So welcome my challenging the road towards privacy on Bitcoin Bitcoin is
Who wrote Bitcoin is?
That she most eso
well
Bitcoin is we don't even know yes welcome
Well and they and one behind the mask yes
Guys enjoy and we are missing one chair on stage. It's Friday. It's the last day
You know things just don't go. Why not? Yeah, just to expose a little bit more
Hola que tal
Os habla Lunatic coin y es un placer
Estar aquÆ̠con estos monstruos
Con estos monstruos ah from the way you work somebody will do biometric
I am like 25 percent dogs. I would guess now. I will try to keep the 75%
So I'm now I'm switching to English of course because none of you speak full Spanish, right?
So we're here to talk about
privacy no and and we know Bitcoin is
pseudonymous peer-to-peer cash, but it's a built on a public
Chain of blocks that you can basically check everything there that has its
good things
but also
But basically when I mean, but it means that you can see everything and you can trace everything
so my first question is
How hard is to be private in different?
Who goes with this one?
All right, what is private unfortunately this
Privacy security. This is not a binary thing and that's why it's so difficult to discuss
Because there are so many variables so many attributes
You are probably never going to achieve perfect security or perfect privacy
It's really the question of how much effort are you willing to put into it?
How much effort do you want it to take for an adversary to break through it?
You want to go with that sure I'd say the first thing there's certainly different definitely look different levels as well
but probably the the first one that
I'm sure Jameson will talk about in his next talk is if you don't have your own
You know keys the privacy is all sort of moot because you don't even have bitcoins to be private in the first place
And so many people who you know, they say, you know, I have Bitcoin
Maybe they have some kind of claim on Bitcoin, but they don't have it themselves
And so any transaction they do is going to be reported by this exchange and stuff
And and even beyond that you say, okay
Well, I'll move it to some kind of web wallet or even Electrum you lose a lot of privacy
so one thing that
You know, I'm trying to work on and many people are trying to work on is to to make it easier and push people to say
Okay, run your own node have your own keys like make you know, that's sort of a
Table stakes like you need to have that to start getting privacy. Mm-hmm
That's that was a very good point Jameson because this is a bit what what kind of privacy are we talking here?
We're talking about traceability know the the how easy is for an observer to to see what you do with your money
And if you connect that with KYC then basically you are exposing all your
economic activity and
I have been experienced these days in El Salvador with
many kind of
shops
some big ones like Starbucks, but others like
regular markets and
And yeah, there is we need to educate a lot. The people don't know what's on chain. People don't know what's off chain
and that makes me think that if we think
Right now in Bitcoin you can achieve a very you can achieve good privacy in for in the traceability aspect
you can do coin joints coin swaps and and if you do coin control and so on you can get away with it, but
My question here is about
Can we really get this kind because this is a very active measures? No, these are active measures
Can we get somehow a passive by default measures?
Inside Bitcoin so that newcomers are not exposing constantly themselves by using Bitcoin
So I'll add something here Linato coin. So certainly it's fair to say that if you don't take any steps
you are doxing quite a lot of information out there, but
perhaps for small value commerce if you're just doing a lightning transaction and depending on who you're trying to be private from as
Jameson was pointing out you are at least not doxing out your entire stack size or doxing out your
earnings if you make a small lightning payment, even if you're using the likes of
Phoenix or moon at least not out to the world. You might be doxing that to async or to moon
So there's little aspects there that you you know
We could say to your point that some of these things are made a little bit more private by default, even if it's not
the the mythical perfect privacy
Yeah, I would say that the problem with privacy by default is that the default is not just technical is also
Socialism also a matter of users habits
For example in Bitcoin the protocol says since the white paper already that you shouldn't reuse addresses
Then again people didn't care because it was just most practical and the trend model was not obvious
A difference between privacy and security in general is that in privacy, especially in privacy is difficult to teach people
What is the worst consequence of their action in the future is the sun is not the present danger is a future danger
So far everything is cool. Everything is fine. I don't I don't I'm not afraid I have nothing to hide
So I so I don't want privacy
But then when you realize that you need it, it's often too late because you already gave it away
So for example in the Bitcoin protocol reusing addresses was deprecated since the day one
But people didn't care and so wallet builders they started to build wallets that were reusing addresses
Or they ignore coinjoin until the few years ago where they started to integrate coinjoin practices
They they they did a fingerprinting on the spending spending modes
