Ultimate Resource On Wasabi And Samourai Wallet’s Privacy-Enhancing CoinJoin Features (#GotBitcoin?)
Samourai Wallet has unveiled a beta version of Whirlpool, a CoinJoin service that enhances transaction privacy. Ultimate Resource On Wasabi And Samourai Wallet’s Privacy-Enhancing CoinJoin Features (#GotBitcoin?)
The company previously said that Whirlpool would be released to operate on Dojo, a much awaited bitcoin node built to work with the wallet.
This added feature disassociates crypto senders and their recipients, and makes it difficult to track the financial exchange. Samourai, a leading wallet service, is providing an easy-to-adopt layer of financial privacy for mainstream bitcoin users – and is emerging as one of the first companies to provide this technology.
CoinJoin is a process of anonymization that utilizes various privacy-enhancing software tools. First proposed by Gregory Maxwell in 2013, a “Chaumian CoinJoin” integrates Chaum blind signatures that allow the entry and exit of a transaction to be hidden by grouping and scrambling it with a collection of concurrent transactions.
The Whirlpool framework is a fully modular CoinJoin implementation that has been developed through a “heavily modified” fork of the ZeroLink theory, according to the company.
As noted in previous CoinJoin experiments, the challenge in garnering a mass of participants necessary to conduct blind transactions quickly can be difficult. It took several hours for 100 users of the privacy-centric bitcoin app Wasabi Wallet to gather and collectively execute a CoinJoin. To be sure, this transaction may have been the biggest of its kind.
Apart from the human challenge of organizing a CoinJoin, there are also built-in restrictions on the bitcoin network – such as the limit on the amount of data that can be included in a single transaction block – that limit the viability of CoinJoin. Additionally, some bitcoin enthusiasts believe that some forms of privacy and bitcoin’s built-in transparency are mutually exclusive. To which Samourai has responded:
Bitcoin Magazine also noted that CoinJoins may also increase the overall fungibility – a crucial attribute of money that ensures all units are identical – of the bitcoin network, by removing the tainted history of bitcoins previously used in illicit trades. By making bitcoin untraceable, CoinJoin diminishes the possibility of merchants refusing to accept “dirty money. This, as they say, may or may not be good for bitcoin.
Zcash’s Halo Breakthrough Is a Big Deal – Not Just For Cryptocurrencies
An under-appreciated, sideline payoff from cryptocurrency R&D is that it also generates advances within the sector’s component technologies.
The most important are occurring within the field from which the term “cryptocurrency” derives. Cryptography – essentially, the study of mathematical secrets – is as old as the exploration of ciphers in ancient times. But in the past 10 years, thanks largely to the invention of bitcoin and censorship-resistant money, it’s seen an explosion of activity.
That’s especially in the sub-field of zero-knowledge proofs, which enable the verification of facts that are derived from a secret the verifier cannot access. These advances matter because zero-knowledge proofs offer the tantalizing prospect of people transacting in confidence without accessing potentially compromising information about each other. Its potential goes beyond the narrow realm of cryptocurrencies to face the ultimate challenge of the Internet age: achieving security with privacy.
This is why a breakthrough by the Electric Coin Company, the startup behind zcash, is rich with potential. ECC had already been an engine of progress for cryptography by advancing the use of zk-SNARKS, another cryptocurrency-inspired addition to the zero-knowledge proof toolkit, with which zcash produces a provably auditable blockchain without revealing users’ addresses (a disclosure note: Digital Currency Group, CoinDesk’s parent company, is an ECC investor).
But the company’s recent announcement of Halo, a “trustless recursive” version of zero-knowledge proofs that provides a massively scalable solution to the field’s unwieldy reliance on “trusted setups,” is arguably bigger. If the discovery by ECC researcher Sean Bowe holds up to scientific scrutiny, it could one day unleash a host of powerful, real-world applications for the digital age that go far beyond cryptocurrency.
Might it even achieve the impossible: lowering the heat that zcash CEO Zooko Wilcox and his cofounders relentlessly receive for the 20% founder fee built into the cryptocurrency’s protocol, a deal that has delivered them millions of dollars’ worth of tokens since the launch in 2016? The founders justify the fee on the grounds that it both pays for maintenance and rewards research and development to strengthen the protocol. For now at least, this looks like a discovery that ECC can flag as money well spent – not just for zcash, but for the entire crypto ecosystem.
A Proof Of Proofs
Halo allows a user to both prove that no one involved in the initial establishment of a large-scale zero-knowledge proof system has created a secret backdoor with which to later amend the code and that that secure state has existed over the course of ongoing updates and changes to the system. Until now the risk of fraud at setup meant that zero knowledge proofs often required elaborate, costly procedures at the outset to instill confidence in users. (A prime example was the zcash genesis “ceremony” – recorded live on YouTube and documented in an entertaining episode for NPR’s Radiolab – when various founders and outside particiapants based in multiple locations went to extraordinary lengths to jointly and securely create the initial key pair and then demonstrate that none of them would ever have access to the private key.)
