Yet another tool is added to the growing number of Bitcoin privacy solutions.
Thinking of a brainstorming event in which Bitcoin developers and privacy researchers participated last summer, Pay to Endpoint (P2EP) is a relatively new trick that uses CoinJoin's well known mixing technique to make blockchain analysis. much more difficult. An early version of it, called "Bustapay", has been quickly implemented by the independent Bitcoin developer Ryan Havar and is being tested right now. Meanwhile, Samourai Wallet focused on privacy and Adam Gibson, developer of JoinMarket, are working on two P2EP projects, which are approaching distribution.
"Privacy is essential for Bitcoin," said Havar Bitcoin Magazine. "Ideally we want to ruin [blockchain] so badly analyzed, that they can not even make it. "
To understand the P2EP, let's first recapitulate which CoinJoin transactions are and why they are (and are not) useful.
Many normal Bitcoin transactions send coins from different addresses (inputs) because the sender's addresses do not individually contain enough coins needed for payment. This is very useful for blockchain lights, since it usually means that all inputs in a transaction belong to the same entity. It allows clustering of addresses.
But by combining several transactions in one big transaction, CoinJoin – a privacy solution proposed for the first time by Bitcoin's contributor Core Gregory Maxwell – has the potential to break this hypothesis. If multiple senders cooperate to create a single transaction that sends coins from all their inputs to the different receiving addresses (outputs) they are paying, the blockchain lights would be wrong to assume that all inputs belong to the same entity. As such, they can not simply hire it, even if it is a regular transaction. This would make the clustering of addresses, and therefore the blockchain analysis, significantly more difficult.
However, CoinJoin also has its limits. If all CoinJoin participants do not use the same amount, it is easy to think together about which inputs they are paying for as output. As such, it does not actually prevent address clustering.
CoinJoin is still useful for mixing, which can easily be done with equal quantities. Users do not pay other users, but rather themselves. This is effective for breaking the trail of coins, but gives away that a mixing session has taken place.
"While erasing your story, it's not as useful as people imagine," Havar argued. "Your coins are obviously and intentionally flushed in. This makes it problematic to use, try depositing your post-mixed coins in an exchange, for example, and watch when they lock your account and ask you a lot of questions."
The potential of CoinJoin to break the assumptions used for address clustering had not yet been realized. But it may be about to change.
P2EP is a relatively new idea, proposed for the first time by a brainstorming event for Bitcoin developers and privacy researchers last summer, which published the idea in several blogs. Acts skillfully on the "equal amount" limitation of CoinJoin, opening the possibility of using CoinJoin for regular payments, not just mixing in a specific way.
The central concept behind P2EP is simple but effective: the receiving party in a payment takes part in CoinJoin. If Alice pays Bob, Bob takes part in CoinJoin's Alice transaction, so he gets paid back.
Suppose, for example, that Alice wants to send Bob 1.2 BTC. You can send it from two inputs: one containing 1 BTC and one containing 0.5 BTC. This is equivalent to 1.5 BTC, which means that it also sends 0.3 BTC to itself as a change in the same transaction.
With P2EP, Bob adds his own input into the mix: let's say it contains 0.9 BTC. As such, the transaction now has three inputs with a value of 1, 0.9 and 0.5 BTC, for a total of 2.4 BTC. The transaction also has two reception addresses, which is 2.1 and 0.3 BTC. The 0.3 BTC is still the same change that goes back to Alice, while the 2.1 BTC really consists of the original payment of 1.2, plus the 0.9 that Bob is sending. While the transaction has some filling, Alice still paid only a total of 1.2 BTC to Bob.
It is important to underline that not all the inputs in this transaction belong to Alice, and it is no longer obvious that a CoinJoin has occurred: there are no corresponding amounts of "sending" and "receiving" to link the addresses together.
"The chain structure of a P2EP payment is exactly like a normal transaction, so in some places the spies know that their analysis is corrupt, but they do not know exactly how." Ideally, we want to ruin the analysis so badly that they can not even do it, "said Havar.
Havar is the previous owner of Bustabit, an online gaming game, and has a lot of experience in the Bitcoin casino space in general. This is the way it has had a firsthand glimpse of the problems related to privacy and fungibility of Bitcoin: several exchanges of coins in the blacklist associated with gambling sites.
