activating before the forced activation occurs.
The Ghost Of SegWit Past
But Is A Scare Tactic Really Necessary Or Is It An Egregious Show Of Force?
“[In my opinion, people] have PTSD from SegWit … [they’re] being preemptively defensive for seemingly no reason other than they’re afraid of past events that now seem to have a low probability of actually occurring,” Lightning Labs CTO Olaoluwa Osuntokun said in the chat, referring to miners originally opposing the activation of SegWit.
“[P]pl are just shadow boxing casper rn lol,” he said later. “Let’s give [BIP8 (false)] a shot and revise afterwards if stuff actually happens.”
After all, if six months or so after activation begins miners haven’t signaled for Taproot, then LOT=true could be coded in after the fact to enforce the upgrade.
Still, this would add yet another step to the process, and making this change post-factum would be more cumbersome than just including it in the initial release. But some think it’s a more prudent decision, especially considering the stigma that brands Bitcoin development as a closed garden that is subject to the tending of developers only.
“LOT=true appears as if the developers are forcing a change upon the community. While that may not necessarily be the case, the appearance of that happening is not a good thing. Given that we don’t believe there will be any issues with activation, I would prefer LOT=false to avoid this view,” Chow said.
A Question Of Coordination
Notably, the last meeting to discuss Taproot seemed to indicate majority support for LOT=false. With only 100 or so attendees this round (as opposed to nearly double the attendance last time), and some favor growing for LOT=true, though, “we can’t really measure ‘community consensus,’” contributor Darosoir said.
According to the Taproot activation wiki, 26 attendees in yesterday’s meeting vocally favored LOT=false while 19 favored LOT=true (some more neutral parties indicated they would be fine with either).
Hardly representative of Bitcoin’s sprawling international community, the IRC chatters left the meeting without clear consensus on the precise activation parameters, with some voicing the need to boil down the complexities of the process to get a more informed opinion from the wider community.
“I will say, though, that I think this discussion would have benefitted from having a more clear view of the community overwhelmingly supporting this. Off topic for this meeting, but anyone interested in how to get better data around this, I’d be interested to work with,” Keagan McClelland, co-founder of Start9 Labs, wrote in the chat.
With a date set for the end of March and the bulk of the activation parameters chosen in BIP8, the final question to answer for Taproot’s deployment is whether or not to include the “user activated soft fork” measure from the get-go or not.
Taproot will ship by BIP8 in late March and activation is slated for July, so this question will have to be answered within the month.
Crypto Leaders Back MIT’s Four-Year Initiative To Harden Bitcoin’s Security
Crypto industry captains are throwing their support behind a long-term project from MIT’s Digital Currency Initiative to enhance Bitcoin’s security.
The Massachusetts Institute of Technology’s Digital Currency Initiative has revealed a new “Bitcoin Software and Security Effort” intended to foster research into bolstering the Bitcoin network’s defenses.
The open-source initiative has received support from a diverse group of crypto industry leaders, including Gemini’s Cameron and Tyler Winklevoss, MicroStrategy’s CEO Michael Saylor, Square CEO Jack Dorsey, and major European digital asset manager, CoinShares.
In a blog post unveiling the project, DCI said that Bitcoin’s ascent from an “obscure cryptographic toy” to a robust network that “secures on the order of $1 [trillion] of value” was due to the millions of hours invested into building the project by open-source developers.
Coinshares announced a $500,000 donation to the project and chief executive Jean-Marie Mognetti hinted that perhaps other crypto companies should do likewise:
“As a beneficiary of the work of hundreds of developers who secure, upgrade, and maintain the open-source protocols that underlie the Bitcoin network and the applications built on top of it, we believe for-profit firms in the digital asset industry have an obligation to fund independent, neutral development efforts and research that advances the mutual interest of all ecosystem participants.”
The DCI’s four-year research and development program aims to “harden the Bitcoin network and steward the industry’s commitment to funding open-source software.”
The blog post noted that, “The objective of DCI’s new program is to contribute neutral, expert resources to improving the robustness of the Bitcoin protocol. Bitcoin’s security is foundational to the underlying technology’s continued evolution, as well as the broad realization of the public-good promises of digital currencies.”
