Posted on

One Mathematician's Mission to Boost Bitcoin's Privacy (And Soon)

Have modern internet companies gone too far?

According to mathematician and Blockstream research director, Andrew Poelstra, the answer is unequivocally yes. In his view, companies are simply now vacuuming up troves of customer data, which they then sell to others without the owner’s knowledge or benefit. (Think how Instagram owns user images, or Target acquires huge amounts of data on what products people buy).

Not just a bad business deal, security experts even worry that with all this data, AI systems will be able to predict what a person will do next by following data trails, conjuring up concerns about real-life dystopias like those of sci-fi books and movies.

As such, Poelstra is using his two passions – math and bitcoin – to try to bring added privacy to online money.

To this end, Poelstra has been tinkering away, formulating mathematical equations and writing code, to hide bitcoin’s “trails.” Trails being the traces of personal information – who you are, what you buy, for how much – that can be gleaned when transacting online when using bitcoin.

Because the world’s first cryptocurrency rides on a public ledger, users who aren’t especially careful can leave traces for all with an internet connection to see.

“Those trails that no one thinks about, I wish that they weren’t there,” Poelstra told CoinDesk, adding:

“I would hope I’m not leaving one and I would hope that no one that I love is leaving one. That’s who I’m working for.”

And that statement might just reveal Poelstra’s true mission.

Unlike many privacy advocates, who to describe the point of creating a private money system typically point to extremes, Poelstra isn’t focused on these edge cases, he’s focused on his friends and family.

Speaking during a panel at CoinDesk’s Consensus 2018 conference, he summed up his outlook stating, “I think about myself, not people who are really in any extreme turmoil or instability.”

Scriptless scripts

Poelstra’s recent work revolves around a project called “scriptless scripts,” which allow for bitcoin smart contracts that don’t use so much data.

More complex smart contracts can sometimes require a lot of data, so while they offer the ability to perform more complicated transaction types, they’ve become a key hurdle for smart contracts platforms.

One popular cryptocurrency project, mimblewimble, has struggled with this exact tradeoff. In creating a protocol that improved upon bitcoin’s scale and privacy limitations, it was thought mimblewimble might be unable to support more complex transactions through smart contracts. So Poelstra, not convinced it was impossible, put his interest in math to work on this issue, and came out with scriptless scripts.

“Then I realized there’s no reason to do this in mimblewimble. You can do it in bitcoin,” he told CoinDesk.

On top of the smart contract benefits for mimblewimble, the concept also has scalability and privacy advantages for the longest-running and largest cryptocurrency.

According to Poelstra, scriptless scripts can help improve the privacy of lightning payments, those that take place on bitcoin’s layer-two scaling technology that pushes transactions off the blockchain.

“With it, you no longer need to publish to the world all the details of your payment channels,” Poelstra said.

And all this work could come to fruition sooner than many would expect.

Scriptless scripts are just a couple steps away. They merely require Schnorr signatures, a technology pioneered by veteran bitcoin developer Pieter Wuille – which Poelstra has also contributed to – to be implemented, and that technology is getting close to being ready for deployment.

But Poelstra believes this technology will only really have the biggest effect on privacy by being joined by other technology.

For instance, Poelstra would like to see the recently unveiled and much-applauded Taproot, which was created by long-time bitcoin core contributor Greg Maxwell, also implemented.

In that, the lightning network would get even more private, since it makes all bitcoin transactions look the same – so people wouldn’t be able to tell the difference between on-chain and lightning’s off-chain transactions.

“That is, the user does not even need to reveal that she is using payment channels at all!” Poelstra said.

Minor changes

But all these various small code changes seem like a slow, patchwork way of making bitcoin private. Instead, why can’t developers just do something big and all-encompassing?

According to Jameson Lopp, an engineer at key management startup Casa, “There’s no silver bulletproof for fixing cryptocurrency privacy problems.”

Poelstra echoed that, saying that no one’s so far been able to wave a magic wand and suddenly create a completely private cryptocurrency without any downsides. One particularly stubborn trade-off is scalability.

But Poelstra is also working on this as well in a recently unveiled breakthrough he’s been contributing to called bulletproofs. In short, bulletproofs helps to decrease the size of another privacy technology called confidential transactions, which is a cryptographic way of shielding bitcoin user balances.

The size of these transactions is the main thing holding back the long-in-the-making privacy technology, so bulletproof’s reduction is important.

But even with this breakthrough, the transactions are still not small enough.

“I can’t see it ever getting enough community support because of scalability,” Poelstra said.

Not only that but confidential transactions only shield bitcoin balances, and do not hide the other various parts of a transactions – like where a transaction came from and who the sender and receiver are.

That’s why Poelstra is only one technologist taking on this thorny problem.

Developers of the core protocol, but also technologists in other areas, such as wallet developers are all working on privacy-enhancing technologies for users.

And because that’s happening today, Poelstra thinks there’s a “whole pile” of other promising ways to shield various pieces of bitcoin.