They consolidated the heuristics by chain analysis companies because they didn't care
I think that the good thing that we are going to face now with the
Especially layer two technologies is that there are two ways of being private on it
So a system like Bitcoin shares the same challenges of any other computer system
So the typical privacy challenges of network privacy and physical privacy
Plus there is a new exceptional thing
Which is the global consensus that forces every node to download and verify every other transaction by every other node
So the global consensus is very bad for privacy. You have two ways to get around this
Exclusive privacy challenge, which is typical of Bitcoin and not of other system
One way is to basically pollute this global consensus with a lot of more information
So privacy by obfuscation you add a lot of information
For example, you do different hopes. You do a coinjoin
You do cryptographic stuff on the chain level like like confidential transaction
The problem with this approach is that there is a trade-off between privacy and cost
If you if you put more stuff on the global ledger
Then you have to pay more if you do more hopes on chain if you if you put more inputs in a transaction
Or if you use confidential transaction or ring signature you add bigger stuff. So you pay more
So people will probably not be incentivized to do this kind of privacy because if they can can get away with less cost
They will probably choose to optimize the cost and not the privacy while stuff like lighting network
They they can they could in the future mitigate the privacy problem
Not by putting more stuff on chain not by obfuscating but by omitting directly
So you put less stuff on the global ledger
You only touch the global consensus when you really need to and you keep everything else private
So this doesn't mean that lighting network is or any other stuff like that
These are not like silver bullets because there are still all the
Normal network level challenges that you still have and those you bring along some
Some privacy leaks from the on-chain level to the off-chain level
But at least we can we can have two complementary tools
When you when you go on chain you are safer from it from a network privacy level
Because every node will receive the transaction so nobody can triangulate you as a receiver
On the lighting network is easier to triangulate you as a receiver
But but your on-chain privacy is better. Of course, if you stay off chain most of the time
So the second kind of privacy has an advantage
It is that it also save you money or time in most of the cases
So we can hope that people will default to to lightning not because they care for privacy
But because they want to save some bucks
So if we make lighting more private that will just add and also stuff like
In the future maybe cross input signature aggregation
If that saves you 20% of the cost
Maybe people will start to be to choose that and to choose wallets that implement that
Because of the fees not because of the privacy so we can have a good incentive alignment
Yeah, well, it's I think I'm good now the like you said it's about incentives
I think it's also about defaults and the problem and this is true
I think for almost anything technology or internet related in general is the default is almost never for strong privacy
And that's because it is rarely in the interest of the person creating the service or the software to do that
This is corporate surveillance surveillance capitalism
But there are certainly ways that wallets and service developers can improve the privacy of what they're doing
Like you said better mixing software
I would think mixing software would actually need to be just happening as a default in the background with the wallet
People shouldn't even have to know that they're doing mixing
They shouldn't have to know what a UTXO is
Other examples are there's actually a pay join where you can be making a payment and actually be doing a little bit of mixing while you're doing that
Just helping to continually obfuscate the UTXO graph make this transaction analysis more difficult
One thing I'd like to add about the sort of privacy by default
It's even more important because there's the concept of anonymity sets
And some people you know to get true privacy and anonymity you want it to be so that it could be anyone doing this transaction
But many techniques such as coin join or things like that you have a limited anonymity set where you're not sure it's one person
It may be one of ten people or a hundred or even a thousand
But if it's not the default if it's something that people have to actively go out and look for and seek
You have this sort of weird thing where let's say someone is buying marijuana on a darknet market and they think I have something to hide
I want privacy I don't care about cost I really want to have privacy here because I don't want to get caught or deposit at an exchange
And then they close my account or something
So they say I'm going to use coin join but maybe the other five people using coin join with them also said oh yeah I was also buying marijuana on the exchange
And then your anonymity set is these other people who want anonymity
And you actually want your anonymity set to be mostly people who don't care about anonymity
And so that's you want it you want the default because that strengthens anonymity for everyone
And so it's kind of this weird like tragedy of the commons where the people who say I have nothing to hide I don't need privacy
I really argue with them no your privacy is not just yours when you reveal your privacy