As such, zero-knowledge proofs were too cumbersome for anything other than privately proving small one-off facts. Repeating the inefficient, time-consuming trusted setup over and over again was costly. To be sure, one-off trustless solutions known as “bulletproofs” have been around since 2017, but they lack the recursive quality needed to verify the ever-accumulating information within a large, growing changing database.
Halo gets around this problem by establishing an accumulated “proof of proofs,” such that the latest mathematical output contains within it a proof that all prior claims to the relevant secret knowledge have themselves been sufficiently proven through a similar process. In a dramatic compression in computational requirements, all that’s now needed to verify the veracity of the entire database’s current state is a single mathematical proof. (The way Wilcox explained it to me, the process sounded similar to the efficiency gains of Merkle tree structures, which aggregate previously hashed information into a single root hash output.)
Cheap Full Nodes
The scaling benefits of this lightweight proofing system were illustrated with a mid-September demonstration by the EEC team using the bitcoin blockchain. They generated a proof of the current block’s proof-of-work integrity that also contained proofs of the integrity of every preceding block, all the way down the chain to Satoshi Nakamoto’s genesis block of January 3, 2009.
In light of the fraught debates in the bitcoin community over full nodes, decentralization and block sizes, this sounds like game-changer material. While there will still need to be nodes that read the full blockchain to identify transactions, the overall task of verifying the integrity of a blockchain could become a much less costly problem for the network as a whole. Ordinary users could achieve the ease-of-use and efficiency they need but do so with their own full verification nodes. It would thus negate the need for so-called SPV wallets, which rely on others to verify on the user’s behalf and so create a trust problem. For the network, the result could be greater decentralization at a lower cost.
The ECC is planning to integrate Halo into the zcash blockchain as a Layer 1 scaling solution. If it works, the zcash network might much more cheaply handle significantly larger amounts of on-chain data. This is a markedly different approach to the scaling problem from the Layer 2 model favored by bitcoin supporters of the Lightning Network, where scale is achieved by taking transactions off chain. If it works for zcash, one wonders whether bitcoin cash developers will be tempted to integrate it into their protocol to lower the cost of maintaining the larger blocks they adopted in the contentious 2017 fork from Bitcoin Core.
But it’s the potential for non-cryptocurrency solutions that makes Halo an especially exciting prospect. Wilcox even claims Halo “may turn out to be a building block for the next generation of the Internet and other such social infrastructure.”
In a conversation, he pointed to the vulnerabilities of large, ever-changing centralized databases such as that of the famously hacked credit scorer Equifax, as well as those of different states’ DMV outlets and of siloed medical record custodians. All must share information with other parties but struggle with the risks of doing so. “Now instead of them spitting out copies of a full report of the data, they keep the only copy but spit out zero knowledge proofs,” Wilcox said.
The ideal, however, would be to dispense with the centralized record-keeper entirely. Wilcox thinks Halo-like zero-knowledge proofs will pave the way. Taking the prior example one step further, he said, “What if instead of me saying ‘here is a proof that Equifax says I haven’t had any defaults over the last 10 years,’ I can say ‘here is a proof from all the 100 people that have lent to me over the past 10 years and each of them attests to me not having defaulted?”
Getting to such a utopia won’t happen quickly. Regulation, corporate incumbency and behavioral inertia will continue to pose resistance. And, to be clear, Bowe’s mathematical proof still needs to be subject to rigorous peer review.
But even if holes are found in the current iteration, they will be patched. Better versions will emerge.
The process of follow-on research that this discovery will unleash in all areas of the digital economy is undeniable. And if the world isn’t ready for such a radical reorganization of how we manage sensitive information, it will eventually be moved to adopt such changes by the relentless buildup of vulnerable databases and the ongoing attacks against them by increasingly sophisticated hackers. That’s a trend that led Juniper Research to recently assert that cybercrime will cost the global economy a stunning $5 trillion a year by 2024.
The world badly needs fixes for these giant challenges. Cryptocurrency developers are doing as much as anybody to find them.
Bitcoin Privacy Is The Only ‘Big Question’ For Devs, Says Poolin CEO
Bitcoin (BTC) needs to become more resistant to governments as a priority, the CEO of one of its biggest mining pools has said.
Pan: Privacy is Bitcoin’s “real problem”
In an interview with cryptocurrency media outlet Bitcoin Magazine quoted by Forbes on Oct. 17, Poolin’s Kevin Pan suggested privacy should form an essential focus for Bitcoin development.
“The real problem with Bitcoin may be privacy. There is no other big question if the privacy issue is solved,” he summarized.
Pan was commenting as cryptocurrency-related transaction privacy returns to the spotlight as international regulators dissect Facebook’s Libra digital currency.
As Cointelegraph reported, concerns over user data have formed the basis for rejection of the project from multiple sources, including finance ministers and United States senators.
In the future, Pan continued, Bitcoin will need to provide users with a way to avoid governments targeting them and their wallets.
