Bitcoin is also evolving! Understand the main plans and development potential of Bitcoin privacy protection (www.blockcast.cc)

Dandelion, Schnorr, and Taproot starting from the underlying network, as well as the Liquid and Lightning network explored on the second-layer network, are the main forces in building Bitcoin’s privacy protection function.

Written by: Karim Helmy (Coin Metrics Data Analyst) and Matthew Batsinelas (Working at Altonomy)
Compiler: Perry Wang
The original English text was published in the blockchain media The Block, and The Block authorized the translation and published the Chinese version

Summary

• Bitcoin privacy protection is constantly improving.
• Developers have proposed low-level upgrades such as Dandelion , Schnorr, and Taproot to improve the privacy protection of the Bitcoin blockchain.
• The side chain is like trading in a garden within a wall, which provides an upgrade solution for privacy protection.
• Lightning network has a significant improvement in privacy protection, privacy protection second layer L2 has made good progress through the ant colony routing, multi-path atomic zkChannel payment and other agreements.

The way forward for the Bitcoin blockchain

Today it is possible to carry out transactions through Bitcoin privacy, but the difficulty is high. Users who use CoinJoin and related technologies and practice high-standard privacy protection measures can protect their financial privacy. In addition, various tools have emerged in the Bitcoin ecosystem to facilitate private transactions and exchanges. By improving the tools, the L2 network and the core protocol of the Bitcoin network, this process will become easier and easier.

One major way to improve privacy protection bit credits, the underlying block chain by upgrading the network. The Bitcoin network has become more conservative, usually avoiding hard forks that are incompatible with traditional versions and modify consensus. However, the backward compatibility with the upgrade of the soft fork still allows traditional nodes to verify the validity of the blockchain, and this approach is generally accepted.

This means that upgrading the network through a soft fork is a difficult task. There are many reasons for the upgrade was rejected, with the core vision of Bitcoin, there is a technique such as a conflict with the software and so on existing components. From idea to implementation, even a successful fork may take years to complete.

Bottom upgrade

Although it may be difficult to upgrade the Bitcoin blockchain network, there are still several ways to upgrade privacy protection that are worth exploring. A considerable potential upgrade program is Dandelion ++ (which means dandelion), which modified the routing Bitcoin transactions.

Currently, unconfirmed Bitcoin transactions are advertised through propagation, in which nodes continuously broadcast their transactions to their peers at a random and exponentially delayed rate. Since the IP address of a Bitcoin user is exposed to the network, the attacker can infer the IP address from which the transaction is sent, and the attacker can eventually associate the IP address with the Bitcoin address, actually cracking the user’s anonymity.

DandeLion ++ proposed using another method instead of the diffusion spread of propagation, new means of communication, the transaction is first sequentially transmitted in the backbone phase (stem phase) to each peer, and then spread fluff diffusion phase (fluff phase). Since each node only shares transactions with one peer node in the backbone phase, and the length of the backbone is randomly determined, it is difficult for the counterparty to determine the source of the transaction.

DandeLion’s “Dandelion” spread stage, source: https://github.com/bitcoin/bips/blob/master/bip-0156.mediawiki

The Bitcoin improvement proposal BIP 156 has officially incorporated Dandelion++ into the Bitcoin blockchain. The protocol may be bifurcated into the network software, and, Dandelion enabled nodes will be fully compatible with the operation of the prior version of the node token bit.

The two most promising upgrade options for the Bitcoin network are Schnorr and Taproot .

The Schnorr signature scheme proposes to modify the signature mechanism of the Bitcoin blockchain from the elliptic curve digital signature algorithm ECDSA to the Schnorr signature algorithm . The signature (Schnorr signature) generated by this algorithm is linearly operable.

This linear relationship allows users of Schnorr signatures to aggregate multiple independent signatures into a valid signature. Users can therefore create a threshold signature on the aggregate public key, which requires the approval of enough signers to a subset of expenditure. This process allows users to move multiple signatures off-chain to help expand the network. Unlike current multi-signatures, threshold signatures are also steganographic, which means that transactions interacting with them look like normal transactions on the chain.

Schnorr signature polymerization no script creation script (scriptless scripts) also are useful, this script allows users to create some secret intelligence and interact with the contract. Not all smart contracts can be replaced with scriptless scripts, but they can be used to represent cross-chain atomic swaps and on-chain scripts used in the Lightning Network.

Taproot uses the Schnorr signature aggregation function to allow users to create smart contracts that are not disclosed to participants in the cooperation case. If the relevant parties reach a consensus on a certain result, the transactions that create these contracts and spend from them will also be hidden. No scripts with different scripts, Taproot calculation may be applied to any coin script represented by the bit.

