The following is a guest post from Shane Neagle, Editor In Chief from The Tokenist.
In the digital age, financial privacy has become a pressing issue because surveillance is ingrained in all electronic transactions. Each one generates bits that can be aggregated, stored, revisited, abused, funneled and manipulated. Theoretically, 4th and 5th amendments of the U.S. Constitution provide a bulwark against 3rd party transaction interception.
But a rule written on a piece of paper is only as relevant as there is will to interpret it or enforce it. A more robust solution must come from a hard technological source. Alongside fixed scarcity to 21 million BTC, the underlying draw of Bitcoin is that its network makes transactions inviolable.
Bitcoin mainnet achieves this through escalating confirmations. The first confirmation means that a transaction is included in the blockchain’s block. All subsequent blocks added embed the transaction further into the chain. By the sixth confirmation, a would-be attacker would have to mine 6 consecutive blocks faster than the rest of the Bitcoin mainnet combined.
At this point in time, the energy expenditure (hashrate) necessary for such a feat makes this virtually impossible. This is also the reason why Bitcoin’s proof-of-work is so integral to the underlying value of Bitcoin vs proof-of-stake that is so pushed by Greenpeace.
The rule of 6 confirmations therefore became the de facto standard among developers, miners and exchanges. After that 6th confirmation threshold, a BTC transfer is deemed as “final settlement”, or irreversible.
But is a transaction genuinely irreversible if it is not private, therefore vulnerable to seizure by either governments or criminals? First, let’s examine what Bitcoin settlement entails.
Understanding Final Settlement in Bitcoin
Satoshi Nakamoto’s peer-to-peer money transfer system revolves around proof-of-work. Truly revolutionary, it makes it possible for a payment system to work by itself. In other words, to be trusted because it is trustless. From initiating a transaction to making the transaction irreversible, the final settlement process follows multiple steps:
When a user initiates a BTC transaction, it is broadcasted to the Bitcoin network (mainnet) and added in the mempool.Bitcoin miners constitute the network, as they form a new block containing mempool transactions. Each such block references a prior block, forming a blockchain, and a nonce (number used once) as a 32-bit random number.Nonce is the critical proof-of-work element as it alters the input to the cryptographic hash function. Because the latter is deterministic, by having a variable nonce, the output hash is changed.This randomness creates a process of trial and error by which miners have to find a valid hash to add a new block to the chain and receive their compensation. The difficulty imposed by randomness exerts energy consumption, ensuring that miners did the work (proof-of-work). Other Bitcoin mainnet nodes then verify the validity of the block that included all the transactions.
As a matter of historical practice and analysis, the 6-block confirmation rule additionally secures the finality of those transactions. Due to network latency, it is possible for another miner to simultaneously find a valid block. In such a scenario of divergence, two blockchain states exist, so the longer chain is recognized by the network as valid, while the competing chain (orphan) is disregarded.
This also impedes malicious actors from reorganizing the chain in order to reverse transactions. By how much?
According to the “Practical Settlement Bounds for Proof-of-Work Blockchains” paper by Gaži, Ren and Russell, a 6-block confirmation yields 0.48% settlement error guarantee, while assuming 10 second network latency (delay) and 10% adversarial computation power of the network.
While that percentage is exceedingly low under such harsh conditions, it is still not zero, which implies that settlement “finality” is still probabilistic. Rather, it is statistically improbable. And if that is the case, how should Bitcoin settlement be treated?
In his paper “Probabilistic Settlement Finality in Proof-of-Work Blockchains: Legal Considerations”, Hossein Nabilou at Amsterdam Law School argues that operational finality should be differentiated from legal finality.
But because “institutional mechanisms to deal with the remaining risks of settlement finality require a certain level of centralization in the PoW blockchains”, the solution would have to come from “market-driven mechanisms”. At the time in 2022, the author was pessimistic about their emergence.
The Privacy Gap in Bitcoin Transactions
Despite the aforementioned cryptographic hash function, and pioneering the very concept of “cryptocurrency”, the crypto part of Bitcoin relates to transaction integrity rather than privacy. Cryptographic hash function, combined with a nonce, makes it extremely difficult to tamper with Bitcoin settlements as it prevents double-spending attempts.
This cryptographic security is also critical to the infrastructure behind bitcoin payment processing services, which rely on the immutability of the Bitcoin network to ensure secure and accurate transaction settlements.
But by the nature of a self-contained network, Bitcoin incidentally offers pseudo anonymity. That level of privacy is instantly breached once an identity is attached to a Bitcoin address, leaving behind a digital trail. This is what eventually led to the arrest of Ilya Lichtenstein and Heather Morgan, responsible for the Bitfinex exchange hack in 2016, worth around $4.5 billion in BTC.
“In a futile effort to maintain digital anonymity, the defendants laundered stolen funds through a labyrinth of cryptocurrency transactions.”