“What is more troublesome now is if government or law enforcement departments begin to create a blacklist of transaction addresses, it will make certain transactions unable to be packaged. In fact, these can be done,” he explained.
“But if there is privacy, you can’t know who the address belongs to, and you can’t determine how much the amount is, and there is no way to control the currency system.”
Improving transaction privacy is already a central occupation of developers, both for Bitcoin Core and off-chain solutions such as the Lightning Network.
Certain user wallets claim to offer enhanced privacy for users already, but standards differ as developers attempt to seal technical loopholes.
Researcher Breaks Grin’s ‘Privacy’ Spending Just $60 Per Week
Mimblewimble, a privacy-focused blockchain protocol, is allegedly not private at all. According to an expert at blockchain research firm Dragonfly Research, Mimblewimble’s privacy is fundamentally flawed, which he reportedly proved by discovering the exact addresses of senders and recipients for 96% transactions of Mimblewimble’s privacy-centric coin Grin (GRIN).
Ivan Bogatyy, a researcher at United States-based Dragonfly Capital Partners, published a Medium post on Nov. 18 in which he claimed that he was able to break Grin’s purported privacy while spending just $60 per week on Amazon Web Services (AWS).
Mimblewimble Should No Longer Be Treated As An Alternative To Zcash Or Monero
According to the researcher, the problem is inherent to Mimblewimble, and there is no way to fix it. Based on new findings, Mimblewimble should no longer be considered as a “viable alternative to Zcash or Monero when it comes to privacy,” Bogatyy declared.
The expert added that Mimblewimble developers have been aware of the technical feasibility of such an attack since he posted a Reddit thread on the issue a year ago.
Bogatyy Lists Three Approaches To Privacy In Crypto
In the analysis, Bogatyy referred to anonymity sets, which are patterns that aggregate multiple transactions into a set, such that they can no longer be distinguished. Based on anonymity sets, Bogatyy pointed out three major approaches to privacy in cryptocurrencies such as Zcash, Monero and Mimblewimble.
According to the researcher, Zcash purportedly provides the maximum possible anonymity as its anonymity set includes all the shielded transactions. In Monero, users should pick their own anonymity set of size 10-25 for any existing on-chain unspent output from Bitcoin transactions (UTXO). In Mimblewimble, all transactions in a block are aggregated into one big CoinJoin, purportedly ensuring that an anonymity set is all the transactions that ended up in the same block.
However, Bogatyy says he has managed to catch 96% transactions before they could be aggregated with others for anonymity. “So in reality, there is no one in their anonymity set,” the expert claimed, adding that he was not able to hack all 100% transactions because there was a small minority of transactions that merged before most nodes could see them.
Following Bogatyy’s tweet, Ethereum co-founder Vitalik Buterin replied to emphasize that Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK) is an example of the only global anonymity sets that are secure. He tweeted:
“If your privacy model has a medium anonymity set, it really has a small anonymity set. If your privacy model has a small anonymity set, it has an anonymity set of 1. Only global anonymity sets (eg. as done with ZK-SNARKs) are truly robustly secure.”
Zcash is reportedly the first widespread application of zk-SNARKs, according to the firm.
Amid the news, Grin token has seen a sharp drop of price. With a market share of 12.7 million, the token is down more than 11% over the past 24 hours at press time and trades at $1.34, according to Coin360.
Grin Devs Respond: Mimblewimble Privacy Isn’t ‘Fundamentally Flawed’
The developers of privacy-centric cryptocurrency Grin (GRIN) have hit back at the fundamental claims of an article purporting to have “broken” the coin’s privacy model.
In a Medium blog post published on Nov. 19, Grin core dev Daniel Lehnberg argued that the so-called breakage did not go beyond the already-acknowledged privacy limitations of the coin’s protocol and relied on a passive attack vector that would be insufficient to glean actionable data.
Some Basics of Grin’s Protocol
Lehnberg’s post does not consist of a point-by-point takedown of the original article, which was published yesterday by Ivan Bogatyy, a researcher at United States-based Dragonfly Capital Partners.
Instead, it targets what it deems to be the purportedly unsubstantiated logical leaps and factual inaccuracies used by Bogatyy to corroborate his claim.
As previously reported, Grin’s protocol “Mimblewimble” is a variant of the cryptographic protocol known as Confidential Transactions, which uses cryptographic primitives known as “Pedersen commitments.”
These obfuscate sensitive transaction data rather than showing plaintext transaction values and can, therefore, prevent double-spending while improving privacy. They allow for the use of basic arithmetic using public parameters to validate transactions, while the correspondent transaction input and output values remain unknown variables.
The protocol notably does not use wallet addresses or public keys, only inputs and outputs. Because of this, each sender must contact a receiver via a private channel in order to construct a transaction.