And if you publish say I'm going to reuse the same address every day I'm going to say hey this is me this is how much money I have
You're not just hurting your own privacy you're hurting in a small way but real way
Everyone else's privacy right because if if there's only one person with privacy in the entire Bitcoin network they don't have any privacy right
Because they're the last person left and you know exactly what they're doing
So there there is this sort of you know tricky thing where everyone sort of has to work together
And I think the easiest way is to make that the default make that the cheapest make it the easiest way to do it
Was it privacy only goes so far as the cooperation of one's fellows in society
Right and to add to that example it's like let's say you care about your privacy so you delete your Facebook
But you've got family and friends who still post up photos and you're still in some of those photos well what's your chances now right
So that's that's an example but to the point about defaults my hope is that some of the coming technical developments
Things like taproot things like V2 channels where maybe the channel opening and closing could look like a pay join potentially
And ideas like trampoline routing route blinding on the lighting network that might help the defaults so that way without really even thinking about it
That end user with his wallet is just paying without knowing but actually in the background it's doing some of these privacy techniques
That perhaps give some additional level of privacy as a default
And I suspect most of the people in the audience don't even know what these things are that we're talking about and you shouldn't have to
That's the whole point that that's that's the whole thing and that's why for me also is very important that we get to a point that defaults
That people just don't load a wallet and they can be using Bitcoin without exposing because I had this conversation with other peers
All of us all of these good Bitcoiners we started for example buying in Coinbase using KYC and there is a point that you understand what what is everything
And then you change no it would be just great that that people can start in a good way but I know that that's difficult
Something that we listen quite a lot this year and last year even is about Taproot. Taproot just got activated being here in El Salvador
And yeah this has been there was some saying like yeah don't worry when Taproot is activated yeah we will be like full private
We know that's not true but what can we expect to have now with Taproot in the privacy field
Well the first thing is that first of all wallets and tools will have to adopt the new Taproot activated options which will be super challenging and super slow
So since the day of the activation nothing literally nothing happened to Bitcoin privacy or any other Bitcoin characteristic
Then there will be a strange weird paradoxical phase in which tools adopting Taproot style of smart contracts
Will actually be less private than the others just for the reason mentioned by Taj before
If only one wallet is using key path or the top script then these wallets are fingerprinting more than the others
So there will be even just with new Taproot addresses there will be a phase in which when you upgrade and other people don't you are losing anonymity a little bit
This luckily will be overcome again by other kind of incentives because people will also save some money in complex smart contract with Taproot using the top script
So eventually you will have a phase where there will be real privacy
I think that one of the misconceptions that people may have is that Taproot will improve the privacy of every transaction
Actually will mostly improve the privacy of if it is also being used by every other transaction just like Taj said
It will be improving multisig contracts basically and we have a couple of real world uses of that which is lighting channels
So we will have a lighting channels that when they close they look exactly as any other transaction which is very good
And then cold storage multisig schemes so two of three wallets, escrow transactions, stuff like that
They will be as private as single signature transaction
So it's something that we should be excited about in perspective but not something we should be over hyped about in the short term because in the short term nothing will change
You do need to start asking your wallet provider when Taproot because we know from experience that it may take some of them four, five years to implement new technologies
But I would say Taproot is once everyone is using it it's great because everything looks the same
Right now you can look and oh the address starts with a three, maybe it's an exchange or oh this is a one, maybe it's someone's personal wallet
Like even just looking yourself you don't know but you can have some idea but if everyone's using Taproot everything looks the same
You have no idea if it's one signature, many signatures, it's really nice that way
And to add to that point around the defaults don't forget we're still early in Bitcoin's adoption so there will be a lot of new people coming in
And if the defaults so as an example let's say the new users coming in are using Moon Wallet and that supports the Taproot style
And so maybe those new people coming in are adding to the default anonymity set over time
But important to echo to not overhype the benefit it's coming but it's not to be overstated
It feels like we are really in an early stage in Bitcoin that we are creating the tools