Andrew Poelstra image via CoinDesk

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

An Upcoming Cryptocurrency Is Trialling a Trio of Bitcoin Tech Advances

“[I’m] very much waiting for you guys to finish in a sea of shitcoins.”

With that, pseudonymous forum user ‘Monkeyyy’ just might have summed up the sentiment surrounding a forthcoming cryptocurrency called “grin.” Rising to renown last year as the first software implementation for a code proposal known as MimbleWimble, the idea is to start a new blockchain that has better scale and privacy than bitcoin.

That concept has won praise from developers who are normally wary of new ideas, namely because many of them don’t turn out as great as promised (or otherwise devolve into get-rich-quick-schemes). But rather than coding their own solutions, grin’s contributors are all about adopting technology that’s been reviewed and approved by a circle of experts.

As the team wades into their second test stage, preparing to launch a working payment system, they’ve been among the first to implement Schnorr, Bulletproofs and Dandelion, all promising technologies originally intended to improve bitcoin’s scale and privacy, but that just haven’t made it into the hard-to-change cryptocurrency just yet.

Lead grin developer Igno Peverell, named after an obscure Harry Potter character, told CoinDesk:

“Testnet 2 was and is likely to stay our largest release in terms of new technology.”

It’s also ambitious. In turning MimbleWimble into a real, working software for payments, the developer team behind grin has added features that have been years in the making.

“Signature aggregation,” for instance, has been in the works for bitcoin since 2014 and is one of its most highly anticipated code changes. Pioneered by Bitcoin Core contributor Pieter Wuille, the project “MuSig” has the potential to lump signature data together and free up space in the blockchain.

A working prototype has already been implemented, though it’s unclear when it will be added to bitcoin and if the community will ultimately embrace the change.

Scalability boost

Therein lies one advantage of grin, which is more quickly putting such ideas to the test with real value.

Bitcoin is a living payment system, so developers and the community are particularly cautious when making changes that could be dangerous to its users.

“Bitcoin developers have working implementations of MuSig, but deploying it on the mainnet will take time. Actually, it must absolutely not be rushed,” said cryptography expert Yannick Seurin, who’s been helping with the cryptography behind MuSig at cybersecurity agency ANSSI.

But grin is launching a blockchain from scratch, so it’s easier for the developer team to adopt sweeping changes – at least while the blockchain is still small.

“Since Grin is more experimental, they can afford testing newer primitives such as MuSig,” Seurin continued.

It’s worth noting though that in grin, signature aggregation plays a much more fundamental role. Unlike bitcoin, grin uses signature aggregation by default in transactions to remove data bitcoin normally has to keep to preserve the security of transactions.

Privacy boost

Then there’s bulletproofs, a breakthrough privacy technology unveiled by bitcoin developers late last year.

Though bitcoin developers are worried about cryptocurrency privacy, and bulletproofs could help significantly with that, there are still major drawbacks. Bulletproof transactions are still too big. Even though the tech is more scalable, bulletproofs require a lot more room on the blockchain than normal transactions. And with users already very concerned about how big existing blockchains are getting, it would probably be pretty difficult to get agreement from everyone to make the change.

Other blockchains might not care about these downsides though. Privacy-minded monero and litecoin both plan to add this technology soon. And so does grin. Its developers are testing bulletproofs to help with its other main feature: enhancing privacy.

And while bulletproofs might be contentious in bitcoin, grin is a different story. For one, because of the above reliance on signature aggregation, grin is more scalable. So, bulletproofs increasing the size of transactions is not as big of a deal.

In fact, MimbleWimble was one use case that drove the innovation.

“Confidential transactions and Mimblewimble were one of the motivating applications for bulletproofs,” Stanford University PhD student Benedikt Bunz, who pioneered bulletproofs, told CoinDesk.

That’s not the only privacy technology they’re adding, however. Peverell contends grin is the first cryptocurrency to adopt Dandelion, a long-proposed privacy addition to bitcoin.

Once someone sends cryptocurrency to someone using most blockchains, the transaction is sent to all nodes, without trying to hide where it came from. Because of this, it’s easy to glean the IP address of whoever sent the transaction.

Dandelion introduces a second phase here called “fluffing” the transactions, which “makes it a lot harder to identify where transactions originate from,” Peverell said.

Though, Bitcoin Core contributor Jonas Schnelli told CoinDesk he’s optimistic bitcoin will eventually adopt the change, calling it a “pretty important” privacy feature. The reason it hasn’t been implemented in bitcoin is no developers have had time to pick up the task just yet, he argued.

Toward reality

That’s not to say there won’t be significant hurdles.

One rather huge drawback of MimbleWimble’s approach is that in order to get the scalability and privacy benefits, transactions are much simpler than bitcoin’s. That means, it makes it harder to do more complex types of transactions, like requiring two or three people to sign off on a transaction before it can be sent, or to build more scalable infrastructure, such as lightning network, on top of it.

There’s still hope, though.