Supplemental Privacy Features
As outlined in Cointelegraph’s coverage yesterday, Bogatyy had focused on the use of a default, supplemental feature to MimbleWimble called CoinJoin, which creates small “anonymity sets” by combining encrypted inputs into a single large transaction in such a way as to make it is difficult to distinguish which inputs are paying which outputs.
Bogatyy also claimed to have conducted a successful “attack” on a supplemental feature called “Dandelion” that is used by Grin to reduce the chance of so-called “spy nodes” recording transactions before cut-through, while they are still in an unconfirmed transaction pool (or “mempool”).
While the limitations of Grin’s overall privacy model — which is significantly more complex than space permits to outline here — are known, Lehnberg’s critique of Bogatyy’s research rests on what he judges to be key “inconsistencies.”
These include the implication that it would be possible for law enforcement to link intercepted data to a user address — when, as Lehnberg states, addresses do not exist within Grin’s privacy model at all. He adds:
“We have to assume that the author conveniently confused transaction outputs (TXOs) with addresses, but these are not the same. And, as we’ve already detailed, the fact that TXOs can be linked is hardly news.”
Lehnberg’s critique of Bogatyy’s claims continues to address several further points, with his central line of argument — details aside — resting on the statement that:
“The Grin team has consistently acknowledged that Grin’s privacy is far from perfect. While transaction linkability is a limitation that we’re looking to mitigate as part of our goal of ever-improving privacy, it does not ‘break’ Mimblewimble nor is it anywhere close to being so fundamental as to render it or Grin’s privacy features useless.”
As reported, Grin underwent its first network hard-fork this summer to introduce tweaks to its consensus algorithm in order to achieve greater resistance to ASIC miners.
In October, the Litecoin Foundation published two new draft proposals that pave the way toward integrating MimbleWimble in order to establish privacy features for the Litecoin (LTC) network.
Earlier this month, Grin received an anonymous 50 Bitcoin (BTC) donation to its General Fund, sparking a bizarre rumor that the generous soul behind it was Satoshi.
Grin’s Mimblewimble Privacy Model Under Threat After Alleged Break-In
On Nov. 18, crypto researcher Ivan Bogatyy published an article on Medium claiming that he had found an extremely easy way of bypassing Grin’s Mimblewimble privacy protocol. As part of his efforts, Bogatyy stated that he was able to trace over 96% of all Grin-related transactions in real time, including the addresses of the senders as well as recipients associated with these sets of transactions.
What’s more striking is the fact that Bogatyy claims he was able to achieve all this by spending just $60 a week on Amazon Web Services computational power, which helped connect him to Grin’s native blockchain nodes.
Not only that, but the Google AI research alum also claims that he could have quite easily exposed the addresses of “almost all” Grin users if he had decided to connect to all 3,000 of the system’s nodes. In this regard, Bogatyy wrote the following:
“Grin still affords a stronger privacy model than Bitcoin or other non-privacy coins, since amounts are safely encrypted. But Mimblewimble provides a strictly weaker privacy model than Zcash or Monero. This makes it insufficient for many real-world privacy use cases.”
As expected, as soon as these developments came to light, the future of Mimblewimble was immediately called into question by people around the globe, who began saying that the privacy protocol could no longer be trusted, since it was clearly not secure enough.
However, a few days after the initial report, Daniel Lehnberg, a member of Grin’s core developers team, published a blog arguing that the “alleged” break-in was confined largely to the protocol’s already-acknowledged privacy limitations. He also added that the attack was facilitated through the use of a passive vector that did not have the capacity to acquire any actionable data.
Lastly, Grin makes use of a technology called “Patient Dandelion,” which is basically a modified version of Bitcoin’s Dandelion++ proposal that was outlined in BIP0156. The protocol is commonly used to mask the IP addresses linked with any given transaction because it adds additional stem hops as well as other delays at each node junction. However, since Grin’s latest privacy scandal came to light, many experts are now calling into question the overall operational efficacy of Dandelion as well.
A closer look at Grin and its privacy framework
In its most basic sense, Grin can be thought of as an implementation of the Mimblewimble, or MW, protocol, whose privacy is derived from two key aspects:
The protocol employs confidential transactions to obfuscate transaction amounts.
The protocol makes use of aggregated transactions to prevent the linking of native transaction inputs and outputs.
Additionally, the MW transaction format is substantially different from Bitcoin-like cryptocurrencies, as it allows multiple transactions to be aggregated into a single larger transaction.
This aggregation process is “lossy,” which essentially means that the protocol hides the size of asset transfers taking place between the involved parties, thus improving the overall scalability of the network. The process of mining blocks with Mimblewimble aggregates all of the associated transactions into a single block, thereby making it difficult for bad actors or any third-party entities to link inputs and outputs when viewing the chain on a historical basis.
Are Bogatyy’s Assertions Valid?