Taproot contract to convert intelligence into an abstract language tree separate statement. This tree is then adapted into a Merck Merkle tree so that parties who know the Merkle root can verify whether a specific statement is included in the contract.

If all parties agree on a certain result, Taproot will completely ignore the resulting Merck abstract language tree MAST. This is achieved by creating a Schnorr threshold public key between the parties adjusted by the MAST root hash and sending funds to an address derived from the obtained key.

In the case of cooperation, users can co-sign and endorse transaction expenditures through this contract. In the case of non-cooperation, users can pay from the contract by broadcasting the transaction showing the MAST root and the related branches of the tree.

For sufficiently complex scripts, even in non-cooperative situations, Taproot displays much less information to observers and takes up much less space on the chain.

BIP 340 officially recommends the adoption of Schnorr signatures in Bitcoin. BIP 341 and 342 formally recommend the inclusion of Taproot in Bitcoin. BIP’s authors wish to bundle two upgrade, to be achieved through a soft fork.

Soft forks of these BIP-designated upgrades into the Bitcoin blockchain will greatly benefit the network expansion. One of the most useful features Schnorr signature input polymerizable cross but not contained in the BIP 340-342. This construction will allow users to aggregate all signatures in the transaction into one signature.

CROSS embodiment will greatly reduce the input expandable polymeric chain block, because it reduces the number of signatures reserved in the chain, and a signature space takes up a lot of blocks. Unfortunately, cross-input aggregation conflicts with the current opcode upgrade mechanism. It should still be possible to implement this feature at some point, and is bundled with the Taproot extension called G’root , but this will take some time, and there are no specific plans yet.

CROSS disorders embodiment highlights the difficulty of the input polymerized network upgrade. The underlying improvement in another proposal (confidential transactions) has also encountered major obstacles to implementation, although it provides greater benefits for privacy protection and fungibility.

Confidential transactions: one of the case studies

Confidential transaction Confidential transactions (CT) is an upgrade Bitcoin proposal, it will greatly improve privacy protection and substitutability on the network. CT will allow the observer without knowing the actual amount of money involved, the sum of the validation transaction entry equal to the sum of the output transactions. This will allow network participants to verify the validity of the transaction while ensuring that the transaction scale is not disclosed to the participants.

The implementation of CT on the Bitcoin blockchain will make blockchain analysis tools no longer able to track the flow of funds in any effective way. This may give want to achieve legal compliance of business difficult, but overall, it will enhance privacy.

CT is not only a structure that exists in theory, it is also adopted by many alternative currencies including Monero and Grin . In the Monero, CT and ring signature (Ring Signature) used in combination, ringsignatures blurring the transaction signer, transaction size and hide the sender to the observer. The resulting transactions are much larger than Bitcoin transactions, but the theoretical privacy protection is much better. In addition to occupying a larger block space, CT has a more substantial problem that makes them conflict with the basic idea of ​​Bitcoin. CT examination of the block chain becomes difficult, and CT implementation of mistake could lead to inflation loophole through which individuals can secretly make money supply expansion.

These vulnerabilities would be difficult to detect, and can damage the integrity of the block chain. Bitcoin community, many of whom are deeply worried about this possibility, including the Foundation for Human Rights Chief Strategy Officer CSO Alex Gladstein, he believes “as a priority privacy is very important. Of course, auditability is the stumbling block in this matter We cannot have a system in the Bitcoin blockchain where a full node cannot audit its money supply. After all, this audit is vital to the value of the Bitcoin system.”

“Otherwise, it’s not monetary innovation, but technological innovation. After all, it won’t be really useful,” Gladstein added.

Therefore, CT in the near future seems unlikely to be Narubite currency block chain.

For similar ideological or practical reasons, other proposed upgrades to the bottom layer of Bitcoin have also ceased. But some changes can be implemented on the side chain, the side chain provides a promising way to solve the underlying disorder Bitcoin updated.

Side chain

A side chain is a blockchain that runs in parallel with the basic chain (such as the Bitcoin blockchain) and obtains security from it.

Liquid is one of the most compelling side chain, which uses federal Safe Mode. In this model, users obtain funds on the side chain by depositing funds on the main chain into a contract controlled by federal members. Once users control the funds on the side chain, they can freely conduct transactions on the chain without the need for transaction confirmation on the basic chain. Users can burn their assets on the side chain to return the funds to the main chain.

Liquid federal block signature, source: https://arxiv.org/pdf/1612.05491.pdf

The joint security model requires users to trust the members of the federation because they hold the wallet keys to protect users’ funds. Another mode is dependent on the combined mining allows miners backbone can also be ordered in a side chain transactions, comprising specific references be achieved by each block in the main chain of the joint mining.