The post listed several key issues that MIT is exploring, including sustaining a senior team of Bitcoin developers, exploring new programming languages, and pre-emptive investigations against possible attacks,
MIT also stressed the need for the network’s security to grow and strengthen alongside increasing adoption, noting the challenge associated with coordinating a decentralized network:
“Unlike traditional assets, Bitcoin is software running on a decentralized network. Bitcoin’s security is predicated on the accuracy and robustness of the software and hardware running it, and the actions of those participating in the network.”
In July 2020, DCI researcher James Lovejoy warned that attempted 51% attacks — attempts to capture a majority share of nodes and thus control over the Bitcoin network — may be more plausible than previously thought.
Lovejoy stressed the need for active blockchain monitoring in order to identify 51% attacks targeting proof-of-work blockchains, stating: “You need an active observer to be monitoring the network to check whether or not an attack occurs.”
“Up until now we’ve been reliant on victims to tell us about whether they’ve been attacked. As you can imagine, if this results in insolvency or a loss of user funds, victims are often not super interested in revealing when an attack has taken place,” he added.
Bitcoin’s Taproot Activation Gains Momentum From New ‘Speedy Trial’ Proposal
Taproot is the largest upgrade Bitcoin has seen in years, and many are proposing projects on top of it.
Bitcoin developers have been debating the best way to activate the Taproot upgrade for at least a year. Some are hopeful a new proposal called “Speedy Trial” might put an end to the debate, by bringing forth a solution that more developers can get behind.
Ideated by Blockstream developer Russell O’Connor and written up on the Bitcoin developer email list by technical Bitcoin writer David Harding, “Speedy Trial,” would take a quicker approach than some of the other proposals in determining if miners are ready for activation of Taproot. All of the largest mining pools have already indicatedthey plan to upgrade.
“The idea received significant discussion and seemed acceptable to several people who could not previously agree on a proposal (although this doesn’t necessarily make it their first choice),” Harding wrote on the email list.
Taproot is the largest upgrade Bitcoin has seen in years, and many are proposing projects on top of it. It will boost privacy and scalability, and will bring a variety of other technical benefits.
Tentative Taproot Agreement
Consensus for changes to Bitcoin is hard because people from all over the world contribute to it and have different opinions about how things should work. But so far it seems like “Speedy Trial” is getting a fair amount of support.
“Seems almost everyone is on board,” developer Ben Carman tweeted.
Looking through the comments on GitHub, 100% of developers so far have responded with “ACK,” which indicates support for the proposal. Meanwhile, Bitcoin developer AJ Towns has already coded up a draft version of the activation proposal, which similarly has a long train of ACKs.
That said, it takes time to build consensus over such a consequential proposal. CoinDesk messaged several Bitcoin developers who have not yet voiced an opinion. Most said they had not yet had time to read the proposal. Another said he did not have an opinion yet.
‘Quickly Succeed’ Or ‘Quickly Fail’
The change itself, Taproot, isn’t being debated at all. Rather, developers are debating the best way to push through the change. No CTO or central leader is in charge of the network to impose new rules. Instead, a sizable portion of the global network needs to be prepared for the new Taproot rules.
If they aren’t prepared or if not all miners upgraded to the new software in time, there’s a chance the network could split into two.
Developers have different ideas of how to deal with this dangerous possibility. The above article goes into much more detail about the history of this debate and its potential consequences.
Speedy Trial would give miners a chance to flag if they’re ready or not – but would do so on a shorter time line than other proposals. Rather than giving miners a year to flag support as once proposed, which opponents argue is too much time, Speedy Trial gives miners three months. Another key part of the proposal is that after this three-month lock-in, there’s a waiting period of six more months before Taproot will activate.
“The goal of Speedy Trial is to allow a Taproot activation attempt to either quickly succeed or quickly fail – without compromising safety in either case,” Harding writes.
Beyond that, the proposal shares a lot of similarities with other proposals. If 90% of Bitcoin blocks in a window of time flag readiness, this should show that roughly 90% of miners are ready. At this point, the change will be locked in.
If this 90% lock-in threshold isn’t reached in three months, however, activation fails.
“There is no mandatory activation and everyone is encouraged to try again using different activation parameters,” Harding writes. At this point, users would need to come up with a new plan.
‘Speedy Trial’ Taproot Activation on Bitcoin Could Still Include A Safety Net
Speedy Trial is nearly approved for activating Taproot, but the code may still include a “user activated soft fork” safety net, just in case.