With so many conflicting details currently floating around on the internet regarding the recent Mimblewimble security lapse, Cointelegraph reached out to Jake Yocom-Piatt, co-founder and project lead for Decred, a community-driven digital currency that uses a hybrid proof-of-work and proof-of-stake consensus model. When asked to comment on Bogatyy’s claims and whether he was right or not with his assertions, Yocom-Piatt pointed out:
“Despite an aggressive response from Daniel Lehnberg from Grin, I am of the opinion that Ivan’s attack is valid. The attack links inputs and outputs to most MW transactions, and it achieves this by monitoring the Grin network, where it can log transactions prior to their being aggregated either over Dandelion or in a block.”
He then added that a few months back, he had published an article in which he too had highlighted the exact same weakness that Bogatyy was able to exploit — that is, once Grin’s native blocks have been mined, participating miners and affiliated nodes have the ability to monitor individual transactions that have been published before they are aggregated.
This basically allows a third-party entity (who may be closely monitoring the transactions being published on the network) to potentially make use of the data in order to link transactions that would otherwise not be possible by looking at the information related to other mined blocks. Yocom-Piatt then added:
“Ivan executes exactly the attack I described. While Daniel takes exception to Ivan’s post for various technical reasons related to terminology, the linking of inputs and outputs is hard to argue against.”
Is Lehnberg’s Recent Blog Post Just Damage Control?
Many crypto enthusiasts firmly believe that Lehnberg’s recent post is a defense tactic. With enough technical know-how, hackers or other third-party entities could easily retrieve a huge volume of the input/output data about the majority of the involved entities, as long as MW-based native transactions can be reliably surveyed before they are aggregated.
With that being said, Ethan Fast — a co-founder of security-oriented crypto exchange Nash — is of the opinion that Bogatyy’s findings are incorrect because of his flawed understanding of how the Mimblewimble protocol works. On the subject, Fast told Cointelegraph:
“He [Bogatyy] is able to demonstrate that an adversary can construct a transaction graph on the network, in the sense that input A became output B. But because of how the protocol works, this is not like identifying an output address on Bitcoin. Just knowing A=>B does not imply you know who received the funds in any useful sense. So my interpretation is that what Ivan found was already publicly known and he mischaracterized its implications in the article he published.”
Fast then pointed out that a big part of the misunderstanding seems to have stemmed from the confusion surrounding what an “address” within the Grin ecosystem actually represents. To further solidify his stance, Fast highlighted to Cointelegraph a number of other instances where similar issues over Grin’s native operational framework came to light. He further added:
“Grin does not have anything like Bitcoin addresses. In fact, every time you want to send someone an asset, you need to interact with them in a live computation, working together to create a transaction. Given this fact, my understanding is that being able to construct a transaction graph on Grin is not a major security issue, as transactions don’t have anything like public addresses that tie them together.”
The Conversation Continues
Despite Grin’s reputation being called into question after the allegations put forth by Bogatyy started to gain widespread attention on the internet over the last week, the platform’s core backers (as well as community members) have continued to claim that the assertions put forth by Bogatyy are inherently wrong and that there are many factual inaccuracies — six, to be exact — in his findings.
Also, it is quite obvious that due to this entire episode, Grin’s financial value has taken quite a beating. The currency has dropped from $1.52 to just under $1 over the space of the past seven days.
New Bitcoin Wallet Hides Addresses To Solve ‘Terrible’ User Experience
A new wallet aims to broaden the adoption of Bitcoin (BTC) and cryptocurrencies but making their addresses easier to remember.
The service, dubbed Easypaysy, is the product of Spanish developer José Femenías Cañuelo and launched on Dec. 1.
Dev: BTC Addresses “Not For Humans”
Cañuelo was irked by the complex nature of Bitcoin addresses, which are random collections of letters and numbers that are all but impossible to memorize.
In the official introduction to Easypaysy, he described Bitcoin’s user experience, or UX, as “terrible.”
“Bitcoin addresses are really not meant for humans. Nobody should be forced to make or receive payments to a crypto-address, much as nobody expects you to navigate the world wide web just by using IP addresses,” the description reads.
The wallet service works by offering three formats of so-called Bitcoin “accounts” for users. These are designed to be more user-friendly identifiers, to which others can send cryptocurrency funds instead of using actual BTC addresses.
Behind the mask, funds are delivered to BTC addresses as in a regular transaction, Cañuelo promising that no address is used more than once.
Security Trumps Familiarity
Various services have offered similar solutions over the years, including BitcoinWallet.com in 2014 and Ethereum Name Service for Ether (ETH) payments last year.
Nonetheless, commentators appeared taken by Easypaysy with well-known Bitcoin educator and developer Jimmy Song describing the concept as “interesting.”
“I haven’t thought through the downsides, but allows for much easier-to-remember IDs than addresses that we use today. From a UI perspective, big win as it’s easy to remember and print on business cards,” he summarized in a tweet following the launch.
As Cointelegraph reported, wallet security currently forms something of a thornier issue than ease of address sharing. With large numbers of Bitcoin users still trusting third parties to store their funds, a dedicated effort is underway to highlight the risk of not controlling one’s own private keys.