From this perspective, Bitcoin’s cryptographic hash should be understood as a digital signature (ECDSA) to verify authenticity, as all the transactions are visible on the public blockchain. Notwithstanding if financial privacy is constitutional or natural right, does that mean that Bitcoin cannot supply it?
What if one finds themselves in a tyrannical country and P2P Bitcoin transfer is the only means of receiving funds? Or more commonly, what if one simply views their personal wealth as something that is not appropriate for public consumption?
If a link between one’s Bitcoin possession and identity is established, it is not difficult to see how that would open the doors wide open to violent robberies or kidnapping by criminals.
Rightfully, Bitcoin holders view this lack of privacy as a massive liability. Fortunately, viable solutions to enforce Bitcoin’s privacy are on the horizon.
Enhancing Privacy: Technologies and Challenges
Beyond taking care to never link identity to Bitcoin address, or re-using a single address for multiple payments, how can a public blockchain provide financial privacy?
The first answer is to upgrade Bitcoin core. This already happened when the Taproot upgrade was activated in November 2021, at block height 709,632.
As a soft fork, Taproot had large support among miners, so it was not as controversial as SegWith in 2017, which resulted in the hard fork of Bitcoin Cash. Taproot can mask multi-signature transactions, which prior to the upgrade were distinguishable from common single-signature ones.
Taproot’s Schnorr signature aggregation combines multiple signatures into a single one, making it difficult to determine all the parties involved with the transaction. This also reduces precious blockchain data, removing the bloat and removing data to analyze at the same time.
Moreover, Taproot introduced MAST (Merklized Abstract Syntax Tree), allowing for more complex transactions with conditions:
John receives 5 BTC from Allen if house renovation work is completed within 3 days.But John doesn’t have access to the entire 5 BTC, but only to 3 BTC as mutual understanding.If 3 BTC are spent on renovation, but the work is not completed on time, Allen gets back his 2 BTC.
Such timelocked conditionals are made possible with Taproot’s MAST. Just like Schnorr, MAST reduced the size of this information via hash, therefore reducing the size of traceable information. If certain conditions are not met, including other parties required for signatures, this information would never be revealed.
It is easy to see how MAST could be used in betting markets, day trading powered by AI, wherein only the executed conditions are revealed on the blockchain, thus hiding bettor strategies and intentions. Similarly, MAST could be used to automate payments without intermediaries.
Beyond the Taproot upgrade, Lightning Network is the most popular layer 2 scaling solution for Bitcoin. LN’s main purpose is to make BTC transfers at negligible fees by batching transactions off-chain, reducing payment data visible on the Bitcoin mainnet.
This could be further amplified if LN’s payment channel is done through onion routing. Unfortunately, this kind of approach is too complex for the average user, on top of the slowdown of settlements due to added network latency. In turn, this would add another uncertainty to settlement finality.
A more attractive solution to enhance Bitcoin privacy comes from Silent Payments, as a potential Bitcoin Core upgrade.
Presently under Bitcoin Improvement Proposal (BIP) 0352, Silent Payments protocol blends BTC transactions, so they can’t be distinguished. It works by a receiver having a unique one-time static address (reusable payment code or “stealth address”), generated when the sender’s wallet combines three keys.
This way, no payments would be ever linked to the same sender and transactions are unlinkable to this static address. For on-chain observers, the use of Silent Payments would not be visible or who owns the address. More importantly, the Silent Payments protocol does add data burden to existing Bitcoin protocol, making it scalable.
Contrasted to similar privacy-oriented PayNyms (BIP47), BIP352 doesn’t require users to send fee-burdened two transactions (the first must come as notification) for a single payment. Likewise, BIP352 would not broadcast which wallets linked to a reusable payment code, while BIP47 would only obscure it.
The Path to True Final Settlement
Privacy coins like Monero (XMR) have largely dropped off the public spotlight. Once the EU proposed and enacted MiCA, it didn’t take other countries to follow suit, including Dubai. Likewise, major exchanges delisted privacy coins, from Kraken and Huobi to Binance and OKX.
In turn, users no longer have access to fiat off/on ramps, while also unable to use privacy coins in stores. This is an important lesson. Although governments cannot technically ban cryptocurrencies, they can do so quite effectively by deplatforming.
Based on these moves, it is clear that many governments view financial privacy as something outside natural human rights. Bitcoin is exempt from this because its proof-of-work network has always been transparent. But now that Bitcoin has been mainstreamed and institutionalized via Bitcoin ETFs, is it time for Bitcoin’s true final settlement – upgrading Bitcoin Core privacy beyond Taproot?
This would align with the standard perception of physical cash, as an inherently anonymous asset despite its central banking origin. Five US Senators have already introduced a bill to ban central bank digital currencies (CBDCs), indicating their preference for financial privacy.
At the end of the line, Bitcoin will have to grow to a greater market cap, becoming an indispensable commodity. And when the timing is right, it would be more costlier to deplatform it than it would be to allow its next privacy upgrade to take root.
Mentioned in this article