That right now we are only creating more fingerprinting in the blockchain that you can even see
We could say that we're getting worse with the new ads because you can see more things
But all of this that we are creating is for a future to have like a standard or what everybody jumps in and thinks is the standard
So that then we can mix in the crowd
It seems like it's always a moving goal poster because every time you try to standardize something
Then someone else comes out with a new innovation and there's some new thing and that might leave a fingerprint
And so that is I guess the tension of the fingerprinting or trying to cut against those fingerprints
Versus people are trying to innovate and provide new features or some new way of using Bitcoin
On many levels that's sort of a back and forth arms race where people dandelion
Here's how to make not even transactions but just propagating messages between nodes
You'll never really see how to make that more private
And they wrote a paper, tried to use it, someone else writes a paper, ah I figured out how to break this
So it never even got into Bitcoin core because someone found out a problem with it before it even got in
But then people say okay how can we make it stronger without this problem
So there's definitely an arms race and what's interesting is that in a lot of communities it's both sides
People saying I broke the privacy, I found a privacy leak
That can still be very valuable to improve privacy
And vice versa, I found a way to make this more private
And you want people to try to break your system
You want people to try to break your system openly and write papers about it
You don't want them to secretly break your system and then everyone thinks they have privacy and don't
That's the worst
So it is sort of an arms race back and forth
But it's generally good fun and sometimes at conferences I say oh welcome to my threat model
We're working towards the same goal but sort of trying to fight each other in a way
Also, ossification will solve that
It will be painful from some point of view because we want more innovation
But think about the internet protocol
The base layers of the internet protocol, the IP version 4 layer is unchanging since the 80s
And that is bad because there may be many good ideas to improve the base layer of the internet
But that is good because we could use this very reliable and static foundations
In order to build on top the entire internet we are using now to broadcast this event and everything
Internet protocol version 4 probably sucks compared to many things that we could have done since the 80s
But we needed the base layer to settle down and to become stable enough to build an entire world of application on top of it
So I guess that this kind of tension will also change with ossification of the base layer
Probably the changes to the blockchain protocol will become less and less frequent
And I hope that will happen after cross-input secret aggregation and some other privacy stuff
But eventually it will happen and then we will move innovation at the margins
We will move innovation on top, on the other layers
So that we can actually keep improving while also avoiding this paradox that everything is changing under our feet continuously
So if people thought that Taproot was going to be the killer app for privacy
Before that people thought that Lightning Network was already the killer app
With time and education we realized that not at all, that there is a lot that you can see
But lately I'm very excited and I'm studying them
I'm studying adapter signatures and I really like what you can do with them
And I know that for example, just as an example, adapter signatures can give a lot of privacy to Lightning routing
So my question here is how much more private do you think we can get in Lightning?
I can say that adapter signatures are a huge help
So the current way Lightning routes is with HTLCs, hash time-lock contracts
And the hash is sort of paradoxical in that you're not using signatures anymore
You're doing this very simple reveal a hash pre-image
So you're essentially showing your private key in a way with Lightning when you reveal for the HTLC
And that does hurt privacy in that it's all the same throughout the path, you can see the same hash
So if someone's able to observe here and here, they can say this payment must have gone through
I think we're looking at point time-lock contracts or PTLCs using something like adapter signatures
And it's really nice because directly it says, okay, it looks different every step of the route
So I think it certainly helps and that will eliminate a lot of problems
A lot of ways that privacy can be lost in Lightning network transactions
But I'm sure people will find, there's always, it's a sort of cat and mouse
People will find timing attacks or other ways to try to find how the payments are going through the network
But PTLCs and adapter signatures will be a big help
So Lightning is a very different beast
Whereas with Bitcoin, most people worry about the on-chain privacy because the blockchain is the public ledger
With Lightning, you have this completely new network
And yes, it uses onion routing and has other privacy characteristics
But there's still kind of a flip side to that, which is if you want to use Lightning, you have to have a view of the network
So there are all of these liquidity related economic issues
Where you have to balance the ability to see the network in order to be able to use it