Coin Mixer’s Record-Breaking Month Proves Bitcoin Users Want Anonymity
Volume for Samourai Wallet’s non-custodial Bitcoin mixer, Whirlpool, tripled last month, with the service processing more than $10 million worth of Bitcoin (BTC).
According to data published to Twitter by Whirlpoolstats’ Matt Odell, March activity comprised 40% of the then-total volume produced by Whirlpool since its launch in May 2019.
Whirlpool Mixer Sees Record Activity
Samourai Wallet’s Whirlpool has seen a notable increase in user activity during 2020 so far.
While Whirlpool saw a retraction in user activity at the end of 2019 after posting a record of 303.55 BTC in volume during October, each month of Q1 2020 set consecutive records for the number of Bitcoin’s mixed on the platform.
In January, a new record of 356.65 BTC was set, followed by 529.05 BTC in trade during February, and 1,523.45 BTC in March.
April appears on-course to set yet another record for the service — with 1,020.80 BTC or 67% of March’s total having been mixed just 11 days into the month.
Whirlpool Targets Mobile Users
Upon launch, Whirlpool claimed to comprise the first mobile-first Bitcoin mixing service.
The service uses CoinJoin to shuffle UTXO’s and mitigate any deterministic links between them. According to Samourai, each mixing cycle can be interpreted 1,496 different ways, with further cycles increasing interpretations exponentially.
User funds are grouped into pools of 0.01 BTC, 0.05 BTC, and 0.5 BTC when mixed. The 0.05 BTC and the 0.5 BTC pools have generally oscillated between comprising the largest pool by monthly volume.
Users Turn To Coinjoin Services Amid Tightening KYC
The increase in Whirlpool volume comes amid tightening regulations from governments seeking to comply with Financial Action Task Force (FATF) recommendations and enhanced anti-money laundering requirements on regulated centralized exchanges.
In December 2019, crypto exchange Binance Singapore reportedly froze a customer’s funds amid an investigation into a transaction that had been mixed using Wasabi wallet’s CoinJoin service.
A Binance representative told Cointelegraph that its Singaporean exchange “does not tolerate any transactions directly and indirectly associated with gambling, P2P, and especially darknet/mixer sites.”
In February 2020, Ohio local Larry Harmon was arrested for allegedly operating the darknet Bitcoin mixing service Helix from 2014 until 2017. IRS Criminal Investigation head, Don Fort, stated that “the sole purpose of Harmon’s operation was to conceal criminal transactions from law enforcement on the Darknet.”
EU’s Europol: Bitcoin Privacy Wasabi Wallet ‘Not Looking Good’ For Law Enforcement
Europol, the European Union’s law enforcement agency, has its eyes on the popular bitcoin privacy tool Wasabi Wallet, documents verified by CoinDesk show.
Marked for “law enforcement only,” a two-part report by Europol’s European Cybercrime Centre (EC3) analyzed the privacy tool’s impact on using the Bitcoin blockchain to investigate crimes.
“Things are not looking good” for law enforcement thanks to this relatively new software, the EC3 warned, citing data from leading blockchain analysis company Chainalysis estimating how much money is filtering through Wasabi for criminal purposes.
“According to [Chainalysis], over the last three weeks, BTC in the amount of nearly 50 million USD were deposited into Wasabi with almost 30% coming from dark web markets,” says the first part of the report, circulated to law enforcement members in April. “This is a significant amount, relatively speaking, given the dark web transactions are estimated to have only 1% share of total transactions.”
Europol’s observations highlight a long-simmering tension between governments around the globe and Bitcoin privacy advocates. The blockchain is transparent, making it a useful tool for the former to thumb through accounts and transactions to track down criminals.
Privacy advocates, on the other hand, want to make bitcoin transactions harder to trace, partly so that more people will want to use the payment system, but also as a matter of principle.
EC3 is in the business of “combating crime in a digital age” – often online financial crimes. Its report mostly just outlines what Wasabi is: A wallet that tries to get around Bitcoin’s radical transparency, giving users more privacy by scrambling transactions together and confusing the trail. The second part of the intelligence briefing, published in May, dives into how a law enforcement officer can try to detect Wasabi transactions on the blockchain, and how to use the wallet to make a transaction.
The report was leaked on Telegram recently, and Europol’s press department confirmed its authenticity.
It was written “only for a law enforcement audience,” Europol’s press department told CoinDesk, adding that “the report does not contain any operational information.” Still, it offers a peek into the law enforcement agency’s thinking. “How popular is the service?” the guide reads, answering: “Clearly popular enough to spark our interest.”
It asks whether law enforcement can “demix” these transactions, answering that “realistically speaking, in most cases the answer is negative,” though if a user messes up, there are ways to do it.
zkSnacks, the company behind the Wasabi wallet, did not respond to a request for comment by press time. A six-figure equity investment last year by publicly traded Canadian firm Cypherpunk Holdings valued zkSnacks at $7.5 million.
Expert Weighs In On Wasabi’s Response To Wallet Security Issues
Mario Havel of Paralelni Polis said Samourai’s allegations are correct.