Taproot – Bitcoin’s most anticipated upgrade ever – has been “close” for a year now, but no one in Bitcoin’s community has agreed on how to activate it. With Speedy Trial, there might finally be a solution, though it may still involve a “user-activated soft fork” (UASF).
In a public meeting on Tuesday on Internet Relay Chat, Bitcoin stakeholders more or less agreed on the recently proposed Speedy Trial method, saying activation could begin this April or May (a month or so later than anticipated, when prior activation methods were on the table). There were no serious objections to the proposal in the meeting.
With Speedy Trial (more or less) receiving widespread support, the Bitcoin community is nearing the conclusion of a saga that began years ago. Assuming all goes as planned and Speedy Trial is a success, Taproot could be live on Bitcoin’s blockchain in November of this year.
And if it fails? Well, then the Bitcoin community learns new lessons about consensus. And it also means it could be back to square one with a “user-activated soft fork” as an inevitable activation method.
What Is Taproot?
Taproot will outfit Bitcoin with Schnorr signatures, a signature scheme which Bitcoin could have used from day one and which will give a boost to Bitcoin’s privacy, custody and scaling softwares.
Unlike SegWit, Bitcoin’s last big upgrade, there’s no opposition to Taproot. But even as the upgrade itself isn’t up for debate, the way to bring Taproot online has been the subject of some very heated debate.
That’s because unlike a centralized network or service, where one person or group of people can dictate upgrades unilaterally, Bitcoin has no central authority. Upgrades are debated painstakingly among hundreds if not thousands of stakeholders across social channels.
Even when an upgrade is a so-called “soft fork” like Taproot, meaning it is compatible between older and newer software, the implementation is treated with care. So if consensus on a Taproot activation route isn’t clear, it’s hard to move forward with an upgrade without sufficient support.
What Is Speedy Trial?
Such was the case with the so-called lockedintimeout or “LOT” debate.
Essentially, the community could not decide whether or not Taproot should fail if miners don’t adopt it, or whether or not the activation should include code for a “user-activated soft fork,” wherein node operators force activate Taproot by blacklisting blocks which don’t support the upgrade’s code (a similar “user-activated soft fork” scenario played a role in activating SegWit).
Bitcoin developer Russell O’Connor proposed Speedy Trial to break the deadlock and provide a fast trial-by-fire to see whether or not miners would upgrade quickly (and thus, whether a UASF is even necessary).
Under Speedy Trial, miners would have three months to signal support for Taproot after its code is shipped through Bitcoin Core, Bitcoin’s primary software version. If 90% of the blocks in a given time frame are not Taproot-supporting, then that means miners don’t support the upgrade and activation fails.
If the threshold is reached, then activation takes place after a six-month “locked-in” period. During this time frame, the upgrade is in the bag, but its actual activation is delayed to make sure there are no hiccups.
(One potential hiccup: Miners don’t actually have to upgrade to Taproot during the signaling period; they only need to signal their support, and they do so by including a unique bit of code in the blocks they mine. Thus, the delay partly exists so miners have ample time between signaling and activation to upgrade their nodes).
The code that would put Speedy Trial into motion could come either from Bitcoin Improvement Proposal 9 (BIP9), the code for which already exists, or through BIP8, which would need to be coded.
Running In Circles?
“We’re basically where we were a few weeks ago, but with more data,” Bitcoin developer Sjors Provost expressed on a Van Wirdum Sjorsnado podcast on Speedy Trial.
Indeed, this approach is a truncated version, in a way, of the LOT=False proposal that was previously debated alongside LOT=True.
Should Speedy Trial fail, it would resemble LOT=False in that nothing happens. This would also likely pave the way for a LOT=True scenario, some community members pointed out in a Tuesday Taproot Activation discussion.
“If Speedy Trial fails I think a UASF release is inevitable,” user Shesek said.
“Users would be advised to expect a followup ‘real’ deployment in the event this isn’t signalled,” Bitcoin developer Luke Dashjr said in the chat, with “real” meaning an activation by node operators through LOT=True or UASF. The prolific developer is of the opinion that Speedy Trial will fail because the timeline is too short and because miners may not activate even after they signal.
Putting To Bed Or ‘Punting’ The Problem?
In some respects, Speedy Trial is a consolation activation. It’s nobody’s first choice but people still support it because it may offer an end to what has become a tiring, dragged-out discussion over an upgrade that makes changes to a couple of lines of Bitcoin’s code (yes, really).