"As a casino operator, you want to help protect the privacy of your players," explained Havar. "So I implemented a lot of privacy-oriented features, but every time I was surprised how ineffective Bitcoin really provides much more information than you expect."
Havar sold Bustabit at the start of this year and became interested in P2EP when he read it last summer. He started working and announced the implementation of Bustapay at the end of August 2018: a basic version of P2EP.
While keeping intentionally simple, Havar believes he has improved the initial proposals of P2EP in particular when it comes to preventing the refusal of service (where someone indicates the intention to make a payment but does not) and privacy (the spies they can use the trick trick of service to know which addresses belong to the payee). In both cases, the Havar solution allows the payee to request a regular payment if the payer pays on the P2EP payment. This makes expensive attacks – perhaps too expensive to be useful.
Havar hopes that the implementation will be adopted by portfolios and services, but has noted that so far the interests have been limited.
"I tried to reach most portfolios – but there is a lot of apathy," Havar said, realizing that Bustapay suffers from a "chicken and egg" problem. "For any wallet developer, is there a million things to do and who wants to implement a protocol that no one supports? In the meantime, when I talk to several big bitcoin businesses, no one wants to implement a protocol that no wallet supports ".
However, a service has now implemented Bustapay: Bustabit, the casino game that Havar owned and which he himself believes could also be the biggest on the Internet. To keep things going, Havar launched an appeal for the testers and even offered a small reward last week, while even wallet developers should get a piece of a five-year "CoinJoin fund".
With these tests, Havar hopes to know how effective the implementation is.
"Someone with access to Chainalysis is giving me information about its effectiveness," he said Bitcoin Magazine, "So I can see how it works and how confusing it is."
Stowaway and Payjoin
It turns out that Bustapay is not the only P2EP project.
Inspired by a very previous idea of Maxwell to stop blockchain analysis, Samourai Wallet focused on privacy revealed in September he also worked on a P2EP solution. Based on the guidelines of the LaurentMT data analyst, the portfolio had started working on the solution even before the summer's brainstorming event and was running private tests from. Nicknamed "Stowaway", the function will enter a public testnet phase in a few weeks.
However, the implementation of Samourai Wallet has a major difference compared to the implementation of Havar and will therefore be incompatible.
"I am happy to see Bustapay go on, but I am personally a little discouraged by the lack of" permissions ": it grants anyone the right to obtain information about part of my UTXO [Bitcoin address] set, "Samouraidev, pseudonym Samourai Wallet developer" told Bitcoin Magazine.
Stowaway, therefore, will only work between users of Samourai Wallet who have indicated through the application to have a relationship of mutual trust.
"Users must" follow "one another and, in addition to that, provide that additional" permission "to allow the display of their UTXO set," said Samouraidev. "For example, I could have a basic two-way relationship with my employer to be received [a] salary, but I do not want my employer to solicit me for expenses of collaboration, which could expose my UTXO to him ".
And only a couple of days ago a third P2EP project was revealed. Privacy-focused Bitcoin developer Adam Gibson is implementing a "Payjoin" solution for another CoinJoin-based privacy project: JoinMarket.
Like Stowaway, Payjoin is specifically designed to be used among users' portfolios. Where Bustapay has been developed with online retailers in mind and is available to anyone wishing to make a payment, Payjoin will only be used when two users specifically choose to do so.
"With Payjoin you're not passively waiting for arbitrary people to ping your server, so you do not have to worry about snooping attacks," Gibson said. "We exchange payment details and end up with a transaction that looks like a normal payment."
Having participated in the brainstorming session in which the P2EP was formalized, Gibson was aware of the solution for some time; in August, he was even among the first to publicly explain it in a podcast. But he said he only recently realized the full potential benefit of makeup. In addition to privacy, P2EP also positively affects Bitcoin's UTXO set, since unspent coins end up with fewer addresses.
Gibson, therefore, started working on PayJoin about a week ago and said that implementing it is relatively simple, as the JoinMarket wallets already communicate with each other. He thinks he can have a functioning implementation ready to be integrated into JoinMarket within a few weeks.
"Initially I rejected this idea as if I did not have enough use," he said. "This is, of course, probably still true, but the main reason why I decided to dedicate some time to it in JoinMarket is that everything is ready for this: anonymized Tor connections between counterparts, encrypted messaging, etc. So even if almost no one uses it, it acts as a showcase for other wallets and Bitcoin systems to allow them to think about it. "
Photo by Patrick Fore on Unsplash