Although the privacy-focused Bitcoin (BTC) wallet Wasabi Wallet recently dismissed allegations that its anonymity features may be compromised, a third-party expert disagrees.
In an August 19 blog post, Wasabi competitor Samourai claimed to have “discovered two potential privacy vulnerabilities in the Wasabi Wallet software.” Per the announcement, the company also found numerous issues with the anonymity of Wasabi Wallet’s CoinJoin Bitcoin mixer.
Mário Havel, co-founder of crypto-and-privacy non-profit Paralelni Polis, said that Samourai’s allegations seem credible and can be verified in Wasabi’s code. He explained:
“Disclosed vulnerabilities […] are not affecting the security of the wallet. [Instead they] affect only [the anonymity in] some CoinJoin scenarios in which the user is mixing more [unspent transaction outputs].”
Wasabi lead developer Adam Ficsor explained that the issue raised by Samourai is the lack of randomness in unspent transaction output, or UTXO, selection when performing CoinJoin mixing. He claimed that this does not impact anonymity, since only the users themselves know all the UTXOs in their wallet.
Havel pointed out that Wasabi users who use its CoinJoin feature should always know how to manage their UTXOs in a way that preserves anonymity:
“Doing privacy correctly, especially with tools like coin control requires some learning and attention. In this case, the user has to be aware of possible attack scenarios and avoid them by managing UTXOs correctly.”
Wasabi’s Ficsor also said that Samourai has “claimed to ‘deanonymize’ Wasabi numerous times in the past.” This statement is in line with July 2019 reports in which Samourai first raised concerns over Wasabi’s CoinJoin implementation. Ficsor said that “the community knows their claims are inflated.” Mário Havel disagrees:
“There were many clashes in the past, more or less reasonable, but generally Samourai research does a good and interesting job for the privacy ecosystem of Bitcoin. Most of the claims against Wasabi are based around [the aforementioned problem, which is that] it requires some knowledge to use it properly privately.”
Havel does admit, however, that “Samourai and Wasabi are competition” and that both capitalize on their users’ CoinJoin fees. Both companies also benefit from damaging the reputation of their competition. He concluded:
“Personally, I use both wallets since both have different features and perks. […] Both are great wallets even without the CoinJoin feature and it is only up to the user how he uses it and what features of the wallet he needs.”
Wasabi Wallet Is Revamping Its CoinJoin Design To Allow Bitcoin Mixing With Differing Values
Privacy-focused Bitcoin software wallet Wasabi is getting a major protocol overhaul.
The Wasabi team is working on a new protocol design, dubbed WabiSabi, in a bid to improve the user experience and privacy guarantees of the wallet’s CoinJoin transactions. The major design change would allow users to coinjoin with different values than their peers, a first for the privacy-minded technology that could lead to new (and more flexible) use cases.
Wasabi has been conceptualizing the design in a research group since the beginning of 2020 and has hired team members to work on the implementation.
Out With The Old
Currently, Wasabi’s CoinJoin – a mixing protocol that, when used correctly, can obscure a bitcoin’s transaction history – relies on the ZeroLink protocol and blind signatures for mixing.
Under this scheme, users must spend a like amount of bitcoin with other users in a mixing pool for the CoinJoin to work successfully; these like amounts are shuffled together in a pool, after which each user receives the same amount of bitcoin back in a way that doesn’t reveal their original input.
For this to work effectively, each user in a CoinJoin transaction must all input the same amount of bitcoin to the pool (e.g., 0.1, 0.01, etc) or the transaction could be easily deanonymized by blockchain surveillance.
This current scheme also gives the CoinJoin’s coordinator a spyglass into a user’s information. Wasabi contractor and contributor Max Hillebrand told CoinDesk that a coordinator theoretically “could link the input to the change output, and could link multiple inputs to the same user.”
WabiSabi won’t disintermediate this coordinator role, seeing as it is necessary to make the protocol as frictionless and low-latency as possible. But the new design, according to Wasabi’s team, will keep the coordinator from tracing inputs to ensure “as few privacy leaks as reasonable,” Hillebrand said.
In With The New
The new protocol is a technical casserole that combines Pedersen commitments and keyed-verification anonymous credentials (KVAC), a feature used for group messaging on the encrypted chat app Signal.
If WabiSabi works in practice as it does in theory, then users will be able to spend any amount, irrespective of the value spent by their peers – an improvement over the current design that demands each input equals each other input in the pool.
Wasabi co-founder and lead researcher Adam Ficsor told CoinDesk this new design could unlock new CoinJoin use cases, like “CoinSwapping with CoinJoins and open lightning channels with CoinJoins.”
Hillebrand continued to highlight that this implementation will not be limited to self-spends, where users can only send a CoinJoin transaction to themselves, like under the current model. Rather, WabiSabi would allow them to send a CoinJoin transaction to another user as well. This process would operate in the background if it runs the way Wasabi envisions it, opening up the possibility to make “every spend a CoinJoin.”