Blockstream and Bitcoin developer Rusty Russell likened Speedy Trial to “punting” the problem (namely, smooth soft fork activation coordination) down the field to deal with another day.
“I understand people are tired, and nobody wants conflict,” he said in the chat, while clarifying later his position that he believes Speedy Trial is “a terrible idea.”
According to Russell, it’s a terrible idea because it sets a precedent that the fastest and most effective way to an upgrade should win out, not one which makes node operators the final arbiters for choosing a change to Bitcoin’s software.
This arbiter role, Russell and those like him argue, was the key takeaway from the SegWit saga and one of Bitcoin’s most effective checks for users against powerful interests.
That’s why proponents of this line of thinking want code for some form of UASF included with the Speedy Trial release from the get-go.
If Speedy Trial fails, then activation would lean on a BIP8-style user-activated soft fork – a proposal that was previously discussed but which had no consensus, thus prompting Speedy Trial.
This activation method would take place after Speedy Trial and would include a year-long (or 15-month) signaling period, after which time Taproot would automatically activate on user nodes through the UASF. (This scenario would have Taproot activating in 2022 or, at the latest, 2023).
Still, Speedy Trial has to fail for this backup to take effect, and it appears as though stakeholders are on board with trying Speedy Trial first.
Yet another meeting will be held next week that could finally put the matter to bed.
New Taproot Activation Timeline Means The Upgrade Is (Probably) Coming To Bitcoin This Fall
If the timeline holds, Taproot’s November activation could make for an exciting autumn for bitcoiners.
Bitcoin’s developers and community members seem to have finally settled on a timeline to activate Taproot, Bitcoin’s biggest upgrade since SegWit in 2017.
Per notes from a public Internet Relay Chat (IRC) meeting, the code for Taproot could be ready for users to active in the Bitcoin Core client via “Speedy Trial” in May of this year. If Speedy Trial is successful, this would mean the upgrade could be online in November.
“There is broad agreement that we should target something like a May 1st release, with [a 1 week signalling start time afterwards],” Bitcoin Core contributor Jeremy Rubin wrote in meeting notes. If successful, this would mean an “activation time of around Nov 15th,” he notes.
Speedy Trial allots a three-month trial period to see if miners representing at least 90% of Bitcoin’s hashrate will signal their support for the upgrade. If this threshold is reached, then Speedy Trial is successful and the upgrade will be “locked in” three months after the beginning of signaling. After this, Taproot’s rules would be officially enforced in another three months.
(If, for example, signaling were to begin on May 7 and miners showed sufficient support, then Taproot would be locked in on Aug. 7 and go live on Nov. 15. The later the signaling begins, the later the activation.) New code in Bitcoin Improvement Proposal 8 (BIP8) will set the parameters for the Taproot activation, which will judge when to lock in the upgrade based on block height.
As stakeholders appear to be in agreement on the timeline, bitcoiners finally have a (more or less) concrete deadline for when they can expect Taproot’s code to be available to the public to download, marking an end to what has become a painstaking road to a relatively simple upgrade.
Taproot Activation’s And The Long Road To Consensus
There is still the caveat that May 7 may not be the exact start date of Taproot’s activation, but it will likely be somewhere around that time.
As ever in Bitcoin’s development, upgrade parameters are in constant flux because no single person or organization has final say over how development should proceed. It’s up to Bitcoin’s distributed, international community to come to a consensus on what changes to make to Bitcoin and, just as important as evidenced by the Taproot activation discussion, how those changes will be brought online.
Take the so-called user-activated soft fork (UASF) that was so hotly debated during the Taproot activation discussions. This would give node operators the option to force-activate Taproot should miners fail to update their own nodes with the upgrade by rejecting blocks from noncompliant miners.
Miners have given no indication, though, that they will reject Taproot, and the UASF proposal lacked enough support to make its way into Bitcoin Core, the software implementation that 99% of the Bitcoin network runs.
Still, Luke Dashjr and others are coding a UASF that anyone can opt into (but which won’t be included into Bitcoin Core) in case Speedy Trial fails. If Speedy Trial were to fail, then nothing would happen and Taproot would simply fail to activate. Under this scenario, a UASF could be deployed, probably next year, to bring the upgrade online.
This is largely unlikely, however, given broad miner support for the uncontroversial upgrade.
Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,Ultimate Resource For Crypto-Currency’s,