Versus the ability for anyone to map all of the activity that's happening on the network
And like we said, the cat and mouse game with privacy, with security, these are never ending battles
It's why some of us in this space will be well employed for the foreseeable future because this is a thing that never ends
Yes, there may be a lot of improvement in the Lightning network
Taj mentioned it, PTLC, and Stefan before mentioned it, the trampoline nodes and many other things
We already can see actually some ways in which the Lightning network today, even without improvements
Can mess with chain analysis heuristics
For example, people were discussing coin swap since a long time
So you can swap a coin without a coin join in order to break the heuristics
But there was not yet a very easy to use tool for that
There is Chris Belcher created the coin swap tool, but it's not really user grade yet
But then somebody started to realize that if you open a Lightning channel and you do a somebody swap
Which is a technology created for something completely different, which is trustless liquidity providing
Then you are basically doing a coin swap
So you can use the Lightning well today if you are very careful about what you do to increase your privacy
The problem again is that there is no much education on what you do
You can just as much increase your privacy and decrease it a lot if you use Lightning in the wrong way
So there is still a lot of work to do
I think I might offer a little bit of a white pill as well
That for the people who are concerned about privacy, I think probably the key one is
If that's your main concern, acquiring coins without KYC is probably the important first step for you
And so if you do that, you are already in a relatively good position
And then from then if you use coin join and other privacy techniques, use your own Bitcoin full node
You are already in a relatively decent position, at least for the people who are serious about their privacy
And for the other people, hopefully the defaults over time will improve
And people as an example, people working at the protocol layer, talking about the Lightning specification
And things like that where they will find all these improvements and put them in at the specification level
Or will be done at the implementation level so that the LNDs and the C Lightnings and the asyncs of the world
Make those end users a bit more private just by default
Let me stress this just one second a little bit more
A few months ago, the ledger company had a leak of the purchasing list of the hardware wallet
So there was a list containing your home address and maybe your name
And the fact that you just had an hardware wallet
This information was enough to be used for a lot of phishing attacks
That basically were very effective because very targeted on people
So it was a huge risk
Now consider that every time you buy Bitcoin with a KYC exchange
You are getting into a list which is not like the one of ledger just with your address
But there is a certified residence address, your name, your document, your face
Every single coin you purchase at every single price with any withdrawal
With any on-chain address of the withdrawal
So the kind of list you enter and you get yourself into when you buy KYC
And then this list is not remaining
The ledger list was remaining with ledger and was leaked
The KYC list gets transmitted to many government agencies around the world
To probably, I would say, at least thousands of people accessing those lists
So the probability of this list leaking and putting you in a great danger of worst-case kidnapping
Best-case phishing or spam is very, very high
So buying Bitcoin KYC free is hard, expensive
But there is a strong reason to do that to protect yourself and your loved ones
We're running out of time, but that's very good
Because my last question was which advice would you give somebody who is starting now in Bitcoin
To more or less start private or to preserve privacy in a way
Stefan and Giacomo already said it
So maybe the missing parties want to give an advice
I think not only from a privacy perspective but also just the Bitcoin economy
I find it less important that people go out and find exchanges that are KYC free
And I find it more important that people start accepting Bitcoin for the goods and services that you produce
Because that's really what we need to close the loop on having a circular economy
Where people can both buy things and sell things with Bitcoin
I agree that too
And not just no KYC exchanges, no exchanges at all
If you know people and say, hey, can I buy some Bitcoin from you
And I've done that a million times
It's sort of easy for me to say that because I work on Bitcoin and everyone I know uses it
So it's easy to say, hey, can I give you some money for Bitcoin in different countries, change money, things like that
And it's harder if you don't really have a connection
But maybe go to meetups, meet people, talk to people
And that's sort of the real decentralized peer-to-peer layer
Where you're just meeting people, hey, can I buy 20 bucks of Bitcoin
And that's how it worked before there were exchanges
It was just people meeting up, sometimes online, sometimes in person
Guys, thank you very much for this amazing talk
And if somebody wants to keep on learning Bitcoin
Si alguien quiere seguir aprendiendo Bitcoin, hay un montd≮ de recursos
Pero os recomiendo en espa±ol, estudiobitcoin.com
Y tambiͮ tengo que dar un abrazo desde aquÆ̬ desde El Salvador, a la comunidad de Bitcoin 2140
Gracias
Muchas gracias
Thank you so much everybody