Peverell is excited about signature aggregation because it can pave the way for still other future technologies, such as scriptless scripts, a technology that could reintroduce a way for users to do these types of complex transactions using grin.

According to Peverell, most of the technical heavy lifting will be out of the way once they finish their second testnet.

But there are a number of steps left before they can be sure there aren’t any problems with the payment system and they’re ready to launch. Peverell noted grin is launching yet another testnet (their third) to finalize some changes and stomp out as many bugs as possible.

The loose volunteer team also wants to build out the wallet to be more “user-friendly,” since being easy to use is something cryptocurrencies tend to struggle with. And finally, they want a third party to audit Grin’s code.

This sounds like a lot, but Peverell hopes they’ll be able to launch the payment system for real by the end of the year, at which point the team can put the experimental concepts its trial to test in a live environment with real funds.

He stated:

“I’m still optimistic for this winter.”

Microscope image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Aim, Fire: Bulletproofs Is a Breakthrough for Privacy on Blockchains

There’s a new privacy technology in the crypto Wild West, and if the rate at which it’s winning favor from developers is any sign, it’s one to watch.

Called “bulletproofs,” the new invention by University College of London’s Jonathan Bootle and Stanford’s Benedikt Bunz was announced last month, and quickly developers from major blockchains took steps to implement the code. Created initially for use on bitcoin, bulletproofs are already being adapted for monero and mimblewimble, and litecoin’s creator has said its blockchain, one of the 10 largest, may follow suit.

And the reason for the interest is that bulletproofs is believed to offer something of a rarity in the cryptocurrency sector, code that is both simple for blockchains to execute and powerful in the way it boosts privacy.

While part of a public blockchain’s appeal doubtless lies in the transparency it provides (enabling, say, more auditable financial markets), this attribute isn’t always desirable, especially when users want to transact privately or enterprises need some level of confidentiality between partners.

Reflecting on the hype, Bunz told CoinDesk that while some of the cryptography underlying bulletproofs has been in use since the 1970s, new advancements are allowing it to be applied to cryptocurrency systems.

“If there wasn’t a clear application in mind, the time and resources would have been devoted to something else,” Bunz said, continuing:

“It’s a lucky and good marriage of these two timelines working together. The killer application and the technology are meeting each other. The killer application is the money application.”

Behold, bulletproofs

Based on a technology called confidential transactions, bulletproofs’ most notable feature may be that it minimizes computational excess.

Instead of obscuring the entirety of a blockchain, bulletproofs only conceals the quantities sent within a transaction – the sender and recipient’s address are still visible, but the amount being sent is not. And while it’s not total anonymity, the confidentiality added with bulletproofs can be handled by already operational blockchains, said Bunz.

“I wouldn’t want my salary to be made public, and if you run a business you don’t want to say publicly how much you’re paying your supplier,” Bunz said, adding:

“I don’t think you have to be a idealist to see that confidentially for money is basically a requirement.”

There could be other derivative benefits as well.

For example, according to reports from the monero developement team, the use of bulletproofs could reduce transaction fees (another hot topic as blockchain fees continue to rise) for private transactions by up to 80 percent.

On top of this, the more bulletproof transactions you verify at once, the cheaper the process gets, Bunz told an audience at a lecture in UCL, pointing out that this could mean it works even better when used with existing privacy tech like “CoinJoin” – a popular piece of code that today fuses transactions together.

But it’s not just the lightweight confidentiality that makes bulletproofs so attractive. It’s also in the fact that the tech doesn’t require trust in others, like zcash’s zk-snarks tech does (the reason for its elaborate generation ceremonies). And, while the trusted setup is getting increasingly more secure, the process is still much criticized.

For bulletproofs, the real cause for celebration is perhaps that developers don’t seem to have found any issues with it. Speaking to CoinDesk, anonymous researcher for the Monero Research Lab, Surang Noether described bulletproofs as a “net win on all fronts” for cryptocurrency.

Echoing that sentiment, Bunz told CoinDesk:

“It’s just better. It’s shorter, more efficient, three times faster – it’s better than the old system in every way.”

Testing continues

That said, bulletproofs technology is still young and nascent, and while other blockchain developers are interested in adding it to their tech stacks, it won’t see implementation on bitcoin anytime soon.

On Reddit, co-author of the bulletproofs white paper and bitcoin developer Peter Wuille said its still “far too premature” to propose the tech’s inclusion in bitcoin.

Adding to that, another co-author of the white paper, Andrew Poelstra, wrote on a mailing list that the tech is still not ready for a “serious proposal to get anywhere.”

And speaking to CoinDesk, mimblewimble’s lead developer, Ignotus Peverell, agreed with the hesitation, saying that the tech should be deployed and tested in the wild, on smaller platforms like monero or mimblewimble before high-profile blockchains like bitcoin should add the feature.

Still, according to Peverell:

“We’re a lot closer to that goal [of private transactions] now, than we were before bulletproofs.”

Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Zcash Company.

Bulletproof glass image via Shutterstock

The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Interested in offering your expertise or insights to our reporting? Contact us at