The RSK side chain’s adoption of joint mining is the most noticeable. Compared with the federal Safe Mode, joint mining model smaller dependence on trust relationships, but criticized as secretly increasing the block size of the way. Compared with the federal security model, using this model to maintain the linkage between the main chain and side chain assets is also more challenging, because the native tokens of the joint mining blockchain do not represent liabilities denominated in main chain assets.

From the perspective of privacy protection, the side chain is most interested in the ability to implement arbitrary consensus rules and transaction verification requirements that are not supported by the Bitcoin main chain. For example, Liquid confidential transaction support, although Bitcoin not supported. Side chain to test for deploying the new technology before bitcoin block chain to, or may not be compatible with the operation of bitcoin social contract, trust is the prerequisite for privacy protocols (eg zk-SNARK) may be useful.

L2 is a type of side-chain network, which allows users to chain transactions at the same time benefit from some safeguards Bitcoin. The Lightning Network is another technology of the L2 network. Although lightning network can not be used to enforce any transaction validation rules, but it brings some benefits of privacy protection for Bitcoin users without having to update the underlying chain, and its settlement guarantee superior side chain.

Lightning Network

Lightning is built on top of a Bitcoin network, aimed at implementing the low cost real-time trading.

Lightning network built on the concept of two-way payment channels, allowing free trade, without having settled on a chain, the net two-way trade with each other does not exceed a certain amount each other to share a channel between two participants. This amount determined by the number of locks contract by the channel on funding chain. Lightning payments can be routed through a series of channels, so that two parties can pay each other without direct channels between each other.

For now, the Lightning Network can significantly improve user privacy protection. Lightning network allows users to batch settlement transaction, no longer need to disclose details of individual transactions to the observer. In addition, several upgrade plans have been proposed for the Lightning Network, with the purpose of further improving the privacy benefits provided by the Lightning Network, and these do not require changing the underlying behavior of Bitcoin.

The Lightning Network routes payments through intermediary channels, making it difficult for observers to determine whether the two parties have conducted a transaction. One of the most exciting potential lightning network upgrade is to realize ant colony routing, which will change the lightning network computing payment routing way. The Lightning Network currently uses shortest path routing, which requires nodes to keep track of the global routing table. This method has poor scalability and allows the adversary to learn its network topology, so nodes can be strategically placed to achieve the best effect of monitoring traffic. Ant colony routing is recommended to replace the current routing mechanism with a routing mechanism that is completely distributed, can efficiently expand, and is robust to graph learning attacks.

Another feature is the atom multipath payment AMP, so that the user can split the payment, and the payment completion through several channels. These payments will be executed atomically, and no part of the payment will be received regardless of success or failure. AMP makes it more difficult for intermediaries on the payment path to determine the total amount paid, which will improve privacy in the network. In addition, AMP supports large payments on illiquid channels, which will increase the available liquidity.

ACO routing and AMP were the main purpose is to expand the size and liquidity, and consequent secondary benefits for privacy protection. On the other hand, zkChannels currently being developed by Bolt Labs is a feature that explicitly considers privacy when designing. These channels use advanced encryption technology to allow users to send payments without the recipient knowing the identity of the original sender, provided that the payment has been routed through at least one intermediary. This function can be used like cash payments be cautious without the need to disclose personal identity.

Principle of payment protocol zkChannels, source: https://medium.com/boltlabs/zkchannels-for-bitcoin-f1bbf6e3570e

The implementation of Schnorr signatures on Bitcoin will also benefit the privacy protection of the Lightning Network. Use no script script, users will be able to build a lightning channel through secret payments.

Privacy in the digital age

Bitcoin block chain dragged to a plurality of different directions, some people want the platform to be institutionalized and become the main financial assets held by the trustee. Still others want to see it grow as fast and inexpensive medium of exchange. The last group of people is the hope of self sovereignty Bitcoin remain fully verifiable store of value. The way these groups interact has historically determined the development of the industry, and it will continue to do so in the future.

At first glance, improving the privacy protection of the Bitcoin network seems inconsistent with the goals of each group. Privacy protection makes it difficult for institutions to verify that the funds they receive are clean. The underlying privacy payment occupies more block space than transparent payment. In addition, privacy at the bottom may make it difficult for people to verify whether the money supply has inflated.

But in terms of deeper and privacy for each of these objectives is a useful supplement.

Privacy payments enable institutions to transfer large amounts of funds without fear of being looted. Privacy protection makes it possible to make daily payments without being monitored by the government or private institutions. Transferring payments to off-chain transfers can make payments faster and cheaper. Privacy protection makes it easier to self-custodial funds without worrying about theft.

Privacy careful implementation is the key to the success of Bitcoin.