“The [old] Zero Link CoinJoins are mainly a self-spend, so the same user owns the input and the output. It’s not a payment; it’s like you are shuffling the bitcoin from your left pocket to your right pocket. This increases blockspace usage and thus incurs more expensive mining fees for the sender and verification cost for all Bitcoin full node users.”
‘Testing, Testing, Testing’
Of course, the protocol’s development is still in its early stages, and Wasabi lead developer Lucas Ontivero told CoinDesk the white paper, which was unveiled to the cryptographic mailing list in mid-June, is “still being peer reviewed.”
The challenge now is structuring the actual transaction design, which is a different technical feat from designing the protocol itself. As Hillebrand explained, the WabiSabi protocol design sets the parameters for data transmission between end users and coordinators, while the transaction structure of inputs and outputs is a different problem entirely.
This “transaction structure is not 100% ready,” Wasabi cryptographer István András Seres told CoinDesk over email. He added that “it is a huge design [requirement]” and that the team will want a “proper audit” before feeling comfortable releasing it to the public.
So a working WabiSabi implementation may be some time away, though the next step in development is creating a transaction scheme that retains the privacy promises of the underlying protocol. The team did not make any promises about when the tech could be ready, as “there are many open research questions and unknowns,” Hillebrand said.
As independent Bitcoin privacy researcher Yuval Kogman put it, the next, challenging step is “going from theory to practice” in a way that keeps the protocol as user friendly as possible to maximize its adoption.
“On the cryptography side, the theory is well developed and understood. Anonymous credentials as a concept go a long way back and are fairly straightforward to apply…a big part of the challenge is UI/UX [user interface/user experience], and in order to take full advantage of the credential scheme and the transaction structure, we will have to find some creative solutions,” he said, adding that the team has “already come up with some pretty promising and interesting ideas.”
Wasabi Wallet Patches Flaw That Could Have Thwarted Bitcoin Privacy Feature
Wasabi Wallet users need to upgrade to the latest version if they want to continue using the CoinJoin feature to keep their Bitcoin transaction histories private.
That’s because those running older iterations of the wallet can no longer use this feature to mix their coins with users who have the newest version.
The Wasabi Wallet team hard-forked the wallet Thursday to address a vulnerability discovered by a team member at Trezor, a leading maker of hardware wallets. A hard fork is a code change that makes older versions of a software incompatible with newer ones.
The flaw’s discovery is another example of the open-source community’s camaraderie and cooperation. Developers are constantly tinkering to improve their peers’ software, and many vulnerabilities have been responsibly disclosed during these processes to patch flaws before they can be exploited by bad actors. (Sometimes, however, the disclosures by rival teams are less-than-cordial, as evidenced by the long-running tensions between Wasabi and rival Samourai Wallet.)
According to a Wasabi Wallet blog post, Trezor hardware wallet developer Ondřej Vejpustek responsibly disclosed the potential denial-of-service (DoS) attack to the Wasabi team on May 10 (a DoS attack entails an attacker spamming a network or protocol with the hopes of stymying its operations, hence “denial of service”).
“Vejpustek has been very cooperative since the beginning and left us total freedom on how to manage the disclosure, both in terms of time and communication. This demonstrates the importance of proper communication between security researchers and dev teams. This is how a responsible disclosure should be,” Wasabi Wallet contributor and marketing strategist Riccardo Masutti told CoinDesk, adding that Vejpustek was paid a bitcoin bounty for his efforts.
This hypothetical DoS attack, which Wasabi Wallet assumes has never been carried out, would have interfered with the wallet’s implementation of CoinJoin, a privacy protocol that allows users to mix their bitcoin with others’ to obscure the coins’ transaction histories.
Wasabi Wallet’s CoinJoin implementation requires each participant to take out as much as they put in. If, for instance, 10 participants join a mix for 0.1 BTC, then each user must send exactly that amount (plus a miner fee) and must receive that exact amount for the mix to be successful and to retain CoinJoin’s privacy protections. Mixing coins makes it harder for blockchain snoops and nosy parkers to pin bitcoin transactions to known addresses and their owners’ identities.
The disclosed DoS vulnerability would have halted the mixing process. The attacker would register bitcoin for a mix without that bitcoin being signed (verified) by the mix’s coordinator, while at the same time submitting a real, verified transaction to the mix.
The result would be an incongruity between the total value of inputs made to the CoinJoin and the value of expected outputs. As a result, the coordinator would unwittingly “build a transaction that can’t be valid, since the sum of all inputs is less than the sum of all outputs,” according to Vejpustek’s analysis.
If the attack were pulled off, it would foil the CoinJoin, though it would not have given the attacker the ability to steal any coins nor could they deanonymize any peers in the mix.
Wasabi Wallet patched the fix with the hard fork deployed Thursday. This upgrade was applied to v.1.1.12 of the wallet, which was released on Aug. 5.
Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,Ultimate Resource On Wasabi,