Is blockchain truly that anonymous as many of its early enthusiasts believed? Well, it doesn't take a security specialist to know that it's not. So the real question here is: what can be done to provide more anonymity and thus better protect the privacy of the blockchain users? I asked BlockHunters CEO Kamil Górski. His company specializes in blockchain security.
There are actually quite few solutions that can be implemented, but to better understand how they work (and what struggles they meet) let's take a quick look at why the blockchain is not so anonymous. First of all, it's always been rather pseudonymous than really anonymous. It basically means that a certain blockchain user can be identified, although not necessarily connected with his or her personal data.
What needs to be tackled
The transparency of the public ledger addresses many fraud and digital piracy concerns. On the other hand, it makes tracking the money and users involved in the transactions easier than ever. One of the U.S. Drug Enforcement Association (DEA) representatives even admitted that they wish criminals kept using blockchain because it gives 'a lot of tools to be able to identify people'. The wallet can be linked, for example, to the IP address, e-mail address and even phone number (e.g. associated with a web wallet) or delivery address once it's required by an online retailer involved in the cryptocurrency exchanges. Even if it’s not the blockchain technology itself to blame, but the software surrounding it, the final effect for users is the same.
Well, it might be quite useful when you're a cop running after the bad guys. But if you're just a regular blockchain user at the same time it exposes you to the latter. As your wallet balance is perfectly visible to the network, you may become a target once you accumulate enough money to raise interest. It is rather unlikely that you'll be robbed by burglars who know you're wealthy in bitcoins and therefore hope to find some precious goods at your house. But sending you some ransomware or performing a cyberattack on your cryptocurrency possessions is more than probable. Yet, it is another problem rather associated with wallet’s software, not with blockchain’s properties. On the other hand, if you ever somehow (and in a legit way) receive coins that once belonged to a hacker, they can become worthless when the fact comes out. Such situations don’t happen often though, there has been only one massive case with Ethereum hard-fork but one always needs to take it into consideration when big sums of money are at stake.
What can be done
One way to address them is to make some simple user-behavior changes. Except from being extremely careful about whom you share your data with, this can mean protecting your devices against malware or using tools that make it hard to track your IP, like virtual private networks (VPNs) or onion-routing (e.g. Tor browser). 'One can use a new cryptocurrency address for each transaction,' adds Kamil Górski from BlockHunters. 'It's actually what Satoshi Nakamoto, the alleged creator of Bitcoin, recommended'.
Maintaining anonymity in the blockchain environment is also possible thanks to the various technologies that concern it specifically. One of them is tumbling, also known as mixing. It's been in use for a while (since 2011) and resembles a bit money laundry process taking place all over the world in terms of physical currency. Coins are sent to the tumbler/mixer by one user and returned to him/her in the same amount (reduced by the mixing fee) from new addresses. 'The thing is you get in fact someone else's coins, so your original coins cannot be easily traced back to you,' explains Górski. ‘It is worth noting, that there are companies specialized in creating tracking software, e.g. CoinAnalysis can track even mixer-laundred transactions. Their cooperation with government agencies becomes crucial and one should consider the offensive the EU has launched on mixer services.
A back-end version of this solution is the CoinJoin technology where a group of crypto payers pool their money into a joint payment. The coins are then simultaneously distributed to the right recipients but the connection between the input and the payee remains obfuscated. This mechanism is used in some of secure cryptocurrency wallets focusing on anonymity, such as Darkwallet. Its second key feature is utilization of so called stealth addresses.
'A stealth address uses the elliptic-curve Diffie-Hellman protocol,' says Górski. 'If you want to receive coins without revealing your balance, you publish one of many stealth addresses owned by your private key. It allows to generate a regular address that is not publicly associated with you, so the ownership of funds cannot be tracked.' This technique is exploited not only by secure wallets but also by privacy-focused cryptocurrencies.
The primary goal of developing the latter has always been concealing the user's identity. To achieve it, each privacy coin implements a set of different solutions. One of the most popular, Monero, obscures the data for example with stealth addresses, as well as network-level features like I2P (a Tor alternative), ring signatures and ring confidential transactions (RingCT). A ring signature is a digital signature endorsed by one member of a group on behalf of this group, making it unclear which of its members' keys was used to produce the signature. And as for confidential transactions, it's the ones that leave the sender and the receiver addresses visible, but hide the amount of money sent.
One of the biggest (literally) problems with CTs is their size, disturbingly reducing the blockchain's throughput. Or rather: was, as recently a solution to this problem emerged. The size of the transactions decreased by 97 percent thanks to Bulletproofs, a type of zero-knowledge proof implemented by Monero. Zero-knowledge succinct non-interactive argument of knowledge (zk-SNARK for short) has been used earlier (along with e.g. built-in mixing services) by Zcash, probably the first truly anonymous cryptocurrency ever. 'In this case transactions are confirmed without revealing neither amount nor receiver or sender,' says Górski. 'The only information visible on the blockchain is the timestamp of a transaction,' he adds.
There are many more privacy coins, like Dash, ZenCash, Zcoin and others. One of the most interesting, though, is a relatively new cryptocurrency called Beam. What makes it so special is taking totally new approach to anonymity with the MimbleWimble technology. Its name comes from the Harry Potter series where MimbleWimble is a magic spell that makes the opponent tongue-twisted. 'In the digital world it completely redesigns the typical cryptocurrency blockchain structure, also allowing to hide senders, receivers and transaction amounts but in a very scalable manner, which is probably its most important feature,' Górski points out. 'It's been adopted not only by Beam but also by the currency called Grin and considered for example by Litecoin. As for the bigger players, like Bitcoin, the structural differences are too big to simply add MimbleWimble to the existing blockchain. It can be a side chain, though, pegged to the original one so the users can switch to it to make fully-private transactions and then return to Bitcoin whenever they want,' says the Blockhunters expert.
Implementation of solutions like MimbleWimble or Bulletproof may be the answer to one of the key problems with improving blockchain anonymity. The heavy data load of encryption that smart contracts need to be wrapped up with to remain private, simply adds bloat to them thus demanding a tradeoff in scalability. Even using Tor can slow down cryptocurrency transactions. On the other hand, one must admit that the network layer and second layer protocol privacy features are making far greater progress than their counterparts in most of the blockchains themselves.
Network/Second layer solutions
For example, identifying a node that initiated a transaction is relatively easy when said node communicates it to other connected nodes in a process called propagation. This can be replaced with the Dandelion propagation method, where data is sent to just one node that again connects with one node only. 'It is repeated several times before the information is sent out to the whole network at once which makes it all but impossible to indicate the original node,' says Górski.
There is also an onion-routing alternative to Tor that prevents nodes from knowing both the sender and receiver even better as it forecloses any need for exit nodes that can be used to collect data. The system, called Sphinx, is essential part of the Lightning Network, used by those more
privacy-conscious who prefer it to on-chain Bitcoin payments.
privacy-conscious who prefer it to on-chain Bitcoin payments.
Last but not least that should be mentioned while discussing blockchain anonymity, are inter-layer mechanisms that focus on making different types (e.g. on-chain and off-chain) transactions look much alike. These would be for example MAST, which stands for Merkelized Abstract Syntax Trees and reduces the amount of data on smart contracts reintroduced into Bitcoin by revealing only the executed ones, or Taproot/Graftroot tools that complement MAST with making regular and multisignature transactions appear the same on blockchain.